diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2010-03-20 21:03:59 -0500 |
|---|---|---|
| committer | Rich Megginson <rmeggins@redhat.com> | 2010-03-24 15:34:59 -0600 |
| commit | 742032c11f0dabbdc80ba204801c27c4cbe305a4 (patch) | |
| tree | 89ef38fe7dd470a7f66f37cb1d265120abfc7c0e | |
| parent | eac3f15f2209719e05640e1576b4273d03bef079 (diff) | |
| download | ds-742032c11f0dabbdc80ba204801c27c4cbe305a4.tar.gz ds-742032c11f0dabbdc80ba204801c27c4cbe305a4.tar.xz ds-742032c11f0dabbdc80ba204801c27c4cbe305a4.zip | |
Bug 520151 - Error when modifying userPassword with proxy user
https://bugzilla.redhat.com/show_bug.cgi?id=520151
Resolves: bug 520151
Bug description: Error when modifying userPassword with proxy user
Fix description: The acl_access_allowed() has been modified to
call aclplugin_preop_common() which will initialize the aclpb.
The aclplugin_preop_common() has been modified to check for the
ACLPB_INITIALIZED flag to avoid re-initializing aclpb.
Reviewed by: rmeggins (and pushed by)
| -rw-r--r-- | ldap/servers/plugins/acl/acl.c | 3 | ||||
| -rw-r--r-- | ldap/servers/plugins/acl/acl.h | 2 | ||||
| -rw-r--r-- | ldap/servers/plugins/acl/aclplugin.c | 8 |
3 files changed, 11 insertions, 2 deletions
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c index df2f4e42..aa22d566 100644 --- a/ldap/servers/plugins/acl/acl.c +++ b/ldap/servers/plugins/acl/acl.c @@ -323,6 +323,9 @@ acl_access_allowed( /* Get the bindDN */ slapi_pblock_get ( pb, SLAPI_REQUESTOR_DN, &clientDn ); + /* Initialize aclpb */ + aclplugin_preop_common( pb ); + /* get the right acl pblock to work with */ if ( access & SLAPI_ACL_PROXY ) aclpb = acl_get_aclpb ( pb, ACLPB_PROXYDN_PBLOCK ); diff --git a/ldap/servers/plugins/acl/acl.h b/ldap/servers/plugins/acl/acl.h index d8bc5070..36bdd43c 100644 --- a/ldap/servers/plugins/acl/acl.h +++ b/ldap/servers/plugins/acl/acl.h @@ -927,4 +927,6 @@ acl_get_effective_rights ( Slapi_PBlock *pb, Slapi_Entry *e, char* aclutil__access_str (int type , char str[]); +int aclplugin_preop_common( Slapi_PBlock *pb ); + #endif /* _ACL_H_ */ diff --git a/ldap/servers/plugins/acl/aclplugin.c b/ldap/servers/plugins/acl/aclplugin.c index 881d0f1f..12c435d8 100644 --- a/ldap/servers/plugins/acl/aclplugin.c +++ b/ldap/servers/plugins/acl/aclplugin.c @@ -54,7 +54,7 @@ char *plugin_name = ACL_PLUGIN_NAME; static int aclplugin_preop_search ( Slapi_PBlock *pb ); static int aclplugin_preop_modify ( Slapi_PBlock *pb ); -static int aclplugin_preop_common ( Slapi_PBlock *pb ); +int aclplugin_preop_common ( Slapi_PBlock *pb ); /******************************************************************************* * ACL PLUGIN Architecture @@ -192,7 +192,7 @@ aclplugin_preop_modify ( Slapi_PBlock *pb ) * 0 - all is well; proceed. * 1 - fatal error; result has been sent to client. */ -static int +int aclplugin_preop_common( Slapi_PBlock *pb ) { char *proxy_dn; /* id being assumed */ @@ -205,6 +205,9 @@ aclplugin_preop_common( Slapi_PBlock *pb ) aclpb = acl_get_aclpb ( pb, ACLPB_BINDDN_PBLOCK ); + /* See if we have initialized already */ + if ( aclpb->aclpb_state & ACLPB_INITIALIZED ) goto done; + /* * The following mallocs memory for proxy_dn, but not the dn. * The proxy_dn is the id being assumed, while dn @@ -248,6 +251,7 @@ aclplugin_preop_common( Slapi_PBlock *pb ) } +done: TNF_PROBE_0_DEBUG(aclplugin_preop_common_end ,"ACL",""); return 0; |