Require compare (not read) access to entry attr for compare ops

b0a0ac49 · Howard Chu · 64f81ee4 · b0a0ac49 · b0a0ac49
Commit b0a0ac49 authored 17 years ago by Howard Chu
--- a/doc/man/man5/slapd-sock.5
+++ b/doc/man/man5/slapd-sock.5
@@ -186,11 +186,8 @@ to the underlying program.
 The
 .B compare
 operation requires 
-.B read (=r)
-access (FIXME: wouldn't 
 .B compare (=c)
-be a more appropriate choice?)
-to the 
+access to the 
 .B entry
 pseudo-attribute
 of the object whose value is being asserted;

--- a/servers/slapd/back-sock/compare.c
+++ b/servers/slapd/back-sock/compare.c
@@ -48,7 +48,7 @@ sock_back_compare(
 	e.e_private = NULL;

 	if ( ! access_allowed( op, &e,
-		entry, NULL, ACL_READ, NULL ) )
+		entry, NULL, ACL_COMPARE, NULL ) )
 	{
 		send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
 		return -1;