diff options
author | rcritten <> | 2005-05-31 14:32:42 +0000 |
---|---|---|
committer | rcritten <> | 2005-05-31 14:32:42 +0000 |
commit | 102486d90b09d87c7666d70bfb0d01a564868d67 (patch) | |
tree | 21d059a8a3035acda6ada54bed940541718eb349 | |
parent | b2aee9265a8f8b98a2e3a24a269c2b4b97882d08 (diff) | |
download | mod_nss-102486d90b09d87c7666d70bfb0d01a564868d67.tar.gz mod_nss-102486d90b09d87c7666d70bfb0d01a564868d67.tar.xz mod_nss-102486d90b09d87c7666d70bfb0d01a564868d67.zip |
Changed function and configuration names so mod_nss can peacefully
co-exist with mod_ssl.
-rw-r--r-- | Makefile.am | 20 | ||||
-rw-r--r-- | Makefile.in | 32 | ||||
-rw-r--r-- | TODO | 3 | ||||
-rwxr-xr-x | migrate.pl | 78 | ||||
-rw-r--r-- | mod_nss.c | 92 | ||||
-rw-r--r-- | mod_nss.h | 128 | ||||
-rw-r--r-- | modules.mk | 4 | ||||
-rw-r--r-- | nss_engine_config.c | 99 | ||||
-rw-r--r-- | nss_engine_init.c | 175 | ||||
-rw-r--r-- | nss_engine_io.c | 130 | ||||
-rw-r--r-- | nss_engine_kernel.c | 60 | ||||
-rw-r--r-- | nss_engine_log.c | 8 | ||||
-rw-r--r-- | nss_engine_pphrase.c | 36 | ||||
-rw-r--r-- | nss_engine_vars.c | 126 | ||||
-rw-r--r-- | nss_expr.c | 53 | ||||
-rw-r--r-- | nss_expr.h | 55 | ||||
-rw-r--r-- | nss_expr_eval.c | 142 | ||||
-rw-r--r-- | nss_expr_parse.c (renamed from ssl_expr_parse.c) | 682 | ||||
-rw-r--r-- | nss_expr_parse.h (renamed from ssl_expr_parse.h) | 4 | ||||
-rw-r--r-- | nss_expr_parse.y (renamed from ssl_expr_parse.y) | 74 | ||||
-rw-r--r-- | nss_expr_scan.c (renamed from ssl_expr_scan.c) | 176 | ||||
-rw-r--r-- | nss_expr_scan.l (renamed from ssl_expr_scan.l) | 37 | ||||
-rw-r--r-- | nss_util.c | 30 |
23 files changed, 1102 insertions, 1142 deletions
diff --git a/Makefile.am b/Makefile.am index e12422d..8de5b22 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,7 +6,7 @@ bin_PROGRAMS = nss_pcache nss_pcache_SOURCES = nss_pcache.c ## Define the source file for the module -libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c ssl_expr_parse.y ssl_expr_scan.l nss_util.c +libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c nss_expr_parse.y nss_expr_scan.l nss_util.c ## Set the includes and libraries needed INCLUDES = -I@apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@ @@ -58,17 +58,17 @@ install-binPROGRAMS: $(bin_PROGRAMS) @echo "********************** NOTE **************************" @echo "" -ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h - $(LEX) -Pssl_expr_yy -s -B ssl_expr_scan.l - sed -e '/$$Header:/d' <lex.ssl_expr_yy.c >ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c +nss_expr_scan.c: nss_expr_scan.l nss_expr_parse.h + $(LEX) -Pnss_expr_yy -s -B nss_expr_scan.l + sed -e '/$$Header:/d' <lex.nss_expr_yy.c >nss_expr_scan.c && rm -f lex.nss_expr_yy.c -ssl_expr_parse.c ssl_expr_parse.h: ssl_expr_parse.y - $(YACC) -d ssl_expr_parse.y - sed -e 's;yy;ssl_expr_yy;g' \ +nss_expr_parse.c nss_expr_parse.h: nss_expr_parse.y + $(YACC) -d nss_expr_parse.y + sed -e 's;yy;nss_expr_yy;g' \ -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \ - <y.tab.c >ssl_expr_parse.c && rm -f y.tab.c - sed -e 's;yy;ssl_expr_yy;g' \ - <y.tab.h >ssl_expr_parse.h && rm -f y.tab.h + <y.tab.c >nss_expr_parse.c && rm -f y.tab.c + sed -e 's;yy;nss_expr_yy;g' \ + <y.tab.h >nss_expr_parse.h && rm -f y.tab.h LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ diff --git a/Makefile.in b/Makefile.in index 1166181..6f29fce 100644 --- a/Makefile.in +++ b/Makefile.in @@ -96,7 +96,7 @@ bin_PROGRAMS = nss_pcache nss_pcache_SOURCES = nss_pcache.c -libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c ssl_expr_parse.y ssl_expr_scan.l nss_util.c +libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c nss_expr_parse.y nss_expr_scan.l nss_util.c INCLUDES = -I@apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@ LIBS = @nspr_lib@ @nss_lib@ -lnspr4 -lplc4 -lplds4 -lssl3 -lsmime3 -lnss3 @@ -123,7 +123,7 @@ libmodnss_la_LIBADD = libmodnss_la_OBJECTS = mod_nss.lo nss_engine_config.lo \ nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo \ nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo \ -nss_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo nss_util.lo +nss_expr_eval.lo nss_expr_parse.lo nss_expr_scan.lo nss_util.lo bin_PROGRAMS = nss_pcache$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) @@ -139,7 +139,7 @@ CCLD = $(CC) DIST_COMMON = README AUTHORS COPYING ChangeLog INSTALL Makefile.am \ Makefile.in NEWS TODO aclocal.m4 config.guess config.sub configure \ configure.in gencert.in install-sh ltmain.sh missing mkinstalldirs \ -nss.conf.in ssl_expr_parse.c ssl_expr_scan.c +nss.conf.in nss_expr_parse.c nss_expr_scan.c DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) @@ -150,8 +150,8 @@ DEP_FILES = .deps/mod_nss.P .deps/nss_engine_config.P \ .deps/nss_engine_init.P .deps/nss_engine_io.P .deps/nss_engine_kernel.P \ .deps/nss_engine_log.P .deps/nss_engine_pphrase.P \ .deps/nss_engine_vars.P .deps/nss_expr.P .deps/nss_expr_eval.P \ -.deps/nss_pcache.P .deps/nss_util.P .deps/ssl_expr_parse.P \ -.deps/ssl_expr_scan.P +.deps/nss_expr_parse.P .deps/nss_expr_scan.P .deps/nss_pcache.P \ +.deps/nss_util.P SOURCES = $(libmodnss_la_SOURCES) $(nss_pcache_SOURCES) OBJECTS = $(libmodnss_la_OBJECTS) $(nss_pcache_OBJECTS) @@ -258,7 +258,7 @@ nss_pcache$(EXEEXT): $(nss_pcache_OBJECTS) $(nss_pcache_DEPENDENCIES) if test -f y.tab.h; then \ if cmp -s y.tab.h $*.h; then rm -f y.tab.h; else mv y.tab.h $*.h; fi; \ else :; fi -ssl_expr_parse.h: ssl_expr_parse.c +nss_expr_parse.h: nss_expr_parse.c tags: TAGS @@ -411,7 +411,7 @@ distclean-generic: -rm -f config.cache config.log stamp-h stamp-h[0-9]* maintainer-clean-generic: - -test -z "ssl_expr_scanlssl_expr_parsehssl_expr_parsec" || rm -f ssl_expr_scanl ssl_expr_parseh ssl_expr_parsec + -test -z "nss_expr_scanlnss_expr_parsehnss_expr_parsec" || rm -f nss_expr_scanl nss_expr_parseh nss_expr_parsec mostlyclean-am: mostlyclean-libLTLIBRARIES mostlyclean-compile \ mostlyclean-libtool mostlyclean-binPROGRAMS \ mostlyclean-tags mostlyclean-depend mostlyclean-generic @@ -506,17 +506,17 @@ install-binPROGRAMS: $(bin_PROGRAMS) @echo "********************** NOTE **************************" @echo "" -ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h - $(LEX) -Pssl_expr_yy -s -B ssl_expr_scan.l - sed -e '/$$Header:/d' <lex.ssl_expr_yy.c >ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c +nss_expr_scan.c: nss_expr_scan.l nss_expr_parse.h + $(LEX) -Pnss_expr_yy -s -B nss_expr_scan.l + sed -e '/$$Header:/d' <lex.nss_expr_yy.c >nss_expr_scan.c && rm -f lex.nss_expr_yy.c -ssl_expr_parse.c ssl_expr_parse.h: ssl_expr_parse.y - $(YACC) -d ssl_expr_parse.y - sed -e 's;yy;ssl_expr_yy;g' \ +nss_expr_parse.c nss_expr_parse.h: nss_expr_parse.y + $(YACC) -d nss_expr_parse.y + sed -e 's;yy;nss_expr_yy;g' \ -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \ - <y.tab.c >ssl_expr_parse.c && rm -f y.tab.c - sed -e 's;yy;ssl_expr_yy;g' \ - <y.tab.h >ssl_expr_parse.h && rm -f y.tab.h + <y.tab.c >nss_expr_parse.c && rm -f y.tab.c + sed -e 's;yy;nss_expr_yy;g' \ + <y.tab.h >nss_expr_parse.h && rm -f y.tab.h # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. @@ -1,2 +1,3 @@ - Support for mod_proxy -- Pull the entire cert chain when requested +- Offer to automatically generate a self-signed cert using gencert during + install? @@ -8,9 +8,11 @@ use Getopt::Std; BEGIN { $NSSDir = cwd(); - $CACertificatePath = ""; - $CACertificateFile = ""; + $SSLCACertificatePath = ""; + $SSLCACertificateFile = ""; $SSLCertificateFile = ""; + $SSLCARevocationPath = ""; + $SSLCARevocationFile = ""; $SSLCertificateKeyFile = ""; $passphrase = 0; } @@ -19,14 +21,12 @@ BEGIN { "SSLSessionCache" => "", "SSLMutex" => "", "SSLCertificateChainFile" => "", - "SSLCARevocationPath" => "", - "SSLCARevocationFile" => "", "SSLVerifyDepth" => "" , "SSLCryptoDevice" => "" , "LoadModule" => "" , ); -%insert = ( "SSLSessionCacheTimeout", "SSLSessionCacheSize 10000\nSSL3SessionCacheTimeout 86400\n",); +%insert = ( "NSSSessionCacheTimeout", "NSSSessionCacheSize 10000\nNSSSession3CacheTimeout 86400\n",); getopts('ch'); @@ -60,25 +60,31 @@ while (<SSL>) { } if ($stmt eq "SSLCipherSuite") { - print NSS "SSLCipherSuite ", get_ciphers($val), "\n"; - print NSS "SSLProtocol SSLv3,TLSv1\n"; + print NSS "NSSCipherSuite ", get_ciphers($val), "\n"; + print NSS "NSSProtocol SSLv3,TLSv1\n"; $comment = 1; } elsif ($stmt eq "SSLCACertificatePath") { - $CACertificatePath = $value; + $SSLCACertificatePath = $value; $comment = 1; } elsif ($stmt eq "SSLCACertificateFile") { - $CACertificateFile = $value; + $SSLCACertificateFile = $value; $comment = 1; } elsif ($stmt eq "SSLCertificateFile") { - print NSS "SSLCertificateDatabase $NSSDir\n"; - print NSS "SSLNickName Server-Cert\n"; + print NSS "NSSCertificateDatabase $NSSDir\n"; + print NSS "NSSNickName Server-Cert\n"; $SSLCertificateFile = $value; $comment = 1; } elsif ($stmt eq "SSLCertificateKeyFile") { $SSLCertificateKeyFile = $value; $comment = 1; + } elsif ($stmt eq "SSLCARevocationPath") { + $SSLCARevocationPath = $value; + $comment = 1; + } elsif ($stmt eq "SSLCARevocationFile") { + $SSLCARevocationFile = $value; + $comment = 1; } elsif ($stmt eq "SSLPassPhraseDialog") { - print NSS "SSLPassPhraseHelper /usr/local/bin/nss_pcache\n"; + print NSS "NSSPassPhraseHelper /usr/local/bin/nss_pcache\n"; $passphrase = 1; $comment = 1; } @@ -89,6 +95,9 @@ while (<SSL>) { next; } + # Fix up any remaining directive names + s/^SSL/NSS/; + if (exists($insert{$stmt})) { print NSS "$_"; print NSS $insert{$stmt}; @@ -106,7 +115,7 @@ while (<SSL>) { } if ($passphrase == 0) { - print NSS "SSLPassPhraseHelper /usr/sbin/nss_pcache\n"; + print NSS "NSSPassPhraseHelper /usr/sbin/nss_pcache\n"; } close(NSS); @@ -128,26 +137,55 @@ if ($opt_c) { run_command("pk12util -i server.p12 -d $NSSDir -W foo"); } - if ($CACertificateFile ne "") { - my $subject = get_cert_subject($CACertificateFile); + if ($SSLCACertificateFile ne "") { + my $subject = get_cert_subject($SSLCACertificateFile); if ($subject ne "") { print "Importing CA certificate $subject\n"; - run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $CACertificateFile"); + run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $SSLCACertificateFile"); } } - if ($CACertificatePath ne "") { - opendir(DIR, $CACertificatePath) or die "can't opendir $CACertificatePath: $!"; + if ($SSLCACertificatePath ne "") { + opendir(DIR, $SSLCACertificatePath) or die "can't opendir $SSLCACertificatePath: $!"; while (defined($file = readdir(DIR))) { next if -d $file; # we can operate directly on the hash files so don't have to worry # about any SKIPME's. if ($file =~ /hash.*/) { - my $subject = get_cert_subject("$CACertificatePath/$file"); + my $subject = get_cert_subject("$SSLCACertificatePath/$file"); if ($subject ne "") { print "Importing CA certificate $subject\n"; - run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $CACertificatePath/$file"); + run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $SSLCACertificatePath/$file"); + } + } + } + closedir(DIR); + } + + if ($SSLCARevocationFile ne "") { + print "Importing CRL file $CARevocationFile\n"; + # Convert to DER format + run_command("openssl crl -in $SSLCARevocationFile -out /tmp/crl.tmp -inform PEM -outform DER"); + run_command("crlutil -I -t 1 -d $NSSDir -i /tmp/crl.tmp"); + unlink("/tmp/crl.tmp"); + } + + if ($SSLCARevocationPath ne "") { + opendir(DIR, $SSLCARevocationPath) or die "can't opendir $SSLCARevocationPath: $!"; + while (defined($file = readdir(DIR))) { + next if -d $file; + + # we can operate directly on the hash files so don't have to worry + # about any SKIPME's. + if ($file =~ /hash.*/) { + my $subject = get_cert_subject("$SSLCARevocationPath/$file"); + if ($subject ne "") { + print "Importing CRL file $file\n"; + # Convert to DER format + run_command("openssl crl -in $SSLCARevocationPath/$file -out /tmp/crl.tmp -inform PEM -outform DER"); + run_command("crlutil -I -t 1 -d $NSSDir -i /tmp/crl.tmp"); + unlink("/tmp/crl.tmp"); } } } @@ -21,20 +21,20 @@ */ #define SSL_CMD_ALL(name, args, desc) \ - AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \ + AP_INIT_##args("NSS"#name, nss_cmd_NSS##name, \ NULL, RSRC_CONF|OR_AUTHCFG, desc), #define SSL_CMD_SRV(name, args, desc) \ - AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \ + AP_INIT_##args("NSS"#name, nss_cmd_NSS##name, \ NULL, RSRC_CONF, desc), #define SSL_CMD_DIR(name, type, args, desc) \ - AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \ + AP_INIT_##args("NSS"#name, nss_cmd_NSS##name, \ NULL, OR_##type, desc), #define AP_END_CMD { NULL } -static const command_rec ssl_config_cmds[] = { +static const command_rec nss_config_cmds[] = { /* * Global (main-server) context configuration directives */ @@ -44,7 +44,7 @@ static const command_rec ssl_config_cmds[] = { SSL_CMD_SRV(SessionCacheTimeout, TAKE1, "SSL 2 Session Cache object lifetime " "(`N' - number of seconds)") - SSL_CMD_SRV(3SessionCacheTimeout, TAKE1, + SSL_CMD_SRV(Session3CacheTimeout, TAKE1, "SSL 3/TLS Session Cache object lifetime " "(`N' - number of seconds)") SSL_CMD_SRV(SessionCacheSize, TAKE1, @@ -144,18 +144,17 @@ static const command_rec ssl_config_cmds[] = { * the various processing hooks */ -static int ssl_hook_pre_config(apr_pool_t *pconf, +static int nss_hook_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_hook_pre_config"); /* Register us to handle mod_log_config %c/%x variables */ - ssl_var_log_config_register(pconf); + nss_var_log_config_register(pconf); return OK; } -static SSLConnRec *ssl_init_connection_ctx(conn_rec *c) +static SSLConnRec *nss_init_connection_ctx(conn_rec *c) { SSLConnRec *sslconn = myConnConfig(c); @@ -167,7 +166,7 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c) sslconn->is_proxy = 0; sslconn->disabled = 0; - sslconn->non_ssl_request = 0; + sslconn->non_nss_request = 0; sslconn->ssl = NULL; myConnConfigSet(c, sslconn); @@ -176,11 +175,11 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c) } #ifdef PROXY -int ssl_proxy_enable(conn_rec *c) +int nss_proxy_enable(conn_rec *c) { SSLSrvConfigRec *sc = mySrvConfig(c->base_server); - SSLConnRec *sslconn = ssl_init_connection_ctx(c); + SSLConnRec *sslconn = nss_init_connection_ctx(c); if (!sc->proxy_enabled) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server, @@ -197,7 +196,7 @@ int ssl_proxy_enable(conn_rec *c) } #endif -int ssl_engine_disable(conn_rec *c) +int nss_engine_disable(conn_rec *c) { SSLSrvConfigRec *sc = mySrvConfig(c->base_server); @@ -207,14 +206,14 @@ int ssl_engine_disable(conn_rec *c) return 0; } - sslconn = ssl_init_connection_ctx(c); + sslconn = nss_init_connection_ctx(c); sslconn->disabled = 1; return 1; } -static int ssl_hook_pre_connection(conn_rec *c, void *csd) +static int nss_hook_pre_connection(conn_rec *c, void *csd) { SSLSrvConfigRec *sc = mySrvConfig(c->base_server); PRFileDesc *ssl; @@ -234,7 +233,7 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) * Create SSL context */ if (!sslconn) { - sslconn = ssl_init_connection_ctx(c); + sslconn = nss_init_connection_ctx(c); } if (sslconn->disabled) { @@ -258,14 +257,14 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) * attach this to the socket. Additionally we register this attachment * so we can detach later. */ - ssl = ssl_io_new_fd(); + ssl = nss_io_new_fd(); ssl = SSL_ImportFD(mctx->model, ssl); if (!(ssl)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server, "Unable to create a new SSL connection from the SSL " "context"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, c->base_server); c->aborted = 1; @@ -275,14 +274,14 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) sslconn->ssl = ssl; sslconn->client_socket = csd; - ssl_io_filter_init(c, ssl); + nss_io_filter_init(c, ssl); SSL_ResetHandshake(ssl, PR_TRUE); return APR_SUCCESS; } -static const char *ssl_hook_http_method(const request_rec *r) +static const char *nss_hook_http_method(const request_rec *r) { SSLSrvConfigRec *sc = mySrvConfig(r->server); @@ -293,7 +292,7 @@ static const char *ssl_hook_http_method(const request_rec *r) return "https"; } -static apr_port_t ssl_hook_default_port(const request_rec *r) +static apr_port_t nss_hook_default_port(const request_rec *r) { SSLSrvConfigRec *sc = mySrvConfig(r->server); @@ -308,38 +307,37 @@ static apr_port_t ssl_hook_default_port(const request_rec *r) * the module registration phase */ -static void ssl_register_hooks(apr_pool_t *p) +static void nss_register_hooks(apr_pool_t *p) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_register_hooks"); - ssl_io_filter_register(p); - - ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_post_config (ssl_init_Module, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_http_method (ssl_hook_http_method, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_default_port (ssl_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_pre_config (ssl_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_child_init (ssl_init_Child, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_translate_name(ssl_hook_Translate, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_check_user_id (ssl_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST); - ap_hook_fixups (ssl_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE); - - ssl_var_register(); + nss_io_filter_register(p); + + ap_hook_pre_connection(nss_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_post_config (nss_init_Module, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_http_method (nss_hook_http_method, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_default_port (nss_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_pre_config (nss_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_child_init (nss_init_Child, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_translate_name(nss_hook_Translate, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_check_user_id (nss_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST); + ap_hook_fixups (nss_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_access_checker(nss_hook_Access, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_auth_checker (nss_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_post_read_request(nss_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE); + + nss_var_register(); #ifdef PROXY - APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable); + APR_REGISTER_OPTIONAL_FN(nss_proxy_enable); #endif - APR_REGISTER_OPTIONAL_FN(ssl_engine_disable); + APR_REGISTER_OPTIONAL_FN(nss_engine_disable); } module AP_MODULE_DECLARE_DATA nss_module = { STANDARD20_MODULE_STUFF, - ssl_config_perdir_create, /* create per-dir config structures */ - ssl_config_perdir_merge, /* merge per-dir config structures */ - ssl_config_server_create, /* create per-server config structures */ - ssl_config_server_merge, /* merge per-server config structures */ - ssl_config_cmds, /* table of configuration directives */ - ssl_register_hooks /* register hooks */ + nss_config_perdir_create, /* create per-dir config structures */ + nss_config_perdir_merge, /* merge per-dir config structures */ + nss_config_server_create, /* create per-server config structures */ + nss_config_server_merge, /* merge per-server config structures */ + nss_config_cmds, /* table of configuration directives */ + nss_register_hooks /* register hooks */ }; @@ -152,15 +152,15 @@ ap_set_module_config(c->conn_config, &nss_module, val) #define SSL_OPT_STRICTREQUIRE (1<<5) #define SSL_OPT_OPTRENEGOTIATE (1<<6) #define SSL_OPT_ALL (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE) -typedef int ssl_opt_t; +typedef int nss_opt_t; /* * Define the SSL requirement structure */ typedef struct { char *cpExpr; - ssl_expr *mpExpr; -} ssl_require_t; + nss_expr *mpExpr; +} nss_require_t; /* * Define the SSL verify levels @@ -171,7 +171,7 @@ typedef enum { SSL_CVERIFY_OPTIONAL = 1, SSL_CVERIFY_REQUIRE = 2, SSL_CVERIFY_OPTIONAL_NO_CA = 3 -} ssl_verify_t; +} nss_verify_t; /* * Define the SSL pass phrase dialog types @@ -180,7 +180,7 @@ typedef enum { SSL_PPTYPE_UNSET = UNSET, SSL_PPTYPE_BUILTIN = 0, SSL_PPTYPE_FILE = 1, -} ssl_pphrase_t; +} nss_pphrase_t; /* * Define the mod_ssl per-module configuration structure @@ -193,7 +193,7 @@ typedef struct { CERTCertificate *client_cert; int is_proxy; int disabled; - int non_ssl_request; + int non_nss_request; apr_socket_t * client_socket; } SSLConnRec; @@ -209,7 +209,7 @@ typedef struct { int ssl3_session_cache_timeout; /* config for handling encrypted keys */ - ssl_pphrase_t pphrase_dialog_type; + nss_pphrase_t pphrase_dialog_type; const char *pphrase_dialog_path; const char *pphrase_dialog_helper; @@ -229,7 +229,7 @@ typedef struct { const char *protocols; /* for client or downstream server authentication */ - ssl_verify_t verify_mode; + nss_verify_t verify_mode; } modnss_auth_ctx_t; typedef struct { @@ -275,7 +275,7 @@ typedef struct { int nOptionsAdd; int nOptionsDel; const char *szCipherSuite; - ssl_verify_t nVerifyClient; + nss_verify_t nVerifyClient; const char *szCACertificatePath; const char *szCACertificateFile; const char *szUserName; @@ -294,7 +294,7 @@ typedef struct enum sslversion { SSL2=1, SSL3=2, TLS=4}; -/* the table itself is defined in ssl_engine_init.c */ +/* the table itself is defined in nss_engine_init.c */ #define ciphernum 23 /* @@ -305,86 +305,86 @@ enum sslversion { SSL2=1, SSL3=2, TLS=4}; extern module AP_MODULE_DECLARE_DATA nss_module; /* configuration handling */ -SSLModConfigRec *ssl_config_global_create(server_rec *); -void *ssl_config_perdir_create(apr_pool_t *p, char *dir); -void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv); -void *ssl_config_server_create(apr_pool_t *p, server_rec *s); -void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv); -const char *ssl_cmd_SSLEngine(cmd_parms *, void *, int); -const char *ssl_cmd_SSLCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLProtocol(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLNickname(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLEnforceValidCerts(cmd_parms *, void *, int); -const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSL3SessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLSessionCacheSize(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLPassPhraseHelper(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg); -const char *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *); +SSLModConfigRec *nss_config_global_create(server_rec *); +void *nss_config_perdir_create(apr_pool_t *p, char *dir); +void *nss_config_perdir_merge(apr_pool_t *p, void *basev, void *addv); +void *nss_config_server_create(apr_pool_t *p, server_rec *s); +void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv); +const char *nss_cmd_NSSEngine(cmd_parms *, void *, int); +const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSProtocol(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSNickname(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSEnforceValidCerts(cmd_parms *, void *, int); +const char *nss_cmd_NSSSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSSession3CacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSSessionCacheSize(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSPassPhraseHelper(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSUserName(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSOptions(cmd_parms *, void *, const char *); +const char *nss_cmd_NSSRequireSSL(cmd_parms *cmd, void *dcfg); +const char *nss_cmd_NSSRequire(cmd_parms *, void *, const char *); /* module initialization */ -int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *); -void ssl_init_Child(apr_pool_t *, server_rec *); -void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *); -apr_status_t ssl_init_ModuleKill(void *data); -int ssl_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]); +int nss_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *); +void nss_init_Child(apr_pool_t *, server_rec *); +void nss_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *); +apr_status_t nss_init_ModuleKill(void *data); +int nss_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]); /* Apache API hooks */ -int ssl_hook_Translate(request_rec *r); -int ssl_hook_UserCheck(request_rec *r); -int ssl_hook_Fixup(request_rec *r); -int ssl_hook_Access(request_rec *r); -int ssl_hook_Auth(request_rec *r); -int ssl_hook_ReadReq(request_rec *r); +int nss_hook_Translate(request_rec *r); +int nss_hook_UserCheck(request_rec *r); +int nss_hook_Fixup(request_rec *r); +int nss_hook_Access(request_rec *r); +int nss_hook_Auth(request_rec *r); +int nss_hook_ReadReq(request_rec *r); /* Variables */ -void ssl_var_register(void); -char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *); -void ssl_var_log_config_register(apr_pool_t *p); +void nss_var_register(void); +char *nss_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *); +void nss_var_log_config_register(apr_pool_t *p); -APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup, +APR_DECLARE_OPTIONAL_FN(char *, nss_var_lookup, (apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *)); /* An optional function which returns non-zero if the given connection * is using SSL/TLS. */ -APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *)); +APR_DECLARE_OPTIONAL_FN(int, nss_is_https, (conn_rec *)); /* Proxy Support */ -int ssl_engine_disable(conn_rec *c); +int nss_engine_disable(conn_rec *c); -APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); +APR_DECLARE_OPTIONAL_FN(int, nss_engine_disable, (conn_rec *)); /* I/O */ -PRFileDesc * ssl_io_new_fd(); -int ssl_io_layer_init(); -void ssl_io_filter_init(conn_rec *c, PRFileDesc *ssl); -void ssl_io_filter_register(apr_pool_t *p); +PRFileDesc * nss_io_new_fd(); +int nss_io_layer_init(); +void nss_io_filter_init(conn_rec *c, PRFileDesc *ssl); +void nss_io_filter_register(apr_pool_t *p); /* Utility Functions */ -char *ssl_util_vhostid(apr_pool_t *, server_rec *); -void ssl_util_strupper(char *); -void ssl_util_uuencode(char *, const char *, BOOL); -void ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL); -apr_file_t *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *, +char *nss_util_vhostid(apr_pool_t *, server_rec *); +void nss_util_strupper(char *); +void nss_util_uuencode(char *, const char *, BOOL); +void nss_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL); +apr_file_t *nss_util_ppopen(server_rec *, apr_pool_t *, const char *, const char * const *); -void ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *); -char *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *, +void nss_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *); +char *nss_util_readfilter(server_rec *, apr_pool_t *, const char *, const char * const *); /* Pass Phrase Handling */ -SECStatus ssl_Init_Tokens(server_rec *s); +SECStatus nss_Init_Tokens(server_rec *s); /* Logging */ -void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s); -void ssl_die(void); +void nss_log_nss_error(const char *file, int line, int level, server_rec *s); +void nss_die(void); /* NSS callback */ -SECStatus ssl_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer); +SECStatus nss_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer); #endif /* __MOD_SSL_H__ */ @@ -1,5 +1,5 @@ -mod_nss.la: mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo nss_util.lo - $(MOD_LINK) mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo nss_util.lo +mod_nss.la: mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo nss_expr_parse.lo nss_expr_scan.lo nss_util.lo + $(MOD_LINK) mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo nss_expr_parse.lo nss_expr_scan.lo nss_util.lo DISTCLEAN_TARGETS = modules.mk static = mod_nss.la shared = diff --git a/nss_engine_config.c b/nss_engine_config.c index 962ce2e..67c6780 100644 --- a/nss_engine_config.c +++ b/nss_engine_config.c @@ -23,7 +23,7 @@ #define SSL_MOD_CONFIG_KEY "nss_module" -SSLModConfigRec *ssl_config_global_create(server_rec *s) +SSLModConfigRec *nss_config_global_create(server_rec *s) { apr_pool_t *pool = s->process->pool; SSLModConfigRec *mc; @@ -66,9 +66,6 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s) static void modnss_ctx_init(modnss_ctx_t *mctx) { - - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "modnss_ctx_init"); - mctx->sc = NULL; /* set during module init */ mctx->ssl2 = PR_FALSE; @@ -98,7 +95,7 @@ static void modnss_ctx_init_server(SSLSrvConfigRec *sc, modnss_ctx_init(mctx); } -static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p) +static SSLSrvConfigRec *nss_config_server_new(apr_pool_t *p) { SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc)); @@ -111,7 +108,7 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p) sc->server = NULL; #ifdef PROXY - modssl_ctx_init_proxy(sc, p); + modnss_ctx_init_proxy(sc, p); #endif modnss_ctx_init_server(sc, p); @@ -122,11 +119,10 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p) /* * Create per-server SSL configuration */ -void *ssl_config_server_create(apr_pool_t *p, server_rec *s) { - SSLSrvConfigRec *sc = ssl_config_server_new(p); - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_config_server_create"); +void *nss_config_server_create(apr_pool_t *p, server_rec *s) { + SSLSrvConfigRec *sc = nss_config_server_new(p); - sc->mc = ssl_config_global_create(s); + sc->mc = nss_config_global_create(s); return sc; } @@ -159,19 +155,17 @@ static void modnss_ctx_cfg_merge_server(modnss_ctx_t *base, /* * Merge per-server SSL configurations */ -void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv) { +void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv) { SSLSrvConfigRec *base = (SSLSrvConfigRec *)basev; SSLSrvConfigRec *add = (SSLSrvConfigRec *)addv; - SSLSrvConfigRec *mrg = ssl_config_server_new(p); - - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_config_server_merge"); + SSLSrvConfigRec *mrg = nss_config_server_new(p); cfgMerge(mc, NULL); cfgMergeBool(enabled); cfgMergeBool(proxy_enabled); #ifdef PROXY - modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); + modnss_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); #endif modnss_ctx_cfg_merge_server(base->server, add->server, mrg->server); @@ -182,12 +176,11 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv) { /* * Create per-directory SSL configuration */ -void *ssl_config_perdir_create(apr_pool_t *p, char *dir) { +void *nss_config_perdir_create(apr_pool_t *p, char *dir) { SSLDirConfigRec *dc = apr_palloc(p, sizeof(*dc)); - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_config_perdir_create"); dc->bSSLRequired = FALSE; - dc->aRequirement = apr_array_make(p, 4, sizeof(ssl_require_t)); + dc->aRequirement = apr_array_make(p, 4, sizeof(nss_require_t)); dc->nOptions = SSL_OPT_NONE|SSL_OPT_RELSET; dc->nOptionsAdd = SSL_OPT_NONE; dc->nOptionsDel = SSL_OPT_NONE; @@ -200,7 +193,7 @@ void *ssl_config_perdir_create(apr_pool_t *p, char *dir) { return dc; } -const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg) +const char *nss_cmd_NSSRequireSSL(cmd_parms *cmd, void *dcfg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; @@ -209,17 +202,17 @@ const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg) return NULL; } -const char *ssl_cmd_SSLRequire(cmd_parms *cmd, +const char *nss_cmd_NSSRequire(cmd_parms *cmd, void *dcfg, const char *arg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; - ssl_expr *expr; - ssl_require_t *require; + nss_expr *expr; + nss_require_t *require; - if (!(expr = ssl_expr_comp(cmd->pool, (char *)arg))) { - return apr_pstrcat(cmd->pool, "SSLRequire: ", - ssl_expr_get_error(), NULL); + if (!(expr = nss_expr_comp(cmd->pool, (char *)arg))) { + return apr_pstrcat(cmd->pool, "NSSRequire: ", + nss_expr_get_error(), NULL); } require = apr_array_push(dc->aRequirement); @@ -229,7 +222,7 @@ const char *ssl_cmd_SSLRequire(cmd_parms *cmd, return NULL; } -void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) { +void *nss_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) { SSLDirConfigRec *base = (SSLDirConfigRec *)basev; SSLDirConfigRec *add = (SSLDirConfigRec *)addv; SSLDirConfigRec *mrg = (SSLDirConfigRec *)apr_palloc(p, sizeof(*mrg)); @@ -259,7 +252,7 @@ void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) { return mrg; } -const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, int flag) +const char *nss_cmd_NSSEngine(cmd_parms *cmd, void *dcfg, int flag) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); @@ -268,7 +261,7 @@ const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, int flag) return NULL; } -const char *ssl_cmd_SSLCertificateDatabase(cmd_parms *cmd, +const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -279,7 +272,7 @@ const char *ssl_cmd_SSLCertificateDatabase(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd, +const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -296,9 +289,9 @@ const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd, return NULL; } -static const char *ssl_cmd_verify_parse(cmd_parms *parms, +static const char *nss_cmd_verify_parse(cmd_parms *parms, const char *arg, - ssl_verify_t *id) + nss_verify_t *id) { if (strcEQ(arg, "none") || strcEQ(arg, "off")) { *id = SSL_CVERIFY_NONE; @@ -322,16 +315,16 @@ static const char *ssl_cmd_verify_parse(cmd_parms *parms, return NULL; } -const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd, +const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - ssl_verify_t mode; + nss_verify_t mode; const char *err; - if ((err = ssl_cmd_verify_parse(cmd, arg, &mode))) { + if ((err = nss_cmd_verify_parse(cmd, arg, &mode))) { return err; } @@ -345,7 +338,7 @@ const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLProtocol(cmd_parms *cmd, +const char *nss_cmd_NSSProtocol(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -356,7 +349,7 @@ const char *ssl_cmd_SSLProtocol(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLNickname(cmd_parms *cmd, +const char *nss_cmd_NSSNickname(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -367,7 +360,7 @@ const char *ssl_cmd_SSLNickname(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLEnforceValidCerts(cmd_parms *cmd, +const char *nss_cmd_NSSEnforceValidCerts(cmd_parms *cmd, void *dcfg, int flag) { @@ -378,7 +371,7 @@ const char *ssl_cmd_SSLEnforceValidCerts(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd, +const char *nss_cmd_NSSSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -387,13 +380,13 @@ const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd, mc->session_cache_timeout = atoi(arg); if (mc->session_cache_timeout < 0) { - return "SSLSessionCacheTimeout: Invalid argument"; + return "NSSSessionCacheTimeout: Invalid argument"; } return NULL; } -const char *ssl_cmd_SSL3SessionCacheTimeout(cmd_parms *cmd, +const char *nss_cmd_NSSSession3CacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -401,14 +394,14 @@ const char *ssl_cmd_SSL3SessionCacheTimeout(cmd_parms *cmd, mc->ssl3_session_cache_timeout = atoi(arg); - if (mc->session_cache_timeout < 0) { - return "SSLSessionCacheTimeout: Invalid argument"; + if (mc->ssl3_session_cache_timeout < 0) { + return "NSSSession3CacheTimeout: Invalid argument"; } return NULL; } -const char *ssl_cmd_SSLSessionCacheSize(cmd_parms *cmd, +const char *nss_cmd_NSSSessionCacheSize(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -417,13 +410,13 @@ const char *ssl_cmd_SSLSessionCacheSize(cmd_parms *cmd, mc->session_cache_size = atoi(arg); if (mc->session_cache_size < 0) { - return "SSLSessionCacheTimeout: Invalid argument"; + return "NSSSessionCacheTimeout: Invalid argument"; } return NULL; } -const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, +const char *nss_cmd_NSSPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -442,13 +435,13 @@ const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, mc->pphrase_dialog_path = ap_server_root_relative(cmd->pool, arg+5); if (!mc->pphrase_dialog_path) return apr_pstrcat(cmd->pool, - "Invalid SSLPassPhraseDialog file: path ", + "Invalid NSSPassPhraseDialog file: path ", arg+5, NULL); rc = apr_stat(&finfo, mc->pphrase_dialog_path, APR_FINFO_TYPE|APR_FINFO_SIZE, cmd->pool); if ((rc != APR_SUCCESS) || (finfo.filetype != APR_REG)) { return apr_pstrcat(cmd->pool, - "SSLPassPhraseDialog: file '", + "NSSPassPhraseDialog: file '", mc->pphrase_dialog_path, "' does not exist", NULL); } @@ -457,7 +450,7 @@ const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLPassPhraseHelper(cmd_parms *cmd, +const char *nss_cmd_NSSPassPhraseHelper(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -467,14 +460,14 @@ const char *ssl_cmd_SSLPassPhraseHelper(cmd_parms *cmd, mc->pphrase_dialog_helper = arg; } else { return apr_pstrcat(cmd->pool, - "SSLPassPhraseHelper: ", mc->pphrase_dialog_path, + "NSSPassPhraseHelper: ", mc->pphrase_dialog_path, "does not exist or is not executable.", NULL); } return NULL; } -const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, +const char *nss_cmd_NSSUserName(cmd_parms *cmd, void *dcfg, const char *arg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; @@ -482,12 +475,12 @@ const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, return NULL; } -const char *ssl_cmd_SSLOptions(cmd_parms *cmd, +const char *nss_cmd_NSSOptions(cmd_parms *cmd, void *dcfg, const char *arg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; - ssl_opt_t opt; + nss_opt_t opt; int first = TRUE; char action, *w; @@ -523,7 +516,7 @@ const char *ssl_cmd_SSLOptions(cmd_parms *cmd, } else { return apr_pstrcat(cmd->pool, - "SSLOptions: Illegal option '", w, "'", + "NSSOptions: Illegal option '", w, "'", NULL); } if (action == '-') { diff --git a/nss_engine_init.c b/nss_engine_init.c index b2d2c14..cbcf114 100644 --- a/nss_engine_init.c +++ b/nss_engine_init.c @@ -20,7 +20,7 @@ static SECStatus ownBadCertHandler(void *arg, PRFileDesc * socket); static SECStatus ownHandshakeCallback(PRFileDesc * socket, void *arg); static SECStatus NSSHandshakeCallback(PRFileDesc *socket, void *arg); static CERTCertificate* FindServerCertFromNickname(const char* name); -SECStatus ssl_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer); +SECStatus nss_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer); /* * Global variables defined in this file. @@ -65,11 +65,11 @@ static char *version_components[] = { NULL }; -static char *ssl_add_version_component(apr_pool_t *p, +static char *nss_add_version_component(apr_pool_t *p, server_rec *s, char *name) { - char *val = ssl_var_lookup(p, s, NULL, NULL, name); + char *val = nss_var_lookup(p, s, NULL, NULL, name); if (val && *val) { ap_add_version_component(p, val); @@ -78,14 +78,14 @@ static char *ssl_add_version_component(apr_pool_t *p, return val; } -static void ssl_add_version_components(apr_pool_t *p, +static void nss_add_version_components(apr_pool_t *p, server_rec *s) { char *vals[sizeof(version_components)/sizeof(char *)]; int i; for (i=0; version_components[i]; i++) { - vals[i] = ssl_add_version_component(p, s, + vals[i] = nss_add_version_component(p, s, version_components[i]); } @@ -99,7 +99,7 @@ static void ssl_add_version_components(apr_pool_t *p, /* * Initialize SSL library */ -static void ssl_init_SSLLibrary(server_rec *s) +static void nss_init_SSLLibrary(server_rec *s) { SECStatus rv; SSLModConfigRec *mc = myModConfig(s); @@ -115,8 +115,8 @@ static void ssl_init_SSLLibrary(server_rec *s) if (mc->pphrase_dialog_helper == NULL && mc->pphrase_dialog_path == NULL) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, - "Neither SSLPassPhraseHelper nor SSLPassPhraseDialog is not set. One or the other is required."); - ssl_die(); + "Neither NSSPassPhraseHelper nor NSSPassPhraseDialog is not set. One or the other is required."); + nss_die(); } child_argv[0] = mc->pphrase_dialog_helper; @@ -128,7 +128,7 @@ static void ssl_init_SSLLibrary(server_rec *s) if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "apr_procattr_create() failed APR err: %d.", rv); - ssl_die(); + nss_die(); } #if 0 @@ -151,7 +151,7 @@ static void ssl_init_SSLLibrary(server_rec *s) if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "apr_proc_create failed to launch %s APR err: %d.", child_argv[0], rv); - ssl_die(); + nss_die(); } /* Set a 30-second read/write timeout */ apr_file_pipe_timeout_set(mc->proc.in, apr_time_from_sec(30)); @@ -168,20 +168,20 @@ static void ssl_init_SSLLibrary(server_rec *s) rv = NSS_Initialize(mc->pCertificateDatabase, NULL, NULL, "secmod.db", NSS_INIT_READONLY); /* Assuming everything is ok so far, check the cert database password(s). */ - if (rv != SECSuccess || ssl_Init_Tokens(s) != SECSuccess) { + if (rv != SECSuccess || nss_Init_Tokens(s) != SECSuccess) { NSS_Shutdown(); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "NSS initialization failed. Certificate database: %s.", mc->pCertificateDatabase != NULL ? mc->pCertificateDatabase : "not set in configuration"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } if (NSS_SetDomesticPolicy() != SECSuccess) { NSS_Shutdown(); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "NSS set domestic policy failed on certificate database %s.", mc->pCertificateDatabase); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, @@ -190,7 +190,7 @@ static void ssl_init_SSLLibrary(server_rec *s) } -int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, +int nss_init_Module(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *base_server) { @@ -204,13 +204,13 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, * Let us cleanup on restarts and exists */ apr_pool_cleanup_register(p, base_server, - ssl_init_ModuleKill, + nss_init_ModuleKill, apr_pool_cleanup_null); /* * Any init round fixes the global config */ - ssl_config_global_create(base_server); /* just to avoid problems */ + nss_config_global_create(base_server); /* just to avoid problems */ /* * Fix up any global settings that aren't in the configuration @@ -251,7 +251,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, /* * Create the server host:port string because we need it a lot */ - sc->vhost_id = ssl_util_vhostid(p, s); + sc->vhost_id = nss_util_vhostid(p, s); sc->vhost_id_len = strlen(sc->vhost_id); /* Fix up stuff that may not have been set */ @@ -264,12 +264,12 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, } } - ssl_init_SSLLibrary(base_server); + nss_init_SSLLibrary(base_server); ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "done Init: Initializing NSS library"); /* Load our layer */ - ssl_io_layer_init(); + nss_io_layer_init(); ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "done layer"); @@ -291,52 +291,52 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, /* * Read the server certificate and key */ - ssl_init_ConfigureServer(s, p, ptemp, sc); + nss_init_ConfigureServer(s, p, ptemp, sc); } /* * Announce mod_ssl and SSL library in HTTP Server field * as ``mod_ssl/X.X.X OpenSSL/X.X.X'' */ - ssl_add_version_components(p, base_server); + nss_add_version_components(p, base_server); return OK; } -static void ssl_init_ctx_socket(server_rec *s, +static void nss_init_ctx_socket(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) { /* Setup a socket in the context that will be used to model all * client connections. */ - mctx->model = ssl_io_new_fd(); + mctx->model = nss_io_new_fd(); mctx->model = SSL_ImportFD(NULL, mctx->model); if (SSL_OptionSet(mctx->model, SSL_SECURITY, PR_TRUE) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "Unable to enable security."); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } if (SSL_OptionSet(mctx->model, SSL_HANDSHAKE_AS_SERVER, PR_TRUE) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "Unable to set SSL server handshake mode."); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } if (SSL_OptionSet(mctx->model, SSL_HANDSHAKE_AS_CLIENT, PR_FALSE) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "Unable to disable handshake as client"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } } -static void ssl_init_ctx_protocol(server_rec *s, +static void nss_init_ctx_protocol(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) @@ -349,8 +349,8 @@ static void ssl_init_ctx_protocol(server_rec *s, if (mctx->auth.protocols == NULL) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, - "SSLProtocols not set; using all protocols: SSLv2, SSLv3 and TLSv1"); - ssl2 = ssl3 = tls = 1; + "SSLProtocols not set; using: SSLv3 and TLSv1"); + ssl3 = tls = 1; } else { lprotocols = strdup(mctx->auth.protocols); ap_str_tolower(lprotocols); @@ -402,8 +402,8 @@ static void ssl_init_ctx_protocol(server_rec *s, if (stat != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSL protocol initialization failed."); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } mctx->ssl2 = ssl2; @@ -411,45 +411,45 @@ static void ssl_init_ctx_protocol(server_rec *s, mctx->tls = tls; } -static void ssl_init_ctx_session_cache(server_rec *s, +static void nss_init_ctx_session_cache(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) { } -static void ssl_init_ctx_callbacks(server_rec *s, +static void nss_init_ctx_callbacks(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) { - if (SSL_AuthCertificateHook(mctx->model, ssl_AuthCertificate, (void *)CERT_GetDefaultCertDB()) != SECSuccess) { + if (SSL_AuthCertificateHook(mctx->model, nss_AuthCertificate, (void *)CERT_GetDefaultCertDB()) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "SSL_AuthCertificateHook failed."); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } if (SSL_BadCertHook(mctx->model, (SSLBadCertHandler) ownBadCertHandler, NULL) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "SSL_BadCertHook failed"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } if (SSL_HandshakeCallback(mctx->model, (SSLHandshakeCallback) ownHandshakeCallback, NULL) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "SSL_HandshakeCallback failed"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } if (SSL_GetClientAuthDataHook(mctx->model, NSS_GetClientAuthData, (void *)mctx->nickname) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "SSL_GetClientAuthDataHook failed"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } } -static void ssl_init_ctx_verify(server_rec *s, +static void nss_init_ctx_verify(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) @@ -481,7 +481,7 @@ static int countciphers(PRBool cipher_state[ciphernum], int version) { return ciphercount; } -static void ssl_init_ctx_cipher_suite(server_rec *s, +static void nss_init_ctx_cipher_suite(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) @@ -496,8 +496,8 @@ static void ssl_init_ctx_cipher_suite(server_rec *s, */ if (!suite) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, - "Required value SSLCipherSuite not set."); - ssl_die(); + "Required value NSSCipherSuite not set."); + nss_die(); } ciphers = strdup(suite); @@ -523,8 +523,8 @@ static void ssl_init_ctx_cipher_suite(server_rec *s, cipher_state[i] = PR_FALSE; } - if (ssl_parse_ciphers(s, ciphers, cipher_state) == -1) { - ssl_die(); + if (nss_parse_ciphers(s, ciphers, cipher_state) == -1) { + nss_die(); } free(ciphers); @@ -533,19 +533,19 @@ static void ssl_init_ctx_cipher_suite(server_rec *s, if (mctx->ssl2 && countciphers(cipher_state, SSL2) == 0) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSL2 is enabled but no SSL2 ciphers are enabled."); - ssl_die(); + nss_die(); } if (mctx->ssl3 && countciphers(cipher_state, SSL3) == 0) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSL3 is enabled but no SSL3 ciphers are enabled."); - ssl_die(); + nss_die(); } if (mctx->tls && countciphers(cipher_state, TLS) == 0) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "TLS is enabled but no TLS ciphers are enabled."); - ssl_die(); + nss_die(); } /* Finally actually enable the selected ciphers */ @@ -554,26 +554,26 @@ static void ssl_init_ctx_cipher_suite(server_rec *s, } } -static void ssl_init_ctx(server_rec *s, +static void nss_init_ctx(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) { - ssl_init_ctx_socket(s, p, ptemp, mctx); + nss_init_ctx_socket(s, p, ptemp, mctx); - ssl_init_ctx_protocol(s, p, ptemp, mctx); + nss_init_ctx_protocol(s, p, ptemp, mctx); - ssl_init_ctx_session_cache(s, p, ptemp, mctx); + nss_init_ctx_session_cache(s, p, ptemp, mctx); - ssl_init_ctx_callbacks(s, p, ptemp, mctx); + nss_init_ctx_callbacks(s, p, ptemp, mctx); - ssl_init_ctx_verify(s, p, ptemp, mctx); + nss_init_ctx_verify(s, p, ptemp, mctx); - ssl_init_ctx_cipher_suite(s, p, ptemp, mctx); + nss_init_ctx_cipher_suite(s, p, ptemp, mctx); } -static void ssl_init_server_certs(server_rec *s, +static void nss_init_server_certs(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) @@ -590,8 +590,11 @@ static void ssl_init_server_certs(server_rec *s, if (mctx->nickname == NULL) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "No certificate nickname provided."); - ssl_die(); + nss_die(); } + ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + "Using nickname %s.", mctx->nickname); + mctx->servercert = FindServerCertFromNickname(mctx->nickname); /* Verify the certificate chain. */ @@ -601,11 +604,11 @@ static void ssl_init_server_certs(server_rec *s, if (CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), mctx->servercert, PR_TRUE, usage, NULL, NULL) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Certificate not verified: '%s'", mctx->nickname); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); if (mctx->enforce) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Unable to verify certificate '%s'. Add \"SSLEnforceValidCerts off\" to nss.conf so the server can start until the problem can be resolved.", mctx->nickname); - ssl_die(); + nss_die(); } } } @@ -614,7 +617,7 @@ static void ssl_init_server_certs(server_rec *s, { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Certificate not found: '%s'", mctx->nickname); - ssl_die(); + nss_die(); } if (strchr(mctx->nickname, ':')) @@ -631,9 +634,9 @@ static void ssl_init_server_certs(server_rec *s, */ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Slot not found"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); free(token); - ssl_die(); + nss_die(); } } free(token); @@ -647,8 +650,8 @@ static void ssl_init_server_certs(server_rec *s, if (mctx->serverkey == NULL) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Key not found for: '%s'", mctx->nickname); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } mctx->serverKEAType = NSS_FindCertKEAType(mctx->servercert); @@ -684,15 +687,15 @@ static void ssl_init_server_certs(server_rec *s, if (secstatus != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Error setting PKCS11 pin argument: '%s'", mctx->nickname); - ssl_die(); + nss_die(); } secstatus = SSL_ConfigSecureServer(mctx->model, mctx->servercert, mctx->serverkey, mctx->serverKEAType); if (secstatus != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "SSL error configuring server: '%s'", mctx->nickname); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } secstatus = (SECStatus)SSL_HandshakeCallback(mctx->model, (SSLHandshakeCallback)NSSHandshakeCallback, NULL); @@ -700,25 +703,25 @@ static void ssl_init_server_certs(server_rec *s, { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "SSL error configuring handshake callback: '%s'", mctx->nickname); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } } -static void ssl_init_server_ctx(server_rec *s, +static void nss_init_server_ctx(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, SSLSrvConfigRec *sc) { - ssl_init_ctx(s, p, ptemp, sc->server); + nss_init_ctx(s, p, ptemp, sc->server); - ssl_init_server_certs(s, p, ptemp, sc->server); + nss_init_server_certs(s, p, ptemp, sc->server); } /* * Configure a particular server */ -void ssl_init_ConfigureServer(server_rec *s, +void nss_init_ConfigureServer(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, SSLSrvConfigRec *sc) @@ -726,23 +729,23 @@ void ssl_init_ConfigureServer(server_rec *s, if (sc->enabled) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Configuring server for SSL protocol"); - ssl_init_server_ctx(s, p, ptemp, sc); + nss_init_server_ctx(s, p, ptemp, sc); } #ifdef PROXY if (sc->proxy_enabled) { - ssl_init_proxy_ctx(s, p, ptemp, sc); + nss_init_proxy_ctx(s, p, ptemp, sc); } #endif } -void ssl_init_Child(apr_pool_t *p, server_rec *s) +void nss_init_Child(apr_pool_t *p, server_rec *s) { SSLModConfigRec *mc = myModConfig(s); mc->pid = getpid(); /* only call getpid() once per-process */ } -apr_status_t ssl_init_ModuleKill(void *data) +apr_status_t nss_init_ModuleKill(void *data) { /* * There is nothing stored at the server level to kill at the moment. @@ -931,7 +934,7 @@ SECStatus NSSHandshakeCallback(PRFileDesc *socket, void *arg) return SECSuccess; } -int ssl_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]) +int nss_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]) { char * cipher; PRBool found, active; diff --git a/nss_engine_io.c b/nss_engine_io.c index 27b5671..b13fc51 100644 --- a/nss_engine_io.c +++ b/nss_engine_io.c @@ -26,15 +26,15 @@ * remember what is in this file. So, first, a quick overview. * * In this file, you will find: - * - ssl_io_filter_input (Apache input filter) - * - ssl_io_filter_output (Apache output filter) + * - nss_io_filter_input (Apache input filter) + * - nss_io_filter_output (Apache output filter) * * - bio_filter_in_* (OpenSSL input filter) * - nspr_filter_out_* (OpenSSL output filter) * * The input chain is roughly: * - * ssl_io_filter_input->ssl_io_input_read->SSL_read->... + * nss_io_filter_input->nss_io_input_read->SSL_read->... * ...->bio_filter_in_read->ap_get_brigade/next-httpd-filter * * In mortal terminology, we do the following: @@ -45,21 +45,21 @@ * - bio_filter_in_read will then try to fetch data from the next httpd filter * - bio_filter_in_read will flatten that data and return it to SSL_read * - SSL_read will then decrypt the data - * - ssl_io_input_read will then receive decrypted data as a char* and + * - nss_io_input_read will then receive decrypted data as a char* and * ensure that there were no read errors * - The char* is placed in a brigade and returned * * Since connection-level input filters in httpd need to be able to * handle AP_MODE_GETLINE calls (namely identifying LF-terminated strings), - * ssl_io_input_getline which will handle this special case. + * nss_io_input_getline which will handle this special case. * * Due to AP_MODE_GETLINE and AP_MODE_SPECULATIVE, we may sometimes have * 'leftover' decoded data which must be setaside for the next read. That * is currently handled by the char_buffer_{read|write} functions. So, - * ssl_io_input_read may be able to fulfill reads without invoking + * nss_io_input_read may be able to fulfill reads without invoking * SSL_read(). * - * Note that the filter context of ssl_io_filter_input and bio_filter_in_* + * Note that the filter context of nss_io_filter_input and bio_filter_in_* * are shared as bio_filter_in_ctx_t. * * Note that the filter is by choice limited to reading at most @@ -79,7 +79,7 @@ typedef struct { nspr_filter_in_ctx_t *inctx; nspr_filter_out_ctx_t *outctx; int nobuffer; /* non-zero to prevent buffering */ -} ssl_filter_ctx_t; +} nss_filter_ctx_t; typedef struct { int length; @@ -87,7 +87,7 @@ typedef struct { } char_buffer_t; struct nspr_filter_out_ctx_t { - ssl_filter_ctx_t *filter_ctx; + nss_filter_ctx_t *filter_ctx; apr_bucket_brigade *bb; apr_size_t length; char buffer[AP_IOBUFSIZE]; @@ -104,7 +104,7 @@ struct nspr_filter_in_ctx_t { char_buffer_t cbuf; apr_pool_t *pool; char buffer[AP_IOBUFSIZE]; - ssl_filter_ctx_t *filter_ctx; + nss_filter_ctx_t *filter_ctx; }; /* Global variables for the NSPR I/O layer */ @@ -235,7 +235,7 @@ static PRInt32 PR_CALLBACK nspr_filter_in_read(PRFileDesc *fd, void *in, PRInt32 inlen) { apr_size_t inl = inlen; - ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret); + nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret); nspr_filter_in_ctx_t *inctx = filter_ctx->inctx; apr_read_type_e block = inctx->block; @@ -296,7 +296,7 @@ nspr_filter_in_read(PRFileDesc *fd, void *in, PRInt32 inlen) return -1; } -static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx, +static apr_status_t nss_io_input_read(nspr_filter_in_ctx_t *inctx, char *buf, apr_size_t *len) { @@ -386,9 +386,9 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx, } } else /* (rc < 0) */ { - int ssl_err = PR_GetError(); + int nss_err = PR_GetError(); - if (ssl_err == PR_WOULD_BLOCK_ERROR) { + if (nss_err == PR_WOULD_BLOCK_ERROR) { /* * If NSPR wants to read more, and we were nonblocking, * report as an EAGAIN. Otherwise loop, pulling more @@ -408,7 +408,7 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx, } continue; /* Blocking and nothing yet? Try again. */ } - else if (ssl_err != 0) { + else if (nss_err != 0) { if (APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc)) { /* Already read something, return APR_SUCCESS instead. */ @@ -425,7 +425,7 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx, ap_log_error(APLOG_MARK, APLOG_INFO, inctx->rc, c->base_server, "SSL input filter read failed."); if (inctx->rc == 0) - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, c->base_server); } } if (inctx->rc == APR_SUCCESS) { @@ -437,7 +437,7 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx, return inctx->rc; } -static apr_status_t ssl_io_input_getline(nspr_filter_in_ctx_t *inctx, +static apr_status_t nss_io_input_getline(nspr_filter_in_ctx_t *inctx, char *buf, apr_size_t *len) { @@ -454,7 +454,7 @@ static apr_status_t ssl_io_input_getline(nspr_filter_in_ctx_t *inctx, */ while (tmplen > 0) { - status = ssl_io_input_read(inctx, buf + offset, &tmplen); + status = nss_io_input_read(inctx, buf + offset, &tmplen); if (status != APR_SUCCESS) { return status; @@ -488,11 +488,11 @@ static apr_status_t ssl_io_input_getline(nspr_filter_in_ctx_t *inctx, return APR_SUCCESS; } -static apr_status_t ssl_filter_write(ap_filter_t *f, +static apr_status_t nss_filter_write(ap_filter_t *f, const char *data, apr_size_t len) { - ssl_filter_ctx_t *filter_ctx = f->ctx; + nss_filter_ctx_t *filter_ctx = f->ctx; nspr_filter_out_ctx_t *outctx; int res; @@ -508,9 +508,9 @@ static apr_status_t ssl_filter_write(ap_filter_t *f, "Sent returned %d", res); if (res < 0) { - int ssl_err = PR_GetError(); + int nss_err = PR_GetError(); - if (ssl_err == PR_WOULD_BLOCK_ERROR) { + if (nss_err == PR_WOULD_BLOCK_ERROR) { /* * If NSS wants to write more, and we were nonblocking, * report as an EAGAIN. Otherwise loop, pushing more @@ -527,8 +527,8 @@ static apr_status_t ssl_filter_write(ap_filter_t *f, * Log SSL errors */ ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server, - "SSL library error %d writing data", ssl_err); - ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server); + "SSL library error %d writing data", nss_err); + nss_log_nss_error(APLOG_MARK, APLOG_INFO, c->base_server); } if (outctx->rc == APR_SUCCESS) { outctx->rc = APR_EGENERAL; @@ -563,14 +563,14 @@ static apr_status_t ssl_filter_write(ap_filter_t *f, alloc) -static void ssl_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f) +static void nss_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f) { nspr_filter_in_ctx_t *inctx = f->ctx; sslconn->ssl = NULL; inctx->filter_ctx->pssl = NULL; } -static apr_status_t ssl_io_filter_error(ap_filter_t *f, +static apr_status_t nss_io_filter_error(ap_filter_t *f, apr_bucket_brigade *bb, apr_status_t status) { @@ -585,8 +585,8 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f, "SSL handshake failed: HTTP spoken on HTTPS port; " "trying to send HTML error page"); - sslconn->non_ssl_request = 1; - ssl_io_filter_disable(sslconn, f); + sslconn->non_nss_request = 1; + nss_io_filter_disable(sslconn, f); /* fake the request line */ bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc); @@ -603,9 +603,9 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f, return APR_SUCCESS; } -static const char ssl_io_filter[] = "NSS SSL/TLS Filter"; +static const char nss_io_filter[] = "NSS SSL/TLS Filter"; -static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx, +static apr_status_t nss_filter_io_shutdown(nss_filter_ctx_t *filter_ctx, conn_rec *c, int abortive) { @@ -625,7 +625,7 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx, "Connection to child %ld closed " "(server %s, client %s)", c->id, - ssl_util_vhostid(c->pool, c->base_server), + nss_util_vhostid(c->pool, c->base_server), c->remote_ip ? c->remote_ip : "unknown"); } @@ -646,9 +646,9 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx, return APR_SUCCESS; } -static apr_status_t ssl_io_filter_cleanup(void *data) +static apr_status_t nss_io_filter_cleanup(void *data) { - ssl_filter_ctx_t *filter_ctx = data; + nss_filter_ctx_t *filter_ctx = data; if (filter_ctx->pssl) { conn_rec *c = filter_ctx->c; @@ -664,7 +664,7 @@ static apr_status_t ssl_io_filter_cleanup(void *data) return APR_SUCCESS; } -static apr_status_t ssl_io_filter_input(ap_filter_t *f, +static apr_status_t nss_io_filter_input(ap_filter_t *f, apr_bucket_brigade *bb, ap_input_mode_t mode, apr_read_type_e block, @@ -713,10 +713,10 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, if (readbytes < len) { len = (apr_size_t)readbytes; } - status = ssl_io_input_read(inctx, inctx->buffer, &len); + status = nss_io_input_read(inctx, inctx->buffer, &len); } else if (inctx->mode == AP_MODE_GETLINE) { - status = ssl_io_input_getline(inctx, inctx->buffer, &len); + status = nss_io_input_getline(inctx, inctx->buffer, &len); } else { /* We have no idea what you are talking about, so return an error. */ @@ -724,7 +724,7 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, } if (status != APR_SUCCESS) { - return ssl_io_filter_error(f, bb, status); + return nss_io_filter_error(f, bb, status); } /* Create a transient bucket out of the decrypted data. */ @@ -771,7 +771,7 @@ static int nspr_filter_out_flush(nspr_filter_out_ctx_t *outctx) static PRInt32 PR_CALLBACK nspr_filter_out_write(PRFileDesc *fd, const void *in, PRInt32 inl) { - ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret); + nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret); nspr_filter_out_ctx_t *outctx = filter_ctx->outctx; /* pass along the encrypted data @@ -791,11 +791,11 @@ nspr_filter_out_write(PRFileDesc *fd, const void *in, PRInt32 inl) return inl; } -static apr_status_t ssl_io_filter_output(ap_filter_t *f, +static apr_status_t nss_io_filter_output(ap_filter_t *f, apr_bucket_brigade *bb) { apr_status_t status = APR_SUCCESS; - ssl_filter_ctx_t *filter_ctx = f->ctx; + nss_filter_ctx_t *filter_ctx = f->ctx; nspr_filter_in_ctx_t *inctx; nspr_filter_out_ctx_t *outctx; apr_read_type_e rblock = APR_NONBLOCK_READ; @@ -806,7 +806,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f, } if (!filter_ctx->pssl) { - /* ssl_filter_io_shutdown was called */ + /* nss_filter_io_shutdown was called */ return ap_pass_brigade(f->next, bb); } @@ -858,7 +858,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f, * - issue the SSL_shutdown */ filter_ctx->nobuffer = 1; - status = ssl_filter_io_shutdown(filter_ctx, f->c, 0); + status = nss_filter_io_shutdown(filter_ctx, f->c, 0); if (status != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_INFO, status, NULL, "SSL filter error shutting down I/O"); @@ -891,7 +891,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f, break; } - status = ssl_filter_write(f, data, len); + status = nss_filter_write(f, data, len); apr_bucket_delete(bucket); if (status != APR_SUCCESS) { @@ -902,7 +902,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f, return status; } -static void ssl_io_output_create(ssl_filter_ctx_t *filter_ctx, conn_rec *c) +static void nss_io_output_create(nss_filter_ctx_t *filter_ctx, conn_rec *c) { nspr_filter_out_ctx_t *outctx = apr_palloc(c->pool, sizeof(*outctx)); @@ -916,14 +916,14 @@ static void ssl_io_output_create(ssl_filter_ctx_t *filter_ctx, conn_rec *c) return; } -static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, +static void nss_io_input_add_filter(nss_filter_ctx_t *filter_ctx, conn_rec *c, PRFileDesc *ssl) { nspr_filter_in_ctx_t *inctx; inctx = apr_palloc(c->pool, sizeof(*inctx)); - filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, NULL, c); + filter_ctx->pInputFilter = ap_add_input_filter(nss_io_filter, inctx, NULL, c); inctx->f = filter_ctx->pInputFilter; inctx->rc = APR_SUCCESS; @@ -937,49 +937,49 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, filter_ctx->inctx = inctx; } -void ssl_io_filter_init(conn_rec *c, PRFileDesc *ssl) +void nss_io_filter_init(conn_rec *c, PRFileDesc *ssl) { - ssl_filter_ctx_t *filter_ctx; + nss_filter_ctx_t *filter_ctx; - filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t)); - filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter, + filter_ctx = apr_palloc(c->pool, sizeof(nss_filter_ctx_t)); + filter_ctx->pOutputFilter = ap_add_output_filter(nss_io_filter, filter_ctx, NULL, c); - ssl_io_input_add_filter(filter_ctx, c, ssl); - ssl_io_output_create(filter_ctx, c); + nss_io_input_add_filter(filter_ctx, c, ssl); + nss_io_output_create(filter_ctx, c); filter_ctx->pssl = ssl; filter_ctx->c = c; ssl->lower->secret = (PRFilePrivate *)filter_ctx; apr_pool_cleanup_register(c->pool, (void*)filter_ctx, - ssl_io_filter_cleanup, apr_pool_cleanup_null); + nss_io_filter_cleanup, apr_pool_cleanup_null); return; } -void ssl_io_filter_register(apr_pool_t *p) +void nss_io_filter_register(apr_pool_t *p) { - ap_register_input_filter (ssl_io_filter, ssl_io_filter_input, NULL, AP_FTYPE_CONNECTION + 5); - ap_register_output_filter (ssl_io_filter, ssl_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5); + ap_register_input_filter (nss_io_filter, nss_io_filter_input, NULL, AP_FTYPE_CONNECTION + 5); + ap_register_output_filter (nss_io_filter, nss_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5); return; } -PRFileDesc * ssl_io_new_fd() { +PRFileDesc * nss_io_new_fd() { PRFileDesc *ssl = PR_CreateIOLayerStub(gIdentity, &gMethods); return ssl; } static PRStatus PR_CALLBACK nspr_filter_getpeername(PRFileDesc *fd, PRNetAddr *addr) { - ssl_filter_ctx_t *filter_ctx; + nss_filter_ctx_t *filter_ctx; conn_rec *c; /* This can occur when doing SSL_ImportFD(NULL, something); */ if (fd->secret == NULL) return PR_FAILURE; - filter_ctx = (ssl_filter_ctx_t *)(fd->secret); + filter_ctx = (nss_filter_ctx_t *)(fd->secret); c = filter_ctx->c; return PR_StringToNetAddr(c->remote_ip, addr); @@ -989,7 +989,7 @@ static PRStatus PR_CALLBACK nspr_filter_getpeername(PRFileDesc *fd, PRNetAddr *a * Translate NSPR PR_GetSocketOption() calls into apr_socket_opt_get() calls. */ static PRStatus PR_CALLBACK nspr_filter_getsocketoption(PRFileDesc *fd, PRSocketOptionData *data) { - ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret); + nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret); conn_rec *c = filter_ctx->c; SSLConnRec *sslconn = myConnConfig(c); /* for the Apache socket */ apr_int32_t on; @@ -1050,7 +1050,7 @@ static PRStatus PR_CALLBACK nspr_filter_getsocketoption(PRFileDesc *fd, PRSocket * Translate NSPR PR_SetSocketOption() calls into apr_socket_opt_set() calls. */ static PRStatus PR_CALLBACK nspr_filter_setsocketOption(PRFileDesc *fd, const PRSocketOptionData *data) { - ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret); + nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret); conn_rec *c = filter_ctx->c; SSLConnRec *sslconn = myConnConfig(c); /* for the Apache socket */ PRStatus rv = PR_FAILURE; @@ -1132,7 +1132,7 @@ static PRInt32 PR_CALLBACK nspr_filter_send(PRFileDesc *fd, const void *buf, PRI * Called once to initialize the NSPR layer that we push for each * request. */ -int ssl_io_layer_init() +int nss_io_layer_init() { const PRIOMethods *defaultMethods; int rc = 1; @@ -1168,17 +1168,17 @@ int ssl_io_layer_init() } SECStatus -ssl_AuthCertificate(void *arg, PRFileDesc *socket, +nss_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer) { SECStatus status; - ssl_filter_ctx_t *filter_ctx; + nss_filter_ctx_t *filter_ctx; if (!arg || !socket) { return SECFailure; } - filter_ctx = (ssl_filter_ctx_t *)(socket->lower->secret); + filter_ctx = (nss_filter_ctx_t *)(socket->lower->secret); status = SSL_AuthCertificate(arg, socket, checksig, isServer); diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c index fb47eff..167b9f0 100644 --- a/nss_engine_kernel.c +++ b/nss_engine_kernel.c @@ -20,7 +20,7 @@ static void HandshakeDone(PRFileDesc *fd, void *doneflag); /* * Post Read Request Handler */ -int ssl_hook_ReadReq(request_rec *r) +int nss_hook_ReadReq(request_rec *r) { SSLConnRec *sslconn = myConnConfig(r->connection); @@ -28,7 +28,7 @@ int ssl_hook_ReadReq(request_rec *r) return DECLINED; } - if (sslconn->non_ssl_request) { + if (sslconn->non_nss_request) { const char *errmsg; char *thisurl; char *thisport = ""; @@ -56,7 +56,7 @@ int ssl_hook_ReadReq(request_rec *r) /* Now that we have caught this error, forget it. we are done * with using SSL on this request. */ - sslconn->non_ssl_request = 0; + sslconn->non_nss_request = 0; return HTTP_BAD_REQUEST; @@ -68,7 +68,7 @@ int ssl_hook_ReadReq(request_rec *r) /* * URL Translation Handler */ -int ssl_hook_Translate(request_rec *r) +int nss_hook_Translate(request_rec *r) { SSLConnRec *sslconn = myConnConfig(r->connection); @@ -86,7 +86,7 @@ int ssl_hook_Translate(request_rec *r) apr_psprintf(r->pool, "Subsequent (No.%d)", r->connection->keepalives+1)), r->connection->id, - ssl_util_vhostid(r->pool, r->server)); + nss_util_vhostid(r->pool, r->server)); } return DECLINED; @@ -96,14 +96,14 @@ int ssl_hook_Translate(request_rec *r) /* * Access Handler */ -int ssl_hook_Access(request_rec *r) +int nss_hook_Access(request_rec *r) { SSLDirConfigRec *dc = myDirConfig(r); SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLConnRec *sslconn = myConnConfig(r->connection); PRFileDesc *ssl = sslconn ? sslconn->ssl : NULL; apr_array_header_t *requires; - ssl_require_t *ssl_requires; + nss_require_t *nss_requires; char *cp; int ok, i; BOOL renegotiate = FALSE, renegotiate_quick = FALSE; @@ -159,7 +159,7 @@ int ssl_hook_Access(request_rec *r) */ /* - * Override of SSLCipherSuite + * Override of NSSCipherSuite * * We provide two options here: * @@ -176,7 +176,7 @@ int ssl_hook_Access(request_rec *r) * cipher suite we're happy. Because we can assume we would have * selected it again even when other (better) ciphers exists now in the * new cipher suite. This approach is fine because the user explicitly - * has to enable this via ``SSLOptions +OptRenegotiate''. So we do no + * has to enable this via ``NSSOptions +OptRenegotiate''. So we do no * implicit optimizations. */ if (dc->szCipherSuite) { @@ -197,12 +197,12 @@ int ssl_hook_Access(request_rec *r) /* configure new state */ ciphers = strdup(dc->szCipherSuite); - if (ssl_parse_ciphers(r->server, ciphers, ciphers_new) < 0) { + if (nss_parse_ciphers(r->server, ciphers, ciphers_new) < 0) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server, "Unable to reconfigure (per-directory) " "permitted SSL ciphers"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, r->server); free(ciphers); return HTTP_FORBIDDEN; @@ -382,7 +382,7 @@ int ssl_hook_Access(request_rec *r) ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, "SSL Re-negotiation in conjunction " "with POST method not supported!" - "hint: try SSLOptions +OptRenegotiate"); + "hint: try NSSOptions +OptRenegotiate"); return HTTP_METHOD_NOT_ALLOWED; } @@ -525,7 +525,7 @@ int ssl_hook_Access(request_rec *r) * we need to postpone setting the username until later. */ if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) { - char *val = ssl_var_lookup(r->pool, r->server, r->connection, + char *val = nss_var_lookup(r->pool, r->server, r->connection, r, (char *)dc->szUserName); if (val && val[0]) r->user = val; @@ -535,17 +535,17 @@ int ssl_hook_Access(request_rec *r) * Check SSLRequire boolean expressions */ requires = dc->aRequirement; - ssl_requires = (ssl_require_t *)requires->elts; + nss_requires = (nss_require_t *)requires->elts; for (i = 0; i < requires->nelts; i++) { - ssl_require_t *req = &ssl_requires[i]; - ok = ssl_expr_exec(r, req->mpExpr); + nss_require_t *req = &nss_requires[i]; + ok = nss_expr_exec(r, req->mpExpr); if (ok < 0) { cp = apr_psprintf(r->pool, "Failed to execute " "SSL requirement expression: %s", - ssl_expr_get_error()); + nss_expr_get_error()); ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "access to %s failed, reason: %s", @@ -598,7 +598,7 @@ int ssl_hook_Access(request_rec *r) * authenticates a user. This means that the Module statement for this * module should be LAST in the Configuration file. */ -int ssl_hook_UserCheck(request_rec *r) +int nss_hook_UserCheck(request_rec *r) { SSLConnRec *sslconn = myConnConfig(r->connection); SSLSrvConfigRec *sc = mySrvConfig(r->server); @@ -650,7 +650,7 @@ int ssl_hook_UserCheck(request_rec *r) /* * We decline operation in various situations... - * - SSLOptions +FakeBasicAuth not configured + * - NSSOptions +FakeBasicAuth not configured * - r->user already authenticated * - ssl not enabled * - client did not present a certificate @@ -697,11 +697,11 @@ int ssl_hook_UserCheck(request_rec *r) } /* authorization phase */ -int ssl_hook_Auth(request_rec *r) +int nss_hook_Auth(request_rec *r) { SSLDirConfigRec *dc = myDirConfig(r); - ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "ssl_hook_Auth"); + ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "nss_hook_Auth"); /* * Additionally forbid access (again) * when strict require option is used. @@ -719,7 +719,7 @@ int ssl_hook_Auth(request_rec *r) * Fixup Handler */ -static const char *ssl_hook_Fixup_vars[] = { +static const char *nss_hook_Fixup_vars[] = { "SSL_VERSION_INTERFACE", "SSL_VERSION_LIBRARY", "SSL_PROTOCOL", @@ -800,7 +800,7 @@ static const char *ssl_hook_Fixup_vars[] = { NULL }; -int ssl_hook_Fixup(request_rec *r) +int nss_hook_Fixup(request_rec *r) { SSLConnRec *sslconn = myConnConfig(r->connection); SSLSrvConfigRec *sc = mySrvConfig(r->server); @@ -823,7 +823,7 @@ int ssl_hook_Fixup(request_rec *r) * Set r->user if requested */ if (dc->szUserName) { - val = ssl_var_lookup(r->pool, r->server, r->connection, + val = nss_var_lookup(r->pool, r->server, r->connection, r, (char *)dc->szUserName); if (val && val[0]) { r->user = val; @@ -838,9 +838,9 @@ int ssl_hook_Fixup(request_rec *r) /* standard SSL environment variables */ if (dc->nOptions & SSL_OPT_STDENVVARS) { - for (i = 0; ssl_hook_Fixup_vars[i]; i++) { - var = (char *)ssl_hook_Fixup_vars[i]; - val = ssl_var_lookup(r->pool, r->server, r->connection, r, var); + for (i = 0; nss_hook_Fixup_vars[i]; i++) { + var = (char *)nss_hook_Fixup_vars[i]; + val = nss_var_lookup(r->pool, r->server, r->connection, r, var); if (!strIsEmpty(val)) { apr_table_setn(env, var, val); } @@ -851,12 +851,12 @@ int ssl_hook_Fixup(request_rec *r) * On-demand bloat up the SSI/CGI environment with certificate data */ if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) { - val = ssl_var_lookup(r->pool, r->server, r->connection, + val = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_SERVER_CERT"); apr_table_setn(env, "SSL_SERVER_CERT", val); - val = ssl_var_lookup(r->pool, r->server, r->connection, + val = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_CERT"); apr_table_setn(env, "SSL_CLIENT_CERT", val); @@ -879,7 +879,7 @@ int ssl_hook_Fixup(request_rec *r) for (i = 0; i < n; i++) { var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i); - val = ssl_var_lookup(r->pool, r->server, r->connection, + val = nss_var_lookup(r->pool, r->server, r->connection, r, var); if (val) { apr_table_setn(env, var, val); diff --git a/nss_engine_log.c b/nss_engine_log.c index f3f1566..1bb18e5 100644 --- a/nss_engine_log.c +++ b/nss_engine_log.c @@ -182,7 +182,7 @@ l_error_t libsec_errors[] = { { 144, "SEC_ERROR_OCSP_INVALID_SIGNING_CERT - OCSP signer certificate not found, not trusted or invalid." } }; -l_error_t libssl_errors[] = { +l_error_t libnss_errors[] = { { 0, "Client does not support high-grade encryption" }, { 1, "Client requires high-grade encryption which is not supported" }, { 2, "No common encryption algorithm(s) with client" }, @@ -288,7 +288,7 @@ l_error_t libssl_errors[] = { { 102, "Peer does not permit renegotiation of SSL security parameters" } }; -void ssl_die(void) +void nss_die(void) { /* * This is used for fatal errors and here @@ -298,7 +298,7 @@ void ssl_die(void) exit(1); } -void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s) +void nss_log_nss_error(const char *file, int line, int level, server_rec *s) { const char *err; PRInt32 error; @@ -312,7 +312,7 @@ void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s) err = libsec_errors[error-LIBSEC_ERROR_BASE].errorString; } else if ((error >= LIBSSL_ERROR_BASE) && (error <= LIBSSL_MAX_ERROR)) { - err = libssl_errors[error-LIBSSL_ERROR_BASE].errorString; + err = libnss_errors[error-LIBSSL_ERROR_BASE].errorString; } else { err = "Unknown"; } diff --git a/nss_engine_pphrase.c b/nss_engine_pphrase.c index cb6643d..61324d7 100644 --- a/nss_engine_pphrase.c +++ b/nss_engine_pphrase.c @@ -22,10 +22,10 @@ typedef struct { PRInt32 retryCount; } pphrase_arg_t; -static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg); -static char * ssl_no_password(PK11SlotInfo *slot, PRBool retry, void *arg); -static unsigned char * ssl_get_password(FILE *input, FILE *output, PK11SlotInfo *slot, PRBool (*ok)(unsigned char *), pphrase_arg_t * parg); -static PRBool ssl_check_password(unsigned char *cp); +static char * nss_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg); +static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg); +static unsigned char * nss_get_password(FILE *input, FILE *output, PK11SlotInfo *slot, PRBool (*ok)(unsigned char *), pphrase_arg_t * parg); +static PRBool nss_check_password(unsigned char *cp); static void echoOff(int fd); static void echoOn(int fd); @@ -40,7 +40,7 @@ static char * prompt; * be authenticated and others will not be. */ -SECStatus ssl_Init_Tokens(server_rec *s) +SECStatus nss_Init_Tokens(server_rec *s) { PK11SlotList *slotList; PK11SlotListElement *listEntry; @@ -52,7 +52,7 @@ SECStatus ssl_Init_Tokens(server_rec *s) parg->mc = mc; parg->retryCount = 0; - PK11_SetPasswordFunc(ssl_password_prompt); + PK11_SetPasswordFunc(nss_password_prompt); slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL); @@ -85,7 +85,7 @@ SECStatus ssl_Init_Tokens(server_rec *s) * reset NSS password callback to blank, so that the server won't prompt * again after initialization is done. */ - PK11_SetPasswordFunc(ssl_no_password); + PK11_SetPasswordFunc(nss_no_password); free(parg); return status; @@ -95,7 +95,7 @@ SECStatus ssl_Init_Tokens(server_rec *s) * Wrapper callback function that prompts the user for the token password * up to 3 times. */ -static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) +static char * nss_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) { char *passwd = NULL; pphrase_arg_t *parg = (pphrase_arg_t *)arg; @@ -106,12 +106,12 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) prompt = PR_smprintf("Please enter password for \"%s\" token:", PK11_GetTokenName(slot)); if (parg == NULL) { // should not happen - passwd = ssl_get_password(stdin, stdout, slot, ssl_check_password, 0); + passwd = nss_get_password(stdin, stdout, slot, nss_check_password, 0); } else { if (parg->retryCount > 2) { passwd = NULL; // abort after 2 retries (3 failed attempts) } else { - passwd = ssl_get_password(stdin, stdout, slot, ssl_check_password, parg); + passwd = nss_get_password(stdin, stdout, slot, nss_check_password, parg); } } @@ -126,7 +126,7 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) if (!APR_STATUS_IS_SUCCESS(rv)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "Unable to write to pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv); - ssl_die(); + nss_die(); } /* Check the result. We don't really care what we got back as long @@ -143,7 +143,7 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) (res != PIN_SUCCESS && res != PIN_INCORRECTPW)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "Unable to read from pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv); - ssl_die(); + nss_die(); } } @@ -155,7 +155,7 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) * any actual enforcement here but it demonstrates the sorts of things * that may be done. */ -static PRBool ssl_check_password(unsigned char *cp) +static PRBool nss_check_password(unsigned char *cp) { int len; unsigned char *end, ch; @@ -180,7 +180,7 @@ static PRBool ssl_check_password(unsigned char *cp) * Password callback so the user is not prompted to enter the password * after the server starts. */ -static char * ssl_no_password(PK11SlotInfo *slot, PRBool retry, void *arg) +static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg) { return NULL; } @@ -190,7 +190,7 @@ static char * ssl_no_password(PK11SlotInfo *slot, PRBool retry, void *arg) * twiddling with the tty. Alternatively, if the file password.conf * exists then it may be used to store the token password(s). */ -static unsigned char *ssl_get_password(FILE *input, FILE *output, +static unsigned char *nss_get_password(FILE *input, FILE *output, PK11SlotInfo *slot, PRBool (*ok)(unsigned char *), pphrase_arg_t *parg) @@ -229,7 +229,7 @@ static unsigned char *ssl_get_password(FILE *input, FILE *output, } else { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "Unable to open password file %s", parg->mc->pphrase_dialog_path); - ssl_die(); + nss_die(); } } @@ -246,7 +246,7 @@ static unsigned char *ssl_get_password(FILE *input, FILE *output, if (!APR_STATUS_IS_SUCCESS(rv)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "Unable to write to pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv); - ssl_die(); + nss_die(); } /* The helper just returns a token pw or "", so we don't have much @@ -257,7 +257,7 @@ static unsigned char *ssl_get_password(FILE *input, FILE *output, if (!APR_STATUS_IS_SUCCESS(rv)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "Unable to read from pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv); - ssl_die(); + nss_die(); } /* Just return what we got. If we got this far and we don't have a diff --git a/nss_engine_vars.c b/nss_engine_vars.c index 8cb24ce..22d7978 100644 --- a/nss_engine_vars.c +++ b/nss_engine_vars.c @@ -26,33 +26,33 @@ #define CERT_NOTBEFORE 0 #define CERT_NOTAFTER 1 -static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name); -static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var); -static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c); -static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, CERTName *cert, char *var); -static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type); -static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert,char *var); -static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, CERTCertificate *xs); -static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c); -static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var); -static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var); -static char *ssl_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c); - -static int ssl_is_https(conn_rec *c) +static char *nss_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name); +static char *nss_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var); +static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c); +static char *nss_var_lookup_nss_cert_dn(apr_pool_t *p, CERTName *cert, char *var); +static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type); +static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert,char *var); +static char *nss_var_lookup_nss_cert_PEM(apr_pool_t *p, CERTCertificate *xs); +static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c); +static char *nss_var_lookup_nss_cipher(apr_pool_t *p, conn_rec *c, char *var); +static char *nss_var_lookup_nss_version(apr_pool_t *p, char *var); +static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c); + +static int nss_is_https(conn_rec *c) { SSLConnRec *sslconn = myConnConfig(c); return sslconn && sslconn->ssl; } -void ssl_var_register(void) +void nss_var_register(void) { - APR_REGISTER_OPTIONAL_FN(ssl_is_https); - APR_REGISTER_OPTIONAL_FN(ssl_var_lookup); + APR_REGISTER_OPTIONAL_FN(nss_is_https); + APR_REGISTER_OPTIONAL_FN(nss_var_lookup); return; } /* This function must remain safe to use for a non-SSL connection. */ -char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) +char *nss_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) { SSLModConfigRec *mc = myModConfig(s); char *result; @@ -79,22 +79,22 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, */ if (r != NULL) { if (strcEQ(var, "HTTP_USER_AGENT")) - result = ssl_var_lookup_header(p, r, "User-Agent"); + result = nss_var_lookup_header(p, r, "User-Agent"); else if (strcEQ(var, "HTTP_REFERER")) - result = ssl_var_lookup_header(p, r, "Referer"); + result = nss_var_lookup_header(p, r, "Referer"); else if (strcEQ(var, "HTTP_COOKIE")) - result = ssl_var_lookup_header(p, r, "Cookie"); + result = nss_var_lookup_header(p, r, "Cookie"); else if (strcEQ(var, "HTTP_FORWARDED")) - result = ssl_var_lookup_header(p, r, "Forwarded"); + result = nss_var_lookup_header(p, r, "Forwarded"); else if (strcEQ(var, "HTTP_HOST")) - result = ssl_var_lookup_header(p, r, "Host"); + result = nss_var_lookup_header(p, r, "Host"); else if (strcEQ(var, "HTTP_PROXY_CONNECTION")) - result = ssl_var_lookup_header(p, r, "Proxy-Connection"); + result = nss_var_lookup_header(p, r, "Proxy-Connection"); else if (strcEQ(var, "HTTP_ACCEPT")) - result = ssl_var_lookup_header(p, r, "Accept"); + result = nss_var_lookup_header(p, r, "Accept"); else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5)) /* all other headers from which we are still not know about */ - result = ssl_var_lookup_header(p, r, var+5); + result = nss_var_lookup_header(p, r, var+5); else if (strcEQ(var, "THE_REQUEST")) result = r->the_request; else if (strcEQ(var, "REQUEST_METHOD")) @@ -142,7 +142,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, result = r->ap_auth_type; else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) && sslconn && sslconn->ssl) - result = ssl_var_lookup_ssl(p, c, var+4); + result = nss_var_lookup_ssl(p, c, var+4); else if (strcEQ(var, "HTTPS")) { if (sslconn && sslconn->ssl) result = "on"; @@ -156,7 +156,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, */ if (result == NULL) { if (strlen(var) > 12 && strcEQn(var, "SSL_VERSION_", 12)) - result = ssl_var_lookup_ssl_version(p, var+12); + result = nss_var_lookup_nss_version(p, var+12); else if (strcEQ(var, "SERVER_SOFTWARE")) result = (char *)ap_get_server_version(); else if (strcEQ(var, "API_VERSION")) { @@ -216,7 +216,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, return result; } -static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name) +static char *nss_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name) { char *hdr = NULL; @@ -225,7 +225,7 @@ static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *na return hdr; } -static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) +static char *nss_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) { SSLConnRec *sslconn = myConnConfig(c); char *result; @@ -236,10 +236,10 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) ssl = sslconn->ssl; if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) { - result = ssl_var_lookup_ssl_version(p, var+8); + result = nss_var_lookup_nss_version(p, var+8); } else if (ssl != NULL && strcEQ(var, "PROTOCOL")) { - result = (char *)ssl_var_lookup_protocol_version(p, c); + result = (char *)nss_var_lookup_protocol_version(p, c); } else if (ssl != NULL && strcEQ(var, "SESSION_ID")) { char *idstr; @@ -258,27 +258,27 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) SECITEM_FreeItem(iditem, PR_TRUE); } else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) { - result = ssl_var_lookup_ssl_cipher(p, c, var+6); + result = nss_var_lookup_nss_cipher(p, c, var+6); } else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) { xs = SSL_PeerCertificate(ssl); if (xs != NULL) { - result = ssl_var_lookup_ssl_cert_chain(p, xs, var+18); + result = nss_var_lookup_nss_cert_chain(p, xs, var+18); CERT_DestroyCertificate(xs); } } else if (ssl != NULL && strcEQ(var, "CLIENT_VERIFY")) { - result = ssl_var_lookup_ssl_cert_verify(p, c); + result = nss_var_lookup_nss_cert_verify(p, c); } else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) { if ((xs = SSL_PeerCertificate(ssl)) != NULL) { - result = ssl_var_lookup_ssl_cert(p, xs, var+7, c); + result = nss_var_lookup_nss_cert(p, xs, var+7, c); CERT_DestroyCertificate(xs); } } else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) { if ((xs = SSL_LocalCertificate(ssl)) != NULL) { - result = ssl_var_lookup_ssl_cert(p, xs, var+7, c); + result = nss_var_lookup_nss_cert(p, xs, var+7, c); CERT_DestroyCertificate(xs); } } @@ -286,7 +286,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) return result; } -static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c) +static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c) { char *result; BOOL resdup; @@ -304,10 +304,10 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v resdup = FALSE; } else if (strcEQ(var, "V_START")) { - result = ssl_var_lookup_ssl_cert_valid(p, xs, CERT_NOTBEFORE); + result = nss_var_lookup_nss_cert_valid(p, xs, CERT_NOTBEFORE); } else if (strcEQ(var, "V_END")) { - result = ssl_var_lookup_ssl_cert_valid(p, xs, CERT_NOTAFTER); + result = nss_var_lookup_nss_cert_valid(p, xs, CERT_NOTAFTER); } else if (strcEQ(var, "S_DN")) { xsname = CERT_NameToAscii(&xs->subject); @@ -316,7 +316,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v resdup = FALSE; } else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) { - result = ssl_var_lookup_ssl_cert_dn(p, &xs->subject, var+5); + result = nss_var_lookup_nss_cert_dn(p, &xs->subject, var+5); resdup = FALSE; } else if (strcEQ(var, "I_DN")) { @@ -326,7 +326,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v resdup = FALSE; } else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) { - result = ssl_var_lookup_ssl_cert_dn(p, &xs->issuer, var+5); + result = nss_var_lookup_nss_cert_dn(p, &xs->issuer, var+5); resdup = FALSE; } else if (strcEQ(var, "A_SIG")) { @@ -367,7 +367,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v resdup = FALSE; } else if (strcEQ(var, "CERT")) { - result = ssl_var_lookup_ssl_cert_PEM(p, xs); + result = nss_var_lookup_nss_cert_PEM(p, xs); } if (result != NULL && resdup) @@ -375,7 +375,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v return result; } -static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, CERTName *cert, char *var) +static char *nss_var_lookup_nss_cert_dn(apr_pool_t *p, CERTName *cert, char *var) { char *result; char *rv; @@ -413,7 +413,7 @@ static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, CERTName *cert, char *var return result; } -static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type) +static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type) { char *result; PRExplodedTime printableTime; @@ -436,7 +436,7 @@ static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, CERTCertificate *xs, i return result; } -static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert, char *var) +static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert, char *var) { char *result; CERTCertificateList *chain = NULL; @@ -454,7 +454,7 @@ static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert, if (n <= chain->len-1) { CERTCertificate *c; c = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), &chain->certs[n]); - result = ssl_var_lookup_ssl_cert_PEM(p, c); + result = nss_var_lookup_nss_cert_PEM(p, c); CERT_DestroyCertificate(c); } } @@ -466,7 +466,7 @@ static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert, #define CERT_HEADER "-----BEGIN CERTIFICATE-----\n" #define CERT_TRAILER "\n-----END CERTIFICATE-----\n" -static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, CERTCertificate *xs) +static char *nss_var_lookup_nss_cert_PEM(apr_pool_t *p, CERTCertificate *xs) { char * result = NULL; char * tmp = NULL; @@ -503,7 +503,7 @@ static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, CERTCertificate *xs) return result; } -static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c) +static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c) { SSLConnRec *sslconn = myConnConfig(c); char *result; @@ -538,7 +538,7 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c) return result; } -static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var) +static char *nss_var_lookup_nss_cipher(apr_pool_t *p, conn_rec *c, char *var) { SSLConnRec *sslconn = myConnConfig(c); char *result; @@ -588,7 +588,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var) return result; } -static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var) +static char *nss_var_lookup_nss_version(apr_pool_t *p, char *var) { char *result; @@ -610,7 +610,7 @@ static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var) return result; } -static char *ssl_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c) +static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c) { char *result; SSLChannelInfo channel; @@ -651,22 +651,22 @@ static char *ssl_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c) #include "mod_log_config.h" -static const char *ssl_var_log_handler_c(request_rec *r, char *a); -static const char *ssl_var_log_handler_x(request_rec *r, char *a); +static const char *nss_var_log_handler_c(request_rec *r, char *a); +static const char *nss_var_log_handler_x(request_rec *r, char *a); /* * register us for the mod_log_config function registering phase * to establish %{...}c and to be able to expand %{...}x variables. */ -void ssl_var_log_config_register(apr_pool_t *p) +void nss_var_log_config_register(apr_pool_t *p) { static APR_OPTIONAL_FN_TYPE(ap_register_log_handler) *log_pfn_register; log_pfn_register = APR_RETRIEVE_OPTIONAL_FN(ap_register_log_handler); if (log_pfn_register) { - log_pfn_register(p, "c", ssl_var_log_handler_c, 0); - log_pfn_register(p, "x", ssl_var_log_handler_x, 0); + log_pfn_register(p, "c", nss_var_log_handler_c, 0); + log_pfn_register(p, "x", nss_var_log_handler_x, 0); } return; } @@ -675,7 +675,7 @@ void ssl_var_log_config_register(apr_pool_t *p) * implement the %{..}c log function * (we are the only function) */ -static const char *ssl_var_log_handler_c(request_rec *r, char *a) +static const char *nss_var_log_handler_c(request_rec *r, char *a) { SSLConnRec *sslconn = myConnConfig(r->connection); char *result; @@ -684,13 +684,13 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a) return NULL; result = NULL; if (strEQ(a, "version")) - result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_PROTOCOL"); + result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_PROTOCOL"); else if (strEQ(a, "cipher")) - result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CIPHER"); + result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CIPHER"); else if (strEQ(a, "subjectdn") || strEQ(a, "clientcert")) - result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN"); + result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN"); else if (strEQ(a, "issuerdn") || strEQ(a, "cacert")) - result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN"); + result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN"); else if (strEQ(a, "errcode")) result = "-"; if (result != NULL && result[0] == NUL) @@ -702,11 +702,11 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a) * extend the implementation of the %{..}x log function * (there can be more functions) */ -static const char *ssl_var_log_handler_x(request_rec *r, char *a) +static const char *nss_var_log_handler_x(request_rec *r, char *a) { char *result; - result = ssl_var_lookup(r->pool, r->server, r->connection, r, a); + result = nss_var_lookup(r->pool, r->server, r->connection, r, a); if (result != NULL && result[0] == NUL) result = NULL; return result; @@ -13,19 +13,6 @@ * limitations under the License. */ -/* _ _ - * _ __ ___ ___ __| | ___ ___| | mod_ssl - * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL - * | | | | | | (_) | (_| | \__ \__ \ | - * |_| |_| |_|\___/ \__,_|___|___/___/_| - * |_____| - * ssl_expr.c - * Expression Handling - */ - /* ``It is hard to fly with - the eagles when you work - with the turkeys.'' - -- Unknown */ #include "mod_nss.h" /* _________________________________________________________________ @@ -34,47 +21,47 @@ ** _________________________________________________________________ */ -ssl_expr_info_type ssl_expr_info; -char *ssl_expr_error; +nss_expr_info_type nss_expr_info; +char *nss_expr_error; -ssl_expr *ssl_expr_comp(apr_pool_t *p, char *expr) +nss_expr *nss_expr_comp(apr_pool_t *p, char *expr) { - ssl_expr_info.pool = p; - ssl_expr_info.inputbuf = expr; - ssl_expr_info.inputlen = strlen(expr); - ssl_expr_info.inputptr = ssl_expr_info.inputbuf; - ssl_expr_info.expr = FALSE; + nss_expr_info.pool = p; + nss_expr_info.inputbuf = expr; + nss_expr_info.inputlen = strlen(expr); + nss_expr_info.inputptr = nss_expr_info.inputbuf; + nss_expr_info.expr = FALSE; - ssl_expr_error = NULL; - if (ssl_expr_yyparse()) + nss_expr_error = NULL; + if (nss_expr_yyparse()) return NULL; - return ssl_expr_info.expr; + return nss_expr_info.expr; } -char *ssl_expr_get_error(void) +char *nss_expr_get_error(void) { - if (ssl_expr_error == NULL) + if (nss_expr_error == NULL) return ""; - return ssl_expr_error; + return nss_expr_error; } -ssl_expr *ssl_expr_make(ssl_expr_node_op op, void *a1, void *a2) +nss_expr *nss_expr_make(nss_expr_node_op op, void *a1, void *a2) { - ssl_expr *node; + nss_expr *node; - node = (ssl_expr *)apr_palloc(ssl_expr_info.pool, sizeof(ssl_expr)); + node = (nss_expr *)apr_palloc(nss_expr_info.pool, sizeof(nss_expr)); node->node_op = op; node->node_arg1 = (char *)a1; node->node_arg2 = (char *)a2; return node; } -int ssl_expr_exec(request_rec *r, ssl_expr *expr) +int nss_expr_exec(request_rec *r, nss_expr *expr) { BOOL rc; - rc = ssl_expr_eval(r, expr); - if (ssl_expr_error != NULL) + rc = nss_expr_eval(r, expr); + if (nss_expr_error != NULL) return (-1); else return (rc ? 1 : 0); @@ -13,19 +13,8 @@ * limitations under the License. */ -/* _ _ - * _ __ ___ ___ __| | ___ ___| | mod_ssl - * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL - * | | | | | | (_) | (_| | \__ \__ \ | - * |_| |_| |_|\___/ \__,_|___|___/___/_| - * |_____| - * ssl_expr.h - * Expression Handling (Header) - */ - /* ``May all your PUSHes be POPed.'' */ - -#ifndef __SSL_EXPR_H__ -#define __SSL_EXPR_H__ +#ifndef __NSS_EXPR_H__ +#define __NSS_EXPR_H__ #ifndef FALSE #define FALSE 0 @@ -64,40 +53,40 @@ typedef enum { op_True, op_False, op_Not, op_Or, op_And, op_Comp, op_EQ, op_NE, op_LT, op_LE, op_GT, op_GE, op_IN, op_REG, op_NRE, op_Digit, op_String, op_Regex, op_Var, op_Func -} ssl_expr_node_op; +} nss_expr_node_op; typedef struct { - ssl_expr_node_op node_op; + nss_expr_node_op node_op; void *node_arg1; void *node_arg2; apr_pool_t *p; -} ssl_expr_node; +} nss_expr_node; -typedef ssl_expr_node ssl_expr; +typedef nss_expr_node nss_expr; typedef struct { apr_pool_t *pool; char *inputbuf; int inputlen; char *inputptr; - ssl_expr *expr; -} ssl_expr_info_type; + nss_expr *expr; +} nss_expr_info_type; -extern ssl_expr_info_type ssl_expr_info; -extern char *ssl_expr_error; +extern nss_expr_info_type nss_expr_info; +extern char *nss_expr_error; -#define yylval ssl_expr_yylval -#define yyerror ssl_expr_yyerror -#define yyinput ssl_expr_yyinput +#define yylval nss_expr_yylval +#define yyerror nss_expr_yyerror +#define yyinput nss_expr_yyinput -extern int ssl_expr_yyparse(void); -extern int ssl_expr_yyerror(char *); -extern int ssl_expr_yylex(void); +extern int nss_expr_yyparse(void); +extern int nss_expr_yyerror(char *); +extern int nss_expr_yylex(void); -extern ssl_expr *ssl_expr_comp(apr_pool_t *, char *); -extern int ssl_expr_exec(request_rec *, ssl_expr *); -extern char *ssl_expr_get_error(void); -extern ssl_expr *ssl_expr_make(ssl_expr_node_op, void *, void *); -extern BOOL ssl_expr_eval(request_rec *, ssl_expr *); +extern nss_expr *nss_expr_comp(apr_pool_t *, char *); +extern int nss_expr_exec(request_rec *, nss_expr *); +extern char *nss_expr_get_error(void); +extern nss_expr *nss_expr_make(nss_expr_node_op, void *, void *); +extern BOOL nss_expr_eval(request_rec *, nss_expr *); -#endif /* __SSL_EXPR_H__ */ +#endif /* __NSS_EXPR_H__ */ diff --git a/nss_expr_eval.c b/nss_expr_eval.c index c3aa316..ff0545c 100644 --- a/nss_expr_eval.c +++ b/nss_expr_eval.c @@ -13,18 +13,6 @@ * limitations under the License. */ -/* _ _ - * _ __ ___ ___ __| | ___ ___| | mod_ssl - * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL - * | | | | | | (_) | (_| | \__ \__ \ | - * |_| |_| |_|\___/ \__,_|___|___/___/_| - * |_____| - * ssl_expr_eval.c - * Expression Evaluation - */ - /* ``Make love, - not software!'' - -- Unknown */ #include "mod_nss.h" /* _________________________________________________________________ @@ -33,12 +21,12 @@ ** _________________________________________________________________ */ -static BOOL ssl_expr_eval_comp(request_rec *, ssl_expr *); -static char *ssl_expr_eval_word(request_rec *, ssl_expr *); -static char *ssl_expr_eval_func_file(request_rec *, char *); -static int ssl_expr_eval_strcmplex(char *, char *); +static BOOL nss_expr_eval_comp(request_rec *, nss_expr *); +static char *nss_expr_eval_word(request_rec *, nss_expr *); +static char *nss_expr_eval_func_file(request_rec *, char *); +static int nss_expr_eval_strcmplex(char *, char *); -BOOL ssl_expr_eval(request_rec *r, ssl_expr *node) +BOOL nss_expr_eval(request_rec *r, nss_expr *node) { switch (node->node_op) { case op_True: { @@ -48,73 +36,73 @@ BOOL ssl_expr_eval(request_rec *r, ssl_expr *node) return FALSE; } case op_Not: { - ssl_expr *e = (ssl_expr *)node->node_arg1; - return (!ssl_expr_eval(r, e)); + nss_expr *e = (nss_expr *)node->node_arg1; + return (!nss_expr_eval(r, e)); } case op_Or: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (ssl_expr_eval(r, e1) || ssl_expr_eval(r, e2)); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (nss_expr_eval(r, e1) || nss_expr_eval(r, e2)); } case op_And: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (ssl_expr_eval(r, e1) && ssl_expr_eval(r, e2)); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (nss_expr_eval(r, e1) && nss_expr_eval(r, e2)); } case op_Comp: { - ssl_expr *e = (ssl_expr *)node->node_arg1; - return ssl_expr_eval_comp(r, e); + nss_expr *e = (nss_expr *)node->node_arg1; + return nss_expr_eval_comp(r, e); } default: { - ssl_expr_error = "Internal evaluation error: Unknown expression node"; + nss_expr_error = "Internal evaluation error: Unknown expression node"; return FALSE; } } } -static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node) +static BOOL nss_expr_eval_comp(request_rec *r, nss_expr *node) { switch (node->node_op) { case op_EQ: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) == 0); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (strcmp(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) == 0); } case op_NE: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) != 0); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (strcmp(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) != 0); } case op_LT: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) < 0); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) < 0); } case op_LE: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <= 0); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) <= 0); } case op_GT: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) > 0); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) > 0); } case op_GE: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >= 0); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) >= 0); } case op_IN: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - ssl_expr *e3; - char *w1 = ssl_expr_eval_word(r, e1); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + nss_expr *e3; + char *w1 = nss_expr_eval_word(r, e1); BOOL found = FALSE; do { - e3 = (ssl_expr *)e2->node_arg1; - e2 = (ssl_expr *)e2->node_arg2; - if (strcmp(w1, ssl_expr_eval_word(r, e3)) == 0) { + e3 = (nss_expr *)e2->node_arg1; + e2 = (nss_expr *)e2->node_arg2; + if (strcmp(w1, nss_expr_eval_word(r, e3)) == 0) { found = TRUE; break; } @@ -122,37 +110,37 @@ static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node) return found; } case op_REG: { - ssl_expr *e1; - ssl_expr *e2; + nss_expr *e1; + nss_expr *e2; char *word; regex_t *regex; - e1 = (ssl_expr *)node->node_arg1; - e2 = (ssl_expr *)node->node_arg2; - word = ssl_expr_eval_word(r, e1); + e1 = (nss_expr *)node->node_arg1; + e2 = (nss_expr *)node->node_arg2; + word = nss_expr_eval_word(r, e1); regex = (regex_t *)(e2->node_arg1); return (ap_regexec(regex, word, 0, NULL, 0) == 0); } case op_NRE: { - ssl_expr *e1; - ssl_expr *e2; + nss_expr *e1; + nss_expr *e2; char *word; regex_t *regex; - e1 = (ssl_expr *)node->node_arg1; - e2 = (ssl_expr *)node->node_arg2; - word = ssl_expr_eval_word(r, e1); + e1 = (nss_expr *)node->node_arg1; + e2 = (nss_expr *)node->node_arg2; + word = nss_expr_eval_word(r, e1); regex = (regex_t *)(e2->node_arg1); return !