diff options
Diffstat (limited to 'ldap/servers/plugins/acl')
| -rw-r--r-- | ldap/servers/plugins/acl/acl.c | 16 | ||||
| -rw-r--r-- | ldap/servers/plugins/acl/acl_ext.c | 12 | ||||
| -rw-r--r-- | ldap/servers/plugins/acl/acleffectiverights.c | 3 | ||||
| -rw-r--r-- | ldap/servers/plugins/acl/aclinit.c | 3 | ||||
| -rw-r--r-- | ldap/servers/plugins/acl/acllas.c | 59 | ||||
| -rw-r--r-- | ldap/servers/plugins/acl/aclparse.c | 4 | ||||
| -rw-r--r-- | ldap/servers/plugins/acl/aclutil.c | 10 |
7 files changed, 45 insertions, 62 deletions
diff --git a/ldap/servers/plugins/acl/acl.c b/ldap/servers/plugins/acl/acl.c index ea1b17ab..120e70db 100644 --- a/ldap/servers/plugins/acl/acl.c +++ b/ldap/servers/plugins/acl/acl.c @@ -244,7 +244,6 @@ acl_access_allowed( int err; int ret_val; char *right; - int num_handle; struct acl_pblock *aclpb = NULL; AclAttrEval *c_attrEval = NULL; int got_reader_locked = 0; @@ -555,7 +554,7 @@ acl_access_allowed( ** figure out if there are any ACLs which can be applied. ** If no ACLs are there, then it's a DENY as default. */ - if (!(num_handle = acl__scan_for_acis(aclpb, &err))) { + if (!(acl__scan_for_acis(aclpb, &err))) { /* We might have accessed the ACL first time which could ** have caused syntax error. @@ -782,7 +781,7 @@ static void print_access_control_summary( char *source, int ret_val, char *clien } } else{ slapi_log_error(loglevel, plugin_name, - "conn=%d op=%d (%s): %s %s on entry(%s).attr(%s)" + "conn=%d op=%d (%s): %s %s on entry(%s).attr(%s) to %s" ": %s\n", op->o_connid, op->o_opid, source, @@ -790,6 +789,7 @@ static void print_access_control_summary( char *source, int ret_val, char *clien right, edn, attr ? attr: "NULL", + real_user, acl_info[0] ? acl_info : access_reason); } @@ -2252,7 +2252,6 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int skip_attrEval, int * Targetattrfilter *attrFilter = NULL; - int found_applicable = 0; Slapi_Attr *attr_ptr = NULL; Slapi_Value *sval; const struct berval *attrVal; @@ -2299,8 +2298,6 @@ acl__resource_match_aci( Acl_PBlock *aclpb, aci_t *aci, int skip_attrEval, int * * values in on the back of it. */ - found_applicable = 1; - sval=NULL; attrVal=NULL; k= slapi_attr_first_value(attr_ptr,&sval); @@ -2695,12 +2692,9 @@ acl__TestRights(Acl_PBlock *aclpb,int access, char **right, char ** map_generic, char *testRights[2]; aci_t *aci; int numHandles = 0; - aclEvalContext *c_evalContext = NULL; TNF_PROBE_0_DEBUG(acl__TestRights_start,"ACL",""); - c_evalContext = &aclpb->aclpb_curr_entryEval_context; - /* record the aci and reason for access decision */ result_reason->deciding_aci = NULL; result_reason->reason = ACL_REASON_NONE; @@ -3931,7 +3925,7 @@ acl__recompute_acl ( Acl_PBlock *aclpb, char *unused_str1, *unused_str2; char *acl_tag, *testRight[2]; int j, expr_num; - int result_status, rv, cache_result; + int result_status, cache_result; PRUint32 cookie; aci_t *aci; @@ -3992,7 +3986,7 @@ acl__recompute_acl ( Acl_PBlock *aclpb, ACL_SetDefaultResult (NULL, aclpb->aclpb_acleval, ACL_RES_INVALID); - rv = ACL_EvalSetACL(NULL, aclpb->aclpb_acleval, aci->aci_handle); + ACL_EvalSetACL(NULL, aclpb->aclpb_acleval, aci->aci_handle); testRight[0] = acl_access2str ( access ); testRight[1] = '\0'; diff --git a/ldap/servers/plugins/acl/acl_ext.c b/ldap/servers/plugins/acl/acl_ext.c index 4d70a69b..93988a64 100644 --- a/ldap/servers/plugins/acl/acl_ext.c +++ b/ldap/servers/plugins/acl/acl_ext.c @@ -43,11 +43,13 @@ #include "acl.h" static void acl__done_aclpb ( struct acl_pblock *aclpb ); +#ifdef FOR_DEBUGGING static void acl__dump_stats ( struct acl_pblock *aclpb , const char *block_type); +static char * acl__get_aclpb_type ( Acl_PBlock *aclpb ); +#endif static Acl_PBlock * acl__get_aclpb_from_pool ( ); static int acl__put_aclpb_back_to_pool ( Acl_PBlock *aclpb ); static Acl_PBlock * acl__malloc_aclpb ( ); -static char * acl__get_aclpb_type ( Acl_PBlock *aclpb ); static PRLock *aclext_get_lock (); @@ -788,7 +790,9 @@ acl__done_aclpb ( struct acl_pblock *aclpb ) } - /* acl__dump_stats ( aclpb, acl__get_aclpb_type(aclpb)); */ +#ifdef FOR_DEBUGGING + acl__dump_stats ( aclpb, acl__get_aclpb_type(aclpb)); +#endif /* reset the usergroup cache */ aclg_reset_userGroup ( aclpb ); @@ -956,15 +960,16 @@ acl__done_aclpb ( struct acl_pblock *aclpb ) } +#ifdef FOR_DEBUGGING static char * acl__get_aclpb_type ( Acl_PBlock *aclpb ) { - if (aclpb->aclpb_state & ACLPB_TYPE_PROXY) return ACLPB_TYPE_PROXY_STR; return ACLPB_TYPE_MAIN_STR; } + static void acl__dump_stats ( struct acl_pblock *aclpb , const char *block_type) { @@ -998,6 +1003,7 @@ acl__dump_stats ( struct acl_pblock *aclpb , const char *block_type) aclpb->aclpb_stat_num_copy_attrs); slapi_log_error( SLAPI_LOG_ACL, plugin_name, " **** ACL OPERATION STAT END *******\n"); } +#endif /****************************************************************************/ /* E N D */ /****************************************************************************/ diff --git a/ldap/servers/plugins/acl/acleffectiverights.c b/ldap/servers/plugins/acl/acleffectiverights.c index a9cba0c4..c40840a5 100644 --- a/ldap/servers/plugins/acl/acleffectiverights.c +++ b/ldap/servers/plugins/acl/acleffectiverights.c @@ -663,7 +663,6 @@ acl_get_effective_rights ( char *gerstr = NULL; size_t gerstrsize = 0; size_t gerstrcap = 0; - unsigned long entryrights; int iscritical = 1; int rc; @@ -698,7 +697,7 @@ acl_get_effective_rights ( } /* Get entry level effective rights */ - entryrights = _ger_get_entry_rights ( gerpb, e, subjectndn, &gerstr, &gerstrsize, &gerstrcap, errbuf ); + _ger_get_entry_rights ( gerpb, e, subjectndn, &gerstr, &gerstrsize, &gerstrcap, errbuf ); /* * Attribute level effective rights may not be NULL diff --git a/ldap/servers/plugins/acl/aclinit.c b/ldap/servers/plugins/acl/aclinit.c index e6b7c4f3..9ef4993f 100644 --- a/ldap/servers/plugins/acl/aclinit.c +++ b/ldap/servers/plugins/acl/aclinit.c @@ -232,7 +232,6 @@ aclinit_search_and_update_aci ( int thisbeonly, const Slapi_DN *base, /* Tell __aclinit_handler whether it's an add or a delete */ Slapi_PBlock *aPb; LDAPControl **ctrls=NULL; - int retval; struct berval *bval; aclinit_handler_callback_data_t call_back_data; @@ -273,7 +272,7 @@ aclinit_search_and_update_aci ( int thisbeonly, const Slapi_DN *base, ctrls[0] = NULL; ctrls[1] = NULL; - retval = slapi_build_control_from_berval( + slapi_build_control_from_berval( MTN_CONTROL_USE_ONE_BACKEND_OID, bval, 1 /* is critical */, diff --git a/ldap/servers/plugins/acl/acllas.c b/ldap/servers/plugins/acl/acllas.c index b69c86ad..e017c581 100644 --- a/ldap/servers/plugins/acl/acllas.c +++ b/ldap/servers/plugins/acl/acllas.c @@ -478,7 +478,6 @@ DS_LASUserDnEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator, int matched; int rc; short len; - char *s = NULL; const size_t LDAP_URL_prefix_len = strlen(LDAP_URL_prefix); lasInfo lasinfo; int got_undefined = 0; @@ -579,9 +578,9 @@ DS_LASUserDnEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator, } else { /* URL format */ - if ((s = strstr (user, ACL_RULE_MACRO_DN_KEY)) != NULL || - (s = strstr (user, ACL_RULE_MACRO_DN_LEVELS_KEY)) != NULL || - (s = strstr (user, ACL_RULE_MACRO_ATTR_KEY)) != NULL) { + if ((strstr (user, ACL_RULE_MACRO_DN_KEY) != NULL) || + (strstr (user, ACL_RULE_MACRO_DN_LEVELS_KEY) != NULL) || + (strstr (user, ACL_RULE_MACRO_ATTR_KEY) != NULL)) { matched = aclutil_evaluate_macro( s_user, &lasinfo, ACL_EVAL_USER); @@ -589,7 +588,7 @@ DS_LASUserDnEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator, break; } - } else if ((s = strchr (user, '?'))!= NULL) { + } else if (strchr (user, '?') != NULL) { /* URL format */ if (acllas__client_match_URL ( lasinfo.aclpb, lasinfo.clientDn, s_user) == ACL_TRUE) { @@ -828,12 +827,9 @@ DS_LASGroupDnEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator, "Group not evaluated(%s)\n", groupName); break; } else { - char *s; - - if ((s = strstr (groupName, ACL_RULE_MACRO_DN_KEY)) != NULL || - (s = strstr (groupName, ACL_RULE_MACRO_DN_LEVELS_KEY)) != NULL || - (s = strstr (groupName, ACL_RULE_MACRO_ATTR_KEY)) != NULL) { - + if ((strstr (groupName, ACL_RULE_MACRO_DN_KEY) != NULL) || + (strstr (groupName, ACL_RULE_MACRO_DN_LEVELS_KEY) != NULL) || + (strstr (groupName, ACL_RULE_MACRO_ATTR_KEY) != NULL)) { matched = aclutil_evaluate_macro( groupName, &lasinfo, ACL_EVAL_GROUP); slapi_log_error ( SLAPI_LOG_ACL, plugin_name, @@ -993,12 +989,9 @@ DS_LASRoleDnEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator, } else { /* Take care of param strings */ - - char *s; - - if ((s = strstr (role, ACL_RULE_MACRO_DN_KEY)) != NULL || - (s = strstr (role, ACL_RULE_MACRO_DN_LEVELS_KEY)) != NULL || - (s = strstr (role, ACL_RULE_MACRO_ATTR_KEY)) != NULL) { + if ((strstr (role, ACL_RULE_MACRO_DN_KEY) != NULL) || + (strstr (role, ACL_RULE_MACRO_DN_LEVELS_KEY) != NULL) || + (strstr (role, ACL_RULE_MACRO_ATTR_KEY) != NULL)) { matched = aclutil_evaluate_macro( role, &lasinfo, ACL_EVAL_ROLE); @@ -1431,6 +1424,7 @@ dump_member_info ( struct member_info *minfo, char *buf ) } } +#ifdef FOR_DEBUGGING static void dump_eval_info (char *caller, struct eval_info *info, int idx) { @@ -1481,7 +1475,7 @@ dump_eval_info (char *caller, struct eval_info *info, int idx) slapi_log_error ( SLAPI_LOG_FATAL, NULL, "%s\n", buf ); } } - +#endif /*************************************************************************** * @@ -1611,7 +1605,9 @@ acllas__user_ismember_of_group( struct acl_pblock *aclpb, max_memberlimit = aclpb->aclpb_max_member_sizelimit; max_nestlevel = aclpb->aclpb_max_nesting_level; - /* dump_eval_info ( "acllas__user_ismember_of_group", &info, -1 ); */ +#ifdef FOR_DEBUGGING + dump_eval_info ( "acllas__user_ismember_of_group", &info, -1 ); +#endif eval_another_member: @@ -2101,14 +2097,12 @@ DS_LASGroupDnAttrEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator, */ attrName = attr_pattern; if (strstr(attrName, LDAP_URL_prefix)) { - char *s; - /* In this case "grppupdnattr="ldap:///base??attr" */ - if ((s = strstr (attrName, ACL_RULE_MACRO_DN_KEY)) != NULL || - (s = strstr (attrName, ACL_RULE_MACRO_DN_LEVELS_KEY)) != NULL || - (s = strstr (attrName, ACL_RULE_MACRO_ATTR_KEY)) != NULL) { + if ((strstr (attrName, ACL_RULE_MACRO_DN_KEY) != NULL) || + (strstr (attrName, ACL_RULE_MACRO_DN_LEVELS_KEY) != NULL) || + (strstr (attrName, ACL_RULE_MACRO_ATTR_KEY) != NULL)) { matched = aclutil_evaluate_macro( attrName, &lasinfo, ACL_EVAL_GROUPDNATTR); @@ -3162,7 +3156,6 @@ static int acllas__user_has_role( struct acl_pblock *aclpb, Slapi_DN *roleDN, Slapi_DN *clientDn) { int present = 0; - int rc = 0; /* Get the client's entry if we don't have already */ if ( aclpb && ( NULL == aclpb->aclpb_client_entry )) { @@ -3202,7 +3195,7 @@ static int acllas__user_has_role( struct acl_pblock *aclpb, /* If the client has the role then it's a match, otherwise no */ - rc = slapi_role_check( aclpb->aclpb_client_entry, roleDN, &present); + slapi_role_check( aclpb->aclpb_client_entry, roleDN, &present); if ( present ) { return(ACL_TRUE); } @@ -3356,13 +3349,11 @@ aclutil_evaluate_macro( char * rule, lasInfo *lasinfo, char **tptr = NULL; char *t = NULL; char *s = NULL; - char *target_dn = NULL; struct acl_pblock *aclpb = lasinfo->aclpb; - int found_matched_val_in_ht = 0; aci = lasinfo->aclpb->aclpb_curr_aci; /* Get a pointer to the ndn in the resouirce */ - target_dn = slapi_entry_get_ndn ( lasinfo->resourceEntry ); + slapi_entry_get_ndn ( lasinfo->resourceEntry ); /* * First, get the matched value from the target resource. @@ -3395,8 +3386,6 @@ aclutil_evaluate_macro( char * rule, lasInfo *lasinfo, "ACL info: found matched_val (%s) for aci index %d" "in macro ht\n", aci->aclName, aci->aci_index,0); - - found_matched_val_in_ht = 1; } } @@ -3740,14 +3729,10 @@ static int acllas_eval_one_user( struct acl_pblock *aclpb, char * clientDN, char *rule) { int exact_match = 0; - int ret_code = 0; const size_t LDAP_URL_prefix_len = strlen(LDAP_URL_prefix); - char *s = NULL; - - /* URL format */ - if ((s = strchr (rule, '?'))!