Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Bug 520151 - Error when modifying userPassword with proxy user

https://bugzilla.redhat.com/show_bug.cgi?id=520151
Resolves: bug 520151
Bug description: Error when modifying userPassword with proxy user
Fix description: The acl_access_allowed() has been modified to
call aclplugin_preop_common() which will initialize the aclpb.
The aclplugin_preop_common() has been modified to check for the
ACLPB_INITIALIZED flag to avoid re-initializing aclpb.
Reviewed by: rmeggins (and pushed by)
Endi S. Dewata 15 years ago
parent
eac3f15f22
commit
742032c11f
3 changed files with 11 additions and 2 deletions
Unified View Show Diff Stats
  1. 3 0
      ldap/servers/plugins/acl/acl.c
  2. 2 0
      ldap/servers/plugins/acl/acl.h
  3. 6 2
      ldap/servers/plugins/acl/aclplugin.c

+ 3 - 0
ldap/servers/plugins/acl/acl.c
View File 

@@ -323,6 +323,9 @@ acl_access_allowed(
 
 	/* Get the bindDN */
 
 	/* Get the bindDN */
 
 	slapi_pblock_get ( pb, SLAPI_REQUESTOR_DN, &clientDn );
 
 	slapi_pblock_get ( pb, SLAPI_REQUESTOR_DN, &clientDn );
 
 
 
+	/* Initialize aclpb */
 
+	aclplugin_preop_common( pb );
 
+
 
 	/* get the right acl pblock  to	work with */
 
 	/* get the right acl pblock  to	work with */
 
 	if ( access & SLAPI_ACL_PROXY )
 
 	if ( access & SLAPI_ACL_PROXY )
 
 		aclpb =	acl_get_aclpb (	pb, ACLPB_PROXYDN_PBLOCK );
 
 		aclpb =	acl_get_aclpb (	pb, ACLPB_PROXYDN_PBLOCK );

+ 2 - 0
ldap/servers/plugins/acl/acl.h
View File 

@@ -927,4 +927,6 @@ acl_get_effective_rights ( Slapi_PBlock *pb, Slapi_Entry *e,
 
 
 
 char* aclutil__access_str (int type , char str[]);
 
 char* aclutil__access_str (int type , char str[]);
 
 
 
+int aclplugin_preop_common( Slapi_PBlock *pb );
 
+
 
 #endif /* _ACL_H_ */
 
 #endif /* _ACL_H_ */

+ 6 - 2
ldap/servers/plugins/acl/aclplugin.c
View File 

@@ -54,7 +54,7 @@ char *plugin_name = ACL_PLUGIN_NAME;
 
 
 
 static int aclplugin_preop_search ( Slapi_PBlock *pb );
 
 static int aclplugin_preop_search ( Slapi_PBlock *pb );
 
 static int aclplugin_preop_modify ( Slapi_PBlock *pb );
 
 static int aclplugin_preop_modify ( Slapi_PBlock *pb );
 
-static int aclplugin_preop_common ( Slapi_PBlock *pb );
 
+int aclplugin_preop_common ( Slapi_PBlock *pb );
 
 
 
 /*******************************************************************************
 
 /*******************************************************************************
 
  *  ACL PLUGIN Architecture
 
  *  ACL PLUGIN Architecture
 
@@ -192,7 +192,7 @@ aclplugin_preop_modify ( Slapi_PBlock *pb )
 
  *	0 - all is well; proceed.
 
  *	0 - all is well; proceed.
 
  *  1 - fatal error; result has been sent to client.
 
  *  1 - fatal error; result has been sent to client.
 
  */ 
  */ 
-static int
 
+int
 
 aclplugin_preop_common( Slapi_PBlock *pb )
 
 aclplugin_preop_common( Slapi_PBlock *pb )
 
 {
 
 {
 
 	char		*proxy_dn;	/* id being assumed */
 
 	char		*proxy_dn;	/* id being assumed */
 
@@ -205,6 +205,9 @@ aclplugin_preop_common( Slapi_PBlock *pb )
 
 
 
 	aclpb = acl_get_aclpb ( pb, ACLPB_BINDDN_PBLOCK );
 
 	aclpb = acl_get_aclpb ( pb, ACLPB_BINDDN_PBLOCK );
 
 
 
+        /* See if we have initialized already */
 
+        if ( aclpb->aclpb_state & ACLPB_INITIALIZED ) goto done;
 
+
 
 	/*
 
 	/*
 
 	 * The following mallocs memory for proxy_dn, but not the dn.
 
 	 * The following mallocs memory for proxy_dn, but not the dn.
 
 	 * The proxy_dn is the id being assumed, while dn
 
 	 * The proxy_dn is the id being assumed, while dn
 
@@ -248,6 +251,7 @@ aclplugin_preop_common( Slapi_PBlock *pb )
 
 
 
 	}
 
 	}
 
 
 
+done:
 
 	TNF_PROBE_0_DEBUG(aclplugin_preop_common_end ,"ACL","");
 
 	TNF_PROBE_0_DEBUG(aclplugin_preop_common_end ,"ACL","");
 
 
 
 	return 0;
 
 	return 0;