X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Faclparse.c;h=0032846346699260a925059317b70088e9a86f91;hb=b1b8d9d651d285f88a98d41db43924ea83399e27;hp=4af093f1a01d5838fb25ee7acfe882c9c5b38339;hpb=8a3d02bf6b7d628ae3bfa601294b4403841c07d2;p=openldap diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index 4af093f1a0..0032846346 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -1,7 +1,7 @@ /* aclparse.c - routines to parse and check acl's */ /* $OpenLDAP$ */ /* - * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -17,6 +17,7 @@ #include "slap.h" #include "lber_pvt.h" +#include "lutil.h" static void split(char *line, int splitchar, char **left, char **right); static void access_append(Access **l, Access *a); @@ -184,7 +185,7 @@ parse_acl( } else if ( strcasecmp( style, "one" ) == 0 ) { a->acl_dn_style = ACL_STYLE_ONE; ber_str2bv( right, 0, 1, &a->acl_dn_pat ); - } else if ( strcasecmp( style, "subtree" ) == 0 ) { + } else if ( strcasecmp( style, "subtree" ) == 0 || strcasecmp( style, "sub" ) == 0 ) { a->acl_dn_style = ACL_STYLE_SUBTREE; ber_str2bv( right, 0, 1, &a->acl_dn_pat ); } else if ( strcasecmp( style, "children" ) == 0 ) { @@ -238,7 +239,7 @@ parse_acl( { if ( a->acl_dn_style != ACL_STYLE_REGEX ) { struct berval bv; - rc = dnNormalize2( NULL, &a->acl_dn_pat, &bv); + rc = dnNormalize2( NULL, &a->acl_dn_pat, &bv, NULL); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "%s: line %d: bad DN \"%s\"\n", @@ -306,7 +307,7 @@ parse_acl( sty = ACL_STYLE_BASE; } else if ( strcasecmp( style, "one" ) == 0 ) { sty = ACL_STYLE_ONE; - } else if ( strcasecmp( style, "subtree" ) == 0 ) { + } else if ( strcasecmp( style, "subtree" ) == 0 || strcasecmp( style, "sub" ) == 0 ) { sty = ACL_STYLE_SUBTREE; } else if ( strcasecmp( style, "children" ) == 0 ) { sty = ACL_STYLE_CHILDREN; @@ -409,7 +410,7 @@ parse_acl( } if ( sty != ACL_STYLE_REGEX && expand == 0 ) { - rc = dnNormalize2(NULL, &bv, &b->a_dn_pat); + rc = dnNormalize2(NULL, &bv, &b->a_dn_pat, NULL); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "%s: line %d: bad DN \"%s\"\n", @@ -463,6 +464,15 @@ parse_acl( acl_usage(); } + if( b->a_dn_at->ad_type->sat_equality == NULL ) + { + fprintf( stderr, + "%s: line %d: dnattr \"%s\": " + "inappropriate matching (no EQUALITY)\n", + fname, lineno, right ); + acl_usage(); + } + continue; } @@ -510,7 +520,7 @@ parse_acl( b->a_group_pat = bv; } else { ber_str2bv( right, 0, 0, &bv ); - rc = dnNormalize2( NULL, &bv, &b->a_group_pat ); + rc = dnNormalize2( NULL, &bv, &b->a_group_pat, NULL ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "%s: line %d: bad DN \"%s\"\n", @@ -1106,24 +1116,24 @@ accessmask2str( slap_mask_t mask, char *buf ) if ( ACL_IS_LEVEL( mask ) ) { if ( ACL_LVL_IS_NONE(mask) ) { - ptr = slap_strcopy( ptr, "none" ); + ptr = lutil_strcopy( ptr, "none" ); } else if ( ACL_LVL_IS_AUTH(mask) ) { - ptr = slap_strcopy( ptr, "auth" ); + ptr = lutil_strcopy( ptr, "auth" ); } else if ( ACL_LVL_IS_COMPARE(mask) ) { - ptr = slap_strcopy( ptr, "compare" ); + ptr = lutil_strcopy( ptr, "compare" ); } else if ( ACL_LVL_IS_SEARCH(mask) ) { - ptr = slap_strcopy( ptr, "search" ); + ptr = lutil_strcopy( ptr, "search" ); } else if ( ACL_LVL_IS_READ(mask) ) { - ptr = slap_strcopy( ptr, "read" ); + ptr = lutil_strcopy( ptr, "read" ); } else if ( ACL_LVL_IS_WRITE(mask) ) { - ptr = slap_strcopy( ptr, "write" ); + ptr = lutil_strcopy( ptr, "write" ); } else { - ptr = slap_strcopy( ptr, "unknown" ); + ptr = lutil_strcopy( ptr, "unknown" ); } *ptr++ = '('; @@ -1272,7 +1282,7 @@ acl_usage( void ) "\t[aci=]\n" #endif "\t[ssf=] [transport_ssf=] [tls_ssf=] [sasl_ssf=]\n" - " ::= regex | base | exact (alias of base) | one | sub | children\n" + " ::= regex | base | exact (alias of base) | one | subtree | children\n" "