From 66fa1f61985bd73a27f8a378399e03bdf8b1825e Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <ralf@openldap.org>
Date: Mon, 15 Nov 2010 16:27:56 +0000
Subject: [PATCH] ITS#6693 value dependent ACL didn't work when they were the
 first ACL

---
 servers/slapd/acl.c  | 10 ++++++----
 servers/slapd/slap.h |  3 ++-
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 476b9e667b..083a2cc8f3 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -220,7 +220,7 @@ slap_access_allowed(
 		state = &acl_state;
 	if ( state->as_desc == desc &&
 		state->as_access == access &&
-		state->as_vd_acl != NULL )
+		state->as_vd_acl_present )
 	{
 		a = state->as_vd_acl;
 		count = state->as_vd_acl_count;
@@ -405,7 +405,7 @@ access_allowed_mask(
 		if ( state->as_desc == desc &&
 			state->as_access == access &&
 			state->as_result != -1 &&
-			state->as_vd_acl == NULL )
+			!state->as_vd_acl_present )
 			{
 			Debug( LDAP_DEBUG_ACL,
 				"=> access_allowed: result was in cache (%s)\n",
@@ -615,7 +615,8 @@ slap_acl_get(
 				continue;
 			}
 
-			if ( state->as_vd_acl == NULL ) {
+			if ( !state->as_vd_acl_present ) {
+				state->as_vd_acl_present = 1;
 				state->as_vd_acl = prev;
 				state->as_vd_acl_count = *count - 1;
 				ACL_PRIV_ASSIGN ( state->as_vd_mask, *mask );
@@ -714,7 +715,8 @@ slap_acl_get(
  * Record value-dependent access control state
  */
 #define ACL_RECORD_VALUE_STATE do { \
-		if( state && state->as_vd_acl == NULL ) { \
+		if( state && !state->as_vd_acl_present ) { \
+			state->as_vd_acl_present = 1; \
 			state->as_vd_acl = a; \
 			state->as_vd_acl_count = count; \
 			ACL_PRIV_ASSIGN( state->as_vd_mask, *mask ); \
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 6b3d901937..6ee6860cba 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1557,6 +1557,7 @@ typedef struct AccessControlState {
 
 	/* Value dependent acl where processing can restart */
 	AccessControl  *as_vd_acl;
+	int as_vd_acl_present;
 	int as_vd_acl_count;
 	slap_mask_t		as_vd_mask;
 
@@ -1567,7 +1568,7 @@ typedef struct AccessControlState {
 	/* True if started to process frontend ACLs */
 	int as_fe_done;
 } AccessControlState;
-#define ACL_STATE_INIT { NULL, ACL_NONE, NULL, 0, ACL_PRIV_NONE, -1, 0 }
+#define ACL_STATE_INIT { NULL, ACL_NONE, NULL, 0, 0, ACL_PRIV_NONE, -1, 0 }
 
 typedef struct AclRegexMatches {        
 	int dn_count;
-- 
2.39.5