upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-02 20:10:11 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

honor 'disclose' ACL on searchBase/compare/referral/matched (ITS#3472 and comments on -devel)

Browse source
This commit is contained in:
Pierangelo Masarati 2005-01-11 19:37:55 +00:00
parent f369e34049
commit 0e04985332
2 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
servers/slapd/back-sql/compare.c
View file

@ -109,6 +109,12 @@ backsql_compare( Operation *op, SlapReply *rs )
}
e = &user_entry;
if ( ! access_allowed( op, e, slap_schema.si_ad_entry, NULL,
ACL_DISCLOSE, NULL ) ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
goto return_results;
}
if ( ! access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
&op->oq_compare.rs_ava->aa_value,
ACL_COMPARE, NULL ) ) {

7
servers/slapd/back-sql/search.c
View file

@ -1718,6 +1718,13 @@ backsql_search( Operation *op, SlapReply *rs )
goto done;
}
if ( ! access_allowed( op, bsi.bsi_e, slap_schema.si_ad_entry, NULL,
ACL_DISCLOSE, NULL ) ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
send_ldap_result( op, rs );
goto done;
}
bsi.bsi_n_candidates =
( op->ors_limit == NULL /* isroot == TRUE */ ? -2 :
( op->ors_limit->lms_s_unchecked == -1 ? -2 :