/* FIXME: should be an error */
snprintf( buf, sizeof( buf ),
- "unknown val.<style> \"%s\" "
- "for attributeType \"%s\" with DN syntax"
-#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
- "; using \"base\""
-#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
- SLAPD_CONF_UNKNOWN_IGNORED ".",
+ "unknown val.<style> \"%s\" for attributeType \"%s\" "
+ "with DN syntax.",
style,
a->acl_attrs[0].an_desc->ad_cname.bv_val );
Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL,
"%s: line %d: %s\n",
fname, lineno, buf );
-#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return acl_usage();
-#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
a->acl_attrval_style = ACL_STYLE_BASE;
}
/* FIXME: should be an error */
snprintf( buf, sizeof( buf ),
- "unknown val.<style> \"%s\" "
- "for attributeType \"%s\""
-#ifndef SLAPD_CONF_UNKNOWN_BAILOUT
- "; using \"exact\""
-#endif /* ! SLAPD_CONF_UNKNOWN_BAILOUT */
- SLAPD_CONF_UNKNOWN_IGNORED ".",
+ "unknown val.<style> \"%s\" for attributeType \"%s\".",
style, a->acl_attrs[0].an_desc->ad_cname.bv_val );
Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL,
"%s: line %d: %s\n",
fname, lineno, buf );
-#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return acl_usage();
-#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
a->acl_attrval_style = ACL_STYLE_BASE;
}
}
#ifndef LDAP_PF_LOCAL
Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL,
"%s: line %d: "
- "\"path\" style modifier is useless without local"
- SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ "\"path\" style modifier is useless without local.\n",
fname, lineno, 0 );
-#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return acl_usage();
-#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
#endif /* LDAP_PF_LOCAL */
} else {
switch ( sty ) {
case ACL_STYLE_REGEX:
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "\"regex\" style implies "
- "\"expand\" modifier"
- SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ "\"regex\" style implies \"expand\" modifier.\n",
fname, lineno, 0 );
-#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return acl_usage();
-#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
break;
case ACL_STYLE_EXPAND:
if ( ( sty == ACL_STYLE_EXPAND || expand )
&& a->acl_dn_style != ACL_STYLE_REGEX )
{
- Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL, "%s: line %d: "
- "\"expand\" style or modifier used "
- "in conjunction with "
- "a non-regex <what> clause"
- SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL, "%s: line %d: \"expand\" style "
+ "or modifier used in conjunction with a non-regex <what> clause.\n",
fname, lineno, 0 );
-#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return acl_usage();
-#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
if ( strncasecmp( left, "real", STRLENOF( "real" ) ) == 0 ) {
int gotit = 0;
for ( exp = strchr( bdn->a_pat.bv_val, '$' );
- exp && (ber_len_t)(exp - bdn->a_pat.bv_val)
- < bdn->a_pat.bv_len;
- exp = strchr( exp, '$' ) )
+ exp && (ber_len_t)(exp - bdn->a_pat.bv_val)
+ < bdn->a_pat.bv_len;
+ exp = strchr( exp, '$' ) )
{
if ( isdigit( exp[ 1 ] ) ) {
gotit = 1;
bdn->a_expand = expand;
} else {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: \"expand\" used "
- "with no expansions in \"pattern\""
- SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "\"expand\" used with no expansions in \"pattern\".\n",
fname, lineno, 0 );
-#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return acl_usage();
-#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
}
if ( sty == ACL_STYLE_SELF ) {
{
