[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm ldbm_search.c, 1.14, 1.15
Nathan Kinder
nkinder at fedoraproject.org
Wed Nov 26 22:42:15 UTC 2008
- Previous message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm vlv.c, 1.16, 1.17
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/slapd filter.c, 1.11, 1.12 plugin_internal_op.c, 1.11, 1.12 slapi-private.h, 1.29, 1.30 str2filter.c, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7639/ldap/servers/slapd/back-ldbm
Modified Files:
ldbm_search.c
Log Message:
Resolves: 220532
Summary: Add access to RUV by users other than "cn=Directory Manager".
Index: ldbm_search.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_search.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- ldbm_search.c 8 Aug 2008 15:53:10 -0000 1.14
+++ ldbm_search.c 26 Nov 2008 22:42:12 -0000 1.15
@@ -1203,11 +1203,17 @@
if((slapi_entry_flag_is_set(e->ep_entry,SLAPI_ENTRY_LDAPSUBENTRY)
&& !filter_flag_is_set(filter,SLAPI_FILTER_LDAPSUBENTRY)) ||
(slapi_entry_flag_is_set(e->ep_entry,SLAPI_ENTRY_FLAG_TOMBSTONE)
- && (!isroot || !filter_flag_is_set(filter, SLAPI_FILTER_TOMBSTONE))))
+ && ((!isroot && !filter_flag_is_set(filter, SLAPI_FILTER_RUV)) ||
+ !filter_flag_is_set(filter, SLAPI_FILTER_TOMBSTONE))))
{
/* If the entry is an LDAP subentry and filter don't filter subentries OR
* the entry is a TombStone and filter don't filter Tombstone
- * don't return the entry
+ * don't return the entry. We make a special case to allow a non-root user
+ * to search for the RUV entry using a filter of:
+ *
+ * "(&(objectclass=nstombstone)(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff))"
+ *
+ * For this RUV case, we let the ACL check apply.
*/
/* ugaston - we don't want to mistake this filter failure with the one below due to ACL,
* because whereas the former should be read as 'no entry must be returned', the latter
- Previous message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm vlv.c, 1.16, 1.17
- Next message (by thread): [Fedora-directory-commits] ldapserver/ldap/servers/slapd filter.c, 1.11, 1.12 plugin_internal_op.c, 1.11, 1.12 slapi-private.h, 1.29, 1.30 str2filter.c, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-directory-commits
mailing list