Commit 8866a28f authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

don't yell at regex styling that wraps all the suffix in a submatch

parent d993288e
...@@ -187,12 +187,14 @@ check_scope( BackendDB *be, AccessControl *a ) ...@@ -187,12 +187,14 @@ check_scope( BackendDB *be, AccessControl *a )
slap_style_t style = a->acl_dn_style; slap_style_t style = a->acl_dn_style;
if ( style == ACL_STYLE_REGEX ) { if ( style == ACL_STYLE_REGEX ) {
char dnbuf[SLAP_LDAPDN_MAXLEN + 2]; char dnbuf[SLAP_LDAPDN_MAXLEN + 2];
char rebuf[SLAP_LDAPDN_MAXLEN + 1]; char rebuf[SLAP_LDAPDN_MAXLEN + 1];
regex_t re; ber_len_t rebuflen;
int rc; regex_t re;
int rc;
/* add trailing '$' */ /* add trailing '$' to database suffix to form
* a simple trial regex pattern "<suffix>$" */
AC_MEMCPY( dnbuf, be->be_nsuffix[0].bv_val, AC_MEMCPY( dnbuf, be->be_nsuffix[0].bv_val,
be->be_nsuffix[0].bv_len ); be->be_nsuffix[0].bv_len );
dnbuf[be->be_nsuffix[0].bv_len] = '$'; dnbuf[be->be_nsuffix[0].bv_len] = '$';
...@@ -202,17 +204,26 @@ check_scope( BackendDB *be, AccessControl *a ) ...@@ -202,17 +204,26 @@ check_scope( BackendDB *be, AccessControl *a )
return ACL_SCOPE_WARN; return ACL_SCOPE_WARN;
} }
/* remove trailing '$' */ /* remove trailing ')$', if any, from original
AC_MEMCPY( rebuf, a->acl_dn_pat.bv_val, * regex pattern */
a->acl_dn_pat.bv_len + 1 ); rebuflen = a->acl_dn_pat.bv_len;
if ( a->acl_dn_pat.bv_val[a->acl_dn_pat.bv_len - 1] == '$' ) { AC_MEMCPY( rebuf, a->acl_dn_pat.bv_val, rebuflen + 1 );
rebuf[a->acl_dn_pat.bv_len - 1] = '\0'; if ( rebuf[rebuflen - 1] == '$' ) {
rebuf[--rebuflen] = '\0';
}
while ( rebuflen > be->be_nsuffix[0].bv_len && rebuf[rebuflen - 1] == ')' ) {
rebuf[--rebuflen] = '\0';
}
if ( rebuflen == be->be_nsuffix[0].bv_len ) {
rc = ACL_SCOPE_WARN;
goto regex_done;
} }
/* not a clear indication of scoping error, though */ /* not a clear indication of scoping error, though */
rc = regexec( &re, rebuf, 0, NULL, 0 ) rc = regexec( &re, rebuf, 0, NULL, 0 )
? ACL_SCOPE_WARN : ACL_SCOPE_OK; ? ACL_SCOPE_WARN : ACL_SCOPE_OK;
regex_done:;
regfree( &re ); regfree( &re );
return rc; return rc;
} }
...@@ -226,8 +237,8 @@ check_scope( BackendDB *be, AccessControl *a ) ...@@ -226,8 +237,8 @@ check_scope( BackendDB *be, AccessControl *a )
/* base is blatantly wrong */ /* base is blatantly wrong */
if ( style == ACL_STYLE_BASE ) return ACL_SCOPE_ERR; if ( style == ACL_STYLE_BASE ) return ACL_SCOPE_ERR;
/* one can be wrong if there is more /* a style of one can be wrong if there is
* than one level between the suffix * more than one level between the suffix
* and the pattern */ * and the pattern */
if ( style == ACL_STYLE_ONE ) { if ( style == ACL_STYLE_ONE ) {
int rdnlen = -1, sep = 0; int rdnlen = -1, sep = 0;
...@@ -1643,6 +1654,14 @@ parse_acl( ...@@ -1643,6 +1654,14 @@ parse_acl(
if ( be != NULL ) { if ( be != NULL ) {
#ifdef LDAP_DEVEL #ifdef LDAP_DEVEL
if ( !BER_BVISNULL( &be->be_nsuffix[ 1 ] ) ) {
fprintf( stderr, "%s: line %d: warning: "
"scope checking only applies to single-valued "
"suffix databases\n",
fname, lineno );
/* go ahead, since checking is not authoritative */
}
switch ( check_scope( be, a ) ) { switch ( check_scope( be, a ) ) {
case ACL_SCOPE_UNKNOWN: case ACL_SCOPE_UNKNOWN:
fprintf( stderr, "%s: line %d: warning: " fprintf( stderr, "%s: line %d: warning: "
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment