regmatch_t *matches,
slap_access_t *grant,
slap_access_t *deny );
-
-char *supportedACIMechs[] = {
- "1.3.6.1.4.1.4203.666.7.1", /* experimental IETF aci family */
- "1.3.6.1.4.1.4203.666.7.2", /* experimental OpenLDAP aci family */
- NULL
-};
#endif
static int regex_matches(
#ifdef SLAPD_SCHEMA_NOT_COMPAT
int match;
const char *text;
+ const char *desc = b->a_dn_at->ad_cname->bv_val;
+#else
+ const char *desc = b->a_dn_at;
#endif
Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n",
if( match ) {
if ( b->a_dn_self && (val == NULL
|| value_match( &match, b->a_dn_at,
- b->a_dn_at->ad_type->sat_equality, &bv, val, &text ) )
+ b->a_dn_at->ad_type->sat_equality, val, &bv, &text ) )
!= LDAP_SUCCESS
|| match )
{
}
} else if ( ! b->a_dn_self || val == NULL
|| value_match( &match, b->a_dn_at,
- b->a_dn_at->ad_type->sat_equality, &bv, val, &text )
+ b->a_dn_at->ad_type->sat_equality, val, &bv, &text )
!= LDAP_SUCCESS
|| match )
{
*/
for ( i = 0; at->a_vals[i] != NULL; i++ ) {
if (aci_mask( be, op,
- e, attr, val, at->a_vals[i],
+ e, desc, val, at->a_vals[i],
matches, &grant, &deny ) != 0)
{
tgrant |= grant;
/* check that the aci family is supported */
if (aci_get_part(aci, 0, '#', &bv) < 0)
return(0);
- for (i = 0; supportedACIMechs[i] != NULL; i++) {
- if (aci_strbvcmp( supportedACIMechs[i], &bv ) == 0)
- break;
- }
- if (supportedACIMechs[i] == NULL)
- return(0);
/* check that the scope is "entry" */
if (aci_get_part(aci, 1, '#', &bv) < 0
return(0);
}
-char *
-get_supported_acimech(
- int index )
-{
- if (index < 0 || index >= (sizeof(supportedACIMechs) / sizeof(char *)))
- return(NULL);
- return(supportedACIMechs[index]);
-}
-
#endif /* SLAPD_ACI_ENABLED */
static void