slap_control_t control;
const char *attr;
regmatch_t matches[MAXREMATCHES];
+ int st_same_attr = 0;
+ int st_initialized = 0;
+ static AccessControlState state_init = ACL_STATE_INIT;
assert( e != NULL );
assert( desc != NULL );
assert( attr != NULL );
- if( state && state->as_recorded ) {
+ if( state && state->as_recorded && state->as_vd_ad==desc) {
if( state->as_recorded & ACL_STATE_RECORDED_NV &&
val == NULL )
{
{
return state->as_result;
}
+ st_same_attr = 1;
+ } if (state) {
+ state->as_vd_ad=desc;
}
#ifdef NEW_LOGGING
ret = 0;
control = ACL_BREAK;
- if( state && ( state->as_recorded & ACL_STATE_RECORDED_VD )) {
+ if( st_same_attr ) {
assert( state->as_vd_acl != NULL );
a = state->as_vd_acl;
#endif
}
+ if (state) {
+ if (state->as_vi_acl == a && (state->as_recorded & ACL_STATE_RECORDED_NV)) {
+ Debug( LDAP_DEBUG_ACL, "access_allowed: result from state (%s)\n", attr, 0, 0 );
+ return state->as_result;
+ } else if (!st_initialized) {
+ Debug( LDAP_DEBUG_ACL, "access_allowed: no res from state (%s)\n", attr, 0, 0);
+ *state = state_init;
+ state->as_vd_ad=desc;
+ st_initialized=1;
+ }
+ }
+
vd_access:
control = acl_mask( a, &mask, be, conn, op,
e, desc, val, matches, count, state );
done:
if( state != NULL ) {
+ /* If not value-dependent, save ACL in case of more attrs */
+ if ( !(state->as_recorded & ACL_STATE_RECORDED_VD) )
+ state->as_vi_acl = a;
state->as_recorded |= ACL_STATE_RECORDED;
state->as_result = ret;
}
)
{
struct berval *bv;
+ AccessControlState state = ACL_STATE_INIT;
assert( be != NULL );
}
for ( ; mlist != NULL; mlist = mlist->sml_next ) {
- static AccessControlState state_init = ACL_STATE_INIT;
- AccessControlState state;
-
/*
* no-user-modification operational attributes are ignored
* by ACL_WRITE checking as any found here are not provided
continue;
}
- state = state_init;
-
switch ( mlist->sml_op ) {
case LDAP_MOD_REPLACE:
/*
char *edn;
int userattrs;
int opattrs;
- static AccessControlState acl_state_init = ACL_STATE_INIT;
- AccessControlState acl_state;
+ AccessControlState acl_state = ACL_STATE_INIT;
AttributeDescription *ad_entry = slap_schema.si_ad_entry;
}
}
- acl_state = acl_state_init;
-
if ( ! access_allowed( be, conn, op, e, desc, NULL,
ACL_READ, &acl_state ) )
{
}
}
- acl_state = acl_state_init;
-
if ( ! access_allowed( be, conn, op, e, desc, NULL,
ACL_READ, &acl_state ) )
{
/* Access state */
AccessControl *as_vd_acl;
+ AccessControl *as_vi_acl;
slap_mask_t as_vd_acl_mask;
regmatch_t as_vd_acl_matches[MAXREMATCHES];
int as_vd_acl_count;
int as_vd_access_count;
int as_result;
+ AttributeDescription *as_vd_ad;
} AccessControlState;
-#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, 0UL, { { 0, 0 } }, 0, NULL, 0, 0 }
+#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, NULL, 0UL, { { 0, 0 } }, 0, NULL, 0, 0, 0, NULL }
/*
* replog moddn param structure
projects / openldap / commitdiff