upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-28 10:39:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#10256 cn=config: reject modify requests on cn=schema,cn=config

Browse source 
Add requests already handled it specially; corresponding treatment
for modify requests was missing. The docs have always stated that
cn=schema,cn=config is only for slapd's hardcoded schema so this
only affects users who don't read docs.
This commit is contained in:
Howard Chu 2024-09-10 17:41:39 +01:00
parent aa7b1a3db9
commit 5e9d550c2e
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
servers/slapd/bconfig.c
View file

@ -6300,6 +6300,12 @@ config_back_modify( Operation *op, SlapReply *rs )
goto out;
}
/* global schema rejects all writes */
if ( ce->ce_type == Cft_Schema && ce->ce_parent->ce_type == Cft_Global ) {
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
goto out;
}
if ( !acl_check_modlist( op, ce->ce_entry, op->orm_modlist )) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto out;