From f10028ba0665bd1da79f8022e5849305e935eccb Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 28 Aug 2001 20:28:34 +0000 Subject: [PATCH] Apply ACLs to front end objects (root DSE, subschema) consistently --- servers/slapd/acl.c | 9 ++++++++- servers/slapd/filterentry.c | 7 +++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 68353e909a..657145712a 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -103,11 +103,18 @@ access_allowed( e->e_dn, attr ); #endif - assert( be != NULL ); assert( e != NULL ); assert( attr != NULL ); assert( access > ACL_NONE ); + if ( op == NULL ) { + /* no-op call */ + return 1; + } + + if ( be == NULL ) be = &backends[0]; + assert( be != NULL ); + /* grant database root access */ if ( be != NULL && be_isroot( be, op->o_ndn ) ) { #ifdef NEW_LOGGING diff --git a/servers/slapd/filterentry.c b/servers/slapd/filterentry.c index 812096c97c..d960ac3209 100644 --- a/servers/slapd/filterentry.c +++ b/servers/slapd/filterentry.c @@ -234,7 +234,7 @@ test_ava_filter( int i; Attribute *a; - if ( be != NULL && ! access_allowed( be, conn, op, e, + if ( !access_allowed( be, conn, op, e, ava->aa_desc, ava->aa_value, ACL_SEARCH ) ) { return LDAP_INSUFFICIENT_ACCESS; @@ -319,8 +319,7 @@ test_presence_filter( AttributeDescription *desc ) { - if ( be != NULL && ! access_allowed( be, conn, op, e, - desc, NULL, ACL_SEARCH ) ) + if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH ) ) { return LDAP_INSUFFICIENT_ACCESS; } @@ -440,7 +439,7 @@ test_substrings_filter( #endif - if ( be != NULL && ! access_allowed( be, conn, op, e, + if ( !access_allowed( be, conn, op, e, f->f_sub_desc, NULL, ACL_SEARCH ) ) { return LDAP_INSUFFICIENT_ACCESS; -- 2.39.5