Working ACLs!

4d9941b0 · Kurt Zeilenga · 59a66633 · 4d9941b0 · 4d9941b0 · 4d9941b0
Commit 4d9941b0 authored Aug 21, 1998 by Kurt Zeilenga
--- a/build/platforms/freebsd-gcc/Make-platform
+++ b/build/platforms/freebsd-gcc/Make-platform
@@ -6,11 +6,41 @@
 #
 # add any platform-specific overrides below here
 #
+EXTRACFLAGS=-O -g
+LDBMBACKEND=-DLDBM_USE_DBBTREE
+LDBMINCLUDE=-I/usr/include
+
+EDITOR=/usr/bin/vi
+FINGER=/usr/bin/finger
+SENDMAIL=/usr/sbin/sendmail
+
+LDAP_RUNDIR=/var/run
+
+MANCOMPRESS=gzip
+MANCOMPRESSSUFFIX=.gz
+
+
+#
+# LDAP has a problem with the idea of implicit vs. explicit yields
+# in call conversion threading packages, like the MIT pthreads
+# package.  Rather than resolve this globally, I have marked the
+# threading as "preeemptive", even though it is technically not.
+#
+# This means that the implicit-yield threading is topologically
+# equivalent to preemptive threading.
+#
+THREADS= -DPOSIX_THREADS -D_THREAD_SAFE -DPTHREAD_PREEMPTIVE
+
+# use special gcc flag to include libc_r.a
+THREADSLIB= -pthread
+#THREADSLIB= -lc_r
+
+# crypt(3) is in a separate library
+LDAP_CRYPT_LIB= -lcrypt

 #
 # -------------------------------------------------------------------------
 # you will probably not need to edit anything below this point
 # -------------------------------------------------------------------------
 CC	= gcc
-
 PLATFORMCFLAGS=	-Dfreebsd
--- a/include/regex.h
+++ b/include/regex.h
--- a/libraries/libldap/Make-template
+++ b/libraries/libldap/Make-template
@@ -17,13 +17,13 @@ LDAPSRC	= ../..

 SRCS	= bind.c open.c result.c error.c compare.c search.c \
 	modify.c add.c modrdn.c delete.c abandon.c ufn.c cache.c \
-	getfilter.c regex.c sbind.c kbind.c unbind.c friendly.c cldap.c \
+	getfilter.c sbind.c kbind.c unbind.c friendly.c cldap.c \
 	free.c disptmpl.c srchpref.c dsparse.c tmplout.c sort.c \
 	getdn.c getentry.c getattr.c getvalues.c addentry.c \
 	request.c getdxbyname.c os-ip.c url.c charset.c
 OBJS	= bind.o open.o result.o error.o compare.o search.o \
 	modify.o add.o modrdn.o delete.o abandon.o ufn.o cache.o \
-	getfilter.o regex.o sbind.o kbind.o unbind.o friendly.o cldap.o \
+	getfilter.o sbind.o kbind.o unbind.o friendly.o cldap.o \
 	free.o disptmpl.o srchpref.o dsparse.o tmplout.o sort.o \
 	getdn.o getentry.o getattr.o getvalues.o addentry.o \
 	request.o getdxbyname.o os-ip.o url.o charset.o
@@ -31,8 +31,7 @@ OBJS	= bind.o open.o result.o error.o compare.o search.o \
 HDIR	= ../../include

 INCLUDES= -I$(HDIR) $(KRBINCLUDEFLAG)
-DEFINES	= $(DEFS) -DFILTERFILE="\"$(RUNTIMEETCDIR)/ldapfilter.conf\"" \
-	-DTEMPLATEFILE="\"$(RUNTIMEETCDIR)/ldaptemplates.conf\""
+DEFINES	= $(DEFS)

 CFLAGS	= $(INCLUDES) $(DEFINES) $(ACFLAGS)
 LIBS	= -L. -L../liblber -lldap -llber $(KRBLIBFLAG) $(KRBLIBS) $(ALIBS)
@@ -62,20 +61,20 @@ version.c:	$(OBJS)
 	< Version.c > $@)

 install:	libldap.a ldapfilter.conf ldapfriendly ldaptemplates.conf ldapsearchprefs.conf FORCE
-	-$(MKDIR) -p $(LIBDIR)
-	$(INSTALL) $(INSTALLFLAGS) -m 644 libldap.a $(LIBDIR)
+	-$(MKDIR) -p $(LDAP_LIBDIR) $(LDAP_ETCDIR)
+	$(INSTALL) $(INSTALLFLAGS) -m 644 libldap.a $(LDAP_LIBDIR)
 	@if [ ! -z "$(RANLIB)" ]; then \
-		(cd /tmp; $(RANLIB) $(LIBDIR)/libldap.a) \
+		(cd /tmp; $(RANLIB) $(LDAP_LIBDIR)/libldap.a) \
 	fi
-	-$(MKDIR) -p $(ETCDIR)
-	-$(MV) $(ETCDIR)/ldapfriendly $(ETCDIR)/ldapfriendly-
-	$(INSTALL) $(INSTALLFLAGS) -m 644 ldapfriendly $(ETCDIR)
-	-$(MV) $(ETCDIR)/ldapfilter.conf $(ETCDIR)/ldapfilter.conf-
-	$(INSTALL) $(INSTALLFLAGS) -m 644 ldapfilter.conf $(ETCDIR)
-	-$(MV) $(ETCDIR)/ldaptemplates.conf $(ETCDIR)/ldaptemplates.conf-
-	$(INSTALL) $(INSTALLFLAGS) -m 644 ldaptemplates.conf $(ETCDIR)
-	-$(MV) $(ETCDIR)/ldapsearchprefs.conf $(ETCDIR)/ldapsearchprefs.conf-
-	$(INSTALL) $(INSTALLFLAGS) -m 644 ldapsearchprefs.conf $(ETCDIR)
+	-$(MKDIR) -p $(LDAP_ETCDIR)
+	-$(MV) $(LDAP_ETCDIR)/ldapfriendly $(LDAP_ETCDIR)/ldapfriendly-
+	$(INSTALL) $(INSTALLFLAGS) -m 644 ldapfriendly $(LDAP_ETCDIR)
+	-$(MV) $(LDAP_ETCDIR)/ldapfilter.conf $(LDAP_ETCDIR)/ldapfilter.conf-
+	$(INSTALL) $(INSTALLFLAGS) -m 644 ldapfilter.conf $(LDAP_ETCDIR)
+	-$(MV) $(LDAP_ETCDIR)/ldaptemplates.conf $(LDAP_ETCDIR)/ldaptemplates.conf-
+	$(INSTALL) $(INSTALLFLAGS) -m 644 ldaptemplates.conf $(LDAP_ETCDIR)
+	-$(MV) $(LDAP_ETCDIR)/ldapsearchprefs.conf $(LDAP_ETCDIR)/ldapsearchprefs.conf-
+	$(INSTALL) $(INSTALLFLAGS) -m 644 ldapsearchprefs.conf $(LDAP_ETCDIR)

 lint:	FORCE
 	$(LINT) $(INCLUDES) $(DEFINES) $(SRCS)
@@ -93,51 +92,3 @@ links:
 	@$(LN) .src/*.[ch] .src/ldapfriendly .src/ldapfilter.conf \
 		.src/ldaptemplates.conf .src/ldapsearchprefs.conf .

-# DO NOT DELETE THIS LINE -- mkdep uses it.
-# DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY.
-
-bind.o: bind.c ../../include/lber.h ../../include/ldap.h
-open.o: open.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-result.o: result.c ../../include/portable.h ../../include/lber.h
-result.o: ../../include/ldap.h ldap-int.h
-error.o: error.c ../../include/lber.h ../../include/ldap.h
-compare.o: compare.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-search.o: search.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-modify.o: modify.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-add.o: add.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-modrdn.o: modrdn.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-delete.o: delete.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-abandon.o: abandon.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-ufn.o: ufn.c ../../include/lber.h ../../include/ldap.h
-cache.o: cache.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-getfilter.o: getfilter.c ../../include/lber.h ../../include/ldap.h
-getfilter.o: ../../include/regex.h
-regex.o: regex.c ../../include/portable.h
-sbind.o: sbind.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-kbind.o: kbind.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-unbind.o: unbind.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-friendly.o: friendly.c ../../include/lber.h ../../include/ldap.h
-cldap.o: cldap.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-free.o: free.c ../../include/lber.h ../../include/ldap.h
-disptmpl.o: disptmpl.c ../../include/lber.h ../../include/ldap.h
-disptmpl.o: ../../include/disptmpl.h
-srchpref.o: srchpref.c ../../include/lber.h ../../include/ldap.h
-srchpref.o: ../../include/srchpref.h
-dsparse.o: dsparse.c ../../include/lber.h ../../include/ldap.h
-tmplout.o: tmplout.c ../../include/lber.h ../../include/ldap.h
-tmplout.o: ../../include/disptmpl.h
-sort.o: sort.c ../../include/lber.h ../../include/ldap.h
-getdn.o: getdn.c ../../include/lber.h ../../include/ldap.h
-getentry.o: getentry.c ../../include/lber.h ../../include/ldap.h
-getattr.o: getattr.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-getvalues.o: getvalues.c ../../include/lber.h ../../include/ldap.h
-addentry.o: addentry.c ../../include/lber.h ../../include/ldap.h
-request.o: request.c ../../include/portable.h ../../include/lber.h
-request.o: ../../include/ldap.h ldap-int.h
-getdxbyname.o: getdxbyname.c
-os-ip.o: os-ip.c ../../include/portable.h ../../include/lber.h
-os-ip.o: ../../include/ldap.h
-url.o: url.c ../../include/lber.h ../../include/ldap.h ldap-int.h
-charset.o: charset.c
-
-# IF YOU PUT ANYTHING HERE IT WILL GO AWAY
--- a/libraries/libldap/getfilter.c
+++ b/libraries/libldap/getfilter.c
@@ -10,13 +10,13 @@ static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of
 #endif

 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
-#if defined(NeXT)
+#include <sys/types.h>
 #include <regex.h>
-#endif
+
 #ifdef MACOS
-#include <stdlib.h>
 #include "macos.h"
 #else /* MACOS */
 #ifdef DOS
@@ -25,7 +25,6 @@ static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of
 #else /* DOS */
 #include <sys/types.h>
 #include <sys/file.h>
-#include <stdlib.h>
 #include <sys/errno.h>
 #ifndef VMS
 #include <unistd.h>
@@ -35,7 +34,6 @@ static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of

 #include "lber.h"
 #include "ldap.h"
-#include "regex.h"

 #ifdef NEEDPROTOS
 static int break_into_words( char *str, char *delims, char ***wordsp );
@@ -49,7 +47,6 @@ void free_strarray();

 #if !defined( MACOS ) && !defined( DOS )
 extern int	errno;
-extern char	*re_comp();
 #endif

 #define FILT_MAX_LINE_LEN	1024
@@ -107,8 +104,10 @@ ldap_init_getfilter_buf( char *buf, long buflen )
    LDAPFiltDesc	*lfdp;
    LDAPFiltList	*flp, *nextflp;
    LDAPFiltInfo	*fip, *nextfip;
-    char		*tag, **tok;
-    int			tokcnt, i;
+    char			*tag, **tok;
+    int				tokcnt, i;
+	int				rc;
+	regex_t			re;

    if (( lfdp = (LDAPFiltDesc *)calloc( 1, sizeof( LDAPFiltDesc))) == NULL ) {
 	return( NULL );
@@ -138,11 +137,13 @@ ldap_init_getfilter_buf( char *buf, long buflen )
 	    }
 	    nextflp->lfl_tag = strdup( tag );
 	    nextflp->lfl_pattern = tok[ 0 ];
-	    if ( re_comp( nextflp->lfl_pattern ) != NULL ) {
+	    if ( (rc = regcomp( &re, nextflp->lfl_pattern, 0 )) != 0 ) {
 #ifndef NO_USERINTERFACE
+		char error[512];
+		regerror(rc, &re, error, sizeof(error));
 		ldap_getfilter_free( lfdp );
-		fprintf( stderr, "bad regular expresssion %s\n",
-			nextflp->lfl_pattern );
+		fprintf( stderr, "bad regular expresssion %s, %s\n",
+			nextflp->lfl_pattern, error );
 #if !defined( MACOS ) && !defined( DOS )
 		errno = EINVAL;
 #endif
@@ -150,6 +151,7 @@ ldap_init_getfilter_buf( char *buf, long buflen )
 		free_strarray( tok );
 		return( NULL );
 	    }
+		regfree(&re);
 		
 	    nextflp->lfl_delims = tok[ 1 ];
 	    nextflp->lfl_ilist = NULL;
@@ -247,6 +249,8 @@ LDAPFiltInfo *
 ldap_getfirstfilter( LDAPFiltDesc *lfdp, char *tagpat, char *value )
 {
    LDAPFiltList	*flp;
+	int				rc;
+	regex_t			re;

    if ( lfdp->lfd_curvalcopy != NULL ) {
 	free( lfdp->lfd_curvalcopy );
@@ -256,13 +260,30 @@ ldap_getfirstfilter( LDAPFiltDesc *lfdp, char *tagpat, char *value )
    lfdp->lfd_curval = value;
    lfdp->lfd_curfip = NULL;

-    for ( flp = lfdp->lfd_filtlist; flp != NULL; flp = flp->lfl_next ) {
-	if ( re_comp( tagpat ) == NULL && re_exec( flp->lfl_tag ) == 1
-		&& re_comp( flp->lfl_pattern ) == NULL
-		&& re_exec( lfdp->lfd_curval ) == 1 ) {
-	    lfdp->lfd_curfip = flp->lfl_ilist;
-	    break;
-	}
+	for ( flp = lfdp->lfd_filtlist; flp != NULL; flp = flp->lfl_next ) {
+		/* compile tagpat, continue if we fail */
+		if (regcomp(&re, tagpat, 0) != 0)
+			continue;
+
+		/* match tagpatern and tag, continue if we fail */
+		rc = regexec(&re, flp->lfl_tag, 0, NULL, 0);
+		regfree(&re);
+		if (rc != 0)
+			continue;
+
+		/* compile flp->ifl_pattern, continue if we fail */
+		if (regcomp(&re, flp->lfl_pattern, 0) != 0)
+			continue;
+
+		/* match ifl_pattern and lfd_curval, continue if we fail */
+		rc = regexec(&re, lfdp->lfd_curval, 0, NULL, 0);
+		regfree(&re);
+		if (rc != 0)
+			continue;
+
+		/* we successfully compiled both patterns and matched both values */
+		lfdp->lfd_curfip = flp->lfl_ilist;
+		break;
    }

    if ( lfdp->lfd_curfip == NULL ) {

--- a/libraries/libldap/regex.c
+++ b/libraries/libldap/regex.c
--- a/servers/slapd/Make-template
+++ b/servers/slapd/Make-template
@@ -21,23 +21,24 @@ SRCS	= main.c daemon.c connection.c search.c filter.c add.c charray.c \
 		attr.c entry.c config.c backend.c result.c operation.c \
 		dn.c compare.c modify.c delete.c modrdn.c ch_malloc.c \
 		value.c ava.c bind.c unbind.c abandon.c filterentry.c \
-		phonetic.c regex.c acl.c str2filter.c aclparse.c init.c \
+		phonetic.c acl.c str2filter.c aclparse.c init.c \
 		detach.c strdup.c tempnam.c repl.c lock.c \
 		schema.c schemaparse.c monitor.c configinfo.c
 OBJS	= main.o daemon.o connection.o search.o filter.o add.o charray.o \
 		attr.o entry.o config.o backend.o result.o operation.o \
 		dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \
 		value.o ava.o bind.o unbind.o abandon.o filterentry.o \
-		phonetic.o regex.o acl.o str2filter.o aclparse.o init.o \
+		phonetic.o acl.o str2filter.o aclparse.o init.o \
 		detach.o strdup.o tempnam.o repl.o lock.o \
 		schema.o schemaparse.o monitor.o configinfo.o

