)
{
int rc;
- struct acl *a;
+ AccessControl *a;
char *edn;
regmatch_t matches[MAXREMATCHES];
e->e_dn, attr, 0 );
/* the lastmod attributes are ignored by ACL checking */
- if ( oc_check_operational( attr ) ) {
+ if ( oc_check_no_usermod_attr( attr ) ) {
Debug( LDAP_DEBUG_ACL, "Operational attribute: %s access allowed\n",
attr, 0, 0 );
return(1);
* acl_access_allowed().
*/
-struct acl *
+AccessControl *
acl_get_applicable(
Backend *be,
Operation *op,
)
{
int i;
- struct acl *a;
+ AccessControl *a;
char *edn;
Debug( LDAP_DEBUG_ACL, "\n=> acl_get: entry (%s) attr (%s)\n",
int
acl_access_allowed(
- struct acl *a,
+ AccessControl *a,
Backend *be,
Connection *conn,
Entry *e,
)
{
int i;
- char *odn;
- struct access *b;
+ Access *b;
Attribute *at;
struct berval bv;
int default_access;
return( default_access >= access );
}
- odn = op->o_ndn;
-
- if ( odn != NULL ) {
- bv.bv_val = odn;
- bv.bv_len = strlen( odn );
+ if ( op->o_ndn != NULL ) {
+ bv.bv_val = op->o_ndn;
+ bv.bv_len = strlen( bv.bv_val );
}
for ( i = 1, b = a->acl_access; b != NULL; b = b->a_next, i++ ) {
* user is bound as somebody in the same namespace as
* the entry, OR the given dn matches the dn pattern
*/
- if ( strcasecmp( b->a_dnpat, "self" ) == 0 &&
+ if ( strcasecmp( b->a_dnpat, "anonymous" ) == 0 &&
+ (op->o_ndn == NULL || *(op->o_ndn) == '\0' ) )
+ {
+ Debug( LDAP_DEBUG_ACL,
+ "<= acl_access_allowed: matched by clause #%d access %s\n",
+ i, ACL_GRANT(b->a_access, access)
+ ? "granted" : "denied", 0 );
+
+ return ACL_GRANT(b->a_access, access );
+
+ } else if ( strcasecmp( b->a_dnpat, "self" ) == 0 &&
op->o_ndn != NULL && *(op->o_ndn) && e->e_dn != NULL )
{
if ( strcmp( edn, op->o_ndn ) == 0 ) {
return ACL_GRANT(b->a_access, access );
}
} else {
- if ( regex_matches( b->a_dnpat, odn, edn, matches ) ) {
+ if ( regex_matches( b->a_dnpat, op->o_ndn, edn, matches ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, ACL_GRANT(b->a_access, access)
return ACL_GRANT(b->a_access, access );
}
-#ifdef SLAPD_ACLGROUPS
+
if ( b->a_group != NULL && op->o_ndn != NULL ) {
char buf[1024];
string_expand(buf, sizeof(buf), b->a_group, edn, matches);
(void) dn_normalize_case(buf);
- if (backend_group(be, e, buf, odn,
+ if (backend_group(be, e, buf, op->o_ndn,
b->a_group_oc, b->a_group_at) == 0)
{
Debug( LDAP_DEBUG_ACL,
return ACL_GRANT(b->a_access, access );
}
}
-#endif /* SLAPD_ACLGROUPS */
}
Debug( LDAP_DEBUG_ACL,
)
{
int i;
- struct acl *a;
+ AccessControl *a;
char *edn = e->e_ndn;
for ( ; mlist != NULL; mlist = mlist->ml_next ) {
regmatch_t matches[MAXREMATCHES];
/* the lastmod attributes are ignored by ACL checking */
- if ( oc_check_operational( mlist->ml_type ) ) {
+ if ( oc_check_no_usermod_attr( mlist->ml_type ) ) {
Debug( LDAP_DEBUG_ACL, "Operational attribute: %s access allowed\n",
mlist->ml_type, 0, 0 );
continue;
char newbuf[512];
int rc;
+ if(str == NULL) str = "";
+
string_expand(newbuf, sizeof(newbuf), pat, buf, matches);
if (( rc = regcomp(&re, newbuf, REG_EXTENDED|REG_ICASE))) {
char error[512];