From 102486d90b09d87c7666d70bfb0d01a564868d67 Mon Sep 17 00:00:00 2001 From: rcritten <> Date: Tue, 31 May 2005 14:32:42 +0000 Subject: Changed function and configuration names so mod_nss can peacefully co-exist with mod_ssl. --- Makefile.am | 20 +- Makefile.in | 32 +- TODO | 3 +- migrate.pl | 78 +- mod_nss.c | 92 ++- mod_nss.h | 128 ++-- modules.mk | 4 +- nss_engine_config.c | 99 ++- nss_engine_init.c | 175 ++--- nss_engine_io.c | 130 ++-- nss_engine_kernel.c | 60 +- nss_engine_log.c | 8 +- nss_engine_pphrase.c | 36 +- nss_engine_vars.c | 126 ++-- nss_expr.c | 53 +- nss_expr.h | 55 +- nss_expr_eval.c | 142 ++-- nss_expr_parse.c | 1079 +++++++++++++++++++++++++++ nss_expr_parse.h | 27 + nss_expr_parse.y | 135 ++++ nss_expr_scan.c | 1949 +++++++++++++++++++++++++++++++++++++++++++++++++ nss_expr_scan.l | 211 ++++++ nss_util.c | 30 +- ssl_expr_parse.c | 1079 --------------------------- ssl_expr_parse.h | 27 - ssl_expr_parse.y | 147 ---- ssl_expr_scan.c | 1961 -------------------------------------------------- ssl_expr_scan.l | 224 ------ 28 files changed, 4035 insertions(+), 4075 deletions(-) create mode 100644 nss_expr_parse.c create mode 100644 nss_expr_parse.h create mode 100644 nss_expr_parse.y create mode 100644 nss_expr_scan.c create mode 100644 nss_expr_scan.l delete mode 100644 ssl_expr_parse.c delete mode 100644 ssl_expr_parse.h delete mode 100644 ssl_expr_parse.y delete mode 100644 ssl_expr_scan.c delete mode 100644 ssl_expr_scan.l diff --git a/Makefile.am b/Makefile.am index e12422d..8de5b22 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,7 +6,7 @@ bin_PROGRAMS = nss_pcache nss_pcache_SOURCES = nss_pcache.c ## Define the source file for the module -libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c ssl_expr_parse.y ssl_expr_scan.l nss_util.c +libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c nss_expr_parse.y nss_expr_scan.l nss_util.c ## Set the includes and libraries needed INCLUDES = -I@apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@ @@ -58,17 +58,17 @@ install-binPROGRAMS: $(bin_PROGRAMS) @echo "********************** NOTE **************************" @echo "" -ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h - $(LEX) -Pssl_expr_yy -s -B ssl_expr_scan.l - sed -e '/$$Header:/d' ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c +nss_expr_scan.c: nss_expr_scan.l nss_expr_parse.h + $(LEX) -Pnss_expr_yy -s -B nss_expr_scan.l + sed -e '/$$Header:/d' nss_expr_scan.c && rm -f lex.nss_expr_yy.c -ssl_expr_parse.c ssl_expr_parse.h: ssl_expr_parse.y - $(YACC) -d ssl_expr_parse.y - sed -e 's;yy;ssl_expr_yy;g' \ +nss_expr_parse.c nss_expr_parse.h: nss_expr_parse.y + $(YACC) -d nss_expr_parse.y + sed -e 's;yy;nss_expr_yy;g' \ -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \ - ssl_expr_parse.c && rm -f y.tab.c - sed -e 's;yy;ssl_expr_yy;g' \ - ssl_expr_parse.h && rm -f y.tab.h + nss_expr_parse.c && rm -f y.tab.c + sed -e 's;yy;nss_expr_yy;g' \ + nss_expr_parse.h && rm -f y.tab.h LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) \ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ diff --git a/Makefile.in b/Makefile.in index 1166181..6f29fce 100644 --- a/Makefile.in +++ b/Makefile.in @@ -96,7 +96,7 @@ bin_PROGRAMS = nss_pcache nss_pcache_SOURCES = nss_pcache.c -libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c ssl_expr_parse.y ssl_expr_scan.l nss_util.c +libmodnss_la_SOURCES = mod_nss.c nss_engine_config.c nss_engine_init.c nss_engine_io.c nss_engine_kernel.c nss_engine_log.c nss_engine_pphrase.c nss_engine_vars.c nss_expr.c nss_expr_eval.c nss_expr_parse.y nss_expr_scan.l nss_util.c INCLUDES = -I@apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@ LIBS = @nspr_lib@ @nss_lib@ -lnspr4 -lplc4 -lplds4 -lssl3 -lsmime3 -lnss3 @@ -123,7 +123,7 @@ libmodnss_la_LIBADD = libmodnss_la_OBJECTS = mod_nss.lo nss_engine_config.lo \ nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo \ nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo \ -nss_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo nss_util.lo +nss_expr_eval.lo nss_expr_parse.lo nss_expr_scan.lo nss_util.lo bin_PROGRAMS = nss_pcache$(EXEEXT) PROGRAMS = $(bin_PROGRAMS) @@ -139,7 +139,7 @@ CCLD = $(CC) DIST_COMMON = README AUTHORS COPYING ChangeLog INSTALL Makefile.am \ Makefile.in NEWS TODO aclocal.m4 config.guess config.sub configure \ configure.in gencert.in install-sh ltmain.sh missing mkinstalldirs \ -nss.conf.in ssl_expr_parse.c ssl_expr_scan.c +nss.conf.in nss_expr_parse.c nss_expr_scan.c DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) @@ -150,8 +150,8 @@ DEP_FILES = .deps/mod_nss.P .deps/nss_engine_config.P \ .deps/nss_engine_init.P .deps/nss_engine_io.P .deps/nss_engine_kernel.P \ .deps/nss_engine_log.P .deps/nss_engine_pphrase.P \ .deps/nss_engine_vars.P .deps/nss_expr.P .deps/nss_expr_eval.P \ -.deps/nss_pcache.P .deps/nss_util.P .deps/ssl_expr_parse.P \ -.deps/ssl_expr_scan.P +.deps/nss_expr_parse.P .deps/nss_expr_scan.P .deps/nss_pcache.P \ +.deps/nss_util.P SOURCES = $(libmodnss_la_SOURCES) $(nss_pcache_SOURCES) OBJECTS = $(libmodnss_la_OBJECTS) $(nss_pcache_OBJECTS) @@ -258,7 +258,7 @@ nss_pcache$(EXEEXT): $(nss_pcache_OBJECTS) $(nss_pcache_DEPENDENCIES) if test -f y.tab.h; then \ if cmp -s y.tab.h $*.h; then rm -f y.tab.h; else mv y.tab.h $*.h; fi; \ else :; fi -ssl_expr_parse.h: ssl_expr_parse.c +nss_expr_parse.h: nss_expr_parse.c tags: TAGS @@ -411,7 +411,7 @@ distclean-generic: -rm -f config.cache config.log stamp-h stamp-h[0-9]* maintainer-clean-generic: - -test -z "ssl_expr_scanlssl_expr_parsehssl_expr_parsec" || rm -f ssl_expr_scanl ssl_expr_parseh ssl_expr_parsec + -test -z "nss_expr_scanlnss_expr_parsehnss_expr_parsec" || rm -f nss_expr_scanl nss_expr_parseh nss_expr_parsec mostlyclean-am: mostlyclean-libLTLIBRARIES mostlyclean-compile \ mostlyclean-libtool mostlyclean-binPROGRAMS \ mostlyclean-tags mostlyclean-depend mostlyclean-generic @@ -506,17 +506,17 @@ install-binPROGRAMS: $(bin_PROGRAMS) @echo "********************** NOTE **************************" @echo "" -ssl_expr_scan.c: ssl_expr_scan.l ssl_expr_parse.h - $(LEX) -Pssl_expr_yy -s -B ssl_expr_scan.l - sed -e '/$$Header:/d' ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c +nss_expr_scan.c: nss_expr_scan.l nss_expr_parse.h + $(LEX) -Pnss_expr_yy -s -B nss_expr_scan.l + sed -e '/$$Header:/d' nss_expr_scan.c && rm -f lex.nss_expr_yy.c -ssl_expr_parse.c ssl_expr_parse.h: ssl_expr_parse.y - $(YACC) -d ssl_expr_parse.y - sed -e 's;yy;ssl_expr_yy;g' \ +nss_expr_parse.c nss_expr_parse.h: nss_expr_parse.y + $(YACC) -d nss_expr_parse.y + sed -e 's;yy;nss_expr_yy;g' \ -e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \ - ssl_expr_parse.c && rm -f y.tab.c - sed -e 's;yy;ssl_expr_yy;g' \ - ssl_expr_parse.h && rm -f y.tab.h + nss_expr_parse.c && rm -f y.tab.c + sed -e 's;yy;nss_expr_yy;g' \ + nss_expr_parse.h && rm -f y.tab.h # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/TODO b/TODO index b2c901c..ce9fdf4 100644 --- a/TODO +++ b/TODO @@ -1,2 +1,3 @@ - Support for mod_proxy -- Pull the entire cert chain when requested +- Offer to automatically generate a self-signed cert using gencert during + install? diff --git a/migrate.pl b/migrate.pl index fd0d990..757d85e 100755 --- a/migrate.pl +++ b/migrate.pl @@ -8,9 +8,11 @@ use Getopt::Std; BEGIN { $NSSDir = cwd(); - $CACertificatePath = ""; - $CACertificateFile = ""; + $SSLCACertificatePath = ""; + $SSLCACertificateFile = ""; $SSLCertificateFile = ""; + $SSLCARevocationPath = ""; + $SSLCARevocationFile = ""; $SSLCertificateKeyFile = ""; $passphrase = 0; } @@ -19,14 +21,12 @@ BEGIN { "SSLSessionCache" => "", "SSLMutex" => "", "SSLCertificateChainFile" => "", - "SSLCARevocationPath" => "", - "SSLCARevocationFile" => "", "SSLVerifyDepth" => "" , "SSLCryptoDevice" => "" , "LoadModule" => "" , ); -%insert = ( "SSLSessionCacheTimeout", "SSLSessionCacheSize 10000\nSSL3SessionCacheTimeout 86400\n",); +%insert = ( "NSSSessionCacheTimeout", "NSSSessionCacheSize 10000\nNSSSession3CacheTimeout 86400\n",); getopts('ch'); @@ -60,25 +60,31 @@ while () { } if ($stmt eq "SSLCipherSuite") { - print NSS "SSLCipherSuite ", get_ciphers($val), "\n"; - print NSS "SSLProtocol SSLv3,TLSv1\n"; + print NSS "NSSCipherSuite ", get_ciphers($val), "\n"; + print NSS "NSSProtocol SSLv3,TLSv1\n"; $comment = 1; } elsif ($stmt eq "SSLCACertificatePath") { - $CACertificatePath = $value; + $SSLCACertificatePath = $value; $comment = 1; } elsif ($stmt eq "SSLCACertificateFile") { - $CACertificateFile = $value; + $SSLCACertificateFile = $value; $comment = 1; } elsif ($stmt eq "SSLCertificateFile") { - print NSS "SSLCertificateDatabase $NSSDir\n"; - print NSS "SSLNickName Server-Cert\n"; + print NSS "NSSCertificateDatabase $NSSDir\n"; + print NSS "NSSNickName Server-Cert\n"; $SSLCertificateFile = $value; $comment = 1; } elsif ($stmt eq "SSLCertificateKeyFile") { $SSLCertificateKeyFile = $value; $comment = 1; + } elsif ($stmt eq "SSLCARevocationPath") { + $SSLCARevocationPath = $value; + $comment = 1; + } elsif ($stmt eq "SSLCARevocationFile") { + $SSLCARevocationFile = $value; + $comment = 1; } elsif ($stmt eq "SSLPassPhraseDialog") { - print NSS "SSLPassPhraseHelper /usr/local/bin/nss_pcache\n"; + print NSS "NSSPassPhraseHelper /usr/local/bin/nss_pcache\n"; $passphrase = 1; $comment = 1; } @@ -89,6 +95,9 @@ while () { next; } + # Fix up any remaining directive names + s/^SSL/NSS/; + if (exists($insert{$stmt})) { print NSS "$_"; print NSS $insert{$stmt}; @@ -106,7 +115,7 @@ while () { } if ($passphrase == 0) { - print NSS "SSLPassPhraseHelper /usr/sbin/nss_pcache\n"; + print NSS "NSSPassPhraseHelper /usr/sbin/nss_pcache\n"; } close(NSS); @@ -128,26 +137,55 @@ if ($opt_c) { run_command("pk12util -i server.p12 -d $NSSDir -W foo"); } - if ($CACertificateFile ne "") { - my $subject = get_cert_subject($CACertificateFile); + if ($SSLCACertificateFile ne "") { + my $subject = get_cert_subject($SSLCACertificateFile); if ($subject ne "") { print "Importing CA certificate $subject\n"; - run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $CACertificateFile"); + run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $SSLCACertificateFile"); } } - if ($CACertificatePath ne "") { - opendir(DIR, $CACertificatePath) or die "can't opendir $CACertificatePath: $!"; + if ($SSLCACertificatePath ne "") { + opendir(DIR, $SSLCACertificatePath) or die "can't opendir $SSLCACertificatePath: $!"; while (defined($file = readdir(DIR))) { next if -d $file; # we can operate directly on the hash files so don't have to worry # about any SKIPME's. if ($file =~ /hash.*/) { - my $subject = get_cert_subject("$CACertificatePath/$file"); + my $subject = get_cert_subject("$SSLCACertificatePath/$file"); if ($subject ne "") { print "Importing CA certificate $subject\n"; - run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $CACertificatePath/$file"); + run_command("certutil -A -n \"$subject\" -t \"CT,,\" -d $NSSDir -a -i $SSLCACertificatePath/$file"); + } + } + } + closedir(DIR); + } + + if ($SSLCARevocationFile ne "") { + print "Importing CRL file $CARevocationFile\n"; + # Convert to DER format + run_command("openssl crl -in $SSLCARevocationFile -out /tmp/crl.tmp -inform PEM -outform DER"); + run_command("crlutil -I -t 1 -d $NSSDir -i /tmp/crl.tmp"); + unlink("/tmp/crl.tmp"); + } + + if ($SSLCARevocationPath ne "") { + opendir(DIR, $SSLCARevocationPath) or die "can't opendir $SSLCARevocationPath: $!"; + while (defined($file = readdir(DIR))) { + next if -d $file; + + # we can operate directly on the hash files so don't have to worry + # about any SKIPME's. + if ($file =~ /hash.*/) { + my $subject = get_cert_subject("$SSLCARevocationPath/$file"); + if ($subject ne "") { + print "Importing CRL file $file\n"; + # Convert to DER format + run_command("openssl crl -in $SSLCARevocationPath/$file -out /tmp/crl.tmp -inform PEM -outform DER"); + run_command("crlutil -I -t 1 -d $NSSDir -i /tmp/crl.tmp"); + unlink("/tmp/crl.tmp"); } } } diff --git a/mod_nss.c b/mod_nss.c index 16d090d..131b436 100644 --- a/mod_nss.c +++ b/mod_nss.c @@ -21,20 +21,20 @@ */ #define SSL_CMD_ALL(name, args, desc) \ - AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \ + AP_INIT_##args("NSS"#name, nss_cmd_NSS##name, \ NULL, RSRC_CONF|OR_AUTHCFG, desc), #define SSL_CMD_SRV(name, args, desc) \ - AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \ + AP_INIT_##args("NSS"#name, nss_cmd_NSS##name, \ NULL, RSRC_CONF, desc), #define SSL_CMD_DIR(name, type, args, desc) \ - AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, \ + AP_INIT_##args("NSS"#name, nss_cmd_NSS##name, \ NULL, OR_##type, desc), #define AP_END_CMD { NULL } -static const command_rec ssl_config_cmds[] = { +static const command_rec nss_config_cmds[] = { /* * Global (main-server) context configuration directives */ @@ -44,7 +44,7 @@ static const command_rec ssl_config_cmds[] = { SSL_CMD_SRV(SessionCacheTimeout, TAKE1, "SSL 2 Session Cache object lifetime " "(`N' - number of seconds)") - SSL_CMD_SRV(3SessionCacheTimeout, TAKE1, + SSL_CMD_SRV(Session3CacheTimeout, TAKE1, "SSL 3/TLS Session Cache object lifetime " "(`N' - number of seconds)") SSL_CMD_SRV(SessionCacheSize, TAKE1, @@ -144,18 +144,17 @@ static const command_rec ssl_config_cmds[] = { * the various processing hooks */ -static int ssl_hook_pre_config(apr_pool_t *pconf, +static int nss_hook_pre_config(apr_pool_t *pconf, apr_pool_t *plog, apr_pool_t *ptemp) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_hook_pre_config"); /* Register us to handle mod_log_config %c/%x variables */ - ssl_var_log_config_register(pconf); + nss_var_log_config_register(pconf); return OK; } -static SSLConnRec *ssl_init_connection_ctx(conn_rec *c) +static SSLConnRec *nss_init_connection_ctx(conn_rec *c) { SSLConnRec *sslconn = myConnConfig(c); @@ -167,7 +166,7 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c) sslconn->is_proxy = 0; sslconn->disabled = 0; - sslconn->non_ssl_request = 0; + sslconn->non_nss_request = 0; sslconn->ssl = NULL; myConnConfigSet(c, sslconn); @@ -176,11 +175,11 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c) } #ifdef PROXY -int ssl_proxy_enable(conn_rec *c) +int nss_proxy_enable(conn_rec *c) { SSLSrvConfigRec *sc = mySrvConfig(c->base_server); - SSLConnRec *sslconn = ssl_init_connection_ctx(c); + SSLConnRec *sslconn = nss_init_connection_ctx(c); if (!sc->proxy_enabled) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server, @@ -197,7 +196,7 @@ int ssl_proxy_enable(conn_rec *c) } #endif -int ssl_engine_disable(conn_rec *c) +int nss_engine_disable(conn_rec *c) { SSLSrvConfigRec *sc = mySrvConfig(c->base_server); @@ -207,14 +206,14 @@ int ssl_engine_disable(conn_rec *c) return 0; } - sslconn = ssl_init_connection_ctx(c); + sslconn = nss_init_connection_ctx(c); sslconn->disabled = 1; return 1; } -static int ssl_hook_pre_connection(conn_rec *c, void *csd) +static int nss_hook_pre_connection(conn_rec *c, void *csd) { SSLSrvConfigRec *sc = mySrvConfig(c->base_server); PRFileDesc *ssl; @@ -234,7 +233,7 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) * Create SSL context */ if (!sslconn) { - sslconn = ssl_init_connection_ctx(c); + sslconn = nss_init_connection_ctx(c); } if (sslconn->disabled) { @@ -258,14 +257,14 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) * attach this to the socket. Additionally we register this attachment * so we can detach later. */ - ssl = ssl_io_new_fd(); + ssl = nss_io_new_fd(); ssl = SSL_ImportFD(mctx->model, ssl); if (!(ssl)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server, "Unable to create a new SSL connection from the SSL " "context"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, c->base_server); c->aborted = 1; @@ -275,14 +274,14 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) sslconn->ssl = ssl; sslconn->client_socket = csd; - ssl_io_filter_init(c, ssl); + nss_io_filter_init(c, ssl); SSL_ResetHandshake(ssl, PR_TRUE); return APR_SUCCESS; } -static const char *ssl_hook_http_method(const request_rec *r) +static const char *nss_hook_http_method(const request_rec *r) { SSLSrvConfigRec *sc = mySrvConfig(r->server); @@ -293,7 +292,7 @@ static const char *ssl_hook_http_method(const request_rec *r) return "https"; } -static apr_port_t ssl_hook_default_port(const request_rec *r) +static apr_port_t nss_hook_default_port(const request_rec *r) { SSLSrvConfigRec *sc = mySrvConfig(r->server); @@ -308,38 +307,37 @@ static apr_port_t ssl_hook_default_port(const request_rec *r) * the module registration phase */ -static void ssl_register_hooks(apr_pool_t *p) +static void nss_register_hooks(apr_pool_t *p) { - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_register_hooks"); - ssl_io_filter_register(p); - - ap_hook_pre_connection(ssl_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_post_config (ssl_init_Module, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_http_method (ssl_hook_http_method, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_default_port (ssl_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_pre_config (ssl_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_child_init (ssl_init_Child, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_translate_name(ssl_hook_Translate, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_check_user_id (ssl_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST); - ap_hook_fixups (ssl_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE); - ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE); - - ssl_var_register(); + nss_io_filter_register(p); + + ap_hook_pre_connection(nss_hook_pre_connection,NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_post_config (nss_init_Module, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_http_method (nss_hook_http_method, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_default_port (nss_hook_default_port, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_pre_config (nss_hook_pre_config, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_child_init (nss_init_Child, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_translate_name(nss_hook_Translate, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_check_user_id (nss_hook_UserCheck, NULL,NULL, APR_HOOK_FIRST); + ap_hook_fixups (nss_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_access_checker(nss_hook_Access, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_auth_checker (nss_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_post_read_request(nss_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE); + + nss_var_register(); #ifdef PROXY - APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable); + APR_REGISTER_OPTIONAL_FN(nss_proxy_enable); #endif - APR_REGISTER_OPTIONAL_FN(ssl_engine_disable); + APR_REGISTER_OPTIONAL_FN(nss_engine_disable); } module AP_MODULE_DECLARE_DATA nss_module = { STANDARD20_MODULE_STUFF, - ssl_config_perdir_create, /* create per-dir config structures */ - ssl_config_perdir_merge, /* merge per-dir config structures */ - ssl_config_server_create, /* create per-server config structures */ - ssl_config_server_merge, /* merge per-server config structures */ - ssl_config_cmds, /* table of configuration directives */ - ssl_register_hooks /* register hooks */ + nss_config_perdir_create, /* create per-dir config structures */ + nss_config_perdir_merge, /* merge per-dir config structures */ + nss_config_server_create, /* create per-server config structures */ + nss_config_server_merge, /* merge per-server config structures */ + nss_config_cmds, /* table of configuration directives */ + nss_register_hooks /* register hooks */ }; diff --git a/mod_nss.h b/mod_nss.h index 1095cd2..c43e7e1 100644 --- a/mod_nss.h +++ b/mod_nss.h @@ -152,15 +152,15 @@ ap_set_module_config(c->conn_config, &nss_module, val) #define SSL_OPT_STRICTREQUIRE (1<<5) #define SSL_OPT_OPTRENEGOTIATE (1<<6) #define SSL_OPT_ALL (SSL_OPT_STDENVVARS|SSL_OPT_COMPATENVVAR|SSL_OPT_EXPORTCERTDATA|SSL_OPT_FAKEBASICAUTH|SSL_OPT_STRICTREQUIRE|SSL_OPT_OPTRENEGOTIATE) -typedef int ssl_opt_t; +typedef int nss_opt_t; /* * Define the SSL requirement structure */ typedef struct { char *cpExpr; - ssl_expr *mpExpr; -} ssl_require_t; + nss_expr *mpExpr; +} nss_require_t; /* * Define the SSL verify levels @@ -171,7 +171,7 @@ typedef enum { SSL_CVERIFY_OPTIONAL = 1, SSL_CVERIFY_REQUIRE = 2, SSL_CVERIFY_OPTIONAL_NO_CA = 3 -} ssl_verify_t; +} nss_verify_t; /* * Define the SSL pass phrase dialog types @@ -180,7 +180,7 @@ typedef enum { SSL_PPTYPE_UNSET = UNSET, SSL_PPTYPE_BUILTIN = 0, SSL_PPTYPE_FILE = 1, -} ssl_pphrase_t; +} nss_pphrase_t; /* * Define the mod_ssl per-module configuration structure @@ -193,7 +193,7 @@ typedef struct { CERTCertificate *client_cert; int is_proxy; int disabled; - int non_ssl_request; + int non_nss_request; apr_socket_t * client_socket; } SSLConnRec; @@ -209,7 +209,7 @@ typedef struct { int ssl3_session_cache_timeout; /* config for handling encrypted keys */ - ssl_pphrase_t pphrase_dialog_type; + nss_pphrase_t pphrase_dialog_type; const char *pphrase_dialog_path; const char *pphrase_dialog_helper; @@ -229,7 +229,7 @@ typedef struct { const char *protocols; /* for client or downstream server authentication */ - ssl_verify_t verify_mode; + nss_verify_t verify_mode; } modnss_auth_ctx_t; typedef struct { @@ -275,7 +275,7 @@ typedef struct { int nOptionsAdd; int nOptionsDel; const char *szCipherSuite; - ssl_verify_t nVerifyClient; + nss_verify_t nVerifyClient; const char *szCACertificatePath; const char *szCACertificateFile; const char *szUserName; @@ -294,7 +294,7 @@ typedef struct enum sslversion { SSL2=1, SSL3=2, TLS=4}; -/* the table itself is defined in ssl_engine_init.c */ +/* the table itself is defined in nss_engine_init.c */ #define ciphernum 23 /* @@ -305,86 +305,86 @@ enum sslversion { SSL2=1, SSL3=2, TLS=4}; extern module AP_MODULE_DECLARE_DATA nss_module; /* configuration handling */ -SSLModConfigRec *ssl_config_global_create(server_rec *); -void *ssl_config_perdir_create(apr_pool_t *p, char *dir); -void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv); -void *ssl_config_server_create(apr_pool_t *p, server_rec *s); -void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv); -const char *ssl_cmd_SSLEngine(cmd_parms *, void *, int); -const char *ssl_cmd_SSLCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLProtocol(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLNickname(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLEnforceValidCerts(cmd_parms *, void *, int); -const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSL3SessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLSessionCacheSize(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLPassPhraseHelper(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, const char *arg); -const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg); -const char *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *); +SSLModConfigRec *nss_config_global_create(server_rec *); +void *nss_config_perdir_create(apr_pool_t *p, char *dir); +void *nss_config_perdir_merge(apr_pool_t *p, void *basev, void *addv); +void *nss_config_server_create(apr_pool_t *p, server_rec *s); +void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv); +const char *nss_cmd_NSSEngine(cmd_parms *, void *, int); +const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSProtocol(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSNickname(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSEnforceValidCerts(cmd_parms *, void *, int); +const char *nss_cmd_NSSSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSSession3CacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSSessionCacheSize(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSPassPhraseHelper(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSUserName(cmd_parms *cmd, void *dcfg, const char *arg); +const char *nss_cmd_NSSOptions(cmd_parms *, void *, const char *); +const char *nss_cmd_NSSRequireSSL(cmd_parms *cmd, void *dcfg); +const char *nss_cmd_NSSRequire(cmd_parms *, void *, const char *); /* module initialization */ -int ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *); -void ssl_init_Child(apr_pool_t *, server_rec *); -void ssl_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *); -apr_status_t ssl_init_ModuleKill(void *data); -int ssl_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]); +int nss_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *); +void nss_init_Child(apr_pool_t *, server_rec *); +void nss_init_ConfigureServer(server_rec *, apr_pool_t *, apr_pool_t *, SSLSrvConfigRec *); +apr_status_t nss_init_ModuleKill(void *data); +int nss_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]); /* Apache API hooks */ -int ssl_hook_Translate(request_rec *r); -int ssl_hook_UserCheck(request_rec *r); -int ssl_hook_Fixup(request_rec *r); -int ssl_hook_Access(request_rec *r); -int ssl_hook_Auth(request_rec *r); -int ssl_hook_ReadReq(request_rec *r); +int nss_hook_Translate(request_rec *r); +int nss_hook_UserCheck(request_rec *r); +int nss_hook_Fixup(request_rec *r); +int nss_hook_Access(request_rec *r); +int nss_hook_Auth(request_rec *r); +int nss_hook_ReadReq(request_rec *r); /* Variables */ -void ssl_var_register(void); -char *ssl_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *); -void ssl_var_log_config_register(apr_pool_t *p); +void nss_var_register(void); +char *nss_var_lookup(apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *); +void nss_var_log_config_register(apr_pool_t *p); -APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup, +APR_DECLARE_OPTIONAL_FN(char *, nss_var_lookup, (apr_pool_t *, server_rec *, conn_rec *, request_rec *, char *)); /* An optional function which returns non-zero if the given connection * is using SSL/TLS. */ -APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *)); +APR_DECLARE_OPTIONAL_FN(int, nss_is_https, (conn_rec *)); /* Proxy Support */ -int ssl_engine_disable(conn_rec *c); +int nss_engine_disable(conn_rec *c); -APR_DECLARE_OPTIONAL_FN(int, ssl_engine_disable, (conn_rec *)); +APR_DECLARE_OPTIONAL_FN(int, nss_engine_disable, (conn_rec *)); /* I/O */ -PRFileDesc * ssl_io_new_fd(); -int ssl_io_layer_init(); -void ssl_io_filter_init(conn_rec *c, PRFileDesc *ssl); -void ssl_io_filter_register(apr_pool_t *p); +PRFileDesc * nss_io_new_fd(); +int nss_io_layer_init(); +void nss_io_filter_init(conn_rec *c, PRFileDesc *ssl); +void nss_io_filter_register(apr_pool_t *p); /* Utility Functions */ -char *ssl_util_vhostid(apr_pool_t *, server_rec *); -void ssl_util_strupper(char *); -void ssl_util_uuencode(char *, const char *, BOOL); -void ssl_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL); -apr_file_t *ssl_util_ppopen(server_rec *, apr_pool_t *, const char *, +char *nss_util_vhostid(apr_pool_t *, server_rec *); +void nss_util_strupper(char *); +void nss_util_uuencode(char *, const char *, BOOL); +void nss_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL); +apr_file_t *nss_util_ppopen(server_rec *, apr_pool_t *, const char *, const char * const *); -void ssl_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *); -char *ssl_util_readfilter(server_rec *, apr_pool_t *, const char *, +void nss_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *); +char *nss_util_readfilter(server_rec *, apr_pool_t *, const char *, const char * const *); /* Pass Phrase Handling */ -SECStatus ssl_Init_Tokens(server_rec *s); +SECStatus nss_Init_Tokens(server_rec *s); /* Logging */ -void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s); -void ssl_die(void); +void nss_log_nss_error(const char *file, int line, int level, server_rec *s); +void nss_die(void); /* NSS callback */ -SECStatus ssl_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer); +SECStatus nss_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer); #endif /* __MOD_SSL_H__ */ diff --git a/modules.mk b/modules.mk index 4053381..cdad05f 100644 --- a/modules.mk +++ b/modules.mk @@ -1,5 +1,5 @@ -mod_nss.la: mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo nss_util.lo - $(MOD_LINK) mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo ssl_expr_parse.lo ssl_expr_scan.lo nss_util.lo +mod_nss.la: mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo nss_expr_parse.lo nss_expr_scan.lo nss_util.lo + $(MOD_LINK) mod_nss.lo nss_engine_config.lo nss_engine_init.lo nss_engine_io.lo nss_engine_kernel.lo nss_engine_log.lo nss_engine_pphrase.lo nss_engine_vars.lo nss_expr.lo nss_expr_eval.lo nss_expr_parse.lo nss_expr_scan.lo nss_util.lo DISTCLEAN_TARGETS = modules.mk static = mod_nss.la shared = diff --git a/nss_engine_config.c b/nss_engine_config.c index 962ce2e..67c6780 100644 --- a/nss_engine_config.c +++ b/nss_engine_config.c @@ -23,7 +23,7 @@ #define SSL_MOD_CONFIG_KEY "nss_module" -SSLModConfigRec *ssl_config_global_create(server_rec *s) +SSLModConfigRec *nss_config_global_create(server_rec *s) { apr_pool_t *pool = s->process->pool; SSLModConfigRec *mc; @@ -66,9 +66,6 @@ SSLModConfigRec *ssl_config_global_create(server_rec *s) static void modnss_ctx_init(modnss_ctx_t *mctx) { - - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "modnss_ctx_init"); - mctx->sc = NULL; /* set during module init */ mctx->ssl2 = PR_FALSE; @@ -98,7 +95,7 @@ static void modnss_ctx_init_server(SSLSrvConfigRec *sc, modnss_ctx_init(mctx); } -static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p) +static SSLSrvConfigRec *nss_config_server_new(apr_pool_t *p) { SSLSrvConfigRec *sc = apr_palloc(p, sizeof(*sc)); @@ -111,7 +108,7 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p) sc->server = NULL; #ifdef PROXY - modssl_ctx_init_proxy(sc, p); + modnss_ctx_init_proxy(sc, p); #endif modnss_ctx_init_server(sc, p); @@ -122,11 +119,10 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p) /* * Create per-server SSL configuration */ -void *ssl_config_server_create(apr_pool_t *p, server_rec *s) { - SSLSrvConfigRec *sc = ssl_config_server_new(p); - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_config_server_create"); +void *nss_config_server_create(apr_pool_t *p, server_rec *s) { + SSLSrvConfigRec *sc = nss_config_server_new(p); - sc->mc = ssl_config_global_create(s); + sc->mc = nss_config_global_create(s); return sc; } @@ -159,19 +155,17 @@ static void modnss_ctx_cfg_merge_server(modnss_ctx_t *base, /* * Merge per-server SSL configurations */ -void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv) { +void *nss_config_server_merge(apr_pool_t *p, void *basev, void *addv) { SSLSrvConfigRec *base = (SSLSrvConfigRec *)basev; SSLSrvConfigRec *add = (SSLSrvConfigRec *)addv; - SSLSrvConfigRec *mrg = ssl_config_server_new(p); - - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_config_server_merge"); + SSLSrvConfigRec *mrg = nss_config_server_new(p); cfgMerge(mc, NULL); cfgMergeBool(enabled); cfgMergeBool(proxy_enabled); #ifdef PROXY - modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); + modnss_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); #endif modnss_ctx_cfg_merge_server(base->server, add->server, mrg->server); @@ -182,12 +176,11 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv) { /* * Create per-directory SSL configuration */ -void *ssl_config_perdir_create(apr_pool_t *p, char *dir) { +void *nss_config_perdir_create(apr_pool_t *p, char *dir) { SSLDirConfigRec *dc = apr_palloc(p, sizeof(*dc)); - ap_log_error(APLOG_MARK, APLOG_INFO, 0, NULL, "ssl_config_perdir_create"); dc->bSSLRequired = FALSE; - dc->aRequirement = apr_array_make(p, 4, sizeof(ssl_require_t)); + dc->aRequirement = apr_array_make(p, 4, sizeof(nss_require_t)); dc->nOptions = SSL_OPT_NONE|SSL_OPT_RELSET; dc->nOptionsAdd = SSL_OPT_NONE; dc->nOptionsDel = SSL_OPT_NONE; @@ -200,7 +193,7 @@ void *ssl_config_perdir_create(apr_pool_t *p, char *dir) { return dc; } -const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg) +const char *nss_cmd_NSSRequireSSL(cmd_parms *cmd, void *dcfg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; @@ -209,17 +202,17 @@ const char *ssl_cmd_SSLRequireSSL(cmd_parms *cmd, void *dcfg) return NULL; } -const char *ssl_cmd_SSLRequire(cmd_parms *cmd, +const char *nss_cmd_NSSRequire(cmd_parms *cmd, void *dcfg, const char *arg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; - ssl_expr *expr; - ssl_require_t *require; + nss_expr *expr; + nss_require_t *require; - if (!(expr = ssl_expr_comp(cmd->pool, (char *)arg))) { - return apr_pstrcat(cmd->pool, "SSLRequire: ", - ssl_expr_get_error(), NULL); + if (!(expr = nss_expr_comp(cmd->pool, (char *)arg))) { + return apr_pstrcat(cmd->pool, "NSSRequire: ", + nss_expr_get_error(), NULL); } require = apr_array_push(dc->aRequirement); @@ -229,7 +222,7 @@ const char *ssl_cmd_SSLRequire(cmd_parms *cmd, return NULL; } -void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) { +void *nss_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) { SSLDirConfigRec *base = (SSLDirConfigRec *)basev; SSLDirConfigRec *add = (SSLDirConfigRec *)addv; SSLDirConfigRec *mrg = (SSLDirConfigRec *)apr_palloc(p, sizeof(*mrg)); @@ -259,7 +252,7 @@ void *ssl_config_perdir_merge(apr_pool_t *p, void *basev, void *addv) { return mrg; } -const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, int flag) +const char *nss_cmd_NSSEngine(cmd_parms *cmd, void *dcfg, int flag) { SSLSrvConfigRec *sc = mySrvConfig(cmd->server); @@ -268,7 +261,7 @@ const char *ssl_cmd_SSLEngine(cmd_parms *cmd, void *dcfg, int flag) return NULL; } -const char *ssl_cmd_SSLCertificateDatabase(cmd_parms *cmd, +const char *nss_cmd_NSSCertificateDatabase(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -279,7 +272,7 @@ const char *ssl_cmd_SSLCertificateDatabase(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd, +const char *nss_cmd_NSSCipherSuite(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -296,9 +289,9 @@ const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd, return NULL; } -static const char *ssl_cmd_verify_parse(cmd_parms *parms, +static const char *nss_cmd_verify_parse(cmd_parms *parms, const char *arg, - ssl_verify_t *id) + nss_verify_t *id) { if (strcEQ(arg, "none") || strcEQ(arg, "off")) { *id = SSL_CVERIFY_NONE; @@ -322,16 +315,16 @@ static const char *ssl_cmd_verify_parse(cmd_parms *parms, return NULL; } -const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd, +const char *nss_cmd_NSSVerifyClient(cmd_parms *cmd, void *dcfg, const char *arg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - ssl_verify_t mode; + nss_verify_t mode; const char *err; - if ((err = ssl_cmd_verify_parse(cmd, arg, &mode))) { + if ((err = nss_cmd_verify_parse(cmd, arg, &mode))) { return err; } @@ -345,7 +338,7 @@ const char *ssl_cmd_SSLVerifyClient(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLProtocol(cmd_parms *cmd, +const char *nss_cmd_NSSProtocol(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -356,7 +349,7 @@ const char *ssl_cmd_SSLProtocol(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLNickname(cmd_parms *cmd, +const char *nss_cmd_NSSNickname(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -367,7 +360,7 @@ const char *ssl_cmd_SSLNickname(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLEnforceValidCerts(cmd_parms *cmd, +const char *nss_cmd_NSSEnforceValidCerts(cmd_parms *cmd, void *dcfg, int flag) { @@ -378,7 +371,7 @@ const char *ssl_cmd_SSLEnforceValidCerts(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd, +const char *nss_cmd_NSSSessionCacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -387,13 +380,13 @@ const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd, mc->session_cache_timeout = atoi(arg); if (mc->session_cache_timeout < 0) { - return "SSLSessionCacheTimeout: Invalid argument"; + return "NSSSessionCacheTimeout: Invalid argument"; } return NULL; } -const char *ssl_cmd_SSL3SessionCacheTimeout(cmd_parms *cmd, +const char *nss_cmd_NSSSession3CacheTimeout(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -401,14 +394,14 @@ const char *ssl_cmd_SSL3SessionCacheTimeout(cmd_parms *cmd, mc->ssl3_session_cache_timeout = atoi(arg); - if (mc->session_cache_timeout < 0) { - return "SSLSessionCacheTimeout: Invalid argument"; + if (mc->ssl3_session_cache_timeout < 0) { + return "NSSSession3CacheTimeout: Invalid argument"; } return NULL; } -const char *ssl_cmd_SSLSessionCacheSize(cmd_parms *cmd, +const char *nss_cmd_NSSSessionCacheSize(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -417,13 +410,13 @@ const char *ssl_cmd_SSLSessionCacheSize(cmd_parms *cmd, mc->session_cache_size = atoi(arg); if (mc->session_cache_size < 0) { - return "SSLSessionCacheTimeout: Invalid argument"; + return "NSSSessionCacheTimeout: Invalid argument"; } return NULL; } -const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, +const char *nss_cmd_NSSPassPhraseDialog(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -442,13 +435,13 @@ const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, mc->pphrase_dialog_path = ap_server_root_relative(cmd->pool, arg+5); if (!mc->pphrase_dialog_path) return apr_pstrcat(cmd->pool, - "Invalid SSLPassPhraseDialog file: path ", + "Invalid NSSPassPhraseDialog file: path ", arg+5, NULL); rc = apr_stat(&finfo, mc->pphrase_dialog_path, APR_FINFO_TYPE|APR_FINFO_SIZE, cmd->pool); if ((rc != APR_SUCCESS) || (finfo.filetype != APR_REG)) { return apr_pstrcat(cmd->pool, - "SSLPassPhraseDialog: file '", + "NSSPassPhraseDialog: file '", mc->pphrase_dialog_path, "' does not exist", NULL); } @@ -457,7 +450,7 @@ const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLPassPhraseHelper(cmd_parms *cmd, +const char *nss_cmd_NSSPassPhraseHelper(cmd_parms *cmd, void *dcfg, const char *arg) { @@ -467,14 +460,14 @@ const char *ssl_cmd_SSLPassPhraseHelper(cmd_parms *cmd, mc->pphrase_dialog_helper = arg; } else { return apr_pstrcat(cmd->pool, - "SSLPassPhraseHelper: ", mc->pphrase_dialog_path, + "NSSPassPhraseHelper: ", mc->pphrase_dialog_path, "does not exist or is not executable.", NULL); } return NULL; } -const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, +const char *nss_cmd_NSSUserName(cmd_parms *cmd, void *dcfg, const char *arg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; @@ -482,12 +475,12 @@ const char *ssl_cmd_SSLUserName(cmd_parms *cmd, void *dcfg, return NULL; } -const char *ssl_cmd_SSLOptions(cmd_parms *cmd, +const char *nss_cmd_NSSOptions(cmd_parms *cmd, void *dcfg, const char *arg) { SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg; - ssl_opt_t opt; + nss_opt_t opt; int first = TRUE; char action, *w; @@ -523,7 +516,7 @@ const char *ssl_cmd_SSLOptions(cmd_parms *cmd, } else { return apr_pstrcat(cmd->pool, - "SSLOptions: Illegal option '", w, "'", + "NSSOptions: Illegal option '", w, "'", NULL); } if (action == '-') { diff --git a/nss_engine_init.c b/nss_engine_init.c index b2d2c14..cbcf114 100644 --- a/nss_engine_init.c +++ b/nss_engine_init.c @@ -20,7 +20,7 @@ static SECStatus ownBadCertHandler(void *arg, PRFileDesc * socket); static SECStatus ownHandshakeCallback(PRFileDesc * socket, void *arg); static SECStatus NSSHandshakeCallback(PRFileDesc *socket, void *arg); static CERTCertificate* FindServerCertFromNickname(const char* name); -SECStatus ssl_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer); +SECStatus nss_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer); /* * Global variables defined in this file. @@ -65,11 +65,11 @@ static char *version_components[] = { NULL }; -static char *ssl_add_version_component(apr_pool_t *p, +static char *nss_add_version_component(apr_pool_t *p, server_rec *s, char *name) { - char *val = ssl_var_lookup(p, s, NULL, NULL, name); + char *val = nss_var_lookup(p, s, NULL, NULL, name); if (val && *val) { ap_add_version_component(p, val); @@ -78,14 +78,14 @@ static char *ssl_add_version_component(apr_pool_t *p, return val; } -static void ssl_add_version_components(apr_pool_t *p, +static void nss_add_version_components(apr_pool_t *p, server_rec *s) { char *vals[sizeof(version_components)/sizeof(char *)]; int i; for (i=0; version_components[i]; i++) { - vals[i] = ssl_add_version_component(p, s, + vals[i] = nss_add_version_component(p, s, version_components[i]); } @@ -99,7 +99,7 @@ static void ssl_add_version_components(apr_pool_t *p, /* * Initialize SSL library */ -static void ssl_init_SSLLibrary(server_rec *s) +static void nss_init_SSLLibrary(server_rec *s) { SECStatus rv; SSLModConfigRec *mc = myModConfig(s); @@ -115,8 +115,8 @@ static void ssl_init_SSLLibrary(server_rec *s) if (mc->pphrase_dialog_helper == NULL && mc->pphrase_dialog_path == NULL) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, - "Neither SSLPassPhraseHelper nor SSLPassPhraseDialog is not set. One or the other is required."); - ssl_die(); + "Neither NSSPassPhraseHelper nor NSSPassPhraseDialog is not set. One or the other is required."); + nss_die(); } child_argv[0] = mc->pphrase_dialog_helper; @@ -128,7 +128,7 @@ static void ssl_init_SSLLibrary(server_rec *s) if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "apr_procattr_create() failed APR err: %d.", rv); - ssl_die(); + nss_die(); } #if 0 @@ -151,7 +151,7 @@ static void ssl_init_SSLLibrary(server_rec *s) if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "apr_proc_create failed to launch %s APR err: %d.", child_argv[0], rv); - ssl_die(); + nss_die(); } /* Set a 30-second read/write timeout */ apr_file_pipe_timeout_set(mc->proc.in, apr_time_from_sec(30)); @@ -168,20 +168,20 @@ static void ssl_init_SSLLibrary(server_rec *s) rv = NSS_Initialize(mc->pCertificateDatabase, NULL, NULL, "secmod.db", NSS_INIT_READONLY); /* Assuming everything is ok so far, check the cert database password(s). */ - if (rv != SECSuccess || ssl_Init_Tokens(s) != SECSuccess) { + if (rv != SECSuccess || nss_Init_Tokens(s) != SECSuccess) { NSS_Shutdown(); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "NSS initialization failed. Certificate database: %s.", mc->pCertificateDatabase != NULL ? mc->pCertificateDatabase : "not set in configuration"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } if (NSS_SetDomesticPolicy() != SECSuccess) { NSS_Shutdown(); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "NSS set domestic policy failed on certificate database %s.", mc->pCertificateDatabase); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, @@ -190,7 +190,7 @@ static void ssl_init_SSLLibrary(server_rec *s) } -int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, +int nss_init_Module(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *base_server) { @@ -204,13 +204,13 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, * Let us cleanup on restarts and exists */ apr_pool_cleanup_register(p, base_server, - ssl_init_ModuleKill, + nss_init_ModuleKill, apr_pool_cleanup_null); /* * Any init round fixes the global config */ - ssl_config_global_create(base_server); /* just to avoid problems */ + nss_config_global_create(base_server); /* just to avoid problems */ /* * Fix up any global settings that aren't in the configuration @@ -251,7 +251,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, /* * Create the server host:port string because we need it a lot */ - sc->vhost_id = ssl_util_vhostid(p, s); + sc->vhost_id = nss_util_vhostid(p, s); sc->vhost_id_len = strlen(sc->vhost_id); /* Fix up stuff that may not have been set */ @@ -264,12 +264,12 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, } } - ssl_init_SSLLibrary(base_server); + nss_init_SSLLibrary(base_server); ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "done Init: Initializing NSS library"); /* Load our layer */ - ssl_io_layer_init(); + nss_io_layer_init(); ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "done layer"); @@ -291,52 +291,52 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, /* * Read the server certificate and key */ - ssl_init_ConfigureServer(s, p, ptemp, sc); + nss_init_ConfigureServer(s, p, ptemp, sc); } /* * Announce mod_ssl and SSL library in HTTP Server field * as ``mod_ssl/X.X.X OpenSSL/X.X.X'' */ - ssl_add_version_components(p, base_server); + nss_add_version_components(p, base_server); return OK; } -static void ssl_init_ctx_socket(server_rec *s, +static void nss_init_ctx_socket(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) { /* Setup a socket in the context that will be used to model all * client connections. */ - mctx->model = ssl_io_new_fd(); + mctx->model = nss_io_new_fd(); mctx->model = SSL_ImportFD(NULL, mctx->model); if (SSL_OptionSet(mctx->model, SSL_SECURITY, PR_TRUE) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "Unable to enable security."); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } if (SSL_OptionSet(mctx->model, SSL_HANDSHAKE_AS_SERVER, PR_TRUE) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "Unable to set SSL server handshake mode."); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } if (SSL_OptionSet(mctx->model, SSL_HANDSHAKE_AS_CLIENT, PR_FALSE) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "Unable to disable handshake as client"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } } -static void ssl_init_ctx_protocol(server_rec *s, +static void nss_init_ctx_protocol(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) @@ -349,8 +349,8 @@ static void ssl_init_ctx_protocol(server_rec *s, if (mctx->auth.protocols == NULL) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, - "SSLProtocols not set; using all protocols: SSLv2, SSLv3 and TLSv1"); - ssl2 = ssl3 = tls = 1; + "SSLProtocols not set; using: SSLv3 and TLSv1"); + ssl3 = tls = 1; } else { lprotocols = strdup(mctx->auth.protocols); ap_str_tolower(lprotocols); @@ -402,8 +402,8 @@ static void ssl_init_ctx_protocol(server_rec *s, if (stat != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSL protocol initialization failed."); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } mctx->ssl2 = ssl2; @@ -411,45 +411,45 @@ static void ssl_init_ctx_protocol(server_rec *s, mctx->tls = tls; } -static void ssl_init_ctx_session_cache(server_rec *s, +static void nss_init_ctx_session_cache(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) { } -static void ssl_init_ctx_callbacks(server_rec *s, +static void nss_init_ctx_callbacks(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) { - if (SSL_AuthCertificateHook(mctx->model, ssl_AuthCertificate, (void *)CERT_GetDefaultCertDB()) != SECSuccess) { + if (SSL_AuthCertificateHook(mctx->model, nss_AuthCertificate, (void *)CERT_GetDefaultCertDB()) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "SSL_AuthCertificateHook failed."); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } if (SSL_BadCertHook(mctx->model, (SSLBadCertHandler) ownBadCertHandler, NULL) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "SSL_BadCertHook failed"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } if (SSL_HandshakeCallback(mctx->model, (SSLHandshakeCallback) ownHandshakeCallback, NULL) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "SSL_HandshakeCallback failed"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } if (SSL_GetClientAuthDataHook(mctx->model, NSS_GetClientAuthData, (void *)mctx->nickname) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "SSL_GetClientAuthDataHook failed"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } } -static void ssl_init_ctx_verify(server_rec *s, +static void nss_init_ctx_verify(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) @@ -481,7 +481,7 @@ static int countciphers(PRBool cipher_state[ciphernum], int version) { return ciphercount; } -static void ssl_init_ctx_cipher_suite(server_rec *s, +static void nss_init_ctx_cipher_suite(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) @@ -496,8 +496,8 @@ static void ssl_init_ctx_cipher_suite(server_rec *s, */ if (!suite) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, - "Required value SSLCipherSuite not set."); - ssl_die(); + "Required value NSSCipherSuite not set."); + nss_die(); } ciphers = strdup(suite); @@ -523,8 +523,8 @@ static void ssl_init_ctx_cipher_suite(server_rec *s, cipher_state[i] = PR_FALSE; } - if (ssl_parse_ciphers(s, ciphers, cipher_state) == -1) { - ssl_die(); + if (nss_parse_ciphers(s, ciphers, cipher_state) == -1) { + nss_die(); } free(ciphers); @@ -533,19 +533,19 @@ static void ssl_init_ctx_cipher_suite(server_rec *s, if (mctx->ssl2 && countciphers(cipher_state, SSL2) == 0) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSL2 is enabled but no SSL2 ciphers are enabled."); - ssl_die(); + nss_die(); } if (mctx->ssl3 && countciphers(cipher_state, SSL3) == 0) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "SSL3 is enabled but no SSL3 ciphers are enabled."); - ssl_die(); + nss_die(); } if (mctx->tls && countciphers(cipher_state, TLS) == 0) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "TLS is enabled but no TLS ciphers are enabled."); - ssl_die(); + nss_die(); } /* Finally actually enable the selected ciphers */ @@ -554,26 +554,26 @@ static void ssl_init_ctx_cipher_suite(server_rec *s, } } -static void ssl_init_ctx(server_rec *s, +static void nss_init_ctx(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) { - ssl_init_ctx_socket(s, p, ptemp, mctx); + nss_init_ctx_socket(s, p, ptemp, mctx); - ssl_init_ctx_protocol(s, p, ptemp, mctx); + nss_init_ctx_protocol(s, p, ptemp, mctx); - ssl_init_ctx_session_cache(s, p, ptemp, mctx); + nss_init_ctx_session_cache(s, p, ptemp, mctx); - ssl_init_ctx_callbacks(s, p, ptemp, mctx); + nss_init_ctx_callbacks(s, p, ptemp, mctx); - ssl_init_ctx_verify(s, p, ptemp, mctx); + nss_init_ctx_verify(s, p, ptemp, mctx); - ssl_init_ctx_cipher_suite(s, p, ptemp, mctx); + nss_init_ctx_cipher_suite(s, p, ptemp, mctx); } -static void ssl_init_server_certs(server_rec *s, +static void nss_init_server_certs(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, modnss_ctx_t *mctx) @@ -590,8 +590,11 @@ static void ssl_init_server_certs(server_rec *s, if (mctx->nickname == NULL) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "No certificate nickname provided."); - ssl_die(); + nss_die(); } + ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, + "Using nickname %s.", mctx->nickname); + mctx->servercert = FindServerCertFromNickname(mctx->nickname); /* Verify the certificate chain. */ @@ -601,11 +604,11 @@ static void ssl_init_server_certs(server_rec *s, if (CERT_VerifyCertificateNow(CERT_GetDefaultCertDB(), mctx->servercert, PR_TRUE, usage, NULL, NULL) != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Certificate not verified: '%s'", mctx->nickname); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); if (mctx->enforce) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Unable to verify certificate '%s'. Add \"SSLEnforceValidCerts off\" to nss.conf so the server can start until the problem can be resolved.", mctx->nickname); - ssl_die(); + nss_die(); } } } @@ -614,7 +617,7 @@ static void ssl_init_server_certs(server_rec *s, { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Certificate not found: '%s'", mctx->nickname); - ssl_die(); + nss_die(); } if (strchr(mctx->nickname, ':')) @@ -631,9 +634,9 @@ static void ssl_init_server_certs(server_rec *s, */ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Slot not found"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); free(token); - ssl_die(); + nss_die(); } } free(token); @@ -647,8 +650,8 @@ static void ssl_init_server_certs(server_rec *s, if (mctx->serverkey == NULL) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Key not found for: '%s'", mctx->nickname); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } mctx->serverKEAType = NSS_FindCertKEAType(mctx->servercert); @@ -684,15 +687,15 @@ static void ssl_init_server_certs(server_rec *s, if (secstatus != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Error setting PKCS11 pin argument: '%s'", mctx->nickname); - ssl_die(); + nss_die(); } secstatus = SSL_ConfigSecureServer(mctx->model, mctx->servercert, mctx->serverkey, mctx->serverKEAType); if (secstatus != SECSuccess) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "SSL error configuring server: '%s'", mctx->nickname); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } secstatus = (SECStatus)SSL_HandshakeCallback(mctx->model, (SSLHandshakeCallback)NSSHandshakeCallback, NULL); @@ -700,25 +703,25 @@ static void ssl_init_server_certs(server_rec *s, { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "SSL error configuring handshake callback: '%s'", mctx->nickname); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); - ssl_die(); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, s); + nss_die(); } } -static void ssl_init_server_ctx(server_rec *s, +static void nss_init_server_ctx(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, SSLSrvConfigRec *sc) { - ssl_init_ctx(s, p, ptemp, sc->server); + nss_init_ctx(s, p, ptemp, sc->server); - ssl_init_server_certs(s, p, ptemp, sc->server); + nss_init_server_certs(s, p, ptemp, sc->server); } /* * Configure a particular server */ -void ssl_init_ConfigureServer(server_rec *s, +void nss_init_ConfigureServer(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, SSLSrvConfigRec *sc) @@ -726,23 +729,23 @@ void ssl_init_ConfigureServer(server_rec *s, if (sc->enabled) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, "Configuring server for SSL protocol"); - ssl_init_server_ctx(s, p, ptemp, sc); + nss_init_server_ctx(s, p, ptemp, sc); } #ifdef PROXY if (sc->proxy_enabled) { - ssl_init_proxy_ctx(s, p, ptemp, sc); + nss_init_proxy_ctx(s, p, ptemp, sc); } #endif } -void ssl_init_Child(apr_pool_t *p, server_rec *s) +void nss_init_Child(apr_pool_t *p, server_rec *s) { SSLModConfigRec *mc = myModConfig(s); mc->pid = getpid(); /* only call getpid() once per-process */ } -apr_status_t ssl_init_ModuleKill(void *data) +apr_status_t nss_init_ModuleKill(void *data) { /* * There is nothing stored at the server level to kill at the moment. @@ -931,7 +934,7 @@ SECStatus NSSHandshakeCallback(PRFileDesc *socket, void *arg) return SECSuccess; } -int ssl_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]) +int nss_parse_ciphers(server_rec *s, char *ciphers, PRBool cipher_list[ciphernum]) { char * cipher; PRBool found, active; diff --git a/nss_engine_io.c b/nss_engine_io.c index 27b5671..b13fc51 100644 --- a/nss_engine_io.c +++ b/nss_engine_io.c @@ -26,15 +26,15 @@ * remember what is in this file. So, first, a quick overview. * * In this file, you will find: - * - ssl_io_filter_input (Apache input filter) - * - ssl_io_filter_output (Apache output filter) + * - nss_io_filter_input (Apache input filter) + * - nss_io_filter_output (Apache output filter) * * - bio_filter_in_* (OpenSSL input filter) * - nspr_filter_out_* (OpenSSL output filter) * * The input chain is roughly: * - * ssl_io_filter_input->ssl_io_input_read->SSL_read->... + * nss_io_filter_input->nss_io_input_read->SSL_read->... * ...->bio_filter_in_read->ap_get_brigade/next-httpd-filter * * In mortal terminology, we do the following: @@ -45,21 +45,21 @@ * - bio_filter_in_read will then try to fetch data from the next httpd filter * - bio_filter_in_read will flatten that data and return it to SSL_read * - SSL_read will then decrypt the data - * - ssl_io_input_read will then receive decrypted data as a char* and + * - nss_io_input_read will then receive decrypted data as a char* and * ensure that there were no read errors * - The char* is placed in a brigade and returned * * Since connection-level input filters in httpd need to be able to * handle AP_MODE_GETLINE calls (namely identifying LF-terminated strings), - * ssl_io_input_getline which will handle this special case. + * nss_io_input_getline which will handle this special case. * * Due to AP_MODE_GETLINE and AP_MODE_SPECULATIVE, we may sometimes have * 'leftover' decoded data which must be setaside for the next read. That * is currently handled by the char_buffer_{read|write} functions. So, - * ssl_io_input_read may be able to fulfill reads without invoking + * nss_io_input_read may be able to fulfill reads without invoking * SSL_read(). * - * Note that the filter context of ssl_io_filter_input and bio_filter_in_* + * Note that the filter context of nss_io_filter_input and bio_filter_in_* * are shared as bio_filter_in_ctx_t. * * Note that the filter is by choice limited to reading at most @@ -79,7 +79,7 @@ typedef struct { nspr_filter_in_ctx_t *inctx; nspr_filter_out_ctx_t *outctx; int nobuffer; /* non-zero to prevent buffering */ -} ssl_filter_ctx_t; +} nss_filter_ctx_t; typedef struct { int length; @@ -87,7 +87,7 @@ typedef struct { } char_buffer_t; struct nspr_filter_out_ctx_t { - ssl_filter_ctx_t *filter_ctx; + nss_filter_ctx_t *filter_ctx; apr_bucket_brigade *bb; apr_size_t length; char buffer[AP_IOBUFSIZE]; @@ -104,7 +104,7 @@ struct nspr_filter_in_ctx_t { char_buffer_t cbuf; apr_pool_t *pool; char buffer[AP_IOBUFSIZE]; - ssl_filter_ctx_t *filter_ctx; + nss_filter_ctx_t *filter_ctx; }; /* Global variables for the NSPR I/O layer */ @@ -235,7 +235,7 @@ static PRInt32 PR_CALLBACK nspr_filter_in_read(PRFileDesc *fd, void *in, PRInt32 inlen) { apr_size_t inl = inlen; - ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret); + nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret); nspr_filter_in_ctx_t *inctx = filter_ctx->inctx; apr_read_type_e block = inctx->block; @@ -296,7 +296,7 @@ nspr_filter_in_read(PRFileDesc *fd, void *in, PRInt32 inlen) return -1; } -static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx, +static apr_status_t nss_io_input_read(nspr_filter_in_ctx_t *inctx, char *buf, apr_size_t *len) { @@ -386,9 +386,9 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx, } } else /* (rc < 0) */ { - int ssl_err = PR_GetError(); + int nss_err = PR_GetError(); - if (ssl_err == PR_WOULD_BLOCK_ERROR) { + if (nss_err == PR_WOULD_BLOCK_ERROR) { /* * If NSPR wants to read more, and we were nonblocking, * report as an EAGAIN. Otherwise loop, pulling more @@ -408,7 +408,7 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx, } continue; /* Blocking and nothing yet? Try again. */ } - else if (ssl_err != 0) { + else if (nss_err != 0) { if (APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc)) { /* Already read something, return APR_SUCCESS instead. */ @@ -425,7 +425,7 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx, ap_log_error(APLOG_MARK, APLOG_INFO, inctx->rc, c->base_server, "SSL input filter read failed."); if (inctx->rc == 0) - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, c->base_server); } } if (inctx->rc == APR_SUCCESS) { @@ -437,7 +437,7 @@ static apr_status_t ssl_io_input_read(nspr_filter_in_ctx_t *inctx, return inctx->rc; } -static apr_status_t ssl_io_input_getline(nspr_filter_in_ctx_t *inctx, +static apr_status_t nss_io_input_getline(nspr_filter_in_ctx_t *inctx, char *buf, apr_size_t *len) { @@ -454,7 +454,7 @@ static apr_status_t ssl_io_input_getline(nspr_filter_in_ctx_t *inctx, */ while (tmplen > 0) { - status = ssl_io_input_read(inctx, buf + offset, &tmplen); + status = nss_io_input_read(inctx, buf + offset, &tmplen); if (status != APR_SUCCESS) { return status; @@ -488,11 +488,11 @@ static apr_status_t ssl_io_input_getline(nspr_filter_in_ctx_t *inctx, return APR_SUCCESS; } -static apr_status_t ssl_filter_write(ap_filter_t *f, +static apr_status_t nss_filter_write(ap_filter_t *f, const char *data, apr_size_t len) { - ssl_filter_ctx_t *filter_ctx = f->ctx; + nss_filter_ctx_t *filter_ctx = f->ctx; nspr_filter_out_ctx_t *outctx; int res; @@ -508,9 +508,9 @@ static apr_status_t ssl_filter_write(ap_filter_t *f, "Sent returned %d", res); if (res < 0) { - int ssl_err = PR_GetError(); + int nss_err = PR_GetError(); - if (ssl_err == PR_WOULD_BLOCK_ERROR) { + if (nss_err == PR_WOULD_BLOCK_ERROR) { /* * If NSS wants to write more, and we were nonblocking, * report as an EAGAIN. Otherwise loop, pushing more @@ -527,8 +527,8 @@ static apr_status_t ssl_filter_write(ap_filter_t *f, * Log SSL errors */ ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server, - "SSL library error %d writing data", ssl_err); - ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server); + "SSL library error %d writing data", nss_err); + nss_log_nss_error(APLOG_MARK, APLOG_INFO, c->base_server); } if (outctx->rc == APR_SUCCESS) { outctx->rc = APR_EGENERAL; @@ -563,14 +563,14 @@ static apr_status_t ssl_filter_write(ap_filter_t *f, alloc) -static void ssl_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f) +static void nss_io_filter_disable(SSLConnRec *sslconn, ap_filter_t *f) { nspr_filter_in_ctx_t *inctx = f->ctx; sslconn->ssl = NULL; inctx->filter_ctx->pssl = NULL; } -static apr_status_t ssl_io_filter_error(ap_filter_t *f, +static apr_status_t nss_io_filter_error(ap_filter_t *f, apr_bucket_brigade *bb, apr_status_t status) { @@ -585,8 +585,8 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f, "SSL handshake failed: HTTP spoken on HTTPS port; " "trying to send HTML error page"); - sslconn->non_ssl_request = 1; - ssl_io_filter_disable(sslconn, f); + sslconn->non_nss_request = 1; + nss_io_filter_disable(sslconn, f); /* fake the request line */ bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc); @@ -603,9 +603,9 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f, return APR_SUCCESS; } -static const char ssl_io_filter[] = "NSS SSL/TLS Filter"; +static const char nss_io_filter[] = "NSS SSL/TLS Filter"; -static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx, +static apr_status_t nss_filter_io_shutdown(nss_filter_ctx_t *filter_ctx, conn_rec *c, int abortive) { @@ -625,7 +625,7 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx, "Connection to child %ld closed " "(server %s, client %s)", c->id, - ssl_util_vhostid(c->pool, c->base_server), + nss_util_vhostid(c->pool, c->base_server), c->remote_ip ? c->remote_ip : "unknown"); } @@ -646,9 +646,9 @@ static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx, return APR_SUCCESS; } -static apr_status_t ssl_io_filter_cleanup(void *data) +static apr_status_t nss_io_filter_cleanup(void *data) { - ssl_filter_ctx_t *filter_ctx = data; + nss_filter_ctx_t *filter_ctx = data; if (filter_ctx->pssl) { conn_rec *c = filter_ctx->c; @@ -664,7 +664,7 @@ static apr_status_t ssl_io_filter_cleanup(void *data) return APR_SUCCESS; } -static apr_status_t ssl_io_filter_input(ap_filter_t *f, +static apr_status_t nss_io_filter_input(ap_filter_t *f, apr_bucket_brigade *bb, ap_input_mode_t mode, apr_read_type_e block, @@ -713,10 +713,10 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, if (readbytes < len) { len = (apr_size_t)readbytes; } - status = ssl_io_input_read(inctx, inctx->buffer, &len); + status = nss_io_input_read(inctx, inctx->buffer, &len); } else if (inctx->mode == AP_MODE_GETLINE) { - status = ssl_io_input_getline(inctx, inctx->buffer, &len); + status = nss_io_input_getline(inctx, inctx->buffer, &len); } else { /* We have no idea what you are talking about, so return an error. */ @@ -724,7 +724,7 @@ static apr_status_t ssl_io_filter_input(ap_filter_t *f, } if (status != APR_SUCCESS) { - return ssl_io_filter_error(f, bb, status); + return nss_io_filter_error(f, bb, status); } /* Create a transient bucket out of the decrypted data. */ @@ -771,7 +771,7 @@ static int nspr_filter_out_flush(nspr_filter_out_ctx_t *outctx) static PRInt32 PR_CALLBACK nspr_filter_out_write(PRFileDesc *fd, const void *in, PRInt32 inl) { - ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret); + nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret); nspr_filter_out_ctx_t *outctx = filter_ctx->outctx; /* pass along the encrypted data @@ -791,11 +791,11 @@ nspr_filter_out_write(PRFileDesc *fd, const void *in, PRInt32 inl) return inl; } -static apr_status_t ssl_io_filter_output(ap_filter_t *f, +static apr_status_t nss_io_filter_output(ap_filter_t *f, apr_bucket_brigade *bb) { apr_status_t status = APR_SUCCESS; - ssl_filter_ctx_t *filter_ctx = f->ctx; + nss_filter_ctx_t *filter_ctx = f->ctx; nspr_filter_in_ctx_t *inctx; nspr_filter_out_ctx_t *outctx; apr_read_type_e rblock = APR_NONBLOCK_READ; @@ -806,7 +806,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f, } if (!filter_ctx->pssl) { - /* ssl_filter_io_shutdown was called */ + /* nss_filter_io_shutdown was called */ return ap_pass_brigade(f->next, bb); } @@ -858,7 +858,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f, * - issue the SSL_shutdown */ filter_ctx->nobuffer = 1; - status = ssl_filter_io_shutdown(filter_ctx, f->c, 0); + status = nss_filter_io_shutdown(filter_ctx, f->c, 0); if (status != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_INFO, status, NULL, "SSL filter error shutting down I/O"); @@ -891,7 +891,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f, break; } - status = ssl_filter_write(f, data, len); + status = nss_filter_write(f, data, len); apr_bucket_delete(bucket); if (status != APR_SUCCESS) { @@ -902,7 +902,7 @@ static apr_status_t ssl_io_filter_output(ap_filter_t *f, return status; } -static void ssl_io_output_create(ssl_filter_ctx_t *filter_ctx, conn_rec *c) +static void nss_io_output_create(nss_filter_ctx_t *filter_ctx, conn_rec *c) { nspr_filter_out_ctx_t *outctx = apr_palloc(c->pool, sizeof(*outctx)); @@ -916,14 +916,14 @@ static void ssl_io_output_create(ssl_filter_ctx_t *filter_ctx, conn_rec *c) return; } -static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, +static void nss_io_input_add_filter(nss_filter_ctx_t *filter_ctx, conn_rec *c, PRFileDesc *ssl) { nspr_filter_in_ctx_t *inctx; inctx = apr_palloc(c->pool, sizeof(*inctx)); - filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, NULL, c); + filter_ctx->pInputFilter = ap_add_input_filter(nss_io_filter, inctx, NULL, c); inctx->f = filter_ctx->pInputFilter; inctx->rc = APR_SUCCESS; @@ -937,49 +937,49 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, filter_ctx->inctx = inctx; } -void ssl_io_filter_init(conn_rec *c, PRFileDesc *ssl) +void nss_io_filter_init(conn_rec *c, PRFileDesc *ssl) { - ssl_filter_ctx_t *filter_ctx; + nss_filter_ctx_t *filter_ctx; - filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t)); - filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter, + filter_ctx = apr_palloc(c->pool, sizeof(nss_filter_ctx_t)); + filter_ctx->pOutputFilter = ap_add_output_filter(nss_io_filter, filter_ctx, NULL, c); - ssl_io_input_add_filter(filter_ctx, c, ssl); - ssl_io_output_create(filter_ctx, c); + nss_io_input_add_filter(filter_ctx, c, ssl); + nss_io_output_create(filter_ctx, c); filter_ctx->pssl = ssl; filter_ctx->c = c; ssl->lower->secret = (PRFilePrivate *)filter_ctx; apr_pool_cleanup_register(c->pool, (void*)filter_ctx, - ssl_io_filter_cleanup, apr_pool_cleanup_null); + nss_io_filter_cleanup, apr_pool_cleanup_null); return; } -void ssl_io_filter_register(apr_pool_t *p) +void nss_io_filter_register(apr_pool_t *p) { - ap_register_input_filter (ssl_io_filter, ssl_io_filter_input, NULL, AP_FTYPE_CONNECTION + 5); - ap_register_output_filter (ssl_io_filter, ssl_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5); + ap_register_input_filter (nss_io_filter, nss_io_filter_input, NULL, AP_FTYPE_CONNECTION + 5); + ap_register_output_filter (nss_io_filter, nss_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5); return; } -PRFileDesc * ssl_io_new_fd() { +PRFileDesc * nss_io_new_fd() { PRFileDesc *ssl = PR_CreateIOLayerStub(gIdentity, &gMethods); return ssl; } static PRStatus PR_CALLBACK nspr_filter_getpeername(PRFileDesc *fd, PRNetAddr *addr) { - ssl_filter_ctx_t *filter_ctx; + nss_filter_ctx_t *filter_ctx; conn_rec *c; /* This can occur when doing SSL_ImportFD(NULL, something); */ if (fd->secret == NULL) return PR_FAILURE; - filter_ctx = (ssl_filter_ctx_t *)(fd->secret); + filter_ctx = (nss_filter_ctx_t *)(fd->secret); c = filter_ctx->c; return PR_StringToNetAddr(c->remote_ip, addr); @@ -989,7 +989,7 @@ static PRStatus PR_CALLBACK nspr_filter_getpeername(PRFileDesc *fd, PRNetAddr *a * Translate NSPR PR_GetSocketOption() calls into apr_socket_opt_get() calls. */ static PRStatus PR_CALLBACK nspr_filter_getsocketoption(PRFileDesc *fd, PRSocketOptionData *data) { - ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret); + nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret); conn_rec *c = filter_ctx->c; SSLConnRec *sslconn = myConnConfig(c); /* for the Apache socket */ apr_int32_t on; @@ -1050,7 +1050,7 @@ static PRStatus PR_CALLBACK nspr_filter_getsocketoption(PRFileDesc *fd, PRSocket * Translate NSPR PR_SetSocketOption() calls into apr_socket_opt_set() calls. */ static PRStatus PR_CALLBACK nspr_filter_setsocketOption(PRFileDesc *fd, const PRSocketOptionData *data) { - ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)(fd->secret); + nss_filter_ctx_t *filter_ctx = (nss_filter_ctx_t *)(fd->secret); conn_rec *c = filter_ctx->c; SSLConnRec *sslconn = myConnConfig(c); /* for the Apache socket */ PRStatus rv = PR_FAILURE; @@ -1132,7 +1132,7 @@ static PRInt32 PR_CALLBACK nspr_filter_send(PRFileDesc *fd, const void *buf, PRI * Called once to initialize the NSPR layer that we push for each * request. */ -int ssl_io_layer_init() +int nss_io_layer_init() { const PRIOMethods *defaultMethods; int rc = 1; @@ -1168,17 +1168,17 @@ int ssl_io_layer_init() } SECStatus -ssl_AuthCertificate(void *arg, PRFileDesc *socket, +nss_AuthCertificate(void *arg, PRFileDesc *socket, PRBool checksig, PRBool isServer) { SECStatus status; - ssl_filter_ctx_t *filter_ctx; + nss_filter_ctx_t *filter_ctx; if (!arg || !socket) { return SECFailure; } - filter_ctx = (ssl_filter_ctx_t *)(socket->lower->secret); + filter_ctx = (nss_filter_ctx_t *)(socket->lower->secret); status = SSL_AuthCertificate(arg, socket, checksig, isServer); diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c index fb47eff..167b9f0 100644 --- a/nss_engine_kernel.c +++ b/nss_engine_kernel.c @@ -20,7 +20,7 @@ static void HandshakeDone(PRFileDesc *fd, void *doneflag); /* * Post Read Request Handler */ -int ssl_hook_ReadReq(request_rec *r) +int nss_hook_ReadReq(request_rec *r) { SSLConnRec *sslconn = myConnConfig(r->connection); @@ -28,7 +28,7 @@ int ssl_hook_ReadReq(request_rec *r) return DECLINED; } - if (sslconn->non_ssl_request) { + if (sslconn->non_nss_request) { const char *errmsg; char *thisurl; char *thisport = ""; @@ -56,7 +56,7 @@ int ssl_hook_ReadReq(request_rec *r) /* Now that we have caught this error, forget it. we are done * with using SSL on this request. */ - sslconn->non_ssl_request = 0; + sslconn->non_nss_request = 0; return HTTP_BAD_REQUEST; @@ -68,7 +68,7 @@ int ssl_hook_ReadReq(request_rec *r) /* * URL Translation Handler */ -int ssl_hook_Translate(request_rec *r) +int nss_hook_Translate(request_rec *r) { SSLConnRec *sslconn = myConnConfig(r->connection); @@ -86,7 +86,7 @@ int ssl_hook_Translate(request_rec *r) apr_psprintf(r->pool, "Subsequent (No.%d)", r->connection->keepalives+1)), r->connection->id, - ssl_util_vhostid(r->pool, r->server)); + nss_util_vhostid(r->pool, r->server)); } return DECLINED; @@ -96,14 +96,14 @@ int ssl_hook_Translate(request_rec *r) /* * Access Handler */ -int ssl_hook_Access(request_rec *r) +int nss_hook_Access(request_rec *r) { SSLDirConfigRec *dc = myDirConfig(r); SSLSrvConfigRec *sc = mySrvConfig(r->server); SSLConnRec *sslconn = myConnConfig(r->connection); PRFileDesc *ssl = sslconn ? sslconn->ssl : NULL; apr_array_header_t *requires; - ssl_require_t *ssl_requires; + nss_require_t *nss_requires; char *cp; int ok, i; BOOL renegotiate = FALSE, renegotiate_quick = FALSE; @@ -159,7 +159,7 @@ int ssl_hook_Access(request_rec *r) */ /* - * Override of SSLCipherSuite + * Override of NSSCipherSuite * * We provide two options here: * @@ -176,7 +176,7 @@ int ssl_hook_Access(request_rec *r) * cipher suite we're happy. Because we can assume we would have * selected it again even when other (better) ciphers exists now in the * new cipher suite. This approach is fine because the user explicitly - * has to enable this via ``SSLOptions +OptRenegotiate''. So we do no + * has to enable this via ``NSSOptions +OptRenegotiate''. So we do no * implicit optimizations. */ if (dc->szCipherSuite) { @@ -197,12 +197,12 @@ int ssl_hook_Access(request_rec *r) /* configure new state */ ciphers = strdup(dc->szCipherSuite); - if (ssl_parse_ciphers(r->server, ciphers, ciphers_new) < 0) { + if (nss_parse_ciphers(r->server, ciphers, ciphers_new) < 0) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server, "Unable to reconfigure (per-directory) " "permitted SSL ciphers"); - ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server); + nss_log_nss_error(APLOG_MARK, APLOG_ERR, r->server); free(ciphers); return HTTP_FORBIDDEN; @@ -382,7 +382,7 @@ int ssl_hook_Access(request_rec *r) ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, "SSL Re-negotiation in conjunction " "with POST method not supported!" - "hint: try SSLOptions +OptRenegotiate"); + "hint: try NSSOptions +OptRenegotiate"); return HTTP_METHOD_NOT_ALLOWED; } @@ -525,7 +525,7 @@ int ssl_hook_Access(request_rec *r) * we need to postpone setting the username until later. */ if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) { - char *val = ssl_var_lookup(r->pool, r->server, r->connection, + char *val = nss_var_lookup(r->pool, r->server, r->connection, r, (char *)dc->szUserName); if (val && val[0]) r->user = val; @@ -535,17 +535,17 @@ int ssl_hook_Access(request_rec *r) * Check SSLRequire boolean expressions */ requires = dc->aRequirement; - ssl_requires = (ssl_require_t *)requires->elts; + nss_requires = (nss_require_t *)requires->elts; for (i = 0; i < requires->nelts; i++) { - ssl_require_t *req = &ssl_requires[i]; - ok = ssl_expr_exec(r, req->mpExpr); + nss_require_t *req = &nss_requires[i]; + ok = nss_expr_exec(r, req->mpExpr); if (ok < 0) { cp = apr_psprintf(r->pool, "Failed to execute " "SSL requirement expression: %s", - ssl_expr_get_error()); + nss_expr_get_error()); ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "access to %s failed, reason: %s", @@ -598,7 +598,7 @@ int ssl_hook_Access(request_rec *r) * authenticates a user. This means that the Module statement for this * module should be LAST in the Configuration file. */ -int ssl_hook_UserCheck(request_rec *r) +int nss_hook_UserCheck(request_rec *r) { SSLConnRec *sslconn = myConnConfig(r->connection); SSLSrvConfigRec *sc = mySrvConfig(r->server); @@ -650,7 +650,7 @@ int ssl_hook_UserCheck(request_rec *r) /* * We decline operation in various situations... - * - SSLOptions +FakeBasicAuth not configured + * - NSSOptions +FakeBasicAuth not configured * - r->user already authenticated * - ssl not enabled * - client did not present a certificate @@ -697,11 +697,11 @@ int ssl_hook_UserCheck(request_rec *r) } /* authorization phase */ -int ssl_hook_Auth(request_rec *r) +int nss_hook_Auth(request_rec *r) { SSLDirConfigRec *dc = myDirConfig(r); - ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "ssl_hook_Auth"); + ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server, "nss_hook_Auth"); /* * Additionally forbid access (again) * when strict require option is used. @@ -719,7 +719,7 @@ int ssl_hook_Auth(request_rec *r) * Fixup Handler */ -static const char *ssl_hook_Fixup_vars[] = { +static const char *nss_hook_Fixup_vars[] = { "SSL_VERSION_INTERFACE", "SSL_VERSION_LIBRARY", "SSL_PROTOCOL", @@ -800,7 +800,7 @@ static const char *ssl_hook_Fixup_vars[] = { NULL }; -int ssl_hook_Fixup(request_rec *r) +int nss_hook_Fixup(request_rec *r) { SSLConnRec *sslconn = myConnConfig(r->connection); SSLSrvConfigRec *sc = mySrvConfig(r->server); @@ -823,7 +823,7 @@ int ssl_hook_Fixup(request_rec *r) * Set r->user if requested */ if (dc->szUserName) { - val = ssl_var_lookup(r->pool, r->server, r->connection, + val = nss_var_lookup(r->pool, r->server, r->connection, r, (char *)dc->szUserName); if (val && val[0]) { r->user = val; @@ -838,9 +838,9 @@ int ssl_hook_Fixup(request_rec *r) /* standard SSL environment variables */ if (dc->nOptions & SSL_OPT_STDENVVARS) { - for (i = 0; ssl_hook_Fixup_vars[i]; i++) { - var = (char *)ssl_hook_Fixup_vars[i]; - val = ssl_var_lookup(r->pool, r->server, r->connection, r, var); + for (i = 0; nss_hook_Fixup_vars[i]; i++) { + var = (char *)nss_hook_Fixup_vars[i]; + val = nss_var_lookup(r->pool, r->server, r->connection, r, var); if (!strIsEmpty(val)) { apr_table_setn(env, var, val); } @@ -851,12 +851,12 @@ int ssl_hook_Fixup(request_rec *r) * On-demand bloat up the SSI/CGI environment with certificate data */ if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) { - val = ssl_var_lookup(r->pool, r->server, r->connection, + val = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_SERVER_CERT"); apr_table_setn(env, "SSL_SERVER_CERT", val); - val = ssl_var_lookup(r->pool, r->server, r->connection, + val = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_CERT"); apr_table_setn(env, "SSL_CLIENT_CERT", val); @@ -879,7 +879,7 @@ int ssl_hook_Fixup(request_rec *r) for (i = 0; i < n; i++) { var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i); - val = ssl_var_lookup(r->pool, r->server, r->connection, + val = nss_var_lookup(r->pool, r->server, r->connection, r, var); if (val) { apr_table_setn(env, var, val); diff --git a/nss_engine_log.c b/nss_engine_log.c index f3f1566..1bb18e5 100644 --- a/nss_engine_log.c +++ b/nss_engine_log.c @@ -182,7 +182,7 @@ l_error_t libsec_errors[] = { { 144, "SEC_ERROR_OCSP_INVALID_SIGNING_CERT - OCSP signer certificate not found, not trusted or invalid." } }; -l_error_t libssl_errors[] = { +l_error_t libnss_errors[] = { { 0, "Client does not support high-grade encryption" }, { 1, "Client requires high-grade encryption which is not supported" }, { 2, "No common encryption algorithm(s) with client" }, @@ -288,7 +288,7 @@ l_error_t libssl_errors[] = { { 102, "Peer does not permit renegotiation of SSL security parameters" } }; -void ssl_die(void) +void nss_die(void) { /* * This is used for fatal errors and here @@ -298,7 +298,7 @@ void ssl_die(void) exit(1); } -void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s) +void nss_log_nss_error(const char *file, int line, int level, server_rec *s) { const char *err; PRInt32 error; @@ -312,7 +312,7 @@ void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s) err = libsec_errors[error-LIBSEC_ERROR_BASE].errorString; } else if ((error >= LIBSSL_ERROR_BASE) && (error <= LIBSSL_MAX_ERROR)) { - err = libssl_errors[error-LIBSSL_ERROR_BASE].errorString; + err = libnss_errors[error-LIBSSL_ERROR_BASE].errorString; } else { err = "Unknown"; } diff --git a/nss_engine_pphrase.c b/nss_engine_pphrase.c index cb6643d..61324d7 100644 --- a/nss_engine_pphrase.c +++ b/nss_engine_pphrase.c @@ -22,10 +22,10 @@ typedef struct { PRInt32 retryCount; } pphrase_arg_t; -static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg); -static char * ssl_no_password(PK11SlotInfo *slot, PRBool retry, void *arg); -static unsigned char * ssl_get_password(FILE *input, FILE *output, PK11SlotInfo *slot, PRBool (*ok)(unsigned char *), pphrase_arg_t * parg); -static PRBool ssl_check_password(unsigned char *cp); +static char * nss_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg); +static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg); +static unsigned char * nss_get_password(FILE *input, FILE *output, PK11SlotInfo *slot, PRBool (*ok)(unsigned char *), pphrase_arg_t * parg); +static PRBool nss_check_password(unsigned char *cp); static void echoOff(int fd); static void echoOn(int fd); @@ -40,7 +40,7 @@ static char * prompt; * be authenticated and others will not be. */ -SECStatus ssl_Init_Tokens(server_rec *s) +SECStatus nss_Init_Tokens(server_rec *s) { PK11SlotList *slotList; PK11SlotListElement *listEntry; @@ -52,7 +52,7 @@ SECStatus ssl_Init_Tokens(server_rec *s) parg->mc = mc; parg->retryCount = 0; - PK11_SetPasswordFunc(ssl_password_prompt); + PK11_SetPasswordFunc(nss_password_prompt); slotList = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL); @@ -85,7 +85,7 @@ SECStatus ssl_Init_Tokens(server_rec *s) * reset NSS password callback to blank, so that the server won't prompt * again after initialization is done. */ - PK11_SetPasswordFunc(ssl_no_password); + PK11_SetPasswordFunc(nss_no_password); free(parg); return status; @@ -95,7 +95,7 @@ SECStatus ssl_Init_Tokens(server_rec *s) * Wrapper callback function that prompts the user for the token password * up to 3 times. */ -static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) +static char * nss_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) { char *passwd = NULL; pphrase_arg_t *parg = (pphrase_arg_t *)arg; @@ -106,12 +106,12 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) prompt = PR_smprintf("Please enter password for \"%s\" token:", PK11_GetTokenName(slot)); if (parg == NULL) { // should not happen - passwd = ssl_get_password(stdin, stdout, slot, ssl_check_password, 0); + passwd = nss_get_password(stdin, stdout, slot, nss_check_password, 0); } else { if (parg->retryCount > 2) { passwd = NULL; // abort after 2 retries (3 failed attempts) } else { - passwd = ssl_get_password(stdin, stdout, slot, ssl_check_password, parg); + passwd = nss_get_password(stdin, stdout, slot, nss_check_password, parg); } } @@ -126,7 +126,7 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) if (!APR_STATUS_IS_SUCCESS(rv)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "Unable to write to pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv); - ssl_die(); + nss_die(); } /* Check the result. We don't really care what we got back as long @@ -143,7 +143,7 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) (res != PIN_SUCCESS && res != PIN_INCORRECTPW)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "Unable to read from pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv); - ssl_die(); + nss_die(); } } @@ -155,7 +155,7 @@ static char * ssl_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg) * any actual enforcement here but it demonstrates the sorts of things * that may be done. */ -static PRBool ssl_check_password(unsigned char *cp) +static PRBool nss_check_password(unsigned char *cp) { int len; unsigned char *end, ch; @@ -180,7 +180,7 @@ static PRBool ssl_check_password(unsigned char *cp) * Password callback so the user is not prompted to enter the password * after the server starts. */ -static char * ssl_no_password(PK11SlotInfo *slot, PRBool retry, void *arg) +static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg) { return NULL; } @@ -190,7 +190,7 @@ static char * ssl_no_password(PK11SlotInfo *slot, PRBool retry, void *arg) * twiddling with the tty. Alternatively, if the file password.conf * exists then it may be used to store the token password(s). */ -static unsigned char *ssl_get_password(FILE *input, FILE *output, +static unsigned char *nss_get_password(FILE *input, FILE *output, PK11SlotInfo *slot, PRBool (*ok)(unsigned char *), pphrase_arg_t *parg) @@ -229,7 +229,7 @@ static unsigned char *ssl_get_password(FILE *input, FILE *output, } else { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "Unable to open password file %s", parg->mc->pphrase_dialog_path); - ssl_die(); + nss_die(); } } @@ -246,7 +246,7 @@ static unsigned char *ssl_get_password(FILE *input, FILE *output, if (!APR_STATUS_IS_SUCCESS(rv)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "Unable to write to pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv); - ssl_die(); + nss_die(); } /* The helper just returns a token pw or "", so we don't have much @@ -257,7 +257,7 @@ static unsigned char *ssl_get_password(FILE *input, FILE *output, if (!APR_STATUS_IS_SUCCESS(rv)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL, "Unable to read from pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv); - ssl_die(); + nss_die(); } /* Just return what we got. If we got this far and we don't have a diff --git a/nss_engine_vars.c b/nss_engine_vars.c index 8cb24ce..22d7978 100644 --- a/nss_engine_vars.c +++ b/nss_engine_vars.c @@ -26,33 +26,33 @@ #define CERT_NOTBEFORE 0 #define CERT_NOTAFTER 1 -static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name); -static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var); -static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c); -static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, CERTName *cert, char *var); -static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type); -static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert,char *var); -static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, CERTCertificate *xs); -static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c); -static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var); -static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var); -static char *ssl_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c); - -static int ssl_is_https(conn_rec *c) +static char *nss_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name); +static char *nss_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var); +static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c); +static char *nss_var_lookup_nss_cert_dn(apr_pool_t *p, CERTName *cert, char *var); +static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type); +static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert,char *var); +static char *nss_var_lookup_nss_cert_PEM(apr_pool_t *p, CERTCertificate *xs); +static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c); +static char *nss_var_lookup_nss_cipher(apr_pool_t *p, conn_rec *c, char *var); +static char *nss_var_lookup_nss_version(apr_pool_t *p, char *var); +static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c); + +static int nss_is_https(conn_rec *c) { SSLConnRec *sslconn = myConnConfig(c); return sslconn && sslconn->ssl; } -void ssl_var_register(void) +void nss_var_register(void) { - APR_REGISTER_OPTIONAL_FN(ssl_is_https); - APR_REGISTER_OPTIONAL_FN(ssl_var_lookup); + APR_REGISTER_OPTIONAL_FN(nss_is_https); + APR_REGISTER_OPTIONAL_FN(nss_var_lookup); return; } /* This function must remain safe to use for a non-SSL connection. */ -char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) +char *nss_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var) { SSLModConfigRec *mc = myModConfig(s); char *result; @@ -79,22 +79,22 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, */ if (r != NULL) { if (strcEQ(var, "HTTP_USER_AGENT")) - result = ssl_var_lookup_header(p, r, "User-Agent"); + result = nss_var_lookup_header(p, r, "User-Agent"); else if (strcEQ(var, "HTTP_REFERER")) - result = ssl_var_lookup_header(p, r, "Referer"); + result = nss_var_lookup_header(p, r, "Referer"); else if (strcEQ(var, "HTTP_COOKIE")) - result = ssl_var_lookup_header(p, r, "Cookie"); + result = nss_var_lookup_header(p, r, "Cookie"); else if (strcEQ(var, "HTTP_FORWARDED")) - result = ssl_var_lookup_header(p, r, "Forwarded"); + result = nss_var_lookup_header(p, r, "Forwarded"); else if (strcEQ(var, "HTTP_HOST")) - result = ssl_var_lookup_header(p, r, "Host"); + result = nss_var_lookup_header(p, r, "Host"); else if (strcEQ(var, "HTTP_PROXY_CONNECTION")) - result = ssl_var_lookup_header(p, r, "Proxy-Connection"); + result = nss_var_lookup_header(p, r, "Proxy-Connection"); else if (strcEQ(var, "HTTP_ACCEPT")) - result = ssl_var_lookup_header(p, r, "Accept"); + result = nss_var_lookup_header(p, r, "Accept"); else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5)) /* all other headers from which we are still not know about */ - result = ssl_var_lookup_header(p, r, var+5); + result = nss_var_lookup_header(p, r, var+5); else if (strcEQ(var, "THE_REQUEST")) result = r->the_request; else if (strcEQ(var, "REQUEST_METHOD")) @@ -142,7 +142,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, result = r->ap_auth_type; else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4) && sslconn && sslconn->ssl) - result = ssl_var_lookup_ssl(p, c, var+4); + result = nss_var_lookup_ssl(p, c, var+4); else if (strcEQ(var, "HTTPS")) { if (sslconn && sslconn->ssl) result = "on"; @@ -156,7 +156,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, */ if (result == NULL) { if (strlen(var) > 12 && strcEQn(var, "SSL_VERSION_", 12)) - result = ssl_var_lookup_ssl_version(p, var+12); + result = nss_var_lookup_nss_version(p, var+12); else if (strcEQ(var, "SERVER_SOFTWARE")) result = (char *)ap_get_server_version(); else if (strcEQ(var, "API_VERSION")) { @@ -216,7 +216,7 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, return result; } -static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name) +static char *nss_var_lookup_header(apr_pool_t *p, request_rec *r, const char *name) { char *hdr = NULL; @@ -225,7 +225,7 @@ static char *ssl_var_lookup_header(apr_pool_t *p, request_rec *r, const char *na return hdr; } -static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) +static char *nss_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) { SSLConnRec *sslconn = myConnConfig(c); char *result; @@ -236,10 +236,10 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) ssl = sslconn->ssl; if (strlen(var) > 8 && strcEQn(var, "VERSION_", 8)) { - result = ssl_var_lookup_ssl_version(p, var+8); + result = nss_var_lookup_nss_version(p, var+8); } else if (ssl != NULL && strcEQ(var, "PROTOCOL")) { - result = (char *)ssl_var_lookup_protocol_version(p, c); + result = (char *)nss_var_lookup_protocol_version(p, c); } else if (ssl != NULL && strcEQ(var, "SESSION_ID")) { char *idstr; @@ -258,27 +258,27 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) SECITEM_FreeItem(iditem, PR_TRUE); } else if (ssl != NULL && strlen(var) >= 6 && strcEQn(var, "CIPHER", 6)) { - result = ssl_var_lookup_ssl_cipher(p, c, var+6); + result = nss_var_lookup_nss_cipher(p, c, var+6); } else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) { xs = SSL_PeerCertificate(ssl); if (xs != NULL) { - result = ssl_var_lookup_ssl_cert_chain(p, xs, var+18); + result = nss_var_lookup_nss_cert_chain(p, xs, var+18); CERT_DestroyCertificate(xs); } } else if (ssl != NULL && strcEQ(var, "CLIENT_VERIFY")) { - result = ssl_var_lookup_ssl_cert_verify(p, c); + result = nss_var_lookup_nss_cert_verify(p, c); } else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "CLIENT_", 7)) { if ((xs = SSL_PeerCertificate(ssl)) != NULL) { - result = ssl_var_lookup_ssl_cert(p, xs, var+7, c); + result = nss_var_lookup_nss_cert(p, xs, var+7, c); CERT_DestroyCertificate(xs); } } else if (ssl != NULL && strlen(var) > 7 && strcEQn(var, "SERVER_", 7)) { if ((xs = SSL_LocalCertificate(ssl)) != NULL) { - result = ssl_var_lookup_ssl_cert(p, xs, var+7, c); + result = nss_var_lookup_nss_cert(p, xs, var+7, c); CERT_DestroyCertificate(xs); } } @@ -286,7 +286,7 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, conn_rec *c, char *var) return result; } -static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c) +static char *nss_var_lookup_nss_cert(apr_pool_t *p, CERTCertificate *xs, char *var, conn_rec *c) { char *result; BOOL resdup; @@ -304,10 +304,10 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v resdup = FALSE; } else if (strcEQ(var, "V_START")) { - result = ssl_var_lookup_ssl_cert_valid(p, xs, CERT_NOTBEFORE); + result = nss_var_lookup_nss_cert_valid(p, xs, CERT_NOTBEFORE); } else if (strcEQ(var, "V_END")) { - result = ssl_var_lookup_ssl_cert_valid(p, xs, CERT_NOTAFTER); + result = nss_var_lookup_nss_cert_valid(p, xs, CERT_NOTAFTER); } else if (strcEQ(var, "S_DN")) { xsname = CERT_NameToAscii(&xs->subject); @@ -316,7 +316,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v resdup = FALSE; } else if (strlen(var) > 5 && strcEQn(var, "S_DN_", 5)) { - result = ssl_var_lookup_ssl_cert_dn(p, &xs->subject, var+5); + result = nss_var_lookup_nss_cert_dn(p, &xs->subject, var+5); resdup = FALSE; } else if (strcEQ(var, "I_DN")) { @@ -326,7 +326,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v resdup = FALSE; } else if (strlen(var) > 5 && strcEQn(var, "I_DN_", 5)) { - result = ssl_var_lookup_ssl_cert_dn(p, &xs->issuer, var+5); + result = nss_var_lookup_nss_cert_dn(p, &xs->issuer, var+5); resdup = FALSE; } else if (strcEQ(var, "A_SIG")) { @@ -367,7 +367,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v resdup = FALSE; } else if (strcEQ(var, "CERT")) { - result = ssl_var_lookup_ssl_cert_PEM(p, xs); + result = nss_var_lookup_nss_cert_PEM(p, xs); } if (result != NULL && resdup) @@ -375,7 +375,7 @@ static char *ssl_var_lookup_ssl_cert(apr_pool_t *p, CERTCertificate *xs, char *v return result; } -static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, CERTName *cert, char *var) +static char *nss_var_lookup_nss_cert_dn(apr_pool_t *p, CERTName *cert, char *var) { char *result; char *rv; @@ -413,7 +413,7 @@ static char *ssl_var_lookup_ssl_cert_dn(apr_pool_t *p, CERTName *cert, char *var return result; } -static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type) +static char *nss_var_lookup_nss_cert_valid(apr_pool_t *p, CERTCertificate *xs, int type) { char *result; PRExplodedTime printableTime; @@ -436,7 +436,7 @@ static char *ssl_var_lookup_ssl_cert_valid(apr_pool_t *p, CERTCertificate *xs, i return result; } -static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert, char *var) +static char *nss_var_lookup_nss_cert_chain(apr_pool_t *p, CERTCertificate *cert, char *var) { char *result; CERTCertificateList *chain = NULL; @@ -454,7 +454,7 @@ static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert, if (n <= chain->len-1) { CERTCertificate *c; c = CERT_FindCertByDERCert(CERT_GetDefaultCertDB(), &chain->certs[n]); - result = ssl_var_lookup_ssl_cert_PEM(p, c); + result = nss_var_lookup_nss_cert_PEM(p, c); CERT_DestroyCertificate(c); } } @@ -466,7 +466,7 @@ static char *ssl_var_lookup_ssl_cert_chain(apr_pool_t *p, CERTCertificate *cert, #define CERT_HEADER "-----BEGIN CERTIFICATE-----\n" #define CERT_TRAILER "\n-----END CERTIFICATE-----\n" -static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, CERTCertificate *xs) +static char *nss_var_lookup_nss_cert_PEM(apr_pool_t *p, CERTCertificate *xs) { char * result = NULL; char * tmp = NULL; @@ -503,7 +503,7 @@ static char *ssl_var_lookup_ssl_cert_PEM(apr_pool_t *p, CERTCertificate *xs) return result; } -static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c) +static char *nss_var_lookup_nss_cert_verify(apr_pool_t *p, conn_rec *c) { SSLConnRec *sslconn = myConnConfig(c); char *result; @@ -538,7 +538,7 @@ static char *ssl_var_lookup_ssl_cert_verify(apr_pool_t *p, conn_rec *c) return result; } -static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var) +static char *nss_var_lookup_nss_cipher(apr_pool_t *p, conn_rec *c, char *var) { SSLConnRec *sslconn = myConnConfig(c); char *result; @@ -588,7 +588,7 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, conn_rec *c, char *var) return result; } -static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var) +static char *nss_var_lookup_nss_version(apr_pool_t *p, char *var) { char *result; @@ -610,7 +610,7 @@ static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var) return result; } -static char *ssl_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c) +static char *nss_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c) { char *result; SSLChannelInfo channel; @@ -651,22 +651,22 @@ static char *ssl_var_lookup_protocol_version(apr_pool_t *p, conn_rec *c) #include "mod_log_config.h" -static const char *ssl_var_log_handler_c(request_rec *r, char *a); -static const char *ssl_var_log_handler_x(request_rec *r, char *a); +static const char *nss_var_log_handler_c(request_rec *r, char *a); +static const char *nss_var_log_handler_x(request_rec *r, char *a); /* * register us for the mod_log_config function registering phase * to establish %{...}c and to be able to expand %{...}x variables. */ -void ssl_var_log_config_register(apr_pool_t *p) +void nss_var_log_config_register(apr_pool_t *p) { static APR_OPTIONAL_FN_TYPE(ap_register_log_handler) *log_pfn_register; log_pfn_register = APR_RETRIEVE_OPTIONAL_FN(ap_register_log_handler); if (log_pfn_register) { - log_pfn_register(p, "c", ssl_var_log_handler_c, 0); - log_pfn_register(p, "x", ssl_var_log_handler_x, 0); + log_pfn_register(p, "c", nss_var_log_handler_c, 0); + log_pfn_register(p, "x", nss_var_log_handler_x, 0); } return; } @@ -675,7 +675,7 @@ void ssl_var_log_config_register(apr_pool_t *p) * implement the %{..}c log function * (we are the only function) */ -static const char *ssl_var_log_handler_c(request_rec *r, char *a) +static const char *nss_var_log_handler_c(request_rec *r, char *a) { SSLConnRec *sslconn = myConnConfig(r->connection); char *result; @@ -684,13 +684,13 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a) return NULL; result = NULL; if (strEQ(a, "version")) - result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_PROTOCOL"); + result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_PROTOCOL"); else if (strEQ(a, "cipher")) - result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CIPHER"); + result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CIPHER"); else if (strEQ(a, "subjectdn") || strEQ(a, "clientcert")) - result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN"); + result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_S_DN"); else if (strEQ(a, "issuerdn") || strEQ(a, "cacert")) - result = ssl_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN"); + result = nss_var_lookup(r->pool, r->server, r->connection, r, "SSL_CLIENT_I_DN"); else if (strEQ(a, "errcode")) result = "-"; if (result != NULL && result[0] == NUL) @@ -702,11 +702,11 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a) * extend the implementation of the %{..}x log function * (there can be more functions) */ -static const char *ssl_var_log_handler_x(request_rec *r, char *a) +static const char *nss_var_log_handler_x(request_rec *r, char *a) { char *result; - result = ssl_var_lookup(r->pool, r->server, r->connection, r, a); + result = nss_var_lookup(r->pool, r->server, r->connection, r, a); if (result != NULL && result[0] == NUL) result = NULL; return result; diff --git a/nss_expr.c b/nss_expr.c index 1e6e445..22da3d6 100644 --- a/nss_expr.c +++ b/nss_expr.c @@ -13,19 +13,6 @@ * limitations under the License. */ -/* _ _ - * _ __ ___ ___ __| | ___ ___| | mod_ssl - * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL - * | | | | | | (_) | (_| | \__ \__ \ | - * |_| |_| |_|\___/ \__,_|___|___/___/_| - * |_____| - * ssl_expr.c - * Expression Handling - */ - /* ``It is hard to fly with - the eagles when you work - with the turkeys.'' - -- Unknown */ #include "mod_nss.h" /* _________________________________________________________________ @@ -34,47 +21,47 @@ ** _________________________________________________________________ */ -ssl_expr_info_type ssl_expr_info; -char *ssl_expr_error; +nss_expr_info_type nss_expr_info; +char *nss_expr_error; -ssl_expr *ssl_expr_comp(apr_pool_t *p, char *expr) +nss_expr *nss_expr_comp(apr_pool_t *p, char *expr) { - ssl_expr_info.pool = p; - ssl_expr_info.inputbuf = expr; - ssl_expr_info.inputlen = strlen(expr); - ssl_expr_info.inputptr = ssl_expr_info.inputbuf; - ssl_expr_info.expr = FALSE; + nss_expr_info.pool = p; + nss_expr_info.inputbuf = expr; + nss_expr_info.inputlen = strlen(expr); + nss_expr_info.inputptr = nss_expr_info.inputbuf; + nss_expr_info.expr = FALSE; - ssl_expr_error = NULL; - if (ssl_expr_yyparse()) + nss_expr_error = NULL; + if (nss_expr_yyparse()) return NULL; - return ssl_expr_info.expr; + return nss_expr_info.expr; } -char *ssl_expr_get_error(void) +char *nss_expr_get_error(void) { - if (ssl_expr_error == NULL) + if (nss_expr_error == NULL) return ""; - return ssl_expr_error; + return nss_expr_error; } -ssl_expr *ssl_expr_make(ssl_expr_node_op op, void *a1, void *a2) +nss_expr *nss_expr_make(nss_expr_node_op op, void *a1, void *a2) { - ssl_expr *node; + nss_expr *node; - node = (ssl_expr *)apr_palloc(ssl_expr_info.pool, sizeof(ssl_expr)); + node = (nss_expr *)apr_palloc(nss_expr_info.pool, sizeof(nss_expr)); node->node_op = op; node->node_arg1 = (char *)a1; node->node_arg2 = (char *)a2; return node; } -int ssl_expr_exec(request_rec *r, ssl_expr *expr) +int nss_expr_exec(request_rec *r, nss_expr *expr) { BOOL rc; - rc = ssl_expr_eval(r, expr); - if (ssl_expr_error != NULL) + rc = nss_expr_eval(r, expr); + if (nss_expr_error != NULL) return (-1); else return (rc ? 1 : 0); diff --git a/nss_expr.h b/nss_expr.h index 8399159..462f36c 100644 --- a/nss_expr.h +++ b/nss_expr.h @@ -13,19 +13,8 @@ * limitations under the License. */ -/* _ _ - * _ __ ___ ___ __| | ___ ___| | mod_ssl - * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL - * | | | | | | (_) | (_| | \__ \__ \ | - * |_| |_| |_|\___/ \__,_|___|___/___/_| - * |_____| - * ssl_expr.h - * Expression Handling (Header) - */ - /* ``May all your PUSHes be POPed.'' */ - -#ifndef __SSL_EXPR_H__ -#define __SSL_EXPR_H__ +#ifndef __NSS_EXPR_H__ +#define __NSS_EXPR_H__ #ifndef FALSE #define FALSE 0 @@ -64,40 +53,40 @@ typedef enum { op_True, op_False, op_Not, op_Or, op_And, op_Comp, op_EQ, op_NE, op_LT, op_LE, op_GT, op_GE, op_IN, op_REG, op_NRE, op_Digit, op_String, op_Regex, op_Var, op_Func -} ssl_expr_node_op; +} nss_expr_node_op; typedef struct { - ssl_expr_node_op node_op; + nss_expr_node_op node_op; void *node_arg1; void *node_arg2; apr_pool_t *p; -} ssl_expr_node; +} nss_expr_node; -typedef ssl_expr_node ssl_expr; +typedef nss_expr_node nss_expr; typedef struct { apr_pool_t *pool; char *inputbuf; int inputlen; char *inputptr; - ssl_expr *expr; -} ssl_expr_info_type; + nss_expr *expr; +} nss_expr_info_type; -extern ssl_expr_info_type ssl_expr_info; -extern char *ssl_expr_error; +extern nss_expr_info_type nss_expr_info; +extern char *nss_expr_error; -#define yylval ssl_expr_yylval -#define yyerror ssl_expr_yyerror -#define yyinput ssl_expr_yyinput +#define yylval nss_expr_yylval +#define yyerror nss_expr_yyerror +#define yyinput nss_expr_yyinput -extern int ssl_expr_yyparse(void); -extern int ssl_expr_yyerror(char *); -extern int ssl_expr_yylex(void); +extern int nss_expr_yyparse(void); +extern int nss_expr_yyerror(char *); +extern int nss_expr_yylex(void); -extern ssl_expr *ssl_expr_comp(apr_pool_t *, char *); -extern int ssl_expr_exec(request_rec *, ssl_expr *); -extern char *ssl_expr_get_error(void); -extern ssl_expr *ssl_expr_make(ssl_expr_node_op, void *, void *); -extern BOOL ssl_expr_eval(request_rec *, ssl_expr *); +extern nss_expr *nss_expr_comp(apr_pool_t *, char *); +extern int nss_expr_exec(request_rec *, nss_expr *); +extern char *nss_expr_get_error(void); +extern nss_expr *nss_expr_make(nss_expr_node_op, void *, void *); +extern BOOL nss_expr_eval(request_rec *, nss_expr *); -#endif /* __SSL_EXPR_H__ */ +#endif /* __NSS_EXPR_H__ */ diff --git a/nss_expr_eval.c b/nss_expr_eval.c index c3aa316..ff0545c 100644 --- a/nss_expr_eval.c +++ b/nss_expr_eval.c @@ -13,18 +13,6 @@ * limitations under the License. */ -/* _ _ - * _ __ ___ ___ __| | ___ ___| | mod_ssl - * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL - * | | | | | | (_) | (_| | \__ \__ \ | - * |_| |_| |_|\___/ \__,_|___|___/___/_| - * |_____| - * ssl_expr_eval.c - * Expression Evaluation - */ - /* ``Make love, - not software!'' - -- Unknown */ #include "mod_nss.h" /* _________________________________________________________________ @@ -33,12 +21,12 @@ ** _________________________________________________________________ */ -static BOOL ssl_expr_eval_comp(request_rec *, ssl_expr *); -static char *ssl_expr_eval_word(request_rec *, ssl_expr *); -static