]> git.sur5r.net Git - openldap/commitdiff
projects / openldap / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 815efed)
backend_compute_output_attr() should use actual computed attribute type
authorLuke Howard <lukeh@openldap.org>
Thu, 26 Aug 2004 05:18:33 +0000 (05:18 +0000)
committerLuke Howard <lukeh@openldap.org>
Thu, 26 Aug 2004 05:18:33 +0000 (05:18 +0000)
returned by the plugin, rather than that requested by backend_attribute(),
for ACL checking.

They should of course be the same but this is the "correct" approach from
both a security and readability perspective

servers/slapd/backend.c patch | blob | history

diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index 483d70a6e423a671fc36e054355c0ce387d06e98..b8bd42738da60113a16b5509a684611dcfdc5f7b 100644 (file)
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -1512,7 +1512,7 @@ static int backend_compute_output_attr(computed_attr_context *c, Slapi_Attr *a,
        }
 
        if ( op->o_conn && access_allowed( op,
-               e, c->cac_attrs->an_desc, NULL, ACL_AUTH,
+               e, a->a_desc, NULL, ACL_AUTH,
                &c->cac_acl_state ) == 0 ) {
                return 1;
        }
@@ -1523,7 +1523,7 @@ static int backend_compute_output_attr(computed_attr_context *c, Slapi_Attr *a,
                op->o_tmpmemctx );
        for ( i=0,j=0; a->a_vals[i].bv_val; i++ ) {
                if ( op->o_conn && access_allowed( op,
-                       e, c->cac_attrs->an_desc,
+                       e, a->a_desc,
                        &a->a_nvals[i],
                        ACL_AUTH, &c->cac_acl_state ) == 0 ) {
                        continue;
@@ -1615,16 +1615,10 @@ backend_attribute(
                        computed_attr_context ctx;
                        AttributeName aname;
 
-                       /* only an_desc is needed by backend_compute_output_attr() */
-                       aname.an_name = entry_at->ad_cname;
-                       aname.an_desc = entry_at;
-                       aname.an_oc_exclude = 0;
-                       aname.an_oc = NULL;
-
                        slapi_int_pblock_set_operation( op->o_pb, op );
 
                        ctx.cac_pb = op->o_pb;
-                       ctx.cac_attrs = &aname;
+                       ctx.cac_attrs = NULL;
                        ctx.cac_userattrs = 0;
                        ctx.cac_opattrs = 0;
                        ctx.cac_acl_state = acl_state;
Cloned from git://git.openldap.org/openldap.git