[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSF not propagated to syncrepl operation (ITS#3131)
Regarding your patch, I noticed you are apply the SASL SSF to the
o_ssf instead of o_sasl_ssf and then raising o_ssf if o_sasl_ssf
is greater. Seems also a more complete handle transport and
TLS SSFs as well.
Kurt
At 08:40 PM 5/4/2004, lukeh@padl.com wrote:
>Full_Name: Luke Howard
>Version: 2.2.10
>OS: Linux
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (165.228.130.11)
>
>
>The application of consumer-side ACLs that contain minimum SSFs does not work
>with syncrepl, because the SSF is not propagated from the LDAP session to the
>fake operation.
>
>For example:
>
>access to *
> by dn.subtree="OU=Domain Controllers,DC=dsg,DC=padl,DC=com" ssf=56
>write
>
>The following difference against OPENLDAP_REL_ENG_2_2_10 fixes this.
>
>Index: syncrepl.c
>===================================================================
>RCS file: /repo/OpenLDAP/pkg/ldap/servers/slapd/syncrepl.c,v
>retrieving revision 1.24.2.20
>diff -u -r1.24.2.20 syncrepl.c
>--- syncrepl.c 13 Apr 2004 15:49:08 -0000 1.24.2.20
>+++ syncrepl.c 5 May 2004 03:36:52 -0000
>@@ -302,6 +302,9 @@
> }
> }
>
>+ /* set SSF for local authorization */
>+ ldap_get_option( si->si_ld, LDAP_OPT_X_SASL_SSF, &op->o_ssf );
>+
> /* get syncrepl cookie of shadow replica from subentry */
>
> assert( si->si_rid < 1000 );
>lukeh@corp/tankstream[190]%