diff options
author | Nathan Kinder <nkinder@redhat.com> | 2009-10-02 13:47:38 -0700 |
---|---|---|
committer | Nathan Kinder <nkinder@redhat.com> | 2009-10-02 13:47:38 -0700 |
commit | 5593a5f7da88ae37ae032b95c7a3a369e8d61a1a (patch) | |
tree | ee0802fd37f211498a7fe5c462c97dbf7cbff9ad /ldap/servers/slapd/pblock.c | |
parent | ab6e5a77de769f55d55e70d7754ec732385e7067 (diff) | |
download | ds-5593a5f7da88ae37ae032b95c7a3a369e8d61a1a.tar.gz ds-5593a5f7da88ae37ae032b95c7a3a369e8d61a1a.tar.xz ds-5593a5f7da88ae37ae032b95c7a3a369e8d61a1a.zip |
Add ssf bind rule to access control plug-in.
This patch adds a new ssf bind rule keyword to the access control
plug-in. This allows you to write ACIs that require a specific
level of encryption for the rule to apply. The new keyword can
be used with '=', '!=', '<', '>', '<=' and '>=' comparators.
I added code that stores the SSF in effect for an operation into
the operation struct. The value that we store is the higher of
the two between the SASL SSF and the SSL/TLS SSF.
Diffstat (limited to 'ldap/servers/slapd/pblock.c')
-rw-r--r-- | ldap/servers/slapd/pblock.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c index d8cd876a..21195ea3 100644 --- a/ldap/servers/slapd/pblock.c +++ b/ldap/servers/slapd/pblock.c @@ -1544,6 +1544,12 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) (*( char **)value ) = pblock->pb_op->o_authtype; break; + case SLAPI_OPERATION_SSF: + if (pblock->pb_op!=NULL) { + * ((int *) value) = pblock->pb_op->o_ssf; + } + break; + case SLAPI_CLIENT_DNS: if (pblock->pb_conn == NULL) { LDAPDebug( LDAP_DEBUG_ANY, |