- /* Is this ACL only for a specific value? */
- if ( a->acl_attrval.bv_len ) {
- if ( val == NULL ) {
- continue;
- }
-
- if( state && !( state->as_recorded & ACL_STATE_RECORDED_VD )) {
- state->as_recorded |= ACL_STATE_RECORDED_VD;
- state->as_vd_acl = prev;
- state->as_vd_acl_count = *count;
- state->as_vd_access = a->acl_access;
- state->as_vd_access_count = 1;
- ACL_INVALIDATE( state->as_vd_acl_mask );
- }
-
- if ( a->acl_attrval_style == ACL_STYLE_REGEX ) {
- Debug( LDAP_DEBUG_ACL,
- "acl_get: valpat %s\n",
- a->acl_attrval.bv_val, 0, 0 );
- if (regexec(&a->acl_attrval_re, val->bv_val, 0, NULL, 0))
- continue;
- } else {
- int match = 0;
- const char *text;
- Debug( LDAP_DEBUG_ACL,
- "acl_get: val %s\n",
- a->acl_attrval.bv_val, 0, 0 );
-
- if ( a->acl_attrs[0].an_desc->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName ) {
- if (value_match( &match, desc,
- desc->ad_type->sat_equality, 0,
- val, &a->acl_attrval, &text ) != LDAP_SUCCESS ||
- match )
- continue;
-
- } else {
- int patlen, vdnlen;
-
- patlen = a->acl_attrval.bv_len;
- vdnlen = val->bv_len;
-
- if ( vdnlen < patlen )
- continue;
-
- if ( a->acl_dn_style == ACL_STYLE_BASE ) {
- if ( vdnlen > patlen )
- continue;
-
- } else if ( a->acl_dn_style == ACL_STYLE_ONE ) {
- int rdnlen = -1;
-
- if ( !DN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
- continue;
-
- rdnlen = dn_rdnlen( NULL, val );
- if ( rdnlen != vdnlen - patlen - 1 )
- continue;
-
- } else if ( a->acl_dn_style == ACL_STYLE_SUBTREE ) {
- if ( vdnlen > patlen && !DN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
- continue;
-
- } else if ( a->acl_dn_style == ACL_STYLE_CHILDREN ) {
- if ( vdnlen <= patlen )
- continue;
-
- if ( !DN_SEPARATOR( val->bv_val[vdnlen - patlen - 1] ) )
- continue;
- }
-
- if ( strcmp( a->acl_attrval.bv_val, val->bv_val + vdnlen - patlen ))
- continue;
- }
- }
- }