Commit b37e82a8 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

partially fix ACI compatibility with OL2.1

parent 1b72a961
......@@ -5,6 +5,7 @@ OpenLDAP 2.3.34 Engineering
Fixed ldapmodify printing error from ldap_result() (ITS#4812)
Fixed slapadd LDIF parsing (ITS#4817)
Fixed slapd syncrepl memory leaks (ITS#4805)
Fixed slapd dynacl/ACI compatibility with 2.1
Fixed slapd-bdb/hdb be_entry_get with aliases/referrals (ITS#4810)
Fixed slapd-ldap more response handling bugs (ITS#4782)
Fixed slapd-ldap C-API code tests (ITS#4808)
......
......@@ -291,10 +291,8 @@ aci_list_get_rights(
slap_access_t *mask;
int i, found;
if ( attr == NULL || BER_BVISEMPTY( attr )
|| ber_bvstrcasecmp( attr, &aci_bv[ ACI_BV_ENTRY ] ) == 0 )
{
attr = &aci_bv[ ACI_BV_BR_ENTRY ];
if ( attr == NULL || BER_BVISEMPTY( attr ) ) {
attr = &aci_bv[ ACI_BV_ENTRY ];
}
found = 0;
......@@ -433,7 +431,7 @@ aci_mask(
This routine now supports scope={ENTRY,CHILDREN}
with the semantics:
- ENTRY applies to "entry" and "subtree";
- CHILDREN aplies to "children" and "subtree"
- CHILDREN applies to "children" and "subtree"
*/
/* check that the aci has all 5 components */
......@@ -1027,7 +1025,7 @@ bv_get_tail(
* action := perms;attr[[;perms;attr]...]
* perms := perm[[,perm]...]
* perm := c|s|r|w|x
* attr := attributeType|[all]
* attr := attributeType|"[all]"
* type := public|users|self|dnattr|group|role|set|set-ref|
* access_id|subtree|onelevel|children
*/
......@@ -1110,6 +1108,11 @@ OpenLDAPaciValidateRight(
continue;
}
/* "[entry]" is tolerated for backward compatibility */
if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ENTRY ] ) == 0 ) {
continue;
}
if ( slap_bv2ad( &bv, &ad, &text ) != LDAP_SUCCESS ) {
return LDAP_INVALID_SYNTAX;
}
......@@ -1167,6 +1170,10 @@ OpenLDAPaciNormalizeRight(
if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ALL ] ) == 0 ) {
bv = aci_bv[ ACI_BV_BR_ALL ];
/* "[entry]" is tolerated for backward compatibility */
} else if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ENTRY ] ) == 0 ) {
bv = aci_bv[ ACI_BV_ENTRY ];
} else {
AttributeDescription *ad = NULL;
const char *text = NULL;
......@@ -1456,6 +1463,8 @@ OpenLDAPaciPrettyNormal(
freetype = 0;
char *ptr;
BER_BVZERO( out );
if ( BER_BVISEMPTY( val ) ) {
return LDAP_INVALID_SYNTAX;
}
......@@ -1626,7 +1635,7 @@ OpenLDAPaciPrettyNormal(
out->bv_len =
oid.bv_len + STRLENOF( "#" )
+ scope.bv_len + STRLENOF( "#" )
+ rights.bv_len + STRLENOF( "#" )
+ nrights.bv_len + STRLENOF( "#" )
+ ntype.bv_len + STRLENOF( "#" )
+ nsubject.bv_len;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment