[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd/acl.c: using "filter=()" in an acl does not trigger an overlay's search callback


my experimental overlay intercepts search requests and modifies the filter-expressions (e.g. removes/expand AND|OR). Therefore the overlay modifies "struct Filter op->ors_filter" on the fly, handles memory (op->o_tmpmemctx/filter_free) and so on. It works fine, currently no memleaks (valgrind) etc and I would like contribute it (once it's finished... ;-) )

To get the maximum flexibility out of the current prototyp I'm looking after a solution to have my overlay intercept the following "search", too:

access to filter=(description=editMe)
   by self write
   by * none

The ACL's filter seems not to "fire" a search request because in acl.c lines 704 to 709 "test_filter(NULL, e, a->acl_filter)" get's called directly. This results in bypassing the overlay's search callback. Was this for performance reasons?

Are there any chances to replace "test_filter()" by some kind of slapd_internal_search() in a way to enable overlay stack processing, for this internal search? Any sort of advice is very welcome - I just want to experiment with this, but currently I'm lost, regarding the right approach.

I think I've seen some kind of internal search regarding sasl-regexp expansion. When using a filter-expressions in a sasl-regexp some sort of internal search gets triggered, because my overlay reacts correctly on it: slapd/saslauthz.c lines 1805 - 1835. Possibly something similar could be done in acl.c, too? What's your opinion?

Thanks a lot!
P.S.: slapd version: OpenLDAP-CVS