test "entry" as default attribute

diff --git a/doc/man/man8/slapacl.8 b/doc/man/man8/slapacl.8
index 4db613a2dd75aa3dfff25fbc00c3072c1d4f17bd..c3ec91b36926f2185c093a9dc335d03aa33ff66b 100644 (file)
--- a/doc/man/man8/slapacl.8
+++ b/doc/man/man8/slapacl.8
@@ -10,7 +10,7 @@ slapacl \- Check access to a list of attributes.
 .B [\-f slapd.conf]
 .B [\-D authcDN | \-U authcID]
 .B \-b DN
-.B attr[/level][:value] [...]
+.B [attr[/access][:value]] [...]
 .LP
 .SH DESCRIPTION
 .LP
@@ -26,7 +26,9 @@ and
 .B defaultaccess
 directives, and then parses the 
 .B attr
-list given on the command-line.
+list given on the command-line; if none is given, access to the
+.B entry
+pseudo-attribute is tested.
 .LP
 .SH OPTIONS
 .TP

diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c
index 5fdeae7e3125c8859de5c3236a92853657563ac3..391bb624445670b698093e2156942aa4ae86eef7 100644 (file)
--- a/servers/slapd/slapacl.c
+++ b/servers/slapd/slapacl.c
@@ -42,6 +42,7 @@ slapacl( int argc, char **argv )
        Connection              conn;
        Operation               op;
        Entry                   e = { 0 };
+       char                    *attr = NULL;
 
        slap_tool_init( progname, SLAPACL, argc, argv );
 
@@ -54,7 +55,8 @@ slapacl( int argc, char **argv )
        connection_fake_init( &conn, &op, &conn );
 
        if ( !BER_BVISNULL( &authcID ) ) {
-               rc = slap_sasl_getdn( &conn, &op, &authcID, NULL, &authcDN, SLAP_GETDN_AUTHCID );
+               rc = slap_sasl_getdn( &conn, &op, &authcID, NULL,
+                               &authcDN, SLAP_GETDN_AUTHCID );
                if ( rc != LDAP_SUCCESS ) {
                        fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
                                        authcID.bv_val, rc,
@@ -99,6 +101,11 @@ slapacl( int argc, char **argv )
                op.o_ndn = authcDN;
        }
 
+       if ( argc == 0 ) {
+               argc = 1;
+               attr = slap_schema.si_ad_entry->ad_cname.bv_val;
+       }
+
        for ( ; argc--; argv++ ) {
                slap_mask_t             mask;
                AttributeDescription    *desc = NULL;
@@ -109,21 +116,25 @@ slapacl( int argc, char **argv )
                char                    *accessstr;
                slap_access_t           access = ACL_AUTH;
 
-               val.bv_val = strchr( argv[0], ':' );
+               if ( attr == NULL ) {
+                       attr = argv[ 0 ];
+               }
+
+               val.bv_val = strchr( attr, ':' );
                if ( val.bv_val != NULL ) {
                        val.bv_val[0] = '\0';
                        val.bv_val++;
                        val.bv_len = strlen( val.bv_val );
                }
 
-               accessstr = strchr( argv[0], '/' );
+               accessstr = strchr( attr, '/' );
                if ( accessstr != NULL ) {
                        accessstr[0] = '\0';
                        accessstr++;
                        access = str2access( accessstr );
                        if ( access == ACL_INVALID_ACCESS ) {
                                fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n",
-                                               accessstr, argv[0] );
+                                               accessstr, attr );
                                if ( continuemode ) {
                                        continue;
                                }
@@ -131,10 +142,10 @@ slapacl( int argc, char **argv )
                        }
                }
 
-               rc = slap_str2ad( argv[0], &desc, &text );
+               rc = slap_str2ad( attr, &desc, &text );
                if ( rc != LDAP_SUCCESS ) {
                        fprintf( stderr, "slap_str2ad(%s) failed %d (%s)\n",
-                                       argv[0], rc, ldap_err2string( rc ) );
+                                       attr, rc, ldap_err2string( rc ) );
                        if ( continuemode ) {
                                continue;
                        }
@@ -160,6 +171,7 @@ slapacl( int argc, char **argv )
                                        accessmask2str( mask, accessmaskbuf ) );
                }
                rc = 0;
+               attr = NULL;
        }
 
 destroy:;

diff --git a/servers/slapd/slapcommon.c b/servers/slapd/slapcommon.c
index 6da5f8091508a705413c4b303c45cd819cc349ff..9add7e67cd00cd2927a81c081ac45d203a1fc2ec 100644 (file)
--- a/servers/slapd/slapcommon.c
+++ b/servers/slapd/slapcommon.c
@@ -77,7 +77,7 @@ usage( int tool, const char *progname )
 
        case SLAPACL:
                options = "\t[-U authcID | -D authcDN]"
-                       " -b DN attr[/level][:value] [...]\n";
+                       " -b DN [attr[/access][:value]] [...]\n";
                break;
        }
 
@@ -306,9 +306,6 @@ slap_tool_init(
                break;
 
        case SLAPACL:
-               if ( argc == optind ) {
-                       usage( tool, progname );
-               }
                if ( !BER_BVISNULL( &authcDN ) && !BER_BVISNULL( &authcID ) ) {
                        usage( tool, progname );
                }