}
#ifdef LDAP_DEVEL
-
/*
* Experimental
*
int patlen;
struct berval dn;
- dn = be->be_nsuffix[ 0 ];
+ dn = be->be_nsuffix[0];
if ( a->acl_dn_pat.bv_len || a->acl_dn_style != ACL_STYLE_REGEX ) {
slap_style_t style = a->acl_dn_style;
if ( style == ACL_STYLE_REGEX ) {
- char dnbuf[ SLAP_LDAPDN_MAXLEN + 2 ];
- char rebuf[ SLAP_LDAPDN_MAXLEN + 1 ];
+ char dnbuf[SLAP_LDAPDN_MAXLEN + 2];
+ char rebuf[SLAP_LDAPDN_MAXLEN + 1];
regex_t re;
int rc;
/* add trailing '$' */
- AC_MEMCPY( dnbuf, be->be_nsuffix[ 0 ].bv_val,
- be->be_nsuffix[ 0 ].bv_len );
- dnbuf[ be->be_nsuffix[ 0 ].bv_len ] = '$';
- dnbuf[ be->be_nsuffix[ 0 ].bv_len + 1 ] = '\0';
+ AC_MEMCPY( dnbuf, be->be_nsuffix[0].bv_val,
+ be->be_nsuffix[0].bv_len );
+ dnbuf[be->be_nsuffix[0].bv_len] = '$';
+ dnbuf[be->be_nsuffix[0].bv_len + 1] = '\0';
if ( regcomp( &re, dnbuf, REG_EXTENDED|REG_ICASE ) ) {
return ACL_SCOPE_WARN;
/* remove trailing '$' */
AC_MEMCPY( rebuf, a->acl_dn_pat.bv_val,
- a->acl_dn_pat.bv_len + 1 );
- if ( a->acl_dn_pat.bv_val[ a->acl_dn_pat.bv_len - 1 ] == '$' ) {
- rebuf[ a->acl_dn_pat.bv_len - 1 ] = '\0';
+ a->acl_dn_pat.bv_len + 1 );
+ if ( a->acl_dn_pat.bv_val[a->acl_dn_pat.bv_len - 1] == '$' ) {
+ rebuf[a->acl_dn_pat.bv_len - 1] = '\0';
}
/* not a clear indication of scoping error, though */
? ACL_SCOPE_WARN : ACL_SCOPE_OK;
regfree( &re );
-
return rc;
}
* match */
if ( dn.bv_len > patlen ) {
/* base is blatantly wrong */
- if ( style == ACL_STYLE_BASE ) {
- return ACL_SCOPE_ERR;
- }
+ if ( style == ACL_STYLE_BASE ) return ACL_SCOPE_ERR;
/* one can be wrong if there is more
* than one level between the suffix
int rdnlen = -1, sep = 0;
if ( patlen > 0 ) {
- if ( !DN_SEPARATOR( dn.bv_val[ dn.bv_len - patlen - 1 ] ) )
+ if ( !DN_SEPARATOR( dn.bv_val[dn.bv_len - patlen - 1] )) {
return ACL_SCOPE_ERR;
+ }
sep = 1;
}
/* if the trailing part doesn't match,
* then it's an error */
- if ( strcmp( a->acl_dn_pat.bv_val, &dn.bv_val[ dn.bv_len - patlen ] ) != 0 ) {
+ if ( strcmp( a->acl_dn_pat.bv_val,
+ &dn.bv_val[dn.bv_len - patlen] ) != 0 )
+ {
return ACL_SCOPE_ERR;
}
break;
}
- if ( dn.bv_len < patlen && !DN_SEPARATOR( a->acl_dn_pat.bv_val[ patlen -dn.bv_len - 1 ] ) ) {
+ if ( dn.bv_len < patlen &&
+ !DN_SEPARATOR( a->acl_dn_pat.bv_val[patlen -dn.bv_len - 1] )) {
return ACL_SCOPE_ERR;
}
- if ( strcmp( &a->acl_dn_pat.bv_val[ patlen - dn.bv_len ], dn.bv_val ) != 0 ) {
+ if ( strcmp( &a->acl_dn_pat.bv_val[patlen - dn.bv_len], dn.bv_val )
+ != 0 )
+ {
return ACL_SCOPE_ERR;
}
}
if ( style == NULL || *style == '\0' ||
- ( strcasecmp( style, "base" ) == 0 ) ||
- ( strcasecmp( style, "exact" ) == 0 ))
+ strcasecmp( style, "baseObject" ) == 0 ||
+ strcasecmp( style, "base" ) == 0 ||
+ strcasecmp( style, "exact" ) == 0 )
{
a->acl_dn_style = ACL_STYLE_BASE;
ber_str2bv( right, 0, 1, &a->acl_dn_pat );
- } else if ( strcasecmp( style, "onelevel" ) == 0
- || strcasecmp( style, "one" ) == 0 ) {
+ } else if ( strcasecmp( style, "oneLevel" ) == 0 ||
