From 74f224583b97eb5723a1f4ba2ff5be406c17afbb Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Fri, 2 Jul 2004 16:45:06 +0000 Subject: [PATCH] quick fix for ITS#3215; needs work to re-enable ACI caching, if possible at all --- servers/slapd/acl.c | 87 ++++++++++++++++++++++++++------------------- 1 file changed, 50 insertions(+), 37 deletions(-) diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c index ae9ba798dd..7000494292 100644 --- a/servers/slapd/acl.c +++ b/servers/slapd/acl.c @@ -1398,7 +1398,11 @@ dn_match_cleanup:; /* get the aci attribute */ at = attr_find( e->e_attrs, b->a_aci_at ); if ( at != NULL ) { +#if 0 + /* FIXME: this breaks acl caching; + * see also ACL_RECORD_VALUE_STATE below */ ACL_RECORD_VALUE_STATE; +#endif /* the aci is an multi-valued attribute. The * rights are determined by OR'ing the individual * rights given by the acis. @@ -1427,47 +1431,56 @@ dn_match_cleanup:; while ( parent_ndn.bv_val != old_parent_ndn.bv_val ){ old_parent_ndn = parent_ndn; Debug(LDAP_DEBUG_ACL, "checking ACI of %s\n", parent_ndn.bv_val, 0, 0); - ret=backend_attribute(op, NULL, &parent_ndn, b->a_aci_at, &bvals); + ret = backend_attribute(op, NULL, &parent_ndn, b->a_aci_at, &bvals); switch(ret){ - case LDAP_SUCCESS : - if(bvals){ - for( i = 0; bvals[i].bv_val != NULL; i++){ - ACL_RECORD_VALUE_STATE; - if (aci_mask(op, e, desc, val, &bvals[i], matches, - &grant, &deny, &aci_bv_children) != 0) { - tgrant |= grant; - tdeny |= deny; - /* evaluation stops as soon as either a "deny" or a - * "grant" directive matches. - */ - if( (tgrant != ACL_PRIV_NONE) || (tdeny != ACL_PRIV_NONE) ){ - stop=1; - } - } - Debug(LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n", - accessmask2str(tgrant,accessmaskbuf), - accessmask2str(tdeny, accessmaskbuf1), 0); + case LDAP_SUCCESS : + stop = 0; + if (!bvals){ + break; + } + + for( i = 0; bvals[i].bv_val != NULL; i++){ +#if 0 + /* FIXME: this breaks acl caching; + * see also ACL_RECORD_VALUE_STATE above */ + ACL_RECORD_VALUE_STATE; +#endif + if (aci_mask(op, e, desc, val, &bvals[i], matches, + &grant, &deny, &aci_bv_children) != 0) { + tgrant |= grant; + tdeny |= deny; + /* evaluation stops as soon as either a "deny" or a + * "grant" directive matches. + */ + if( (tgrant != ACL_PRIV_NONE) || (tdeny != ACL_PRIV_NONE) ){ + stop = 1; } } - stop=0; - break; - case LDAP_NO_SUCH_ATTRIBUTE: - /* just go on if the aci-Attribute is not present in - * the current entry - */ - Debug(LDAP_DEBUG_ACL, "no such attribute\n", 0, 0, 0); - stop=0; - break; - case LDAP_NO_SUCH_OBJECT: - /* We have reached the base object */ - Debug(LDAP_DEBUG_ACL, "no such object\n", 0, 0, 0); - stop=1; - break; - default: - stop=1; - break; + Debug(LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n", + accessmask2str(tgrant,accessmaskbuf), + accessmask2str(tdeny, accessmaskbuf1), 0); + } + break; + + case LDAP_NO_SUCH_ATTRIBUTE: + /* just go on if the aci-Attribute is not present in + * the current entry + */ + Debug(LDAP_DEBUG_ACL, "no such attribute\n", 0, 0, 0); + stop = 0; + break; + + case LDAP_NO_SUCH_OBJECT: + /* We have reached the base object */ + Debug(LDAP_DEBUG_ACL, "no such object\n", 0, 0, 0); + stop = 1; + break; + + default: + stop = 1; + break; } - if(stop){ + if (stop){ break; } dnParent(&old_parent_ndn, &parent_ndn); -- 2.39.5