[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Referral entry scope isnt checked for subtrees stored as an ALLID block (ITS#1289)
Full_Name: Craig Rawlins
Version: 2.0.11
OS: Solaris
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (165.228.129.12)
To reproduce this problem create two subtrees, A and B. Under A place a
referral entry. Under B create enough entries within the tree below, for the @B
entry in dn2id.dbm to be stored as an ALLID block instead of individually
listing id's within the subtree.
Using an ldap client, do a search with B as the base, and scope subtree. The
referral entry under A will have its references returned to the ldap client for
it to use to continue the search even though A is outside the scope of the
search.
The error appears to be in back-ldbm/search.c in the section beginning at line
254 of 2.0.11 release code which returns the reference without checking the
scope. I copied the scope checking from the following section for a normal
entry to check the scope for the referral entry and this appears to fix the
problem outlined above.
I applied the following patch.
*** servers/slapd/back-ldbm/search.c.orig Fri Aug 10 15:45:30 2001
--- servers/slapd/back-ldbm/search.c Fri Aug 10 16:45:20 2001
***************
*** 259,272 ****
if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
is_entry_referral( e ) )
{
! struct berval **refs = get_entry_referrals(
! be, conn, op, e );
! send_search_reference( be, conn, op,
! e, refs, scope, NULL, &v2refs );
! ber_bvecfree( refs );
goto loop_continue;
}
--- 259,302 ----
if ( !manageDSAit && scope != LDAP_SCOPE_BASE &&
is_entry_referral( e ) )
{
! char *dn;
! /* check scope */
! if ( !scopeok && scope == LDAP_SCOPE_ONELEVEL ) {
! if ( (dn = dn_parent( be, e->e_ndn )) != NULL
) {
! (void) dn_normalize( dn );
! scopeok = (dn == realbase)
! ? 1
! : (strcmp( dn, realbase ) ? 0
: 1 );
! free( dn );
! } else {
! scopeok = (realbase == NULL ||
*realbase == '\0');
! }
+ } else if ( !scopeok && scope == LDAP_SCOPE_SUBTREE )
{
+ dn = ch_strdup( e->e_ndn );
+ scopeok = dn_issuffix( dn, realbase );
+ free( dn );
+
+ } else {
+ scopeok = 1;
+ }
+
+ if ( scopeok ) {
+ struct berval **refs = get_entry_referrals(
+ be, conn, op, e );
+
+ send_search_reference( be, conn, op,
+ e, refs, scope, NULL, &v2refs );
+
+ ber_bvecfree( refs );
+ } else {
+ Debug( LDAP_DEBUG_TRACE,
+ "ldbm_search: candidate %ld scope not
okay\n",
+ id, 0, 0 );
+ };
+
goto loop_continue;
}