X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Faclparse.c;h=9b0e8e7acb507e733e7b45a378e3745fe82fd3b9;hb=86bd3651e1bc6129cf2bd4ba271f33207843aaff;hp=fd9a339ee7209237f6612bc1dec7eba5544c5378;hpb=a2a587c6caa2550e7b2a69642aae36b350245835;p=openldap diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index fd9a339ee7..9b0e8e7acb 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -455,6 +455,14 @@ parse_acl( } else if ( strcasecmp( left, "attr" ) == 0 /* TOLERATED */ || strcasecmp( left, "attrs" ) == 0 ) /* DOCUMENTED */ { + if ( strcasecmp( left, "attr" ) == 0 ) { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: \"attr\" " + "is deprecated (and undocumented); " + "use \"attrs\" instead.\n", + fname, lineno, 0 ); + } + a->acl_attrs = str2anlist( a->acl_attrs, right, "," ); if ( a->acl_attrs == NULL ) { @@ -967,6 +975,16 @@ parse_acl( acl_usage(); } free( bv.bv_val ); + if ( sty == ACL_STYLE_BASE + && be != NULL + && !BER_BVISNULL( &be->be_rootndn ) + && dn_match( &bdn->a_pat, &be->be_rootndn ) ) + { + Debug( LDAP_DEBUG_ANY, + "%s: line %d: rootdn is always granted " + "unlimited privileges.\n", + fname, lineno, 0 ); + } } else { bdn->a_pat = bv; @@ -2216,12 +2234,16 @@ str2accessmask( const char *str ) static void acl_usage( void ) { - Debug( LDAP_DEBUG_ANY, "%s%s%s\n", + char *access = " ::= access to " - "[ by [ ] ]+ \n" + "[ by [ ] ]+ \n"; + + char *what = " ::= * | [dn[.]=] [filter=] [attrs=]\n" " ::= [val[/matchingRule][.]=] | , \n" - " ::= | entry | children\n", + " ::= | entry | children\n"; + + char *who = " ::= [ * | anonymous | users | self | dn[.]= ]\n" "\t[ realanonymous | realusers | realself | realdn[.]= ]\n" "\t[dnattr=]\n" @@ -2236,7 +2258,7 @@ acl_usage( void ) "\t[aci[=]]\n" #endif /* SLAPD_ACI_ENABLED */ #endif /* ! SLAP_DYNACL */ - "\t[ssf=] [transport_ssf=] [tls_ssf=] [sasl_ssf=]\n", + "\t[ssf=] [transport_ssf=] [tls_ssf=] [sasl_ssf=]\n" "