From 035c81103ade629ed51ba77f7c9d3f37e2a90abb Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Thu, 10 May 2012 15:34:21 +0000
Subject: [PATCH] Additional fix for OPENDJ-475: Incorrect behaviour/result code regarding non-critical controls

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java |   32 ++++++++++++++++++--------------
 1 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index d5c3865..6e8596c 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -23,7 +23,7 @@
  *
  *
  *      Copyright 2008-2010 Sun Microsystems, Inc.
- *      Portions Copyright 2011 ForgeRock AS
+ *      Portions Copyright 2011-2012 ForgeRock AS
  */
 package org.opends.server.authorization.dseecompat;
 
@@ -305,24 +305,28 @@
     if (control.getOID().equals(OID_PROXIED_AUTH_V2)
         || control.getOID().equals(OID_PROXIED_AUTH_V1))
     {
-      op.setAttachment(ORIG_AUTH_ENTRY, op.getAuthorizationEntry());
+      if (ret)
+      {
+        op.setAttachment(ORIG_AUTH_ENTRY, op.getAuthorizationEntry());
+      }
     }
     else if (control.getOID().equals(OID_GET_EFFECTIVE_RIGHTS))
     {
-      GetEffectiveRightsRequestControl getEffectiveRightsControl;
-      if (control instanceof LDAPControl)
+      if (ret)
       {
-        getEffectiveRightsControl =
-            GetEffectiveRightsRequestControl.DECODER.decode(control
-                .isCritical(), ((LDAPControl) control).getValue());
+        GetEffectiveRightsRequestControl getEffectiveRightsControl;
+        if (control instanceof LDAPControl)
+        {
+          getEffectiveRightsControl = GetEffectiveRightsRequestControl.DECODER
+              .decode(control.isCritical(), ((LDAPControl) control).getValue());
+        }
+        else
+        {
+          getEffectiveRightsControl =
+              (GetEffectiveRightsRequestControl) control;
+        }
+        op.setAttachment(OID_GET_EFFECTIVE_RIGHTS, getEffectiveRightsControl);
       }
-      else
-      {
-        getEffectiveRightsControl =
-            (GetEffectiveRightsRequestControl) control;
-      }
-      op.setAttachment(OID_GET_EFFECTIVE_RIGHTS,
-          getEffectiveRightsControl);
     }
     return ret;
   }

--
Gitblit v1.10.0