mirror of
https://git.openldap.org/openldap/openldap.git
synced 2026-01-02 04:59:39 -05:00
Added acl_unparse, slap_sasl_getpolicy
This commit is contained in:
Howard Chu
parent
b000d76f22
commit
e0ca6e386e
7 changed files with 253 additions and 91 deletions
|
|
@ -394,7 +394,7 @@ vd_access:
|
|||
"=> access_allowed: %s access %s by %s\n",
|
||||
access2str( access ),
|
||||
ACL_GRANT(mask, access) ? "granted" : "denied",
|
||||
accessmask2str( mask, accessmaskbuf ) );
|
||||
accessmask2str( mask, accessmaskbuf, 1 ) );
|
||||
|
||||
ret = ACL_GRANT(mask, access);
|
||||
|
||||
|
|
@ -678,7 +678,7 @@ acl_mask(
|
|||
"=> acl_mask: to %s by \"%s\", (%s) \n",
|
||||
val ? "value" : "all values",
|
||||
op->o_ndn.bv_val ? op->o_ndn.bv_val : "",
|
||||
accessmask2str( *mask, accessmaskbuf ) );
|
||||
accessmask2str( *mask, accessmaskbuf, 1) );
|
||||
|
||||
|
||||
if( state && ( state->as_recorded & ACL_STATE_RECORDED_VD )
|
||||
|
|
@ -1543,8 +1543,8 @@ dn_match_cleanup:;
|
|||
}
|
||||
}
|
||||
Debug(LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n",
|
||||
accessmask2str(tgrant,accessmaskbuf),
|
||||
accessmask2str(tdeny, accessmaskbuf1), 0);
|
||||
accessmask2str(tgrant,accessmaskbuf, 1),
|
||||
accessmask2str(tdeny, accessmaskbuf1, 1), 0);
|
||||
|
||||
}
|
||||
/* If the entry level aci didn't contain anything valid for the
|
||||
|
|
@ -1584,8 +1584,8 @@ dn_match_cleanup:;
|
|||
}
|
||||
}
|
||||
Debug(LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n",
|
||||
accessmask2str(tgrant,accessmaskbuf),
|
||||
accessmask2str(tdeny, accessmaskbuf1), 0);
|
||||
accessmask2str(tgrant,accessmaskbuf, 1),
|
||||
accessmask2str(tdeny, accessmaskbuf1, 1), 0);
|
||||
}
|
||||
break;
|
||||
|
||||
|
|
@ -1651,7 +1651,7 @@ dn_match_cleanup:;
|
|||
|
||||
Debug( LDAP_DEBUG_ACL,
|
||||
"<= acl_mask: [%d] applying %s (%s)\n",
|
||||
i, accessmask2str( modmask, accessmaskbuf ),
|
||||
i, accessmask2str( modmask, accessmaskbuf, 1 ),
|
||||
b->a_type == ACL_CONTINUE
|
||||
? "continue"
|
||||
: b->a_type == ACL_BREAK
|
||||
|
|
@ -1681,7 +1681,7 @@ dn_match_cleanup:;
|
|||
|
||||
Debug( LDAP_DEBUG_ACL,
|
||||
"<= acl_mask: [%d] mask: %s\n",
|
||||
i, accessmask2str(*mask, accessmaskbuf), 0 );
|
||||
i, accessmask2str(*mask, accessmaskbuf, 1), 0 );
|
||||
|
||||
if( b->a_type == ACL_CONTINUE ) {
|
||||
continue;
|
||||
|
|
@ -1699,7 +1699,7 @@ dn_match_cleanup:;
|
|||
|
||||
Debug( LDAP_DEBUG_ACL,
|
||||
"<= acl_mask: no more <who> clauses, returning %s (stop)\n",
|
||||
accessmask2str(*mask, accessmaskbuf), 0, 0 );
|
||||
accessmask2str(*mask, accessmaskbuf, 1), 0, 0 );
|
||||
return ACL_STOP;
|
||||
}
|
||||
|
||||
|
|
@ -2680,13 +2680,17 @@ dynacl_aci_parse( const char *fname, int lineno, slap_style_t sty, const char *r
|
|||
}
|
||||
|
||||
static int
|
||||
dynacl_aci_print( void *priv )
|
||||
dynacl_aci_unparse( void *priv, struct berval *bv )
|
||||
{
|
||||
AttributeDescription *ad = ( AttributeDescription * )priv;
|
||||
char *ptr;
|
||||
|
||||
assert( ad );
|
||||
|
||||
fprintf( stderr, " aci=%s", ad->ad_cname.bv_val );
|
||||
bv->bv_val = ch_malloc( STRLENOF(" aci=") + ad->ad_cname.bv_len + 1 );
|
||||
ptr = lutil_strcopy( bv->bv_val, " aci=" );
|
||||
ptr = lutil_strcopy( ptr, ad->ad_cname.bv_val );
|
||||
bv->bv_len = ptr - bv->bv_val;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -2736,8 +2740,8 @@ dynacl_aci_mask(
|
|||
}
|
||||
|
||||
Debug( LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n",
|
||||
accessmask2str( tgrant, accessmaskbuf ),
|
||||
accessmask2str( tdeny, accessmaskbuf1 ), 0 );
|
||||
accessmask2str( tgrant, accessmaskbuf, 1 ),
|
||||
accessmask2str( tdeny, accessmaskbuf1, 1 ), 0 );
|
||||
}
|
||||
|
||||
/* If the entry level aci didn't contain anything valid for the
|
||||
|
|
@ -2803,8 +2807,8 @@ dynacl_aci_mask(
|
|||
}
|
||||
}
|
||||
Debug( LDAP_DEBUG_ACL, "<= aci_mask grant %s deny %s\n",
|
||||
accessmask2str( tgrant, accessmaskbuf ),
|
||||
accessmask2str( tdeny, accessmaskbuf1 ), 0 );
|
||||
accessmask2str( tgrant, accessmaskbuf, 1 ),
|
||||
accessmask2str( tdeny, accessmaskbuf1, 1 ), 0 );
|
||||
}
|
||||
break;
|
||||
|
||||
|
|
@ -2844,7 +2848,7 @@ dynacl_aci_mask(
|
|||
static slap_dynacl_t dynacl_aci = {
|
||||
"aci",
|
||||
dynacl_aci_parse,
|
||||
dynacl_aci_print,
|
||||
dynacl_aci_unparse,
|
||||
dynacl_aci_mask,
|
||||
NULL,
|
||||
NULL,
|
||||
|
|
|
|||
|
|
@ -1699,7 +1699,7 @@ parse_acl(
|
|||
}
|
||||
|
||||
char *
|
||||
accessmask2str( slap_mask_t mask, char *buf )
|
||||
accessmask2str( slap_mask_t mask, char *buf, int debug )
|
||||
{
|
||||
int none = 1;
|
||||
char *ptr = buf;
|
||||
|
|
@ -1741,6 +1741,10 @@ accessmask2str( slap_mask_t mask, char *buf )
|
|||
ptr = lutil_strcopy( ptr, "unknown" );
|
||||
}
|
||||
|
||||
if ( !debug ) {
|
||||
*ptr = '\0';
|
||||
return buf;
|
||||
}
|
||||
*ptr++ = '(';
|
||||
}
|
||||
|
||||
|
|
@ -1795,7 +1799,7 @@ accessmask2str( slap_mask_t mask, char *buf )
|
|||
}
|
||||
|
||||
if ( none ) {
|
||||
*ptr++ = '0';
|
||||
ptr = buf;
|
||||
}
|
||||
|
||||
if ( ACL_IS_LEVEL( mask ) ) {
|
||||
|
|
@ -2137,59 +2141,83 @@ str2access( const char *str )
|
|||
return( ACL_INVALID_ACCESS );
|
||||
}
|
||||
|
||||
#ifdef LDAP_DEBUG
|
||||
#define ACLBUF_MAXLEN 8192
|
||||
|
||||
static void
|
||||
print_access( Access *b )
|
||||
static char aclbuf[ACLBUF_MAXLEN];
|
||||
|
||||
static char *
|
||||
access2text( Access *b, char *ptr )
|
||||
{
|
||||
char maskbuf[ACCESSMASK_MAXLEN];
|
||||
|
||||
fprintf( stderr, "\tby" );
|
||||
ptr = lutil_strcopy( ptr, "\tby" );
|
||||
|
||||
if ( !BER_BVISEMPTY( &b->a_dn_pat ) ) {
|
||||
*ptr++ = ' ';
|
||||
if ( ber_bvccmp( &b->a_dn_pat, '*' ) ||
|
||||
b->a_dn_style == ACL_STYLE_ANONYMOUS /* strcmp( b->a_dn_pat.bv_val, "anonymous" ) == 0 */ ||
|
||||
b->a_dn_style == ACL_STYLE_USERS /* strcmp( b->a_dn_pat.bv_val, "users" ) == 0 */ ||
|
||||
b->a_dn_style == ACL_STYLE_SELF /* strcmp( b->a_dn_pat.bv_val, "self" ) == 0 */ )
|
||||
b->a_dn_style == ACL_STYLE_ANONYMOUS ||
|
||||
