Changed Access->a_set_pat and acl->acl_dn_pat to struct berval to eliminate

strlen() from acl processing.

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 9b40f7232c77844dfe5bf26c9fbc03dd43c489e8..cba2eb50a130ede8551717e582f70ebfcbcf5e1e 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -314,7 +314,7 @@ acl_get(
        for ( ; a != NULL; a = a->acl_next ) {
                (*count) ++;
 
-               if (a->acl_dn_pat != NULL) {
+               if (a->acl_dn_pat.bv_len != 0) {
                        if ( a->acl_dn_style == ACL_STYLE_REGEX ) {
 #ifdef NEW_LOGGING
                                LDAP_LOG(( "acl", LDAP_LEVEL_DETAIL1,
@@ -336,7 +336,7 @@ acl_get(
                                Debug( LDAP_DEBUG_ACL, "=> dn: [%d] %s\n", 
                                        *count, a->acl_dn_pat, 0 );
 #endif
-                               patlen = strlen( a->acl_dn_pat );
+                               patlen = a->acl_dn_pat.bv_len;
                                if ( dnlen < patlen )
                                        continue;
 
@@ -369,7 +369,7 @@ acl_get(
                                                continue;
                                }
 
-                               if ( strcmp( a->acl_dn_pat, e->e_ndn + dnlen - patlen ) != 0 )
+                               if ( strcmp( a->acl_dn_pat.bv_val, e->e_ndn + dnlen - patlen ) != 0 )
                                        continue;
                        }
 
@@ -771,12 +771,8 @@ acl_mask(
                        }
                }
 
-               if ( b->a_set_pat != NULL ) {
-                       struct berval bv;
-
-                       bv.bv_val = b->a_set_pat;
-                       bv.bv_len = strlen(b->a_set_pat);
-                       if (aci_match_set( &bv, be, e, conn, op, 0 ) == 0) {
+               if ( b->a_set_pat.bv_len != 0 ) {
+                       if (aci_match_set( &b->a_set_pat, be, e, conn, op, 0 ) == 0) {
                                continue;
                        }
                }

diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index 2b9042665eb7e7bbe21d30ab0e4ccb633be62fb8..5c061745aeab61ea30aa085ac2d23a5fbc42dbac 100644 (file)
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -111,11 +111,6 @@ parse_acl(
                                acl_usage();
                        }
                        a = (AccessControl *) ch_calloc( 1, sizeof(AccessControl) );
-                       a->acl_filter = NULL;
-                       a->acl_dn_pat = NULL;
-                       a->acl_attrs  = NULL;
-                       a->acl_access = NULL;
-                       a->acl_next   = NULL;
                        for ( ++i; i < argc; i++ ) {
                                if ( strcasecmp( argv[i], "by" ) == 0 ) {
                                        i--;
@@ -123,7 +118,7 @@ parse_acl(
                                }
 
                                if ( strcasecmp( argv[i], "*" ) == 0 ) {
-                                       if( a->acl_dn_pat != NULL ) {
+                                       if( a->acl_dn_pat.bv_len != 0 ) {
                                                fprintf( stderr,
                                                        "%s: line %d: dn pattern"
                                                        " already specified in to clause.\n",
@@ -131,7 +126,8 @@ parse_acl(
                                                acl_usage();
                                        }
 
-                                       a->acl_dn_pat = ch_strdup( "*" );
+                                       a->acl_dn_pat.bv_val = ch_strdup( "*" );
+                                       a->acl_dn_pat.bv_len = 1;
                                        continue;
                                }
 
@@ -146,7 +142,7 @@ parse_acl(
                                }
 
                                if ( strcasecmp( left, "dn" ) == 0 ) {
-                                       if( a->acl_dn_pat != NULL ) {
+                                       if( a->acl_dn_pat.bv_len != 0 ) {
                                                fprintf( stderr,
                                                        "%s: line %d: dn pattern"
                                                        " already specified in to clause.\n",
@@ -166,26 +162,32 @@ parse_acl(
                                                        || strcmp(right, ".*$$") == 0 
                                                        || strcmp(right, "^.*$$") == 0 )
                                                {
-                                                       a->acl_dn_pat = ch_strdup( "*" );
+                                                       a->acl_dn_pat.bv_val = ch_strdup( "*" );
+                                                       a->acl_dn_pat.bv_len = 1;
 
                                                } else {
-                                                       a->acl_dn_pat = acl_regex_normalized_dn( right );
+                                                       a->acl_dn_pat.bv_val = acl_regex_normalized_dn( right );
+                                                       a->acl_dn_pat.bv_len = strlen( a->acl_dn_pat.bv_val );
                                                }
                                        } else if ( strcasecmp( style, "base" ) == 0 ) {
                                                a->acl_dn_style = ACL_STYLE_BASE;
-                                               a->acl_dn_pat = ch_strdup( right );
+                                               a->acl_dn_pat.bv_val = ch_strdup( right );
+                                               a->acl_dn_pat.bv_len = strlen( right );
 
                                        } else if ( strcasecmp( style, "one" ) == 0 ) {
                                                a->acl_dn_style = ACL_STYLE_ONE;
-                                               a->acl_dn_pat = ch_strdup( right );
+                                               a->acl_dn_pat.bv_val = ch_strdup( right );
+                                               a->acl_dn_pat.bv_len = strlen( right );
 
