Commit a8b7e93e authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Add referral scope checks (ITS#1289) from dshriver@sharemedia.com

parent cd51428d
......@@ -348,6 +348,31 @@ searchit:
if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
is_entry_referral( e ) )
{
char *dn;
/* check scope */
if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
if ( (dn = dn_parent( be, e->e_ndn )) != NULL ) {
(void) dn_normalize( dn );
scopeok = (dn == realbase)
? 1
: (strcmp( dn, realbase ) ? 0 : 1 );
free( dn );
} else {
scopeok = (realbase == NULL || *realbase == '\0');
}
} else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE ) {
dn = ch_strdup( e->e_ndn );
scopeok = dn_issuffix( dn, realbase );
free( dn );
} else {
scopeok = 1;
}
if( scopeok ) {
struct berval **refs = get_entry_referrals(
be, conn, op, e );
......@@ -356,6 +381,18 @@ searchit:
ber_bvecfree( refs );
} else {
#ifdef NEW_LOGGING
LDAP_LOG(( "backend", LDAP_LEVEL_DETAIL2,
"ldbm_search: candidate referral %ld scope not okay\n",
id ));
#else
Debug( LDAP_DEBUG_TRACE,
"ldbm_search: candidate referral %ld scope not okay\n",
id, 0, 0 );
#endif
}
goto loop_continue;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment