[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SLAPD: Should access checks take place before filter matching?
At 02:05 PM 6/22/2001, Simon Spero wrote:
>On Fri, 22 Jun 2001, Kurt D. Zeilenga wrote:
>> than with the most simple filters, returning False and returning
>> non-True are NOT equivalent.
>>
>> If I gather what you are suggesting correctly,
>> (userPassword=secret) is Undefined and entry is not returned.
>> (!(userPassword=secret)) is True and entry is returned.
>
>test_filter returns a lifted boolean, but the functions that call
>test_filter only test to see if the value is TRUE, and only send a result
>in that case. If the value is anything other than TRUE (i.e. FALSE or
>BOTTOM), no result is returned. This is true for everywhere in the code
>where test_filter is called.
[edited for discussion purposes]
case LDAP_FILTER_NOT:
rc = test_filter( be, conn, op, e, f->f_not );
switch( rc ) {
case LDAP_COMPARE_TRUE:
rc = LDAP_COMPARE_FALSE;
break;
case LDAP_COMPARE_FALSE:
rc = LDAP_COMPARE_TRUE;
break;
}
return rc
Note that the code doesn't just return ( rc != LDAP_COMPARE_TRUE ).
That would be incorrect.