From 437bd421bb99d20878d6147cb8bd749269f75b1c Mon Sep 17 00:00:00 2001 From: Pierangelo Masarati Date: Wed, 17 Nov 2004 13:43:04 +0000 Subject: [PATCH] test "entry" as default attribute --- doc/man/man8/slapacl.8 | 6 ++++-- servers/slapd/slapacl.c | 24 ++++++++++++++++++------ servers/slapd/slapcommon.c | 5 +---- 3 files changed, 23 insertions(+), 12 deletions(-) diff --git a/doc/man/man8/slapacl.8 b/doc/man/man8/slapacl.8 index 4db613a2dd..c3ec91b369 100644 --- a/doc/man/man8/slapacl.8 +++ b/doc/man/man8/slapacl.8 @@ -10,7 +10,7 @@ slapacl \- Check access to a list of attributes. .B [\-f slapd.conf] .B [\-D authcDN | \-U authcID] .B \-b DN -.B attr[/level][:value] [...] +.B [attr[/access][:value]] [...] .LP .SH DESCRIPTION .LP @@ -26,7 +26,9 @@ and .B defaultaccess directives, and then parses the .B attr -list given on the command-line. +list given on the command-line; if none is given, access to the +.B entry +pseudo-attribute is tested. .LP .SH OPTIONS .TP diff --git a/servers/slapd/slapacl.c b/servers/slapd/slapacl.c index 5fdeae7e31..391bb62444 100644 --- a/servers/slapd/slapacl.c +++ b/servers/slapd/slapacl.c @@ -42,6 +42,7 @@ slapacl( int argc, char **argv ) Connection conn; Operation op; Entry e = { 0 }; + char *attr = NULL; slap_tool_init( progname, SLAPACL, argc, argv ); @@ -54,7 +55,8 @@ slapacl( int argc, char **argv ) connection_fake_init( &conn, &op, &conn ); if ( !BER_BVISNULL( &authcID ) ) { - rc = slap_sasl_getdn( &conn, &op, &authcID, NULL, &authcDN, SLAP_GETDN_AUTHCID ); + rc = slap_sasl_getdn( &conn, &op, &authcID, NULL, + &authcDN, SLAP_GETDN_AUTHCID ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "ID: <%s> check failed %d (%s)\n", authcID.bv_val, rc, @@ -99,6 +101,11 @@ slapacl( int argc, char **argv ) op.o_ndn = authcDN; } + if ( argc == 0 ) { + argc = 1; + attr = slap_schema.si_ad_entry->ad_cname.bv_val; + } + for ( ; argc--; argv++ ) { slap_mask_t mask; AttributeDescription *desc = NULL; @@ -109,21 +116,25 @@ slapacl( int argc, char **argv ) char *accessstr; slap_access_t access = ACL_AUTH; - val.bv_val = strchr( argv[0], ':' ); + if ( attr == NULL ) { + attr = argv[ 0 ]; + } + + val.bv_val = strchr( attr, ':' ); if ( val.bv_val != NULL ) { val.bv_val[0] = '\0'; val.bv_val++; val.bv_len = strlen( val.bv_val ); } - accessstr = strchr( argv[0], '/' ); + accessstr = strchr( attr, '/' ); if ( accessstr != NULL ) { accessstr[0] = '\0'; accessstr++; access = str2access( accessstr ); if ( access == ACL_INVALID_ACCESS ) { fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n", - accessstr, argv[0] ); + accessstr, attr ); if ( continuemode ) { continue; } @@ -131,10 +142,10 @@ slapacl( int argc, char **argv ) } } - rc = slap_str2ad( argv[0], &desc, &text ); + rc = slap_str2ad( attr, &desc, &text ); if ( rc != LDAP_SUCCESS ) { fprintf( stderr, "slap_str2ad(%s) failed %d (%s)\n", - argv[0], rc, ldap_err2string( rc ) ); + attr, rc, ldap_err2string( rc ) ); if ( continuemode ) { continue; } @@ -160,6 +171,7 @@ slapacl( int argc, char **argv ) accessmask2str( mask, accessmaskbuf ) ); } rc = 0; + attr = NULL; } destroy:; diff --git a/servers/slapd/slapcommon.c b/servers/slapd/slapcommon.c index 6da5f80915..9add7e67cd 100644 --- a/servers/slapd/slapcommon.c +++ b/servers/slapd/slapcommon.c @@ -77,7 +77,7 @@ usage( int tool, const char *progname ) case SLAPACL: options = "\t[-U authcID | -D authcDN]" - " -b DN attr[/level][:value] [...]\n"; + " -b DN [attr[/access][:value]] [...]\n"; break; } @@ -306,9 +306,6 @@ slap_tool_init( break; case SLAPACL: - if ( argc == optind ) { - usage( tool, progname ); - } if ( !BER_BVISNULL( &authcDN ) && !BER_BVISNULL( &authcID ) ) { usage( tool, progname ); } -- 2.39.5