hide changes behind specific #ifdef, conditioned by LDAP_DEBUG; always allow access on back-dnssrv

2025-01-06 10:46:21 +08:00 · 2005-04-12 01:07:30 +00:00 · 2005-04-12 01:07:30 +00:00 · d2dd3a616c
commit d2dd3a616c
parent f103c78530
5 changed files with 56 additions and 9 deletions
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@ -155,7 +155,23 @@ static int aci_match_set ( struct berval *subj, Operation *op,
 * - can be legally called with op->o_bd == NULL
 */

-#ifdef LDAP_DEVEL
+#ifdef SLAP_OVERLAY_ACCESS
+int
+slap_access_always_allowed(
+	Operation		*op,
+	Entry			*e,
+	AttributeDescription	*desc,
+	struct berval		*val,
+	slap_access_t		access,
+	AccessControlState	*state,
+	slap_mask_t		*maskp )
+{
+	assert( maskp );
+
+	ACL_PRIV_SET( *maskp, ACL_ACCESS2PRIV( access ) );
+
+	return 1;
+}

 static int
 slap_access_allowed(
@ -467,7 +483,8 @@ done:
 	return ret;
 }

-#else /* !LDAP_DEVEL */
+#else /* !SLAP_OVERLAY_ACCESS */
+
 int
 access_allowed_mask(
 	Operation		*op,
@ -741,7 +758,7 @@ done:
 	return ret;
 }

-#endif /* LDAP_DEVEL */
+#endif /* SLAP_OVERLAY_ACCESS */

 /*
 * acl_get - return the acl applicable to entry e, attribute
--- a/servers/slapd/back-dnssrv/init.c
+++ b/servers/slapd/back-dnssrv/init.c
@ -67,6 +67,10 @@ dnssrv_back_initialize(
 	bi->bi_connection_init = 0;
 	bi->bi_connection_destroy = 0;

+#ifdef SLAP_OVERLAY_ACCESS
+	bi->bi_access_allowed = slap_access_always_allowed;
+#endif /* SLAP_OVERLAY_ACCESS */
+
 	return 0;
 }

--- a/servers/slapd/backover.c
+++ b/servers/slapd/backover.c
@ -248,6 +248,7 @@ static int op_rc[] = {
 	SLAP_CB_CONTINUE		/* aux_chk_controls; pass to frontend */
 };

+#ifdef SLAP_OVERLAY_ACCESS
 static int
 over_access_allowed(
 	Operation		*op,
@ -270,14 +271,14 @@ over_access_allowed(
 	oi = op->o_bd->bd_info->bi_private;
 	on = oi->oi_list;

- 	if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
- 		db = *op->o_bd;
-		db.be_flags |= SLAP_DBFLAG_OVERLAY;
-		op->o_bd = &db;
-	}
-
 	for ( ; on; on = on->on_next ) {
 		if ( on->on_bi.bi_access_allowed ) {
+		 	if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
+ 				db = *op->o_bd;
+				db.be_flags |= SLAP_DBFLAG_OVERLAY;
+				op->o_bd = &db;
+			}
+
 			op->o_bd->bd_info = (BackendInfo *)on;
 			rc = on->on_bi.bi_access_allowed( op, e,
 				desc, val, access, state, maskp );
@ -286,6 +287,12 @@ over_access_allowed(
 	}

 	if ( rc == SLAP_CB_CONTINUE && oi->oi_orig->bi_access_allowed ) {
+		if ( !SLAP_ISOVERLAY( op->o_bd ) ) {
+ 			db = *op->o_bd;
+			db.be_flags |= SLAP_DBFLAG_OVERLAY;
+			op->o_bd = &db;
+		}
+
 		op->o_bd->bd_info = oi->oi_orig;
 		rc = oi->oi_orig->bi_access_allowed( op, e,
 			desc, val, access, state, maskp );
@ -299,6 +306,7 @@ over_access_allowed(
 	op->o_bd = be;
 	return rc;
 }
+#endif /* SLAP_OVERLAY_ACCESS */

 static int
 over_op_func(
@ -684,8 +692,10 @@ overlay_config( BackendDB *be, const char *ov )
 		bi->bi_chk_referrals = over_aux_chk_referrals;
 		bi->bi_chk_controls = over_aux_chk_controls;

+#ifdef SLAP_OVERLAY_ACCESS
 		/* this has a specific arglist */
 		bi->bi_access_allowed = over_access_allowed;
+#endif /* SLAP_OVERLAY_ACCESS */
 		
 		bi->bi_connection_destroy = over_connection_destroy;

--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@ -41,6 +41,17 @@ LDAP_SLAPD_F (int) access_allowed_mask LDAP_P((
 	AccessControlState *state,
 	slap_mask_t *mask ));
 #define access_allowed(op,e,desc,val,access,state) access_allowed_mask(op,e,desc,val,access,state,NULL)
+#ifdef SLAP_OVERLAY_ACCESS
+LDAP_SLAPD_F (int) slap_access_always_allowed LDAP_P((
+	Operation		*op,
+	Entry			*e,
+	AttributeDescription	*desc,
+	struct berval		*val,
+	slap_access_t		access,
+	AccessControlState	*state,
+	slap_mask_t		*maskp ));
+#endif /* SLAP_OVERLAY_ACCESS */
+
 LDAP_SLAPD_F (int) acl_check_modlist LDAP_P((
 	Operation *op, Entry *e, Modifications *ml ));

--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@ -63,6 +63,7 @@ LDAP_BEGIN_DECL
 #define SLAP_ACL_HONOR_DISCLOSE	/* partially implemented */
 #define SLAP_ACL_HONOR_MANAGE	/* not yet implemented */
 #define SLAP_DYNACL
+#define SLAP_OVERLAY_ACCESS
 #define LDAP_COMP_MATCH
 #define LDAP_DYNAMIC_OBJECTS
 #define LDAP_SYNC_TIMESTAMP
@ -1986,9 +1987,11 @@ typedef int (BI_entry_get_rw) LDAP_P(( struct slap_op *op, struct berval *ndn,
 typedef int (BI_operational) LDAP_P(( struct slap_op *op, struct slap_rep *rs ));
 typedef int (BI_has_subordinates) LDAP_P(( struct slap_op *op,
 	Entry *e, int *hasSubs ));
+#ifdef SLAP_OVERLAY_ACCESS
 typedef int (BI_access_allowed) LDAP_P(( struct slap_op *op, Entry *e,
 	AttributeDescription *desc, struct berval *val, slap_access_t access,
 	AccessControlState *state, slap_mask_t *maskp ));
+#endif /* SLAP_OVERLAY_ACCESS */

 typedef int (BI_connection_init) LDAP_P(( BackendDB *bd,
 	struct slap_conn *c ));
@ -2090,7 +2093,9 @@ struct slap_backend_info {
 	BI_entry_release_rw	*bi_entry_release_rw;

 	BI_has_subordinates	*bi_has_subordinates;
+#ifdef SLAP_OVERLAY_ACCESS
 	BI_access_allowed	*bi_access_allowed;
+#endif /* SLAP_OVERLAY_ACCESS */

 	BI_connection_init	*bi_connection_init;
 	BI_connection_destroy	*bi_connection_destroy;