Add fe_access_allowed(), should allow global ACL overlays to work

2025-12-29 19:19:35 -05:00 · 2005-07-23 04:18:48 +00:00 · 2005-07-23 04:18:48 +00:00 · 9e4ea429e5
commit 9e4ea429e5
parent bccf2a7282
3 changed files with 32 additions and 9 deletions
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@ -336,6 +336,28 @@ done:
 	return ret;
 }

+int
+fe_access_allowed(
+	Operation		*op,
+	Entry			*e,
+	AttributeDescription	*desc,
+	struct berval		*val,
+	slap_access_t		access,
+	AccessControlState	*state,
+	slap_mask_t		*maskp )
+{
+	BackendDB		*be_orig;
+	int			rc;
+
+	be_orig = op->o_bd;
+
+	op->o_bd = select_backend( &op->o_req_ndn, 0, 0 );
+	rc = slap_access_allowed( op, e, desc, val, access, state, maskp );
+	op->o_bd = be_orig;
+
+	return rc;
+}
+
 int
 access_allowed_mask(
 	Operation		*op,
@ -433,21 +455,14 @@ access_allowed_mask(
 				desc, val, access, state, &mask );

 	} else {
-#if 0
-		/* FIXME: this doesn't work because frontendDB doesn't have
-		 * the right rootn, ACLs and so. */
-		BackendDB	*be_orig;
+		BackendDB	*be_orig = op->o_bd;

 		/* use default (but pass through frontend
 		 * for global ACL overlays) */
-		be_orig = op->o_bd;
 		op->o_bd = frontendDB;
 		ret = frontendDB->bd_info->bi_access_allowed( op, e,
 				desc, val, access, state, &mask );
 		op->o_bd = be_orig;
-#endif
-		ret = slap_access_allowed( op, e, 
-				desc, val, access, state, &mask );
 	}

 	if ( !ret ) {
--- a/servers/slapd/frontend.c
+++ b/servers/slapd/frontend.c
@ -120,7 +120,7 @@ frontend_init( void )
 	frontendDB->bd_info->bi_entry_release_rw = fe_entry_release_rw;
 #endif
 #ifdef SLAP_OVERLAY_ACCESS
-	frontendDB->bd_info->bi_access_allowed = slap_access_allowed;
+	frontendDB->bd_info->bi_access_allowed = fe_access_allowed;
 	frontendDB->bd_info->bi_acl_group = fe_acl_group;
 	frontendDB->bd_info->bi_acl_attribute = fe_acl_attribute;
 #endif /* SLAP_OVERLAY_ACCESS */
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@ -1653,6 +1653,14 @@ LDAP_SLAPD_F (int) fe_acl_attribute LDAP_P((
 	AttributeDescription *entry_at,
 	BerVarray *vals,
 	slap_access_t access ));
+LDAP_SLAPD_F (int) fe_access_allowed LDAP_P((
+	Operation		*op,
+	Entry			*e,
+	AttributeDescription	*desc,
+	struct berval		*val,
+	slap_access_t		access,
+	AccessControlState	*state,
+	slap_mask_t		*maskp ));

 /* NOTE: this macro assumes that bv has been allocated
 * by ber_* malloc functions or is { 0L, NULL } */