upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-25 09:09:54 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#4587, selfwrite should apply to more than just USERS acl's

Browse source
This commit is contained in:
Howard Chu 2006-06-13 03:19:07 +00:00
parent ed0d8d0a94
commit adba963c32
1 changed files with 21 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
servers/slapd/acl.c
View file

@ -690,6 +690,27 @@ acl_mask_dn(
* value is set in a_dn_style; however, the string
* is maintaned in a_dn_pat.
*/
if ( b->a_self ) {
const char *dummy;
int rc, match = 0;
/* must have DN syntax */
if ( desc->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) return 1;
/* check if the target is an attribute. */
if ( val == NULL ) return 1;
/* target is attribute, check if the attribute value
* is the op dn.
*/
rc = value_match( &match, desc,
desc->ad_type->sat_equality, 0,
val, opndn, &dummy );
/* on match error or no match, fail the ACL clause */
if ( rc != LDAP_SUCCESS || match != 0 )
return 1;
}
if ( b->a_style == ACL_STYLE_ANONYMOUS ) {
if ( !BER_BVISEMPTY( opndn ) ) {
return 1;
@ -700,27 +721,6 @@ acl_mask_dn(
return 1;
}
if ( b->a_self ) {
const char *dummy;
int rc, match = 0;
/* must have DN syntax */
if ( desc->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) return 1;
/* check if the target is an attribute. */
if ( val == NULL ) return 1;
/* target is attribute, check if the attribute value
* is the op dn.
*/
rc = value_match( &match, desc,
desc->ad_type->sat_equality, 0,
val, opndn, &dummy );
/* on match error or no match, fail the ACL clause */
if ( rc != LDAP_SUCCESS || match != 0 )
return 1;
}
} else if ( b->a_style == ACL_STYLE_SELF ) {
struct berval ndn, selfndn;
int level;