mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
Added op->o_is_auth_check; use ACL_AUTH instead of ACL_SEARCH/ACL_READ
in access_allowed() if flag is set. Set in sasl/saslauth searches.
This commit is contained in:
parent
d6bbe2dba5
commit
40454ccec8
@ -142,6 +142,9 @@ access_allowed(
|
||||
|
||||
assert( attr != NULL );
|
||||
|
||||
if( op && op->o_is_auth_check && (access == ACL_SEARCH || access == ACL_READ)) {
|
||||
access = ACL_AUTH;
|
||||
}
|
||||
if( state && state->as_recorded && state->as_vd_ad==desc) {
|
||||
if( state->as_recorded & ACL_STATE_RECORDED_NV &&
|
||||
val == NULL )
|
||||
|
@ -438,6 +438,7 @@ slap_auxprop_lookup(
|
||||
op.o_callback = &cb;
|
||||
op.o_time = slap_get_time();
|
||||
op.o_do_not_cache = 1;
|
||||
op.o_is_auth_check = 1;
|
||||
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
|
||||
|
||||
(*be->be_search)( be, conn, &op, NULL, &dn,
|
||||
@ -563,6 +564,7 @@ slap_sasl_checkpass(
|
||||
op.o_callback = &cb;
|
||||
op.o_time = slap_get_time();
|
||||
op.o_do_not_cache = 1;
|
||||
op.o_is_auth_check = 1;
|
||||
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
|
||||
|
||||
(*be->be_search)( be, conn, &op, NULL, &dn,
|
||||
|
@ -474,6 +474,7 @@ int slap_sasl_match(Connection *conn, struct berval *rule, struct berval *assert
|
||||
op.o_callback = &cb;
|
||||
op.o_time = slap_get_time();
|
||||
op.o_do_not_cache = 1;
|
||||
op.o_is_auth_check = 1;
|
||||
op.o_threadctx = conn->c_sasl_bindop->o_threadctx;
|
||||
|
||||
(*be->be_search)( be, conn, &op, /*base=*/NULL, &searchbase,
|
||||
@ -634,6 +635,7 @@ void slap_sasl2dn( Connection *conn,
|
||||
op.o_callback = &cb;
|
||||
op.o_time = slap_get_time();
|
||||
op.o_do_not_cache = 1;
|
||||
op.o_is_auth_check = 1;
|
||||
op.o_threadctx = conn->c_sasl_bindop ? conn->c_sasl_bindop->o_threadctx:
|
||||
ldap_pvt_thread_pool_context( &connection_pool );
|
||||
|
||||
|
@ -1749,6 +1749,7 @@ typedef struct slap_op {
|
||||
#define SLAP_CANCEL_DONE 0x03
|
||||
|
||||
char o_do_not_cache; /* don't cache from this op */
|
||||
char o_is_auth_check; /* authorization in progress */
|
||||
|
||||
#define SLAP_NO_CONTROL 0
|
||||
#define SLAP_NONCRITICAL_CONTROL 1
|
||||
|
Loading…
Reference in New Issue
Block a user