X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Facl.c;h=46159d21563a4ae45032583586c4270b58c2cbda;hb=804490a8b12a94a19e7c1a8710a7d8a2fb7d5477;hp=763a7e3f21e863ee8e38fae9308120465a9c6542;hpb=440637dde797ffe8f8e71b4ce3c063fc6a7c3ee6;p=openldap

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 763a7e3f21..46159d2156 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -17,25 +17,33 @@
 #include "sets.h"
 #include "lber_pvt.h"
 
+#define ACL_BUF_SIZE 	1024	/* use most appropriate size */
+
 
 /*
  * speed up compares
  */
 static struct berval 
-	aci_bv_entry 		= { sizeof("entry") - 1, 	"entry" },
-	aci_bv_br_entry		= { sizeof("[entry]") - 1,	"[entry]" },
-	aci_bv_br_all		= { sizeof("[all]") - 1,	"[all]" },
-	aci_bv_access_id 	= { sizeof("access-id") - 1, 	"access-id" },
-	aci_bv_anonymous	= { sizeof("anonymous") - 1,	"anonymous" },
-	aci_bv_users		= { sizeof("users") - 1,	"users" },
-	aci_bv_self 		= { sizeof("self") - 1, 	"self" },
-	aci_bv_dnattr 		= { sizeof("dnattr") - 1, 	"dnattr" },
-	aci_bv_group		= { sizeof("group") - 1, 	"group" },
-	aci_bv_role		= { sizeof("role") - 1, 	"role" },
-	aci_bv_set		= { sizeof("set") - 1, 		"set" },
-	aci_bv_set_ref		= { sizeof("set-ref") - 1,	"set-ref"},
-	aci_bv_grant		= { sizeof("grant") - 1,	"grant" },
-	aci_bv_deny		= { sizeof("deny") - 1,		"deny" };
+	aci_bv_entry 		= BER_BVC("entry"),
+	aci_bv_br_entry		= BER_BVC("[entry]"),
+	aci_bv_br_all		= BER_BVC("[all]"),
+	aci_bv_access_id 	= BER_BVC("access-id"),
+	aci_bv_anonymous	= BER_BVC("anonymous"),
+	aci_bv_users		= BER_BVC("users"),
+	aci_bv_self 		= BER_BVC("self"),
+	aci_bv_dnattr 		= BER_BVC("dnattr"),
+	aci_bv_group		= BER_BVC("group"),
+	aci_bv_role		= BER_BVC("role"),
+	aci_bv_set		= BER_BVC("set"),
+	aci_bv_set_ref		= BER_BVC("set-ref"),
+	aci_bv_grant		= BER_BVC("grant"),
+	aci_bv_deny		= BER_BVC("deny"),
+	
+	aci_bv_group_class 	= BER_BVC(SLAPD_GROUP_CLASS),
+	aci_bv_group_attr 	= BER_BVC(SLAPD_GROUP_ATTR),
+	aci_bv_role_class	= BER_BVC(SLAPD_ROLE_CLASS),
+	aci_bv_role_attr	= BER_BVC(SLAPD_ROLE_ATTR);
+
 
 static AccessControl * acl_get(
 	AccessControl *ac, int *count,
@@ -641,7 +649,7 @@ acl_mask(
 
 				if ( b->a_dn_expand ) {
 					struct berval bv;
-					char buf[1024];
+					char buf[ACL_BUF_SIZE];
 
 					bv.bv_len = sizeof( buf ) - 1;
 					bv.bv_val = buf;
@@ -754,7 +762,7 @@ dn_match_cleanup:;
 						continue;
 					}
 				} else {
-					char buf[1024];
+					char buf[ACL_BUF_SIZE];
 
 					struct berval 	cmp = conn->c_peer_domain;
 					struct berval 	pat = b->a_domain_pat;
@@ -917,7 +925,7 @@ dn_match_cleanup:;
 		}
 
 		if ( b->a_group_pat.bv_len ) {
-			char buf[1024];
+			char buf[ACL_BUF_SIZE];
 			struct berval bv;
 			struct berval ndn = { 0, NULL };
 			int rc;
@@ -1326,21 +1334,6 @@ acl_check_modlist(
 	return( 1 );
 }
 
