fix ITS#3753

[openldap] / servers / slapd / acl.c

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 60bbfa0dc7ee2fb5a02537861bc06982908b80f6..e71d14fcca2ef5059df69accce86e1d2bcaa2b4a 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -173,7 +173,7 @@ slap_access_always_allowed(
        return 1;
 }
 
-static int
+int
 slap_access_allowed(
        Operation               *op,
        Entry                   *e,
@@ -303,13 +303,13 @@ slap_access_allowed(
                                ( state->as_recorded & ACL_STATE_RECORDED_NV ) )
                        {
                                Debug( LDAP_DEBUG_ACL,
-                                       "slap_access_allowed: result from state (%s)\n",
+                                       "=> slap_access_allowed: result from state (%s)\n",
                                        attr, 0, 0 );
                                ret = state->as_result;
                                goto done;
                        } else {
                                Debug( LDAP_DEBUG_ACL,
-                                       "slap_access_allowed: no res from state (%s)\n",
+                                       "=> slap_access_allowed: no res from state (%s)\n",
                                        attr, 0, 0 );
                        }
                }
@@ -427,8 +427,9 @@ access_allowed_mask(
        }
 
        if ( op->o_bd == NULL ) {
-               op->o_bd = LDAP_STAILQ_FIRST(&backendDB);
+               op->o_bd = LDAP_STAILQ_FIRST( &backendDB );
                be_null = 1;
+
 #ifdef LDAP_DEVEL
                /*
                 * FIXME: experimental; use first backend rules
@@ -436,17 +437,20 @@ access_allowed_mask(
                if ( frontendDB->be_acl != NULL ) {
                        op->o_bd = frontendDB;
                }
-#endif
+#endif /* LDAP_DEVEL */
        }
        assert( op->o_bd != NULL );
 
-       /* delegate to backend */
-       if ( op->o_bd->bd_info->bi_access_allowed != NULL ) {
-               bi_access_allowed = op->o_bd->bd_info->bi_access_allowed;
+       /* this is enforced in backend_add() */
+       if ( op->o_bd->bd_info->bi_access_allowed ) {
+               /* delegate to backend */
+               ret = op->o_bd->bd_info->bi_access_allowed( op, e, desc, val, access, state, &mask );
+
        } else {
-               bi_access_allowed = slap_access_allowed;
+               /* use default */
+               ret = slap_access_allowed( op, e, desc, val, access, state, &mask );
        }
-       ret = bi_access_allowed( op, e, desc, val, access, state, &mask );
+
        if ( !ret ) {
                if ( ACL_IS_INVALID( mask ) ) {
                        Debug( LDAP_DEBUG_ACL,
@@ -916,11 +920,11 @@ acl_get(
                                        if ( vdnlen < patlen )
                                                continue;
        
-                                       if ( a->acl_dn_style == ACL_STYLE_BASE ) {
+                                       if ( a->acl_attrval_style == ACL_STYLE_BASE ) {
                                                if ( vdnlen > patlen )
                                                        continue;
        
-                                       } else if ( a->acl_dn_style == ACL_STYLE_ONE ) {
+                                       } else if ( a->acl_attrval_style == ACL_STYLE_ONE ) {
                                                int rdnlen = -1;
        
                                                if ( !DN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
@@ -930,11 +934,11 @@ acl_get(
                                                if ( rdnlen != vdnlen - patlen - 1 )
                                                        continue;
        
-                                       } else if ( a->acl_dn_style == ACL_STYLE_SUBTREE ) {
+                                       } else if ( a->acl_attrval_style == ACL_STYLE_SUBTREE ) {
                                                if ( vdnlen > patlen && !DN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
                                                        continue;
        
-                                       } else if ( a->acl_dn_style == ACL_STYLE_CHILDREN ) {
+                                       } else if ( a->acl_attrval_style == ACL_STYLE_CHILDREN ) {
                                                if ( vdnlen <= patlen )
                                                        continue;