From cb8f0d5ad59e38a67258f234eb744f4fcdef3410 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@openldap.org>
Date: Tue, 11 Nov 2008 22:10:28 +0000
Subject: [PATCH] ITS#5572 retrieve main DB's ACL before relevant operations

---
 servers/slapd/overlays/pcache.c      | 3 +++
 servers/slapd/overlays/translucent.c | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/servers/slapd/overlays/pcache.c b/servers/slapd/overlays/pcache.c
index 18da7fa413..81d195aa24 100644
--- a/servers/slapd/overlays/pcache.c
+++ b/servers/slapd/overlays/pcache.c
@@ -2316,6 +2316,9 @@ pcache_op_search(
 		return rs->sr_err;
 	}
 
+	/* pickup runtime ACL changes */
+	cm->db.be_acl = op->o_bd->be_acl;
+
 	tempstr.bv_val = op->o_tmpalloc( op->ors_filterstr.bv_len+1, op->o_tmpmemctx );
 	tempstr.bv_len = 0;
 	if ( filter2template( op, op->ors_filter, &tempstr, &filter_attrs,
diff --git a/servers/slapd/overlays/translucent.c b/servers/slapd/overlays/translucent.c
index 66d090a26e..e07d58b928 100644
--- a/servers/slapd/overlays/translucent.c
+++ b/servers/slapd/overlays/translucent.c
@@ -432,6 +432,7 @@ static int translucent_modify(Operation *op, SlapReply *rs) {
 
 	db = op->o_bd;
 	op->o_bd = &ov->db;
+	ov->db.be_acl = op->o_bd->be_acl;
 	rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
 	if(rc != LDAP_SUCCESS || re == NULL ) {
 		send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT,
@@ -629,6 +630,7 @@ static int translucent_compare(Operation *op, SlapReply *rs) {
 */
 	db = op->o_bd;
 	op->o_bd = &ov->db;
+	ov->db.be_acl = op->o_bd->be_acl;
 	rc = ov->db.bd_info->bi_op_compare(op, rs);
 	op->o_bd = db;
 
@@ -661,6 +663,7 @@ static int translucent_pwmod(Operation *op, SlapReply *rs) {
 */
 	db = op->o_bd;
 	op->o_bd = &ov->db;
+	ov->db.be_acl = op->o_bd->be_acl;
 	rc = ov->db.bd_info->bi_entry_get_rw(op, &op->o_req_ndn, NULL, NULL, 0, &re);
 	if(rc != LDAP_SUCCESS || re == NULL ) {
 		send_ldap_error((op), rs, LDAP_NO_SUCH_OBJECT,
@@ -1096,6 +1099,7 @@ static int translucent_search(Operation *op, SlapReply *rs) {
 	cb.sc_private = &tc;
 	cb.sc_next = op->o_callback;
 
+	ov->db.be_acl = op->o_bd->be_acl;
 	tc.db = op->o_bd;
 	tc.on = on;
 	tc.orig = op->ors_filter;
@@ -1193,6 +1197,7 @@ static int translucent_bind(Operation *op, SlapReply *rs) {
 
 	db = op->o_bd;
 	op->o_bd = &ov->db;
+	ov->db.be_acl = op->o_bd->be_acl;
 	rc = ov->db.bd_info->bi_op_bind(op, rs);
 	op->o_bd = db;
 
-- 
2.39.5