Commit 66fa1f61 authored by Ralf Haferkamp's avatar Ralf Haferkamp
Browse files

ITS#6693 value dependent ACL didn't work when they were the first ACL

parent ba86259a
......@@ -220,7 +220,7 @@ slap_access_allowed(
state = &acl_state;
if ( state->as_desc == desc &&
state->as_access == access &&
state->as_vd_acl != NULL )
state->as_vd_acl_present )
{
a = state->as_vd_acl;
count = state->as_vd_acl_count;
......@@ -405,7 +405,7 @@ access_allowed_mask(
if ( state->as_desc == desc &&
state->as_access == access &&
state->as_result != -1 &&
state->as_vd_acl == NULL )
!state->as_vd_acl_present )
{
Debug( LDAP_DEBUG_ACL,
"=> access_allowed: result was in cache (%s)\n",
......@@ -615,7 +615,8 @@ slap_acl_get(
continue;
}
if ( state->as_vd_acl == NULL ) {
if ( !state->as_vd_acl_present ) {
state->as_vd_acl_present = 1;
state->as_vd_acl = prev;
state->as_vd_acl_count = *count - 1;
ACL_PRIV_ASSIGN ( state->as_vd_mask, *mask );
......@@ -714,7 +715,8 @@ slap_acl_get(
* Record value-dependent access control state
*/
#define ACL_RECORD_VALUE_STATE do { \
if( state && state->as_vd_acl == NULL ) { \
if( state && !state->as_vd_acl_present ) { \
state->as_vd_acl_present = 1; \
state->as_vd_acl = a; \
state->as_vd_acl_count = count; \
ACL_PRIV_ASSIGN( state->as_vd_mask, *mask ); \
......
......@@ -1557,6 +1557,7 @@ typedef struct AccessControlState {
/* Value dependent acl where processing can restart */
AccessControl *as_vd_acl;
int as_vd_acl_present;
int as_vd_acl_count;
slap_mask_t as_vd_mask;
......@@ -1567,7 +1568,7 @@ typedef struct AccessControlState {
/* True if started to process frontend ACLs */
int as_fe_done;
} AccessControlState;
#define ACL_STATE_INIT { NULL, ACL_NONE, NULL, 0, ACL_PRIV_NONE, -1, 0 }
#define ACL_STATE_INIT { NULL, ACL_NONE, NULL, 0, 0, ACL_PRIV_NONE, -1, 0 }
typedef struct AclRegexMatches {
int dn_count;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment