Commit 83bb1c93 authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

allow setting misc params used by ACL checking

parent 94a9f848
......@@ -39,8 +39,9 @@ slapacl( int argc, char **argv )
{
int rc = EXIT_SUCCESS;
const char *progname = "slapacl";
Connection conn = {0};
char opbuf[OPERATION_BUFFER_SIZE];
Connection conn = { 0 };
Listener listener;
char opbuf[OPERATION_BUFFER_SIZE];
Operation *op;
Entry e = { 0 };
char *attr = NULL;
......@@ -53,6 +54,16 @@ slapacl( int argc, char **argv )
op = (Operation *)opbuf;
connection_fake_init( &conn, op, &conn );
conn.c_listener = &listener;
conn.c_listener_url = listener_url;
conn.c_peer_domain = peer_domain;
conn.c_peer_name = peer_name;
conn.c_sock_name = sock_name;
op->o_ssf = ssf;
op->o_transport_ssf = transport_ssf;
op->o_tls_ssf = tls_ssf;
op->o_sasl_ssf = sasl_ssf;
if ( !BER_BVISNULL( &authcID ) ) {
rc = slap_sasl_getdn( &conn, op, &authcID, NULL,
&authcDN, SLAP_GETDN_AUTHCID );
......
......@@ -55,7 +55,8 @@ usage( int tool, const char *progname )
switch( tool ) {
case SLAPACL:
options = "\n\t[-U authcID | -D authcDN]"
" -b DN [attr[/access][:value]] [...]\n";
" -b DN -o <var>[=<val>]"
"\n\t[attr[/access][:value]] [...]\n";
break;
case SLAPADD:
......@@ -91,6 +92,62 @@ usage( int tool, const char *progname )
exit( EXIT_FAILURE );
}
static int
parse_slapacl( void )
{
size_t len;
char *p;
p = strchr( optarg, '=' );
if ( p == NULL ) {
return -1;
}
len = p - optarg;
p++;
if ( strncasecmp( optarg, "sockurl", len ) == 0 ) {
if ( !BER_BVISNULL( &listener_url ) ) {
ber_memfree( listener_url.bv_val );
}
ber_str2bv( p, 0, 1, &listener_url );
} else if ( strncasecmp( optarg, "domain", len ) == 0 ) {
if ( !BER_BVISNULL( &peer_domain ) ) {
ber_memfree( peer_domain.bv_val );
}
ber_str2bv( p, 0, 1, &peer_domain );
} else if ( strncasecmp( optarg, "peername", len ) == 0 ) {
if ( !BER_BVISNULL( &peer_name ) ) {
ber_memfree( peer_name.bv_val );
}
ber_str2bv( p, 0, 1, &peer_name );
} else if ( strncasecmp( optarg, "sockname", len ) == 0 ) {
if ( !BER_BVISNULL( &sock_name ) ) {
ber_memfree( sock_name.bv_val );
}
ber_str2bv( p, 0, 1, &sock_name );
} else if ( strncasecmp( optarg, "ssf", len ) == 0 ) {
ssf = atoi( p );
} else if ( strncasecmp( optarg, "transport_ssf", len ) == 0 ) {
transport_ssf = atoi( p );
} else if ( strncasecmp( optarg, "tls_ssf", len ) == 0 ) {
tls_ssf = atoi( p );
} else if ( strncasecmp( optarg, "sasl_ssf", len ) == 0 ) {
sasl_ssf = atoi( p );
} else {
return -1;
}
return 0;
}
/*
* slap_tool_init - initialize slap utility, handle program options.
......@@ -157,7 +214,7 @@ slap_tool_init(
break;
case SLAPACL:
options = "b:D:d:f:F:U:v";
options = "b:D:d:f:F:o:U:v";
mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
break;
......@@ -209,6 +266,12 @@ slap_tool_init(
dbnum = atoi( optarg );
break;
case 'o':
if ( parse_slapacl() ) {
usage( tool, progname );
}
break;
case 'q': /* turn on quick */
mode |= SLAP_TOOL_QUICK;
break;
......
......@@ -48,6 +48,14 @@ typedef struct tool_vars {
struct berval tv_authzID;
struct berval tv_mech;
char *tv_realm;
struct berval tv_listener_url;
struct berval tv_peer_domain;
struct berval tv_peer_name;
struct berval tv_sock_name;
slap_ssf_t tv_ssf;
slap_ssf_t tv_transport_ssf;
slap_ssf_t tv_tls_ssf;
slap_ssf_t tv_sasl_ssf;
} tool_vars;
extern tool_vars tool_globals;
......@@ -67,6 +75,14 @@ extern tool_vars tool_globals;
#define authzID tool_globals.tv_authzID
#define mech tool_globals.tv_mech
#define realm tool_globals.tv_realm
#define listener_url tool_globals.tv_listener_url
#define peer_domain tool_globals.tv_peer_domain
#define peer_name tool_globals.tv_peer_name
#define sock_name tool_globals.tv_sock_name
#define ssf tool_globals.tv_ssf
#define transport_ssf tool_globals.tv_transport_ssf
#define tls_ssf tool_globals.tv_tls_ssf
#define sasl_ssf tool_globals.tv_sasl_ssf
void slap_tool_init LDAP_P((
const char* name,
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment