static void split(char *line, int splitchar, char **left, char **right);
static void access_append(Access **l, Access *a);
+static void access_free( Access *a );
static int acl_usage(void);
static void acl_regex_normalized_dn(const char *src, struct berval *pat);
int i;
char *left, *right, *style;
struct berval bv;
- AccessControl *a;
- Access *b;
+ AccessControl *a = NULL;
+ Access *b = NULL;
int rc;
const char *text;
- a = NULL;
for ( i = 1; i < argc; i++ ) {
/* to clause - select which entries are protected */
if ( strcasecmp( argv[i], "to" ) == 0 ) {
"%s: line %d: dn pattern"
" already specified in to clause.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
ber_str2bv( "*", STRLENOF( "*" ), 1, &a->acl_dn_pat );
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"missing \"=\" in \"%s\" in to clause\n",
fname, lineno, left );
- return acl_usage();
+ goto fail;
}
if ( strcasecmp( left, "dn" ) == 0 ) {
"%s: line %d: dn pattern"
" already specified in to clause.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( style == NULL || *style == '\0' ||
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"unknown dn style \"%s\" in to clause\n",
fname, lineno, style );
- return acl_usage();
+ goto fail;
}
continue;
Debug( LDAP_DEBUG_ANY,
"%s: line %d: bad filter \"%s\" in to clause\n",
fname, lineno, right );
- return acl_usage();
+ goto fail;
}
} else if ( strcasecmp( left, "attr" ) == 0 /* TOLERATED */
Debug( LDAP_DEBUG_ANY,
"%s: line %d: unknown attr \"%s\" in to clause\n",
fname, lineno, right );
- return acl_usage();
+ goto fail;
}
} else if ( strncasecmp( left, "val", 3 ) == 0 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: attr val already specified in to clause.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( a->acl_attrs == NULL || !BER_BVISEMPTY( &a->acl_attrs[1].an_name ) )
{
Debug( LDAP_DEBUG_ANY,
"%s: line %d: attr val requires a single attribute.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
ber_str2bv( right, 0, 0, &bv );
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"invalid matching rule \"%s\".\n",
fname, lineno, mr );
- return acl_usage();
+ goto fail;
}
if( !mr_usable_with_at( a->acl_attrval_mr, a->acl_attrs[ 0 ].an_desc->ad_type ) )
Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
fname, lineno, buf );
- return acl_usage();
+ goto fail;
}
}
Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
fname, lineno, buf );
- return acl_usage();
+ goto fail;
}
a->acl_attrval_style = ACL_STYLE_REGEX;
} else {
char buf[ SLAP_TEXT_BUFLEN ];
- /* FIXME: should be an error */
-
snprintf( buf, sizeof( buf ),
"unknown val.<style> \"%s\" for attributeType \"%s\" "
"with DN syntax.",
Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL,
"%s: line %d: %s\n",
fname, lineno, buf );
- return acl_usage();
- a->acl_attrval_style = ACL_STYLE_BASE;
+ goto fail;
}
rc = dnNormalize( 0, NULL, NULL, &bv, &a->acl_attrval, NULL );
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
- return acl_usage();
+ goto fail;
}
} else {
char buf[ SLAP_TEXT_BUFLEN ];
- /* FIXME: should be an error */
-
snprintf( buf, sizeof( buf ),
"unknown val.<style> \"%s\" for attributeType \"%s\".",
style, a->acl_attrs[0].an_desc->ad_cname.bv_val );
Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL,
"%s: line %d: %s\n",
fname, lineno, buf );
- return acl_usage();
- a->acl_attrval_style = ACL_STYLE_BASE;
+ goto fail;
}
}
}
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"attr \"%s\" does not have an EQUALITY matching rule.\n",
fname, lineno, a->acl_attrs[ 0 ].an_name.bv_val );
- return acl_usage();
+ goto fail;
}
rc = asserted_value_validate_normalize(
a->acl_attrs[ 0 ].an_name.bv_val, rc, text );
Debug( LDAP_DEBUG_ANY, "%s: line %d: %s.\n",
fname, lineno, buf );
- return acl_usage();
+ goto fail;
}
}
Debug( LDAP_DEBUG_ANY,
"%s: line %d: expecting <what> got \"%s\"\n",
fname, lineno, left );
- return acl_usage();
+ goto fail;
}
}
Debug( LDAP_DEBUG_ANY,
"%s: line %d: bad DN \"%s\" in to DN clause\n",
fname, lineno, a->acl_dn_pat.bv_val );
- return acl_usage();
+ goto fail;
}
free( a->acl_dn_pat.bv_val );
a->acl_dn_pat = bv;
right, err );
Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
fname, lineno, buf );
- return acl_usage();
+ goto fail;
}
}
}
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"to clause required before by clause in access line\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
/*
* by clause consists of <who> and <access>
*/
- b = (Access *) ch_calloc( 1, sizeof(Access) );
-
- ACL_INVALIDATE( b->a_access_mask );
-
if ( ++i == argc ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: premature EOL: expecting <who>\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
+ b = (Access *) ch_calloc( 1, sizeof(Access) );
+
+ ACL_INVALIDATE( b->a_access_mask );
+
/* get <who> */
for ( ; i < argc; i++ ) {
slap_style_t sty = ACL_STYLE_REGEX;
"%s: line %d: premature eol: "
"expecting closing '}' in \"level{n}\"\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
} else if ( p == style_level ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: empty level "
"%s: line %d: unable to parse level "
"in \"level{n}\"\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
sty = ACL_STYLE_LEVEL;
"%s: line %d: "
"\"path\" style modifier is useless without local.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
#endif /* LDAP_PF_LOCAL */
} else {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: unknown style \"%s\" in by clause\n",
fname, lineno, style );
- return acl_usage();
+ goto fail;
}
if ( style_modifier &&
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"\"regex\" style implies \"expand\" modifier.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
break;
case ACL_STYLE_EXPAND:
Debug( LDAP_DEBUG_CONFIG | LDAP_DEBUG_ACL, "%s: line %d: \"expand\" style "
"or modifier used in conjunction with a non-regex <what> clause.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( strncasecmp( left, "real", STRLENOF( "real" ) ) == 0 ) {
if ( strcasecmp( left, "*" ) == 0 ) {
if ( is_realdn ) {
- return acl_usage();
+ goto fail;
}
ber_str2bv( "*", STRLENOF( "*" ), 1, &bv );
"missing \"=\" in (or value after) \"%s\" "
"in by clause\n",
fname, lineno, left );
- return acl_usage();
+ goto fail;
} else {
ber_str2bv( right, 0, 1, &bv );
Debug( LDAP_DEBUG_ANY,
"%s: line %d: dn pattern already specified.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( sty != ACL_STYLE_REGEX &&
Debug( LDAP_DEBUG_ANY,
"%s: line %d: bad DN \"%s\" in by DN clause\n",
fname, lineno, bv.bv_val );
- return acl_usage();
+ goto fail;
}
free( bv.bv_val );
if ( sty == ACL_STYLE_BASE
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"\"expand\" used with no expansions in \"pattern\".\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
}
if ( sty == ACL_STYLE_SELF ) {
"%s: line %d: bad negative level \"%d\" "
"in by DN clause\n",
fname, lineno, level );
- return acl_usage();
+ goto fail;
} else if ( level == 1 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: \"onelevel\" should be used "
"missing \"=\" in (or value after) \"%s\" "
"in by clause\n",
fname, lineno, left );
- return acl_usage();
+ goto fail;
}
if( bdn->a_at != NULL ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: dnattr already specified.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
rc = slap_str2ad( right, &bdn->a_at, &text );
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
- return acl_usage();
+ goto fail;
}
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
- return acl_usage();
+ goto fail;
}
if( bdn->a_at->ad_type->sat_equality == NULL ) {
"%s: line %d: dnattr \"%s\": "
"inappropriate matching (no EQUALITY)\n",
fname, lineno, right );
- return acl_usage();
+ goto fail;
}
continue;
"%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
- return acl_usage();
+ goto fail;
}
if ( right == NULL || right[0] == '\0' ) {
"missing \"=\" in (or value after) \"%s\" "
"in by clause.\n",
fname, lineno, left );
- return acl_usage();
+ goto fail;
}
if ( !BER_BVISEMPTY( &b->a_group_pat ) ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: group pattern already specified.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
/* format of string is
Debug( LDAP_DEBUG_ANY,
"%s: line %d: bad DN \"%s\".\n",
