X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslapacl.c;h=59d22ecd90e4e32de873f6c7b8d4e23f302268f7;hb=4a8d8eb78a610baefde7f5b3e0a371961dafff84;hp=9ffde3b85a7e07faa12d82b4fc5faf25e88307fb;hpb=2919bc09ac89efb58f9c23ddf49d471452157384;p=openldap diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c index 9ffde3b85a..59d22ecd90 100644 --- a/servers/slapd/slapacl.c +++ b/servers/slapd/slapacl.c @@ -1,6 +1,6 @@ /* This work is part of OpenLDAP Software . * - * Copyright 2004 The OpenLDAP Foundation. + * Copyright 2004-2005 The OpenLDAP Foundation. * Portions Copyright 2004 Pierangelo Masarati. * All rights reserved. * @@ -39,25 +39,23 @@ slapacl( int argc, char **argv ) { int rc = EXIT_SUCCESS; const char *progname = "slapacl"; - Connection conn; - Operation op; + Connection conn = {0}; + char opbuf[OPERATION_BUFFER_SIZE]; + Operation *op; Entry e = { 0 }; + char *attr = NULL; -#ifdef NEW_LOGGING - lutil_log_initialize( argc, argv ); -#endif slap_tool_init( progname, SLAPACL, argc, argv ); argv = &argv[ optind ]; argc -= optind; - memset( &conn, 0, sizeof( Connection ) ); - memset( &op, 0, sizeof( Operation ) ); - - connection_fake_init( &conn, &op, &conn ); + op = (Operation *)opbuf; + connection_fake_init( &conn, op, &conn ); if ( !BER_BVISNULL( &authcID ) ) { - rc = slap_sasl_getdn( &conn, &op, &authcID, NULL, &authcDN, SLAP_GETDN_AUTHCID ); + rc = slap_sasl_getdn( &conn, op, &authcID, NULL, + &authcDN, SLAP_GETDN_AUTHCID ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "ID: <%s> check failed %d (%s)\n", authcID.bv_val, rc, @@ -65,8 +63,23 @@ slapacl( int argc, char **argv ) rc = 1; goto destroy; } + + } else if ( !BER_BVISNULL( &authcDN ) ) { + struct berval ndn; + + rc = dnNormalize( 0, NULL, NULL, &authcDN, &ndn, NULL ); + if ( rc != LDAP_SUCCESS ) { + fprintf( stderr, "autchDN=\"%s\" normalization failed %d (%s)\n", + authcDN.bv_val, rc, + ldap_err2string( rc ) ); + rc = 1; + goto destroy; + } + ch_free( authcDN.bv_val ); + authcDN = ndn; } + if ( !BER_BVISNULL( &authcDN ) ) { fprintf( stderr, "DN: \"%s\"\n", authcDN.bv_val ); } @@ -81,37 +94,48 @@ slapacl( int argc, char **argv ) goto destroy; } - op.o_bd = be; + op->o_bd = be; if ( !BER_BVISNULL( &authcDN ) ) { - op.o_dn = authcDN; - op.o_ndn = authcDN; + op->o_dn = authcDN; + op->o_ndn = authcDN; + } + + if ( argc == 0 ) { + argc = 1; + attr = slap_schema.si_ad_entry->ad_cname.bv_val; } for ( ; argc--; argv++ ) { slap_mask_t mask; AttributeDescription *desc = NULL; int rc; - struct berval val; + struct berval val = BER_BVNULL, + *valp = NULL; const char *text; char accessmaskbuf[ACCESSMASK_MAXLEN]; char *accessstr; slap_access_t access = ACL_AUTH; - val.bv_val = strchr( argv[0], ':' ); + if ( attr == NULL ) { + attr = argv[ 0 ]; + } + + val.bv_val = strchr( attr, ':' ); if ( val.bv_val != NULL ) { val.bv_val[0] = '\0'; val.bv_val++; val.bv_len = strlen( val.bv_val ); + valp = &val; } - accessstr = strchr( argv[0], '/' ); + accessstr = strchr( attr, '/' ); if ( accessstr != NULL ) { accessstr[0] = '\0'; accessstr++; access = str2access( accessstr ); if ( access == ACL_INVALID_ACCESS ) { fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n", - accessstr, argv[0] ); + accessstr, attr ); if ( continuemode ) { continue; } @@ -119,24 +143,36 @@ slapacl( int argc, char **argv ) } } - rc = slap_str2ad( argv[0], &desc, &text ); + rc = slap_str2ad( attr, &desc, &text ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "slap_str2ad(%s) failed %d (%s)\n", - argv[0], rc, ldap_err2string( rc ) ); + attr, rc, ldap_err2string( rc ) ); if ( continuemode ) { continue; } break; } - (void)access_allowed_mask( &op, &e, desc, &val, access, + rc = access_allowed_mask( op, &e, desc, valp, access, NULL, &mask ); - fprintf( stderr, "%s%s%s: %s\n", - desc->ad_cname.bv_val, - val.bv_val ? "=" : "", - val.bv_val ? val.bv_val : "", - accessmask2str( mask, accessmaskbuf ) ); + if ( accessstr ) { + fprintf( stderr, "%s access to %s%s%s: %s\n", + accessstr, + desc->ad_cname.bv_val, + val.bv_val ? "=" : "", + val.bv_val ? val.bv_val : "", + rc ? "ALLOWED" : "DENIED" ); + + } else { + fprintf( stderr, "%s%s%s: %s\n", + desc->ad_cname.bv_val, + val.bv_val ? "=" : "", + val.bv_val ? val.bv_val : "", + accessmask2str( mask, accessmaskbuf, 1 ) ); + } + rc = 0; + attr = NULL; } destroy:;