(ap_regexec(regex, word, 0, NULL, 0) == 0); } default: { - ssl_expr_error = "Internal evaluation error: Unknown expression node"; + nss_expr_error = "Internal evaluation error: Unknown expression node"; return FALSE; } } } -static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node) +static char *nss_expr_eval_word(request_rec *r, nss_expr *node) { switch (node->node_op) { case op_Digit: { @@ -165,27 +153,27 @@ static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node) } case op_Var: { char *var = (char *)node->node_arg1; - char *val = ssl_var_lookup(r->pool, r->server, r->connection, r, var); + char *val = nss_var_lookup(r->pool, r->server, r->connection, r, var); return (val == NULL ? "" : val); } case op_Func: { char *name = (char *)node->node_arg1; - ssl_expr *args = (ssl_expr *)node->node_arg2; + nss_expr *args = (nss_expr *)node->node_arg2; if (strEQ(name, "file")) - return ssl_expr_eval_func_file(r, (char *)(args->node_arg1)); + return nss_expr_eval_func_file(r, (char *)(args->node_arg1)); else { - ssl_expr_error = "Internal evaluation error: Unknown function name"; + nss_expr_error = "Internal evaluation error: Unknown function name"; return ""; } } default: { - ssl_expr_error = "Internal evaluation error: Unknown expression node"; + nss_expr_error = "Internal evaluation error: Unknown expression node"; return FALSE; } } } -static char *ssl_expr_eval_func_file(request_rec *r, char *filename) +static char *nss_expr_eval_func_file(request_rec *r, char *filename) { apr_file_t *fp; char *buf; @@ -195,12 +183,12 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename) if (apr_file_open(&fp, filename, APR_READ|APR_BUFFERED, APR_OS_DEFAULT, r->pool) != APR_SUCCESS) { - ssl_expr_error = "Cannot open file"; + nss_expr_error = "Cannot open file"; return ""; } apr_file_info_get(&finfo, APR_FINFO_SIZE, fp); if ((finfo.size + 1) != ((apr_size_t)finfo.size + 1)) { - ssl_expr_error = "Huge file cannot be read"; + nss_expr_error = "Huge file cannot be read"; apr_file_close(fp); return ""; } @@ -211,14 +199,14 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename) } else { if ((buf = (char *)apr_palloc(r->pool, sizeof(char)*(len+1))) == NULL) { - ssl_expr_error = "Cannot allocate memory"; + nss_expr_error = "Cannot allocate memory"; apr_file_close(fp); return ""; } offset = 0; apr_file_seek(fp, APR_SET, &offset); if (apr_file_read(fp, buf, &len) != APR_SUCCESS) { - ssl_expr_error = "Cannot read from file"; + nss_expr_error = "Cannot read from file"; apr_file_close(fp); return ""; } @@ -229,7 +217,7 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename) } /* a variant of strcmp(3) which works correctly also for number strings */ -static int ssl_expr_eval_strcmplex(char *cpNum1, char *cpNum2) +static int nss_expr_eval_strcmplex(char *cpNum1, char *cpNum2) { int i, n1, n2; diff --git a/ssl_expr_parse.c b/nss_expr_parse.c index 2eed2a0..cdca82e 100644 --- a/ssl_expr_parse.c +++ b/nss_expr_parse.c @@ -1,5 +1,5 @@ -/* A Bison parser, made from ssl_expr_parse.y +/* A Bison parser, made from nss_expr_parse.y by GNU Bison version 1.28 */ #define YYBISON 1 /* Identify Bison output. */ @@ -25,14 +25,14 @@ #define T_OP_AND 275 #define T_OP_NOT 276 -#line 34 "ssl_expr_parse.y" +#line 22 "nss_expr_parse.y" #include "mod_nss.h" -#line 38 "ssl_expr_parse.y" +#line 26 "nss_expr_parse.y" typedef union { char *cpVal; - ssl_expr *exVal; + nss_expr *exVal; } YYSTYPE; #include <stdio.h> @@ -48,9 +48,9 @@ typedef union { #define YYFLAG -32768 #define YYNTBASE 29 -#define YYTRANSLATE(x) ((unsigned)(x) <= 276 ? ssl_expr_yytranslate[x] : 36) +#define YYTRANSLATE(x) ((unsigned)(x) <= 276 ? nss_expr_yytranslate[x] : 36) -static const char ssl_expr_yytranslate[] = { 0, +static const char nss_expr_yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -82,13 +82,13 @@ static const char ssl_expr_yytranslate[] = { 0, }; #if YYDEBUG != 0 -static const short ssl_expr_yyprhs[] = { 0, +static const short nss_expr_yyprhs[] = { 0, 0, 2, 4, 6, 9, 13, 17, 19, 23, 27, 31, 35, 39, 43, 47, 53, 57, 61, 63, 67, 69, 71, 76, 78, 80, 82 }; -static const short ssl_expr_yyrhs[] = { 30, +static const short nss_expr_yyrhs[] = { 30, 0, 3, 0, 4, 0, 22, 30, 0, 30, 20, 30, 0, 30, 21, 30, 0, 31, 0, 23, 30, 24, 0, 33, 11, 33, 0, 33, 12, 33, 0, @@ -103,17 +103,17 @@ static const short ssl_expr_yyrhs[] = { 30, #endif #if YYDEBUG != 0 -static const short ssl_expr_yyrline[] = { 0, - 81, 84, 85, 86, 87, 88, 89, 90, 93, 94, - 95, 96, 97, 98, 99, 100, 101, 104, 105, 108, - 109, 110, 111, 114, 123, 134 +static const short nss_expr_yyrline[] = { 0, + 69, 72, 73, 74, 75, 76, 77, 78, 81, 82, + 83, 84, 85, 86, 87, 88, 89, 92, 93, 96, + 97, 98, 99, 102, 111, 122 }; #endif #if YYDEBUG != 0 || defined (YYERROR_VERBOSE) -static const char * const ssl_expr_yytname[] = { "$","error","$undefined.","T_TRUE", +static const char * const nss_expr_yytname[] = { "$","error","$undefined.","T_TRUE", "T_FALSE","T_DIGIT","T_ID","T_STRING","T_REGEX","T_REGEX_I","T_FUNC_FILE","T_OP_EQ", "T_OP_NE","T_OP_LT","T_OP_LE","T_OP_GT","T_OP_GE","T_OP_REG","T_OP_NRE","T_OP_IN", "T_OP_OR","T_OP_AND","T_OP_NOT","'('","')'","'{'","'}'","','","'%'","root","expr", @@ -121,19 +121,19 @@ static const char * const ssl_expr_yytname[] = { "$","error","$undefined.","T_ }; #endif -static const short ssl_expr_yyr1[] = { 0, +static const short nss_expr_yyr1[] = { 0, 29, 30, 30, 30, 30, 30, 30, 30, 31, 31, 31, 31, 31, 31, 31, 31, 31, 32, 32, 33, 33, 33, 33, 34, 34, 35 }; -static const short ssl_expr_yyr2[] = { 0, +static const short nss_expr_yyr2[] = { 0, 1, 1, 1, 2, 3, 3, 1, 3, 3, 3, 3, 3, 3, 3, 5, 3, 3, 1, 3, 1, 1, 4, 1, 1, 1, 4 }; -static const short ssl_expr_yydefact[] = { 0, +static const short nss_expr_yydefact[] = { 0, 2, 3, 20, 21, 0, 0, 0, 0, 1, 7, 0, 23, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 8, 0, @@ -142,11 +142,11 @@ static const short ssl_expr_yydefact[] = { 0, 0, 0, 0 }; -static const short ssl_expr_yydefgoto[] = { 51, +static const short nss_expr_yydefgoto[] = { 51, 9, 10, 46, 11, 41, 12 }; -static const short ssl_expr_yypact[] = { 3, +static const short nss_expr_yypact[] = { 3, -32768,-32768,-32768,-32768, -11, 3, 3, -10, 0,-32768, 22,-32768, 16,-32768, -2, 23, 3, 3, 4, 4, 4, 4, 4, 4, 34, 34, 21, 24,-32768, 25, @@ -155,7 +155,7 @@ static const short ssl_expr_yypact[] = { 3, 49, 50,-32768 }; -static const short ssl_expr_yypgoto[] = {-32768, +static const short nss_expr_yypgoto[] = {-32768, 10,-32768,-32768, -19, 27,-32768 }; @@ -163,7 +163,7 @@ static const short ssl_expr_yypgoto[] = {-32768, #define YYLAST 53 -static const short ssl_expr_yytable[] = { 33, +static const short nss_expr_yytable[] = { 33, 34, 35, 36, 37, 38, 1, 2, 3, 3, 4, 4, 13, 5, 5, 16, 14, 15, 17, 18, 17, 18, 29, 28, 47, 6, 7, 31, 32, 30, 50, @@ -172,7 +172,7 @@ static const short ssl_expr_yytable[] = { 33, 45, 0, 42 }; -static const short ssl_expr_yycheck[] = { 19, +static const short nss_expr_yycheck[] = { 19, 20, 21, 22, 23, 24, 3, 4, 5, 5, 7, 7, 23, 10, 10, 25, 6, 7, 20, 21, 20, 21, 24, 7, 43, 22, 23, 17, 18, 6, 49, @@ -264,50 +264,50 @@ static const short ssl_expr_yycheck[] = { 19, It is replaced by the list of actions, each action as one case of the switch. */ -#define ssl_expr_yyerrok (ssl_expr_yyerrstatus = 0) -#define ssl_expr_yyclearin (ssl_expr_yychar = YYEMPTY) +#define nss_expr_yyerrok (nss_expr_yyerrstatus = 0) +#define nss_expr_yyclearin (nss_expr_yychar = YYEMPTY) #define YYEMPTY -2 #define YYEOF 0 -#define YYACCEPT goto ssl_expr_yyacceptlab -#define YYABORT goto ssl_expr_yyabortlab -#define YYERROR goto ssl_expr_yyerrlab1 -/* Like YYERROR except do call ssl_expr_yyerror. +#define YYACCEPT goto nss_expr_yyacceptlab +#define YYABORT goto nss_expr_yyabortlab +#define YYERROR goto nss_expr_yyerrlab1 +/* Like YYERROR except do call nss_expr_yyerror. This remains here temporarily to ease the transition to the new meaning of YYERROR, for GCC. Once GCC version 2 has supplanted version 1, this can go. */ -#define YYFAIL goto ssl_expr_yyerrlab -#define YYRECOVERING() (!!ssl_expr_yyerrstatus) +#define YYFAIL goto nss_expr_yyerrlab +#define YYRECOVERING() (!!nss_expr_yyerrstatus) #define YYBACKUP(token, value) \ do \ - if (ssl_expr_yychar == YYEMPTY && ssl_expr_yylen == 1) \ - { ssl_expr_yychar = (token), ssl_expr_yylval = (value); \ - ssl_expr_yychar1 = YYTRANSLATE (ssl_expr_yychar); \ + if (nss_expr_yychar == YYEMPTY && nss_expr_yylen == 1) \ + { nss_expr_yychar = (token), nss_expr_yylval = (value); \ + nss_expr_yychar1 = YYTRANSLATE (nss_expr_yychar); \ YYPOPSTACK; \ - goto ssl_expr_yybackup; \ + goto nss_expr_yybackup; \ } \ else \ - { ssl_expr_yyerror ("syntax error: cannot back up"); YYERROR; } \ + { nss_expr_yyerror ("syntax error: cannot back up"); YYERROR; } \ while (0) #define YYTERROR 1 #define YYERRCODE 256 #ifndef YYPURE -#define YYLEX ssl_expr_yylex() +#define YYLEX nss_expr_yylex() #endif #ifdef YYPURE #ifdef YYLSP_NEEDED #ifdef YYLEX_PARAM -#define YYLEX ssl_expr_yylex(&ssl_expr_yylval, &ssl_expr_yylloc, YYLEX_PARAM) +#define YYLEX nss_expr_yylex(&nss_expr_yylval, &nss_expr_yylloc, YYLEX_PARAM) #else -#define YYLEX ssl_expr_yylex(&ssl_expr_yylval, &ssl_expr_yylloc) +#define YYLEX nss_expr_yylex(&nss_expr_yylval, &nss_expr_yylloc) #endif #else /* not YYLSP_NEEDED */ #ifdef YYLEX_PARAM -#define YYLEX ssl_expr_yylex(&ssl_expr_yylval, YYLEX_PARAM) +#define YYLEX nss_expr_yylex(&nss_expr_yylval, YYLEX_PARAM) #else -#define YYLEX ssl_expr_yylex(&ssl_expr_yylval) +#define YYLEX nss_expr_yylex(&nss_expr_yylval) #endif #endif /* not YYLSP_NEEDED */ #endif @@ -316,20 +316,20 @@ while (0) #ifndef YYPURE -int ssl_expr_yychar; /* the lookahead symbol */ -YYSTYPE ssl_expr_yylval; /* the semantic value of the */ +int nss_expr_yychar; /* the lookahead symbol */ +YYSTYPE nss_expr_yylval; /* the semantic value of the */ /* lookahead symbol */ #ifdef YYLSP_NEEDED -YYLTYPE ssl_expr_yylloc; /* location data for the lookahead */ +YYLTYPE nss_expr_yylloc; /* location data for the lookahead */ /* symbol */ #endif -int ssl_expr_yynerrs; /* number of parse errors so far */ +int nss_expr_yynerrs; /* number of parse errors so far */ #endif /* not YYPURE */ #if YYDEBUG != 0 -int ssl_expr_yydebug; /* nonzero means print parse trace */ +int nss_expr_yydebug; /* nonzero means print parse trace */ /* Since this is uninitialized, it does not stop multiple parsers from coexisting. */ #endif @@ -351,20 +351,20 @@ int ssl_expr_yydebug; /* nonzero means print parse trace */ #define YYMAXDEPTH 10000 #endif -/* Define __ssl_expr_yy_memcpy. Note that the size argument +/* Define __nss_expr_yy_memcpy. Note that the size argument should be passed with type unsigned int, because that is what the non-GCC definitions require. With GCC, __builtin_memcpy takes an arg of type size_t, but it can handle unsigned int. */ #if __GNUC__ > 1 /* GNU C and GNU C++ define this. */ -#define __ssl_expr_yy_memcpy(TO,FROM,COUNT) __builtin_memcpy(TO,FROM,COUNT) +#define __nss_expr_yy_memcpy(TO,FROM,COUNT) __builtin_memcpy(TO,FROM,COUNT) #else /* not GNU C or C++ */ #ifndef __cplusplus /* This is the most reliable way to avoid incompatibilities in available built-in functions on various systems. */ static void -__ssl_expr_yy_memcpy (to, from, count) +__nss_expr_yy_memcpy (to, from, count) char *to; char *from; unsigned int count; @@ -382,7 +382,7 @@ __ssl_expr_yy_memcpy (to, from, count) /* This is the most reliable way to avoid incompatibilities in available built-in functions on various systems. */ static void -__ssl_expr_yy_memcpy (char *to, char *from, unsigned int count) +__nss_expr_yy_memcpy (char *to, char *from, unsigned int count) { register char *t = to; register char *f = from; @@ -398,7 +398,7 @@ __ssl_expr_yy_memcpy (char *to, char *from, unsigned int count) #line 217 "/usr/lib/bison.simple" /* The user can define YYPARSE_PARAM as the name of an argument to be passed - into ssl_expr_yyparse. The argument should have type void *. + into nss_expr_yyparse. The argument should have type void *. It should actually point to an object. Grammar actions can access the variable by casting it to the proper pointer type. */ @@ -419,470 +419,470 @@ __ssl_expr_yy_memcpy (char *to, char *from, unsigned int count) /* Prevent warning if -Wstrict-prototypes. */ #ifdef __GNUC__ #ifdef YYPARSE_PARAM -int ssl_expr_yyparse (void *); +int nss_expr_yyparse (void *); #else -int ssl_expr_yyparse (void); +int nss_expr_yyparse (void); #endif #endif int -ssl_expr_yyparse(YYPARSE_PARAM_ARG) +nss_expr_yyparse(YYPARSE_PARAM_ARG) YYPARSE_PARAM_DECL { - register int ssl_expr_yystate; - register int ssl_expr_yyn; - register short *ssl_expr_yyssp; - register YYSTYPE *ssl_expr_yyvsp; - int ssl_expr_yyerrstatus; /* number of tokens to shift before error messages enabled */ - int ssl_expr_yychar1 = 0; /* lookahead token as an internal (translated) token number */ + register int nss_expr_yystate; + register int nss_expr_yyn; + register short *nss_expr_yyssp; + register YYSTYPE *nss_expr_yyvsp; + int nss_expr_yyerrstatus; /* number of tokens to shift before error messages enabled */ + int nss_expr_yychar1 = 0; /* lookahead token as an internal (translated) token number */ - short ssl_expr_yyssa[YYINITDEPTH]; /* the state stack */ - YYSTYPE ssl_expr_yyvsa[YYINITDEPTH]; /* the semantic value stack */ + short nss_expr_yyssa[YYINITDEPTH]; /* the state stack */ + YYSTYPE nss_expr_yyvsa[YYINITDEPTH]; /* the semantic value stack */ - short *ssl_expr_yyss = ssl_expr_yyssa; /* refer to the stacks thru separate pointers */ - YYSTYPE *ssl_expr_yyvs = ssl_expr_yyvsa; /* to allow ssl_expr_yyoverflow to reallocate them elsewhere */ + short *nss_expr_yyss = nss_expr_yyssa; /* refer to the stacks thru separate pointers */ + YYSTYPE *nss_expr_yyvs = nss_expr_yyvsa; /* to allow nss_expr_yyoverflow to reallocate them elsewhere */ #ifdef YYLSP_NEEDED - YYLTYPE ssl_expr_yylsa[YYINITDEPTH]; /* the location stack */ - YYLTYPE *ssl_expr_yyls = ssl_expr_yylsa; - YYLTYPE *ssl_expr_yylsp; + YYLTYPE nss_expr_yylsa[YYINITDEPTH]; /* the location stack */ + YYLTYPE *nss_expr_yyls = nss_expr_yylsa; + YYLTYPE *nss_expr_yylsp; -#define YYPOPSTACK (ssl_expr_yyvsp--, ssl_expr_yyssp--, ssl_expr_yylsp--) +#define YYPOPSTACK (nss_expr_yyvsp--, nss_expr_yyssp--, nss_expr_yylsp--) #else -#define YYPOPSTACK (ssl_expr_yyvsp--, ssl_expr_yyssp--) +#define YYPOPSTACK (nss_expr_yyvsp--, nss_expr_yyssp--) #endif - int ssl_expr_yystacksize = YYINITDEPTH; - int ssl_expr_yyfree_stacks = 0; + int nss_expr_yystacksize = YYINITDEPTH; + int nss_expr_yyfree_stacks = 0; #ifdef YYPURE - int ssl_expr_yychar; - YYSTYPE ssl_expr_yylval; - int ssl_expr_yynerrs; + int nss_expr_yychar; + YYSTYPE nss_expr_yylval; + int nss_expr_yynerrs; #ifdef YYLSP_NEEDED - YYLTYPE ssl_expr_yylloc; + YYLTYPE nss_expr_yylloc; #endif #endif - YYSTYPE ssl_expr_yyval; /* the variable used to return */ + YYSTYPE nss_expr_yyval; /* the variable used to return */ /* semantic values from the action */ /* routines */ - int ssl_expr_yylen; + int nss_expr_yylen; #if YYDEBUG != 0 - if (ssl_expr_yydebug) + if (nss_expr_yydebug) fprintf(stderr, "Starting parse\n"); #endif - ssl_expr_yystate = 0; - ssl_expr_yyerrstatus = 0; - ssl_expr_yynerrs = 0; - ssl_expr_yychar = YYEMPTY; /* Cause a token to be read. */ + nss_expr_yystate = 0; + nss_expr_yyerrstatus = 0; + nss_expr_yynerrs = 0; + nss_expr_yychar = YYEMPTY; /* Cause a token to be read. */ /* Initialize stack pointers. Waste one element of value and location stack so that they stay on the same level as the state stack. The wasted elements are never initialized. */ - ssl_expr_yyssp = ssl_expr_yyss - 1; - ssl_expr_yyvsp = ssl_expr_yyvs; + nss_expr_yyssp = nss_expr_yyss - 1; + nss_expr_yyvsp = nss_expr_yyvs; #ifdef YYLSP_NEEDED - ssl_expr_yylsp = ssl_expr_yyls; + nss_expr_yylsp = nss_expr_yyls; #endif -/* Push a new state, which is found in ssl_expr_yystate . */ +/* Push a new state, which is found in nss_expr_yystate . */ /* In all cases, when you get here, the value and location stacks have just been pushed. so pushing a state here evens the stacks. */ -ssl_expr_yynewstate: +nss_expr_yynewstate: - *++ssl_expr_yyssp = ssl_expr_yystate; + *++nss_expr_yyssp = nss_expr_yystate; - if (ssl_expr_yyssp >= ssl_expr_yyss + ssl_expr_yystacksize - 1) + if (nss_expr_yyssp >= nss_expr_yyss + nss_expr_yystacksize - 1) { /* Give user a chance to reallocate the stack */ /* Use copies of these so that the &'s don't force the real ones into memory. */ - YYSTYPE *ssl_expr_yyvs1 = ssl_expr_yyvs; - short *ssl_expr_yyss1 = ssl_expr_yyss; + YYSTYPE *nss_expr_yyvs1 = nss_expr_yyvs; + short *nss_expr_yyss1 = nss_expr_yyss; #ifdef YYLSP_NEEDED - YYLTYPE *ssl_expr_yyls1 = ssl_expr_yyls; + YYLTYPE *nss_expr_yyls1 = nss_expr_yyls; #endif /* Get the current used size of the three stacks, in elements. */ - int size = ssl_expr_yyssp - ssl_expr_yyss + 1; + int size = nss_expr_yyssp - nss_expr_yyss + 1; -#ifdef ssl_expr_yyoverflow +#ifdef nss_expr_yyoverflow /* Each stack pointer address is followed by the size of the data in use in that stack, in bytes. */ #ifdef YYLSP_NEEDED /* This used to be a conditional around just the two extra args, - but that might be undefined if ssl_expr_yyoverflow is a macro. */ - ssl_expr_yyoverflow("parser stack overflow", - &ssl_expr_yyss1, size * sizeof (*ssl_expr_yyssp), - &ssl_expr_yyvs1, size * sizeof (*ssl_expr_yyvsp), - &ssl_expr_yyls1, size * sizeof (*ssl_expr_yylsp), - &ssl_expr_yystacksize); + but that might be undefined if nss_expr_yyoverflow is a macro. */ + nss_expr_yyoverflow("parser stack overflow", + &nss_expr_yyss1, size * sizeof (*nss_expr_yyssp), + &nss_expr_yyvs1, size * sizeof (*nss_expr_yyvsp), + &nss_expr_yyls1, size * sizeof (*nss_expr_yylsp), + &nss_expr_yystacksize); #else - ssl_expr_yyoverflow("parser stack overflow", - &ssl_expr_yyss1, size * sizeof (*ssl_expr_yyssp), - &ssl_expr_yyvs1, size * sizeof (*ssl_expr_yyvsp), - &ssl_expr_yystacksize); + nss_expr_yyoverflow("parser stack overflow", + &nss_expr_yyss1, size * sizeof (*nss_expr_yyssp), + &nss_expr_yyvs1, size * sizeof (*nss_expr_yyvsp), + &nss_expr_yystacksize); #endif - ssl_expr_yyss = ssl_expr_yyss1; ssl_expr_yyvs = ssl_expr_yyvs1; + nss_expr_yyss = nss_expr_yyss1; nss_expr_yyvs = nss_expr_yyvs1; #ifdef YYLSP_NEEDED - ssl_expr_yyls = ssl_expr_yyls1; + nss_expr_yyls = nss_expr_yyls1; #endif -#else /* no ssl_expr_yyoverflow */ +#else /* no nss_expr_yyoverflow */ /* Extend the stack our own way. */ - if (ssl_expr_yystacksize >= YYMAXDEPTH) + if (nss_expr_yystacksize >= YYMAXDEPTH) { - ssl_expr_yyerror("parser stack overflow"); - if (ssl_expr_yyfree_stacks) + nss_expr_yyerror("parser stack overflow"); + if (nss_expr_yyfree_stacks) { - free (ssl_expr_yyss); - free (ssl_expr_yyvs); + free (nss_expr_yyss); + free (nss_expr_yyvs); #ifdef YYLSP_NEEDED - free (ssl_expr_yyls); + free (nss_expr_yyls); #endif } return 2; } - ssl_expr_yystacksize *= 2; - if (ssl_expr_yystacksize > YYMAXDEPTH) - ssl_expr_yystacksize = YYMAXDEPTH; + nss_expr_yystacksize *= 2; + if (nss_expr_yystacksize > YYMAXDEPTH) + nss_expr_yystacksize = YYMAXDEPTH; #ifndef YYSTACK_USE_ALLOCA - ssl_expr_yyfree_stacks = 1; + nss_expr_yyfree_stacks = 1; #endif - ssl_expr_yyss = (short *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yyssp)); - __ssl_expr_yy_memcpy ((char *)ssl_expr_yyss, (char *)ssl_expr_yyss1, - size * (unsigned int) sizeof (*ssl_expr_yyssp)); - ssl_expr_yyvs = (YYSTYPE *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yyvsp)); - __ssl_expr_yy_memcpy ((char *)ssl_expr_yyvs, (char *)ssl_expr_yyvs1, - size * (unsigned int) sizeof (*ssl_expr_yyvsp)); + nss_expr_yyss = (short *) YYSTACK_ALLOC (nss_expr_yystacksize * sizeof (*nss_expr_yyssp)); + __nss_expr_yy_memcpy ((char *)nss_expr_yyss, (char *)nss_expr_yyss1, + size * (unsigned int) sizeof (*nss_expr_yyssp)); + nss_expr_yyvs = (YYSTYPE *) YYSTACK_ALLOC (nss_expr_yystacksize * sizeof (*nss_expr_yyvsp)); + __nss_expr_yy_memcpy ((char *)nss_expr_yyvs, (char *)nss_expr_yyvs1, + size * (unsigned int) sizeof (*nss_expr_yyvsp)); #ifdef YYLSP_NEEDED - ssl_expr_yyls = (YYLTYPE *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yylsp)); - __ssl_expr_yy_memcpy ((char *)ssl_expr_yyls, (char *)ssl_expr_yyls1, - size * (unsigned int) sizeof (*ssl_expr_yylsp)); + nss_expr_yyls = (YYLTYPE *) YYSTACK_ALLOC (nss_expr_yystacksize * sizeof (*nss_expr_yylsp)); + __nss_expr_yy_memcpy ((char *)nss_expr_yyls, (char *)nss_expr_yyls1, + size * (unsigned int) sizeof (*nss_expr_yylsp)); #endif -#endif /* no ssl_expr_yyoverflow */ +#endif /* no nss_expr_yyoverflow */ - ssl_expr_yyssp = ssl_expr_yyss + size - 1; - ssl_expr_yyvsp = ssl_expr_yyvs + size - 1; + nss_expr_yyssp = nss_expr_yyss + size - 1; + nss_expr_yyvsp = nss_expr_yyvs + size - 1; #ifdef YYLSP_NEEDED - ssl_expr_yylsp = ssl_expr_yyls + size - 1; + nss_expr_yylsp = nss_expr_yyls + size - 1; #endif #if YYDEBUG != 0 - if (ssl_expr_yydebug) - fprintf(stderr, "Stack size increased to %d\n", ssl_expr_yystacksize); + if (nss_expr_yydebug) + fprintf(stderr, "Stack size increased to %d\n", nss_expr_yystacksize); #endif - if (ssl_expr_yyssp >= ssl_expr_yyss + ssl_expr_yystacksize - 1) + if (nss_expr_yyssp >= nss_expr_yyss + nss_expr_yystacksize - 1) YYABORT; } #if YYDEBUG != 0 - if (ssl_expr_yydebug) - fprintf(stderr, "Entering state %d\n", ssl_expr_yystate); + if (nss_expr_yydebug) + fprintf(stderr, "Entering state %d\n", nss_expr_yystate); #endif - goto ssl_expr_yybackup; - ssl_expr_yybackup: + goto nss_expr_yybackup; + nss_expr_yybackup: /* Do appropriate processing given the current state. */ /* Read a lookahead token if we need one and don't already have one. */ -/* ssl_expr_yyresume: */ +/* nss_expr_yyresume: */ /* First try to decide what to do without reference to lookahead token. */ - ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate]; - if (ssl_expr_yyn == YYFLAG) - goto ssl_expr_yydefault; + nss_expr_yyn = nss_expr_yypact[nss_expr_yystate]; + if (nss_expr_yyn == YYFLAG) + goto nss_expr_yydefault; /* Not known => get a lookahead token if don't already have one. */ - /* ssl_expr_yychar is either YYEMPTY or YYEOF + /* nss_expr_yychar is either YYEMPTY or YYEOF or a valid token in external form. */ - if (ssl_expr_yychar == YYEMPTY) + if (nss_expr_yychar == YYEMPTY) { #if YYDEBUG != 0 - if (ssl_expr_yydebug) + if (nss_expr_yydebug) fprintf(stderr, "Reading a token: "); #endif - ssl_expr_yychar = YYLEX; + nss_expr_yychar = YYLEX; } - /* Convert token to internal form (in ssl_expr_yychar1) for indexing tables with */ + /* Convert token to internal form (in nss_expr_yychar1) for indexing tables with */ - if (ssl_expr_yychar <= 0) /* This means end of input. */ + if (nss_expr_yychar <= 0) /* This means end of input. */ { - ssl_expr_yychar1 = 0; - ssl_expr_yychar = YYEOF; /* Don't call YYLEX any more */ + nss_expr_yychar1 = 0; + nss_expr_yychar = YYEOF; /* Don't call YYLEX any more */ #if YYDEBUG != 0 - if (ssl_expr_yydebug) + if (nss_expr_yydebug) fprintf(stderr, "Now at end of input.