From b86a642a321d3763d997f07c47ec515acbe72cf0 Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Tue, 28 Oct 2014 19:40:02 +0100

Subject: [PATCH 57/64] Add parse_attr_list_ex() helper function

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

---

 Makefile.am                            |   5 +-

 src/responder/common/responder.h       |   2 +

 src/responder/common/responder_utils.c | 151 +++++++++++++++++++++++++++++++++

 src/responder/ifp/ifp_private.h        |   3 +

 src/responder/ifp/ifpsrv_util.c        | 117 +------------------------

 src/tests/cmocka/test_ifp.c            |  51 +++++++++++

 6 files changed, 212 insertions(+), 117 deletions(-)

 create mode 100644 src/responder/common/responder_utils.c

diff --git a/Makefile.am b/Makefile.am

index 61bf5cf957d4024b67f48cf42f5735b5fa368945..ac8ad1566a5c931bf43526e2d29a57a5f8ade1cf 100644

--- a/Makefile.am

+++ b/Makefile.am

@@ -409,6 +409,7 @@ SSSD_RESPONDER_OBJ = \

     src/responder/common/responder_dp.c \

     src/responder/common/responder_packet.c \

     src/responder/common/responder_get_domains.c \

+    src/responder/common/responder_utils.c \

     src/monitor/monitor_iface_generated.c \

     src/monitor/monitor_iface_generated.h \

     src/providers/data_provider_iface_generated.c \

@@ -2025,7 +2026,9 @@ ifp_tests_SOURCES = \

     src/tests/cmocka/test_ifp.c \

     src/responder/ifp/ifpsrv_cmd.c \

     src/responder/ifp/ifp_iface_generated.c \

-    src/responder/ifp/ifpsrv_util.c

+    src/responder/ifp/ifpsrv_util.c \

+    src/responder/common/responder_utils.c \

+    $(NULL)

 ifp_tests_CFLAGS = \

     $(AM_CFLAGS)

 ifp_tests_LDADD = \

diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h

index e3c0f226775d279ea8c0f300cc2de54d2f7f9b72..02a215ced435c87ec0439807ab5e575de0d0fe04 100644

--- a/src/responder/common/responder.h

+++ b/src/responder/common/responder.h

@@ -329,4 +329,6 @@ sss_parse_inp_send(TALLOC_CTX *mem_ctx, struct resp_ctx *rctx,

 errno_t sss_parse_inp_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,

                            char **_name, char **_domname);

+const char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str,

+                                const char **defaults);

 #endif /* __SSS_RESPONDER_H__ */

diff --git a/src/responder/common/responder_utils.c b/src/responder/common/responder_utils.c

new file mode 100644

index 0000000000000000000000000000000000000000..815b61b3971cfda2eda4efc643ea21c3b035b36d

--- /dev/null

+++ b/src/responder/common/responder_utils.c

@@ -0,0 +1,151 @@

+

+/*

+   SSSD

+

+   Common Responder utility functions

+

+   Copyright (C) Sumit Bose <sbose@redhat.com> 2014

+

+   This program is free software; you can redistribute it and/or modify

+   it under the terms of the GNU General Public License as published by

+   the Free Software Foundation; either version 3 of the License, or

+   (at your option) any later version.

+

+   This program is distributed in the hope that it will be useful,

+   but WITHOUT ANY WARRANTY; without even the implied warranty of

+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+   GNU General Public License for more details.

+

+   You should have received a copy of the GNU General Public License

+   along with this program.  If not, see <http://www.gnu.org/licenses/>.

+*/

+

+#include <talloc.h>

+

+#include "util/util.h"

+

+static inline bool

+attr_in_list(const char **list, size_t nlist, const char *str)

+{

+    size_t i;

+

+    for (i = 0; i < nlist; i++) {

+        if (strcasecmp(list[i], str) == 0) {

+            break;

+        }

+    }

+

+    return (i < nlist) ? true : false;

+}

+

+const char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str,

+                                const char **defaults)

+{

+    TALLOC_CTX *tmp_ctx;

+    errno_t ret;

+    const char **list = NULL;

+    const char **res = NULL;

+    int list_size;

+    char **conf_list = NULL;

+    int conf_list_size = 0;

+    const char **allow = NULL;

+    const char **deny = NULL;

+    int ai = 0, di = 0, li = 0;

+    int i;

+

+    tmp_ctx = talloc_new(NULL);

+    if (tmp_ctx == NULL) {

+        return NULL;

+    }

+

+    if (conf_str) {

+        ret = split_on_separator(tmp_ctx, conf_str, ',', true, true,

+                                 &conf_list, &conf_list_size);

+        if (ret != EOK) {

+            DEBUG(SSSDBG_OP_FAILURE,

+                  "Cannot parse attribute ACL list  %s: %d\n", conf_str, ret);

+            goto done;

+        }

+

+        allow = talloc_zero_array(tmp_ctx, const char *, conf_list_size);

+        deny = talloc_zero_array(tmp_ctx, const char *, conf_list_size);

+        if (allow == NULL || deny == NULL) {

+            goto done;

+        }

+    }

+

+    for (i = 0; i < conf_list_size; i++) {

+        switch (conf_list[i][0]) {

+            case '+':

+                allow[ai] = conf_list[i] + 1;

+                ai++;

+                continue;

+            case '-':

+                deny[di] = conf_list[i] + 1;

+                di++;

+                continue;

+            default:

+                DEBUG(SSSDBG_CRIT_FAILURE, "ACL values must start with "

+                      "either '+' (allow) or '-' (deny), got '%s'\n",

+                      conf_list[i]);

+                goto done;

+        }

+    }

+

+    /* Assume the output will have to hold defaults and all the configured,

+     * values, resize later

+     */

+    list_size = 0;

+    if (defaults != NULL) {

+        while (defaults[list_size]) {

+            list_size++;

+        }

+    }

+    list_size += conf_list_size;

+

+    list = talloc_zero_array(tmp_ctx, const char *, list_size + 1);

+    if (list == NULL) {

+        goto done;

+    }

+

+    /* Start by copying explicitly allowed attributes */

+    for (i = 0; i < ai; i++) {

+        /* if the attribute is explicitly denied, skip it */

+        if (attr_in_list(deny, di, allow[i])) {

+            continue;

+        }

+

+        list[li] = talloc_strdup(list, allow[i]);

+        if (list[li] == NULL) {

+            goto done;

+        }

+        li++;

+

+        DEBUG(SSSDBG_TRACE_INTERNAL,

+              "Added allowed attr %s to whitelist\n", allow[i]);

+    }

+

+    /* Add defaults */

+    if (defaults != NULL) {

+        for (i = 0; defaults[i]; i++) {

+            /* if the attribute is explicitly denied, skip it */

+            if (attr_in_list(deny, di, defaults[i])) {

+                continue;

+            }

+

+            list[li] = talloc_strdup(list, defaults[i]);

+            if (list[li] == NULL) {

+                goto done;

+            }

+            li++;

+

+            DEBUG(SSSDBG_TRACE_INTERNAL,

+                  "Added default attr %s to whitelist\n", defaults[i]);

+        }

+    }

+

+    res = talloc_steal(mem_ctx, list);

+done:

+    talloc_free(tmp_ctx);

+    return res;

+}

diff --git a/src/responder/ifp/ifp_private.h b/src/responder/ifp/ifp_private.h

index bf2015a9722ff4b4f831cb63cd528881f0f259a8..fb1639c8dfd00f547a666dce67ee7a94c3143618 100644

--- a/src/responder/ifp/ifp_private.h

+++ b/src/responder/ifp/ifp_private.h

@@ -82,5 +82,8 @@ char *_ifp_reply_objpath(TALLOC_CTX *mem_ctx, const char *base,

 errno_t ifp_add_ldb_el_to_dict(DBusMessageIter *iter_dict,

                                struct ldb_message_element *el);

 const char **ifp_parse_attr_list(TALLOC_CTX *mem_ctx, const char *conf_str);

