Author: rhafer
Date: Tue Sep 2 10:33:01 2008
New Revision: 50549
URL: http://svn.opensuse.org/viewcvs/yast?rev=50549&view=rev
Log:
return List of OlcAccess Objects back to agent
Modified:
trunk/ldap-server/src/lib/slapd-config.cpp
trunk/ldap-server/src/lib/slapd-config.h
Modified: trunk/ldap-server/src/lib/slapd-config.cpp
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/slapd-config.cpp?rev=50549&r1=50548&r2=50549&view=diff
==============================================================================
--- trunk/ldap-server/src/lib/slapd-config.cpp (original)
+++ trunk/ldap-server/src/lib/slapd-config.cpp Tue Sep 2 10:33:01 2008
@@ -420,6 +420,226 @@
}
}
+static int extractAlcToken( const std::string& acl, std::string::size_type& startpos, bool quoted )
+{
+ std::string::size_type pos;
+
+ // skip leading whitespaces
+ startpos = acl.find_first_not_of("\t ", startpos );
+
+ if ( quoted && acl[startpos] == '"' )
+ {
+ // find matching (unescapted) quote
+ startpos++;
+ pos = startpos;
+ bool found=false;
+ while( ! found )
+ {
+ pos = acl.find_first_of('"', pos+1 );
+ if ( pos == std::string::npos )
+ {
+ break;
+ }
+ if ( acl[pos-1] != '\\' )
+ {
+ found = true;
+ }
+ }
+ if ( !found )
+ {
+ log_it(SLAPD_LOG_ERR, "Not matching quote found" );
+ }
+ }
+ else
+ {
+ pos = acl.find_first_of("\t ", startpos );
+ }
+ return pos;
+}
+
+OlcAccess::OlcAccess( const std::string& aclString )
+{
+ std::string::size_type spos = 0;
+ std::string::size_type tmppos = 0;
+ // every ACL starts with "to"
+ if ( aclString.compare(0, 2, "to") != 0 )
+ {
+ log_it(SLAPD_LOG_ERR, "acl does not start with \"to\"" );
+ throw std::runtime_error( "acl does not start with \"to\"" );
+ }
+ spos+=2;
+
+ // skip whitespaces
+ tmppos = aclString.find_first_not_of("\t ", spos );
+ if ( tmppos != std::string::npos && tmppos > spos )
+ {
+ spos = tmppos;
+ }
+
+ // we should be at the start of the "what" part now, might `*`
+ // or a string followed by '='
+ if ( aclString[spos] == '*' )
+ {
+ log_it(SLAPD_LOG_ERR, "acl matches all entries" );
+ spos = tmppos+1;
+ tmppos = extractAlcToken( aclString, spos, true );
+ m_all = true;
+ }
+ else
+ {
+ m_all = false;
+ while ( true )
+ {
+ tmppos = aclString.find_first_of("=\t ", spos );
+ if ( tmppos == std::string::npos )
+ {
+ log_it(SLAPD_LOG_ERR, "Unexpected end of ACL" );
+ throw std::runtime_error( "Unexpected end of ACL" );
+ }
+ else
+ {
+ std::string whatType = aclString.substr(spos, tmppos-spos);
+ log_it(SLAPD_LOG_INFO, "Whattype: " + whatType );
+ if ( aclString.substr(spos, tmppos-spos) == "by" )
+ {
+ break;
+ }
+ spos = tmppos+1;
+
+ tmppos = extractAlcToken( aclString, spos, true );
+
+ log_it(SLAPD_LOG_INFO, "Whatvalue: " + aclString.substr(spos, tmppos-spos) );
+ if ( whatType == "filter" )
+ {
+ m_filter = aclString.substr(spos, tmppos-spos);
+ }
+ else if (whatType == "attrs")
+ {
+ m_attributes = aclString.substr(spos, tmppos-spos);
+ }
+ else if (whatType == "dn.base" || whatType == "dn.subtree" )
+ {
+ m_dn_type = whatType;
+ m_dn_value = aclString.substr(spos, tmppos-spos);
+ }
+ else
+ {
+ throw std::runtime_error( "Can't parse ACL unsupported \"what\": \"" + whatType + "\"" );
+ }
+ spos = aclString.find_first_not_of("\t ", tmppos+1 );
+ }
+ }
+ }
