/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 1998-2004 The OpenLDAP Foundation.
+ * Copyright 1998-2005 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
"<= root access granted\n",
0, 0, 0 );
if ( maskp ) {
- mask = ACL_LVL_WRITE;
+ mask = ACL_LVL_MANAGE;
}
goto done;
"=> access_allowed: %s access %s by %s\n",
access2str( access ),
ACL_GRANT(mask, access) ? "granted" : "denied",
- accessmask2str( mask, accessmaskbuf ) );
+ accessmask2str( mask, accessmaskbuf, 1 ) );
ret = ACL_GRANT(mask, access);
Debug( LDAP_DEBUG_ACL,
"acl_get: valpat %s\n",
a->acl_attrval.bv_val, 0, 0 );
- if (regexec(&a->acl_attrval_re, val->bv_val, 0, NULL, 0))
+ if ( regexec( &a->acl_attrval_re, val->bv_val, 0, NULL, 0 ) )
+ {
continue;
+ }
+
} else {
int match = 0;
const char *text;
"=> acl_mask: to %s by \"%s\", (%s) \n",
val ? "value" : "all values",
op->o_ndn.bv_val ? op->o_ndn.bv_val : "",
- accessmask2str( *mask, accessmaskbuf ) );
+ accessmask2str( *mask, accessmaskbuf, 1) );
if( state && ( state->as_recorded & ACL_STATE_RECORDED_VD )
}
}
Debug(LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n",
- accessmask2str(tgrant,accessmaskbuf),
- accessmask2str(tdeny, accessmaskbuf1), 0);
+ accessmask2str(tgrant,accessmaskbuf, 1),
+ accessmask2str(tdeny, accessmaskbuf1, 1), 0);
}
/* If the entry level aci didn't contain anything valid for the
}
}
Debug(LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n",
- accessmask2str(tgrant,accessmaskbuf),
- accessmask2str(tdeny, accessmaskbuf1), 0);
+ accessmask2str(tgrant,accessmaskbuf, 1),
+ accessmask2str(tdeny, accessmaskbuf1, 1), 0);
}
break;
Debug( LDAP_DEBUG_ACL,
"<= acl_mask: [%d] applying %s (%s)\n",
- i, accessmask2str( modmask, accessmaskbuf ),
+ i, accessmask2str( modmask, accessmaskbuf, 1 ),
b->a_type == ACL_CONTINUE
? "continue"
: b->a_type == ACL_BREAK
Debug( LDAP_DEBUG_ACL,
"<= acl_mask: [%d] mask: %s\n",
- i, accessmask2str(*mask, accessmaskbuf), 0 );
+ i, accessmask2str(*mask, accessmaskbuf, 1), 0 );
if( b->a_type == ACL_CONTINUE ) {
continue;
Debug( LDAP_DEBUG_ACL,
"<= acl_mask: no more <who> clauses, returning %s (stop)\n",
- accessmask2str(*mask, accessmaskbuf), 0, 0 );
+ accessmask2str(*mask, accessmaskbuf, 1), 0, 0 );
return ACL_STOP;
}
Debug( LDAP_DEBUG_ACL,
"=> access_allowed: backend default %s access %s to \"%s\"\n",
access2str( ACL_WRITE ),
- op->o_bd->be_dfltaccess >= ACL_WRITE ? "granted" : "denied", op->o_dn.bv_val );
+ op->o_bd->be_dfltaccess >= ACL_WRITE
+ ? "granted" : "denied",
+ op->o_dn.bv_val );
ret = (op->o_bd->be_dfltaccess >= ACL_WRITE);
goto done;
}
p.cookie = cookie;
+ op2.o_hdr = cp->op->o_hdr;
op2.o_tag = LDAP_REQ_SEARCH;
- op2.o_protocol = LDAP_VERSION3;
op2.o_ndn = op2.o_bd->be_rootndn;
op2.o_callback = &cb;
op2.o_time = slap_get_time();
op2.o_do_not_cache = 1;
op2.o_is_auth_check = 0;
- op2.o_threadctx = cp->op->o_threadctx;
- op2.o_tmpmemctx = cp->op->o_tmpmemctx;
- op2.o_tmpmfuncs = cp->op->o_tmpmfuncs;
-#ifdef LDAP_SLAPI
- op2.o_pb = cp->op->o_pb;
-#endif
- op2.o_conn = cp->op->o_conn;
- op2.o_connid = cp->op->o_connid;
ber_dupbv_x( &op2.o_req_dn, &op2.o_req_ndn, cp->op->o_tmpmemctx );
op2.ors_slimit = SLAP_NO_LIMIT;
op2.ors_tlimit = SLAP_NO_LIMIT;
op2.ors_attrs = anlistp;
op2.ors_attrsonly = 0;
- op2.o_sync_slog_size = -1;
cb.sc_private = &p;
int rc = 0;
AciSetCookie cookie;
- if (setref == 0) {
+ if ( setref == 0 ) {
ber_dupbv_x( &set, subj, op->o_tmpmemctx );
+
} else {
struct berval subjdn, ndn = BER_BVNULL;
struct berval setat;
/* format of string is "entry/setAttrName" */
if ( aci_get_part( subj, 0, '/', &subjdn ) < 0 ) {
- return(0);
+ return 0;
}
if ( aci_get_part( subj, 1, '/', &setat ) < 0 ) {
}
static int
-dynacl_aci_print( void *priv )
+dynacl_aci_unparse( void *priv, struct berval *bv )
{
AttributeDescription *ad = ( AttributeDescription * )priv;
+ char *ptr;
assert( ad );
- fprintf( stderr, " aci=%s", ad->ad_cname.bv_val );
+ bv->bv_val = ch_malloc( STRLENOF(" aci=") + ad->ad_cname.bv_len + 1 );
+ ptr = lutil_strcopy( bv->bv_val, " aci=" );
+ ptr = lutil_strcopy( ptr, ad->ad_cname.bv_val );
+ bv->bv_len = ptr - bv->bv_val;
return 0;
}
}
Debug( LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n",
- accessmask2str( tgrant, accessmaskbuf ),
- accessmask2str( tdeny, accessmaskbuf1 ), 0 );
+ accessmask2str( tgrant, accessmaskbuf, 1 ),
+ accessmask2str( tdeny, accessmaskbuf1, 1 ), 0 );
}
/* If the entry level aci didn't contain anything valid for the
}
}
Debug( LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n",
- accessmask2str( tgrant, accessmaskbuf ),
- accessmask2str( tdeny, accessmaskbuf1 ), 0 );
+ accessmask2str( tgrant, accessmaskbuf, 1 ),
+ accessmask2str( tdeny, accessmaskbuf1, 1 ), 0 );
}
break;
static slap_dynacl_t dynacl_aci = {
"aci",
dynacl_aci_parse,
- dynacl_aci_print,
+ dynacl_aci_unparse,
dynacl_aci_mask,
NULL,
NULL,
NULL
};
-#endif /* SLAPD_ACI_ENABLED */
+#endif /* SLAP_DYNACL */
-int
-aci_init( void )
-{
- slap_dynacl_t *known_dynacl[] = {
-#ifdef SLAPD_ACI_ENABLED
- &dynacl_aci,
-#endif /* SLAPD_ACI_ENABLED */
- NULL
- };
- int i, rc;
+#endif /* SLAPD_ACI_ENABLED */
- for ( i = 0; known_dynacl[ i ]; i++ ) {
- rc = slap_dynacl_register( known_dynacl[ i ] );
- if ( rc ) {
- return rc;
- }
- }
-
- return 0;
-}
+#ifdef SLAP_DYNACL
/*
* dynamic ACL infrastructure
int
acl_init( void )
{
+ int i, rc;
#ifdef SLAP_DYNACL
- int rc;
-
- da_list = NULL;
-
+ slap_dynacl_t *known_dynacl[] = {
#ifdef SLAPD_ACI_ENABLED
- rc = aci_init();
- if ( rc ) {
- return rc;
+ &dynacl_aci,
+#endif /* SLAPD_ACI_ENABLED */
+ NULL
+ };
+
+ for ( i = 0; known_dynacl[ i ]; i++ ) {
+ rc = slap_dynacl_register( known_dynacl[ i ] );
+ if ( rc ) {
+ return rc;
+ }
}
-#endif /* SLAPD_ACI_ENABLED */
#endif /* SLAP_DYNACL */
return 0;
}
-
static int
string_expand(
struct berval *bv,