]> git.sur5r.net Git - openldap/blobdiff - servers/slapd/acl.c
projects / openldap / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ITS#5972 Added newCookie sync info messages.
[openldap] / servers / slapd / acl.c
diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 7e7c0aee81dae14509555eaf9b38005629ca1052..4b11753d38769fcf780c242334c7105ce51e1aa7 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2008 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -66,7 +66,8 @@ static slap_control_t slap_acl_mask(
        slap_access_t access );
 
 static int     regex_matches(
-       struct berval *pat, char *str, char *buf,
+       struct berval *pat, char *str,
+       struct berval *dn_matches, struct berval *val_matches,
        AclRegexMatches *matches);
 
 typedef        struct AclSetCookie {
@@ -243,10 +244,9 @@ slap_access_allowed(
 
                /* DN matches */
                for ( i = 0; i < dnmaxcount && dn_data[i].rm_eo > 0; i++ ) {
-                       char *debugmsg = "=> match[dn%d]: %d %d ";
                        char *data = e->e_ndn;
 
-                       Debug( LDAP_DEBUG_ACL, debugmsg, i,
+                       Debug( LDAP_DEBUG_ACL, "=> match[dn%d]: %d %d ", i,
                                (int)dn_data[i].rm_so, 
                                (int)dn_data[i].rm_eo );
                        if ( dn_data[i].rm_so <= dn_data[0].rm_eo ) {
@@ -262,10 +262,9 @@ slap_access_allowed(
 
                /* val matches */
                for ( i = 0; i < valmaxcount && val_data[i].rm_eo > 0; i++ ) {
-                       char *debugmsg = "=> match[val%d]: %d %d ";
                        char *data = val->bv_val;
 
-                       Debug( LDAP_DEBUG_ACL, debugmsg, i,
+                       Debug( LDAP_DEBUG_ACL, "=> match[val%d]: %d %d ", i,
                                (int)val_data[i].rm_so, 
                                (int)val_data[i].rm_eo );
                        if ( val_data[i].rm_so <= val_data[0].rm_eo ) {
@@ -845,7 +844,7 @@ acl_mask_dn(
                        }
 
                        if ( !regex_matches( &bdn->a_pat, opndn->bv_val,
-                               e->e_ndn, tmp_matchesp ) )
+                               &e->e_nname, NULL, tmp_matchesp ) )
                        {
                                return 1;
                        }
@@ -912,8 +911,8 @@ acl_mask_dn(
                        }
 
                        if ( acl_string_expand( &bv, &bdn->a_pat, 
-                                               e->e_nname.bv_val
-                                               val->bv_val, tmp_matchesp ) )
+                                               &e->e_nname
+                                               val, tmp_matchesp ) )
                        {
                                return 1;
                        }
@@ -1229,8 +1228,8 @@ slap_acl_mask(
 
                        if ( !ber_bvccmp( &b->a_sockurl_pat, '*' ) ) {
                                if ( b->a_sockurl_style == ACL_STYLE_REGEX) {
-                                       if (!regex_matches( &b->a_sockurl_pat, op->o_conn->c_listener_url.bv_val,
-                                                       e->e_ndn, matches ) ) 
+                                       if ( !regex_matches( &b->a_sockurl_pat, op->o_conn->c_listener_url.bv_val,
+                                                       &e->e_nname, val, matches ) ) 
                                        {
                                                continue;
                                        }
@@ -1241,7 +1240,7 @@ slap_acl_mask(
 
                                        bv.bv_len = sizeof( buf ) - 1;
                                        bv.bv_val = buf;
-                                       if ( acl_string_expand( &bv, &b->a_sockurl_pat, e->e_ndn, val->bv_val, matches ) )
+                                       if ( acl_string_expand( &bv, &b->a_sockurl_pat, &e->e_nname, val, matches ) )
                                        {
                                                continue;
                                        }
@@ -1268,8 +1267,8 @@ slap_acl_mask(
                                b->a_domain_pat.bv_val, 0, 0 );
                        if ( !ber_bvccmp( &b->a_domain_pat, '*' ) ) {
                                if ( b->a_domain_style == ACL_STYLE_REGEX) {
-                                       if (!regex_matches( &b->a_domain_pat, op->o_conn->c_peer_domain.bv_val,
-                                                       e->e_ndn, matches ) ) 
+                                       if ( !regex_matches( &b->a_domain_pat, op->o_conn->c_peer_domain.bv_val,
+                                                       &e->e_nname, val, matches ) ) 
                                        {
                                                continue;
                                        }
@@ -1285,7 +1284,7 @@ slap_acl_mask(
                                                bv.bv_len = sizeof(buf) - 1;
                                                bv.bv_val = buf;
 
-                                               if ( acl_string_expand(&bv, &b->a_domain_pat, e->e_ndn, val->bv_val, matches) )
+                                               if ( acl_string_expand(&bv, &b->a_domain_pat, &e->e_nname, val, matches) )
                                                {
                                                        continue;
                                                }
@@ -1322,8 +1321,8 @@ slap_acl_mask(
                                b->a_peername_pat.bv_val, 0, 0 );
                        if ( !ber_bvccmp( &b->a_peername_pat, '*' ) ) {
                                if ( b->a_peername_style == ACL_STYLE_REGEX ) {
-                                       if (!regex_matches( &b->a_peername_pat, op->o_conn->c_peer_name.bv_val,
-                                                       e->e_ndn, matches ) ) 
+                                       if ( !regex_matches( &b->a_peername_pat, op->o_conn->c_peer_name.bv_val,
+                                                       &e->e_nname, val, matches ) ) 
                                        {
                                                continue;
                                        }
@@ -1341,7 +1340,7 @@ slap_acl_mask(
 
                                                bv.bv_len = sizeof( buf ) - 1;
                                                bv.bv_val = buf;
-                                               if ( acl_string_expand( &bv, &b->a_peername_pat, e->e_ndn, val->bv_val, matches ) )
+                                               if ( acl_string_expand( &bv, &b->a_peername_pat, &e->e_nname, val, matches ) )
                                                {
                                                        continue;
                                                }
@@ -1474,8 +1473,8 @@ slap_acl_mask(
                                b->a_sockname_pat.bv_val, 0, 0 );
                        if ( !ber_bvccmp( &b->a_sockname_pat, '*' ) ) {
                                if ( b->a_sockname_style == ACL_STYLE_REGEX) {
-                                       if (!regex_matches( &b->a_sockname_pat, op->o_conn->c_sock_name.bv_val,
-                                                       e->e_ndn, matches ) ) 
+                                       if ( !regex_matches( &b->a_sockname_pat, op->o_conn->c_sock_name.bv_val,
+                                                       &e->e_nname, val, matches ) ) 
                                        {
                                                continue;
                                        }
@@ -1486,7 +1485,7 @@ slap_acl_mask(
 
                                        bv.bv_len = sizeof( buf ) - 1;
                                        bv.bv_val = buf;
-                                       if ( acl_string_expand( &bv, &b->a_sockname_pat, e->e_ndn, val->bv_val, matches ) )
+                                       if ( acl_string_expand( &bv, &b->a_sockname_pat, &e->e_nname, val, matches ) )
                                        {
                                                continue;
                                        }
@@ -1599,7 +1598,7 @@ slap_acl_mask(
                                }
                                
                                if ( acl_string_expand( &bv, &b->a_group_pat,
-                                               e->e_nname.bv_val, val->bv_val,
+                                               &e->e_nname, val,
                                                tmp_matchesp ) )
                                {
                                        continue;
@@ -1687,7 +1686,7 @@ slap_acl_mask(
                                }
                                
                                if ( acl_string_expand( &bv, &b->a_set_pat,
-                                               e->e_nname.bv_val, val->bv_val,
+                                               &e->e_nname, val,
                                                tmp_matchesp ) )
                                {
                                        continue;
@@ -2510,8 +2509,8 @@ int
 acl_string_expand(
        struct berval   *bv,
        struct berval   *pat,
-       char            *dn_match,
-       char            *val_match,
+       struct berval   *dn_matches,
+       struct berval   *val_matches,
        AclRegexMatches *matches)
 {
        ber_len_t       size;
@@ -2573,13 +2572,15 @@ acl_string_expand(
                                case DN_FLAG:
                                        nm = matches->dn_count;
                                        m = matches->dn_data;
-                                       data = dn_match;
+                                       data = dn_matches ? dn_matches->bv_val : NULL;
                                        break;
                                case VAL_FLAG:
                                        nm = matches->val_count;
                                        m = matches->val_data;
-                                       data = val_match;
+                                       data = val_matches ? val_matches->bv_val : NULL;
                                        break;
+                               default:
+                                       assert( 0 );
                                }
                                if ( n >= nm ) {
                                        /* FIXME: error */
@@ -2631,7 +2632,8 @@ static int
 regex_matches(
        struct berval   *pat,           /* pattern to expand and match against */
        char            *str,           /* string to match against pattern */
-       char            *buf,           /* buffer with $N expansion variables */
+       struct berval   *dn_matches,    /* buffer with $N expansion variables from DN */
+       struct berval   *val_matches,   /* buffer with $N expansion variables from val */
        AclRegexMatches *matches        /* offsets in buffer for $N expansion variables */
 )
 {
@@ -2647,7 +2649,7 @@ regex_matches(
                str = "";
        };
 
-       acl_string_expand( &bv, pat, buf, NULL, matches );
+       acl_string_expand( &bv, pat, dn_matches, val_matches, matches );
        rc = regcomp( &re, newbuf, REG_EXTENDED|REG_ICASE );
        if ( rc ) {
                char error[ACL_BUF_SIZE];
Cloned from git://git.openldap.org/openldap.git