mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-30 13:30:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

test for ITS#4587; another bit of fix for that

Browse Source
This commit is contained in:
Pierangelo Masarati 2006-06-13 08:53:34 +00:00
parent adba963c32
commit f6e4f20254
4 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
servers/slapd/acl.c
View File

@ -700,6 +700,11 @@ acl_mask_dn(
/* check if the target is an attribute. */
if ( val == NULL ) return 1;
/* a DN must be present */
if ( BER_BVISEMPTY( opndn ) ) {
return 1;
}
/* target is attribute, check if the attribute value
* is the op dn.
*/

1
tests/data/acl.out.master
View File

@ -68,7 +68,6 @@ member: cn=Jane Doe,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=John Doe,ou=Information Technology Division,ou=People,dc=example,dc
=com
member: cn=Mark Elliot,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com
member: cn=James A Jones 2,ou=Information Technology Division,ou=People,dc=exa
mple,dc=com
member: cn=Jennifer Smith,ou=Alumni Association,ou=People,dc=example,dc=com

1
tests/data/slapd-acl.conf
View File

@ -110,6 +110,7 @@ access to dn.children="ou=Alumni Association,ou=People,dc=example,dc=com"
#access to attrs=member,uniquemember dn.subtree="dc=example,dc=com"
access to attrs=member,uniquemember
by dn.exact="cn=James A Jones 1,ou=Alumni Association,ou=People,dc=example,dc=com" selfwrite
by dnattr=member selfwrite
by dnattr=uniquemember selfwrite
by * read

41
tests/scripts/test006-acls
View File

@ -103,6 +103,47 @@ $LDAPSEARCH -h $LOCALHOST -p $PORT1 \
-D "$BJORNSDN" -w bjorn \
-b "$BABSDN" -s base "(objectclass=*)" cn >> $SEARCHOUT 2>&1
# check selfwrite access (ITS#4587). Two attempts are made:
# 1) delete someone else (should fail)
# 2) delete self (should succeed)
#
$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
$TESTOUT 2>&1 << EOMODS
dn: cn=All Staff,ou=Groups,dc=example,dc=com
changetype: modify
delete: member
member: $BABSDN
EOMODS
RC=$?
case $RC in
50)
;;
0)
echo "ldapmodify should have failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit -1
;;
*)
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
;;
esac
$LDAPMODIFY -D "$JAJDN" -h $LOCALHOST -p $PORT1 -w jaj >> \
$TESTOUT 2>&1 << EOMODS
dn: cn=All Staff,ou=Groups,dc=example,dc=com
changetype: modify
delete: member
member: $JAJDN
EOMODS
RC=$?
if test $RC != 0 ; then
echo "ldapmodify failed ($RC)!"
test $KILLSERVERS != no && kill -HUP $KILLPIDS
exit $RC
fi
#
# Check group access. Try to modify Babs' entry. Two attempts:
# 1) bound as "James A Jones 1" - should fail