From: Ondřej Kuzník Date: Sat, 14 Feb 2015 18:08:59 +0000 (+0000) Subject: ITS#8057 Enforce uniqueness unless permitted by ACL X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=4b84b6af147f74f91d8d25c84a2d26cb214bbb2b;p=openldap ITS#8057 Enforce uniqueness unless permitted by ACL --- diff --git a/servers/slapd/overlays/unique.c b/servers/slapd/overlays/unique.c index 5f28c1d37c..53158461bc 100644 --- a/servers/slapd/overlays/unique.c +++ b/servers/slapd/overlays/unique.c @@ -1040,7 +1040,10 @@ unique_add( /* skip the checks if the operation has manageDsaIt control in it * (for replication) */ - if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) { + if ( op->o_managedsait > SLAP_CONTROL_IGNORED + && access_allowed ( op, op->ora_e, + slap_schema.si_ad_entry, NULL, + ACL_MANAGE, NULL ) ) { Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0); return rc; } @@ -1168,7 +1171,10 @@ unique_modify( /* skip the checks if the operation has manageDsaIt control in it * (for replication) */ - if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) { + if ( op->o_managedsait > SLAP_CONTROL_IGNORED + && access_allowed ( op, op->ora_e, + slap_schema.si_ad_entry, NULL, + ACL_MANAGE, NULL ) ) { Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0); return rc; } @@ -1289,7 +1295,10 @@ unique_modrdn( /* skip the checks if the operation has manageDsaIt control in it * (for replication) */ - if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) { + if ( op->o_managedsait > SLAP_CONTROL_IGNORED + && access_allowed ( op, op->ora_e, + slap_schema.si_ad_entry, NULL, + ACL_MANAGE, NULL ) ) { Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0); return rc; }