[389-devel] Please review: [Bug 244229] targetattr not verified against schema when setting an aci

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


https://bugzilla.redhat.com/show_bug.cgi?id=244229

https://bugzilla.redhat.com/attachment.cgi?id=453598&action=diff
https://bugzilla.redhat.com/attachment.cgi?id=453598&action=edi

Description:
1. When acl contains targetattr keyword:
    (targetattr [!]= "attribute_1 || attribute_2 ...|| attribute_n"),
    where attribute_n does not contain '*', the current ACL plugin
    accepts any attribute_n value even if it is not defined in the
    schema.  This patch rejects the aci if it contains attribute_n
    not defined in schema with this error message:
      NSACLPlugin - targetattr "attribute_n" does not exist in schema.
      Please add attributeTypes "attribute_n" to schema if necessary.
2. To implement 1, slapi APIs slapi_attr_syntax_exists and
    slapi_vattr_type_exists are added.
3. An attributeTypes "connection" is added to 01core389.ldif which
    is referred in an aci of cn=monitor.

Files:
  ldap/schema/01core389.ldif
  ldap/servers/plugins/acl/aclparse.c
  ldap/servers/slapd/attrsyntax.c
  ldap/servers/slapd/slapi-plugin.h
  ldap/servers/slapd/vattr.c

--
389-devel mailing list
389-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-devel
[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux