diff options
| author | Nathan Kinder <nkinder@redhat.com> | 2010-09-09 10:18:59 -0700 |
|---|---|---|
| committer | Nathan Kinder <nkinder@redhat.com> | 2010-09-09 10:18:59 -0700 |
| commit | d88253df42157df3d112122c3551b0969e9ce8a0 (patch) | |
| tree | a2d82ffc772dbf775ef2489d6f34878994beecf8 /lib | |
| parent | b2962bd5ecab66571b2afe223a61ff1a7d53dc3c (diff) | |
| download | ds-d88253df42157df3d112122c3551b0969e9ce8a0.tar.gz ds-d88253df42157df3d112122c3551b0969e9ce8a0.tar.xz ds-d88253df42157df3d112122c3551b0969e9ce8a0.zip | |
Bug 630090 - (cov#11974) Remove unused ACL functions
Coverity flagged a memory corruption issue in an old unused
ACL function. It is best to just remove these unused functions.
The functions removed are:
ACL_ParseFile
ACL_WriteFile
ACL_WriteString
ACL_Decompose
acl_to_str_*
acl_decompose_*
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libaccess/acltools.cpp | 641 | ||||
| -rw-r--r-- | lib/libaccess/oneeval.cpp | 6 |
2 files changed, 3 insertions, 644 deletions
diff --git a/lib/libaccess/acltools.cpp b/lib/libaccess/acltools.cpp index 32ab5d74..28df5999 100644 --- a/lib/libaccess/acltools.cpp +++ b/lib/libaccess/acltools.cpp @@ -1360,74 +1360,6 @@ Symbol_t *sym; return( result ); } -/* - * Function parses an input ACL file and resturns an - * ACLListHandle_t pointer that represents the entire - * file without the comments. - * - * Input: - * filename the name of the target ACL text file - * errp a pointer to an error stack - * - * Returns: - * NULL parse failed - * - */ - -NSAPI_PUBLIC ACLListHandle_t * -ACL_ParseFile( NSErr_t *errp, char *filename ) -{ -ACLListHandle_t *handle = NULL; -int eid = 0; -int rv = 0; -char *errmsg; - - ACL_InitAttr2Index(); - - if ( acl_parse_crit == NULL ) - acl_parse_crit = crit_init(); - - crit_enter( acl_parse_crit ); - - if ( acl_InitScanner( errp, filename, NULL ) < 0 ) { - rv = ACLERROPEN; - eid = ACLERR1900; - errmsg = system_errmsg(); - nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg); - } else { - - handle = ACL_ListNew(errp); - if ( handle == NULL ) { - rv = ACLERRNOMEM; - eid = ACLERR1920; - nserrGenerate(errp, rv, eid, ACL_Program, 0); - } else if ( acl_PushListHandle( handle ) < 0 ) { - rv = ACLERRNOMEM; - eid = ACLERR1920; - nserrGenerate(errp, rv, eid, ACL_Program, 0); - } else if ( acl_Parse() ) { - rv = ACLERRPARSE; - eid = ACLERR1780; - } - - if ( acl_EndScanner() < 0 ) { - rv = ACLERROPEN; - eid = ACLERR1500; - errmsg = system_errmsg(); - nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg); - } - - } - - if ( rv || eid ) { - ACL_ListDestroy(errp, handle); - handle = NULL; - } - - crit_exit( acl_parse_crit ); - return(handle); - -} /* * Function parses an input ACL string and returns an @@ -1628,374 +1560,6 @@ char *tmp; return(0); } -/* - * LOCAL FUNCTION - * - * Appends str2 to str1. - * - * Input: - * str1 an existing dynamically allocated string - * str2 a text string - * Returns: - * 0 success - * < 0 failure - */ - -static int -acl_to_str_append(acl_string_t * p_aclstr, const char *str2) -{ - int str2len, newlen; - - if (p_aclstr == NULL || str2 == NULL) - return (ACLERRINTERNAL); - if (p_aclstr->str == NULL) { - p_aclstr->str = (char *) PERM_MALLOC(4096); - if (p_aclstr->str == NULL) - return (ACLERRNOMEM); - p_aclstr->str_size = 4096; - p_aclstr->str_len = 