further ACI factoring out & confinement

diff --git a/servers/slapd/aci.c b/servers/slapd/aci.c
index bfceacf03d90409f47d6a9949eb7fc83dc81e9cf..01c2691d039e754f71ace9594a85dad6da766d12 100644 (file)
--- a/servers/slapd/aci.c
+++ b/servers/slapd/aci.c
@@ -42,6 +42,34 @@
 
 #define ACI_BUF_SIZE   1024    /* use most appropriate size */
 
+#ifdef SLAP_DYNACL
+static
+#endif /* SLAP_DYNACL */
+AttributeDescription *slap_ad_aci;
+
+static int
+OpenLDAPaciValidate(
+       Syntax          *syntax,
+       struct berval   *val );
+
+static int
+OpenLDAPaciPretty(
+       Syntax          *syntax,
+       struct berval   *val,
+       struct berval   *out,
+       void            *ctx );
+
+static int
+OpenLDAPaciNormalize(
+       slap_mask_t     use,
+       Syntax          *syntax,
+       MatchingRule    *mr,
+       struct berval   *val,
+       struct berval   *out,
+       void            *ctx );
+
+#define        OpenLDAPaciMatch                        octetStringMatch
+
 static int
 aci_list_map_rights(
        struct berval   *list )
@@ -486,6 +514,93 @@ aci_mask(
        return 0;
 }
 
+int
+aci_init( void )
+{
+       /* OpenLDAP Experimental Syntax */
+       static slap_syntax_defs_rec aci_syntax_def = {
+               "( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
+                       SLAP_SYNTAX_HIDE,
+                       OpenLDAPaciValidate,
+                       OpenLDAPaciPretty
+       };
+       static slap_mrule_defs_rec aci_mr_def = {
+               "( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
+                       "SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
+                       SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
+                       NULL, OpenLDAPaciNormalize, OpenLDAPaciMatch,
+                       NULL, NULL,
+                       NULL
+       };
+       static struct {
+               char                    *name;
+               char                    *desc;
+               slap_mask_t             flags;
+               AttributeDescription    **ad;
+       }               aci_at = {
+               "OpenLDAPaci", "( 1.3.6.1.4.1.4203.666.1.5 "
+                       "NAME 'OpenLDAPaci' "
+                       "DESC 'OpenLDAP access control information (experimental)' "
+                       "EQUALITY OpenLDAPaciMatch "
+                       "SYNTAX 1.3.6.1.4.1.4203.666.2.1 "
+                       "USAGE directoryOperation )",
+               SLAP_AT_HIDE,
+               &slap_ad_aci
+       };
+
+       LDAPAttributeType       *at;
+       AttributeType           *sat;
+       int                     rc;
+       const char              *text;
+
+       /* ACI syntax */
+       rc = register_syntax( &aci_syntax_def );
+       if ( rc != 0 ) {
+               return rc;
+       }
+       
+       /* ACI equality rule */
+       rc = register_matching_rule( &aci_mr_def );
+       if ( rc != 0 ) {
+               return rc;
+       }
+
+       /* ACI attribute */
+       at = ldap_str2attributetype( aci_at.desc,
+               &rc, &text, LDAP_SCHEMA_ALLOW_ALL );
+       if ( !at ) {
+               Debug( LDAP_DEBUG_ANY,
+                       "%s AttributeType load failed: %s %s\n",
+                       aci_at.name, ldap_scherr2str( rc ), text );
+               return rc;
+       }
+
+       rc = at_add( at, 0, &sat, &text );
+       if ( rc != LDAP_SUCCESS ) {
+               ldap_attributetype_free( at );
+               fprintf( stderr, "iMUX_monitor_schema_init: "
+                       "AttributeType load failed: %s %s\n",
+                       scherr2str( rc ), text );
+               return rc;
+       }
+       ldap_memfree( at );
+
+       rc = slap_str2ad( aci_at.name,
+                       aci_at.ad, &text );
+       if ( rc != LDAP_SUCCESS ) {
+               Debug( LDAP_DEBUG_ANY,
+                       "unable to find AttributeDescription "
+                       "\"%s\": %d (%s)\n",
+                       aci_at.name, rc, text );
+               return 1;
+       }
+
+       /* install flags */
+       sat->sat_flags |= aci_at.flags;
+
+       return rc;
+}
+
 #ifdef SLAP_DYNACL
 /*
  * FIXME: there is a silly dependence that makes it difficult
@@ -514,7 +629,7 @@ dynacl_aci_parse( const char *fname, int lineno, slap_style_t sty, const char *r
                }
 
        } else {
-               ad = slap_schema.si_ad_aci;
+               ad = slap_ad_aci;
        }
 
        if ( !is_at_syntax( ad->ad_type, SLAPD_ACI_SYNTAX) ) {
@@ -706,7 +821,15 @@ static slap_dynacl_t       dynacl_aci = {
 int
 dynacl_aci_init( void )
 {
-       return slap_dynacl_register( &dynacl_aci );
+       int     rc;
+
+       rc = aci_init();
+
+       if ( rc == 0 ) {
+               rc = slap_dynacl_register( &dynacl_aci );
+       }
+       
+       return rc;
 }
 
 #endif /* SLAP_DYNACL */
@@ -1040,7 +1163,7 @@ static const struct berval *OpenLDAPacitypes[] = {
        NULL
 };
 
-int
+static int
 OpenLDAPaciValidate(
        Syntax          *syntax,
        struct berval   *val )
@@ -1406,7 +1529,7 @@ cleanup:;
        return rc;
 }
 
-int
+static int
 OpenLDAPaciPretty(
        Syntax          *syntax,
        struct berval   *val,
@@ -1416,7 +1539,7 @@ OpenLDAPaciPretty(
        return OpenLDAPaciPrettyNormal( val, out, ctx, 0 );
 }
 
-int
+static int
 OpenLDAPaciNormalize(
        slap_mask_t     use,
        Syntax          *syntax,

diff --git a/servers/slapd/acl.c b/servers/slapd/acl.c
index a96104f84fa925b21f9123283e91db5566cdd107..e89f1406b67a9b8dd4a6ada995c408a8df9e3026 100644 (file)
--- a/servers/slapd/acl.c
+++ b/servers/slapd/acl.c
@@ -2794,19 +2794,20 @@ slap_dynacl_get( const char *name )
 int
 acl_init( void )
 {
-#ifdef SLAP_DYNACL
-       int     rc;
+       int     rc = 0;
 
 #ifdef SLAPD_ACI_ENABLED
+#ifdef SLAP_DYNACL
        rc = dynacl_aci_init();
+#else /* !SLAP_DYNACL */
+       rc = aci_init();
+#endif /* !SLAP_DYNACL */
        if ( rc != 0 ) {
                return rc;
        }
 #endif /* SLAPD_ACI_ENABLED */
 
-#endif /* SLAP_DYNACL */
-
-       return 0;
+       return rc;
 }
 
 int

diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c
index bca6db91c2db94ede075ce1c2f829d9b68af1446..1c9a4354d702814f83d64cc8ba7dfbedcfa44928 100644 (file)
--- a/servers/slapd/aclparse.c
+++ b/servers/slapd/aclparse.c
@@ -1539,7 +1539,7 @@ parse_acl(
                                                }
 
                                        } else {
-                                               b->a_aci_at = slap_schema.si_ad_aci;
+                                               b->a_aci_at = slap_ad_aci;
                                        }
 
                                        if( !is_at_syntax( b->a_aci_at->ad_type,

diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h
index f359298df935f45bc4bab4626bb7d93aa026f331..8881076dd8ce3f4abddee658ad99fa04760ca0df 100644 (file)
--- a/servers/slapd/proto-slap.h
+++ b/servers/slapd/proto-slap.h
@@ -45,14 +45,12 @@ LDAP_SLAPD_F (int) aci_mask LDAP_P((
        slap_access_t *grant,
        slap_access_t *deny,
        slap_aci_scope_t scope));
-LDAP_SLAPD_F (int) OpenLDAPaciValidate LDAP_P((
-       Syntax *syn, struct berval *in ));
-LDAP_SLAPD_F (int) OpenLDAPaciPretty LDAP_P((
-       Syntax *syn, struct berval *val, struct berval *out, void *ctx ));
-LDAP_SLAPD_F (slap_mr_normalize_func) OpenLDAPaciNormalize;
 #ifdef SLAP_DYNACL
 LDAP_SLAPD_F (int) dynacl_aci_init LDAP_P(( void ));
-#endif /* SLAP_DYNACL */
+#else /* !SLAP_DYNACL */
+LDAP_SLAPD_F (int) aci_init LDAP_P(( void ));
+LDAP_SLAPD_V (AttributeDescription *) slap_ad_aci;
+#endif /* !SLAP_DYNACL */
 #endif /* SLAPD_ACI_ENABLED */
 
 /*
@@ -1453,9 +1451,17 @@ LDAP_SLAPD_F (void) schema_destroy LDAP_P(( void ));
 
 LDAP_SLAPD_F( slap_mr_indexer_func ) octetStringIndexer;
 LDAP_SLAPD_F( slap_mr_filter_func ) octetStringFilter;
+
 LDAP_SLAPD_F( int ) numericoidValidate LDAP_P((
        struct slap_syntax *syntax,
         struct berval *in ));
+LDAP_SLAPD_F( int ) octetStringMatch LDAP_P((
+       int *matchp,
+       slap_mask_t flags,
+       Syntax *syntax,
+       MatchingRule *mr,
+       struct berval *value,
+       void *assertedValue ));
 
 /*
  * schema_prep.c

diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c
index 5ff82c99749524f389a799e6a0b9cd6f42a12d79..07fb1f0db647c3a16528b54156e8352f985e283d 100644 (file)
--- a/servers/slapd/schema_init.c
+++ b/servers/slapd/schema_init.c
@@ -50,8 +50,6 @@
 #define HASH_Update(c,buf,len) lutil_HASHUpdate(c,buf,len)
 #define HASH_Final(d,c)                        lutil_HASHFinal(d,c)
 
-#define        OpenLDAPaciMatch                        octetStringMatch
-
 /* approx matching rules */
 #define directoryStringApproxMatchOID  "1.3.6.1.4.1.4203.666.4.4"
 #define directoryStringApproxMatch             approxMatch
@@ -129,7 +127,7 @@ static int certificateValidate( Syntax *syntax, struct berval *in )
 #define certificateValidate sequenceValidate
 #endif
 
-static int
+int
 octetStringMatch(
        int *matchp,
        slap_mask_t flags,
@@ -3426,14 +3424,6 @@ static slap_syntax_defs_rec syntax_defs[] = {
                serialNumberAndIssuerValidate,
                serialNumberAndIssuerPretty},
 
-#ifdef SLAPD_ACI_ENABLED
-       /* OpenLDAP Experimental Syntaxes */
-       {"( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )",
-               SLAP_SYNTAX_HIDE,
-               OpenLDAPaciValidate,
-               OpenLDAPaciPretty},
-#endif
-
 #ifdef SLAPD_AUTHPASSWD
        /* needs updating */
        {"( 1.3.6.1.4.1.4203.666.2.2 DESC 'OpenLDAP authPassword' )",
@@ -3850,15 +3840,6 @@ static slap_mrule_defs_rec mrule_defs[] = {
                NULL},
 #endif
 
-#ifdef SLAPD_ACI_ENABLED
-       {"( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' "
-               "SYNTAX 1.3.6.1.4.1.4203.666.2.1 )",
-               SLAP_MR_HIDE | SLAP_MR_EQUALITY, NULL,
-               NULL, OpenLDAPaciNormalize, OpenLDAPaciMatch,
-               NULL, NULL,
-               NULL},
-#endif
-
        {"( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' "
                "SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )",
                SLAP_MR_EXT, NULL,

diff --git a/servers/slapd/schema_prep.c b/servers/slapd/schema_prep.c
index dc2964e351b95b7ee5e3b96e6cf3b9b4df15795e..54d16095e674bde82eea7eff2b7bb9535dff79c3 100644 (file)
--- a/servers/slapd/schema_prep.c
+++ b/servers/slapd/schema_prep.c
@@ -887,18 +887,6 @@ static struct slap_schema_ad_map {
                NULL, NULL,
                NULL, NULL, NULL, NULL, NULL,
                offsetof(struct slap_internal_schema, si_ad_saslAuthzFrom) },
-#ifdef SLAPD_ACI_ENABLED
-       { "OpenLDAPaci", "( 1.3.6.1.4.1.4203.666.1.5 "
-                       "NAME 'OpenLDAPaci' "
-                       "DESC 'OpenLDAP access control information (experimental)' "
-                       "EQUALITY OpenLDAPaciMatch "
-                       "SYNTAX 1.3.6.1.4.1.4203.666.2.1 "
-                       "USAGE directoryOperation )",
-               NULL, SLAP_AT_HIDE,
-               NULL, NULL,
-               NULL, NULL, NULL, NULL, NULL,
-               offsetof(struct slap_internal_schema, si_ad_aci) },
-#endif
 
 #ifdef LDAP_DYNAMIC_OBJECTS
        { "entryTtl", "( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' "

diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h
index 932c413febf2312e46d15e3ea44af1a7640a1861..5ce7aad4204631641947302c974edd306f3ffebc 100644 (file)
--- a/servers/slapd/slap.h
+++ b/servers/slapd/slap.h
@@ -894,9 +894,6 @@ struct slap_internal_schema {
        AttributeDescription *si_ad_children;
        AttributeDescription *si_ad_saslAuthzTo;
        AttributeDescription *si_ad_saslAuthzFrom;
-#ifdef SLAPD_ACI_ENABLED
-       AttributeDescription *si_ad_aci;
-#endif /* SLAPD_ACI_ENABLED */
 
        /* dynamic entries */
        AttributeDescription *si_ad_entryTtl;