From a4ad2eea176095309bc6f557863ba4cd64d6d1d2 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Mon, 30 Dec 2002 01:12:10 +0000 Subject: [PATCH] ACL cleanup Likely needs more deadlock detection checks --- servers/slapd/back-bdb/bind.c | 12 ++++++------ servers/slapd/back-bdb/compare.c | 7 +++---- servers/slapd/back-bdb/modrdn.c | 19 +++++++++++-------- 3 files changed, 20 insertions(+), 18 deletions(-) diff --git a/servers/slapd/back-bdb/bind.c b/servers/slapd/back-bdb/bind.c index 7a9230dcdc..f13338cdc0 100644 --- a/servers/slapd/back-bdb/bind.c +++ b/servers/slapd/back-bdb/bind.c @@ -211,9 +211,9 @@ dn2entry_retry: goto done; } - if ( ! access_allowed( be, conn, op, e, - password, NULL, ACL_AUTH, NULL ) ) - { + rc = access_allowed( be, conn, op, e, + password, NULL, ACL_AUTH, NULL ); + if ( ! rc ) { send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS, NULL, NULL, NULL, NULL ); goto done; @@ -242,9 +242,9 @@ dn2entry_retry: goto done; } - if ( ! access_allowed( be, conn, op, e, - krbattr, NULL, ACL_AUTH, NULL ) ) - { + rc = access_allowed( be, conn, op, e, + krbattr, NULL, ACL_AUTH, NULL ); + if ( ! rc ) { send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS, NULL, NULL, NULL, NULL ); goto done; diff --git a/servers/slapd/back-bdb/compare.c b/servers/slapd/back-bdb/compare.c index c22c4311c7..270077928a 100644 --- a/servers/slapd/back-bdb/compare.c +++ b/servers/slapd/back-bdb/compare.c @@ -110,9 +110,9 @@ dn2entry_retry: goto done; } - if ( ! access_allowed( be, conn, op, e, - ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) ) - { + rc = access_allowed( be, conn, op, e, + ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ); + if ( ! rc ) { rc = LDAP_INSUFFICIENT_ACCESS; goto return_results; } @@ -129,7 +129,6 @@ dn2entry_retry: rc = LDAP_COMPARE_TRUE; break; } - } return_results: diff --git a/servers/slapd/back-bdb/modrdn.c b/servers/slapd/back-bdb/modrdn.c index bc7f6dc0cc..5878728a58 100644 --- a/servers/slapd/back-bdb/modrdn.c +++ b/servers/slapd/back-bdb/modrdn.c @@ -272,9 +272,10 @@ retry: /* transaction retry */ } /* check parent for "children" acl */ - if ( ! access_allowed( be, conn, op, p, - children, NULL, ACL_WRITE, NULL ) ) - { + rc = access_allowed( be, conn, op, p, + children, NULL, ACL_WRITE, NULL ) ); + + if ( ! rc ) { rc = LDAP_INSUFFICIENT_ACCESS; #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, ERR, @@ -326,8 +327,7 @@ retry: /* transaction retry */ p = NULL; - if ( ! rc ) - { + if ( ! rc ) { rc = LDAP_INSUFFICIENT_ACCESS; #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, ERR, @@ -408,6 +408,7 @@ retry: /* transaction retry */ newSuperior = NULL; /* ignore newSuperior */ } } + if ( newSuperior != NULL ) { if ( newSuperior->bv_len ) { np_dn = newSuperior; @@ -462,7 +463,10 @@ retry: /* transaction retry */ #endif /* check newSuperior for "children" acl */ - if ( !access_allowed( be, conn, op, np, children, NULL, ACL_WRITE, NULL ) ) { + rc = access_allowed( be, conn, op, np, children, + NULL, ACL_WRITE, NULL ); + + if( ! rc ) { #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, DETAIL1, "==>bdb_modrdn: no wr to newSup children\n", 0, 0, 0 ); @@ -525,8 +529,7 @@ retry: /* transaction retry */ np = NULL; - if ( ! rc ) - { + if ( ! rc ) { rc = LDAP_INSUFFICIENT_ACCESS; #ifdef NEW_LOGGING LDAP_LOG ( OPERATION, ERR, -- 2.39.5