Commit 437bd421 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

test "entry" as default attribute

parent afffdeec
......@@ -10,7 +10,7 @@ slapacl \- Check access to a list of attributes.
.B [\-f slapd.conf]
.B [\-D authcDN | \-U authcID]
.B \-b DN
.B attr[/level][:value] [...]
.B [attr[/access][:value]] [...]
.LP
.SH DESCRIPTION
.LP
......@@ -26,7 +26,9 @@ and
.B defaultaccess
directives, and then parses the
.B attr
list given on the command-line.
list given on the command-line; if none is given, access to the
.B entry
pseudo-attribute is tested.
.LP
.SH OPTIONS
.TP
......
......@@ -42,6 +42,7 @@ slapacl( int argc, char **argv )
Connection conn;
Operation op;
Entry e = { 0 };
char *attr = NULL;
slap_tool_init( progname, SLAPACL, argc, argv );
......@@ -54,7 +55,8 @@ slapacl( int argc, char **argv )
connection_fake_init( &conn, &op, &conn );
if ( !BER_BVISNULL( &authcID ) ) {
rc = slap_sasl_getdn( &conn, &op, &authcID, NULL, &authcDN, SLAP_GETDN_AUTHCID );
rc = slap_sasl_getdn( &conn, &op, &authcID, NULL,
&authcDN, SLAP_GETDN_AUTHCID );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
authcID.bv_val, rc,
......@@ -99,6 +101,11 @@ slapacl( int argc, char **argv )
op.o_ndn = authcDN;
}
if ( argc == 0 ) {
argc = 1;
attr = slap_schema.si_ad_entry->ad_cname.bv_val;
}
for ( ; argc--; argv++ ) {
slap_mask_t mask;
AttributeDescription *desc = NULL;
......@@ -109,21 +116,25 @@ slapacl( int argc, char **argv )
char *accessstr;
slap_access_t access = ACL_AUTH;
val.bv_val = strchr( argv[0], ':' );
if ( attr == NULL ) {
attr = argv[ 0 ];
}
val.bv_val = strchr( attr, ':' );
if ( val.bv_val != NULL ) {
val.bv_val[0] = '\0';
val.bv_val++;
val.bv_len = strlen( val.bv_val );
}
accessstr = strchr( argv[0], '/' );
accessstr = strchr( attr, '/' );
if ( accessstr != NULL ) {
accessstr[0] = '\0';
accessstr++;
access = str2access( accessstr );
if ( access == ACL_INVALID_ACCESS ) {
fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n",
accessstr, argv[0] );
accessstr, attr );
if ( continuemode ) {
continue;
}
......@@ -131,10 +142,10 @@ slapacl( int argc, char **argv )
}
}
rc = slap_str2ad( argv[0], &desc, &text );
rc = slap_str2ad( attr, &desc, &text );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "slap_str2ad(%s) failed %d (%s)\n",
argv[0], rc, ldap_err2string( rc ) );
attr, rc, ldap_err2string( rc ) );
if ( continuemode ) {
continue;
}
......@@ -160,6 +171,7 @@ slapacl( int argc, char **argv )
accessmask2str( mask, accessmaskbuf ) );
}
rc = 0;
attr = NULL;
}
destroy:;
......
......@@ -77,7 +77,7 @@ usage( int tool, const char *progname )
case SLAPACL:
options = "\t[-U authcID | -D authcDN]"
" -b DN attr[/level][:value] [...]\n";
" -b DN [attr[/access][:value]] [...]\n";
break;
}
......@@ -306,9 +306,6 @@ slap_tool_init(
break;
case SLAPACL:
if ( argc == optind ) {
usage( tool, progname );
}
if ( !BER_BVISNULL( &authcDN ) && !BER_BVISNULL( &authcID ) ) {
usage( tool, progname );
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment