Fix bugs editing LDIF format access control rules

diff --git a/ldap-server/CHANGELOG b/ldap-server/CHANGELOG
index 952b872..3653f44 100644 (file)
--- a/ldap-server/CHANGELOG
+++ b/ldap-server/CHANGELOG
@@ -7,3 +7,5 @@ The protocols served by the LDAP server, such as SSL and non-encrypted, can now
 Fixed a bug that prevented browsing of the LDAP database in SSL mode, thanks to Paul R. Ganci.
 ---- Changes since 1.470 ----
 Updated the module to support the new OpenLDAP LDIF-format configuration files, as seen on Ubuntu 8.10.
+---- Changes since 1.510 ----
+Fixed numerous bugs in editing the new LDIF-format access control rules.

diff --git a/ldap-server/acl_form.cgi b/ldap-server/acl_form.cgi
index 3fb066e..d7c8648 100755 (executable)
--- a/ldap-server/acl_form.cgi
+++ b/ldap-server/acl_form.cgi
@@ -41,10 +41,14 @@ if ($p->{'what'} =~ /^dn(\.([^=]+))?="(.*)"$/i ||
     $p->{'what'} =~ /^dn(\.([^=]+))?=(.*)$/i) {
        $dn = $3;
        $style = $2;
+       if ($dn eq "") {
+               $what = 2;
+               }
        }
 print &ui_table_row($text{'eacl_what'},
        &ui_radio_table("what", $what,
                [ [ 1, $text{'eacl_what1'} ],
+                 [ 2, $text{'eacl_what2'} ],
                  [ 0, $text{'eacl_what0'},
                    &ui_textbox("what_dn", $dn, 30)." ".
                    $text{'eacl_mtype'}." ".
@@ -97,7 +101,6 @@ foreach $b (@{$p->{'by'}}, { }, { }, { }) {
                &ui_textbox("control_$i", join(" ", @{$b->{'control'}}), 30,
                            0, undef, "style='width:90%'"),
                ], \@tds);
-       # XXX http://www.openldap.org/faq/data/cache/452.html
        $i++;
        }
 $wtable .= &ui_columns_end();

diff --git a/ldap-server/acl_save.cgi b/ldap-server/acl_save.cgi
index b45e712..5285f72 100755 (executable)
--- a/ldap-server/acl_save.cgi
+++ b/ldap-server/acl_save.cgi
@@ -9,12 +9,24 @@ $access{'acl'} || &error($text{'acl_ecannot'});
 
 # Get the current rule
 &lock_slapd_files();
-$conf = &get_config();
-@access = &find("access", $conf);
+if (&get_config_type() == 1) {
+       $conf = &get_config();
+       @access = &find("access", $conf);
+       }
+else {
+       $defdb = &get_default_db();
+       $conf = &get_ldif_config();
+       @access = &find_ldif("olcAccess", $conf, $defdb);
+       }
+
+# Get the ACL object
 if (!$in{'new'}) {
        $acl = $access[$in{'idx'}];
        $p = &parse_ldap_access($acl);
        }
+else {
+       $p = { };
+       }
 
 if ($in{'delete'}) {
        # Just take out of access list
@@ -25,6 +37,11 @@ else {
        if ($in{'what'} == 1) {
                $p->{'what'} = '*';
                }
+       elsif ($in{'what'} == 2) {
+               $p->{'what'} =
+                       'dn'.($in{'what_style'} ? '.'.$in{'what_style'} : '').
+                       '=""';
+               }
        else {
                $in{'what_dn'} =~ /^\S+=\S.*$/ || &error($text{'eacl_edn'});
                $p->{'what'} =
@@ -83,8 +100,13 @@ else {
        }
 
 # Write out access directives
-&save_directive($conf, "access", @access);
-&flush_file_lines($config{'config_file'});
+if (&get_config_type() == 1) {
+       &save_directive($conf, "access", @access);
+       }
+else {
+       &save_ldif_directive($conf, "olcAccess", $defdb, @access);
+       }
+&flush_file_lines();
 &unlock_slapd_files();
 
 # Log and return

diff --git a/ldap-server/lang/en b/ldap-server/lang/en
index 28fc228..de52938 100644 (file)
--- a/ldap-server/lang/en
+++ b/ldap-server/lang/en
@@ -298,6 +298,7 @@ eacl_title2=Edit Access Control Rule
 eacl_header=LDAP database access control rule details
 eacl_what=Objects being granted
 eacl_what1=All objects
+eacl_what2=Objects with no DN
 eacl_what0=Object with DN
 eacl_mtype=match type
 eacl_regex=regular expression

diff --git a/ldap-server/ldap-server-lib.pl b/ldap-server/ldap-server-lib.pl
index 5a6943c..c2b7a28 100755 (executable)
--- a/ldap-server/ldap-server-lib.pl
+++ b/ldap-server/ldap-server-lib.pl
@@ -269,7 +269,7 @@ foreach my $file (&recursive_find_ldif($config{'config_file'})) {
                        $dir->{'value'} = $value;
                        push(@rv, $dir);
                        }
-               elsif (/^(\s+\S.*)$/ && @rv) {
+               elsif (/^(\s+\S.*)$/ && @rv && $rv[$#rv]->{'file'} eq $file) {
                        # Continuation line
                        local $dir = $rv[$#rv];
                        $dir->{'value'} .= $1;
@@ -453,6 +453,7 @@ for(my $i=0; $i<@old || $i<@values; $i++) {
                        foreach my $c (@$conf) {
                                if ($c->{'line'} > $old[$i]->{'line'}) {
                                        $c->{'line'} -= $oldlen - 1;
+                                       $c->{'eline'} -= $oldlen - 1;
                                        }
                                }
                        }
@@ -465,6 +466,7 @@ for(my $i=0; $i<@old || $i<@values; $i++) {
                foreach my $c (@$conf) {
                         if ($c->{'line'} > $old[$i]->{'line'}) {
                                 $c->{'line'} -= $oldlen;
+                                $c->{'eline'} -= $oldlen;
                                 }
                         }
                }