+
+ if ( strcasecmp( left, "domain" ) == 0 ) {
+ if ( right == NULL || right[ 0 ] == '\0' ) {
+ fprintf( stderr,
+ "%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n",
+ fname, lineno, left );
+ acl_usage();
+ }
+
+ if( b->a_domain_pat != NULL ) {
+ fprintf( stderr,
+ "%s: line %d: domain pattern already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ b->a_domain_style = sty;
+ if (sty == ACL_STYLE_REGEX) {
+ char *tmp = acl_regex_normalized_dn( right );
+ regtest(fname, lineno, tmp);
+ b->a_domain_pat = tmp;
+ } else {
+ b->a_domain_pat = ch_strdup( right );
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "sockurl" ) == 0 ) {
+ if ( right == NULL || right[ 0 ] == '\0' ) {
+ fprintf( stderr,
+ "%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n",
+ fname, lineno, left );
+ acl_usage();
+ }
+
+ if( b->a_sockurl_pat != NULL ) {
+ fprintf( stderr,
+ "%s: line %d: sockurl pattern already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ b->a_sockurl_style = sty;
+ if (sty == ACL_STYLE_REGEX) {
+ char *tmp = acl_regex_normalized_dn( right );
+ regtest(fname, lineno, tmp);
+ b->a_sockurl_pat = tmp;
+ } else {
+ b->a_sockurl_pat = ch_strdup( right );
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "set" ) == 0 ) {
+ if( b->a_set_pat != NULL ) {
+ fprintf( stderr,
+ "%s: line %d: set attribute already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ fprintf( stderr,
+ "%s: line %d: no set is defined\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ b->a_set_style = sty;
+ b->a_set_pat = ch_strdup(right);
+
+ continue;
+ }
+
+#ifdef SLAPD_ACI_ENABLED
+ if ( strcasecmp( left, "aci" ) == 0 ) {
+ if( b->a_aci_at != NULL ) {
+ fprintf( stderr,
+ "%s: line %d: aci attribute already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ if ( right != NULL && *right != '\0' ) {
+ rc = slap_str2ad( right, &b->a_aci_at, &text );
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr,
+ "%s: line %d: aci \"%s\": %s\n",
+ fname, lineno, right, text );
+ acl_usage();
+ }
+
+ } else {
+ rc = slap_str2ad( SLAPD_ACI_ATTR, &b->a_aci_at, &text );
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr,
+ "%s: line %d: aci \"%s\": %s\n",
+ fname, lineno, SLAPD_ACI_ATTR, text );
+ acl_usage();
+ }
+ }
+
+ if( !is_at_syntax( b->a_aci_at->ad_type,
+ SLAPD_ACI_SYNTAX) )
+ {
+ fprintf( stderr,
+ "%s: line %d: aci \"%s\": inappropriate syntax: %s\n",
+ fname, lineno, right,
+ b->a_aci_at->ad_type->sat_syntax_oid );
+ acl_usage();
+ }
+
+ continue;
+ }
+#endif /* SLAPD_ACI_ENABLED */
+
+ if ( strcasecmp( left, "ssf" ) == 0 ) {
+ if( b->a_authz.sai_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: ssf attribute already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ fprintf( stderr,
+ "%s: line %d: no ssf is defined\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ b->a_authz.sai_ssf = atoi( right );
+
+ if( !b->a_authz.sai_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: invalid ssf value (%s)\n",
+ fname, lineno, right );
+ acl_usage();
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "transport_ssf" ) == 0 ) {
+ if( b->a_authz.sai_transport_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: transport_ssf attribute already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ fprintf( stderr,
+ "%s: line %d: no transport_ssf is defined\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ b->a_authz.sai_transport_ssf = atoi( right );
+
+ if( !b->a_authz.sai_transport_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: invalid transport_ssf value (%s)\n",
+ fname, lineno, right );
+ acl_usage();
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "tls_ssf" ) == 0 ) {
+ if( b->a_authz.sai_tls_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: tls_ssf attribute already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ fprintf( stderr,
+ "%s: line %d: no tls_ssf is defined\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ b->a_authz.sai_tls_ssf = atoi( right );
+
+ if( !b->a_authz.sai_tls_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: invalid tls_ssf value (%s)\n",
+ fname, lineno, right );
+ acl_usage();
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "sasl_ssf" ) == 0 ) {
+ if( b->a_authz.sai_sasl_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: sasl_ssf attribute already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ fprintf( stderr,
+ "%s: line %d: no sasl_ssf is defined\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ b->a_authz.sai_sasl_ssf = atoi( right );
+
+ if( !b->a_authz.sai_sasl_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: invalid sasl_ssf value (%s)\n",
+ fname, lineno, right );
+ acl_usage();
+ }
+ continue;
+ }
+
+ if( right != NULL ) {
+ /* unsplit */
+ right[-1] = '=';
+ }
+ break;