From: Pierangelo Masarati Date: Tue, 12 Apr 2005 22:38:54 +0000 (+0000) Subject: more on ITS#3652 X-Git-Tag: OPENLDAP_AC_BP~909 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=a85603c10bf32294ade8dbae064cdc1d43329040;p=openldap more on ITS#3652 --- diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 268306ebfe..c4ac1d9acf 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -173,7 +173,7 @@ slap_access_always_allowed( return 1; } -static int +int slap_access_allowed( Operation *op, Entry *e, @@ -441,13 +441,11 @@ access_allowed_mask( } assert( op->o_bd != NULL ); + /* this is enforced in backend_add() */ + assert( op->o_bd->bd_info->bi_access_allowed ); + /* delegate to backend */ - if ( op->o_bd->bd_info->bi_access_allowed != NULL ) { - bi_access_allowed = op->o_bd->bd_info->bi_access_allowed; - } else { - bi_access_allowed = slap_access_allowed; - } - ret = bi_access_allowed( op, e, desc, val, access, state, &mask ); + ret = op->o_bd->bd_info->bi_access_allowed( op, e, desc, val, access, state, &mask ); if ( !ret ) { if ( ACL_IS_INVALID( mask ) ) { Debug( LDAP_DEBUG_ACL, diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c index 1430f012bc..26c9d452fa 100644 --- a/servers/slapd/backend.c +++ b/servers/slapd/backend.c @@ -122,6 +122,13 @@ int backend_init(void) } return rc; } + +#ifdef SLAP_OVERLAY_ACCESS + if ( bi->bi_access_allowed == NULL ) { + bi->bi_access_allowed = slap_access_allowed; + } +#endif /* SLAP_OVERLAY_ACCESS */ + LDAP_STAILQ_INSERT_TAIL(&backendInfo, bi, bi_next); } @@ -160,6 +167,12 @@ int backend_add(BackendInfo *aBackendInfo) return rc; } +#ifdef SLAP_OVERLAY_ACCESS + if ( aBackendInfo->bi_access_allowed == NULL ) { + aBackendInfo->bi_access_allowed = slap_access_allowed; + } +#endif /* SLAP_OVERLAY_ACCESS */ + (void)backend_init_controls( aBackendInfo ); /* now add the backend type to the Backend Info List */ diff --git a/servers/slapd/backover.c b/servers/slapd/backover.c index 1994ba7ff8..c09b5e6802 100644 --- a/servers/slapd/backover.c +++ b/servers/slapd/backover.c @@ -288,18 +288,12 @@ over_access_allowed( } if ( rc == SLAP_CB_CONTINUE && oi->oi_orig->bi_access_allowed ) { - /* NOTE: do not copy the structure until requiredy */ - /* NOTE: by default, oi->oi_orig->bi_access_allowed == NULL; - * only backends that implement a specific hook - * should store it there; by default, slap_access_allowed() - * is invoked if oi->oi_orig->bi_access_allowed == NULL */ - if ( !SLAP_ISOVERLAY( op->o_bd ) ) { - db = *op->o_bd; - db.be_flags |= SLAP_DBFLAG_OVERLAY; - op->o_bd = &db; + /* if the database structure was changed, o_bd points to a + * copy of the structure; put the original bd_info in place */ + if ( SLAP_ISOVERLAY( op->o_bd ) ) { + op->o_bd->bd_info = oi->oi_orig; } - op->o_bd->bd_info = oi->oi_orig; rc = oi->oi_orig->bi_access_allowed( op, e, desc, val, access, state, maskp ); } diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index b91ac2273b..a74fe74aab 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -4127,6 +4127,10 @@ config_back_initialize( BackendInfo *bi ) bi->bi_chk_referrals = 0; +#ifdef SLAP_OVERLAY_ACCESS + bi->bi_access_allowed = slap_access_always_allowed; +#endif /* SLAP_OVERLAY_ACCESS */ + bi->bi_connection_init = 0; bi->bi_connection_destroy = 0; diff --git a/servers/slapd/frontend.c b/servers/slapd/frontend.c index f9cfe6f466..1d20ed7cc0 100644 --- a/servers/slapd/frontend.c +++ b/servers/slapd/frontend.c @@ -117,6 +117,10 @@ frontend_init( void ) frontendDB->bd_info->bi_op_search = fe_op_search; frontendDB->bd_info->bi_extended = fe_extended; +#ifdef SLAP_OVERLAY_ACCESS + frontendDB->bd_info->bi_access_allowed = slap_access_allowed; +#endif /* SLAP_OVERLAY_ACCESS */ + #if 0 /* FIXME: is this too early? */ return backend_startup_one( frontendDB ); diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index b915b23526..b351386b06 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -42,6 +42,14 @@ LDAP_SLAPD_F (int) access_allowed_mask LDAP_P(( slap_mask_t *mask )); #define access_allowed(op,e,desc,val,access,state) access_allowed_mask(op,e,desc,val,access,state,NULL) #ifdef SLAP_OVERLAY_ACCESS +LDAP_SLAPD_F (int) slap_access_allowed LDAP_P(( + Operation *op, + Entry *e, + AttributeDescription *desc, + struct berval *val, + slap_access_t access, + AccessControlState *state, + slap_mask_t *maskp )); LDAP_SLAPD_F (int) slap_access_always_allowed LDAP_P(( Operation *op, Entry *e,