From: Kurt Zeilenga <kurt@openldap.org>
Date: Mon, 5 Aug 2002 21:13:15 +0000 (+0000)
Subject: OpenLDAPaci changes from Hallvard
X-Git-Tag: OPENLDAP_REL_ENG_2_1_4~69
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=1ae5672b2ec0019abdb95f2623a5e028f8ba627a;p=openldap

OpenLDAPaci changes from Hallvard
---

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index c99695b603..449138fae0 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -28,6 +28,7 @@ static struct berval
 	aci_bv_br_all		= BER_BVC("[all]"),
 	aci_bv_access_id 	= BER_BVC("access-id"),
 	aci_bv_anonymous	= BER_BVC("anonymous"),
+	aci_bv_public		= BER_BVC("public"),
 	aci_bv_users		= BER_BVC("users"),
 	aci_bv_self 		= BER_BVC("self"),
 	aci_bv_dnattr 		= BER_BVC("dnattr"),
@@ -1707,6 +1708,8 @@ aci_mask(
 
 	   See draft-ietf-ldapext-aci-model-04.txt section 9.1 for
 	   a full description of the format for this attribute.
+	   Differences: "this" in the draft is "self" here, and
+	   "self" and "public" is in the position of dnType.
 
 	   For now, this routine only supports scope=entry.
 	 */
@@ -1743,14 +1746,17 @@ aci_mask(
 
 	if (ber_bvstrcasecmp( &aci_bv_access_id, &bv ) == 0) {
 		struct berval ndn;
-		rc = 1;
+		rc = 0;
 		if ( dnNormalize2(NULL, &sdn, &ndn) == LDAP_SUCCESS ) {
-			if (!dn_match( &op->o_ndn, &ndn))
-				rc = 0;
+			if (dn_match( &op->o_ndn, &ndn))
+				rc = 1;
 			free(ndn.bv_val);
 		}
 		return (rc);
 
+	} else if (ber_bvstrcasecmp( &aci_bv_public, &bv ) == 0) {
+		return(1);
+
 	} else if (ber_bvstrcasecmp( &aci_bv_self, &bv ) == 0) {
 		if (dn_match(&op->o_ndn, &e->e_nname))
 			return(1);