#340 Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl

Created 5 years ago by nhosoi
Modified 8 months ago

plugin_acl.c

/ This function is now fully executed for internal and replicated ops. /
int
plugin_call_acl_mods_update ( Slapi_PBlock *pb, int optype )

case SLAPI_OPERATION_MODRDN:
/ newrdn: "change" is normalized but not case-ignored /
/ The acl plugin expects normalized newrdn, but no need to be case-
- ignored.
/
(void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change );
break;

Bug description:
The change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl.

There may be other places in the code where there is an implicit assumption that modrdn with new superior is not supported.

set default ticket origin to Community

Added initial screened field value.

Bug Description: When modrdn operation was executed, only newrdn
change was passed to the acl plugin. Also, the change was used
only for the acl search, but not for the acl target in the items
in the acl cache.

Fix Description: This patch also passes the newsuperior update
to the acl plugin. And the modrdn updates are applied to the
acl target in the acl cache.

looks good

just get rid of the dead code instead of the #ifdef 0

you can avoid having to calloc mychange by just declaring it on the stack:

void *mychange[2];

or something like that.

Thank you for your comments, Rich. I've updated the patch following your suggestions.

$ git merge trac340
Updating 940ac98..5beb93d
Fast-forward
ldap/servers/plugins/acl/acl.c | 77 ++++++++++++++++++++++------------
ldap/servers/plugins/acl/acl.h | 5 +-
ldap/servers/plugins/acl/aclgroup.c | 2 +-
ldap/servers/plugins/acl/acllist.c | 48 +++++++++++++---------
ldap/servers/slapd/dn.c | 2 +-
ldap/servers/slapd/plugin_acl.c | 30 ++++++++++----
6 files changed, 106 insertions(+), 58 deletions(-)

Pushed to master.

$ git push
Counting objects: 150, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (90/90), done.
Writing objects: 100% (90/90), 23.07 KiB, done.
Total 90 (delta 69), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
940ac98..5beb93d master -> master

8 months ago

Metadata Update from @rmeggins:
- Issue assigned to nhosoi
- Issue set to the milestone: 1.2.11.16

Login to comment on this ticket.

ack

Security - Access Control (ACL)

1.2.10

Community

defect

cancel