static void print_access(Access *b);
#endif
-#ifdef LDAP_DEVEL
-static int
-check_scope( BackendDB *be, AccessControl *a );
-#endif /* LDAP_DEVEL */
+static int check_scope( BackendDB *be, AccessControl *a );
#ifdef SLAP_DYNACL
static int
regfree(&re);
}
-#ifdef LDAP_DEVEL
/*
* Experimental
*
return ACL_SCOPE_UNKNOWN;
}
-#endif /* LDAP_DEVEL */
void
parse_acl(
const char *fname,
int lineno,
int argc,
- char **argv
-)
+ char **argv )
{
int i;
char *left, *right, *style, *next;
}
if ( be != NULL ) {
-#ifdef LDAP_DEVEL
if ( !BER_BVISNULL( &be->be_nsuffix[ 1 ] ) ) {
fprintf( stderr, "%s: line %d: warning: "
"scope checking only applies to single-valued "
default:
break;
}
-#endif /* LDAP_DEVEL */
acl_append( &be->be_acl, a );
} else {
if ( ACL_LVL_IS_NONE(mask) ) {
ptr = lutil_strcopy( ptr, "none" );
+ } else if ( ACL_LVL_IS_DISCLOSE(mask) ) {
+ ptr = lutil_strcopy( ptr, "disclose" );
+
} else if ( ACL_LVL_IS_AUTH(mask) ) {
ptr = lutil_strcopy( ptr, "auth" );
} else if ( ACL_LVL_IS_WRITE(mask) ) {
ptr = lutil_strcopy( ptr, "write" );
+
+ } else if ( ACL_LVL_IS_MANAGE(mask) ) {
+ ptr = lutil_strcopy( ptr, "manage" );
+
} else {
ptr = lutil_strcopy( ptr, "unknown" );
}
*ptr++ = '=';
}
+ if ( ACL_PRIV_ISSET(mask, ACL_PRIV_MANAGE) ) {
+ none = 0;
+ *ptr++ = 'm';
+ }
+
if ( ACL_PRIV_ISSET(mask, ACL_PRIV_WRITE) ) {
none = 0;
*ptr++ = 'w';
*ptr++ = 'x';
}
+ if ( ACL_PRIV_ISSET(mask, ACL_PRIV_DISCLOSE) ) {
+ none = 0;
+ *ptr++ = 'd';
+ }
+
if ( none && ACL_PRIV_ISSET(mask, ACL_PRIV_NONE) ) {
none = 0;
*ptr++ = 'n';
}
for( i=1; str[i] != '\0'; i++ ) {
- if( TOLOWER((unsigned char) str[i]) == 'w' ) {
+ if( TOLOWER((unsigned char) str[i]) == 'm' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_MANAGE);
+
+ } else if( TOLOWER((unsigned char) str[i]) == 'w' ) {
ACL_PRIV_SET(mask, ACL_PRIV_WRITE);
} else if( TOLOWER((unsigned char) str[i]) == 'r' ) {
} else if( TOLOWER((unsigned char) str[i]) == 'x' ) {
ACL_PRIV_SET(mask, ACL_PRIV_AUTH);
+ } else if( TOLOWER((unsigned char) str[i]) == 'd' ) {
+ ACL_PRIV_SET(mask, ACL_PRIV_DISCLOSE);
+
} else if( str[i] != '0' ) {
ACL_INVALIDATE(mask);
return mask;
if ( strcasecmp( str, "none" ) == 0 ) {
ACL_LVL_ASSIGN_NONE(mask);
+ } else if ( strcasecmp( str, "disclose" ) == 0 ) {
+ ACL_LVL_ASSIGN_DISCLOSE(mask);
+
} else if ( strcasecmp( str, "auth" ) == 0 ) {
ACL_LVL_ASSIGN_AUTH(mask);
} else if ( strcasecmp( str, "write" ) == 0 ) {
ACL_LVL_ASSIGN_WRITE(mask);
+ } else if ( strcasecmp( str, "manage" ) == 0 ) {
+ ACL_LVL_ASSIGN_MANAGE(mask);
+
} else {
ACL_INVALIDATE( mask );
}
"<peernamestyle> ::= exact | regex | ip | path\n"
"<domainstyle> ::= exact | regex | base(Object) | sub(tree)\n"
"<access> ::= [self]{<level>|<priv>}\n"
- "<level> ::= none | auth | compare | search | read | write\n"
- "<priv> ::= {=|+|-}{w|r|s|c|x|0}+\n"
+ "<level> ::= none|disclose|auth|compare|search|read|write|manage\n"
+ "<priv> ::= {=|+|-}{0|d|x|c|s|r|w|m}+\n"
"<control> ::= [ stop | continue | break ]\n"
);
exit( EXIT_FAILURE );
if ( access == ACL_NONE ) {
return "none";
+ } else if ( access == ACL_DISCLOSE ) {
+ return "disclose";
+
} else if ( access == ACL_AUTH ) {
return "auth";
} else if ( access == ACL_WRITE ) {
return "write";
+
+ } else if ( access == ACL_MANAGE ) {
+ return "manage";
+
}
return "unknown";
if ( strcasecmp( str, "none" ) == 0 ) {
return ACL_NONE;
+ } else if ( strcasecmp( str, "disclose" ) == 0 ) {
+ return ACL_DISCLOSE;
+
} else if ( strcasecmp( str, "auth" ) == 0 ) {
return ACL_AUTH;
} else if ( strcasecmp( str, "write" ) == 0 ) {
return ACL_WRITE;
+
+ } else if ( strcasecmp( str, "manage" ) == 0 ) {
+ return ACL_MANAGE;
}
return( ACL_INVALID_ACCESS );
typedef enum slap_access_e {
ACL_INVALID_ACCESS = -1,
ACL_NONE = 0,
+ ACL_DISCLOSE,
ACL_AUTH,
ACL_COMPARE,
ACL_SEARCH,
ACL_READ,
- ACL_WRITE
+ ACL_WRITE,
+ ACL_MANAGE
} slap_access_t;
typedef enum slap_control_e {
#define ACL_ACCESS2PRIV(access) (0x01U << (access))
#define ACL_PRIV_NONE ACL_ACCESS2PRIV( ACL_NONE )
+#define ACL_PRIV_DISCLOSE ACL_ACCESS2PRIV( ACL_DISCLOSE )
#define ACL_PRIV_AUTH ACL_ACCESS2PRIV( ACL_AUTH )
#define ACL_PRIV_COMPARE ACL_ACCESS2PRIV( ACL_COMPARE )
#define ACL_PRIV_SEARCH ACL_ACCESS2PRIV( ACL_SEARCH )
#define ACL_PRIV_READ ACL_ACCESS2PRIV( ACL_READ )
#define ACL_PRIV_WRITE ACL_ACCESS2PRIV( ACL_WRITE )
+#define ACL_PRIV_MANAGE ACL_ACCESS2PRIV( ACL_MANAGE )
#define ACL_PRIV_MASK 0x00ffUL
#define ACL_IS_SUBTRACTIVE(m) ACL_PRIV_ISSET((m),ACL_PRIV_SUBSTRACTIVE)
#define ACL_LVL_NONE (ACL_PRIV_NONE|ACL_PRIV_LEVEL)
-#define ACL_LVL_AUTH (ACL_PRIV_AUTH|ACL_LVL_NONE)
+#define ACL_LVL_DISCLOSE (ACL_PRIV_DISCLOSE|ACL_LVL_NONE)
+#define ACL_LVL_AUTH (ACL_PRIV_AUTH|ACL_LVL_DISCLOSE)
#define ACL_LVL_COMPARE (ACL_PRIV_COMPARE|ACL_LVL_AUTH)
#define ACL_LVL_SEARCH (ACL_PRIV_SEARCH|ACL_LVL_COMPARE)
#define ACL_LVL_READ (ACL_PRIV_READ|ACL_LVL_SEARCH)
#define ACL_LVL_WRITE (ACL_PRIV_WRITE|ACL_LVL_READ)
+#define ACL_LVL_MANAGE (ACL_PRIV_MANAGE|ACL_LVL_WRITE)
#define ACL_LVL(m,l) (((m)&ACL_PRIV_MASK) == ((l)&ACL_PRIV_MASK))
#define ACL_LVL_IS_NONE(m) ACL_LVL((m),ACL_LVL_NONE)
+#define ACL_LVL_IS_DISCLOSE(m) ACL_LVL((m),ACL_LVL_DISCLOSE)
#define ACL_LVL_IS_AUTH(m) ACL_LVL((m),ACL_LVL_AUTH)
#define ACL_LVL_IS_COMPARE(m) ACL_LVL((m),ACL_LVL_COMPARE)
#define ACL_LVL_IS_SEARCH(m) ACL_LVL((m),ACL_LVL_SEARCH)
#define ACL_LVL_IS_READ(m) ACL_LVL((m),ACL_LVL_READ)
#define ACL_LVL_IS_WRITE(m) ACL_LVL((m),ACL_LVL_WRITE)
+#define ACL_LVL_IS_MANAGE(m) ACL_LVL((m),ACL_LVL_MANAGE)
#define ACL_LVL_ASSIGN_NONE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_NONE)
+#define ACL_LVL_ASSIGN_DISCLOSE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_DISCLOSE)
#define ACL_LVL_ASSIGN_AUTH(m) ACL_PRIV_ASSIGN((m),ACL_LVL_AUTH)
#define ACL_LVL_ASSIGN_COMPARE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_COMPARE)
#define ACL_LVL_ASSIGN_SEARCH(m) ACL_PRIV_ASSIGN((m),ACL_LVL_SEARCH)
#define ACL_LVL_ASSIGN_READ(m) ACL_PRIV_ASSIGN((m),ACL_LVL_READ)
#define ACL_LVL_ASSIGN_WRITE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_WRITE)
+#define ACL_LVL_ASSIGN_MANAGE(m) ACL_PRIV_ASSIGN((m),ACL_LVL_MANAGE)
slap_mask_t a_access_mask;