int
monitor_back_bind( Operation *op, SlapReply *rs )
{
-#if 0 /* not used yet */
- monitor_info_t *mi
- = (monitor_info_t *) op->o_bd->be_private;
-#endif
-
Debug(LDAP_DEBUG_ARGS, "==> monitor_back_bind: dn: %s\n",
op->o_req_dn.bv_val, 0, 0 );
if ( op->oq_bind.rb_method == LDAP_AUTH_SIMPLE
- && be_isroot_pw( op ) ) {
+ && be_isroot_pw( op ) )
+ {
ber_dupbv( &op->oq_bind.rb_edn, be_root_dn( op->o_bd ) );
- return( 0 );
+ return LDAP_SUCCESS;
}
rs->sr_err = LDAP_INVALID_CREDENTIALS;
send_ldap_result( op, rs );
- return( 1 );
+ return rs->sr_err;
}
monitor_info_t *mi = ( monitor_info_t * ) op->o_bd->be_private;
Entry *e, *matched = NULL;
Attribute *a;
+ int rc;
/* get entry with reader lock */
monitor_cache_dn2entry( op, &op->o_req_ndn, &e, &matched );
if ( e == NULL ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( matched ) {
- rs->sr_matched = matched->e_dn;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !access_allowed_mask( op, matched,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL, NULL ) )
+ {
+ /* do nothing */ ;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_matched = matched->e_dn;
+ }
}
send_ldap_result( op, rs );
if ( matched ) {
rs->sr_matched = NULL;
}
- return( 0 );
+ return rs->sr_err;
}
rs->sr_err = access_allowed( op, e, op->oq_compare.rs_ava->aa_desc,
}
return_results:;
- send_ldap_result( op, rs );
- if ( rs->sr_err == LDAP_COMPARE_FALSE
- || rs->sr_err == LDAP_COMPARE_TRUE ) {
- rs->sr_err = LDAP_SUCCESS;
+ rc = rs->sr_err;
+ switch ( rc ) {
+ case LDAP_COMPARE_FALSE:
+ case LDAP_COMPARE_TRUE:
+ rc = LDAP_SUCCESS;
+ break;
+
+ case LDAP_NO_SUCH_ATTRIBUTE:
+ break;
+
+ default:
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL, NULL ) )
+ {
+ rs->sr_err = LDAP_NO_SUCH_OBJECT;
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ break;
}
+
+ send_ldap_result( op, rs );
+ rs->sr_err = rc;
monitor_cache_release( mi, e );
- return( rs->sr_err );
+ return rs->sr_err;
}
int
monitor_back_modify( Operation *op, SlapReply *rs )
- /*
- Backend *be,
- Connection *conn,
- Operation *op,
- struct berval *dn,
- struct berval *ndn,
- Modifications *modlist
- */
{
int rc = 0;
monitor_info_t *mi = ( monitor_info_t * )op->o_bd->be_private;
if ( e == NULL ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( matched ) {
- rs->sr_matched = matched->e_name.bv_val;
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( !access_allowed_mask( op, matched,
+ slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL, NULL ) )
+ {
+ /* do nothing */ ;
+ } else
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+ {
+ rs->sr_matched = matched->e_dn;
+ }
}
send_ldap_result( op, rs );
if ( matched != NULL ) {
rs->sr_matched = NULL;
monitor_cache_release( mi, matched );
}
- return( 0 );
+ return rs->sr_err;
}
if ( !acl_check_modlist( op, e, op->oq_modify.rs_modlist )) {
rc = monitor_entry_modify( op, e );
}
+#ifdef SLAP_ACL_HONOR_DISCLOSE
+ if ( rc != LDAP_SUCCESS ) {
+ if ( !access_allowed_mask( op, e, slap_schema.si_ad_entry,
+ NULL, ACL_DISCLOSE, NULL, NULL ) )
+ {
+ rc = LDAP_NO_SUCH_OBJECT;
+ }
+ }
+#endif /* SLAP_ACL_HONOR_DISCLOSE */
+
rs->sr_err = rc;
send_ldap_result( op, rs );
monitor_cache_release( mi, e );
- return( 0 );
+ return rs->sr_err;
}
projects / openldap / commitdiff