0; - } - - str2len = strlen(str2); - newlen = p_aclstr->str_len + str2len; - if (newlen >= p_aclstr->str_size) { - p_aclstr->str_size = str2len > 4095 ? str2len+p_aclstr->str_size+1 : 4096+p_aclstr->str_size ; - p_aclstr->str = (char *) PERM_REALLOC(p_aclstr->str, p_aclstr->str_size); - if (p_aclstr->str == NULL) - return (ACLERRNOMEM); - } - memcpy((void *)&(p_aclstr->str[p_aclstr->str_len]), (void *) str2, str2len+1); - p_aclstr->str_len += str2len; - return 0; -} - -/* - * LOCAL FUNCTION - * - * Output Authorization Expression type either "Allow" or "Deny" - */ - -static int -acl_to_str_expr_type( acl_string_t *str_t, ACLExprHandle_t *expr ) -{ - switch (expr->expr_type) { - case ACL_EXPR_TYPE_ALLOW: - acl_to_str_append(str_t, "allow "); - if ( IS_ABSOLUTE(expr->expr_flags) ) - acl_to_str_append(str_t, "absolute "); - return(0); - case ACL_EXPR_TYPE_DENY: - acl_to_str_append(str_t, "deny "); - if ( IS_ABSOLUTE(expr->expr_flags) ) - acl_to_str_append(str_t, "absolute "); - return(0); - case ACL_EXPR_TYPE_AUTH: - acl_to_str_append(str_t, "authenticate "); - if ( IS_ABSOLUTE(expr->expr_flags) ) - acl_to_str_append(str_t, "absolute "); - return(0); - case ACL_EXPR_TYPE_RESPONSE: - acl_to_str_append(str_t, "deny with "); - return(0); - default: - return(ACLERRINTERNAL); - } -} - -/* - * LOCAL FUNCTION - * - * Output Authorization Expression Rights "(right, right)" - */ - -static int -acl_to_str_expr_arg( acl_string_t *str_t, ACLExprHandle_t *expr ) -{ -int ii; - - if ( expr->expr_argc <= 0 ) { - return(ACLERRINTERNAL); - } - - if ( expr->expr_type == ACL_EXPR_TYPE_RESPONSE ) { - acl_to_str_append(str_t, expr->expr_argv[0]); - acl_to_str_append(str_t, "=\""); - acl_to_str_append(str_t, expr->expr_argv[1]); - acl_to_str_append(str_t, "\";\n"); - return(0); - } - - acl_to_str_append(str_t, "("); - for (ii = 0; ii < expr->expr_argc; ii++) { - acl_to_str_append(str_t, expr->expr_argv[ii]); - if ( ii < expr->expr_argc - 1 ) { - acl_to_str_append(str_t, ","); - } - } - acl_to_str_append(str_t, ") "); - - return(0); -} - -/* - * LOCAL FUNCTION - * - * Walks through the authentication statement PList_t and - * prints the structure to a string. - */ - -static void -acl_to_str_auth_expr(char *lval, const void *rval, void *user_data) -{ - // ###### char **str = (char **) user_data; - acl_string_t * p_aclstr = (acl_string_t *) user_data; - - acl_to_str_append(p_aclstr, "\t"); - acl_to_str_append(p_aclstr, lval); - acl_to_str_append(p_aclstr, " = \""); - acl_to_str_append(p_aclstr, (char *) rval); - acl_to_str_append(p_aclstr, "\";\n"); - - return; -} - -/* - * LOCAL FUNCTION - * - * Output the logic part of the authencation statement to a string. - */ - -static int -acl_to_str_auth_logic( acl_string_t *str_t, ACLExprHandle_t *expr) -{ - - if ( expr->expr_auth == NULL ) { - acl_to_str_append(str_t, "{\n"); - acl_to_str_append(str_t, "# Authenticate statement with no body?\n"); - acl_to_str_append(str_t, "\tnull=null;\n"); - acl_to_str_append(str_t, "};\n"); - return(0); - } - - acl_to_str_append(str_t, "{\n"); - PListEnumerate(expr->expr_auth, acl_to_str_auth_expr, (void *) str_t); - acl_to_str_append(str_t, "};\n"); - - return(0); -} - - -/* - * LOCAL FUNCTION - * - * Output the logic part of the authorization statement to a string. - */ - -static int -acl_to_str_expr_logic( acl_string_t *str_t, ACLExprHandle_t *expr, ACLExprStack_t *expr_stack) -{ -int rv = 0; -int ii; - - expr_stack->stack_index = 0; - expr_stack->found_subexpression = 0; - expr_stack->last_subexpression = -1; - - for (ii = 0; ii < expr->expr_raw_index; ii++) { - rv = acl_reduce_expr_logic(expr_stack, &expr->expr_raw[ii]); - if (rv) break; - } - - if (!rv && expr_stack->expr_text[0]) { - acl_to_str_append(str_t, "\n "); - acl_to_str_append(str_t, expr_stack->expr_text[0]); - acl_to_str_append(str_t, ";\n"); - PERM_FREE(expr_stack->expr_text[0]); - } - - return(rv); -} - -/* - * LOCAL FUNCTION - * - * Output an ACL list to a string. - */ - -static int -acl_to_str_create( acl_string_t *str_t, ACLListHandle_t *acl_list ) -{ -ACLWrapper_t *wrap; -ACLHandle_t *acl; -ACLExprHandle_t *expr; -int rv = 0; -ACLExprStack_t *expr_stack; - - expr_stack = (ACLExprStack_t *) PERM_MALLOC(sizeof(ACLExprStack_t)); - if ( expr_stack == NULL ) - return(ACLERRNOMEM); - - acl_to_str_append(str_t, "# File automatically written\n"); - acl_to_str_append(str_t, "#\n"); - acl_to_str_append(str_t, "# You may edit this file by hand\n"); - acl_to_str_append(str_t, "#\n\n"); - if ( acl_list->acl_list_head == NULL ) { - PERM_FREE(expr_stack); - return(0); - } - - acl_to_str_append(str_t, "version 3.0;\n"); - for (wrap = acl_list->acl_list_head; wrap && !rv; - wrap = wrap->wrap_next ) { - acl = wrap->acl; - if ( acl->tag ) { - acl_to_str_append(str_t, "\nacl \""); - acl_to_str_append(str_t, acl->tag); - acl_to_str_append(str_t, "\";\n"); - } else { - acl_to_str_append(str_t, "\nacl;\n"); - } - - for (expr = acl->expr_list_head; expr && rv == 0; - expr = expr->expr_next ) { - - if ( (rv = acl_to_str_expr_type(str_t, expr)) < 0 ) - break; - - if ( (rv = acl_to_str_expr_arg(str_t, expr)) < 0) - break; - - switch (expr->expr_type) { - case ACL_EXPR_TYPE_DENY: - case ACL_EXPR_TYPE_ALLOW: - rv = acl_to_str_expr_logic(str_t, expr, expr_stack); - break; - case ACL_EXPR_TYPE_AUTH: - rv = acl_to_str_auth_logic(str_t, expr); - break; - case ACL_EXPR_TYPE_RESPONSE: - break; - } - - } - } - - PERM_FREE(expr_stack); - return(rv); -} - - -/* - * Creates an ACL text string from an ACL handle - * - * Input: - * errp error stack - * acl target text string pointer - * acl_list Source ACL list handle - * Ouput: - * acl a chunk of dynamic memory pointing to ACL text - * Returns: - * 0 success - * < 0 failure - */ - -NSAPI_PUBLIC int -ACL_WriteString(NSErr_t *errp, char **acl, ACLListHandle_t *acl_list) -{ - int rv; - acl_string_t str_t = {NULL,0,0}; - - if ( acl_list == NULL || acl == NULL ) - return(ACLERRUNDEF); - - rv = acl_to_str_create(&str_t, acl_list); - *acl = str_t.str; - - return ( rv ); -} - -/* - * Write an ACL text file from an input ACL list structure. - * - * Input: - * filename name for the output text file - * acl_list a list of ACLs to convert to text - * Output: - * errp an error stack, set if there are errors - * to report - * Returns: - * 0 success - * ACLERROPEN, - * ACLERRNOMEM on failure - */ - -NSAPI_PUBLIC int -ACL_WriteFile( NSErr_t *errp, char *filename, ACLListHandle_t *acl_list ) -{ -int rv; -int eid; -char *errmsg; -#ifdef UTEST -FILE *ofp; -#else -SYS_FILE ofp; -#endif -acl_string_t aclstr = {NULL,0,0}; -char *acl_text = NULL; - - if ( filename == NULL || acl_list == NULL ) { - rv = ACLERROPEN; - eid = ACLERR1900; - errmsg = system_errmsg(); - nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg); - return(ACLERROPEN); - } - -#ifdef UTEST - ofp = fopen(filename, "w"); - if ( ofp == NULL ) { -#else - ofp = system_fopenWT(filename); - if ( ofp == SYS_ERROR_FD ) { -#endif - rv = ACLERROPEN; - eid = ACLERR1900; - errmsg = system_errmsg(); - nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg); - return(ACLERROPEN); - } - - rv = acl_to_str_create(&aclstr, acl_list); - acl_text = aclstr.str; - - if ( rv ) { - eid = ACLERR3000; - rv = ACLERRNOMEM; - nserrGenerate(errp, rv, eid, ACL_Program, 0); - } else { -#ifdef UTEST - if (fputs(acl_text, ofp) == 0) { -#else - if (system_fwrite_atomic(ofp, acl_text, strlen(acl_text))==IO_ERROR) { -#endif - eid = ACLERR3200; - rv = ACLERRIO; - errmsg = system_errmsg(); - nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg); - } - } - - if ( acl_text ) - PERM_FREE(acl_text); - -#ifdef UTEST - fclose(ofp); -#else - system_fclose(ofp); -#endif - - return(rv); -} /* * Delete a named ACL from an ACL list @@ -2456,211 +2020,6 @@ ACL_ListPostParseForAuth(NSErr_t *errp, ACLListHandle_t *acl_list ) } -/* - * LOCAL FUNCTION - * - * Output Authorization Expression Rights "right, right" - */ - -static int -acl_decompose_expr_arg( acl_string_t *str_t, ACLExprHandle_t *expr ) -{ -int ii; - - if ( expr->expr_argc <= 0 ) { - return(ACLERRINTERNAL); - } - - if ( expr->expr_type == ACL_EXPR_TYPE_RESPONSE ) { - acl_to_str_append(str_t, expr->expr_argv[0]); - acl_to_str_append(str_t, " \""); - acl_to_str_append(str_t, expr->expr_argv[1]); - acl_to_str_append(str_t, "\";\n"); - return(0); - } - - for (ii = 0; ii < expr->expr_argc; ii++) { - acl_to_str_append(str_t, expr->expr_argv[ii]); - if ( ii < expr->expr_argc - 1 ) { - acl_to_str_append(str_t, ","); - } - } - acl_to_str_append(str_t, ";\n"); - - return(0); -} - -/* - * LOCAL FUNCTION - * - * Walks through the authentication statement PList_t and - * prints the structure to a string. - */ - -static void -acl_decompose_auth_expr(char *lval, const void *rval, void *user_data) -{ - acl_string_t * p_aclstr = (acl_string_t *) user_data; - // #### - - acl_to_str_append(p_aclstr, " "); - acl_to_str_append(p_aclstr, lval); - acl_to_str_append(p_aclstr, "=\""); - acl_to_str_append(p_aclstr, (char *) rval); - acl_to_str_append(p_aclstr, "\""); - - return; -} - -/* - * LOCAL FUNCTION - * - * Output the logic part of the authencation statement to a string. - */ - -static int -acl_decompose_auth_logic( acl_string_t * str_t, ACLExprHandle_t *expr) -{ - - if ( expr->expr_auth == NULL ) - return(0); - - acl_to_str_append(str_t, "exprs"); - PListEnumerate(expr->expr_auth, acl_decompose_auth_expr, (void *) str_t); - acl_to_str_append(str_t, ";\n"); - - return(0); -} - -/* - * LOCAL FUNCTION - * - * Output the logic part of the authorization statement to a string. - */ - -static int -acl_decompose_expr_logic( acl_string_t *str_t, ACLExprHandle_t *expr, ACLExprStack_t *expr_stack) -{ -int rv = 0; -int ii; - - expr_stack->stack_index = 0; - expr_stack->found_subexpression = 0; - expr_stack->last_subexpression = -1; - - for (ii = 0; ii < expr->expr_raw_index; ii++) { - rv = acl_reduce_expr_logic(expr_stack, &expr->expr_raw[ii]); - if (rv) break; - } - - if (!rv && expr_stack->expr_text[0]) { - acl_to_str_append(str_t, "exprs "); - acl_to_str_append(str_t, expr_stack->expr_text[0]); - acl_to_str_append(str_t, ";\n"); - PERM_FREE(expr_stack->expr_text[0]); - } - - return(rv); -} - -static int -acl_decompose(acl_string_t *str_t, ACLListHandle_t *acl_list) -{ -ACLWrapper_t *wrap; -ACLHandle_t *acl; -ACLExprHandle_t *expr; -int rv = 0; -ACLExprStack_t *expr_stack; - - expr_stack = (ACLExprStack_t *) PERM_MALLOC(sizeof(ACLExprStack_t)); - if ( expr_stack == NULL ) - return(ACLERRNOMEM); - - if ( acl_list->acl_list_head == NULL ) { - PERM_FREE(expr_stack); - return(0); - } - - acl_to_str_append(str_t, "version 3.0;"); - for (wrap = acl_list->acl_list_head; wrap && !rv; - wrap = wrap->wrap_next ) { - acl = wrap->acl; - if ( acl->tag ) { - acl_to_str_append(str_t, "\nname \""); - acl_to_str_append(str_t, acl->tag); - acl_to_str_append(str_t, "\";\n"); - } else { - acl_to_str_append(str_t, "\nname;\n"); - } - - for (expr = acl->expr_list_head; expr && rv == 0; - expr = expr->expr_next ) { - - switch (expr->expr_type) { - case ACL_EXPR_TYPE_DENY: - acl_to_str_append(str_t, "type deny;\nrights "); - if ( (rv = acl_decompose_expr_arg(str_t, expr)) < 0 ) - break; - if ( IS_ABSOLUTE(expr->expr_flags) ) - acl_to_str_append(str_t, "absolute true;\n"); - rv = acl_decompose_expr_logic(str_t, expr, expr_stack); - break; - case ACL_EXPR_TYPE_ALLOW: - acl_to_str_append(str_t, "type allow;\nrights "); - if ( (rv = acl_decompose_expr_arg(str_t, expr)) < 0 ) - break; - if ( IS_ABSOLUTE(expr->expr_flags) ) - acl_to_str_append(str_t, "absolute true;\n"); - rv = acl_decompose_expr_logic(str_t, expr, expr_stack); - break; - case ACL_EXPR_TYPE_AUTH: - acl_to_str_append(str_t, "type authenticate;\nattrs "); - if ( (rv = acl_decompose_expr_arg(str_t, expr)) < 0 ) - break; - if ( IS_ABSOLUTE(expr->expr_flags) ) - acl_to_str_append(str_t, "absolute true;\n"); - rv = acl_decompose_auth_logic(str_t, expr); - break; - case ACL_EXPR_TYPE_RESPONSE: - acl_to_str_append(str_t, "type response;\nattrs "); - rv = acl_decompose_expr_arg(str_t, expr); - break; - } - } - } - - PERM_FREE(expr_stack); - return(rv); -} - -/* - * Converts an ACLListHandle_t to a parameter list suitable for passing - * to the ACL UI. - * - * Input: - * errp error stack - * acl a pointer to a string, holds the result of the - * decomposition. - * acl_list Target ACL list handle - * Returns: - * 0 success - * < 0 failure - */ - -NSAPI_PUBLIC int -ACL_Decompose(NSErr_t *errp, char **acl, ACLListHandle_t *acl_list) -{ - int rv ; - acl_string_t aclstr={NULL,0,0}; - - if ( acl_list == NULL || acl == NULL ) - return(ACLERRUNDEF); - - rv = acl_decompose(&aclstr, acl_list); - *acl = aclstr.str; - - return ( rv ); -} /* * The following routines are used to validate input parameters. They always diff --git a/lib/libaccess/oneeval.cpp b/lib/libaccess/oneeval.cpp index ed29ee47..f3283b69 100644 --- a/lib/libaccess/oneeval.cpp +++ b/lib/libaccess/oneeval.cpp @@ -137,10 +137,10 @@ static ACLDispatchVector_t __nsacl_vector = { /* ACL language and file interfaces */ - ACL_ParseFile, + NULL /* ex ACL_ParseFile*/, ACL_ParseString, - ACL_WriteString, - ACL_WriteFile, + NULL /* ex ACL_WriteString*/, + NULL /* ex ACL_WriteFile */, NULL /* ex ACL_FileRenameAcl */, NULL /* ex ACL_FileDeleteAcl */, NULL /* ex ACL_FileGetAcl */, |