diff options
author | Nathan Kinder <nkinder@redhat.com> | 2009-10-02 13:47:38 -0700 |
---|---|---|
committer | Nathan Kinder <nkinder@redhat.com> | 2009-10-02 13:47:38 -0700 |
commit | 5593a5f7da88ae37ae032b95c7a3a369e8d61a1a (patch) | |
tree | ee0802fd37f211498a7fe5c462c97dbf7cbff9ad /ldap/servers/slapd/slap.h | |
parent | ab6e5a77de769f55d55e70d7754ec732385e7067 (diff) | |
download | ds-5593a5f7da88ae37ae032b95c7a3a369e8d61a1a.tar.gz ds-5593a5f7da88ae37ae032b95c7a3a369e8d61a1a.tar.xz ds-5593a5f7da88ae37ae032b95c7a3a369e8d61a1a.zip |
Add ssf bind rule to access control plug-in.
This patch adds a new ssf bind rule keyword to the access control
plug-in. This allows you to write ACIs that require a specific
level of encryption for the rule to apply. The new keyword can
be used with '=', '!=', '<', '>', '<=' and '>=' comparators.
I added code that stores the SSF in effect for an operation into
the operation struct. The value that we store is the higher of
the two between the SASL SSF and the SSL/TLS SSF.
Diffstat (limited to 'ldap/servers/slapd/slap.h')
-rw-r--r-- | ldap/servers/slapd/slap.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/ldap/servers/slapd/slap.h b/ldap/servers/slapd/slap.h index 01848172..ec030bc6 100644 --- a/ldap/servers/slapd/slap.h +++ b/ldap/servers/slapd/slap.h @@ -1197,6 +1197,7 @@ typedef struct op { int o_isroot; /* requestor is manager */ Slapi_DN o_sdn; /* dn bound when op was initiated */ char *o_authtype; /* auth method used to bind dn */ + int o_ssf; /* ssf for this operation (highest between SASL and TLS/SSL) */ int o_opid; /* id of this operation */ PRUint64 o_connid; /* id of conn initiating this op; for logging only */ void *o_handler_data; |