From: Howard Chu Date: Wed, 10 Mar 2004 08:00:41 +0000 (+0000) Subject: More for ITS#3008 X-Git-Tag: OPENLDAP_REL_ENG_2_2_BP~321 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=3853fade60fa87cd3f03e6661229dfe3851896d0;p=openldap More for ITS#3008 --- diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index c4f4d2bdcc..5bd5897b0d 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -80,7 +80,8 @@ static AccessControl * acl_get( Operation *op, Entry *e, AttributeDescription *desc, struct berval *val, - int nmatches, regmatch_t *matches ); + int nmatches, regmatch_t *matches, + AccessControlState *state ); static slap_control_t acl_mask( AccessControl *ac, slap_mask_t *mask, @@ -305,10 +306,12 @@ access_allowed( assert( state->as_vd_acl != NULL ); a = state->as_vd_acl; - mask = state->as_vd_acl_mask; count = state->as_vd_acl_count; - AC_MEMCPY( matches, state->as_vd_acl_matches, sizeof(matches) ); - goto vd_access; + if ( !ACL_IS_INVALID( state->as_vd_acl_mask )) { + mask = state->as_vd_acl_mask; + AC_MEMCPY( matches, state->as_vd_acl_matches, sizeof(matches) ); + goto vd_access; + } } else { if ( state ) state->as_vi_acl = NULL; @@ -319,7 +322,7 @@ access_allowed( } while((a = acl_get( a, &count, op, e, desc, val, - MAXREMATCHES, matches )) != NULL) + MAXREMATCHES, matches, state )) != NULL) { int i; @@ -421,6 +424,7 @@ done: return ret; } + /* * acl_get - return the acl applicable to entry e, attribute * attr. the acl returned is suitable for use in subsequent calls to @@ -436,7 +440,8 @@ acl_get( AttributeDescription *desc, struct berval *val, int nmatch, - regmatch_t *matches ) + regmatch_t *matches, + AccessControlState *state ) { const char *attr; int dnlen, patlen; @@ -545,6 +550,16 @@ acl_get( if ( val == NULL ) { continue; } + + if( state && !( state->as_recorded & ACL_STATE_RECORDED_VD )) { + state->as_recorded |= ACL_STATE_RECORDED_VD; + state->as_vd_acl = a; + state->as_vd_acl_count = *count; + state->as_vd_access = a->acl_access; + state->as_vd_access_count = 1; + ACL_INVALIDATE( state->as_vd_acl_mask ); + } + if ( a->acl_attrval_style == ACL_STYLE_REGEX ) { #ifdef NEW_LOGGING LDAP_LOG( ACL, DETAIL1,