From adba963c324e01b66ae84be47778ea97f725c398 Mon Sep 17 00:00:00 2001 From: Howard Chu Date: Tue, 13 Jun 2006 03:19:07 +0000 Subject: [PATCH] ITS#4587, selfwrite should apply to more than just USERS acl's --- servers/slapd/acl.c | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 3a3568f011..0f62341788 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -690,6 +690,27 @@ acl_mask_dn( * value is set in a_dn_style; however, the string * is maintaned in a_dn_pat. */ + if ( b->a_self ) { + const char *dummy; + int rc, match = 0; + + /* must have DN syntax */ + if ( desc->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) return 1; + + /* check if the target is an attribute. */ + if ( val == NULL ) return 1; + + /* target is attribute, check if the attribute value + * is the op dn. + */ + rc = value_match( &match, desc, + desc->ad_type->sat_equality, 0, + val, opndn, &dummy ); + /* on match error or no match, fail the ACL clause */ + if ( rc != LDAP_SUCCESS || match != 0 ) + return 1; + } + if ( b->a_style == ACL_STYLE_ANONYMOUS ) { if ( !BER_BVISEMPTY( opndn ) ) { return 1; @@ -700,27 +721,6 @@ acl_mask_dn( return 1; } - if ( b->a_self ) { - const char *dummy; - int rc, match = 0; - - /* must have DN syntax */ - if ( desc->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) return 1; - - /* check if the target is an attribute. */ - if ( val == NULL ) return 1; - - /* target is attribute, check if the attribute value - * is the op dn. - */ - rc = value_match( &match, desc, - desc->ad_type->sat_equality, 0, - val, opndn, &dummy ); - /* on match error or no match, fail the ACL clause */ - if ( rc != LDAP_SUCCESS || match != 0 ) - return 1; - } - } else if ( b->a_style == ACL_STYLE_SELF ) { struct berval ndn, selfndn; int level; -- 2.39.5