X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fslapacl.c;h=f8573b5ed5ea7369cadada8abe35d4f924a9f006;hb=e48f72c1b5a7ce571c7ced749aed473d20b32526;hp=7d967db27a4566f0a3816663489a82ce9805c213;hpb=da69eca7143234c82a0803f1bbc30edebd8003db;p=openldap diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c index 7d967db27a..f8573b5ed5 100644 --- a/servers/slapd/slapacl.c +++ b/servers/slapd/slapacl.c @@ -1,6 +1,6 @@ /* This work is part of OpenLDAP Software . * - * Copyright 2004-2005 The OpenLDAP Foundation. + * Copyright 2004-2007 The OpenLDAP Foundation. * Portions Copyright 2004 Pierangelo Masarati. * All rights reserved. * @@ -45,7 +45,6 @@ print_access( int rc; slap_mask_t mask; char accessmaskbuf[ACCESSMASK_MAXLEN]; - slap_access_t access = ACL_AUTH; rc = access_allowed_mask( op, e, desc, nval, ACL_AUTH, NULL, &mask ); @@ -53,7 +52,8 @@ print_access( desc->ad_cname.bv_val, ( val && !BER_BVISNULL( val ) ) ? "=" : "", ( val && !BER_BVISNULL( val ) ) ? - ( desc == slap_schema.si_ad_userPassword ? "****" : val->bv_val ) : "", + ( desc == slap_schema.si_ad_userPassword ? + "****" : val->bv_val ) : "", accessmask2str( mask, accessmaskbuf, 1 ) ); return rc; @@ -66,18 +66,36 @@ slapacl( int argc, char **argv ) const char *progname = "slapacl"; Connection conn = { 0 }; Listener listener; - char opbuf[OPERATION_BUFFER_SIZE]; - Operation *op; + OperationBuffer opbuf; + Operation *op = NULL; Entry e = { 0 }, *ep = &e; char *attr = NULL; int doclose = 0; + BackendDB *bd; slap_tool_init( progname, SLAPACL, argc, argv ); + if ( !dryrun ) { + int i = 0; + + LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) { + if ( bd != be && backend_startup( bd ) ) { + fprintf( stderr, "backend_startup(#%d%s%s) failed\n", + i, + bd->be_suffix ? ": " : "", + bd->be_suffix ? bd->be_suffix[0].bv_val : "" ); + rc = 1; + goto destroy; + } + + i++; + } + } + argv = &argv[ optind ]; argc -= optind; - op = (Operation *)opbuf; + op = (Operation *) &opbuf; connection_fake_init( &conn, op, &conn ); conn.c_listener = &listener; @@ -198,13 +216,29 @@ slapacl( int argc, char **argv ) } op->o_bd = be; - if ( !dryrun && be ) { + if ( op->o_bd == NULL ) { + /* NOTE: if no database could be found (e.g. because + * accessing the rootDSE or so), use the frontendDB + * rules; might need work */ + op->o_bd = frontendDB; + } + + if ( !dryrun ) { ID id; + if ( be == NULL ) { + fprintf( stderr, "%s: no target database " + "has been found for baseDN=\"%s\"; " + "you may try with \"-u\" (dry run).\n", + baseDN.bv_val, progname ); + rc = 1; + goto destroy; + } + if ( !be->be_entry_open || !be->be_entry_close || !be->be_dn2id_get || - !be->be_entry_get ) + !be->be_id2entry_get ) { fprintf( stderr, "%s: target database " "doesn't support necessary operations; " @@ -280,12 +314,29 @@ slapacl( int argc, char **argv ) accessstr = strchr( attr, '/' ); if ( accessstr != NULL ) { + int invalid = 0; + accessstr[0] = '\0'; accessstr++; access = str2access( accessstr ); - if ( access == ACL_INVALID_ACCESS ) { + switch ( access ) { + case ACL_INVALID_ACCESS: fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n", accessstr, attr ); + invalid = 1; + break; + + case ACL_NONE: + fprintf( stderr, "\"none\" not allowed for attribute \"%s\"\n", + attr ); + invalid = 1; + break; + + default: + break; + } + + if ( invalid ) { if ( continuemode ) { continue; } @@ -339,6 +390,12 @@ destroy:; if ( doclose ) { be->be_entry_close( be ); } + + LDAP_STAILQ_FOREACH( bd, &backendDB, be_next ) { + if ( bd != be ) { + backend_shutdown( bd ); + } + } } slap_tool_destroy();