Add fe_access_allowed(), should allow global ACL overlays to work

author Luke Howard <lukeh@openldap.org>

Sat, 23 Jul 2005 04:18:48 +0000 (04:18 +0000)

committer Luke Howard <lukeh@openldap.org>

Sat, 23 Jul 2005 04:18:48 +0000 (04:18 +0000)
author Luke Howard <lukeh@openldap.org>
Sat, 23 Jul 2005 04:18:48 +0000 (04:18 +0000)
committer Luke Howard <lukeh@openldap.org>
Sat, 23 Jul 2005 04:18:48 +0000 (04:18 +0000)
diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c

index 7306baa294c125401a2d84052a48287f84a2d9ce..4af1cfdb3cd2c8e3c4afa8095d6adffc702bd248 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -336,6 +336,28 @@ done:
         return ret;
  }
  
+int
+fe_access_allowed(
+       Operation               *op,
+       Entry                   *e,
+       AttributeDescription    *desc,
+       struct berval           *val,
+       slap_access_t           access,
+       AccessControlState      *state,
+       slap_mask_t             *maskp )
+{
+       BackendDB               *be_orig;
+       int                     rc;
+
+       be_orig = op->o_bd;
+
+       op->o_bd = select_backend( &op->o_req_ndn, 0, 0 );
+       rc = slap_access_allowed( op, e, desc, val, access, state, maskp );
+       op->o_bd = be_orig;
+
+       return rc;
+}
+
  int
  access_allowed_mask(
         Operation               *op,
@@ -433,21 +455,14 @@ access_allowed_mask(
                                 desc, val, access, state, &mask );
  
         } else {
-#if 0
-               /* FIXME: this doesn't work because frontendDB doesn't have
-                * the right rootn, ACLs and so. */
-               BackendDB       *be_orig;
+               BackendDB       *be_orig = op->o_bd;
  
                 /* use default (but pass through frontend
                  * for global ACL overlays) */
-               be_orig = op->o_bd;
                 op->o_bd = frontendDB;
                 ret = frontendDB->bd_info->bi_access_allowed( op, e,
                                 desc, val, access, state, &mask );
                 op->o_bd = be_orig;
-#endif
-               ret = slap_access_allowed( op, e, 
-                               desc, val, access, state, &mask );
         }
  
         if ( !ret ) {
diff --git a/servers/slapd/frontend.c b/servers/slapd/frontend.c

index 3ea31ac49184a5770a9c4532116fb53fc8122457..20e16613e3d338236c15c8bc8a69d3db1139bdde 100644 (file)
--- a/servers/slapd/frontend.c
+++ b/servers/slapd/frontend.c
@@ -120,7 +120,7 @@ frontend_init( void )
         frontendDB->bd_info->bi_entry_release_rw = fe_entry_release_rw;
  #endif
  #ifdef SLAP_OVERLAY_ACCESS
-       frontendDB->bd_info->bi_access_allowed = slap_access_allowed;
+       frontendDB->bd_info->bi_access_allowed = fe_access_allowed;
         frontendDB->bd_info->bi_acl_group = fe_acl_group;
         frontendDB->bd_info->bi_acl_attribute = fe_acl_attribute;
  #endif /* SLAP_OVERLAY_ACCESS */
diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h

index 68c227d887edb6e60e6bbd50ce9d7ffce78b6351..9502b9b3673e8afa4d6dc8d7b70d09193a952257 100644 (file)
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -1653,6 +1653,14 @@ LDAP_SLAPD_F (int) fe_acl_attribute LDAP_P((
         AttributeDescription *entry_at,
         BerVarray *vals,
         slap_access_t access ));
+LDAP_SLAPD_F (int) fe_access_allowed LDAP_P((
+       Operation               *op,
+       Entry                   *e,
+       AttributeDescription    *desc,
+       struct berval           *val,
+       slap_access_t           access,
+       AccessControlState      *state,
+       slap_mask_t             *maskp ));
  
  /* NOTE: this macro assumes that bv has been allocated
   * by ber_* malloc functions or is { 0L, NULL } */
author	Luke Howard <lukeh@openldap.org>
	Sat, 23 Jul 2005 04:18:48 +0000 (04:18 +0000)
committer	Luke Howard <lukeh@openldap.org>
	Sat, 23 Jul 2005 04:18:48 +0000 (04:18 +0000)
servers/slapd/acl.c		patch \| blob \| history
servers/slapd/frontend.c		patch \| blob \| history
servers/slapd/proto-slap.h		patch \| blob \| history