SlapReply *rs )
{
struct ldbminfo *li = (struct ldbminfo *) op->o_bd->be_private;
- int rc, err;
- const char *text = NULL;
+ int rc;
time_t stoptime;
ID_BLOCK *candidates;
ID id, cursor;
Entry *matched = NULL;
struct berval realbase = BER_BVNULL;
int manageDSAit = get_manageDSAit( op );
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ slap_mask_t mask;
+#endif
Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
if ( matched != NULL ) {
BerVarray erefs = NULL;
-
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
if ( ! access_allowed( op, matched,
slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
- } else {
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
ber_dupbv( &matched_dn, &matched->e_name );
erefs = is_entry_referral( matched )
return rs->sr_err;
}
- if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
- NULL, ACL_DISCLOSE, NULL ) )
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ /* NOTE: __NEW__ "search" access is required
+ * on searchBase object */
+ if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_SEARCH, NULL, &mask ) )
{
- rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
cache_return_entry_r( &li->li_cache, e );
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
send_ldap_result( op, rs );
return rs->sr_err;
}
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
if ( !manageDSAit && is_entry_referral( e ) ) {
/* entry is a referral, don't allow add */
/* check for abandon */
if ( op->o_abandon ) {
- rc = LDAP_SUCCESS;
+ rc = SLAPD_ABANDON;
goto done;
}
? LDAP_SCOPE_BASE
: LDAP_SCOPE_SUBTREE );
+ ber_bvarray_free( erefs );
+
send_search_reference( op, rs );
ber_bvarray_free( rs->sr_ref );