summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Hedenfal <martinh@cvs.openbsd.org>2010-07-02 02:42:03 +0000
committerMartin Hedenfal <martinh@cvs.openbsd.org>2010-07-02 02:42:03 +0000
commitf4efd912916b9dc7917f2411d510831c0330e035 (patch)
tree0489d2f94826d8c2c1785f079e3a9d2d83af4d66
parentbfc9493d9280a5a8ab43b8df30cd772c910140ba (diff)
Don't validate modification of immutable attributes if the namespace is
configured with relaxed schema checking.
-rw-r--r--usr.sbin/ldapd/modify.c47
1 files changed, 27 insertions, 20 deletions
diff --git a/usr.sbin/ldapd/modify.c b/usr.sbin/ldapd/modify.c
index 05151342843..699279c30c4 100644
--- a/usr.sbin/ldapd/modify.c
+++ b/usr.sbin/ldapd/modify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: modify.c,v 1.8 2010/07/02 01:44:45 martinh Exp $ */
+/* $OpenBSD: modify.c,v 1.9 2010/07/02 02:42:02 martinh Exp $ */
/*
* Copyright (c) 2009, 2010 Martin Hedenfalk <martin@bzero.se>
@@ -136,14 +136,19 @@ ldap_add(struct request *req)
attr = elm->be_sub;
if (attr == NULL || ber_get_string(attr, &s) != 0)
return ldap_respond(req, LDAP_PROTOCOL_ERROR);
- at = lookup_attribute(conf->schema, s);
- if (at == NULL) {
- log_debug("unknown attribute type %s", s);
- return ldap_respond(req, LDAP_NO_SUCH_ATTRIBUTE);
- }
- if (at->immutable) {
- log_debug("attempt to add immutable attribute %s", s);
- return ldap_respond(req, LDAP_CONSTRAINT_VIOLATION);
+ if (!ns->relax) {
+ at = lookup_attribute(conf->schema, s);
+ if (at == NULL) {
+ log_debug("unknown attribute type %s", s);
+ return ldap_respond(req,
+ LDAP_NO_SUCH_ATTRIBUTE);
+ }
+ if (at->immutable) {
+ log_debug("attempt to add immutable"
+ " attribute %s", s);
+ return ldap_respond(req,
+ LDAP_CONSTRAINT_VIOLATION);
+ }
}
}
@@ -254,17 +259,19 @@ ldap_modify(struct request *req)
goto done;
}
- if ((at = lookup_attribute(conf->schema, attr)) == NULL &&
- !ns->relax) {
- log_debug("unknown attribute type %s", attr);
- rc = LDAP_NO_SUCH_ATTRIBUTE;
- goto done;
- }
- if (at != NULL && at->immutable) {
- log_debug("attempt to modify immutable attribute %s",
- attr);
- rc = LDAP_CONSTRAINT_VIOLATION;
- goto done;
+ if (!ns->relax) {
+ at = lookup_attribute(conf->schema, attr);
+ if (at == NULL) {
+ log_debug("unknown attribute type %s", attr);
+ rc = LDAP_NO_SUCH_ATTRIBUTE;
+ goto done;
+ }
+ if (at->immutable) {
+ log_debug("attempt to modify immutable"
+ " attribute %s", attr);
+ rc = LDAP_CONSTRAINT_VIOLATION;
+ goto done;
+ }
}
a = ldap_get_attribute(entry, attr);