fname, lineno, right );
- return acl_usage();
+ goto fail;
}
}
"%s: line %d: group objectclass "
"\"%s\" unknown.\n",
fname, lineno, value );
- return acl_usage();
+ goto fail;
}
} else {
"%s: line %d: group default objectclass "
"\"%s\" unknown.\n",
fname, lineno, SLAPD_GROUP_CLASS );
- return acl_usage();
+ goto fail;
}
}
"%s: line %d: group objectclass \"%s\" "
"is subclass of referral.\n",
fname, lineno, value );
- return acl_usage();
+ goto fail;
}
if ( is_object_subclass( slap_schema.si_oc_alias,
"%s: line %d: group objectclass \"%s\" "
"is subclass of alias.\n",
fname, lineno, value );
- return acl_usage();
+ goto fail;
}
if ( name && *name ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
- return acl_usage();
+ goto fail;
}
*--name = '/';
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
- return acl_usage();
+ goto fail;
}
}
Debug( LDAP_DEBUG_ANY,
"%s: line %d: %s\n",
fname, lineno, buf );
- return acl_usage();
+ goto fail;
}
b->a_group_oc->soc_oid );
Debug( LDAP_DEBUG_ANY, "%s: line %d: %s\n",
fname, lineno, buf );
- return acl_usage();
+ goto fail;
}
}
continue;
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
- return acl_usage();
+ goto fail;
}
if ( right == NULL || right[0] == '\0' ) {
"missing \"=\" in (or value after) \"%s\" "
"in by clause.\n",
fname, lineno, left );
- return acl_usage();
+ goto fail;
}
if ( !BER_BVISEMPTY( &b->a_peername_pat ) ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"peername pattern already specified.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
b->a_peername_style = sty;
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"illegal peername address \"%s\".\n",
fname, lineno, addr );
- return acl_usage();
+ goto fail;
}
b->a_peername_mask = (unsigned long)(-1);
"illegal peername address mask "
"\"%s\".\n",
fname, lineno, mask );
- return acl_usage();
+ goto fail;
}
}
"illegal peername port specification "
"\"{%s}\".\n",
fname, lineno, port );
- return acl_usage();
+ goto fail;
}
}
}
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause\n",
fname, lineno, style );
- return acl_usage();
+ goto fail;
}
if ( right == NULL || right[0] == '\0' ) {
"missing \"=\" in (or value after) \"%s\" "
"in by clause\n",
fname, lineno, left );
- return acl_usage();
+ goto fail;
}
if ( !BER_BVISNULL( &b->a_sockname_pat ) ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"sockname pattern already specified.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
b->a_sockname_style = sty;
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
- return acl_usage();
+ goto fail;
}
if ( right == NULL || right[0] == '\0' ) {
"missing \"=\" in (or value after) \"%s\" "
"in by clause.\n",
fname, lineno, left );
- return acl_usage();
+ goto fail;
}
if ( !BER_BVISEMPTY( &b->a_domain_pat ) ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: domain pattern already specified.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
b->a_domain_style = sty;
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
- return acl_usage();
+ goto fail;
}
if ( right == NULL || right[0] == '\0' ) {
"missing \"=\" in (or value after) \"%s\" "
"in by clause.\n",
fname, lineno, left );
- return acl_usage();
+ goto fail;
}
if ( !BER_BVISEMPTY( &b->a_sockurl_pat ) ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: sockurl pattern already specified.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
b->a_sockurl_style = sty;
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
- return acl_usage();
+ goto fail;
}
if ( !BER_BVISEMPTY( &b->a_set_pat ) ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: set attribute already specified.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( right == NULL || *right == '\0' ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: no set is defined.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
b->a_set_style = sty;
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"unable to configure dynacl \"%s\".\n",
fname, lineno, name );
- return acl_usage();
+ goto fail;
}
continue;
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
- return acl_usage();
+ goto fail;
}
