diff options
author | Noriko Hosoi <nhosoi@redhat.com> | 2008-06-27 19:28:22 +0000 |
---|---|---|
committer | Noriko Hosoi <nhosoi@redhat.com> | 2008-06-27 19:28:22 +0000 |
commit | 70425fbcea96d1b477fea27eca67fb7e828c446e (patch) | |
tree | 7142ac3a793a263cafbd486458fcaeb7c092e54d /ldap/servers/slapd/pblock.c | |
parent | b643fa2279635381cdb0ff6d62f39b93f6a6e22f (diff) | |
download | ds-70425fbcea96d1b477fea27eca67fb7e828c446e.tar.gz ds-70425fbcea96d1b477fea27eca67fb7e828c446e.tar.xz ds-70425fbcea96d1b477fea27eca67fb7e828c446e.zip |
Resolves: #437525
Summary: GER: allow GER for non-existing entries
Description:
[slapd/charray.c]
new: charray_merge_nodup -- merge 2 string arrays skipping the duplicates
modified: charray_remove -- introduced "freeit" flag. If true, the removed
string is freed. (The API is used only in chainingdb. The change is applied
to the plugin.)
[slapd/opshared.c]
modified: check OP_FLAG_GET_EFFECTIVE_RIGHTS in the iterate to support
"@<objectclass>". It's needed to do at the location since we have to call acl
plugin even
when no entries are returned from the search. If no entries are returned and
"@<objectclass>" is found in the attribute list, acl effective rights code
generates the corresponding template entry.
[slapd/pblock.c]
place to store gerattrs is added (SLAPI_SEARCH_GERATTRS), where gerattrs is an
array of strings which store "...@<objectclass>".
[slapd/result.c]
moved OP_FLAG_GET_EFFECTIVE_RIGHTS checking to iterate (opshared.c)
[slapd/schema.c]
new: slapi_schema_list_objectclass_attributes -- return the required and/or
allowed attributes belonging to the given objectclass. This is used to support
"*" and "+" in the get effective rights.
new: slapi_schema_get_superior_name -- return the superior objectclass name of
the given objectclass.
[slapd/search.c]
if "<attr>@<objectclass>" is found in the attribute list, cut the <attr> part
out and added to the attrs array (pblock SLAPI_SEARCH_ATTRS) and store the
original
string to the gerattrs (pblock SLAPI_SEARCH_GERATTRS).
[plugin/acl/acleffectiverights.c]
modified: _ger_g_permission_granted -- if the requester and the subject user
are
identical, give "g" permission
modified: _ger_parse_control -- replaced strcpy with memmove since strcpy does
not guarantee the result of the overlap copy.
modified: _ger_get_attrs_rights -- support "*" (all attributes belonging to the
object) and "+" (operational attributes). If repeated attributes are found in
the given attribute list, they are reduced to one.
new: _ger_generate_template_entry -- generate a template entry if
"@<objectclass>" is passed.
[pluginc/cb/*]
adjusted to the updated charray_remove.
Please see also this wiki page for the overview and test cases.
http://directory.fedoraproject.org/wiki/Get_Effective_Rights_for_non-present_attributes
Diffstat (limited to 'ldap/servers/slapd/pblock.c')
-rw-r--r-- | ldap/servers/slapd/pblock.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/ldap/servers/slapd/pblock.c b/ldap/servers/slapd/pblock.c index ae98dc23..987b2476 100644 --- a/ldap/servers/slapd/pblock.c +++ b/ldap/servers/slapd/pblock.c @@ -1231,6 +1231,12 @@ slapi_pblock_get( Slapi_PBlock *pblock, int arg, void *value ) (*(char ***)value) = pblock->pb_op->o_params.p.p_search.search_attrs; } break; + case SLAPI_SEARCH_GERATTRS: + if(pblock->pb_op!=NULL) + { + (*(char ***)value) = pblock->pb_op->o_params.p.p_search.search_gerattrs; + } + break; case SLAPI_SEARCH_ATTRSONLY: if(pblock->pb_op!=NULL) { @@ -2509,6 +2515,12 @@ slapi_pblock_set( Slapi_PBlock *pblock, int arg, void *value ) pblock->pb_op->o_params.p.p_search.search_attrs = (char **) value; } break; + case SLAPI_SEARCH_GERATTRS: + if(pblock->pb_op!=NULL) + { + pblock->pb_op->o_params.p.p_search.search_gerattrs = (char **) value; + } + break; case SLAPI_SEARCH_ATTRSONLY: if(pblock->pb_op!=NULL) { |