-#if 0 /* not used any more */
-static char *
-aci_bvstrdup( struct berval *bv )
-{
-	char *s;
-
-	s = (char *)ch_malloc(bv->bv_len + 1);
-	if (s != NULL) {
-		AC_MEMCPY(s, bv->bv_val, bv->bv_len);
-		s[bv->bv_len] = 0;
-	}
-	return(s);
-}
-#endif
-
 static int
 aci_get_part(
 	struct berval *list,
@@ -1644,7 +1637,6 @@ aci_group_member (
 	regmatch_t	*matches
 )
 {
-	struct berval bv;
 	struct berval subjdn;
 	struct berval grpoc;
 	struct berval grpat;
@@ -1676,30 +1668,21 @@ aci_group_member (
 	grp_oc = oc_bvfind( &grpoc );
 
 	if (grp_oc != NULL && grp_ad != NULL ) {
-		struct berval ndn;
-		bv.bv_val = (char *)ch_malloc(1024);
-		bv.bv_len = 1024;
+		char buf[ACL_BUF_SIZE];
+		struct berval bv, ndn;
+		bv.bv_len = sizeof( buf );
+		bv.bv_val = (char *)&buf;
 		string_expand(&bv, &subjdn, e->e_ndn, matches);
 		if ( dnNormalize2(NULL, &bv, &ndn) == LDAP_SUCCESS ) {
 			rc = (backend_group(be, conn, op, e, &ndn, &op->o_ndn, grp_oc, grp_ad) == 0);
 			free( ndn.bv_val );
 		}
-		ch_free(bv.bv_val);
 	}
 
 done:
 	return(rc);
 }
 
-static struct berval GroupClass = {
-	sizeof(SLAPD_GROUP_CLASS)-1, SLAPD_GROUP_CLASS };
-static struct berval GroupAttr = {
-	sizeof(SLAPD_GROUP_ATTR)-1, SLAPD_GROUP_ATTR };
-static struct berval RoleClass = {
-	sizeof(SLAPD_ROLE_CLASS)-1, SLAPD_ROLE_CLASS };
-static struct berval RoleAttr = {
-	sizeof(SLAPD_ROLE_ATTR)-1, SLAPD_ROLE_ATTR };
-
 static int
 aci_mask(
     Backend			*be,
@@ -1767,10 +1750,9 @@ aci_mask(
 				rc = 0;
 			free(ndn.bv_val);
 		}
-		return(rc);
-	}
+		return (rc);
 
-	if (ber_bvstrcasecmp( &aci_bv_self, &bv ) == 0) {
+	} else if (ber_bvstrcasecmp( &aci_bv_self, &bv ) == 0) {
 		if (dn_match(&op->o_ndn, &e->e_nname))
 			return(1);
 
@@ -1803,11 +1785,11 @@ aci_mask(
 
 
 	} else if (ber_bvstrcasecmp( &aci_bv_group, &bv ) == 0) {
-		if (aci_group_member(&sdn, &GroupClass, &GroupAttr, be, e, conn, op, matches))
+		if (aci_group_member(&sdn, &aci_bv_group_class, &aci_bv_group_attr, be, e, conn, op, matches))
 			return(1);
 
 	} else if (ber_bvstrcasecmp( &aci_bv_role, &bv ) == 0) {
-		if (aci_group_member(&sdn, &RoleClass, &RoleAttr, be, e, conn, op, matches))
+		if (aci_group_member(&sdn, &aci_bv_role_class, &aci_bv_role_attr, be, e, conn, op, matches))
 			return(1);
 
 	} else if (ber_bvstrcasecmp( &aci_bv_set, &bv ) == 0) {