[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3652) Add access_control() hook to overlays

Full_Name: Pierangelo Masarati
Version: HEAD
OS: Linux (whitebox)
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

I've just added an access_control() hook to overlays.  The access control for
regular backends is now in a slap_access_control() function that is called by
access_control() after some initial checking.  The function can be registered in
the bi_access_control member of the backend structure; if absent (as is in all
backends right now) the default function is used.  When an overlay is stacked,
the backover implementation is used instead, which calls the overlay stack
functions first.

The pattern is the same as for the overlays: a common mask is passed thru the
call sequence; the intermediate overlays can cause the search to continue, by
calling SLAP_CB_CONTINUE, or to stop with positive (1) or negative (0) result. 
The default function only returns (1) or (0) as access_allowed() used to do.

By explicitly adding an empty hook to backends, one can disable access control
(e.g. for back-dnssrv).