[Fedora-directory-commits] ldapserver/ldap/servers/plugins/acl acl.c, 1.6, 1.6.2.1

Noriko Hosoi (nhosoi) fedora-directory-commits at redhat.com
Fri Jan 11 20:52:48 UTC 2008


Author: nhosoi

Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/acl
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10506/plugins/acl

Modified Files:
      Tag: Directory71RtmBranch
	acl.c 
Log Message:
Resolves: #288321
Summary: ns-slapd aborts during updating attribute values which contain + 
         characters with nothing after them
Description: applied the patch to Directory71RtmBranch



Index: acl.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acl.c,v
retrieving revision 1.6
retrieving revision 1.6.2.1
diff -u -r1.6 -r1.6.2.1
--- acl.c	19 Apr 2005 22:07:28 -0000	1.6
+++ acl.c	11 Jan 2008 20:52:46 -0000	1.6.2.1
@@ -107,7 +107,7 @@
 	Slapi_PBlock	    *pb,
 	Slapi_Entry	    *e,			/* The Slapi_Entry */
 	char				*attr,		/* Attribute of	the entry */
-	struct berval	    *val,		/* value of attr. NOT USED */
+	struct berval	    *val,		/* value of attr */
 	int		    access		/* requested access rights */
 	)
 {
@@ -337,20 +337,32 @@
 	TNF_PROBE_0_DEBUG(acl_aclpbinit_end,"ACL","");
 
 
-	/* Here	we mean	if "I am trying	to add/delete "myself" ? " */
+	/* Here	we mean	if "I am trying	to add/delete "myself" to a group, etc." We
+	 * basically just want to see if the value matches the DN of the user that
+	 * we're checking access for */
 	if (val &&  (access & SLAPI_ACL_WRITE) && (val->bv_len > 0) ) {
-		/* should use slapi_sdn_compare() but that'a an extra malloc/free */
+		Slapi_Attr *sa = slapi_attr_new();
+		char *oid = NULL;
 		
-		char *dn_val_to_write =
-					slapi_dn_normalize(slapi_ch_strdup(val->bv_val)); 
+		slapi_attr_init(sa, attr);
+		slapi_attr_get_syntax_oid_copy(sa, &oid);
    
-     	if ( aclpb->aclpb_authorization_sdn && 
-				slapi_utf8casecmp((ACLUCHP)dn_val_to_write, (ACLUCHP)
-				slapi_sdn_get_ndn(aclpb->aclpb_authorization_sdn)) == 0) { 
-			access |= SLAPI_ACL_SELF;
-         } 
+		/* We only want to perform this check if the attribute is
+		 * defined using the DN syntax. */
+		if (oid && (strcasecmp(oid, DN_SYNTAX_OID) == 0)) { 
+			/* should use slapi_sdn_compare() but that'a an extra malloc/free */
+			char *dn_val_to_write = slapi_dn_normalize(slapi_ch_strdup(val->bv_val));
+     		if ( aclpb->aclpb_authorization_sdn && 
+					slapi_utf8casecmp((ACLUCHP)dn_val_to_write, (ACLUCHP)
+					slapi_sdn_get_ndn(aclpb->aclpb_authorization_sdn)) == 0) { 
+				access |= SLAPI_ACL_SELF;
+         	} 
 	
-		slapi_ch_free( (void **)&dn_val_to_write);
+			slapi_ch_free_string(&dn_val_to_write);
+		}
+
+		slapi_ch_free_string(&oid);
+		slapi_attr_free(&sa);
 	}
 
 	/* Convert access to string of rights eg SLAPI_ACL_ADD->"add". */




More information about the Fedora-directory-commits mailing list