mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-01-06 10:46:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

add baseObject as alias for base.

Browse Source 
cleanup
This commit is contained in:
Kurt Zeilenga 2004-06-28 06:42:00 +00:00
parent 08949463c5
commit 372a941334
1 changed files with 154 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

242
servers/slapd/aclparse.c
View File

@ -122,7 +122,6 @@ regtest(const char *fname, int lineno, char *pat) {
} }
#ifdef LDAP_DEVEL #ifdef LDAP_DEVEL
/* /*
* Experimental * Experimental
* *
@ -174,7 +173,6 @@ check_scope( BackendDB *be, AccessControl *a )
? ACL_SCOPE_WARN : ACL_SCOPE_OK; ? ACL_SCOPE_WARN : ACL_SCOPE_OK;
regfree( &re ); regfree( &re );
return rc; return rc;
} }
@ -185,9 +183,7 @@ check_scope( BackendDB *be, AccessControl *a )
* match */ * match */
if ( dn.bv_len > patlen ) { if ( dn.bv_len > patlen ) {
/* base is blatantly wrong */ /* base is blatantly wrong */
if ( style == ACL_STYLE_BASE ) { if ( style == ACL_STYLE_BASE ) return ACL_SCOPE_ERR;
return ACL_SCOPE_ERR;
}
/* one can be wrong if there is more /* one can be wrong if there is more
* than one level between the suffix * than one level between the suffix
@ -196,8 +192,9 @@ check_scope( BackendDB *be, AccessControl *a )
int rdnlen = -1, sep = 0; int rdnlen = -1, sep = 0;
if ( patlen > 0 ) { if ( patlen > 0 ) {
if ( !DN_SEPARATOR( dn.bv_val[ dn.bv_len - patlen - 1 ] ) ) if ( !DN_SEPARATOR( dn.bv_val[dn.bv_len - patlen - 1] )) {
return ACL_SCOPE_ERR; return ACL_SCOPE_ERR;
}
sep = 1; sep = 1;
} }
@ -208,7 +205,9 @@ check_scope( BackendDB *be, AccessControl *a )
/* if the trailing part doesn't match, /* if the trailing part doesn't match,
* then it's an error */ * then it's an error */
if ( strcmp( a->acl_dn_pat.bv_val, &dn.bv_val[ dn.bv_len - patlen ] ) != 0 ) { if ( strcmp( a->acl_dn_pat.bv_val,
&dn.bv_val[dn.bv_len - patlen] ) != 0 )
{
return ACL_SCOPE_ERR; return ACL_SCOPE_ERR;
} }
@ -227,11 +226,14 @@ check_scope( BackendDB *be, AccessControl *a )
break; break;
} }
if ( dn.bv_len < patlen && !DN_SEPARATOR( a->acl_dn_pat.bv_val[ patlen -dn.bv_len - 1 ] ) ) { if ( dn.bv_len < patlen &&
!DN_SEPARATOR( a->acl_dn_pat.bv_val[patlen -dn.bv_len - 1] )) {
return ACL_SCOPE_ERR; return ACL_SCOPE_ERR;
} }
if ( strcmp( &a->acl_dn_pat.bv_val[ patlen - dn.bv_len ], dn.bv_val ) != 0 ) { if ( strcmp( &a->acl_dn_pat.bv_val[patlen - dn.bv_len], dn.bv_val )
!= 0 )
{
return ACL_SCOPE_ERR; return ACL_SCOPE_ERR;
} }
@ -314,19 +316,21 @@ parse_acl(
} }
if ( style == NULL || *style == '\0' || if ( style == NULL || *style == '\0' ||
( strcasecmp( style, "base" ) == 0 ) || strcasecmp( style, "baseObject" ) == 0 ||
( strcasecmp( style, "exact" ) == 0 )) strcasecmp( style, "base" ) == 0 ||
strcasecmp( style, "exact" ) == 0 )
{ {
a->acl_dn_style = ACL_STYLE_BASE; a->acl_dn_style = ACL_STYLE_BASE;
ber_str2bv( right, 0, 1, &a->acl_dn_pat ); ber_str2bv( right, 0, 1, &a->acl_dn_pat );
} else if ( strcasecmp( style, "onelevel" ) == 0 } else if ( strcasecmp( style, "oneLevel" ) == 0 ||
