More ACL to dn="" bug fixing... and add test006-acl check

[openldap] / servers / slapd / limits.c

diff --git a/servers/slapd/limits.c b/servers/slapd/limits.c
index 0154626903e4836f0ffbf0f8b578b7c16aae45ab..c33726e71190b011a143de2f8a8eb210618142a3 100644 (file)
--- a/servers/slapd/limits.c
+++ b/servers/slapd/limits.c
@@ -40,7 +40,7 @@ get_limits(
                        if ( ndn->bv_len == 0 ) {
                                break;
                        }
-                       if ( strcmp( lm[0]->lm_dn_pat.bv_val, ndn->bv_val ) == 0 ) {
+                       if ( dn_match( &lm[0]->lm_dn_pat, ndn ) ) {
                                *limit = &lm[0]->lm_limits;
                                return( 0 );
                        }
@@ -55,11 +55,11 @@ get_limits(
                                break;
                        }
 
-                       d = ndn->bv_len - lm[0]->lm_dn_pat.bv_len;
                        /* ndn shorter than dn_pat */
-                       if ( d < 0 ) {
+                       if ( ndn->bv_len < lm[0]->lm_dn_pat.bv_len ) {
                                break;
                        }
+                       d = ndn->bv_len - lm[0]->lm_dn_pat.bv_len;
 
                        /* allow exact match for SUBTREE only */
                        if ( d == 0 ) {
@@ -68,15 +68,14 @@ get_limits(
                                }
                        } else {
                                /* check for unescaped rdn separator */
-                               if ( !DN_SEPARATOR( ndn->bv_val[d-1] )
-                                       || DN_ESCAPE( ndn->bv_val[d-2] ) )
-                               {
+                               if ( !DN_SEPARATOR( ndn->bv_val[d-1] ) ) {
                                        break;
                                }
                        }
 
                        /* in case of (sub)match ... */
-                       if ( strcmp( lm[0]->lm_dn_pat.bv_val, &ndn->bv_val[d] ) == 0 ) {
+                       if ( lm[0]->lm_dn_pat.bv_len == ( ndn->bv_len - d )
+                                       && strcmp( lm[0]->lm_dn_pat.bv_val, &ndn->bv_val[d] ) == 0 ) {
                                /* check for exactly one rdn in case of ONE */
                                if ( lm[0]->lm_type == SLAP_LIMITS_ONE ) {
                                        /*
@@ -121,6 +120,10 @@ get_limits(
                        }
                        break;
 
+               case SLAP_LIMITS_ANY:
+                       *limit = &lm[0]->lm_limits;
+                       return( 0 );
+
                default:
                        assert( 0 );    /* unreachable */
                        return( -1 );
@@ -180,6 +183,7 @@ add_limits(
 
        case SLAP_LIMITS_ANONYMOUS:
        case SLAP_LIMITS_USERS:
+       case SLAP_LIMITS_ANY:
                lm->lm_type = type;
                lm->lm_dn_pat.bv_val = NULL;
                lm->lm_dn_pat.bv_len = 0;
@@ -265,7 +269,10 @@ parse_limits(
         */
        
        pattern = argv[1];
-       if ( strcasecmp( pattern, "anonymous" ) == 0 ) {
+       if ( strcmp( pattern, "*" ) == 0) {
+               type = SLAP_LIMITS_ANY;
+
+       } else if ( strcasecmp( pattern, "anonymous" ) == 0 ) {
                type = SLAP_LIMITS_ANONYMOUS;
 
        } else if ( strcasecmp( pattern, "users" ) == 0 ) {
@@ -343,6 +350,17 @@ parse_limits(
 
                        /* skip '=' (required) */
                        pattern++;
+
+                       /* trim obvious cases */
+                       if ( strcmp( pattern, "*" ) == 0 ) {
+                               type = SLAP_LIMITS_ANY;
+                               pattern = NULL;
+
+                       } else if ( ( type == SLAP_LIMITS_REGEX || type == SLAP_LIMITS_UNDEFINED ) 
+                                       && strcmp( pattern, ".*" ) == 0 ) {
+                               type = SLAP_LIMITS_ANY;
+                               pattern = NULL;
+                       }
                }
        }