Commit ec49990d authored by Pierangelo Masarati's avatar Pierangelo Masarati
Browse files

ACIs almost entirely factored out of slapd

Added OpenLDAPaciSyntax based on ITS#3877 by Nikita Shulga
aci_mask() doesn't exploit the normalized value yet (next step)
The case #define SLAPD_ACI_ENABLED / #undef SLAP_DYNACL should
be removed
parent d247840d
......@@ -38,6 +38,7 @@ SRCS = main.c globals.c bconfig.c config.c daemon.c \
backover.c ctxcsn.c ldapsync.c frontend.c \
slapadd.c slapcat.c slapcommon.c slapdn.c slapindex.c \
slappasswd.c slaptest.c slapauth.c slapacl.c component.c \
aci.c \
$(@PLAT@_SRCS)
OBJS = main.o globals.o bconfig.o config.o daemon.o \
......@@ -55,6 +56,7 @@ OBJS = main.o globals.o bconfig.o config.o daemon.o \
backover.o ctxcsn.o ldapsync.o frontend.o \
slapadd.o slapcat.o slapcommon.o slapdn.o slapindex.o \
slappasswd.o slaptest.o slapauth.o slapacl.o component.o \
aci.o \
$(@PLAT@_OBJS)
LDAP_INCDIR= ../../include -I$(srcdir) -I$(srcdir)/slapi -I.
......
This diff is collapsed.
This diff is collapsed.
......@@ -31,6 +31,30 @@
LDAP_BEGIN_DECL
/*
* aci.c
*/
#ifdef SLAPD_ACI_ENABLED
LDAP_SLAPD_F (int) aci_mask LDAP_P((
Operation *op, Entry *e,
AttributeDescription *desc,
struct berval *val,
struct berval *aci,
int nmatch,
regmatch_t *matches,
slap_access_t *grant,
slap_access_t *deny,
slap_aci_scope_t scope));
LDAP_SLAPD_F (int) OpenLDAPaciValidate LDAP_P((
Syntax *syn, struct berval *in ));
LDAP_SLAPD_F (int) OpenLDAPaciPretty LDAP_P((
Syntax *syn, struct berval *val, struct berval *out, void *ctx ));
LDAP_SLAPD_F (slap_mr_normalize_func) OpenLDAPaciNormalize;
#ifdef SLAP_DYNACL
LDAP_SLAPD_F (int) dynacl_aci_init LDAP_P(( void ));
#endif /* SLAP_DYNACL */
#endif /* SLAPD_ACI_ENABLED */
/*
* acl.c
*/
......@@ -71,6 +95,22 @@ LDAP_SLAPD_F (slap_dynacl_t *) slap_dynacl_get LDAP_P(( const char *name ));
#endif /* SLAP_DYNACL */
LDAP_SLAPD_F (int) acl_init LDAP_P(( void ));
LDAP_SLAPD_V (const struct berval) aci_bv[];
LDAP_SLAPD_F (int) acl_get_part LDAP_P((
struct berval *list,
int ix,
char sep,
struct berval *bv ));
LDAP_SLAPD_F (int) acl_match_set LDAP_P((
struct berval *subj,
Operation *op,
Entry *e,
int setref ));
LDAP_SLAPD_F (int) acl_string_expand LDAP_P((
struct berval *newbuf, struct berval *pattern,
char *match, int nmatch, regmatch_t *matches ));
/*
* aclparse.c
*/
......@@ -1407,7 +1447,9 @@ LDAP_SLAPD_F (void) schema_destroy LDAP_P(( void ));
LDAP_SLAPD_F( slap_mr_indexer_func ) octetStringIndexer;
LDAP_SLAPD_F( slap_mr_filter_func ) octetStringFilter;
LDAP_SLAPD_F( int ) numericoidValidate LDAP_P((
struct slap_syntax *syntax,
struct berval *in ));
/*
* schema_prep.c
......
......@@ -50,7 +50,7 @@
#define HASH_Update(c,buf,len) lutil_HASHUpdate(c,buf,len)
#define HASH_Final(d,c) lutil_HASHFinal(d,c)
#define OpenLDAPaciMatch NULL
#define OpenLDAPaciMatch octetStringMatch
/* approx matching rules */
#define directoryStringApproxMatchOID "1.3.6.1.4.1.4203.666.4.4"
......@@ -1861,7 +1861,7 @@ telephoneNumberNormalize(
return LDAP_SUCCESS;
}
static int
int
numericoidValidate(
Syntax *syntax,
struct berval *in )
......@@ -3427,8 +3427,8 @@ static slap_syntax_defs_rec syntax_defs[] = {
/* OpenLDAP Experimental Syntaxes */
{"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
SLAP_SYNTAX_HIDE,
UTF8StringValidate /* THIS WILL CHANGE FOR NEW ACI SYNTAX */,
NULL},
OpenLDAPaciValidate,
OpenLDAPaciPretty},
#endif
#ifdef SLAPD_AUTHPASSWD
......@@ -3851,7 +3851,7 @@ static slap_mrule_defs_rec mrule_defs[] = {
{"( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
"SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
NULL, NULL, OpenLDAPaciMatch,
NULL, OpenLDAPaciNormalize, OpenLDAPaciMatch,
NULL, NULL,
NULL},
#endif
......
......@@ -914,7 +914,7 @@ struct slap_internal_schema {
#endif
AttributeDescription *si_ad_description;
AttributeDescription *si_ad_seeAlso;
/* Undefined Attribute Type */
AttributeType *si_at_undefined;
......@@ -1481,6 +1481,53 @@ typedef struct slap_acl_state {
#define ACL_STATE_INIT { ACL_STATE_NOT_RECORDED, NULL, NULL, 0UL, \
{ { 0, 0 } }, 0, NULL, 0, 0, NULL }
#ifdef SLAPD_ACI_ENABLED
typedef enum slap_aci_scope_t {
SLAP_ACI_SCOPE_ENTRY = 0x1,
SLAP_ACI_SCOPE_CHILDREN = 0x2,
SLAP_ACI_SCOPE_SUBTREE = ( SLAP_ACI_SCOPE_ENTRY | SLAP_ACI_SCOPE_CHILDREN )
} slap_aci_scope_t;
#endif /* SLAPD_ACI_ENABLED */
enum {
ACI_BV_ENTRY,
ACI_BV_CHILDREN,
ACI_BV_ONELEVEL,
ACI_BV_SUBTREE,
ACI_BV_BR_ENTRY,
ACI_BV_BR_ALL,
ACI_BV_ACCESS_ID,
#if 0
ACI_BV_ANONYMOUS = BER_BVC("anonymous"),
#endif
ACI_BV_PUBLIC,
ACI_BV_USERS,
ACI_BV_SELF,
ACI_BV_DNATTR,
ACI_BV_GROUP,
ACI_BV_ROLE,
ACI_BV_SET,
ACI_BV_SET_REF,
ACI_BV_GRANT,
ACI_BV_DENY,
ACI_BV_IP_EQ,
#ifdef LDAP_PF_LOCAL
ACI_BV_PATH_EQ,
#if 0
ACI_BV_DIRSEP,
#endif
#endif /* LDAP_PF_LOCAL */
ACI_BV_GROUP_CLASS,
ACI_BV_GROUP_ATTR,
ACI_BV_ROLE_CLASS,
ACI_BV_ROLE_ATTR,
ACI_BV_SET_ATTR,
ACI_BV_LAST
};
/*
* Backend-info
* represents a backend
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment