mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-24 13:24:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#4535 set default cn=config access to NONE

Browse Source
This commit is contained in:
Howard Chu 2006-05-11 00:40:34 +00:00
parent 7cc29d2547
commit 4bf6f8e348
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
servers/slapd/bconfig.c
View File

@ -3124,6 +3124,7 @@ read_config(const char *fname, const char *dir) {
return 1;
cfb = be->be_private;
be->be_dfltaccess = ACL_NONE;
/* If no .conf, or a dir was specified, setup the dir */
if ( !fname || dir ) {
@ -4528,6 +4529,10 @@ config_build_modules( ConfigArgs *c, CfEntryInfo *ceparent,
}
#endif
static const char *defacl[] = {
NULL, "to", "*", "by", "*", "none", NULL
};
static int
config_back_db_open( BackendDB *be )
{
@ -4546,6 +4551,14 @@ config_back_db_open( BackendDB *be )
void *thrctx = NULL;
Debug( LDAP_DEBUG_TRACE, "config_back_db_open\n", 0, 0, 0);
/* If we have no explicitly configured ACLs, don't just use
* the global ACLs. Explicitly deny access to everything.
*/
if ( frontendDB->be_acl && be->be_acl == frontendDB->be_acl ) {
parse_acl(be, "config_back_db_open", 0, 6, (char **)defacl, 0 );
}
/* If we read the config from back-ldif, nothing to do here */
if ( cfb->cb_got_ldif )
return 0;