From: Pierangelo Masarati <ando@openldap.org>
Date: Tue, 13 Feb 2007 23:41:20 +0000 (+0000)
Subject: partially fix ACI compatibility with OL2.1
X-Git-Tag: OPENLDAP_REL_ENG_2_3_34~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b37e82a811787b1e2bdba930ee6d7b9c0939d7db;p=thirdparty%2Fopenldap.git

partially fix ACI compatibility with OL2.1
---

diff --git a/CHANGES b/CHANGES
index 7d3ce53002..166c68eee2 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,7 @@ OpenLDAP 2.3.34 Engineering
 	Fixed ldapmodify printing error from ldap_result() (ITS#4812)
 	Fixed slapadd LDIF parsing (ITS#4817)
 	Fixed slapd syncrepl memory leaks (ITS#4805)
+	Fixed slapd dynacl/ACI compatibility with 2.1
 	Fixed slapd-bdb/hdb be_entry_get with aliases/referrals (ITS#4810)
 	Fixed slapd-ldap more response handling bugs (ITS#4782)
 	Fixed slapd-ldap C-API code tests (ITS#4808)
diff --git a/servers/slapd/aci.c b/servers/slapd/aci.c
index 1882f15e77..24b33bf2a5 100644
--- a/servers/slapd/aci.c
+++ b/servers/slapd/aci.c
@@ -291,10 +291,8 @@ aci_list_get_rights(
 	slap_access_t	*mask;
 	int		i, found;
 
-	if ( attr == NULL || BER_BVISEMPTY( attr )
-			|| ber_bvstrcasecmp( attr, &aci_bv[ ACI_BV_ENTRY ] ) == 0 )
-	{
-		attr = &aci_bv[ ACI_BV_BR_ENTRY ];
+	if ( attr == NULL || BER_BVISEMPTY( attr ) ) {
+		attr = &aci_bv[ ACI_BV_ENTRY ];
 	}
 
 	found = 0;
@@ -433,7 +431,7 @@ aci_mask(
 	   This routine now supports scope={ENTRY,CHILDREN}
 	   with the semantics:
 	     - ENTRY applies to "entry" and "subtree";
-	     - CHILDREN aplies to "children" and "subtree"
+	     - CHILDREN applies to "children" and "subtree"
 	 */
 
 	/* check that the aci has all 5 components */
@@ -1027,7 +1025,7 @@ bv_get_tail(
  *    action    := perms;attr[[;perms;attr]...]
  *    perms     := perm[[,perm]...]
  *    perm      := c|s|r|w|x
- *    attr      := attributeType|[all]
+ *    attr      := attributeType|"[all]"
  *    type      :=  public|users|self|dnattr|group|role|set|set-ref|
  *                  access_id|subtree|onelevel|children
  */
@@ -1110,6 +1108,11 @@ OpenLDAPaciValidateRight(
 				continue;
 			}
 
+			/* "[entry]" is tolerated for backward compatibility */
+			if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ENTRY ] ) == 0 ) {
+				continue;
+			}
+
 			if ( slap_bv2ad( &bv, &ad, &text ) != LDAP_SUCCESS ) {
 				return LDAP_INVALID_SYNTAX;
 			}
@@ -1167,6 +1170,10 @@ OpenLDAPaciNormalizeRight(
 			if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ALL ] ) == 0 ) {
 				bv = aci_bv[ ACI_BV_BR_ALL ];
 
+			/* "[entry]" is tolerated for backward compatibility */
+			} else if ( ber_bvstrcasecmp( &bv, &aci_bv[ ACI_BV_BR_ENTRY ] ) == 0 ) {
+				bv = aci_bv[ ACI_BV_ENTRY ];
+
 			} else {
 				AttributeDescription	*ad = NULL;
 				const char		*text = NULL;
@@ -1456,6 +1463,8 @@ OpenLDAPaciPrettyNormal(
 			freetype = 0;
 	char		*ptr;
 
+	BER_BVZERO( out );
+
 	if ( BER_BVISEMPTY( val ) ) {
 		return LDAP_INVALID_SYNTAX;
 	}
@@ -1626,7 +1635,7 @@ OpenLDAPaciPrettyNormal(
 	out->bv_len = 
 		oid.bv_len + STRLENOF( "#" )
 		+ scope.bv_len + STRLENOF( "#" )
-		+ rights.bv_len + STRLENOF( "#" )
+		+ nrights.bv_len + STRLENOF( "#" )
 		+ ntype.bv_len + STRLENOF( "#" )
 		+ nsubject.bv_len;