\n"); #endif } else { - ssl_expr_yychar1 = YYTRANSLATE(ssl_expr_yychar); + nss_expr_yychar1 = YYTRANSLATE(nss_expr_yychar); #if YYDEBUG != 0 - if (ssl_expr_yydebug) + if (nss_expr_yydebug) { - fprintf (stderr, "Next token is %d (%s", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]); + fprintf (stderr, "Next token is %d (%s", nss_expr_yychar, nss_expr_yytname[nss_expr_yychar1]); /* Give the individual parser a way to print the precise meaning of a token, for further debugging info. */ #ifdef YYPRINT - YYPRINT (stderr, ssl_expr_yychar, ssl_expr_yylval); + YYPRINT (stderr, nss_expr_yychar, nss_expr_yylval); #endif fprintf (stderr, ")\n"); } #endif } - ssl_expr_yyn += ssl_expr_yychar1; - if (ssl_expr_yyn < 0 || ssl_expr_yyn > YYLAST || ssl_expr_yycheck[ssl_expr_yyn] != ssl_expr_yychar1) - goto ssl_expr_yydefault; + nss_expr_yyn += nss_expr_yychar1; + if (nss_expr_yyn < 0 || nss_expr_yyn > YYLAST || nss_expr_yycheck[nss_expr_yyn] != nss_expr_yychar1) + goto nss_expr_yydefault; - ssl_expr_yyn = ssl_expr_yytable[ssl_expr_yyn]; + nss_expr_yyn = nss_expr_yytable[nss_expr_yyn]; - /* ssl_expr_yyn is what to do for this token type in this state. - Negative => reduce, -ssl_expr_yyn is rule number. - Positive => shift, ssl_expr_yyn is new state. + /* nss_expr_yyn is what to do for this token type in this state. + Negative => reduce, -nss_expr_yyn is rule number. + Positive => shift, nss_expr_yyn is new state. New state is final state => don't bother to shift, just return success. 0, or most negative number => error. */ - if (ssl_expr_yyn < 0) + if (nss_expr_yyn < 0) { - if (ssl_expr_yyn == YYFLAG) - goto ssl_expr_yyerrlab; - ssl_expr_yyn = -ssl_expr_yyn; - goto ssl_expr_yyreduce; + if (nss_expr_yyn == YYFLAG) + goto nss_expr_yyerrlab; + nss_expr_yyn = -nss_expr_yyn; + goto nss_expr_yyreduce; } - else if (ssl_expr_yyn == 0) - goto ssl_expr_yyerrlab; + else if (nss_expr_yyn == 0) + goto nss_expr_yyerrlab; - if (ssl_expr_yyn == YYFINAL) + if (nss_expr_yyn == YYFINAL) YYACCEPT; /* Shift the lookahead token. */ #if YYDEBUG != 0 - if (ssl_expr_yydebug) - fprintf(stderr, "Shifting token %d (%s), ", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]); + if (nss_expr_yydebug) + fprintf(stderr, "Shifting token %d (%s), ", nss_expr_yychar, nss_expr_yytname[nss_expr_yychar1]); #endif /* Discard the token being shifted unless it is eof. */ - if (ssl_expr_yychar != YYEOF) - ssl_expr_yychar = YYEMPTY; + if (nss_expr_yychar != YYEOF) + nss_expr_yychar = YYEMPTY; - *++ssl_expr_yyvsp = ssl_expr_yylval; + *++nss_expr_yyvsp = nss_expr_yylval; #ifdef YYLSP_NEEDED - *++ssl_expr_yylsp = ssl_expr_yylloc; + *++nss_expr_yylsp = nss_expr_yylloc; #endif /* count tokens shifted since error; after three, turn off error status. */ - if (ssl_expr_yyerrstatus) ssl_expr_yyerrstatus--; + if (nss_expr_yyerrstatus) nss_expr_yyerrstatus--; - ssl_expr_yystate = ssl_expr_yyn; - goto ssl_expr_yynewstate; + nss_expr_yystate = nss_expr_yyn; + goto nss_expr_yynewstate; /* Do the default action for the current state. */ -ssl_expr_yydefault: +nss_expr_yydefault: - ssl_expr_yyn = ssl_expr_yydefact[ssl_expr_yystate]; - if (ssl_expr_yyn == 0) - goto ssl_expr_yyerrlab; + nss_expr_yyn = nss_expr_yydefact[nss_expr_yystate]; + if (nss_expr_yyn == 0) + goto nss_expr_yyerrlab; -/* Do a reduction. ssl_expr_yyn is the number of a rule to reduce with. */ -ssl_expr_yyreduce: - ssl_expr_yylen = ssl_expr_yyr2[ssl_expr_yyn]; - if (ssl_expr_yylen > 0) - ssl_expr_yyval = ssl_expr_yyvsp[1-ssl_expr_yylen]; /* implement default value of the action */ +/* Do a reduction. nss_expr_yyn is the number of a rule to reduce with. */ +nss_expr_yyreduce: + nss_expr_yylen = nss_expr_yyr2[nss_expr_yyn]; + if (nss_expr_yylen > 0) + nss_expr_yyval = nss_expr_yyvsp[1-nss_expr_yylen]; /* implement default value of the action */ #if YYDEBUG != 0 - if (ssl_expr_yydebug) + if (nss_expr_yydebug) { int i; fprintf (stderr, "Reducing via rule %d (line %d), ", - ssl_expr_yyn, ssl_expr_yyrline[ssl_expr_yyn]); + nss_expr_yyn, nss_expr_yyrline[nss_expr_yyn]); /* Print the symbols being reduced, and their result. */ - for (i = ssl_expr_yyprhs[ssl_expr_yyn]; ssl_expr_yyrhs[i] > 0; i++) - fprintf (stderr, "%s ", ssl_expr_yytname[ssl_expr_yyrhs[i]]); - fprintf (stderr, " -> %s\n", ssl_expr_yytname[ssl_expr_yyr1[ssl_expr_yyn]]); + for (i = nss_expr_yyprhs[nss_expr_yyn]; nss_expr_yyrhs[i] > 0; i++) + fprintf (stderr, "%s ", nss_expr_yytname[nss_expr_yyrhs[i]]); + fprintf (stderr, " -> %s\n", nss_expr_yytname[nss_expr_yyr1[nss_expr_yyn]]); } #endif - switch (ssl_expr_yyn) { + switch (nss_expr_yyn) { case 1: -#line 81 "ssl_expr_parse.y" -{ ssl_expr_info.expr = ssl_expr_yyvsp[0].exVal; ; +#line 69 "nss_expr_parse.y" +{ nss_expr_info.expr = nss_expr_yyvsp[0].exVal; ; break;} case 2: -#line 84 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_True, NULL, NULL); ; +#line 72 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_True, NULL, NULL); ; break;} case 3: -#line 85 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_False, NULL, NULL); ; +#line 73 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_False, NULL, NULL); ; break;} case 4: -#line 86 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_Not, ssl_expr_yyvsp[0].exVal, NULL); ; +#line 74 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_Not, nss_expr_yyvsp[0].exVal, NULL); ; break;} case 5: -#line 87 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_Or, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; +#line 75 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_Or, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; break;} case 6: -#line 88 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_And, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; +#line 76 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_And, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; break;} case 7: -#line 89 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_Comp, ssl_expr_yyvsp[0].exVal, NULL); ; +#line 77 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_Comp, nss_expr_yyvsp[0].exVal, NULL); ; break;} case 8: -#line 90 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_yyvsp[-1].exVal; ; +#line 78 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_yyvsp[-1].exVal; ; break;} case 9: -#line 93 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_EQ, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; +#line 81 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_EQ, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; break;} case 10: -#line 94 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_NE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; +#line 82 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_NE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; break;} case 11: -#line 95 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_LT, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; +#line 83 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_LT, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; break;} case 12: -#line 96 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_LE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; +#line 84 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_LE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; break;} case 13: -#line 97 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_GT, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; +#line 85 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_GT, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; break;} case 14: -#line 98 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_GE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; +#line 86 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_GE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; break;} case 15: -#line 99 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_IN, ssl_expr_yyvsp[-4].exVal, ssl_expr_yyvsp[-1].exVal); ; +#line 87 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_IN, nss_expr_yyvsp[-4].exVal, nss_expr_yyvsp[-1].exVal); ; break;} case 16: -#line 100 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_REG, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; +#line 88 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_REG, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; break;} case 17: -#line 101 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_NRE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; +#line 89 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_NRE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; break;} case 18: -#line 104 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[0].exVal, NULL); ; +#line 92 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_ListElement, nss_expr_yyvsp[0].exVal, NULL); ; break;} case 19: -#line 105 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[0].exVal, ssl_expr_yyvsp[-2].exVal); ; +#line 93 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_ListElement, nss_expr_yyvsp[0].exVal, nss_expr_yyvsp[-2].exVal); ; break;} case 20: -#line 108 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_Digit, ssl_expr_yyvsp[0].cpVal, NULL); ; +#line 96 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_Digit, nss_expr_yyvsp[0].cpVal, NULL); ; break;} case 21: -#line 109 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_String, ssl_expr_yyvsp[0].cpVal, NULL); ; +#line 97 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_String, nss_expr_yyvsp[0].cpVal, NULL); ; break;} case 22: -#line 110 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_Var, ssl_expr_yyvsp[-1].cpVal, NULL); ; +#line 98 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_Var, nss_expr_yyvsp[-1].cpVal, NULL); ; break;} case 23: -#line 111 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_yyvsp[0].exVal; ; +#line 99 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_yyvsp[0].exVal; ; break;} case 24: -#line 114 "ssl_expr_parse.y" +#line 102 "nss_expr_parse.y" { regex_t *regex; - if ((regex = ap_pregcomp(ssl_expr_info.pool, ssl_expr_yyvsp[0].cpVal, + if ((regex = ap_pregcomp(nss_expr_info.pool, nss_expr_yyvsp[0].cpVal, REG_EXTENDED|REG_NOSUB)) == NULL) { - ssl_expr_error = "Failed to compile regular expression"; + nss_expr_error = "Failed to compile regular expression"; YYERROR; } - ssl_expr_yyval.exVal = ssl_expr_make(op_Regex, regex, NULL); + nss_expr_yyval.exVal = nss_expr_make(op_Regex, regex, NULL); ; break;} case 25: -#line 123 "ssl_expr_parse.y" +#line 111 "nss_expr_parse.y" { regex_t *regex; - if ((regex = ap_pregcomp(ssl_expr_info.pool, ssl_expr_yyvsp[0].cpVal, + if ((regex = ap_pregcomp(nss_expr_info.pool, nss_expr_yyvsp[0].cpVal, REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) { - ssl_expr_error = "Failed to compile regular expression"; + nss_expr_error = "Failed to compile regular expression"; YYERROR; } - ssl_expr_yyval.exVal = ssl_expr_make(op_Regex, regex, NULL); + nss_expr_yyval.exVal = nss_expr_make(op_Regex, regex, NULL); ; break;} case 26: -#line 134 "ssl_expr_parse.y" +#line 122 "nss_expr_parse.y" { - ssl_expr *args = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[-1].cpVal, NULL); - ssl_expr_yyval.exVal = ssl_expr_make(op_Func, "file", args); + nss_expr *args = nss_expr_make(op_ListElement, nss_expr_yyvsp[-1].cpVal, NULL); + nss_expr_yyval.exVal = nss_expr_make(op_Func, "file", args); ; break;} } /* the action file gets copied in in place of this dollarsign */ #line 543 "/usr/lib/bison.simple" - ssl_expr_yyvsp -= ssl_expr_yylen; - ssl_expr_yyssp -= ssl_expr_yylen; + nss_expr_yyvsp -= nss_expr_yylen; + nss_expr_yyssp -= nss_expr_yylen; #ifdef YYLSP_NEEDED - ssl_expr_yylsp -= ssl_expr_yylen; + nss_expr_yylsp -= nss_expr_yylen; #endif #if YYDEBUG != 0 - if (ssl_expr_yydebug) + if (nss_expr_yydebug) { - short *ssp1 = ssl_expr_yyss - 1; + short *ssp1 = nss_expr_yyss - 1; fprintf (stderr, "state stack now"); - while (ssp1 != ssl_expr_yyssp) + while (ssp1 != nss_expr_yyssp) fprintf (stderr, " %d", *++ssp1); fprintf (stderr, "\n"); } #endif - *++ssl_expr_yyvsp = ssl_expr_yyval; + *++nss_expr_yyvsp = nss_expr_yyval; #ifdef YYLSP_NEEDED - ssl_expr_yylsp++; - if (ssl_expr_yylen == 0) + nss_expr_yylsp++; + if (nss_expr_yylen == 0) { - ssl_expr_yylsp->first_line = ssl_expr_yylloc.first_line; - ssl_expr_yylsp->first_column = ssl_expr_yylloc.first_column; - ssl_expr_yylsp->last_line = (ssl_expr_yylsp-1)->last_line; - ssl_expr_yylsp->last_column = (ssl_expr_yylsp-1)->last_column; - ssl_expr_yylsp->text = 0; + nss_expr_yylsp->first_line = nss_expr_yylloc.first_line; + nss_expr_yylsp->first_column = nss_expr_yylloc.first_column; + nss_expr_yylsp->last_line = (nss_expr_yylsp-1)->last_line; + nss_expr_yylsp->last_column = (nss_expr_yylsp-1)->last_column; + nss_expr_yylsp->text = 0; } else { - ssl_expr_yylsp->last_line = (ssl_expr_yylsp+ssl_expr_yylen-1)->last_line; - ssl_expr_yylsp->last_column = (ssl_expr_yylsp+ssl_expr_yylen-1)->last_column; + nss_expr_yylsp->last_line = (nss_expr_yylsp+nss_expr_yylen-1)->last_line; + nss_expr_yylsp->last_column = (nss_expr_yylsp+nss_expr_yylen-1)->last_column; } #endif @@ -891,38 +891,38 @@ case 26: based on the state we popped back to and the rule number reduced by. */ - ssl_expr_yyn = ssl_expr_yyr1[ssl_expr_yyn]; + nss_expr_yyn = nss_expr_yyr1[nss_expr_yyn]; - ssl_expr_yystate = ssl_expr_yypgoto[ssl_expr_yyn - YYNTBASE] + *ssl_expr_yyssp; - if (ssl_expr_yystate >= 0 && ssl_expr_yystate <= YYLAST && ssl_expr_yycheck[ssl_expr_yystate] == *ssl_expr_yyssp) - ssl_expr_yystate = ssl_expr_yytable[ssl_expr_yystate]; + nss_expr_yystate = nss_expr_yypgoto[nss_expr_yyn - YYNTBASE] + *nss_expr_yyssp; + if (nss_expr_yystate >= 0 && nss_expr_yystate <= YYLAST && nss_expr_yycheck[nss_expr_yystate] == *nss_expr_yyssp) + nss_expr_yystate = nss_expr_yytable[nss_expr_yystate]; else - ssl_expr_yystate = ssl_expr_yydefgoto[ssl_expr_yyn - YYNTBASE]; + nss_expr_yystate = nss_expr_yydefgoto[nss_expr_yyn - YYNTBASE]; - goto ssl_expr_yynewstate; + goto nss_expr_yynewstate; -ssl_expr_yyerrlab: /* here on detecting error */ +nss_expr_yyerrlab: /* here on detecting error */ - if (! ssl_expr_yyerrstatus) + if (! nss_expr_yyerrstatus) /* If not already recovering from an error, report this error. */ { - ++ssl_expr_yynerrs; + ++nss_expr_yynerrs; #ifdef YYERROR_VERBOSE - ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate]; + nss_expr_yyn = nss_expr_yypact[nss_expr_yystate]; - if (ssl_expr_yyn > YYFLAG && ssl_expr_yyn < YYLAST) + if (nss_expr_yyn > YYFLAG && nss_expr_yyn < YYLAST) { int size = 0; char *msg; int x, count; count = 0; - /* Start X at -ssl_expr_yyn if nec to avoid negative indexes in ssl_expr_yycheck. */ - for (x = (ssl_expr_yyn < 0 ? -ssl_expr_yyn : 0); - x < (sizeof(ssl_expr_yytname) / sizeof(char *)); x++) - if (ssl_expr_yycheck[x + ssl_expr_yyn] == x) - size += strlen(ssl_expr_yytname[x]) + 15, count++; + /* Start X at -nss_expr_yyn if nec to avoid negative indexes in nss_expr_yycheck. */ + for (x = (nss_expr_yyn < 0 ? -nss_expr_yyn : 0); + x < (sizeof(nss_expr_yytname) / sizeof(char *)); x++) + if (nss_expr_yycheck[x + nss_expr_yyn] == x) + size += strlen(nss_expr_yytname[x]) + 15, count++; msg = (char *) malloc(size + 15); if (msg != 0) { @@ -931,149 +931,149 @@ ssl_expr_yyerrlab: /* here on detecting error */ if (count < 5) { count = 0; - for (x = (ssl_expr_yyn < 0 ? -ssl_expr_yyn : 0); - x < (sizeof(ssl_expr_yytname) / sizeof(char *)); x++) - if (ssl_expr_yycheck[x + ssl_expr_yyn] == x) + for (x = (nss_expr_yyn < 0 ? -nss_expr_yyn : 0); + x < (sizeof(nss_expr_yytname) / sizeof(char *)); x++) + if (nss_expr_yycheck[x + nss_expr_yyn] == x) { strcat(msg, count == 0 ? ", expecting `" : " or `"); - strcat(msg, ssl_expr_yytname[x]); + strcat(msg, nss_expr_yytname[x]); strcat(msg, "'"); count++; } } - ssl_expr_yyerror(msg); + nss_expr_yyerror(msg); free(msg); } else - ssl_expr_yyerror ("parse error; also virtual memory exceeded"); + nss_expr_yyerror ("parse error; also virtual memory exceeded"); } else #endif /* YYERROR_VERBOSE */ - ssl_expr_yyerror("parse error"); + nss_expr_yyerror("parse error"); } - goto ssl_expr_yyerrlab1; -ssl_expr_yyerrlab1: /* here on error raised explicitly by an action */ + goto nss_expr_yyerrlab1; +nss_expr_yyerrlab1: /* here on error raised explicitly by an action */ - if (ssl_expr_yyerrstatus == 3) + if (nss_expr_yyerrstatus == 3) { /* if just tried and failed to reuse lookahead token after an error, discard it. */ /* return failure if at end of input */ - if (ssl_expr_yychar == YYEOF) + if (nss_expr_yychar == YYEOF) YYABORT; #if YYDEBUG != 0 - if (ssl_expr_yydebug) - fprintf(stderr, "Discarding token %d (%s).\n", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]); + if (nss_expr_yydebug) + fprintf(stderr, "Discarding token %d (%s).\n", nss_expr_yychar, nss_expr_yytname[nss_expr_yychar1]); #endif - ssl_expr_yychar = YYEMPTY; + nss_expr_yychar = YYEMPTY; } /* Else will try to reuse lookahead token after shifting the error token. */ - ssl_expr_yyerrstatus = 3; /* Each real token shifted decrements this */ + nss_expr_yyerrstatus = 3; /* Each real token shifted decrements this */ - goto ssl_expr_yyerrhandle; + goto nss_expr_yyerrhandle; -ssl_expr_yyerrdefault: /* current state does not do anything special for the error token. */ +nss_expr_yyerrdefault: /* current state does not do anything special for the error token. */ #if 0 /* This is wrong; only states that explicitly want error tokens should shift them. */ - ssl_expr_yyn = ssl_expr_yydefact[ssl_expr_yystate]; /* If its default is to accept any token, ok. Otherwise pop it.*/ - if (ssl_expr_yyn) goto ssl_expr_yydefault; + nss_expr_yyn = nss_expr_yydefact[nss_expr_yystate]; /* If its default is to accept any token, ok. Otherwise pop it.*/ + if (nss_expr_yyn) goto nss_expr_yydefault; #endif -ssl_expr_yyerrpop: /* pop the current state because it cannot handle the error token */ +nss_expr_yyerrpop: /* pop the current state because it cannot handle the error token */ - if (ssl_expr_yyssp == ssl_expr_yyss) YYABORT; - ssl_expr_yyvsp--; - ssl_expr_yystate = *--ssl_expr_yyssp; + if (nss_expr_yyssp == nss_expr_yyss) YYABORT; + nss_expr_yyvsp--; + nss_expr_yystate = *--nss_expr_yyssp; #ifdef YYLSP_NEEDED - ssl_expr_yylsp--; + nss_expr_yylsp--; #endif #if YYDEBUG != 0 - if (ssl_expr_yydebug) + if (nss_expr_yydebug) { - short *ssp1 = ssl_expr_yyss - 1; + short *ssp1 = nss_expr_yyss - 1; fprintf (stderr, "Error: state stack now"); - while (ssp1 != ssl_expr_yyssp) + while (ssp1 != nss_expr_yyssp) fprintf (stderr, " %d", *++ssp1); fprintf (stderr, "\n"); } #endif -ssl_expr_yyerrhandle: +nss_expr_yyerrhandle: - ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate]; - if (ssl_expr_yyn == YYFLAG) - goto ssl_expr_yyerrdefault; + nss_expr_yyn = nss_expr_yypact[nss_expr_yystate]; + if (nss_expr_yyn == YYFLAG) + goto nss_expr_yyerrdefault; - ssl_expr_yyn += YYTERROR; - if (ssl_expr_yyn < 0 || ssl_expr_yyn > YYLAST || ssl_expr_yycheck[ssl_expr_yyn] != YYTERROR) - goto ssl_expr_yyerrdefault; + nss_expr_yyn += YYTERROR; + if (nss_expr_yyn < 0 || nss_expr_yyn > YYLAST || nss_expr_yycheck[nss_expr_yyn] != YYTERROR) + goto nss_expr_yyerrdefault; - ssl_expr_yyn = ssl_expr_yytable[ssl_expr_yyn]; - if (ssl_expr_yyn < 0) + nss_expr_yyn = nss_expr_yytable[nss_expr_yyn]; + if (nss_expr_yyn < 0) { - if (ssl_expr_yyn == YYFLAG) - goto ssl_expr_yyerrpop; - ssl_expr_yyn = -ssl_expr_yyn; - goto ssl_expr_yyreduce; + if (nss_expr_yyn == YYFLAG) + goto nss_expr_yyerrpop; + nss_expr_yyn = -nss_expr_yyn; + goto nss_expr_yyreduce; } - else if (ssl_expr_yyn == 0) - goto ssl_expr_yyerrpop; + else if (nss_expr_yyn == 0) + goto nss_expr_yyerrpop; - if (ssl_expr_yyn == YYFINAL) + if (nss_expr_yyn == YYFINAL) YYACCEPT; #if YYDEBUG != 0 - if (ssl_expr_yydebug) + if (nss_expr_yydebug) fprintf(stderr, "Shifting error token, "); #endif - *++ssl_expr_yyvsp = ssl_expr_yylval; + *++nss_expr_yyvsp = nss_expr_yylval; #ifdef YYLSP_NEEDED - *++ssl_expr_yylsp = ssl_expr_yylloc; + *++nss_expr_yylsp = nss_expr_yylloc; #endif - ssl_expr_yystate = ssl_expr_yyn; - goto ssl_expr_yynewstate; + nss_expr_yystate = nss_expr_yyn; + goto nss_expr_yynewstate; - ssl_expr_yyacceptlab: + nss_expr_yyacceptlab: /* YYACCEPT comes here. */ - if (ssl_expr_yyfree_stacks) + if (nss_expr_yyfree_stacks) { - free (ssl_expr_yyss); - free (ssl_expr_yyvs); + free (nss_expr_yyss); + free (nss_expr_yyvs); #ifdef YYLSP_NEEDED - free (ssl_expr_yyls); + free (nss_expr_yyls); #endif } return 0; - ssl_expr_yyabortlab: + nss_expr_yyabortlab: /* YYABORT comes here. */ - if (ssl_expr_yyfree_stacks) + if (nss_expr_yyfree_stacks) { - free (ssl_expr_yyss); - free (ssl_expr_yyvs); + free (nss_expr_yyss); + free (nss_expr_yyvs); #ifdef YYLSP_NEEDED - free (ssl_expr_yyls); + free (nss_expr_yyls); #endif } return 1; } -#line 140 "ssl_expr_parse.y" +#line 128 "nss_expr_parse.y" -int ssl_expr_yyerror(char *s) +int nss_expr_yyerror(char *s) { - ssl_expr_error = s; + nss_expr_error = s; return 2; } diff --git a/ssl_expr_parse.h b/nss_expr_parse.h index 5378e28..09adf01 100644 --- a/ssl_expr_parse.h +++ b/nss_expr_parse.h @@ -1,6 +1,6 @@ typedef union { char *cpVal; - ssl_expr *exVal; + nss_expr *exVal; } YYSTYPE; #define T_TRUE 257 #define T_FALSE 258 @@ -24,4 +24,4 @@ typedef union { #define T_OP_NOT 276 -extern YYSTYPE ssl_expr_yylval; +extern YYSTYPE nss_expr_yylval; diff --git a/ssl_expr_parse.y b/nss_expr_parse.y index 21fe64c..9ee1a1a 100644 --- a/ssl_expr_parse.y +++ b/nss_expr_parse.y @@ -13,18 +13,6 @@ * limitations under the License. */ -/* _ _ - * _ __ ___ ___ __| | ___ ___| | - * | '_ ` _ \ / _ \ / _` | / __/ __| | - * | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to OpenSSL - * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/ - * |_____| - * ssl_expr_parse.y - * Expression LR(1) Parser - */ - /* ``What you see is all you get.'' - -- Brian Kernighan */ - /* _________________________________________________________________ ** ** Expression Parser @@ -37,7 +25,7 @@ %union { char *cpVal; - ssl_expr *exVal; + nss_expr *exVal; } %token T_TRUE @@ -78,62 +66,62 @@ %% -root : expr { ssl_expr_info.expr = $1; } +root : expr { nss_expr_info.expr = $1; } ; -expr : T_TRUE { $$ = ssl_expr_make(op_True, NULL, NULL); } - | T_FALSE { $$ = ssl_expr_make(op_False, NULL, NULL); } - | T_OP_NOT expr { $$ = ssl_expr_make(op_Not, $2, NULL); } - | expr T_OP_OR expr { $$ = ssl_expr_make(op_Or, $1, $3); } - | expr T_OP_AND expr { $$ = ssl_expr_make(op_And, $1, $3); } - | comparison { $$ = ssl_expr_make(op_Comp, $1, NULL); } +expr : T_TRUE { $$ = nss_expr_make(op_True, NULL, NULL); } + | T_FALSE { $$ = nss_expr_make(op_False, NULL, NULL); } + | T_OP_NOT expr { $$ = nss_expr_make(op_Not, $2, NULL); } + | expr T_OP_OR expr { $$ = nss_expr_make(op_Or, $1, $3); } + | expr T_OP_AND expr { $$ = nss_expr_make(op_And, $1, $3); } + | comparison { $$ = nss_expr_make(op_Comp, $1, NULL); } | '(' expr ')' { $$ = $2; } ; -comparison: word T_OP_EQ word { $$ = ssl_expr_make(op_EQ, $1, $3); } - | word T_OP_NE word { $$ = ssl_expr_make(op_NE, $1, $3); } - | word T_OP_LT word { $$ = ssl_expr_make(op_LT, $1, $3); } - | word T_OP_LE word { $$ = ssl_expr_make(op_LE, $1, $3); } - | word T_OP_GT word { $$ = ssl_expr_make(op_GT, $1, $3); } - | word T_OP_GE word { $$ = ssl_expr_make(op_GE, $1, $3); } - | word T_OP_IN '{' words '}' { $$ = ssl_expr_make(op_IN, $1, $4); } - | word T_OP_REG regex { $$ = ssl_expr_make(op_REG, $1, $3); } - | word T_OP_NRE regex { $$ = ssl_expr_make(op_NRE, $1, $3); } +comparison: word T_OP_EQ word { $$ = nss_expr_make(op_EQ, $1, $3); } + | word T_OP_NE word { $$ = nss_expr_make(op_NE, $1, $3); } + | word T_OP_LT word { $$ = nss_expr_make(op_LT, $1, $3); } + | word T_OP_LE word { $$ = nss_expr_make(op_LE, $1, $3); } + | word T_OP_GT word { $$ = nss_expr_make(op_GT, $1, $3); } + | word T_OP_GE word { $$ = nss_expr_make(op_GE, $1, $3); } + | word T_OP_IN '{' words '}' { $$ = nss_expr_make(op_IN, $1, $4); } + | word T_OP_REG regex { $$ = nss_expr_make(op_REG, $1, $3); } + | word T_OP_NRE regex { $$ = nss_expr_make(op_NRE, $1, $3); } ; -words : word { $$ = ssl_expr_make(op_ListElement, $1, NULL); } - | words ',' word { $$ = ssl_expr_make(op_ListElement, $3, $1); } +words : word { $$ = nss_expr_make(op_ListElement, $1, NULL); } + | words ',' word { $$ = nss_expr_make(op_ListElement, $3, $1); } ; -word : T_DIGIT { $$ = ssl_expr_make(op_Digit, $1, NULL); } - | T_STRING { $$ = ssl_expr_make(op_String, $1, NULL); } - | '%' '{' T_ID '}' { $$ = ssl_expr_make(op_Var, $3, NULL); } +word : T_DIGIT { $$ = nss_expr_make(op_Digit, $1, NULL); } + | T_STRING { $$ = nss_expr_make(op_String, $1, NULL); } + | '%' '{' T_ID '}' { $$ = nss_expr_make(op_Var, $3, NULL); } | funccall { $$ = $1; } ; regex : T_REGEX { regex_t *regex; - if ((regex = ap_pregcomp(ssl_expr_info.pool, $1, + if ((regex = ap_pregcomp(nss_expr_info.pool, $1, REG_EXTENDED|REG_NOSUB)) == NULL) { - ssl_expr_error = "Failed to compile regular expression"; + nss_expr_error = "Failed to compile regular expression"; YYERROR; } - $$ = ssl_expr_make(op_Regex, regex, NULL); + $$ = nss_expr_make(op_Regex, regex, NULL); } | T_REGEX_I { regex_t *regex; - if ((regex = ap_pregcomp(ssl_expr_info.pool, $1, + if ((regex = ap_pregcomp(nss_expr_info.pool, $1, REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) { - ssl_expr_error = "Failed to compile regular expression"; + nss_expr_error = "Failed to compile regular expression"; YYERROR; } - $$ = ssl_expr_make(op_Regex, regex, NULL); + $$ = nss_expr_make(op_Regex, regex, NULL); } ; funccall : T_FUNC_FILE '(' T_STRING ')' { - ssl_expr *args = ssl_expr_make(op_ListElement, $3, NULL); - $$ = ssl_expr_make(op_Func, "file", args); + nss_expr *args = nss_expr_make(op_ListElement, $3, NULL); + $$ = nss_expr_make(op_Func, "file", args); } ; @@ -141,7 +129,7 @@ funccall : T_FUNC_FILE '(' T_STRING ')' { int yyerror(char *s) { - ssl_expr_error = s; + nss_expr_error = s; return 2; } diff --git a/ssl_expr_scan.c b/nss_expr_scan.c index a351735..490ff54 100644 --- a/ssl_expr_scan.c +++ b/nss_expr_scan.c @@ -1,19 +1,19 @@ -#define yy_create_buffer ssl_expr_yy_create_buffer -#define yy_delete_buffer ssl_expr_yy_delete_buffer -#define yy_scan_buffer ssl_expr_yy_scan_buffer -#define yy_scan_string ssl_expr_yy_scan_string -#define yy_scan_bytes ssl_expr_yy_scan_bytes -#define yy_flex_debug ssl_expr_yy_flex_debug -#define yy_init_buffer ssl_expr_yy_init_buffer -#define yy_flush_buffer ssl_expr_yy_flush_buffer -#define yy_load_buffer_state ssl_expr_yy_load_buffer_state -#define yy_switch_to_buffer ssl_expr_yy_switch_to_buffer -#define yyin ssl_expr_yyin -#define yyleng ssl_expr_yyleng -#define yylex ssl_expr_yylex -#define yyout ssl_expr_yyout -#define yyrestart ssl_expr_yyrestart -#define yytext ssl_expr_yytext +#define yy_create_buffer nss_expr_yy_create_buffer +#define yy_delete_buffer nss_expr_yy_delete_buffer +#define yy_scan_buffer nss_expr_yy_scan_buffer +#define yy_scan_string nss_expr_yy_scan_string +#define yy_scan_bytes nss_expr_yy_scan_bytes +#define yy_flex_debug nss_expr_yy_flex_debug +#define yy_init_buffer nss_expr_yy_init_buffer +#define yy_flush_buffer nss_expr_yy_flush_buffer +#define yy_load_buffer_state nss_expr_yy_load_buffer_state +#define yy_switch_to_buffer nss_expr_yy_switch_to_buffer +#define yyin nss_expr_yyin +#define yyleng nss_expr_yyleng +#define yylex nss_expr_yylex +#define yyout nss_expr_yyout +#define yyrestart nss_expr_yyrestart +#define yytext nss_expr_yytext /* A lexical scanner generated by flex */ @@ -443,7 +443,7 @@ static char *yy_last_accepting_cpos; #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET char *yytext; -#line 1 "ssl_expr_scan.l" +#line 1 "nss_expr_scan.l" #define INITIAL 0 /* Copyright 2001-2004 The Apache Software Foundation * @@ -459,27 +459,15 @@ char *yytext; * See the License for the specific language governing permissions and * limitations under the License. */ -/* _ _ - * _ __ ___ ___ __| | ___ ___| | - * | '_ ` _ \ / _ \ / _` | / __/ __| | - * | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to OpenSSL - * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/ - * |_____| - * ssl_expr_scan.l - * Expression Scanner - */ -/* ``Killing for peace is -like fucking for virginity.'' --- Unknown */ /* _________________________________________________________________ ** ** Expression Scanner ** _________________________________________________________________ */ -#line 36 "ssl_expr_scan.l" +#line 23 "nss_expr_scan.l" #include "mod_nss.h" -#include "ssl_expr_parse.h" +#include "nss_expr_parse.h" #define YY_NO_UNPUT 1 int yyinput(char *buf, int max_size); @@ -496,7 +484,7 @@ int yyinput(char *buf, int max_size); #define regex 2 #define regex_flags 3 -#line 501 "lex.ssl_expr_yy.c" +#line 489 "lex.nss_expr_yy.c" /* Macros after this point can all be overridden by user definitions in * section 1. @@ -647,7 +635,7 @@ YY_DECL register char *yy_cp = NULL, *yy_bp = NULL; register int yy_act; -#line 57 "ssl_expr_scan.l" +#line 44 "nss_expr_scan.l" char caStr[MAX_STR_LEN]; @@ -659,7 +647,7 @@ YY_DECL /* * Whitespaces */ -#line 664 "lex.ssl_expr_yy.c" +#line 652 "lex.nss_expr_yy.c" if ( yy_init ) { @@ -740,7 +728,7 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 68 "ssl_expr_scan.l" +#line 55 "nss_expr_scan.l" { /* NOP */ } @@ -750,7 +738,7 @@ YY_RULE_SETUP */ case 2: YY_RULE_SETUP -#line 75 "ssl_expr_scan.l" +#line 62 "nss_expr_scan.l" { cpStr = caStr; BEGIN(str); @@ -758,24 +746,24 @@ YY_RULE_SETUP YY_BREAK case 3: YY_RULE_SETUP -#line 79 "ssl_expr_scan.l" +#line 66 "nss_expr_scan.l" { BEGIN(INITIAL); *cpStr = NUL; - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caStr); + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caStr); return T_STRING; } YY_BREAK case 4: YY_RULE_SETUP -#line 85 "ssl_expr_scan.l" +#line 72 "nss_expr_scan.l" { yyerror("Unterminated string"); } YY_BREAK case 5: YY_RULE_SETUP -#line 88 "ssl_expr_scan.l" +#line 75 "nss_expr_scan.l" { int result; @@ -788,46 +776,46 @@ YY_RULE_SETUP YY_BREAK case 6: YY_RULE_SETUP -#line 97 "ssl_expr_scan.l" +#line 84 "nss_expr_scan.l" { yyerror("Bad escape sequence"); } YY_BREAK case 7: YY_RULE_SETUP -#line 100 "ssl_expr_scan.l" +#line 87 "nss_expr_scan.l" { *cpStr++ = '\n'; } YY_BREAK case 8: YY_RULE_SETUP -#line 101 "ssl_expr_scan.l" +#line 88 "nss_expr_scan.l" { *cpStr++ = '\r'; } YY_BREAK case 9: YY_RULE_SETUP -#line 102 "ssl_expr_scan.l" +#line 89 "nss_expr_scan.l" { *cpStr++ = '\t'; } YY_BREAK case 10: YY_RULE_SETUP -#line 103 "ssl_expr_scan.l" +#line 90 "nss_expr_scan.l" { *cpStr++ = '\b'; } YY_BREAK case 11: YY_RULE_SETUP -#line 104 "ssl_expr_scan.l" +#line 91 "nss_expr_scan.l" { *cpStr++ = '\f'; } YY_BREAK case 12: YY_RULE_SETUP -#line 105 "ssl_expr_scan.l" +#line 92 "nss_expr_scan.l" { *cpStr++ = yytext[1]; } YY_BREAK case 13: YY_RULE_SETUP -#line 108 "ssl_expr_scan.l" +#line 95 "nss_expr_scan.l" { char *cp = yytext; while (*cp != NUL) @@ -836,7 +824,7 @@ YY_RULE_SETUP YY_BREAK case 14: YY_RULE_SETUP -#line 113 "ssl_expr_scan.l" +#line 100 "nss_expr_scan.l" { *cpStr++ = yytext[1]; } @@ -846,7 +834,7 @@ YY_RULE_SETUP */ case 15: YY_RULE_SETUP -#line 120 "ssl_expr_scan.l" +#line 107 "nss_expr_scan.l" { cRegexDel = yytext[1]; cpRegex = caRegex; @@ -855,7 +843,7 @@ YY_RULE_SETUP YY_BREAK case 16: YY_RULE_SETUP -#line 125 "ssl_expr_scan.l" +#line 112 "nss_expr_scan.l" { if (yytext[0] == cRegexDel) { *cpRegex = NUL; @@ -868,27 +856,27 @@ YY_RULE_SETUP YY_BREAK case 17: YY_RULE_SETUP -#line 134 "ssl_expr_scan.l" +#line 121 "nss_expr_scan.l" { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex); + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex); BEGIN(INITIAL); return T_REGEX_I; } YY_BREAK case 18: YY_RULE_SETUP -#line 139 "ssl_expr_scan.l" +#line 126 "nss_expr_scan.l" { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex); + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex); yyless(0); BEGIN(INITIAL); return T_REGEX; } YY_BREAK case YY_STATE_EOF(regex_flags): -#line 145 "ssl_expr_scan.l" +#line 132 "nss_expr_scan.l" { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex); + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex); BEGIN(INITIAL); return T_REGEX; } @@ -898,107 +886,107 @@ case YY_STATE_EOF(regex_flags): */ case 19: YY_RULE_SETUP -#line 154 "ssl_expr_scan.l" +#line 141 "nss_expr_scan.l" { return T_OP_EQ; } YY_BREAK case 20: YY_RULE_SETUP -#line 155 "ssl_expr_scan.l" +#line 142 "nss_expr_scan.l" { return T_OP_EQ; } YY_BREAK case 21: YY_RULE_SETUP -#line 156 "ssl_expr_scan.l" +#line 143 "nss_expr_scan.l" { return T_OP_NE; } YY_BREAK case 22: YY_RULE_SETUP -#line 157 "ssl_expr_scan.l" +#line 144 "nss_expr_scan.l" { return T_OP_NE; } YY_BREAK case 23: YY_RULE_SETUP -#line 158 "ssl_expr_scan.l" +#line 145 "nss_expr_scan.l" { return T_OP_LT; } YY_BREAK case 24: YY_RULE_SETUP -#line 159 "ssl_expr_scan.l" +#line 146 "nss_expr_scan.l" { return T_OP_LT; } YY_BREAK case 25: YY_RULE_SETUP -#line 160 "ssl_expr_scan.l" +#line 147 "nss_expr_scan.l" { return T_OP_LE; } YY_BREAK case 26: YY_RULE_SETUP -#line 161 "ssl_expr_scan.l" +#line 148 "nss_expr_scan.l" { return T_OP_LE; } YY_BREAK case 27: YY_RULE_SETUP -#line 162 "ssl_expr_scan.l" +#line 149 "nss_expr_scan.l" { return T_OP_GT; } YY_BREAK case 28: YY_RULE_SETUP -#line 163 "ssl_expr_scan.l" +#line 150 "nss_expr_scan.l" { return T_OP_GT; } YY_BREAK case 29: YY_RULE_SETUP -#line 164 "ssl_expr_scan.l" +#line 151 "nss_expr_scan.l" { return T_OP_GE; } YY_BREAK case 30: YY_RULE_SETUP -#line 165 "ssl_expr_scan.l" +#line 152 "nss_expr_scan.l" { return T_OP_GE; } YY_BREAK case 31: YY_RULE_SETUP -#line 166 "ssl_expr_scan.l" +#line 153 "nss_expr_scan.l" { return T_OP_REG; } YY_BREAK case 32: YY_RULE_SETUP -#line 167 "ssl_expr_scan.l" +#line 154 "nss_expr_scan.l" { return T_OP_NRE; } YY_BREAK case 33: YY_RULE_SETUP -#line 168 "ssl_expr_scan.l" +#line 155 "nss_expr_scan.l" { return T_OP_AND; } YY_BREAK case 34: YY_RULE_SETUP -#line 169 "ssl_expr_scan.l" +#line 156 "nss_expr_scan.l" { return T_OP_AND; } YY_BREAK case 35: YY_RULE_SETUP -#line 170 "ssl_expr_scan.l" +#line 157 "nss_expr_scan.l" { return T_OP_OR; } YY_BREAK case 36: YY_RULE_SETUP -#line 171 "ssl_expr_scan.l" +#line 158 "nss_expr_scan.l" { return T_OP_OR; } YY_BREAK case 37: YY_RULE_SETUP -#line 172 "ssl_expr_scan.l" +#line 159 "nss_expr_scan.l" { return T_OP_NOT; } YY_BREAK case 38: YY_RULE_SETUP -#line 173 "ssl_expr_scan.l" +#line 160 "nss_expr_scan.l" { return T_OP_NOT; } YY_BREAK case 39: YY_RULE_SETUP -#line 174 "ssl_expr_scan.l" +#line 161 "nss_expr_scan.l" { return T_OP_IN; } YY_BREAK /* @@ -1006,7 +994,7 @@ YY_RULE_SETUP */ case 40: YY_RULE_SETUP -#line 179 "ssl_expr_scan.l" +#line 166 "nss_expr_scan.l" { return T_FUNC_FILE; } YY_BREAK /* @@ -1014,12 +1002,12 @@ YY_RULE_SETUP */ case 41: YY_RULE_SETUP -#line 184 "ssl_expr_scan.l" +#line 171 "nss_expr_scan.l" { return T_TRUE; } YY_BREAK case 42: YY_RULE_SETUP -#line 185 "ssl_expr_scan.l" +#line 172 "nss_expr_scan.l" { return T_FALSE; } YY_BREAK /* @@ -1027,9 +1015,9 @@ YY_RULE_SETUP */ case 43: YY_RULE_SETUP -#line 190 "ssl_expr_scan.l" +#line 177 "nss_expr_scan.l" { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext); + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext); return T_DIGIT; } YY_BREAK @@ -1038,9 +1026,9 @@ YY_RULE_SETUP */ case 44: YY_RULE_SETUP -#line 198 "ssl_expr_scan.l" +#line 185 "nss_expr_scan.l" { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext); + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext); return T_ID; } YY_BREAK @@ -1049,17 +1037,17 @@ YY_RULE_SETUP */ case 45: YY_RULE_SETUP -#line 206 "ssl_expr_scan.l" +#line 193 "nss_expr_scan.l" { return yytext[0]; } YY_BREAK case 46: YY_RULE_SETUP -#line 210 "ssl_expr_scan.l" +#line 197 "nss_expr_scan.l" YY_FATAL_ERROR( "flex scanner jammed" ); YY_BREAK -#line 1064 "lex.ssl_expr_yy.c" +#line 1052 "lex.nss_expr_yy.c" case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(str): case YY_STATE_EOF(regex): @@ -1943,19 +1931,19 @@ int main() return 0; } #endif -#line 210 "ssl_expr_scan.l" +#line 197 "nss_expr_scan.l" int yyinput(char *buf, int max_size) { int n; - if ((n = MIN(max_size, ssl_expr_info.inputbuf - + ssl_expr_info.inputlen - - ssl_expr_info.inputptr)) <= 0) + if ((n = MIN(max_size, nss_expr_info.inputbuf + + nss_expr_info.inputlen + - nss_expr_info.inputptr)) <= 0) return YY_NULL; - memcpy(buf, ssl_expr_info.inputptr, n); - ssl_expr_info.inputptr += n; + memcpy(buf, nss_expr_info.inputptr, n); + nss_expr_info.inputptr += n; return n; } diff --git a/ssl_expr_scan.l b/nss_expr_scan.l index c22bd3e..e237de2 100644 --- a/ssl_expr_scan.l +++ b/nss_expr_scan.l @@ -13,19 +13,6 @@ * limitations under the License. */ -/* _ _ - * _ __ ___ ___ __| | ___ ___| | - * | '_ ` _ \ / _ \ / _` | / __/ __| | - * | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to OpenSSL - * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/ - * |_____| - * ssl_expr_scan.l - * Expression Scanner - */ - /* ``Killing for peace is - like fucking for virginity.'' - -- Unknown */ - /* _________________________________________________________________ ** ** Expression Scanner @@ -35,7 +22,7 @@ %{ #include "mod_nss.h" -#include "ssl_expr_parse.h" +#include "nss_expr_parse.h" #define YY_NO_UNPUT 1 int yyinput(char *buf, int max_size); @@ -79,7 +66,7 @@ int yyinput(char *buf, int max_size); <str>\" { BEGIN(INITIAL); *cpStr = NUL; - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caStr); + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caStr); return T_STRING; } <str>\n { @@ -132,18 +119,18 @@ int yyinput(char *buf, int max_size); } } <regex_flags>i { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex); + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex); BEGIN(INITIAL); return T_REGEX_I; } <regex_flags>.|\n { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex); + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex); yyless(0); BEGIN(INITIAL); return T_REGEX; } <regex_flags><<EOF>> { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex); + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex); BEGIN(INITIAL); return T_REGEX; } @@ -188,7 +175,7 @@ int yyinput(char *buf, int max_size); * Digits */ [0-9]+ { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext); + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext); return T_DIGIT; } @@ -196,7 +183,7 @@ int yyinput(char *buf, int max_size); * Identifiers */ [a-zA-Z][a-zA-Z0-9_:-]* { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext); + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext); return T_ID; } @@ -213,12 +200,12 @@ int yyinput(char *buf, int max_size) { int n; - if ((n = MIN(max_size, ssl_expr_info.inputbuf - + ssl_expr_info.inputlen - - ssl_expr_info.inputptr)) <= 0) + if ((n = MIN(max_size, nss_expr_info.inputbuf + + nss_expr_info.inputlen + - nss_expr_info.inputptr)) <= 0) return YY_NULL; - memcpy(buf, ssl_expr_info.inputptr, n); - ssl_expr_info.inputptr += n; + memcpy(buf, nss_expr_info.inputptr, n); + nss_expr_info.inputptr += n; return n; } @@ -24,7 +24,7 @@ ** _________________________________________________________________ */ -char *ssl_util_vhostid(apr_pool_t *p, server_rec *s) +char *nss_util_vhostid(apr_pool_t *p, server_rec *s) { char *id; SSLSrvConfigRec *sc; @@ -45,24 +45,24 @@ char *ssl_util_vhostid(apr_pool_t *p, server_rec *s) return id; } -void ssl_util_strupper(char *s) +void nss_util_strupper(char *s) { for (; *s; ++s) *s = apr_toupper(*s); return; } -static const char ssl_util_uuencode_six2pr[64+1] = +static const char nss_util_uuencode_six2pr[64+1] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -void ssl_util_uuencode(char *szTo, const char *szFrom, BOOL bPad) +void nss_util_uuencode(char *szTo, const char *szFrom, BOOL bPad) { - ssl_util_uuencode_binary((unsigned char *)szTo, + nss_util_uuencode_binary((unsigned char *)szTo, (const unsigned char *)szFrom, strlen(szFrom), bPad); } -void ssl_util_uuencode_binary(unsigned char *szTo, +void nss_util_uuencode_binary(unsigned char *szTo, const unsigned char *szFrom, int nLength, BOOL bPad) { @@ -70,18 +70,18 @@ void ssl_util_uuencode_binary(unsigned char *szTo, int nPad = 0; for (s = szFrom; nLength > 0; s += 3) { - *szTo++ = ssl_util_uuencode_six2pr[s[0] >> 2]; - *szTo++ = ssl_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f]; + *szTo++ = nss_util_uuencode_six2pr[s[0] >> 2]; + *szTo++ = nss_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f]; if (--nLength == 0) { nPad = 2; break; } - *szTo++ = ssl_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f]; + *szTo++ = nss_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f]; if (--nLength == 0) { nPad = 1; break; } - *szTo++ = ssl_util_uuencode_six2pr[s[2] & 0x3f]; + *szTo++ = nss_util_uuencode_six2pr[s[2] & 0x3f]; --nLength; } while(bPad && nPad--) { @@ -91,7 +91,7 @@ void ssl_util_uuencode_binary(unsigned char *szTo, return; } -apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd, +apr_file_t *nss_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd, const char * const *argv) { apr_procattr_t *procattr; @@ -114,7 +114,7 @@ apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd, return proc->out; } -void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp) +void nss_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp) { apr_file_close(fp); return; @@ -123,7 +123,7 @@ void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp) /* * Run a filter program and read the first line of its stdout output */ -char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd, +char *nss_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd, const char * const *argv) { static char buf[MAX_STRING_LEN]; @@ -132,7 +132,7 @@ char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd, char c; int k; - if ((fp = ssl_util_ppopen(s, p, cmd, argv)) == NULL) + if ((fp = nss_util_ppopen(s, p, cmd, argv)) == NULL) return NULL; /* XXX: we are reading 1 byte at a time here */ for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS @@ -142,7 +142,7 @@ char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd, buf[k++] = c; } buf[k] = NUL; - ssl_util_ppclose(s, p, fp); + nss_util_ppclose(s, p, fp); return buf; } |