summaryrefslogtreecommitdiffstats
path: root/daemons/ipa-slapi-plugins/ipa-uuid
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2010-11-10 13:34:16 -0500
committerRob Crittenden <rcritten@redhat.com>2010-11-10 15:34:58 -0500
commit7aae58fd2d31e468a7fafd79d0bfb02595c66841 (patch)
tree3a86f33c98367b5a897be952f6c919b6ba9caf92 /daemons/ipa-slapi-plugins/ipa-uuid
parenta8637bdaa07f1608ce3bc0c866a9641d41ff03e9 (diff)
downloadfreeipa-7aae58fd2d31e468a7fafd79d0bfb02595c66841.tar.gz
freeipa-7aae58fd2d31e468a7fafd79d0bfb02595c66841.tar.xz
freeipa-7aae58fd2d31e468a7fafd79d0bfb02595c66841.zip
uuid-plugin: Fix control access bug on replicationalpha_5-1-9-0-1
Fixes: https://fedorahosted.org/freeipa/ticket/468
Diffstat (limited to 'daemons/ipa-slapi-plugins/ipa-uuid')
-rw-r--r--daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
index e47151aea..8455eed37 100644
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@@ -785,6 +785,8 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
int ret = LDAP_SUCCESS;
bool locked = false;
bool set_attr;
+ int is_repl_op;
+ int is_config_dn;
LOG_TRACE("--in-->\n");
@@ -798,6 +800,20 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
goto done;
}
+ is_config_dn = ipauuid_dn_is_config(dn);
+
+ ret = slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_repl_op);
+ if (ret != 0) {
+ LOG_FATAL("slapi_pblock_get failed!?\n");
+ ret = LDAP_OPERATIONS_ERROR;
+ goto done;
+ }
+
+ /* pass through if this is a replicated operation */
+ if (is_repl_op && !is_config_dn) {
+ return 0;
+ }
+
if (modtype != LDAP_CHANGETYPE_ADD &&
modtype != LDAP_CHANGETYPE_MODIFY) {
goto done;
@@ -847,7 +863,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
goto done;
}
- if (ipauuid_dn_is_config(dn)) {
+ if (is_config_dn) {
/* Validate config changes, but don't apply them.
* This allows us to reject invalid config changes
* here at the pre-op stage. Applying the config