Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Joe Martin
OpenLDAP
Commits
d03f5dc5
Commit
d03f5dc5
authored
Dec 12, 2009
by
Howard Chu
Browse files
New access_allowed()
parent
2b01593a
Changes
12
Hide whitespace changes
Inline
Side-by-side
servers/slapd/back-shell/add.c
View file @
d03f5dc5
...
...
@@ -44,9 +44,9 @@ shell_back_add(
SlapReply
*
rs
)
{
struct
shellinfo
*
si
=
(
struct
shellinfo
*
)
op
->
o_bd
->
be_private
;
AttributeDescription
*
entry
=
slap_schema
.
si_ad_entry
;
FILE
*
rfp
,
*
wfp
;
int
len
;
AclCheck
ak
=
{
op
->
ora_e
,
slap_schema
.
si_ad_entry
,
NULL
,
ACL_WADD
,
NULL
};
if
(
si
->
si_add
==
NULL
)
{
send_ldap_error
(
op
,
rs
,
LDAP_UNWILLING_TO_PERFORM
,
...
...
@@ -54,8 +54,7 @@ shell_back_add(
return
(
-
1
);
}
if
(
!
access_allowed
(
op
,
op
->
oq_add
.
rs_e
,
entry
,
NULL
,
ACL_WADD
,
NULL
)
)
if
(
!
access_allowed
(
op
,
&
ak
))
{
send_ldap_error
(
op
,
rs
,
LDAP_INSUFFICIENT_ACCESS
,
NULL
);
return
-
1
;
...
...
servers/slapd/back-shell/bind.c
View file @
d03f5dc5
...
...
@@ -44,10 +44,10 @@ shell_back_bind(
SlapReply
*
rs
)
{
struct
shellinfo
*
si
=
(
struct
shellinfo
*
)
op
->
o_bd
->
be_private
;
AttributeDescription
*
entry
=
slap_schema
.
si_ad_entry
;
Entry
e
;
FILE
*
rfp
,
*
wfp
;
int
rc
;
AclCheck
ak
=
{
&
e
,
slap_schema
.
si_ad_entry
,
NULL
,
ACL_AUTH
,
NULL
};
/* allow rootdn as a means to auth without the need to actually
* contact the proxied DSA */
...
...
@@ -74,8 +74,7 @@ shell_back_bind(
e
.
e_bv
.
bv_val
=
NULL
;
e
.
e_private
=
NULL
;
if
(
!
access_allowed
(
op
,
&
e
,
entry
,
NULL
,
ACL_AUTH
,
NULL
)
)
if
(
!
access_allowed
(
op
,
&
ak
))
{
send_ldap_error
(
op
,
rs
,
LDAP_INSUFFICIENT_ACCESS
,
NULL
);
return
-
1
;
...
...
servers/slapd/back-shell/compare.c
View file @
d03f5dc5
...
...
@@ -44,9 +44,9 @@ shell_back_compare(
SlapReply
*
rs
)
{
struct
shellinfo
*
si
=
(
struct
shellinfo
*
)
op
->
o_bd
->
be_private
;
AttributeDescription
*
entry
=
slap_schema
.
si_ad_entry
;
Entry
e
;
FILE
*
rfp
,
*
wfp
;
AclCheck
ak
=
{
&
e
,
slap_schema
.
si_ad_entry
,
NULL
,
ACL_COMPARE
,
NULL
};
if
(
si
->
si_compare
==
NULL
)
{
send_ldap_error
(
op
,
rs
,
LDAP_UNWILLING_TO_PERFORM
,
...
...
@@ -63,8 +63,7 @@ shell_back_compare(
e
.
e_bv
.
bv_val
=
NULL
;
e
.
e_private
=
NULL
;
if
(
!
access_allowed
(
op
,
&
e
,
entry
,
NULL
,
ACL_READ
,
NULL
)
)
if
(
!
access_allowed
(
op
,
&
ak
))
{
send_ldap_error
(
op
,
rs
,
LDAP_INSUFFICIENT_ACCESS
,
NULL
);
return
-
1
;
...
...
servers/slapd/back-shell/delete.c
View file @
d03f5dc5
...
...
@@ -44,9 +44,9 @@ shell_back_delete(
SlapReply
*
rs
)
{
struct
shellinfo
*
si
=
(
struct
shellinfo
*
)
op
->
o_bd
->
be_private
;
AttributeDescription
*
entry
=
slap_schema
.
si_ad_entry
;
Entry
e
;
FILE
*
rfp
,
*
wfp
;
AclCheck
ak
=
{
&
e
,
slap_schema
.
si_ad_entry
,
NULL
,
ACL_WDEL
,
NULL
};
if
(
si
->
si_delete
==
NULL
)
{
send_ldap_error
(
op
,
rs
,
LDAP_UNWILLING_TO_PERFORM
,
...
...
@@ -63,8 +63,7 @@ shell_back_delete(
e
.
e_bv
.
bv_val
=
NULL
;
e
.
e_private
=
NULL
;
if
(
!
access_allowed
(
op
,
&
e
,
entry
,
NULL
,
ACL_WDEL
,
NULL
)
)
if
(
!
access_allowed
(
op
,
&
ak
))
{
send_ldap_error
(
op
,
rs
,
LDAP_INSUFFICIENT_ACCESS
,
NULL
);
return
-
1
;
...
...
servers/slapd/back-shell/modify.c
View file @
d03f5dc5
...
...
@@ -45,11 +45,11 @@ shell_back_modify(
{
Modification
*
mod
;
struct
shellinfo
*
si
=
(
struct
shellinfo
*
)
op
->
o_bd
->
be_private
;
AttributeDescription
*
entry
=
slap_schema
.
si_ad_entry
;
Modifications
*
ml
=
op
->
orm_modlist
;
Entry
e
;
FILE
*
rfp
,
*
wfp
;
int
i
;
AclCheck
ak
=
{
&
e
,
slap_schema
.
si_ad_entry
,
NULL
,
ACL_WRITE
,
NULL
};
if
(
si
->
si_modify
==
NULL
)
{
send_ldap_error
(
op
,
rs
,
LDAP_UNWILLING_TO_PERFORM
,
...
...
@@ -66,8 +66,7 @@ shell_back_modify(
e
.
e_bv
.
bv_val
=
NULL
;
e
.
e_private
=
NULL
;
if
(
!
access_allowed
(
op
,
&
e
,
entry
,
NULL
,
ACL_WRITE
,
NULL
)
)
if
(
!
access_allowed
(
op
,
&
ak
))
{
send_ldap_error
(
op
,
rs
,
LDAP_INSUFFICIENT_ACCESS
,
NULL
);
return
-
1
;
...
...
servers/slapd/back-shell/modrdn.c
View file @
d03f5dc5
...
...
@@ -44,9 +44,9 @@ shell_back_modrdn(
SlapReply
*
rs
)
{
struct
shellinfo
*
si
=
(
struct
shellinfo
*
)
op
->
o_bd
->
be_private
;
AttributeDescription
*
entry
=
slap_schema
.
si_ad_entry
;
Entry
e
;
FILE
*
rfp
,
*
wfp
;
AclCheck
ak
=
{
&
e
,
slap_schema
.
si_ad_entry
,
NULL
,
ACL_WRITE
,
NULL
};
if
(
si
->
si_modrdn
==
NULL
)
{
send_ldap_error
(
op
,
rs
,
LDAP_UNWILLING_TO_PERFORM
,
...
...
@@ -63,9 +63,9 @@ shell_back_modrdn(
e
.
e_bv
.
bv_val
=
NULL
;
e
.
e_private
=
NULL
;
if
(
!
access_allowed
(
op
,
&
e
,
entry
,
NULL
,
op
->
oq_modrdn
.
rs_newSup
?
