Add server side assert control support.

servers/slapd/back-bdb/add.c

@@ -343,6 +343,14 @@ retry:	/* transaction retry */
 #endif
 	}
 
+	if ( get_assert( op ) &&
+		( test_filter( op, op->oq_add.rs_e, get_assertion( op ))
+			!= LDAP_COMPARE_TRUE ))
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto return_results;
+	}
+
 	rs->sr_err = access_allowed( op, op->oq_add.rs_e,
 		entry, NULL, ACL_WRITE, NULL );
 

servers/slapd/back-bdb/compare.c

@@ -102,8 +102,15 @@ dn2entry_retry:
 		goto done;
 	}
 
-	rs->sr_err = access_allowed( op, e,
-		op->oq_compare.rs_ava->aa_desc, &op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
+	if ( get_assert( op ) &&
+		( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto return_results;
+	}
+
+	rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
+		&op->oq_compare.rs_ava->aa_value, ACL_COMPARE, NULL );
 	if ( ! rs->sr_err ) {
 		rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
 		goto return_results;

servers/slapd/back-bdb/delete.c

@@ -258,6 +258,13 @@ retry:	/* transaction retry */
 		goto done;
 	}
 
+	if ( get_assert( op ) &&
+		( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto return_results;
+	}
+
 	rs->sr_err = access_allowed( op, e,
 		entry, NULL, ACL_WRITE, NULL );
 

servers/slapd/back-bdb/init.c

@@ -571,18 +571,19 @@ bdb_initialize(
 )
 {
 	static char *controls[] = {
+		LDAP_CONTROL_ASSERT,
+#ifdef LDAP_CLIENT_UPDATE
+		LDAP_CONTROL_CLIENT_UPDATE,
+#endif
 		LDAP_CONTROL_MANAGEDSAIT,
 		LDAP_CONTROL_NOOP,
 #ifdef LDAP_CONTROL_PAGEDRESULTS
 		LDAP_CONTROL_PAGEDRESULTS,
 #endif
- 		LDAP_CONTROL_VALUESRETURNFILTER,
 #ifdef LDAP_CONTROL_SUBENTRIES
 		LDAP_CONTROL_SUBENTRIES,
 #endif
-#ifdef LDAP_CLIENT_UPDATE
-		LDAP_CONTROL_CLIENT_UPDATE,
-#endif
+ 		LDAP_CONTROL_VALUESRETURNFILTER,
 		NULL
 	};
 

servers/slapd/back-bdb/modify.c

@@ -453,6 +453,13 @@ retry:	/* transaction retry */
 		goto done;
 	}
 
+	if ( get_assert( op ) &&
+		( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto return_results;
+	}
+
 #if defined(LDAP_CLIENT_UPDATE) || defined(LDAP_SYNC)
 	if ( rs->sr_err == LDAP_SUCCESS && !op->o_noop ) {
 		LDAP_LIST_FOREACH ( ps_list, &bdb->bi_psearch_list, o_ps_link ) {
@@ -460,7 +467,7 @@ retry:	/* transaction retry */
 		}
 	}
 #endif
-	
+
 	/* nested transaction */
 	rs->sr_err = TXN_BEGIN( bdb->bi_dbenv, ltid, &lt2, 
 		bdb->bi_db_opflags );

servers/slapd/back-bdb/modrdn.c

@@ -182,9 +182,15 @@ retry:	/* transaction retry */
 		goto done;
 	}
 
+	if ( get_assert( op ) &&
+		( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		goto return_results;
+	}
+
 	/* check write on old entry */
 	rs->sr_err = access_allowed( op, e, entry, NULL, ACL_WRITE, NULL );
-
 	if ( ! rs->sr_err ) {
 		switch( opinfo.boi_err ) {
 		case DB_LOCK_DEADLOCK:

servers/slapd/back-bdb/search.c

@@ -615,6 +615,14 @@ dn2entry_retry:
 		return 1;
 	}
 
+	if ( get_assert( op ) &&
+		( test_filter( op, e, get_assertion( op )) != LDAP_COMPARE_TRUE ))
+	{
+		rs->sr_err = LDAP_ASSERTION_FAILED;
+		send_ldap_result( sop, rs );
+		return 1;
+	}
+
 	/* if not root, get appropriate limits */
 	if ( be_isroot( op->o_bd, &sop->o_ndn ) ) {
 		isroot = 1;