+ // we should have reached the "by"-clauses now
+ while ( true )
+ {
+ if ( aclString.substr(spos, tmppos-spos) != "by" )
+ {
+ break;
+ }
+ else
+ {
+ spos = tmppos+1;
+ // skip whitespaces
+ tmppos = aclString.find_first_not_of("\t ", spos );
+ if ( tmppos != std::string::npos && tmppos > spos )
+ {
+ spos = tmppos;
+ }
+
+ // we should be at the start of the "by" part now, might `*`
+ // or a string followed by '='
+ if ( aclString[spos] == '*' )
+ {
+ log_it(SLAPD_LOG_ERR, "by clause matches all entries" );
+ }
+ tmppos = aclString.find_first_of("=\t ", spos );
+ if ( tmppos == std::string::npos )
+ {
+ log_it(SLAPD_LOG_ERR, "Unexpected end of ACL" );
+ break;
+ }
+ else
+ {
+ log_it(SLAPD_LOG_INFO, "bytype: " + aclString.substr(spos, tmppos-spos) );
+ if ( aclString[tmppos] == '=' )
+ {
+ spos = tmppos+1;
+ tmppos = extractAlcToken( aclString, spos, true );
+ // is this a quoted string ?
+ log_it(SLAPD_LOG_INFO, "byvalue: " + aclString.substr(spos, tmppos-spos) );
+ }
+ spos = tmppos+1;
+ tmppos = extractAlcToken( aclString, spos, false );
+ log_it(SLAPD_LOG_INFO, "access: " + aclString.substr(spos, tmppos-spos) );
+ spos = aclString.find_first_not_of("\t ", tmppos+1 );
+ tmppos = aclString.find_first_of("\t ", spos );
+ }
+ }
+ }
+}
+
+void OlcAccess::setFilter( const std::string& filter )
+{
+ m_filter = filter;
+}
+
+
+void OlcAccess::setAttributes( const std::string& attrs )
+{
+ m_attributes = attrs;
+}
+
+void OlcAccess::setDnType( const std::string& dnType )
+{
+ if ( dnType == "dn.base" || dnType == "dn.subtree" )
+ {
+ m_dn_type = dnType;
+ }
+}
+
+void OlcAccess::setDn( const std::string& dn )
+{
+ m_dn_value = dn;
+}
+
+void OlcAccess::setMatchAll( bool matchAll )
+{
+ m_all = matchAll;
+ if ( matchAll )
+ {
+ m_attributes = "";
+ m_dn_type = "";
+ m_dn_value = "";
+ m_filter = "";
+ }
+}
+
+std::string OlcAccess::getFilter() const
+{
+ return m_filter;
+}
+
+std::string OlcAccess::getAttributes() const
+{
+ return m_attributes;
+}
+
+std::string OlcAccess::getDnType() const
+{
+ return m_dn_type;
+}
+
+std::string OlcAccess::getDnValue() const
+{
+ return m_dn_value;
+}
+
+bool OlcAccess::matchesAll() const
+{
+ return m_all;
+}
+
OlcDatabase::OlcDatabase( const LDAPEntry& le=LDAPEntry()) : OlcConfigEntry(le)
{
@@ -476,46 +696,10 @@
return this->m_type;
}
-static int extractAlcToken( const std::string& acl, std::string::size_type& startpos, bool quoted )
-{
- std::string::size_type pos;
-
- // skip leading whitespaces
- startpos = acl.find_first_not_of("\t ", startpos );
-
- if ( quoted && acl[startpos] == '"' )
- {
- // find matching (unescapted) quote
- startpos++;
- pos = startpos;
- bool found=false;
- while( ! found )
- {
- pos = acl.find_first_of('"', pos+1 );
- if ( pos == std::string::npos )
- {
- break;
- }
- if ( acl[pos-1] != '\\' )
- {
- found = true;
- }
- }
- if ( !found )
- {
- log_it(SLAPD_LOG_ERR, "Not matching quote found" );
- }
- }
- else
- {
- pos = acl.find_first_of("\t ", startpos );
- }
- return pos;
-}
-
-void OlcDatabase::getAcl() const
+OlcAccessList OlcDatabase::getAcl() const
{
const LDAPAttribute* aclAttr = m_dbEntryChanged.getAttributeByName("olcAccess");
+ OlcAccessList aclList;
if ( aclAttr )
{
StringList values = aclAttr->getValues();
