Entry *matched = NULL;
struct berval realbase = BER_BVNULL;
int manageDSAit = get_manageDSAit( op );
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ slap_mask_t mask;
+#endif
Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
}
#ifdef SLAP_ACL_HONOR_DISCLOSE
- if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
- NULL, ACL_DISCLOSE, NULL ) )
+ /* NOTE: __NEW__ "search" access is required
+ * on searchBase object */
+ if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_SEARCH, NULL, &mask ) )
{
- rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ } else {
+ rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
+ }
cache_return_entry_r( &li->li_cache, e );
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_saslAuthzFrom) },
-#ifdef SLAPD_ACI_ENABLED
- { "OpenLDAPaci", "( 1.3.6.1.4.1.4203.666.1.5 "
- "NAME 'OpenLDAPaci' "
- "DESC 'OpenLDAP access control information (experimental)' "
- "EQUALITY OpenLDAPaciMatch "
- "SYNTAX 1.3.6.1.4.1.4203.666.2.1 "
- "USAGE directoryOperation )",
- NULL, SLAP_AT_HIDE,
- NULL, NULL,
- NULL, NULL, NULL, NULL, NULL,
- offsetof(struct slap_internal_schema, si_ad_aci) },
-#endif
#ifdef LDAP_DYNAMIC_OBJECTS
{ "entryTtl", "( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' "
}
}
+ slap_at_undefined.sat_syntax = slap_schema.si_syn_octetString;
+ slap_schema.si_at_undefined = &slap_at_undefined;
+
+ ldap_pvt_thread_mutex_init( &ad_undef_mutex );
+ ldap_pvt_thread_mutex_init( &oc_undef_mutex );
+
for( i=0; ad_map[i].ssam_name; i++ ) {
assert( ad_map[i].ssam_defn != NULL );
{
}
}
- slap_at_undefined.sat_syntax = slap_schema.si_syn_octetString;
- slap_schema.si_at_undefined = &slap_at_undefined;
-
return LDAP_SUCCESS;
}
projects / openldap / commitdiff