Happy New Year

[openldap] / servers / slapd / acl.c

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 2b1a901591d9f50d439add430d43cdc4c86438e0..1e441e946c9ac7d421da0b6aca4375e2b7f4b4a8 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -2,7 +2,7 @@
 /* $OpenLDAP$ */
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 1998-2014 The OpenLDAP Foundation.
+ * Copyright 1998-2018 The OpenLDAP Foundation.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -184,7 +184,7 @@ slap_access_allowed(
         * if we get here it means a non-root user is trying to 
         * manage data, so we need to check its privileges.
         */
-       if ( access_level == ACL_WRITE
+       if ( access_level == ACL_WRITE_
                && is_at_no_user_mod( desc->ad_type )
                && desc != slap_schema.si_ad_entry
                && desc != slap_schema.si_ad_children )
@@ -398,7 +398,7 @@ access_allowed_mask(
                {
                        access = ACL_AUTH;
 
-               } else if ( get_relax( op ) && access_level == ACL_WRITE &&
+               } else if ( get_relax( op ) && access_level == ACL_WRITE_ &&
                        desc == slap_schema.si_ad_entry )
                {
                        access = ACL_MANAGE;
@@ -2659,7 +2659,12 @@ regex_matches(
                str = "";
        };
 
-       acl_string_expand( &bv, pat, dn_matches, val_matches, matches );
+       if ( acl_string_expand( &bv, pat, dn_matches, val_matches, matches )) {
+               Debug( LDAP_DEBUG_TRACE,
+                       "expand( \"%s\", \"%s\") failed\n",
+                       pat->bv_val, str, 0 );
+               return( 0 );
+       }
        rc = regcomp( &re, newbuf, REG_EXTENDED|REG_ICASE );
        if ( rc ) {
                char error[ACL_BUF_SIZE];