From 3350957674b6173217371f6ae289f29a7158b5c7 Mon Sep 17 00:00:00 2001
From: Kurt Zeilenga <kurt@openldap.org>
Date: Sun, 28 May 2000 22:17:34 +0000
Subject: [PATCH] SLAPD_SCHEMA_NOT_COMPAT: ACI cleanup

---
 servers/slapd/acl.c      |  4 ++--
 servers/slapd/aclparse.c | 41 ++++++++++++++++++++--------------------
 servers/slapd/slap.h     | 13 +++++++++----
 3 files changed, 32 insertions(+), 26 deletions(-)

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index d693500da1..628adee7b8 100644
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -1179,11 +1179,11 @@ aci_mask(
 #endif
 
 	} else if (aci_strbvcmp( "group", &bv ) == 0) {
-		if (aci_group_member(&sdn, "groupOfNames", "member", be, e, op, matches))
+		if (aci_group_member(&sdn, SLAPD_GROUP_CLASS, SLAPD_GROUP_ATTR, be, e, op, matches))
 			return(1);
 
 	} else if (aci_strbvcmp( "role", &bv ) == 0) {
-		if (aci_group_member(&sdn, "organizationalRole", "roleOccupant", be, e, op, matches))
+		if (aci_group_member(&sdn, SLAPD_ROLE_CLASS, SLAPD_ROLE_ATTR, be, e, op, matches))
 			return(1);
 	}
 
diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index c46979fb55..23faa9f3f6 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -336,7 +336,7 @@ parse_acl(
 
 
 					if( !is_at_syntax( b->a_dn_at->ad_type,
-						SLAPD_OID_DN_SYNTAX ) )
+						SLAPD_DN_SYNTAX ) )
 					{
 						fprintf( stderr,
 							"%s: line %d: dnattr \"%s\": "
@@ -393,17 +393,17 @@ parse_acl(
 						}
 					} else {
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
-						b->a_group_oc = oc_find("groupOfNames");
+						b->a_group_oc = oc_find(SLAPD_GROUP_CLASS);
 
 						if( b->a_group_oc == NULL ) {
 							fprintf( stderr,
 								"%s: line %d: group default objectclass "
 								"\"%s\" unknown\n",
-								fname, lineno, "groupOfNames" );
+								fname, lineno, SLAPD_GROUP_CLASS );
 							acl_usage();
 						}
 #else
-						b->a_group_oc = ch_strdup("groupOfNames");
+						b->a_group_oc = ch_strdup(SLAPD_GROUP_CLASS);
 #endif
 					}
 
@@ -447,22 +447,22 @@ parse_acl(
 						*--name = '/';
 					} else {
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
-						rc = slap_str2ad( "member", &b->a_group_at, &text );
+						rc = slap_str2ad( SLAPD_GROUP_ATTR, &b->a_group_at, &text );
 
 						if( rc != LDAP_SUCCESS ) {
 							fprintf( stderr,
 								"%s: line %d: group \"%s\": %s\n",
-								fname, lineno, "member", text );
+								fname, lineno, SLAPD_GROUP_ATTR, text );
 							acl_usage();
 						}
 #else
-						b->a_group_at = ch_strdup( "member" );
+						b->a_group_at = ch_strdup( SLAPD_GROUP_ATTR );
 #endif
 					}
 
 #ifdef SLAPD_SCHEMA_NOT_COMPAT
 					if( !is_at_syntax( b->a_group_at->ad_type,
-						SLAPD_OID_DN_SYNTAX ) )
+						SLAPD_DN_SYNTAX ) )
 					{
 						fprintf( stderr,
 							"%s: line %d: group \"%s\": inappropriate syntax: %s\n",
@@ -570,23 +570,24 @@ parse_acl(
 							acl_usage();
 						}
 
-						if( b->a_aci_at->ad_type->sat_syntax
-							!= ad_aci->ad_type->sat_syntax )
-						{
+					} else {
+						rc = slap_str2ad( SLAPD_ACI_ATTR, &b->a_aci_at, &text );
+
+						if( rc != LDAP_SUCCESS ) {
 							fprintf( stderr,
-								"%s: line %d: aci \"%s\": inappropriate syntax: %s\n",
-								fname, lineno, right,
-								b->a_aci_at->ad_type->sat_syntax_oid );
+								"%s: line %d: aci \"%s\": %s\n",
+								fname, lineno, SLAPD_ACI_ATTR, text );
 							acl_usage();
 						}
-					} else {
-						b->a_aci_at = ad_dup( ad_aci );
 					}
 
-					if( b->a_aci_at == NULL ) {
+					if( !is_at_syntax( b->a_aci_at->ad_type,
+						SLAPD_ACI_SYNTAX) )
+					{
 						fprintf( stderr,
-							"%s: line %d: aci attribute type undefined.\n",
-							fname, lineno );
+							"%s: line %d: aci \"%s\": inappropriate syntax: %s\n",
+							fname, lineno, right,
+							b->a_aci_at->ad_type->sat_syntax_oid );
 						acl_usage();
 					}
 
@@ -594,7 +595,7 @@ parse_acl(
 					if ( right != NULL && *right != '\0' ) {
 						b->a_aci_at = ch_strdup( right );
 					} else {
-						b->a_aci_at = ch_strdup( SLAPD_ACI_DEFAULT_ATTR );
+						b->a_aci_at = ch_strdup( SLAPD_ACI_ATTR );
 					}
 #endif
 					continue;
diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 0d259ffbf3..6fe90a994c 100644
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -93,10 +93,15 @@ LDAP_BEGIN_DECL
 #define AD_LEADCHAR(c)	( ATTR_CHAR(c) )
 #define AD_CHAR(c)		( ATTR_CHAR(c) || (c) == ';' )
 
-/* must match syntaxes in schema_init.c */
-#define SLAPD_OID_ACI_SYNTAX "1.3.6.1.4.1.4203.666.2.1"
-#define SLAPD_OID_DN_SYNTAX "1.3.6.1.4.1.1466.115.121.1.12"
-#define SLAPD_ACI_DEFAULT_ATTR		"aci"
+/* must match in schema_init.c */
+#define SLAPD_DN_SYNTAX			"1.3.6.1.4.1.1466.115.121.1.12"
+#define SLAPD_GROUP_ATTR		"member"
+#define SLAPD_GROUP_CLASS		"groupOfNames"
+#define SLAPD_ROLE_ATTR			"roleOccupant"
+#define SLAPD_ROLE_CLASS		"organizationalRole"
+
+#define SLAPD_ACI_SYNTAX		"1.3.6.1.4.1.4203.666.2.1"
+#define SLAPD_ACI_ATTR			"aci"
 
 LIBSLAPD_F (int) slap_debug;
 
-- 
2.39.5