X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Faclparse.c;h=57ef5ce58786bdcf7617302f870ac0e3826ee2ef;hb=dd351c3a17a704edae15ccaa799ee7ea1efe50c4;hp=a8ba9510896255886cec94d2c9eacfa87fe80ed6;hpb=b76c56ba3f45576b9c418ea9fe7f7b3440052904;p=openldap

diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index a8ba951089..57ef5ce587 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -3,38 +3,31 @@
 #include "portable.h"
 
 #include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <unistd.h>
-#include <regex.h>
 
-#include "slap.h"
-#include "portable.h"
+#include <ac/ctype.h>
+#include <ac/regex.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
 
-extern Filter		*str2filter();
-extern struct acl	*global_acl;
-extern char		**str2charray();
-extern char		*dn_upcase();
+#include "slap.h"
 
-static void		split();
-static void		acl_append();
-static void		access_append();
-static void		acl_usage();
+static void		split(char *line, int splitchar, char **left, char **right);
+static void		acl_append(struct acl **l, struct acl *a);
+static void		access_append(struct access **l, struct access *a);
+static void		acl_usage(void);
 #ifdef LDAP_DEBUG
-static void		print_acl();
-static void		print_access();
+static void		print_acl(struct acl *a);
+static void		print_access(struct access *b);
 #endif
 
-int
+static int
 regtest(char *fname, int lineno, char *pat) {
 	int e;
 	regex_t re;
 
 	char buf[512];
-	int size;
+	unsigned size;
 
 	char *sp;
 	char *dp;
@@ -127,7 +120,7 @@ parse_acl(
 							fname, lineno, right, buf );
 						acl_usage();
 					}
-					a->acl_dnpat = strdup( ".*" );
+					a->acl_dnpat = ch_strdup( ".*" );
 					continue;
 				}
 
@@ -159,7 +152,7 @@ parse_acl(
 						acl_usage();
 
 					} else {
-						a->acl_dnpat = dn_upcase(strdup( right ));
+						a->acl_dnpat = dn_upcase(ch_strdup( right ));
 					}
 				} else if ( strncasecmp( left, "attr", 4 )
 				    == 0 ) {
@@ -167,7 +160,7 @@ parse_acl(
 
 					alist = str2charray( right, "," );
 					charray_merge( &a->acl_attrs, alist );
-					free( alist );
+					charray_free( alist );
 				} else {
 					fprintf( stderr,
 						"%s: line %d: expecting <what> got \"%s\"\n",
@@ -201,24 +194,52 @@ parse_acl(
 			/* get <who> */
 			split( argv[i], '=', &left, &right );
 			if ( strcasecmp( argv[i], "*" ) == 0 ) {
-				b->a_dnpat = strdup( ".*" );
+				b->a_dnpat = ch_strdup( ".*" );
 			} else if ( strcasecmp( argv[i], "self" ) == 0 ) {
-				b->a_dnpat = strdup( "self" );
+				b->a_dnpat = ch_strdup( "self" );
 			} else if ( strcasecmp( left, "dn" ) == 0 ) {
 				regtest(fname, lineno, right);
-				b->a_dnpat = dn_upcase( strdup( right ) );
+				b->a_dnpat = dn_upcase( ch_strdup( right ) );
 			} else if ( strcasecmp( left, "dnattr" ) == 0 ) {
-				b->a_dnattr = strdup( right );
+				b->a_dnattr = ch_strdup( right );
 
-#ifdef ACLGROUP
+#ifdef SLAPD_ACLGROUPS
 			} else if ( strcasecmp( left, "group" ) == 0 ) {
+                                char *name = NULL;
+                                char *value = NULL;
 				regtest(fname, lineno, right);
-				b->a_group = dn_upcase(strdup( right ));
-#endif /* ACLGROUP */
+
+                                /* format of string is "group/objectClassValue/groupAttrName"
+                                 */
+                                if ((value = strchr(right, '/')) != NULL) {
+                                        *value++ = '\0';
+                                        if (value && *value && (name = strchr(value, '/')) != NULL) 
+                                            *name++ = '\0';
+                                }
+
+				b->a_group = dn_upcase(ch_strdup( right ));
+
+                                if (value && *value) {
+                                        b->a_objectclassvalue = ch_strdup(value);
+                                        *--value = '/';
+                                }
+                                else
+                                        b->a_objectclassvalue = ch_strdup("groupOfNames");
+
+                                if (name && *name) {
+                                        b->a_groupattrname = ch_strdup(name);
+                                        *--name = '/';
+                                }
+                                else
+                                        b->a_groupattrname = ch_strdup("member");
+
+
+
+#endif /* SLAPD_ACLGROUPS */
 			} else if ( strcasecmp( left, "domain" ) == 0 ) {
 				char	*s;
 				regtest(fname, lineno, right);
-				b->a_domainpat = strdup( right );
+				b->a_domainpat = ch_strdup( right );
 
 				/* normalize the domain */
 				for ( s = b->a_domainpat; *s; s++ ) {
@@ -226,7 +247,7 @@ parse_acl(
 				}
 			} else if ( strcasecmp( left, "addr" ) == 0 ) {
 				regtest(fname, lineno, right);
-				b->a_addrpat = strdup( right );
+				b->a_addrpat = ch_strdup( right );
 			} else {
 				fprintf( stderr,
 				    "%s: line %d: expecting <who> got \"%s\"\n",
@@ -266,6 +287,11 @@ parse_acl(
 			    fname, lineno );
 
 	} else {
+
+#ifdef LDAP_DEBUG
+                if (ldap_debug & LDAP_DEBUG_ACL)
+                    print_acl(a);
+#endif
 	
 		if ( a->acl_access == NULL ) {
 			fprintf( stderr,
@@ -338,7 +364,7 @@ str2access( char *str )
 }
 
 static void
-acl_usage()
+acl_usage( void )
 {
 	fprintf( stderr, "\n<access clause> ::= access to <what> [ by <who> <access> ]+ \n" );
 	fprintf( stderr, "<what> ::= * | [dn=<regex>] [filter=<ldapfilter>] [attrs=<attrlist>]\n" );
@@ -386,17 +412,27 @@ acl_append( struct acl **l, struct acl *a )
 static void
 print_access( struct access *b )
 {
-	printf( "\tby" );
+	fprintf( stderr, "\tby" );
+
 	if ( b->a_dnpat != NULL ) {
-		printf( " dn=%s", b->a_dnpat );
+		fprintf( stderr, " dn=%s", b->a_dnpat );
 	} else if ( b->a_addrpat != NULL ) {
-		printf( " addr=%s", b->a_addrpat );
+		fprintf( stderr, " addr=%s", b->a_addrpat );
 	} else if ( b->a_domainpat != NULL ) {
-		printf( " domain=%s", b->a_domainpat );
+		fprintf( stderr, " domain=%s", b->a_domainpat );
 	} else if ( b->a_dnattr != NULL ) {
-		printf( " dnattr=%s", b->a_dnattr );
+		fprintf( stderr, " dnattr=%s", b->a_dnattr );
 	}
-	printf( " %s\n", access2str( b->a_access ) );
+#ifdef SLAPD_ACLGROUPS
+        else if ( b->a_group != NULL ) {
+                fprintf( stderr, " group: %s", b->a_group );
+                if ( b->a_objectclassvalue )
+                        fprintf( stderr, " objectClassValue: %s", b->a_objectclassvalue );
+                if ( b->a_groupattrname )
+                        fprintf( stderr, " groupAttrName: %s", b->a_groupattrname );
+        }
+#endif
+	fprintf( stderr, "\n" );
 }
 
 static void
@@ -406,33 +442,34 @@ print_acl( struct acl *a )
 	struct access	*b;
 
 	if ( a == NULL ) {
-		printf( "NULL\n" );
+		fprintf( stderr, "NULL\n" );
 	}
-	printf( "access to" );
+	fprintf( stderr, "ACL: access to" );
 	if ( a->acl_filter != NULL ) {
-		printf( " filter=" );
+		fprintf(  stderr," filter=" );
 		filter_print( a->acl_filter );
 	}
 	if ( a->acl_dnpat != NULL ) {
-		printf( " dn=" );
-		printf( a->acl_dnpat );
+		fprintf( stderr, " dn=" );
+		fprintf( stderr, a->acl_dnpat );
 	}
 	if ( a->acl_attrs != NULL ) {
 		int	first = 1;
 
-		printf( " attrs=" );
+		fprintf( stderr, "\n attrs=" );
 		for ( i = 0; a->acl_attrs[i] != NULL; i++ ) {
 			if ( ! first ) {
-				printf( "," );
+				fprintf( stderr, "," );
 			}
-			printf( a->acl_attrs[i] );
+			fprintf( stderr, a->acl_attrs[i] );
 			first = 0;
 		}
 	}
-	printf( "\n" );
+	fprintf( stderr, "\n" );
 	for ( b = a->acl_access; b != NULL; b = b->a_next ) {
 		print_access( b );
 	}
+	fprintf( stderr, "\n" );
 }
 
 #endif /* LDAP_DEBUG */