From f289d6b7f069ec9c9aa83cc6d7da9773983ef80e Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Tue, 30 Dec 2003 03:50:14 +0000 Subject: [PATCH] Fix assertion failure if acl_check_modlist() called where op->o_bd == NULL. Behavior now matches access_allowed() - the first backend is used. The code needs review, I have not tested it. --- servers/slapd/acl.c | 55 ++++++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 28 deletions(-) diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 5133c64ed2..93032ef623 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -1450,8 +1450,17 @@ acl_check_modlist( { struct berval *bv; AccessControlState state = ACL_STATE_INIT; + Backend *be; + int be_null = 0; + int ret = 1; /* default is access allowed */ - assert( op->o_bd != NULL ); + be = op->o_bd; + if ( be == NULL ) { + be = &backends[0]; + be_null = 1; + op->o_bd = be; + } + assert( be != NULL ); /* short circuit root database access */ if ( be_isroot( op->o_bd, &op->o_ndn ) ) { @@ -1464,7 +1473,7 @@ acl_check_modlist( "<= acl_access_allowed: granted to database root\n", 0, 0, 0 ); #endif - return 1; + goto done; } /* use backend default access if no backend acls */ @@ -1481,26 +1490,8 @@ acl_check_modlist( access2str( ACL_WRITE ), op->o_bd->be_dfltaccess >= ACL_WRITE ? "granted" : "denied", op->o_dn.bv_val ); #endif - return op->o_bd->be_dfltaccess >= ACL_WRITE; - -#ifdef notdef - /* op->o_bd is always non-NULL */ - /* use global default access if no global acls */ - } else if ( op->o_bd == NULL && global_acl == NULL ) { -#ifdef NEW_LOGGING - LDAP_LOG( ACL, DETAIL1, - "acl_check_modlist: global default %s access %s to \"%s\"\n", - access2str( ACL_WRITE ), - global_default_access >= ACL_WRITE ? "granted" : "denied", - op->o_dn ); -#else - Debug( LDAP_DEBUG_ACL, - "=> access_allowed: global default %s access %s to \"%s\"\n", - access2str( ACL_WRITE ), - global_default_access >= ACL_WRITE ? "granted" : "denied", op->o_dn ); -#endif - return global_default_access >= ACL_WRITE; -#endif + ret = (op->o_bd->be_dfltaccess >= ACL_WRITE); + goto done; } for ( ; mlist != NULL; mlist = mlist->sml_next ) { @@ -1532,7 +1523,8 @@ acl_check_modlist( if ( ! access_allowed( op, e, mlist->sml_desc, NULL, ACL_WRITE, &state ) ) { - return( 0 ); + ret = 0; + goto done; } if ( mlist->sml_bvalues == NULL ) break; @@ -1549,7 +1541,8 @@ acl_check_modlist( if ( ! access_allowed( op, e, mlist->sml_desc, bv, ACL_WRITE, &state ) ) { - return( 0 ); + ret = 0; + goto done; } } break; @@ -1559,7 +1552,8 @@ acl_check_modlist( if ( ! access_allowed( op, e, mlist->sml_desc, NULL, ACL_WRITE, NULL ) ) { - return( 0 ); + ret = 0; + goto done; } break; } @@ -1570,7 +1564,8 @@ acl_check_modlist( if ( ! access_allowed( op, e, mlist->sml_desc, bv, ACL_WRITE, &state ) ) { - return( 0 ); + ret = 0; + goto done; } } break; @@ -1581,11 +1576,15 @@ acl_check_modlist( default: assert( 0 ); - return( 0 ); + /* not reached */ + ret = 0; + break; } } - return( 1 ); +done: + if (be_null) op->o_bd = NULL; + return( ret ); } static int -- 2.39.5