allow to specify the required access privileges in internal operations (ITS#4806)

2025-12-24 08:39:37 -05:00 · 2007-01-16 22:13:44 +00:00 · 2007-01-16 22:13:44 +00:00 · 4b9f4c688a
commit 4b9f4c688a
parent dfff749f04
3 changed files with 7 additions and 1 deletions
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@ -351,7 +351,10 @@ access_allowed_mask(
 	assert( attr != NULL );

 	if ( op ) {
-		if ( op->o_is_auth_check &&
+		if ( op->o_acl_priv != ACL_NONE ) {
+			access = op->o_acl_priv;
+
+		} else if ( op->o_is_auth_check &&
 			( access_level == ACL_SEARCH || access_level == ACL_READ ) )
 		{
 			access = ACL_AUTH;
--- a/servers/slapd/overlays/dynlist.c
+++ b/servers/slapd/overlays/dynlist.c
@ -623,6 +623,8 @@ dynlist_compare( Operation *op, SlapReply *rs )
 		o.ors_attrs = an;
 		o.ors_attrsonly = 0;

+		o.o_acl_priv = ACL_COMPARE;
+
 		rc = o.o_bd->be_search( &o, &r );
 		filter_free_x( &o, o.ors_filter );

--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@ -2480,6 +2480,7 @@ typedef struct slap_op {
 	GroupAssertion *o_groups;
 	char o_do_not_cache;	/* don't cache groups from this op */
 	char o_is_auth_check;	/* authorization in progress */
+	slap_access_t o_acl_priv;

 	char o_nocaching;
 	char o_delete_glue_parent;