+ strcasecmp( style, "one" ) == 0 )
+ {
a->acl_dn_style = ACL_STYLE_ONE;
ber_str2bv( right, 0, 1, &a->acl_dn_pat );
- } else if ( strcasecmp( style, "subtree" ) == 0
- || strcasecmp( style, "sub" ) == 0 )
+ } else if ( strcasecmp( style, "subtree" ) == 0 ||
+ strcasecmp( style, "sub" ) == 0 )
{
if( *right == '\0' ) {
a->acl_dn_pat.bv_val = ch_strdup( "*" );
}
a->acl_attrval_style = ACL_STYLE_REGEX;
} else {
- /* FIXME: if the attribute has DN syntax,
- * we might allow one, subtree and children styles as well */
+ /* FIXME: if the attribute has DN syntax, we might
+ * allow one, subtree and children styles as well */
if ( !strcasecmp( style, "exact" ) ) {
a->acl_attrval_style = ACL_STYLE_BASE;
- } else if ( a->acl_attrs[0].an_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) {
- if ( !strcasecmp( style, "base" ) ) {
+ } else if ( a->acl_attrs[0].an_desc->ad_type->
+ sat_syntax == slap_schema.si_syn_distinguishedName )
+ {
+ if ( !strcasecmp( style, "baseObject" ) ||
+ !strcasecmp( style, "base" ) )
+ {
a->acl_attrval_style = ACL_STYLE_BASE;
- } else if ( !strcasecmp( style, "onelevel" ) || !strcasecmp( style, "one" ) ) {
+ } else if ( !strcasecmp( style, "onelevel" ) ||
+ !strcasecmp( style, "one" ) )
+ {
a->acl_attrval_style = ACL_STYLE_ONE;
- } else if ( !strcasecmp( style, "subtree" ) || !strcasecmp( style, "sub" ) ) {
+ } else if ( !strcasecmp( style, "subtree" ) ||
+ !strcasecmp( style, "sub" ) )
+ {
a->acl_attrval_style = ACL_STYLE_SUBTREE;
} else if ( !strcasecmp( style, "children" ) ) {
a->acl_attrval_style = ACL_STYLE_CHILDREN;
} else {
fprintf( stderr,
"%s: line %d: unknown val.<style> \"%s\" "
- "for attributeType \"%s\" with DN syntax; using \"base\"\n",
+ "for attributeType \"%s\" with DN syntax; "
+ "using \"base\"\n",
fname, lineno, style,
a->acl_attrs[0].an_desc->ad_cname.bv_val );
a->acl_attrval_style = ACL_STYLE_BASE;
if ( style == NULL || *style == '\0' ||
strcasecmp( style, "exact" ) == 0 ||
+ strcasecmp( style, "baseObject" ) == 0 ||
strcasecmp( style, "base" ) == 0 )
{
sty = ACL_STYLE_BASE;
} else if ( strcasecmp( style, "onelevel" ) == 0 ||
- strcasecmp( style, "one" ) == 0 ) {
+ strcasecmp( style, "one" ) == 0 )
+ {
sty = ACL_STYLE_ONE;
} else if ( strcasecmp( style, "subtree" ) == 0 ||
}
if ( strcasecmp( left, "dnattr" ) == 0 ) {
- if ( right == NULL || right[ 0 ] == '\0' ) {
- fprintf( stderr,
- "%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n",
+ if ( right == NULL || right[0] == '\0' ) {
+ fprintf( stderr, "%s: line %d: "
+ "missing \"=\" in (or value after) \"%s\" "
+ "in by clause\n",
fname, lineno, left );
acl_usage();
}
acl_usage();
}
- if ( right == NULL || right[ 0 ] == '\0' ) {
+ if ( right == NULL || right[0] == '\0' ) {
fprintf( stderr, "%s: line %d: "
"missing \"=\" in (or value after) \"%s\" "
"in by clause\n",
acl_usage();
}
- if ( right == NULL || right[ 0 ] == '\0' ) {
+ if ( right == NULL || right[0] == '\0' ) {
fprintf( stderr, "%s: line %d: "
"missing \"=\" in (or value after) \"%s\" "
"in by clause\n",
b->a_peername_mask = (unsigned long)(-1);
if ( mask != NULL ) {
b->a_peername_mask = inet_addr( mask );
- if ( b->a_peername_mask == (unsigned long)(-1)) {
+ if ( b->a_peername_mask ==
+ (unsigned long)(-1))
+ {
/* illegal mask */
fprintf( stderr, "%s: line %d: "
- "illegal peername address mask \"%s\".\n",
+ "illegal peername address mask "
+ "\"%s\".\n",
fname, lineno, mask );
acl_usage();
}
char *end = NULL;
b->a_peername_port = strtol( port, &end, 10 );
- if ( end[ 0 ] != '}' ) {
+ if ( end[0] != '}' ) {
/* illegal port */
fprintf( stderr, "%s: line %d: "
- "illegal peername port specification \"{%s}\".\n",
+ "illegal peername port specification "
+ "\"{%s}\".\n",
fname, lineno, port );
acl_usage();
}
acl_usage();
}
- if ( right == NULL || right[ 0 ] == '\0' ) {
+ if ( right == NULL || right[0] == '\0' ) {
fprintf( stderr, "%s: line %d: "
"missing \"=\" in (or value after) \"%s\" "
"in by clause\n",
default:
/* unknown */
- fprintf( stderr,
- "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fprintf( stderr, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause\n",
fname, lineno, style );
acl_usage();
}
- if ( right == NULL || right[ 0 ] == '\0' ) {
- fprintf( stderr,
- "%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n",
+ if ( right == NULL || right[0] == '\0' ) {
+ fprintf( stderr, "%s: line %d: "
+ "missing \"=\" in (or value after) \"%s\" "
+ "in by clause\n",
fname, lineno, left );
acl_usage();
}
acl_usage();
}
- if ( right == NULL || right[ 0 ] == '\0' ) {
- fprintf( stderr,
- "%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n",
+ if ( right == NULL || right[0] == '\0' ) {
+ fprintf( stderr, "%s: line %d: "
+ "missing \"=\" in (or value after) \"%s\" "
+ "in by clause\n",
fname, lineno, left );
acl_usage();
}
if ( strcasecmp( left, "set" ) == 0 ) {
if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
- fprintf( stderr,
- "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fprintf( stderr, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause\n",
fname, lineno, style );
acl_usage();
}
#ifdef SLAPD_ACI_ENABLED
if ( strcasecmp( left, "aci" ) == 0 ) {
if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
- fprintf( stderr,
- "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fprintf( stderr, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause\n",
fname, lineno, style );
acl_usage();
}
if( !is_at_syntax( b->a_aci_at->ad_type,
SLAPD_ACI_SYNTAX) )
{
- fprintf( stderr,
- "%s: line %d: aci \"%s\": inappropriate syntax: %s\n",
+ fprintf( stderr, "%s: line %d: "
+ "aci \"%s\": inappropriate syntax: %s\n",
fname, lineno, right,
b->a_aci_at->ad_type->sat_syntax_oid );
acl_usage();
if ( strcasecmp( left, "ssf" ) == 0 ) {
if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
- fprintf( stderr,
- "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fprintf( stderr, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause\n",
fname, lineno, style );
acl_usage();
}
if ( strcasecmp( left, "transport_ssf" ) == 0 ) {
if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
- fprintf( stderr,
- "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fprintf( stderr, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause\n",
fname, lineno, style );
acl_usage();
}
if( b->a_authz.sai_transport_ssf ) {
- fprintf( stderr,
- "%s: line %d: transport_ssf attribute already specified.\n",
+ fprintf( stderr, "%s: line %d: "
+ "transport_ssf attribute already specified.\n",
fname, lineno );
acl_usage();
}
b->a_authz.sai_transport_ssf = strtol( right, &next, 10 );
if ( next == NULL || next[0] != '\0' ) {
- fprintf( stderr,
- "%s: line %d: unable to parse transport_ssf value (%s)\n",
+ fprintf( stderr, "%s: line %d: "
+ "unable to parse transport_ssf value (%s)\n",
fname, lineno, right );
acl_usage();
}
if ( strcasecmp( left, "tls_ssf" ) == 0 ) {
if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
- fprintf( stderr,
- "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fprintf( stderr, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause\n",
fname, lineno, style );
acl_usage();
}
if( b->a_authz.sai_tls_ssf ) {
- fprintf( stderr,
- "%s: line %d: tls_ssf attribute already specified.\n",
+ fprintf( stderr, "%s: line %d: "
+ "tls_ssf attribute already specified.\n",
fname, lineno );
acl_usage();
}
b->a_authz.sai_tls_ssf = strtol( right, &next, 10 );
if ( next == NULL || next[0] != '\0' ) {
- fprintf( stderr,
- "%s: line %d: unable to parse tls_ssf value (%s)\n",
+ fprintf( stderr, "%s: line %d: "
+ "unable to parse tls_ssf value (%s)\n",
fname, lineno, right );
acl_usage();
}
if ( strcasecmp( left, "sasl_ssf" ) == 0 ) {
if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
- fprintf( stderr,
- "%s: line %d: inappropriate style \"%s\" in by clause\n",
+ fprintf( stderr, "%s: line %d: "
+ "inappropriate style \"%s\" in by clause\n",
fname, lineno, style );
acl_usage();
}
if( b->a_authz.sai_sasl_ssf ) {
- fprintf( stderr,
- "%s: line %d: sasl_ssf attribute already specified.\n",
+ fprintf( stderr, "%s: line %d: "
+ "sasl_ssf attribute already specified.\n",
fname, lineno );
acl_usage();
}
b->a_authz.sai_sasl_ssf = strtol( right, &next, 10 );
if ( next == NULL || next[0] != '\0' ) {
- fprintf( stderr,
- "%s: line %d: unable to parse sasl_ssf value (%s)\n",
+ fprintf( stderr, "%s: line %d: "
+ "unable to parse sasl_ssf value (%s)\n",
fname, lineno, right );
acl_usage();
}
/* if we have no real access clause, complain and do nothing */
if ( a == NULL ) {
- fprintf( stderr,
- "%s: line %d: warning: no access clause(s) specified in access line\n",
- fname, lineno );
+ fprintf( stderr, "%s: line %d: "
+ "warning: no access clause(s) specified in access line\n",
+ fname, lineno );
} else {
#ifdef LDAP_DEBUG
- if (ldap_debug & LDAP_DEBUG_ACL)
