Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Joe Martin
OpenLDAP
Commits
e9292209
Commit
e9292209
authored
Nov 10, 2008
by
Quanah Gibson-Mount
Browse files
ITS#4556,ITS#5723
parent
34ea0bfa
Changes
6
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
e9292209
...
...
@@ -5,6 +5,8 @@ OpenLDAP 2.4.13 Engineering
Fixed liblutil hex conversion (ITS#5699)
Fixed liblutil returning undefined data (ITS#5748)
Fixed libldap error code return (ITS#5762)
Fixed slapd acl checks on ADD (ITS#4556,ITS#5723)
Added slapd keyword add_content_acl for add checks (ITS#4556,ITS#5723)
Fixed slapd config backend olcLogFile support (ITS#5765)
Added slapd dn.this search limits (ITS#5734)
Fixed slapd nameUIDPretty bitstring parsing (ITS#5750)
...
...
servers/slapd/back-bdb/add.c
View file @
e9292209
...
...
@@ -299,6 +299,24 @@ retry: /* transaction retry */
goto
return_results
;;
}
/*
* Check ACL for attribute write access
*/
if
(
!
acl_check_modlist
(
op
,
oe
,
op
->
ora_modlist
))
{
switch
(
opinfo
.
boi_err
)
{
case
DB_LOCK_DEADLOCK
:
case
DB_LOCK_NOTGRANTED
:
goto
retry
;
}
Debug
(
LDAP_DEBUG_TRACE
,
LDAP_XSTRING
(
bdb_add
)
": no write access to attribute
\n
"
,
0
,
0
,
0
);
rs
->
sr_err
=
LDAP_INSUFFICIENT_ACCESS
;
rs
->
sr_text
=
"no write access to attribute"
;
goto
return_results
;;
}
if
(
eid
==
NOID
)
{
rs
->
sr_err
=
bdb_next_id
(
op
->
o_bd
,
&
eid
);
if
(
rs
->
sr_err
!=
0
)
{
...
...
servers/slapd/back-ndb/add.cpp
View file @
e9292209
...
...
@@ -223,6 +223,19 @@ is_ref: p.e_attrs = NULL;
goto
return_results
;;
}
/*
* Check ACL for attribute write access
*/
if
(
!
acl_check_modlist
(
op
,
op
->
ora_e
,
op
->
ora_modlist
))
{
Debug
(
LDAP_DEBUG_TRACE
,
LDAP_XSTRING
(
bdb_add
)
": no write access to attribute
\n
"
,
0
,
0
,
0
);
rs
->
sr_err
=
LDAP_INSUFFICIENT_ACCESS
;
rs
->
sr_text
=
"no write access to attribute"
;
goto
return_results
;;
}
/* acquire entry ID */
if
(
op
->
ora_e
->
e_id
==
NOID
)
{
rs
->
sr_err
=
ndb_next_id
(
op
->
o_bd
,
NA
.
ndb
,
&
op
->
ora_e
->
e_id
);
...
...
servers/slapd/bconfig.c
View file @
e9292209
...
...
@@ -4651,6 +4651,15 @@ config_back_add( Operation *op, SlapReply *rs )
goto
out
;
}
/*
* Check for attribute ACL
*/
if
(
!
acl_check_modlist
(
op
,
op
->
ora_e
,
op
->
orm_modlist
))
{
rs
->
sr_err
=
LDAP_INSUFFICIENT_ACCESS
;
rs
->
sr_text
=
"no write access to attribute"
;
goto
out
;
}
cfb
=
(
CfBackInfo
*
)
op
->
o_bd
->
be_private
;
/* add opattrs for syncprov */
...
...
tests/data/slapd-acl.conf
View file @
e9292209
...
...
@@ -55,6 +55,7 @@ rootpw secret
#access to attrs=objectclass dn.subtree="dc=example,dc=com"
access
to
attrs
=
objectclass
by
dn
.
exact
=
"cn=Bjorn Jensen,ou=Information Technology Division,ou=People,dc=example,dc=com"
add
by
* =
rsc
stop
#access to filter="(objectclass=person)" attrs=userpassword dn.subtree="dc=example,dc=com"
...
...
tests/data/slapd-dds.conf
View file @
e9292209
...
...
@@ -66,19 +66,21 @@ access to dn.base="ou=Groups,dc=example,dc=com"
by
users
write
access
to
dn
.
onelevel
=
"ou=Groups,dc=example,dc=com"
attrs
=
entry
by
dnattr
=
creatorsName
writ
e
attrs
=
entry
Ttl
by
dnattr
=
member
manag
e
by
*
read
access
to
dn
.
onelevel
=
"ou=Groups,dc=example,dc=com"
attrs
=
member
by
dnattr
=
creatorsName
write
by
users
selfwrite
by
*
break
access
to
dn
.
onelevel
=
"ou=Groups,dc=example,dc=com"
attrs
=
entry
by
*
read
access
to
dn
.
onelevel
=
"ou=Groups,dc=example,dc=com"
attrs
=
entryTtl
by
dnattr
=
member
manag
e
attrs
=
member
by
users
selfwrit
e
by
*
read
access
to
*
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment