From 5e6e27078c7157945f9be307302af08d13552429 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 15 Jan 2002 16:23:11 +0000 Subject: [PATCH] Change replace ACL semantics from U-Mich historical behavior. U-Mich allows someone with selfwrite to use replace all values of an attribute with a value containing their DN. Which, of course, could than be deleted. This behavior was carried forward in all versions of OpenLDAP. The new semantics separate checks for deleting all existing values and adding new values. It is more logical and more inline with the common use of selfwrite. --- servers/slapd/acl.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index feca8df8ae..5895ad1b75 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -1091,16 +1091,20 @@ acl_check_modlist( switch ( mlist->sml_op ) { case LDAP_MOD_REPLACE: - if ( mlist->sml_bvalues == NULL ) { - if ( ! access_allowed( be, conn, op, e, - mlist->sml_desc, NULL, ACL_WRITE ) ) - { - return( 0 ); - } - break; + /* + * We must check both permission to delete the whole + * attribute and permission to add the specific attributes. + * This prevents abuse from selfwriters. + */ + if ( ! access_allowed( be, conn, op, e, + mlist->sml_desc, NULL, ACL_WRITE ) ) + { + return( 0 ); } - /* fall thru */ + if ( mlist->sml_bvalues == NULL ) break; + + /* fall thru to check value to add */ case LDAP_MOD_ADD: assert( mlist->sml_bvalues != NULL ); -- 2.39.5