/* aclparse.c - routines to parse and check acl's */
/* $OpenLDAP$ */
/*
- * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
+ * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
* COPYING RESTRICTIONS APPLY, see COPYRIGHT file
*/
#include "slap.h"
#include "lber_pvt.h"
+#include "lutil.h"
static void split(char *line, int splitchar, char **left, char **right);
static void access_append(Access **l, Access *a);
} else if ( strcasecmp( style, "one" ) == 0 ) {
a->acl_dn_style = ACL_STYLE_ONE;
ber_str2bv( right, 0, 1, &a->acl_dn_pat );
- } else if ( strcasecmp( style, "subtree" ) == 0 ) {
+ } else if ( strcasecmp( style, "subtree" ) == 0 || strcasecmp( style, "sub" ) == 0 ) {
a->acl_dn_style = ACL_STYLE_SUBTREE;
ber_str2bv( right, 0, 1, &a->acl_dn_pat );
} else if ( strcasecmp( style, "children" ) == 0 ) {
}
if ( strcasecmp( left, "filter" ) == 0 ) {
- if ( (a->acl_filter = str2filter(
- right )) == NULL ) {
+ if ( (a->acl_filter = str2filter( right )) == NULL ) {
fprintf( stderr,
"%s: line %d: bad filter \"%s\" in to clause\n",
fname, lineno, right );
}
if ( a->acl_dn_pat.bv_len != 0 &&
- strcmp(a->acl_dn_pat.bv_val, "*") == 0)
+ strcmp(a->acl_dn_pat.bv_val, "*") == 0 )
{
free( a->acl_dn_pat.bv_val );
a->acl_dn_pat.bv_val = NULL;
sty = ACL_STYLE_BASE;
} else if ( strcasecmp( style, "one" ) == 0 ) {
sty = ACL_STYLE_ONE;
- } else if ( strcasecmp( style, "subtree" ) == 0 ) {
+ } else if ( strcasecmp( style, "subtree" ) == 0 || strcasecmp( style, "sub" ) == 0 ) {
sty = ACL_STYLE_SUBTREE;
} else if ( strcasecmp( style, "children" ) == 0 ) {
sty = ACL_STYLE_CHILDREN;
acl_usage();
}
+ if( b->a_dn_at->ad_type->sat_equality == NULL )
+ {
+ fprintf( stderr,
+ "%s: line %d: dnattr \"%s\": "
+ "inappropriate matching (no EQUALITY)\n",
+ fname, lineno, right );
+ acl_usage();
+ }
+
continue;
}
if ( ACL_IS_LEVEL( mask ) ) {
if ( ACL_LVL_IS_NONE(mask) ) {
- ptr = slap_strcopy( ptr, "none" );
+ ptr = lutil_strcopy( ptr, "none" );
} else if ( ACL_LVL_IS_AUTH(mask) ) {
- ptr = slap_strcopy( ptr, "auth" );
+ ptr = lutil_strcopy( ptr, "auth" );
} else if ( ACL_LVL_IS_COMPARE(mask) ) {
- ptr = slap_strcopy( ptr, "compare" );
+ ptr = lutil_strcopy( ptr, "compare" );
} else if ( ACL_LVL_IS_SEARCH(mask) ) {
- ptr = slap_strcopy( ptr, "search" );
+ ptr = lutil_strcopy( ptr, "search" );
} else if ( ACL_LVL_IS_READ(mask) ) {
- ptr = slap_strcopy( ptr, "read" );
+ ptr = lutil_strcopy( ptr, "read" );
} else if ( ACL_LVL_IS_WRITE(mask) ) {
- ptr = slap_strcopy( ptr, "write" );
+ ptr = lutil_strcopy( ptr, "write" );
} else {
- ptr = slap_strcopy( ptr, "unknown" );
+ ptr = lutil_strcopy( ptr, "unknown" );
}
*ptr++ = '(';
"\t[aci=<attrname>]\n"
#endif
"\t[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]\n"
- "<dnstyle> ::= regex | base | exact (alias of base) | one | sub | children\n"
+ "<dnstyle> ::= regex | base | exact (alias of base) | one | subtree | children\n"
"<style> ::= regex | base | exact (alias of base)\n"
"<groupflags> ::= R\n"
"<access> ::= [self]{<level>|<priv>}\n"
projects / openldap / blobdiff