upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-06 06:59:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ACL write/manage fixes (coverity)

Browse source
This commit is contained in:
Howard Chu 2015-01-13 21:43:22 +00:00
parent 9e69e0b559
commit 19af642a2d
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
servers/slapd/acl.c
View file

@ -184,7 +184,7 @@ slap_access_allowed(
* if we get here it means a non-root user is trying to
* manage data, so we need to check its privileges.
*/
if ( access_level == ACL_WRITE
if ( access_level == ACL_WRITE_
&& is_at_no_user_mod( desc->ad_type )
&& desc != slap_schema.si_ad_entry
&& desc != slap_schema.si_ad_children )
@ -398,7 +398,7 @@ access_allowed_mask(
{
access = ACL_AUTH;
} else if ( get_relax( op ) && access_level == ACL_WRITE &&
} else if ( get_relax( op ) && access_level == ACL_WRITE_ &&
desc == slap_schema.si_ad_entry )
{
access = ACL_MANAGE;
@ -2659,7 +2659,12 @@ regex_matches(
str = "";
};
acl_string_expand( &bv, pat, dn_matches, val_matches, matches );
if ( acl_string_expand( &bv, pat, dn_matches, val_matches, matches )) {
Debug( LDAP_DEBUG_TRACE,
"expand( \"%s\", \"%s\") failed\n",
pat->bv_val, str, 0 );
return( 0 );
}
rc = regcomp( &re, newbuf, REG_EXTENDED|REG_ICASE );
if ( rc ) {
char error[ACL_BUF_SIZE];