From 9e4ea429e504ddbe5a7dcd82d4d36302a365f6e6 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Sat, 23 Jul 2005 04:18:48 +0000 Subject: [PATCH] Add fe_access_allowed(), should allow global ACL overlays to work --- servers/slapd/acl.c | 31 +++++++++++++++++++++++-------- servers/slapd/frontend.c | 2 +- servers/slapd/proto-slap.h | 8 ++++++++ 3 files changed, 32 insertions(+), 9 deletions(-) diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 7306baa294..4af1cfdb3c 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -336,6 +336,28 @@ done: return ret; } +int +fe_access_allowed( + Operation *op, + Entry *e, + AttributeDescription *desc, + struct berval *val, + slap_access_t access, + AccessControlState *state, + slap_mask_t *maskp ) +{ + BackendDB *be_orig; + int rc; + + be_orig = op->o_bd; + + op->o_bd = select_backend( &op->o_req_ndn, 0, 0 ); + rc = slap_access_allowed( op, e, desc, val, access, state, maskp ); + op->o_bd = be_orig; + + return rc; +} + int access_allowed_mask( Operation *op, @@ -433,21 +455,14 @@ access_allowed_mask( desc, val, access, state, &mask ); } else { -#if 0 - /* FIXME: this doesn't work because frontendDB doesn't have - * the right rootn, ACLs and so. */ - BackendDB *be_orig; + BackendDB *be_orig = op->o_bd; /* use default (but pass through frontend * for global ACL overlays) */ - be_orig = op->o_bd; op->o_bd = frontendDB; ret = frontendDB->bd_info->bi_access_allowed( op, e, desc, val, access, state, &mask ); op->o_bd = be_orig; -#endif - ret = slap_access_allowed( op, e, - desc, val, access, state, &mask ); } if ( !ret ) { diff --git a/servers/slapd/frontend.c b/servers/slapd/frontend.c index 3ea31ac491..20e16613e3 100644 --- a/servers/slapd/frontend.c +++ b/servers/slapd/frontend.c @@ -120,7 +120,7 @@ frontend_init( void ) frontendDB->bd_info->bi_entry_release_rw = fe_entry_release_rw; #endif #ifdef SLAP_OVERLAY_ACCESS - frontendDB->bd_info->bi_access_allowed = slap_access_allowed; + frontendDB->bd_info->bi_access_allowed = fe_access_allowed; frontendDB->bd_info->bi_acl_group = fe_acl_group; frontendDB->bd_info->bi_acl_attribute = fe_acl_attribute; #endif /* SLAP_OVERLAY_ACCESS */ diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 68c227d887..9502b9b367 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -1653,6 +1653,14 @@ LDAP_SLAPD_F (int) fe_acl_attribute LDAP_P(( AttributeDescription *entry_at, BerVarray *vals, slap_access_t access )); +LDAP_SLAPD_F (int) fe_access_allowed LDAP_P(( + Operation *op, + Entry *e, + AttributeDescription *desc, + struct berval *val, + slap_access_t access, + AccessControlState *state, + slap_mask_t *maskp )); /* NOTE: this macro assumes that bv has been allocated * by ber_* malloc functions or is { 0L, NULL } */ -- 2.39.5