Pierangelo Masarati ando@sys-net.it wrote:
typedef struct AclRegexMatches { regmatch_t dn[MAXREMATCHES]; regmatch_t val[MAXREMATCHES];
You forgot nmatches in each case.
Right, then something like this?
typedef struct AclRegexMatches { int ndn; regmatch_t dn[MAXREMATCHES]; int nval; regmatch_t val[MAXREMATCHES]; }
This would probably be a good opportunity to define a common structure to be passed within ACL checking, as the list of arguments to those functions grew enough...
It seems that accross slap_acl_get() and slap_acl_mask(), one could gather the following fields in a single structure:
AccessControl *ac, Operation *op, Entry *e, AttributeDescription *desc, struct berval *val, int nmatch, regmatch_t *matches, AccessControlState *state,
How would it be called? Should we add more fields, make unions?
dynamic ACL. We cannot provide them values from attribute value without changing the API. I suggest we stick with the current API for now and improve that later if needed.
That would definitely deserve to be kept in sync with the built-in functions, although I understand it would break compatibility. We could define some means of versioning, and allow the old API for backward compatibility, while introducing a new API. Although, maybe it's not worth the effort.
Well, I suggest to first sort out the internal things, then we can work on external API.