X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Faci.c;h=42ee9ebea11fa504b56bea809057c9a41a63ba3f;hb=447f3f746e59fc5b724b8dd8bfb1ec0e02cc8d9f;hp=a86e3acd1fe1380a4bf31a9284b0c94bd3869eac;hpb=4e75fa634562c5fad69dbc6bb18a152e372bb93c;p=openldap

diff --git a/servers/slapd/aci.c b/servers/slapd/aci.c
index a86e3acd1f..42ee9ebea1 100644
--- a/servers/slapd/aci.c
+++ b/servers/slapd/aci.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Copyright 1998-2009 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -345,9 +345,12 @@ aci_list_get_rights(
 			continue;
 		}
 
-		found = 1;
 		*mask |= aci_list_get_attr_rights( &perm, attr, val );
 		*mask |= aci_list_get_attr_rights( &perm, &aci_bv[ ACI_BV_BR_ALL ], NULL );
+
+		if ( *mask != ACL_PRIV_NONE ) { 
+			found = 1;
+		}
 	}
 
 	return found;
@@ -397,11 +400,15 @@ aci_group_member (
 	if ( grp_oc != NULL && grp_ad != NULL ) {
 		char		buf[ ACI_BUF_SIZE ];
 		struct berval	bv, ndn;
+		AclRegexMatches amatches = { 0 };
+
+		amatches.dn_count = nmatch;
+		AC_MEMCPY( amatches.dn_data, matches, sizeof( amatches.dn_data ) );
 
 		bv.bv_len = sizeof( buf ) - 1;
 		bv.bv_val = (char *)&buf;
 		if ( acl_string_expand( &bv, &subjdn,
-				e->e_ndn, nmatch, matches ) )
+				&e->e_nname, NULL, &amatches ) )
 		{
 			rc = LDAP_OTHER;
 			goto done;
@@ -439,7 +446,9 @@ aci_mask(
 				opts,
 				sdn;
 	int			rc;
-		
+
+	ACL_INIT( *grant );
+	ACL_INIT( *deny );
 
 	assert( !BER_BVISNULL( &desc->ad_cname ) );
 
@@ -592,11 +601,10 @@ aci_mask(
 				at != NULL;
 				at = attrs_find( at->a_next, ad ) )
 		{
-			if ( value_find_ex( ad,
+			if ( attr_valfind( at, 
 				SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
 					SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
-				at->a_nvals,
-				&op->o_ndn, op->o_tmpmemctx ) == 0 )
+				&op->o_ndn, NULL, op->o_tmpmemctx ) == 0 )
 			{
 				rc = 1;
 				break;
@@ -676,6 +684,7 @@ aci_init( void )
 	static slap_syntax_defs_rec aci_syntax_def = {
 		"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
 			SLAP_SYNTAX_HIDE,
+			NULL,
 			OpenLDAPaciValidate,
 			OpenLDAPaciPretty
 	};
@@ -1038,7 +1047,7 @@ static int
 OpenLDAPaciValidatePerms(
 	struct berval *perms ) 
 {
-	int		i;
+	ber_len_t	i;
 
 	for ( i = 0; i < perms->bv_len; ) {
 		switch ( perms->bv_val[ i ] ) {
@@ -1738,6 +1747,12 @@ OpenLDAPaciPrettyNormal(
 		}
 
 		nsubject = ad->ad_cname;
+
+	} else if ( OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_SET ]
+		|| OpenLDAPacitypes[ idx ] == &aci_bv[ ACI_BV_SET_REF ] )
+	{
+		/* NOTE: dunno how to normalize it... */
+		nsubject = subject;
 	}