Author: rhafer Date: Tue Sep 2 14:01:15 2008 New Revision: 50565 URL: http://svn.opensuse.org/viewcvs/yast?rev=50565&view=rev Log: reworked API to indicate "unsupported" ACLs Modified: trunk/ldap-server/src/agent/SlapdConfigAgent.cc trunk/ldap-server/src/lib/slapd-config.cpp trunk/ldap-server/src/lib/slapd-config.h Modified: trunk/ldap-server/src/agent/SlapdConfigAgent.cc URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/agent/SlapdConfigAgent.cc?rev=50565&r1=50564&r2=50565&view=diff ============================================================================== --- trunk/ldap-server/src/agent/SlapdConfigAgent.cc (original) +++ trunk/ldap-server/src/agent/SlapdConfigAgent.cc Tue Sep 2 14:01:15 2008 @@ -620,60 +620,68 @@ else if ( dbComponent == "acl" ) { YCPList resList; - OlcAccessList aclList = (*i)->getAcl(); - OlcAccessList::const_iterator j; - for ( j = aclList.begin(); j != aclList.end(); j++ ) - { - YCPMap aclMap; - YCPMap targetMap; - YCPList accessList; - if ( (*j)->matchesAll() ) - { - } - else - { - std::string filter = (*j)->getFilter(); - if (filter != "" ) + OlcAccessList aclList; + bool parsed = (*i)->getAcl(aclList); + if ( parsed ) + { + OlcAccessList::const_iterator j; + for ( j = aclList.begin(); j != aclList.end(); j++ ) + { + YCPMap aclMap; + YCPMap targetMap; + YCPList accessList; + if ( (*j)->matchesAll() ) { - targetMap.add( YCPString("filter"), YCPString(filter) ); } - std::string attrs = (*j)->getAttributes(); - if (attrs != "" ) - { - targetMap.add( YCPString("attrs"), YCPString(attrs) ); - } - std::string dn_value = (*j)->getDnValue(); - if ( dn_value != "" ) + else { - YCPMap dnMap; - std::string dn_type = (*j)->getDnType(); - if (dn_type == "dn.subtree" ) + std::string filter = (*j)->getFilter(); + if (filter != "" ) { - dnMap.add(YCPString("style"), YCPString("subtree") ); + targetMap.add( YCPString("filter"), YCPString(filter) ); } - else + std::string attrs = (*j)->getAttributes(); + if (attrs != "" ) { - dnMap.add(YCPString("style"), YCPString("base") ); + targetMap.add( YCPString("attrs"), YCPString(attrs) ); + } + std::string dn_value = (*j)->getDnValue(); + if ( dn_value != "" ) + { + YCPMap dnMap; + std::string dn_type = (*j)->getDnType(); + if (dn_type == "dn.subtree" ) + { + dnMap.add(YCPString("style"), YCPString("subtree") ); + } + else + { + dnMap.add(YCPString("style"), YCPString("base") ); + } + dnMap.add(YCPString("value"), YCPString(dn_value) ); + targetMap.add( YCPString("dn"), dnMap ); } - dnMap.add(YCPString("value"), YCPString(dn_value) ); - targetMap.add( YCPString("dn"), dnMap ); } + aclMap.add( YCPString("target"), targetMap ); + OlcAclByList byList =(*j)->getAclByList() ; + OlcAclByList::const_iterator k; + for ( k = byList.begin() ; k != byList.end(); k++ ) + { + YCPMap byMap; + byMap.add(YCPString("level"), YCPString( (*k)->getLevel() ) ); + byMap.add(YCPString("type"), YCPString( (*k)->getType() ) ); + byMap.add(YCPString("value"), YCPString( (*k)->getValue() ) ); + accessList.add(byMap); + } + aclMap.add( YCPString("access"), accessList ); + resList.add(aclMap); } - aclMap.add( YCPString("target"), targetMap ); - OlcAclByList byList =(*j)->getAclByList() ; - OlcAclByList::const_iterator k; - for ( k = byList.begin() ; k != byList.end(); k++ ) - { - YCPMap byMap; - byMap.add(YCPString("level"), YCPString( (*k)->getLevel() ) ); - byMap.add(YCPString("type"), YCPString( (*k)->getType() ) ); - byMap.add(YCPString("value"), YCPString( (*k)->getValue() ) ); - accessList.add(byMap); - } - aclMap.add( YCPString("access"), accessList ); - resList.add(aclMap); + return