-#endif /* LDAP_PF_LOCAL */
-
- /* exact match (very unlikely...) */
- } else if ( ber_bvcmp( &op->o_conn->c_peer_name, &b->a_peername_pat ) != 0 ) {
- continue;
- }
- }
- }
- }
-
- if ( !BER_BVISEMPTY( &b->a_sockname_pat ) ) {
- if ( BER_BVISNULL( &op->o_conn->c_sock_name ) ) {
- continue;
- }
- Debug( LDAP_DEBUG_ACL, "<= check a_sockname_path: %s\n",
- b->a_sockname_pat.bv_val, 0, 0 );
- if ( !ber_bvccmp( &b->a_sockname_pat, '*' ) ) {
- if ( b->a_sockname_style == ACL_STYLE_REGEX) {
- if (!regex_matches( &b->a_sockname_pat, op->o_conn->c_sock_name.bv_val,
- e->e_ndn, nmatch, matches ) )
- {
- continue;
- }
-
- } else if ( b->a_sockname_style == ACL_STYLE_EXPAND ) {
- struct berval bv;
- char buf[ACL_BUF_SIZE];
-
- bv.bv_len = sizeof( buf ) - 1;
- bv.bv_val = buf;
- if ( string_expand( &bv, &b->a_sockname_pat,
- e->e_ndn, nmatch, matches ) )
- {
- continue;
- }
-
- if ( ber_bvstrcasecmp( &bv, &op->o_conn->c_sock_name ) != 0 ) {
- continue;
- }
-
- } else {
- if ( ber_bvstrcasecmp( &b->a_sockname_pat, &op->o_conn->c_sock_name ) != 0 ) {
- continue;
- }
- }
- }
- }
-
- if ( b->a_dn_at != NULL ) {
- if ( acl_mask_dnattr( op, e, val, a, b, i,
- matches, count, state,
- &b->a_dn, &op->o_ndn ) )
- {
- continue;
- }
- }
-
- if ( b->a_realdn_at != NULL ) {
- struct berval ndn;
-
- if ( op->o_conn && !BER_BVISNULL( &op->o_conn->c_ndn ) ) {
- ndn = op->o_conn->c_ndn;
- } else {
- ndn = op->o_ndn;
- }
-
- if ( acl_mask_dnattr( op, e, val, a, b, i,
- matches, count, state,
- &b->a_realdn, &ndn ) )
- {
- continue;
- }
- }
-
-#if 0
- if ( b->a_dn_at != NULL ) {
- Attribute *at;
- struct berval bv;
- int rc, match = 0;
- const char *text;
- const char *attr = b->a_dn_at->ad_cname.bv_val;
-
- assert( attr != NULL );
-
- if ( op->o_ndn.bv_len == 0 ) {
- continue;
- }
-
- Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n",
- attr, 0, 0);
- bv = op->o_ndn;
-
- /* see if asker is listed in dnattr */
- for( at = attrs_find( e->e_attrs, b->a_dn_at );
- at != NULL;
- at = attrs_find( at->a_next, b->a_dn_at ) )
- {
- if( value_find_ex( b->a_dn_at,
- SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
- SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
- at->a_nvals,
- &bv, op->o_tmpmemctx ) == 0 )
- {
- /* found it */
- match = 1;
- break;
- }
- }
-
- if ( match ) {
- /* have a dnattr match. if this is a self clause then
- * the target must also match the op dn.
- */
- if ( b->a_dn_self ) {
- /* check if the target is an attribute. */
- if ( val == NULL ) continue;
-
- /* target is attribute, check if the attribute value
- * is the op dn.
- */
- rc = value_match( &match, b->a_dn_at,
- b->a_dn_at->ad_type->sat_equality, 0,
- val, &bv, &text );
- /* on match error or no match, fail the ACL clause */
- if (rc != LDAP_SUCCESS || match != 0 )
- continue;
- }
-
- } else {
- /* no dnattr match, check if this is a self clause */
- if ( ! b->a_dn_self )
- continue;
-
- ACL_RECORD_VALUE_STATE;
-
- /* this is a self clause, check if the target is an
- * attribute.
- */
- if ( val == NULL )
- continue;
-
- /* target is attribute, check if the attribute value
- * is the op dn.
