From: Howard Chu Date: Fri, 18 Mar 2022 16:34:40 +0000 (+0000) Subject: ITS#10089 - Use ConfigArgs in ACL parsing X-Git-Tag: OPENLDAP_REL_ENG_2_5_17~49 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f58a44f63ea7c8e0eee57e25e8560a8730d28272;p=thirdparty%2Fopenldap.git ITS#10089 - Use ConfigArgs in ACL parsing For better error propagation back to config clients, also remove unconditional use of stderr. parse_acl() was only partially converted, the rest remains to be done. --- diff --git a/servers/slapd/aci.c b/servers/slapd/aci.c index 33e60744dd..c8cc41d2a5 100644 --- a/servers/slapd/aci.c +++ b/servers/slapd/aci.c @@ -39,6 +39,7 @@ #include "slap.h" #include "lber_pvt.h" #include "lutil.h" +#include "slap-config.h" /* use most appropriate size */ #define ACI_BUF_SIZE 1024 @@ -741,8 +742,7 @@ aci_init( void ) static int dynacl_aci_parse( - const char *fname, - int lineno, + ConfigArgs *c, const char *opts, slap_style_t sty, const char *right, @@ -752,17 +752,19 @@ dynacl_aci_parse( const char *text = NULL; if ( sty != ACL_STYLE_REGEX && sty != ACL_STYLE_BASE ) { - fprintf( stderr, "%s: line %d: " - "inappropriate style \"%s\" in \"aci\" by clause\n", - fname, lineno, style_strings[sty] ); + snprintf( c->cr_msg, sizeof( c->cr_msg ), + "inappropriate style \"%s\" in \"aci\" by clause", + style_strings[sty] ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg ); return -1; } if ( right != NULL && *right != '\0' ) { if ( slap_str2ad( right, &ad, &text ) != LDAP_SUCCESS ) { - fprintf( stderr, - "%s: line %d: aci \"%s\": %s\n", - fname, lineno, right, text ); + snprintf( c->cr_msg, sizeof( c->cr_msg ), + "aci \"%s\": %s", + right, text ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg ); return -1; } @@ -771,10 +773,10 @@ dynacl_aci_parse( } if ( !is_at_syntax( ad->ad_type, SLAPD_ACI_SYNTAX) ) { - fprintf( stderr, "%s: line %d: " - "aci \"%s\": inappropriate syntax: %s\n", - fname, lineno, right, - ad->ad_type->sat_syntax_oid ); + snprintf( c->cr_msg, sizeof( c->cr_msg ), + "aci \"%s\": inappropriate syntax: %s", + right, ad->ad_type->sat_syntax_oid ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg ); return -1; } diff --git a/servers/slapd/aclparse.c b/servers/slapd/aclparse.c index a23d58ec5b..bd53e9c27d 100644 --- a/servers/slapd/aclparse.c +++ b/servers/slapd/aclparse.c @@ -37,6 +37,7 @@ #include "slap.h" #include "lber_pvt.h" #include "lutil.h" +#include "slap-config.h" static const char style_base[] = "base"; const char *style_strings[] = { @@ -76,8 +77,7 @@ static int check_scope( BackendDB *be, AccessControl *a ); #ifdef SLAP_DYNACL static int slap_dynacl_config( - const char *fname, - int lineno, + struct config_args_s *c, Access *b, const char *name, const char *opts, @@ -89,9 +89,10 @@ slap_dynacl_config( for ( da = b->a_dynacl; da; da = da->da_next ) { if ( strcasecmp( da->da_name, name ) == 0 ) { - Debug( LDAP_DEBUG_ANY, - "%s: line %d: dynacl \"%s\" already specified.\n", - fname, lineno, name ); + snprintf( c->cr_msg, sizeof( c->cr_msg ), + "dynacl \"%s\" already specified", + name ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg ); return acl_usage(); } } @@ -105,7 +106,7 @@ slap_dynacl_config( *tmp = *da; if ( tmp->da_parse ) { - rc = ( *tmp->da_parse )( fname, lineno, opts, sty, right, &tmp->da_private ); + rc = ( *tmp->da_parse )( c, opts, sty, right, &tmp->da_private ); if ( rc ) { ch_free( tmp ); return rc; @@ -321,11 +322,7 @@ regex_done:; int parse_acl( - Backend *be, - const char *fname, - int lineno, - int argc, - char **argv, + struct config_args_s *c, int pos ) { int i; @@ -335,14 +332,19 @@ parse_acl( Access *b = NULL; int rc; const char *text; + Backend *be = c->be; + const char *fname = c->fname; + int lineno = c->lineno; + int argc = c->argc; + char **argv = c->argv; for ( i = 1; i < argc; i++ ) { /* to clause - select which entries are protected */ if ( strcasecmp( argv[i], "to" ) == 0 ) { if ( a != NULL ) { - Debug( LDAP_DEBUG_ANY, "%s: line %d: " - "only one to clause allowed in access line\n", - fname, lineno ); + snprintf( c->cr_msg, sizeof( c->cr_msg ), + "only one to clause allowed in access line" ); + Debug( LDAP_DEBUG_ANY, "%s: %s.\n", c->log, c->cr_msg ); goto fail; } a = (AccessControl *) ch_calloc( 1, sizeof(AccessControl) ); @@ -1607,7 +1609,7 @@ parse_acl( } if ( name ) { - if ( slap_dynacl_config( fname, lineno, b, name, opts, sty, right ) ) { + if ( slap_dynacl_config( c, b, name, opts, sty, right ) ) { Debug( LDAP_DEBUG_ANY, "%s: line %d: " "unable to configure dynacl \"%s\".\n", fname, lineno, name ); diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c index cf8d887b58..4af46393bd 100644 --- a/servers/slapd/bconfig.c +++ b/servers/slapd/bconfig.c @@ -2247,7 +2247,7 @@ sortval_reject: for ( a=c->be->be_acl; a; a = a->acl_next ) i++; } - if ( parse_acl(c->be, c->fname, c->lineno, c->argc, c->argv, i ) ) { + if ( parse_acl( c, i ) ) { if ( SLAP_CONFIG( c->be ) && !c->be->be_acl) { c->be->be_acl = defacl_parsed; } @@ -7447,7 +7447,12 @@ config_back_db_open( BackendDB *be, ConfigReply *cr ) */ save_access = be->bd_self->be_acl; be->bd_self->be_acl = NULL; - parse_acl(be->bd_self, "config_back_db_open", 0, 6, (char **)defacl, 0 ); + c.be = be->bd_self; + c.fname = "config_back_db_open"; + c.lineno = 0; + c.argc = 6; + c.argv = (char **)defacl; + parse_acl( &c, 0 ); defacl_parsed = be->bd_self->be_acl; if ( save_access ) { be->bd_self->be_acl = save_access; diff --git a/servers/slapd/proto-slap.h b/servers/slapd/proto-slap.h index 106a3710ac..c1364a943a 100644 --- a/servers/slapd/proto-slap.h +++ b/servers/slapd/proto-slap.h @@ -100,9 +100,7 @@ LDAP_SLAPD_F (int) acl_string_expand LDAP_P(( */ LDAP_SLAPD_V (LDAP_CONST char *) style_strings[]; -LDAP_SLAPD_F (int) parse_acl LDAP_P(( Backend *be, - const char *fname, int lineno, - int argc, char **argv, int pos )); +LDAP_SLAPD_F (int) parse_acl LDAP_P(( struct config_args_s *ca, int pos )); LDAP_SLAPD_F (char *) access2str LDAP_P(( slap_access_t access )); LDAP_SLAPD_F (slap_access_t) str2access LDAP_P(( const char *str )); diff --git a/servers/slapd/slap.h b/servers/slapd/slap.h index 5cf2f4632d..605a80f38f 100644 --- a/servers/slapd/slap.h +++ b/servers/slapd/slap.h @@ -1319,12 +1319,15 @@ typedef struct AuthorizationInformation { slap_ssf_t sai_sasl_ssf; /* SASL SSF */ } AuthorizationInformation; +typedef struct config_args_s ConfigArgs; /* slap-config.h */ +typedef struct config_reply_s ConfigReply; /* slap-config.h */ + #ifdef SLAP_DYNACL /* * "dynamic" ACL infrastructure (for ACIs and more) */ -typedef int (slap_dynacl_parse) LDAP_P(( const char *fname, int lineno, +typedef int (slap_dynacl_parse) LDAP_P(( ConfigArgs *ca, const char *opts, slap_style_t, const char *, void **privp )); typedef int (slap_dynacl_unparse) LDAP_P(( void *priv, struct berval *bv )); typedef int (slap_dynacl_mask) LDAP_P(( @@ -2019,7 +2022,6 @@ typedef int (BI_config) LDAP_P((BackendInfo *bi, const char *fname, int lineno, int argc, char **argv)); -typedef struct config_reply_s ConfigReply; /* slap-config.h */ typedef int (BI_db_func) LDAP_P((Backend *bd, ConfigReply *cr)); typedef BI_db_func BI_db_init; typedef BI_db_func BI_db_open;