mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-03-07 14:18:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#6693 value dependent ACL didn't work when they were the first ACL

Browse Source
This commit is contained in:
Ralf Haferkamp 2010-11-15 16:27:56 +00:00
parent ba86259aa0
commit 66fa1f6198
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
servers/slapd/acl.c
View File

@ -220,7 +220,7 @@ slap_access_allowed(
state = &acl_state; state = &acl_state;
if ( state->as_desc == desc && if ( state->as_desc == desc &&
state->as_access == access && state->as_access == access &&
state->as_vd_acl != NULL ) state->as_vd_acl_present )
{ {
a = state->as_vd_acl; a = state->as_vd_acl;
count = state->as_vd_acl_count; count = state->as_vd_acl_count;
@ -405,7 +405,7 @@ access_allowed_mask(
if ( state->as_desc == desc && if ( state->as_desc == desc &&
state->as_access == access && state->as_access == access &&
state->as_result != -1 && state->as_result != -1 &&
state->as_vd_acl == NULL ) !state->as_vd_acl_present )
{ {
Debug( LDAP_DEBUG_ACL, Debug( LDAP_DEBUG_ACL,
"=> access_allowed: result was in cache (%s)\n", "=> access_allowed: result was in cache (%s)\n",
@ -615,7 +615,8 @@ slap_acl_get(
continue; continue;
} }
if ( state->as_vd_acl == NULL ) { if ( !state->as_vd_acl_present ) {
state->as_vd_acl_present = 1;
state->as_vd_acl = prev; state->as_vd_acl = prev;
state->as_vd_acl_count = *count - 1; state->as_vd_acl_count = *count - 1;
ACL_PRIV_ASSIGN ( state->as_vd_mask, *mask ); ACL_PRIV_ASSIGN ( state->as_vd_mask, *mask );
@ -714,7 +715,8 @@ slap_acl_get(
* Record value-dependent access control state * Record value-dependent access control state
*/ */
#define ACL_RECORD_VALUE_STATE do { \ #define ACL_RECORD_VALUE_STATE do { \
if( state && state->as_vd_acl == NULL ) { \ if( state && !state->as_vd_acl_present ) { \
state->as_vd_acl_present = 1; \
state->as_vd_acl = a; \ state->as_vd_acl = a; \
state->as_vd_acl_count = count; \ state->as_vd_acl_count = count; \
ACL_PRIV_ASSIGN( state->as_vd_mask, *mask ); \ ACL_PRIV_ASSIGN( state->as_vd_mask, *mask ); \

3
servers/slapd/slap.h
View File

@ -1557,6 +1557,7 @@ typedef struct AccessControlState {
/* Value dependent acl where processing can restart */ /* Value dependent acl where processing can restart */
AccessControl *as_vd_acl; AccessControl *as_vd_acl;
int as_vd_acl_present;
int as_vd_acl_count; int as_vd_acl_count;
slap_mask_t as_vd_mask; slap_mask_t as_vd_mask;
@ -1567,7 +1568,7 @@ typedef struct AccessControlState {
/* True if started to process frontend ACLs */ /* True if started to process frontend ACLs */
int as_fe_done; int as_fe_done;
} AccessControlState; } AccessControlState;
#define ACL_STATE_INIT { NULL, ACL_NONE, NULL, 0, ACL_PRIV_NONE, -1, 0 } #define ACL_STATE_INIT { NULL, ACL_NONE, NULL, 0, 0, ACL_PRIV_NONE, -1, 0 }
typedef struct AclRegexMatches { typedef struct AclRegexMatches {
int dn_count; int dn_count;