diff options
author | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-07-02 02:42:03 +0000 |
---|---|---|
committer | Martin Hedenfal <martinh@cvs.openbsd.org> | 2010-07-02 02:42:03 +0000 |
commit | f4efd912916b9dc7917f2411d510831c0330e035 (patch) | |
tree | 0489d2f94826d8c2c1785f079e3a9d2d83af4d66 | |
parent | bfc9493d9280a5a8ab43b8df30cd772c910140ba (diff) |
Don't validate modification of immutable attributes if the namespace is
configured with relaxed schema checking.
-rw-r--r-- | usr.sbin/ldapd/modify.c | 47 |
1 files changed, 27 insertions, 20 deletions
diff --git a/usr.sbin/ldapd/modify.c b/usr.sbin/ldapd/modify.c index 05151342843..699279c30c4 100644 --- a/usr.sbin/ldapd/modify.c +++ b/usr.sbin/ldapd/modify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: modify.c,v 1.8 2010/07/02 01:44:45 martinh Exp $ */ +/* $OpenBSD: modify.c,v 1.9 2010/07/02 02:42:02 martinh Exp $ */ /* * Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se> @@ -136,14 +136,19 @@ ldap_add(struct request *req) attr = elm->be_sub; if (attr == NULL || ber_get_string(attr, &s) != 0) return ldap_respond(req, LDAP_PROTOCOL_ERROR); - at = lookup_attribute(conf->schema, s); - if (at == NULL) { - log_debug("unknown attribute type %s", s); - return ldap_respond(req, LDAP_NO_SUCH_ATTRIBUTE); - } - if (at->immutable) { - log_debug("attempt to add immutable attribute %s", s); - return ldap_respond(req, LDAP_CONSTRAINT_VIOLATION); + if (!ns->relax) { + at = lookup_attribute(conf->schema, s); + if (at == NULL) { + log_debug("unknown attribute type %s", s); + return ldap_respond(req, + LDAP_NO_SUCH_ATTRIBUTE); + } + if (at->immutable) { + log_debug("attempt to add immutable" + " attribute %s", s); + return ldap_respond(req, + LDAP_CONSTRAINT_VIOLATION); + } } } @@ -254,17 +259,19 @@ ldap_modify(struct request *req) goto done; } - if ((at = lookup_attribute(conf->schema, attr)) == NULL && - !ns->relax) { - log_debug("unknown attribute type %s", attr); - rc = LDAP_NO_SUCH_ATTRIBUTE; - goto done; - } - if (at != NULL && at->immutable) { - log_debug("attempt to modify immutable attribute %s", - attr); - rc = LDAP_CONSTRAINT_VIOLATION; - goto done; + if (!ns->relax) { + at = lookup_attribute(conf->schema, attr); + if (at == NULL) { + log_debug("unknown attribute type %s", attr); + rc = LDAP_NO_SUCH_ATTRIBUTE; + goto done; + } + if (at->immutable) { + log_debug("attempt to modify immutable" + " attribute %s", attr); + rc = LDAP_CONSTRAINT_VIOLATION; + goto done; + } } a = ldap_get_attribute(entry, attr); |