From: Pierangelo Masarati Date: Sat, 9 Apr 2005 17:00:40 +0000 (+0000) Subject: protect all occurrences of ACL_DISCLOSE X-Git-Tag: OPENLDAP_AC_BP~940 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=53ce94a25d3bc8c3433eac27731281e535ce1e6e;p=openldap protect all occurrences of ACL_DISCLOSE --- diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index 43f93f827f..2466284e1d 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -2241,6 +2241,10 @@ str2access( const char *str ) return ACL_NONE; } else if ( strcasecmp( str, "disclose" ) == 0 ) { +#ifndef SLAP_ACL_HONOR_DISCLOSE + fprintf( stderr, "str2access: warning, " + "\"disclose\" privilege disabled.\n" ); +#endif /* SLAP_ACL_HONOR_DISCLOSE */ return ACL_DISCLOSE; } else if ( strcasecmp( str, "auth" ) == 0 ) { diff --git a/servers/slapd/back-bdb/compare.c b/servers/slapd/back-bdb/compare.c index 8da40475b9..aa2326337c 100644 --- a/servers/slapd/back-bdb/compare.c +++ b/servers/slapd/back-bdb/compare.c @@ -137,7 +137,7 @@ dn2entry_retry: { rs->sr_err = LDAP_NO_SUCH_OBJECT; } else -#endif +#endif /* SLAP_ACL_HONOR_DISCLOSE */ { rs->sr_err = LDAP_ASSERTION_FAILED; } diff --git a/servers/slapd/back-ldbm/search.c b/servers/slapd/back-ldbm/search.c index 1e414f6609..4038ee5689 100644 --- a/servers/slapd/back-ldbm/search.c +++ b/servers/slapd/back-ldbm/search.c @@ -86,14 +86,17 @@ ldbm_back_search( if ( matched != NULL ) { BerVarray erefs = NULL; - + +#ifdef SLAP_ACL_HONOR_DISCLOSE if ( ! access_allowed( op, matched, slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; - } else { + } else +#endif /* SLAP_ACL_HONOR_DISCLOSE */ + { ber_dupbv( &matched_dn, &matched->e_name ); erefs = is_entry_referral( matched ) @@ -127,6 +130,7 @@ ldbm_back_search( return rs->sr_err; } +#ifdef SLAP_ACL_HONOR_DISCLOSE if ( ! access_allowed( op, e, slap_schema.si_ad_entry, NULL, ACL_DISCLOSE, NULL ) ) { @@ -138,6 +142,7 @@ ldbm_back_search( send_ldap_result( op, rs ); return rs->sr_err; } +#endif /* SLAP_ACL_HONOR_DISCLOSE */ if ( !manageDSAit && is_entry_referral( e ) ) { /* entry is a referral, don't allow add */