diff options
| author | Noriko Hosoi <nhosoi@redhat.com> | 2010-10-15 10:56:45 -0700 |
|---|---|---|
| committer | Noriko Hosoi <nhosoi@redhat.com> | 2010-10-15 10:56:45 -0700 |
| commit | 0b7a84653e5819f52fc22f3783d9c2a1dc84e941 (patch) | |
| tree | 3648c63b797a6aa302dc316d7a39f5db6df8f730 /ldap/servers/slapd | |
| parent | 032790e3bea8b4b61372a5b84926c83da2e03eef (diff) | |
| download | ds-0b7a84653e5819f52fc22f3783d9c2a1dc84e941.tar.gz ds-0b7a84653e5819f52fc22f3783d9c2a1dc84e941.tar.xz ds-0b7a84653e5819f52fc22f3783d9c2a1dc84e941.zip | |
Bug 244229 - targetattr not verified against schema when setting an aci
https://bugzilla.redhat.com/show_bug.cgi?id=244229
Description:
1. When acl contains targetattr keyword:
(targetattr [!]= "attribute_1 || attribute_2 ...|| attribute_n"),
where attribute_n does not contain '*', the current ACL plugin
accepts any attribute_n value even if it is not defined in the
schema. This patch rejects the aci if it contains attribute_n
not defined in schema with this error message:
NSACLPlugin - targetattr "attribute_n" does not exist in schema.
Please add attributeTypes "attribute_n" to schema if necessary.
The message is logged in the error log as well as returned to
the client.
2. To implement 1, slapi APIs slapi_attr_syntax_exists is added.
3. An attributeTypes "connection" is added to 01core389.ldif which
is referred in an aci of cn=monitor.
Diffstat (limited to 'ldap/servers/slapd')
| -rw-r--r-- | ldap/servers/slapd/attrsyntax.c | 6 | ||||
| -rw-r--r-- | ldap/servers/slapd/slapi-plugin.h | 8 |
2 files changed, 14 insertions, 0 deletions
diff --git a/ldap/servers/slapd/attrsyntax.c b/ldap/servers/slapd/attrsyntax.c index 65f3bb02..1940b8dd 100644 --- a/ldap/servers/slapd/attrsyntax.c +++ b/ldap/servers/slapd/attrsyntax.c @@ -1072,3 +1072,9 @@ attr_syntax_init(void) } return 0; } + +int +slapi_attr_syntax_exists(const char *attr_name) +{ + return attr_syntax_exists(attr_name); +} diff --git a/ldap/servers/slapd/slapi-plugin.h b/ldap/servers/slapd/slapi-plugin.h index 4c5bedc5..8df6ec06 100644 --- a/ldap/servers/slapd/slapi-plugin.h +++ b/ldap/servers/slapd/slapi-plugin.h @@ -4480,6 +4480,14 @@ int slapi_filter_compare(struct slapi_filter *f1, struct slapi_filter *f2); Slapi_Filter *slapi_filter_dup(Slapi_Filter *f); int slapi_filter_changetype(Slapi_Filter *f, const char *newtype); +/** + * Check whether a given attribute type is defined in schema or not + * + * \param attribute type name to be checked + * \return \c 0 if the attribute type is not defined in schema + * \return non-0 if the attribute type is defined in schema + */ +int slapi_attr_syntax_exists(const char *type); /* * slapi_filter_apply() is used to apply a function to each simple filter |