Additional changes to improve logic and logging. Still buggy.

author Kurt Zeilenga <kurt@openldap.org>

Thu, 21 Oct 1999 20:29:52 +0000 (20:29 +0000)

committer Kurt Zeilenga <kurt@openldap.org>

Thu, 21 Oct 1999 20:29:52 +0000 (20:29 +0000)
author Kurt Zeilenga <kurt@openldap.org>
Thu, 21 Oct 1999 20:29:52 +0000 (20:29 +0000)
committer Kurt Zeilenga <kurt@openldap.org>
Thu, 21 Oct 1999 20:29:52 +0000 (20:29 +0000)
diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c

index 904fcb6a9cb9c0d4b10f996a05a5f8eec06a2faa..fcd202b1506d2213c4b91d2779a2742960c5c5c3 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -168,9 +168,10 @@ access_allowed(
         }
  
         Debug( LDAP_DEBUG_ACL,
-               "=> access_allowed: %s access %s to \"%s\"\n",
+               "=> access_allowed: %s access %s by %s\n",
                 access2str( access ),
-               ACL_GRANT(mask, access) ? "granted" : "denied", op->o_dn );
+               ACL_GRANT(mask, access) ? "granted" : "denied",
+               accessmask2str( mask ) );
  
         return ACL_GRANT(mask, access);
  }
@@ -222,7 +223,7 @@ acl_get(
                                 continue;
  
                         } else {
-                               Debug( LDAP_DEBUG_ACL, "=> acl_get: ACL [%d] matched\n",
+                               Debug( LDAP_DEBUG_ACL, "=> acl_get: [%d] matched\n",
                                         *count, 0, 0);
                         }
                 }
@@ -281,12 +282,12 @@ acl_mask(
         assert( mask != NULL );
  
         Debug( LDAP_DEBUG_ACL,
-               "=> acl_mask: access to entry \"%s\", attr \"%s\"\n requested\n",
+               "=> acl_mask: access to entry \"%s\", attr \"%s\" requested\n",
                 e->e_dn, attr, 0 );
  
         Debug( LDAP_DEBUG_ACL,
                 "=> acl_mask: to value \"%s\" by \"%s\", (%s) \n",
-               val ? val->bv_val : "any",
+               val ? val->bv_val : "*",
                 op->o_ndn ?  op->o_ndn : "",
                 accessmask2str( *mask ) );
  
@@ -480,28 +481,39 @@ acl_mask(
  
  
                 Debug( LDAP_DEBUG_ACL,
-                       "<= acl_mask: matched clause #%d\n",
-                       i, 0, 0 );
-
+                       "<= acl_mask: [%d] applying %s (%s)\n",
+                       i, accessmask2str( modmask ), 
+                       b->a_type == ACL_CONTINUE
+                               ? "continue"
+                               : b->a_type == ACL_BREAK
+                                       ? "break"
+                                       : "stop" );
+
+               /* save old mask */
                 oldmask = *mask;
  
                 if( ACL_IS_ADDITIVE(modmask) ) {
-                       ACL_PRIV_CLR( *mask, ACL_PRIV_LEVEL );
+                       /* add privs */
                         ACL_PRIV_SET( *mask, modmask );
-               
+
+                       /* cleanup */
+                       ACL_PRIV_CLR( *mask, ~ACL_PRIV_MASK );
+
                 } else if( ACL_IS_SUBTRACTIVE(modmask) ) {
-                       ACL_PRIV_CLR( *mask, ACL_PRIV_LEVEL );
+                       /* substract privs */
                         ACL_PRIV_CLR( *mask, modmask );
  
+                       /* cleanup */
+                       ACL_PRIV_CLR( *mask, ~ACL_PRIV_MASK );
+
                 } else {
-                       ACL_PRIV_ASSIGN( *mask, modmask );
+                       /* assign privs */
+                       *mask = modmask;
                 }
  
                 Debug( LDAP_DEBUG_ACL,
-                       "<= acl_mask: old (%s) mod (%s) new (%s)\n",
-                       accessmask2str(oldmask),
-                       accessmask2str(modmask),
-                       accessmask2str(*mask) );
+                       "<= acl_mask: [%d] old: %s new: %s\n",
+                       i, accessmask2str(oldmask), accessmask2str(*mask));
  
                 if( b->a_type == ACL_CONTINUE ) {
                         continue;
@@ -510,10 +522,13 @@ acl_mask(
                         return ACL_BREAK;
  
                 } else {
-                       break;
+                       return ACL_STOP;
                 }
         }
  
+       Debug( LDAP_DEBUG_ACL,
+               "<= acl_mask: no more <who> clauses, returning %s (stop)\n",
+               accessmask2str(*mask), 0, 0 );
         return ACL_STOP;
  }
  
diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c

index 813c5d88ad7fd3fc191c244dec414398d0e4a259..afc120b680210685844affb62205960d67cee8f1 100644 (file)
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -471,7 +471,7 @@ parse_acl(
  char *
  accessmask2str( slap_access_mask_t mask )
  {
-       static char     buf[sizeof("unknown (+wrsca0)")]; 
+       static char     buf[sizeof("unknown (+wrscan)")]; 
         int none=1;
  
         if ( ACL_IS_INVALID( mask ) ) {
author	Kurt Zeilenga <kurt@openldap.org>
	Thu, 21 Oct 1999 20:29:52 +0000 (20:29 +0000)
committer	Kurt Zeilenga <kurt@openldap.org>
	Thu, 21 Oct 1999 20:29:52 +0000 (20:29 +0000)
servers/slapd/acl.c		patch \| blob \| history
servers/slapd/aclparse.c		patch \| blob \| history