upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-06-09 08:42:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Import ACL "entry" changes from devel

Browse source
This commit is contained in:
Kurt Zeilenga 2000-09-05 21:55:53 +00:00
parent cae2030887
commit f617fbde33
6 changed files with 1 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGES
View file

@ -4,6 +4,7 @@ OpenLDAP 2.0.X Engineering
Fixed StartTLS & ldaps:// client SDK
Fixed slapd session close deadlock (ITS#704)
Fixed slapd SSF ACLs
Fixed slapd "entry" ACLs
Updated slapd MAXARGS to 200
Updated slapd nisNetgroupTriple validation routine (ITS#705)
Updated slapd bootParameter validation routine (ITS#706)

10
servers/slapd/back-ldbm/bind.c
View file

@ -41,7 +41,6 @@ ldbm_back_bind(
#endif
AttributeDescription *password = slap_schema.si_ad_userPassword;
AttributeDescription *entry = slap_schema.si_ad_entry;
Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn, 0, 0);
@ -101,15 +100,6 @@ ldbm_back_bind(
/* check for deleted */
if ( ! access_allowed( be, conn, op, e,
entry, NULL, ACL_AUTH ) )
{
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
rc = 1;
goto return_results;
}
if ( is_entry_alias( e ) ) {
/* entry is an alias, don't allow bind */
Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0,

13
servers/slapd/back-ldbm/delete.c
View file

@ -65,19 +65,6 @@ ldbm_back_delete(
return( -1 );
}
#ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
if ( ! access_allowed( be, conn, op, e,
"entry", NULL, ACL_WRITE ) )
{
Debug(LDAP_DEBUG_ARGS,
"<=- ldbm_back_delete: insufficient access %s\n",
dn, 0, 0);
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
goto return_results;
}
#endif
if ( !manageDSAit && is_entry_referral( e ) ) {
/* parent is a referral, don't allow add */
/* parent is an alias, don't allow add */

12
servers/slapd/back-ldbm/modrdn.c
View file

@ -102,18 +102,6 @@ ldbm_back_modrdn(
return( -1 );
}
#ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
if ( ! access_allowed( be, conn, op, e,
"entry", NULL, ACL_WRITE ) )
{
Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
0, 0 );
send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL );
goto return_results;
}
#endif
if (!manageDSAit && is_entry_referral( e ) ) {
/* parent is a referral, don't allow add */
/* parent is an alias, don't allow add */

8
servers/slapd/back-ldbm/passwd.c
View file

@ -40,8 +40,6 @@ ldbm_back_exop_passwd(
char *dn;
AttributeDescription *entry = slap_schema.si_ad_entry;
assert( reqoid != NULL );
assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 );
@ -94,12 +92,6 @@ ldbm_back_exop_passwd(
goto done;
}
if( ! access_allowed( be, conn, op, e, entry, NULL, ACL_WRITE ) ) {
*text = "access to authorization entry denied";
rc = LDAP_INSUFFICIENT_ACCESS;
goto done;
}
if( is_entry_alias( e ) ) {
/* entry is an alias, don't allow operation */
*text = "authorization entry is alias";

1
tests/data/slapd-acl.conf
View file

@ -39,7 +39,6 @@ access to filter="objectclass=person" attr=userpassword
by self write
access to dn.children="ou=Alumni Association, ou=People, o=University of Michigan, c=US"
by dn="^$" +x continue
by dn.regex=".+,o=University of Michigan,c=US" +c continue
by dn.subtree="o=University of Michigan, c=US" +rs continue
by * stop