if ( b->a_authz.sai_ssf ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: ssf attribute already specified.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( right == NULL || *right == '\0' ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: no ssf is defined.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( lutil_atou( &b->a_authz.sai_ssf, right ) != 0 ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: unable to parse ssf value (%s).\n",
fname, lineno, right );
- return acl_usage();
+ goto fail;
}
if ( !b->a_authz.sai_ssf ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: invalid ssf value (%s).\n",
fname, lineno, right );
- return acl_usage();
+ goto fail;
}
continue;
}
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
- return acl_usage();
+ goto fail;
}
if ( b->a_authz.sai_transport_ssf ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"transport_ssf attribute already specified.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( right == NULL || *right == '\0' ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: no transport_ssf is defined.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( lutil_atou( &b->a_authz.sai_transport_ssf, right ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"unable to parse transport_ssf value (%s).\n",
fname, lineno, right );
- return acl_usage();
+ goto fail;
}
if ( !b->a_authz.sai_transport_ssf ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: invalid transport_ssf value (%s).\n",
fname, lineno, right );
- return acl_usage();
+ goto fail;
}
continue;
}
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
- return acl_usage();
+ goto fail;
}
if ( b->a_authz.sai_tls_ssf ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"tls_ssf attribute already specified.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( right == NULL || *right == '\0' ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: no tls_ssf is defined\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( lutil_atou( &b->a_authz.sai_tls_ssf, right ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"unable to parse tls_ssf value (%s).\n",
fname, lineno, right );
- return acl_usage();
+ goto fail;
}
if ( !b->a_authz.sai_tls_ssf ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: invalid tls_ssf value (%s).\n",
fname, lineno, right );
- return acl_usage();
+ goto fail;
}
continue;
}
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"inappropriate style \"%s\" in by clause.\n",
fname, lineno, style );
- return acl_usage();
+ goto fail;
}
if ( b->a_authz.sai_sasl_ssf ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"sasl_ssf attribute already specified.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( right == NULL || *right == '\0' ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: no sasl_ssf is defined.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( lutil_atou( &b->a_authz.sai_sasl_ssf, right ) != 0 ) {
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"unable to parse sasl_ssf value (%s).\n",
fname, lineno, right );
- return acl_usage();
+ goto fail;
}
if ( !b->a_authz.sai_sasl_ssf ) {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: invalid sasl_ssf value (%s).\n",
fname, lineno, right );
- return acl_usage();
+ goto fail;
}
continue;
}
Debug( LDAP_DEBUG_ANY,
"%s: line %d: expecting <access> got \"%s\".\n",
fname, lineno, left );
- return acl_usage();
+ goto fail;
}
b->a_type = ACL_STOP;
}
access_append( &a->acl_access, b );
+ b = NULL;
} else {
Debug( LDAP_DEBUG_ANY,
"%s: line %d: expecting \"to\" "
"or \"by\" got \"%s\"\n",
fname, lineno, argv[i] );
- return acl_usage();
+ goto fail;
}
}
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"warning: no access clause(s) specified in access line.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
} else {
#ifdef LDAP_DEBUG
Debug( LDAP_DEBUG_ANY, "%s: line %d: "
"warning: no by clause(s) specified in access line.\n",
fname, lineno, 0 );
- return acl_usage();
+ goto fail;
}
if ( be != NULL ) {
}
return 0;
+
+fail:
+ if ( b ) access_free( b );
+ if ( a ) acl_free( a );
+ return acl_usage();
}
char *
projects / openldap / commitdiff