= NULL) { + if (strchr (rule, '?') != NULL) { /* URL format */ if (acllas__client_match_URL ( aclpb, clientDN, rule) == ACL_TRUE) { @@ -3763,7 +3748,7 @@ acllas_eval_one_user( struct acl_pblock *aclpb, char * clientDN, char *rule) { /* Here, contains a =*, so need to match comp by comp */ /* skip the ldap:/// part */ rule += LDAP_URL_prefix_len; - ret_code = acl_match_prefix( rule, clientDN, &exact_match); + acl_match_prefix( rule, clientDN, &exact_match); } if ( exact_match) { return( ACL_TRUE); diff --git a/ldap/servers/plugins/acl/aclparse.c b/ldap/servers/plugins/acl/aclparse.c index 0fe5a3a7..099ed797 100644 --- a/ldap/servers/plugins/acl/aclparse.c +++ b/ldap/servers/plugins/acl/aclparse.c @@ -1768,7 +1768,7 @@ static int __acl__init_targetattrfilters( aci_t *aci, char *input_str) { static int process_filter_list( Targetattrfilter ***input_attrFilterArray, char * input_str) { - char *str, *end_attr, *tmp_attr; + char *str, *end_attr; Targetattrfilter *attrfilter = NULL; int numattr=0; Targetattrfilter **attrFilterArray = NULL; @@ -1801,7 +1801,7 @@ static int process_filter_list( Targetattrfilter ***input_attrFilterArray, attrfilter = (Targetattrfilter *) slapi_ch_malloc (sizeof (Targetattrfilter)); memset (attrfilter, 0, sizeof(Targetattrfilter)); - if ((tmp_attr = strstr( str,":")) != NULL) { + if (strstr( str,":") != NULL) { if ( __acl_init_targetattrfilter( attrfilter, str ) != 0 ) { slapi_ch_free((void**)&attrfilter); diff --git a/ldap/servers/plugins/acl/aclutil.c b/ldap/servers/plugins/acl/aclutil.c index 56ca5cef..7c79a299 100644 --- a/ldap/servers/plugins/acl/aclutil.c +++ b/ldap/servers/plugins/acl/aclutil.c @@ -57,7 +57,9 @@ static int acl_find_comp_start(char * s, int pos ); static PRIntn acl_ht_free_entry_and_value(PLHashEntry *he, PRIntn i, void *arg); static PLHashNumber acl_ht_hash( const void *key); +#ifdef FOR_DEBUGGING static PRIntn acl_ht_display_entry(PLHashEntry *he, PRIntn i, void *arg); +#endif /***************************************************************************/ /* UTILITY FUNCTIONS */ @@ -664,7 +666,6 @@ acl_match_macro_in_target( const char *ndn, char * match_this, char *macro_suffix = NULL; char *tmp_ptr = NULL; char *matched_val = NULL; - char *ndn_suffix_start = NULL; char *ret_val = NULL; int ndn_len = 0; int macro_suffix_len = 0; @@ -717,9 +718,6 @@ acl_match_macro_in_target( const char *ndn, char * match_this, } } - /* Start of the suffix in ndn...and it matched. */ - ndn_suffix_start = (char*)&ndn[ndn_len-macro_suffix_len]; - /* Here, macro_suffix is a suffix of ndn. * * @@ -1374,11 +1372,12 @@ acl_ht_free_entry_and_value(PLHashEntry *he, PRIntn i, void *arg) /* Free all the values in the ht */ void acl_ht_display_ht( acl_ht_t *acl_ht) { -#ifdef DEBUG +#ifdef FOR_DEBUGGING PL_HashTableEnumerateEntries( acl_ht, acl_ht_display_entry, NULL); #endif } +#ifdef FOR_DEBUGGING static PRIntn acl_ht_display_entry(PLHashEntry *he, PRIntn i, void *arg) { @@ -1393,6 +1392,7 @@ acl_ht_display_entry(PLHashEntry *he, PRIntn i, void *arg) return HT_ENUMERATE_NEXT; } +#endif /* remove this entry from the ht--doesn't free the value.*/ void acl_ht_remove( acl_ht_t *acl_ht, PLHashNumber key) { |