X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslapacl.c;h=f0a0a0580a8e50cbbc738093a5a67d6d2654f3bb;hb=d168b49464df8a034e244c6610721155aa6b42ba;hp=fdab725ab3ef2df7eed30e334fca3a9e1767d127;hpb=fe1b73c71228bc7712ff245a890ae18e820501a1;p=openldap

diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c
index fdab725ab3..f0a0a0580a 100644
--- a/servers/slapd/slapacl.c
+++ b/servers/slapd/slapacl.c
@@ -1,6 +1,6 @@
 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
  *
- * Copyright 2004-2005 The OpenLDAP Foundation.
+ * Copyright 2004-2006 The OpenLDAP Foundation.
  * Portions Copyright 2004 Pierangelo Masarati.
  * All rights reserved.
  *
@@ -45,7 +45,6 @@ print_access(
 	int			rc;
 	slap_mask_t		mask;
 	char			accessmaskbuf[ACCESSMASK_MAXLEN];
-	slap_access_t		access = ACL_AUTH;
 
 	rc = access_allowed_mask( op, e, desc, nval, ACL_AUTH, NULL, &mask );
 
@@ -66,17 +65,36 @@ slapacl( int argc, char **argv )
 	const char		*progname = "slapacl";
 	Connection		conn = { 0 };
 	Listener		listener;
-	char			opbuf[OPERATION_BUFFER_SIZE];
-	Operation		*op;
+	OperationBuffer	opbuf;
+	Operation		*op = NULL;
 	Entry			e = { 0 }, *ep = &e;
 	char			*attr = NULL;
+	int			doclose = 0;
+	BackendDB		*bd;
 
 	slap_tool_init( progname, SLAPACL, argc, argv );
 
+	if ( !dryrun ) {
+		int	i = 0;
+
+		LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) {
+			if ( bd != be && backend_startup( bd ) ) {
+				fprintf( stderr, "backend_startup(#%d%s%s) failed\n",
+						i,
+						bd->be_suffix ? ": " : "",
+						bd->be_suffix ? bd->be_suffix[0].bv_val : "" );
+				rc = 1;
+				goto destroy;
+			}
+
+			i++;
+		}
+	}
+
 	argv = &argv[ optind ];
 	argc -= optind;
 
-	op = (Operation *)opbuf;
+	op = (Operation *) &opbuf;
 	connection_fake_init( &conn, op, &conn );
 
 	conn.c_listener = &listener;
@@ -90,10 +108,18 @@ slapacl( int argc, char **argv )
 	op->o_sasl_ssf = sasl_ssf;
 
 	if ( !BER_BVISNULL( &authcID ) ) {
+		if ( !BER_BVISNULL( &authcDN ) ) {
+			fprintf( stderr, "both authcID=\"%s\" "
+					"and authcDN=\"%s\" provided\n",
+					authcID.bv_val, authcDN.bv_val );
+			rc = 1;
+			goto destroy;
+		}
+
 		rc = slap_sasl_getdn( &conn, op, &authcID, NULL,
 				&authcDN, SLAP_GETDN_AUTHCID );
 		if ( rc != LDAP_SUCCESS ) {
-			fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
+			fprintf( stderr, "authcID: <%s> check failed %d (%s)\n",
 					authcID.bv_val, rc,
 					ldap_err2string( rc ) );
 			rc = 1;
@@ -115,9 +141,67 @@ slapacl( int argc, char **argv )
 		authcDN = ndn;
 	}
 
+	if ( !BER_BVISNULL( &authzID ) ) {
+		if ( !BER_BVISNULL( &authzDN ) ) {
+			fprintf( stderr, "both authzID=\"%s\" "
+					"and authzDN=\"%s\" provided\n",
+					authzID.bv_val, authzDN.bv_val );
+			rc = 1;
+			goto destroy;
+		}
+
+		rc = slap_sasl_getdn( &conn, op, &authzID, NULL,
+				&authzDN, SLAP_GETDN_AUTHZID );
+		if ( rc != LDAP_SUCCESS ) {
+			fprintf( stderr, "authzID: <%s> check failed %d (%s)\n",
+					authzID.bv_val, rc,
+					ldap_err2string( rc ) );
+			rc = 1;
+			goto destroy;
+		}
+
+	} else if ( !BER_BVISNULL( &authzDN ) ) {
+		struct berval	ndn;
+
+		rc = dnNormalize( 0, NULL, NULL, &authzDN, &ndn, NULL );
+		if ( rc != LDAP_SUCCESS ) {
+			fprintf( stderr, "autchDN=\"%s\" normalization failed %d (%s)\n",
+					authzDN.bv_val, rc,
+					ldap_err2string( rc ) );
+			rc = 1;
+			goto destroy;
+		}
+		ch_free( authzDN.bv_val );
+		authzDN = ndn;
+	}
+
 
 	if ( !BER_BVISNULL( &authcDN ) ) {
-		fprintf( stderr, "DN: \"%s\"\n", authcDN.bv_val );
+		fprintf( stderr, "authcDN: \"%s\"\n", authcDN.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &authzDN ) ) {
+		fprintf( stderr, "authzDN: \"%s\"\n", authzDN.bv_val );
+	}
+
+	if ( !BER_BVISNULL( &authzDN ) ) {
+		op->o_dn = authzDN;
+		op->o_ndn = authzDN;
+		
+		if ( !BER_BVISNULL( &authcDN ) ) {
+			op->o_conn->c_dn = authcDN;
+			op->o_conn->c_ndn = authcDN;
+
+		} else {
+			op->o_conn->c_dn = authzDN;
+			op->o_conn->c_ndn = authzDN;
+		}
+
+	} else if ( !BER_BVISNULL( &authcDN ) ) {
+		op->o_conn->c_dn = authcDN;
+		op->o_conn->c_ndn = authcDN;
+		op->o_dn = authcDN;
+		op->o_ndn = authcDN;
 	}
 
 	assert( !BER_BVISNULL( &baseDN ) );
@@ -131,18 +215,29 @@ slapacl( int argc, char **argv )
 	}
 
 	op->o_bd = be;
-	if ( !BER_BVISNULL( &authcDN ) ) {
-		op->o_dn = authcDN;
-		op->o_ndn = authcDN;
+	if ( op->o_bd == NULL ) {
+		/* NOTE: if no database could be found (e.g. because
+		 * accessing the rootDSE or so), use the frontendDB
+		 * rules; might need work */
+		op->o_bd = frontendDB;
 	}
 
 	if ( !dryrun ) {
 		ID	id;
 
+		if ( be == NULL ) {
+			fprintf( stderr, "%s: no target database "
+				"has been found for baseDN=\"%s\"; "
+				"you may try with \"-u\" (dry run).\n",
+				baseDN.bv_val, progname );
+			rc = 1;
+			goto destroy;
+		}
+
 		if ( !be->be_entry_open ||
 			!be->be_entry_close ||
 			!be->be_dn2id_get ||
-			!be->be_entry_get )
+			!be->be_id2entry_get )
 		{
 			fprintf( stderr, "%s: target database "
 				"doesn't support necessary operations; "
@@ -159,6 +254,8 @@ slapacl( int argc, char **argv )
 			goto destroy;
 		}
 
+		doclose = 1;
+
 		id = be->be_dn2id_get( be, &e.e_nname );
 		if ( id == NOID ) {
 			fprintf( stderr, "%s: unable to fetch ID of DN \"%s\"\n",
@@ -262,13 +359,25 @@ slapacl( int argc, char **argv )
 	}
 
 destroy:;
-	ber_memfree( e.e_name.bv_val );
-	ber_memfree( e.e_nname.bv_val );
-	if ( !dryrun ) {
+	if ( !BER_BVISNULL( &e.e_name ) ) {
+		ber_memfree( e.e_name.bv_val );
+	}
+	if ( !BER_BVISNULL( &e.e_nname ) ) {
+		ber_memfree( e.e_nname.bv_val );
+	}
+	if ( !dryrun && be ) {
 		if ( ep != &e ) {
 			be_entry_release_r( op, ep );
 		}
-		be->be_entry_close( be );
+		if ( doclose ) {
+			be->be_entry_close( be );
+		}
+
+		LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) {
+			if ( bd != be ) {
+				backend_shutdown( bd );
+			}
+		}
 	}
 
 	slap_tool_destroy();