ACL_WDEL
:
ACL_W
RITE
,
NULL
)
)
if
(
op
->
oq_modrdn
.
rs_newSup
)
ak
.
ak_access
=
ACL_W
DEL
;
if
(
!
access_allowed
(
op
,
&
ak
)
)
{
send_ldap_error
(
op
,
rs
,
LDAP_INSUFFICIENT_ACCESS
,
NULL
);
return
-
1
;
...
...
servers/slapd/back-sock/add.c
View file @
d03f5dc5
...
...
@@ -34,12 +34,11 @@ sock_back_add(
SlapReply
*
rs
)
{
struct
sockinfo
*
si
=
(
struct
sockinfo
*
)
op
->
o_bd
->
be_private
;
AttributeDescription
*
entry
=
slap_schema
.
si_ad_entry
;
FILE
*
fp
;
int
len
;
AclCheck
ak
=
{
op
->
ora_e
,
slap_schema
.
si_ad_entry
,
NULL
,
ACL_WADD
,
NULL
};
if
(
!
access_allowed
(
op
,
op
->
oq_add
.
rs_e
,
entry
,
NULL
,
ACL_WADD
,
NULL
)
)
if
(
!
access_allowed
(
op
,
&
ak
))
{
send_ldap_error
(
op
,
rs
,
LDAP_INSUFFICIENT_ACCESS
,
NULL
);
return
-
1
;
...
...
servers/slapd/back-sock/bind.c
View file @
d03f5dc5
...
...
@@ -34,10 +34,10 @@ sock_back_bind(
SlapReply
*
rs
)
{
struct
sockinfo
*
si
=
(
struct
sockinfo
*
)
op
->
o_bd
->
be_private
;
AttributeDescription
*
entry
=
slap_schema
.
si_ad_entry
;
Entry
e
;
FILE
*
fp
;
int
rc
;
AclCheck
ak
=
{
&
e
,
slap_schema
.
si_ad_entry
,
NULL
,
ACL_AUTH
,
NULL
};
e
.
e_id
=
NOID
;
e
.
e_name
=
op
->
o_req_dn
;
...
...
@@ -48,8 +48,7 @@ sock_back_bind(
e
.
e_bv
.
bv_val
=
NULL
;
e
.
e_private
=
NULL
;
if
(
!
access_allowed
(
op
,
&
e
,
entry
,
NULL
,
ACL_AUTH
,
NULL
)
)
if
(
!
access_allowed
(
op
,
&
ak
))
{
send_ldap_error
(
op
,
rs
,
LDAP_INSUFFICIENT_ACCESS
,
NULL
);
return
-
1
;
...
...
servers/slapd/back-sock/compare.c
View file @
d03f5dc5
...
...
@@ -34,9 +34,9 @@ sock_back_compare(
SlapReply
*
rs
)
{
struct
sockinfo
*
si
=
(
struct
sockinfo
*
)
op
->
o_bd
->
be_private
;
AttributeDescription
*
entry
=
slap_schema
.
si_ad_entry
;
Entry
e
;
FILE
*
fp
;
AclCheck
ak
=
{
&
e
,
slap_schema
.
si_ad_entry
,
NULL
,
ACL_COMPARE
,
NULL
};
e
.
e_id
=
NOID
;
e
.
e_name
=
op
->
o_req_dn
;
...
...
@@ -47,8 +47,7 @@ sock_back_compare(
e
.
e_bv
.
bv_val
=
NULL
;
e
.
e_private
=
NULL
;
if
(
!
access_allowed
(
op
,
&
e
,
entry
,
NULL
,
ACL_COMPARE
,
NULL
)
)
if
(
!
access_allowed
(
op
,
&
ak
))
{
send_ldap_error
(
op
,
rs
,
LDAP_INSUFFICIENT_ACCESS
,
NULL
);
return
-
1
;
...
