X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Faci.c;h=42ee9ebea11fa504b56bea809057c9a41a63ba3f;hb=447f3f746e59fc5b724b8dd8bfb1ec0e02cc8d9f;hp=2ed91c4935d8901b024005f408dccbc4c89d4d57;hpb=5d31a6247ce40917a55dd39693d669b2cd7f48f9;p=openldap diff --git a/servers/slapd/aci.c b/servers/slapd/aci.c index 2ed91c4935..42ee9ebea1 100644 --- a/servers/slapd/aci.c +++ b/servers/slapd/aci.c @@ -2,7 +2,7 @@ /* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 1998-2007 The OpenLDAP Foundation. + * Copyright 1998-2009 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -278,18 +278,31 @@ aci_list_get_attr_rights( ACL_INIT(mask); for ( i = 1; acl_get_part( list, i + 1, ';', &bv ) >= 0; i += 2 ) { if ( aci_list_has_attr( &bv, attr, val ) == 0 ) { - Debug( LDAP_DEBUG_ACL, " <= aci_list_get_attr_rights test %s for %s -> failed\n", bv.bv_val, attr->bv_val, 0 ); + Debug( LDAP_DEBUG_ACL, + " <= aci_list_get_attr_rights " + "test %s for %s -> failed\n", + bv.bv_val, attr->bv_val, 0 ); continue; } - Debug( LDAP_DEBUG_ACL, " <= aci_list_get_attr_rights test %s for %s -> ok\n", bv.bv_val, attr->bv_val, 0 ); + + Debug( LDAP_DEBUG_ACL, + " <= aci_list_get_attr_rights " + "test %s for %s -> ok\n", + bv.bv_val, attr->bv_val, 0 ); if ( acl_get_part( list, i, ';', &bv ) < 0 ) { - Debug( LDAP_DEBUG_ACL, " <= aci_list_get_attr_rights test no rightsk\n", 0, 0, 0 ); + Debug( LDAP_DEBUG_ACL, + " <= aci_list_get_attr_rights " + "test no rights\n", + 0, 0, 0 ); continue; } mask |= aci_list_map_rights( &bv ); - Debug( LDAP_DEBUG_ACL, " <= aci_list_get_attr_rights rights %s to mask 0x%x\n", bv.bv_val, mask, 0 ); + Debug( LDAP_DEBUG_ACL, + " <= aci_list_get_attr_rights " + "rights %s to mask 0x%x\n", + bv.bv_val, mask, 0 ); } return mask; @@ -332,9 +345,12 @@ aci_list_get_rights( continue; } - found = 1; *mask |= aci_list_get_attr_rights( &perm, attr, val ); *mask |= aci_list_get_attr_rights( &perm, &aci_bv[ ACI_BV_BR_ALL ], NULL ); + + if ( *mask != ACL_PRIV_NONE ) { + found = 1; + } } return found; @@ -384,11 +400,15 @@ aci_group_member ( if ( grp_oc != NULL && grp_ad != NULL ) { char buf[ ACI_BUF_SIZE ]; struct berval bv, ndn; + AclRegexMatches amatches = { 0 }; + + amatches.dn_count = nmatch; + AC_MEMCPY( amatches.dn_data, matches, sizeof( amatches.dn_data ) ); bv.bv_len = sizeof( buf ) - 1; bv.bv_val = (char *)&buf; if ( acl_string_expand( &bv, &subjdn, - e->e_ndn, nmatch, matches ) ) + &e->e_nname, NULL, &amatches ) ) { rc = LDAP_OTHER; goto done; @@ -426,7 +446,9 @@ aci_mask( opts, sdn; int rc; - + + ACL_INIT( *grant ); + ACL_INIT( *deny ); assert( !BER_BVISNULL( &desc->ad_cname ) ); @@ -579,11 +601,10 @@ aci_mask( at != NULL; at = attrs_find( at->a_next, ad ) ) { - if ( value_find_ex( ad, + if ( attr_valfind( at, SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH | SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH, - at->a_nvals, - &op->o_ndn, op->o_tmpmemctx ) == 0 ) + &op->o_ndn, NULL, op->o_tmpmemctx ) == 0 ) { rc = 1; break; @@ -663,6 +684,7 @@ aci_init( void ) static slap_syntax_defs_rec aci_syntax_def = { "( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )", SLAP_SYNTAX_HIDE, + NULL, OpenLDAPaciValidate, OpenLDAPaciPretty }; @@ -1025,7 +1047,7 @@ static int OpenLDAPaciValidatePerms( struct berval *perms ) { - int i; + ber_len_t i; for ( i = 0; i < perms->bv_len; ) { switch ( perms->bv_val[ i ] ) { @@ -1725,6 +1747,12 @@ OpenLDAPaciPrettyNormal( } nsubject = ad->ad_cname; + + } else if ( OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_SET ] + || OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_SET_REF ] ) + { + /* NOTE: dunno how to normalize it... */ + nsubject = subject; }