From: Pierangelo Masarati Date: Wed, 4 Jan 2006 00:52:07 +0000 (+0000) Subject: fix self for "users" (ITS#4299) X-Git-Tag: OPENLDAP_REL_ENG_2_4_BP~467 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=8c0ad9021a99bfa285ec95d30d7ca762b8d574cd;p=openldap fix self for "users" (ITS#4299) --- diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 5af64f50e1..81a7e43e88 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -951,6 +951,8 @@ static int acl_mask_dn( Operation *op, Entry *e, + AttributeDescription *desc, + struct berval *val, AccessControl *a, int nmatch, regmatch_t *matches, @@ -978,6 +980,27 @@ acl_mask_dn( return 1; } + if ( b->a_self ) { + const char *dummy; + int rc, match = 0; + + /* must have DN syntax */ + if ( desc->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) return 1; + + /* check if the target is an attribute. */ + if ( val == NULL ) return 1; + + /* target is attribute, check if the attribute value + * is the op dn. + */ + rc = value_match( &match, desc, + desc->ad_type->sat_equality, 0, + val, opndn, &dummy ); + /* on match error or no match, fail the ACL clause */ + if ( rc != LDAP_SUCCESS || match != 0 ) + return 1; + } + } else if ( b->a_style == ACL_STYLE_SELF ) { struct berval ndn, selfndn; int level; @@ -1411,7 +1434,7 @@ slap_acl_mask( * is maintaned in a_dn_pat. */ - if ( acl_mask_dn( op, e, a, nmatch, matches, + if ( acl_mask_dn( op, e, desc, val, a, nmatch, matches, &b->a_dn, &op->o_ndn ) ) { continue; @@ -1442,7 +1465,7 @@ slap_acl_mask( ndn = op->o_ndn; } - if ( acl_mask_dn( op, e, a, nmatch, matches, + if ( acl_mask_dn( op, e, desc, val, a, nmatch, matches, &b->a_realdn, &ndn ) ) { continue;