Added a conformant sortedResults support which is unable to sort anything.

[openldap] / servers / slapd / slapacl.c

diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c
index 8ad1fef0d71a135087602a93f0eb6d84611eab18..e9ce24823b10d76e6cac3ab34917e532427a29d2 100644 (file)
--- a/servers/slapd/slapacl.c
+++ b/servers/slapd/slapacl.c
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004 The OpenLDAP Foundation.
+ * Copyright 2004-2005 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -39,25 +39,34 @@ slapacl( int argc, char **argv )
 {
        int                     rc = EXIT_SUCCESS;
        const char              *progname = "slapacl";
-       Connection              conn;
-       Operation               op;
-       Entry                   e = { 0 };
+       Connection              conn = { 0 };
+       Listener                listener;
+       char                    opbuf[OPERATION_BUFFER_SIZE];
+       Operation               *op;
+       Entry                   e = { 0 }, *ep = &e;
+       char                    *attr = NULL;
 
-#ifdef NEW_LOGGING
-       lutil_log_initialize( argc, argv );
-#endif
        slap_tool_init( progname, SLAPACL, argc, argv );
 
        argv = &argv[ optind ];
        argc -= optind;
 
-       memset( &conn, 0, sizeof( Connection ) );
-       memset( &op, 0, sizeof( Operation ) );
+       op = (Operation *)opbuf;
+       connection_fake_init( &conn, op, &conn );
 
-       connection_fake_init( &conn, &op, &conn );
+       conn.c_listener = &listener;
+       conn.c_listener_url = listener_url;
+       conn.c_peer_domain = peer_domain;
+       conn.c_peer_name = peer_name;
+       conn.c_sock_name = sock_name;
+       op->o_ssf = ssf;
+       op->o_transport_ssf = transport_ssf;
+       op->o_tls_ssf = tls_ssf;
+       op->o_sasl_ssf = sasl_ssf;
 
        if ( !BER_BVISNULL( &authcID ) ) {
-               rc = slap_sasl_getdn( &conn, &op, &authcID, NULL, &authcDN, SLAP_GETDN_AUTHCID );
+               rc = slap_sasl_getdn( &conn, op, &authcID, NULL,
+                               &authcDN, SLAP_GETDN_AUTHCID );
                if ( rc != LDAP_SUCCESS ) {
                        fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
                                        authcID.bv_val, rc,
@@ -96,37 +105,87 @@ slapacl( int argc, char **argv )
                goto destroy;
        }
 
-       op.o_bd = be;
+       op->o_bd = be;
        if ( !BER_BVISNULL( &authcDN ) ) {
-               op.o_dn = authcDN;
-               op.o_ndn = authcDN;
+               op->o_dn = authcDN;
+               op->o_ndn = authcDN;
+       }
+
+       if ( argc == 0 ) {
+               argc = 1;
+               attr = slap_schema.si_ad_entry->ad_cname.bv_val;
+       }
+
+       if ( !dryrun ) {
+               ID      id;
+
+               if ( !be->be_entry_open ||
+                       !be->be_entry_close ||
+                       !be->be_dn2id_get ||
+                       !be->be_entry_get )
+               {
+                       fprintf( stderr, "%s: target database "
+                               "doesn't support necessary operations; "
+                               "you may try with \"-u\" (dry run).\n",
+                               progname );
+                       rc = 1;
+                       goto destroy;
+               }
+
+               if ( be->be_entry_open( be, 0 ) != 0 ) {
+                       fprintf( stderr, "%s: could not open database.\n",
+                               progname );
+                       rc = 1;
+                       goto destroy;
+               }
+
+               id = be->be_dn2id_get( be, &e.e_nname );
+               if ( id == NOID ) {
+                       fprintf( stderr, "%s: unable to fetch ID of DN \"%s\"\n",
+                               progname, e.e_nname.bv_val );
+                       rc = 1;
+                       goto destroy;
+               }
+               if ( be->be_id2entry_get( be, id, &ep ) != 0 ) {
+                       fprintf( stderr, "%s: unable to fetch entry \"%s\" (%lu)\n",
+                               progname, e.e_nname.bv_val, id );
+                       rc = 1;
+                       goto destroy;
+
+               }
        }
 
        for ( ; argc--; argv++ ) {
                slap_mask_t             mask;
                AttributeDescription    *desc = NULL;
                int                     rc;
-               struct berval           val;
+               struct berval           val = BER_BVNULL,
+                                       *valp = NULL;
                const char              *text;
                char                    accessmaskbuf[ACCESSMASK_MAXLEN];
                char                    *accessstr;
                slap_access_t           access = ACL_AUTH;
 
-               val.bv_val = strchr( argv[0], ':' );
+               if ( attr == NULL ) {
+                       attr = argv[ 0 ];
+               }
+
+               val.bv_val = strchr( attr, ':' );
                if ( val.bv_val != NULL ) {
                        val.bv_val[0] = '\0';
                        val.bv_val++;
                        val.bv_len = strlen( val.bv_val );
+                       valp = &val;
                }
 
-               accessstr = strchr( argv[0], '/' );
+               accessstr = strchr( attr, '/' );
                if ( accessstr != NULL ) {
                        accessstr[0] = '\0';
                        accessstr++;
                        access = str2access( accessstr );
                        if ( access == ACL_INVALID_ACCESS ) {
                                fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n",
-                                               accessstr, argv[0] );
+                                               accessstr, attr );
                                if ( continuemode ) {
                                        continue;
                                }
@@ -134,17 +193,17 @@ slapacl( int argc, char **argv )
                        }
                }
 
-               rc = slap_str2ad( argv[0], &desc, &text );
+               rc = slap_str2ad( attr, &desc, &text );
                if ( rc != LDAP_SUCCESS ) {
                        fprintf( stderr, "slap_str2ad(%s) failed %d (%s)\n",
-                                       argv[0], rc, ldap_err2string( rc ) );
+                                       attr, rc, ldap_err2string( rc ) );
                        if ( continuemode ) {
                                continue;
                        }
                        break;
                }
 
-               rc = access_allowed_mask( &op, &e, desc, &val, access,
+               rc = access_allowed_mask( op, ep, desc, valp, access,
                                NULL, &mask );
 
                if ( accessstr ) {
@@ -160,12 +219,22 @@ slapacl( int argc, char **argv )
                                        desc->ad_cname.bv_val,
                                        val.bv_val ? "=" : "",
                                        val.bv_val ? val.bv_val : "",
-                                       accessmask2str( mask, accessmaskbuf ) );
+                                       accessmask2str( mask, accessmaskbuf, 1 ) );
                }
                rc = 0;
+               attr = NULL;
        }
 
 destroy:;
+       ber_memfree( e.e_name.bv_val );
+       ber_memfree( e.e_nname.bv_val );
+       if ( !dryrun ) {
+               if ( ep != &e ) {
+                       be_entry_release_r( op, ep );
+               }
+               be->be_entry_close( be );
+       }
+
        slap_tool_destroy();
 
        return rc;