Commit 4bc8197d authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

further ACI factoring out & confinement

parent d4ec31f6
......@@ -42,6 +42,34 @@
#define ACI_BUF_SIZE 1024 /* use most appropriate size */
#ifdef SLAP_DYNACL
static
#endif /* SLAP_DYNACL */
AttributeDescription *slap_ad_aci;
static int
OpenLDAPaciValidate(
Syntax *syntax,
struct berval *val );
static int
OpenLDAPaciPretty(
Syntax *syntax,
struct berval *val,
struct berval *out,
void *ctx );
static int
OpenLDAPaciNormalize(
slap_mask_t use,
Syntax *syntax,
MatchingRule *mr,
struct berval *val,
struct berval *out,
void *ctx );
#define OpenLDAPaciMatch octetStringMatch
static int
aci_list_map_rights(
struct berval *list )
......@@ -486,6 +514,93 @@ aci_mask(
return 0;
}
int
aci_init( void )
{
/* OpenLDAP Experimental Syntax */
static slap_syntax_defs_rec aci_syntax_def = {
"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
SLAP_SYNTAX_HIDE,
OpenLDAPaciValidate,
OpenLDAPaciPretty
};
static slap_mrule_defs_rec aci_mr_def = {
"( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
"SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
NULL, OpenLDAPaciNormalize, OpenLDAPaciMatch,
NULL, NULL,
NULL
};
static struct {
char *name;
char *desc;
slap_mask_t flags;
AttributeDescription **ad;
} aci_at = {
"OpenLDAPaci", "( 1.3.6.1.4.1.4203.666.1.5 "
"NAME 'OpenLDAPaci' "
"DESC 'OpenLDAP access control information (experimental)' "
"EQUALITY OpenLDAPaciMatch "
"SYNTAX 1.3.6.1.4.1.4203.666.2.1 "
"USAGE directoryOperation )",
SLAP_AT_HIDE,
&slap_ad_aci
};
LDAPAttributeType *at;
AttributeType *sat;
int rc;
const char *text;
/* ACI syntax */
rc = register_syntax( &aci_syntax_def );
if ( rc != 0 ) {
return rc;
}
/* ACI equality rule */
rc = register_matching_rule( &aci_mr_def );
if ( rc != 0 ) {
return rc;
}
/* ACI attribute */
at = ldap_str2attributetype( aci_at.desc,
&rc, &text, LDAP_SCHEMA_ALLOW_ALL );
if ( !at ) {
Debug( LDAP_DEBUG_ANY,
"%s AttributeType load failed: %s %s\n",
aci_at.name, ldap_scherr2str( rc ), text );
return rc;
}
rc = at_add( at, 0, &sat, &text );
if ( rc != LDAP_SUCCESS ) {
ldap_attributetype_free( at );
fprintf( stderr, "iMUX_monitor_schema_init: "
"AttributeType load failed: %s %s\n",
scherr2str( rc ), text );
return rc;
}
ldap_memfree( at );
rc = slap_str2ad( aci_at.name,
aci_at.ad, &text );
if ( rc != LDAP_SUCCESS ) {
Debug( LDAP_DEBUG_ANY,
"unable to find AttributeDescription "
"\"%s\": %d (%s)\n",
aci_at.name, rc, text );
return 1;
}
/* install flags */
sat->sat_flags |= aci_at.flags;
return rc;
}
#ifdef SLAP_DYNACL
/*
* FIXME: there is a silly dependence that makes it difficult
......@@ -514,7 +629,7 @@ dynacl_aci_parse( const char *fname, int lineno, slap_style_t sty, const char *r
}
} else {
ad = slap_schema.si_ad_aci;
ad = slap_ad_aci;
}
if ( !is_at_syntax( ad->ad_type, SLAPD_ACI_SYNTAX) ) {
......@@ -706,7 +821,15 @@ static slap_dynacl_t dynacl_aci = {
int
dynacl_aci_init( void )
{
return slap_dynacl_register( &dynacl_aci );
int rc;
rc = aci_init();
if ( rc == 0 ) {
rc = slap_dynacl_register( &dynacl_aci );
}
return rc;
}
#endif /* SLAP_DYNACL */
......@@ -1040,7 +1163,7 @@ static const struct berval *OpenLDAPacitypes[] = {
NULL
};
int
static int
OpenLDAPaciValidate(
Syntax *syntax,
struct berval *val )
......@@ -1406,7 +1529,7 @@ cleanup:;
return rc;
}
int
static int
OpenLDAPaciPretty(
Syntax *syntax,
struct berval *val,
......@@ -1416,7 +1539,7 @@ OpenLDAPaciPretty(
return OpenLDAPaciPrettyNormal( val, out, ctx, 0 );
}
int
static int
OpenLDAPaciNormalize(
slap_mask_t use,
Syntax *syntax,
......
......@@ -2794,19 +2794,20 @@ slap_dynacl_get( const char *name )
int
acl_init( void )
{
#ifdef SLAP_DYNACL
int rc;
int rc = 0;
#ifdef SLAPD_ACI_ENABLED
#ifdef SLAP_DYNACL
rc = dynacl_aci_init();
#else /* !SLAP_DYNACL */
rc = aci_init();
#endif /* !SLAP_DYNACL */
if ( rc != 0 ) {
return rc;
}
#endif /* SLAPD_ACI_ENABLED */
#endif /* SLAP_DYNACL */
return 0;
return rc;
}
int
......
......@@ -1539,7 +1539,7 @@ parse_acl(
}
} else {
b->a_aci_at = slap_schema.si_ad_aci;
b->a_aci_at = slap_ad_aci;
}
if( !is_at_syntax( b->a_aci_at->ad_type,
......
......@@ -45,14 +45,12 @@ LDAP_SLAPD_F (int) aci_mask LDAP_P((
slap_access_t *grant,
slap_access_t *deny,
slap_aci_scope_t scope));
LDAP_SLAPD_F (int) OpenLDAPaciValidate LDAP_P((
Syntax *syn, struct berval *in ));
LDAP_SLAPD_F (int) OpenLDAPaciPretty LDAP_P((
Syntax *syn, struct berval *val, struct berval *out, void *ctx ));
LDAP_SLAPD_F (slap_mr_normalize_func) OpenLDAPaciNormalize;
#ifdef SLAP_DYNACL
LDAP_SLAPD_F (int) dynacl_aci_init LDAP_P(( void ));
#endif /* SLAP_DYNACL */
#else /* !SLAP_DYNACL */
LDAP_SLAPD_F (int) aci_init LDAP_P(( void ));
LDAP_SLAPD_V (AttributeDescription *) slap_ad_aci;
#endif /* !SLAP_DYNACL */
#endif /* SLAPD_ACI_ENABLED */
/*
......@@ -1453,9 +1451,17 @@ LDAP_SLAPD_F (void) schema_destroy LDAP_P(( void ));
LDAP_SLAPD_F( slap_mr_indexer_func ) octetStringIndexer;
LDAP_SLAPD_F( slap_mr_filter_func ) octetStringFilter;
LDAP_SLAPD_F( int ) numericoidValidate LDAP_P((
struct slap_syntax *syntax,
struct berval *in ));
LDAP_SLAPD_F( int ) octetStringMatch LDAP_P((
int *matchp,
slap_mask_t flags,
Syntax *syntax,
MatchingRule *mr,
struct berval *value,
void *assertedValue ));
/*
* schema_prep.c
......
......@@ -50,8 +50,6 @@
#define HASH_Update(c,buf,len) lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c) lutil_HASHFinal(d,c)
#define OpenLDAPaciMatch octetStringMatch
/* approx matching rules */
#define directoryStringApproxMatchOID "1.3.6.1.4.1.4203.666.4.4"
#define directoryStringApproxMatch approxMatch
......@@ -129,7 +127,7 @@ static int certificateValidate( Syntax *syntax, struct berval *in )
#define certificateValidate sequenceValidate
#endif
static int
int
octetStringMatch(
int *matchp,
slap_mask_t flags,
......@@ -3426,14 +3424,6 @@ static slap_syntax_defs_rec syntax_defs[] = {
serialNumberAndIssuerValidate,
serialNumberAndIssuerPretty},
#ifdef SLAPD_ACI_ENABLED
/* OpenLDAP Experimental Syntaxes */
{"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
SLAP_SYNTAX_HIDE,
OpenLDAPaciValidate,
OpenLDAPaciPretty},
#endif
#ifdef SLAPD_AUTHPASSWD
/* needs updating */
{"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP authPassword' )",
......@@ -3850,15 +3840,6 @@ static slap_mrule_defs_rec mrule_defs[] = {
NULL},
#endif
#ifdef SLAPD_ACI_ENABLED
{"( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
"SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
NULL, OpenLDAPaciNormalize, OpenLDAPaciMatch,
NULL, NULL,
NULL},
#endif
{"( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' "
"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
SLAP_MR_EXT, NULL,
......
......@@ -887,18 +887,6 @@ static struct slap_schema_ad_map {
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_saslAuthzFrom) },
#ifdef SLAPD_ACI_ENABLED
{ "OpenLDAPaci", "( 1.3.6.1.4.1.4203.666.1.5 "
"NAME 'OpenLDAPaci' "
"DESC 'OpenLDAP access control information (experimental)' "
"EQUALITY OpenLDAPaciMatch "
"SYNTAX 1.3.6.1.4.1.4203.666.2.1 "
"USAGE directoryOperation )",
NULL, SLAP_AT_HIDE,
NULL, NULL,
NULL, NULL, NULL, NULL, NULL,
offsetof(struct slap_internal_schema, si_ad_aci) },
#endif
#ifdef LDAP_DYNAMIC_OBJECTS
{ "entryTtl", "( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' "
......
......@@ -894,9 +894,6 @@ struct slap_internal_schema {
AttributeDescription *si_ad_children;
AttributeDescription *si_ad_saslAuthzTo;
AttributeDescription *si_ad_saslAuthzFrom;
#ifdef SLAPD_ACI_ENABLED
AttributeDescription *si_ad_aci;
#endif /* SLAPD_ACI_ENABLED */
/* dynamic entries */
AttributeDescription *si_ad_entryTtl;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment