/* aclparse.c - routines to parse and check acl's */
/* $OpenLDAP$ */
/*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
}
} else if ( strncasecmp( left, "attr", 4 ) == 0 ) {
- a->acl_attrs = str2bvec( a->acl_attrs,
+ a->acl_attrs = str2anlist( a->acl_attrs,
right, "," );
+ if ( a->acl_attrs == NULL ) {
+ fprintf( stderr,
+ "%s: line %d: unknown attr \"%s\" in to clause\n",
+ fname, lineno, right );
+ acl_usage();
+ }
} else {
fprintf( stderr,
"%s: line %d: expecting <what> got \"%s\"\n",
if( a->acl_dn_pat.bv_len != 0 ) {
if ( a->acl_dn_style != ACL_STYLE_REGEX )
{
- struct berval *bv = NULL;
- dnNormalize( NULL, &a->acl_dn_pat, &bv);
+ struct berval bv;
+ dnNormalize2( NULL, &a->acl_dn_pat, &bv);
free( a->acl_dn_pat.bv_val );
- a->acl_dn_pat = *bv;
- free( bv );
+ a->acl_dn_pat = bv;
} else {
int e = regcomp( &a->acl_dn_re, a->acl_dn_pat.bv_val,
REG_EXTENDED | REG_ICASE );
}
if ( sty != ACL_STYLE_REGEX ) {
- struct berval *ndn = NULL;
- dnNormalize(NULL, &bv, &ndn);
- b->a_dn_pat = *ndn;
- free(ndn);
+ dnNormalize2(NULL, &bv, &b->a_dn_pat);
free(bv.bv_val);
} else {
b->a_dn_pat = bv;
regtest(fname, lineno, bv.bv_val);
b->a_group_pat = bv;
} else {
- struct berval *ndn = NULL;
ber_str2bv( right, 0, 0, &bv );
- dnNormalize( NULL, &bv, &ndn );
- b->a_group_pat = *ndn;
- free(ndn);
+ dnNormalize2( NULL, &bv, &b->a_group_pat );
}
if (value && *value) {
{
int rc;
- struct berval val;
- struct berval *vals[2];
+ struct berval vals[2];
- val.bv_val = b->a_group_oc->soc_oid;
- val.bv_len = strlen(val.bv_val);
- vals[0] = &val;
- vals[1] = NULL;
+ vals[0].bv_val = b->a_group_oc->soc_oid;
+ vals[0].bv_len = strlen(vals[0].bv_val);
+ vals[1].bv_val = NULL;
rc = oc_check_allowed( b->a_group_at->ad_type, vals, NULL );
}
if ( ACL_IS_LEVEL( mask ) ) {
- *ptr = ')';
- }
+ *ptr++ = ')';
+ }
+
+ *ptr = '\0';
+
return buf;
}
acl_free( AccessControl *a )
{
Access *n;
+ AttributeName *an;
if ( a->acl_filter )
filter_free( a->acl_filter );
if ( a->acl_dn_pat.bv_len )
free ( a->acl_dn_pat.bv_val );
- if ( a->acl_attrs )
- ber_bvecfree( a->acl_attrs );
+ if ( a->acl_attrs ) {
+ for ( an = a->acl_attrs; an->an_name.bv_val; an++ ) {
+ free( an->an_name.bv_val );
+ }
+ free( a->acl_attrs );
+ }
for (; a->acl_access; a->acl_access = n) {
n = a->acl_access->a_next;
access_free( a->acl_access );
}
if ( a->acl_attrs != NULL ) {
- int i, first = 1;
+ int first = 1;
+ AttributeName *an;
to++;
fprintf( stderr, " attrs=" );
- for ( i = 0; a->acl_attrs[i] != NULL; i++ ) {
+ for ( an = a->acl_attrs; an && an->an_name.bv_val; an++ ) {
if ( ! first ) {
fprintf( stderr, "," );
}
- fputs( a->acl_attrs[i]->bv_val, stderr );
+ fputs( an->an_name.bv_val, stderr );
first = 0;
}
fprintf( stderr, "\n" );