From: Pierangelo Masarati <ando@openldap.org>
Date: Mon, 18 Apr 2005 09:16:26 +0000 (+0000)
Subject: fix overlay access control; cleanup
X-Git-Tag: OPENLDAP_AC_BP~878
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=f6d136a99ac06c5e79e2981d78c18323736ded0e;p=openldap

fix overlay access control; cleanup
---

diff --git a/servers/slapd/backend.c b/servers/slapd/backend.c
index e7009867f1..ffc1f6453c 100644
--- a/servers/slapd/backend.c
+++ b/servers/slapd/backend.c
@@ -1523,9 +1523,10 @@ backend_attribute(
 		if ( a ) {
 			BerVarray v;
 
-			if ( op->o_conn && access > ACL_NONE && access_allowed( op,
-				e, entry_at, NULL, access,
-				&acl_state ) == 0 ) {
+			if ( op->o_conn && access > ACL_NONE &&
+				access_allowed( op, e, entry_at, NULL,
+						access, &acl_state ) == 0 )
+			{
 				rc = LDAP_INSUFFICIENT_ACCESS;
 				goto freeit;
 			}
@@ -1535,11 +1536,10 @@ backend_attribute(
 			
 			v = op->o_tmpalloc( sizeof(struct berval) * ( i + 1 ),
 				op->o_tmpmemctx );
-			for ( i = 0,j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )
+			for ( i = 0, j = 0; !BER_BVISNULL( &a->a_vals[i] ); i++ )
 			{
 				if ( op->o_conn && access > ACL_NONE && 
-						access_allowed( op, e,
-							entry_at,
+					access_allowed( op, e, entry_at,
 							&a->a_nvals[i],
 							access,
 							&acl_state ) == 0 )
diff --git a/servers/slapd/backover.c b/servers/slapd/backover.c
index c09b5e6802..ddcc0233c1 100644
--- a/servers/slapd/backover.c
+++ b/servers/slapd/backover.c
@@ -261,6 +261,7 @@ over_access_allowed(
 {
 	slap_overinfo *oi;
 	slap_overinst *on;
+	BackendInfo *bi = op->o_bd->bd_info;
 	BackendDB *be = op->o_bd, db;
 	int rc = SLAP_CB_CONTINUE;
 
@@ -287,14 +288,22 @@ over_access_allowed(
 		}
 	}
 
-	if ( rc == SLAP_CB_CONTINUE && oi->oi_orig->bi_access_allowed ) {
+	if ( rc == SLAP_CB_CONTINUE ) {
+		BI_access_allowed	*bi_access_allowed;
+
 		/* if the database structure was changed, o_bd points to a
 		 * copy of the structure; put the original bd_info in place */
 		if ( SLAP_ISOVERLAY( op->o_bd ) ) {
 			op->o_bd->bd_info = oi->oi_orig;
 		}
 
-		rc = oi->oi_orig->bi_access_allowed( op, e,
+		if ( oi->oi_orig->bi_access_allowed ) {
+			bi_access_allowed = oi->oi_orig->bi_access_allowed;
+		} else {
+			bi_access_allowed = slap_access_allowed;
+		}
+
+		rc = bi_access_allowed( op, e,
 			desc, val, access, state, maskp );
 	}
 	/* should not fall thru this far without anything happening... */
@@ -304,6 +313,8 @@ over_access_allowed(
 	}
 
 	op->o_bd = be;
+	op->o_bd->bd_info = bi;
+
 	return rc;
 }
 #endif /* SLAP_OVERLAY_ACCESS */