From 3f09da45ed0951da9c87697c7af5ed94252d7119 Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Fri, 26 Jul 2013 07:34:52 +0000
Subject: [PATCH] OPENDJ-948 (CR-1873) unauthorized disclosure of directory contents 

---
 opendj-sdk/opends/src/server/org/opends/server/api/AccessControlHandler.java |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/api/AccessControlHandler.java b/opendj-sdk/opends/src/server/org/opends/server/api/AccessControlHandler.java
index abd412d..22dbe78 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/api/AccessControlHandler.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/api/AccessControlHandler.java
@@ -144,8 +144,13 @@
     }
     if (entry == null)
     {
-      // no such entry exist, let's be safe and forbid any info disclosure.
-      return false;
+      // no such entry exist, only disclose underlying information if it is an
+      // internal (broad meaning) operation, otherwise let's be safe and forbid
+      // any info disclosure for external operations.
+      // This will avoid breaking conflicts resolution in replication
+      return operation.isInternalOperation()
+          || operation.isSynchronizationOperation()
+          || operation.isInnerOperation();
     }
     return maySend(operation, new SearchResultEntry(entry, operation
         .getResponseControls()));

--
Gitblit v1.10.0