ddbe3c8 Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes

Authored and Committed by mreynolds 2 years ago
    Issue 50716 - CVE-2019-14824 (BZ#1748199) - deref plugin displays restricted attributes
    
    Bug Description:  If there is an ACI that allows "search" access to an attribute,
                      the deref plugin access control checks sees this is a "read"
                      privilege and returns the attribute's value.
    
    Fix description:  For deref plugin we are only concerned with "read" access, not
                      "search" access.  Removed the SLAPI_ACL_SEARCH right flag when
                      checking access for an attribute.
    
    relates: https://pagure.io/389-ds-base/issue/50716
    
    Reviewed by: lkrispen & tbordaz(Thanks!)