Commit 0a3a04a9 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Sync with HEAD

parent b5309c77
......@@ -47,6 +47,9 @@ ldbm_back_search(
Entry *matched = NULL;
struct berval realbase = BER_BVNULL;
int manageDSAit = get_manageDSAit( op );
#ifdef SLAP_ACL_HONOR_DISCLOSE
slap_mask_t mask;
#endif
Debug(LDAP_DEBUG_TRACE, "=> ldbm_back_search\n", 0, 0, 0);
......@@ -130,10 +133,16 @@ ldbm_back_search(
}
#ifdef SLAP_ACL_HONOR_DISCLOSE
if ( ! access_allowed( op, e, slap_schema.si_ad_entry,
NULL, ACL_DISCLOSE, NULL ) )
/* NOTE: __NEW__ "search" access is required
* on searchBase object */
if ( ! access_allowed_mask( op, e, slap_schema.si_ad_entry,
NULL, ACL_SEARCH, NULL, &mask ) )
{
rs->sr_err = LDAP_NO_SUCH_OBJECT;
if ( !ACL_GRANT( mask, ACL_DISCLOSE ) ) {
rs->sr_err = LDAP_NO_SUCH_OBJECT;
} else {
rs->sr_err = LDAP_INSUFFICIENT_ACCESS;
}
cache_return_entry_r( &li->li_cache, e );
ldap_pvt_thread_rdwr_runlock(&li->li_giant_rwlock);
......
......@@ -887,18 +887,6 @@ static struct slap_schema_ad_map {
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_saslAuthzFrom) },
#ifdef SLAPD_ACI_ENABLED
{ "OpenLDAPaci", "( 1.3.6.1.4.1.4203.666.1.5 "
"NAME 'OpenLDAPaci' "
"DESC 'OpenLDAP access control information (experimental)' "
"EQUALITY OpenLDAPaciMatch "
"SYNTAX 1.3.6.1.4.1.4203.666.2.1 "
"USAGE directoryOperation )",
NULL, SLAP_AT_HIDE,
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_aci) },
#endif
#ifdef LDAP_DYNAMIC_OBJECTS
{ "entryTtl", "( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' "
......@@ -1143,6 +1131,12 @@ slap_schema_load( void )
}
}
slap_at_undefined.sat_syntax = slap_schema.si_syn_octetString;
slap_schema.si_at_undefined = &slap_at_undefined;
ldap_pvt_thread_mutex_init( &ad_undef_mutex );
ldap_pvt_thread_mutex_init( &oc_undef_mutex );
for( i=0; ad_map[i].ssam_name; i++ ) {
assert( ad_map[i].ssam_defn != NULL );
{
......@@ -1313,9 +1307,6 @@ slap_schema_load( void )
}
}
slap_at_undefined.sat_syntax = slap_schema.si_syn_octetString;
slap_schema.si_at_undefined = &slap_at_undefined;
return LDAP_SUCCESS;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment