[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: dnattr in access clause doesn't work (ITS#2572)
The current code is actually correct. Your suggested patch
creates dependencies between independent conditions and hence
is rejected. Kurt
At 06:26 PM 6/5/2003, alexela_1999@sina.com wrote:
>I think I have mistake the place where the bug is. the right place is in
>acl_mask() function, in bracket "if ( b->a_dn_at != NULL ) { }" , where
>these directives
>"
> /* see if asker is listed in dnattr */
> for( at = attrs_find( e->e_attrs, b->a_dn_at );
> at != NULL;
> at = attrs_find( at->a_next, b->a_dn_at ) )
>"
>try to find e->e_attrs in b->a_dn_at. the "e" is the target(indicated by
>"access to") we wish to access. in fact , this should be the entry indicated
>by "b->a_dn_pat" ("by dn.base=" clause), if this entry contains an
>attribute b->a_dn_at, then check the list.
>
>and following directives should also be midified
>"
> /* AND <who> clauses */
> if ( b->a_dn_pat.bv_len != 0) {
>"
>to
>"
> /* AND <who> clauses */
> if ( b->a_dn_pat.bv_len != 0 && b->a_dn_at == NULL) {
>
>"
>because this bracket will compare "b->a_dn_pat" and "op->o_ndn"(the user's
>dn), in fact , this is not neccessary when a dnattr is given. if dnattr is
>presented, then "op->o_ndn" should be compared with the entry which
>b->a_dn_pat's attribute indicate. if do not modify here, then "b->a_dn_pat"
>will never match "op->o_ndn" in case of presenting dnattr.
>
>I've done a modification, then my example runs as well. I don't know if it's
>clear to describe the bug. if you still cann't not found the problem, then
>please don't pay attention to my message.
>
>thank you :)
>
>
>----- Original Message -----
>From: "Kurt Zeilenga" <openldap-its@OpenLDAP.org>
>To: <alexela_1999@sina.com>
>Sent: Friday, June 06, 2003 12:32 AM
>Subject: Re: dnattr in access clause doesn't work (ITS#2572)
>
>
>> Your report is not believed as indicative of a software bug and
>> hence the issue will be closed.
>>
>>