X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Facl.c;h=a6f0a853d01b1284a67bdfa291d619aff5ce9df5;hb=e281e08e79829175aa9545dc2e3eb85e4e873717;hp=7306baa294c125401a2d84052a48287f84a2d9ce;hpb=bccf2a72825a7069fefbb0550b4c11117f0374a5;p=openldap diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 7306baa294..a6f0a853d0 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -336,6 +336,39 @@ done: return ret; } +int +fe_access_allowed( + Operation *op, + Entry *e, + AttributeDescription *desc, + struct berval *val, + slap_access_t access, + AccessControlState *state, + slap_mask_t *maskp ) +{ + BackendDB *be_orig; + int rc; + + /* + * NOTE: control gets here if FIXME + * if an appropriate backend cannot be selected for the operation, + * we assume that the frontend should handle this + * FIXME: should select_backend() take care of this, + * and return frontendDB instead of NULL? maybe for some value + * of the flags? + */ + be_orig = op->o_bd; + + op->o_bd = select_backend( &op->o_req_ndn, 0, 0 ); + if ( op->o_bd == NULL ) { + op->o_bd = frontendDB; + } + rc = slap_access_allowed( op, e, desc, val, access, state, maskp ); + op->o_bd = be_orig; + + return rc; +} + int access_allowed_mask( Operation *op, @@ -433,21 +466,14 @@ access_allowed_mask( desc, val, access, state, &mask ); } else { -#if 0 - /* FIXME: this doesn't work because frontendDB doesn't have - * the right rootn, ACLs and so. */ - BackendDB *be_orig; + BackendDB *be_orig = op->o_bd; /* use default (but pass through frontend * for global ACL overlays) */ - be_orig = op->o_bd; op->o_bd = frontendDB; ret = frontendDB->bd_info->bi_access_allowed( op, e, desc, val, access, state, &mask ); op->o_bd = be_orig; -#endif - ret = slap_access_allowed( op, e, - desc, val, access, state, &mask ); } if ( !ret ) { @@ -3429,8 +3455,8 @@ slap_dynacl_get( const char *name ) int acl_init( void ) { - int i, rc; #ifdef SLAP_DYNACL + int i, rc; slap_dynacl_t *known_dynacl[] = { #ifdef SLAPD_ACI_ENABLED &dynacl_aci,