From: Pierangelo Masarati Date: Wed, 17 Aug 2005 14:44:41 +0000 (+0000) Subject: fix small issues with dynacl and ACI in general X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~686 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=69c6cd536561ece817970b6179a7a72ca991b345;p=openldap fix small issues with dynacl and ACI in general --- diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index d1801f898d..265b4cb4a6 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -1387,14 +1387,15 @@ slap_acl_mask( AccessControlState *state ) { int i; - Access *b; + Access *b; #ifdef LDAP_DEBUG - char accessmaskbuf[ACCESSMASK_MAXLEN]; + char accessmaskbuf[ACCESSMASK_MAXLEN]; #if !defined( SLAP_DYNACL ) && defined( SLAPD_ACI_ENABLED ) - char accessmaskbuf1[ACCESSMASK_MAXLEN]; + char accessmaskbuf1[ACCESSMASK_MAXLEN]; #endif /* !SLAP_DYNACL && SLAPD_ACI_ENABLED */ #endif /* DEBUG */ - const char *attr; + const char *attr; + slap_mask_t a2pmask = ACL_ACCESS2PRIV( *mask ); assert( a != NULL ); assert( mask != NULL ); @@ -1973,7 +1974,7 @@ slap_acl_mask( /* first check if the right being requested * is allowed by the ACL clause. */ - if ( ! ACL_GRANT( b->a_access_mask, *mask ) ) { + if ( ! ACL_PRIV_ISSET( b->a_access_mask, a2pmask ) ) { continue; } @@ -1982,7 +1983,11 @@ slap_acl_mask( ACL_INIT(tdeny); for ( da = b->a_dynacl; da; da = da->da_next ) { - slap_access_t grant, deny; + slap_access_t grant, + deny; + + ACL_INIT(grant); + ACL_INIT(deny); Debug( LDAP_DEBUG_ACL, " <= check a_dynacl: %s\n", da->da_name, 0, 0 ); @@ -2067,11 +2072,11 @@ slap_acl_mask( * rights given by the acis. */ for ( i = 0; !BER_BVISNULL( &at->a_nvals[i] ); i++ ) { - if (aci_mask( op, + if ( aci_mask( op, e, desc, val, &at->a_nvals[i], nmatch, matches, - &grant, &deny, SLAP_ACI_SCOPE_ENTRY ) != 0) + &grant, &deny, SLAP_ACI_SCOPE_ENTRY ) != 0 ) { tgrant |= grant; tdeny |= deny; @@ -2098,13 +2103,13 @@ slap_acl_mask( break; } - for( i = 0; bvals[i].bv_val != NULL; i++){ + for ( i = 0; !BER_BVISNULL( &bvals[i] ); i++ ) { #if 0 /* FIXME: this breaks acl caching; * see also ACL_RECORD_VALUE_STATE above */ ACL_RECORD_VALUE_STATE; #endif - if (aci_mask(op, e, desc, val, &bvals[i], + if ( aci_mask( op, e, desc, val, &bvals[i], nmatch, matches, &grant, &deny, SLAP_ACI_SCOPE_CHILDREN ) != 0 ) { @@ -2213,6 +2218,8 @@ slap_acl_mask( *mask = modmask; } + a2pmask = *mask; + Debug( LDAP_DEBUG_ACL, "<= acl_mask: [%d] mask: %s\n", i, accessmask2str(*mask, accessmaskbuf, 1), 0 ); diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index 4f55ae61d2..5c124830d6 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -2250,6 +2250,20 @@ access_free( Access *a ) if ( !BER_BVISNULL( &a->a_group_pat ) ) { free( a->a_group_pat.bv_val ); } + if ( a->a_dynacl != NULL ) { + slap_dynacl_t *da; + for ( da = a->a_dynacl; da; ) { + slap_dynacl_t *tmp = da; + + da = da->da_next; + + if ( tmp->da_destroy ) { + tmp->da_destroy( tmp->da_private ); + } + + ch_free( tmp ); + } + } free( a ); } @@ -2263,6 +2277,9 @@ acl_free( AccessControl *a ) filter_free( a->acl_filter ); } if ( !BER_BVISNULL( &a->acl_dn_pat ) ) { + if ( a->acl_dn_style == ACL_STYLE_REGEX ) { + regfree( &a->acl_dn_re ); + } free ( a->acl_dn_pat.bv_val ); } if ( a->acl_attrs ) { @@ -2523,8 +2540,9 @@ access2text( Access *b, char *ptr ) for ( da = b->a_dynacl; da; da = da->da_next ) { if ( da->da_unparse ) { - struct berval bv; + struct berval bv = BER_BVNULL; (void)( *da->da_unparse )( da->da_private, &bv ); + assert( !BER_BVISNULL( &bv ) ); ptr = lutil_strcopy( ptr, bv.bv_val ); ch_free( bv.bv_val ); }