X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Faclparse.c;h=f559ae3e1c7d9f69936e1538072907e7a0738ed1;hb=12d5c6bba210de4a03363567be1c19a37f8e806b;hp=6ea473f434b3d2c24a72b11e7c5fd9e6903aacd4;hpb=095435156545a5056e218ee70a7c2674df429ad6;p=openldap
diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index 6ea473f434..f559ae3e1c 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -1,8 +1,27 @@
/* aclparse.c - routines to parse and check acl's */
/* $OpenLDAP$ */
-/*
- * Copyright 1998-2003 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* This work is part of OpenLDAP Software .
+ *
+ * Copyright 1998-2003 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * .
+ */
+/* Portions Copyright (c) 1995 Regents of the University of Michigan.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that this notice is preserved and that due credit is given
+ * to the University of Michigan at Ann Arbor. The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission. This software
+ * is provided ``as is'' without express or implied warranty.
*/
#include "portable.h"
@@ -169,8 +188,14 @@ parse_acl(
} else if ( strcasecmp( style, "subtree" ) == 0
|| strcasecmp( style, "sub" ) == 0 )
{
- a->acl_dn_style = ACL_STYLE_SUBTREE;
- ber_str2bv( right, 0, 1, &a->acl_dn_pat );
+ if( *right == '\0' ) {
+ a->acl_dn_pat.bv_val = ch_strdup( "*" );
+ a->acl_dn_pat.bv_len = 1;
+
+ } else {
+ a->acl_dn_style = ACL_STYLE_SUBTREE;
+ ber_str2bv( right, 0, 1, &a->acl_dn_pat );
+ }
} else if ( strcasecmp( style, "children" ) == 0 ) {
a->acl_dn_style = ACL_STYLE_CHILDREN;
@@ -227,6 +252,36 @@ parse_acl(
acl_usage();
}
+ } else if ( strncasecmp( left, "val", 3 ) == 0 ) {
+ if ( a->acl_attrval.bv_len ) {
+ fprintf( stderr,
+ "%s: line %d: attr val already specified in to clause.\n",
+ fname, lineno );
+ acl_usage();
+ }
+ if ( a->acl_attrs == NULL || a->acl_attrs[1].an_name.bv_val ) {
+ fprintf( stderr,
+ "%s: line %d: attr val requires a single attribute.\n",
+ fname, lineno );
+ acl_usage();
+ }
+ ber_str2bv( right, 0, 1, &a->acl_attrval );
+ if ( style && strcasecmp( style, "regex" ) == 0 ) {
+ int e = regcomp( &a->acl_attrval_re, a->acl_attrval.bv_val,
+ REG_EXTENDED | REG_ICASE | REG_NOSUB );
+ if ( e ) {
+ char buf[512];
+ regerror( e, &a->acl_attrval_re, buf, sizeof(buf) );
+ fprintf( stderr, "%s: line %d: "
+ "regular expression \"%s\" bad because of %s\n",
+ fname, lineno, right, buf );
+ acl_usage();
+ }
+ a->acl_attrval_style = ACL_STYLE_REGEX;
+ } else {
+ a->acl_attrval_style = ACL_STYLE_BASE;
+ }
+
} else {
fprintf( stderr,
"%s: line %d: expecting got \"%s\"\n",
@@ -614,7 +669,8 @@ parse_acl(
if( !is_at_syntax( b->a_group_at->ad_type,
SLAPD_DN_SYNTAX ) &&
!is_at_syntax( b->a_group_at->ad_type,
- SLAPD_NAMEUID_SYNTAX ) )
+ SLAPD_NAMEUID_SYNTAX ) &&
+ !is_at_subtype( b->a_group_at->ad_type, slap_schema.si_ad_labeledURI->ad_type ))
{
fprintf( stderr,
"%s: line %d: group \"%s\": inappropriate syntax: %s\n",
@@ -1288,16 +1344,16 @@ str2accessmask( const char *str )
static void
acl_usage( void )
{
- fprintf( stderr, "\n"
+ fprintf( stderr, "%s%s\n",
" ::= access to "
"[ by [ ] ]+ \n"
" ::= * | [dn[.]=] [filter=] [attrs=]\n"
- " ::= | , \n"
+ " ::= [val[.