X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Facl.c;h=281d96e66a588e538f91fa1b8dc81bcf5af149c0;hb=40b685b70df4b5692f7380f69ef6377053660986;hp=449138fae094c0ef8d424eecb2411e40b8c06945;hpb=526d010635ba36825f995ffe4d9ce4b6eea564ea;p=openldap diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index 449138fae0..281d96e66a 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -605,17 +605,17 @@ acl_mask( * user is bound as somebody in the same namespace as * the entry, OR the given dn matches the dn pattern */ - if ( ber_bvcmp( &b->a_dn_pat, &aci_bv_anonymous ) == 0 ) { + if ( bvmatch( &b->a_dn_pat, &aci_bv_anonymous ) ) { if ( op->o_ndn.bv_len != 0 ) { continue; } - } else if ( ber_bvcmp( &b->a_dn_pat, &aci_bv_users ) == 0 ) { + } else if ( bvmatch( &b->a_dn_pat, &aci_bv_users ) ) { if ( op->o_ndn.bv_len == 0 ) { continue; } - } else if ( ber_bvcmp( &b->a_dn_pat, &aci_bv_self ) == 0 ) { + } else if ( bvmatch( &b->a_dn_pat, &aci_bv_self ) ) { if ( op->o_ndn.bv_len == 0 ) { continue; } @@ -764,7 +764,7 @@ dn_match_cleanup:; if ( b->a_domain_expand ) { struct berval bv; - bv.bv_len = sizeof(buf); + bv.bv_len = sizeof(buf) - 1; bv.bv_val = buf; string_expand(&bv, &b->a_domain_pat, e->e_ndn, matches); @@ -919,7 +919,6 @@ dn_match_cleanup:; } if ( b->a_group_pat.bv_len ) { - char buf[ACL_BUF_SIZE]; struct berval bv; struct berval ndn = { 0, NULL }; int rc; @@ -928,29 +927,33 @@ dn_match_cleanup:; continue; } - bv.bv_len = sizeof(buf) - 1; - bv.bv_val = buf; - /* b->a_group is an unexpanded entry name, expanded it should be an * entry with objectclass group* and we test to see if odn is one of * the values in the attribute group */ /* see if asker is listed in dnattr */ if ( b->a_group_style == ACL_STYLE_REGEX ) { - string_expand(&bv, &b->a_group_pat, e->e_ndn, matches); - if ( dnNormalize2(NULL, &bv, &ndn) != LDAP_SUCCESS ) { + char buf[ACL_BUF_SIZE]; + bv.bv_len = sizeof(buf) - 1; + bv.bv_val = buf; + + string_expand( &bv, &b->a_group_pat, e->e_ndn, matches ); + if ( dnNormalize2( NULL, &bv, &ndn ) != LDAP_SUCCESS ) { /* did not expand to a valid dn */ continue; } + bv = ndn; + } else { bv = b->a_group_pat; } - rc = backend_group(be, conn, op, e, &bv, &op->o_ndn, - b->a_group_oc, b->a_group_at); - if ( ndn.bv_val ) - free( ndn.bv_val ); + rc = backend_group( be, conn, op, e, &bv, &op->o_ndn, + b->a_group_oc, b->a_group_at ); + + if ( ndn.bv_val ) free( ndn.bv_val ); + if ( rc != 0 ) { continue; } @@ -1389,7 +1392,7 @@ aci_set_gather (void *cookie, struct berval *name, struct berval *attr) const char *text; AttributeDescription *desc = NULL; if (slap_bv2ad(attr, &desc, &text) == LDAP_SUCCESS) { - backend_attribute(cp->be, NULL, NULL, + backend_attribute(cp->be, NULL, cp->op, cp->e, &ndn, desc, &bvals); } free(ndn.bv_val); @@ -1438,7 +1441,7 @@ aci_match_set ( if ( dnNormalize2(NULL, &subjdn, &ndn) == LDAP_SUCCESS && slap_bv2ad(&setat, &desc, &text) == LDAP_SUCCESS ) { - backend_attribute(be, NULL, NULL, e, + backend_attribute(be, NULL, op, e, &ndn, desc, &bvals); if ( bvals != NULL ) { if ( bvals[0].bv_val != NULL ) { @@ -1670,11 +1673,12 @@ aci_group_member ( if (grp_oc != NULL && grp_ad != NULL ) { char buf[ACL_BUF_SIZE]; struct berval bv, ndn; - bv.bv_len = sizeof( buf ); + bv.bv_len = sizeof( buf ) - 1; bv.bv_val = (char *)&buf; string_expand(&bv, &subjdn, e->e_ndn, matches); if ( dnNormalize2(NULL, &bv, &ndn) == LDAP_SUCCESS ) { - rc = (backend_group(be, conn, op, e, &ndn, &op->o_ndn, grp_oc, grp_ad) == 0); + rc = (backend_group(be, conn, op, e, &ndn, &op->o_ndn, + grp_oc, grp_ad) == 0); free( ndn.bv_val ); } } @@ -1917,7 +1921,7 @@ regex_matches( struct berval bv; int rc; - bv.bv_len = sizeof(newbuf); + bv.bv_len = sizeof(newbuf) - 1; bv.bv_val = newbuf; if(str == NULL) str = "";