Add "entry" ACL checks for add/delete/rename ops

[openldap] / servers / slapd / saslauthz.c

diff --git a/servers/slapd/saslauthz.c b/servers/slapd/saslauthz.c
index f9f53d85ec9147e8579e9ebbb1df61852b2c75a8..24ccf062b496ce9bded6320abf307d3999edd821 100644 (file)
--- a/servers/slapd/saslauthz.c
+++ b/servers/slapd/saslauthz.c
@@ -326,7 +326,7 @@ static int slap_sasl_regexp( struct berval *in, struct berval *out )
                out->bv_len ? out->bv_val : "", 0, 0 );
 #else
        Debug( LDAP_DEBUG_TRACE,
-          "slap_sasl_regexp: converted SASL name to ldap:///%s??%s?%s\n",
+               "slap_sasl_regexp: converted SASL name to %s\n",
                out->bv_len ? out->bv_val : "", 0, 0 );
 #endif
 
@@ -449,6 +449,7 @@ void slap_sasl2dn( Connection *conn,
        op.o_callback = &cb;
        op.o_time = slap_get_time();
        op.o_do_not_cache = 1;
+       op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
 
        (*be->be_search)( be, conn, &op, NULL, &dn,
                scope, LDAP_DEREF_NEVER, 1, 0,
@@ -569,6 +570,7 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
        op.o_callback = &cb;
        op.o_time = slap_get_time();
        op.o_do_not_cache = 1;
+       op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
 
        (*be->be_search)( be, conn, &op, /*base=*/NULL, &searchbase,
           scope, /*deref=*/1, /*sizelimit=*/0, /*time=*/0, filter, /*fstr=*/NULL,
@@ -614,15 +616,16 @@ slap_sasl_check_authz( Connection *conn,
 
 #ifdef NEW_LOGGING
        LDAP_LOG( TRANSPORT, ENTRY, 
-                  "slap_sasl_check_authz: does %s match %s rule in %s?\n",
-              assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
+               "slap_sasl_check_authz: does %s match %s rule in %s?\n",
+           assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
 #else
        Debug( LDAP_DEBUG_TRACE,
           "==>slap_sasl_check_authz: does %s match %s rule in %s?\n",
           assertDN->bv_val, ad->ad_cname.bv_val, searchDN->bv_val);
 #endif
 
-       rc = backend_attribute( NULL, NULL, NULL, NULL, searchDN, ad, &vals );
+       rc = backend_attribute( NULL, NULL, conn->c_sasl_bindop, NULL,
+               searchDN, ad, &vals );
        if( rc != LDAP_SUCCESS )
                goto COMPLETE;
 
@@ -639,11 +642,12 @@ COMPLETE:
 
 #ifdef NEW_LOGGING
        LDAP_LOG( TRANSPORT, RESULTS, 
-                  "slap_sasl_check_authz: %s check returning %s\n", 
-                  ad->ad_cname.bv_val, rc, 0 );
+               "slap_sasl_check_authz: %s check returning %s\n", 
+               ad->ad_cname.bv_val, rc, 0 );
 #else
        Debug( LDAP_DEBUG_TRACE,
-          "<==slap_sasl_check_authz: %s check returning %d\n", ad->ad_cname.bv_val, rc, 0);
+          "<==slap_sasl_check_authz: %s check returning %d\n",
+               ad->ad_cname.bv_val, rc, 0);
 #endif
 
        return( rc );