|| strcasecmp( style, "one" ) == 0 ) { strcasecmp( style, "one" ) == 0 )
{
a->acl_dn_style = ACL_STYLE_ONE; a->acl_dn_style = ACL_STYLE_ONE;
ber_str2bv( right, 0, 1, &a->acl_dn_pat ); ber_str2bv( right, 0, 1, &a->acl_dn_pat );
} else if ( strcasecmp( style, "subtree" ) == 0 } else if ( strcasecmp( style, "subtree" ) == 0 ||
|| strcasecmp( style, "sub" ) == 0 ) strcasecmp( style, "sub" ) == 0 )
{ {
if( *right == '\0' ) { if( *right == '\0' ) {
a->acl_dn_pat.bv_val = ch_strdup( "*" ); a->acl_dn_pat.bv_val = ch_strdup( "*" );
@ -420,24 +424,33 @@ parse_acl(
} }
a->acl_attrval_style = ACL_STYLE_REGEX; a->acl_attrval_style = ACL_STYLE_REGEX;
} else { } else {
/* FIXME: if the attribute has DN syntax, /* FIXME: if the attribute has DN syntax, we might
* we might allow one, subtree and children styles as well */ * allow one, subtree and children styles as well */
if ( !strcasecmp( style, "exact" ) ) { if ( !strcasecmp( style, "exact" ) ) {
a->acl_attrval_style = ACL_STYLE_BASE; a->acl_attrval_style = ACL_STYLE_BASE;
} else if ( a->acl_attrs[0].an_desc->ad_type->sat_syntax == slap_schema.si_syn_distinguishedName ) { } else if ( a->acl_attrs[0].an_desc->ad_type->
if ( !strcasecmp( style, "base" ) ) { sat_syntax == slap_schema.si_syn_distinguishedName )
{
if ( !strcasecmp( style, "baseObject" ) ||
!strcasecmp( style, "base" ) )
{
a->acl_attrval_style = ACL_STYLE_BASE; a->acl_attrval_style = ACL_STYLE_BASE;
} else if ( !strcasecmp( style, "onelevel" ) || !strcasecmp( style, "one" ) ) { } else if ( !strcasecmp( style, "onelevel" ) ||
!strcasecmp( style, "one" ) )
{
a->acl_attrval_style = ACL_STYLE_ONE; a->acl_attrval_style = ACL_STYLE_ONE;
} else if ( !strcasecmp( style, "subtree" ) || !strcasecmp( style, "sub" ) ) { } else if ( !strcasecmp( style, "subtree" ) ||
!strcasecmp( style, "sub" ) )
{
a->acl_attrval_style = ACL_STYLE_SUBTREE; a->acl_attrval_style = ACL_STYLE_SUBTREE;
} else if ( !strcasecmp( style, "children" ) ) { } else if ( !strcasecmp( style, "children" ) ) {
a->acl_attrval_style = ACL_STYLE_CHILDREN; a->acl_attrval_style = ACL_STYLE_CHILDREN;
} else { } else {
fprintf( stderr, fprintf( stderr,
"%s: line %d: unknown val.<style> \"%s\" " "%s: line %d: unknown val.<style> \"%s\" "
"for attributeType \"%s\" with DN syntax; using \"base\"\n", "for attributeType \"%s\" with DN syntax; "
"using \"base\"\n",
fname, lineno, style, fname, lineno, style,
a->acl_attrs[0].an_desc->ad_cname.bv_val ); a->acl_attrs[0].an_desc->ad_cname.bv_val );
a->acl_attrval_style = ACL_STYLE_BASE; a->acl_attrval_style = ACL_STYLE_BASE;
@ -535,12 +548,14 @@ parse_acl(
if ( style == NULL || *style == '\0' || if ( style == NULL || *style == '\0' ||
strcasecmp( style, "exact" ) == 0 || strcasecmp( style, "exact" ) == 0 ||
strcasecmp( style, "baseObject" ) == 0 ||
strcasecmp( style, "base" ) == 0 ) strcasecmp( style, "base" ) == 0 )
{ {
sty = ACL_STYLE_BASE; sty = ACL_STYLE_BASE;
} else if ( strcasecmp( style, "onelevel" ) == 0 || } else if ( strcasecmp( style, "onelevel" ) == 0 ||
strcasecmp( style, "one" ) == 0 ) { strcasecmp( style, "one" ) == 0 )
{
sty = ACL_STYLE_ONE; sty = ACL_STYLE_ONE;
} else if ( strcasecmp( style, "subtree" ) == 0 || } else if ( strcasecmp( style, "subtree" ) == 0 ||
@ -719,8 +734,9 @@ parse_acl(
if ( strcasecmp( left, "dnattr" ) == 0 ) { if ( strcasecmp( left, "dnattr" ) == 0 ) {
if ( right == NULL || right[0] == '\0' ) { if ( right == NULL || right[0] == '\0' ) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n", "missing \"=\" in (or value after) \"%s\" "
"in by clause\n",
fname, lineno, left ); fname, lineno, left );
acl_usage(); acl_usage();
} }
@ -1004,10 +1020,13 @@ parse_acl(
b->a_peername_mask = (unsigned long)(-1); b->a_peername_mask = (unsigned long)(-1);
if ( mask != NULL ) { if ( mask != NULL ) {
b->a_peername_mask = inet_addr( mask ); b->a_peername_mask = inet_addr( mask );
if ( b->a_peername_mask == (unsigned long)(-1)) { if ( b->a_peername_mask ==
(unsigned long)(-1))
{
/* illegal mask */ /* illegal mask */
fprintf( stderr, "%s: line %d: " fprintf( stderr, "%s: line %d: "
"illegal peername address mask \"%s\".\n", "illegal peername address mask "
"\"%s\".\n",
fname, lineno, mask ); fname, lineno, mask );
acl_usage(); acl_usage();
} }
@ -1021,7 +1040,8 @@ parse_acl(
if ( end[0] != '}' ) { if ( end[0] != '}' ) {
/* illegal port */ /* illegal port */
fprintf( stderr, "%s: line %d: " fprintf( stderr, "%s: line %d: "
"illegal peername port specification \"{%s}\".\n", "illegal peername port specification "
"\"{%s}\".\n",
fname, lineno, port ); fname, lineno, port );
acl_usage(); acl_usage();
} }
@ -1098,15 +1118,16 @@ parse_acl(
default: default:
/* unknown */ /* unknown */
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: inappropriate style \"%s\" in by clause\n", "inappropriate style \"%s\" in by clause\n",
fname, lineno, style ); fname, lineno, style );
acl_usage(); acl_usage();
} }
if ( right == NULL || right[0] == '\0' ) { if ( right == NULL || right[0] == '\0' ) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n", "missing \"=\" in (or value after) \"%s\" "
"in by clause\n",
fname, lineno, left ); fname, lineno, left );
acl_usage(); acl_usage();
} }
@ -1150,8 +1171,9 @@ parse_acl(
} }
if ( right == NULL || right[0] == '\0' ) { if ( right == NULL || right[0] == '\0' ) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: missing \"=\" in (or value after) \"%s\" in by clause\n", "missing \"=\" in (or value after) \"%s\" "
"in by clause\n",
fname, lineno, left ); fname, lineno, left );
acl_usage(); acl_usage();
} }
@ -1178,8 +1200,8 @@ parse_acl(
if ( strcasecmp( left, "set" ) == 0 ) { if ( strcasecmp( left, "set" ) == 0 ) {
if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: inappropriate style \"%s\" in by clause\n", "inappropriate style \"%s\" in by clause\n",
fname, lineno, style ); fname, lineno, style );
acl_usage(); acl_usage();
} }
@ -1207,8 +1229,8 @@ parse_acl(
#ifdef SLAPD_ACI_ENABLED #ifdef SLAPD_ACI_ENABLED
if ( strcasecmp( left, "aci" ) == 0 ) { if ( strcasecmp( left, "aci" ) == 0 ) {
if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: inappropriate style \"%s\" in by clause\n", "inappropriate style \"%s\" in by clause\n",
