int nmatches, regmatch_t *matches );
static slap_control_t acl_mask(
- AccessControl *ac, slap_access_mask_t *mask,
+ AccessControl *ac, slap_mask_t *mask,
Backend *be, Connection *conn, Operation *op,
Entry *e,
AttributeDescription *desc,
#ifdef LDAP_DEBUG
char accessmaskbuf[ACCESSMASK_MAXLEN];
#endif
- slap_access_mask_t mask;
+ slap_mask_t mask;
slap_control_t control;
const char *attr = desc ? desc->ad_cname->bv_val : NULL;
static slap_control_t
acl_mask(
AccessControl *a,
- slap_access_mask_t *mask,
+ slap_mask_t *mask,
Backend *be,
Connection *conn,
Operation *op,
accessmask2str( *mask, accessmaskbuf ) );
for ( i = 1, b = a->acl_access; b != NULL; b = b->a_next, i++ ) {
- slap_access_mask_t oldmask, modmask;
+ slap_mask_t oldmask, modmask;
ACL_INVALIDATE( modmask );
/* this case works different from the others above.
* since aci's themselves give permissions, we need
- * to first check b->a_mask, the ACL's access level.
+ * to first check b->a_access_mask, the ACL's access level.
*/
if( op->o_ndn == NULL || op->o_ndn[0] == '\0' ) {
/* first check if the right being requested
* is allowed by the ACL clause.
*/
- if ( ! ACL_GRANT( b->a_mask, *mask ) ) {
+ if ( ! ACL_GRANT( b->a_access_mask, *mask ) ) {
continue;
}
}
/* remove anything that the ACL clause does not allow */
- tgrant &= b->a_mask & ACL_PRIV_MASK;
+ tgrant &= b->a_access_mask & ACL_PRIV_MASK;
tdeny &= ACL_PRIV_MASK;
/* see if we have anything to contribute */
} else
#endif
{
- modmask = b->a_mask;
+ modmask = b->a_access_mask;
}
b = (Access *) ch_calloc( 1, sizeof(Access) );
- ACL_INVALIDATE( b->a_mask );
+ ACL_INVALIDATE( b->a_access_mask );
if ( ++i == argc ) {
fprintf( stderr,
if( i == argc || ( strcasecmp( left, "stop" ) == 0 )) {
/* out of arguments or plain stop */
- ACL_PRIV_ASSIGN(b->a_mask, ACL_PRIV_ADDITIVE);
+ ACL_PRIV_ASSIGN(b->a_access_mask, ACL_PRIV_ADDITIVE);
b->a_type = ACL_STOP;
access_append( &a->acl_access, b );
if( strcasecmp( left, "continue" ) == 0 ) {
/* plain continue */
- ACL_PRIV_ASSIGN(b->a_mask, ACL_PRIV_ADDITIVE);
+ ACL_PRIV_ASSIGN(b->a_access_mask, ACL_PRIV_ADDITIVE);
b->a_type = ACL_CONTINUE;
access_append( &a->acl_access, b );
if( strcasecmp( left, "break" ) == 0 ) {
/* plain continue */
- ACL_PRIV_ASSIGN(b->a_mask, ACL_PRIV_ADDITIVE);
+ ACL_PRIV_ASSIGN(b->a_access_mask, ACL_PRIV_ADDITIVE);
b->a_type = ACL_BREAK;
access_append( &a->acl_access, b );
if ( strcasecmp( left, "by" ) == 0 ) {
/* we've gone too far */
--i;
- ACL_PRIV_ASSIGN(b->a_mask, ACL_PRIV_ADDITIVE);
+ ACL_PRIV_ASSIGN(b->a_access_mask, ACL_PRIV_ADDITIVE);
b->a_type = ACL_STOP;
access_append( &a->acl_access, b );
/* get <access> */
if( strncasecmp( left, "self", 4 ) == 0 ) {
b->a_dn_self = 1;
- ACL_PRIV_ASSIGN( b->a_mask, str2accessmask( &left[4] ) );
+ ACL_PRIV_ASSIGN( b->a_access_mask, str2accessmask( &left[4] ) );
} else {
- ACL_PRIV_ASSIGN( b->a_mask, str2accessmask( left ) );
+ ACL_PRIV_ASSIGN( b->a_access_mask, str2accessmask( left ) );
}
- if( ACL_IS_INVALID( b->a_mask ) ) {
+ if( ACL_IS_INVALID( b->a_access_mask ) ) {
fprintf( stderr,
"%s: line %d: expecting <access> got \"%s\"\n",
fname, lineno, left );
}
char *
-accessmask2str( slap_access_mask_t mask, char *buf )
+accessmask2str( slap_mask_t mask, char *buf )
{
int none=1;
return buf;
}
-slap_access_mask_t
+slap_mask_t
str2accessmask( const char *str )
{
- slap_access_mask_t mask;
+ slap_mask_t mask;
if( !ASCII_ALPHA(str[0]) ) {
int i;
fprintf( stderr, " %s%s",
b->a_dn_self ? "self" : "",
- accessmask2str( b->a_mask, maskbuf ) );
+ accessmask2str( b->a_access_mask, maskbuf ) );
if( b->a_type == ACL_BREAK ) {
fprintf( stderr, " break" );
if ( method == LDAP_AUTH_SASL ) {
char *edn;
- unsigned long ssf = 0;
+ slap_ssf_t ssf = 0;
if ( version < LDAP_VERSION3 ) {
Debug( LDAP_DEBUG_ANY, "do_bind: sasl with LDAPv%ld\n",
const char* peername,
const char* sockname,
int use_tls,
- unsigned ssf,
+ slap_ssf_t ssf,
char *authid )
{
unsigned long id;
} else if ( rc == 0 ) {
void *ssl;
- unsigned ssf;
+ slap_ssf_t ssf;
char *authid;
c->c_needs_tls_accept = 0;
/* we need to let SASL know */
ssl = (void *)ldap_pvt_tls_sb_handle( c->c_sb );
- ssf = (unsigned)ldap_pvt_tls_get_strength( ssl );
+ ssf = (slap_ssf_t) ldap_pvt_tls_get_strength( ssl );
authid = (char *)ldap_pvt_tls_get_peer( ssl );
slap_sasl_external( c, ssf, authid );
}
ber_int_t s;
socklen_t len = sizeof(from);
long id;
- unsigned ssf = 0;
+ slap_ssf_t ssf = 0;
char *authid = NULL;
char *dnsname;
LDAP_SLAPD_F (slap_access_t) str2access LDAP_P(( const char *str ));
#define ACCESSMASK_MAXLEN sizeof("unknown (+wrscan)")
-LDAP_SLAPD_F (char *) accessmask2str LDAP_P(( slap_access_mask_t mask, char* ));
-LDAP_SLAPD_F (slap_access_mask_t) str2accessmask LDAP_P(( const char *str ));
+LDAP_SLAPD_F (char *) accessmask2str LDAP_P(( slap_mask_t mask, char* ));
+LDAP_SLAPD_F (slap_mask_t) str2accessmask LDAP_P(( const char *str ));
/*
* at.c
const char* peername,
const char* sockname,
int use_tls,
- unsigned ssf,
+ slap_ssf_t ssf,
char *id ));
LDAP_SLAPD_F (void) connection_closing LDAP_P(( Connection *c ));
LDAP_SLAPD_F (char **) slap_sasl_mechs( Connection *c );
LDAP_SLAPD_F (int) slap_sasl_external( Connection *c,
- unsigned ssf, /* relative strength of external security */
+ slap_ssf_t ssf, /* relative strength of external security */
char *authid ); /* asserted authenication id */
LDAP_SLAPD_F (int) slap_sasl_reset( Connection *c );
Connection *conn, Operation *op,
const char *dn, const char *ndn,
const char *mech, struct berval *cred,
- char **edn, unsigned long *ssf ));
+ char **edn, slap_ssf_t *ssf ));
/* oc.c */
LDAP_SLAPD_F (int) oc_schema_info( Entry *e );
int slap_sasl_external(
Connection *conn,
- unsigned ssf,
+ slap_ssf_t ssf,
char *auth_id )
{
#ifdef HAVE_CYRUS_SASL
return LDAP_UNAVAILABLE;
}
- memset( &extprops, 0L, sizeof(extprops) );
+ memset( &extprops, '\0', sizeof(extprops) );
extprops.ssf = ssf;
extprops.auth_id = auth_id;
const char *mech,
struct berval *cred,
char **edn,
- unsigned long *ssfp )
+ slap_ssf_t *ssfp )
{
int rc = 1;
LDAP_SLAPD_F (int) slap_debug;
+typedef unsigned slap_ssf_t;
+typedef unsigned long slap_mask_t;
+
+
/*
* Index types
*/
#define SLAP_INDEX_LANG 0x4000UL /* use index with lang subtypes */
#define SLAP_INDEX_AUTO_LANG 0x8000UL /* use mask with lang subtypes */
-typedef unsigned long slap_mask_t;
-
/*
* there is a single index for each attribute. these prefixes ensure
* that there is no collision among keys.
ACL_STYLE_EXACT = ACL_STYLE_BASE
} slap_style_t;
-typedef unsigned long slap_access_mask_t;
/* the "by" part */
typedef struct slap_access {
#define ACL_LVL_ASSIGN_READ(m) ACL_PRIV_ASSIGN((m),ACL_LVL_READ)
#define ACL_LVL_ASSIGN_WRITE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_WRITE)
- slap_access_mask_t a_mask;
+ slap_mask_t a_access_mask;
slap_style_t a_dn_style;
char *a_dn_pat;
projects / openldap / commitdiff