add new ber dump routine (behind NEW_LOGGING)

[openldap] / servers / slapd / acl.c

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 2e18ce48b2c3859ffa3fb6a1cdc4ebd92d751bbb..7b5d30bff6dbeab941499291d6a038abff3e9232 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -154,7 +154,7 @@ access_allowed(
        a = NULL;
        count = 0;
 
-       while( a = acl_get( a, &count, be, op, e, desc, MAXREMATCHES, matches ) )
+       while((a = acl_get( a, &count, be, op, e, desc, MAXREMATCHES, matches )) != NULL)
        {
                int i;
 
@@ -619,7 +619,7 @@ acl_mask(
                                buf[sizeof(buf) - 1] = 0;
                        }
 
-                       if (backend_group(be, e, buf, op->o_ndn,
+                       if (backend_group(be, conn, op, e, buf, op->o_ndn,
                                b->a_group_oc, b->a_group_at) != 0)
                        {
                                continue;
@@ -637,8 +637,8 @@ acl_mask(
                }
 
                if ( b->a_authz.sai_ssf ) {
-                       Debug( LDAP_DEBUG_ACL, "<= check a_authz.sai_ssf: %ud\n",
-                               b->a_authz.sai_ssf, 0, 0 );
+                       Debug( LDAP_DEBUG_ACL, "<= check a_authz.sai_ssf: ACL %u > OP %u\n",
+                               b->a_authz.sai_ssf, op->o_ssf, 0 );
 
                        if ( b->a_authz.sai_ssf >  op->o_ssf ) {
                                continue;
@@ -647,8 +647,8 @@ acl_mask(
 
                if ( b->a_authz.sai_transport_ssf ) {
                        Debug( LDAP_DEBUG_ACL,
-                               "<= check a_authz.sai_transport_ssf: %ud\n",
-                               b->a_authz.sai_transport_ssf, 0, 0 );
+                               "<= check a_authz.sai_transport_ssf: ACL %u > OP %u\n",
+                               b->a_authz.sai_transport_ssf, op->o_transport_ssf, 0 );
 
                        if ( b->a_authz.sai_transport_ssf >  op->o_transport_ssf ) {
                                continue;
@@ -657,8 +657,8 @@ acl_mask(
 
                if ( b->a_authz.sai_tls_ssf ) {
                        Debug( LDAP_DEBUG_ACL,
-                               "<= check a_authz.sai_tls_ssf: %ud\n",
-                               b->a_authz.sai_tls_ssf, 0, 0 );
+                               "<= check a_authz.sai_tls_ssf: ACL %u > OP %u\n",
+                               b->a_authz.sai_tls_ssf, op->o_tls_ssf, 0 );
 
                        if ( b->a_authz.sai_tls_ssf >  op->o_tls_ssf ) {
                                continue;
@@ -667,8 +667,8 @@ acl_mask(
 
                if ( b->a_authz.sai_sasl_ssf ) {
                        Debug( LDAP_DEBUG_ACL,
-                               "<= check a_authz.sai_sasl_ssf: %ud\n",
-                               b->a_authz.sai_sasl_ssf, 0, 0 );
+                               "<= check a_authz.sai_sasl_ssf: ACL %u > OP %u\n",
+                               b->a_authz.sai_sasl_ssf, op->o_sasl_ssf, 0 );
 
                        if ( b->a_authz.sai_sasl_ssf >  op->o_sasl_ssf ) {
                                continue;
@@ -1262,6 +1262,7 @@ aci_group_member (
        const char *defgrpat,
     Backend            *be,
     Entry              *e,
+    Connection         *conn,
     Operation          *op,
        regmatch_t      *matches
 )
@@ -1310,7 +1311,7 @@ aci_group_member (
        if (grp_oc != NULL && grp_ad != NULL && grpdn != NULL) {
                string_expand(grpdn, 1024, subjdn, e->e_ndn, matches);
                if ( dn_normalize(grpdn) != NULL ) {
-                       rc = (backend_group(be, e, grpdn, op->o_ndn, grp_oc, grp_ad) == 0);
+                       rc = (backend_group(be, conn, op, e, grpdn, op->o_ndn, grp_oc, grp_ad) == 0);
                }
        }
 
@@ -1430,11 +1431,11 @@ aci_mask(
 
 
        } else if (aci_strbvcmp( "group", &bv ) == 0) {
-               if (aci_group_member(&sdn, SLAPD_GROUP_CLASS, SLAPD_GROUP_ATTR, be, e, op, matches))
+               if (aci_group_member(&sdn, SLAPD_GROUP_CLASS, SLAPD_GROUP_ATTR, be, e, conn, op, matches))
                        return(1);
 
        } else if (aci_strbvcmp( "role", &bv ) == 0) {
-               if (aci_group_member(&sdn, SLAPD_ROLE_CLASS, SLAPD_ROLE_ATTR, be, e, op, matches))
+               if (aci_group_member(&sdn, SLAPD_ROLE_CLASS, SLAPD_ROLE_ATTR, be, e, conn, op, matches))
                        return(1);
 
        } else if (aci_strbvcmp( "set", &bv ) == 0) {