fname, lineno, style ); fname, lineno, style );
acl_usage(); acl_usage();
} }
@ -1237,8 +1259,8 @@ parse_acl(
if( !is_at_syntax( b->a_aci_at->ad_type, if( !is_at_syntax( b->a_aci_at->ad_type,
SLAPD_ACI_SYNTAX) ) SLAPD_ACI_SYNTAX) )
{ {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: aci \"%s\": inappropriate syntax: %s\n", "aci \"%s\": inappropriate syntax: %s\n",
fname, lineno, right, fname, lineno, right,
b->a_aci_at->ad_type->sat_syntax_oid ); b->a_aci_at->ad_type->sat_syntax_oid );
acl_usage(); acl_usage();
@ -1250,8 +1272,8 @@ parse_acl(
if ( strcasecmp( left, "ssf" ) == 0 ) { if ( strcasecmp( left, "ssf" ) == 0 ) {
if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: inappropriate style \"%s\" in by clause\n", "inappropriate style \"%s\" in by clause\n",
fname, lineno, style ); fname, lineno, style );
acl_usage(); acl_usage();
} }
@ -1289,15 +1311,15 @@ parse_acl(
if ( strcasecmp( left, "transport_ssf" ) == 0 ) { if ( strcasecmp( left, "transport_ssf" ) == 0 ) {
if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: inappropriate style \"%s\" in by clause\n", "inappropriate style \"%s\" in by clause\n",
fname, lineno, style ); fname, lineno, style );
acl_usage(); acl_usage();
} }
if( b->a_authz.sai_transport_ssf ) { if( b->a_authz.sai_transport_ssf ) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: transport_ssf attribute already specified.\n", "transport_ssf attribute already specified.\n",
fname, lineno ); fname, lineno );
acl_usage(); acl_usage();
} }
@ -1311,8 +1333,8 @@ parse_acl(
b->a_authz.sai_transport_ssf = strtol( right, &next, 10 ); b->a_authz.sai_transport_ssf = strtol( right, &next, 10 );
if ( next == NULL || next[0] != '\0' ) { if ( next == NULL || next[0] != '\0' ) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: unable to parse transport_ssf value (%s)\n", "unable to parse transport_ssf value (%s)\n",
fname, lineno, right ); fname, lineno, right );
acl_usage(); acl_usage();
} }
@ -1328,15 +1350,15 @@ parse_acl(
if ( strcasecmp( left, "tls_ssf" ) == 0 ) { if ( strcasecmp( left, "tls_ssf" ) == 0 ) {
if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: inappropriate style \"%s\" in by clause\n", "inappropriate style \"%s\" in by clause\n",
fname, lineno, style ); fname, lineno, style );
acl_usage(); acl_usage();
} }
if( b->a_authz.sai_tls_ssf ) { if( b->a_authz.sai_tls_ssf ) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: tls_ssf attribute already specified.\n", "tls_ssf attribute already specified.\n",
fname, lineno ); fname, lineno );
acl_usage(); acl_usage();
} }
@ -1350,8 +1372,8 @@ parse_acl(
b->a_authz.sai_tls_ssf = strtol( right, &next, 10 ); b->a_authz.sai_tls_ssf = strtol( right, &next, 10 );
if ( next == NULL || next[0] != '\0' ) { if ( next == NULL || next[0] != '\0' ) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: unable to parse tls_ssf value (%s)\n", "unable to parse tls_ssf value (%s)\n",
fname, lineno, right ); fname, lineno, right );
acl_usage(); acl_usage();
} }
