mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-24 13:24:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

ACL cleanup

Browse Source 
Likely needs more deadlock detection checks
This commit is contained in:
Kurt Zeilenga 2002-12-30 01:12:10 +00:00
parent ed471a4d53
commit a4ad2eea17
3 changed files with 20 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
servers/slapd/back-bdb/bind.c
View File

@ -211,9 +211,9 @@ dn2entry_retry:
goto done; goto done;
} }
if ( ! access_allowed( be, conn, op, e, rc = access_allowed( be, conn, op, e,
password, NULL, ACL_AUTH, NULL ) ) password, NULL, ACL_AUTH, NULL );
{ if ( ! rc ) {
send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS, send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL ); NULL, NULL, NULL, NULL );
goto done; goto done;
@ -242,9 +242,9 @@ dn2entry_retry:
goto done; goto done;
} }
if ( ! access_allowed( be, conn, op, e, rc = access_allowed( be, conn, op, e,
krbattr, NULL, ACL_AUTH, NULL ) ) krbattr, NULL, ACL_AUTH, NULL );
{ if ( ! rc ) {
send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS, send_ldap_result( conn, op, rc = LDAP_INSUFFICIENT_ACCESS,
NULL, NULL, NULL, NULL ); NULL, NULL, NULL, NULL );
goto done; goto done;

7
servers/slapd/back-bdb/compare.c
View File

@ -110,9 +110,9 @@ dn2entry_retry:
goto done; goto done;
} }
if ( ! access_allowed( be, conn, op, e, rc = access_allowed( be, conn, op, e,
ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL ) ) ava->aa_desc, &ava->aa_value, ACL_COMPARE, NULL );
{ if ( ! rc ) {
rc = LDAP_INSUFFICIENT_ACCESS; rc = LDAP_INSUFFICIENT_ACCESS;
goto return_results; goto return_results;
} }
@ -129,7 +129,6 @@ dn2entry_retry:
rc = LDAP_COMPARE_TRUE; rc = LDAP_COMPARE_TRUE;
break; break;
} }
} }
return_results: return_results:

19
servers/slapd/back-bdb/modrdn.c
View File

@ -272,9 +272,10 @@ retry: /* transaction retry */
} }
/* check parent for "children" acl */ /* check parent for "children" acl */
if ( ! access_allowed( be, conn, op, p, rc = access_allowed( be, conn, op, p,
children, NULL, ACL_WRITE, NULL ) ) children, NULL, ACL_WRITE, NULL ) );
{
if ( ! rc ) {
rc = LDAP_INSUFFICIENT_ACCESS; rc = LDAP_INSUFFICIENT_ACCESS;
#ifdef NEW_LOGGING #ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR, LDAP_LOG ( OPERATION, ERR,
@ -326,8 +327,7 @@ retry: /* transaction retry */
p = NULL; p = NULL;
if ( ! rc ) if ( ! rc ) {
{
rc = LDAP_INSUFFICIENT_ACCESS; rc = LDAP_INSUFFICIENT_ACCESS;
#ifdef NEW_LOGGING #ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR, LDAP_LOG ( OPERATION, ERR,
@ -408,6 +408,7 @@ retry: /* transaction retry */
newSuperior = NULL; /* ignore newSuperior */ newSuperior = NULL; /* ignore newSuperior */
} }
} }
if ( newSuperior != NULL ) { if ( newSuperior != NULL ) {
if ( newSuperior->bv_len ) { if ( newSuperior->bv_len ) {
np_dn = newSuperior; np_dn = newSuperior;
@ -462,7 +463,10 @@ retry: /* transaction retry */
#endif #endif
/* check newSuperior for "children" acl */ /* check newSuperior for "children" acl */
if ( !access_allowed( be, conn, op, np, children, NULL, ACL_WRITE, NULL ) ) { rc = access_allowed( be, conn, op, np, children,
NULL, ACL_WRITE, NULL );
if( ! rc ) {
#ifdef NEW_LOGGING #ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, DETAIL1, LDAP_LOG ( OPERATION, DETAIL1,
"==>bdb_modrdn: no wr to newSup children\n", 0, 0, 0 ); "==>bdb_modrdn: no wr to newSup children\n", 0, 0, 0 );
@ -525,8 +529,7 @@ retry: /* transaction retry */
np = NULL; np = NULL;
if ( ! rc ) if ( ! rc ) {
{
rc = LDAP_INSUFFICIENT_ACCESS; rc = LDAP_INSUFFICIENT_ACCESS;
#ifdef NEW_LOGGING #ifdef NEW_LOGGING
LDAP_LOG ( OPERATION, ERR, LDAP_LOG ( OPERATION, ERR,