[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5548) syncprov evaluates ACL rules with wrong connection info



Full_Name: Rein Tollevik
Version: 2.4.10 (CVS head)
OS: linux, solaris
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (84.215.2.34)
Submitted by: rein


Access control rules that uses connection data are evaluated using the wrong
connection structure. The problem is in syncprov_matchop() where it around line
1233 assigns:

 op2.o_hdr = op->o_hdr;

This causes ACL rules to be tested against the connection that made the change,
not the syncrepl connection.  It should retain the value from ss->s_op.

Rein Tollevik
Basefarm AS