...
servers/slapd/back-sock/delete.c
View file @
d03f5dc5
...
...
@@ -34,9 +34,9 @@ sock_back_delete(
SlapReply
*
rs
)
{
struct
sockinfo
*
si
=
(
struct
sockinfo
*
)
op
->
o_bd
->
be_private
;
AttributeDescription
*
entry
=
slap_schema
.
si_ad_entry
;
Entry
e
;
FILE
*
fp
;
AclCheck
ak
=
{
&
e
,
slap_schema
.
si_ad_entry
,
NULL
,
ACL_WDEL
,
NULL
};
e
.
e_id
=
NOID
;
e
.
e_name
=
op
->
o_req_dn
;
...
...
@@ -47,8 +47,7 @@ sock_back_delete(
e
.
e_bv
.
bv_val
=
NULL
;
e
.
e_private
=
NULL
;
if
(
!
access_allowed
(
op
,
&
e
,
entry
,
NULL
,
ACL_WDEL
,
NULL
)
)
if
(
!
access_allowed
(
op
,
&
ak
))
{
send_ldap_error
(
op
,
rs
,
LDAP_INSUFFICIENT_ACCESS
,
NULL
);
return
-
1
;
...
...
servers/slapd/back-sock/modify.c
View file @
d03f5dc5
...
...
@@ -35,11 +35,11 @@ sock_back_modify(
{
Modification
*
mod
;
struct
sockinfo
*
si
=
(
struct
sockinfo
*
)
op
->
o_bd
->
be_private
;
AttributeDescription
*
entry
=
slap_schema
.
si_ad_entry
;
Modifications
*
ml
=
op
->
orm_modlist
;
Entry
e
;
FILE
*
fp
;
int
i
;
AclCheck
ak
=
{
&
e
,
slap_schema
.
si_ad_entry
,
NULL
,
ACL_WRITE
,
NULL
};
e
.
e_id
=
NOID
;
e
.
e_name
=
op
->
o_req_dn
;
...
...
@@ -50,8 +50,7 @@ sock_back_modify(
e
.
e_bv
.
bv_val
=
NULL
;
e
.
e_private
=
NULL
;
if
(
!
access_allowed
(
op
,
&
e
,
entry
,
NULL
,
ACL_WRITE
,
NULL
)
)
if
(
!
access_allowed
(
op
,
&
ak
))
{
send_ldap_error
(
op
,
rs
,
LDAP_INSUFFICIENT_ACCESS
,
NULL
);
return
-
1
;
...
...
servers/slapd/back-sock/modrdn.c
View file @
d03f5dc5
...
...
@@ -34,9 +34,9 @@ sock_back_modrdn(
SlapReply
*
rs
)
{
struct
sockinfo
*
si
=
(
struct
sockinfo
*
)
op
->
o_bd
->
be_private
;
AttributeDescription
*
entry
=
slap_schema
.
si_ad_entry
;
Entry
e
;
FILE
*
fp
;
AclCheck
ak
=
{
&
e
,
slap_schema
.
si_ad_entry
,
NULL
,
ACL_WRITE
,
NULL
};
e
.
e_id
=
NOID
;
e
.
e_name
=
op
->
o_req_dn
;
...
...
@@ -47,9 +47,8 @@ sock_back_modrdn(
e
.
e_bv
.
bv_val
=
NULL
;
e
.
e_private
=
NULL
;
if
(
!
access_allowed
(
op
,
&
e
,
entry
,
NULL
,
op
->
oq_modrdn
.
rs_newSup
?
ACL_WDEL
:
ACL_WRITE
,
NULL
)
)
if
(
op
->
oq_modrdn
.
rs_newSup
)
ak
.
ak_access
=
ACL_WDEL
;
if
(
!
access_allowed
(
op
,
&
ak
))
{
send_ldap_error
(
op
,
rs
,
LDAP_INSUFFICIENT_ACCESS
,
NULL
);
return
-
1
;
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment