(ITS#6480) Incorrect handling of noncritical LDAP_CONTROL_X_SEARCH_OPTIONS

[alastair.mccormack@ioko.com]

Full_Name: Alastair McCormack
Version: 2.3.43
OS: Red Hat Enterprise Linux Server release 5.4 (Tikanga)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (83.98.0.249)


Proprietary LDAP Client ---LDAPv3---> OpenLDAP 2.3.43
Query: ??sub(objectClass=*)

Client Receives Error 53: "searchOptions contained unrecognized flag"

This works fine when client is pointed at a Windows AD Domain Controller.

Tracing reveals that client is setting:
  Control: oid=1.2.840.113556.1.4.1340 = SERVER_SEARCH_FLAG_PHANTOM_ROOT
noncritical

By my novice understanding of the LDAP v3 RFC, the non-critical flag should mean
that the search should not fail if the Control is not supported. However, it
would seem that in controls.c an unknown or unimplemented flag is causing an
exception even if the Control option is non critical.

I have worked around this by creating and applying the following patch (includes
typo fix):

--- /var/tmp/controls.c-ignore-non-crit-search-flags    2010-02-22
15:16:16.000000000 +0000
+++ openldap-2.3.43/servers/slapd/controls.c    2008-04-09 02:12:47.000000000
+0100
@@ -1425,10 +1425,10 @@ static int parseSearchOptions (
                        : SLAP_CONTROL_NONCRITICAL;
        }

-       if ( search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE) ) {
+       if ( (search_flags & ~(LDAP_SEARCH_FLAG_DOMAIN_SCOPE)) &&
ctrl->ldctl_iscritical ) {
                /* Other search flags not recognised so far,
                 * including:
-                *              LDAP_SEARCH_FLAG_PHANTOM_ROOM
+                *              LDAP_SEARCH_FLAG_PHANTOM_ROOT
                 */
                rs->sr_text = "searchOptions contained unrecognized flag";
                return LDAP_UNWILLING_TO_PERFORM;



I have very little C knowledge so this was more of a POC rather than a suggested
solution.

Many thanks for a superb application. Keep up the good work :)

Alastair McCormack