@@ -525,9 +709,15 @@
log_it(SLAPD_LOG_INFO, "acl VALUE: " + *i );
std::string aclString;
int index = splitIndexFromString( *i, aclString );
- OlcAccess acl(aclString);
+ try {
+ boost::shared_ptr<OlcAccess> acl( new OlcAccess(aclString) );
+ aclList.push_back(acl);
+ }
+ catch ( std::runtime_error e )
+ {}
}
}
+ return aclList;
}
void OlcDatabase::addAccessControl(const std::string& acl, int index )
@@ -941,187 +1131,6 @@
m_dbEntryChanged.replaceAttribute(attr);
}
-OlcAccess::OlcAccess( const std::string& aclString )
-{
- std::string::size_type spos = 0;
- std::string::size_type tmppos = 0;
- // every ACL starts with "to"
- if ( aclString.compare(0, 2, "to") != 0 )
- {
- log_it(SLAPD_LOG_ERR, "acl does not start with \"to\"" );
- throw std::runtime_error( "acl does not start with \"to\"" );
- }
- spos+=2;
-
- // skip whitespaces
- tmppos = aclString.find_first_not_of("\t ", spos );
- if ( tmppos != std::string::npos && tmppos > spos )
- {
- spos = tmppos;
- }
-
- // we should be at the start of the "what" part now, might `*`
- // or a string followed by '='
- if ( aclString[spos] == '*' )
- {
- log_it(SLAPD_LOG_ERR, "acl matches all entries" );
- spos = tmppos+1;
- tmppos = extractAlcToken( aclString, spos, true );
- m_all = true;
- }
- else
- {
- while ( true )
- {
- tmppos = aclString.find_first_of("=\t ", spos );
- if ( tmppos == std::string::npos )
- {
- log_it(SLAPD_LOG_ERR, "Unexpected end of ACL" );
- throw std::runtime_error( "Unexpected end of ACL" );
- }
- else
- {
- std::string whatType = aclString.substr(spos, tmppos-spos);
- log_it(SLAPD_LOG_INFO, "Whattype: " + whatType );
- if ( aclString.substr(spos, tmppos-spos) == "by" )
- {
- break;
- }
- spos = tmppos+1;
-
- tmppos = extractAlcToken( aclString, spos, true );
-
- log_it(SLAPD_LOG_INFO, "Whatvalue: " + aclString.substr(spos, tmppos-spos) );
- if ( whatType == "filter" )
- {
- m_filter = aclString.substr(spos, tmppos-spos);
- }
- else if (whatType == "attrs")
- {
- m_attributes = aclString.substr(spos, tmppos-spos);
- }
- else if (whatType == "dn.base" || whatType == "dn.subtree" )
- {
- m_dn_type = whatType;
- m_dn_value = aclString.substr(spos, tmppos-spos);
- }
- else
- {
- throw std::runtime_error( "Can't parse ACL unsupported \"what\": \"" + whatType + "\"" );
- }
- spos = aclString.find_first_not_of("\t ", tmppos+1 );
- }
- }
- }
- // we should have reached the "by"-clauses now
- while ( true )
- {
- if ( aclString.substr(spos, tmppos-spos) != "by" )
- {
- break;
- }
- else
- {
- spos = tmppos+1;
- // skip whitespaces
- tmppos = aclString.find_first_not_of("\t ", spos );
- if ( tmppos != std::string::npos && tmppos > spos )
- {
- spos = tmppos;
- }
-
- // we should be at the start of the "by" part now, might `*`
- // or a string followed by '='
- if ( aclString[spos] == '*' )
- {
- log_it(SLAPD_LOG_ERR, "by clause matches all entries" );
- }
- tmppos = aclString.find_first_of("=\t ", spos );
- if ( tmppos == std::string::npos )
- {
- log_it(SLAPD_LOG_ERR, "Unexpected end of ACL" );
- break;
- }
- else
- {
- log_it(SLAPD_LOG_INFO, "bytype: " + aclString.substr(spos, tmppos-spos) );
- if ( aclString[tmppos] == '=' )
- {
- spos = tmppos+1;
- tmppos = extractAlcToken( aclString, spos, true );
- // is this a quoted string ?
- log_it(SLAPD_LOG_INFO, "byvalue: " + aclString.substr(spos, tmppos-spos) );
- }
- spos = tmppos+1;
- tmppos = extractAlcToken( aclString, spos, false );
- log_it(SLAPD_LOG_INFO, "access: " + aclString.substr(spos, tmppos-spos) );
- spos = aclString.find_first_not_of("\t ", tmppos+1 );
- tmppos = aclString.find_first_of("\t ", spos );
- }
- }
- }
-}
-
-void OlcAccess::setFilter( const std::string& filter )
-{
- m_filter = filter;
-}
-
-
-void OlcAccess::setAttributes( const std::string& attrs )
-{
- m_attributes = attrs;
-}
-
-void OlcAccess::setDnType( const std::string& dnType )
-{
- if ( dnType == "dn.base" || dnType == "dn.subtree" )
- {
- m_dn_type = dnType;
- }
-}
-
-void OlcAccess::setDn( const std::string& dn )
-{
- m_dn_value = dn;
-}
-
-void OlcAccess::setMatchAll( bool matchAll )
-{
- m_all = matchAll;
- if ( matchAll )
- {
- m_attributes = "";
- m_dn_type = "";
- m_dn_value = "";
- m_filter = "";
- }
-}
-
-std::string OlcAccess::getFilter() const
-{
- return m_filter;
-}
-
-std::string OlcAccess::getAttributes() const
-{
- return m_attributes;
-}
-
-std::string OlcAccess::getDnType() const
-{
- return m_dn_type;
-}
-
-std::string OlcAccess::getDnValue() const
-{
- return m_dn_value;
-}
-
-bool OlcAccess::matchesAll() const
-{
- return m_all;
-}
OlcTlsSettings OlcGlobalConfig::getTlsSettings() const
Modified: trunk/ldap-server/src/lib/slapd-config.h
URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/slapd-config.h?rev=50549&r1=50548&r2=50549&view=diff
==============================================================================
--- trunk/ldap-server/src/lib/slapd-config.h (original)
+++ trunk/ldap-server/src/lib/slapd-config.h Tue Sep 2 10:33:01 2008
@@ -122,7 +122,32 @@
std::string m_parent;
};
+class OlcAccess
+{
+ public:
+ OlcAccess( const std::string &aclString);
+ void setFilter( const std::string& filter );
+ void setAttributes( const std::string& attrs );
+ void setDnType( const std::string& dnType );
+ void setDn( const std::string& dn );
+ void setMatchAll( bool matchAll );
+
+ std::string getFilter() const;
+ std::string getAttributes() const;
+ std::string getDnType() const;
+ std::string getDnValue() const;
+ bool matchesAll() const;
+
+ private:
+ std::string m_filter;
+ std::string m_attributes;
+ std::string m_dn_value;
+ std::string m_dn_type;
+ bool m_all;
+};
+
typedef std::list