upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

back_attribute() should use ACL_AUTH not ACL_READ (at

Browse source 
least for current callers, may need to pass it the
permission level)
This commit is contained in:
Kurt Zeilenga 2002-09-05 02:37:10 +00:00
parent f0a3a7bb47
commit ab80b03057
4 changed files with 22 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh #! /bin/sh
# $OpenLDAP$ # $OpenLDAP$
# from OpenLDAP: pkg/ldap/configure.in,v 1.428 2002/08/28 05:12:22 hyc Exp # from OpenLDAP: pkg/ldap/configure.in,v 1.430 2002/09/04 08:58:25 hyc Exp
# Copyright 1998-2002 The OpenLDAP Foundation. All Rights Reserved. # Copyright 1998-2002 The OpenLDAP Foundation. All Rights Reserved.
# #
@ -23128,6 +23128,13 @@ else
PLAT=UNIX PLAT=UNIX
fi fi
if test -z "$SLAPD_STATIC_BACKENDS"; then
SLAPD_NO_STATIC='#'
else
SLAPD_NO_STATIC=
fi
@ -23423,6 +23430,7 @@ s%@WRAP_LIBS@%$WRAP_LIBS%g
s%@MOD_TCL_LIB@%$MOD_TCL_LIB%g s%@MOD_TCL_LIB@%$MOD_TCL_LIB%g
s%@SLAPD_MODULES_CPPFLAGS@%$SLAPD_MODULES_CPPFLAGS%g s%@SLAPD_MODULES_CPPFLAGS@%$SLAPD_MODULES_CPPFLAGS%g
s%@SLAPD_MODULES_LDFLAGS@%$SLAPD_MODULES_LDFLAGS%g s%@SLAPD_MODULES_LDFLAGS@%$SLAPD_MODULES_LDFLAGS%g
s%@SLAPD_NO_STATIC@%$SLAPD_NO_STATIC%g
s%@SLAPD_STATIC_BACKENDS@%$SLAPD_STATIC_BACKENDS%g s%@SLAPD_STATIC_BACKENDS@%$SLAPD_STATIC_BACKENDS%g
s%@SLAPD_DYNAMIC_BACKENDS@%$SLAPD_DYNAMIC_BACKENDS%g s%@SLAPD_DYNAMIC_BACKENDS@%$SLAPD_DYNAMIC_BACKENDS%g
s%@PERL_CPPFLAGS@%$PERL_CPPFLAGS%g s%@PERL_CPPFLAGS@%$PERL_CPPFLAGS%g

15
servers/slapd/back-bdb/attribute.c
View file

@ -91,7 +91,6 @@ bdb_attribute(
entry_ndn->bv_val, 0, 0 ); entry_ndn->bv_val, 0, 0 );
#endif #endif
} else { } else {
dn2entry_retry: dn2entry_retry:
/* can we find entry */ /* can we find entry */
@ -165,14 +164,6 @@ dn2entry_retry:
goto return_results; goto return_results;
} }
if (conn != NULL && op != NULL
&& access_allowed( be, conn, op, e, slap_schema.si_ad_entry,
NULL, ACL_READ, &acl_state ) == 0 )
{
rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) { if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) {
#ifdef NEW_LOGGING #ifdef NEW_LOGGING
LDAP_LOG( BACK_BDB, INFO, LDAP_LOG( BACK_BDB, INFO,
@ -187,8 +178,8 @@ dn2entry_retry:
} }
if (conn != NULL && op != NULL if (conn != NULL && op != NULL
&& access_allowed( be, conn, op, e, entry_at, NULL, ACL_READ, && access_allowed( be, conn, op, e, entry_at, NULL,
&acl_state ) == 0 ) ACL_AUTH, &acl_state ) == 0 )
{ {
rc = LDAP_INSUFFICIENT_ACCESS; rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results; goto return_results;
@ -204,7 +195,7 @@ dn2entry_retry:
if( conn != NULL if( conn != NULL
&& op != NULL && op != NULL
&& access_allowed(be, conn, op, e, entry_at, && access_allowed(be, conn, op, e, entry_at,
&attr->a_vals[i], ACL_READ, &acl_state ) == 0) &attr->a_vals[i], ACL_AUTH, &acl_state ) == 0)
{ {
continue; continue;
} }

12
servers/slapd/back-ldbm/attribute.c
View file

@ -128,14 +128,6 @@ ldbm_back_attribute(
goto return_results; goto return_results;
} }
if (conn != NULL && op != NULL
&& access_allowed( be, conn, op, e, slap_schema.si_ad_entry,
NULL, ACL_READ, NULL ) == 0)
{
rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results;
}
if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) { if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) {
#ifdef NEW_LOGGING #ifdef NEW_LOGGING
LDAP_LOG( BACK_LDBM, INFO, LDAP_LOG( BACK_LDBM, INFO,
@ -152,7 +144,7 @@ ldbm_back_attribute(
if (conn != NULL && op != NULL if (conn != NULL && op != NULL
&& access_allowed( be, conn, op, e, entry_at, NULL, && access_allowed( be, conn, op, e, entry_at, NULL,
ACL_READ, &acl_state ) == 0) ACL_AUTH, &acl_state ) == 0)
{ {
rc = LDAP_INSUFFICIENT_ACCESS; rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results; goto return_results;
@ -168,7 +160,7 @@ ldbm_back_attribute(
if( conn != NULL if( conn != NULL
&& op != NULL && op != NULL
&& access_allowed( be, conn, op, e, entry_at, && access_allowed( be, conn, op, e, entry_at,
iv, ACL_READ, &acl_state ) == 0) iv, ACL_AUTH, &acl_state ) == 0)
{ {
continue; continue;
} }

14
servers/slapd/saslauthz.c
View file

@ -616,15 +616,16 @@ slap_sasl_check_authz( Connection *conn,
#ifdef NEW_LOGGING #ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, ENTRY, LDAP_LOG( TRANSPORT, ENTRY,
"slap_sasl_check_authz: does %s match %s rule in %s?\n", "slap_sasl_check_authz: does %s match %s rule in %s?\n",
assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val); assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
#else #else
Debug( LDAP_DEBUG_TRACE, Debug( LDAP_DEBUG_TRACE,
"==>slap_sasl_check_authz: does %s match %s rule in %s?\n", "==>slap_sasl_check_authz: does %s match %s rule in %s?\n",
assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val); assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
#endif #endif
rc = backend_attribute( NULL, NULL, conn->c_sasl_bindop, NULL, searchDN, ad, &vals ); rc = backend_attribute( NULL, NULL, conn->c_sasl_bindop, NULL,
searchDN, ad, &vals );
if( rc != LDAP_SUCCESS ) if( rc != LDAP_SUCCESS )
goto COMPLETE; goto COMPLETE;
@ -641,11 +642,12 @@ COMPLETE:
#ifdef NEW_LOGGING #ifdef NEW_LOGGING
LDAP_LOG( TRANSPORT, RESULTS, LDAP_LOG( TRANSPORT, RESULTS,
"slap_sasl_check_authz: %s check returning %s\n", "slap_sasl_check_authz: %s check returning %s\n",
ad->ad_cname.bv_val, rc, 0 ); ad->ad_cname.bv_val, rc, 0 );
#else #else
Debug( LDAP_DEBUG_TRACE, Debug( LDAP_DEBUG_TRACE,
"<==slap_sasl_check_authz: %s check returning %d\n", ad->ad_cname.bv_val, rc, 0); "<==slap_sasl_check_authz: %s check returning %d\n",
ad->ad_cname.bv_val, rc, 0);
#endif #endif
return( rc ); return( rc );