Apply ACLs to front end objects (root DSE, subschema) consistently

author Kurt Zeilenga <kurt@openldap.org>

Tue, 28 Aug 2001 20:28:34 +0000 (20:28 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Tue, 28 Aug 2001 20:28:34 +0000 (20:28 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Tue, 28 Aug 2001 20:28:34 +0000 (20:28 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Tue, 28 Aug 2001 20:28:34 +0000 (20:28 +0000)
diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c

index 68353e909a6d64e2ea7b04f1bcda80eef3cbca5b..657145712ae24f25728d45f6beffaee1852d8132 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -103,11 +103,18 @@ access_allowed(
                 e->e_dn, attr );
  #endif
  
-       assert( be != NULL );
         assert( e != NULL );
         assert( attr != NULL );
         assert( access > ACL_NONE );
  
+       if ( op == NULL ) {
+               /* no-op call */
+               return 1;
+       }
+
+       if ( be == NULL ) be = &backends[0];
+       assert( be != NULL );
+
         /* grant database root access */
         if ( be != NULL && be_isroot( be, op->o_ndn ) ) {
  #ifdef NEW_LOGGING
diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c

index 812096c97ce796a6b22c608ae0e8a1748177001d..d960ac3209887c846c45cbbf501458876ad6020e 100644 (file)
--- a/servers/slapd/filterentry.c
+++ b/servers/slapd/filterentry.c
@@ -234,7 +234,7 @@ test_ava_filter(
         int             i;
         Attribute       *a;
  
-       if ( be != NULL && ! access_allowed( be, conn, op, e,
+       if ( !access_allowed( be, conn, op, e,
                 ava->aa_desc, ava->aa_value, ACL_SEARCH ) )
         {
                 return LDAP_INSUFFICIENT_ACCESS;
@@ -319,8 +319,7 @@ test_presence_filter(
         AttributeDescription *desc
  )
  {
-       if ( be != NULL && ! access_allowed( be, conn, op, e,
-               desc, NULL, ACL_SEARCH ) )
+       if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH ) )
         {
                 return LDAP_INSUFFICIENT_ACCESS;
         }
@@ -440,7 +439,7 @@ test_substrings_filter(
  #endif
  
  
-       if ( be != NULL && ! access_allowed( be, conn, op, e,
+       if ( !access_allowed( be, conn, op, e,
                 f->f_sub_desc, NULL, ACL_SEARCH ) )
         {
                 return LDAP_INSUFFICIENT_ACCESS;
author	Kurt Zeilenga <kurt@openldap.org>
	Tue, 28 Aug 2001 20:28:34 +0000 (20:28 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Tue, 28 Aug 2001 20:28:34 +0000 (20:28 +0000)
servers/slapd/acl.c		patch \| blob \| history
servers/slapd/filterentry.c		patch \| blob \| history