X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Faclparse.c;h=fddae6b13a5eec2f6a9fbe8fdb2e6db8a78150b0;hb=b94a77687075b0eb2d54d087b8b956d197c1023c;hp=39e7f7831260db8e12c5bf461b49f8319dfb7b1c;hpb=e79fbb88cf67006c8be2f87ea9725bf03970861f;p=openldap
diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index 39e7f78312..fddae6b13a 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -45,7 +45,11 @@ static char *style_strings[] = {
"one",
"subtree",
"children",
+ "level",
"attrof",
+ "anonymous",
+ "users",
+ "self",
"ip",
"path",
NULL
@@ -62,10 +66,7 @@ static void print_acl(Backend *be, AccessControl *a);
static void print_access(Access *b);
#endif
-#ifdef LDAP_DEVEL
-static int
-check_scope( BackendDB *be, AccessControl *a );
-#endif /* LDAP_DEVEL */
+static int check_scope( BackendDB *be, AccessControl *a );
#ifdef SLAP_DYNACL
static int
@@ -160,7 +161,6 @@ regtest(const char *fname, int lineno, char *pat) {
regfree(&re);
}
-#ifdef LDAP_DEVEL
/*
* Experimental
*
@@ -181,18 +181,24 @@ check_scope( BackendDB *be, AccessControl *a )
dn = be->be_nsuffix[0];
+ if ( BER_BVISEMPTY( &dn ) ) {
+ return ACL_SCOPE_OK;
+ }
+
if ( !BER_BVISEMPTY( &a->acl_dn_pat ) ||
a->acl_dn_style != ACL_STYLE_REGEX )
{
slap_style_t style = a->acl_dn_style;
if ( style == ACL_STYLE_REGEX ) {
- char dnbuf[SLAP_LDAPDN_MAXLEN + 2];
- char rebuf[SLAP_LDAPDN_MAXLEN + 1];
- regex_t re;
- int rc;
+ char dnbuf[SLAP_LDAPDN_MAXLEN + 2];
+ char rebuf[SLAP_LDAPDN_MAXLEN + 1];
+ ber_len_t rebuflen;
+ regex_t re;
+ int rc;
- /* add trailing '$' */
+ /* add trailing '$' to database suffix to form
+ * a simple trial regex pattern "$" */
AC_MEMCPY( dnbuf, be->be_nsuffix[0].bv_val,
be->be_nsuffix[0].bv_len );
dnbuf[be->be_nsuffix[0].bv_len] = '$';
@@ -202,17 +208,26 @@ check_scope( BackendDB *be, AccessControl *a )
return ACL_SCOPE_WARN;
}
- /* remove trailing '$' */
- AC_MEMCPY( rebuf, a->acl_dn_pat.bv_val,
- a->acl_dn_pat.bv_len + 1 );
- if ( a->acl_dn_pat.bv_val[a->acl_dn_pat.bv_len - 1] == '$' ) {
- rebuf[a->acl_dn_pat.bv_len - 1] = '\0';
+ /* remove trailing ')$', if any, from original
+ * regex pattern */
+ rebuflen = a->acl_dn_pat.bv_len;
+ AC_MEMCPY( rebuf, a->acl_dn_pat.bv_val, rebuflen + 1 );
+ if ( rebuf[rebuflen - 1] == '$' ) {
+ rebuf[--rebuflen] = '\0';
+ }
+ while ( rebuflen > be->be_nsuffix[0].bv_len && rebuf[rebuflen - 1] == ')' ) {
+ rebuf[--rebuflen] = '\0';
+ }
+ if ( rebuflen == be->be_nsuffix[0].bv_len ) {
+ rc = ACL_SCOPE_WARN;
+ goto regex_done;
}
/* not a clear indication of scoping error, though */
rc = regexec( &re, rebuf, 0, NULL, 0 )
? ACL_SCOPE_WARN : ACL_SCOPE_OK;
+regex_done:;
regfree( &re );
return rc;
}
@@ -226,8 +241,8 @@ check_scope( BackendDB *be, AccessControl *a )
/* base is blatantly wrong */
if ( style == ACL_STYLE_BASE ) return ACL_SCOPE_ERR;
- /* one can be wrong if there is more
- * than one level between the suffix
+ /* a style of one can be wrong if there is
+ * more than one level between the suffix
* and the pattern */
if ( style == ACL_STYLE_ONE ) {
int rdnlen = -1, sep = 0;
@@ -284,7 +299,6 @@ check_scope( BackendDB *be, AccessControl *a )
return ACL_SCOPE_UNKNOWN;
}
-#endif /* LDAP_DEVEL */
void
parse_acl(
@@ -292,8 +306,7 @@ parse_acl(
const char *fname,
int lineno,
int argc,
- char **argv
-)
+ char **argv )
{
int i;
char *left, *right, *style, *next;
@@ -495,7 +508,7 @@ parse_acl(
a->acl_attrs[0].an_desc->ad_cname.bv_val );
a->acl_attrval_style = ACL_STYLE_BASE;
}
-
+
} else {
fprintf( stderr,
"%s: line %d: unknown val.