- print_acl(be, a);
+ if (ldap_debug & LDAP_DEBUG_ACL) print_acl(be, a);
#endif
if ( a->acl_access == NULL ) {
- fprintf( stderr,
- "%s: line %d: warning: no by clause(s) specified in access line\n",
+ fprintf( stderr, "%s: line %d: "
+ "warning: no by clause(s) specified in access line\n",
fname, lineno );
}
switch ( check_scope( be, a ) ) {
case ACL_SCOPE_UNKNOWN:
fprintf( stderr, "%s: line %d: warning: "
- "cannot assess the validity "
- "of the ACL scope within "
- "backend naming context\n",
- fname, lineno );
+ "cannot assess the validity of the ACL scope within "
+ "backend naming context\n",
+ fname, lineno );
break;
case ACL_SCOPE_WARN:
fprintf( stderr, "%s: line %d: warning: "
- "ACL could be out of "
- "scope within "
- "backend naming context\n",
- fname, lineno );
+ "ACL could be out of scope within backend naming context\n",
+ fname, lineno );
break;
case ACL_SCOPE_PARTIAL:
fprintf( stderr, "%s: line %d: warning: "
- "ACL appears to be partially "
- "out of scope within "
- "backend naming context\n",
- fname, lineno );
+ "ACL appears to be partially out of scope within "
+ "backend naming context\n",
+ fname, lineno );
break;
case ACL_SCOPE_ERR:
fprintf( stderr, "%s: line %d: warning: "
- "ACL appears to be out of "
- "scope within "
- "backend naming context\n",
- fname, lineno );
+ "ACL appears to be out of scope within "
+ "backend naming context\n",
+ fname, lineno );
break;
default:
"\t[aci=<attrname>]\n"
#endif
"\t[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]\n"
- "<dnstyle> ::= base | exact | one(level) | sub(tree) | children | regex\n"
- "<style> ::= regex | base | exact\n"
- "<peernamestyle> ::= regex | exact | ip | path\n"
- "<domainstyle> ::= regex | base | exact | sub(tree)\n"
+ "<dnstyle> ::= base(Object) | one(level) | sub(tree) | children | "
+ "exact | regex\n"
+ "<style> ::= exact | regex | base(Object)\n"
+ "<peernamestyle> ::= exact | regex | ip | path\n"
+ "<domainstyle> ::= exact | regex | base(Object) | sub(tree)\n"
"<access> ::= [self]{<level>|<priv>}\n"
"<level> ::= none | auth | compare | search | read | write\n"
"<priv> ::= {=|+|-}{w|r|s|c|x|0}+\n"
static void
acl_regex_normalized_dn(
const char *src,
- struct berval *pattern
-)
+ struct berval *pattern )
{
char *str, *p;
ber_len_t len;
str = ch_strdup( src );
len = strlen( src );
- for ( p = str; p && p[ 0 ]; p++ ) {
+ for ( p = str; p && p[0]; p++ ) {
/* escape */
- if ( p[ 0 ] == '\\' && p[ 1 ] ) {
+ if ( p[0] == '\\' && p[1] ) {
/*
* if escaping a hex pair we should
* increment p twice; however, in that
p++;
}
- if ( p[ 0 ] == ',' ) {
- if ( p[ 1 ] == ' ' ) {
- char *q;
+ if ( p[0] == ',' && p[1] == ' ' ) {
+ char *q;
- /*
- * too much space should be
- * an error if we are pedantic
- */
- for ( q = &p[ 2 ]; q[ 0 ] == ' '; q++ ) {
- /* DO NOTHING */ ;
- }
- AC_MEMCPY( p+1, q, len-(q-str)+1);
+ /*
+ * too much space should be an error if we are pedantic
+ */
