Read config tree from back-ldif

[openldap] / servers / slapd / slapacl.c

diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c
index 31b68b7aac93d8a6058cee419dd09e90db65a91b..59d22ecd90e4e32de873f6c7b8d4e23f302268f7 100644 (file)
--- a/servers/slapd/slapacl.c
+++ b/servers/slapd/slapacl.c
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -39,25 +39,23 @@ slapacl( int argc, char **argv )
 {
        int                     rc = EXIT_SUCCESS;
        const char              *progname = "slapacl";
-       Connection              conn;
-       Operation               op;
+       Connection              conn = {0};
+       char opbuf[OPERATION_BUFFER_SIZE];
+       Operation               *op;
        Entry                   e = { 0 };
+       char                    *attr = NULL;
 
-#ifdef NEW_LOGGING
-       lutil_log_initialize( argc, argv );
-#endif
        slap_tool_init( progname, SLAPACL, argc, argv );
 
        argv = &argv[ optind ];
        argc -= optind;
 
-       memset( &conn, 0, sizeof( Connection ) );
-       memset( &op, 0, sizeof( Operation ) );
-
-       connection_fake_init( &conn, &op, &conn );
+       op = (Operation *)opbuf;
+       connection_fake_init( &conn, op, &conn );
 
        if ( !BER_BVISNULL( &authcID ) ) {
-               rc = slap_sasl_getdn( &conn, &op, &authcID, NULL, &authcDN, SLAP_GETDN_AUTHCID );
+               rc = slap_sasl_getdn( &conn, op, &authcID, NULL,
+                               &authcDN, SLAP_GETDN_AUTHCID );
                if ( rc != LDAP_SUCCESS ) {
                        fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
                                        authcID.bv_val, rc,
@@ -96,37 +94,48 @@ slapacl( int argc, char **argv )
                goto destroy;
        }
 
-       op.o_bd = be;
+       op->o_bd = be;
        if ( !BER_BVISNULL( &authcDN ) ) {
-               op.o_dn = authcDN;
-               op.o_ndn = authcDN;
+               op->o_dn = authcDN;
+               op->o_ndn = authcDN;
+       }
+
+       if ( argc == 0 ) {
+               argc = 1;
+               attr = slap_schema.si_ad_entry->ad_cname.bv_val;
        }
 
        for ( ; argc--; argv++ ) {
                slap_mask_t             mask;
                AttributeDescription    *desc = NULL;
                int                     rc;
-               struct berval           val;
+               struct berval           val = BER_BVNULL,
+                                       *valp = NULL;
                const char              *text;
                char                    accessmaskbuf[ACCESSMASK_MAXLEN];
                char                    *accessstr;
                slap_access_t           access = ACL_AUTH;
 
-               val.bv_val = strchr( argv[0], ':' );
+               if ( attr == NULL ) {
+                       attr = argv[ 0 ];
+               }
+
+               val.bv_val = strchr( attr, ':' );
                if ( val.bv_val != NULL ) {
                        val.bv_val[0] = '\0';
                        val.bv_val++;
                        val.bv_len = strlen( val.bv_val );
+                       valp = &val;
                }
 
-               accessstr = strchr( argv[0], '/' );
+               accessstr = strchr( attr, '/' );
                if ( accessstr != NULL ) {
                        accessstr[0] = '\0';
                        accessstr++;
                        access = str2access( accessstr );
                        if ( access == ACL_INVALID_ACCESS ) {
                                fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n",
-                                               accessstr, argv[0] );
+                                               accessstr, attr );
                                if ( continuemode ) {
                                        continue;
                                }
@@ -134,24 +143,36 @@ slapacl( int argc, char **argv )
                        }
                }
 
-               rc = slap_str2ad( argv[0], &desc, &text );
+               rc = slap_str2ad( attr, &desc, &text );
                if ( rc != LDAP_SUCCESS ) {
                        fprintf( stderr, "slap_str2ad(%s) failed %d (%s)\n",
-                                       argv[0], rc, ldap_err2string( rc ) );
+                                       attr, rc, ldap_err2string( rc ) );
                        if ( continuemode ) {
                                continue;
                        }
                        break;
                }
 
-               (void)access_allowed_mask( &op, &e, desc, &val, access,
+               rc = access_allowed_mask( op, &e, desc, valp, access,
                                NULL, &mask );
 
-               fprintf( stderr, "%s%s%s: %s\n",
-                               desc->ad_cname.bv_val,
-                               val.bv_val ? "=" : "",
-                               val.bv_val ? val.bv_val : "",
-                               accessmask2str( mask, accessmaskbuf ) );
+               if ( accessstr ) {
+                       fprintf( stderr, "%s access to %s%s%s: %s\n",
+                                       accessstr,
+                                       desc->ad_cname.bv_val,
+                                       val.bv_val ? "=" : "",
+                                       val.bv_val ? val.bv_val : "",
+                                       rc ? "ALLOWED" : "DENIED" );
+
+               } else {
+                       fprintf( stderr, "%s%s%s: %s\n",
+                                       desc->ad_cname.bv_val,
+                                       val.bv_val ? "=" : "",
+                                       val.bv_val ? val.bv_val : "",
+                                       accessmask2str( mask, accessmaskbuf, 1 ) );
+               }
+               rc = 0;
+               attr = NULL;
        }
 
 destroy:;