mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-06 10:46:21 +08:00
the logic of this check was completely reversed; in case '*' is used, on't test the regula expression
This commit is contained in:
parent
b082ed9355
commit
ab6ad34692
@ -623,7 +623,7 @@ acl_mask(
|
||||
}
|
||||
|
||||
} else if ( b->a_dn_style == ACL_STYLE_REGEX ) {
|
||||
if ( ber_bvccmp( &b->a_dn_pat, '*' ) == 0 ) {
|
||||
if ( !ber_bvccmp( &b->a_dn_pat, '*' ) ) {
|
||||
int ret = regex_matches( &b->a_dn_pat,
|
||||
op->o_ndn.bv_val, e->e_ndn, matches );
|
||||
|
||||
@ -685,7 +685,7 @@ acl_mask(
|
||||
b->a_sockurl_pat.bv_val, 0, 0 );
|
||||
#endif
|
||||
|
||||
if ( ber_bvccmp( &b->a_sockurl_pat, '*' ) != 0) {
|
||||
if ( !ber_bvccmp( &b->a_sockurl_pat, '*' ) ) {
|
||||
if ( b->a_sockurl_style == ACL_STYLE_REGEX) {
|
||||
if (!regex_matches( &b->a_sockurl_pat, conn->c_listener_url.bv_val,
|
||||
e->e_ndn, matches ) )
|
||||
@ -708,7 +708,7 @@ acl_mask(
|
||||
Debug( LDAP_DEBUG_ACL, "<= check a_domain_pat: %s\n",
|
||||
b->a_domain_pat.bv_val, 0, 0 );
|
||||
#endif
|
||||
if ( ber_bvccmp( &b->a_domain_pat, '*' ) != 0) {
|
||||
if ( !ber_bvccmp( &b->a_domain_pat, '*' ) ) {
|
||||
if ( b->a_domain_style == ACL_STYLE_REGEX) {
|
||||
if (!regex_matches( &b->a_domain_pat, conn->c_peer_domain.bv_val,
|
||||
e->e_ndn, matches ) )
|
||||
@ -731,7 +731,7 @@ acl_mask(
|
||||
Debug( LDAP_DEBUG_ACL, "<= check a_peername_path: %s\n",
|
||||
b->a_peername_pat.bv_val, 0, 0 );
|
||||
#endif
|
||||
if ( ber_bvccmp( &b->a_peername_pat, '*' ) != 0) {
|
||||
if ( !ber_bvccmp( &b->a_peername_pat, '*' ) ) {
|
||||
if ( b->a_peername_style == ACL_STYLE_REGEX) {
|
||||
if (!regex_matches( &b->a_peername_pat, conn->c_peer_name.bv_val,
|
||||
e->e_ndn, matches ) )
|
||||
@ -754,7 +754,7 @@ acl_mask(
|
||||
Debug( LDAP_DEBUG_ACL, "<= check a_sockname_path: %s\n",
|
||||
b->a_sockname_pat.bv_val, 0, 0 );
|
||||
#endif
|
||||
if ( ber_bvccmp( &b->a_sockname_pat, '*' ) != 0) {
|
||||
if ( !ber_bvccmp( &b->a_sockname_pat, '*' ) ) {
|
||||
if ( b->a_sockname_style == ACL_STYLE_REGEX) {
|
||||
if (!regex_matches( &b->a_sockname_pat, conn->c_sock_name.bv_val,
|
||||
e->e_ndn, matches ) )
|
||||
|
@ -16,6 +16,7 @@
|
||||
#include <ac/unistd.h>
|
||||
|
||||
#include "slap.h"
|
||||
#include "lber_pvt.h"
|
||||
|
||||
static void split(char *line, int splitchar, char **left, char **right);
|
||||
static void access_append(Access **l, Access *a);
|
||||
@ -365,7 +366,9 @@ parse_acl(
|
||||
} else {
|
||||
bv.bv_val = right;
|
||||
acl_regex_normalized_dn( &bv );
|
||||
regtest(fname, lineno, bv.bv_val);
|
||||
if ( !ber_bvccmp( &bv, '*' ) ) {
|
||||
regtest(fname, lineno, bv.bv_val);
|
||||
}
|
||||
}
|
||||
} else if ( right == NULL || *right == '\0' ) {
|
||||
fprintf( stderr,
|
||||
@ -479,7 +482,9 @@ parse_acl(
|
||||
if (sty == ACL_STYLE_REGEX) {
|
||||
bv.bv_val = right;
|
||||
acl_regex_normalized_dn( &bv );
|
||||
regtest(fname, lineno, bv.bv_val);
|
||||
if ( !ber_bvccmp( &bv, '*' ) ) {
|
||||
regtest(fname, lineno, bv.bv_val);
|
||||
}
|
||||
b->a_group_pat = bv;
|
||||
} else {
|
||||
ber_str2bv( right, 0, 0, &bv );
|
||||
@ -605,7 +610,9 @@ parse_acl(
|
||||
if (sty == ACL_STYLE_REGEX) {
|
||||
bv.bv_val = right;
|
||||
acl_regex_normalized_dn( &bv );
|
||||
regtest(fname, lineno, bv.bv_val);
|
||||
if ( !ber_bvccmp( &bv, '*' ) ) {
|
||||
regtest(fname, lineno, bv.bv_val);
|
||||
}
|
||||
b->a_peername_pat = bv;
|
||||
} else {
|
||||
ber_str2bv( right, 0, 1, &b->a_peername_pat );
|
||||
@ -632,7 +639,9 @@ parse_acl(
|
||||
if (sty == ACL_STYLE_REGEX) {
|
||||
bv.bv_val = right;
|
||||
acl_regex_normalized_dn( &bv );
|
||||
regtest(fname, lineno, bv.bv_val);
|
||||
if ( !ber_bvccmp( &bv, '*' ) ) {
|
||||
regtest(fname, lineno, bv.bv_val);
|
||||
}
|
||||
b->a_sockname_pat = bv;
|
||||
} else {
|
||||
ber_str2bv( right, 0, 1, &b->a_sockname_pat );
|
||||
@ -659,7 +668,9 @@ parse_acl(
|
||||
if (sty == ACL_STYLE_REGEX) {
|
||||
bv.bv_val = right;
|
||||
acl_regex_normalized_dn( &bv );
|
||||
regtest(fname, lineno, bv.bv_val);
|
||||
if ( !ber_bvccmp( &bv, '*' ) ) {
|
||||
regtest(fname, lineno, bv.bv_val);
|
||||
}
|
||||
b->a_domain_pat = bv;
|
||||
} else {
|
||||
ber_str2bv( right, 0, 1, &b->a_domain_pat );
|
||||
@ -686,7 +697,9 @@ parse_acl(
|
||||
if (sty == ACL_STYLE_REGEX) {
|
||||
bv.bv_val = right;
|
||||
acl_regex_normalized_dn( &bv );
|
||||
regtest(fname, lineno, bv.bv_val);
|
||||
if ( !ber_bvccmp( &bv, '*' ) ) {
|
||||
regtest(fname, lineno, bv.bv_val);
|
||||
}
|
||||
b->a_sockurl_pat = bv;
|
||||
} else {
|
||||
ber_str2bv( right, 0, 1, &b->a_sockurl_pat );
|
||||
|
Loading…
Reference in New Issue
Block a user