From: Kurt Zeilenga <kurt@openldap.org>
Date: Tue, 5 Sep 2000 21:48:12 +0000 (+0000)
Subject: Consistently don't require "entry" access (except on search)
X-Git-Tag: LDBM_PRE_GIANT_RWLOCK~2096
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=a75a024fd38a87dd37198a79b9e88cae4348b198;p=openldap

Consistently don't require "entry" access (except on search)
---

diff --git a/servers/slapd/back-ldbm/bind.c b/servers/slapd/back-ldbm/bind.c
index e31a267f69..449fac2ee1 100644
--- a/servers/slapd/back-ldbm/bind.c
+++ b/servers/slapd/back-ldbm/bind.c
@@ -41,7 +41,6 @@ ldbm_back_bind(
 #endif
 
 	AttributeDescription *password = slap_schema.si_ad_userPassword;
-	AttributeDescription *entry = slap_schema.si_ad_entry;
 
 	Debug(LDAP_DEBUG_ARGS, "==> ldbm_back_bind: dn: %s\n", dn, 0, 0);
 
@@ -101,15 +100,6 @@ ldbm_back_bind(
 
 	/* check for deleted */
 
-	if ( ! access_allowed( be, conn, op, e,
-		entry, NULL, ACL_AUTH ) )
-	{
-		send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
-			NULL, NULL, NULL, NULL );
-		rc = 1;
-		goto return_results;
-	}
-
 	if ( is_entry_alias( e ) ) {
 		/* entry is an alias, don't allow bind */
 		Debug( LDAP_DEBUG_TRACE, "entry is alias\n", 0,
diff --git a/servers/slapd/back-ldbm/delete.c b/servers/slapd/back-ldbm/delete.c
index c216f6b901..dd0f7fc971 100644
--- a/servers/slapd/back-ldbm/delete.c
+++ b/servers/slapd/back-ldbm/delete.c
@@ -65,19 +65,6 @@ ldbm_back_delete(
 		return( -1 );
 	}
 
-#ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
-	if ( ! access_allowed( be, conn, op, e,
-		"entry", NULL, ACL_WRITE ) )
-	{
-		Debug(LDAP_DEBUG_ARGS,
-			"<=- ldbm_back_delete: insufficient access %s\n",
-			dn, 0, 0);
-		send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
-			NULL, NULL, NULL, NULL );
-		goto return_results;
-	}
-#endif
-
     if ( !manageDSAit && is_entry_referral( e ) ) {
 		/* parent is a referral, don't allow add */
 		/* parent is an alias, don't allow add */
diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c
index 3f1438fbf9..7367f2ad8b 100644
--- a/servers/slapd/back-ldbm/modrdn.c
+++ b/servers/slapd/back-ldbm/modrdn.c
@@ -102,18 +102,6 @@ ldbm_back_modrdn(
 		return( -1 );
 	}
 
-#ifdef SLAPD_CHILD_MODIFICATION_WITH_ENTRY_ACL
-	if ( ! access_allowed( be, conn, op, e,
-		"entry", NULL, ACL_WRITE ) )
-	{
-		Debug( LDAP_DEBUG_TRACE, "no access to entry\n", 0,
-			0, 0 );
-		send_ldap_result( conn, op, LDAP_INSUFFICIENT_ACCESS,
-			NULL, NULL, NULL, NULL );
-		goto return_results;
-	}
-#endif
-
 	if (!manageDSAit && is_entry_referral( e ) ) {
 		/* parent is a referral, don't allow add */
 		/* parent is an alias, don't allow add */
diff --git a/servers/slapd/back-ldbm/passwd.c b/servers/slapd/back-ldbm/passwd.c
index 8f2c968db9..b5156b0de3 100644
--- a/servers/slapd/back-ldbm/passwd.c
+++ b/servers/slapd/back-ldbm/passwd.c
@@ -40,8 +40,6 @@ ldbm_back_exop_passwd(
 
 	char *dn;
 
-	AttributeDescription *entry = slap_schema.si_ad_entry;
-
 	assert( reqoid != NULL );
 	assert( strcmp( LDAP_EXOP_X_MODIFY_PASSWD, reqoid ) == 0 );
 
@@ -94,12 +92,6 @@ ldbm_back_exop_passwd(
 		goto done;
 	}
 
-	if( ! access_allowed( be, conn, op, e, entry, NULL, ACL_WRITE ) ) {
-		*text = "access to authorization entry denied";
-		rc = LDAP_INSUFFICIENT_ACCESS;
-		goto done;
-	}
-
 	if( is_entry_alias( e ) ) {
 		/* entry is an alias, don't allow operation */
 		*text = "authorization entry is alias";