NSAPI_PUBLIC int ACL_ListPostParseForAuth(NSErr_t *errp, ACLListHandle_t *acl_list ) { ACLHandle_t *acl; ACLWrapper_t *wrap; ACLExprHandle_t *expr; char *method; char *database; int rv; ACLDbType_t *dbtype; ACLMethod_t *methodtype; if ( acl_list == NULL ) return(0); // for all ACLs for ( wrap = acl_list->acl_list_head; wrap; wrap = wrap->wrap_next ) { acl = wrap->acl; if ( acl == NULL ) continue; // for all expressions with the ACL for ( expr = acl->expr_list_head; expr; expr = expr->expr_next ) { if ( expr->expr_type != ACL_EXPR_TYPE_AUTH || expr->expr_auth == NULL) continue; // get method attribute - this is a name now rv = PListGetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX, (void **) &method, NULL); if ( rv >= 0 ) { methodtype = (ACLMethod_t *)PERM_MALLOC(sizeof(ACLMethod_t)); rv = ACL_MethodFind(errp, method, methodtype); if (rv < 0) { nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program, 3, acl->tag, "method", method); PERM_FREE(methodtype); return(ACLERRUNDEF); } // replace it with a method type rv = PListSetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX, methodtype, NULL); if ( rv < 0 ) { nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program, 0); return(ACLERRNOMEM); } PERM_FREE(method); } } } return(0); }
int set_default_method (pblock *pb, Session *sn, Request *rq) { char *method = pblock_findval(ACL_ATTR_METHOD, pb); NSErr_t *errp = 0; ACLMethod_t t; ACL_REG(ACL_MethodFind(errp, method, &t), "Method \"%s\" is not registered", method); ACL_MethodSetDefault(errp, t); return REQ_PROCEED; }
int register_attribute_getter (pblock *pb, Session *sn, Request *rq) { char *method_str = pblock_findval(ACL_ATTR_METHOD, pb); char *attr = pblock_findval(ACL_ATTR_ATTRIBUTE, pb); char *funcStr = pblock_findval(ACL_ATTR_GETTERFN, pb); char *dbtype_str = pblock_findval(ACL_ATTR_DBTYPE, pb); char *position_str = pblock_findval(ACL_ATTR_POSITION, pb); ACLDbType_t dbtype = ACL_DBTYPE_ANY; ACLMethod_t method = ACL_METHOD_ANY; ACLAttrGetterFn_t func; char err[BIG_LINE]; NSErr_t *errp = 0; int position = ACL_AT_END; if (method_str) { ACL_REG(ACL_MethodFind(errp, method_str, &method), "Method \"%s\" is not registered", method_str); } if (dbtype_str) { ACL_REG(ACL_DbTypeFind(errp, dbtype_str, &dbtype), "Database type \"%s\" is not registered", dbtype_str); } if (!attr || !*attr) { pblock_nvinsert("error", "Attribute name is missing", pb); return REQ_ABORTED; } if (!funcStr || !*funcStr) { pblock_nvinsert("error", "Attribute getter function name is missing", pb); return REQ_ABORTED; } if (!position_str) { if (!strcmp(position_str, "ACL_AT_FRONT")) position = ACL_AT_FRONT; else if (!strcmp(position_str, "ACL_AT_END")) position = ACL_AT_END; else if (!strcmp(position_str, "ACL_REPLACE_ALL")) position = ACL_REPLACE_ALL; else if (!strcmp(position_str, "ACL_REPLACE_MATCHING")) position = ACL_REPLACE_MATCHING; else { sprintf(err, "Position attribute \"%s\" is not valid", position_str); pblock_nvinsert("error", err, pb); return REQ_ABORTED; } } func = (ACLAttrGetterFn_t)func_find((char *)funcStr); if (!func) { sprintf(err, "Could not map \"%s\" to a function", funcStr); pblock_nvinsert("error", err, pb); return REQ_ABORTED; } ACL_REG(ACL_AttrGetterRegister(errp, attr, func, method, dbtype, position, NULL), "Failed to register attribute getter for %s", attr); return REQ_PROCEED; }
NSAPI_PUBLIC int ACL_ListPostParseForAuth(NSErr_t *errp, ACLListHandle_t *acl_list ) { ACLHandle_t *acl; ACLWrapper_t *wrap; ACLExprHandle_t *expr; char *method; char *database; int rv; ACLDbType_t *dbtype; ACLMethod_t *methodtype; if ( acl_list == NULL ) return(0); for ( wrap = acl_list->acl_list_head; wrap; wrap = wrap->wrap_next ) { acl = wrap->acl; if ( acl == NULL ) continue; for ( expr = acl->expr_list_head; expr; expr = expr->expr_next ) { if ( expr->expr_type != ACL_EXPR_TYPE_AUTH || expr->expr_auth == NULL) continue; rv = PListGetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX, (void **) &method, NULL); if ( rv >= 0 ) { methodtype = (ACLMethod_t *)PERM_MALLOC(sizeof(ACLMethod_t)); rv = ACL_MethodFind(errp, method, methodtype); if (rv) { nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program, 3, acl->tag, "method", method); PERM_FREE(methodtype); return(ACLERRUNDEF); } rv = PListSetValue(expr->expr_auth, ACL_ATTR_METHOD_INDEX, methodtype, NULL); if ( rv < 0 ) { nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program, 0); return(ACLERRNOMEM); } PERM_FREE(method); } rv = PListGetValue(expr->expr_auth, ACL_ATTR_DATABASE_INDEX, (void **) &database, NULL); if (rv < 0) continue; /* The following function lets user use databases which are * not registered by their administrators. This also fixes * the backward compatibility. */ dbtype = (ACLDbType_t *)PERM_MALLOC(sizeof(ACLDbType_t)); rv = ACL_RegisterDbFromACL(errp, (const char *) database, dbtype); if (rv < 0) { nserrGenerate(errp, ACLERRUNDEF, ACLERR3800, ACL_Program, 3, acl->tag, "database", database); PERM_FREE(dbtype); return(ACLERRUNDEF); } rv = PListInitProp(expr->expr_auth, ACL_ATTR_DBTYPE_INDEX, ACL_ATTR_DBTYPE, dbtype, NULL); if ( rv < 0 ) { nserrGenerate(errp, ACLERRNOMEM, ACLERR3810, ACL_Program, 0); return(ACLERRNOMEM); } } } return(0); }