X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Faclparse.c;h=e47a00380a858ec266e7aad482e982bdf08dec10;hb=e03d88fcc4533a88ba303c7ba8faa8aa0e4ec775;hp=3d853222c61b920e31c9cd2ef311625555d27ab2;hpb=2ec25ef8810f15f5aa13ec47b593a18cb96fcbdf;p=openldap

diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index 3d853222c6..e47a00380a 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -1,17 +1,16 @@
 /* acl.c - routines to parse and check acl's */
 
+#include "portable.h"
 
 #include <stdio.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <netdb.h>
-#include <unistd.h>
-#include <regex.h>
+
+#include <ac/ctype.h>
+#include <ac/regex.h>
+#include <ac/socket.h>
+#include <ac/string.h>
+#include <ac/unistd.h>
 
 #include "slap.h"
-#include "portable.h"
 
 extern Filter		*str2filter();
 extern struct acl	*global_acl;
@@ -209,11 +208,39 @@ parse_acl(
 			} else if ( strcasecmp( left, "dnattr" ) == 0 ) {
 				b->a_dnattr = strdup( right );
 
-#ifdef ACLGROUP
+#ifdef SLAPD_ACLGROUPS
 			} else if ( strcasecmp( left, "group" ) == 0 ) {
+                                char *name = NULL;
+                                char *value = NULL;
 				regtest(fname, lineno, right);
+
+                                /* format of string is "group/objectClassValue/groupAttrName"
+                                 */
+                                if ((value = strchr(right, '/')) != NULL) {
+                                        *value++ = '\0';
+                                        if (value && *value && (name = strchr(value, '/')) != NULL) 
+                                            *name++ = '\0';
+                                }
+
 				b->a_group = dn_upcase(strdup( right ));
-#endif /* ACLGROUP */
+
+                                if (value && *value) {
+                                        b->a_objectclassvalue = strdup(value);
+                                        *--value = '/';
+                                }
+                                else
+                                        b->a_objectclassvalue = strdup("groupOfNames");
+
+                                if (name && *name) {
+                                        b->a_groupattrname = strdup(name);
+                                        *--name = '/';
+                                }
+                                else
+                                        b->a_groupattrname = strdup("member");
+
+
+
+#endif /* SLAPD_ACLGROUPS */
 			} else if ( strcasecmp( left, "domain" ) == 0 ) {
 				char	*s;
 				regtest(fname, lineno, right);
@@ -265,6 +292,11 @@ parse_acl(
 			    fname, lineno );
 
 	} else {
+
+#ifdef LDAP_DEBUG
+                if (ldap_debug & LDAP_DEBUG_ACL)
+                    print_acl(a);
+#endif
 	
 		if ( a->acl_access == NULL ) {
 			fprintf( stderr,
@@ -387,15 +419,24 @@ print_access( struct access *b )
 {
 	printf( "\tby" );
 	if ( b->a_dnpat != NULL ) {
-		printf( " dn=%s", b->a_dnpat );
+		fprintf( stderr, " dn=%s", b->a_dnpat );
 	} else if ( b->a_addrpat != NULL ) {
-		printf( " addr=%s", b->a_addrpat );
+		fprintf( stderr, " addr=%s", b->a_addrpat );
 	} else if ( b->a_domainpat != NULL ) {
-		printf( " domain=%s", b->a_domainpat );
+		fprintf( stderr, " domain=%s", b->a_domainpat );
 	} else if ( b->a_dnattr != NULL ) {
-		printf( " dnattr=%s", b->a_dnattr );
+		fprintf( stderr, " dnattr=%s", b->a_dnattr );
 	}
-	printf( " %s\n", access2str( b->a_access ) );
+#ifdef SLAPD_ACLGROUPS
+        else if ( b->a_group != NULL ) {
+                fprintf( stderr, " group: %s", b->a_group );
+                if ( b->a_objectclassvalue )
+                        fprintf( stderr, " objectClassValue: %s", b->a_objectclassvalue );
+                if ( b->a_groupattrname )
+                        fprintf( stderr, " groupAttrName: %s", b->a_groupattrname );
+        }
+#endif
+	fprintf( stderr, "\n" );
 }
 
 static void
@@ -405,33 +446,34 @@ print_acl( struct acl *a )
 	struct access	*b;
 
 	if ( a == NULL ) {
-		printf( "NULL\n" );
+		fprintf( stderr, "NULL\n" );
 	}
-	printf( "access to" );
+	fprintf( stderr, "ACL: access to" );
 	if ( a->acl_filter != NULL ) {
-		printf( " filter=" );
+		fprintf(  stderr," filter=" );
 		filter_print( a->acl_filter );
 	}
 	if ( a->acl_dnpat != NULL ) {
-		printf( " dn=" );
-		printf( a->acl_dnpat );
+		fprintf( stderr, " dn=" );
+		fprintf( stderr, a->acl_dnpat );
 	}
 	if ( a->acl_attrs != NULL ) {
 		int	first = 1;
 
-		printf( " attrs=" );
+		fprintf( stderr, "\n attrs=" );
 		for ( i = 0; a->acl_attrs[i] != NULL; i++ ) {
 			if ( ! first ) {
-				printf( "," );
+				fprintf( stderr, "," );
 			}
-			printf( a->acl_attrs[i] );
+			fprintf( stderr, a->acl_attrs[i] );
 			first = 0;
 		}
 	}
-	printf( "\n" );
+	fprintf( stderr, "\n" );
 	for ( b = a->acl_access; b != NULL; b = b->a_next ) {
 		print_access( b );
 	}
+	fprintf( stderr, "\n" );
 }
 
 #endif /* LDAP_DEBUG */