/* acl.c - routines to parse and check acl's */
+#include "portable.h"
#include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <unistd.h>
-#include <regex.h>
+
+#include <ac/ctype.h>
+#include <ac/regex.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
#include "slap.h"
-#include "portable.h"
extern Filter *str2filter();
extern struct acl *global_acl;
} else if ( strcasecmp( left, "dnattr" ) == 0 ) {
b->a_dnattr = strdup( right );
-#ifdef ACLGROUP
+#ifdef SLAPD_ACLGROUPS
} else if ( strcasecmp( left, "group" ) == 0 ) {
+ char *name = NULL;
+ char *value = NULL;
regtest(fname, lineno, right);
+
+ /* format of string is "group/objectClassValue/groupAttrName"
+ */
+ if ((value = strchr(right, '/')) != NULL) {
+ *value++ = '\0';
+ if (value && *value && (name = strchr(value, '/')) != NULL)
+ *name++ = '\0';
+ }
+
b->a_group = dn_upcase(strdup( right ));
-#endif /* ACLGROUP */
+
+ if (value && *value) {
+ b->a_objectclassvalue = strdup(value);
+ *--value = '/';
+ }
+ else
+ b->a_objectclassvalue = strdup("groupOfNames");
+
+ if (name && *name) {
+ b->a_groupattrname = strdup(name);
+ *--name = '/';
+ }
+ else
+ b->a_groupattrname = strdup("member");
+
+
+
+#endif /* SLAPD_ACLGROUPS */
} else if ( strcasecmp( left, "domain" ) == 0 ) {
char *s;
regtest(fname, lineno, right);
fname, lineno );
} else {
+
+#ifdef LDAP_DEBUG
+ if (ldap_debug & LDAP_DEBUG_ACL)
+ print_acl(a);
+#endif
if ( a->acl_access == NULL ) {
fprintf( stderr,
{
printf( "\tby" );
if ( b->a_dnpat != NULL ) {
- printf( " dn=%s", b->a_dnpat );
+ fprintf( stderr, " dn=%s", b->a_dnpat );
} else if ( b->a_addrpat != NULL ) {
- printf( " addr=%s", b->a_addrpat );
+ fprintf( stderr, " addr=%s", b->a_addrpat );
} else if ( b->a_domainpat != NULL ) {
- printf( " domain=%s", b->a_domainpat );
+ fprintf( stderr, " domain=%s", b->a_domainpat );
} else if ( b->a_dnattr != NULL ) {
- printf( " dnattr=%s", b->a_dnattr );
+ fprintf( stderr, " dnattr=%s", b->a_dnattr );
}
- printf( " %s\n", access2str( b->a_access ) );
+#ifdef SLAPD_ACLGROUPS
+ else if ( b->a_group != NULL ) {
+ fprintf( stderr, " group: %s", b->a_group );
+ if ( b->a_objectclassvalue )
+ fprintf( stderr, " objectClassValue: %s", b->a_objectclassvalue );
+ if ( b->a_groupattrname )
+ fprintf( stderr, " groupAttrName: %s", b->a_groupattrname );
+ }
+#endif
+ fprintf( stderr, "\n" );
}
static void
struct access *b;
if ( a == NULL ) {
- printf( "NULL\n" );
+ fprintf( stderr, "NULL\n" );
}
- printf( "access to" );
+ fprintf( stderr, "ACL: access to" );
if ( a->acl_filter != NULL ) {
- printf( " filter=" );
+ fprintf( stderr," filter=" );
filter_print( a->acl_filter );
}
if ( a->acl_dnpat != NULL ) {
- printf( " dn=" );
- printf( a->acl_dnpat );
+ fprintf( stderr, " dn=" );
+ fprintf( stderr, a->acl_dnpat );
}
if ( a->acl_attrs != NULL ) {
int first = 1;
- printf( " attrs=" );
+ fprintf( stderr, "\n attrs=" );
for ( i = 0; a->acl_attrs[i] != NULL; i++ ) {
if ( ! first ) {
- printf( "," );
+ fprintf( stderr, "," );
}
- printf( a->acl_attrs[i] );
+ fprintf( stderr, a->acl_attrs[i] );
first = 0;
}
}
- printf( "\n" );
+ fprintf( stderr, "\n" );
for ( b = a->acl_access; b != NULL; b = b->a_next ) {
print_access( b );
}
+ fprintf( stderr, "\n" );
}
#endif /* LDAP_DEBUG */