@ -1367,15 +1389,15 @@ parse_acl(
if ( strcasecmp( left, "sasl_ssf" ) == 0 ) { if ( strcasecmp( left, "sasl_ssf" ) == 0 ) {
if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) { if (sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: inappropriate style \"%s\" in by clause\n", "inappropriate style \"%s\" in by clause\n",
fname, lineno, style ); fname, lineno, style );
acl_usage(); acl_usage();
} }
if( b->a_authz.sai_sasl_ssf ) { if( b->a_authz.sai_sasl_ssf ) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: sasl_ssf attribute already specified.\n", "sasl_ssf attribute already specified.\n",
fname, lineno ); fname, lineno );
acl_usage(); acl_usage();
} }
@ -1389,8 +1411,8 @@ parse_acl(
b->a_authz.sai_sasl_ssf = strtol( right, &next, 10 ); b->a_authz.sai_sasl_ssf = strtol( right, &next, 10 );
if ( next == NULL || next[0] != '\0' ) { if ( next == NULL || next[0] != '\0' ) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: unable to parse sasl_ssf value (%s)\n", "unable to parse sasl_ssf value (%s)\n",
fname, lineno, right ); fname, lineno, right );
acl_usage(); acl_usage();
} }
@ -1500,19 +1522,18 @@ parse_acl(
/* if we have no real access clause, complain and do nothing */ /* if we have no real access clause, complain and do nothing */
if ( a == NULL ) { if ( a == NULL ) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: warning: no access clause(s) specified in access line\n", "warning: no access clause(s) specified in access line\n",
fname, lineno ); fname, lineno );
} else { } else {
#ifdef LDAP_DEBUG #ifdef LDAP_DEBUG
if (ldap_debug & LDAP_DEBUG_ACL) if (ldap_debug & LDAP_DEBUG_ACL) print_acl(be, a);
print_acl(be, a);
#endif #endif
if ( a->acl_access == NULL ) { if ( a->acl_access == NULL ) {
fprintf( stderr, fprintf( stderr, "%s: line %d: "
"%s: line %d: warning: no by clause(s) specified in access line\n", "warning: no by clause(s) specified in access line\n",
fname, lineno ); fname, lineno );
} }
@ -1521,32 +1542,27 @@ parse_acl(
switch ( check_scope( be, a ) ) { switch ( check_scope( be, a ) ) {
case ACL_SCOPE_UNKNOWN: case ACL_SCOPE_UNKNOWN:
fprintf( stderr, "%s: line %d: warning: " fprintf( stderr, "%s: line %d: warning: "
"cannot assess the validity " "cannot assess the validity of the ACL scope within "
"of the ACL scope within "
"backend naming context\n", "backend naming context\n",
fname, lineno ); fname, lineno );
break; break;
case ACL_SCOPE_WARN: case ACL_SCOPE_WARN:
fprintf( stderr, "%s: line %d: warning: " fprintf( stderr, "%s: line %d: warning: "
"ACL could be out of " "ACL could be out of scope within backend naming context\n",
"scope within "
"backend naming context\n",
fname, lineno ); fname, lineno );
break; break;
case ACL_SCOPE_PARTIAL: case ACL_SCOPE_PARTIAL:
fprintf( stderr, "%s: line %d: warning: " fprintf( stderr, "%s: line %d: warning: "
"ACL appears to be partially " "ACL appears to be partially out of scope within "
"out of scope within "
"backend naming context\n", "backend naming context\n",
fname, lineno ); fname, lineno );
break; break;
case ACL_SCOPE_ERR: case ACL_SCOPE_ERR:
fprintf( stderr, "%s: line %d: warning: " fprintf( stderr, "%s: line %d: warning: "
"ACL appears to be out of " "ACL appears to be out of scope within "
"scope within "
"backend naming context\n", "backend naming context\n",
fname, lineno ); fname, lineno );
break; break;
@ -1744,10 +1760,11 @@ acl_usage( void )
"\t[aci=<attrname>]\n" "\t[aci=<attrname>]\n"
#endif #endif
"\t[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]\n" "\t[ssf=<n>] [transport_ssf=<n>] [tls_ssf=<n>] [sasl_ssf=<n>]\n"
"<dnstyle> ::= base | exact | one(level) | sub(tree) | children | regex\n" "<dnstyle> ::= base(Object) | one(level) | sub(tree) | children | "
"<style> ::= regex | base | exact\n" "exact | regex\n"
"<peernamestyle> ::= regex | exact | ip | path\n" "<style> ::= exact | regex | base(Object)\n"
"<domainstyle> ::= regex | base | exact | sub(tree)\n" "<peernamestyle> ::= exact | regex | ip | path\n"
"<domainstyle> ::= exact | regex | base(Object) | sub(tree)\n"
"<access> ::= [self]{<level>|<priv>}\n" "<access> ::= [self]{<level>|<priv>}\n"
"<level> ::= none | auth | compare | search | read | write\n" "<level> ::= none | auth | compare | search | read | write\n"
"<priv> ::= {=|+|-}{w|r|s|c|x|0}+\n" "<priv> ::= {=|+|-}{w|r|s|c|x|0}+\n"
@ -1765,8 +1782,7 @@ acl_usage( void )
static void static void
acl_regex_normalized_dn( acl_regex_normalized_dn(
const char *src, const char *src,
struct berval *pattern struct berval *pattern )
)
{ {
char *str, *p; char *str, *p;
ber_len_t len; ber_len_t len;
@ -1786,13 +1802,11 @@ acl_regex_normalized_dn(
p++; p++;
} }
if ( p[ 0 ] == ',' ) { if ( p[0] == ',' && p[1] == ' ' ) {
if ( p[ 1 ] == ' ' ) {
char *q; char *q;
/* /*
* too much space should be * too much space should be an error if we are pedantic
* an error if we are pedantic
*/ */
for ( q = &p[2]; q[0] == ' '; q++ ) { for ( q = &p[2]; q[0] == ' '; q++ ) {
/* DO NOTHING */ ; /* DO NOTHING */ ;
@ -1800,7 +1814,6 @@ acl_regex_normalized_dn(
AC_MEMCPY( p+1, q, len-(q-str)+1); AC_MEMCPY( p+1, q, len-(q-str)+1);
} }
} }
}
pattern->bv_val = str; pattern->bv_val = str;
pattern->bv_len = p-str; pattern->bv_len = p-str;
@ -1812,8 +1825,7 @@ split(
char *line, char *line,
int splitchar, int splitchar,
char **left, char **left,
char **right char **right )
)
{ {
*left = line; *left = line;
if ( (*right = strchr( line, splitchar )) != NULL ) { if ( (*right = strchr( line, splitchar )) != NULL ) {
@ -1824,8 +1836,9 @@ split(
static void static void
access_append( Access **l, Access *a ) access_append( Access **l, Access *a )
{ {
for ( ; *l != NULL; l = &(*l)->a_next ) for ( ; *l != NULL; l = &(*l)->a_next ) {
; /* NULL */ ; /* Empty */
}
*l = a; *l = a;
} }
@ -1833,8 +1846,9 @@ access_append( Access **l, Access *a )
void void
acl_append( AccessControl **l, AccessControl *a ) acl_append( AccessControl **l, AccessControl *a )
{ {
for ( ; *l != NULL; l = &(*l)->acl_next ) for ( ; *l != NULL; l = &(*l)->acl_next ) {
; /* NULL */ ; /* Empty */
}
*l = a; *l = a;
} }
@ -1842,20 +1856,13 @@ acl_append( AccessControl **l, AccessControl *a )
