From d8cb33ebe821cfefeea0b28ccdc4df337632b57a Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Tue, 31 Jul 2001 10:02:19 +0000 Subject: [PATCH] added acl check for added/removed rdn attrs --- servers/slapd/back-ldbm/modrdn.c | 47 +++++++++++++++++++++++++++++++- 1 file changed, 46 insertions(+), 1 deletion(-) diff --git a/servers/slapd/back-ldbm/modrdn.c b/servers/slapd/back-ldbm/modrdn.c index 0e6d513a76..a523dc5504 100644 --- a/servers/slapd/back-ldbm/modrdn.c +++ b/servers/slapd/back-ldbm/modrdn.c @@ -486,6 +486,7 @@ ldbm_back_modrdn( for ( a_cnt = 0; new_rdn_types[a_cnt]; a_cnt++ ) { int rc; Modifications *mod_tmp; + struct berval val; mod_tmp = (Modifications *)ch_malloc( sizeof( Modifications ) ); @@ -510,6 +511,28 @@ ldbm_back_modrdn( goto return_results; } + val.bv_val = new_rdn_vals[a_cnt]; + val.bv_len = strlen( val.bv_val ); + if ( ! access_allowed( be, conn, op, p, + mod_tmp->sml_desc, &val, ACL_WRITE ) ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_INFO, + "ldbm_back_modrdn: access " + "not allowed to attr \"%s\"\n", + new_rdn_types[a_cnt] )); +#else + Debug( LDAP_DEBUG_TRACE, + "ldbm_back_modrdn: access not allowed " + "to attr \"%s\"\n%s%s", + new_rdn_types[a_cnt], "", "" ); +#endif + send_ldap_result( conn, op, + LDAP_INSUFFICIENT_ACCESS, + NULL, NULL, NULL, NULL ); + + goto return_results; + } + mod_tmp->sml_bvalues = (struct berval **)ch_malloc( 2 * sizeof(struct berval *) ); mod_tmp->sml_bvalues[0] = ber_bvstrdup( new_rdn_vals[a_cnt] ); mod_tmp->sml_bvalues[1] = NULL; @@ -539,10 +562,10 @@ ldbm_back_modrdn( for ( d_cnt = 0; old_rdn_types[d_cnt]; d_cnt++ ) { int rc; Modifications *mod_tmp; + struct berval val; mod_tmp = (Modifications *)ch_malloc( sizeof( Modifications ) ); - mod_tmp->sml_desc = NULL; rc = slap_str2ad( old_rdn_types[d_cnt], &mod_tmp->sml_desc, &text ); @@ -564,6 +587,28 @@ ldbm_back_modrdn( goto return_results; } + val.bv_val = old_rdn_vals[a_cnt]; + val.bv_len = strlen( val.bv_val ); + if ( ! access_allowed( be, conn, op, p, + mod_tmp->sml_desc, &val, ACL_WRITE ) ) { +#ifdef NEW_LOGGING + LDAP_LOG(( "backend", LDAP_LEVEL_INFO, + "ldbm_back_modrdn: access " + "not allowed to attr \"%s\"\n", + old_rdn_types[a_cnt] )); +#else + Debug( LDAP_DEBUG_TRACE, + "ldbm_back_modrdn: access not allowed " + "to attr \"%s\"\n%s%s", + old_rdn_types[a_cnt], "", "" ); +#endif + send_ldap_result( conn, op, + LDAP_INSUFFICIENT_ACCESS, + NULL, NULL, NULL, NULL ); + + goto return_results; + } + /* Remove old value of rdn as an attribute. */ mod_tmp->sml_bvalues = (struct berval **)ch_malloc( 2 * sizeof(struct berval *) ); mod_tmp->sml_bvalues[0] = ber_bvstrdup( old_rdn_vals[d_cnt] ); -- 2.39.5