From ca133c6d688e3e19638c33f7750455f3fe54a0d8 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Mon, 23 Jul 2007 20:45:49 +0000
Subject: [PATCH] Fix for debugsearchindex operational attribute does not support double negation. Issue #1849.

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java |   32 ++++++++++++++++++++++++++++++++
 1 files changed, 32 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index c03b0d7..e0969f0 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -54,6 +54,7 @@
 import org.opends.server.types.*;
 import org.opends.server.workflowelement.localbackend.*;
 import org.opends.server.controls.GetEffectiveRights;
+import org.opends.server.backends.jeb.EntryContainer;
 
 
 /**
@@ -92,6 +93,16 @@
   static AttributeType globalAciType;
 
   /**
+   * Attribute type corresponding to "debugsearchindex" attribute.
+   */
+  static AttributeType debugSearchIndex;
+
+ /*
+  * DN corresponding to "debugsearchindex" attribute type.
+  */
+  static DN debugSearchIndexDN;
+
+  /**
    * String used to save the original authorization entry in an operation
    * attachment if a proxied authorization control was seen.
    */
@@ -129,6 +140,20 @@
       globalAciType =
               DirectoryServer.getDefaultAttributeType(ATTR_AUTHZ_GLOBAL_ACI);
     }
+
+     if((debugSearchIndex =
+          DirectoryServer.
+              getAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX)) == null)
+     {
+       debugSearchIndex =
+       DirectoryServer.
+               getDefaultAttributeType(EntryContainer.ATTR_DEBUG_SEARCH_INDEX);
+     }
+     try {
+       debugSearchIndexDN=DN.decode("cn=debugsearch");
+     } catch (DirectoryException ex) {
+       //Should never happen.
+     }
    }
 
   /**
@@ -754,6 +779,13 @@
     testFilter(AciLDAPOperationContainer container, SearchFilter filter)
     throws DirectoryException {
         boolean ret=true;
+        //If the resource entry has a dn equal to "cn=debugsearch" and it
+        //contains the special attribute type "debugsearchindex", then the
+        //resource entry is a psudo entry created for debug purposes. Return
+        //true if that is the case.
+        if(debugSearchIndexDN.equals(container.getResourceDN()) &&
+           container.getResourceEntry().hasAttribute(debugSearchIndex))
+          return true;
         switch (filter.getFilterType()) {
             case AND:
             case OR: {

--
Gitblit v1.10.0