partially fix ACI compatibility with OL2.1

b37e82a8 · Pierangelo Masarati · 1b72a961 · b37e82a8 · b37e82a8
Commit b37e82a8 authored 18 years ago by Pierangelo Masarati
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,7 @@ OpenLDAP 2.3.34 Engineering
 	Fixed ldapmodify printing error from ldap_result() (ITS#4812)
 	Fixed slapadd LDIF parsing (ITS#4817)
 	Fixed slapd syncrepl memory leaks (ITS#4805)
+	Fixed slapd dynacl/ACI compatibility with 2.1
 	Fixed slapd-bdb/hdb be_entry_get with aliases/referrals (ITS#4810)
 	Fixed slapd-ldap more response handling bugs (ITS#4782)
 	Fixed slapd-ldap C-API code tests (ITS#4808)

--- a/servers/slapd/aci.c
+++ b/servers/slapd/aci.c
@@ -291,10 +291,8 @@ aci_list_get_rights(
 	slap_access_t	*mask;
 	int		i, found;

-	if ( attr == NULL || BER_BVISEMPTY( attr )
-			|| ber_bvstrcasecmp( attr, &aci_bv[ ACI_BV_ENTRY ] ) == 0 )
-	{
-		attr = &aci_bv[ ACI_BV_BR_ENTRY ];
+	if ( attr == NULL || BER_BVISEMPTY( attr ) ) {
+		attr = &aci_bv[ ACI_BV_ENTRY ];
 	}

 	found = 0;
@@ -433,7 +431,7 @@ aci_mask(
 	   This routine now supports scope={ENTRY,CHILDREN}
 	   with the semantics:
 	     - ENTRY applies to "entry" and "subtree";
-	     - CHILDREN aplies to "children" and "subtree"
+	     - CHILDREN applies to "children" and "subtree"
 	 */

 	/* check that the aci has all 5 components */
@@ -1027,7 +1025,7 @@ bv_get_tail(
 *    action    := perms;attr[[;perms;attr]...]
 *    perms     := perm[[,perm]...]
 *    perm      := c|s|r|w|x
- *    attr      := attributeType|[all]
+ *    attr      := attributeType|"[all]"
 *    type      :=  public|users|self|dnattr|group|role|set|set-ref|
 *                  access_id|subtree|onelevel|children
 */
@@ -1110,6 +1108,11 @@ OpenLDAPaciValidateRight(
 				continue;
 			}

+			/* "[entry]" is tolerated for backward compatibility */
+			if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ENTRY ] ) == 0 ) {
+				continue;
+			}
+
 			if ( slap_bv2ad( &bv, &ad, &text ) != LDAP_SUCCESS ) {
 				return LDAP_INVALID_SYNTAX;
 			}
@@ -1167,6 +1170,10 @@ OpenLDAPaciNormalizeRight(
 			if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ALL ] ) == 0 ) {
 				bv = aci_bv[ ACI_BV_BR_ALL ];

+			/* "[entry]" is tolerated for backward compatibility */
+			} else if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ENTRY ] ) == 0 ) {
+				bv = aci_bv[ ACI_BV_ENTRY ];
+
 			} else {
 				AttributeDescription	*ad = NULL;
 				const char		*text = NULL;
@@ -1456,6 +1463,8 @@ OpenLDAPaciPrettyNormal(
 			freetype = 0;
 	char		*ptr;

+	BER_BVZERO( out );
+
 	if ( BER_BVISEMPTY( val ) ) {
 		return LDAP_INVALID_SYNTAX;
 	}
@@ -1626,7 +1635,7 @@ OpenLDAPaciPrettyNormal(
 	out->bv_len = 
 		oid.bv_len + STRLENOF( "#" )
 		+ scope.bv_len + STRLENOF( "#" )
-		+ rights.bv_len + STRLENOF( "#" )
+		+ nrights.bv_len + STRLENOF( "#" )
 		+ ntype.bv_len + STRLENOF( "#" )
 		+ nsubject.bv_len;