diff options
| author | Rich Megginson <rmeggins@redhat.com> | 2010-01-26 09:51:05 -0700 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2010-01-26 10:04:08 -0700 |
| commit | 73fdd3b8945a34cc3d386c697e4e99560ba7997a (patch) | |
| tree | 0f736da917e6dd5423b8990e905235f1aef42b6e | |
| parent | 9b38ac3b5d27014c072cffb5a83e5888689c411b (diff) | |
| download | ds-73fdd3b8945a34cc3d386c697e4e99560ba7997a.tar.gz ds-73fdd3b8945a34cc3d386c697e4e99560ba7997a.tar.xz ds-73fdd3b8945a34cc3d386c697e4e99560ba7997a.zip | |
Bug 543080 - Bitwise plugin fails to return the exact matched entries for Bitwise search filter
https://bugzilla.redhat.com/show_bug.cgi?id=543080
Resolves: bug 543080
Bug Description: Bitwise plugin fails to return the exact matched entries for Bitwise search filter
Reviewed by: nhosoi (Thanks!)
Branch: HEAD
Fix Description: The Microsoft Windows AD bitwise filters do not work exactly
like the usual bitwise AND (&) and OR (|) operators.
For the AND case the matching rule is true only if all bits from the value
given in the filter value match the value from the entry.
For the OR case, the matching rule is true if any bits from the value given
in the filter match the value from the entry.
For the AND case, this means that even though (a & b) is True,
if (a & b) != b, the matching rule will return False.
For the OR case, this means that even though (a | b) is True,
this may be because there are bits in a. But we only care
about bits in a that are also in b. So we do (a & b) - this
will return what we want, which is to return True if any of
the bits in b are also in a.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no
| -rw-r--r-- | ldap/servers/plugins/bitwise/bitwise.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/ldap/servers/plugins/bitwise/bitwise.c b/ldap/servers/plugins/bitwise/bitwise.c index 7c88c93b..01c05fd2 100644 --- a/ldap/servers/plugins/bitwise/bitwise.c +++ b/ldap/servers/plugins/bitwise/bitwise.c @@ -124,10 +124,24 @@ internal_bitwise_filter_match(void* obj, Slapi_Entry* entry, Slapi_Attr* attr, i rc = LDAP_CONSTRAINT_VIOLATION; } else { int result; + /* The Microsoft Windows AD bitwise operators do not work exactly + as the plain old C bitwise operators work. For the AND case + the matching rule is true only if all bits from the given value + match the value from the entry. For the OR case, the matching + rule is true if any bits from the given value match the value + from the entry. + For the AND case, this means that even though (a & b) is True, + if (a & b) != b, the matching rule will return False. + For the OR case, this means that even though (a | b) is True, + this may be because there are bits in a. But we only care + about bits in a that are also in b. So we do (a & b) - this + will return what we want, which is to return True if any of + the bits in b are also in a. + */ if (op == BITWISE_OP_AND) { - result = (a & b); + result = ((a & b) == b); /* all the bits in the given value are found in the value from the entry */ } else if (op == BITWISE_OP_OR) { - result = (a | b); + result = (a & b); /* any of the bits in b are also in a */ } if (result) { rc = 0; |