X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Faclparse.c;h=48ec0cd7437d5959d54a0b5474773b46c6383633;hb=2f861c56a64ffe9899254e87289862ed706eb761;hp=230dcdace2f6dfcf1c27abddd441cd70df1c1119;hpb=8c990ff2e959a2f862740c774c99ced093f88cee;p=openldap diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index 230dcdace2..48ec0cd743 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -340,7 +340,7 @@ parse_acl( Debug( LDAP_DEBUG_ANY, "%s: line %d: " "only one to clause allowed in access line\n", fname, lineno, 0 ); - return acl_usage(); + goto fail; } a = (AccessControl *) ch_calloc( 1, sizeof(AccessControl) ); for ( ++i; i < argc; i++ ) { @@ -645,6 +645,7 @@ parse_acl( snprintf( buf, sizeof( buf ), "%s: line %d: " " attr \"%s\" normalization failed (%d: %s)", + fname, lineno, a->acl_attrs[ 0 ].an_name.bv_val, rc, text ); Debug( LDAP_DEBUG_ANY, "%s: line %d: %s.\n", fname, lineno, buf ); @@ -755,7 +756,7 @@ parse_acl( "%s: line %d: empty level " "in \"level{n}\"\n", fname, lineno, 0 ); - return acl_usage(); + goto fail; } p[0] = '\0'; } @@ -994,7 +995,7 @@ parse_acl( < bdn->a_pat.bv_len; exp = strchr( exp, '$' ) ) { - if ( isdigit( exp[ 1 ] ) ) { + if ( isdigit( (unsigned char) exp[ 1 ] ) ) { gotit = 1; break; } @@ -1783,6 +1784,7 @@ parse_acl( /* out of arguments or plain stop */ ACL_PRIV_ASSIGN( b->a_access_mask, ACL_PRIV_ADDITIVE ); + ACL_PRIV_SET( b->a_access_mask, ACL_PRIV_NONE); b->a_type = ACL_STOP; access_append( &a->acl_access, b ); @@ -1793,6 +1795,7 @@ parse_acl( /* plain continue */ ACL_PRIV_ASSIGN( b->a_access_mask, ACL_PRIV_ADDITIVE ); + ACL_PRIV_SET( b->a_access_mask, ACL_PRIV_NONE); b->a_type = ACL_CONTINUE; access_append( &a->acl_access, b ); @@ -1803,6 +1806,7 @@ parse_acl( /* plain continue */ ACL_PRIV_ASSIGN(b->a_access_mask, ACL_PRIV_ADDITIVE); + ACL_PRIV_SET( b->a_access_mask, ACL_PRIV_NONE); b->a_type = ACL_BREAK; access_append( &a->acl_access, b ); @@ -1813,6 +1817,7 @@ parse_acl( /* we've gone too far */ --i; ACL_PRIV_ASSIGN( b->a_access_mask, ACL_PRIV_ADDITIVE ); + ACL_PRIV_SET( b->a_access_mask, ACL_PRIV_NONE); b->a_type = ACL_STOP; access_append( &a->acl_access, b ); @@ -1820,16 +1825,19 @@ parse_acl( } /* get */ - if ( strncasecmp( left, "self", STRLENOF( "self" ) ) == 0 ) { - b->a_dn_self = 1; - ACL_PRIV_ASSIGN( b->a_access_mask, str2accessmask( &left[ STRLENOF( "self" ) ] ) ); + { + char *lleft = left; - } else if ( strncasecmp( left, "realself", STRLENOF( "realself" ) ) == 0 ) { - b->a_realdn_self = 1; - ACL_PRIV_ASSIGN( b->a_access_mask, str2accessmask( &left[ STRLENOF( "realself" ) ] ) ); + if ( strncasecmp( left, "self", STRLENOF( "self" ) ) == 0 ) { + b->a_dn_self = 1; + lleft = &left[ STRLENOF( "self" ) ]; - } else { - ACL_PRIV_ASSIGN( b->a_access_mask, str2accessmask( left ) ); + } else if ( strncasecmp( left, "realself", STRLENOF( "realself" ) ) == 0 ) { + b->a_realdn_self = 1; + lleft = &left[ STRLENOF( "realself" ) ]; + } + + ACL_PRIV_ASSIGN( b->a_access_mask, str2accessmask( lleft ) ); } if ( ACL_IS_INVALID( b->a_access_mask ) ) { @@ -2130,7 +2138,10 @@ str2accessmask( const char *str ) } else if( TOLOWER((unsigned char) str[i]) == 'd' ) { ACL_PRIV_SET(mask, ACL_PRIV_DISCLOSE); - } else if( str[i] != '0' ) { + } else if( str[i] == '0' ) { + ACL_PRIV_SET(mask, ACL_PRIV_NONE); + + } else { ACL_INVALIDATE(mask); return mask; } @@ -2181,9 +2192,9 @@ acl_usage( void ) { char *access = " ::= access to " - "[ by [ ] ]+ \n"; + "[ by [ ] [ ] ]+ \n"; char *what = - " ::= * | [dn[.]=] [filter=] [attrs=]\n" + " ::= * | dn[.=] [filter=] [attrs=]\n" " ::= [val[/][.]=] | \n" " ::= [ , ]\n" " ::= | @ | ! | entry | children\n"; @@ -2452,11 +2463,6 @@ str2access( const char *str ) return ACL_NONE; } else if ( strcasecmp( str, "disclose" ) == 0 ) { -#ifndef SLAP_ACL_HONOR_DISCLOSE - Debug( LDAP_DEBUG_ACL, "str2access: warning, " - "\"disclose\" privilege disabled.\n", - 0, 0, 0 ); -#endif /* SLAP_ACL_HONOR_DISCLOSE */ return ACL_DISCLOSE; } else if ( strcasecmp( str, "auth" ) == 0 ) {