upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-22 23:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

ITS#8057 Use an actual entry for modify/modrdn checks

Browse source
This commit is contained in:
Ondřej Kuzník 2015-04-07 19:53:10 +01:00 committed by Howard Chu
parent 525aa23800
commit cf3e10ee15
1 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
servers/slapd/overlays/unique.c
View file

@ -1162,6 +1162,7 @@ unique_modify(
unique_domain *domain; unique_domain *domain;
Operation nop = *op; Operation nop = *op;
Modifications *m; Modifications *m;
Entry *e = NULL;
char *key, *kp; char *key, *kp;
struct berval bvkey; struct berval bvkey;
int rc = SLAP_CB_CONTINUE; int rc = SLAP_CB_CONTINUE;
@ -1172,12 +1173,18 @@ unique_modify(
/* skip the checks if the operation has manageDsaIt control in it /* skip the checks if the operation has manageDsaIt control in it
* (for replication) */ * (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED if ( op->o_managedsait > SLAP_CONTROL_IGNORED
&& access_allowed ( op, op->ora_e, && overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS
&& e
&& access_allowed ( op, e,
slap_schema.si_ad_entry, NULL, slap_schema.si_ad_entry, NULL,
ACL_MANAGE, NULL ) ) { ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0); Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0);
overlay_entry_release_ov( op, e, 0, on );
return rc; return rc;
} }
if ( e ) {
overlay_entry_release_ov( op, e, 0, on );
}
for ( domain = legacy ? legacy : domains; for ( domain = legacy ? legacy : domains;
domain; domain;
@ -1284,6 +1291,7 @@ unique_modrdn(
unique_domain *legacy = private->legacy; unique_domain *legacy = private->legacy;
unique_domain *domain; unique_domain *domain;
Operation nop = *op; Operation nop = *op;
Entry *e = NULL;
char *key, *kp; char *key, *kp;
struct berval bvkey; struct berval bvkey;
LDAPRDN newrdn; LDAPRDN newrdn;
@ -1296,12 +1304,18 @@ unique_modrdn(
/* skip the checks if the operation has manageDsaIt control in it /* skip the checks if the operation has manageDsaIt control in it
* (for replication) */ * (for replication) */
if ( op->o_managedsait > SLAP_CONTROL_IGNORED if ( op->o_managedsait > SLAP_CONTROL_IGNORED
&& access_allowed ( op, op->ora_e, && overlay_entry_get_ov(op, &op->o_req_ndn, NULL, NULL, 0, &e, on) == LDAP_SUCCESS
&& e
&& access_allowed ( op, e,
slap_schema.si_ad_entry, NULL, slap_schema.si_ad_entry, NULL,
ACL_MANAGE, NULL ) ) { ACL_MANAGE, NULL ) ) {
Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0); Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0);
overlay_entry_release_ov( op, e, 0, on );
return rc; return rc;
} }
if ( e ) {
overlay_entry_release_ov( op, e, 0, on );
}
for ( domain = legacy ? legacy : domains; for ( domain = legacy ? legacy : domains;
domain; domain;