-#endif /* LDAP_PF_LOCAL */
-
- /* exact match (very unlikely...) */
- } else if ( ber_bvcmp( &op->o_conn->c_peer_name, &b->a_peername_pat ) != 0 ) {
- continue;
- }
- }
- }
- }
-
- if ( !BER_BVISEMPTY( &b->a_sockname_pat ) ) {
- if ( BER_BVISNULL( &op->o_conn->c_sock_name ) ) {
- continue;
- }
- Debug( LDAP_DEBUG_ACL, "<= check a_sockname_path: %s\n",
- b->a_sockname_pat.bv_val, 0, 0 );
- if ( !ber_bvccmp( &b->a_sockname_pat, '*' ) ) {
- if ( b->a_sockname_style == ACL_STYLE_REGEX) {
- if (!regex_matches( &b->a_sockname_pat, op->o_conn->c_sock_name.bv_val,
- e->e_ndn, nmatch, matches ) )
- {
- continue;
- }
-
- } else if ( b->a_sockname_style == ACL_STYLE_EXPAND ) {
- struct berval bv;
- char buf[ACL_BUF_SIZE];
-
- bv.bv_len = sizeof( buf ) - 1;
- bv.bv_val = buf;
- if ( string_expand( &bv, &b->a_sockname_pat,
- e->e_ndn, nmatch, matches ) )
- {
- continue;
- }
-
- if ( ber_bvstrcasecmp( &bv, &op->o_conn->c_sock_name ) != 0 ) {
- continue;
- }
-
- } else {
- if ( ber_bvstrcasecmp( &b->a_sockname_pat, &op->o_conn->c_sock_name ) != 0 ) {
- continue;
- }
- }
- }
- }
-
- if ( b->a_dn_at != NULL ) {
- if ( acl_mask_dnattr( op, e, val, a, b, i,
- matches, count, state,
- &b->a_dn, &op->o_ndn ) )
- {
- continue;
- }
- }
-
- if ( b->a_realdn_at != NULL ) {
- struct berval ndn;
-
- if ( op->o_conn && !BER_BVISNULL( &op->o_conn->c_ndn ) )
- {
- ndn = op->o_conn->c_ndn;
- } else {
- ndn = op->o_ndn;
- }
-
- if ( acl_mask_dnattr( op, e, val, a, b, i,
- matches, count, state,
- &b->a_realdn, &ndn ) )
- {
- continue;
- }
- }
-
- if ( !BER_BVISEMPTY( &b->a_group_pat ) ) {
- struct berval bv;
- struct berval ndn = BER_BVNULL;
- int rc;
-
- if ( op->o_ndn.bv_len == 0 ) {
- continue;
- }
-
- /* b->a_group is an unexpanded entry name, expanded it should be an
- * entry with objectclass group* and we test to see if odn is one of
- * the values in the attribute group
- */
- /* see if asker is listed in dnattr */
- if ( b->a_group_style == ACL_STYLE_EXPAND ) {
- char buf[ACL_BUF_SIZE];
- int tmp_nmatch;
- regmatch_t tmp_matches[2],
- *tmp_matchesp = tmp_matches;
-
- bv.bv_len = sizeof(buf) - 1;
- bv.bv_val = buf;
-
- rc = 0;
-
- switch ( a->acl_dn_style ) {
- case ACL_STYLE_REGEX:
- if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
- tmp_matchesp = matches;
- tmp_nmatch = nmatch;
- break;
- }
-
- /* FALLTHRU: applies also to ACL_STYLE_REGEX when pattern is "*" */
- case ACL_STYLE_BASE:
- tmp_matches[0].rm_so = 0;
- tmp_matches[0].rm_eo = e->e_nname.bv_len;
- tmp_nmatch = 1;
- break;
-
- case ACL_STYLE_ONE:
- case ACL_STYLE_SUBTREE:
- case ACL_STYLE_CHILDREN:
- tmp_matches[0].rm_so = 0;
- tmp_matches[0].rm_eo = e->e_nname.bv_len;
- tmp_matches[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
- tmp_matches[1].rm_eo = e->e_nname.bv_len;
- tmp_nmatch = 2;
- break;
-
- default:
- /* error */
- rc = 1;
- break;
- }
-
- if ( rc ) {
- continue;
- }
-
- if ( string_expand( &bv, &b->a_group_pat,
- e->e_nname.bv_val,
- tmp_nmatch, tmp_matchesp ) )
- {
- continue;
- }
-
- if ( dnNormalize( 0, NULL, NULL, &bv, &ndn,
- op->o_tmpmemctx ) != LDAP_SUCCESS )
- {
- /* did not expand to a valid dn */
- continue;
- }
-
- bv = ndn;
-
- } else {
- bv = b->a_group_pat;
- }
-
- rc = backend_group( op, e, &bv, &op->o_ndn,
- b->a_group_oc, b->a_group_at );
-
- if ( ndn.bv_val ) {
- slap_sl_free( ndn.bv_val, op->o_tmpmemctx );
- }
-
- if ( rc != 0 ) {
- continue;
- }
- }
-
- if ( !BER_BVISEMPTY( &b->a_set_pat ) ) {
- struct berval bv;
- char buf[ACL_BUF_SIZE];
-
- if ( b->a_set_style == ACL_STYLE_EXPAND ) {
- int tmp_nmatch;
- regmatch_t tmp_matches[2],
- *tmp_matchesp = tmp_matches;
- int rc = 0;
-
- bv.bv_len = sizeof( buf ) - 1;
- bv.bv_val = buf;
-
- rc = 0;
-
- switch ( a->acl_dn_style ) {
- case ACL_STYLE_REGEX:
- if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
- tmp_matchesp = matches;
- tmp_nmatch = nmatch;
- break;
- }
-
- /* FALLTHRU: applies also to ACL_STYLE_REGEX when pattern is "*" */
- case ACL_STYLE_BASE:
- tmp_matches[0].rm_so = 0;
- tmp_matches[0].rm_eo = e->e_nname.bv_len;
- tmp_nmatch = 1;
- break;
-
- case ACL_STYLE_ONE:
- case ACL_STYLE_SUBTREE:
- case ACL_STYLE_CHILDREN:
- tmp_matches[0].rm_so = 0;
- tmp_matches[0].rm_eo = e->e_nname.bv_len;
- tmp_matches[1].rm_so = e->e_nname.bv_len - a->acl_dn_pat.bv_len;
- tmp_matches[1].rm_eo = e->e_nname.bv_len;
- tmp_nmatch = 2;
- break;
-
- default:
- /* error */
- rc = 1;
- break;
- }
-
- if ( rc ) {
- continue;
- }
-
- if ( string_expand( &bv, &b->a_set_pat,
- e->e_nname.bv_val,
- tmp_nmatch, tmp_matchesp ) )
- {
- continue;
- }