- */
- rc = value_match( &match, b->a_dn_at,
- b->a_dn_at->ad_type->sat_equality, 0,
- val, &bv, &text );
-
- /* on match error or no match, fail the ACL clause */
- if (rc != LDAP_SUCCESS || match != 0 )
- continue;
- }
- }
-#endif
-
- if ( !BER_BVISEMPTY( &b->a_group_pat ) ) {
- struct berval bv;
- struct berval ndn = BER_BVNULL;
- int rc;
-
- if ( op->o_ndn.bv_len == 0 ) {
- continue;
- }
-
- /* b->a_group is an unexpanded entry name, expanded it should be an
- * entry with objectclass group* and we test to see if odn is one of
- * the values in the attribute group
- */
- /* see if asker is listed in dnattr */
- if ( b->a_group_style == ACL_STYLE_EXPAND ) {
- char buf[ACL_BUF_SIZE];
- int tmp_nmatch;
- regmatch_t tmp_matches[2],
- *tmp_matchesp = tmp_matches;
-
- bv.bv_len = sizeof(buf) - 1;
- bv.bv_val = buf;
-
- rc = 0;
-
- switch ( a->acl_dn_style ) {
- case ACL_STYLE_REGEX:
- if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
- tmp_matchesp = matches;
- tmp_nmatch = nmatch;
- break;
- }
-
- /* FALLTHRU: applies also to ACL_STYLE_REGEX when pattern is "*" */
- case ACL_STYLE_BASE:
- tmp_matches[0].rm_so = 0;
- tmp_matches[0].rm_eo = e->e_nname.bv_len;
- tmp_nmatch = 1;
- break;
-
- case ACL_STYLE_ONE:
- case ACL_STYLE_SUBTREE:
- case ACL_STYLE_CHILDREN:
- tmp_matches[0].rm_so = 0;
- tmp_matches[0].rm_eo = e->e_nname.bv_len;
- tmp_matches[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
- tmp_matches[1].rm_eo = e->e_nname.bv_len;
- tmp_nmatch = 2;
- break;
-
- default:
- /* error */
- rc = 1;
- break;
- }
-
- if ( rc ) {
- continue;
- }
-
- if ( string_expand( &bv, &b->a_group_pat,
- e->e_nname.bv_val,
- tmp_nmatch, tmp_matchesp ) )
- {
- continue;
- }
-
- if ( dnNormalize( 0, NULL, NULL, &bv, &ndn,
- op->o_tmpmemctx ) != LDAP_SUCCESS )
- {
- /* did not expand to a valid dn */
- continue;
- }
-
- bv = ndn;
-
- } else {
- bv = b->a_group_pat;
- }
-
- rc = backend_group( op, e, &bv, &op->o_ndn,
- b->a_group_oc, b->a_group_at );
-
- if ( ndn.bv_val ) {
- slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
- }
-
- if ( rc != 0 ) {
- continue;
- }
- }
-
- if ( !BER_BVISEMPTY( &b->a_set_pat ) ) {
- struct berval bv;
- char buf[ACL_BUF_SIZE];
-
- if ( b->a_set_style == ACL_STYLE_EXPAND ) {
- int tmp_nmatch;
- regmatch_t tmp_matches[2],
- *tmp_matchesp = tmp_matches;
- int rc = 0;
-
- bv.bv_len = sizeof( buf ) - 1;
- bv.bv_val = buf;
-
- rc = 0;
-
- switch ( a->acl_dn_style ) {
- case ACL_STYLE_REGEX:
- if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
- tmp_matchesp = matches;
- tmp_nmatch = nmatch;
- break;
- }
-
- /* FALLTHRU: applies also to ACL_STYLE_REGEX when pattern is "*" */
- case ACL_STYLE_BASE:
- tmp_matches[0].rm_so = 0;
- tmp_matches[0].rm_eo = e->e_nname.bv_len;
- tmp_nmatch = 1;
- break;
-
- case ACL_STYLE_ONE:
- case ACL_STYLE_SUBTREE:
- case ACL_STYLE_CHILDREN:
- tmp_matches[0].rm_so = 0;
- tmp_matches[0].rm_eo = e->e_nname.bv_len;
- tmp_matches[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
- tmp_matches[1].rm_eo = e->e_nname.bv_len;
- tmp_nmatch = 2;
- break;
-
- default:
- /* error */
- rc = 1;
- break;
- }
-
- if ( rc ) {
- continue;
- }
-
- if ( string_expand( &bv, &b->a_set_pat,
- e->e_nname.bv_val,
- tmp_nmatch, tmp_matchesp ) )
- {
- continue;
- }