Commit 4d9941b0 authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Working ACLs!

parent 59a66633
......@@ -6,11 +6,41 @@
#
# add any platform-specific overrides below here
#
EXTRACFLAGS=-O -g
LDBMBACKEND=-DLDBM_USE_DBBTREE
LDBMINCLUDE=-I/usr/include
EDITOR=/usr/bin/vi
FINGER=/usr/bin/finger
SENDMAIL=/usr/sbin/sendmail
LDAP_RUNDIR=/var/run
MANCOMPRESS=gzip
MANCOMPRESSSUFFIX=.gz
#
# LDAP has a problem with the idea of implicit vs. explicit yields
# in call conversion threading packages, like the MIT pthreads
# package. Rather than resolve this globally, I have marked the
# threading as "preeemptive", even though it is technically not.
#
# This means that the implicit-yield threading is topologically
# equivalent to preemptive threading.
#
THREADS= -DPOSIX_THREADS -D_THREAD_SAFE -DPTHREAD_PREEMPTIVE
# use special gcc flag to include libc_r.a
THREADSLIB= -pthread
#THREADSLIB= -lc_r
# crypt(3) is in a separate library
LDAP_CRYPT_LIB= -lcrypt
#
# -------------------------------------------------------------------------
# you will probably not need to edit anything below this point
# -------------------------------------------------------------------------
CC = gcc
PLATFORMCFLAGS= -Dfreebsd
......@@ -17,13 +17,13 @@ LDAPSRC = ../..
SRCS = bind.c open.c result.c error.c compare.c search.c \
modify.c add.c modrdn.c delete.c abandon.c ufn.c cache.c \
getfilter.c regex.c sbind.c kbind.c unbind.c friendly.c cldap.c \
getfilter.c sbind.c kbind.c unbind.c friendly.c cldap.c \
free.c disptmpl.c srchpref.c dsparse.c tmplout.c sort.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c getdxbyname.c os-ip.c url.c charset.c
OBJS = bind.o open.o result.o error.o compare.o search.o \
modify.o add.o modrdn.o delete.o abandon.o ufn.o cache.o \
getfilter.o regex.o sbind.o kbind.o unbind.o friendly.o cldap.o \
getfilter.o sbind.o kbind.o unbind.o friendly.o cldap.o \
free.o disptmpl.o srchpref.o dsparse.o tmplout.o sort.o \
getdn.o getentry.o getattr.o getvalues.o addentry.o \
request.o getdxbyname.o os-ip.o url.o charset.o
......@@ -31,8 +31,7 @@ OBJS = bind.o open.o result.o error.o compare.o search.o \
HDIR = ../../include
INCLUDES= -I$(HDIR) $(KRBINCLUDEFLAG)
DEFINES = $(DEFS) -DFILTERFILE="\"$(RUNTIMEETCDIR)/ldapfilter.conf\"" \
-DTEMPLATEFILE="\"$(RUNTIMEETCDIR)/ldaptemplates.conf\""
DEFINES = $(DEFS)
CFLAGS = $(INCLUDES) $(DEFINES) $(ACFLAGS)
LIBS = -L. -L../liblber -lldap -llber $(KRBLIBFLAG) $(KRBLIBS) $(ALIBS)
......@@ -62,20 +61,20 @@ version.c: $(OBJS)
< Version.c > $@)
install: libldap.a ldapfilter.conf ldapfriendly ldaptemplates.conf ldapsearchprefs.conf FORCE
-$(MKDIR) -p $(LIBDIR)
$(INSTALL) $(INSTALLFLAGS) -m 644 libldap.a $(LIBDIR)
-$(MKDIR) -p $(LDAP_LIBDIR) $(LDAP_ETCDIR)
$(INSTALL) $(INSTALLFLAGS) -m 644 libldap.a $(LDAP_LIBDIR)
@if [ ! -z "$(RANLIB)" ]; then \
(cd /tmp; $(RANLIB) $(LIBDIR)/libldap.a) \
(cd /tmp; $(RANLIB) $(LDAP_LIBDIR)/libldap.a) \
fi
-$(MKDIR) -p $(ETCDIR)
-$(MV) $(ETCDIR)/ldapfriendly $(ETCDIR)/ldapfriendly-
$(INSTALL) $(INSTALLFLAGS) -m 644 ldapfriendly $(ETCDIR)
-$(MV) $(ETCDIR)/ldapfilter.conf $(ETCDIR)/ldapfilter.conf-
$(INSTALL) $(INSTALLFLAGS) -m 644 ldapfilter.conf $(ETCDIR)
-$(MV) $(ETCDIR)/ldaptemplates.conf $(ETCDIR)/ldaptemplates.conf-
$(INSTALL) $(INSTALLFLAGS) -m 644 ldaptemplates.conf $(ETCDIR)
-$(MV) $(ETCDIR)/ldapsearchprefs.conf $(ETCDIR)/ldapsearchprefs.conf-
$(INSTALL) $(INSTALLFLAGS) -m 644 ldapsearchprefs.conf $(ETCDIR)
-$(MKDIR) -p $(LDAP_ETCDIR)
-$(MV) $(LDAP_ETCDIR)/ldapfriendly $(LDAP_ETCDIR)/ldapfriendly-
$(INSTALL) $(INSTALLFLAGS) -m 644 ldapfriendly $(LDAP_ETCDIR)
-$(MV) $(LDAP_ETCDIR)/ldapfilter.conf $(LDAP_ETCDIR)/ldapfilter.conf-
$(INSTALL) $(INSTALLFLAGS) -m 644 ldapfilter.conf $(LDAP_ETCDIR)
-$(MV) $(LDAP_ETCDIR)/ldaptemplates.conf $(LDAP_ETCDIR)/ldaptemplates.conf-
$(INSTALL) $(INSTALLFLAGS) -m 644 ldaptemplates.conf $(LDAP_ETCDIR)
-$(MV) $(LDAP_ETCDIR)/ldapsearchprefs.conf $(LDAP_ETCDIR)/ldapsearchprefs.conf-
$(INSTALL) $(INSTALLFLAGS) -m 644 ldapsearchprefs.conf $(LDAP_ETCDIR)
lint: FORCE
$(LINT) $(INCLUDES) $(DEFINES) $(SRCS)
......@@ -93,51 +92,3 @@ links:
@$(LN) .src/*.[ch] .src/ldapfriendly .src/ldapfilter.conf \
.src/ldaptemplates.conf .src/ldapsearchprefs.conf .
# DO NOT DELETE THIS LINE -- mkdep uses it.
# DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY.
bind.o: bind.c ../../include/lber.h ../../include/ldap.h
open.o: open.c ../../include/lber.h ../../include/ldap.h ldap-int.h
result.o: result.c ../../include/portable.h ../../include/lber.h
result.o: ../../include/ldap.h ldap-int.h
error.o: error.c ../../include/lber.h ../../include/ldap.h
compare.o: compare.c ../../include/lber.h ../../include/ldap.h ldap-int.h
search.o: search.c ../../include/lber.h ../../include/ldap.h ldap-int.h
modify.o: modify.c ../../include/lber.h ../../include/ldap.h ldap-int.h
add.o: add.c ../../include/lber.h ../../include/ldap.h ldap-int.h
modrdn.o: modrdn.c ../../include/lber.h ../../include/ldap.h ldap-int.h
delete.o: delete.c ../../include/lber.h ../../include/ldap.h ldap-int.h
abandon.o: abandon.c ../../include/lber.h ../../include/ldap.h ldap-int.h
ufn.o: ufn.c ../../include/lber.h ../../include/ldap.h
cache.o: cache.c ../../include/lber.h ../../include/ldap.h ldap-int.h
getfilter.o: getfilter.c ../../include/lber.h ../../include/ldap.h
getfilter.o: ../../include/regex.h
regex.o: regex.c ../../include/portable.h
sbind.o: sbind.c ../../include/lber.h ../../include/ldap.h ldap-int.h
kbind.o: kbind.c ../../include/lber.h ../../include/ldap.h ldap-int.h
unbind.o: unbind.c ../../include/lber.h ../../include/ldap.h ldap-int.h
friendly.o: friendly.c ../../include/lber.h ../../include/ldap.h
cldap.o: cldap.c ../../include/lber.h ../../include/ldap.h ldap-int.h
free.o: free.c ../../include/lber.h ../../include/ldap.h
disptmpl.o: disptmpl.c ../../include/lber.h ../../include/ldap.h
disptmpl.o: ../../include/disptmpl.h
srchpref.o: srchpref.c ../../include/lber.h ../../include/ldap.h
srchpref.o: ../../include/srchpref.h
dsparse.o: dsparse.c ../../include/lber.h ../../include/ldap.h
tmplout.o: tmplout.c ../../include/lber.h ../../include/ldap.h
tmplout.o: ../../include/disptmpl.h
sort.o: sort.c ../../include/lber.h ../../include/ldap.h
getdn.o: getdn.c ../../include/lber.h ../../include/ldap.h
getentry.o: getentry.c ../../include/lber.h ../../include/ldap.h
getattr.o: getattr.c ../../include/lber.h ../../include/ldap.h ldap-int.h
getvalues.o: getvalues.c ../../include/lber.h ../../include/ldap.h
addentry.o: addentry.c ../../include/lber.h ../../include/ldap.h
request.o: request.c ../../include/portable.h ../../include/lber.h
request.o: ../../include/ldap.h ldap-int.h
getdxbyname.o: getdxbyname.c
os-ip.o: os-ip.c ../../include/portable.h ../../include/lber.h
os-ip.o: ../../include/ldap.h
url.o: url.c ../../include/lber.h ../../include/ldap.h ldap-int.h
charset.o: charset.c
# IF YOU PUT ANYTHING HERE IT WILL GO AWAY
......@@ -10,13 +10,13 @@ static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#if defined(NeXT)
#include <sys/types.h>
#include <regex.h>
#endif
#ifdef MACOS
#include <stdlib.h>
#include "macos.h"
#else /* MACOS */
#ifdef DOS
......@@ -25,7 +25,6 @@ static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of
#else /* DOS */
#include <sys/types.h>
#include <sys/file.h>
#include <stdlib.h>
#include <sys/errno.h>
#ifndef VMS
#include <unistd.h>
......@@ -35,7 +34,6 @@ static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of
#include "lber.h"
#include "ldap.h"
#include "regex.h"
#ifdef NEEDPROTOS
static int break_into_words( char *str, char *delims, char ***wordsp );
......@@ -49,7 +47,6 @@ void free_strarray();
#if !defined( MACOS ) && !defined( DOS )
extern int errno;
extern char *re_comp();
#endif
#define FILT_MAX_LINE_LEN 1024
......@@ -107,8 +104,10 @@ ldap_init_getfilter_buf( char *buf, long buflen )
LDAPFiltDesc *lfdp;
LDAPFiltList *flp, *nextflp;
LDAPFiltInfo *fip, *nextfip;
char *tag, **tok;
int tokcnt, i;
char *tag, **tok;
int tokcnt, i;
int rc;
regex_t re;
if (( lfdp = (LDAPFiltDesc *)calloc( 1, sizeof( LDAPFiltDesc))) == NULL ) {
return( NULL );
......@@ -138,11 +137,13 @@ ldap_init_getfilter_buf( char *buf, long buflen )
}
nextflp->lfl_tag = strdup( tag );
nextflp->lfl_pattern = tok[ 0 ];
if ( re_comp( nextflp->lfl_pattern ) != NULL ) {
if ( (rc = regcomp( &re, nextflp->lfl_pattern, 0 )) != 0 ) {
#ifndef NO_USERINTERFACE
char error[512];
regerror(rc, &re, error, sizeof(error));
ldap_getfilter_free( lfdp );
fprintf( stderr, "bad regular expresssion %s\n",
nextflp->lfl_pattern );
fprintf( stderr, "bad regular expresssion %s, %s\n",
nextflp->lfl_pattern, error );
#if !defined( MACOS ) && !defined( DOS )
errno = EINVAL;
#endif
......@@ -150,6 +151,7 @@ ldap_init_getfilter_buf( char *buf, long buflen )
free_strarray( tok );
return( NULL );
}
regfree(&re);
nextflp->lfl_delims = tok[ 1 ];
nextflp->lfl_ilist = NULL;
......@@ -247,6 +249,8 @@ LDAPFiltInfo *
ldap_getfirstfilter( LDAPFiltDesc *lfdp, char *tagpat, char *value )
{
LDAPFiltList *flp;
int rc;
regex_t re;
if ( lfdp->lfd_curvalcopy != NULL ) {
free( lfdp->lfd_curvalcopy );
......@@ -256,13 +260,30 @@ ldap_getfirstfilter( LDAPFiltDesc *lfdp, char *tagpat, char *value )
lfdp->lfd_curval = value;
lfdp->lfd_curfip = NULL;
for ( flp = lfdp->lfd_filtlist; flp != NULL; flp = flp->lfl_next ) {
if ( re_comp( tagpat ) == NULL && re_exec( flp->lfl_tag ) == 1
&& re_comp( flp->lfl_pattern ) == NULL
&& re_exec( lfdp->lfd_curval ) == 1 ) {
lfdp->lfd_curfip = flp->lfl_ilist;
break;
}
for ( flp = lfdp->lfd_filtlist; flp != NULL; flp = flp->lfl_next ) {
/* compile tagpat, continue if we fail */
if (regcomp(&re, tagpat, 0) != 0)
continue;
/* match tagpatern and tag, continue if we fail */
rc = regexec(&re, flp->lfl_tag, 0, NULL, 0);
regfree(&re);
if (rc != 0)
continue;
/* compile flp->ifl_pattern, continue if we fail */
if (regcomp(&re, flp->lfl_pattern, 0) != 0)
continue;
/* match ifl_pattern and lfd_curval, continue if we fail */
rc = regexec(&re, lfdp->lfd_curval, 0, NULL, 0);
regfree(&re);
if (rc != 0)
continue;
/* we successfully compiled both patterns and matched both values */
lfdp->lfd_curfip = flp->lfl_ilist;
break;
}
if ( lfdp->lfd_curfip == NULL ) {
......
This diff is collapsed.
......@@ -21,23 +21,24 @@ SRCS = main.c daemon.c connection.c search.c filter.c add.c charray.c \
attr.c entry.c config.c backend.c result.c operation.c \
dn.c compare.c modify.c delete.c modrdn.c ch_malloc.c \
value.c ava.c bind.c unbind.c abandon.c filterentry.c \
phonetic.c regex.c acl.c str2filter.c aclparse.c init.c \
phonetic.c acl.c str2filter.c aclparse.c init.c \
detach.c strdup.c tempnam.c repl.c lock.c \
schema.c schemaparse.c monitor.c configinfo.c
OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \
attr.o entry.o config.o backend.o result.o operation.o \
dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \
value.o ava.o bind.o unbind.o abandon.o filterentry.o \
phonetic.o regex.o acl.o str2filter.o aclparse.o init.o \
phonetic.o acl.o str2filter.o aclparse.o init.o \
detach.o strdup.o tempnam.o repl.o lock.o \
schema.o schemaparse.o monitor.o configinfo.o
INCLUDES= -I. -I$(HDIR) $(KRBINCLUDEFLAG)
DEFINES = $(DEFS) $(SERVERDEFS)
DEFINES = $(DEFS) $(LDAP_CRYPT) $(LDAP_TCP_WRAPPERS) $(SERVERDEFS)
CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS) $(THREADS)
LDFLAGS = -L$(LDIR) $(KRBLIBFLAG)
LIBS = $(KRBLIBS) -llber -lldbm -lavl -llthread -lldif $(THREADSLIB) \
$(LDBMLIB) $(ALIBS)
LIBS = $(KRBLIBS) -llber -lldbm -lavl -llthread -lldif \
$(REGEXLIB) $(THREADSLIB) \
$(LDBMLIB) $(LDAP_CRYPT_LIB) $(LDAP_TCP_WRAPPERS_LIB) $(ALIBS)
all: FORCE
@if [ -z "$(MAKESLAPD)" ]; then \
......@@ -100,26 +101,27 @@ version.c: libbackends.a $(OBJS) $(LDIR)/liblber/liblber.a \
-e "s|%VERSION%|$${v}|" \
< Version.c > $@)
install: all $(ETCDIR) $(ETCDIR)/slapd $(ETCDIR)/slapd.conf \
$(ETCDIR)/slapd.at.conf $(ETCDIR)/slapd.oc.conf \
install: all $(LDAP_LIBEXECDIR) $(LDAP_LIBEXECDIR)/slapd \
$(LDAP_ETCDIR) $(LDAP_ETCDIR)/slapd.conf \
$(LDAP_ETCDIR)/slapd.at.conf $(LDAP_ETCDIR)/slapd.oc.conf \
install-tools
$(ETCDIR)/slapd: slapd
$(INSTALL) $(INSTALLFLAGS) -m 755 slapd $(ETCDIR)
$(LDAP_LIBEXECDIR)/slapd: slapd
$(INSTALL) $(INSTALLFLAGS) -m 755 slapd $(LDAP_LIBEXECDIR)
$(ETCDIR)/slapd.conf: slapd.conf
$(SED) -e 's;%ETCDIR%;$(RUNTIMEETCDIR);' slapd.conf > /tmp/slapd.$$
-$(MV) $(ETCDIR)/slapd.conf $(ETCDIR)/slapd.conf-
$(INSTALL) $(INSTALLFLAGS) -m 644 /tmp/slapd.$$ $(ETCDIR)/slapd.conf
$(LDAP_ETCDIR)/slapd.conf: slapd.conf
$(SED) -e 's;%ETCDIR%;$(LDAP_ETCDIR);' slapd.conf > /tmp/slapd.$$
-$(MV) $(LDAP_ETCDIR)/slapd.conf $(LDAP_ETCDIR)/slapd.conf-
$(INSTALL) $(INSTALLFLAGS) -m 644 /tmp/slapd.$$ $(LDAP_ETCDIR)/slapd.conf
$(RM) -f /tmp/slapd.$$
$(ETCDIR)/slapd.at.conf: slapd.at.conf
-$(MV) $(ETCDIR)/slapd.at.conf $(ETCDIR)/slapd.at.conf-
$(INSTALL) $(INSTALLFLAGS) -m 644 slapd.at.conf $(ETCDIR)
$(LDAP_ETCDIR)/slapd.at.conf: slapd.at.conf
-$(MV) $(LDAP_ETCDIR)/slapd.at.conf $(LDAP_ETCDIR)/slapd.at.conf-
$(INSTALL) $(INSTALLFLAGS) -m 644 slapd.at.conf $(LDAP_ETCDIR)
$(ETCDIR)/slapd.oc.conf: slapd.oc.conf
-$(MV) $(ETCDIR)/slapd.oc.conf $(ETCDIR)/slapd.oc.conf-
$(INSTALL) $(INSTALLFLAGS) -m 644 slapd.oc.conf $(ETCDIR)
$(LDAP_ETCDIR)/slapd.oc.conf: slapd.oc.conf
-$(MV) $(LDAP_ETCDIR)/slapd.oc.conf $(LDAP_ETCDIR)/slapd.oc.conf-
$(INSTALL) $(INSTALLFLAGS) -m 644 slapd.oc.conf $(LDAP_ETCDIR)
install-tools: FORCE
(cd tools; $(MAKE) $(MFLAGS) install)
......@@ -164,103 +166,3 @@ links:
fi; \
done;
# DO NOT DELETE THIS LINE -- mkdep uses it.
# DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY.
main.o: main.c ../../include/portable.h slap.h ../../include/avl.h
main.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
main.o: ../../include/ldif.h ../../include/ldapconfig.h
daemon.o: daemon.c slap.h ../../include/avl.h ../../include/lber.h
daemon.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
daemon.o: ../../include/portable.h ../../include/ldapconfig.h
connection.o: connection.c ../../include/portable.h slap.h ../../include/avl.h
connection.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
connection.o: ../../include/ldif.h
search.o: search.c slap.h ../../include/avl.h ../../include/lber.h
search.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
search.o: ../../include/ldapconfig.h
filter.o: filter.c slap.h ../../include/avl.h ../../include/lber.h
filter.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
add.o: add.c slap.h ../../include/avl.h ../../include/lber.h
add.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
charray.o: charray.c slap.h ../../include/avl.h ../../include/lber.h
charray.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
attr.o: attr.c ../../include/portable.h slap.h ../../include/avl.h
attr.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
attr.o: ../../include/ldif.h
entry.o: entry.c slap.h ../../include/avl.h ../../include/lber.h
entry.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
config.o: config.c slap.h ../../include/avl.h ../../include/lber.h
config.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
config.o: ../../include/ldapconfig.h
backend.o: backend.c slap.h ../../include/avl.h ../../include/lber.h
backend.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
result.o: result.c ../../include/portable.h slap.h ../../include/avl.h
result.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
result.o: ../../include/ldif.h
operation.o: operation.c slap.h ../../include/avl.h ../../include/lber.h
operation.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
dn.o: dn.c ../../include/portable.h slap.h ../../include/avl.h
dn.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
dn.o: ../../include/ldif.h
compare.o: compare.c slap.h ../../include/avl.h ../../include/lber.h
compare.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
modify.o: modify.c slap.h ../../include/avl.h ../../include/lber.h
modify.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
delete.o: delete.c slap.h ../../include/avl.h ../../include/lber.h
delete.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
modrdn.o: modrdn.c slap.h ../../include/avl.h ../../include/lber.h
modrdn.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
ch_malloc.o: ch_malloc.c slap.h ../../include/avl.h ../../include/lber.h
ch_malloc.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
value.o: value.c ../../include/portable.h slap.h ../../include/avl.h
value.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
value.o: ../../include/ldif.h
ava.o: ava.c slap.h ../../include/avl.h ../../include/lber.h
ava.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
bind.o: bind.c slap.h ../../include/avl.h ../../include/lber.h
bind.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
unbind.o: unbind.c slap.h ../../include/avl.h ../../include/lber.h
unbind.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
abandon.o: abandon.c slap.h ../../include/avl.h ../../include/lber.h
abandon.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
filterentry.o: filterentry.c ../../include/regex.h slap.h ../../include/avl.h
filterentry.o: ../../include/lber.h ../../include/ldap.h
filterentry.o: ../../include/lthread.h ../../include/ldif.h
phonetic.o: phonetic.c ../../include/portable.h slap.h ../../include/avl.h
phonetic.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
phonetic.o: ../../include/ldif.h
regex.o: regex.c ../../include/portable.h
acl.o: acl.c ../../include/regex.h slap.h ../../include/avl.h
acl.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
acl.o: ../../include/ldif.h
str2filter.o: str2filter.c slap.h ../../include/avl.h ../../include/lber.h
str2filter.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
aclparse.o: aclparse.c ../../include/regex.h slap.h ../../include/avl.h
aclparse.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
aclparse.o: ../../include/ldif.h ../../include/portable.h
init.o: init.c ../../include/portable.h slap.h ../../include/avl.h
init.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
init.o: ../../include/ldif.h
detach.o: detach.c ../../include/portable.h
strdup.o: strdup.c
tempnam.o: tempnam.c
repl.o: repl.c slap.h ../../include/avl.h ../../include/lber.h
repl.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
lock.o: lock.c ../../include/portable.h slap.h ../../include/avl.h
lock.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
lock.o: ../../include/ldif.h
schema.o: schema.c slap.h ../../include/avl.h ../../include/lber.h
schema.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
schemaparse.o: schemaparse.c slap.h ../../include/avl.h ../../include/lber.h
schemaparse.o: ../../include/ldap.h ../../include/lthread.h
schemaparse.o: ../../include/ldif.h
monitor.o: monitor.c slap.h ../../include/avl.h ../../include/lber.h
monitor.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
monitor.o: ../../include/ldapconfig.h
configinfo.o: configinfo.c slap.h ../../include/avl.h ../../include/lber.h
configinfo.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
configinfo.o: ../../include/ldapconfig.h
# IF YOU PUT ANYTHING HERE IT WILL GO AWAY
......@@ -6,15 +6,11 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#ifdef sunos5
#include "regexpr.h"
#else
#include "regex.h"
#endif
#include <regex.h>
#include "slap.h"
extern Attribute *attr_find();
extern char *re_comp();
extern struct acl *global_acl;
extern int global_default_access;
extern char *access2str();
......@@ -26,7 +22,10 @@ struct acl *acl_get_applicable();
static int regex_matches();
extern pthread_mutex_t regex_mutex;
static string_expand(char *newbuf, int bufsiz, char *pattern,
char *match, regmatch_t *matches);
extern Entry * be_dn2entry(Backend *be, char *bdn, char **matched);
/*
* access_allowed - check whether dn is allowed the requested access
......@@ -51,15 +50,57 @@ access_allowed(
int access
)
{
int rc;
struct acl *a;
int rc;
struct acl *a;
char *edn;
regmatch_t matches[MAXREMATCHES];
int i;
int n;
if ( be == NULL ) {
return( 0 );
}
a = acl_get_applicable( be, op, e, attr );
rc = acl_access_allowed( a, be, conn, e, val, op, access );
edn = dn_normalize_case( strdup( e->e_dn ) );
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
/* the lastmod attributes are ignored by ACL checking */
if ( strcasecmp( attr, "modifiersname" ) == 0 ||
strcasecmp( attr, "modifytimestamp" ) == 0 ||
strcasecmp( attr, "creatorsname" ) == 0 ||
strcasecmp( attr, "createtimestamp" ) == 0 )
{
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
attr, 0, 0 );
free( edn );
return(1);
}
memset(matches, 0, sizeof(matches));
a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
if (a) {
for (i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++) {
Debug( LDAP_DEBUG_ARGS, "=> match[%d]: %d %d ",
i, matches[i].rm_so, matches[i].rm_eo );
if( matches[i].rm_so <= matches[0].rm_eo ) {
for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++) {
Debug( LDAP_DEBUG_ARGS, "%c", edn[n], 0, 0 );
}
}
Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
}
}
rc = acl_access_allowed( a, be, conn, e, val, op, access, edn, matches );
free( edn );
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: exit (%s) attr (%s)\n",
e->e_dn, attr, 0);
return( rc );
}
......@@ -75,15 +116,17 @@ acl_get_applicable(
Backend *be,
Operation *op,
Entry *e,
char *attr
char *attr,
char *edn,
int nmatch,
regmatch_t *matches
)
{
int i;
int i, j;
struct acl *a;
char *edn;
Debug( LDAP_DEBUG_ACL, "=> acl_get: entry (%s) attr (%s)\n", e->e_dn,
attr, 0 );
Debug( LDAP_DEBUG_ACL, "\n=> acl_get: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
if ( be_isroot( be, op->o_dn ) ) {
Debug( LDAP_DEBUG_ACL,
......@@ -92,55 +135,73 @@ acl_get_applicable(
return( NULL );
}
Debug( LDAP_DEBUG_ARGS, "=> acl_get: edn %s\n", edn, 0, 0 );
/* check for a backend-specific acl that matches the entry */
for ( i = 1, a = be->be_acl; a != NULL; a = a->acl_next, i++ ) {
if ( a->acl_dnpat != NULL ) {
edn = dn_normalize_case( strdup( e->e_dn ) );
if ( ! regex_matches( a->acl_dnpat, edn ) ) {
free( edn );
if (a->acl_dnpat != NULL) {
Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n",
i, a->acl_dnpat, a->acl_dnre.re_nsub);
if (regexec(&a->acl_dnre, edn, nmatch, matches, 0))
continue;
}
free( edn );
else
Debug( LDAP_DEBUG_TRACE, "=> acl_get:[%d] backend ACL match\n",
i, 0, 0);
}
if ( a->acl_filter != NULL ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter )
!= 0 ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) {
continue;
}
}
Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr %s\n", i, attr, 0);
if ( attr == NULL || a->acl_attrs == NULL ||
charray_inlist( a->acl_attrs, attr ) ) {
Debug( LDAP_DEBUG_ACL, "<= acl_get: backend acl #%d\n",
i, e->e_dn, attr );
charray_inlist( a->acl_attrs, attr ) )
{
Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] backend acl %s attr: %s\n",
i, e->e_dn, attr );
return( a );
}
matches[0].rm_so = matches[0].rm_eo = -1;
}
/* check for a global acl that matches the entry */
for ( i = 1, a = global_acl; a != NULL; a = a->acl_next, i++ ) {
if ( a->acl_dnpat != NULL ) {
edn = dn_normalize_case( strdup( e->e_dn ) );
if ( ! regex_matches( a->acl_dnpat, edn ) ) {
free( edn );
if (a->acl_dnpat != NULL) {
Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n",
i, a->acl_dnpat, a->acl_dnre.re_nsub);
if (