control = ACL_BREAK;
if ( st_same_attr ) {
+#if 0
assert( state->as_vd_acl != NULL );
+#endif
a = state->as_vd_acl;
count = state->as_vd_acl_count;
{
return state->as_result;
- } else if ( ( state->as_recorded & ACL_STATE_RECORDED_VD ) &&
+ }
+#if 0
+ else if ( ( state->as_recorded & ACL_STATE_RECORDED_VD ) &&
val != NULL && state->as_vd_acl == NULL )
{
return state->as_result;
}
+#endif
st_same_attr = 1;
} else {
*state = state_init;
dnlen = e->e_nname.bv_len;
- for ( ; a != NULL; a = a->acl_next ) {
+ for ( ; a != NULL; prev = a, a = a->acl_next ) {
(*count) ++;
if ( a->acl_dn_pat.bv_len || ( a->acl_dn_style != ACL_STYLE_REGEX )) {
if( state && !( state->as_recorded & ACL_STATE_RECORDED_VD )) {
state->as_recorded |= ACL_STATE_RECORDED_VD;
- state->as_vd_acl = a;
- state->as_vd_acl_count = *count;
- state->as_vd_access = a->acl_access;
- state->as_vd_access_count = 1;
+ state->as_vd_acl = prev;
+ state->as_vd_acl_count = *count - 1;
ACL_INVALIDATE( state->as_vd_acl_mask );
}
return( NULL );
}
-/*
- * Record value-dependent access control state
- */
-#define ACL_RECORD_VALUE_STATE do { \
- if( state && !( state->as_recorded & ACL_STATE_RECORDED_VD )) { \
- state->as_recorded |= ACL_STATE_RECORDED_VD; \
- state->as_vd_acl = a; \
- AC_MEMCPY( state->as_vd_acl_matches, matches, \
- sizeof( state->as_vd_acl_matches )) ; \
- state->as_vd_acl_count = count; \
- state->as_vd_access = b; \
- state->as_vd_access_count = i; \
- } \
- } while( 0 )
-
static int
acl_mask_dn(
Operation *op,
if ( ! bdn->a_self )
return 1;
- ACL_RECORD_VALUE_STATE;
-
/* this is a self clause, check if the target is an
* attribute.
*/
accessmask2str( *mask, accessmaskbuf, 1 ) );
- if( state && ( state->as_recorded & ACL_STATE_RECORDED_VD )
- && state->as_vd_acl == a )
- {
- b = state->as_vd_access;
- i = state->as_vd_access_count;
-
- } else {
- b = a->acl_access;
- i = 1;
- }
+ b = a->acl_access;
+ i = 1;
for ( ; b != NULL; b = b->a_next, i++ ) {
slap_mask_t oldmask, modmask;
const char *dummy;
int rc, match = 0;
- ACL_RECORD_VALUE_STATE;
-
/* must have DN syntax */
if ( desc->ad_type->sat_syntax != slap_schema.si_syn_distinguishedName &&
!is_at_syntax( desc->ad_type, SLAPD_NAMEUID_SYNTAX )) continue;
} slap_acl_state_t;
typedef struct slap_acl_state {
- slap_acl_state_t as_recorded;
-
/* Access state */
- AccessControl *as_vd_acl;
AccessControl *as_vi_acl;
+ AccessControl *as_vd_acl;
+ AttributeDescription *as_vd_ad;
+
slap_mask_t as_vd_acl_mask;
+
+ slap_acl_state_t as_recorded;
regmatch_t as_vd_acl_matches[MAXREMATCHES];
int as_vd_acl_count;
-
- Access *as_vd_access;
- int as_vd_access_count;
-
int as_result;
- AttributeDescription *as_vd_ad;
} AccessControlState;
-#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, NULL, 0UL, \
- { { 0, 0 } }, 0, NULL, 0, 0, NULL }
+#define ACL_STATE_INIT { NULL, NULL, NULL, 0UL, \
+ ACL_STATE_NOT_RECORDED, { { 0, 0 } }, 0, 0 }
/*
* Backend-info
projects / openldap / commitdiff