From 5ab71727e25999e8bafe2f299ea4ac05bf4290b6 Mon Sep 17 00:00:00 2001
From: matthew_swift <matthew_swift@localhost>
Date: Mon, 08 Jun 2009 16:53:14 +0000
Subject: [PATCH] Fix issue 4042:  LDAP assertion control access control evaluation results in protocol error

---
 opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendDeleteOperation.java |   42 +++++++++++++++++++++++++++++-------------
 1 files changed, 29 insertions(+), 13 deletions(-)

diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendDeleteOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendDeleteOperation.java
index aea75df..c33d77f 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendDeleteOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendDeleteOperation.java
@@ -530,25 +530,41 @@
           LDAPAssertionRequestControl assertControl =
                 getRequestControl(LDAPAssertionRequestControl.DECODER);
 
+          SearchFilter filter;
           try
           {
-            SearchFilter filter = assertControl.getSearchFilter();
-
-            // Check if the current user has permission to make
-            // this determination.
-            if (!AccessControlConfigManager.getInstance().
-              getAccessControlHandler().isAllowed(this, entry, filter))
+            filter = assertControl.getSearchFilter();
+          }
+          catch (DirectoryException de)
+          {
+            if (debugEnabled())
             {
-              throw new DirectoryException(
-                ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
-                ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
+              TRACER.debugCaught(DebugLogLevel.ERROR, de);
             }
 
-            if (! filter.matchesEntry(entry))
+            throw new DirectoryException(de.getResultCode(),
+                           ERR_DELETE_CANNOT_PROCESS_ASSERTION_FILTER.get(
+                                String.valueOf(entryDN),
+                                de.getMessageObject()));
+          }
+
+          // Check if the current user has permission to make
+          // this determination.
+          if (!AccessControlConfigManager.getInstance().
+            getAccessControlHandler().isAllowed(this, entry, filter))
+          {
+            throw new DirectoryException(
+              ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
+              ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
+          }
+
+          try
+          {
+            if (!filter.matchesEntry(entry))
             {
               throw new DirectoryException(ResultCode.ASSERTION_FAILED,
-                                           ERR_DELETE_ASSERTION_FAILED.get(
-                                                String.valueOf(entryDN)));
+                  ERR_DELETE_ASSERTION_FAILED.get(String
+                      .valueOf(entryDN)));
             }
           }
           catch (DirectoryException de)
@@ -563,7 +579,7 @@
               TRACER.debugCaught(DebugLogLevel.ERROR, de);
             }
 
-            throw new DirectoryException(ResultCode.PROTOCOL_ERROR,
+            throw new DirectoryException(de.getResultCode(),
                            ERR_DELETE_CANNOT_PROCESS_ASSERTION_FILTER.get(
                                 String.valueOf(entryDN),
                                 de.getMessageObject()));

--
Gitblit v1.10.0