ACL cleanup

Likely needs more deadlock detection checks
2025-01-24 13:24:56 +08:00 · 2002-12-30 01:12:10 +00:00 · 2002-12-30 01:12:10 +00:00 · a4ad2eea17
commit a4ad2eea17
parent ed471a4d53
3 changed files with 20 additions and 18 deletions
--- a/servers/slapd/back-bdb/bind.c
+++ b/servers/slapd/back-bdb/bind.c
@ -211,9 +211,9 @@ dn2entry_retry:
 			goto done;
 		}

-		if ( ! access_allowed( be, conn, op, e,
-			password, NULL, ACL_AUTH, NULL ) )
-		{
+		rc = access_allowed( be, conn, op, e,
+			password, NULL, ACL_AUTH, NULL );
+		if ( ! rc ) {
 			send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS,
 				NULL, NULL, NULL, NULL );
 			goto done;
@ -242,9 +242,9 @@ dn2entry_retry:
 			goto done;
 		}

-		if ( ! access_allowed( be, conn, op, e,
-			krbattr, NULL, ACL_AUTH, NULL ) )
-		{
+		rc = access_allowed( be, conn, op, e,
+			krbattr, NULL, ACL_AUTH, NULL );
+		if ( ! rc ) {
 			send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS,
 				NULL, NULL, NULL, NULL );
 			goto done;
--- a/servers/slapd/back-bdb/compare.c
+++ b/servers/slapd/back-bdb/compare.c
@ -110,9 +110,9 @@ dn2entry_retry:
 		goto done;
 	}

-	if ( ! access_allowed( be, conn, op, e,
-		ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) )
-	{
+	rc = access_allowed( be, conn, op, e,
+		ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL );
+	if ( ! rc ) {
 		rc = LDAP_INSUFFICIENT_ACCESS;
 		goto return_results;
 	}
@ -129,7 +129,6 @@ dn2entry_retry:
 			rc = LDAP_COMPARE_TRUE;
 			break;
 		}
-
 	}

 return_results:
--- a/servers/slapd/back-bdb/modrdn.c
+++ b/servers/slapd/back-bdb/modrdn.c
@ -272,9 +272,10 @@ retry:	/* transaction retry */
 		}

 		/* check parent for "children" acl */
-		if ( ! access_allowed( be, conn, op, p,
-			children, NULL, ACL_WRITE, NULL ) )
-		{
+		rc = access_allowed( be, conn, op, p,
+			children, NULL, ACL_WRITE, NULL ) );
+
+		if ( ! rc ) {
 			rc = LDAP_INSUFFICIENT_ACCESS;
 #ifdef NEW_LOGGING
 			LDAP_LOG ( OPERATION, ERR, 
@ -326,8 +327,7 @@ retry:	/* transaction retry */

 				p = NULL;

-				if ( ! rc )
-				{
+				if ( ! rc ) {
 					rc = LDAP_INSUFFICIENT_ACCESS;
 #ifdef NEW_LOGGING
 					LDAP_LOG ( OPERATION, ERR, 
@ -408,6 +408,7 @@ retry:	/* transaction retry */
 			newSuperior = NULL; /* ignore newSuperior */
 		}
 	}
+
 	if ( newSuperior != NULL ) {
 		if ( newSuperior->bv_len ) {
 			np_dn = newSuperior;
@ -462,7 +463,10 @@ retry:	/* transaction retry */
 #endif

 			/* check newSuperior for "children" acl */
-			if ( !access_allowed( be, conn, op, np, children, NULL, ACL_WRITE, NULL ) ) {
+			rc = access_allowed( be, conn, op, np, children,
+				NULL, ACL_WRITE, NULL );
+
+			if( ! rc ) {
 #ifdef NEW_LOGGING
 				LDAP_LOG ( OPERATION, DETAIL1, 
 					"==>bdb_modrdn: no wr to newSup children\n", 0, 0, 0 );
@ -525,8 +529,7 @@ retry:	/* transaction retry */

 					np = NULL;

-					if ( ! rc )
-					{
+					if ( ! rc ) {
 						rc = LDAP_INSUFFICIENT_ACCESS;
 #ifdef NEW_LOGGING
 						LDAP_LOG ( OPERATION, ERR,