* - can be legally called with op->o_bd == NULL
*/
-#ifdef LDAP_DEVEL
+#ifdef SLAP_OVERLAY_ACCESS
+int
+slap_access_always_allowed(
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp )
+{
+ assert( maskp );
+
+ ACL_PRIV_SET( *maskp, ACL_ACCESS2PRIV( access ) );
+
+ return 1;
+}
static int
slap_access_allowed(
return ret;
}
-#else /* !LDAP_DEVEL */
+#else /* !SLAP_OVERLAY_ACCESS */
+
int
access_allowed_mask(
Operation *op,
return ret;
}
-#endif /* LDAP_DEVEL */
+#endif /* SLAP_OVERLAY_ACCESS */
/*
* acl_get - return the acl applicable to entry e, attribute
bi->bi_connection_init = 0;
bi->bi_connection_destroy = 0;
+#ifdef SLAP_OVERLAY_ACCESS
+ bi->bi_access_allowed = slap_access_always_allowed;
+#endif /* SLAP_OVERLAY_ACCESS */
+
return 0;
}
SLAP_CB_CONTINUE /* aux_chk_controls; pass to frontend */
};
+#ifdef SLAP_OVERLAY_ACCESS
static int
over_access_allowed(
Operation *op,
oi = op->o_bd->bd_info->bi_private;
on = oi->oi_list;
- if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
- db = *op->o_bd;
- db.be_flags |= SLAP_DBFLAG_OVERLAY;
- op->o_bd = &db;
- }
-
for ( ; on; on = on->on_next ) {
if ( on->on_bi.bi_access_allowed ) {
+ if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
+ db = *op->o_bd;
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &db;
+ }
+
op->o_bd->bd_info = (BackendInfo *)on;
rc = on->on_bi.bi_access_allowed( op, e,
desc, val, access, state, maskp );
}
if ( rc == SLAP_CB_CONTINUE && oi->oi_orig->bi_access_allowed ) {
+ if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
+ db = *op->o_bd;
+ db.be_flags |= SLAP_DBFLAG_OVERLAY;
+ op->o_bd = &db;
+ }
+
op->o_bd->bd_info = oi->oi_orig;
rc = oi->oi_orig->bi_access_allowed( op, e,
desc, val, access, state, maskp );
op->o_bd = be;
return rc;
}
+#endif /* SLAP_OVERLAY_ACCESS */
static int
over_op_func(
bi->bi_chk_referrals = over_aux_chk_referrals;
bi->bi_chk_controls = over_aux_chk_controls;
+#ifdef SLAP_OVERLAY_ACCESS
/* this has a specific arglist */
bi->bi_access_allowed = over_access_allowed;
+#endif /* SLAP_OVERLAY_ACCESS */
bi->bi_connection_destroy = over_connection_destroy;
AccessControlState *state,
slap_mask_t *mask ));
#define access_allowed(op,e,desc,val,access,state) access_allowed_mask(op,e,desc,val,access,state,NULL)
+#ifdef SLAP_OVERLAY_ACCESS
+LDAP_SLAPD_F (int) slap_access_always_allowed LDAP_P((
+ Operation *op,
+ Entry *e,
+ AttributeDescription *desc,
+ struct berval *val,
+ slap_access_t access,
+ AccessControlState *state,
+ slap_mask_t *maskp ));
+#endif /* SLAP_OVERLAY_ACCESS */
+
LDAP_SLAPD_F (int) acl_check_modlist LDAP_P((
Operation *op, Entry *e, Modifications *ml ));
#define SLAP_ACL_HONOR_DISCLOSE /* partially implemented */
#define SLAP_ACL_HONOR_MANAGE /* not yet implemented */
#define SLAP_DYNACL
+#define SLAP_OVERLAY_ACCESS
#define LDAP_COMP_MATCH
#define LDAP_DYNAMIC_OBJECTS
#define LDAP_SYNC_TIMESTAMP
typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op,
Entry *e, int *hasSubs ));
+#ifdef SLAP_OVERLAY_ACCESS
typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e,
AttributeDescription *desc, struct berval *val, slap_access_t access,
AccessControlState *state, slap_mask_t *maskp ));
+#endif /* SLAP_OVERLAY_ACCESS */
typedef int (BI_connection_init) LDAP_P(( BackendDB *bd,
struct slap_conn *c ));
BI_entry_release_rw *bi_entry_release_rw;
BI_has_subordinates *bi_has_subordinates;
+#ifdef SLAP_OVERLAY_ACCESS
BI_access_allowed *bi_access_allowed;
+#endif /* SLAP_OVERLAY_ACCESS */
BI_connection_init *bi_connection_init;
BI_connection_destroy *bi_connection_destroy;
projects / openldap / commitdiff