From: Kurt Zeilenga <kurt@openldap.org>
Date: Tue, 15 Jan 2002 16:23:11 +0000 (+0000)
Subject: Change replace ACL semantics from U-Mich historical behavior.
X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~122
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=5e6e27078c7157945f9be307302af08d13552429;p=openldap

Change replace ACL semantics from U-Mich historical behavior.
U-Mich allows someone with selfwrite to use replace all values
of an attribute with a value containing their DN.  Which, of course,
could than be deleted.  This behavior was carried forward in all
versions of OpenLDAP.

The new semantics separate checks for deleting all existing values
and adding new values.  It is more logical and more inline with
the common use of selfwrite.
---

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index feca8df8ae..5895ad1b75 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -1091,16 +1091,20 @@ acl_check_modlist(
 
 		switch ( mlist->sml_op ) {
 		case LDAP_MOD_REPLACE:
-			if ( mlist->sml_bvalues == NULL ) {
-				if ( ! access_allowed( be, conn, op, e,
-					mlist->sml_desc, NULL, ACL_WRITE ) )
-				{
-					return( 0 );
-				}
-				break;
+			/*
+			 * We must check both permission to delete the whole
+			 * attribute and permission to add the specific attributes.
+			 * This prevents abuse from selfwriters.
+			 */
+			if ( ! access_allowed( be, conn, op, e,
+				mlist->sml_desc, NULL, ACL_WRITE ) )
+			{
+				return( 0 );
 			}
 
-			/* fall thru */
+			if ( mlist->sml_bvalues == NULL ) break;
+
+			/* fall thru to check value to add */
 
 		case LDAP_MOD_ADD:
 			assert( mlist->sml_bvalues != NULL );