mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
Apply ACLs to front end objects (root DSE, subschema) consistently
This commit is contained in:
parent
0c13c5bbdd
commit
f10028ba06
@ -103,11 +103,18 @@ access_allowed(
|
||||
e->e_dn, attr );
|
||||
#endif
|
||||
|
||||
assert( be != NULL );
|
||||
assert( e != NULL );
|
||||
assert( attr != NULL );
|
||||
assert( access > ACL_NONE );
|
||||
|
||||
if ( op == NULL ) {
|
||||
/* no-op call */
|
||||
return 1;
|
||||
}
|
||||
|
||||
if ( be == NULL ) be = &backends[0];
|
||||
assert( be != NULL );
|
||||
|
||||
/* grant database root access */
|
||||
if ( be != NULL && be_isroot( be, op->o_ndn ) ) {
|
||||
#ifdef NEW_LOGGING
|
||||
|
@ -234,7 +234,7 @@ test_ava_filter(
|
||||
int i;
|
||||
Attribute *a;
|
||||
|
||||
if ( be != NULL && ! access_allowed( be, conn, op, e,
|
||||
if ( !access_allowed( be, conn, op, e,
|
||||
ava->aa_desc, ava->aa_value, ACL_SEARCH ) )
|
||||
{
|
||||
return LDAP_INSUFFICIENT_ACCESS;
|
||||
@ -319,8 +319,7 @@ test_presence_filter(
|
||||
AttributeDescription *desc
|
||||
)
|
||||
{
|
||||
if ( be != NULL && ! access_allowed( be, conn, op, e,
|
||||
desc, NULL, ACL_SEARCH ) )
|
||||
if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH ) )
|
||||
{
|
||||
return LDAP_INSUFFICIENT_ACCESS;
|
||||
}
|
||||
@ -440,7 +439,7 @@ test_substrings_filter(
|
||||
#endif
|
||||
|
||||
|
||||
if ( be != NULL && ! access_allowed( be, conn, op, e,
|
||||
if ( !access_allowed( be, conn, op, e,
|
||||
f->f_sub_desc, NULL, ACL_SEARCH ) )
|
||||
{
|
||||
return LDAP_INSUFFICIENT_ACCESS;
|
||||
|
Loading…
Reference in New Issue
Block a user