Add ssf bind rule to access control plug-in.

This patch adds a new ssf bind rule keyword to the access control plug-in. This allows you to write ACIs that require a specific level of encryption for the rule to apply. The new keyword can be used with '=', '!=', '<', '>', '<=' and '>=' comparators. I added code that stores the SSF in effect for an operation into the operation struct. The value that we store is the higher of the two between the SASL SSF and the SSL/TLS SSF.
author: Nathan Kinder <nkinder@redhat.com> 2009-10-02 13:47:38 -0700
committer: Nathan Kinder <nkinder@redhat.com> 2009-10-02 13:47:38 -0700
commit: 5593a5f7da88ae37ae032b95c7a3a369e8d61a1a (patch)
tree: ee0802fd37f211498a7fe5c462c97dbf7cbff9ad /ldap/servers/slapd/pblock.c
parent: ab6e5a77de769f55d55e70d7754ec732385e7067 (diff)
download: ds-5593a5f7da88ae37ae032b95c7a3a369e8d61a1a.tar.gz
ds-5593a5f7da88ae37ae032b95c7a3a369e8d61a1a.tar.xz
ds-5593a5f7da88ae37ae032b95c7a3a369e8d61a1a.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c
index d8cd876a..21195ea3 100644
--- a/ldap/servers/slapd/pblock.c
+++ b/ldap/servers/slapd/pblock.c
@@ -1544,6 +1544,12 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value )
     		(*( char **)value ) = pblock->pb_op->o_authtype;
 		break;	
 
+	case SLAPI_OPERATION_SSF:
+		if (pblock->pb_op!=NULL) {
+			* ((int *) value) = pblock->pb_op->o_ssf;
+		}
+		break;
+
 	case SLAPI_CLIENT_DNS:
 		if (pblock->pb_conn == NULL) {
 			LDAPDebug( LDAP_DEBUG_ANY,
author	Nathan Kinder <nkinder@redhat.com>	2009-10-02 13:47:38 -0700
committer	Nathan Kinder <nkinder@redhat.com>	2009-10-02 13:47:38 -0700
commit	5593a5f7da88ae37ae032b95c7a3a369e8d61a1a (patch)
tree	ee0802fd37f211498a7fe5c462c97dbf7cbff9ad /ldap/servers/slapd/pblock.c
parent	ab6e5a77de769f55d55e70d7754ec732385e7067 (diff)
download	ds-5593a5f7da88ae37ae032b95c7a3a369e8d61a1a.tar.gz ds-5593a5f7da88ae37ae032b95c7a3a369e8d61a1a.tar.xz ds-5593a5f7da88ae37ae032b95c7a3a369e8d61a1a.zip