From fbe9dce862563798779814c8363793d34f11c864 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Thu, 11 Jul 2002 02:02:32 +0000
Subject: [PATCH] Import ACL to dn="" bug fix (ITS#1921)

---
 CHANGES                   |  1 +
 servers/slapd/acl.c       |  2 +-
 servers/slapd/aclparse.c  | 12 +++++++++---
 tests/data/slapd-acl.conf |  3 +++
 4 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index ebf47b7f40..0d9a65f04d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,7 @@
 OpenLDAP 2.1 Change Log
 
 OpenLDAP 2.1.3 Release
+	Fixed slapd access to dn="" bug (ITS#1921)
 	Fixed slapd structuralObjectClass lastmod bug (ITS#1904)
 	Fixed slapd krbName bug (ITS#1913)
 	Fixed slapd schema error alignment bug
diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 46159d2156..2318cbffd5 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -395,7 +395,7 @@ acl_get(
 	for ( ; a != NULL; a = a->acl_next ) {
 		(*count) ++;
 
-		if (a->acl_dn_pat.bv_len != 0) {
+		if ( a->acl_dn_pat.bv_len || ( a->acl_dn_style != ACL_STYLE_REGEX )) {
 			if ( a->acl_dn_style == ACL_STYLE_REGEX ) {
 #ifdef NEW_LOGGING
 				LDAP_LOG(( "acl", LDAP_LEVEL_DETAIL1,
diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index f53d273aa6..02703af470 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -118,7 +118,9 @@ parse_acl(
 				}
 
 				if ( strcasecmp( argv[i], "*" ) == 0 ) {
-					if( a->acl_dn_pat.bv_len != 0 ) {
+					if( a->acl_dn_pat.bv_len ||
+						( a->acl_dn_style != ACL_STYLE_REGEX ) )
+					{
 						fprintf( stderr,
 							"%s: line %d: dn pattern"
 							" already specified in to clause.\n",
@@ -142,7 +144,9 @@ parse_acl(
 				}
 
 				if ( strcasecmp( left, "dn" ) == 0 ) {
-					if( a->acl_dn_pat.bv_len != 0 ) {
+					if( a->acl_dn_pat.bv_len != 0 ||
+						( a->acl_dn_style != ACL_STYLE_REGEX ) )
+					{
 						fprintf( stderr,
 							"%s: line %d: dn pattern"
 							" already specified in to clause.\n",
@@ -230,7 +234,9 @@ parse_acl(
 				a->acl_dn_pat.bv_len = 0;
 			}
 			
-			if( a->acl_dn_pat.bv_len != 0 ) {
+			if( a->acl_dn_pat.bv_len != 0 ||
+				( a->acl_dn_style != ACL_STYLE_REGEX ) )
+			{
 				if ( a->acl_dn_style != ACL_STYLE_REGEX ) {
 					struct berval bv;
 					rc = dnNormalize2( NULL, &a->acl_dn_pat, &bv);
diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf
index d04ae6b4d2..81cfba6d76 100644
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@@ -34,6 +34,9 @@ rootpw		secret
 # cn=monitor, cn=schema, and cn=config
 #
 
+access to dn="" by * read
+access to dn.base="" by * read
+
 access		to attr=objectclass
 		by * =rsc stop
 
-- 
2.39.5