[Fedora-directory-commits] ldapserver/ldap/servers/plugins/acl acleffectiverights.c, 1.9, 1.10

[Noriko Hosoi (nhosoi)]

Author: nhosoi

Update of /cvs/dirsec/ldapserver/ldap/servers/plugins/acl
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16936

Modified Files:
	acleffectiverights.c 
Log Message:
Resolves: #456752
Summary: GER: supporting "dn" and extensible object class is missing
Description: 
1. Extensible object class cannot use the schema info. Evaluate existing
attributes with no schema check.
2. dn is not an attribute belonging to an entry, but treat is as it is if it's
given as a part of the attribute list.



Index: acleffectiverights.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/servers/plugins/acl/acleffectiverights.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- acleffectiverights.c	23 Jul 2008 15:14:11 -0000	1.9
+++ acleffectiverights.c	28 Jul 2008 15:49:28 -0000	1.10
@@ -580,7 +580,6 @@
 		} \
 	}
 
-
 void
 _ger_get_attrs_rights (
 	Slapi_PBlock *gerpb,
@@ -609,6 +608,7 @@
 		int hasplus = charray_inlist(attrs, "+");
 		Slapi_Attr *objclasses = NULL;
 		Slapi_ValueSet *objclassvals = NULL;
+		int isextensibleobj = 0;
 
 		/* get all attrs available for the entry */
 		slapi_entry_attr_find(e, "objectclass", &objclasses);
@@ -616,10 +616,18 @@
 			Slapi_Value *v;
 			slapi_attr_get_valueset(objclasses, &objclassvals);
 			i = slapi_valueset_first_value(objclassvals, &v);
-			if (-1 != i) {
+			if (-1 != i)
+			{
+				const char *ocname = NULL;
 				allattrs = slapi_schema_list_objectclass_attributes(
 							(const char *)v->bv.bv_val,
 							SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED);
+				/* check if this entry is an extensble object or not */
+				ocname = slapi_value_get_string(v);
+				if ( strcasecmp( ocname, "extensibleobject" ) == 0 )
+				{
+					isextensibleobj = 1;
+				}
 				/* add "aci" to the allattrs to adjust to do_search */
 				charray_add(&allattrs, slapi_attr_syntax_normalize("aci"));
 				while (-1 != i)
@@ -630,6 +638,12 @@
 						myattrs = slapi_schema_list_objectclass_attributes(
 							(const char *)v->bv.bv_val,
 							SLAPI_OC_FLAG_REQUIRED|SLAPI_OC_FLAG_ALLOWED);
+						/* check if this entry is an extensble object or not */
+						ocname = slapi_value_get_string(v);
+						if ( strcasecmp( ocname, "extensibleobject" ) == 0 )
+						{
+							isextensibleobj = 1;
+						}
 						charray_merge_nodup(&allattrs, myattrs, 1/*copy_strs*/);
 						charray_free(myattrs);
 					}
@@ -640,48 +654,61 @@
 		/* get operational attrs */
 		opattrs = slapi_schema_list_attribute_names(SLAPI_ATTR_FLAG_OPATTR);
 
-		if (hasstar && hasplus)
-		{
-			GER_GET_ATTR_RIGHTS(allattrs);
-			GER_GET_ATTR_RIGHTS(opattrs);
-		}
-		else if (hasstar)
+		if (isextensibleobj)
 		{
-			GER_GET_ATTR_RIGHTS(allattrs);
-			GER_GET_ATTR_RIGHTA_EXT('*', opattrs, allattrs);
-		}
-		else if (hasplus)
-		{
-			GER_GET_ATTR_RIGHTS(opattrs);
-			GER_GET_ATTR_RIGHTA_EXT('+', allattrs, opattrs);
+			for ( i = 0; attrs[i]; i++ )
+			{
+				_ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i], gerstr, 
+								gerstrsize, gerstrcap, isfirstattr, errbuf );
+				isfirstattr = 0;
+			}
 		}
 		else
 		{
-			for ( i = 0; attrs[i]; i++ )
+			if (hasstar && hasplus)
 			{
-				if (charray_inlist(allattrs, attrs[i]) ||
-					charray_inlist(opattrs, attrs[i]))
-				{
-					_ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i],
-						gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf );
-					isfirstattr = 0;
-				}
-				else
+				GER_GET_ATTR_RIGHTS(allattrs);
+				GER_GET_ATTR_RIGHTS(opattrs);
+			}
+			else if (hasstar)
+			{
+				GER_GET_ATTR_RIGHTS(allattrs);
+				GER_GET_ATTR_RIGHTA_EXT('*', opattrs, allattrs);
+			}
+			else if (hasplus)
+			{
+				GER_GET_ATTR_RIGHTS(opattrs);
+				GER_GET_ATTR_RIGHTA_EXT('+', allattrs, opattrs);
+			}
+			else
+			{
+				for ( i = 0; attrs[i]; i++ )
 				{
-					/* if the attr does not belong to the entry,
-					   "<attr>:none" is returned */
-					if (!isfirstattr)
+					if (charray_inlist(allattrs, attrs[i]) ||
+						charray_inlist(opattrs, attrs[i]) ||
+						(0 == strcasecmp(attrs[i], "dn")))
+					{
+						_ger_get_attr_rights ( gerpb, e, subjectndn, attrs[i],
+							gerstr, gerstrsize, gerstrcap, isfirstattr, errbuf );
+						isfirstattr = 0;
+					}
+					else
 					{
-						_append_gerstr(gerstr, gerstrsize, gerstrcap, ", ", NULL);
+						/* if the attr does not belong to the entry,
+						   "<attr>:none" is returned */
+						if (!isfirstattr)
+						{
+							_append_gerstr(gerstr, gerstrsize, gerstrcap, ", ", NULL);
+						}
+						_append_gerstr(gerstr, gerstrsize, gerstrcap, attrs[i], ":");
+						_append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL);
+						isfirstattr = 0;
 					}
-					_append_gerstr(gerstr, gerstrsize, gerstrcap, attrs[i], ":");
-					_append_gerstr(gerstr, gerstrsize, gerstrcap, "none", NULL);
-					isfirstattr = 0;
 				}
 			}
+			charray_free(allattrs);
+			charray_free(opattrs);
 		}
-		charray_free(allattrs);
-		charray_free(opattrs);
 	}
 	else
 	{