Author: nhosoi
Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/acl In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16936
Modified Files: acleffectiverights.c Log Message: Resolves: #456752 Summary: GER: supporting "dn" and extensible object class is missing Description: 1. Extensible object class cannot use the schema info. Evaluate existing attributes with no schema check. 2. dn is not an attribute belonging to an entry, but treat is as it is if it's given as a part of the attribute list.
Index: acleffectiverights.c =================================================================== RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acleffectiverights.c,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- acleffectiverights.c 23 Jul 2008 15:14:11 -0000 1.9 +++ acleffectiverights.c 28 Jul 2008 15:49:28 -0000 1.10 @@ -580,7 +580,6 @@ } \ }
- void _ger_get_attrs_rights ( Slapi_PBlock *gerpb, @@ -609,6 +608,7 @@ int hasplus = charray_inlist(attrs, "+"); Slapi_Attr *objclasses = NULL; Slapi_ValueSet *objclassvals = NULL; + int isextensibleobj = 0;
/* get all attrs available for the entry */ slapi_entry_attr_find(e, "objectclass", &objclasses); @@ -616,10 +616,18 @@ Slapi_Value *v; slapi_attr_get_valueset(objclasses, &objclassvals); i = slapi_valueset_first_value(objclassvals, &v); - if (-1 != i) { + if (-1 != i) + { + const char *ocname = NULL; allattrs = slapi_schema_list_objectclass_attributes( (const char *)v->bv.bv_val, SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED); + /* check if this entry is an extensble object or not */ + ocname = slapi_value_get_string(v); + if ( strcasecmp( ocname, "extensibleobject" ) == 0 ) + { + isextensibleobj = 1; + } /* add "aci" to the allattrs to adjust to do_search */ charray_add(&allattrs, slapi_attr_syntax_normalize("aci")); while (-1 != i) @@ -630,6 +638,12 @@ myattrs = slapi_schema_list_objectclass_attributes( (const char *)v->bv.bv_val, SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED); + /* check if this entry is an extensble object or not */ + ocname = slapi_value_get_string(v); + if ( strcasecmp( ocname, "extensibleobject" ) == 0 ) + { + isextensibleobj = 1; + } charray_merge_nodup(&allattrs, myattrs, 1/*copy_strs*/); charray_free(myattrs); } @@ -640,48 +654,61 @@ /* get operational attrs */ opattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_OPATTR);
- if (hasstar && hasplus) - { - GER_GET_ATTR_RIGHTS(allattrs); - GER_GET_ATTR_RIGHTS(opattrs); - } - else if (hasstar) + if (isextensibleobj) { - GER_GET_ATTR_RIGHTS(allattrs); - GER_GET_ATTR_RIGHTA_EXT('*', opattrs, allattrs); - } - else if (hasplus) - { - GER_GET_ATTR_RIGHTS(opattrs); - GER_GET_ATTR_RIGHTA_EXT('+', allattrs, opattrs); + for ( i = 0; attrs[i]; i++ ) + { + _ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i], gerstr, + gerstrsize, gerstrcap, isfirstattr, errbuf ); + isfirstattr = 0; + } } else { - for ( i = 0; attrs[i]; i++ ) + if (hasstar && hasplus) { - if (charray_inlist(allattrs, attrs[i]) || - charray_inlist(opattrs, attrs[i])) - { - _ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i], - gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf ); - isfirstattr = 0; - } - else + GER_GET_ATTR_RIGHTS(allattrs); + GER_GET_ATTR_RIGHTS(opattrs); + } + else if (hasstar) + { + GER_GET_ATTR_RIGHTS(allattrs); + GER_GET_ATTR_RIGHTA_EXT('*', opattrs, allattrs); + } + else if (hasplus) + { + GER_GET_ATTR_RIGHTS(opattrs); + GER_GET_ATTR_RIGHTA_EXT('+', allattrs, opattrs); + } + else + { + for ( i = 0; attrs[i]; i++ ) { - /* if the attr does not belong to the entry, - "<attr>:none" is returned */ - if (!isfirstattr) + if (charray_inlist(allattrs, attrs[i]) || + charray_inlist(opattrs, attrs[i]) || + (0 == strcasecmp(attrs[i], "dn"))) + { + _ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i], + gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf ); + isfirstattr = 0; + } + else { - _append_gerstr(gerstr, gerstrsize, gerstrcap, ", ", NULL); + /* if the attr does not belong to the entry, + "<attr>:none" is returned */ + if (!isfirstattr) + { + _append_gerstr(gerstr, gerstrsize, gerstrcap, ", ", NULL); + } + _append_gerstr(gerstr, gerstrsize, gerstrcap, attrs[i], ":"); + _append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL); + isfirstattr = 0; } - _append_gerstr(gerstr, gerstrsize, gerstrcap, attrs[i], ":"); - _append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL); - isfirstattr = 0; } } + charray_free(allattrs); + charray_free(opattrs); } - charray_free(allattrs); - charray_free(opattrs); } else {
389-commits@lists.fedoraproject.org