/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2004-2005 The OpenLDAP Foundation.
+ * Copyright 2004-2006 The OpenLDAP Foundation.
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
int rc;
slap_mask_t mask;
char accessmaskbuf[ACCESSMASK_MAXLEN];
- slap_access_t access = ACL_AUTH;
rc = access_allowed_mask( op, e, desc, nval, ACL_AUTH, NULL, &mask );
const char *progname = "slapacl";
Connection conn = { 0 };
Listener listener;
- char opbuf[OPERATION_BUFFER_SIZE];
- Operation *op;
+ OperationBuffer opbuf;
+ Operation *op = NULL;
Entry e = { 0 }, *ep = &e;
char *attr = NULL;
+ int doclose = 0;
+ BackendDB *bd;
slap_tool_init( progname, SLAPACL, argc, argv );
+ if ( !dryrun ) {
+ int i = 0;
+
+ LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) {
+ if ( bd != be && backend_startup( bd ) ) {
+ fprintf( stderr, "backend_startup(#%d%s%s) failed\n",
+ i,
+ bd->be_suffix ? ": " : "",
+ bd->be_suffix ? bd->be_suffix[0].bv_val : "" );
+ rc = 1;
+ goto destroy;
+ }
+
+ i++;
+ }
+ }
+
argv = &argv[ optind ];
argc -= optind;
- op = (Operation *)opbuf;
+ op = (Operation *) &opbuf;
connection_fake_init( &conn, op, &conn );
conn.c_listener = &listener;
op->o_sasl_ssf = sasl_ssf;
if ( !BER_BVISNULL( &authcID ) ) {
+ if ( !BER_BVISNULL( &authcDN ) ) {
+ fprintf( stderr, "both authcID=\"%s\" "
+ "and authcDN=\"%s\" provided\n",
+ authcID.bv_val, authcDN.bv_val );
+ rc = 1;
+ goto destroy;
+ }
+
rc = slap_sasl_getdn( &conn, op, &authcID, NULL,
&authcDN, SLAP_GETDN_AUTHCID );
if ( rc != LDAP_SUCCESS ) {
- fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
+ fprintf( stderr, "authcID: <%s> check failed %d (%s)\n",
authcID.bv_val, rc,
ldap_err2string( rc ) );
rc = 1;
authcDN = ndn;
}
+ if ( !BER_BVISNULL( &authzID ) ) {
+ if ( !BER_BVISNULL( &authzDN ) ) {
+ fprintf( stderr, "both authzID=\"%s\" "
+ "and authzDN=\"%s\" provided\n",
+ authzID.bv_val, authzDN.bv_val );
+ rc = 1;
+ goto destroy;
+ }
+
+ rc = slap_sasl_getdn( &conn, op, &authzID, NULL,
+ &authzDN, SLAP_GETDN_AUTHZID );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
+ authzID.bv_val, rc,
+ ldap_err2string( rc ) );
+ rc = 1;
+ goto destroy;
+ }
+
+ } else if ( !BER_BVISNULL( &authzDN ) ) {
+ struct berval ndn;
+
+ rc = dnNormalize( 0, NULL, NULL, &authzDN, &ndn, NULL );
+ if ( rc != LDAP_SUCCESS ) {
+ fprintf( stderr, "autchDN=\"%s\" normalization failed %d (%s)\n",
+ authzDN.bv_val, rc,
+ ldap_err2string( rc ) );
+ rc = 1;
+ goto destroy;
+ }
+ ch_free( authzDN.bv_val );
+ authzDN = ndn;
+ }
+
if ( !BER_BVISNULL( &authcDN ) ) {
- fprintf( stderr, "DN: \"%s\"\n", authcDN.bv_val );
+ fprintf( stderr, "authcDN: \"%s\"\n", authcDN.bv_val );
+ }
+
+ if ( !BER_BVISNULL( &authzDN ) ) {
+ fprintf( stderr, "authzDN: \"%s\"\n", authzDN.bv_val );
+ }
+
+ if ( !BER_BVISNULL( &authzDN ) ) {
+ op->o_dn = authzDN;
+ op->o_ndn = authzDN;
+
+ if ( !BER_BVISNULL( &authcDN ) ) {
+ op->o_conn->c_dn = authcDN;
+ op->o_conn->c_ndn = authcDN;
+
+ } else {
+ op->o_conn->c_dn = authzDN;
+ op->o_conn->c_ndn = authzDN;
+ }
+
+ } else if ( !BER_BVISNULL( &authcDN ) ) {
+ op->o_conn->c_dn = authcDN;
+ op->o_conn->c_ndn = authcDN;
+ op->o_dn = authcDN;
+ op->o_ndn = authcDN;
}
assert( !BER_BVISNULL( &baseDN ) );
}
op->o_bd = be;
- if ( !BER_BVISNULL( &authcDN ) ) {
- op->o_dn = authcDN;
- op->o_ndn = authcDN;
+ if ( op->o_bd == NULL ) {
+ /* NOTE: if no database could be found (e.g. because
+ * accessing the rootDSE or so), use the frontendDB
+ * rules; might need work */
+ op->o_bd = frontendDB;
}
if ( !dryrun ) {
ID id;
+ if ( be == NULL ) {
+ fprintf( stderr, "%s: no target database "
+ "has been found for baseDN=\"%s\"; "
+ "you may try with \"-u\" (dry run).\n",
+ baseDN.bv_val, progname );
+ rc = 1;
+ goto destroy;
+ }
+
if ( !be->be_entry_open ||
!be->be_entry_close ||
!be->be_dn2id_get ||
- !be->be_entry_get )
+ !be->be_id2entry_get )
{
fprintf( stderr, "%s: target database "
"doesn't support necessary operations; "
goto destroy;
}
+ doclose = 1;
+
id = be->be_dn2id_get( be, &e.e_nname );
if ( id == NOID ) {
fprintf( stderr, "%s: unable to fetch ID of DN \"%s\"\n",
}
destroy:;
- ber_memfree( e.e_name.bv_val );
- ber_memfree( e.e_nname.bv_val );
- if ( !dryrun ) {
+ if ( !BER_BVISNULL( &e.e_name ) ) {
+ ber_memfree( e.e_name.bv_val );
+ }
+ if ( !BER_BVISNULL( &e.e_nname ) ) {
+ ber_memfree( e.e_nname.bv_val );
+ }
+ if ( !dryrun && be ) {
if ( ep != &e ) {
be_entry_release_r( op, ep );
}
- be->be_entry_close( be );
+ if ( doclose ) {
+ be->be_entry_close( be );
+ }
+
+ LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) {
+ if ( bd != be ) {
+ backend_shutdown( bd );
+ }
+ }
}
slap_tool_destroy();
projects / openldap / blobdiff