mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-02-23 14:09:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

disallow selfwriters from deleting all values with replace

Browse Source
This commit is contained in:
Kurt Zeilenga 2002-01-15 16:28:13 +00:00
parent 04da7a8967
commit 59ef329ca1
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
servers/slapd/acl.c
View File

@ -899,16 +899,20 @@ acl_check_modlist(
switch ( mlist->sml_op ) {
case LDAP_MOD_REPLACE:
if ( mlist->sml_bvalues == NULL ) {
if ( ! access_allowed( be, conn, op, e,
mlist->sml_desc, NULL, ACL_WRITE ) )
{
return( 0 );
}
break;
/*
* We must check both permission to delete the whole
* attribute and permission to add the specific attributes.
* This prevents abuse from selfwriters.
*/
if ( ! access_allowed( be, conn, op, e,
mlist->sml_desc, NULL, ACL_WRITE ) )
{
return( 0 );
}
/* fall thru */
if ( mlist->sml_bvalues == NULL ) break;
/* fall thru to check value to add */
case LDAP_MOD_ADD:
assert( mlist->sml_bvalues != NULL );