upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use ConfigArgs in ACL parsing

Browse source 
For better error propagation back to config clients, also
remove unconditional use of stderr.

parse_acl() was only partially converted, the rest remains to be done.
This commit is contained in:
Howard Chu 2022-03-18 16:34:40 +00:00 committed by Greg Burd
parent 9142da8eaf
commit 2086008a79
No known key found for this signature in database
GPG key ID: 1FC1E7793410DE46
5 changed files with 43 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
servers/slapd/aci.c
View file

@ -39,6 +39,7 @@
#include "slap.h" #include "slap.h"
#include "lber_pvt.h" #include "lber_pvt.h"
#include "lutil.h" #include "lutil.h"
#include "slap-config.h"
/* use most appropriate size */ /* use most appropriate size */
#define ACI_BUF_SIZE 1024 #define ACI_BUF_SIZE 1024
@ -741,8 +742,7 @@ aci_init( void )
static int static int
dynacl_aci_parse( dynacl_aci_parse(
const char *fname, ConfigArgs *c,
int lineno,
const char *opts, const char *opts,
slap_style_t sty, slap_style_t sty,
const char *right, const char *right,
@ -752,17 +752,19 @@ dynacl_aci_parse(
const char *text = NULL; const char *text = NULL;
if ( sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE ) { if ( sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE ) {
fprintf( stderr, "%s: line %d: " snprintf( c->cr_msg, sizeof( c->cr_msg ),
"inappropriate style \"%s\" in \"aci\" by clause\n", "inappropriate style \"%s\" in \"aci\" by clause",
fname, lineno, style_strings[sty] ); style_strings[sty] );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg );
return -1; return -1;
} }
if ( right != NULL && *right != '\0' ) { if ( right != NULL && *right != '\0' ) {
if ( slap_str2ad( right, &ad, &text ) != LDAP_SUCCESS ) { if ( slap_str2ad( right, &ad, &text ) != LDAP_SUCCESS ) {
fprintf( stderr, snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s: line %d: aci \"%s\": %s\n", "aci \"%s\": %s",
fname, lineno, right, text ); right, text );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg );
return -1; return -1;
} }
@ -771,10 +773,10 @@ dynacl_aci_parse(
} }
if ( !is_at_syntax( ad->ad_type, SLAPD_ACI_SYNTAX) ) { if ( !is_at_syntax( ad->ad_type, SLAPD_ACI_SYNTAX) ) {
fprintf( stderr, "%s: line %d: " snprintf( c->cr_msg, sizeof( c->cr_msg ),
"aci \"%s\": inappropriate syntax: %s\n", "aci \"%s\": inappropriate syntax: %s",
fname, lineno, right, right, ad->ad_type->sat_syntax_oid );
ad->ad_type->sat_syntax_oid ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg );
return -1; return -1;
} }

32
servers/slapd/aclparse.c
View file

@ -37,6 +37,7 @@
#include "slap.h" #include "slap.h"
#include "lber_pvt.h" #include "lber_pvt.h"
#include "lutil.h" #include "lutil.h"
#include "slap-config.h"
static const char style_base[] = "base"; static const char style_base[] = "base";
const char *style_strings[] = { const char *style_strings[] = {
@ -76,8 +77,7 @@ static int check_scope( BackendDB *be, AccessControl *a );
#ifdef SLAP_DYNACL #ifdef SLAP_DYNACL
static int static int
slap_dynacl_config( slap_dynacl_config(
const char *fname, struct config_args_s *c,
int lineno,
Access *b, Access *b,
const char *name, const char *name,
const char *opts, const char *opts,
@ -89,9 +89,10 @@ slap_dynacl_config(
for ( da = b->a_dynacl; da; da = da->da_next ) { for ( da = b->a_dynacl; da; da = da->da_next ) {
if ( strcasecmp( da->da_name, name ) == 0 ) { if ( strcasecmp( da->da_name, name ) == 0 ) {
Debug( LDAP_DEBUG_ANY, snprintf( c->cr_msg, sizeof( c->cr_msg ),
"%s: line %d: dynacl \"%s\" already specified.\n", "dynacl \"%s\" already specified",
fname, lineno, name ); name );
Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg );
return acl_usage(); return acl_usage();
} }
} }
@ -105,7 +106,7 @@ slap_dynacl_config(
*tmp = *da; *tmp = *da;
if ( tmp->da_parse ) { if ( tmp->da_parse ) {
rc = ( *tmp->da_parse )( fname, lineno, opts, sty, right, &tmp->da_private ); rc = ( *tmp->da_parse )( c, opts, sty, right, &tmp->da_private );
if ( rc ) { if ( rc ) {
ch_free( tmp ); ch_free( tmp );
return rc; return rc;
@ -321,11 +322,7 @@ regex_done:;
int int
parse_acl( parse_acl(
Backend *be, struct config_args_s *c,
const char *fname,
int lineno,
int argc,
char **argv,
int pos ) int pos )
{ {
int i; int i;
@ -335,14 +332,19 @@ parse_acl(
Access *b = NULL; Access *b = NULL;
int rc; int rc;
const char *text; const char *text;
Backend *be = c->be;
const char *fname = c->fname;
int lineno = c->lineno;
int argc = c->argc;
char **argv = c->argv;
for ( i = 1; i < argc; i++ ) { for ( i = 1; i < argc; i++ ) {
/* to clause - select which entries are protected */ /* to clause - select which entries are protected */
if ( strcasecmp( argv[i], "to" ) == 0 ) { if ( strcasecmp( argv[i], "to" ) == 0 ) {
if ( a != NULL ) { if ( a != NULL ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: " snprintf( c->cr_msg, sizeof( c->cr_msg ),
"only one to clause allowed in access line\n", "only one to clause allowed in access line" );
fname, lineno ); Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg );
goto fail; goto fail;
} }
a = (AccessControl *) ch_calloc( 1, sizeof(AccessControl) ); a = (AccessControl *) ch_calloc( 1, sizeof(AccessControl) );
@ -1607,7 +1609,7 @@ parse_acl(
} }
if ( name ) { if ( name ) {
if ( slap_dynacl_config( fname, lineno, b, name, opts, sty, right ) ) { if ( slap_dynacl_config( c, b, name, opts, sty, right ) ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: " Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"unable to configure dynacl \"%s\".\n", "unable to configure dynacl \"%s\".\n",
fname, lineno, name ); fname, lineno, name );

9
servers/slapd/bconfig.c
View file

@ -2282,7 +2282,7 @@ sortval_reject:
for ( a=c->be->be_acl; a; a = a->acl_next ) for ( a=c->be->be_acl; a; a = a->acl_next )
i++; i++;
} }
if ( parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, i ) ) { if ( parse_acl( c, i ) ) {
if ( SLAP_CONFIG( c->be ) && !c->be->be_acl) { if ( SLAP_CONFIG( c->be ) && !c->be->be_acl) {
c->be->be_acl = defacl_parsed; c->be->be_acl = defacl_parsed;
} }
@ -7414,7 +7414,12 @@ config_back_db_open( BackendDB *be, ConfigReply *cr )
*/ */
save_access = be->bd_self->be_acl; save_access = be->bd_self->be_acl;
be->bd_self->be_acl = NULL; be->bd_self->be_acl = NULL;
parse_acl(be->bd_self, "config_back_db_open", 0, 6, (char **)defacl, 0 ); c.be = be->bd_self;
c.fname = "config_back_db_open";
c.lineno = 0;
c.argc = 6;
c.argv = (char **)defacl;
parse_acl( &c, 0 );
defacl_parsed = be->bd_self->be_acl; defacl_parsed = be->bd_self->be_acl;
if ( save_access ) { if ( save_access ) {
be->bd_self->be_acl = save_access; be->bd_self->be_acl = save_access;

4
servers/slapd/proto-slap.h
View file

@ -100,9 +100,7 @@ LDAP_SLAPD_F (int) acl_string_expand LDAP_P((
*/ */
LDAP_SLAPD_V (LDAP_CONST char *) style_strings[]; LDAP_SLAPD_V (LDAP_CONST char *) style_strings[];
LDAP_SLAPD_F (int) parse_acl LDAP_P(( Backend *be, LDAP_SLAPD_F (int) parse_acl LDAP_P(( struct config_args_s *ca, int pos ));
const char *fname, int lineno,
int argc, char **argv, int pos ));
LDAP_SLAPD_F (char *) access2str LDAP_P(( slap_access_t access )); LDAP_SLAPD_F (char *) access2str LDAP_P(( slap_access_t access ));
LDAP_SLAPD_F (slap_access_t) str2access LDAP_P(( const char *str )); LDAP_SLAPD_F (slap_access_t) str2access LDAP_P(( const char *str ));

6
servers/slapd/slap.h
View file

@ -1323,12 +1323,15 @@ typedef struct AuthorizationInformation {
slap_ssf_t sai_sasl_ssf; /* SASL SSF */ slap_ssf_t sai_sasl_ssf; /* SASL SSF */
} AuthorizationInformation; } AuthorizationInformation;
typedef struct config_args_s ConfigArgs; /* slap-config.h */
typedef struct config_reply_s ConfigReply; /* slap-config.h */
#ifdef SLAP_DYNACL #ifdef SLAP_DYNACL
/* /*
* "dynamic" ACL infrastructure (for ACIs and more) * "dynamic" ACL infrastructure (for ACIs and more)
*/ */
typedef int (slap_dynacl_parse) LDAP_P(( const char *fname, int lineno, typedef int (slap_dynacl_parse) LDAP_P(( ConfigArgs *ca,
const char *opts, slap_style_t, const char *, void **privp )); const char *opts, slap_style_t, const char *, void **privp ));
typedef int (slap_dynacl_unparse) LDAP_P(( void *priv, struct berval *bv )); typedef int (slap_dynacl_unparse) LDAP_P(( void *priv, struct berval *bv ));
typedef int (slap_dynacl_mask) LDAP_P(( typedef int (slap_dynacl_mask) LDAP_P((
@ -2029,7 +2032,6 @@ typedef int (BI_config) LDAP_P((BackendInfo *bi,
const char *fname, int lineno, const char *fname, int lineno,
int argc, char **argv)); int argc, char **argv));
typedef struct config_reply_s ConfigReply; /* slap-config.h */
typedef int (BI_db_func) LDAP_P((Backend *bd, ConfigReply *cr)); typedef int (BI_db_func) LDAP_P((Backend *bd, ConfigReply *cr));
typedef BI_db_func BI_db_init; typedef BI_db_func BI_db_init;
typedef BI_db_func BI_db_open; typedef BI_db_func BI_db_open;