X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Faclparse.c;h=e22f3263ec5a715c7550dc5f20dc42c43942534c;hb=437d2ce5a920d12402b557b4b814e6d14cd40c9d;hp=5a28ebfd749d5f0e1759ee02390f412c1b5b0f21;hpb=15f630545abdb27a0b7395d5467d1495cd91c98c;p=openldap diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index 5a28ebfd74..e22f3263ec 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -1,7 +1,7 @@ /* aclparse.c - routines to parse and check acl's */ /* $OpenLDAP$ */ /* - * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved. + * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved. * COPYING RESTRICTIONS APPLY, see COPYRIGHT file */ @@ -16,19 +16,21 @@ #include #include "slap.h" +#include "lber_pvt.h" +#include "lutil.h" static void split(char *line, int splitchar, char **left, char **right); static void access_append(Access **l, Access *a); static void acl_usage(void) LDAP_GCCATTR((noreturn)); -static void acl_regex_normalized_dn(struct berval *pattern); +static void acl_regex_normalized_dn(const char *src, struct berval *pat); #ifdef LDAP_DEBUG static void print_acl(Backend *be, AccessControl *a); static void print_access(Access *b); #endif -static int +static void regtest(const char *fname, int lineno, char *pat) { int e; regex_t re; @@ -78,10 +80,8 @@ regtest(const char *fname, int lineno, char *pat) { "%s: line %d: regular expression \"%s\" bad because of %s\n", fname, lineno, pat, error ); acl_usage(); - return(0); } regfree(&re); - return(1); } void @@ -119,7 +119,9 @@ parse_acl( } if ( strcasecmp( argv[i], "*" ) == 0 ) { - if( a->acl_dn_pat.bv_len != 0 ) { + if( a->acl_dn_pat.bv_len || + ( a->acl_dn_style != ACL_STYLE_REGEX ) ) + { fprintf( stderr, "%s: line %d: dn pattern" " already specified in to clause.\n", @@ -143,7 +145,9 @@ parse_acl( } if ( strcasecmp( left, "dn" ) == 0 ) { - if( a->acl_dn_pat.bv_len != 0 ) { + if( a->acl_dn_pat.bv_len != 0 || + ( a->acl_dn_style != ACL_STYLE_REGEX ) ) + { fprintf( stderr, "%s: line %d: dn pattern" " already specified in to clause.\n", @@ -155,20 +159,25 @@ parse_acl( || strcasecmp( style, "regex" ) == 0 ) { a->acl_dn_style = ACL_STYLE_REGEX; - if ( strcmp(right, "*") == 0 + + if ( *right == '\0' ) { + /* empty regex should match empty DN */ + a->acl_dn_style = ACL_STYLE_BASE; + ber_str2bv( right, 0, 1, &a->acl_dn_pat ); + + } else if ( strcmp(right, "*") == 0 || strcmp(right, ".*") == 0 || strcmp(right, ".*$") == 0 || strcmp(right, "^.*") == 0 - || strcmp(right, "^.*$$") == 0 + || strcmp(right, "^.*$") == 0 || strcmp(right, ".*$$") == 0 || strcmp(right, "^.*$$") == 0 ) { a->acl_dn_pat.bv_val = ch_strdup( "*" ); - a->acl_dn_pat.bv_len = 1; + a->acl_dn_pat.bv_len = sizeof("*")-1; } else { - a->acl_dn_pat.bv_val = right; - acl_regex_normalized_dn( &a->acl_dn_pat ); + acl_regex_normalized_dn( right, &a->acl_dn_pat ); } } else if ( strcasecmp( style, "base" ) == 0 ) { a->acl_dn_style = ACL_STYLE_BASE; @@ -176,7 +185,7 @@ parse_acl( } else if ( strcasecmp( style, "one" ) == 0 ) { a->acl_dn_style = ACL_STYLE_ONE; ber_str2bv( right, 0, 1, &a->acl_dn_pat ); - } else if ( strcasecmp( style, "subtree" ) == 0 ) { + } else if ( strcasecmp( style, "subtree" ) == 0 || strcasecmp( style, "sub" ) == 0 ) { a->acl_dn_style = ACL_STYLE_SUBTREE; ber_str2bv( right, 0, 1, &a->acl_dn_pat ); } else if ( strcasecmp( style, "children" ) == 0 ) { @@ -193,8 +202,7 @@ parse_acl( } if ( strcasecmp( left, "filter" ) == 0 ) { - if ( (a->acl_filter = str2filter( - right )) == NULL ) { + if ( (a->acl_filter = str2filter( right )) == NULL ) { fprintf( stderr, "%s: line %d: bad filter \"%s\" in to clause\n", fname, lineno, right ); @@ -202,8 +210,14 @@ parse_acl( } } else if ( strncasecmp( left, "attr", 4 ) == 0 ) { - a->acl_attrs = str2bvec( a->acl_attrs, + a->acl_attrs = str2anlist( a->acl_attrs, right, "," ); + if ( a->acl_attrs == NULL ) { + fprintf( stderr, + "%s: line %d: unknown attr \"%s\" in to clause\n", + fname, lineno, right ); + acl_usage(); + } } else { fprintf( stderr, "%s: line %d: expecting got \"%s\"\n", @@ -212,29 +226,37 @@ parse_acl( } } - if ( a->acl_dn_pat.bv_len != 0 && strcmp(a->acl_dn_pat.bv_val, "*") == 0) { + if ( a->acl_dn_pat.bv_len != 0 && + strcmp(a->acl_dn_pat.bv_val, "*") == 0 ) + { free( a->acl_dn_pat.bv_val ); a->acl_dn_pat.bv_val = NULL; a->acl_dn_pat.bv_len = 0; } - if( a->acl_dn_pat.bv_len != 0 ) { - if ( a->acl_dn_style != ACL_STYLE_REGEX ) - { - struct berval *bv = NULL; - dnNormalize( NULL, &a->acl_dn_pat, &bv); + if( a->acl_dn_pat.bv_len != 0 || + ( a->acl_dn_style != ACL_STYLE_REGEX ) ) + { + if ( a->acl_dn_style != ACL_STYLE_REGEX ) { + struct berval bv; + rc = dnNormalize2( NULL, &a->acl_dn_pat, &bv); + if ( rc != LDAP_SUCCESS ) { + fprintf( stderr, + "%s: line %d: bad DN \"%s\"\n", + fname, lineno, a->acl_dn_pat.bv_val ); + acl_usage(); + } free( a->acl_dn_pat.bv_val ); - a->acl_dn_pat = *bv; - free( bv ); + a->acl_dn_pat = bv; } else { int e = regcomp( &a->acl_dn_re, a->acl_dn_pat.bv_val, - REG_EXTENDED | REG_ICASE ); + REG_EXTENDED | REG_ICASE ); if ( e ) { char buf[512]; regerror( e, &a->acl_dn_re, buf, sizeof(buf) ); - fprintf( stderr, - "%s: line %d: regular expression \"%s\" bad because of %s\n", - fname, lineno, right, buf ); + fprintf( stderr, "%s: line %d: " + "regular expression \"%s\" bad because of %s\n", + fname, lineno, right, buf ); acl_usage(); } } @@ -267,9 +289,14 @@ parse_acl( /* get */ for ( ; i < argc; i++ ) { slap_style_t sty = ACL_STYLE_REGEX; + char *style_modifier = NULL; + int expand = 0; split( argv[i], '=', &left, &right ); split( left, '.', &left, &style ); + if ( style ) { + split( style, ',', &style, &style_modifier); + } if ( style == NULL || *style == '\0' || strcasecmp( style, "regex" ) == 0 ) { @@ -280,7 +307,7 @@ parse_acl( sty = ACL_STYLE_BASE; } else if ( strcasecmp( style, "one" ) == 0 ) { sty = ACL_STYLE_ONE; - } else if ( strcasecmp( style, "subtree" ) == 0 ) { + } else if ( strcasecmp( style, "subtree" ) == 0 || strcasecmp( style, "sub" ) == 0 ) { sty = ACL_STYLE_SUBTREE; } else if ( strcasecmp( style, "children" ) == 0 ) { sty = ACL_STYLE_CHILDREN; @@ -291,6 +318,10 @@ parse_acl( acl_usage(); } + if ( style_modifier && strcasecmp( style_modifier, "expand" ) == 0 ) { + expand = 1; + } + if ( strcasecmp( argv[i], "*" ) == 0 ) { bv.bv_val = ch_strdup( "*" ); bv.bv_len = 1; @@ -351,9 +382,10 @@ parse_acl( 1, &bv); } else { - bv.bv_val = right; - acl_regex_normalized_dn( &bv ); - regtest(fname, lineno, bv.bv_val); + acl_regex_normalized_dn( right, &bv ); + if ( !ber_bvccmp( &bv, '*' ) ) { + regtest(fname, lineno, bv.bv_val); + } } } else if ( right == NULL || *right == '\0' ) { fprintf( stderr, @@ -377,16 +409,20 @@ parse_acl( acl_usage(); } - if ( sty != ACL_STYLE_REGEX ) { - struct berval *ndn = NULL; - dnNormalize(NULL, &bv, &ndn); - b->a_dn_pat = *ndn; - free(ndn); + if ( sty != ACL_STYLE_REGEX && expand == 0 ) { + rc = dnNormalize2(NULL, &bv, &b->a_dn_pat); + if ( rc != LDAP_SUCCESS ) { + fprintf( stderr, + "%s: line %d: bad DN \"%s\"\n", + fname, lineno, bv.bv_val ); + acl_usage(); + } free(bv.bv_val); } else { b->a_dn_pat = bv; } b->a_dn_style = sty; + b->a_dn_expand = expand; continue; } @@ -428,20 +464,29 @@ parse_acl( acl_usage(); } - continue; - } + if( b->a_dn_at->ad_type->sat_equality == NULL ) + { + fprintf( stderr, + "%s: line %d: dnattr \"%s\": " + "inappropriate matching (no EQUALITY)\n", + fname, lineno, right ); + acl_usage(); + } - if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { - fprintf( stderr, - "%s: line %d: inappropriate style \"%s\" in by clause\n", - fname, lineno, style ); - acl_usage(); + continue; } if ( strncasecmp( left, "group", sizeof("group")-1 ) == 0 ) { char *name = NULL; char *value = NULL; + if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { + fprintf( stderr, + "%s: line %d: inappropriate style \"%s\" in by clause\n", + fname, lineno, style ); + acl_usage(); + } + if ( right == NULL || right[ 0 ] == '\0' ) { fprintf( stderr, "%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n", @@ -468,16 +513,20 @@ parse_acl( b->a_group_style = sty; if (sty == ACL_STYLE_REGEX) { - bv.bv_val = right; - acl_regex_normalized_dn( &bv ); - regtest(fname, lineno, bv.bv_val); + acl_regex_normalized_dn( right, &bv ); + if ( !ber_bvccmp( &bv, '*' ) ) { + regtest(fname, lineno, bv.bv_val); + } b->a_group_pat = bv; } else { - struct berval *ndn = NULL; ber_str2bv( right, 0, 0, &bv ); - dnNormalize( NULL, &bv, &ndn ); - b->a_group_pat = *ndn; - free(ndn); + rc = dnNormalize2( NULL, &bv, &b->a_group_pat ); + if ( rc != LDAP_SUCCESS ) { + fprintf( stderr, + "%s: line %d: bad DN \"%s\"\n", + fname, lineno, right ); + acl_usage(); + } } if (value && *value) { @@ -503,8 +552,8 @@ parse_acl( } } - if( is_object_subclass( b->a_group_oc, - slap_schema.si_oc_referral ) ) + if( is_object_subclass( slap_schema.si_oc_referral, + b->a_group_oc )) { fprintf( stderr, "%s: line %d: group objectclass \"%s\" " @@ -513,8 +562,8 @@ parse_acl( acl_usage(); } - if( is_object_subclass( b->a_group_oc, - slap_schema.si_oc_alias ) ) + if( is_object_subclass( slap_schema.si_oc_alias, + b->a_group_oc )) { fprintf( stderr, "%s: line %d: group objectclass \"%s\" " @@ -559,13 +608,11 @@ parse_acl( { int rc; - struct berval val; - struct berval *vals[2]; + struct berval vals[2]; - val.bv_val = b->a_group_oc->soc_oid; - val.bv_len = strlen(val.bv_val); - vals[0] = &val; - vals[1] = NULL; + vals[0].bv_val = b->a_group_oc->soc_oid; + vals[0].bv_len = strlen(vals[0].bv_val); + vals[1].bv_val = NULL; rc = oc_check_allowed( b->a_group_at->ad_type, vals, NULL ); @@ -583,6 +630,13 @@ parse_acl( } if ( strcasecmp( left, "peername" ) == 0 ) { + if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { + fprintf( stderr, + "%s: line %d: inappropriate style \"%s\" in by clause\n", + fname, lineno, style ); + acl_usage(); + } + if ( right == NULL || right[ 0 ] == '\0' ) { fprintf( stderr, "%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n", @@ -590,7 +644,7 @@ parse_acl( acl_usage(); } - if( b->a_peername_pat != NULL ) { + if( b->a_peername_pat.bv_len ) { fprintf( stderr, "%s: line %d: peername pattern already specified.\n", fname, lineno ); @@ -599,17 +653,25 @@ parse_acl( b->a_peername_style = sty; if (sty == ACL_STYLE_REGEX) { - bv.bv_val = right; - acl_regex_normalized_dn( &bv ); - regtest(fname, lineno, bv.bv_val); - b->a_peername_pat = bv.bv_val; + acl_regex_normalized_dn( right, &bv ); + if ( !ber_bvccmp( &bv, '*' ) ) { + regtest(fname, lineno, bv.bv_val); + } + b->a_peername_pat = bv; } else { - b->a_peername_pat = ch_strdup( right ); + ber_str2bv( right, 0, 1, &b->a_peername_pat ); } continue; } if ( strcasecmp( left, "sockname" ) == 0 ) { + if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { + fprintf( stderr, + "%s: line %d: inappropriate style \"%s\" in by clause\n", + fname, lineno, style ); + acl_usage(); + } + if ( right == NULL || right[ 0 ] == '\0' ) { fprintf( stderr, "%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n", @@ -617,7 +679,7 @@ parse_acl( acl_usage(); } - if( b->a_sockname_pat != NULL ) { + if( b->a_sockname_pat.bv_len ) { fprintf( stderr, "%s: line %d: sockname pattern already specified.\n", fname, lineno ); @@ -626,17 +688,31 @@ parse_acl( b->a_sockname_style = sty; if (sty == ACL_STYLE_REGEX) { - bv.bv_val = right; - acl_regex_normalized_dn( &bv ); - regtest(fname, lineno, bv.bv_val); - b->a_sockname_pat = bv.bv_val; + acl_regex_normalized_dn( right, &bv ); + if ( !ber_bvccmp( &bv, '*' ) ) { + regtest(fname, lineno, bv.bv_val); + } + b->a_sockname_pat = bv; } else { - b->a_sockname_pat = ch_strdup( right ); + ber_str2bv( right, 0, 1, &b->a_sockname_pat ); } continue; } if ( strcasecmp( left, "domain" ) == 0 ) { + switch ( sty ) { + case ACL_STYLE_REGEX: + case ACL_STYLE_BASE: + case ACL_STYLE_SUBTREE: + break; + + default: + fprintf( stderr, + "%s: line %d: inappropriate style \"%s\" in by clause\n", + fname, lineno, style ); + acl_usage(); + } + if ( right == NULL || right[ 0 ] == '\0' ) { fprintf( stderr, "%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n", @@ -644,7 +720,7 @@ parse_acl( acl_usage(); } - if( b->a_domain_pat != NULL ) { + if( b->a_domain_pat.bv_len ) { fprintf( stderr, "%s: line %d: domain pattern already specified.\n", fname, lineno ); @@ -652,18 +728,27 @@ parse_acl( } b->a_domain_style = sty; + b->a_domain_expand = expand; if (sty == ACL_STYLE_REGEX) { - bv.bv_val = right; - acl_regex_normalized_dn( &bv ); - regtest(fname, lineno, bv.bv_val); - b->a_domain_pat = bv.bv_val; + acl_regex_normalized_dn( right, &bv ); + if ( !ber_bvccmp( &bv, '*' ) ) { + regtest(fname, lineno, bv.bv_val); + } + b->a_domain_pat = bv; } else { - b->a_domain_pat = ch_strdup( right ); + ber_str2bv( right, 0, 1, &b->a_domain_pat ); } continue; } if ( strcasecmp( left, "sockurl" ) == 0 ) { + if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { + fprintf( stderr, + "%s: line %d: inappropriate style \"%s\" in by clause\n", + fname, lineno, style ); + acl_usage(); + } + if ( right == NULL || right[ 0 ] == '\0' ) { fprintf( stderr, "%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n", @@ -671,7 +756,7 @@ parse_acl( acl_usage(); } - if( b->a_sockurl_pat != NULL ) { + if( b->a_sockurl_pat.bv_len ) { fprintf( stderr, "%s: line %d: sockurl pattern already specified.