[389-commits] ldap/servers

Richard Allen Megginson rmeggins at fedoraproject.org
Wed Mar 24 21:35:02 UTC 2010 

 ldap/servers/plugins/acl/acl.c       |    3 +++
 ldap/servers/plugins/acl/acl.h       |    2 ++
 ldap/servers/plugins/acl/aclplugin.c |    8 ++++++--
 3 files changed, 11 insertions(+), 2 deletions(-)

New commits:
commit 742032c11f0dabbdc80ba204801c27c4cbe305a4
Author: Endi S. Dewata <edewata at redhat.com>
Date:   Sat Mar 20 21:03:59 2010 -0500

    Bug 520151 - Error when modifying userPassword with proxy user
    
    https://bugzilla.redhat.com/show_bug.cgi?id=520151
    Resolves: bug 520151
    Bug description: Error when modifying userPassword with proxy user
    Fix description: The acl_access_allowed() has been modified to
    call aclplugin_preop_common() which will initialize the aclpb.
    The aclplugin_preop_common() has been modified to check for the
    ACLPB_INITIALIZED flag to avoid re-initializing aclpb.
    Reviewed by: rmeggins (and pushed by)

diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c
index df2f4e4..aa22d56 100644
--- a/ldap/servers/plugins/acl/acl.c
+++ b/ldap/servers/plugins/acl/acl.c
@@ -323,6 +323,9 @@ acl_access_allowed(
 	/* Get the bindDN */
 	slapi_pblock_get ( pb, SLAPI_REQUESTOR_DN, &clientDn );
 
+	/* Initialize aclpb */
+	aclplugin_preop_common( pb );
+
 	/* get the right acl pblock  to	work with */
 	if ( access & SLAPI_ACL_PROXY )
 		aclpb =	acl_get_aclpb (	pb, ACLPB_PROXYDN_PBLOCK );
diff --git a/ldap/servers/plugins/acl/acl.h b/ldap/servers/plugins/acl/acl.h
index d8bc507..36bdd43 100644
--- a/ldap/servers/plugins/acl/acl.h
+++ b/ldap/servers/plugins/acl/acl.h
@@ -927,4 +927,6 @@ acl_get_effective_rights ( Slapi_PBlock *pb, Slapi_Entry *e,
 
 char* aclutil__access_str (int type , char str[]);
 
+int aclplugin_preop_common( Slapi_PBlock *pb );
+
 #endif /* _ACL_H_ */
diff --git a/ldap/servers/plugins/acl/aclplugin.c b/ldap/servers/plugins/acl/aclplugin.c
index 881d0f1..12c435d 100644
--- a/ldap/servers/plugins/acl/aclplugin.c
+++ b/ldap/servers/plugins/acl/aclplugin.c
@@ -54,7 +54,7 @@ char *plugin_name = ACL_PLUGIN_NAME;
 
 static int aclplugin_preop_search ( Slapi_PBlock *pb );
 static int aclplugin_preop_modify ( Slapi_PBlock *pb );
-static int aclplugin_preop_common ( Slapi_PBlock *pb );
+int aclplugin_preop_common ( Slapi_PBlock *pb );
 
 /*******************************************************************************
  *  ACL PLUGIN Architecture
@@ -192,7 +192,7 @@ aclplugin_preop_modify ( Slapi_PBlock *pb )
  *	0 - all is well; proceed.
  *  1 - fatal error; result has been sent to client.
  */ 
-static int
+int
 aclplugin_preop_common( Slapi_PBlock *pb )
 {
 	char		*proxy_dn;	/* id being assumed */
@@ -205,6 +205,9 @@ aclplugin_preop_common( Slapi_PBlock *pb )
 
 	aclpb = acl_get_aclpb ( pb, ACLPB_BINDDN_PBLOCK );
 
+        /* See if we have initialized already */
+        if ( aclpb->aclpb_state & ACLPB_INITIALIZED ) goto done;
+
 	/*
 	 * The following mallocs memory for proxy_dn, but not the dn.
 	 * The proxy_dn is the id being assumed, while dn
@@ -248,6 +251,7 @@ aclplugin_preop_common( Slapi_PBlock *pb )
 
 	}
 
+done:
 	TNF_PROBE_0_DEBUG(aclplugin_preop_common_end ,"ACL","");
 
 	return 0;

More information about the 389-commits mailing list