mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-04-12 15:10:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#10256 cn=config: reject modify requests on cn=schema,cn=config

Browse Source 
Add requests already handled it specially; corresponding treatment
for modify requests was missing. The docs have always stated that
cn=schema,cn=config is only for slapd's hardcoded schema so this
only affects users who don't read docs.
This commit is contained in:
Howard Chu 2024-09-10 17:41:39 +01:00 committed by Quanah Gibson-Mount
parent 3c3309265e
commit bec0946cca
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
servers/slapd/bconfig.c
View File

@ -6302,6 +6302,12 @@ config_back_modify( Operation *op, SlapReply *rs )
goto out;
}
/* global schema rejects all writes */
if ( ce->ce_type == Cft_Schema && ce->ce_parent->ce_type == Cft_Global ) {
rs->sr_err = LDAP_UNWILLING_TO_PERFORM;
goto out;
}
if ( !acl_check_modlist( op, ce->ce_entry, op->orm_modlist )) {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
goto out;