From 4b9f4c688a0404dbb4cfac792ead3cf52d5698fb Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Tue, 16 Jan 2007 22:13:44 +0000 Subject: [PATCH] allow to specify the required access privileges in internal operations (ITS#4806) --- servers/slapd/acl.c | 5 ++++- servers/slapd/overlays/dynlist.c | 2 ++ servers/slapd/slap.h | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index f557f50fc8..59478d83a6 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -351,7 +351,10 @@ access_allowed_mask( assert( attr != NULL ); if ( op ) { - if ( op->o_is_auth_check && + if ( op->o_acl_priv != ACL_NONE ) { + access = op->o_acl_priv; + + } else if ( op->o_is_auth_check && ( access_level == ACL_SEARCH || access_level == ACL_READ ) ) { access = ACL_AUTH; diff --git a/servers/slapd/overlays/dynlist.c b/servers/slapd/overlays/dynlist.c index 5c0a1d73a3..ff2d80b6e7 100644 --- a/servers/slapd/overlays/dynlist.c +++ b/servers/slapd/overlays/dynlist.c @@ -623,6 +623,8 @@ dynlist_compare( Operation *op, SlapReply *rs ) o.ors_attrs = an; o.ors_attrsonly = 0; + o.o_acl_priv = ACL_COMPARE; + rc = o.o_bd->be_search( &o, &r ); filter_free_x( &o, o.ors_filter ); diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index fa30ea09cb..5d7420c58d 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -2480,6 +2480,7 @@ typedef struct slap_op { GroupAssertion *o_groups; char o_do_not_cache; /* don't cache groups from this op */ char o_is_auth_check; /* authorization in progress */ + slap_access_t o_acl_priv; char o_nocaching; char o_delete_glue_parent; -- 2.39.5