mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-04-12 15:10:31 +08:00
ITS#10089 - Use ConfigArgs in ACL parsing
For better error propagation back to config clients, also remove unconditional use of stderr. parse_acl() was only partially converted, the rest remains to be done.
This commit is contained in:
Howard Chu
Quanah Gibson-Mount
parent
05da840ab1
commit
b939195a04
@ -39,6 +39,7 @@
|
||||
#include "slap.h"
|
||||
#include "lber_pvt.h"
|
||||
#include "lutil.h"
|
||||
#include "slap-config.h"
|
||||
|
||||
/* use most appropriate size */
|
||||
#define ACI_BUF_SIZE 1024
|
||||
@ -741,8 +742,7 @@ aci_init( void )
|
||||
|
||||
static int
|
||||
dynacl_aci_parse(
|
||||
const char *fname,
|
||||
int lineno,
|
||||
ConfigArgs *c,
|
||||
const char *opts,
|
||||
slap_style_t sty,
|
||||
const char *right,
|
||||
@ -752,17 +752,19 @@ dynacl_aci_parse(
|
||||
const char *text = NULL;
|
||||
|
||||
if ( sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE ) {
|
||||
fprintf( stderr, "%s: line %d: "
|
||||
"inappropriate style \"%s\" in \"aci\" by clause\n",
|
||||
fname, lineno, style_strings[sty] );
|
||||
snprintf( c->cr_msg, sizeof( c->cr_msg ),
|
||||
"inappropriate style \"%s\" in \"aci\" by clause",
|
||||
style_strings[sty] );
|
||||
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg );
|
||||
return -1;
|
||||
}
|
||||
|
||||
if ( right != NULL && *right != '\0' ) {
|
||||
if ( slap_str2ad( right, &ad, &text ) != LDAP_SUCCESS ) {
|
||||
fprintf( stderr,
|
||||
"%s: line %d: aci \"%s\": %s\n",
|
||||
fname, lineno, right, text );
|
||||
snprintf( c->cr_msg, sizeof( c->cr_msg ),
|
||||
"aci \"%s\": %s",
|
||||
right, text );
|
||||
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg );
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -771,10 +773,10 @@ dynacl_aci_parse(
|
||||
}
|
||||
|
||||
if ( !is_at_syntax( ad->ad_type, SLAPD_ACI_SYNTAX) ) {
|
||||
fprintf( stderr, "%s: line %d: "
|
||||
"aci \"%s\": inappropriate syntax: %s\n",
|
||||
fname, lineno, right,
|
||||
ad->ad_type->sat_syntax_oid );
|
||||
snprintf( c->cr_msg, sizeof( c->cr_msg ),
|
||||
"aci \"%s\": inappropriate syntax: %s",
|
||||
right, ad->ad_type->sat_syntax_oid );
|
||||
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg );
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
@ -37,6 +37,7 @@
|
||||
#include "slap.h"
|
||||
#include "lber_pvt.h"
|
||||
#include "lutil.h"
|
||||
#include "slap-config.h"
|
||||
|
||||
static const char style_base[] = "base";
|
||||
const char *style_strings[] = {
|
||||
@ -76,8 +77,7 @@ static int check_scope( BackendDB *be, AccessControl *a );
|
||||
#ifdef SLAP_DYNACL
|
||||
static int
|
||||
slap_dynacl_config(
|
||||
const char *fname,
|
||||
int lineno,
|
||||
struct config_args_s *c,
|
||||
Access *b,
|
||||
const char *name,
|
||||
const char *opts,
|
||||
@ -89,9 +89,10 @@ slap_dynacl_config(
|
||||
|
||||
for ( da = b->a_dynacl; da; da = da->da_next ) {
|
||||
if ( strcasecmp( da->da_name, name ) == 0 ) {
|
||||
Debug( LDAP_DEBUG_ANY,
|
||||
"%s: line %d: dynacl \"%s\" already specified.\n",
|
||||
fname, lineno, name );
|
||||
snprintf( c->cr_msg, sizeof( c->cr_msg ),
|
||||
"dynacl \"%s\" already specified",
|
||||
name );
|
||||
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg );
|
||||
return acl_usage();
|
||||
}
|
||||
}
|
||||
@ -105,7 +106,7 @@ slap_dynacl_config(
|
||||
*tmp = *da;
|
||||
|
||||
if ( tmp->da_parse ) {
|
||||
rc = ( *tmp->da_parse )( fname, lineno, opts, sty, right, &tmp->da_private );
|
||||
rc = ( *tmp->da_parse )( c, opts, sty, right, &tmp->da_private );
|
||||
if ( rc ) {
|
||||
ch_free( tmp );
|
||||
return rc;
|
||||
@ -321,11 +322,7 @@ regex_done:;
|
||||
|
||||
int
|
||||
parse_acl(
|
||||
Backend *be,
|
||||
const char *fname,
|
||||
int lineno,
|
||||
int argc,
|
||||
char **argv,
|
||||
struct config_args_s *c,
|
||||
int pos )
|
||||
{
|
||||
int i;
|
||||
@ -335,14 +332,19 @@ parse_acl(
|
||||
Access *b = NULL;
|
||||
int rc;
|
||||
const char *text;
|
||||
Backend *be = c->be;
|
||||
const char *fname = c->fname;
|
||||
int lineno = c->lineno;
|
||||
int argc = c->argc;
|
||||
char **argv = c->argv;
|
||||
|
||||
for ( i = 1; i < argc; i++ ) {
|
||||
/* to clause - select which entries are protected */
|
||||
if ( strcasecmp( argv[i], "to" ) == 0 ) {
|
||||
if ( a != NULL ) {
|
||||
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
|
||||
"only one to clause allowed in access line\n",
|
||||
fname, lineno );
|
||||
snprintf( c->cr_msg, sizeof( c->cr_msg ),
|
||||
"only one to clause allowed in access line" );
|
||||
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg );
|
||||
goto fail;
|
||||
}
|
||||
a = (AccessControl *) ch_calloc( 1, sizeof(AccessControl) );
|
||||
@ -1607,7 +1609,7 @@ parse_acl(
|
||||
}
|
||||
|
||||
if ( name ) {
|
||||
if ( slap_dynacl_config( fname, lineno, b, name, opts, sty, right ) ) {
|
||||
if ( slap_dynacl_config( c, b, name, opts, sty, right ) ) {
|
||||
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
|
||||
"unable to configure dynacl \"%s\".\n",
|
||||
fname, lineno, name );
|
||||
|
||||
@ -2272,7 +2272,7 @@ sortval_reject:
|
||||
for ( a=c->be->be_acl; a; a = a->acl_next )
|
||||
i++;
|
||||
}
|
||||
if ( parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, i ) ) {
|
||||
if ( parse_acl( c, i ) ) {
|
||||
if ( SLAP_CONFIG( c->be ) && !c->be->be_acl) {
|
||||
c->be->be_acl = defacl_parsed;
|
||||
}
|
||||
@ -7372,7 +7372,12 @@ config_back_db_open( BackendDB *be, ConfigReply *cr )
|
||||
*/
|
||||
save_access = be->bd_self->be_acl;
|
||||
be->bd_self->be_acl = NULL;
|
||||
parse_acl(be->bd_self, "config_back_db_open", 0, 6, (char **)defacl, 0 );
|
||||
c.be = be->bd_self;
|
||||
c.fname = "config_back_db_open";
|
||||
c.lineno = 0;
|
||||
c.argc = 6;
|
||||
c.argv = (char **)defacl;
|
||||
parse_acl( &c, 0 );
|
||||
defacl_parsed = be->bd_self->be_acl;
|
||||
if ( save_access ) {
|
||||
be->bd_self->be_acl = save_access;
|
||||
|
||||
@ -100,9 +100,7 @@ LDAP_SLAPD_F (int) acl_string_expand LDAP_P((
|
||||
*/
|
||||
LDAP_SLAPD_V (LDAP_CONST char *) style_strings[];
|
||||
|
||||
LDAP_SLAPD_F (int) parse_acl LDAP_P(( Backend *be,
|
||||
const char *fname, int lineno,
|
||||
int argc, char **argv, int pos ));
|
||||
LDAP_SLAPD_F (int) parse_acl LDAP_P(( struct config_args_s *ca, int pos ));
|
||||
|
||||
LDAP_SLAPD_F (char *) access2str LDAP_P(( slap_access_t access ));
|
||||
LDAP_SLAPD_F (slap_access_t) str2access LDAP_P(( const char *str ));
|
||||
|
||||
@ -1322,12 +1322,15 @@ typedef struct AuthorizationInformation {
|
||||
slap_ssf_t sai_sasl_ssf; /* SASL SSF */
|
||||
} AuthorizationInformation;
|
||||
|
||||
typedef struct config_args_s ConfigArgs; /* slap-config.h */
|
||||
typedef struct config_reply_s ConfigReply; /* slap-config.h */
|
||||
|
||||
#ifdef SLAP_DYNACL
|
||||
|
||||
/*
|
||||
* "dynamic" ACL infrastructure (for ACIs and more)
|
||||
*/
|
||||
typedef int (slap_dynacl_parse) LDAP_P(( const char *fname, int lineno,
|
||||
typedef int (slap_dynacl_parse) LDAP_P(( ConfigArgs *ca,
|
||||
const char *opts, slap_style_t, const char *, void **privp ));
|
||||
typedef int (slap_dynacl_unparse) LDAP_P(( void *priv, struct berval *bv ));
|
||||
typedef int (slap_dynacl_mask) LDAP_P((
|
||||
@ -2025,7 +2028,6 @@ typedef int (BI_config) LDAP_P((BackendInfo *bi,
|
||||
const char *fname, int lineno,
|
||||
int argc, char **argv));
|
||||
|
||||
typedef struct config_reply_s ConfigReply; /* slap-config.h */
|
||||
typedef int (BI_db_func) LDAP_P((Backend *bd, ConfigReply *cr));
|
||||
typedef BI_db_func BI_db_init;
|
||||
typedef BI_db_func BI_db_open;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user