protect all occurrences of ACL_DISCLOSE

diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index 43f93f827fe67c4ac5f5f5d7fca49c0755f14e9d..2466284e1d7188b848a7a3d90ab70362fd249cbd 100644 (file)
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -2241,6 +2241,10 @@ str2access( const char *str )
                return ACL_NONE;
 
        } else if ( strcasecmp( str, "disclose" ) == 0 ) {
+#ifndef SLAP_ACL_HONOR_DISCLOSE
+               fprintf( stderr, "str2access: warning, "
+                       "\"disclose\" privilege disabled.\n" );
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
                return ACL_DISCLOSE;
 
        } else if ( strcasecmp( str, "auth" ) == 0 ) {

diff --git a/servers/slapd/back-bdb/compare.c b/servers/slapd/back-bdb/compare.c
index 8da40475b9dbde2fc3dcd8fe2e9f8f3a7bf956dd..aa2326337c03271e9d88bec41cd5ca64b5236e84 100644 (file)
--- a/servers/slapd/back-bdb/compare.c
+++ b/servers/slapd/back-bdb/compare.c
@@ -137,7 +137,7 @@ dn2entry_retry:
                {
                        rs->sr_err = LDAP_NO_SUCH_OBJECT;
                } else
-#endif
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
                {
                        rs->sr_err = LDAP_ASSERTION_FAILED;
                }

diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c
index 1e414f6609a68bb6df93f12dd6bc376ff727295f..4038ee56891acabc07a5d7789bc9586338081e73 100644 (file)
--- a/servers/slapd/back-ldbm/search.c
+++ b/servers/slapd/back-ldbm/search.c
@@ -86,14 +86,17 @@ ldbm_back_search(
 
                if ( matched != NULL ) {
                        BerVarray erefs = NULL;
-                       
+
+#ifdef SLAP_ACL_HONOR_DISCLOSE
                        if ( ! access_allowed( op, matched,
                                                slap_schema.si_ad_entry,
                                                NULL, ACL_DISCLOSE, NULL ) )
                        {
                                rs->sr_err = LDAP_NO_SUCH_OBJECT;
 
-                       } else {
+                       } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+                       {
                                ber_dupbv( &matched_dn, &matched->e_name );
 
                                erefs = is_entry_referral( matched )
@@ -127,6 +130,7 @@ ldbm_back_search(
                return rs->sr_err;
        }
 
+#ifdef SLAP_ACL_HONOR_DISCLOSE
        if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
                                NULL, ACL_DISCLOSE, NULL ) )
        {
@@ -138,6 +142,7 @@ ldbm_back_search(
                send_ldap_result( op, rs );
                return rs->sr_err;
        }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
 
        if ( !manageDSAit && is_entry_referral( e ) ) {
                /* entry is a referral, don't allow add */