From 632e8b66b09e6b564091be8bbc11158a0c7f43d4 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Fri, 6 Sep 2002 03:22:16 +0000
Subject: [PATCH] Fix backend_attribute() to use ACL_AUTH instead of ACL_READ

---
 servers/slapd/back-bdb/attribute.c  | 15 +++------------
 servers/slapd/back-ldbm/attribute.c | 12 ++----------
 2 files changed, 5 insertions(+), 22 deletions(-)

diff --git a/servers/slapd/back-bdb/attribute.c b/servers/slapd/back-bdb/attribute.c
index 6ad4b30e78..8b7ec4b8e4 100644
--- a/servers/slapd/back-bdb/attribute.c
+++ b/servers/slapd/back-bdb/attribute.c
@@ -91,7 +91,6 @@ bdb_attribute(
 			entry_ndn->bv_val, 0, 0 );
 #endif
 
-
 	} else {
 dn2entry_retry:
 		/* can we find entry */
@@ -165,14 +164,6 @@ dn2entry_retry:
 		goto return_results;
 	}
 
-	if (conn != NULL && op != NULL
-		&& access_allowed( be, conn, op, e, slap_schema.si_ad_entry,
-			NULL, ACL_READ, &acl_state ) == 0 )
-	{
-		rc = LDAP_INSUFFICIENT_ACCESS;
-		goto return_results;
-	}
-
 	if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) {
 #ifdef NEW_LOGGING
 		LDAP_LOG( BACK_BDB, INFO, 
@@ -187,8 +178,8 @@ dn2entry_retry:
 	}
 
 	if (conn != NULL && op != NULL
-		&& access_allowed( be, conn, op, e, entry_at, NULL, ACL_READ, 
-			   &acl_state ) == 0 )
+		&& access_allowed( be, conn, op, e, entry_at, NULL,
+			ACL_AUTH, &acl_state ) == 0 )
 	{
 		rc = LDAP_INSUFFICIENT_ACCESS;
 		goto return_results;
@@ -204,7 +195,7 @@ dn2entry_retry:
 		if( conn != NULL
 			&& op != NULL
 			&& access_allowed(be, conn, op, e, entry_at,
-				&attr->a_vals[i], ACL_READ, &acl_state ) == 0)
+				&attr->a_vals[i], ACL_AUTH, &acl_state ) == 0)
 		{
 			continue;
 		}
diff --git a/servers/slapd/back-ldbm/attribute.c b/servers/slapd/back-ldbm/attribute.c
index 0dc5daf03a..4639f7d120 100644
--- a/servers/slapd/back-ldbm/attribute.c
+++ b/servers/slapd/back-ldbm/attribute.c
@@ -128,14 +128,6 @@ ldbm_back_attribute(
 		goto return_results;
 	}
 
-	if (conn != NULL && op != NULL
-		&& access_allowed( be, conn, op, e, slap_schema.si_ad_entry,
-			NULL, ACL_READ, NULL ) == 0)
-	{
-		rc = LDAP_INSUFFICIENT_ACCESS;
-		goto return_results;
-	}
-
 	if ((attr = attr_find(e->e_attrs, entry_at)) == NULL) {
 #ifdef NEW_LOGGING
 		LDAP_LOG( BACK_LDBM, INFO, 
@@ -152,7 +144,7 @@ ldbm_back_attribute(
 
 	if (conn != NULL && op != NULL
 		&& access_allowed( be, conn, op, e, entry_at, NULL,
-			ACL_READ, &acl_state ) == 0)
+			ACL_AUTH, &acl_state ) == 0)
 	{
 		rc = LDAP_INSUFFICIENT_ACCESS;
 		goto return_results;
@@ -168,7 +160,7 @@ ldbm_back_attribute(
 		if( conn != NULL
 			&& op != NULL
 			&& access_allowed( be, conn, op, e, entry_at,
-				iv, ACL_READ, &acl_state ) == 0)
+				iv, ACL_AUTH, &acl_state ) == 0)
 		{
 			continue;
 		}
-- 
2.39.5