NSAPI_PUBLIC int
ACL_ListPostParseForAuth(NSErr_t *errp, ACLListHandle_t *acl_list )
{
ACLHandle_t *acl;
ACLWrapper_t *wrap;
ACLExprHandle_t *expr;
char *method;
char *database;
int rv;
ACLDbType_t *dbtype;
ACLMethod_t *methodtype;
if ( acl_list == NULL )
return(0);
// for all ACLs
for ( wrap = acl_list->acl_list_head; wrap; wrap = wrap->wrap_next ) {
acl = wrap->acl;
if ( acl == NULL )
continue;
// for all expressions with the ACL
for ( expr = acl->expr_list_head; expr; expr = expr->expr_next ) {
if ( expr->expr_type != ACL_EXPR_TYPE_AUTH || expr->expr_auth == NULL)
continue;
// get method attribute - this is a name now
rv = PListGetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX, (void **) &method, NULL);
if ( rv >= 0 ) {
methodtype = (ACLMethod_t *)PERM_MALLOC(sizeof(ACLMethod_t));
rv = ACL_MethodFind(errp, method, methodtype);
if (rv < 0) {
nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program,
3, acl->tag, "method", method);
PERM_FREE(methodtype);
return(ACLERRUNDEF);
}
// replace it with a method type
rv = PListSetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX, methodtype, NULL);
if ( rv < 0 ) {
nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program, 0);
return(ACLERRNOMEM);
}
PERM_FREE(method);
}
}
}
return(0);
}
int set_default_method (pblock *pb, Session *sn, Request *rq)
{
char *method = pblock_findval(ACL_ATTR_METHOD, pb);
NSErr_t *errp = 0;
ACLMethod_t t;
ACL_REG(ACL_MethodFind(errp, method, &t),
"Method \"%s\" is not registered", method);
ACL_MethodSetDefault(errp, t);
return REQ_PROCEED;
}
int register_attribute_getter (pblock *pb, Session *sn, Request *rq)
{
char *method_str = pblock_findval(ACL_ATTR_METHOD, pb);
char *attr = pblock_findval(ACL_ATTR_ATTRIBUTE, pb);
char *funcStr = pblock_findval(ACL_ATTR_GETTERFN, pb);
char *dbtype_str = pblock_findval(ACL_ATTR_DBTYPE, pb);
char *position_str = pblock_findval(ACL_ATTR_POSITION, pb);
ACLDbType_t dbtype = ACL_DBTYPE_ANY;
ACLMethod_t method = ACL_METHOD_ANY;
ACLAttrGetterFn_t func;
char err[BIG_LINE];
NSErr_t *errp = 0;
int position = ACL_AT_END;
if (method_str) {
ACL_REG(ACL_MethodFind(errp, method_str, &method),
"Method \"%s\" is not registered", method_str);
}
if (dbtype_str) {
ACL_REG(ACL_DbTypeFind(errp, dbtype_str, &dbtype),
"Database type \"%s\" is not registered", dbtype_str);
}
if (!attr || !*attr) {
pblock_nvinsert("error", "Attribute name is missing", pb);
return REQ_ABORTED;
}
if (!funcStr || !*funcStr) {
pblock_nvinsert("error", "Attribute getter function name is missing", pb);
return REQ_ABORTED;
}
if (!position_str) {
if (!strcmp(position_str, "ACL_AT_FRONT")) position = ACL_AT_FRONT;
else if (!strcmp(position_str, "ACL_AT_END")) position = ACL_AT_END;
else if (!strcmp(position_str, "ACL_REPLACE_ALL")) position = ACL_REPLACE_ALL;
else if (!strcmp(position_str, "ACL_REPLACE_MATCHING")) position = ACL_REPLACE_MATCHING;
else {
sprintf(err, "Position attribute \"%s\" is not valid", position_str);
pblock_nvinsert("error", err, pb);
return REQ_ABORTED;
}
}
func = (ACLAttrGetterFn_t)func_find((char *)funcStr);
if (!func) {
sprintf(err, "Could not map \"%s\" to a function", funcStr);
pblock_nvinsert("error", err, pb);
return REQ_ABORTED;
}
ACL_REG(ACL_AttrGetterRegister(errp, attr, func, method, dbtype, position,
NULL),
"Failed to register attribute getter for %s",
attr);
return REQ_PROCEED;
}
NSAPI_PUBLIC int
ACL_ListPostParseForAuth(NSErr_t *errp, ACLListHandle_t *acl_list )
{
ACLHandle_t *acl;
ACLWrapper_t *wrap;
ACLExprHandle_t *expr;
char *method;
char *database;
int rv;
ACLDbType_t *dbtype;
ACLMethod_t *methodtype;
if ( acl_list == NULL )
return(0);
for ( wrap = acl_list->acl_list_head; wrap; wrap = wrap->wrap_next ) {
acl = wrap->acl;
if ( acl == NULL )
continue;
for ( expr = acl->expr_list_head; expr; expr = expr->expr_next ) {
if ( expr->expr_type != ACL_EXPR_TYPE_AUTH ||
expr->expr_auth == NULL)
continue;
rv = PListGetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX,
(void **) &method, NULL);
if ( rv >= 0 ) {
methodtype = (ACLMethod_t *)PERM_MALLOC(sizeof(ACLMethod_t));
rv = ACL_MethodFind(errp, method, methodtype);
if (rv) {
nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program,
3, acl->tag, "method", method);
PERM_FREE(methodtype);
return(ACLERRUNDEF);
}
rv = PListSetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX,
methodtype, NULL);
if ( rv < 0 ) {
nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program,
0);
return(ACLERRNOMEM);
}
PERM_FREE(method);
}
rv = PListGetValue(expr->expr_auth, ACL_ATTR_DATABASE_INDEX,
(void **) &database, NULL);
if (rv < 0) continue;
/* The following function lets user use databases which are
* not registered by their administrators. This also fixes
* the backward compatibility.
*/
dbtype = (ACLDbType_t *)PERM_MALLOC(sizeof(ACLDbType_t));
rv = ACL_RegisterDbFromACL(errp, (const char *) database,
dbtype);
if (rv < 0) {
nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program,
3, acl->tag, "database", database);
PERM_FREE(dbtype);
return(ACLERRUNDEF);
}
rv = PListInitProp(expr->expr_auth, ACL_ATTR_DBTYPE_INDEX, ACL_ATTR_DBTYPE,
dbtype, NULL);
if ( rv < 0 ) {
nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program,
0);
return(ACLERRNOMEM);
}
}
}
return(0);
}
