Ticket #340 (closed defect: fixed)

Opened 2 years ago

Last modified 19 months ago

Change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl

Reported by: nhosoi Owned by: nhosoi
Priority: major Milestone: 1.2.11.16
Component: Security - Access Control (ACL) Version: 1.2.10
Keywords: Cc: andrey.ivanov, andrey.ivanov@…, rmeggins
Blocked By: Blocking:
Review: ack Ticket origin: Community
Red Hat Bugzilla: 860772

Description

plugin_acl.c

/* This function is now fully executed for internal and replicated ops. */
int
plugin_call_acl_mods_update ( Slapi_PBlock *pb, int optype )

case SLAPI_OPERATION_MODRDN:

/* newrdn: "change" is normalized but not case-ignored */
/* The acl plugin expects normalized newrdn, but no need to be case-

  • ignored. */

(void)slapi_pblock_get( pb, SLAPI_MODRDN_NEWRDN, &change );
break;

Bug description:
The change on SLAPI_MODRDN_NEWSUPERIOR is not evaluated in acl.

There may be other places in the code where there is an implicit assumption that modrdn with new superior is not supported.

Attachments

0001-Trac-Ticket-340-Change-on-SLAPI_MODRDN_NEWSUPERIOR-i.patch (11.2 KB) - added by nhosoi 19 months ago.
git patch file (master)
0001-Trac-Ticket-340-Change-on-SLAPI_MODRDN_NEWSUPERIOR-i.2.patch (12.2 KB) - added by nhosoi 19 months ago.
revised git patch file (master)

Change History

comment:1 Changed 2 years ago by pj101

  • Cc andrey.ivanov@… added

comment:2 Changed 2 years ago by nhosoi

  • Status changed from new to assigned
  • Cc andrey.ivanov added; andrey.ivanov@… removed
  • Owner changed from nhosoi@… to nhosoi

comment:3 Changed 2 years ago by nhosoi

  • Version set to 1.2.10
  • Milestone changed from 0.0 NEEDS_TRIAGE to 1.3.0.rc1

comment:4 Changed 2 years ago by pj101

  • Cc andrey.ivanov@… added

comment:5 Changed 20 months ago by rmeggins

  • Ticket origin set to Community

set default ticket origin to Community

comment:6 Changed 20 months ago by nkinder

  • screened set to 1

Added initial screened field value.

Changed 19 months ago by nhosoi

git patch file (master)

comment:7 Changed 19 months ago by nhosoi

  • Review set to review?

Bug Description: When modrdn operation was executed, only newrdn
change was passed to the acl plugin. Also, the change was used
only for the acl search, but not for the acl target in the items
in the acl cache.

Fix Description: This patch also passes the newsuperior update
to the acl plugin. And the modrdn updates are applied to the
acl target in the acl cache.

comment:8 Changed 19 months ago by rmeggins

looks good

just get rid of the dead code instead of the #ifdef 0

you can avoid having to calloc mychange by just declaring it on the stack:

void *mychange[2];

or something like that.

comment:9 Changed 19 months ago by rmeggins

  • Cc rmeggins added
  • Review changed from review? to ack

Changed 19 months ago by nhosoi

revised git patch file (master)

comment:10 Changed 19 months ago by nhosoi

  • Status changed from assigned to closed
  • Resolution set to fixed

Thank you for your comments, Rich. I've updated the patch following your suggestions.

$ git merge trac340
Updating 940ac98..5beb93d
Fast-forward

ldap/servers/plugins/acl/acl.c | 77 ++++++++++++++++++++++------------
ldap/servers/plugins/acl/acl.h | 5 +-
ldap/servers/plugins/acl/aclgroup.c | 2 +-
ldap/servers/plugins/acl/acllist.c | 48 +++++++++++++---------
ldap/servers/slapd/dn.c | 2 +-
ldap/servers/slapd/plugin_acl.c | 30 ++++++++++----
6 files changed, 106 insertions(+), 58 deletions(-)

Pushed to master.

$ git push
Counting objects: 150, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (90/90), done.
Writing objects: 100% (90/90), 23.07 KiB, done.
Total 90 (delta 69), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git

940ac98..5beb93d master -> master

comment:11 Changed 19 months ago by nhosoi

  • Red Hat Bugzilla set to [https://bugzilla.redhat.com/show_bug.cgi?id=860772 860772]

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=860772

comment:12 Changed 19 months ago by nhosoi

  • Milestone changed from 1.3.0.rc1 to 1.2.11.15

comment:13 Changed 19 months ago by nhosoi

  • Milestone changed from 1.2.11.15 to 1.2.11.16
Note: See TracTickets for help on using tickets.