]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/acl.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Commit of the Proxy Cache contribution (ITS#2062)
[openldap] / servers / slapd / acl.c
diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 23447f89fd71038a58c6febf97ea10b72acc39be..404842ad1490a38d181bdb4ca22e2f609593a9cd 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -1,7 +1,7 @@
 /* acl.c - routines to parse and check acl's */
 /* $OpenLDAP$ */
 /*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
  * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
  */
 
@@ -121,7 +121,7 @@ access_allowed(
 {
        int                             ret = 1;
        int                             count;
-       AccessControl   *a;
+       AccessControl                   *a = NULL;
 
 #ifdef LDAP_DEBUG
        char accessmaskbuf[ACCESSMASK_MAXLEN];
@@ -889,7 +889,9 @@ dn_match_cleanup:;
                                at = attrs_find( at->a_next, b->a_dn_at ) )
                        {
                                if( value_find_ex( b->a_dn_at,
-                                       SLAP_MR_VALUE_NORMALIZED_MATCH, at->a_vals, &bv ) == 0 ) {
+                                       SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
+                                       at->a_vals, &bv ) == 0 )
+                               {
                                        /* found it */
                                        match = 1;
                                        break;
@@ -902,8 +904,8 @@ dn_match_cleanup:;
                                 */
                                if ( b->a_dn_self ) {
                                        /* check if the target is an attribute. */
-                                       if ( val == NULL )
-                                               continue;
+                                       if ( val == NULL ) continue;
+
                                        /* target is attribute, check if the attribute value
                                         * is the op dn.
                                         */
@@ -982,7 +984,16 @@ dn_match_cleanup:;
                }
 
                if ( b->a_set_pat.bv_len != 0 ) {
-                       if (aci_match_set( &b->a_set_pat, be, e, conn, op, 0 ) == 0) {
+                       struct berval bv;
+                       char buf[ACL_BUF_SIZE];
+                       if( b->a_set_style == ACL_STYLE_REGEX ){
+                               bv.bv_len = sizeof(buf) - 1;
+                               bv.bv_val = buf;
+                               string_expand( &bv, &b->a_set_pat, e->e_ndn, matches );
+                       }else{
+                               bv = b->a_set_pat;
+                       }
+                       if (aci_match_set( &bv, be, e, conn, op, 0 ) == 0) {
                                continue;
                        }
                }
@@ -1802,7 +1813,7 @@ aci_mask(
                        at != NULL;
                        at = attrs_find( at->a_next, ad ) )
                {
-                       if (value_find_ex( ad, SLAP_MR_VALUE_NORMALIZED_MATCH, at->a_vals, &bv) == 0 ) {
+                       if (value_find_ex( ad, SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, at->a_vals, &bv) == 0 ) {
                                rc = 1;
                                break;
                        }
Cloned from git://git.openldap.org/openldap.git