X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslapacl.c;h=cc49b215256d48a07534dbd634c5deedd2d89da9;hb=7fe91339dfd08d6c4168c8493f5c1f0faca6ba54;hp=5b516c173730be9557dca23296c05ef85145f6aa;hpb=2430af4e8bbfb5e852321efc09bcdaf816f60286;p=openldap diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c index 5b516c1737..cc49b21525 100644 --- a/servers/slapd/slapacl.c +++ b/servers/slapd/slapacl.c @@ -1,6 +1,7 @@ +/* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2004-2005 The OpenLDAP Foundation. + * Copyright 2004-2009 The OpenLDAP Foundation. * Portions Copyright 2004 Pierangelo Masarati. * All rights reserved. * @@ -52,7 +53,8 @@ print_access( desc->ad_cname.bv_val, ( val && !BER_BVISNULL( val ) ) ? "=" : "", ( val && !BER_BVISNULL( val ) ) ? - ( desc == slap_schema.si_ad_userPassword ? "****" : val->bv_val ) : "", + ( desc == slap_schema.si_ad_userPassword ? + "****" : val->bv_val ) : "", accessmask2str( mask, accessmaskbuf, 1 ) ); return rc; @@ -65,8 +67,8 @@ slapacl( int argc, char **argv ) const char *progname = "slapacl"; Connection conn = { 0 }; Listener listener; - char opbuf[OPERATION_BUFFER_SIZE]; - Operation *op; + OperationBuffer opbuf; + Operation *op = NULL; Entry e = { 0 }, *ep = &e; char *attr = NULL; int doclose = 0; @@ -86,14 +88,17 @@ slapacl( int argc, char **argv ) rc = 1; goto destroy; } + + i++; } } argv = &argv[ optind ]; argc -= optind; - op = (Operation *)opbuf; - connection_fake_init( &conn, op, &conn ); + connection_fake_init( &conn, &opbuf, &conn ); + op = &opbuf.ob_op; + op->o_tmpmemctx = NULL; conn.c_listener = &listener; conn.c_listener_url = listener_url; @@ -213,9 +218,25 @@ slapacl( int argc, char **argv ) } op->o_bd = be; - if ( !dryrun && be ) { + if ( op->o_bd == NULL ) { + /* NOTE: if no database could be found (e.g. because + * accessing the rootDSE or so), use the frontendDB + * rules; might need work */ + op->o_bd = frontendDB; + } + + if ( !dryrun ) { ID id; + if ( be == NULL ) { + fprintf( stderr, "%s: no target database " + "has been found for baseDN=\"%s\"; " + "you may try with \"-u\" (dry run).\n", + baseDN.bv_val, progname ); + rc = 1; + goto destroy; + } + if ( !be->be_entry_open || !be->be_entry_close || !be->be_dn2id_get || @@ -245,7 +266,8 @@ slapacl( int argc, char **argv ) rc = 1; goto destroy; } - if ( be->be_id2entry_get( be, id, &ep ) != 0 ) { + ep = be->be_entry_get( be, id ); + if ( ep == NULL ) { fprintf( stderr, "%s: unable to fetch entry \"%s\" (%lu)\n", progname, e.e_nname.bv_val, id ); rc = 1; @@ -295,12 +317,29 @@ slapacl( int argc, char **argv ) accessstr = strchr( attr, '/' ); if ( accessstr != NULL ) { + int invalid = 0; + accessstr[0] = '\0'; accessstr++; access = str2access( accessstr ); - if ( access == ACL_INVALID_ACCESS ) { + switch ( access ) { + case ACL_INVALID_ACCESS: fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n", accessstr, attr ); + invalid = 1; + break; + + case ACL_NONE: + fprintf( stderr, "\"none\" not allowed for attribute \"%s\"\n", + attr ); + invalid = 1; + break; + + default: + break; + } + + if ( invalid ) { if ( continuemode ) { continue; } @@ -348,7 +387,7 @@ destroy:; ber_memfree( e.e_nname.bv_val ); } if ( !dryrun && be ) { - if ( ep != &e ) { + if ( ep && ep != &e ) { be_entry_release_r( op, ep ); } if ( doclose ) { @@ -362,7 +401,8 @@ destroy:; } } - slap_tool_destroy(); + if ( slap_tool_destroy()) + rc = EXIT_FAILURE; return rc; }