X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Facl.c;h=48f93c81966e13ef2a29442da677e0b231b100d3;hb=3bf9998d7885ef6bbc4690d4229e5cb5068a35de;hp=59478d83a6b2c4605ab2ccb5767e3ac3c6a0406b;hpb=3c5068bc1fa84fc5daf1e50d4f1a929cec91b7e9;p=openldap

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 59478d83a6..48f93c8196 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2007 The OpenLDAP Foundation.
+ * Copyright 1998-2008 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -234,13 +234,13 @@ slap_access_allowed(
 				( state->as_recorded & ACL_STATE_RECORDED_NV ) )
 			{
 				Debug( LDAP_DEBUG_ACL,
-					"=> slap_access_allowed: result from state (%s)\n",
+					"=> slap_access_allowed: result was in cache (%s)\n",
 					attr, 0, 0 );
 				ret = state->as_result;
 				goto done;
 			} else {
 				Debug( LDAP_DEBUG_ACL,
-					"=> slap_access_allowed: no res from state (%s)\n",
+					"=> slap_access_allowed: result not in cache (%s)\n",
 					attr, 0, 0 );
 			}
 		}
@@ -304,7 +304,7 @@ fe_access_allowed(
 	be_orig = op->o_bd;
 
 	if ( op->o_bd == NULL ) {
-		op->o_bd = select_backend( &op->o_req_ndn, 0, 0 );
+		op->o_bd = select_backend( &op->o_req_ndn, 0 );
 		if ( op->o_bd == NULL )
 			op->o_bd = frontendDB;
 	}
@@ -974,11 +974,10 @@ acl_mask_dnattr(
 		at != NULL;
 		at = attrs_find( at->a_next, bdn->a_at ) )
 	{
-		if ( value_find_ex( bdn->a_at,
+		if ( attr_valfind( at,
 			SLAP_MR_ATTRIBUTE_VALUE_NORMALIZED_MATCH |
 				SLAP_MR_ASSERTED_VALUE_NORMALIZED_MATCH,
-			at->a_nvals,
-			&bv, op->o_tmpmemctx ) == 0 )
+			&bv, NULL, op->o_tmpmemctx ) == 0 )
 		{
 			/* found it */
 			match = 1;
@@ -1281,7 +1280,7 @@ slap_acl_mask(
 					/* extract IP and try exact match */
 					} else if ( b->a_peername_style == ACL_STYLE_IP ) {
 						char		*port;
-						char		buf[] = "255.255.255.255";
+						char		buf[STRLENOF("255.255.255.255") + 1];
 						struct berval	ip;
 						unsigned long	addr;
 						int		port_number = -1;
@@ -1326,7 +1325,7 @@ slap_acl_mask(
 					/* extract IPv6 and try exact match */
 					} else if ( b->a_peername_style == ACL_STYLE_IPV6 ) {
 						char		*port;
-						char		buf[] = "FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF";
+						char		buf[STRLENOF("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF") + 1];
 						struct berval	ip;
 						struct in6_addr	addr;
 						int		port_number = -1;
@@ -2032,6 +2031,10 @@ acl_set_cb_gather( Operation *op, SlapReply *rs )
 
 		for ( j = 0; !BER_BVISNULL( &rs->sr_attrs[ j ].an_name ); j++ ) {
 			AttributeDescription	*desc = rs->sr_attrs[ j ].an_desc;
+
+			if ( desc == NULL ) {
+				continue;
+			}
 			
 			if ( desc == slap_schema.si_ad_entryDN ) {
 				bvalsp = bvals;
@@ -2043,17 +2046,12 @@ acl_set_cb_gather( Operation *op, SlapReply *rs )
 
 				a = attr_find( rs->sr_entry->e_attrs, desc );
 				if ( a != NULL ) {
-					int	i;
-
-					for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ )
-						;
-
 					bvalsp = a->a_nvals;
 				}
 			}
 		}
 
-		if ( bvals ) {
+		if ( bvalsp ) {
 			p->bvals = slap_set_join( p->cookie, p->bvals,
 					( '|' | SLAP_SET_RREF ), bvalsp );
 		}
@@ -2077,8 +2075,6 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
 	int			nattrs = 0;
 	slap_callback		cb = { NULL, acl_set_cb_gather, NULL, NULL };
 	acl_set_gather_t	p = { 0 };
-	const char		*text = NULL;
-	static struct berval	defaultFilter_bv = BER_BVC( "(objectClass=*)" );
 
 	/* this routine needs to return the bervals instead of
 	 * plain strings, since syntax is not known.  It should
@@ -2090,6 +2086,10 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
 
 	rc = ldap_url_parse( name->bv_val, &ludp );
 	if ( rc != LDAP_URL_SUCCESS ) {
+		Debug( LDAP_DEBUG_TRACE,
+			"%s acl_set_gather: unable to parse URL=\"%s\"\n",
+			cp->asc_op->o_log_prefix, name->bv_val, 0 );
+
 		rc = LDAP_PROTOCOL_ERROR;
 		goto url_done;
 	}
@@ -2098,6 +2098,10 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
 	{
 		/* host part must be empty */
 		/* extensions parts must be empty */
+		Debug( LDAP_DEBUG_TRACE,
+			"%s acl_set_gather: host/exts must be absent in URL=\"%s\"\n",
+			cp->asc_op->o_log_prefix, name->bv_val, 0 );
+
 		rc = LDAP_PROTOCOL_ERROR;
 		goto url_done;
 	}
@@ -2108,11 +2112,19 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
 			&op2.o_req_ndn, cp->asc_op->o_tmpmemctx );
 	BER_BVZERO( &op2.o_req_dn );
 	if ( rc != LDAP_SUCCESS ) {
+		Debug( LDAP_DEBUG_TRACE,
+			"%s acl_set_gather: DN=\"%s\" normalize failed\n",
+			cp->asc_op->o_log_prefix, op2.o_req_dn.bv_val, 0 );
+
 		goto url_done;
 	}
 
-	op2.o_bd = select_backend( &op2.o_req_ndn, 0, 1 );
+	op2.o_bd = select_backend( &op2.o_req_ndn, 1 );
 	if ( ( op2.o_bd == NULL ) || ( op2.o_bd->be_search == NULL ) ) {
+		Debug( LDAP_DEBUG_TRACE,
+			"%s acl_set_gather: no database could be selected for DN=\"%s\"\n",
+			cp->asc_op->o_log_prefix, op2.o_req_ndn.bv_val, 0 );
+
 		rc = LDAP_NO_SUCH_OBJECT;
 		goto url_done;
 	}
@@ -2121,35 +2133,46 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
 	if ( ludp->lud_filter ) {
 		ber_str2bv_x( ludp->lud_filter, 0, 0, &op2.ors_filterstr,
 				cp->asc_op->o_tmpmemctx );
+		op2.ors_filter = str2filter_x( cp->asc_op, op2.ors_filterstr.bv_val );
+		if ( op2.ors_filter == NULL ) {
+			Debug( LDAP_DEBUG_TRACE,
+				"%s acl_set_gather: unable to parse filter=\"%s\"\n",
+				cp->asc_op->o_log_prefix, op2.ors_filterstr.bv_val, 0 );
+
+			rc = LDAP_PROTOCOL_ERROR;
+			goto url_done;
+		}
 		
 	} else {
-		op2.ors_filterstr = defaultFilter_bv;
+		op2.ors_filterstr = *slap_filterstr_objectClass_pres;
+		op2.ors_filter = (Filter *)slap_filter_objectClass_pres;
 	}
 
-	op2.ors_filter = str2filter_x( cp->asc_op, op2.ors_filterstr.bv_val );
-	if ( op2.ors_filter == NULL ) {
-		rc = LDAP_PROTOCOL_ERROR;
-		goto url_done;
-	}
 
 	/* Grab the scope */
 	op2.ors_scope = ludp->lud_scope;
 
 	/* Grap the attributes */
 	if ( ludp->lud_attrs ) {
+		int i;
+
 		for ( ; ludp->lud_attrs[ nattrs ]; nattrs++ )
 			;
 
-		anlistp = slap_sl_malloc( sizeof( AttributeName ) * ( nattrs + 2 ),
+		anlistp = slap_sl_calloc( sizeof( AttributeName ), nattrs + 2,
 				cp->asc_op->o_tmpmemctx );
 
-		for ( ; ludp->lud_attrs[ nattrs ]; nattrs++ ) {
-			ber_str2bv( ludp->lud_attrs[ nattrs ], 0, 0, &anlistp[ nattrs ].an_name );
-			anlistp[ nattrs ].an_desc = NULL;
-			rc = slap_bv2ad( &anlistp[ nattrs ].an_name,
-					&anlistp[ nattrs ].an_desc, &text );
-			if ( rc != LDAP_SUCCESS ) {
-				goto url_done;
+		for ( i = 0, nattrs = 0; ludp->lud_attrs[ i ]; i++ ) {
+			struct berval		name;
+			AttributeDescription	*desc = NULL;
+			const char		*text = NULL;
+
+			ber_str2bv( ludp->lud_attrs[ i ], 0, 0, &name );
+			rc = slap_bv2ad( &name, &desc, &text );
+			if ( rc == LDAP_SUCCESS ) {
+				anlistp[ nattrs ].an_name = name;
+				anlistp[ nattrs ].an_desc = desc;
+				nattrs++;
 			}
 		}
 
@@ -2186,7 +2209,7 @@ acl_set_gather( SetCookie *cookie, struct berval *name, AttributeDescription *de
 	}
 
 url_done:;
-	if ( op2.ors_filter ) {
+	if ( op2.ors_filter && op2.ors_filter != slap_filter_objectClass_pres ) {
 		filter_free_x( cp->asc_op, op2.ors_filter );
 	}
 	if ( !BER_BVISNULL( &op2.o_req_ndn ) ) {