From: Howard Chu <hyc@openldap.org>
Date: Wed, 20 Mar 2002 13:11:37 +0000 (+0000)
Subject: Fix ITS#1607, longstanding bug in group and dnattr acls, gave access
X-Git-Tag: OPENLDAP_REL_ENG_2_MP~334
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6b0fb09e0d037fae391bbc35701fe1c936478b62;p=openldap

Fix ITS#1607, longstanding bug in group and dnattr acls, gave access
to anonymous connections.
---

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 5182380843..c9051f854f 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -768,7 +768,7 @@ acl_mask(
 			}
 		}
 
-		if ( b->a_dn_at != NULL && op->o_ndn.bv_len != 0 ) {
+		if ( b->a_dn_at != NULL ) {
 			Attribute	*at;
 			struct berval	bv;
 			int rc, match = 0;
@@ -777,6 +777,10 @@ acl_mask(
 
 			assert( attr != NULL );
 
+			if ( op->o_ndn.bv_len == 0 ) {
+				continue;
+			}
+
 #ifdef NEW_LOGGING
 			LDAP_LOG(( "acl", LDAP_LEVEL_DETAIL1,
 				   "acl_mask: conn %d  check a_dn_pat: %s\n",
@@ -843,12 +847,16 @@ acl_mask(
 			}
 		}
 
-		if ( b->a_group_pat.bv_len && op->o_ndn.bv_len ) {
+		if ( b->a_group_pat.bv_len ) {
 			char buf[1024];
 			struct berval bv;
 			struct berval ndn = { 0, NULL };
 			int rc;
 
+			if ( op->o_ndn.bv_len == 0 ) {
+				continue;
+			}
+
 			bv.bv_len = sizeof(buf) - 1;
 			bv.bv_val = buf;