return 1;
}
-static int
+int
slap_access_allowed(
Operation *op,
Entry *e,
}
assert( op->o_bd != NULL );
+ /* this is enforced in backend_add() */
+ assert( op->o_bd->bd_info->bi_access_allowed );
+
/* delegate to backend */
- if ( op->o_bd->bd_info->bi_access_allowed != NULL ) {
- bi_access_allowed = op->o_bd->bd_info->bi_access_allowed;
- } else {
- bi_access_allowed = slap_access_allowed;
- }
- ret = bi_access_allowed( op, e, desc, val, access, state, &mask );
+ ret = op->o_bd->bd_info->bi_access_allowed( op, e, desc, val, access, state, &mask );
if ( !ret ) {
if ( ACL_IS_INVALID( mask ) ) {
Debug( LDAP_DEBUG_ACL,
}
return rc;
}
+
+#ifdef SLAP_OVERLAY_ACCESS
+ if ( bi->bi_access_allowed == NULL ) {
+ bi->bi_access_allowed = slap_access_allowed;
+ }
+#endif /* SLAP_OVERLAY_ACCESS */
+
LDAP_STAILQ_INSERT_TAIL(&backendInfo, bi, bi_next);
}
return rc;
}
+#ifdef SLAP_OVERLAY_ACCESS
+ if ( aBackendInfo->bi_access_allowed == NULL ) {
+ aBackendInfo->bi_access_allowed = slap_access_allowed;
+ }
+#endif /* SLAP_OVERLAY_ACCESS */
+
(void)backend_init_controls( aBackendInfo );
/* now add the backend type to the Backend Info List */
}
if ( rc == SLAP_CB_CONTINUE && oi->oi_orig->bi_access_allowed ) {
- /* NOTE: do not copy the structure until requiredy */
- /* NOTE: by default, oi->oi_orig->bi_access_allowed == NULL;
- * only backends that implement a specific hook
- * should store it there; by default, slap_access_allowed()
- * is invoked if oi->oi_orig->bi_access_allowed == NULL */
- if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
- db = *op->o_bd;
- db.be_flags |= SLAP_DBFLAG_OVERLAY;
- op->o_bd = &db;
+ /* if the database structure was changed, o_bd points to a
+ * copy of the structure; put the original bd_info in place */
+ if ( SLAP_ISOVERLAY( op->o_bd ) ) {
+ op->o_bd->bd_info = oi->oi_orig;
}
- op->o_bd->bd_info = oi->oi_orig;
rc = oi->oi_orig->bi_access_allowed( op, e,
desc, val, access, state, maskp );
}
bi->bi_chk_referrals = 0;
+#ifdef SLAP_OVERLAY_ACCESS
+ bi->bi_access_allowed = slap_access_always_allowed;
+#endif /* SLAP_OVERLAY_ACCESS */
+
bi->bi_connection_init = 0;
bi->bi_connection_destroy = 0;
frontendDB->bd_info->bi_op_search = fe_op_search;
frontendDB->bd_info->bi_extended = fe_extended;
+#ifdef SLAP_OVERLAY_ACCESS
+ frontendDB->bd_info->bi_access_allowed = slap_access_allowed;
+#endif /* SLAP_OVERLAY_ACCESS */
+
#if 0
/* FIXME: is this too early? */
return backend_startup_one( frontendDB );
slap_mask_t *mask ));
#define access_allowed(op,e,desc,val,access,state) access_allowed_mask(op,e,desc,val,access,state,NULL)
#ifdef SLAP_OVERLAY_ACCESS
+LDAP_SLAPD_F (int) slap_access_allowed LDAP_P((
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp ));
LDAP_SLAPD_F (int) slap_access_always_allowed LDAP_P((
Operation *op,
Entry *e,
projects / openldap / commitdiff