char *name = NULL,
*opts = NULL;
-
+
+#if 1 /* tolerate legacy "aci" <who> */
if ( strcasecmp( left, "aci" ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
+ "undocumented deprecated \"aci\" directive "
+ "is superseded by \"dynacl/aci\".\n",
+ fname, lineno, 0 );
name = "aci";
- } else if ( strncasecmp( left, "dynacl/", STRLENOF( "dynacl/" ) ) == 0 ) {
+ } else
+#endif /* tolerate legacy "aci" <who> */
+ if ( strncasecmp( left, "dynacl/", STRLENOF( "dynacl/" ) ) == 0 ) {
name = &left[ STRLENOF( "dynacl/" ) ];
opts = strchr( name, '/' );
if ( opts ) {
continue;
}
}
-#else /* ! SLAP_DYNACL */
-
-#ifdef SLAPD_ACI_ENABLED
- if ( strcasecmp( left, "aci" ) == 0 ) {
- if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
- Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "inappropriate style \"%s\" in by clause.\n",
- fname, lineno, style );
- return acl_usage();
- }
-
- if( b->a_aci_at != NULL ) {
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: ACI attribute already specified.\n",
- fname, lineno, 0 );
- return acl_usage();
- }
-
- if ( right != NULL && *right != '\0' ) {
- rc = slap_str2ad( right, &b->a_aci_at, &text );
-
- if( rc != LDAP_SUCCESS ) {
- char buf[ SLAP_TEXT_BUFLEN ];
-
- snprintf( buf, sizeof( buf ),
- "aci \"%s\": %s.",
- right, text );
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: %s\n",
- fname, lineno, buf );
- return acl_usage();
- }
-
- } else {
- b->a_aci_at = slap_ad_aci;
- }
-
- if( !is_at_syntax( b->a_aci_at->ad_type,
- SLAPD_ACI_SYNTAX) )
- {
- char buf[ SLAP_TEXT_BUFLEN ];
-
- snprintf( buf, sizeof( buf ),
- "ACI \"%s\": inappropriate syntax: %s.",
- right,
- b->a_aci_at->ad_type->sat_syntax_oid );
- Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
- fname, lineno, buf );
- return acl_usage();
- }
-
- continue;
- }
-#endif /* SLAPD_ACI_ENABLED */
-#endif /* ! SLAP_DYNACL */
+#endif /* SLAP_DYNACL */
if ( strcasecmp( left, "ssf" ) == 0 ) {
if ( sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE ) {
/* if we have no real access clause, complain and do nothing */
if ( a == NULL ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "warning: no access clause(s) "
- "specified in access line"
- SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ "warning: no access clause(s) specified in access line.\n",
fname, lineno, 0 );
-#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return acl_usage();
-#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
} else {
#ifdef LDAP_DEBUG
if ( a->acl_access == NULL ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
- "warning: no by clause(s) "
- "specified in access line"
- SLAPD_CONF_UNKNOWN_IGNORED ".\n",
+ "warning: no by clause(s) specified in access line.\n",
fname, lineno, 0 );
-#ifdef SLAPD_CONF_UNKNOWN_BAILOUT
return acl_usage();
-#endif /* SLAPD_CONF_UNKNOWN_BAILOUT */
}
if ( be != NULL ) {
"\t[domain[.<domainstyle>]=<domain>] [sockurl[.<style>]=<url>]\n"
#ifdef SLAP_DYNACL
"\t[dynacl/<name>[/<options>][.<dynstyle>][=<pattern>]]\n"
-#else /* ! SLAP_DYNACL */
-#ifdef SLAPD_ACI_ENABLED
- "\t[aci[=<attrname>]]\n"
-#endif /* SLAPD_ACI_ENABLED */
-#endif /* ! SLAP_DYNACL */
+#endif /* SLAP_DYNACL */
"\t[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]\n"
"<style> ::= exact | regex | base(Object)\n"
"<dnstyle> ::= base(Object) | one(level) | sub(tree) | children | "
}
}
}
-#else /* ! SLAP_DYNACL */
-#ifdef SLAPD_ACI_ENABLED
- if ( b->a_aci_at != NULL ) {
- ptr = lutil_strcopy( ptr, " aci=" );
- ptr = lutil_strcopy( ptr, b->a_aci_at->ad_cname.bv_val );
- }
-#endif
#endif /* SLAP_DYNACL */
/* Security Strength Factors */