ACL fixes from devel

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 968cd857854c3f1489dfc64be59fa32192b3f9e0..c08c2a2eea2e02d3eff4b5d82d49e92b29c35d44 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -555,7 +555,7 @@ acl_mask(
                        }
                }
 
-               if ( b->a_dn_at != NULL && op->o_ndn != NULL ) {
+               if ( b->a_dn_at != NULL ) {
                        Attribute       *at;
                        struct berval   bv;
                        int rc, match = 0;
@@ -564,6 +564,10 @@ acl_mask(
 
                        assert( attr != NULL );
 
+                       if( op->o_ndn == NULL || op->o_ndn[0] == '\0' ) {
+                               continue;
+                       }
+
                        Debug( LDAP_DEBUG_ACL, "<= check a_dn_at: %s\n",
                                attr, 0, 0);
                        bv.bv_val = op->o_ndn;
@@ -621,9 +625,13 @@ acl_mask(
                        }
                }
 
-               if ( b->a_group_pat != NULL && op->o_ndn != NULL ) {
+               if ( b->a_group_pat != NULL ) {
                        char buf[1024];
 
+                       if( op->o_ndn == NULL || op->o_ndn[0] == '\0' ) {
+                               continue;
+                       }
+
                        /* b->a_group is an unexpanded entry name, expanded it should be an 
                         * entry with objectclass group* and we test to see if odn is one of
                         * the values in the attribute group

diff --git a/servers/slapd/str2filter.c b/servers/slapd/str2filter.c
index 0e6f7c426d43e4a0132cdaf62652f1f7456832c2..e01ce3f3f4640e379bccec8695ad8455c42d95f8 100644 (file)
--- a/servers/slapd/str2filter.c
+++ b/servers/slapd/str2filter.c
@@ -247,7 +247,7 @@ str2subvals( const char *in, Filter *f )
        val = freeme = ch_strdup( in );
        gotstar = 0;
 
-       while ( *val ) {
+       while ( val && *val ) {
                if ( (nextstar = ldap_pvt_find_wildcard( val )) != NULL )
                        *nextstar++ = '\0';
 

diff --git a/tests/data/slapd-acl.conf b/tests/data/slapd-acl.conf
index 8c2cf1502510acd5076236e485dbc5a7d04ccb41..5070d6b2d12bff088c8f0f283b3340e35a21b4af 100644 (file)
--- a/tests/data/slapd-acl.conf
+++ b/tests/data/slapd-acl.conf
@@ -49,9 +49,16 @@ access               to attr=member
                by dnattr=member selfwrite
                by * read
 
+access         to attr=member filter=(mail=*edu)
+               by * read
+
 access         to filter="objectclass=groupofnames"
                by dn.base="cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=University of Michigan,c=US" =sc continue
                by dn="^cn=Bjorn Jensen,ou=Information Technology Division,ou=People,o=University of Michigan,c=US$" +rw stop
                by * break
 
+       
+
 # fall into global ACLs
+
+