Commit 9c5768cd authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Initial ITS#3333 fix

(needs to be applied to other filter cases)
parent 452fc403
......@@ -359,6 +359,7 @@ test_ava_filter(
AttributeAssertion *ava,
int type )
{
int rc;
Attribute *a;
if ( !access_allowed( op, e,
......@@ -423,6 +424,8 @@ test_ava_filter(
return LDAP_COMPARE_FALSE;
}
rc = LDAP_COMPARE_FALSE;
for(a = attrs_find( e->e_attrs, ava->aa_desc );
a != NULL;
a = attrs_find( a->a_next, ava->aa_desc ) )
......@@ -430,6 +433,13 @@ test_ava_filter(
MatchingRule *mr;
struct berval *bv;
if (( ava->aa_desc != a->a_desc ) && !access_allowed( op, e,
a->a_desc, &ava->aa_value, ACL_SEARCH, NULL ))
{
rc = LDAP_INSUFFICIENT_ACCESS;
continue;
}
switch ( type ) {
case LDAP_FILTER_APPROX:
mr = a->a_desc->ad_type->sat_approx;
......@@ -450,17 +460,23 @@ test_ava_filter(
mr = NULL;
}
if( mr == NULL ) continue;
if( mr == NULL ) {
rc = LDAP_OTHER;
continue;
}
for ( bv = a->a_nvals; bv->bv_val != NULL; bv++ ) {
int ret;
int rc;
int tmprc;
const char *text;
rc = value_match( &ret, a->a_desc, mr, 0,
tmprc = value_match( &ret, a->a_desc, mr, 0,
bv, &ava->aa_value, &text );
if( rc != LDAP_SUCCESS ) return rc;
if( tmprc != LDAP_SUCCESS ) {
rc = tmprc;
continue;
}
switch ( type ) {
case LDAP_FILTER_EQUALITY:
......@@ -479,7 +495,7 @@ test_ava_filter(
}
}
return LDAP_COMPARE_FALSE;
return rc;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment