Experiment with busy loop protection...

[openldap] / servers / slapd / acl.c

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 68353e909a6d64e2ea7b04f1bcda80eef3cbca5b..9ae0246de216a09c5553b6ebfa6d6dfb357776f2 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -87,26 +87,34 @@ access_allowed(
 #endif
        slap_mask_t mask;
        slap_control_t control;
+       const char *attr;
+       regmatch_t matches[MAXREMATCHES];
 
-       const char *attr = desc ? desc->ad_cname->bv_val : NULL;
+       assert( e != NULL );
+       assert( desc != NULL );
+       assert( access > ACL_NONE );
 
-       regmatch_t       matches[MAXREMATCHES];
+       attr = desc->ad_cname->bv_val;
+
+       assert( attr != NULL );
 
 #ifdef NEW_LOGGING
        LDAP_LOG(( "acl", LDAP_LEVEL_ENTRY,
-                  "access_allowed: conn %d %s access to \"%s\" \"%s\" requested\n",
-                  conn->c_connid, access2str( access ), e->e_dn, attr ));
+               "access_allowed: conn %d %s access to \"%s\" \"%s\" requested\n",
+               conn ? conn->c_connid : -1, access2str( access ), e->e_dn, attr ));
 #else
        Debug( LDAP_DEBUG_ACL,
                "=> access_allowed: %s access to \"%s\" \"%s\" requested\n",
-           access2str( access ),
-               e->e_dn, attr );
+           access2str( access ), e->e_dn, attr );
 #endif
 
+       if ( op == NULL ) {
+               /* no-op call */
+               return 1;
+       }
+
+       if ( be == NULL ) be = &backends[0];
        assert( be != NULL );
-       assert( e != NULL );
-       assert( attr != NULL );
-       assert( access > ACL_NONE );
 
        /* grant database root access */
        if ( be != NULL && be_isroot( be, op->o_ndn ) ) {
@@ -282,8 +290,11 @@ acl_get(
 
        assert( e != NULL );
        assert( count != NULL );
+       assert( desc != NULL );
+
+       attr = desc->ad_cname->bv_val;
 
-       attr = desc ? desc->ad_cname->bv_val : NULL;
+       assert( attr != NULL );
 
        if( a == NULL ) {
                if( be == NULL ) {
@@ -446,10 +457,15 @@ acl_mask(
 #ifdef LDAP_DEBUG
        char accessmaskbuf[ACCESSMASK_MAXLEN];
 #endif
-       const char *attr = desc ? desc->ad_cname->bv_val : NULL;
+       const char *attr;
 
        assert( a != NULL );
        assert( mask != NULL );
+       assert( desc != NULL );
+
+       attr = desc->ad_cname->bv_val;
+
+       assert( attr != NULL );
 
 #ifdef NEW_LOGGING
        LDAP_LOG(( "acl", LDAP_LEVEL_ENTRY,
@@ -669,15 +685,17 @@ acl_mask(
                        struct berval   bv;
                        int rc, match = 0;
                        const char *text;
-                       const char *desc = b->a_dn_at->ad_cname->bv_val;
+                       const char *attr = b->a_dn_at->ad_cname->bv_val;
+
+                       assert( attr != NULL );
 
 #ifdef NEW_LOGGING
                        LDAP_LOG(( "acl", LDAP_LEVEL_DETAIL1,
                                   "acl_mask: conn %d  check a_dn_pat: %s\n",
-                                  conn->c_connid, desc ));
+                                  conn->c_connid, attr ));
 #else
                        Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n",
-                               desc, 0, 0);
+                               attr, 0, 0);
 #endif
                        bv.bv_val = op->o_ndn;
                        bv.bv_len = strlen( bv.bv_val );
@@ -1542,6 +1560,8 @@ aci_mask(
        int rc;
        char *attr = desc->ad_cname->bv_val;
 
+       assert( attr != NULL );
+
        /* parse an aci of the form:
                oid#scope#action;rights;attr;rights;attr$action;rights;attr;rights;attr#dnType#subjectDN