Author: nkinder
Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7639/ldap/servers/slapd/back-ldbm
Modified Files:
ldbm_search.c
Log Message:
Resolves: 220532
Summary: Add access to RUV by users other than "cn=Directory Manager".
Index: ldbm_search.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_search.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- ldbm_search.c 8 Aug 2008 15:53:10 -0000 1.14
+++ ldbm_search.c 26 Nov 2008 22:42:12 -0000 1.15
@@ -1203,11 +1203,17 @@
if((slapi_entry_flag_is_set(e->ep_entry,SLAPI_ENTRY_LDAPSUBENTRY)
&& !filter_flag_is_set(filter,SLAPI_FILTER_LDAPSUBENTRY)) ||
(slapi_entry_flag_is_set(e->ep_entry,SLAPI_ENTRY_FLAG_TOMBSTONE)
- && (!isroot || !filter_flag_is_set(filter,
SLAPI_FILTER_TOMBSTONE))))
+ && ((!isroot && !filter_flag_is_set(filter,
SLAPI_FILTER_RUV)) ||
+ !filter_flag_is_set(filter, SLAPI_FILTER_TOMBSTONE))))
{
/* If the entry is an LDAP subentry and filter don't filter subentries OR
* the entry is a TombStone and filter don't filter Tombstone
- * don't return the entry
+ * don't return the entry. We make a special case to allow a non-root
user
+ * to search for the RUV entry using a filter of:
+ *
+ *
"(&(objectclass=nstombstone)(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff))"
+ *
+ * For this RUV case, we let the ACL check apply.
*/
/* ugaston - we don't want to mistake this filter failure with the one
below due to ACL,
* because whereas the former should be read as 'no entry must be
returned', the latter