Apply ACL to lastmod attributes.

author Kurt Zeilenga <kurt@openldap.org>

Fri, 29 Oct 1999 20:00:47 +0000 (20:00 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Fri, 29 Oct 1999 20:00:47 +0000 (20:00 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Fri, 29 Oct 1999 20:00:47 +0000 (20:00 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Fri, 29 Oct 1999 20:00:47 +0000 (20:00 +0000)
diff --git a/CHANGES b/CHANGES

index bf1e162ccc5b896cbb28dc1f870b8a8184613311..d4ac3080c37cab5dd12d5afc50f934d34feee150 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -8,6 +8,7 @@ Changes included in OpenLDAP 1.2 Release Engineering
         Fixed ldbm db_appinit to use u_int32_t instead of int (ITS#295)
         Fixed lber/io.c Cray T90 specific pointer arithmetic problem (ITS#325)
         Added TCP_NODELAY support
         Fixed ldbm db_appinit to use u_int32_t instead of int (ITS#295)
         Fixed lber/io.c Cray T90 specific pointer arithmetic problem (ITS#325)
         Added TCP_NODELAY support
+       Change slapd to apply ACL to lastmod attributes
         Change slapd.conf default referral
         Documentation
                 Reference Quick Start Guide in README and INSTALL
         Change slapd.conf default referral
         Documentation
                 Reference Quick Start Guide in README and INSTALL
diff --git a/servers/slapd/result.c b/servers/slapd/result.c

index f7320bdf8be29a9c2909b82df40bc02984e36c83..03651002fc6d77f0928db055c743304389c55c95 100644 (file)
--- a/servers/slapd/result.c
+++ b/servers/slapd/result.c
@@ -250,19 +250,8 @@ send_search_entry(
                         continue;
                 }
  
                         continue;
                 }
  
-               /* the lastmod attributes are ignored by ACL checking */
-               if ( strcasecmp( a->a_type, "modifiersname" ) == 0 ||
-                       strcasecmp( a->a_type, "modifytimestamp" ) == 0 ||
-                       strcasecmp( a->a_type, "creatorsname" ) == 0 ||
-                       strcasecmp( a->a_type, "createtimestamp" ) == 0 ) 
-               {
-                       Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access DEFAULT\n",
-                               a->a_type, 0, 0 );
-                       acl = NULL;
-               } else {
-                       acl = acl_get_applicable( be, op, e, a->a_type,
-                               MAXREMATCHES, matches );
-               }
+               acl = acl_get_applicable( be, op, e, a->a_type,
+                       MAXREMATCHES, matches );
  
                 if ( ! acl_access_allowed( acl, be, conn, e,
                         NULL, op, ACL_READ, edn, matches ) ) 
  
                 if ( ! acl_access_allowed( acl, be, conn, e,
                         NULL, op, ACL_READ, edn, matches ) ) 
diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf

index 80dd2b65940aa7c3d1699a1e3d49a8b8fd4ea756..16f3bd7a27a833683977cba6450f1c516d8515fe 100644 (file)
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@@ -20,19 +20,29 @@ index               cn,sn,uid       pres,eq,approx
  index          default         none
  lastmod                on
  defaultaccess  none
  index          default         none
  lastmod                on
  defaultaccess  none
-access         to attr=objectclass
+
+access to attr=createtimestamp,creatorsname,modifytimestamp,modifiersname
+       by * none
+
+access to attr=objectclass
                 by * read
                 by * read
+
  access         to attr=userpassword
                 by self write
  access         to attr=userpassword
                 by self write
+               by dn="^$$" none
                 by * compare
                 by * compare
-access         to dn=".*,ou=Alumni Association,ou=People,o=University of Michigan,c=US"
-               by dn=".*,o=University of Michigan,c=US"
-               read
+
+access         to dn=".*,ou=Alumni Association,ou=People,o=University of Michigan,c=US$$"
+               by dn="^$$" none
+               by dn=".*,o=University of Michigan,c=US$$" read
                 by * none
                 by * none
+
  access         to attr=member
                 by dnattr=member selfwrite
                 by * read
  access         to attr=member
                 by dnattr=member selfwrite
                 by * read
+
  access         to filter="objectclass=rfc822mailgroup"
  access         to filter="objectclass=rfc822mailgroup"
-               by dn="Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US" write
+               by dn="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$$" write
                 by * read
                 by * read
+
  access         to * by * read
  access         to * by * read
author	Kurt Zeilenga <kurt@openldap.org>
	Fri, 29 Oct 1999 20:00:47 +0000 (20:00 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Fri, 29 Oct 1999 20:00:47 +0000 (20:00 +0000)
CHANGES		patch \| blob \| history
servers/slapd/result.c		patch \| blob \| history
tests/data/slapd-acl.conf		patch \| blob \| history