allow to specify the required access privileges in internal operations (ITS#4806)

4b9f4c68 · Pierangelo Masarati · dfff749f · 4b9f4c68 · 4b9f4c68 · 4b9f4c68
Commit 4b9f4c68 authored 18 years ago by Pierangelo Masarati
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -351,7 +351,10 @@ access_allowed_mask(
 	assert( attr != NULL );

 	if ( op ) {
-		if ( op->o_is_auth_check &&
+		if ( op->o_acl_priv != ACL_NONE ) {
+			access = op->o_acl_priv;
+
+		} else if ( op->o_is_auth_check &&
 			( access_level == ACL_SEARCH || access_level == ACL_READ ) )
 		{
 			access = ACL_AUTH;

--- a/servers/slapd/overlays/dynlist.c
+++ b/servers/slapd/overlays/dynlist.c
@@ -623,6 +623,8 @@ dynlist_compare( Operation *op, SlapReply *rs )
 		o.ors_attrs = an;
 		o.ors_attrsonly = 0;

+		o.o_acl_priv = ACL_COMPARE;
+
 		rc = o.o_bd->be_search( &o, &r );
 		filter_free_x( &o, o.ors_filter );


--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -2480,6 +2480,7 @@ typedef struct slap_op {
 	GroupAssertion *o_groups;
 	char o_do_not_cache;	/* don't cache groups from this op */
 	char o_is_auth_check;	/* authorization in progress */
+	slap_access_t o_acl_priv;

 	char o_nocaching;
 	char o_delete_glue_parent;