1 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3 * Copyright 2004 The OpenLDAP Foundation.
4 * Portions Copyright 2004 Pierangelo Masarati.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
16 * This work was initially developed by Pierangelo Masarati for inclusion
17 * in OpenLDAP Software.
24 #include <ac/stdlib.h>
27 #include <ac/string.h>
28 #include <ac/socket.h>
29 #include <ac/unistd.h>
35 #include "slapcommon.h"
38 slapacl( int argc, char **argv )
40 int rc = EXIT_SUCCESS;
41 const char *progname = "slapacl";
47 slap_tool_init( progname, SLAPACL, argc, argv );
49 argv = &argv[ optind ];
52 memset( &conn, 0, sizeof( Connection ) );
53 memset( &op, 0, sizeof( Operation ) );
55 connection_fake_init( &conn, &op, &conn );
57 if ( !BER_BVISNULL( &authcID ) ) {
58 rc = slap_sasl_getdn( &conn, &op, &authcID, NULL,
59 &authcDN, SLAP_GETDN_AUTHCID );
60 if ( rc != LDAP_SUCCESS ) {
61 fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
63 ldap_err2string( rc ) );
68 } else if ( !BER_BVISNULL( &authcDN ) ) {
71 rc = dnNormalize( 0, NULL, NULL, &authcDN, &ndn, NULL );
72 if ( rc != LDAP_SUCCESS ) {
73 fprintf( stderr, "autchDN=\"%s\" normalization failed %d (%s)\n",
75 ldap_err2string( rc ) );
79 ch_free( authcDN.bv_val );
84 if ( !BER_BVISNULL( &authcDN ) ) {
85 fprintf( stderr, "DN: \"%s\"\n", authcDN.bv_val );
88 assert( !BER_BVISNULL( &baseDN ) );
89 rc = dnPrettyNormal( NULL, &baseDN, &e.e_name, &e.e_nname, NULL );
90 if ( rc != LDAP_SUCCESS ) {
91 fprintf( stderr, "base=\"%s\" normalization failed %d (%s)\n",
93 ldap_err2string( rc ) );
99 if ( !BER_BVISNULL( &authcDN ) ) {
106 attr = slap_schema.si_ad_entry->ad_cname.bv_val;
109 for ( ; argc--; argv++ ) {
111 AttributeDescription *desc = NULL;
115 char accessmaskbuf[ACCESSMASK_MAXLEN];
117 slap_access_t access = ACL_AUTH;
119 if ( attr == NULL ) {
123 val.bv_val = strchr( attr, ':' );
124 if ( val.bv_val != NULL ) {
125 val.bv_val[0] = '\0';
127 val.bv_len = strlen( val.bv_val );
130 accessstr = strchr( attr, '/' );
131 if ( accessstr != NULL ) {
134 access = str2access( accessstr );
135 if ( access == ACL_INVALID_ACCESS ) {
136 fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n",
138 if ( continuemode ) {
145 rc = slap_str2ad( attr, &desc, &text );
146 if ( rc != LDAP_SUCCESS ) {
147 fprintf( stderr, "slap_str2ad(%s) failed %d (%s)\n",
148 attr, rc, ldap_err2string( rc ) );
149 if ( continuemode ) {
155 rc = access_allowed_mask( &op, &e, desc, &val, access,
159 fprintf( stderr, "%s access to %s%s%s: %s\n",
161 desc->ad_cname.bv_val,
162 val.bv_val ? "=" : "",
163 val.bv_val ? val.bv_val : "",
164 rc ? "ALLOWED" : "DENIED" );
167 fprintf( stderr, "%s%s%s: %s\n",
168 desc->ad_cname.bv_val,
169 val.bv_val ? "=" : "",
170 val.bv_val ? val.bv_val : "",
171 accessmask2str( mask, accessmaskbuf ) );