X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslapacl.c;h=f0a0a0580a8e50cbbc738093a5a67d6d2654f3bb;hb=f96e6378d6cd06c744a47af5e5e551cbb494826a;hp=2b325f661ad6208ff6d4459b560416a70773faf3;hpb=e9ab146a413ec67fac3666313f5783fd3bec6146;p=openldap diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c index 2b325f661a..f0a0a0580a 100644 --- a/servers/slapd/slapacl.c +++ b/servers/slapd/slapacl.c @@ -1,6 +1,6 @@ /* This work is part of OpenLDAP Software . * - * Copyright 2004-2005 The OpenLDAP Foundation. + * Copyright 2004-2006 The OpenLDAP Foundation. * Portions Copyright 2004 Pierangelo Masarati. * All rights reserved. * @@ -45,7 +45,6 @@ print_access( int rc; slap_mask_t mask; char accessmaskbuf[ACCESSMASK_MAXLEN]; - slap_access_t access = ACL_AUTH; rc = access_allowed_mask( op, e, desc, nval, ACL_AUTH, NULL, &mask ); @@ -66,17 +65,36 @@ slapacl( int argc, char **argv ) const char *progname = "slapacl"; Connection conn = { 0 }; Listener listener; - char opbuf[OPERATION_BUFFER_SIZE]; - Operation *op; + OperationBuffer opbuf; + Operation *op = NULL; Entry e = { 0 }, *ep = &e; char *attr = NULL; + int doclose = 0; + BackendDB *bd; slap_tool_init( progname, SLAPACL, argc, argv ); + if ( !dryrun ) { + int i = 0; + + LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) { + if ( bd != be && backend_startup( bd ) ) { + fprintf( stderr, "backend_startup(#%d%s%s) failed\n", + i, + bd->be_suffix ? ": " : "", + bd->be_suffix ? bd->be_suffix[0].bv_val : "" ); + rc = 1; + goto destroy; + } + + i++; + } + } + argv = &argv[ optind ]; argc -= optind; - op = (Operation *)opbuf; + op = (Operation *) &opbuf; connection_fake_init( &conn, op, &conn ); conn.c_listener = &listener; @@ -166,6 +184,26 @@ slapacl( int argc, char **argv ) fprintf( stderr, "authzDN: \"%s\"\n", authzDN.bv_val ); } + if ( !BER_BVISNULL( &authzDN ) ) { + op->o_dn = authzDN; + op->o_ndn = authzDN; + + if ( !BER_BVISNULL( &authcDN ) ) { + op->o_conn->c_dn = authcDN; + op->o_conn->c_ndn = authcDN; + + } else { + op->o_conn->c_dn = authzDN; + op->o_conn->c_ndn = authzDN; + } + + } else if ( !BER_BVISNULL( &authcDN ) ) { + op->o_conn->c_dn = authcDN; + op->o_conn->c_ndn = authcDN; + op->o_dn = authcDN; + op->o_ndn = authcDN; + } + assert( !BER_BVISNULL( &baseDN ) ); rc = dnPrettyNormal( NULL, &baseDN, &e.e_name, &e.e_nname, NULL ); if ( rc != LDAP_SUCCESS ) { @@ -177,22 +215,29 @@ slapacl( int argc, char **argv ) } op->o_bd = be; - if ( !BER_BVISNULL( &authzDN ) ) { - op->o_dn = authzDN; - op->o_ndn = authzDN; - } - if ( !BER_BVISNULL( &authcDN ) ) { - op->o_conn->c_dn = authcDN; - op->o_conn->c_ndn = authcDN; + if ( op->o_bd == NULL ) { + /* NOTE: if no database could be found (e.g. because + * accessing the rootDSE or so), use the frontendDB + * rules; might need work */ + op->o_bd = frontendDB; } - if ( !dryrun && be ) { + if ( !dryrun ) { ID id; + if ( be == NULL ) { + fprintf( stderr, "%s: no target database " + "has been found for baseDN=\"%s\"; " + "you may try with \"-u\" (dry run).\n", + baseDN.bv_val, progname ); + rc = 1; + goto destroy; + } + if ( !be->be_entry_open || !be->be_entry_close || !be->be_dn2id_get || - !be->be_entry_get ) + !be->be_id2entry_get ) { fprintf( stderr, "%s: target database " "doesn't support necessary operations; " @@ -209,6 +254,8 @@ slapacl( int argc, char **argv ) goto destroy; } + doclose = 1; + id = be->be_dn2id_get( be, &e.e_nname ); if ( id == NOID ) { fprintf( stderr, "%s: unable to fetch ID of DN \"%s\"\n", @@ -312,13 +359,25 @@ slapacl( int argc, char **argv ) } destroy:; - ber_memfree( e.e_name.bv_val ); - ber_memfree( e.e_nname.bv_val ); + if ( !BER_BVISNULL( &e.e_name ) ) { + ber_memfree( e.e_name.bv_val ); + } + if ( !BER_BVISNULL( &e.e_nname ) ) { + ber_memfree( e.e_nname.bv_val ); + } if ( !dryrun && be ) { if ( ep != &e ) { be_entry_release_r( op, ep ); } - be->be_entry_close( be ); + if ( doclose ) { + be->be_entry_close( be ); + } + + LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) { + if ( bd != be ) { + backend_shutdown( bd ); + } + } } slap_tool_destroy();