Commit 0a6e00c6 authored by Quanah Gibson-Mount's avatar Quanah Gibson-Mount
Browse files

ITS#6693

parent 06438e93
...@@ -9,6 +9,7 @@ OpenLDAP 2.4.24 Engineering ...@@ -9,6 +9,7 @@ OpenLDAP 2.4.24 Engineering
Fixed liblutil getpass prompts (ITS#6702) Fixed liblutil getpass prompts (ITS#6702)
Fixed ldapsearch segfault with deref (ITS#6638) Fixed ldapsearch segfault with deref (ITS#6638)
Fixed slapd acl parsing overflow (ITS#6611) Fixed slapd acl parsing overflow (ITS#6611)
Fixed slapd when first acl is value dependent (ITS#6693)
Fixed slapd modify to return actual error (ITS#6581) Fixed slapd modify to return actual error (ITS#6581)
Fixed slapd syncrepl reuse of presence list (ITS#6707) Fixed slapd syncrepl reuse of presence list (ITS#6707)
Fixed slapd-bdb entry cache delete failure (ITS#6577) Fixed slapd-bdb entry cache delete failure (ITS#6577)
......
...@@ -220,7 +220,7 @@ slap_access_allowed( ...@@ -220,7 +220,7 @@ slap_access_allowed(
state = &acl_state; state = &acl_state;
if ( state->as_desc == desc && if ( state->as_desc == desc &&
state->as_access == access && state->as_access == access &&
state->as_vd_acl != NULL ) state->as_vd_acl_present )
{ {
a = state->as_vd_acl; a = state->as_vd_acl;
count = state->as_vd_acl_count; count = state->as_vd_acl_count;
...@@ -405,7 +405,7 @@ access_allowed_mask( ...@@ -405,7 +405,7 @@ access_allowed_mask(
if ( state->as_desc == desc && if ( state->as_desc == desc &&
state->as_access == access && state->as_access == access &&
state->as_result != -1 && state->as_result != -1 &&
state->as_vd_acl == NULL ) !state->as_vd_acl_present )
{ {
Debug( LDAP_DEBUG_ACL, Debug( LDAP_DEBUG_ACL,
"=> access_allowed: result was in cache (%s)\n", "=> access_allowed: result was in cache (%s)\n",
...@@ -615,7 +615,8 @@ slap_acl_get( ...@@ -615,7 +615,8 @@ slap_acl_get(
continue; continue;
} }
if ( state->as_vd_acl == NULL ) { if ( !state->as_vd_acl_present ) {
state->as_vd_acl_present = 1;
state->as_vd_acl = prev; state->as_vd_acl = prev;
state->as_vd_acl_count = *count - 1; state->as_vd_acl_count = *count - 1;
ACL_PRIV_ASSIGN ( state->as_vd_mask, *mask ); ACL_PRIV_ASSIGN ( state->as_vd_mask, *mask );
...@@ -714,7 +715,8 @@ slap_acl_get( ...@@ -714,7 +715,8 @@ slap_acl_get(
* Record value-dependent access control state * Record value-dependent access control state
*/ */
#define ACL_RECORD_VALUE_STATE do { \ #define ACL_RECORD_VALUE_STATE do { \
if( state && state->as_vd_acl == NULL ) { \ if( state && !state->as_vd_acl_present ) { \
state->as_vd_acl_present = 1; \
state->as_vd_acl = a; \ state->as_vd_acl = a; \
state->as_vd_acl_count = count; \ state->as_vd_acl_count = count; \
ACL_PRIV_ASSIGN( state->as_vd_mask, *mask ); \ ACL_PRIV_ASSIGN( state->as_vd_mask, *mask ); \
......
...@@ -1542,6 +1542,7 @@ typedef struct AccessControlState { ...@@ -1542,6 +1542,7 @@ typedef struct AccessControlState {
/* Value dependent acl where processing can restart */ /* Value dependent acl where processing can restart */
AccessControl *as_vd_acl; AccessControl *as_vd_acl;
int as_vd_acl_present;
int as_vd_acl_count; int as_vd_acl_count;
slap_mask_t as_vd_mask; slap_mask_t as_vd_mask;
...@@ -1552,7 +1553,7 @@ typedef struct AccessControlState { ...@@ -1552,7 +1553,7 @@ typedef struct AccessControlState {
/* True if started to process frontend ACLs */ /* True if started to process frontend ACLs */
int as_fe_done; int as_fe_done;
} AccessControlState; } AccessControlState;
#define ACL_STATE_INIT { NULL, ACL_NONE, NULL, 0, ACL_PRIV_NONE, -1, 0 } #define ACL_STATE_INIT { NULL, ACL_NONE, NULL, 0, 0, ACL_PRIV_NONE, -1, 0 }
typedef struct AclRegexMatches { typedef struct AclRegexMatches {
int dn_count; int dn_count;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment