From d2dd3a616cb2d51140422629999356d9dc2d96b8 Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Tue, 12 Apr 2005 01:07:30 +0000 Subject: [PATCH] hide changes behind specific #ifdef, conditioned by LDAP_DEBUG; always allow access on back-dnssrv --- servers/slapd/acl.c | 23 ++++++++++++++++++++--- servers/slapd/back-dnssrv/init.c | 4 ++++ servers/slapd/backover.c | 22 ++++++++++++++++------ servers/slapd/proto-slap.h | 11 +++++++++++ servers/slapd/slap.h | 5 +++++ 5 files changed, 56 insertions(+), 9 deletions(-) diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 5d5af38f45..f01a8af562 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -155,7 +155,23 @@ static int aci_match_set ( struct berval *subj, Operation *op, * - can be legally called with op->o_bd == NULL */ -#ifdef LDAP_DEVEL +#ifdef SLAP_OVERLAY_ACCESS +int +slap_access_always_allowed( + Operation *op, + Entry *e, + AttributeDescription *desc, + struct berval *val, + slap_access_t access, + AccessControlState *state, + slap_mask_t *maskp ) +{ + assert( maskp ); + + ACL_PRIV_SET( *maskp, ACL_ACCESS2PRIV( access ) ); + + return 1; +} static int slap_access_allowed( @@ -467,7 +483,8 @@ done: return ret; } -#else /* !LDAP_DEVEL */ +#else /* !SLAP_OVERLAY_ACCESS */ + int access_allowed_mask( Operation *op, @@ -741,7 +758,7 @@ done: return ret; } -#endif /* LDAP_DEVEL */ +#endif /* SLAP_OVERLAY_ACCESS */ /* * acl_get - return the acl applicable to entry e, attribute diff --git a/servers/slapd/back-dnssrv/init.c b/servers/slapd/back-dnssrv/init.c index 980d231200..2abd7ffee9 100644 --- a/servers/slapd/back-dnssrv/init.c +++ b/servers/slapd/back-dnssrv/init.c @@ -67,6 +67,10 @@ dnssrv_back_initialize( bi->bi_connection_init = 0; bi->bi_connection_destroy = 0; +#ifdef SLAP_OVERLAY_ACCESS + bi->bi_access_allowed = slap_access_always_allowed; +#endif /* SLAP_OVERLAY_ACCESS */ + return 0; } diff --git a/servers/slapd/backover.c b/servers/slapd/backover.c index 11fec23fa7..eb0bf89c19 100644 --- a/servers/slapd/backover.c +++ b/servers/slapd/backover.c @@ -248,6 +248,7 @@ static int op_rc[] = { SLAP_CB_CONTINUE /* aux_chk_controls; pass to frontend */ }; +#ifdef SLAP_OVERLAY_ACCESS static int over_access_allowed( Operation *op, @@ -270,14 +271,14 @@ over_access_allowed( oi = op->o_bd->bd_info->bi_private; on = oi->oi_list; - if ( !SLAP_ISOVERLAY( op->o_bd ) ) { - db = *op->o_bd; - db.be_flags |= SLAP_DBFLAG_OVERLAY; - op->o_bd = &db; - } - for ( ; on; on = on->on_next ) { if ( on->on_bi.bi_access_allowed ) { + if ( !SLAP_ISOVERLAY( op->o_bd ) ) { + db = *op->o_bd; + db.be_flags |= SLAP_DBFLAG_OVERLAY; + op->o_bd = &db; + } + op->o_bd->bd_info = (BackendInfo *)on; rc = on->on_bi.bi_access_allowed( op, e, desc, val, access, state, maskp ); @@ -286,6 +287,12 @@ over_access_allowed( } if ( rc == SLAP_CB_CONTINUE && oi->oi_orig->bi_access_allowed ) { + if ( !SLAP_ISOVERLAY( op->o_bd ) ) { + db = *op->o_bd; + db.be_flags |= SLAP_DBFLAG_OVERLAY; + op->o_bd = &db; + } + op->o_bd->bd_info = oi->oi_orig; rc = oi->oi_orig->bi_access_allowed( op, e, desc, val, access, state, maskp ); @@ -299,6 +306,7 @@ over_access_allowed( op->o_bd = be; return rc; } +#endif /* SLAP_OVERLAY_ACCESS */ static int over_op_func( @@ -684,8 +692,10 @@ overlay_config( BackendDB *be, const char *ov ) bi->bi_chk_referrals = over_aux_chk_referrals; bi->bi_chk_controls = over_aux_chk_controls; +#ifdef SLAP_OVERLAY_ACCESS /* this has a specific arglist */ bi->bi_access_allowed = over_access_allowed; +#endif /* SLAP_OVERLAY_ACCESS */ bi->bi_connection_destroy = over_connection_destroy; diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index cb7b7bf3df..b915b23526 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -41,6 +41,17 @@ LDAP_SLAPD_F (int) access_allowed_mask LDAP_P(( AccessControlState *state, slap_mask_t *mask )); #define access_allowed(op,e,desc,val,access,state) access_allowed_mask(op,e,desc,val,access,state,NULL) +#ifdef SLAP_OVERLAY_ACCESS +LDAP_SLAPD_F (int) slap_access_always_allowed LDAP_P(( + Operation *op, + Entry *e, + AttributeDescription *desc, + struct berval *val, + slap_access_t access, + AccessControlState *state, + slap_mask_t *maskp )); +#endif /* SLAP_OVERLAY_ACCESS */ + LDAP_SLAPD_F (int) acl_check_modlist LDAP_P(( Operation *op, Entry *e, Modifications *ml )); diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 73d76a272c..29e3b5a780 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -63,6 +63,7 @@ LDAP_BEGIN_DECL #define SLAP_ACL_HONOR_DISCLOSE /* partially implemented */ #define SLAP_ACL_HONOR_MANAGE /* not yet implemented */ #define SLAP_DYNACL +#define SLAP_OVERLAY_ACCESS #define LDAP_COMP_MATCH #define LDAP_DYNAMIC_OBJECTS #define LDAP_SYNC_TIMESTAMP @@ -1986,9 +1987,11 @@ typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn, typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs )); typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op, Entry *e, int *hasSubs )); +#ifdef SLAP_OVERLAY_ACCESS typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e, AttributeDescription *desc, struct berval *val, slap_access_t access, AccessControlState *state, slap_mask_t *maskp )); +#endif /* SLAP_OVERLAY_ACCESS */ typedef int (BI_connection_init) LDAP_P(( BackendDB *bd, struct slap_conn *c )); @@ -2090,7 +2093,9 @@ struct slap_backend_info { BI_entry_release_rw *bi_entry_release_rw; BI_has_subordinates *bi_has_subordinates; +#ifdef SLAP_OVERLAY_ACCESS BI_access_allowed *bi_access_allowed; +#endif /* SLAP_OVERLAY_ACCESS */ BI_connection_init *bi_connection_init; BI_connection_destroy *bi_connection_destroy; -- 2.39.5