                                        } else if ( strcasecmp( style, "subtree" ) == 0 ) {
                                                a->acl_dn_style = ACL_STYLE_SUBTREE;
-                                               a->acl_dn_pat = ch_strdup( right );
+                                               a->acl_dn_pat.bv_val = ch_strdup( right );
+                                               a->acl_dn_pat.bv_len = strlen( right );
 
                                        } else if ( strcasecmp( style, "children" ) == 0 ) {
                                                a->acl_dn_style = ACL_STYLE_CHILDREN;
-                                               a->acl_dn_pat = ch_strdup( right );
+                                               a->acl_dn_pat.bv_val = ch_strdup( right );
+                                               a->acl_dn_pat.bv_len = strlen( right );
 
                                        } else {
                                                fprintf( stderr,
@@ -221,18 +223,22 @@ parse_acl(
                                }
                        }
 
-                       if ( a->acl_dn_pat != NULL && strcmp(a->acl_dn_pat, "*") == 0) {
-                               free( a->acl_dn_pat );
-                               a->acl_dn_pat = NULL;
+                       if ( a->acl_dn_pat.bv_len != 0 && strcmp(a->acl_dn_pat.bv_val, "*") == 0) {
+                               free( a->acl_dn_pat.bv_val );
+                               a->acl_dn_pat.bv_val = NULL;
+                               a->acl_dn_pat.bv_len = 0;
                        }
                        
-                       if( a->acl_dn_pat != NULL ) {
+                       if( a->acl_dn_pat.bv_len != 0 ) {
                                if ( a->acl_dn_style != ACL_STYLE_REGEX )
                                {
-                                       dn_normalize(a->acl_dn_pat);
-
+                                       struct berval *bv;
+                                       dnNormalize( NULL, &a->acl_dn_pat, &bv);
+                                       free( a->acl_dn_pat.bv_val );
+                                       a->acl_dn_pat = *bv;
+                                       free( bv );
                                } else {
-                                       int e = regcomp( &a->acl_dn_re, a->acl_dn_pat,
+                                       int e = regcomp( &a->acl_dn_re, a->acl_dn_pat.bv_val,
                                                         REG_EXTENDED | REG_ICASE );
                                        if ( e ) {
                                                char buf[512];
@@ -670,7 +676,7 @@ parse_acl(
                                }
 
                                if ( strcasecmp( left, "set" ) == 0 ) {
-                                       if( b->a_set_pat != NULL ) {
+                                       if( b->a_set_pat.bv_len != 0 ) {
                                                fprintf( stderr,
                                                        "%s: line %d: set attribute already specified.\n",
                                                        fname, lineno );
@@ -685,7 +691,8 @@ parse_acl(
                                        }
 
                                        b->a_set_style = sty;
-                                       b->a_set_pat = ch_strdup(right);
+                                       b->a_set_pat.bv_val = ch_strdup(right);
+                                       b->a_set_pat.bv_len = strlen(right);
 
                                        continue;
                                }
@@ -1231,8 +1238,8 @@ access_free( Access *a )
                free ( a->a_domain_pat );
        if ( a->a_sockurl_pat )
                free ( a->a_sockurl_pat );
-       if ( a->a_set_pat )
-               free ( a->a_set_pat );
+       if ( a->a_set_pat.bv_len )
+               free ( a->a_set_pat.bv_val );
        if ( a->a_group_pat )
                free ( a->a_group_pat );
        free( a );
@@ -1245,8 +1252,8 @@ acl_free( AccessControl *a )
 
        if ( a->acl_filter )
                filter_free( a->acl_filter );
-       if ( a->acl_dn_pat )
-               free ( a->acl_dn_pat );
+       if ( a->acl_dn_pat.bv_len )
+               free ( a->acl_dn_pat.bv_val );
        if ( a->acl_attrs )
                charray_free( a->acl_attrs );
        for (; a->acl_access; a->acl_access = n) {
@@ -1439,10 +1446,10 @@ print_acl( Backend *be, AccessControl *a )
        fprintf( stderr, "%s ACL: access to",
                be == NULL ? "Global" : "Backend" );
 
-       if ( a->acl_dn_pat != NULL ) {
+       if ( a->acl_dn_pat.bv_len != 0 ) {
                to++;
                fprintf( stderr, " dn.%s=%s\n",
-                       style_strings[a->acl_dn_style], a->acl_dn_pat );
+                       style_strings[a->acl_dn_style], a->acl_dn_pat.bv_val );
        }
 
        if ( a->acl_filter != NULL ) {

diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 697aeb30b4bd59412b8ac67f2bb616f8ab5fdd70..86e828de5db1a2ee160948cb97bf589ec1fcbb16 100644 (file)
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -796,7 +796,7 @@ typedef struct slap_access {
        slap_style_t a_sockurl_style;
        char            *a_sockurl_pat;
        slap_style_t a_set_style;
-       char            *a_set_pat;
+       struct berval   a_set_pat;
 
 #ifdef SLAPD_ACI_ENABLED
        AttributeDescription    *a_aci_at;
@@ -817,7 +817,7 @@ typedef struct slap_acl {
        Filter          *acl_filter;
        slap_style_t acl_dn_style;
        regex_t         acl_dn_re;
-       char            *acl_dn_pat;
+       struct berval   acl_dn_pat;
        char            **acl_attrs;
 
        /* "by" part: list of who has what access to the entries */