Added op->o_is_auth_check; use ACL_AUTH instead of ACL_SEARCH/ACL_READ

in access_allowed() if flag is set. Set in sasl/saslauth searches.
This commit is contained in:
Howard Chu 2003-03-10 22:07:21 +00:00
parent d6bbe2dba5
commit 40454ccec8
4 changed files with 8 additions and 0 deletions

View File

@ -142,6 +142,9 @@ access_allowed(
assert( attr != NULL );
if( op && op->o_is_auth_check && (access == ACL_SEARCH || access == ACL_READ)) {
access = ACL_AUTH;
}
if( state && state->as_recorded && state->as_vd_ad==desc) {
if( state->as_recorded & ACL_STATE_RECORDED_NV &&
val == NULL )

View File

@ -438,6 +438,7 @@ slap_auxprop_lookup(
op.o_callback = &cb;
op.o_time = slap_get_time();
op.o_do_not_cache = 1;
op.o_is_auth_check = 1;
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
(*be->be_search)( be, conn, &op, NULL, &dn,
@ -563,6 +564,7 @@ slap_sasl_checkpass(
op.o_callback = &cb;
op.o_time = slap_get_time();
op.o_do_not_cache = 1;
op.o_is_auth_check = 1;
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
(*be->be_search)( be, conn, &op, NULL, &dn,

View File

@ -474,6 +474,7 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
op.o_callback = &cb;
op.o_time = slap_get_time();
op.o_do_not_cache = 1;
op.o_is_auth_check = 1;
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
(*be->be_search)( be, conn, &op, /*base=*/NULL, &searchbase,
@ -634,6 +635,7 @@ void slap_sasl2dn( Connection *conn,
op.o_callback = &cb;
op.o_time = slap_get_time();
op.o_do_not_cache = 1;
op.o_is_auth_check = 1;
op.o_threadctx = conn->c_sasl_bindop ? conn->c_sasl_bindop->o_threadctx:
ldap_pvt_thread_pool_context( &connection_pool );

View File

@ -1749,6 +1749,7 @@ typedef struct slap_op {
#define SLAP_CANCEL_DONE 0x03
char o_do_not_cache; /* don't cache from this op */
char o_is_auth_check; /* authorization in progress */
#define SLAP_NO_CONTROL 0
#define SLAP_NONCRITICAL_CONTROL 1