static void static void
access_free( Access *a ) access_free( Access *a )
{ {
if ( a->a_dn_pat.bv_val ) if ( a->a_dn_pat.bv_val ) free ( a->a_dn_pat.bv_val );
free ( a->a_dn_pat.bv_val ); if ( a->a_peername_pat.bv_val ) free ( a->a_peername_pat.bv_val );
if ( a->a_peername_pat.bv_val ) if ( a->a_sockname_pat.bv_val ) free ( a->a_sockname_pat.bv_val );
free ( a->a_peername_pat.bv_val ); if ( a->a_domain_pat.bv_val ) free ( a->a_domain_pat.bv_val );
if ( a->a_sockname_pat.bv_val ) if ( a->a_sockurl_pat.bv_val ) free ( a->a_sockurl_pat.bv_val );
free ( a->a_sockname_pat.bv_val ); if ( a->a_set_pat.bv_len ) free ( a->a_set_pat.bv_val );
if ( a->a_domain_pat.bv_val ) if ( a->a_group_pat.bv_len ) free ( a->a_group_pat.bv_val );
free ( a->a_domain_pat.bv_val );
if ( a->a_sockurl_pat.bv_val )
free ( a->a_sockurl_pat.bv_val );
if ( a->a_set_pat.bv_len )
free ( a->a_set_pat.bv_val );
if ( a->a_group_pat.bv_len )
free ( a->a_group_pat.bv_val );
free( a ); free( a );
} }
@ -1865,10 +1872,8 @@ acl_free( AccessControl *a )
Access *n; Access *n;
AttributeName *an; AttributeName *an;
if ( a->acl_filter ) if ( a->acl_filter ) filter_free( a->acl_filter );
filter_free( a->acl_filter ); if ( a->acl_dn_pat.bv_len ) free ( a->acl_dn_pat.bv_val );
if ( a->acl_dn_pat.bv_len )
free ( a->acl_dn_pat.bv_val );
if ( a->acl_attrs ) { if ( a->acl_attrs ) {
for ( an = a->acl_attrs; an->an_name.bv_val; an++ ) { for ( an = a->acl_attrs; an->an_name.bv_val; an++ ) {
free( an->an_name.bv_val ); free( an->an_name.bv_val );
@ -1960,10 +1965,10 @@ print_access( Access *b )
fprintf( stderr, "\tby" ); fprintf( stderr, "\tby" );
if ( b->a_dn_pat.bv_len != 0 ) { if ( b->a_dn_pat.bv_len != 0 ) {
if( strcmp(b->a_dn_pat.bv_val, "*") == 0 if( strcmp(b->a_dn_pat.bv_val, "*") == 0 ||
|| strcmp(b->a_dn_pat.bv_val, "users") == 0 strcmp(b->a_dn_pat.bv_val, "users") == 0 ||
|| strcmp(b->a_dn_pat.bv_val, "anonymous") == 0 strcmp(b->a_dn_pat.bv_val, "anonymous") == 0 ||
|| strcmp(b->a_dn_pat.bv_val, "self") == 0 ) strcmp(b->a_dn_pat.bv_val, "self") == 0 )
{ {
fprintf( stderr, " %s", b->a_dn_pat.bv_val ); fprintf( stderr, " %s", b->a_dn_pat.bv_val );
@ -2077,9 +2082,7 @@ print_acl( Backend *be, AccessControl *a )
fprintf( stderr, " attrs=" ); fprintf( stderr, " attrs=" );
for ( an = a->acl_attrs; an && an->an_name.bv_val; an++ ) { for ( an = a->acl_attrs; an && an->an_name.bv_val; an++ ) {
if ( ! first ) { if ( ! first ) fprintf( stderr, "," );
fprintf( stderr, "," );
}
if (an->an_oc) { if (an->an_oc) {
fputc( an->an_oc_exclude ? '!' : '@', stderr); fputc( an->an_oc_exclude ? '!' : '@', stderr);
} }
@ -2096,9 +2099,7 @@ print_acl( Backend *be, AccessControl *a )
} }
if( !to ) { if( !to ) fprintf( stderr, " *\n" );
fprintf( stderr, " *\n" );
}
for ( b = a->acl_access; b != NULL; b = b->a_next ) { for ( b = a->acl_access; b != NULL; b = b->a_next ) {
print_access( b ); print_access( b );
@ -2106,5 +2107,4 @@ print_acl( Backend *be, AccessControl *a )
fprintf( stderr, "\n" ); fprintf( stderr, "\n" );
} }
#endif /* LDAP_DEBUG */ #endif /* LDAP_DEBUG */