[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#3877) Enhancement: openldapACIValidate implementation
On 25.07.2005, at 15:07, Pierangelo Masarati wrote:
> the patch looks fine. I'd suggest:
> 1) for the sake of code confinement, to move it to acl.c; in that
> case we
> might take advantage of this chance to rationalize the pletora of
> constant
> ACL string definitions in acl_bv_*...
> 2) why in bertok() don't you just use strchr()?
But if validate function is going to be implemented in acl.c,
it'll be more appropriate to use aci_get_part function.
So, one may forget about clumsy bertok
> 3) beware of escaping the delimiter char; there was recently an
> issue with
> ACIs that didn't parse correctly a DN containing a "#"; it is now
> fixed
> (in 2.3 for sure; not sure about 2.2), but I didn't check if your
> patch
> takes care of it.
DN are placed at the very end of ACI. In it's current implementation
ACIValidate does
not validate subject field,because it's not always a DN.
But I'll definitely look at it when adding DN-validate there.
> 4) I'd also see room for an ACI normalization function that takes
> care of
> normalizing the DN in ACIs, so that we don't need to re-normalize
> them all
> times the ACIs are invoked (see all the occurences of dnNormalize() in
> aci_mask()).
You mean, to implement pretty function for ACI?