Commit f109f1eb authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

fix ITS#3140

parent d5367227
......@@ -72,7 +72,8 @@ static struct berval
aci_bv_group_class = BER_BVC(SLAPD_GROUP_CLASS),
aci_bv_group_attr = BER_BVC(SLAPD_GROUP_ATTR),
aci_bv_role_class = BER_BVC(SLAPD_ROLE_CLASS),
aci_bv_role_attr = BER_BVC(SLAPD_ROLE_ATTR);
aci_bv_role_attr = BER_BVC(SLAPD_ROLE_ATTR),
aci_bv_set_attr = BER_BVC(SLAPD_ACI_SET_ATTR);
static AccessControl * acl_get(
......@@ -1745,8 +1746,7 @@ aci_get_part(
char *p;
if (bv) {
bv->bv_len = 0;
bv->bv_val = NULL;
BER_BVZERO( bv );
}
len = list->bv_len;
p = list->bv_val;
......@@ -1805,63 +1805,62 @@ aci_match_set (
int setref
)
{
struct berval set = BER_BVNULL;
int rc = 0;
AciSetCookie cookie;
struct berval set = BER_BVNULL;
int rc = 0;
AciSetCookie cookie;
Operation op2 = *op;
op2.o_conn = NULL;
if (setref == 0) {
ber_dupbv_x( &set, subj, op->o_tmpmemctx );
ber_dupbv_x( &set, subj, op2.o_tmpmemctx );
} else {
struct berval subjdn, ndn = BER_BVNULL;
struct berval setat;
BerVarray bvals;
const char *text;
AttributeDescription *desc = NULL;
struct berval subjdn, ndn = BER_BVNULL;
struct berval setat;
BerVarray bvals;
const char *text;
AttributeDescription *desc = NULL;
/* format of string is "entry/setAttrName" */
if (aci_get_part(subj, 0, '/', &subjdn) < 0) {
if ( aci_get_part( subj, 0, '/', &subjdn ) < 0 ) {
return(0);
}
if ( aci_get_part(subj, 1, '/', &setat) < 0 ) {
setat.bv_val = SLAPD_ACI_SET_ATTR;
setat.bv_len = sizeof(SLAPD_ACI_SET_ATTR)-1;
if ( aci_get_part( subj, 1, '/', &setat ) < 0 ) {
setat = aci_bv_set_attr;
}
if ( setat.bv_val != NULL ) {
/*
* NOTE: dnNormalize honors the ber_len field
* as the length of the dn to be normalized
*/
if ( dnNormalize(0, NULL, NULL, &subjdn, &ndn, op->o_tmpmemctx) == LDAP_SUCCESS
&& slap_bv2ad(&setat, &desc, &text) == LDAP_SUCCESS )
/*
* NOTE: dnNormalize honors the ber_len field
* as the length of the dn to be normalized
*/
if ( slap_bv2ad( &setat, &desc, &text ) == LDAP_SUCCESS ) {
if ( dnNormalize( 0, NULL, NULL, &subjdn, &ndn, op2.o_tmpmemctx ) == LDAP_SUCCESS )
{
backend_attribute(op, e,
&ndn, desc, &bvals);
if ( bvals != NULL ) {
if ( bvals[0].bv_val != NULL ) {
int i;
set = bvals[0];
bvals[0].bv_val = NULL;
for (i=1;bvals[i].bv_val;i++);
bvals[0].bv_val = bvals[i-1].bv_val;
bvals[i-1].bv_val = NULL;
}
ber_bvarray_free_x(bvals, op->o_tmpmemctx);
backend_attribute( &op2, e, &ndn, desc, &bvals );
if ( bvals != NULL && !BER_BVISNULL( &bvals[0] ) ) {
int i;
set = bvals[0];
BER_BVZERO( &bvals[0] );
for ( i = 1; !BER_BVISNULL( &bvals[i] ); i++ );
bvals[0].bv_val = bvals[i-1].bv_val;
BER_BVZERO( &bvals[i-1] );
}
ber_bvarray_free_x( bvals, op2.o_tmpmemctx );
slap_sl_free( ndn.bv_val, op2.o_tmpmemctx );
}
if (ndn.bv_val)
free(ndn.bv_val);
}
}
if (set.bv_val != NULL) {
cookie.op = op;
if ( !BER_BVISNULL( &set ) ) {
cookie.op = &op2;
cookie.e = e;
rc = (slap_set_filter(aci_set_gather, (SetCookie *)&cookie, &set,
&op->o_ndn, &e->e_nname, NULL) > 0);
slap_sl_free(set.bv_val, op->o_tmpmemctx);
rc = ( slap_set_filter( aci_set_gather, (SetCookie *)&cookie, &set,
&op2.o_ndn, &e->e_nname, NULL ) > 0 );
slap_sl_free( set.bv_val, op2.o_tmpmemctx );
}
return(rc);
}
......
......@@ -143,7 +143,7 @@ check_scope( BackendDB *be, AccessControl *a )
dn = be->be_nsuffix[ 0 ];
if ( a->acl_dn_pat.bv_len || ( a->acl_dn_style != ACL_STYLE_REGEX ) ) {
if ( a->acl_dn_pat.bv_len || a->acl_dn_style != ACL_STYLE_REGEX ) {
slap_style_t style = a->acl_dn_style;
if ( style == ACL_STYLE_REGEX ) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment