X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Faclparse.c;h=37db9afd7f80fbdbaf8fed5496b23ed83f823ab0;hb=6a9c44849c1c20b9d961de7a0b6585dcd059154a;hp=e151d10e812ef8e1bb67a94647d5cc3138d29703;hpb=97e6225cc9414e028e5e5066f0eb29b57219cf47;p=openldap
diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index e151d10e81..37db9afd7f 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
- * Copyright 1998-2006 The OpenLDAP Foundation.
+ * Copyright 1998-2007 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -52,6 +52,7 @@ char *style_strings[] = {
"users",
"self",
"ip",
+ "ipv6",
"path",
NULL
};
@@ -1109,6 +1110,7 @@ parse_acl(
if ( strncasecmp( left, "group", STRLENOF( "group" ) ) == 0 ) {
char *name = NULL;
char *value = NULL;
+ char *attr_name = SLAPD_GROUP_ATTR;
switch ( sty ) {
case ACL_STYLE_REGEX:
@@ -1226,49 +1228,41 @@ parse_acl(
}
if ( name && *name ) {
- rc = slap_str2ad( name, &b->a_group_at, &text );
-
- if( rc != LDAP_SUCCESS ) {
- char buf[ SLAP_TEXT_BUFLEN ];
-
- snprintf( buf, sizeof( buf ),
- "group \"%s\": %s.",
- right, text );
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: %s\n",
- fname, lineno, buf );
- goto fail;
- }
+ attr_name = name;
*--name = '/';
- } else {
- rc = slap_str2ad( SLAPD_GROUP_ATTR, &b->a_group_at, &text );
+ }
- if ( rc != LDAP_SUCCESS ) {
- char buf[ SLAP_TEXT_BUFLEN ];
+ rc = slap_str2ad( attr_name, &b->a_group_at, &text );
+ if ( rc != LDAP_SUCCESS ) {
+ char buf[ SLAP_TEXT_BUFLEN ];
- snprintf( buf, sizeof( buf ),
- "group \"%s\": %s.",
- SLAPD_GROUP_ATTR, text );
- Debug( LDAP_DEBUG_ANY,
- "%s: line %d: %s\n",
- fname, lineno, buf );
- goto fail;
- }
+ snprintf( buf, sizeof( buf ),
+ "group \"%s\": %s.",
+ right, text );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
+ goto fail;
}
if ( !is_at_syntax( b->a_group_at->ad_type,
- SLAPD_DN_SYNTAX ) &&
- !is_at_syntax( b->a_group_at->ad_type,
- SLAPD_NAMEUID_SYNTAX ) &&
- !is_at_subtype( b->a_group_at->ad_type, slap_schema.si_ad_labeledURI->ad_type ) )
+ SLAPD_DN_SYNTAX ) /* e.g. "member" */
+ && !is_at_syntax( b->a_group_at->ad_type,
+ SLAPD_NAMEUID_SYNTAX ) /* e.g. memberUID */
+ && !is_at_subtype( b->a_group_at->ad_type,
+ slap_schema.si_ad_labeledURI->ad_type ) /* e.g. memberURL */ )
{
char buf[ SLAP_TEXT_BUFLEN ];
snprintf( buf, sizeof( buf ),
- "group \"%s\": inappropriate syntax: %s.",
+ "group \"%s\" attr \"%s\": inappropriate syntax: %s; "
+ "must be " SLAPD_DN_SYNTAX " (DN), "
+ SLAPD_NAMEUID_SYNTAX " (NameUID) "
+ "or a subtype of labeledURI.",
right,
- b->a_group_at->ad_type->sat_syntax_oid );
+ attr_name,
+ at_syntax( b->a_group_at->ad_type ) );
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
@@ -2271,7 +2265,7 @@ acl_usage( void )
"exact | regex\n"
" ::= exact | regex | base(Object) | one(level) | "
"sub(tree) | children\n"
- " ::= exact | regex | ip | path\n"
+ " ::= exact | regex | ip | ipv6 | path\n"
" ::= exact | regex | base(Object) | sub(tree)\n"
" ::= [[real]self]{|}\n"
" ::= none|disclose|auth|compare|search|read|{write|add|delete}|manage\n"