ITS#6693

0a6e00c6 · Quanah Gibson-Mount · 06438e93 · 0a6e00c6 · 0a6e00c6 · 0a6e00c6
Commit 0a6e00c6 authored Dec 12, 2010 by Quanah Gibson-Mount
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,7 @@ OpenLDAP 2.4.24 Engineering
 	Fixed liblutil getpass prompts (ITS#6702)
 	Fixed ldapsearch segfault with deref (ITS#6638)
 	Fixed slapd acl parsing overflow (ITS#6611)
+	Fixed slapd when first acl is value dependent (ITS#6693)
 	Fixed slapd modify to return actual error (ITS#6581)
 	Fixed slapd syncrepl reuse of presence list (ITS#6707)
 	Fixed slapd-bdb entry cache delete failure (ITS#6577)

--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -220,7 +220,7 @@ slap_access_allowed(
 		state = &acl_state;
 	if ( state->as_desc == desc &&
 		state->as_access == access &&
-		state->as_vd_acl != NULL )
+		state->as_vd_acl_present )
 	{
 		a = state->as_vd_acl;
 		count = state->as_vd_acl_count;
@@ -405,7 +405,7 @@ access_allowed_mask(
 		if ( state->as_desc == desc &&
 			state->as_access == access &&
 			state->as_result != -1 &&
-			state->as_vd_acl == NULL )
+			!state->as_vd_acl_present )
 			{
 			Debug( LDAP_DEBUG_ACL,
 				"=> access_allowed: result was in cache (%s)\n",
@@ -615,7 +615,8 @@ slap_acl_get(
 				continue;
 			}

-			if ( state->as_vd_acl == NULL ) {
+			if ( !state->as_vd_acl_present ) {
+				state->as_vd_acl_present = 1;
 				state->as_vd_acl = prev;
 				state->as_vd_acl_count = *count - 1;
 				ACL_PRIV_ASSIGN ( state->as_vd_mask, *mask );
@@ -714,7 +715,8 @@ slap_acl_get(
 * Record value-dependent access control state
 */
 #define ACL_RECORD_VALUE_STATE do { \
-		if( state && state->as_vd_acl == NULL ) { \
+		if( state && !state->as_vd_acl_present ) { \
+			state->as_vd_acl_present = 1; \
 			state->as_vd_acl = a; \
 			state->as_vd_acl_count = count; \
 			ACL_PRIV_ASSIGN( state->as_vd_mask, *mask ); \

--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -1542,6 +1542,7 @@ typedef struct AccessControlState {

 	/* Value dependent acl where processing can restart */
 	AccessControl  *as_vd_acl;
+	int as_vd_acl_present;
 	int as_vd_acl_count;
 	slap_mask_t		as_vd_mask;

@@ -1552,7 +1553,7 @@ typedef struct AccessControlState {
 	/* True if started to process frontend ACLs */
 	int as_fe_done;
 } AccessControlState;
-#define ACL_STATE_INIT { NULL, ACL_NONE, NULL, 0, ACL_PRIV_NONE, -1, 0 }
+#define ACL_STATE_INIT { NULL, ACL_NONE, NULL, 0, 0, ACL_PRIV_NONE, -1, 0 }

 typedef struct AclRegexMatches {        
 	int dn_count;