]> git.sur5r.net Git - openldap/blob - servers/slapd/slapacl.c
component cleanup
[openldap] / servers / slapd / slapacl.c
1 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
2  *
3  * Copyright 2004 The OpenLDAP Foundation.
4  * Portions Copyright 2004 Pierangelo Masarati.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted only as authorized by the OpenLDAP
9  * Public License.
10  *
11  * A copy of this license is available in file LICENSE in the
12  * top-level directory of the distribution or, alternatively, at
13  * <http://www.OpenLDAP.org/license.html>.
14  */
15 /* ACKNOWLEDGEMENTS:
16  * This work was initially developed by Pierangelo Masarati for inclusion
17  * in OpenLDAP Software.
18  */
19
20 #include "portable.h"
21
22 #include <stdio.h>
23
24 #include <ac/stdlib.h>
25
26 #include <ac/ctype.h>
27 #include <ac/string.h>
28 #include <ac/socket.h>
29 #include <ac/unistd.h>
30
31 #include <lber.h>
32 #include <ldif.h>
33 #include <lutil.h>
34
35 #include "slapcommon.h"
36
37 int
38 slapacl( int argc, char **argv )
39 {
40         int                     rc = EXIT_SUCCESS;
41         const char              *progname = "slapacl";
42         Connection              conn;
43         Operation               op;
44         Entry                   e = { 0 };
45
46         slap_tool_init( progname, SLAPACL, argc, argv );
47
48         argv = &argv[ optind ];
49         argc -= optind;
50
51         memset( &conn, 0, sizeof( Connection ) );
52         memset( &op, 0, sizeof( Operation ) );
53
54         connection_fake_init( &conn, &op, &conn );
55
56         if ( !BER_BVISNULL( &authcID ) ) {
57                 rc = slap_sasl_getdn( &conn, &op, &authcID, NULL, &authcDN, SLAP_GETDN_AUTHCID );
58                 if ( rc != LDAP_SUCCESS ) {
59                         fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
60                                         authcID.bv_val, rc,
61                                         ldap_err2string( rc ) );
62                         rc = 1;
63                         goto destroy;
64                 }
65
66         } else if ( !BER_BVISNULL( &authcDN ) ) {
67                 struct berval   ndn;
68
69                 rc = dnNormalize( 0, NULL, NULL, &authcDN, &ndn, NULL );
70                 if ( rc != LDAP_SUCCESS ) {
71                         fprintf( stderr, "autchDN=\"%s\" normalization failed %d (%s)\n",
72                                         authcDN.bv_val, rc,
73                                         ldap_err2string( rc ) );
74                         rc = 1;
75                         goto destroy;
76                 }
77                 ch_free( authcDN.bv_val );
78                 authcDN = ndn;
79         }
80
81
82         if ( !BER_BVISNULL( &authcDN ) ) {
83                 fprintf( stderr, "DN: \"%s\"\n", authcDN.bv_val );
84         }
85
86         assert( !BER_BVISNULL( &baseDN ) );
87         rc = dnPrettyNormal( NULL, &baseDN, &e.e_name, &e.e_nname, NULL );
88         if ( rc != LDAP_SUCCESS ) {
89                 fprintf( stderr, "base=\"%s\" normalization failed %d (%s)\n",
90                                 baseDN.bv_val, rc,
91                                 ldap_err2string( rc ) );
92                 rc = 1;
93                 goto destroy;
94         }
95
96         op.o_bd = be;
97         if ( !BER_BVISNULL( &authcDN ) ) {
98                 op.o_dn = authcDN;
99                 op.o_ndn = authcDN;
100         }
101
102         for ( ; argc--; argv++ ) {
103                 slap_mask_t             mask;
104                 AttributeDescription    *desc = NULL;
105                 int                     rc;
106                 struct berval           val;
107                 const char              *text;
108                 char                    accessmaskbuf[ACCESSMASK_MAXLEN];
109                 char                    *accessstr;
110                 slap_access_t           access = ACL_AUTH;
111
112                 val.bv_val = strchr( argv[0], ':' );
113                 if ( val.bv_val != NULL ) {
114                         val.bv_val[0] = '\0';
115                         val.bv_val++;
116                         val.bv_len = strlen( val.bv_val );
117                 }
118
119                 accessstr = strchr( argv[0], '/' );
120                 if ( accessstr != NULL ) {
121                         accessstr[0] = '\0';
122                         accessstr++;
123                         access = str2access( accessstr );
124                         if ( access == ACL_INVALID_ACCESS ) {
125                                 fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n",
126                                                 accessstr, argv[0] );
127                                 if ( continuemode ) {
128                                         continue;
129                                 }
130                                 break;
131                         }
132                 }
133
134                 rc = slap_str2ad( argv[0], &desc, &text );
135                 if ( rc != LDAP_SUCCESS ) {
136                         fprintf( stderr, "slap_str2ad(%s) failed %d (%s)\n",
137                                         argv[0], rc, ldap_err2string( rc ) );
138                         if ( continuemode ) {
139                                 continue;
140                         }
141                         break;
142                 }
143
144                 rc = access_allowed_mask( &op, &e, desc, &val, access,
145                                 NULL, &mask );
146
147                 if ( accessstr ) {
148                         fprintf( stderr, "%s access to %s%s%s: %s\n",
149                                         accessstr,
150                                         desc->ad_cname.bv_val,
151                                         val.bv_val ? "=" : "",
152                                         val.bv_val ? val.bv_val : "",
153                                         rc ? "ALLOWED" : "DENIED" );
154
155                 } else {
156                         fprintf( stderr, "%s%s%s: %s\n",
157                                         desc->ad_cname.bv_val,
158                                         val.bv_val ? "=" : "",
159                                         val.bv_val ? val.bv_val : "",
160                                         accessmask2str( mask, accessmaskbuf ) );
161                 }
162                 rc = 0;
163         }
164
165 destroy:;
166         slap_tool_destroy();
167
168         return rc;
169 }
170