[Date Prev][Date Next] [Chronological] [Thread] [Top]

patches for ACL debugging



I found the following changes useful in debugging ACL's when using
the ACL group features.  They adjust:

1) the acl_usage message to include group syntax.
2) the debugging output of ACL's to include the access level.
3) the output of how the $N variables from the dn= pattern are set.

You're welcome to them if you find them useful.

Brad


*** ./servers/slapd/aclparse.c.orig	Wed Dec 30 14:37:02 1998
--- ./servers/slapd/aclparse.c	Fri Jan 22 00:21:58 1999
***************
*** 367,376 ****
  acl_usage( void )
  {
  	fprintf( stderr, "\n<access clause> ::= access to <what> [ by <who> <access> ]+ \n" );
! 	fprintf( stderr, "<what> ::= * | [dn=<regex>] [filter=<ldapfilter>] [attrs=<attrlist>]\n" );
  	fprintf( stderr, "<attrlist> ::= <attr> | <attr> , <attrlist>\n" );
  	fprintf( stderr, "<attr> ::= <attrname> | entry | children\n" );
  	fprintf( stderr, "<who> ::= * | self | dn=<regex> | addr=<regex> |\n\tdomain=<regex> | dnattr=<dnattrname>\n" );
  	fprintf( stderr, "<access> ::= [self]{none | compare | search | read | write }\n" );
  	exit( 1 );
  }
--- 367,381 ----
  acl_usage( void )
  {
  	fprintf( stderr, "\n<access clause> ::= access to <what> [ by <who> <access> ]+ \n" );
! 	fprintf( stderr, "<what> ::= * | [dn=<regex>] [filter=<ldapfilter>] [attr=<attrlist>]\n" );
  	fprintf( stderr, "<attrlist> ::= <attr> | <attr> , <attrlist>\n" );
  	fprintf( stderr, "<attr> ::= <attrname> | entry | children\n" );
  	fprintf( stderr, "<who> ::= * | self | dn=<regex> | addr=<regex> |\n\tdomain=<regex> | dnattr=<dnattrname>\n" );
+ #ifdef SLAPD_ACLGROUPS
+ 	fprintf( stderr, "\t| group=<groupspec>\n" );
+ 	fprintf( stderr, "<groupspec> ::= <groupdn>\n\t[ '/' <objectclass: groupOfNames> [ '/' <attrname: member> ]]\n" );
+ #else
+ #endif
  	fprintf( stderr, "<access> ::= [self]{none | compare | search | read | write }\n" );
  	exit( 1 );
  }
***************
*** 432,438 ****
                          fprintf( stderr, " groupAttrName: %s", b->a_groupattrname );
          }
  #endif
! 	fprintf( stderr, "\n" );
  }
  
  static void
--- 437,443 ----
                          fprintf( stderr, " groupAttrName: %s", b->a_groupattrname );
          }
  #endif
! 	fprintf( stderr, " %s\n", access2str( b->a_access ));
  }
  
  static void
***************
*** 456,462 ****
  	if ( a->acl_attrs != NULL ) {
  		int	first = 1;
  
! 		fprintf( stderr, "\n attrs=" );
  		for ( i = 0; a->acl_attrs[i] != NULL; i++ ) {
  			if ( ! first ) {
  				fprintf( stderr, "," );
--- 461,467 ----
  	if ( a->acl_attrs != NULL ) {
  		int	first = 1;
  
! 		fprintf( stderr, "\n attr=" );
  		for ( i = 0; a->acl_attrs[i] != NULL; i++ ) {
  			if ( ! first ) {
  				fprintf( stderr, "," );
*** ./servers/slapd/acl.c.orig	Wed Dec 30 15:00:56 1998
--- ./servers/slapd/acl.c	Fri Jan 22 01:37:56 1999
***************
*** 70,86 ****
  
  	a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
  
! 	if (a) {
! 		for (i = 0; i < MAXREMATCHES && matches[i].rm_so > 0; i++) {
! 			Debug( LDAP_DEBUG_ARGS, "=> match[%d]: %d %d ", i,
  			       (int)matches[i].rm_so, (int)matches[i].rm_eo );
  
! 			if( matches[i].rm_so <= matches[0].rm_eo ) {
! 				for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++) {
! 					Debug( LDAP_DEBUG_ARGS, "%c", edn[n], 0, 0 );
! 				}
! 			}
! 			Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
  		}
  	}
  
--- 70,87 ----
  
  	a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
  
! 	if ( a && a->acl_dnpat ) {
! 		for( i = 0; i < MAXREMATCHES; i++ )
! 		{
! 			if( matches[i].rm_eo <= matches[i].rm_so )
! 				break;
! 
! 			Debug( LDAP_DEBUG_ARGS, "=> match $%d : %d %d", i,
  			       (int)matches[i].rm_so, (int)matches[i].rm_eo );
  
! 			Debug( LDAP_DEBUG_ARGS, " '%.*s'\n",
! 				   matches[i].rm_eo - matches[i].rm_so,
! 				   matches[i].rm_sp, 0 );
  		}
  	}