b->a_dn_style == ACL_STYLE_USERS ||
|
||||
b->a_dn_style == ACL_STYLE_SELF )
|
||||
{
|
||||
fprintf( stderr, " %s", b->a_dn_pat.bv_val );
|
||||
ptr = lutil_strcopy( ptr, b->a_dn_pat.bv_val );
|
||||
|
||||
} else {
|
||||
fprintf( stderr, " dn.%s=\"%s\"",
|
||||
style_strings[b->a_dn_style], b->a_dn_pat.bv_val );
|
||||
ptr = lutil_strcopy( ptr, "dn." );
|
||||
ptr = lutil_strcopy( ptr, style_strings[b->a_dn_style] );
|
||||
*ptr++ = '=';
|
||||
*ptr++ = '"';
|
||||
ptr = lutil_strcopy( ptr, b->a_dn_pat.bv_val );
|
||||
*ptr++ = '"';
|
||||
}
|
||||
}
|
||||
|
||||
if ( b->a_dn_at != NULL ) {
|
||||
fprintf( stderr, " dnattr=%s", b->a_dn_at->ad_cname.bv_val );
|
||||
ptr = lutil_strcopy( ptr, " dnattr=" );
|
||||
ptr = lutil_strcopy( ptr, b->a_dn_at->ad_cname.bv_val );
|
||||
}
|
||||
|
||||
if ( !BER_BVISEMPTY( &b->a_group_pat ) ) {
|
||||
fprintf( stderr, " group/%s/%s.%s=\"%s\"",
|
||||
b->a_group_oc ? b->a_group_oc->soc_cname.bv_val : "groupOfNames",
|
||||
b->a_group_at ? b->a_group_at->ad_cname.bv_val : "member",
|
||||
style_strings[b->a_group_style],
|
||||
b->a_group_pat.bv_val );
|
||||
ptr = lutil_strcopy( ptr, " group/" );
|
||||
ptr = lutil_strcopy( ptr, b->a_group_oc ?
|
||||
b->a_group_oc->soc_cname.bv_val : "groupOfNames" );
|
||||
*ptr++ = '/';
|
||||
ptr = lutil_strcopy( ptr, b->a_group_at ?
|
||||
b->a_group_at->ad_cname.bv_val : "member" );
|
||||
*ptr++ = '.';
|
||||
ptr = lutil_strcopy( ptr, style_strings[b->a_group_style] );
|
||||
*ptr++ = '=';
|
||||
*ptr++ = '"';
|
||||
ptr = lutil_strcopy( ptr, b->a_group_pat.bv_val );
|
||||
*ptr++ = '"';
|
||||
}
|
||||
|
||||
if ( !BER_BVISEMPTY( &b->a_peername_pat ) ) {
|
||||
fprintf( stderr, " peername=\"%s\"", b->a_peername_pat.bv_val );
|
||||
ptr = lutil_strcopy( ptr, " peername=\"" );
|
||||
ptr = lutil_strcopy( ptr, b->a_peername_pat.bv_val );
|
||||
*ptr++ = '"';
|
||||
}
|
||||
|
||||
if ( !BER_BVISEMPTY( &b->a_sockname_pat ) ) {
|
||||
fprintf( stderr, " sockname=\"%s\"", b->a_sockname_pat.bv_val );
|
||||
ptr = lutil_strcopy( ptr, " sockname=\"" );
|
||||
ptr = lutil_strcopy( ptr, b->a_sockname_pat.bv_val );
|
||||
*ptr++ = '"';
|
||||
}
|
||||
|
||||
if ( !BER_BVISEMPTY( &b->a_domain_pat ) ) {
|
||||
fprintf( stderr, " domain=%s", b->a_domain_pat.bv_val );
|
||||
ptr = lutil_strcopy( ptr, " domain=" );
|
||||
ptr = lutil_strcopy( ptr, b->a_domain_pat.bv_val );
|
||||
}
|
||||
|
||||
if ( !BER_BVISEMPTY( &b->a_sockurl_pat ) ) {
|
||||
fprintf( stderr, " sockurl=\"%s\"", b->a_sockurl_pat.bv_val );
|
||||
ptr = lutil_strcopy( ptr, " sockurl=\"" );
|
||||
ptr = lutil_strcopy( ptr, b->a_sockurl_pat.bv_val );
|
||||
*ptr++ = '"';
|
||||
}
|
||||
|
||||
if ( !BER_BVISEMPTY( &b->a_set_pat ) ) {
|
||||
fprintf( stderr, " set=\"%s\"", b->a_set_pat.bv_val );
|
||||
ptr = lutil_strcopy( ptr, " set=\"" );
|
||||
ptr = lutil_strcopy( ptr, b->a_set_pat.bv_val );
|
||||
*ptr++ = '"';
|
||||
}
|
||||
|
||||
#ifdef SLAP_DYNACL
|
||||
|
|
@ -2197,68 +2225,84 @@ print_access( Access *b )
|
|||
slap_dynacl_t *da;
|
||||
|
||||
for ( da = b->a_dynacl; da; da = da->da_next ) {
|
||||
if ( da->da_print ) {
|
||||
(void)( *da->da_print )( da->da_private );
|
||||
if ( da->da_unparse ) {
|
||||
struct berval bv;
|
||||
(void)( *da->da_unparse )( da->da_private, &bv );
|
||||
ptr = lutil_strcopy( ptr, bv.bv_val );
|
||||
ch_free( bv.bv_val );
|
||||
}
|
||||
}
|
||||
}
|
||||
#else /* ! SLAP_DYNACL */
|
||||
#ifdef SLAPD_ACI_ENABLED
|
||||
if ( b->a_aci_at != NULL ) {
|
||||
fprintf( stderr, " aci=%s", b->a_aci_at->ad_cname.bv_val );
|
||||
ptr = lutil_strcopy( ptr, " aci=" );
|
||||
ptr = lutil_strcopy( ptr, b->a_aci_at->ad_cname.bv_val );
|
||||
}
|
||||
#endif
|
||||
#endif /* SLAP_DYNACL */
|
||||
|
||||
/* Security Strength Factors */
|
||||
if ( b->a_authz.sai_ssf ) {
|
||||
fprintf( stderr, " ssf=%u",
|
||||
ptr += sprintf( ptr, " ssf=%u",
|
||||
b->a_authz.sai_ssf );
|
||||
}
|
||||
if ( b->a_authz.sai_transport_ssf ) {
|
||||
fprintf( stderr, " transport_ssf=%u",
|
||||
ptr += sprintf( ptr, " transport_ssf=%u",
|
||||
b->a_authz.sai_transport_ssf );
|
||||
}
|
||||
if ( b->a_authz.sai_tls_ssf ) {
|
||||
fprintf( stderr, " tls_ssf=%u",
|
||||
ptr += sprintf( ptr, " tls_ssf=%u",
|
||||
b->a_authz.sai_tls_ssf );
|
||||
}
|
||||
if ( b->a_authz.sai_sasl_ssf ) {
|
||||
fprintf( stderr, " sasl_ssf=%u",
|
||||
ptr += sprintf( ptr, " sasl_ssf=%u",
|
||||
b->a_authz.sai_sasl_ssf );
|
||||
}
|
||||
|
||||
fprintf( stderr, " %s%s",
|
||||
b->a_dn_self ? "self" : "",
|
||||
accessmask2str( b->a_access_mask, maskbuf ) );
|
||||
*ptr++ = ' ';
|
||||
if ( b->a_dn_self ) ptr = lutil_strcopy( ptr, "self" );
|
||||
ptr = lutil_strcopy( ptr, accessmask2str( b->a_access_mask, maskbuf, 0 ));
|
||||
if ( !maskbuf[0] ) ptr--;
|
||||
|
||||
if( b->a_type == ACL_BREAK ) {
|
||||
fprintf( stderr, " break" );
|
||||
ptr = lutil_strcopy( ptr, " break" );
|
||||
|
||||
} else if( b->a_type == ACL_CONTINUE ) {
|
||||
fprintf( stderr, " continue" );
|
||||
ptr = lutil_strcopy( ptr, " continue" );
|
||||
|
||||
} else if( b->a_type != ACL_STOP ) {
|
||||
fprintf( stderr, " unknown-control" );
|
||||
ptr = lutil_strcopy( ptr, " unknown-control" );
|
||||
} else {
|
||||
if ( !maskbuf[0] ) ptr = lutil_strcopy( ptr, " stop" );
|
||||
}
|
||||
*ptr++ = '\n';
|
||||
|
||||
fprintf( stderr, "\n" );
|
||||
return ptr;
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
print_acl( Backend *be, AccessControl *a )
|
||||
void
|
||||
acl_unparse( AccessControl *a, struct berval *bv )
|
||||
{
|
||||
Access *b;
|
||||
char *ptr;
|
||||
int to = 0;
|
||||
Access *b;
|
||||
struct berval abv;
|
||||
|
||||
fprintf( stderr, "%s ACL: access to",
|
||||
be == NULL ? "Global" : "Backend" );
|
||||
bv->bv_val = aclbuf;
|
||||
bv->bv_len = 0;
|
||||
|
||||
if ( !BER_BVISEMPTY( &a->acl_dn_pat ) ) {
|
||||
ptr = bv->bv_val;
|
||||
|
||||
ptr = lutil_strcopy( ptr, "access to" );
|
||||
if ( !BER_BVISNULL( &a->acl_dn_pat ) ) {
|
||||
to++;
|
||||
fprintf( stderr, " dn.%s=\"%s\"\n",
|
||||
style_strings[a->acl_dn_style], a->acl_dn_pat.bv_val );
|
||||
ptr = lutil_strcopy( ptr, " dn." );
|
||||
ptr = lutil_strcopy( ptr, style_strings[a->acl_dn_style] );
|
||||
*ptr++ = '=';
|
||||
*ptr++ = '"';
|
||||
ptr = lutil_strcopy( ptr, a->acl_dn_pat.bv_val );
|
||||
ptr = lutil_strcopy( ptr, "\"\n" );
|
||||
}
|
||||
|
||||
if ( a->acl_filter != NULL ) {
|
||||
|
|
@ -2266,7 +2310,10 @@ print_acl( Backend *be, AccessControl *a )
|
|||
|
||||
to++;
|
||||
filter2bv( a->acl_filter, &bv );
|
||||
fprintf( stderr, " filter=%s\n", bv.bv_val );
|
||||
ptr = lutil_strcopy( ptr, " filter=\"" );
|
||||
ptr = lutil_strcopy( ptr, bv.bv_val );
|
||||
*ptr++ = '"';
|
||||
*ptr++ = '\n';
|
||||
ch_free( bv.bv_val );
|
||||
}
|
||||
|
||||
|
|
@ -2275,34 +2322,54 @@ print_acl( Backend *be, AccessControl *a )
|
|||
AttributeName *an;
|
||||
to++;
|
||||
|
||||
fprintf( stderr, " attrs=" );
|
||||
ptr = lutil_strcopy( ptr, " attrs=" );
|
||||
for ( an = a->acl_attrs; an && !BER_BVISNULL( &an->an_name ); an++ ) {
|
||||
if ( ! first ) fprintf( stderr, "," );
|
||||
if ( ! first ) *ptr++ = ',';
|
||||
if (an->an_oc) {
|
||||
fputc( an->an_oc_exclude ? '!' : '@', stderr);
|
||||
fputs( an->an_oc->soc_cname.bv_val, stderr );
|
||||
*ptr++ = an->an_oc_exclude ? '!' : '@';
|
||||
ptr = lutil_strcopy( ptr, an->an_oc->soc_cname.bv_val );
|
||||
|
||||
} else {
|
||||
fputs( an->an_name.bv_val, stderr );
|
||||
ptr = lutil_strcopy( ptr, an->an_name.bv_val );
|
||||
}
|
||||
first = 0;
|
||||
}
|
||||
fprintf( stderr, "\n" );
|
||||
*ptr++ = '\n';
|
||||
}
|
||||
|
||||
if ( !BER_BVISEMPTY( &a->acl_attrval ) ) {
|
||||
to++;
|
||||
fprintf( stderr, " val.%s=\"%s\"\n",
|
||||
style_strings[a->acl_attrval_style], a->acl_attrval.bv_val );
|
||||
|
||||
ptr = lutil_strcopy( ptr, " val." );
|
||||
ptr = lutil_strcopy( ptr, style_strings[a->acl_attrval_style] );
|
||||
*ptr++ = '=';
|
||||
*ptr++ = '"';
|
||||
ptr = lutil_strcopy( ptr, a->acl_attrval.bv_val );
|
||||
*ptr++ = '"';
|
||||
*ptr++ = '\n';
|
||||
}
|
||||
|
||||
if( !to ) fprintf( stderr, " *\n" );
|
||||
if( !to ) {
|
||||
ptr = lutil_strcopy( ptr, " *\n" );
|
||||
}
|
||||
|
||||
for ( b = a->acl_access; b != NULL; b = b->a_next ) {
|
||||
print_access( b );
|
||||
ptr = access2text( b, ptr );
|
||||
}
|
||||
*ptr = '\0';
|
||||
bv->bv_len = ptr - bv->bv_val;
|
||||
}
|
||||
|
||||
fprintf( stderr, "\n" );
|
||||
#ifdef LDAP_DEBUG
|
||||
|
||||
static void
|
||||
print_acl( Backend *be, AccessControl *a )
|
||||
{
|
||||
int to = 0;
|
||||
Access *b;
|
||||
struct berval bv;
|
||||
|
||||
acl_unparse( a, &bv );
|
||||
fprintf( stderr, "%s ACL: %s\n",
|
||||
be == NULL ? "Global" : "Backend", bv.bv_val );
|
||||
}
|
||||
#endif /* LDAP_DEBUG */
|
||||
|
|
|
|||
|
|
@ -60,6 +60,8 @@ char *global_host = NULL;
|
|||
char *global_realm = NULL;
|
||||
char *ldap_srvtab = "";
|
||||
char **default_passwd_hash = NULL;
|
||||
char *passwd_salt;
|
||||
char *logfileName;
|
||||
struct berval default_search_base = BER_BVNULL;
|
||||
