[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
patches for ACL debugging
I found the following changes useful in debugging ACL's when using
the ACL group features. They adjust:
1) the acl_usage message to include group syntax.
2) the debugging output of ACL's to include the access level.
3) the output of how the $N variables from the dn= pattern are set.
You're welcome to them if you find them useful.
Brad
*** ./servers/slapd/aclparse.c.orig Wed Dec 30 14:37:02 1998
--- ./servers/slapd/aclparse.c Fri Jan 22 00:21:58 1999
***************
*** 367,376 ****
acl_usage( void )
{
fprintf( stderr, "\n<access clause> ::= access to <what> [ by <who> <access> ]+ \n" );
! fprintf( stderr, "<what> ::= * | [dn=<regex>] [filter=<ldapfilter>] [attrs=<attrlist>]\n" );
fprintf( stderr, "<attrlist> ::= <attr> | <attr> , <attrlist>\n" );
fprintf( stderr, "<attr> ::= <attrname> | entry | children\n" );
fprintf( stderr, "<who> ::= * | self | dn=<regex> | addr=<regex> |\n\tdomain=<regex> | dnattr=<dnattrname>\n" );
fprintf( stderr, "<access> ::= [self]{none | compare | search | read | write }\n" );
exit( 1 );
}
--- 367,381 ----
acl_usage( void )
{
fprintf( stderr, "\n<access clause> ::= access to <what> [ by <who> <access> ]+ \n" );
! fprintf( stderr, "<what> ::= * | [dn=<regex>] [filter=<ldapfilter>] [attr=<attrlist>]\n" );
fprintf( stderr, "<attrlist> ::= <attr> | <attr> , <attrlist>\n" );
fprintf( stderr, "<attr> ::= <attrname> | entry | children\n" );
fprintf( stderr, "<who> ::= * | self | dn=<regex> | addr=<regex> |\n\tdomain=<regex> | dnattr=<dnattrname>\n" );
+ #ifdef SLAPD_ACLGROUPS
+ fprintf( stderr, "\t| group=<groupspec>\n" );
+ fprintf( stderr, "<groupspec> ::= <groupdn>\n\t[ '/' <objectclass: groupOfNames> [ '/' <attrname: member> ]]\n" );
+ #else
+ #endif
fprintf( stderr, "<access> ::= [self]{none | compare | search | read | write }\n" );
exit( 1 );
}
***************
*** 432,438 ****
fprintf( stderr, " groupAttrName: %s", b->a_groupattrname );
}
#endif
! fprintf( stderr, "\n" );
}
static void
--- 437,443 ----
fprintf( stderr, " groupAttrName: %s", b->a_groupattrname );
}
#endif
! fprintf( stderr, " %s\n", access2str( b->a_access ));
}
static void
***************
*** 456,462 ****
if ( a->acl_attrs != NULL ) {
int first = 1;
! fprintf( stderr, "\n attrs=" );
for ( i = 0; a->acl_attrs[i] != NULL; i++ ) {
if ( ! first ) {
fprintf( stderr, "," );
--- 461,467 ----
if ( a->acl_attrs != NULL ) {
int first = 1;
! fprintf( stderr, "\n attr=" );
for ( i = 0; a->acl_attrs[i] != NULL; i++ ) {
if ( ! first ) {
fprintf( stderr, "," );
*** ./servers/slapd/acl.c.orig Wed Dec 30 15:00:56 1998
--- ./servers/slapd/acl.c Fri Jan 22 01:37:56 1999
***************
*** 70,86 ****
a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
! if (a) {
! for (i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++) {
! Debug( LDAP_DEBUG_ARGS, "=> match[%d]: %d %d ", i,
(int)matches[i].rm_so, (int)matches[i].rm_eo );
! if( matches[i].rm_so <= matches[0].rm_eo ) {
! for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++) {
! Debug( LDAP_DEBUG_ARGS, "%c", edn[n], 0, 0 );
! }
! }
! Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
}
}
--- 70,87 ----
a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
! if ( a && a->acl_dnpat ) {
! for( i = 0; i < MAXREMATCHES; i++ )
! {
! if( matches[i].rm_eo <= matches[i].rm_so )
! break;
!
! Debug( LDAP_DEBUG_ARGS, "=> match $%d : %d %d", i,
(int)matches[i].rm_so, (int)matches[i].rm_eo );
! Debug( LDAP_DEBUG_ARGS, " '%.*s'\n",
! matches[i].rm_eo - matches[i].rm_so,
! matches[i].rm_sp, 0 );
}
}