From: Pierangelo Masarati <ando@openldap.org>
Date: Fri, 6 Jan 2006 16:24:07 +0000 (+0000)
Subject: allow backend_attribute to check access to "entry" and "children" pseudo-attributes
X-Git-Tag: OPENLDAP_REL_ENG_2_4_BP~440
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=f9a104bf4ddd1825f7b40f8691d185a72fe9bbc7;p=openldap

allow backend_attribute to check access to "entry" and "children" pseudo-attributes
---

diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index 85fb4bebc7..3256dd05f0 100644
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -1457,6 +1457,19 @@ fe_acl_attribute(
 	} 
 
 	if ( e ) {
+		if ( entry_at == slap_schema.si_ad_entry || entry_at == slap_schema.si_ad_children ) {
+			assert( vals == NULL );
+
+			rc = LDAP_SUCCESS;
+			if ( op->o_conn && access > ACL_NONE &&
+				access_allowed( op, e, entry_at, NULL,
+						access, &acl_state ) == 0 )
+			{
+				rc = LDAP_INSUFFICIENT_ACCESS;
+			}
+			goto freeit;
+		}
+
 		a = attr_find( e->e_attrs, entry_at );
 		if ( a == NULL ) {
 			SlapReply	rs = { 0 };