/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Copyright 1998-2008 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
( state->as_recorded & ACL_STATE_RECORDED_NV ) )
{
Debug( LDAP_DEBUG_ACL,
- "=> slap_access_allowed: result from state (%s)\n",
+ "=> slap_access_allowed: result was in cache (%s)\n",
attr, 0, 0 );
ret = state->as_result;
goto done;
} else {
Debug( LDAP_DEBUG_ACL,
- "=> slap_access_allowed: no res from state (%s)\n",
+ "=> slap_access_allowed: result not in cache (%s)\n",
attr, 0, 0 );
}
}
at != NULL;
at = attrs_find( at->a_next, bdn->a_at ) )
{
- if ( value_find_ex( bdn->a_at,
+ if ( attr_valfind( at,
SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
- at->a_nvals,
- &bv, op->o_tmpmemctx ) == 0 )
+ &bv, NULL, op->o_tmpmemctx ) == 0 )
{
/* found it */
match = 1;
/* extract IP and try exact match */
} else if ( b->a_peername_style == ACL_STYLE_IP ) {
char *port;
- char buf[] = "255.255.255.255";
+ char buf[STRLENOF("255.255.255.255") + 1];
struct berval ip;
unsigned long addr;
int port_number = -1;
/* extract IPv6 and try exact match */
} else if ( b->a_peername_style == ACL_STYLE_IPV6 ) {
char *port;
- char buf[] = "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF";
+ char buf[STRLENOF("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF") + 1];
struct berval ip;
struct in6_addr addr;
int port_number = -1;
for ( j = 0; !BER_BVISNULL( &rs->sr_attrs[ j ].an_name ); j++ ) {
AttributeDescription *desc = rs->sr_attrs[ j ].an_desc;
+
+ if ( desc == NULL ) {
+ continue;
+ }
if ( desc == slap_schema.si_ad_entryDN ) {
bvalsp = bvals;
a = attr_find( rs->sr_entry->e_attrs, desc );
if ( a != NULL ) {
- int i;
-
- for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ )
- ;
-
bvalsp = a->a_nvals;
}
}
int nattrs = 0;
slap_callback cb = { NULL, acl_set_cb_gather, NULL, NULL };
acl_set_gather_t p = { 0 };
- const char *text = NULL;
- static struct berval defaultFilter_bv = BER_BVC( "(objectClass=*)" );
/* this routine needs to return the bervals instead of
* plain strings, since syntax is not known. It should
rc = ldap_url_parse( name->bv_val, &ludp );
if ( rc != LDAP_URL_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "%s acl_set_gather: unable to parse URL=\"%s\"\n",
+ cp->asc_op->o_log_prefix, name->bv_val, 0 );
+
rc = LDAP_PROTOCOL_ERROR;
goto url_done;
}
{
/* host part must be empty */
/* extensions parts must be empty */
+ Debug( LDAP_DEBUG_TRACE,
+ "%s acl_set_gather: host/exts must be absent in URL=\"%s\"\n",
+ cp->asc_op->o_log_prefix, name->bv_val, 0 );
+
rc = LDAP_PROTOCOL_ERROR;
goto url_done;
}
&op2.o_req_ndn, cp->asc_op->o_tmpmemctx );
BER_BVZERO( &op2.o_req_dn );
if ( rc != LDAP_SUCCESS ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "%s acl_set_gather: DN=\"%s\" normalize failed\n",
+ cp->asc_op->o_log_prefix, op2.o_req_dn.bv_val, 0 );
+
goto url_done;
}
op2.o_bd = select_backend( &op2.o_req_ndn, 1 );
if ( ( op2.o_bd == NULL ) || ( op2.o_bd->be_search == NULL ) ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "%s acl_set_gather: no database could be selected for DN=\"%s\"\n",
+ cp->asc_op->o_log_prefix, op2.o_req_ndn.bv_val, 0 );
+
rc = LDAP_NO_SUCH_OBJECT;
goto url_done;
}
if ( ludp->lud_filter ) {
ber_str2bv_x( ludp->lud_filter, 0, 0, &op2.ors_filterstr,
cp->asc_op->o_tmpmemctx );
+ op2.ors_filter = str2filter_x( cp->asc_op, op2.ors_filterstr.bv_val );
+ if ( op2.ors_filter == NULL ) {
+ Debug( LDAP_DEBUG_TRACE,
+ "%s acl_set_gather: unable to parse filter=\"%s\"\n",
+ cp->asc_op->o_log_prefix, op2.ors_filterstr.bv_val, 0 );
+
+ rc = LDAP_PROTOCOL_ERROR;
+ goto url_done;
+ }
} else {
- op2.ors_filterstr = defaultFilter_bv;
+ op2.ors_filterstr = *slap_filterstr_objectClass_pres;
+ op2.ors_filter = (Filter *)slap_filter_objectClass_pres;
}
- op2.ors_filter = str2filter_x( cp->asc_op, op2.ors_filterstr.bv_val );
- if ( op2.ors_filter == NULL ) {
- rc = LDAP_PROTOCOL_ERROR;
- goto url_done;
- }
/* Grab the scope */
op2.ors_scope = ludp->lud_scope;
/* Grap the attributes */
if ( ludp->lud_attrs ) {
+ int i;
+
for ( ; ludp->lud_attrs[ nattrs ]; nattrs++ )
;
- anlistp = slap_sl_malloc( sizeof( AttributeName ) * ( nattrs + 2 ),
+ anlistp = slap_sl_calloc( sizeof( AttributeName ), nattrs + 2,
cp->asc_op->o_tmpmemctx );
- for ( ; ludp->lud_attrs[ nattrs ]; nattrs++ ) {
- ber_str2bv( ludp->lud_attrs[ nattrs ], 0, 0, &anlistp[ nattrs ].an_name );
- anlistp[ nattrs ].an_desc = NULL;
- rc = slap_bv2ad( &anlistp[ nattrs ].an_name,
- &anlistp[ nattrs ].an_desc, &text );
- if ( rc != LDAP_SUCCESS ) {
- goto url_done;
+ for ( i = 0, nattrs = 0; ludp->lud_attrs[ i ]; i++ ) {
+ struct berval name;
+ AttributeDescription *desc = NULL;
+ const char *text = NULL;
+
+ ber_str2bv( ludp->lud_attrs[ i ], 0, 0, &name );
+ rc = slap_bv2ad( &name, &desc, &text );
+ if ( rc == LDAP_SUCCESS ) {
+ anlistp[ nattrs ].an_name = name;
+ anlistp[ nattrs ].an_desc = desc;
+ nattrs++;
}
}
}
url_done:;
- if ( op2.ors_filter ) {
+ if ( op2.ors_filter && op2.ors_filter != slap_filter_objectClass_pres ) {
filter_free_x( cp->asc_op, op2.ors_filter );
}
if ( !BER_BVISNULL( &op2.o_req_ndn ) ) {