ACL reference statements.

All ACL keywords can be used in simple statement as well as in block form.
As simple statements, they take a name of an already defined named ACL. E.g.:

  defacl forbid {
	deny any;
  }

  component foo {
    list-acl forbid;
  }

This commit also fixes some eventual double-frees.

* doc/pies.texi: Update.
* src/acl.c (pies_acl)<refcnt>: New member.
(pies_acl_use): New function.
(pies_acl_create): Initialize refcnt.
(pies_acl_destroy): New function.
(pies_acl_free): Rewrite as a wrapper over pies_acl_destroy.
(_parse_sub_acl): Call pies_acl_use when installing a named ACL.
(_acl_common_section_parser): Handle grecs_callback_set_value.
* src/acl.h (pies_acl_destroy)
(pies_acl_use): New function.
* src/comp.c (component_free): Free acl.

1 files changed, 36 insertions, 10 deletions

diff --git a/doc/pies.texi b/doc/pies.texi
index 8e25e76..ae4a56a 100644
--- a/doc/pies.texi
+++ b/doc/pies.texi
@@ -862,16 +862,6 @@ process instead.
 @end table
 @end deffn
 
-@deffn {Config: component} user-acl @{ @dots{} @}
-ACL controlling read-only access to this component.
-@FIXME-pxref{Access to Components}.
-@end deffn
-
-@deffn {Config: component} admin-acl @{ @dots{} @}
-ACL controlling administrative (write) access to this component.
-@FIXME-pxref{Access to Components}.
-@end deffn
-
 The following subsections describe the rest of @samp{component}
 substatements.
 
@@ -884,6 +874,7 @@ substatements.
 * Output Redirectors::
 * Inetd-Style Components::
 * Meta1-Style Components::
+* Visibility::
 * Component Syntax Summary::
 @end menu
 
@@ -1603,6 +1594,34 @@ This socket file is supposed to be created by the component binary
 upon its startup.
 @end deffn
 
+@node Visibility
+@subsection Component Visibility ACLs
+
+  Pies control interface allows certain users to list and modify
+components of a running @command{pies} instance.  Two access control
+lists define who can list and modify the particular component.
+
+@deffn {Config: component} list-acl @var{name}
+@deffnx {Config: component} list-acl @{ @dots{} @}
+This list controls who can get listing of this component
+(@FIXME-pxref{component listing}).
+
+In the first form, @var{name} refers to the name of an already defined
+global ACL (@pxref{defacl}).
+
+The second form defines new unnamed ACL.  The syntax is described in
+detail in @ref{ACL}.
+@end deffn
+
+@deffn {Config: component} admin-acl @var{name}
+@deffnx {Config: component} admin-acl @{ @dots{} @}
+This list controls who can stop, restart or otherwise modify this
+component (@FIXME-pxref{component management}).
+
+As above, two forms are available: the first one for using an already
+defined named ACL, and the second one, for defining a new ACL in place.
+@end deffn
+
 @node Component Syntax Summary
 @subsection Component Syntax Summary
   This subsection summarizes the @code{component} statements.  For each
@@ -1687,14 +1706,20 @@ component @var{tag} @{
 
   # @r{ACL for administrative access to this component.}
   # @FIXME-xref{Access to Components}.
+  admin-acl @var{name};
+  # @r{or:}
   admin-acl @{ @dots{} @}
 
   # @r{ACL for read-only access to this component.}
   # @FIXME-xref{Access to Components}.
+  list-acl @var{name};
+  # @r{or:}
   list-acl @{ @dots{} @}
   
   # @r{ACL for this component.}
   # @xref{ACL}.
+  acl @var{name};
+  # @r{or:}
   acl @{ @dots{} @}
   
   # @r{Override default syslog facility for this component.}
@@ -1925,6 +1950,7 @@ acl @{
 component @acronym{ACL} is consulted.  As a result, access is
 granted only if both lists allow it.
 
+@anchor{defacl}
   A @dfn{named @acronym{ACL}} is an access control list which is
 assigned its own name.  Named @acronym{ACL}s are defined using
 the @samp{defacl} statement: