Should include <ac/unistd.h> instead of <unistd.h>

[openldap] / servers / slapd / acl.c

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 15d02dfd52902b1e0a4978a9f89100ac624a2c52..72a89e2751086049b139b853a50a8d096ce366af 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -10,20 +10,9 @@
 
 #include "slap.h"
 
-extern Attribute       *attr_find();
-extern struct acl      *global_acl;
-extern int             global_default_access;
-extern char            *access2str();
-extern char            *dn_normalize_case();
-
-int            acl_access_allowed();
-int            access_allowed();
-struct acl     *acl_get_applicable();
-
-static int     regex_matches();
-
-static string_expand(char *newbuf, int bufsiz, char *pattern,
-       char *match, regmatch_t *matches);
+static int     regex_matches(char *pat, char *str, char *buf, regmatch_t *matches);
+static void    string_expand(char *newbuf, int bufsiz, char *pattern,
+                             char *match, regmatch_t *matches);
 
 
 /*
@@ -83,8 +72,8 @@ access_allowed(
 
        if (a) {
                for (i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++) {
-                       Debug( LDAP_DEBUG_ARGS, "=> match[%d]: %d %d ",
-                               i, matches[i].rm_so, matches[i].rm_eo );
+                       Debug( LDAP_DEBUG_ARGS, "=> match[%d]: %d %d ", i,
+                              (int)matches[i].rm_so, (int)matches[i].rm_eo );
 
                        if( matches[i].rm_so <= matches[0].rm_eo ) {
                                for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++) {
@@ -140,7 +129,7 @@ acl_get_applicable(
        for ( i = 1, a = be->be_acl; a != NULL; a = a->acl_next, i++ ) {
                if (a->acl_dnpat != NULL) {
                        Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n", 
-                               i, a->acl_dnpat, a->acl_dnre.re_nsub);
+                               i, a->acl_dnpat, (int) a->acl_dnre.re_nsub);
 
                        if (regexec(&a->acl_dnre, edn, nmatch, matches, 0))
                                continue;
@@ -171,7 +160,7 @@ acl_get_applicable(
        for ( i = 1, a = global_acl; a != NULL; a = a->acl_next, i++ ) {
                if (a->acl_dnpat != NULL) {
                        Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n", 
-                               i, a->acl_dnpat, a->acl_dnre.re_nsub);
+                               i, a->acl_dnpat, (int) a->acl_dnre.re_nsub);
 
                        if (regexec(&a->acl_dnre, edn, nmatch, matches, 0)) {
                                continue;
@@ -368,15 +357,10 @@ acl_access_allowed(
                         * entry with objectclass group* and we test to see if odn is one of
                         * the values in the attribute group
                         */
-                       Debug( LDAP_DEBUG_ARGS, "<= check a_group: %s\n",
-                               b->a_group, 0, 0);
-                       Debug( LDAP_DEBUG_ARGS, "<= check a_group: odn: %s\n",
-                               odn, 0, 0);
-
                        /* see if asker is listed in dnattr */
                        string_expand(buf, sizeof(buf), b->a_group, edn, matches);
 
-                       if (be_group(be, buf, odn) == 0) {
+                       if (be_group(be, buf, odn, b->a_objectclassvalue, b->a_groupattrname) == 0) {
                                Debug( LDAP_DEBUG_ACL,
                                        "<= acl_access_allowed: matched by clause #%d (group) access granted\n",
                                        i, 0, 0 );
@@ -477,7 +461,8 @@ acl_check_mods(
        return( LDAP_SUCCESS );
 }
 
-static string_expand(
+static void
+string_expand(
        char *newbuf,
        int bufsiz,
        char *pat,