 INCLUDES= -I. -I$(HDIR) $(KRBINCLUDEFLAG)
-DEFINES = $(DEFS) $(SERVERDEFS)
+DEFINES = $(DEFS) $(LDAP_CRYPT) $(LDAP_TCP_WRAPPERS) $(SERVERDEFS)
 CFLAGS	= $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS) $(THREADS)
 LDFLAGS	= -L$(LDIR) $(KRBLIBFLAG)
-LIBS	= $(KRBLIBS) -llber -lldbm -lavl -llthread -lldif $(THREADSLIB) \
-		$(LDBMLIB) $(ALIBS)
+LIBS	= $(KRBLIBS) -llber -lldbm -lavl -llthread -lldif \
+		$(REGEXLIB) $(THREADSLIB) \
+		$(LDBMLIB) $(LDAP_CRYPT_LIB) $(LDAP_TCP_WRAPPERS_LIB) $(ALIBS)

 all: FORCE
 	@if [ -z "$(MAKESLAPD)" ]; then \
@@ -100,26 +101,27 @@ version.c: libbackends.a $(OBJS) $(LDIR)/liblber/liblber.a \
 	-e "s|%VERSION%|$${v}|" \
 	< Version.c > $@)

-install: all $(ETCDIR) $(ETCDIR)/slapd $(ETCDIR)/slapd.conf \
-		$(ETCDIR)/slapd.at.conf $(ETCDIR)/slapd.oc.conf \
+install: all $(LDAP_LIBEXECDIR) $(LDAP_LIBEXECDIR)/slapd \
+		$(LDAP_ETCDIR) $(LDAP_ETCDIR)/slapd.conf \
+		$(LDAP_ETCDIR)/slapd.at.conf $(LDAP_ETCDIR)/slapd.oc.conf \
 		install-tools

-$(ETCDIR)/slapd:	slapd
-	$(INSTALL) $(INSTALLFLAGS) -m 755 slapd $(ETCDIR)
+$(LDAP_LIBEXECDIR)/slapd:	slapd
+	$(INSTALL) $(INSTALLFLAGS) -m 755 slapd $(LDAP_LIBEXECDIR)

-$(ETCDIR)/slapd.conf:	slapd.conf
-	$(SED) -e 's;%ETCDIR%;$(RUNTIMEETCDIR);' slapd.conf > /tmp/slapd.$$
-	-$(MV) $(ETCDIR)/slapd.conf $(ETCDIR)/slapd.conf-
-	$(INSTALL) $(INSTALLFLAGS) -m 644 /tmp/slapd.$$ $(ETCDIR)/slapd.conf
+$(LDAP_ETCDIR)/slapd.conf:	slapd.conf
+	$(SED) -e 's;%ETCDIR%;$(LDAP_ETCDIR);' slapd.conf > /tmp/slapd.$$
+	-$(MV) $(LDAP_ETCDIR)/slapd.conf $(LDAP_ETCDIR)/slapd.conf-
+	$(INSTALL) $(INSTALLFLAGS) -m 644 /tmp/slapd.$$ $(LDAP_ETCDIR)/slapd.conf
 	$(RM) -f /tmp/slapd.$$

-$(ETCDIR)/slapd.at.conf:	slapd.at.conf
-	-$(MV) $(ETCDIR)/slapd.at.conf $(ETCDIR)/slapd.at.conf-
-	$(INSTALL) $(INSTALLFLAGS) -m 644 slapd.at.conf $(ETCDIR)
+$(LDAP_ETCDIR)/slapd.at.conf:	slapd.at.conf
+	-$(MV) $(LDAP_ETCDIR)/slapd.at.conf $(LDAP_ETCDIR)/slapd.at.conf-
+	$(INSTALL) $(INSTALLFLAGS) -m 644 slapd.at.conf $(LDAP_ETCDIR)

-$(ETCDIR)/slapd.oc.conf:	slapd.oc.conf
-	-$(MV) $(ETCDIR)/slapd.oc.conf $(ETCDIR)/slapd.oc.conf-
-	$(INSTALL) $(INSTALLFLAGS) -m 644 slapd.oc.conf $(ETCDIR)
+$(LDAP_ETCDIR)/slapd.oc.conf:	slapd.oc.conf
+	-$(MV) $(LDAP_ETCDIR)/slapd.oc.conf $(LDAP_ETCDIR)/slapd.oc.conf-
+	$(INSTALL) $(INSTALLFLAGS) -m 644 slapd.oc.conf $(LDAP_ETCDIR)

 install-tools: FORCE
 	(cd tools; $(MAKE) $(MFLAGS) install)
@@ -164,103 +166,3 @@ links:
 	    fi; \
 	done; 

-
-# DO NOT DELETE THIS LINE -- mkdep uses it.
-# DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY.
-
-main.o: main.c ../../include/portable.h slap.h ../../include/avl.h
-main.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
-main.o: ../../include/ldif.h ../../include/ldapconfig.h
-daemon.o: daemon.c slap.h ../../include/avl.h ../../include/lber.h
-daemon.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-daemon.o: ../../include/portable.h ../../include/ldapconfig.h
-connection.o: connection.c ../../include/portable.h slap.h ../../include/avl.h
-connection.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
-connection.o: ../../include/ldif.h
-search.o: search.c slap.h ../../include/avl.h ../../include/lber.h
-search.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-search.o: ../../include/ldapconfig.h
-filter.o: filter.c slap.h ../../include/avl.h ../../include/lber.h
-filter.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-add.o: add.c slap.h ../../include/avl.h ../../include/lber.h
-add.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-charray.o: charray.c slap.h ../../include/avl.h ../../include/lber.h
-charray.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-attr.o: attr.c ../../include/portable.h slap.h ../../include/avl.h
-attr.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
-attr.o: ../../include/ldif.h
-entry.o: entry.c slap.h ../../include/avl.h ../../include/lber.h
-entry.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-config.o: config.c slap.h ../../include/avl.h ../../include/lber.h
-config.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-config.o: ../../include/ldapconfig.h
-backend.o: backend.c slap.h ../../include/avl.h ../../include/lber.h
-backend.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-result.o: result.c ../../include/portable.h slap.h ../../include/avl.h
-result.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
-result.o: ../../include/ldif.h
-operation.o: operation.c slap.h ../../include/avl.h ../../include/lber.h
-operation.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-dn.o: dn.c ../../include/portable.h slap.h ../../include/avl.h
-dn.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
-dn.o: ../../include/ldif.h
-compare.o: compare.c slap.h ../../include/avl.h ../../include/lber.h
-compare.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-modify.o: modify.c slap.h ../../include/avl.h ../../include/lber.h
-modify.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-delete.o: delete.c slap.h ../../include/avl.h ../../include/lber.h
-delete.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-modrdn.o: modrdn.c slap.h ../../include/avl.h ../../include/lber.h
-modrdn.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-ch_malloc.o: ch_malloc.c slap.h ../../include/avl.h ../../include/lber.h
-ch_malloc.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-value.o: value.c ../../include/portable.h slap.h ../../include/avl.h
-value.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
-value.o: ../../include/ldif.h
-ava.o: ava.c slap.h ../../include/avl.h ../../include/lber.h
-ava.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-bind.o: bind.c slap.h ../../include/avl.h ../../include/lber.h
-bind.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-unbind.o: unbind.c slap.h ../../include/avl.h ../../include/lber.h
-unbind.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-abandon.o: abandon.c slap.h ../../include/avl.h ../../include/lber.h
-abandon.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-filterentry.o: filterentry.c ../../include/regex.h slap.h ../../include/avl.h
-filterentry.o: ../../include/lber.h ../../include/ldap.h
-filterentry.o: ../../include/lthread.h ../../include/ldif.h
-phonetic.o: phonetic.c ../../include/portable.h slap.h ../../include/avl.h
-phonetic.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
-phonetic.o: ../../include/ldif.h
-regex.o: regex.c ../../include/portable.h
-acl.o: acl.c ../../include/regex.h slap.h ../../include/avl.h
-acl.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
-acl.o: ../../include/ldif.h
-str2filter.o: str2filter.c slap.h ../../include/avl.h ../../include/lber.h
-str2filter.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-aclparse.o: aclparse.c ../../include/regex.h slap.h ../../include/avl.h
-aclparse.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
-aclparse.o: ../../include/ldif.h ../../include/portable.h
-init.o: init.c ../../include/portable.h slap.h ../../include/avl.h
-init.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
-init.o: ../../include/ldif.h
-detach.o: detach.c ../../include/portable.h
-strdup.o: strdup.c
-tempnam.o: tempnam.c
-repl.o: repl.c slap.h ../../include/avl.h ../../include/lber.h
-repl.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-lock.o: lock.c ../../include/portable.h slap.h ../../include/avl.h
-lock.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
-lock.o: ../../include/ldif.h
-schema.o: schema.c slap.h ../../include/avl.h ../../include/lber.h
-schema.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-schemaparse.o: schemaparse.c slap.h ../../include/avl.h ../../include/lber.h
-schemaparse.o: ../../include/ldap.h ../../include/lthread.h
-schemaparse.o: ../../include/ldif.h
-monitor.o: monitor.c slap.h ../../include/avl.h ../../include/lber.h
-monitor.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-monitor.o: ../../include/ldapconfig.h
-configinfo.o: configinfo.c slap.h ../../include/avl.h ../../include/lber.h
-configinfo.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
-configinfo.o: ../../include/ldapconfig.h
-
-# IF YOU PUT ANYTHING HERE IT WILL GO AWAY
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -6,15 +6,11 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <netdb.h>
-#ifdef sunos5
-#include "regexpr.h"
-#else
-#include "regex.h"
-#endif
+#include <regex.h>
+
 #include "slap.h"

 extern Attribute	*attr_find();
-extern char		*re_comp();
 extern struct acl	*global_acl;
 extern int		global_default_access;
 extern char		*access2str();
@@ -26,7 +22,10 @@ struct acl	*acl_get_applicable();

 static int	regex_matches();

-extern pthread_mutex_t	regex_mutex;
+static string_expand(char *newbuf, int bufsiz, char *pattern,
+	char *match, regmatch_t *matches);
+
+extern Entry * be_dn2entry(Backend *be, char *bdn, char **matched);

 /*
 * access_allowed - check whether dn is allowed the requested access
@@ -51,15 +50,57 @@ access_allowed(
    int			access
 )
 {
-	int		rc;
-	struct acl	*a;
+	int				rc;
+	struct acl		*a;
+	char            *edn;
+
+	regmatch_t       matches[MAXREMATCHES];
+	int              i;
+	int              n;

 	if ( be == NULL ) {
 		return( 0 );
 	}

-	a = acl_get_applicable( be, op, e, attr );
-	rc = acl_access_allowed( a, be, conn, e, val, op, access );
+	edn = dn_normalize_case( strdup( e->e_dn ) );
+	Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: entry (%s) attr (%s)\n",
+		e->e_dn, attr, 0 );
+
+	/* the lastmod attributes are ignored by ACL checking */
+	if ( strcasecmp( attr, "modifiersname" ) == 0 ||
+		strcasecmp( attr, "modifytimestamp" ) == 0 ||
+		strcasecmp( attr, "creatorsname" ) == 0 ||
+		strcasecmp( attr, "createtimestamp" ) == 0 )
+	{
+ 		Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
+			attr, 0, 0 );
+		free( edn );
+		return(1);
+	}
+
+	memset(matches, 0, sizeof(matches));
+
+	a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
+
+	if (a) {
+		for (i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++) {
+			Debug( LDAP_DEBUG_ARGS, "=> match[%d]: %d %d ",
+				i, matches[i].rm_so, matches[i].rm_eo );
+
+			if( matches[i].rm_so <= matches[0].rm_eo ) {
+				for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++) {
+					Debug( LDAP_DEBUG_ARGS, "%c", edn[n], 0, 0 );
+				}
+			}
+			Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
+		}
+	}
+
+	rc = acl_access_allowed( a, be, conn, e, val, op, access, edn, matches );
+	free( edn );
+
+	Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: exit (%s) attr (%s)\n",
+		e->e_dn, attr, 0);

 	return( rc );
 }
@@ -75,15 +116,17 @@ acl_get_applicable(
    Backend		*be,
    Operation		*op,
    Entry		*e,
-    char		*attr
+    char		*attr,
+    char		*edn,
+    int			nmatch,
+    regmatch_t	*matches
 )
 {
-	int		i;
+	int		i, j;
 	struct acl	*a;
-	char		*edn;

-	Debug( LDAP_DEBUG_ACL, "=> acl_get: entry (%s) attr (%s)\n", e->e_dn,
-	    attr, 0 );
+	Debug( LDAP_DEBUG_ACL, "\n=> acl_get: entry (%s) attr (%s)\n",
+		e->e_dn, attr, 0 );

 	if ( be_isroot( be, op->o_dn ) ) {
 		Debug( LDAP_DEBUG_ACL,
@@ -92,55 +135,73 @@ acl_get_applicable(
 		return( NULL );
 	}

+	Debug( LDAP_DEBUG_ARGS, "=> acl_get: edn %s\n", edn, 0, 0 );
+
 	/* check for a backend-specific acl that matches the entry */
 	for ( i = 1, a = be->be_acl; a != NULL; a = a->acl_next, i++ ) {
-		if ( a->acl_dnpat != NULL ) {
-			edn = dn_normalize_case( strdup( e->e_dn ) );
-			if ( ! regex_matches( a->acl_dnpat, edn ) ) {
-				free( edn );
+		if (a->acl_dnpat != NULL) {
+			Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n", 
+				i, a->acl_dnpat, a->acl_dnre.re_nsub);
+
+			if (regexec(&a->acl_dnre, edn, nmatch, matches, 0))
 				continue;
-			}
-			free( edn );
+			else
+				Debug( LDAP_DEBUG_TRACE, "=> acl_get:[%d]  backend ACL match\n",
+					i, 0, 0);
 		}
+
 		if ( a->acl_filter != NULL ) {
-			if ( test_filter( NULL, NULL, NULL, e, a->acl_filter )
-			    != 0 ) {
+			if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) {
 				continue;
 			}
 		}
+
+        Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr %s\n", i, attr, 0);
+
 		if ( attr == NULL || a->acl_attrs == NULL ||
-		    charray_inlist( a->acl_attrs, attr ) ) {
-			Debug( LDAP_DEBUG_ACL, "<= acl_get: backend acl #%d\n",
-			    i, e->e_dn, attr );
+			charray_inlist( a->acl_attrs, attr ) )
+		{
+			Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] backend acl %s attr: %s\n",
+				i, e->e_dn, attr );
 			return( a );
 		}
+		matches[0].rm_so = matches[0].rm_eo = -1;
 	}

 	/* check for a global acl that matches the entry */
 	for ( i = 1, a = global_acl; a != NULL; a = a->acl_next, i++ ) {
-		if ( a->acl_dnpat != NULL ) {
-			edn = dn_normalize_case( strdup( e->e_dn ) );
-			if ( ! regex_matches( a->acl_dnpat, edn ) ) {
-				free( edn );
+		if (a->acl_dnpat != NULL) {
+			Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n", 
+				i, a->acl_dnpat, a->acl_dnre.re_nsub);
+
+			if (regexec(