+const char **

+ifp_parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str,

+                       const char **defaults);

 bool ifp_attr_allowed(const char *whitelist[], const char *attr);

 #endif /* _IFPSRV_PRIVATE_H_ */

diff --git a/src/responder/ifp/ifpsrv_util.c b/src/responder/ifp/ifpsrv_util.c

index c0ab686e4527a2508f67b789151365dfdbb89f25..909bc54870d6442ea9daf8e86d2dc97acfe4b93d 100644

--- a/src/responder/ifp/ifpsrv_util.c

+++ b/src/responder/ifp/ifpsrv_util.c

@@ -356,127 +356,12 @@ errno_t ifp_add_ldb_el_to_dict(DBusMessageIter *iter_dict,

     return EOK;

 }

-static inline bool

-attr_in_list(const char **list, size_t nlist, const char *str)

-{

-    size_t i;

-

-    for (i = 0; i < nlist; i++) {

-        if (strcasecmp(list[i], str) == 0) {

-            break;

-        }

-    }

-

-    return (i < nlist) ? true : false;

-}

-

 const char **

 ifp_parse_attr_list(TALLOC_CTX *mem_ctx, const char *conf_str)

 {

-    TALLOC_CTX *tmp_ctx;

-    errno_t ret;

-    const char **list = NULL;

-    const char **res = NULL;

-    int list_size;

-    char **conf_list = NULL;

-    int conf_list_size = 0;

-    const char **allow = NULL;

-    const char **deny = NULL;

-    int ai = 0, di = 0, li = 0;

-    int i;

     const char *defaults[] = IFP_DEFAULT_ATTRS;

-    tmp_ctx = talloc_new(NULL);

-    if (tmp_ctx == NULL) {

-        return NULL;

-    }

-

-    if (conf_str) {

-        ret = split_on_separator(tmp_ctx, conf_str, ',', true, true,

-                                 &conf_list, &conf_list_size);

-        if (ret != EOK) {

-            DEBUG(SSSDBG_OP_FAILURE,

-                  "Cannot parse attribute ACL list  %s: %d\n", conf_str, ret);

-            goto done;

-        }

-

-        allow = talloc_zero_array(tmp_ctx, const char *, conf_list_size);

-        deny = talloc_zero_array(tmp_ctx, const char *, conf_list_size);

-        if (allow == NULL || deny == NULL) {

-            goto done;

-        }

-    }

-

-    for (i = 0; i < conf_list_size; i++) {

-        switch (conf_list[i][0]) {

-            case '+':

-                allow[ai] = conf_list[i] + 1;

-                ai++;

-                continue;

-            case '-':

-                deny[di] = conf_list[i] + 1;

-                di++;

-                continue;

-            default:

-                DEBUG(SSSDBG_CRIT_FAILURE, "ACL values must start with "

-                      "either '+' (allow) or '-' (deny), got '%s'\n",

-                      conf_list[i]);

-                goto done;

-        }

-    }

-

-    /* Assume the output will have to hold defauls and all the configured,

-     * values, resize later

-     */

-    list_size = 0;

-    while (defaults[list_size]) {

-        list_size++;

-    }

-    list_size += conf_list_size;

-

-    list = talloc_zero_array(tmp_ctx, const char *, list_size + 1);

-    if (list == NULL) {

-        goto done;

-    }

-

-    /* Start by copying explicitly allowed attributes */

-    for (i = 0; i < ai; i++) {

-        /* if the attribute is explicitly denied, skip it */

-        if (attr_in_list(deny, di, allow[i])) {

-            continue;

-        }

-

-        list[li] = talloc_strdup(list, allow[i]);

-        if (list[li] == NULL) {

-            goto done;

-        }

-        li++;

-

-        DEBUG(SSSDBG_TRACE_INTERNAL,

-              "Added allowed attr %s to whitelist\n", allow[i]);

-    }

-

-    /* Add defaults */

-    for (i = 0; defaults[i]; i++) {

-        /* if the attribute is explicitly denied, skip it */

-        if (attr_in_list(deny, di, defaults[i])) {

-            continue;

-        }

-

-        list[li] = talloc_strdup(list, defaults[i]);

-        if (list[li] == NULL) {

-            goto done;

-        }

-        li++;

-

-        DEBUG(SSSDBG_TRACE_INTERNAL,

-              "Added default attr %s to whitelist\n", defaults[i]);

-    }

-

-    res = talloc_steal(mem_ctx, list);

-done:

-    talloc_free(tmp_ctx);

-    return res;

+    return parse_attr_list_ex(mem_ctx, conf_str, defaults);

 }

 bool

diff --git a/src/tests/cmocka/test_ifp.c b/src/tests/cmocka/test_ifp.c

index b0f6e09900a956a51c17d1c4cf1a7772dccc3a68..d6e41706d5f55414c0376bd04d299ec6ad73c11e 100644

--- a/src/tests/cmocka/test_ifp.c

+++ b/src/tests/cmocka/test_ifp.c

@@ -246,6 +246,29 @@ static void attr_parse_test(const char *expected[], const char *input)

     talloc_free(test_ctx);

 }

+static void attr_parse_test_ex(const char *expected[], const char *input,

+                               const char **defaults)

+{

+    const char **res;

+    TALLOC_CTX *test_ctx;

+

+    test_ctx = talloc_new(NULL);

+    assert_non_null(test_ctx);

+

+    res = parse_attr_list_ex(test_ctx, input, defaults);

+

+    if (expected) {

+        /* Positive test */

+        assert_non_null(res);

+        assert_string_list_equal(res, expected);

+    } else {

+        /* Negative test */

+        assert_null(res);

+    }

+

+    talloc_free(test_ctx);

+}

+

 void test_attr_acl(void **state)

 {

     /* Test defaults */

@@ -296,6 +319,33 @@ void test_attr_acl(void **state)

     attr_parse_test(NULL,  "missing_plus_or_minus");

 }

+void test_attr_acl_ex(void **state)

+{

+    /* Test defaults */

+    const char *exp_defaults[] = { "abc", "123", "xyz", NULL };

+    attr_parse_test_ex(exp_defaults, NULL, exp_defaults);

+

+    /* Test adding some attributes to the defaults */

+    const char *exp_add[] = { "telephoneNumber", "streetAddress",

+                              "abc", "123", "xyz",

+                              NULL };

+    attr_parse_test_ex(exp_add, "+telephoneNumber, +streetAddress",

+                       exp_defaults);

+

+    /* Test removing some attributes to the defaults */

+    const char *exp_rm[] = { "123", NULL };

+    attr_parse_test_ex(exp_rm, "-abc, -xyz", exp_defaults);

+

+    /* Test adding with empty defaults */

+    const char *exp_add_empty[] = { "telephoneNumber", "streetAddress",

+                                    NULL };

+    attr_parse_test_ex(exp_add_empty, "+telephoneNumber, +streetAddress", NULL);

+

+    /* Test removing with empty defaults */

+    const char *rm_all[] = { NULL };

+    attr_parse_test_ex(rm_all, "-telephoneNumber, -streetAddress", NULL);

+}

+

 void test_attr_allowed(void **state)

 {

     const char *whitelist[] = { "name", "gecos", NULL };

@@ -452,6 +502,7 @@ int main(int argc, const char *argv[])

         unit_test(test_path_prefix),

         unit_test(test_el_to_dict),

         unit_test(test_attr_acl),

+        unit_test(test_attr_acl_ex),

         unit_test(test_attr_allowed),

         unit_test(test_path_escape_unescape),

         unit_test_setup_teardown(test_reply_path,

-- 

1.9.3