mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-27 03:20:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#8775 for passwordMod, pass real DN thru

Browse Source 
Since conn->c_dn is the real DN, need to see real DN for <self>
ACLs to work.
This commit is contained in:
Howard Chu 2021-07-20 19:27:45 +01:00
parent 4bd6a6d49d
commit 81076a7f7c
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
servers/slapd/overlays/rwm.c
View File

@ -867,6 +867,8 @@ rwm_entry_release_rw( Operation *op, Entry *e, int rw )
return SLAP_CB_CONTINUE;
}
static struct berval *passwd_oid;
static int
rwm_entry_get_rw( Operation *op, struct berval *ndn,
ObjectClass *oc, AttributeDescription *at, int rw, Entry **ep )
@ -884,6 +886,11 @@ rwm_entry_get_rw( Operation *op, struct berval *ndn,
return SLAP_CB_CONTINUE;
}
/* If we're fetching the target of a password mod, must let real DNs thru */
if ( op->o_tag == LDAP_REQ_EXTENDED && bvmatch( passwd_oid, &op->oq_extended.rs_reqoid ) ) {
return SLAP_CB_CONTINUE;
}
/* massage DN */
op2.o_tag = LDAP_REQ_SEARCH;
op2 = *op;
@ -1116,6 +1123,8 @@ static struct exop {
{ BER_BVNULL, NULL }
};
static struct berval *passwd_oid = &exop_table[0].oid;
static int
rwm_extended( Operation *op, SlapReply *rs )
{