[Fedora-directory-commits] ldapserver/ldap/servers/slapd/back-ldbm ldbm_search.c, 1.14, 1.15

Author: nkinder Update of /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7639/ldap/servers/slapd/back-ldbm Modified Files: ldbm_search.c Log Message: Resolves: 220532 Summary: Add access to RUV by users other than "cn=Directory Manager". Index: ldbm_search.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/slapd/back-ldbm/ldbm_search.c,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- ldbm_search.c 8 Aug 2008 15:53:10 -0000 1.14 +++ ldbm_search.c 26 Nov 2008 22:42:12 -0000 1.15 @@ -1203,11 +1203,17 @@ if((slapi_entry_flag_is_set(e->ep_entry,SLAPI_ENTRY_LDAPSUBENTRY) && !filter_flag_is_set(filter,SLAPI_FILTER_LDAPSUBENTRY)) || (slapi_entry_flag_is_set(e->ep_entry,SLAPI_ENTRY_FLAG_TOMBSTONE) - && (!isroot || !filter_flag_is_set(filter, SLAPI_FILTER_TOMBSTONE)))) + && ((!isroot && !filter_flag_is_set(filter, SLAPI_FILTER_RUV)) || + !filter_flag_is_set(filter, SLAPI_FILTER_TOMBSTONE)))) { /* If the entry is an LDAP subentry and filter don't filter subentries OR * the entry is a TombStone and filter don't filter Tombstone - * don't return the entry + * don't return the entry. We make a special case to allow a non-root user + * to search for the RUV entry using a filter of: + * + * "(&(objectclass=nstombstone)(nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff))" + * + * For this RUV case, we let the ACL check apply. */ /* ugaston - we don't want to mistake this filter failure with the one below due to ACL, * because whereas the former should be read as 'no entry must be returned', the latter