\n", fname, lineno ); @@ -680,17 +765,25 @@ parse_acl( b->a_sockurl_style = sty; if (sty == ACL_STYLE_REGEX) { - bv.bv_val = right; - acl_regex_normalized_dn( &bv ); - regtest(fname, lineno, bv.bv_val); - b->a_sockurl_pat = bv.bv_val; + acl_regex_normalized_dn( right, &bv ); + if ( !ber_bvccmp( &bv, '*' ) ) { + regtest(fname, lineno, bv.bv_val); + } + b->a_sockurl_pat = bv; } else { - b->a_sockurl_pat = ch_strdup( right ); + ber_str2bv( right, 0, 1, &b->a_sockurl_pat ); } continue; } if ( strcasecmp( left, "set" ) == 0 ) { + if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { + fprintf( stderr, + "%s: line %d: inappropriate style \"%s\" in by clause\n", + fname, lineno, style ); + acl_usage(); + } + if( b->a_set_pat.bv_len != 0 ) { fprintf( stderr, "%s: line %d: set attribute already specified.\n", @@ -713,6 +806,13 @@ parse_acl( #ifdef SLAPD_ACI_ENABLED if ( strcasecmp( left, "aci" ) == 0 ) { + if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { + fprintf( stderr, + "%s: line %d: inappropriate style \"%s\" in by clause\n", + fname, lineno, style ); + acl_usage(); + } + if( b->a_aci_at != NULL ) { fprintf( stderr, "%s: line %d: aci attribute already specified.\n", @@ -731,14 +831,7 @@ parse_acl( } } else { - rc = slap_str2ad( SLAPD_ACI_ATTR, &b->a_aci_at, &text ); - - if( rc != LDAP_SUCCESS ) { - fprintf( stderr, - "%s: line %d: aci \"%s\": %s\n", - fname, lineno, SLAPD_ACI_ATTR, text ); - acl_usage(); - } + b->a_aci_at = slap_schema.si_ad_aci; } if( !is_at_syntax( b->a_aci_at->ad_type, @@ -756,6 +849,13 @@ parse_acl( #endif /* SLAPD_ACI_ENABLED */ if ( strcasecmp( left, "ssf" ) == 0 ) { + if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { + fprintf( stderr, + "%s: line %d: inappropriate style \"%s\" in by clause\n", + fname, lineno, style ); + acl_usage(); + } + if( b->a_authz.sai_ssf ) { fprintf( stderr, "%s: line %d: ssf attribute already specified.\n", @@ -782,6 +882,13 @@ parse_acl( } if ( strcasecmp( left, "transport_ssf" ) == 0 ) { + if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { + fprintf( stderr, + "%s: line %d: inappropriate style \"%s\" in by clause\n", + fname, lineno, style ); + acl_usage(); + } + if( b->a_authz.sai_transport_ssf ) { fprintf( stderr, "%s: line %d: transport_ssf attribute already specified.\n", @@ -808,6 +915,13 @@ parse_acl( } if ( strcasecmp( left, "tls_ssf" ) == 0 ) { + if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { + fprintf( stderr, + "%s: line %d: inappropriate style \"%s\" in by clause\n", + fname, lineno, style ); + acl_usage(); + } + if( b->a_authz.sai_tls_ssf ) { fprintf( stderr, "%s: line %d: tls_ssf attribute already specified.