X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslapacl.c;h=cc49b215256d48a07534dbd634c5deedd2d89da9;hb=7fe91339dfd08d6c4168c8493f5c1f0faca6ba54;hp=7d967db27a4566f0a3816663489a82ce9805c213;hpb=da69eca7143234c82a0803f1bbc30edebd8003db;p=openldap diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c index 7d967db27a..cc49b21525 100644 --- a/servers/slapd/slapacl.c +++ b/servers/slapd/slapacl.c @@ -1,6 +1,7 @@ +/* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * - * Copyright 2004-2005 The OpenLDAP Foundation. + * Copyright 2004-2009 The OpenLDAP Foundation. * Portions Copyright 2004 Pierangelo Masarati. * All rights reserved. * @@ -45,7 +46,6 @@ print_access( int rc; slap_mask_t mask; char accessmaskbuf[ACCESSMASK_MAXLEN]; - slap_access_t access = ACL_AUTH; rc = access_allowed_mask( op, e, desc, nval, ACL_AUTH, NULL, &mask ); @@ -53,7 +53,8 @@ print_access( desc->ad_cname.bv_val, ( val && !BER_BVISNULL( val ) ) ? "=" : "", ( val && !BER_BVISNULL( val ) ) ? - ( desc == slap_schema.si_ad_userPassword ? "****" : val->bv_val ) : "", + ( desc == slap_schema.si_ad_userPassword ? + "****" : val->bv_val ) : "", accessmask2str( mask, accessmaskbuf, 1 ) ); return rc; @@ -66,19 +67,38 @@ slapacl( int argc, char **argv ) const char *progname = "slapacl"; Connection conn = { 0 }; Listener listener; - char opbuf[OPERATION_BUFFER_SIZE]; - Operation *op; + OperationBuffer opbuf; + Operation *op = NULL; Entry e = { 0 }, *ep = &e; char *attr = NULL; int doclose = 0; + BackendDB *bd; slap_tool_init( progname, SLAPACL, argc, argv ); + if ( !dryrun ) { + int i = 0; + + LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) { + if ( bd != be && backend_startup( bd ) ) { + fprintf( stderr, "backend_startup(#%d%s%s) failed\n", + i, + bd->be_suffix ? ": " : "", + bd->be_suffix ? bd->be_suffix[0].bv_val : "" ); + rc = 1; + goto destroy; + } + + i++; + } + } + argv = &argv[ optind ]; argc -= optind; - op = (Operation *)opbuf; - connection_fake_init( &conn, op, &conn ); + connection_fake_init( &conn, &opbuf, &conn ); + op = &opbuf.ob_op; + op->o_tmpmemctx = NULL; conn.c_listener = &listener; conn.c_listener_url = listener_url; @@ -198,9 +218,25 @@ slapacl( int argc, char **argv ) } op->o_bd = be; - if ( !dryrun && be ) { + if ( op->o_bd == NULL ) { + /* NOTE: if no database could be found (e.g. because + * accessing the rootDSE or so), use the frontendDB + * rules; might need work */ + op->o_bd = frontendDB; + } + + if ( !dryrun ) { ID id; + if ( be == NULL ) { + fprintf( stderr, "%s: no target database " + "has been found for baseDN=\"%s\"; " + "you may try with \"-u\" (dry run).\n", + baseDN.bv_val, progname ); + rc = 1; + goto destroy; + } + if ( !be->be_entry_open || !be->be_entry_close || !be->be_dn2id_get || @@ -230,7 +266,8 @@ slapacl( int argc, char **argv ) rc = 1; goto destroy; } - if ( be->be_id2entry_get( be, id, &ep ) != 0 ) { + ep = be->be_entry_get( be, id ); + if ( ep == NULL ) { fprintf( stderr, "%s: unable to fetch entry \"%s\" (%lu)\n", progname, e.e_nname.bv_val, id ); rc = 1; @@ -280,12 +317,29 @@ slapacl( int argc, char **argv ) accessstr = strchr( attr, '/' ); if ( accessstr != NULL ) { + int invalid = 0; + accessstr[0] = '\0'; accessstr++; access = str2access( accessstr ); - if ( access == ACL_INVALID_ACCESS ) { + switch ( access ) { + case ACL_INVALID_ACCESS: fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n", accessstr, attr ); + invalid = 1; + break; + + case ACL_NONE: + fprintf( stderr, "\"none\" not allowed for attribute \"%s\"\n", + attr ); + invalid = 1; + break; + + default: + break; + } + + if ( invalid ) { if ( continuemode ) { continue; } @@ -333,15 +387,22 @@ destroy:; ber_memfree( e.e_nname.bv_val ); } if ( !dryrun && be ) { - if ( ep != &e ) { + if ( ep && ep != &e ) { be_entry_release_r( op, ep ); } if ( doclose ) { be->be_entry_close( be ); } + + LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) { + if ( bd != be ) { + backend_shutdown( bd ); + } + } } - slap_tool_destroy(); + if ( slap_tool_destroy()) + rc = EXIT_FAILURE; return rc; }