struct berval default_search_nbase = BER_BVNULL;
|
||||
|
||||
|
|
@ -230,7 +232,7 @@ static ConfigTable SystemConfiguration[] = {
|
|||
"( OLcfgAt:6 NAME 'olcAuthRewrite' "
|
||||
"EQUALITY caseIgnoreMatch "
|
||||
"SYNTAX OMsDirectoryString )", NULL, NULL },
|
||||
{ "authz-policy", "policy", 2, 2, 0, ARG_MAGIC|CFG_AZPOLICY,
|
||||
{ "authz-policy", "policy", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_AZPOLICY,
|
||||
&config_generic, "( OLcfgAt:7 NAME 'olcAuthzPolicy' "
|
||||
"EQUALITY caseIgnoreMatch "
|
||||
"SYNTAX OMsDirectoryString )", NULL, NULL },
|
||||
|
|
@ -302,7 +304,7 @@ static ConfigTable SystemConfiguration[] = {
|
|||
{ "localSSF", "ssf", 2, 2, 0, ARG_LONG,
|
||||
&local_ssf, "( OLcfgAt:26 NAME 'olcLocalSSF' "
|
||||
"SYNTAX OMsInteger )", NULL, NULL },
|
||||
{ "logfile", "file", 2, 2, 0, ARG_MAGIC|CFG_LOGFILE,
|
||||
{ "logfile", "file", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_LOGFILE,
|
||||
&config_generic, "( OLcfgAt:27 NAME 'olcLogFile' "
|
||||
"SYNTAX OMsDirectoryString )", NULL, NULL },
|
||||
{ "loglevel", "level", 2, 0, 0, ARG_MAGIC,
|
||||
|
|
@ -336,7 +338,7 @@ static ConfigTable SystemConfiguration[] = {
|
|||
{ "overlay", "overlay", 2, 2, 0, ARG_MAGIC,
|
||||
&config_overlay, "( OLcfgAt:34 NAME 'olcOverlay' "
|
||||
"SUP olcDatabase )", NULL, NULL },
|
||||
{ "password-crypt-salt-format", "salt", 2, 2, 0, ARG_MAGIC|CFG_SALT,
|
||||
{ "password-crypt-salt-format", "salt", 2, 2, 0, ARG_STRING|ARG_MAGIC|CFG_SALT,
|
||||
&config_generic, "( OLcfgAt:35 NAME 'olcPasswordCryptSaltFormat' "
|
||||
"SYNTAX OMsDirectoryString )", NULL, NULL },
|
||||
{ "password-hash", "hash", 2, 2, 0, ARG_MAGIC,
|
||||
|
|
@ -958,17 +960,65 @@ config_generic(ConfigArgs *c) {
|
|||
c->value_int = ldap_pvt_thread_get_concurrency();
|
||||
break;
|
||||
case CFG_THREADS:
|
||||
c->value_int = connection_pool_max; break;
|
||||
c->value_int = connection_pool_max;
|
||||
break;
|
||||
case CFG_SALT:
|
||||
if ( passwd_salt )
|
||||
c->value_string = passwd_salt;
|
||||
else
|
||||
rc = 1;
|
||||
break;
|
||||
case CFG_LIMITS:
|
||||
rc = 1;
|
||||
break;
|
||||
case CFG_RO:
|
||||
c->value_int = (c->be->be_restrictops & SLAP_RESTRICT_OP_WRITES) != 0;
|
||||
break;
|
||||
case CFG_AZPOLICY:
|
||||
c->value_string = (char *)slap_sasl_getpolicy();
|
||||
break;
|
||||
case CFG_AZREGEXP:
|
||||
rc = 1;
|
||||
break;
|
||||
#ifdef HAVE_CYRUS_SASL
|
||||
case CFG_SASLSECP:
|
||||
rc = 1;
|
||||
break;
|
||||
#endif
|
||||
case CFG_DEPTH:
|
||||
c->value_int = c->be->be_max_deref_depth;
|
||||
break;
|
||||
case CFG_OID:
|
||||
rc = 1;
|
||||
break;
|
||||
case CFG_CHECK:
|
||||
c->value_int = global_schemacheck;
|
||||
break;
|
||||
case CFG_ACL: {
|
||||
AccessControl *a;
|
||||
char *src, *dst, ibuf[11];
|
||||
struct berval bv, abv;
|
||||
for (i=0, a=c->be->be_acl; a; i++,a=a->acl_next) {
|
||||
abv.bv_len = sprintf( ibuf, "{%x}", i );
|
||||
acl_unparse( a, &bv );
|
||||
abv.bv_val = ch_malloc( abv.bv_len + bv.bv_len + 1 );
|
||||
AC_MEMCPY( abv.bv_val, ibuf, abv.bv_len );
|
||||
/* Turn TAB / EOL into plain space */
|
||||
for (src=bv.bv_val,dst=abv.bv_val+abv.bv_len; *src; src++) {
|
||||
if (isspace(*src)) *dst++ = ' ';
|
||||
else *dst++ = *src;
|
||||
}
|
||||
*dst = '\0';
|
||||
if (dst[-1] == ' ') {
|
||||
dst--;
|
||||
*dst = '\0';
|
||||
}
|
||||
abv.bv_len = dst - abv.bv_val;
|
||||
ber_bvarray_add( &c->rvalue_vals, &abv );
|
||||
}
|
||||
rc = (!i);
|
||||
break;
|
||||
}
|
||||
case CFG_REPLOG:
|
||||
c->value_string = c->be->be_replogfile;
|
||||
break;
|
||||
|
|
@ -981,6 +1031,12 @@ config_generic(ConfigArgs *c) {
|
|||
}
|
||||
}
|
||||
break;
|
||||
case CFG_LOGFILE:
|
||||
if ( logfileName )
|
||||
c->value_string = logfileName;
|
||||
else
|
||||
rc = 1;
|
||||
break;
|
||||
case CFG_LASTMOD:
|
||||
c->value_int = (SLAP_NOLASTMOD(c->be) == 0);
|
||||
break;
|
||||
|
|
@ -990,6 +1046,22 @@ config_generic(ConfigArgs *c) {
|
|||
case CFG_SSTR_IF_MIN:
|
||||
c->value_int = index_substr_if_minlen;
|
||||
break;
|
||||
#ifdef SLAPD_MODULES
|
||||
case CFG_MODLOAD:
|
||||
case CFG_MODPATH:
|
||||
rc = 1;
|
||||
break;
|
||||
#endif
|
||||
#ifdef LDAP_SLAPI
|
||||
case CFG_PLUGIN:
|
||||
rc = 1;
|
||||
break;
|
||||
#endif
|
||||
#ifdef SLAP_AUTH_REWRITE
|
||||
case CFG_REWRITE:
|
||||
rc = 1;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
rc = 1;
|
||||
}
|
||||
|
|
@ -1030,7 +1102,9 @@ config_generic(ConfigArgs *c) {
|
|||
break;
|
||||
|
||||
case CFG_SALT:
|
||||
lutil_salt_format(c->argv[1]);
|
||||
if ( passwd_salt ) ch_free( passwd_salt );
|
||||
passwd_salt = c->value_string;
|
||||
lutil_salt_format(passwd_salt);
|
||||
break;
|
||||
|
||||
case CFG_LIMITS:
|
||||
|
|
@ -1046,6 +1120,7 @@ config_generic(ConfigArgs *c) {
|
|||
break;
|
||||
|
||||
case CFG_AZPOLICY:
|
||||
ch_free(c->value_string);
|
||||
if (slap_sasl_setpolicy( c->argv[1] )) {
|
||||
Debug(LDAP_DEBUG_ANY, "%s: unable to parse value \"%s\" in"
|
||||
" \"authz-policy <policy>\"\n",
|
||||
|
|
@ -1137,7 +1212,9 @@ config_generic(ConfigArgs *c) {
|
|||
break;
|
||||
|
||||
case CFG_LOGFILE: {
|
||||
FILE *logfile = fopen(c->argv[1], "w");
|
||||
if ( logfileName ) ch_free( logfileName );
|
||||
logfileName = c->value_string;
|
||||
FILE *logfile = fopen(logfileName, "w");
|
||||
if(logfile) lutil_debug_file(logfile);
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -63,8 +63,9 @@ LDAP_SLAPD_F (char *) access2str LDAP_P(( slap_access_t access ));
|
|||
LDAP_SLAPD_F (slap_access_t) str2access LDAP_P(( const char *str ));
|
||||
|
||||
#define ACCESSMASK_MAXLEN sizeof("unknown (+wrscan)")
|
||||
LDAP_SLAPD_F (char *) accessmask2str LDAP_P(( slap_mask_t mask, char* ));
|
||||
LDAP_SLAPD_F (char *) accessmask2str LDAP_P(( slap_mask_t mask, char*, int debug ));
|
||||
LDAP_SLAPD_F (slap_mask_t) str2accessmask LDAP_P(( const char *str ));
|
||||
LDAP_SLAPD_F (void) acl_unparse LDAP_P(( AccessControl*, struct berval* ));
|
||||
LDAP_SLAPD_F (void) acl_destroy LDAP_P(( AccessControl*, AccessControl* ));
|
||||