+ for ( q = &p[2]; q[0] == ' '; q++ ) {
+ /* DO NOTHING */ ;
}
+ AC_MEMCPY( p+1, q, len-(q-str)+1);
}
}
pattern->bv_val = str;
char *line,
int splitchar,
char **left,
- char **right
-)
+ char **right )
{
*left = line;
if ( (*right = strchr( line, splitchar )) != NULL ) {
static void
access_append( Access **l, Access *a )
{
- for ( ; *l != NULL; l = &(*l)->a_next )
- ; /* NULL */
+ for ( ; *l != NULL; l = &(*l)->a_next ) {
+ ; /* Empty */
+ }
*l = a;
}
void
acl_append( AccessControl **l, AccessControl *a )
{
- for ( ; *l != NULL; l = &(*l)->acl_next )
- ; /* NULL */
+ for ( ; *l != NULL; l = &(*l)->acl_next ) {
+ ; /* Empty */
+ }
*l = a;
}
static void
access_free( Access *a )
{
- if ( a->a_dn_pat.bv_val )
- free ( a->a_dn_pat.bv_val );
- if ( a->a_peername_pat.bv_val )
- free ( a->a_peername_pat.bv_val );
- if ( a->a_sockname_pat.bv_val )
- free ( a->a_sockname_pat.bv_val );
- if ( a->a_domain_pat.bv_val )
- free ( a->a_domain_pat.bv_val );
- if ( a->a_sockurl_pat.bv_val )
- free ( a->a_sockurl_pat.bv_val );
- if ( a->a_set_pat.bv_len )
- free ( a->a_set_pat.bv_val );
- if ( a->a_group_pat.bv_len )
- free ( a->a_group_pat.bv_val );
+ if ( a->a_dn_pat.bv_val ) free ( a->a_dn_pat.bv_val );
+ if ( a->a_peername_pat.bv_val ) free ( a->a_peername_pat.bv_val );
+ if ( a->a_sockname_pat.bv_val ) free ( a->a_sockname_pat.bv_val );
+ if ( a->a_domain_pat.bv_val ) free ( a->a_domain_pat.bv_val );
+ if ( a->a_sockurl_pat.bv_val ) free ( a->a_sockurl_pat.bv_val );
+ if ( a->a_set_pat.bv_len ) free ( a->a_set_pat.bv_val );
+ if ( a->a_group_pat.bv_len ) free ( a->a_group_pat.bv_val );
free( a );
}
Access *n;
AttributeName *an;
- if ( a->acl_filter )
- filter_free( a->acl_filter );
- if ( a->acl_dn_pat.bv_len )
- free ( a->acl_dn_pat.bv_val );
+ if ( a->acl_filter ) filter_free( a->acl_filter );
+ if ( a->acl_dn_pat.bv_len ) free ( a->acl_dn_pat.bv_val );
if ( a->acl_attrs ) {
for ( an = a->acl_attrs; an->an_name.bv_val; an++ ) {
free( an->an_name.bv_val );
fprintf( stderr, "\tby" );
if ( b->a_dn_pat.bv_len != 0 ) {
- if( strcmp(b->a_dn_pat.bv_val, "*") == 0
- || strcmp(b->a_dn_pat.bv_val, "users") == 0
- || strcmp(b->a_dn_pat.bv_val, "anonymous") == 0
- || strcmp(b->a_dn_pat.bv_val, "self") == 0 )
+ if( strcmp(b->a_dn_pat.bv_val, "*") == 0 ||
+ strcmp(b->a_dn_pat.bv_val, "users") == 0 ||
+ strcmp(b->a_dn_pat.bv_val, "anonymous") == 0 ||
+ strcmp(b->a_dn_pat.bv_val, "self") == 0 )
{
fprintf( stderr, " %s", b->a_dn_pat.bv_val );
fprintf( stderr, " attrs=" );
for ( an = a->acl_attrs; an && an->an_name.bv_val; an++ ) {
- if ( ! first ) {
- fprintf( stderr, "," );
- }
+ if ( ! first ) fprintf( stderr, "," );
if (an->an_oc) {
fputc( an->an_oc_exclude ? '!' : '@', stderr);
}
}
- if( !to ) {
- fprintf( stderr, " *\n" );
- }
+ if( !to ) fprintf( stderr, " *\n" );
for ( b = a->acl_access; b != NULL; b = b->a_next ) {
print_access( b );
fprintf( stderr, "\n" );
}
-
#endif /* LDAP_DEBUG */
projects / openldap / commitdiff