}
} else if ( strncasecmp( left, "val", 3 ) == 0 ) {
- char *mr;
+ struct berval bv;
+ char *mr;
if ( !BER_BVISEMPTY( &a->acl_attrval ) ) {
Debug( LDAP_DEBUG_ANY,
return acl_usage();
}
- ber_str2bv( right, 0, 1, &a->acl_attrval );
+ ber_str2bv( right, 0, 0, &bv );
a->acl_attrval_style = ACL_STYLE_BASE;
mr = strchr( left, '/' );
if ( style != NULL ) {
if ( strcasecmp( style, "regex" ) == 0 ) {
- int e = regcomp( &a->acl_attrval_re, a->acl_attrval.bv_val,
+ int e = regcomp( &a->acl_attrval_re, bv.bv_val,
REG_EXTENDED | REG_ICASE | REG_NOSUB );
if ( e ) {
char err[SLAP_TEXT_BUFLEN],
} else if ( a->acl_attrs[0].an_desc->ad_type->
sat_syntax == slap_schema.si_syn_distinguishedName )
{
- struct berval bv;
-
if ( !strcasecmp( style, "baseObject" ) ||
!strcasecmp( style, "base" ) )
{
snprintf( buf, sizeof( buf ),
"unknown val.<style> \"%s\" "
- "for attributeType \"%s\" with DN syntax; "
- "using \"base\""
+ "for attributeType \"%s\" with DN syntax"
+#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
+ "; using \"base\""
+#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
SLAPD_CONF_UNKNOWN_IGNORED ".",
style,
a->acl_attrs[0].an_desc->ad_cname.bv_val );
a->acl_attrval_style = ACL_STYLE_BASE;
}
- bv = a->acl_attrval;
rc = dnNormalize( 0, NULL, NULL, &bv, &a->acl_attrval, NULL );
if ( rc != LDAP_SUCCESS ) {
char buf[ SLAP_TEXT_BUFLEN ];
fname, lineno, buf );
return acl_usage();
}
- ber_memfree( bv.bv_val );
} else {
char buf[ SLAP_TEXT_BUFLEN ];
snprintf( buf, sizeof( buf ),
"unknown val.<style> \"%s\" "
- "for attributeType \"%s\"; using \"exact\""
+ "for attributeType \"%s\""
+#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
+ "; using \"exact\""
+#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
SLAPD_CONF_UNKNOWN_IGNORED ".",
style, a->acl_attrs[0].an_desc->ad_cname.bv_val );
Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL,
}
/* Check for appropriate matching rule */
- if ( a->acl_attrval_style != ACL_STYLE_REGEX ) {
+ if ( a->acl_attrval_style == ACL_STYLE_REGEX ) {
+ ber_dupbv( &a->acl_attrval, &bv );
+
+ } else if ( BER_BVISNULL( &a->acl_attrval ) ) {
+ int rc;
+ const char *text;
+
if ( a->acl_attrval_mr == NULL ) {
a->acl_attrval_mr = a->acl_attrs[ 0 ].an_desc->ad_type->sat_equality;
}
if ( a->acl_attrval_mr == NULL ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "attr \"%s\" must have an EQUALITY matching rule.\n",
+ "attr \"%s\" does not have an EQUALITY matching rule.\n",
fname, lineno, a->acl_attrs[ 0 ].an_name.bv_val );
return acl_usage();
}
+
+ rc = asserted_value_validate_normalize(
+ a->acl_attrs[ 0 ].an_desc,
+ a->acl_attrval_mr,
+ SLAP_MR_EQUALITY|SLAP_MR_VALUE_OF_ASSERTION_SYNTAX,
+ &bv,
+ &a->acl_attrval,
+ &text,
+ NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ), "%s: line %d: "
+ " attr \"%s\" normalization failed (%d: %s)",
+ a->acl_attrs[ 0 ].an_name.bv_val, rc, text );
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: %s.\n",
+ fname, lineno, buf );
+ return acl_usage();
+ }
}
} else {
projects / openldap / commitdiff