openldap/servers/slapd/slapacl.c

184 lines
4.0 KiB
C
Raw Normal View History

2004-04-20 08:08:44 +08:00
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
2005-01-02 04:49:32 +08:00
* Copyright 2004-2005 The OpenLDAP Foundation.
2004-04-20 08:08:44 +08:00
* Portions Copyright 2004 Pierangelo Masarati.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted only as authorized by the OpenLDAP
* Public License.
*
* A copy of this license is available in file LICENSE in the
* top-level directory of the distribution or, alternatively, at
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS:
* This work was initially developed by Pierangelo Masarati for inclusion
* in OpenLDAP Software.
*/
#include "portable.h"
#include <stdio.h>
#include <ac/stdlib.h>
#include <ac/ctype.h>
#include <ac/string.h>
#include <ac/socket.h>
#include <ac/unistd.h>
#include <lber.h>
#include <ldif.h>
#include <lutil.h>
#include "slapcommon.h"
int
slapacl( int argc, char **argv )
{
int rc = EXIT_SUCCESS;
const char *progname = "slapacl";
2004-11-26 06:59:00 +08:00
Connection conn = {0};
char opbuf[OPERATION_BUFFER_SIZE];
Operation *op;
2004-04-20 08:08:44 +08:00
Entry e = { 0 };
2004-11-17 21:43:04 +08:00
char *attr = NULL;
2004-04-20 08:08:44 +08:00
slap_tool_init( progname, SLAPACL, argc, argv );
argv = &argv[ optind ];
argc -= optind;
op = (Operation *)opbuf;
connection_fake_init( &conn, op, &conn );
2004-04-20 08:08:44 +08:00
if ( !BER_BVISNULL( &authcID ) ) {
rc = slap_sasl_getdn( &conn, op, &authcID, NULL,
2004-11-17 21:43:04 +08:00
&authcDN, SLAP_GETDN_AUTHCID );
2004-04-20 08:08:44 +08:00
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "ID: <%s> check failed %d (%s)\n",
authcID.bv_val, rc,
ldap_err2string( rc ) );
rc = 1;
goto destroy;
}
} else if ( !BER_BVISNULL( &authcDN ) ) {
struct berval ndn;
rc = dnNormalize( 0, NULL, NULL, &authcDN, &ndn, NULL );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "autchDN=\"%s\" normalization failed %d (%s)\n",
authcDN.bv_val, rc,
ldap_err2string( rc ) );
rc = 1;
goto destroy;
}
ch_free( authcDN.bv_val );
authcDN = ndn;
2004-04-20 08:08:44 +08:00
}
2004-04-20 08:08:44 +08:00
if ( !BER_BVISNULL( &authcDN ) ) {
fprintf( stderr, "DN: \"%s\"\n", authcDN.bv_val );
}
assert( !BER_BVISNULL( &baseDN ) );
rc = dnPrettyNormal( NULL, &baseDN, &e.e_name, &e.e_nname, NULL );
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "base=\"%s\" normalization failed %d (%s)\n",
baseDN.bv_val, rc,
ldap_err2string( rc ) );
rc = 1;
goto destroy;
}
op->o_bd = be;
2004-04-20 08:08:44 +08:00
if ( !BER_BVISNULL( &authcDN ) ) {
op->o_dn = authcDN;
op->o_ndn = authcDN;
2004-04-20 08:08:44 +08:00
}
2004-11-17 21:43:04 +08:00
if ( argc == 0 ) {
argc = 1;
attr = slap_schema.si_ad_entry->ad_cname.bv_val;
}
2004-04-20 08:08:44 +08:00
for ( ; argc--; argv++ ) {
slap_mask_t mask;
AttributeDescription *desc = NULL;
int rc;
2005-01-07 21:37:22 +08:00
struct berval val = BER_BVNULL,
*valp = NULL;
2004-04-20 08:08:44 +08:00
const char *text;
char accessmaskbuf[ACCESSMASK_MAXLEN];
char *accessstr;
slap_access_t access = ACL_AUTH;
2004-11-17 21:43:04 +08:00
if ( attr == NULL ) {
attr = argv[ 0 ];
}
val.bv_val = strchr( attr, ':' );
2004-04-20 08:08:44 +08:00
if ( val.bv_val != NULL ) {
val.bv_val[0] = '\0';
val.bv_val++;
val.bv_len = strlen( val.bv_val );
2005-01-07 21:37:22 +08:00
valp = &val;
2004-04-20 08:08:44 +08:00
}
2004-11-17 21:43:04 +08:00
accessstr = strchr( attr, '/' );
2004-04-20 08:08:44 +08:00
if ( accessstr != NULL ) {
accessstr[0] = '\0';
accessstr++;
access = str2access( accessstr );
if ( access == ACL_INVALID_ACCESS ) {
fprintf( stderr, "unknown access \"%s\" for attribute \"%s\"\n",
2004-11-17 21:43:04 +08:00
accessstr, attr );
2004-04-26 08:17:58 +08:00
if ( continuemode ) {
continue;
}
break;
2004-04-20 08:08:44 +08:00
}
}
2004-11-17 21:43:04 +08:00
rc = slap_str2ad( attr, &desc, &text );
2004-04-20 08:08:44 +08:00
if ( rc != LDAP_SUCCESS ) {
fprintf( stderr, "slap_str2ad(%s) failed %d (%s)\n",
2004-11-17 21:43:04 +08:00
attr, rc, ldap_err2string( rc ) );
2004-04-26 08:17:58 +08:00
if ( continuemode ) {
continue;
}
break;
2004-04-20 08:08:44 +08:00
}
2005-01-07 21:37:22 +08:00
rc = access_allowed_mask( op, &e, desc, valp, access,
2004-04-20 08:08:44 +08:00
NULL, &mask );
2004-07-17 23:15:59 +08:00
if ( accessstr ) {
fprintf( stderr, "%s access to %s%s%s: %s\n",
accessstr,
desc->ad_cname.bv_val,
val.bv_val ? "=" : "",
val.bv_val ? val.bv_val : "",
rc ? "ALLOWED" : "DENIED" );
} else {
fprintf( stderr, "%s%s%s: %s\n",
desc->ad_cname.bv_val,
val.bv_val ? "=" : "",
val.bv_val ? val.bv_val : "",
2005-02-22 20:02:34 +08:00
accessmask2str( mask, accessmaskbuf, 1 ) );
2004-07-17 23:15:59 +08:00
}
rc = 0;
2004-11-17 21:43:04 +08:00
attr = NULL;
2004-04-20 08:08:44 +08:00
}
destroy:;
slap_tool_destroy();
return rc;
}