X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslapacl.c;h=e9ce24823b10d76e6cac3ab34917e532427a29d2;hb=af866c3b44ba37577671f2bffd482499f4b8bc00;hp=ef870be1e95e2fd7c6795c28940c0010fc872554;hpb=dc0eacd40b625258355eea866d62188e5aa7ce3b;p=openldap diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c index ef870be1e9..e9ce24823b 100644 --- a/servers/slapd/slapacl.c +++ b/servers/slapd/slapacl.c @@ -39,10 +39,11 @@ slapacl( int argc, char **argv ) { int rc = EXIT_SUCCESS; const char *progname = "slapacl"; - Connection conn = {0}; - char opbuf[OPERATION_BUFFER_SIZE]; + Connection conn = { 0 }; + Listener listener; + char opbuf[OPERATION_BUFFER_SIZE]; Operation *op; - Entry e = { 0 }; + Entry e = { 0 }, *ep = &e; char *attr = NULL; slap_tool_init( progname, SLAPACL, argc, argv ); @@ -53,6 +54,16 @@ slapacl( int argc, char **argv ) op = (Operation *)opbuf; connection_fake_init( &conn, op, &conn ); + conn.c_listener = &listener; + conn.c_listener_url = listener_url; + conn.c_peer_domain = peer_domain; + conn.c_peer_name = peer_name; + conn.c_sock_name = sock_name; + op->o_ssf = ssf; + op->o_transport_ssf = transport_ssf; + op->o_tls_ssf = tls_ssf; + op->o_sasl_ssf = sasl_ssf; + if ( !BER_BVISNULL( &authcID ) ) { rc = slap_sasl_getdn( &conn, op, &authcID, NULL, &authcDN, SLAP_GETDN_AUTHCID ); @@ -105,11 +116,51 @@ slapacl( int argc, char **argv ) attr = slap_schema.si_ad_entry->ad_cname.bv_val; } + if ( !dryrun ) { + ID id; + + if ( !be->be_entry_open || + !be->be_entry_close || + !be->be_dn2id_get || + !be->be_entry_get ) + { + fprintf( stderr, "%s: target database " + "doesn't support necessary operations; " + "you may try with \"-u\" (dry run).\n", + progname ); + rc = 1; + goto destroy; + } + + if ( be->be_entry_open( be, 0 ) != 0 ) { + fprintf( stderr, "%s: could not open database.\n", + progname ); + rc = 1; + goto destroy; + } + + id = be->be_dn2id_get( be, &e.e_nname ); + if ( id == NOID ) { + fprintf( stderr, "%s: unable to fetch ID of DN \"%s\"\n", + progname, e.e_nname.bv_val ); + rc = 1; + goto destroy; + } + if ( be->be_id2entry_get( be, id, &ep ) != 0 ) { + fprintf( stderr, "%s: unable to fetch entry \"%s\" (%lu)\n", + progname, e.e_nname.bv_val, id ); + rc = 1; + goto destroy; + + } + } + for ( ; argc--; argv++ ) { slap_mask_t mask; AttributeDescription *desc = NULL; int rc; - struct berval val; + struct berval val = BER_BVNULL, + *valp = NULL; const char *text; char accessmaskbuf[ACCESSMASK_MAXLEN]; char *accessstr; @@ -124,6 +175,7 @@ slapacl( int argc, char **argv ) val.bv_val[0] = '\0'; val.bv_val++; val.bv_len = strlen( val.bv_val ); + valp = &val; } accessstr = strchr( attr, '/' ); @@ -151,7 +203,7 @@ slapacl( int argc, char **argv ) break; } - rc = access_allowed_mask( op, &e, desc, &val, access, + rc = access_allowed_mask( op, ep, desc, valp, access, NULL, &mask ); if ( accessstr ) { @@ -167,13 +219,22 @@ slapacl( int argc, char **argv ) desc->ad_cname.bv_val, val.bv_val ? "=" : "", val.bv_val ? val.bv_val : "", - accessmask2str( mask, accessmaskbuf ) ); + accessmask2str( mask, accessmaskbuf, 1 ) ); } rc = 0; attr = NULL; } destroy:; + ber_memfree( e.e_name.bv_val ); + ber_memfree( e.e_nname.bv_val ); + if ( !dryrun ) { + if ( ep != &e ) { + be_entry_release_r( op, ep ); + } + be->be_entry_close( be ); + } + slap_tool_destroy(); return rc;