resList; + } + else + { + return YCPNull(); } - return resList; } else { Modified: trunk/ldap-server/src/lib/slapd-config.cpp URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/slapd-config.cpp?rev=50565&r1=50564&r2=50565&view=diff ============================================================================== --- trunk/ldap-server/src/lib/slapd-config.cpp (original) +++ trunk/ldap-server/src/lib/slapd-config.cpp Tue Sep 2 14:01:15 2008 @@ -535,6 +535,10 @@ { if ( aclString.substr(spos, tmppos-spos) != "by" ) { + if (tmppos != std::string::npos ) + { + throw std::runtime_error( "Error while parsing ACL by clause" ); + } break; } else @@ -561,7 +565,7 @@ if ( tmppos == std::string::npos ) { log_it(SLAPD_LOG_ERR, "Unexpected end of ACL" ); - break; + throw std::runtime_error( "Error while parsing ACL" ); } else { @@ -569,17 +573,35 @@ type = aclString.substr(spos, tmppos-spos); log_it(SLAPD_LOG_INFO, "bytype: " + type ); - if ( aclString[tmppos] == '=' ) + if ( type == "group" || type == "dn.base" || type == "dn.subtree" ) { - spos = tmppos+1; - tmppos = extractAlcToken( aclString, spos, true ); - value = aclString.substr(spos, tmppos-spos); - log_it(SLAPD_LOG_INFO, "byvalue: " + value ); + if ( aclString[tmppos] == '=' ) + { + spos = tmppos+1; + tmppos = extractAlcToken( aclString, spos, true ); + value = aclString.substr(spos, tmppos-spos); + log_it(SLAPD_LOG_INFO, "byvalue: " + value ); + } + else + { + throw std::runtime_error( "Error while parsing ACL, expected \"=\"" ); + } + } + else if ( type != "users" && type != "anonymous" && type != "self" && type != "*" ) + { + throw std::runtime_error( "Unsupported \"by\" clause" ); } spos = tmppos+1; tmppos = extractAlcToken( aclString, spos, false ); level = aclString.substr(spos, tmppos-spos); + if ( level != "none" && level != "disclose" && level != "auth" && + level != "compare" && level != "read" && + level != "write" && level != "manage" ) + { + throw std::runtime_error( "Unsupported access level" ); + } log_it(SLAPD_LOG_INFO, "access: " + level ); + spos = aclString.find_first_not_of("\t ", tmppos+1 ); tmppos = aclString.find_first_of("\t ", spos ); } @@ -713,10 +735,11 @@ return this->m_type; } -OlcAccessList OlcDatabase::getAcl() const +bool OlcDatabase::getAcl(OlcAccessList &aclList) const { const LDAPAttribute* aclAttr = m_dbEntryChanged.getAttributeByName("olcAccess"); - OlcAccessList aclList; + aclList.clear(); + bool ret = true; if ( aclAttr ) { StringList values = aclAttr->getValues(); @@ -731,10 +754,16 @@ aclList.push_back(acl); } catch ( std::runtime_error e ) - {} + { + log_it(SLAPD_LOG_INFO, "Can't parse ACL"); + log_it(SLAPD_LOG_INFO, e.what() ); + aclList.clear(); + ret = false; + break; + } } } - return aclList; + return ret; } void OlcDatabase::addAccessControl(const std::string& acl, int index ) Modified: trunk/ldap-server/src/lib/slapd-config.h URL: http://svn.opensuse.org/viewcvs/yast/trunk/ldap-server/src/lib/slapd-config.h?rev=50565&r1=50564&r2=50565&view=diff ============================================================================== --- trunk/ldap-server/src/lib/slapd-config.h (original) +++ trunk/ldap-server/src/lib/slapd-config.h Tue Sep 2 14:01:15 2008 @@ -194,7 +194,7 @@ const std::string getSuffix() const; const std::string getType() const; - OlcAccessList getAcl() const; + bool getAcl( OlcAccessList& accessList ) const; virtual void addAccessControl( const std::string& acl, int index=-1 ); virtual void replaceAccessControl( const StringList acllist ); -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org