\n", @@ -834,6 +948,13 @@ parse_acl( } if ( strcasecmp( left, "sasl_ssf" ) == 0 ) { + if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { + fprintf( stderr, + "%s: line %d: inappropriate style \"%s\" in by clause\n", + fname, lineno, style ); + acl_usage(); + } + if( b->a_authz.sai_sasl_ssf ) { fprintf( stderr, "%s: line %d: sasl_ssf attribute already specified.\n", @@ -983,6 +1104,7 @@ char * accessmask2str( slap_mask_t mask, char *buf ) { int none=1; + char *ptr = buf; assert( buf != NULL ); @@ -994,76 +1116,79 @@ accessmask2str( slap_mask_t mask, char *buf ) if ( ACL_IS_LEVEL( mask ) ) { if ( ACL_LVL_IS_NONE(mask) ) { - strcat( buf, "none" ); + ptr = lutil_strcopy( ptr, "none" ); } else if ( ACL_LVL_IS_AUTH(mask) ) { - strcat( buf, "auth" ); + ptr = lutil_strcopy( ptr, "auth" ); } else if ( ACL_LVL_IS_COMPARE(mask) ) { - strcat( buf, "compare" ); + ptr = lutil_strcopy( ptr, "compare" ); } else if ( ACL_LVL_IS_SEARCH(mask) ) { - strcat( buf, "search" ); + ptr = lutil_strcopy( ptr, "search" ); } else if ( ACL_LVL_IS_READ(mask) ) { - strcat( buf, "read" ); + ptr = lutil_strcopy( ptr, "read" ); } else if ( ACL_LVL_IS_WRITE(mask) ) { - strcat( buf, "write" ); + ptr = lutil_strcopy( ptr, "write" ); } else { - strcat( buf, "unknown" ); + ptr = lutil_strcopy( ptr, "unknown" ); } - strcat(buf, " ("); + *ptr++ = '('; } if( ACL_IS_ADDITIVE( mask ) ) { - strcat( buf, "+" ); + *ptr++ = '+'; } else if( ACL_IS_SUBTRACTIVE( mask ) ) { - strcat( buf, "-" ); + *ptr++ = '-'; } else { - strcat( buf, "=" ); + *ptr++ = '='; } if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WRITE) ) { none = 0; - strcat( buf, "w" ); + *ptr++ = 'w'; } if ( ACL_PRIV_ISSET(mask, ACL_PRIV_READ) ) { none = 0; - strcat( buf, "r" ); + *ptr++ = 'r'; } if ( ACL_PRIV_ISSET(mask, ACL_PRIV_SEARCH) ) { none = 0; - strcat( buf, "s" ); + *ptr++ = 's'; } if ( ACL_PRIV_ISSET(mask, ACL_PRIV_COMPARE) ) { none = 0; - strcat( buf, "c" ); + *ptr++ = 'c'; } if ( ACL_PRIV_ISSET(mask, ACL_PRIV_AUTH) ) { none = 0; - strcat( buf, "x" ); + *ptr++ = 'x'; } if ( none && ACL_PRIV_ISSET(mask, ACL_PRIV_NONE) ) { none = 0; - strcat( buf, "n" ); + *ptr++ = 'n'; } if ( none ) { - strcat( buf, "0" ); + *ptr++ = '0'; } if ( ACL_IS_LEVEL( mask ) ) { - strcat(buf, ")"); - } + *ptr++ = ')'; + } + + *ptr = '\0'; + return buf; } @@ -1090,19 +1215,19 @@ str2accessmask( const char *str ) } for( i=1; str[i] != '\0'; i++ ) { - if( TOLOWER(str[i]) == 'w' ) { + if( TOLOWER((unsigned char) str[i]) == 'w' ) { ACL_PRIV_SET(mask, ACL_PRIV_WRITE); - } else if( TOLOWER(str[i]) == 'r' ) { + } else if( TOLOWER((unsigned char) str[i]) == 'r' ) { ACL_PRIV_SET(mask, ACL_PRIV_READ); - } else if( TOLOWER(str[i]) == 's' ) { + } else if( TOLOWER((unsigned char) str[i]) == 's' ) { ACL_PRIV_SET(mask, ACL_PRIV_SEARCH); - } else if( TOLOWER(str[i]) == 'c' ) { + } else if( TOLOWER((unsigned char) str[i]) == 'c' ) { ACL_PRIV_SET(mask, ACL_PRIV_COMPARE); - } else if( TOLOWER(str[i]) == 'x' ) { + } else if( TOLOWER((unsigned char) str[i]) == 'x' ) { ACL_PRIV_SET(mask, ACL_PRIV_AUTH); } else if( str[i] != '0' ) { @@ -1157,7 +1282,7 @@ acl_usage( void ) "\t[aci=]\n" #endif "\t[ssf=] [transport_ssf=] [tls_ssf=] [sasl_ssf=]\n" - " ::= regex | base | exact (alias of base) | one | sub | children\n" + " ::= regex | base | exact (alias of base) | one | subtree | children\n" "