X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Faci.c;h=42ee9ebea11fa504b56bea809057c9a41a63ba3f;hb=447f3f746e59fc5b724b8dd8bfb1ec0e02cc8d9f;hp=0acf6c108ff38848a953c28454866a33390b613c;hpb=d2179d885ff588df4f73ee27ae363df9a493b9f3;p=openldap diff --git a/servers/slapd/aci.c b/servers/slapd/aci.c index 0acf6c108f..42ee9ebea1 100644 --- a/servers/slapd/aci.c +++ b/servers/slapd/aci.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2007 The OpenLDAP Foundation. + * Copyright 1998-2009 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -345,9 +345,12 @@ aci_list_get_rights( continue; } - found = 1; *mask |= aci_list_get_attr_rights( &perm, attr, val ); *mask |= aci_list_get_attr_rights( &perm, &aci_bv[ ACI_BV_BR_ALL ], NULL ); + + if ( *mask != ACL_PRIV_NONE ) { + found = 1; + } } return found; @@ -397,11 +400,15 @@ aci_group_member ( if ( grp_oc != NULL && grp_ad != NULL ) { char buf[ ACI_BUF_SIZE ]; struct berval bv, ndn; + AclRegexMatches amatches = { 0 }; + + amatches.dn_count = nmatch; + AC_MEMCPY( amatches.dn_data, matches, sizeof( amatches.dn_data ) ); bv.bv_len = sizeof( buf ) - 1; bv.bv_val = (char *)&buf; if ( acl_string_expand( &bv, &subjdn, - e->e_ndn, nmatch, matches ) ) + &e->e_nname, NULL, &amatches ) ) { rc = LDAP_OTHER; goto done; @@ -439,7 +446,9 @@ aci_mask( opts, sdn; int rc; - + + ACL_INIT( *grant ); + ACL_INIT( *deny ); assert( !BER_BVISNULL( &desc->ad_cname ) ); @@ -1038,7 +1047,7 @@ static int OpenLDAPaciValidatePerms( struct berval *perms ) { - int i; + ber_len_t i; for ( i = 0; i < perms->bv_len; ) { switch ( perms->bv_val[ i ] ) { @@ -1738,6 +1747,12 @@ OpenLDAPaciPrettyNormal( } nsubject = ad->ad_cname; + + } else if ( OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_SET ] + || OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_SET_REF ] ) + { + /* NOTE: dunno how to normalize it... */ + nsubject = subject; }