diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index 23abde734f17c7e8b0df39829ff78ecc9f688b29..4f75c60df4e721b3b5b63b20c96f3e72dfdaa940 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -72,7 +72,8 @@ static struct berval
aci_bv_group_class = BER_BVC(SLAPD_GROUP_CLASS),
aci_bv_group_attr = BER_BVC(SLAPD_GROUP_ATTR),
aci_bv_role_class = BER_BVC(SLAPD_ROLE_CLASS),
- aci_bv_role_attr = BER_BVC(SLAPD_ROLE_ATTR);
+ aci_bv_role_attr = BER_BVC(SLAPD_ROLE_ATTR),
+ aci_bv_set_attr = BER_BVC(SLAPD_ACI_SET_ATTR);
static AccessControl * acl_get(
@@ -1745,8 +1746,7 @@ aci_get_part(
char *p;
if (bv) {
- bv->bv_len = 0;
- bv->bv_val = NULL;
+ BER_BVZERO( bv );
}
len = list->bv_len;
p = list->bv_val;
@@ -1805,63 +1805,62 @@ aci_match_set (
int setref
)
{
- struct berval set = BER_BVNULL;
- int rc = 0;
- AciSetCookie cookie;
+ struct berval set = BER_BVNULL;
+ int rc = 0;
+ AciSetCookie cookie;
+ Operation op2 = *op;
+
+ op2.o_conn = NULL;
if (setref == 0) {
- ber_dupbv_x( &set, subj, op->o_tmpmemctx );
+ ber_dupbv_x( &set, subj, op2.o_tmpmemctx );
} else {
- struct berval subjdn, ndn = BER_BVNULL;
- struct berval setat;
- BerVarray bvals;
- const char *text;
- AttributeDescription *desc = NULL;
+ struct berval subjdn, ndn = BER_BVNULL;
+ struct berval setat;
+ BerVarray bvals;
+ const char *text;
+ AttributeDescription *desc = NULL;
/* format of string is "entry/setAttrName" */
- if (aci_get_part(subj, 0, '/', &subjdn) < 0) {
+ if ( aci_get_part( subj, 0, '/', &subjdn ) < 0 ) {
return(0);
}
- if ( aci_get_part(subj, 1, '/', &setat) < 0 ) {
- setat.bv_val = SLAPD_ACI_SET_ATTR;
- setat.bv_len = sizeof(SLAPD_ACI_SET_ATTR)-1;
+ if ( aci_get_part( subj, 1, '/', &setat ) < 0 ) {
+ setat = aci_bv_set_attr;
}
- if ( setat.bv_val != NULL ) {
- /*
- * NOTE: dnNormalize honors the ber_len field
- * as the length of the dn to be normalized
- */
- if ( dnNormalize(0, NULL, NULL, &subjdn, &ndn, op->o_tmpmemctx) == LDAP_SUCCESS
- && slap_bv2ad(&setat, &desc, &text) == LDAP_SUCCESS )
+ /*
+ * NOTE: dnNormalize honors the ber_len field
+ * as the length of the dn to be normalized
+ */
+ if ( slap_bv2ad( &setat, &desc, &text ) == LDAP_SUCCESS ) {
+ if ( dnNormalize( 0, NULL, NULL, &subjdn, &ndn, op2.o_tmpmemctx ) == LDAP_SUCCESS )
{
- backend_attribute(op, e,
- &ndn, desc, &bvals);
- if ( bvals != NULL ) {
- if ( bvals[0].bv_val != NULL ) {
- int i;
- set = bvals[0];
- bvals[0].bv_val = NULL;
- for (i=1;bvals[i].bv_val;i++);
- bvals[0].bv_val = bvals[i-1].bv_val;
- bvals[i-1].bv_val = NULL;
- }
- ber_bvarray_free_x(bvals, op->o_tmpmemctx);
+ backend_attribute( &op2, e, &ndn, desc, &bvals );
+ if ( bvals != NULL && !BER_BVISNULL( &bvals[0] ) ) {
+ int i;
+
+ set = bvals[0];
+ BER_BVZERO( &bvals[0] );
+ for ( i = 1; !BER_BVISNULL( &bvals[i] ); i++ );
+ bvals[0].bv_val = bvals[i-1].bv_val;
+ BER_BVZERO( &bvals[i-1] );
}
+ ber_bvarray_free_x( bvals, op2.o_tmpmemctx );
+ slap_sl_free( ndn.bv_val, op2.o_tmpmemctx );
}
- if (ndn.bv_val)
- free(ndn.bv_val);
}
}
- if (set.bv_val != NULL) {
- cookie.op = op;
+ if ( !BER_BVISNULL( &set ) ) {
+ cookie.op = &op2;
cookie.e = e;
- rc = (slap_set_filter(aci_set_gather, (SetCookie *)&cookie, &set,
- &op->o_ndn, &e->e_nname, NULL) > 0);
- slap_sl_free(set.bv_val, op->o_tmpmemctx);
+ rc = ( slap_set_filter( aci_set_gather, (SetCookie *)&cookie, &set,
+ &op2.o_ndn, &e->e_nname, NULL ) > 0 );
+ slap_sl_free( set.bv_val, op2.o_tmpmemctx );
}
+
return(rc);
}
diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index efec82f90496e574a76dfd735fadf82e5c97b047..b554fe0f2a619b72b2c825417dc72942d5928cdc 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -143,7 +143,7 @@ check_scope( BackendDB *be, AccessControl *a )
dn = be->be_nsuffix[ 0 ];
- if ( a->acl_dn_pat.bv_len || ( a->acl_dn_style != ACL_STYLE_REGEX ) ) {
+ if ( a->acl_dn_pat.bv_len || a->acl_dn_style != ACL_STYLE_REGEX ) {
slap_style_t style = a->acl_dn_style;
if ( style == ACL_STYLE_REGEX ) {