From 4b84b6af147f74f91d8d25c84a2d26cb214bbb2b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= Date: Sat, 14 Feb 2015 18:08:59 +0000 Subject: [PATCH] ITS#8057 Enforce uniqueness unless permitted by ACL --- servers/slapd/overlays/unique.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/servers/slapd/overlays/unique.c b/servers/slapd/overlays/unique.c index 5f28c1d37c..53158461bc 100644 --- a/servers/slapd/overlays/unique.c +++ b/servers/slapd/overlays/unique.c @@ -1040,7 +1040,10 @@ unique_add( /* skip the checks if the operation has manageDsaIt control in it * (for replication) */ - if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) { + if ( op->o_managedsait > SLAP_CONTROL_IGNORED + && access_allowed ( op, op->ora_e, + slap_schema.si_ad_entry, NULL, + ACL_MANAGE, NULL ) ) { Debug(LDAP_DEBUG_TRACE, "unique_add: administrative bypass, skipping\n", 0, 0, 0); return rc; } @@ -1168,7 +1171,10 @@ unique_modify( /* skip the checks if the operation has manageDsaIt control in it * (for replication) */ - if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) { + if ( op->o_managedsait > SLAP_CONTROL_IGNORED + && access_allowed ( op, op->ora_e, + slap_schema.si_ad_entry, NULL, + ACL_MANAGE, NULL ) ) { Debug(LDAP_DEBUG_TRACE, "unique_modify: administrative bypass, skipping\n", 0, 0, 0); return rc; } @@ -1289,7 +1295,10 @@ unique_modrdn( /* skip the checks if the operation has manageDsaIt control in it * (for replication) */ - if ( op->o_managedsait > SLAP_CONTROL_IGNORED ) { + if ( op->o_managedsait > SLAP_CONTROL_IGNORED + && access_allowed ( op, op->ora_e, + slap_schema.si_ad_entry, NULL, + ACL_MANAGE, NULL ) ) { Debug(LDAP_DEBUG_TRACE, "unique_modrdn: administrative bypass, skipping\n", 0, 0, 0); return rc; } -- 2.39.5