X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Facl.c;h=1e441e946c9ac7d421da0b6aca4375e2b7f4b4a8;hb=59e9ff6243465640956b58ad1756a3ede53eca7c;hp=2b1a901591d9f50d439add430d43cdc4c86438e0;hpb=b814f859204cace4b19637f731fec984b68d1e1a;p=openldap

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 2b1a901591..1e441e946c 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2014 The OpenLDAP Foundation.
+ * Copyright 1998-2018 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -184,7 +184,7 @@ slap_access_allowed(
 	 * if we get here it means a non-root user is trying to 
 	 * manage data, so we need to check its privileges.
 	 */
-	if ( access_level == ACL_WRITE
+	if ( access_level == ACL_WRITE_
 		&& is_at_no_user_mod( desc->ad_type )
 		&& desc != slap_schema.si_ad_entry
 		&& desc != slap_schema.si_ad_children )
@@ -398,7 +398,7 @@ access_allowed_mask(
 		{
 			access = ACL_AUTH;
 
-		} else if ( get_relax( op ) && access_level == ACL_WRITE &&
+		} else if ( get_relax( op ) && access_level == ACL_WRITE_ &&
 			desc == slap_schema.si_ad_entry )
 		{
 			access = ACL_MANAGE;
@@ -2659,7 +2659,12 @@ regex_matches(
 		str = "";
 	};
 
-	acl_string_expand( &bv, pat, dn_matches, val_matches, matches );
+	if ( acl_string_expand( &bv, pat, dn_matches, val_matches, matches )) {
+		Debug( LDAP_DEBUG_TRACE,
+			"expand( \"%s\", \"%s\") failed\n",
+			pat->bv_val, str, 0 );
+		return( 0 );
+	}
 	rc = regcomp( &re, newbuf, REG_EXTENDED|REG_ICASE );
 	if ( rc ) {
 		char error[ACL_BUF_SIZE];