From: Luke Howard Date: Thu, 26 Aug 2004 05:18:33 +0000 (+0000) Subject: backend_compute_output_attr() should use actual computed attribute type X-Git-Tag: OPENLDAP_REL_ENG_2_3_0ALPHA~633 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=563f73b81dbe010b6c330e9f738399e90f5e658c;p=openldap backend_compute_output_attr() should use actual computed attribute type returned by the plugin, rather than that requested by backend_attribute(), for ACL checking. They should of course be the same but this is the "correct" approach from both a security and readability perspective --- diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 483d70a6e4..b8bd42738d 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -1512,7 +1512,7 @@ static int backend_compute_output_attr(computed_attr_context *c, Slapi_Attr *a, } if ( op->o_conn && access_allowed( op, - e, c->cac_attrs->an_desc, NULL, ACL_AUTH, + e, a->a_desc, NULL, ACL_AUTH, &c->cac_acl_state ) == 0 ) { return 1; } @@ -1523,7 +1523,7 @@ static int backend_compute_output_attr(computed_attr_context *c, Slapi_Attr *a, op->o_tmpmemctx ); for ( i=0,j=0; a->a_vals[i].bv_val; i++ ) { if ( op->o_conn && access_allowed( op, - e, c->cac_attrs->an_desc, + e, a->a_desc, &a->a_nvals[i], ACL_AUTH, &c->cac_acl_state ) == 0 ) { continue; @@ -1615,16 +1615,10 @@ backend_attribute( computed_attr_context ctx; AttributeName aname; - /* only an_desc is needed by backend_compute_output_attr() */ - aname.an_name = entry_at->ad_cname; - aname.an_desc = entry_at; - aname.an_oc_exclude = 0; - aname.an_oc = NULL; - slapi_int_pblock_set_operation( op->o_pb, op ); ctx.cac_pb = op->o_pb; - ctx.cac_attrs = &aname; + ctx.cac_attrs = NULL; ctx.cac_userattrs = 0; ctx.cac_opattrs = 0; ctx.cac_acl_state = acl_state;