From 7aae58fd2d31e468a7fafd79d0bfb02595c66841 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 10 Nov 2010 13:34:16 -0500 Subject: uuid-plugin: Fix control access bug on replication Fixes: https://fedorahosted.org/freeipa/ticket/468 --- daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'daemons') diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c index e47151aea..8455eed37 100644 --- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c +++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c @@ -785,6 +785,8 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) int ret = LDAP_SUCCESS; bool locked = false; bool set_attr; + int is_repl_op; + int is_config_dn; LOG_TRACE("--in-->\n"); @@ -798,6 +800,20 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) goto done; } + is_config_dn = ipauuid_dn_is_config(dn); + + ret = slapi_pblock_get(pb, SLAPI_IS_REPLICATED_OPERATION, &is_repl_op); + if (ret != 0) { + LOG_FATAL("slapi_pblock_get failed!?\n"); + ret = LDAP_OPERATIONS_ERROR; + goto done; + } + + /* pass through if this is a replicated operation */ + if (is_repl_op && !is_config_dn) { + return 0; + } + if (modtype != LDAP_CHANGETYPE_ADD && modtype != LDAP_CHANGETYPE_MODIFY) { goto done; @@ -847,7 +863,7 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) goto done; } - if (ipauuid_dn_is_config(dn)) { + if (is_config_dn) { /* Validate config changes, but don't apply them. * This allows us to reject invalid config changes * here at the pre-op stage. Applying the config -- cgit