#ifdef SLAPD_SCHEMA_NOT_COMPAT
AttributeDescription *desc,
#else
- const char *attr,
+ const char *desc,
#endif
int nmatches, regmatch_t *matches );
#ifdef SLAPD_SCHEMA_NOT_COMPAT
AttributeDescription *desc,
#else
- const char *attr,
+ const char *desc,
#endif
struct berval *val,
regmatch_t *matches );
#ifdef SLAPD_SCHEMA_NOT_COMPAT
AttributeDescription *desc,
#else
- const char *attr,
+ const char *desc,
#endif
- struct berval *val, struct berval *aci,
- regmatch_t *matches, slap_access_t *grant, slap_access_t *deny );
+ struct berval *val,
+ struct berval *aci,
+ regmatch_t *matches,
+ slap_access_t *grant,
+ slap_access_t *deny );
char *supportedACIMechs[] = {
"1.3.6.1.4.1.4203.666.7.1", /* experimental IETF aci family */
Operation *op,
Entry *e,
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- AttributeDescription *attr,
+ AttributeDescription *desc,
#else
- const char *attr,
+ const char *desc,
#endif
struct berval *val,
slap_access_t access )
slap_access_mask_t mask;
slap_control_t control;
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ const char *attr = desc ? desc->ad_cname->bv_val : NULL;
+#else
+ const char *attr = desc;
+#endif
+
regmatch_t matches[MAXREMATCHES];
Debug( LDAP_DEBUG_ACL,
* by the user
*/
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- if ( access >= ACL_WRITE && is_at_no_user_mod( attr->ad_type ) )
+ if ( access >= ACL_WRITE && is_at_no_user_mod( desc->ad_type ) )
#else
if ( access >= ACL_WRITE && oc_check_op_no_usermod_attr( attr ) )
#endif
a = NULL;
count = 0;
- while( a = acl_get( a, &count, be, op, e, attr, MAXREMATCHES, matches ) )
+ while( a = acl_get( a, &count, be, op, e, desc, MAXREMATCHES, matches ) )
{
int i;
}
control = acl_mask( a, &mask, be, conn, op,
- e, attr, val, matches );
+ e, desc, val, matches );
if ( control != ACL_BREAK ) {
break;
assert( e != NULL );
assert( count != NULL );
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ attr = desc ? desc->ad_cname->bv_val : NULL;
+#else
+ attr = desc;
+#endif
+
if( a == NULL ) {
if( be == NULL ) {
a = global_acl;
a = a->acl_next;
}
-#ifdef SLAPD_SCHEMA_NOT_COMPAT
- attr = desc->ad_cname->bv_val;
-#else
- attr = desc;
-#endif
-
for ( ; a != NULL; a = a->acl_next ) {
(*count) ++;
Operation *op,
Entry *e,
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- AttributeDescription *attr,
+ AttributeDescription *desc,
#else
- const char *attr,
+ const char *desc,
#endif
struct berval *val,
regmatch_t *matches
#ifdef LDAP_DEBUG
char accessmaskbuf[ACCESSMASK_MAXLEN];
#endif
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ const char *attr = desc ? desc->ad_cname->bv_val : NULL;
+#else
+ const char *attr = desc;
+#endif
assert( a != NULL );
assert( mask != NULL );
if ( b->a_dn_at != NULL && op->o_ndn != NULL ) {
Attribute *at;
struct berval bv;
+#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ int match;
+ const char *text;
+#endif
Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n",
b->a_dn_at, 0, 0);
at = attrs_find( e->e_attrs->a_next, b->a_dn_at ) )
{
if( value_find( b->a_dn_at, at->a_vals, &bv ) == 0 ) {
+ /* found it */
+ match = 1;
+ break;
}
}
+ if( match ) {
+ if ( b->a_dn_self && (val == NULL
+ || value_match( &match, b->a_dn_at,
+ b->a_dn_at->ad_type->sat_equality, &bv, val, &text ) )
+ != LDAP_SUCCESS
+ || match )
+ {
+ continue;
+ }
+ } else if ( ! b->a_dn_self || val == NULL
+ || value_match( &match, b->a_dn_at,
+ b->a_dn_at->ad_type->sat_equality, &bv, val, &text )
+ != LDAP_SUCCESS
+ || match )
+ {
+ continue;
+ }
#else
/* see if asker is listed in dnattr */
if ( (at = attr_find( e->e_attrs, b->a_dn_at )) != NULL &&
int usage = 0;
struct berval *nv1 = NULL;
+ if( !mr->smr_match ) {
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+
if( ad->ad_type->sat_syntax->ssyn_normalize ) {
rc = ad->ad_type->sat_syntax->ssyn_normalize(
ad->ad_type->sat_syntax, v1, &nv1 );
}
}
- if( !mr->smr_match ) {
- return LDAP_INAPPROPRIATE_MATCHING;
- }
-
rc = (mr->smr_match)( match, usage,
ad->ad_type->sat_syntax,
mr,
{
int i;
#ifdef SLAPD_SCHEMA_NOT_COMPAT
+ int rc;
+ struct berval *nval = NULL;
MatchingRule *mr = ad->ad_type->sat_equality;
if( mr == NULL || !mr->smr_match ) {
return LDAP_INAPPROPRIATE_MATCHING;
}
+
+ if( mr->smr_syntax->ssyn_normalize ) {
+ rc = mr->smr_syntax->ssyn_normalize(
+ mr->smr_syntax, val, &nval );
+
+ if( rc != LDAP_SUCCESS ) {
+ return LDAP_INAPPROPRIATE_MATCHING;
+ }
+ }
#endif
for ( i = 0; vals[i] != NULL; i++ ) {
#ifdef SLAPD_SCHEMA_NOT_COMPAT
- int rc;
int match;
const char *text;
- rc = value_match( &match, ad, mr, vals[i], val, &text );
+
+ rc = value_match( &match, ad, mr, vals[i],
+ nval == NULL ? val : nval, &text );
if( rc == LDAP_SUCCESS && match == 0 )
#else
projects / openldap / commitdiff