Commit f6e4f202 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

test for ITS#4587; another bit of fix for that

parent adba963c
......@@ -700,6 +700,11 @@ acl_mask_dn(
/* check if the target is an attribute. */
if ( val == NULL ) return 1;
/* a DN must be present */
if ( BER_BVISEMPTY( opndn ) ) {
return 1;
}
/* target is attribute, check if the attribute value
* is the op dn.
*/
......
......@@ -68,7 +68,6 @@ member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
=com
member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
mple,dc=com
member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com
......
......@@ -110,6 +110,7 @@ access to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
#access to attrs=member,uniquemember dn.subtree="dc=example,dc=com"
access to attrs=member,uniquemember
by dn.exact="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" selfwrite
by dnattr=member selfwrite
by dnattr=uniquemember selfwrite
by * read
......
......@@ -103,6 +103,47 @@ $LDAPSEARCH -h $LOCALHOST -p $PORT1 \
-D "$BJORNSDN" -w bjorn \
-b "$BABSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1
# check selfwrite access (ITS#4587). Two attempts are made:
# 1) delete someone else (should fail)
# 2) delete self (should succeed)
#
$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
$TESTOUT 2>&1 << EOMODS
dn: cn=All Staff,ou=Groups,dc=example,dc=com
changetype: modify
delete: member
member: $BABSDN
EOMODS
RC=$?
case $RC in
50)
;;
0)
echo "ldapmodify should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit -1
;;
*)
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
;;
esac
$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
$TESTOUT 2>&1 << EOMODS
dn: cn=All Staff,ou=Groups,dc=example,dc=com
changetype: modify
delete: member
member: $JAJDN
EOMODS
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
#
# Check group access. Try to modify Babs' entry. Two attempts:
# 1) bound as "James A Jones 1" - should fail
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment