[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: dnattr in access clause doesn't work (ITS#2572)

I think I have mistake the place where the bug is. the right place is in
acl_mask() function, in bracket "if ( b->a_dn_at != NULL ) {   }" , where
these directives
   /* see if asker is listed in dnattr */
   for( at = attrs_find( e->e_attrs, b->a_dn_at );
    at != NULL;
    at = attrs_find( at->a_next, b->a_dn_at ) )
try to find e->e_attrs in b->a_dn_at. the "e" is the target(indicated by
"access to") we wish to access. in fact , this should be the entry indicated
by "b->a_dn_pat" ("by dn.base=" clause),  if this entry contains an
attribute b->a_dn_at, then check the list.

and following directives should also be midified
  /* AND <who> clauses */
  if ( b->a_dn_pat.bv_len != 0) {
  /* AND <who> clauses */
  if ( b->a_dn_pat.bv_len != 0 && b->a_dn_at == NULL) {

because this bracket will compare "b->a_dn_pat" and "op->o_ndn"(the user's
dn), in fact , this is not neccessary when a dnattr is given. if dnattr is
presented, then "op->o_ndn" should be compared with the entry which
b->a_dn_pat's attribute indicate. if do not modify here, then "b->a_dn_pat"
will never match "op->o_ndn" in case of  presenting dnattr.

I've done a modification, then my example runs as well. I don't know if it's
clear to describe the bug. if you still cann't not found the problem, then
please don't pay attention to my message.

thank you :)

----- Original Message -----
From: "Kurt Zeilenga" <openldap-its@OpenLDAP.org>
To: <alexela_1999@sina.com>
Sent: Friday, June 06, 2003 12:32 AM
Subject: Re: dnattr in access clause doesn't work (ITS#2572)

> Your report is not believed as indicative of a software bug and
> hence the issue will be closed.