Commit f10028ba authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Apply ACLs to front end objects (root DSE, subschema) consistently

parent 0c13c5bb
......@@ -103,11 +103,18 @@ access_allowed(
e->e_dn, attr );
#endif
assert( be != NULL );
assert( e != NULL );
assert( attr != NULL );
assert( access > ACL_NONE );
if ( op == NULL ) {
/* no-op call */
return 1;
}
if ( be == NULL ) be = &backends[0];
assert( be != NULL );
/* grant database root access */
if ( be != NULL && be_isroot( be, op->o_ndn ) ) {
#ifdef NEW_LOGGING
......
......@@ -234,7 +234,7 @@ test_ava_filter(
int i;
Attribute *a;
if ( be != NULL && ! access_allowed( be, conn, op, e,
if ( !access_allowed( be, conn, op, e,
ava->aa_desc, ava->aa_value, ACL_SEARCH ) )
{
return LDAP_INSUFFICIENT_ACCESS;
......@@ -319,8 +319,7 @@ test_presence_filter(
AttributeDescription *desc
)
{
if ( be != NULL && ! access_allowed( be, conn, op, e,
desc, NULL, ACL_SEARCH ) )
if ( !access_allowed( be, conn, op, e, desc, NULL, ACL_SEARCH ) )
{
return LDAP_INSUFFICIENT_ACCESS;
}
......@@ -440,7 +439,7 @@ test_substrings_filter(
#endif
if ( be != NULL && ! access_allowed( be, conn, op, e,
if ( !access_allowed( be, conn, op, e,
f->f_sub_desc, NULL, ACL_SEARCH ) )
{
return LDAP_INSUFFICIENT_ACCESS;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment