X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=servers%2Fslapd%2Faclparse.c;h=567e2b63f37071d511e0c52fc0900a31a022fef7;hb=fa1f4d3c38b332fc5faf6d84911df2618ce9af09;hp=e307b550c58663d1ad983ac1879b7331c98888ea;hpb=f07015dad2d6ccdbe5b8360bfbc601b13baae894;p=openldap
diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index e307b550c5..567e2b63f3 100644
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -2,7 +2,7 @@
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software .
*
- * Copyright 1998-2005 The OpenLDAP Foundation.
+ * Copyright 1998-2006 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -58,7 +58,7 @@ char *style_strings[] = {
static void split(char *line, int splitchar, char **left, char **right);
static void access_append(Access **l, Access *a);
-static void acl_usage(void) LDAP_GCCATTR((noreturn));
+static int acl_usage(void);
static void acl_regex_normalized_dn(const char *src, struct berval *pat);
@@ -84,10 +84,10 @@ slap_dynacl_config(
for ( da = b->a_dynacl; da; da = da->da_next ) {
if ( strcasecmp( da->da_name, name ) == 0 ) {
- fprintf( stderr,
+ Debug( LDAP_DEBUG_ANY,
"%s: line %d: dynacl \"%s\" already specified.\n",
fname, lineno, name );
- acl_usage();
+ return acl_usage();
}
}
@@ -119,8 +119,8 @@ regtest(const char *fname, int lineno, char *pat) {
int e;
regex_t re;
- char buf[512];
- unsigned size;
+ char buf[ SLAP_TEXT_BUFLEN ];
+ unsigned size;
char *sp;
char *dp;
@@ -151,19 +151,26 @@ regtest(const char *fname, int lineno, char *pat) {
*dp = '\0';
if ( size >= (sizeof(buf) - 1) ) {
- fprintf( stderr,
+ Debug( LDAP_DEBUG_ANY,
"%s: line %d: regular expression \"%s\" too large\n",
fname, lineno, pat );
- acl_usage();
+ (void)acl_usage();
+ exit( EXIT_FAILURE );
}
if ((e = regcomp(&re, buf, REG_EXTENDED|REG_ICASE))) {
- char error[512];
+ char error[ SLAP_TEXT_BUFLEN ];
+
regerror(e, &re, error, sizeof(error));
- fprintf( stderr,
- "%s: line %d: regular expression \"%s\" bad because of %s\n",
- fname, lineno, pat, error );
+
+ snprintf( buf, sizeof( buf ),
+ "regular expression \"%s\" bad because of %s",
+ pat, error );
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: %s\n",
+ fname, lineno, buf );
acl_usage();
+ exit( EXIT_FAILURE );
}
regfree(&re);
}
@@ -183,7 +190,7 @@ regtest(const char *fname, int lineno, char *pat) {
static int
check_scope( BackendDB *be, AccessControl *a )
{
- int patlen;
+ ber_len_t patlen;
struct berval dn;
dn = be->be_nsuffix[0];
@@ -252,7 +259,8 @@ regex_done:;
* more than one level between the suffix
* and the pattern */
if ( style == ACL_STYLE_ONE ) {
- int rdnlen = -1, sep = 0;
+ ber_len_t rdnlen = 0;
+ int sep = 0;
if ( patlen > 0 ) {
if ( !DN_SEPARATOR( dn.bv_val[dn.bv_len - patlen - 1] )) {
@@ -307,17 +315,17 @@ regex_done:;
return ACL_SCOPE_UNKNOWN;
}
-void
+int
parse_acl(
- Backend *be,
- const char *fname,
- int lineno,
- int argc,
- char **argv,
+ Backend *be,
+ const char *fname,
+ int lineno,
+ int argc,
+ char **argv,
int pos )
{
int i;
- char *left, *right, *style, *next;
+ char *left, *right, *style;
struct berval bv;
AccessControl *a;
Access *b;
@@ -329,10 +337,10 @@ parse_acl(
/* to clause - select which entries are protected */
if ( strcasecmp( argv[i], "to" ) == 0 ) {
if ( a != NULL ) {
- fprintf( stderr, "%s: line %d: "
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"only one to clause allowed in access line\n",
- fname, lineno );
- acl_usage();
+ fname, lineno, 0 );
+ return acl_usage();
}
a = (AccessControl *) ch_calloc( 1, sizeof(AccessControl) );
for ( ++i; i < argc; i++ ) {
@@ -345,11 +353,11 @@ parse_acl(
if ( !BER_BVISEMPTY( &a->acl_dn_pat ) ||
a->acl_dn_style != ACL_STYLE_REGEX )
{
- fprintf( stderr,
+ Debug( LDAP_DEBUG_ANY,
"%s: line %d: dn pattern"
" already specified in to clause.\n",
- fname, lineno );
- acl_usage();
+ fname, lineno, 0 );
+ return acl_usage();
}
ber_str2bv( "*", STRLENOF( "*" ), 1, &a->acl_dn_pat );
@@ -360,21 +368,21 @@ parse_acl(
split( left, '.', &left, &style );
if ( right == NULL ) {
- fprintf( stderr, "%s: line %d: "
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"missing \"=\" in \"%s\" in to clause\n",
fname, lineno, left );
- acl_usage();
+ return acl_usage();
}
if ( strcasecmp( left, "dn" ) == 0 ) {
if ( !BER_BVISEMPTY( &a->acl_dn_pat ) ||
a->acl_dn_style != ACL_STYLE_REGEX )
{
- fprintf( stderr,
+ Debug( LDAP_DEBUG_ANY,
"%s: line %d: dn pattern"
" already specified in to clause.\n",
- fname, lineno );
- acl_usage();
+ fname, lineno, 0 );
+ return acl_usage();
}
if ( style == NULL || *style == '\0' ||
@@ -429,10 +437,10 @@ parse_acl(
}
} else {
- fprintf( stderr, "%s: line %d: "
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"unknown dn style \"%s\" in to clause\n",
fname, lineno, style );
- acl_usage();
+ return acl_usage();
}
continue;
@@ -440,42 +448,51 @@ parse_acl(
if ( strcasecmp( left, "filter" ) == 0 ) {
if ( (a->acl_filter = str2filter( right )) == NULL ) {
- fprintf( stderr,
+ Debug( LDAP_DEBUG_ANY,
"%s: line %d: bad filter \"%s\" in to clause\n",
fname, lineno, right );
- acl_usage();
+ return acl_usage();
}
} else if ( strcasecmp( left, "attr" ) == 0 /* TOLERATED */
|| strcasecmp( left, "attrs" ) == 0 ) /* DOCUMENTED */
{
+ if ( strcasecmp( left, "attr" ) == 0 ) {
+ Debug( LDAP_DEBUG_ANY,
+ "%s: line %d: \"attr\" "
+ "is deprecated (and undocumented); "
+ "use \"attrs\" instead.\n",
+ fname, lineno, 0 );
+ }
+
a->acl_attrs = str2anlist( a->acl_attrs,
right, "," );
if ( a->acl_attrs == NULL ) {
- fprintf( stderr,
+ Debug( LDAP_DEBUG_ANY,
"%s: line %d: unknown attr \"%s\" in to clause\n",
fname, lineno, right );
- acl_usage();
+ return acl_usage();
}
} else if ( strncasecmp( left, "val", 3 ) == 0 ) {
- char *mr;
+ struct berval bv;
+ char *mr;
if ( !BER_BVISEMPTY( &a->acl_attrval ) ) {
- fprintf( stderr,
+ Debug( LDAP_DEBUG_ANY,
"%s: line %d: attr val already specified in to clause.\n",
- fname, lineno );
- acl_usage();
+ fname, lineno, 0 );
+ return acl_usage();
}
if ( a->acl_attrs == NULL || !BER_BVISEMPTY( &a->acl_attrs[1].an_name ) )
{
- fprintf( stderr,
+ Debug( LDAP_DEBUG_ANY,
"%s: line %d: attr val requires a single attribute.\n",
- fname, lineno );
- acl_usage();
+ fname, lineno, 0 );
+ return acl_usage();
}
- ber_str2bv( right, 0, 1, &a->acl_attrval );
+ ber_str2bv( right, 0, 0, &bv );
a->acl_attrval_style = ACL_STYLE_BASE;
mr = strchr( left, '/' );
@@ -485,34 +502,45 @@ parse_acl(
a->acl_attrval_mr = mr_find( mr );
if ( a->acl_attrval_mr == NULL ) {
- fprintf( stderr, "%s: line %d: "
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"invalid matching rule \"%s\".\n",
fname, lineno, mr );
- acl_usage();
+ return acl_usage();
}
if( !mr_usable_with_at( a->acl_attrval_mr, a->acl_attrs[ 0 ].an_desc->ad_type ) )
{
- fprintf( stderr, "%s: line %d: "
+ char buf[ SLAP_TEXT_BUFLEN ];
+
+ snprintf( buf, sizeof( buf ),
"matching rule \"%s\" use "
- "with attr \"%s\" not appropriate.\n",
- fname, lineno, mr,
- a->acl_attrs[ 0 ].an_name.bv_val );
- acl_usage();
+ "with attr \"%s\" not appropriate.",
+ mr, a->acl_attrs[ 0 ].an_name.bv_val );
+
+
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
}
}
if ( style != NULL ) {
if ( strcasecmp( style, "regex" ) == 0 ) {
- int e = regcomp( &a->acl_attrval_re, a->acl_attrval.bv_val,
+ int e = regcomp( &a->acl_attrval_re, bv.bv_val,
REG_EXTENDED | REG_ICASE | REG_NOSUB );
if ( e ) {
- char buf[512];
- regerror( e, &a->acl_attrval_re, buf, sizeof(buf) );
- fprintf( stderr, "%s: line %d: "
- "regular expression \"%s\" bad because of %s\n",
- fname, lineno, right, buf );
- acl_usage();
+ char err[SLAP_TEXT_BUFLEN],
+ buf[ SLAP_TEXT_BUFLEN ];
+
+ regerror( e, &a->acl_attrval_re, err, sizeof( err ) );
+
+ snprintf( buf, sizeof( buf ),
+ "regular expression \"%s\" bad because of %s",
+ right, err );
+
+ Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
+ fname, lineno, buf );
+ return acl_usage();
}
a->acl_attrval_style = ACL_STYLE_REGEX;
@@ -526,8 +554,6 @@ parse_acl(
} else if ( a->acl_attrs[0].an_desc->ad_type->
sat_syntax == slap_schema.si_syn_distinguishedName )
{
- struct berval bv;
-
if ( !strcasecmp( style, "baseObject" ) ||
!strcasecmp( style, "base" ) )
{
@@ -543,57 +569,100 @@ parse_acl(
} else if ( !strcasecmp( style, "children" ) ) {
a->acl_attrval_style = ACL_STYLE_CHILDREN;
} else {
- fprintf( stderr,
- "%s: line %d: unknown val.