2 # Create, update or delete one access control rule
4 require './ldap-server-lib.pl';
5 &error_setup($text{'eacl_err'});
6 &local_ldap_server() == 1 || &error($text{'slapd_elocal'});
7 $access{'acl'} || &error($text{'acl_ecannot'});
10 # Get the current rule
12 if (&get_config_type() == 1) {
13 $conf = &get_config();
14 @access = &find("access", $conf);
17 $defdb = &get_default_db();
18 $conf = &get_ldif_config();
19 @access = &find_ldif("olcAccess", $conf, $defdb);
24 $acl = $access[$in{'idx'}];
25 $p = &parse_ldap_access($acl);
32 # Just take out of access list
33 @access = grep { $_ ne $acl } @access;
36 # Validate and store inputs, starting with object
37 if ($in{'what'} == 1) {
40 elsif ($in{'what'} == 2) {
42 'dn'.($in{'what_style'} ? '.'.$in{'what_style'} : '').
46 $in{'what_dn'} =~ /^\S+=\S.*$/ || &error($text{'eacl_edn'});
48 'dn'.($in{'what_style'} ? '.'.$in{'what_style'} : '').
52 # Object filter and attribute list
53 delete($p->{'filter'});
54 if ($in{'filter_on'}) {
55 $in{'filter'} =~ /^\S+$/ || &error($text{'eacl_efilter'});
56 $p->{'filter'} = $in{'filter'};
58 delete($p->{'attrs'});
59 if ($in{'attrs_on'}) {
60 $in{'attrs'} =~ /^\S+$/ || &error($text{'eacl_eattrs'});
61 $p->{'attrs'} = $in{'attrs'};
66 for($i=0; defined($in{"wmode_$i"}); $i++) {
67 next if ($in{"wmode_$i"} eq "");
71 if ($in{"wmode_$i"} eq "other") {
73 $in{"who_$i"} =~ /^\S+=\S.*$/ ||
74 &error(&text('eacl_ewho', $i+1));
75 $by->{'who'} = $in{"who_$i"};
79 $by->{'who'} = $in{"wmode_$i"};
83 $in{"access_$i"} =~ /^\S+$/ ||
84 &error(&text('eacl_eaccess', $i+1));
85 $by->{'access'} = $in{"access_$i"};
87 # Additional attributes
88 $by->{'control'} = [ &split_quoted_string($in{"control_$i"}) ];
93 # Add to access directive list
95 $acl = { 'name' => 'access',
99 &store_ldap_access($acl, $p);
102 # Write out access directives
103 if (&get_config_type() == 1) {
104 &save_directive($conf, "access", @access);
107 &save_ldif_directive($conf, "olcAccess", $defdb, @access);
110 &unlock_slapd_files();
113 &webmin_log($in{'delete'} ? "delete" : $in{'new'} ? "create" : "modify",
114 "access", $p->{'what'});
115 &redirect("edit_acl.cgi");