/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
{
int rc = EXIT_SUCCESS;
const char *progname = "slapacl";
- Connection conn;
- Operation op;
+ Connection conn = {0};
+ char opbuf[OPERATION_BUFFER_SIZE];
+ Operation *op;
Entry e = { 0 };
+ char *attr = NULL;
-#ifdef NEW_LOGGING
- lutil_log_initialize( argc, argv );
-#endif
slap_tool_init( progname, SLAPACL, argc, argv );
argv = &argv[ optind ];
argc -= optind;
- memset( &conn, 0, sizeof( Connection ) );
- memset( &op, 0, sizeof( Operation ) );
-
- connection_fake_init( &conn, &op, &conn );
+ op = (Operation *)opbuf;
+ connection_fake_init( &conn, op, &conn );
if ( !BER_BVISNULL( &authcID ) ) {
- rc = slap_sasl_getdn( &conn, &op, &authcID, NULL, &authcDN, SLAP_GETDN_AUTHCID );
+ rc = slap_sasl_getdn( &conn, op, &authcID, NULL,
+ &authcDN, SLAP_GETDN_AUTHCID );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
authcID.bv_val, rc,
goto destroy;
}
- op.o_bd = be;
+ op->o_bd = be;
if ( !BER_BVISNULL( &authcDN ) ) {
- op.o_dn = authcDN;
- op.o_ndn = authcDN;
+ op->o_dn = authcDN;
+ op->o_ndn = authcDN;
+ }
+
+ if ( argc == 0 ) {
+ argc = 1;
+ attr = slap_schema.si_ad_entry->ad_cname.bv_val;
}
for ( ; argc--; argv++ ) {
slap_mask_t mask;
AttributeDescription *desc = NULL;
int rc;
- struct berval val;
+ struct berval val = BER_BVNULL,
+ *valp = NULL;
const char *text;
char accessmaskbuf[ACCESSMASK_MAXLEN];
char *accessstr;
slap_access_t access = ACL_AUTH;
- val.bv_val = strchr( argv[0], ':' );
+ if ( attr == NULL ) {
+ attr = argv[ 0 ];
+ }
+
+ val.bv_val = strchr( attr, ':' );
if ( val.bv_val != NULL ) {
val.bv_val[0] = '\0';
val.bv_val++;
val.bv_len = strlen( val.bv_val );
+ valp = &val;
}
- accessstr = strchr( argv[0], '/' );
+ accessstr = strchr( attr, '/' );
if ( accessstr != NULL ) {
accessstr[0] = '\0';
accessstr++;
access = str2access( accessstr );
if ( access == ACL_INVALID_ACCESS ) {
fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n",
- accessstr, argv[0] );
+ accessstr, attr );
if ( continuemode ) {
continue;
}
}
}
- rc = slap_str2ad( argv[0], &desc, &text );
+ rc = slap_str2ad( attr, &desc, &text );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "slap_str2ad(%s) failed %d (%s)\n",
- argv[0], rc, ldap_err2string( rc ) );
+ attr, rc, ldap_err2string( rc ) );
if ( continuemode ) {
continue;
}
break;
}
- (void)access_allowed_mask( &op, &e, desc, &val, access,
+ rc = access_allowed_mask( op, &e, desc, valp, access,
NULL, &mask );
- fprintf( stderr, "%s%s%s: %s\n",
- desc->ad_cname.bv_val,
- val.bv_val ? "=" : "",
- val.bv_val ? val.bv_val : "",
- accessmask2str( mask, accessmaskbuf ) );
+ if ( accessstr ) {
+ fprintf( stderr, "%s access to %s%s%s: %s\n",
+ accessstr,
+ desc->ad_cname.bv_val,
+ val.bv_val ? "=" : "",
+ val.bv_val ? val.bv_val : "",
+ rc ? "ALLOWED" : "DENIED" );
+
+ } else {
+ fprintf( stderr, "%s%s%s: %s\n",
+ desc->ad_cname.bv_val,
+ val.bv_val ? "=" : "",
+ val.bv_val ? val.bv_val : "",
+ accessmask2str( mask, accessmaskbuf, 1 ) );
+ }
+ rc = 0;
+ attr = NULL;
}
destroy:;