+ if ( strcasecmp( left, "set" ) == 0 ) {
+ if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
+ fprintf( stderr,
+ "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fname, lineno, style );
+ acl_usage();
+ }
+
+ if( b->a_set_pat.bv_len != 0 ) {
+ fprintf( stderr,
+ "%s: line %d: set attribute already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ fprintf( stderr,
+ "%s: line %d: no set is defined\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ b->a_set_style = sty;
+ ber_str2bv( right, 0, 1, &b->a_set_pat );
+
+ continue;
+ }
+
+#ifdef SLAPD_ACI_ENABLED
+ if ( strcasecmp( left, "aci" ) == 0 ) {
+ if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
+ fprintf( stderr,
+ "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fname, lineno, style );
+ acl_usage();
+ }
+
+ if( b->a_aci_at != NULL ) {
+ fprintf( stderr,
+ "%s: line %d: aci attribute already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ if ( right != NULL && *right != '\0' ) {
+ rc = slap_str2ad( right, &b->a_aci_at, &text );
+
+ if( rc != LDAP_SUCCESS ) {
+ fprintf( stderr,
+ "%s: line %d: aci \"%s\": %s\n",
+ fname, lineno, right, text );
+ acl_usage();
+ }
+
+ } else {
+ b->a_aci_at = slap_schema.si_ad_aci;
+ }
+
+ if( !is_at_syntax( b->a_aci_at->ad_type,
+ SLAPD_ACI_SYNTAX) )
+ {
+ fprintf( stderr,
+ "%s: line %d: aci \"%s\": inappropriate syntax: %s\n",
+ fname, lineno, right,
+ b->a_aci_at->ad_type->sat_syntax_oid );
+ acl_usage();
+ }
+
+ continue;
+ }
+#endif /* SLAPD_ACI_ENABLED */
+
+ if ( strcasecmp( left, "ssf" ) == 0 ) {
+ if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
+ fprintf( stderr,
+ "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fname, lineno, style );
+ acl_usage();
+ }
+
+ if( b->a_authz.sai_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: ssf attribute already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ fprintf( stderr,
+ "%s: line %d: no ssf is defined\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ b->a_authz.sai_ssf = atoi( right );
+
+ if( !b->a_authz.sai_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: invalid ssf value (%s)\n",
+ fname, lineno, right );
+ acl_usage();
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "transport_ssf" ) == 0 ) {
+ if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
+ fprintf( stderr,
+ "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fname, lineno, style );
+ acl_usage();
+ }
+
+ if( b->a_authz.sai_transport_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: transport_ssf attribute already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ fprintf( stderr,
+ "%s: line %d: no transport_ssf is defined\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ b->a_authz.sai_transport_ssf = atoi( right );
+
+ if( !b->a_authz.sai_transport_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: invalid transport_ssf value (%s)\n",
+ fname, lineno, right );
+ acl_usage();
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "tls_ssf" ) == 0 ) {
+ if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
+ fprintf( stderr,
+ "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fname, lineno, style );
+ acl_usage();
+ }
+
+ if( b->a_authz.sai_tls_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: tls_ssf attribute already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ fprintf( stderr,
+ "%s: line %d: no tls_ssf is defined\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ b->a_authz.sai_tls_ssf = atoi( right );
+
+ if( !b->a_authz.sai_tls_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: invalid tls_ssf value (%s)\n",
+ fname, lineno, right );
+ acl_usage();
+ }
+ continue;
+ }
+
+ if ( strcasecmp( left, "sasl_ssf" ) == 0 ) {
+ if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
+ fprintf( stderr,
+ "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fname, lineno, style );
+ acl_usage();
+ }
+
+ if( b->a_authz.sai_sasl_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: sasl_ssf attribute already specified.\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ if ( right == NULL || *right == '\0' ) {
+ fprintf( stderr,
+ "%s: line %d: no sasl_ssf is defined\n",
+ fname, lineno );
+ acl_usage();
+ }
+
+ b->a_authz.sai_sasl_ssf = atoi( right );
+
+ if( !b->a_authz.sai_sasl_ssf ) {
+ fprintf( stderr,
+ "%s: line %d: invalid sasl_ssf value (%s)\n",
+ fname, lineno, right );
+ acl_usage();
+ }
+ continue;
+ }
+
+ if( right != NULL ) {
+ /* unsplit */
+ right[-1] = '=';