ldap/servers/plugins/acl/acl.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
New commits:
commit d6d9d07bdc383b746ab4e084f4ad04aa20afbc13
Author: Noriko Hosoi <nhosoi(a)totoro.usersys.redhat.com>
Date: Mon Oct 8 15:35:58 2012 -0700
Trac Ticket #455 - Insufficient rights to unhashed#user#password
when user deletes his password
https://fedorahosted.org/389/ticket/455
Bug Description: Setting CLEAR to the passwordStrageScheme, then
deleting a userpassword with the value fails due to the lack of
right to delete the corresponding pseudo attribute.
Fix Description: Skip evaluating the aci of the pseudo attribute
in the deletion as being done in the replacement.
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index 3389404..a5884fb 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -1361,6 +1361,10 @@ acl_check_mods(
switch (mod->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_DELETE:
+ if (strcmp (mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD) == 0) {
+ /* skip pseudo attr(s) */
+ continue;
+ }
if (mod->mod_bvalues != NULL ) {
break;
}
@@ -1368,7 +1372,7 @@ acl_check_mods(
/*
* Here, check that we have the right to delete all
* the values of the attribute in the entry.
- */
+ */
case LDAP_MOD_REPLACE:
if ( !lastmod ) {
@@ -1385,6 +1389,7 @@ acl_check_mods(
strcmp (mod->mod_type, "modifytimestamp")== 0 ||
strcmp (mod->mod_type, PSEUDO_ATTR_UNHASHEDUSERPASSWORD)== 0)
) {
+ /* skip pseudo attr(s) */
continue;
}