mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-01-06 10:46:21 +08:00
allow setting misc params used by ACL checking
This commit is contained in:
parent
94a9f84895
commit
83bb1c93cb
@ -39,7 +39,8 @@ slapacl( int argc, char **argv )
|
||||
{
|
||||
int rc = EXIT_SUCCESS;
|
||||
const char *progname = "slapacl";
|
||||
Connection conn = {0};
|
||||
Connection conn = { 0 };
|
||||
Listener listener;
|
||||
char opbuf[OPERATION_BUFFER_SIZE];
|
||||
Operation *op;
|
||||
Entry e = { 0 };
|
||||
@ -53,6 +54,16 @@ slapacl( int argc, char **argv )
|
||||
op = (Operation *)opbuf;
|
||||
connection_fake_init( &conn, op, &conn );
|
||||
|
||||
conn.c_listener = &listener;
|
||||
conn.c_listener_url = listener_url;
|
||||
conn.c_peer_domain = peer_domain;
|
||||
conn.c_peer_name = peer_name;
|
||||
conn.c_sock_name = sock_name;
|
||||
op->o_ssf = ssf;
|
||||
op->o_transport_ssf = transport_ssf;
|
||||
op->o_tls_ssf = tls_ssf;
|
||||
op->o_sasl_ssf = sasl_ssf;
|
||||
|
||||
if ( !BER_BVISNULL( &authcID ) ) {
|
||||
rc = slap_sasl_getdn( &conn, op, &authcID, NULL,
|
||||
&authcDN, SLAP_GETDN_AUTHCID );
|
||||
|
@ -55,7 +55,8 @@ usage( int tool, const char *progname )
|
||||
switch( tool ) {
|
||||
case SLAPACL:
|
||||
options = "\n\t[-U authcID | -D authcDN]"
|
||||
" -b DN [attr[/access][:value]] [...]\n";
|
||||
" -b DN -o <var>[=<val>]"
|
||||
"\n\t[attr[/access][:value]] [...]\n";
|
||||
break;
|
||||
|
||||
case SLAPADD:
|
||||
@ -91,6 +92,62 @@ usage( int tool, const char *progname )
|
||||
exit( EXIT_FAILURE );
|
||||
}
|
||||
|
||||
static int
|
||||
parse_slapacl( void )
|
||||
{
|
||||
size_t len;
|
||||
char *p;
|
||||
|
||||
p = strchr( optarg, '=' );
|
||||
if ( p == NULL ) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
len = p - optarg;
|
||||
p++;
|
||||
|
||||
if ( strncasecmp( optarg, "sockurl", len ) == 0 ) {
|
||||
if ( !BER_BVISNULL( &listener_url ) ) {
|
||||
ber_memfree( listener_url.bv_val );
|
||||
}
|
||||
ber_str2bv( p, 0, 1, &listener_url );
|
||||
|
||||
} else if ( strncasecmp( optarg, "domain", len ) == 0 ) {
|
||||
if ( !BER_BVISNULL( &peer_domain ) ) {
|
||||
ber_memfree( peer_domain.bv_val );
|
||||
}
|
||||
ber_str2bv( p, 0, 1, &peer_domain );
|
||||
|
||||
} else if ( strncasecmp( optarg, "peername", len ) == 0 ) {
|
||||
if ( !BER_BVISNULL( &peer_name ) ) {
|
||||
ber_memfree( peer_name.bv_val );
|
||||
}
|
||||
ber_str2bv( p, 0, 1, &peer_name );
|
||||
|
||||
} else if ( strncasecmp( optarg, "sockname", len ) == 0 ) {
|
||||
if ( !BER_BVISNULL( &sock_name ) ) {
|
||||
ber_memfree( sock_name.bv_val );
|
||||
}
|
||||
ber_str2bv( p, 0, 1, &sock_name );
|
||||
|
||||
} else if ( strncasecmp( optarg, "ssf", len ) == 0 ) {
|
||||
ssf = atoi( p );
|
||||
|
||||
} else if ( strncasecmp( optarg, "transport_ssf", len ) == 0 ) {
|
||||
transport_ssf = atoi( p );
|
||||
|
||||
} else if ( strncasecmp( optarg, "tls_ssf", len ) == 0 ) {
|
||||
tls_ssf = atoi( p );
|
||||
|
||||
} else if ( strncasecmp( optarg, "sasl_ssf", len ) == 0 ) {
|
||||
sasl_ssf = atoi( p );
|
||||
|
||||
} else {
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* slap_tool_init - initialize slap utility, handle program options.
|
||||
@ -157,7 +214,7 @@ slap_tool_init(
|
||||
break;
|
||||
|
||||
case SLAPACL:
|
||||
options = "b:D:d:f:F:U:v";
|
||||
options = "b:D:d:f:F:o:U:v";
|
||||
mode |= SLAP_TOOL_READMAIN | SLAP_TOOL_READONLY;
|
||||
break;
|
||||
|
||||
@ -209,6 +266,12 @@ slap_tool_init(
|
||||
dbnum = atoi( optarg );
|
||||
break;
|
||||
|
||||
case 'o':
|
||||
if ( parse_slapacl() ) {
|
||||
usage( tool, progname );
|
||||
}
|
||||
break;
|
||||
|
||||
case 'q': /* turn on quick */
|
||||
mode |= SLAP_TOOL_QUICK;
|
||||
break;
|
||||
|
@ -48,6 +48,14 @@ typedef struct tool_vars {
|
||||
struct berval tv_authzID;
|
||||
struct berval tv_mech;
|
||||
char *tv_realm;
|
||||
struct berval tv_listener_url;
|
||||
struct berval tv_peer_domain;
|
||||
struct berval tv_peer_name;
|
||||
struct berval tv_sock_name;
|
||||
slap_ssf_t tv_ssf;
|
||||
slap_ssf_t tv_transport_ssf;
|
||||
slap_ssf_t tv_tls_ssf;
|
||||
slap_ssf_t tv_sasl_ssf;
|
||||
} tool_vars;
|
||||
|
||||
extern tool_vars tool_globals;
|
||||
@ -67,6 +75,14 @@ extern tool_vars tool_globals;
|
||||
#define authzID tool_globals.tv_authzID
|
||||
#define mech tool_globals.tv_mech
|
||||
#define realm tool_globals.tv_realm
|
||||
#define listener_url tool_globals.tv_listener_url
|
||||
#define peer_domain tool_globals.tv_peer_domain
|
||||
#define peer_name tool_globals.tv_peer_name
|
||||
#define sock_name tool_globals.tv_sock_name
|
||||
#define ssf tool_globals.tv_ssf
|
||||
#define transport_ssf tool_globals.tv_transport_ssf
|
||||
#define tls_ssf tool_globals.tv_tls_ssf
|
||||
#define sasl_ssf tool_globals.tv_sasl_ssf
|
||||
|
||||
void slap_tool_init LDAP_P((
|
||||
const char* name,
|
||||
|
Loading…
Reference in New Issue
Block a user