LDAP_SLAPD_F (void) acl_free LDAP_P(( AccessControl *a ));
|
||||
|
||||
|
|
@ -1171,6 +1172,7 @@ LDAP_SLAPD_F (int) slap_sasl_authorized LDAP_P((
|
|||
LDAP_SLAPD_F (int) slap_sasl_regexp_config LDAP_P((
|
||||
const char *match, const char *replace ));
|
||||
LDAP_SLAPD_F (int) slap_sasl_setpolicy LDAP_P(( const char * ));
|
||||
LDAP_SLAPD_F (const char *) slap_sasl_getpolicy LDAP_P(( void ));
|
||||
#ifdef SLAP_AUTH_REWRITE
|
||||
LDAP_SLAPD_F (int) slap_sasl_rewrite_config LDAP_P((
|
||||
const char *fname,
|
||||
|
|
|
|||
|
|
@ -87,6 +87,10 @@ struct rewrite_info *sasl_rwinfo = NULL;
|
|||
#define SASL_AUTHZ_TO 0x02
|
||||
#define SASL_AUTHZ_AND 0x10
|
||||
|
||||
static const char *policy_txt[] = {
|
||||
"none", "from", "to", "any"
|
||||
};
|
||||
|
||||
static int authz_policy = SASL_AUTHZ_NONE;
|
||||
|
||||
static
|
||||
|
|
@ -113,6 +117,14 @@ int slap_sasl_setpolicy( const char *arg )
|
|||
return rc;
|
||||
}
|
||||
|
||||
const char * slap_sasl_getpolicy()
|
||||
{
|
||||
if ( authz_policy == (SASL_AUTHZ_FROM | SASL_AUTHZ_TO | SASL_AUTHZ_AND) )
|
||||
return "all";
|
||||
else
|
||||
return policy_txt[authz_policy];
|
||||
}
|
||||
|
||||
int slap_parse_user( struct berval *id, struct berval *user,
|
||||
struct berval *realm, struct berval *mech )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1186,9 +1186,9 @@ struct slap_op;
|
|||
/*
|
||||
* "dynamic" ACL infrastructure (for ACIs and more)
|
||||
*/
|
||||
typedef int (*slap_dynacl_parse)( const char *fname, int lineno, slap_style_t, const char *, void **privp );
|
||||
typedef int (*slap_dynacl_print)( void *priv );
|
||||
typedef int (*slap_dynacl_mask)(
|
||||
typedef int (slap_dynacl_parse)( const char *fname, int lineno, slap_style_t, const char *, void **privp );
|
||||
typedef int (slap_dynacl_unparse)( void *priv, struct berval *bv );
|
||||
typedef int (slap_dynacl_mask)(
|
||||
void *priv,
|
||||
struct slap_op *op,
|
||||
Entry *e,
|
||||
|
|
@ -1198,14 +1198,14 @@ typedef int (*slap_dynacl_mask)(
|
|||
regmatch_t *matches,
|
||||
slap_access_t *grant,
|
||||
slap_access_t *deny );
|
||||
typedef int (*slap_dynacl_destroy)( void *priv );
|
||||
typedef int (slap_dynacl_destroy)( void *priv );
|
||||
|
||||
typedef struct slap_dynacl_t {
|
||||
char *da_name;
|
||||
slap_dynacl_parse da_parse;
|
||||
slap_dynacl_print da_print;
|
||||
slap_dynacl_mask da_mask;
|
||||
slap_dynacl_destroy da_destroy;
|
||||
slap_dynacl_parse *da_parse;
|
||||
slap_dynacl_unparse *da_unparse;
|
||||
slap_dynacl_mask *da_mask;
|
||||
slap_dynacl_destroy *da_destroy;
|
||||
|
||||
void *da_private;
|
||||
struct slap_dynacl_t *da_next;
|
||||
|
|
|
|||
|
|
@ -169,7 +169,7 @@ slapacl( int argc, char **argv )
|
|||
desc->ad_cname.bv_val,
|
||||
val.bv_val ? "=" : "",
|
||||
val.bv_val ? val.bv_val : "",
|
||||
accessmask2str( mask, accessmaskbuf ) );
|
||||
accessmask2str( mask, accessmaskbuf, 1 ) );
|
||||
}
|
||||
rc = 0;
|
||||
attr = NULL;
|
||||
|
|
|
|||
Loading…
Reference in a new issue