Require compare (not read) access to entry attr for compare ops

author Howard Chu <hyc@openldap.org>

Thu, 27 Dec 2007 00:51:45 +0000 (00:51 +0000)

committer Howard Chu <hyc@openldap.org>

Thu, 27 Dec 2007 00:51:45 +0000 (00:51 +0000)
author Howard Chu <hyc@openldap.org>
Thu, 27 Dec 2007 00:51:45 +0000 (00:51 +0000)
committer Howard Chu <hyc@openldap.org>
Thu, 27 Dec 2007 00:51:45 +0000 (00:51 +0000)
diff --git a/doc/man/man5/slapd-sock.5 b/doc/man/man5/slapd-sock.5

index d0d3472c509e4aec40d1b9aab72dd41364bc12e3..99b467337d3c518c811e2e032f0c9686febd0e8b 100644 (file)
--- a/doc/man/man5/slapd-sock.5
+++ b/doc/man/man5/slapd-sock.5
@@ -186,11 +186,8 @@ to the underlying program.
  The
  .B compare
  operation requires 
-.B read (=r)
-access (FIXME: wouldn't 
  .B compare (=c)
-be a more appropriate choice?)
-to the 
+access to the 
  .B entry
  pseudo-attribute
  of the object whose value is being asserted;
diff --git a/servers/slapd/back-sock/compare.c b/servers/slapd/back-sock/compare.c

index 71fd6f17789319fb4d46f137e5f8f8002cd9c489..032210a93ac59cbb7678548a3bb6e045e780dc74 100644 (file)
--- a/servers/slapd/back-sock/compare.c
+++ b/servers/slapd/back-sock/compare.c
@@ -48,7 +48,7 @@ sock_back_compare(
         e.e_private = NULL;
  
         if ( ! access_allowed( op, &e,
-               entry, NULL, ACL_READ, NULL ) )
+               entry, NULL, ACL_COMPARE, NULL ) )
         {
                 send_ldap_error( op, rs, LDAP_INSUFFICIENT_ACCESS, NULL );
                 return -1;
author	Howard Chu <hyc@openldap.org>
	Thu, 27 Dec 2007 00:51:45 +0000 (00:51 +0000)
committer	Howard Chu <hyc@openldap.org>
	Thu, 27 Dec 2007 00:51:45 +0000 (00:51 +0000)
doc/man/man5/slapd-sock.5		patch \| blob \| history
servers/slapd/back-sock/compare.c		patch \| blob \| history