[Date Prev][Date Next] [Chronological] [Thread] [Top]

Managing multiple regex matches

To: openldap-devel@openldap.org (OpenLDAP Devel)
Subject: Managing multiple regex matches
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Mon, 20 Oct 2008 11:12:42 +0200
User-agent: MacSOUP/2.7 (unregistered for 639 days)

Let us imagine an ACL like this:

access to dn.regex="^uid=.*,ou=(.*)" attrs=foo val.regex="^(.*)$/"
  ...

We would like to use $1 (ou's value) and $2 (foo's value) in the <who> field.

For now this is not possible, because slap_access_allowed() collect a single
set of regmatch_t. If the <what> field of an ACL has multiple regex matches,
the last one only will be retained.

I suggest the following change:

1) In slap_access_allowed(), we would keep track of multiple set of
regmatch_t. matches would become something such as:

typedef struct AclRegexMatches {        
        regmatch_t dn[MAXREMATCHES];
        regmatch_t val[MAXREMATCHES];
} AclRegexMatches;

In slap_acl_get(), the two regexec() calls would be done with matches.dn or
matches.val, depending on the situation.


2) In acl_string_exapand(), we would replace $1, $2, $3 by values from
matches.dn, therefore providing backward compatibility.

And we would replace ${v1}, ${v2}, ${v3}... by values from matches.val and
${d1}, ${d2}, ${d3}... by values from matches.dn


There is a problem with my proposal, on dynaic ACL. We cannot provide them
values from attribute value without changing the API. I suggest we stick with
the current API for now and improve that later if needed.

Opinions? Did I miss something?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

Follow-Ups:
- Re: Managing multiple regex matches
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: IDL bit vectors
Next by Date: Re: Managing multiple regex matches
Index(es):
- Chronological
- Thread