char *ssl_expr_eval_func_file(request_rec *, char *); -static int ssl_expr_eval_strcmplex(char *, char *); +static BOOL nss_expr_eval_comp(request_rec *, nss_expr *); +static char *nss_expr_eval_word(request_rec *, nss_expr *); +static char *nss_expr_eval_func_file(request_rec *, char *); +static int nss_expr_eval_strcmplex(char *, char *); -BOOL ssl_expr_eval(request_rec *r, ssl_expr *node) +BOOL nss_expr_eval(request_rec *r, nss_expr *node) { switch (node->node_op) { case op_True: { @@ -48,73 +36,73 @@ BOOL ssl_expr_eval(request_rec *r, ssl_expr *node) return FALSE; } case op_Not: { - ssl_expr *e = (ssl_expr *)node->node_arg1; - return (!ssl_expr_eval(r, e)); + nss_expr *e = (nss_expr *)node->node_arg1; + return (!nss_expr_eval(r, e)); } case op_Or: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (ssl_expr_eval(r, e1) || ssl_expr_eval(r, e2)); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (nss_expr_eval(r, e1) || nss_expr_eval(r, e2)); } case op_And: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (ssl_expr_eval(r, e1) && ssl_expr_eval(r, e2)); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (nss_expr_eval(r, e1) && nss_expr_eval(r, e2)); } case op_Comp: { - ssl_expr *e = (ssl_expr *)node->node_arg1; - return ssl_expr_eval_comp(r, e); + nss_expr *e = (nss_expr *)node->node_arg1; + return nss_expr_eval_comp(r, e); } default: { - ssl_expr_error = "Internal evaluation error: Unknown expression node"; + nss_expr_error = "Internal evaluation error: Unknown expression node"; return FALSE; } } } -static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node) +static BOOL nss_expr_eval_comp(request_rec *r, nss_expr *node) { switch (node->node_op) { case op_EQ: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) == 0); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (strcmp(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) == 0); } case op_NE: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) != 0); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (strcmp(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) != 0); } case op_LT: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) < 0); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) < 0); } case op_LE: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <= 0); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) <= 0); } case op_GT: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) > 0); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) > 0); } case op_GE: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >= 0); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + return (nss_expr_eval_strcmplex(nss_expr_eval_word(r, e1), nss_expr_eval_word(r, e2)) >= 0); } case op_IN: { - ssl_expr *e1 = (ssl_expr *)node->node_arg1; - ssl_expr *e2 = (ssl_expr *)node->node_arg2; - ssl_expr *e3; - char *w1 = ssl_expr_eval_word(r, e1); + nss_expr *e1 = (nss_expr *)node->node_arg1; + nss_expr *e2 = (nss_expr *)node->node_arg2; + nss_expr *e3; + char *w1 = nss_expr_eval_word(r, e1); BOOL found = FALSE; do { - e3 = (ssl_expr *)e2->node_arg1; - e2 = (ssl_expr *)e2->node_arg2; - if (strcmp(w1, ssl_expr_eval_word(r, e3)) == 0) { + e3 = (nss_expr *)e2->node_arg1; + e2 = (nss_expr *)e2->node_arg2; + if (strcmp(w1, nss_expr_eval_word(r, e3)) == 0) { found = TRUE; break; } @@ -122,37 +110,37 @@ static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node) return found; } case op_REG: { - ssl_expr *e1; - ssl_expr *e2; + nss_expr *e1; + nss_expr *e2; char *word; regex_t *regex; - e1 = (ssl_expr *)node->node_arg1; - e2 = (ssl_expr *)node->node_arg2; - word = ssl_expr_eval_word(r, e1); + e1 = (nss_expr *)node->node_arg1; + e2 = (nss_expr *)node->node_arg2; + word = nss_expr_eval_word(r, e1); regex = (regex_t *)(e2->node_arg1); return (ap_regexec(regex, word, 0, NULL, 0) == 0); } case op_NRE: { - ssl_expr *e1; - ssl_expr *e2; + nss_expr *e1; + nss_expr *e2; char *word; regex_t *regex; - e1 = (ssl_expr *)node->node_arg1; - e2 = (ssl_expr *)node->node_arg2; - word = ssl_expr_eval_word(r, e1); + e1 = (nss_expr *)node->node_arg1; + e2 = (nss_expr *)node->node_arg2; + word = nss_expr_eval_word(r, e1); regex = (regex_t *)(e2->node_arg1); return !(ap_regexec(regex, word, 0, NULL, 0) == 0); } default: { - ssl_expr_error = "Internal evaluation error: Unknown expression node"; + nss_expr_error = "Internal evaluation error: Unknown expression node"; return FALSE; } } } -static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node) +static char *nss_expr_eval_word(request_rec *r, nss_expr *node) { switch (node->node_op) { case op_Digit: { @@ -165,27 +153,27 @@ static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node) } case op_Var: { char *var = (char *)node->node_arg1; - char *val = ssl_var_lookup(r->pool, r->server, r->connection, r, var); + char *val = nss_var_lookup(r->pool, r->server, r->connection, r, var); return (val == NULL ? "" : val); } case op_Func: { char *name = (char *)node->node_arg1; - ssl_expr *args = (ssl_expr *)node->node_arg2; + nss_expr *args = (nss_expr *)node->node_arg2; if (strEQ(name, "file")) - return ssl_expr_eval_func_file(r, (char *)(args->node_arg1)); + return nss_expr_eval_func_file(r, (char *)(args->node_arg1)); else { - ssl_expr_error = "Internal evaluation error: Unknown function name"; + nss_expr_error = "Internal evaluation error: Unknown function name"; return ""; } } default: { - ssl_expr_error = "Internal evaluation error: Unknown expression node"; + nss_expr_error = "Internal evaluation error: Unknown expression node"; return FALSE; } } } -static char *ssl_expr_eval_func_file(request_rec *r, char *filename) +static char *nss_expr_eval_func_file(request_rec *r, char *filename) { apr_file_t *fp; char *buf; @@ -195,12 +183,12 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename) if (apr_file_open(&fp, filename, APR_READ|APR_BUFFERED, APR_OS_DEFAULT, r->pool) != APR_SUCCESS) { - ssl_expr_error = "Cannot open file"; + nss_expr_error = "Cannot open file"; return ""; } apr_file_info_get(&finfo, APR_FINFO_SIZE, fp); if ((finfo.size + 1) != ((apr_size_t)finfo.size + 1)) { - ssl_expr_error = "Huge file cannot be read"; + nss_expr_error = "Huge file cannot be read"; apr_file_close(fp); return ""; } @@ -211,14 +199,14 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename) } else { if ((buf = (char *)apr_palloc(r->pool, sizeof(char)*(len+1))) == NULL) { - ssl_expr_error = "Cannot allocate memory"; + nss_expr_error = "Cannot allocate memory"; apr_file_close(fp); return ""; } offset = 0; apr_file_seek(fp, APR_SET, &offset); if (apr_file_read(fp, buf, &len) != APR_SUCCESS) { - ssl_expr_error = "Cannot read from file"; + nss_expr_error = "Cannot read from file"; apr_file_close(fp); return ""; } @@ -229,7 +217,7 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename) } /* a variant of strcmp(3) which works correctly also for number strings */ -static int ssl_expr_eval_strcmplex(char *cpNum1, char *cpNum2) +static int nss_expr_eval_strcmplex(char *cpNum1, char *cpNum2) { int i, n1, n2; diff --git a/nss_expr_parse.c b/nss_expr_parse.c new file mode 100644 index 0000000..cdca82e --- /dev/null +++ b/nss_expr_parse.c @@ -0,0 +1,1079 @@ + +/* A Bison parser, made from nss_expr_parse.y + by GNU Bison version 1.28 */ + +#define YYBISON 1 /* Identify Bison output. */ + +#define T_TRUE 257 +#define T_FALSE 258 +#define T_DIGIT 259 +#define T_ID 260 +#define T_STRING 261 +#define T_REGEX 262 +#define T_REGEX_I 263 +#define T_FUNC_FILE 264 +#define T_OP_EQ 265 +#define T_OP_NE 266 +#define T_OP_LT 267 +#define T_OP_LE 268 +#define T_OP_GT 269 +#define T_OP_GE 270 +#define T_OP_REG 271 +#define T_OP_NRE 272 +#define T_OP_IN 273 +#define T_OP_OR 274 +#define T_OP_AND 275 +#define T_OP_NOT 276 + +#line 22 "nss_expr_parse.y" + +#include "mod_nss.h" + +#line 26 "nss_expr_parse.y" +typedef union { + char *cpVal; + nss_expr *exVal; +} YYSTYPE; +#include + +#ifndef __cplusplus +#ifndef __STDC__ +#define const +#endif +#endif + + + +#define YYFINAL 53 +#define YYFLAG -32768 +#define YYNTBASE 29 + +#define YYTRANSLATE(x) ((unsigned)(x) <= 276 ? nss_expr_yytranslate[x] : 36) + +static const char nss_expr_yytranslate[] = { 0, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 28, 2, 2, 23, + 24, 2, 2, 27, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 25, 2, 26, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 1, 3, 4, 5, 6, + 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, + 17, 18, 19, 20, 21, 22 +}; + +#if YYDEBUG != 0 +static const short nss_expr_yyprhs[] = { 0, + 0, 2, 4, 6, 9, 13, 17, 19, 23, 27, + 31, 35, 39, 43, 47, 53, 57, 61, 63, 67, + 69, 71, 76, 78, 80, 82 +}; + +static const short nss_expr_yyrhs[] = { 30, + 0, 3, 0, 4, 0, 22, 30, 0, 30, 20, + 30, 0, 30, 21, 30, 0, 31, 0, 23, 30, + 24, 0, 33, 11, 33, 0, 33, 12, 33, 0, + 33, 13, 33, 0, 33, 14, 33, 0, 33, 15, + 33, 0, 33, 16, 33, 0, 33, 19, 25, 32, + 26, 0, 33, 17, 34, 0, 33, 18, 34, 0, + 33, 0, 32, 27, 33, 0, 5, 0, 7, 0, + 28, 25, 6, 26, 0, 35, 0, 8, 0, 9, + 0, 10, 23, 7, 24, 0 +}; + +#endif + +#if YYDEBUG != 0 +static const short nss_expr_yyrline[] = { 0, + 69, 72, 73, 74, 75, 76, 77, 78, 81, 82, + 83, 84, 85, 86, 87, 88, 89, 92, 93, 96, + 97, 98, 99, 102, 111, 122 +}; +#endif + + +#if YYDEBUG != 0 || defined (YYERROR_VERBOSE) + +static const char * const nss_expr_yytname[] = { "$","error","$undefined.","T_TRUE", +"T_FALSE","T_DIGIT","T_ID","T_STRING","T_REGEX","T_REGEX_I","T_FUNC_FILE","T_OP_EQ", +"T_OP_NE","T_OP_LT","T_OP_LE","T_OP_GT","T_OP_GE","T_OP_REG","T_OP_NRE","T_OP_IN", +"T_OP_OR","T_OP_AND","T_OP_NOT","'('","')'","'{'","'}'","','","'%'","root","expr", +"comparison","words","word","regex","funccall", NULL +}; +#endif + +static const short nss_expr_yyr1[] = { 0, + 29, 30, 30, 30, 30, 30, 30, 30, 31, 31, + 31, 31, 31, 31, 31, 31, 31, 32, 32, 33, + 33, 33, 33, 34, 34, 35 +}; + +static const short nss_expr_yyr2[] = { 0, + 1, 1, 1, 2, 3, 3, 1, 3, 3, 3, + 3, 3, 3, 3, 5, 3, 3, 1, 3, 1, + 1, 4, 1, 1, 1, 4 +}; + +static const short nss_expr_yydefact[] = { 0, + 2, 3, 20, 21, 0, 0, 0, 0, 1, 7, + 0, 23, 0, 4, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 8, 0, + 5, 6, 9, 10, 11, 12, 13, 14, 24, 25, + 16, 17, 0, 26, 22, 0, 18, 15, 0, 19, + 0, 0, 0 +}; + +static const short nss_expr_yydefgoto[] = { 51, + 9, 10, 46, 11, 41, 12 +}; + +static const short nss_expr_yypact[] = { 3, +-32768,-32768,-32768,-32768, -11, 3, 3, -10, 0,-32768, + 22,-32768, 16,-32768, -2, 23, 3, 3, 4, 4, + 4, 4, 4, 4, 34, 34, 21, 24,-32768, 25, + 26,-32768,-32768,-32768,-32768,-32768,-32768,-32768,-32768,-32768, +-32768,-32768, 4,-32768,-32768, 18,-32768,-32768, 4,-32768, + 49, 50,-32768 +}; + +static const short nss_expr_yypgoto[] = {-32768, + 10,-32768,-32768, -19, 27,-32768 +}; + + +#define YYLAST 53 + + +static const short nss_expr_yytable[] = { 33, + 34, 35, 36, 37, 38, 1, 2, 3, 3, 4, + 4, 13, 5, 5, 16, 14, 15, 17, 18, 17, + 18, 29, 28, 47, 6, 7, 31, 32, 30, 50, + 8, 8, 19, 20, 21, 22, 23, 24, 25, 26, + 27, 39, 40, 48, 49, 43, 18, 44, 52, 53, + 45, 0, 42 +}; + +static const short nss_expr_yycheck[] = { 19, + 20, 21, 22, 23, 24, 3, 4, 5, 5, 7, + 7, 23, 10, 10, 25, 6, 7, 20, 21, 20, + 21, 24, 7, 43, 22, 23, 17, 18, 6, 49, + 28, 28, 11, 12, 13, 14, 15, 16, 17, 18, + 19, 8, 9, 26, 27, 25, 21, 24, 0, 0, + 26, -1, 26 +}; +/* -*-C-*- Note some compilers choke on comments on `#line' lines. */ +#line 3 "/usr/lib/bison.simple" +/* This file comes from bison-1.28. */ + +/* Skeleton output parser for bison, + Copyright (C) 1984, 1989, 1990 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. */ + +/* As a special exception, when this file is copied by Bison into a + Bison output file, you may use that output file without restriction. + This special exception was added by the Free Software Foundation + in version 1.24 of Bison. */ + +/* This is the parser code that is written into each bison parser + when the %semantic_parser declaration is not specified in the grammar. + It was written by Richard Stallman by simplifying the hairy parser + used when %semantic_parser is specified. */ + +#ifndef YYSTACK_USE_ALLOCA +#ifdef alloca +#define YYSTACK_USE_ALLOCA +#else /* alloca not defined */ +#ifdef __GNUC__ +#define YYSTACK_USE_ALLOCA +#define alloca __builtin_alloca +#else /* not GNU C. */ +#if (!defined (__STDC__) && defined (sparc)) || defined (__sparc__) || defined (__sparc) || defined (__sgi) || (defined (__sun) && defined (__i386)) +#define YYSTACK_USE_ALLOCA +#include +#else /* not sparc */ +/* We think this test detects Watcom and Microsoft C. */ +/* This used to test MSDOS, but that is a bad idea + since that symbol is in the user namespace. */ +#if (defined (_MSDOS) || defined (_MSDOS_)) && !defined (__TURBOC__) +#if 0 /* No need for malloc.h, which pollutes the namespace; + instead, just don't use alloca. */ +#include +#endif +#else /* not MSDOS, or __TURBOC__ */ +#if defined(_AIX) +/* I don't know what this was needed for, but it pollutes the namespace. + So I turned it off. rms, 2 May 1997. */ +/* #include */ + #pragma alloca +#define YYSTACK_USE_ALLOCA +#else /* not MSDOS, or __TURBOC__, or _AIX */ +#if 0 +#ifdef __hpux /* haible@ilog.fr says this works for HPUX 9.05 and up, + and on HPUX 10. Eventually we can turn this on. */ +#define YYSTACK_USE_ALLOCA +#define alloca __builtin_alloca +#endif /* __hpux */ +#endif +#endif /* not _AIX */ +#endif /* not MSDOS, or __TURBOC__ */ +#endif /* not sparc */ +#endif /* not GNU C */ +#endif /* alloca not defined */ +#endif /* YYSTACK_USE_ALLOCA not defined */ + +#ifdef YYSTACK_USE_ALLOCA +#define YYSTACK_ALLOC alloca +#else +#define YYSTACK_ALLOC malloc +#endif + +/* Note: there must be only one dollar sign in this file. + It is replaced by the list of actions, each action + as one case of the switch. */ + +#define nss_expr_yyerrok (nss_expr_yyerrstatus = 0) +#define nss_expr_yyclearin (nss_expr_yychar = YYEMPTY) +#define YYEMPTY -2 +#define YYEOF 0 +#define YYACCEPT goto nss_expr_yyacceptlab +#define YYABORT goto nss_expr_yyabortlab +#define YYERROR goto nss_expr_yyerrlab1 +/* Like YYERROR except do call nss_expr_yyerror. + This remains here temporarily to ease the + transition to the new meaning of YYERROR, for GCC. + Once GCC version 2 has supplanted version 1, this can go. */ +#define YYFAIL goto nss_expr_yyerrlab +#define YYRECOVERING() (!!nss_expr_yyerrstatus) +#define YYBACKUP(token, value) \ +do \ + if (nss_expr_yychar == YYEMPTY && nss_expr_yylen == 1) \ + { nss_expr_yychar = (token), nss_expr_yylval = (value); \ + nss_expr_yychar1 = YYTRANSLATE (nss_expr_yychar); \ + YYPOPSTACK; \ + goto nss_expr_yybackup; \ + } \ + else \ + { nss_expr_yyerror ("syntax error: cannot back up"); YYERROR; } \ +while (0) + +#define YYTERROR 1 +#define YYERRCODE 256 + +#ifndef YYPURE +#define YYLEX nss_expr_yylex() +#endif + +#ifdef YYPURE +#ifdef YYLSP_NEEDED +#ifdef YYLEX_PARAM +#define YYLEX nss_expr_yylex(&nss_expr_yylval, &nss_expr_yylloc, YYLEX_PARAM) +#else +#define YYLEX nss_expr_yylex(&nss_expr_yylval, &nss_expr_yylloc) +#endif +#else /* not YYLSP_NEEDED */ +#ifdef YYLEX_PARAM +#define YYLEX nss_expr_yylex(&nss_expr_yylval, YYLEX_PARAM) +#else +#define YYLEX nss_expr_yylex(&nss_expr_yylval) +#endif +#endif /* not YYLSP_NEEDED */ +#endif + +/* If nonreentrant, generate the variables here */ + +#ifndef YYPURE + +int nss_expr_yychar; /* the lookahead symbol */ +YYSTYPE nss_expr_yylval; /* the semantic value of the */ + /* lookahead symbol */ + +#ifdef YYLSP_NEEDED +YYLTYPE nss_expr_yylloc; /* location data for the lookahead */ + /* symbol */ +#endif + +int nss_expr_yynerrs; /* number of parse errors so far */ +#endif /* not YYPURE */ + +#if YYDEBUG != 0 +int nss_expr_yydebug; /* nonzero means print parse trace */ +/* Since this is uninitialized, it does not stop multiple parsers + from coexisting. */ +#endif + +/* YYINITDEPTH indicates the initial size of the parser's stacks */ + +#ifndef YYINITDEPTH +#define YYINITDEPTH 200 +#endif + +/* YYMAXDEPTH is the maximum size the stacks can grow to + (effective only if the built-in stack extension method is used). */ + +#if YYMAXDEPTH == 0 +#undef YYMAXDEPTH +#endif + +#ifndef YYMAXDEPTH +#define YYMAXDEPTH 10000 +#endif + +/* Define __nss_expr_yy_memcpy. Note that the size argument + should be passed with type unsigned int, because that is what the non-GCC + definitions require. With GCC, __builtin_memcpy takes an arg + of type size_t, but it can handle unsigned int. */ + +#if __GNUC__ > 1 /* GNU C and GNU C++ define this. */ +#define __nss_expr_yy_memcpy(TO,FROM,COUNT) __builtin_memcpy(TO,FROM,COUNT) +#else /* not GNU C or C++ */ +#ifndef __cplusplus + +/* This is the most reliable way to avoid incompatibilities + in available built-in functions on various systems. */ +static void +__nss_expr_yy_memcpy (to, from, count) + char *to; + char *from; + unsigned int count; +{ + register char *f = from; + register char *t = to; + register int i = count; + + while (i-- > 0) + *t++ = *f++; +} + +#else /* __cplusplus */ + +/* This is the most reliable way to avoid incompatibilities + in available built-in functions on various systems. */ +static void +__nss_expr_yy_memcpy (char *to, char *from, unsigned int count) +{ + register char *t = to; + register char *f = from; + register int i = count; + + while (i-- > 0) + *t++ = *f++; +} + +#endif +#endif + +#line 217 "/usr/lib/bison.simple" + +/* The user can define YYPARSE_PARAM as the name of an argument to be passed + into nss_expr_yyparse. The argument should have type void *. + It should actually point to an object. + Grammar actions can access the variable by casting it + to the proper pointer type. */ + +#ifdef YYPARSE_PARAM +#ifdef __cplusplus +#define YYPARSE_PARAM_ARG void *YYPARSE_PARAM +#define YYPARSE_PARAM_DECL +#else /* not __cplusplus */ +#define YYPARSE_PARAM_ARG YYPARSE_PARAM +#define YYPARSE_PARAM_DECL void *YYPARSE_PARAM; +#endif /* not __cplusplus */ +#else /* not YYPARSE_PARAM */ +#define YYPARSE_PARAM_ARG +#define YYPARSE_PARAM_DECL +#endif /* not YYPARSE_PARAM */ + +/* Prevent warning if -Wstrict-prototypes. */ +#ifdef __GNUC__ +#ifdef YYPARSE_PARAM +int nss_expr_yyparse (void *); +#else +int nss_expr_yyparse (void); +#endif +#endif + +int +nss_expr_yyparse(YYPARSE_PARAM_ARG) + YYPARSE_PARAM_DECL +{ + register int nss_expr_yystate; + register int nss_expr_yyn; + register short *nss_expr_yyssp; + register YYSTYPE *nss_expr_yyvsp; + int nss_expr_yyerrstatus; /* number of tokens to shift before error messages enabled */ + int nss_expr_yychar1 = 0; /* lookahead token as an internal (translated) token number */ + + short nss_expr_yyssa[YYINITDEPTH]; /* the state stack */ + YYSTYPE nss_expr_yyvsa[YYINITDEPTH]; /* the semantic value stack */ + + short *nss_expr_yyss = nss_expr_yyssa; /* refer to the stacks thru separate pointers */ + YYSTYPE *nss_expr_yyvs = nss_expr_yyvsa; /* to allow nss_expr_yyoverflow to reallocate them elsewhere */ + +#ifdef YYLSP_NEEDED + YYLTYPE nss_expr_yylsa[YYINITDEPTH]; /* the location stack */ + YYLTYPE *nss_expr_yyls = nss_expr_yylsa; + YYLTYPE *nss_expr_yylsp; + +#define YYPOPSTACK (nss_expr_yyvsp--, nss_expr_yyssp--, nss_expr_yylsp--) +#else +#define YYPOPSTACK (nss_expr_yyvsp--, nss_expr_yyssp--) +#endif + + int nss_expr_yystacksize = YYINITDEPTH; + int nss_expr_yyfree_stacks = 0; + +#ifdef YYPURE + int nss_expr_yychar; + YYSTYPE nss_expr_yylval; + int nss_expr_yynerrs; +#ifdef YYLSP_NEEDED + YYLTYPE nss_expr_yylloc; +#endif +#endif + + YYSTYPE nss_expr_yyval; /* the variable used to return */ + /* semantic values from the action */ + /* routines */ + + int nss_expr_yylen; + +#if YYDEBUG != 0 + if (nss_expr_yydebug) + fprintf(stderr, "Starting parse\n"); +#endif + + nss_expr_yystate = 0; + nss_expr_yyerrstatus = 0; + nss_expr_yynerrs = 0; + nss_expr_yychar = YYEMPTY; /* Cause a token to be read. */ + + /* Initialize stack pointers. + Waste one element of value and location stack + so that they stay on the same level as the state stack. + The wasted elements are never initialized. */ + + nss_expr_yyssp = nss_expr_yyss - 1; + nss_expr_yyvsp = nss_expr_yyvs; +#ifdef YYLSP_NEEDED + nss_expr_yylsp = nss_expr_yyls; +#endif + +/* Push a new state, which is found in nss_expr_yystate . */ +/* In all cases, when you get here, the value and location stacks + have just been pushed. so pushing a state here evens the stacks. */ +nss_expr_yynewstate: + + *++nss_expr_yyssp = nss_expr_yystate; + + if (nss_expr_yyssp >= nss_expr_yyss + nss_expr_yystacksize - 1) + { + /* Give user a chance to reallocate the stack */ + /* Use copies of these so that the &'s don't force the real ones into memory. */ + YYSTYPE *nss_expr_yyvs1 = nss_expr_yyvs; + short *nss_expr_yyss1 = nss_expr_yyss; +#ifdef YYLSP_NEEDED + YYLTYPE *nss_expr_yyls1 = nss_expr_yyls; +#endif + + /* Get the current used size of the three stacks, in elements. */ + int size = nss_expr_yyssp - nss_expr_yyss + 1; + +#ifdef nss_expr_yyoverflow + /* Each stack pointer address is followed by the size of + the data in use in that stack, in bytes. */ +#ifdef YYLSP_NEEDED + /* This used to be a conditional around just the two extra args, + but that might be undefined if nss_expr_yyoverflow is a macro. */ + nss_expr_yyoverflow("parser stack overflow", + &nss_expr_yyss1, size * sizeof (*nss_expr_yyssp), + &nss_expr_yyvs1, size * sizeof (*nss_expr_yyvsp), + &nss_expr_yyls1, size * sizeof (*nss_expr_yylsp), + &nss_expr_yystacksize); +#else + nss_expr_yyoverflow("parser stack overflow", + &nss_expr_yyss1, size * sizeof (*nss_expr_yyssp), + &nss_expr_yyvs1, size * sizeof (*nss_expr_yyvsp), + &nss_expr_yystacksize); +#endif + + nss_expr_yyss = nss_expr_yyss1; nss_expr_yyvs = nss_expr_yyvs1; +#ifdef YYLSP_NEEDED + nss_expr_yyls = nss_expr_yyls1; +#endif +#else /* no nss_expr_yyoverflow */ + /* Extend the stack our own way. */ + if (nss_expr_yystacksize >= YYMAXDEPTH) + { + nss_expr_yyerror("parser stack overflow"); + if (nss_expr_yyfree_stacks) + { + free (nss_expr_yyss); + free (nss_expr_yyvs); +#ifdef YYLSP_NEEDED + free (nss_expr_yyls); +#endif + } + return 2; + } + nss_expr_yystacksize *= 2; + if (nss_expr_yystacksize > YYMAXDEPTH) + nss_expr_yystacksize = YYMAXDEPTH; +#ifndef YYSTACK_USE_ALLOCA + nss_expr_yyfree_stacks = 1; +#endif + nss_expr_yyss = (short *) YYSTACK_ALLOC (nss_expr_yystacksize * sizeof (*nss_expr_yyssp)); + __nss_expr_yy_memcpy ((char *)nss_expr_yyss, (char *)nss_expr_yyss1, + size * (unsigned int) sizeof (*nss_expr_yyssp)); + nss_expr_yyvs = (YYSTYPE *) YYSTACK_ALLOC (nss_expr_yystacksize * sizeof (*nss_expr_yyvsp)); + __nss_expr_yy_memcpy ((char *)nss_expr_yyvs, (char *)nss_expr_yyvs1, + size * (unsigned int) sizeof (*nss_expr_yyvsp)); +#ifdef YYLSP_NEEDED + nss_expr_yyls = (YYLTYPE *) YYSTACK_ALLOC (nss_expr_yystacksize * sizeof (*nss_expr_yylsp)); + __nss_expr_yy_memcpy ((char *)nss_expr_yyls, (char *)nss_expr_yyls1, + size * (unsigned int) sizeof (*nss_expr_yylsp)); +#endif +#endif /* no nss_expr_yyoverflow */ + + nss_expr_yyssp = nss_expr_yyss + size - 1; + nss_expr_yyvsp = nss_expr_yyvs + size - 1; +#ifdef YYLSP_NEEDED + nss_expr_yylsp = nss_expr_yyls + size - 1; +#endif + +#if YYDEBUG != 0 + if (nss_expr_yydebug) + fprintf(stderr, "Stack size increased to %d\n", nss_expr_yystacksize); +#endif + + if (nss_expr_yyssp >= nss_expr_yyss + nss_expr_yystacksize - 1) + YYABORT; + } + +#if YYDEBUG != 0 + if (nss_expr_yydebug) + fprintf(stderr, "Entering state %d\n", nss_expr_yystate); +#endif + + goto nss_expr_yybackup; + nss_expr_yybackup: + +/* Do appropriate processing given the current state. */ +/* Read a lookahead token if we need one and don't already have one. */ +/* nss_expr_yyresume: */ + + /* First try to decide what to do without reference to lookahead token. */ + + nss_expr_yyn = nss_expr_yypact[nss_expr_yystate]; + if (nss_expr_yyn == YYFLAG) + goto nss_expr_yydefault; + + /* Not known => get a lookahead token if don't already have one. */ + + /* nss_expr_yychar is either YYEMPTY or YYEOF + or a valid token in external form. */ + + if (nss_expr_yychar == YYEMPTY) + { +#if YYDEBUG != 0 + if (nss_expr_yydebug) + fprintf(stderr, "Reading a token: "); +#endif + nss_expr_yychar = YYLEX; + } + + /* Convert token to internal form (in nss_expr_yychar1) for indexing tables with */ + + if (nss_expr_yychar <= 0) /* This means end of input. */ + { + nss_expr_yychar1 = 0; + nss_expr_yychar = YYEOF; /* Don't call YYLEX any more */ + +#if YYDEBUG != 0 + if (nss_expr_yydebug) + fprintf(stderr, "Now at end of input.\n"); +#endif + } + else + { + nss_expr_yychar1 = YYTRANSLATE(nss_expr_yychar); + +#if YYDEBUG != 0 + if (nss_expr_yydebug) + { + fprintf (stderr, "Next token is %d (%s", nss_expr_yychar, nss_expr_yytname[nss_expr_yychar1]); + /* Give the individual parser a way to print the precise meaning + of a token, for further debugging info. */ +#ifdef YYPRINT + YYPRINT (stderr, nss_expr_yychar, nss_expr_yylval); +#endif + fprintf (stderr, ")\n"); + } +#endif + } + + nss_expr_yyn += nss_expr_yychar1; + if (nss_expr_yyn < 0 || nss_expr_yyn > YYLAST || nss_expr_yycheck[nss_expr_yyn] != nss_expr_yychar1) + goto nss_expr_yydefault; + + nss_expr_yyn = nss_expr_yytable[nss_expr_yyn]; + + /* nss_expr_yyn is what to do for this token type in this state. + Negative => reduce, -nss_expr_yyn is rule number. + Positive => shift, nss_expr_yyn is new state. + New state is final state => don't bother to shift, + just return success. + 0, or most negative number => error. */ + + if (nss_expr_yyn < 0) + { + if (nss_expr_yyn == YYFLAG) + goto nss_expr_yyerrlab; + nss_expr_yyn = -nss_expr_yyn; + goto nss_expr_yyreduce; + } + else if (nss_expr_yyn == 0) + goto nss_expr_yyerrlab; + + if (nss_expr_yyn == YYFINAL) + YYACCEPT; + + /* Shift the lookahead token. */ + +#if YYDEBUG != 0 + if (nss_expr_yydebug) + fprintf(stderr, "Shifting token %d (%s), ", nss_expr_yychar, nss_expr_yytname[nss_expr_yychar1]); +#endif + + /* Discard the token being shifted unless it is eof. */ + if (nss_expr_yychar != YYEOF) + nss_expr_yychar = YYEMPTY; + + *++nss_expr_yyvsp = nss_expr_yylval; +#ifdef YYLSP_NEEDED + *++nss_expr_yylsp = nss_expr_yylloc; +#endif + + /* count tokens shifted since error; after three, turn off error status. */ + if (nss_expr_yyerrstatus) nss_expr_yyerrstatus--; + + nss_expr_yystate = nss_expr_yyn; + goto nss_expr_yynewstate; + +/* Do the default action for the current state. */ +nss_expr_yydefault: + + nss_expr_yyn = nss_expr_yydefact[nss_expr_yystate]; + if (nss_expr_yyn == 0) + goto nss_expr_yyerrlab; + +/* Do a reduction. nss_expr_yyn is the number of a rule to reduce with. */ +nss_expr_yyreduce: + nss_expr_yylen = nss_expr_yyr2[nss_expr_yyn]; + if (nss_expr_yylen > 0) + nss_expr_yyval = nss_expr_yyvsp[1-nss_expr_yylen]; /* implement default value of the action */ + +#if YYDEBUG != 0 + if (nss_expr_yydebug) + { + int i; + + fprintf (stderr, "Reducing via rule %d (line %d), ", + nss_expr_yyn, nss_expr_yyrline[nss_expr_yyn]); + + /* Print the symbols being reduced, and their result. */ + for (i = nss_expr_yyprhs[nss_expr_yyn]; nss_expr_yyrhs[i] > 0; i++) + fprintf (stderr, "%s ", nss_expr_yytname[nss_expr_yyrhs[i]]); + fprintf (stderr, " -> %s\n", nss_expr_yytname[nss_expr_yyr1[nss_expr_yyn]]); + } +#endif + + + switch (nss_expr_yyn) { + +case 1: +#line 69 "nss_expr_parse.y" +{ nss_expr_info.expr = nss_expr_yyvsp[0].exVal; ; + break;} +case 2: +#line 72 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_True, NULL, NULL); ; + break;} +case 3: +#line 73 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_False, NULL, NULL); ; + break;} +case 4: +#line 74 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_Not, nss_expr_yyvsp[0].exVal, NULL); ; + break;} +case 5: +#line 75 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_Or, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; + break;} +case 6: +#line 76 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_And, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; + break;} +case 7: +#line 77 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_Comp, nss_expr_yyvsp[0].exVal, NULL); ; + break;} +case 8: +#line 78 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_yyvsp[-1].exVal; ; + break;} +case 9: +#line 81 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_EQ, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; + break;} +case 10: +#line 82 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_NE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; + break;} +case 11: +#line 83 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_LT, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; + break;} +case 12: +#line 84 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_LE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; + break;} +case 13: +#line 85 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_GT, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; + break;} +case 14: +#line 86 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_GE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; + break;} +case 15: +#line 87 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_IN, nss_expr_yyvsp[-4].exVal, nss_expr_yyvsp[-1].exVal); ; + break;} +case 16: +#line 88 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_REG, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; + break;} +case 17: +#line 89 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_NRE, nss_expr_yyvsp[-2].exVal, nss_expr_yyvsp[0].exVal); ; + break;} +case 18: +#line 92 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_ListElement, nss_expr_yyvsp[0].exVal, NULL); ; + break;} +case 19: +#line 93 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_ListElement, nss_expr_yyvsp[0].exVal, nss_expr_yyvsp[-2].exVal); ; + break;} +case 20: +#line 96 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_Digit, nss_expr_yyvsp[0].cpVal, NULL); ; + break;} +case 21: +#line 97 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_String, nss_expr_yyvsp[0].cpVal, NULL); ; + break;} +case 22: +#line 98 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_make(op_Var, nss_expr_yyvsp[-1].cpVal, NULL); ; + break;} +case 23: +#line 99 "nss_expr_parse.y" +{ nss_expr_yyval.exVal = nss_expr_yyvsp[0].exVal; ; + break;} +case 24: +#line 102 "nss_expr_parse.y" +{ + regex_t *regex; + if ((regex = ap_pregcomp(nss_expr_info.pool, nss_expr_yyvsp[0].cpVal, + REG_EXTENDED|REG_NOSUB)) == NULL) { + nss_expr_error = "Failed to compile regular expression"; + YYERROR; + } + nss_expr_yyval.exVal = nss_expr_make(op_Regex, regex, NULL); + ; + break;} +case 25: +#line 111 "nss_expr_parse.y" +{ + regex_t *regex; + if ((regex = ap_pregcomp(nss_expr_info.pool, nss_expr_yyvsp[0].cpVal, + REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) { + nss_expr_error = "Failed to compile regular expression"; + YYERROR; + } + nss_expr_yyval.exVal = nss_expr_make(op_Regex, regex, NULL); + ; + break;} +case 26: +#line 122 "nss_expr_parse.y" +{ + nss_expr *args = nss_expr_make(op_ListElement, nss_expr_yyvsp[-1].cpVal, NULL); + nss_expr_yyval.exVal = nss_expr_make(op_Func, "file", args); + ; + break;} +} + /* the action file gets copied in in place of this dollarsign */ +#line 543 "/usr/lib/bison.simple" + + nss_expr_yyvsp -= nss_expr_yylen; + nss_expr_yyssp -= nss_expr_yylen; +#ifdef YYLSP_NEEDED + nss_expr_yylsp -= nss_expr_yylen; +#endif + +#if YYDEBUG != 0 + if (nss_expr_yydebug) + { + short *ssp1 = nss_expr_yyss - 1; + fprintf (stderr, "state stack now"); + while (ssp1 != nss_expr_yyssp) + fprintf (stderr, " %d", *++ssp1); + fprintf (stderr, "\n"); + } +#endif + + *++nss_expr_yyvsp = nss_expr_yyval; + +#ifdef YYLSP_NEEDED + nss_expr_yylsp++; + if (nss_expr_yylen == 0) + { + nss_expr_yylsp->first_line = nss_expr_yylloc.first_line; + nss_expr_yylsp->first_column = nss_expr_yylloc.first_column; + nss_expr_yylsp->last_line = (nss_expr_yylsp-1)->last_line; + nss_expr_yylsp->last_column = (nss_expr_yylsp-1)->last_column; + nss_expr_yylsp->text = 0; + } + else + { + nss_expr_yylsp->last_line = (nss_expr_yylsp+nss_expr_yylen-1)->last_line; + nss_expr_yylsp->last_column = (nss_expr_yylsp+nss_expr_yylen-1)->last_column; + } +#endif + + /* Now "shift" the result of the reduction. + Determine what state that goes to, + based on the state we popped back to + and the rule number reduced by. */ + + nss_expr_yyn = nss_expr_yyr1[nss_expr_yyn]; + + nss_expr_yystate = nss_expr_yypgoto[nss_expr_yyn - YYNTBASE] + *nss_expr_yyssp; + if (nss_expr_yystate >= 0 && nss_expr_yystate <= YYLAST && nss_expr_yycheck[nss_expr_yystate] == *nss_expr_yyssp) + nss_expr_yystate = nss_expr_yytable[nss_expr_yystate]; + else + nss_expr_yystate = nss_expr_yydefgoto[nss_expr_yyn - YYNTBASE]; + + goto nss_expr_yynewstate; + +nss_expr_yyerrlab: /* here on detecting error */ + + if (! nss_expr_yyerrstatus) + /* If not already recovering from an error, report this error. */ + { + ++nss_expr_yynerrs; + +#ifdef YYERROR_VERBOSE + nss_expr_yyn = nss_expr_yypact[nss_expr_yystate]; + + if (nss_expr_yyn > YYFLAG && nss_expr_yyn < YYLAST) + { + int size = 0; + char *msg; + int x, count; + + count = 0; + /* Start X at -nss_expr_yyn if nec to avoid negative indexes in nss_expr_yycheck. */ + for (x = (nss_expr_yyn < 0 ? -nss_expr_yyn : 0); + x < (sizeof(nss_expr_yytname) / sizeof(char *)); x++) + if (nss_expr_yycheck[x + nss_expr_yyn] == x) + size += strlen(nss_expr_yytname[x]) + 15, count++; + msg = (char *) malloc(size + 15); + if (msg != 0) + { + strcpy(msg, "parse error"); + + if (count < 5) + { + count = 0; + for (x = (nss_expr_yyn < 0 ? -nss_expr_yyn : 0); + x < (sizeof(nss_expr_yytname) / sizeof(char *)); x++) + if (nss_expr_yycheck[x + nss_expr_yyn] == x) + { + strcat(msg, count == 0 ? ", expecting `" : " or `"); + strcat(msg, nss_expr_yytname[x]); + strcat(msg, "'"); + count++; + } + } + nss_expr_yyerror(msg); + free(msg); + } + else + nss_expr_yyerror ("parse error; also virtual memory exceeded"); + } + else +#endif /* YYERROR_VERBOSE */ + nss_expr_yyerror("parse error"); + } + + goto nss_expr_yyerrlab1; +nss_expr_yyerrlab1: /* here on error raised explicitly by an action */ + + if (nss_expr_yyerrstatus == 3) + { + /* if just tried and failed to reuse lookahead token after an error, discard it. */ + + /* return failure if at end of input */ + if (nss_expr_yychar == YYEOF) + YYABORT; + +#if YYDEBUG != 0 + if (nss_expr_yydebug) + fprintf(stderr, "Discarding token %d (%s).\n", nss_expr_yychar, nss_expr_yytname[nss_expr_yychar1]); +#endif + + nss_expr_yychar = YYEMPTY; + } + + /* Else will try to reuse lookahead token + after shifting the error token. */ + + nss_expr_yyerrstatus = 3; /* Each real token shifted decrements this */ + + goto nss_expr_yyerrhandle; + +nss_expr_yyerrdefault: /* current state does not do anything special for the error token. */ + +#if 0 + /* This is wrong; only states that explicitly want error tokens + should shift them. */ + nss_expr_yyn = nss_expr_yydefact[nss_expr_yystate]; /* If its default is to accept any token, ok. Otherwise pop it.*/ + if (nss_expr_yyn) goto nss_expr_yydefault; +#endif + +nss_expr_yyerrpop: /* pop the current state because it cannot handle the error token */ + + if (nss_expr_yyssp == nss_expr_yyss) YYABORT; + nss_expr_yyvsp--; + nss_expr_yystate = *--nss_expr_yyssp; +#ifdef YYLSP_NEEDED + nss_expr_yylsp--; +#endif + +#if YYDEBUG != 0 + if (nss_expr_yydebug) + { + short *ssp1 = nss_expr_yyss - 1; + fprintf (stderr, "Error: state stack now"); + while (ssp1 != nss_expr_yyssp) + fprintf (stderr, " %d", *++ssp1); + fprintf (stderr, "\n"); + } +#endif + +nss_expr_yyerrhandle: + + nss_expr_yyn = nss_expr_yypact[nss_expr_yystate]; + if (nss_expr_yyn == YYFLAG) + goto nss_expr_yyerrdefault; + + nss_expr_yyn += YYTERROR; + if (nss_expr_yyn < 0 || nss_expr_yyn > YYLAST || nss_expr_yycheck[nss_expr_yyn] != YYTERROR) + goto nss_expr_yyerrdefault; + + nss_expr_yyn = nss_expr_yytable[nss_expr_yyn]; + if (nss_expr_yyn < 0) + { + if (nss_expr_yyn == YYFLAG) + goto nss_expr_yyerrpop; + nss_expr_yyn = -nss_expr_yyn; + goto nss_expr_yyreduce; + } + else if (nss_expr_yyn == 0) + goto nss_expr_yyerrpop; + + if (nss_expr_yyn == YYFINAL) + YYACCEPT; + +#if YYDEBUG != 0 + if (nss_expr_yydebug) + fprintf(stderr, "Shifting error token, "); +#endif + + *++nss_expr_yyvsp = nss_expr_yylval; +#ifdef YYLSP_NEEDED + *++nss_expr_yylsp = nss_expr_yylloc; +#endif + + nss_expr_yystate = nss_expr_yyn; + goto nss_expr_yynewstate; + + nss_expr_yyacceptlab: + /* YYACCEPT comes here. */ + if (nss_expr_yyfree_stacks) + { + free (nss_expr_yyss); + free (nss_expr_yyvs); +#ifdef YYLSP_NEEDED + free (nss_expr_yyls); +#endif + } + return 0; + + nss_expr_yyabortlab: + /* YYABORT comes here. */ + if (nss_expr_yyfree_stacks) + { + free (nss_expr_yyss); + free (nss_expr_yyvs); +#ifdef YYLSP_NEEDED + free (nss_expr_yyls); +#endif + } + return 1; +} +#line 128 "nss_expr_parse.y" + + +int nss_expr_yyerror(char *s) +{ + nss_expr_error = s; + return 2; +} + diff --git a/nss_expr_parse.h b/nss_expr_parse.h new file mode 100644 index 0000000..09adf01 --- /dev/null +++ b/nss_expr_parse.h @@ -0,0 +1,27 @@ +typedef union { + char *cpVal; + nss_expr *exVal; +} YYSTYPE; +#define T_TRUE 257 +#define T_FALSE 258 +#define T_DIGIT 259 +#define T_ID 260 +#define T_STRING 261 +#define T_REGEX 262 +#define T_REGEX_I 263 +#define T_FUNC_FILE 264 +#define T_OP_EQ 265 +#define T_OP_NE 266 +#define T_OP_LT 267 +#define T_OP_LE 268 +#define T_OP_GT 269 +#define T_OP_GE 270 +#define T_OP_REG 271 +#define T_OP_NRE 272 +#define T_OP_IN 273 +#define T_OP_OR 274 +#define T_OP_AND 275 +#define T_OP_NOT 276 + + +extern YYSTYPE nss_expr_yylval; diff --git a/nss_expr_parse.y b/nss_expr_parse.y new file mode 100644 index 0000000..9ee1a1a --- /dev/null +++ b/nss_expr_parse.y @@ -0,0 +1,135 @@ +/* Copyright 2001-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* _________________________________________________________________ +** +** Expression Parser +** _________________________________________________________________ +*/ + +%{ +#include "mod_nss.h" +%} + +%union { + char *cpVal; + nss_expr *exVal; +} + +%token T_TRUE +%token T_FALSE + +%token T_DIGIT +%token T_ID +%token T_STRING +%token T_REGEX +%token T_REGEX_I + +%token T_FUNC_FILE + +%token T_OP_EQ +%token T_OP_NE +%token T_OP_LT +%token T_OP_LE +%token T_OP_GT +%token T_OP_GE +%token T_OP_REG +%token T_OP_NRE +%token T_OP_IN + +%token T_OP_OR +%token T_OP_AND +%token T_OP_NOT + +%left T_OP_OR +%left T_OP_AND +%left T_OP_NOT + +%type expr +%type comparison +%type funccall +%type regex +%type words +%type word + +%% + +root : expr { nss_expr_info.expr = $1; } + ; + +expr : T_TRUE { $$ = nss_expr_make(op_True, NULL, NULL); } + | T_FALSE { $$ = nss_expr_make(op_False, NULL, NULL); } + | T_OP_NOT expr { $$ = nss_expr_make(op_Not, $2, NULL); } + | expr T_OP_OR expr { $$ = nss_expr_make(op_Or, $1, $3); } + | expr T_OP_AND expr { $$ = nss_expr_make(op_And, $1, $3); } + | comparison { $$ = nss_expr_make(op_Comp, $1, NULL); } + | '(' expr ')' { $$ = $2; } + ; + +comparison: word T_OP_EQ word { $$ = nss_expr_make(op_EQ, $1, $3); } + | word T_OP_NE word { $$ = nss_expr_make(op_NE, $1, $3); } + | word T_OP_LT word { $$ = nss_expr_make(op_LT, $1, $3); } + | word T_OP_LE word { $$ = nss_expr_make(op_LE, $1, $3); } + | word T_OP_GT word { $$ = nss_expr_make(op_GT, $1, $3); } + | word T_OP_GE word { $$ = nss_expr_make(op_GE, $1, $3); } + | word T_OP_IN '{' words '}' { $$ = nss_expr_make(op_IN, $1, $4); } + | word T_OP_REG regex { $$ = nss_expr_make(op_REG, $1, $3); } + | word T_OP_NRE regex { $$ = nss_expr_make(op_NRE, $1, $3); } + ; + +words : word { $$ = nss_expr_make(op_ListElement, $1, NULL); } + | words ',' word { $$ = nss_expr_make(op_ListElement, $3, $1); } + ; + +word : T_DIGIT { $$ = nss_expr_make(op_Digit, $1, NULL); } + | T_STRING { $$ = nss_expr_make(op_String, $1, NULL); } + | '%' '{' T_ID '}' { $$ = nss_expr_make(op_Var, $3, NULL); } + | funccall { $$ = $1; } + ; + +regex : T_REGEX { + regex_t *regex; + if ((regex = ap_pregcomp(nss_expr_info.pool, $1, + REG_EXTENDED|REG_NOSUB)) == NULL) { + nss_expr_error = "Failed to compile regular expression"; + YYERROR; + } + $$ = nss_expr_make(op_Regex, regex, NULL); + } + | T_REGEX_I { + regex_t *regex; + if ((regex = ap_pregcomp(nss_expr_info.pool, $1, + REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) { + nss_expr_error = "Failed to compile regular expression"; + YYERROR; + } + $$ = nss_expr_make(op_Regex, regex, NULL); + } + ; + +funccall : T_FUNC_FILE '(' T_STRING ')' { + nss_expr *args = nss_expr_make(op_ListElement, $3, NULL); + $$ = nss_expr_make(op_Func, "file", args); + } + ; + +%% + +int yyerror(char *s) +{ + nss_expr_error = s; + return 2; +} + diff --git a/nss_expr_scan.c b/nss_expr_scan.c new file mode 100644 index 0000000..490ff54 --- /dev/null +++ b/nss_expr_scan.c @@ -0,0 +1,1949 @@ +#define yy_create_buffer nss_expr_yy_create_buffer +#define yy_delete_buffer nss_expr_yy_delete_buffer +#define yy_scan_buffer nss_expr_yy_scan_buffer +#define yy_scan_string nss_expr_yy_scan_string +#define yy_scan_bytes nss_expr_yy_scan_bytes +#define yy_flex_debug nss_expr_yy_flex_debug +#define yy_init_buffer nss_expr_yy_init_buffer +#define yy_flush_buffer nss_expr_yy_flush_buffer +#define yy_load_buffer_state nss_expr_yy_load_buffer_state +#define yy_switch_to_buffer nss_expr_yy_switch_to_buffer +#define yyin nss_expr_yyin +#define yyleng nss_expr_yyleng +#define yylex nss_expr_yylex +#define yyout nss_expr_yyout +#define yyrestart nss_expr_yyrestart +#define yytext nss_expr_yytext + +/* A lexical scanner generated by flex */ + +/* Scanner skeleton version: + */ + +#define FLEX_SCANNER +#define YY_FLEX_MAJOR_VERSION 2 +#define YY_FLEX_MINOR_VERSION 5 + +#include +#include + + +/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ +#ifdef c_plusplus +#ifndef __cplusplus +#define __cplusplus +#endif +#endif + + +#ifdef __cplusplus + +#include + +/* Use prototypes in function declarations. */ +#define YY_USE_PROTOS + +/* The "const" storage-class-modifier is valid. */ +#define YY_USE_CONST + +#else /* ! __cplusplus */ + +#if __STDC__ + +#define YY_USE_PROTOS +#define YY_USE_CONST + +#endif /* __STDC__ */ +#endif /* ! __cplusplus */ + +#ifdef __TURBOC__ + #pragma warn -rch + #pragma warn -use +#include +#include +#define YY_USE_CONST +#define YY_USE_PROTOS +#endif + +#ifdef YY_USE_CONST +#define yyconst const +#else +#define yyconst +#endif + + +#ifdef YY_USE_PROTOS +#define YY_PROTO(proto) proto +#else +#define YY_PROTO(proto) () +#endif + +/* Returned upon end-of-file. */ +#define YY_NULL 0 + +/* Promotes a possibly negative, possibly signed char to an unsigned + * integer for use as an array index. If the signed char is negative, + * we want to instead treat it as an 8-bit unsigned char, hence the + * double cast. + */ +#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) + +/* Enter a start condition. This macro really ought to take a parameter, + * but we do it the disgusting crufty way forced on us by the ()-less + * definition of BEGIN. + */ +#define BEGIN yy_start = 1 + 2 * + +/* Translate the current start state into a value that can be later handed + * to BEGIN to return to the state. The YYSTATE alias is for lex + * compatibility. + */ +#define YY_START ((yy_start - 1) / 2) +#define YYSTATE YY_START + +/* Action number for EOF rule of a given start state. */ +#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) + +/* Special action meaning "start processing a new file". */ +#define YY_NEW_FILE yyrestart( yyin ) + +#define YY_END_OF_BUFFER_CHAR 0 + +/* Size of default input buffer. */ +#define YY_BUF_SIZE 16384 + +typedef struct yy_buffer_state *YY_BUFFER_STATE; + +extern int yyleng; +extern FILE *yyin, *yyout; + +#define EOB_ACT_CONTINUE_SCAN 0 +#define EOB_ACT_END_OF_FILE 1 +#define EOB_ACT_LAST_MATCH 2 + +/* The funky do-while in the following #define is used to turn the definition + * int a single C statement (which needs a semi-colon terminator). This + * avoids problems with code like: + * + * if ( condition_holds ) + * yyless( 5 ); + * else + * do_something_else(); + * + * Prior to using the do-while the compiler would get upset at the + * "else" because it interpreted the "if" statement as being all + * done when it reached the ';' after the yyless() call. + */ + +/* Return all but the first 'n' matched characters back to the input stream. */ + +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + *yy_cp = yy_hold_char; \ + YY_RESTORE_YY_MORE_OFFSET \ + yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ + YY_DO_BEFORE_ACTION; /* set up yytext again */ \ + } \ + while ( 0 ) + +#define unput(c) yyunput( c, yytext_ptr ) + +/* The following is because we cannot portably get our hands on size_t + * (without autoconf's help, which isn't available because we want + * flex-generated scanners to compile on their own). + */ +typedef unsigned int yy_size_t; + + +struct yy_buffer_state + { + FILE *yy_input_file; + + char *yy_ch_buf; /* input buffer */ + char *yy_buf_pos; /* current position in input buffer */ + + /* Size of input buffer in bytes, not including room for EOB + * characters. + */ + yy_size_t yy_buf_size; + + /* Number of characters read into yy_ch_buf, not including EOB + * characters. + */ + int yy_n_chars; + + /* Whether we "own" the buffer - i.e., we know we created it, + * and can realloc() it to grow it, and should free() it to + * delete it. + */ + int yy_is_our_buffer; + + /* Whether this is an "interactive" input source; if so, and + * if we're using stdio for input, then we want to use getc() + * instead of fread(), to make sure we stop fetching input after + * each newline. + */ + int yy_is_interactive; + + /* Whether we're considered to be at the beginning of a line. + * If so, '^' rules will be active on the next match, otherwise + * not. + */ + int yy_at_bol; + + /* Whether to try to fill the input buffer when we reach the + * end of it. + */ + int yy_fill_buffer; + + int yy_buffer_status; +#define YY_BUFFER_NEW 0 +#define YY_BUFFER_NORMAL 1 + /* When an EOF's been seen but there's still some text to process + * then we mark the buffer as YY_EOF_PENDING, to indicate that we + * shouldn't try reading from the input source any more. We might + * still have a bunch of tokens to match, though, because of + * possible backing-up. + * + * When we actually see the EOF, we change the status to "new" + * (via yyrestart()), so that the user can continue scanning by + * just pointing yyin at a new input file. + */ +#define YY_BUFFER_EOF_PENDING 2 + }; + +static YY_BUFFER_STATE yy_current_buffer = 0; + +/* We provide macros for accessing buffer states in case in the + * future we want to put the buffer states in a more general + * "scanner state". + */ +#define YY_CURRENT_BUFFER yy_current_buffer + + +/* yy_hold_char holds the character lost when yytext is formed. */ +static char yy_hold_char; + +static int yy_n_chars; /* number of characters read into yy_ch_buf */ + + +int yyleng; + +/* Points to current character in buffer. */ +static char *yy_c_buf_p = (char *) 0; +static int yy_init = 1; /* whether we need to initialize */ +static int yy_start = 0; /* start state number */ + +/* Flag which is used to allow yywrap()'s to do buffer switches + * instead of setting up a fresh yyin. A bit of a hack ... + */ +static int yy_did_buffer_switch_on_eof; + +void yyrestart YY_PROTO(( FILE *input_file )); + +void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); +void yy_load_buffer_state YY_PROTO(( void )); +YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); +void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); +void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); +void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); +#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) + +YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); +YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); +YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); + +static void *yy_flex_alloc YY_PROTO(( yy_size_t )); +static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); +static void yy_flex_free YY_PROTO(( void * )); + +#define yy_new_buffer yy_create_buffer + +#define yy_set_interactive(is_interactive) \ + { \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_is_interactive = is_interactive; \ + } + +#define yy_set_bol(at_bol) \ + { \ + if ( ! yy_current_buffer ) \ + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ + yy_current_buffer->yy_at_bol = at_bol; \ + } + +#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) + + +#define yywrap() 1 +#define YY_SKIP_YYWRAP +typedef unsigned char YY_CHAR; +FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; +typedef int yy_state_type; +extern char *yytext; +#define yytext_ptr yytext + +static yy_state_type yy_get_previous_state YY_PROTO(( void )); +static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); +static int yy_get_next_buffer YY_PROTO(( void )); +static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); + +/* Done after the current pattern has been matched and before the + * corresponding action - sets up yytext. + */ +#define YY_DO_BEFORE_ACTION \ + yytext_ptr = yy_bp; \ + yyleng = (int) (yy_cp - yy_bp); \ + yy_hold_char = *yy_cp; \ + *yy_cp = '\0'; \ + yy_c_buf_p = yy_cp; + +#define YY_NUM_RULES 46 +#define YY_END_OF_BUFFER 47 +static yyconst short int yy_accept[86] = + { 0, + 0, 0, 0, 0, 0, 0, 0, 0, 47, 45, + 1, 38, 2, 45, 43, 24, 45, 28, 44, 44, + 44, 44, 44, 44, 44, 44, 44, 44, 44, 45, + 13, 4, 3, 14, 16, 18, 17, 1, 22, 32, + 34, 43, 26, 20, 31, 30, 44, 44, 19, 44, + 44, 29, 27, 39, 25, 23, 15, 15, 21, 44, + 35, 44, 36, 13, 12, 5, 6, 10, 11, 7, + 8, 9, 33, 44, 44, 37, 44, 5, 6, 44, + 40, 41, 5, 42, 0 + } ; + +static yyconst int yy_ec[256] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 2, 4, 5, 1, 1, 1, 6, 1, 1, + 1, 1, 1, 1, 7, 1, 1, 8, 8, 8, + 8, 8, 8, 8, 8, 9, 9, 7, 1, 10, + 11, 12, 1, 1, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, + 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, + 1, 14, 1, 1, 7, 1, 15, 16, 13, 17, + + 18, 19, 20, 13, 21, 13, 13, 22, 23, 24, + 25, 13, 26, 27, 28, 29, 30, 13, 13, 13, + 13, 13, 1, 31, 1, 32, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1 + } ; + +static yyconst int yy_meta[33] = + { 0, + 1, 1, 2, 1, 3, 1, 4, 4, 4, 1, + 1, 1, 4, 3, 4, 4, 4, 4, 4, 4, + 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, + 1, 1 + } ; + +static yyconst short int yy_base[93] = + { 0, + 0, 0, 30, 31, 0, 0, 82, 81, 101, 142, + 35, 28, 142, 94, 32, 88, 31, 87, 0, 69, + 66, 28, 28, 67, 29, 63, 30, 63, 62, 57, + 0, 142, 142, 88, 142, 142, 142, 48, 142, 142, + 142, 44, 142, 142, 142, 142, 0, 70, 0, 64, + 63, 0, 0, 0, 0, 0, 142, 0, 0, 55, + 0, 46, 142, 0, 142, 53, 62, 142, 142, 142, + 142, 142, 0, 44, 48, 0, 41, 70, 72, 38, + 0, 0, 74, 0, 142, 117, 121, 125, 50, 129, + 133, 137 + + } ; + +static yyconst short int yy_def[93] = + { 0, + 85, 1, 86, 86, 87, 87, 88, 88, 85, 85, + 85, 85, 85, 85, 85, 85, 85, 85, 89, 89, + 89, 89, 89, 89, 89, 90, 89, 89, 89, 85, + 91, 85, 85, 92, 85, 85, 85, 85, 85, 85, + 85, 85, 85, 85, 85, 85, 89, 89, 89, 89, + 89, 89, 89, 89, 89, 89, 85, 89, 89, 89, + 89, 89, 85, 91, 85, 85, 85, 85, 85, 85, + 85, 85, 89, 89, 89, 89, 89, 85, 85, 89, + 89, 89, 85, 89, 0, 85, 85, 85, 85, 85, + 85, 85 + + } ; + +static yyconst short int yy_nxt[175] = + { 0, + 10, 11, 11, 12, 13, 14, 10, 15, 15, 16, + 17, 18, 19, 10, 20, 19, 19, 21, 22, 23, + 24, 25, 26, 27, 28, 19, 19, 19, 29, 19, + 30, 10, 32, 32, 33, 33, 38, 38, 39, 42, + 42, 44, 50, 34, 34, 52, 55, 59, 51, 38, + 38, 42, 42, 47, 60, 84, 53, 56, 82, 40, + 78, 79, 45, 57, 57, 81, 57, 57, 57, 79, + 79, 80, 57, 57, 57, 77, 57, 83, 79, 79, + 79, 79, 79, 76, 75, 74, 73, 63, 62, 61, + 54, 49, 48, 57, 57, 66, 67, 46, 43, 41, + + 85, 37, 37, 68, 85, 85, 69, 85, 85, 85, + 85, 70, 85, 85, 71, 85, 72, 31, 31, 31, + 31, 35, 35, 35, 35, 36, 36, 36, 36, 58, + 85, 58, 58, 64, 85, 85, 64, 65, 65, 65, + 65, 9, 85, 85, 85, 85, 85, 85, 85, 85, + 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, + 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, + 85, 85, 85, 85 + } ; + +static yyconst short int yy_chk[175] = + { 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 3, 4, 3, 4, 11, 11, 12, 15, + 15, 17, 22, 3, 4, 23, 25, 27, 22, 38, + 38, 42, 42, 89, 27, 80, 23, 25, 77, 12, + 66, 66, 17, 26, 26, 75, 26, 26, 26, 67, + 67, 74, 26, 26, 26, 62, 26, 78, 78, 79, + 79, 83, 83, 60, 51, 50, 48, 30, 29, 28, + 24, 21, 20, 26, 26, 34, 34, 18, 16, 14, + + 9, 8, 7, 34, 0, 0, 34, 0, 0, 0, + 0, 34, 0, 0, 34, 0, 34, 86, 86, 86, + 86, 87, 87, 87, 87, 88, 88, 88, 88, 90, + 0, 90, 90, 91, 0, 0, 91, 92, 92, 92, + 92, 85, 85, 85, 85, 85, 85, 85, 85, 85, + 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, + 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, + 85, 85, 85, 85 + } ; + +static yy_state_type yy_last_accepting_state; +static char *yy_last_accepting_cpos; + +/* The intent behind this definition is that it'll catch + * any uses of REJECT which flex missed. + */ +#define REJECT reject_used_but_not_detected +#define yymore() yymore_used_but_not_detected +#define YY_MORE_ADJ 0 +#define YY_RESTORE_YY_MORE_OFFSET +char *yytext; +#line 1 "nss_expr_scan.l" +#define INITIAL 0 +/* Copyright 2001-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* _________________________________________________________________ +** +** Expression Scanner +** _________________________________________________________________ +*/ +#line 23 "nss_expr_scan.l" +#include "mod_nss.h" + +#include "nss_expr_parse.h" + +#define YY_NO_UNPUT 1 +int yyinput(char *buf, int max_size); + +#undef YY_INPUT +#define YY_INPUT(buf,result,max_size) \ + (result = yyinput(buf, max_size)) + +#define MAX_STR_LEN 2048 +/* %option stack */ +#define YY_NEVER_INTERACTIVE 1 +#define str 1 + +#define regex 2 +#define regex_flags 3 + +#line 489 "lex.nss_expr_yy.c" + +/* Macros after this point can all be overridden by user definitions in + * section 1. + */ + +#ifndef YY_SKIP_YYWRAP +#ifdef __cplusplus +extern "C" int yywrap YY_PROTO(( void )); +#else +extern int yywrap YY_PROTO(( void )); +#endif +#endif + +#ifndef YY_NO_UNPUT +static void yyunput YY_PROTO(( int c, char *buf_ptr )); +#endif + +#ifndef yytext_ptr +static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); +#endif + +#ifdef YY_NEED_STRLEN +static int yy_flex_strlen YY_PROTO(( yyconst char * )); +#endif + +#ifndef YY_NO_INPUT +#ifdef __cplusplus +static int yyinput YY_PROTO(( void )); +#else +static int input YY_PROTO(( void )); +#endif +#endif + +#if YY_STACK_USED +static int yy_start_stack_ptr = 0; +static int yy_start_stack_depth = 0; +static int *yy_start_stack = 0; +#ifndef YY_NO_PUSH_STATE +static void yy_push_state YY_PROTO(( int new_state )); +#endif +#ifndef YY_NO_POP_STATE +static void yy_pop_state YY_PROTO(( void )); +#endif +#ifndef YY_NO_TOP_STATE +static int yy_top_state YY_PROTO(( void )); +#endif + +#else +#define YY_NO_PUSH_STATE 1 +#define YY_NO_POP_STATE 1 +#define YY_NO_TOP_STATE 1 +#endif + +#ifdef YY_MALLOC_DECL +YY_MALLOC_DECL +#else +#if __STDC__ +#ifndef __cplusplus +#include +#endif +#else +/* Just try to get by without declaring the routines. This will fail + * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) + * or sizeof(void*) != sizeof(int). + */ +#endif +#endif + +/* Amount of stuff to slurp up with each read. */ +#ifndef YY_READ_BUF_SIZE +#define YY_READ_BUF_SIZE 8192 +#endif + +/* Copy whatever the last rule matched to the standard output. */ + +#ifndef ECHO +/* This used to be an fputs(), but since the string might contain NUL's, + * we now use fwrite(). + */ +#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) +#endif + +/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, + * is returned in "result". + */ +#ifndef YY_INPUT +#define YY_INPUT(buf,result,max_size) \ + if ( yy_current_buffer->yy_is_interactive ) \ + { \ + int c = '*', n; \ + for ( n = 0; n < max_size && \ + (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ + buf[n] = (char) c; \ + if ( c == '\n' ) \ + buf[n++] = (char) c; \ + if ( c == EOF && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); \ + result = n; \ + } \ + else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ + && ferror( yyin ) ) \ + YY_FATAL_ERROR( "input in flex scanner failed" ); +#endif + +/* No semi-colon after return; correct usage is to write "yyterminate();" - + * we don't want an extra ';' after the "return" because that will cause + * some compilers to complain about unreachable statements. + */ +#ifndef yyterminate +#define yyterminate() return YY_NULL +#endif + +/* Number of entries by which start-condition stack grows. */ +#ifndef YY_START_STACK_INCR +#define YY_START_STACK_INCR 25 +#endif + +/* Report a fatal error. */ +#ifndef YY_FATAL_ERROR +#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) +#endif + +/* Default declaration of generated scanner - a define so the user can + * easily add parameters. + */ +#ifndef YY_DECL +#define YY_DECL int yylex YY_PROTO(( void )) +#endif + +/* Code executed at the beginning of each rule, after yytext and yyleng + * have been set up. + */ +#ifndef YY_USER_ACTION +#define YY_USER_ACTION +#endif + +/* Code executed at the end of each rule. */ +#ifndef YY_BREAK +#define YY_BREAK break; +#endif + +#define YY_RULE_SETUP \ + YY_USER_ACTION + +YY_DECL + { + register yy_state_type yy_current_state; + register char *yy_cp = NULL, *yy_bp = NULL; + register int yy_act; + +#line 44 "nss_expr_scan.l" + + + char caStr[MAX_STR_LEN]; + char *cpStr = NULL; + char caRegex[MAX_STR_LEN]; + char *cpRegex = NULL; + char cRegexDel = NUL; + + /* + * Whitespaces + */ +#line 652 "lex.nss_expr_yy.c" + + if ( yy_init ) + { + yy_init = 0; + +#ifdef YY_USER_INIT + YY_USER_INIT; +#endif + + if ( ! yy_start ) + yy_start = 1; /* first start state */ + + if ( ! yyin ) + yyin = stdin; + + if ( ! yyout ) + yyout = stdout; + + if ( ! yy_current_buffer ) + yy_current_buffer = + yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_load_buffer_state(); + } + + while ( 1 ) /* loops until end-of-file is reached */ + { + yy_cp = yy_c_buf_p; + + /* Support of yytext. */ + *yy_cp = yy_hold_char; + + /* yy_bp points to the position in yy_ch_buf of the start of + * the current run. + */ + yy_bp = yy_cp; + + yy_current_state = yy_start; +yy_match: + do + { + register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + if ( yy_accept[yy_current_state] ) + { + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 86 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + ++yy_cp; + } + while ( yy_current_state != 85 ); + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; + +yy_find_action: + yy_act = yy_accept[yy_current_state]; + + YY_DO_BEFORE_ACTION; + + +do_action: /* This label is used only to access EOF actions. */ + + + switch ( yy_act ) + { /* beginning of action switch */ + case 0: /* must back up */ + /* undo the effects of YY_DO_BEFORE_ACTION */ + *yy_cp = yy_hold_char; + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; + goto yy_find_action; + +case 1: +YY_RULE_SETUP +#line 55 "nss_expr_scan.l" +{ + /* NOP */ +} + YY_BREAK +/* + * C-style strings ("...") + */ +case 2: +YY_RULE_SETUP +#line 62 "nss_expr_scan.l" +{ + cpStr = caStr; + BEGIN(str); +} + YY_BREAK +case 3: +YY_RULE_SETUP +#line 66 "nss_expr_scan.l" +{ + BEGIN(INITIAL); + *cpStr = NUL; + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caStr); + return T_STRING; +} + YY_BREAK +case 4: +YY_RULE_SETUP +#line 72 "nss_expr_scan.l" +{ + yyerror("Unterminated string"); +} + YY_BREAK +case 5: +YY_RULE_SETUP +#line 75 "nss_expr_scan.l" +{ + int result; + + (void)sscanf(yytext+1, "%o", &result); + if (result > 0xff) + yyerror("Escape sequence out of bound"); + else + *cpStr++ = result; +} + YY_BREAK +case 6: +YY_RULE_SETUP +#line 84 "nss_expr_scan.l" +{ + yyerror("Bad escape sequence"); +} + YY_BREAK +case 7: +YY_RULE_SETUP +#line 87 "nss_expr_scan.l" +{ *cpStr++ = '\n'; } + YY_BREAK +case 8: +YY_RULE_SETUP +#line 88 "nss_expr_scan.l" +{ *cpStr++ = '\r'; } + YY_BREAK +case 9: +YY_RULE_SETUP +#line 89 "nss_expr_scan.l" +{ *cpStr++ = '\t'; } + YY_BREAK +case 10: +YY_RULE_SETUP +#line 90 "nss_expr_scan.l" +{ *cpStr++ = '\b'; } + YY_BREAK +case 11: +YY_RULE_SETUP +#line 91 "nss_expr_scan.l" +{ *cpStr++ = '\f'; } + YY_BREAK +case 12: +YY_RULE_SETUP +#line 92 "nss_expr_scan.l" +{ + *cpStr++ = yytext[1]; +} + YY_BREAK +case 13: +YY_RULE_SETUP +#line 95 "nss_expr_scan.l" +{ + char *cp = yytext; + while (*cp != NUL) + *cpStr++ = *cp++; +} + YY_BREAK +case 14: +YY_RULE_SETUP +#line 100 "nss_expr_scan.l" +{ + *cpStr++ = yytext[1]; +} + YY_BREAK +/* + * Regular Expression + */ +case 15: +YY_RULE_SETUP +#line 107 "nss_expr_scan.l" +{ + cRegexDel = yytext[1]; + cpRegex = caRegex; + BEGIN(regex); +} + YY_BREAK +case 16: +YY_RULE_SETUP +#line 112 "nss_expr_scan.l" +{ + if (yytext[0] == cRegexDel) { + *cpRegex = NUL; + BEGIN(regex_flags); + } + else { + *cpRegex++ = yytext[0]; + } +} + YY_BREAK +case 17: +YY_RULE_SETUP +#line 121 "nss_expr_scan.l" +{ + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex); + BEGIN(INITIAL); + return T_REGEX_I; +} + YY_BREAK +case 18: +YY_RULE_SETUP +#line 126 "nss_expr_scan.l" +{ + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex); + yyless(0); + BEGIN(INITIAL); + return T_REGEX; +} + YY_BREAK +case YY_STATE_EOF(regex_flags): +#line 132 "nss_expr_scan.l" +{ + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex); + BEGIN(INITIAL); + return T_REGEX; +} + YY_BREAK +/* + * Operators + */ +case 19: +YY_RULE_SETUP +#line 141 "nss_expr_scan.l" +{ return T_OP_EQ; } + YY_BREAK +case 20: +YY_RULE_SETUP +#line 142 "nss_expr_scan.l" +{ return T_OP_EQ; } + YY_BREAK +case 21: +YY_RULE_SETUP +#line 143 "nss_expr_scan.l" +{ return T_OP_NE; } + YY_BREAK +case 22: +YY_RULE_SETUP +#line 144 "nss_expr_scan.l" +{ return T_OP_NE; } + YY_BREAK +case 23: +YY_RULE_SETUP +#line 145 "nss_expr_scan.l" +{ return T_OP_LT; } + YY_BREAK +case 24: +YY_RULE_SETUP +#line 146 "nss_expr_scan.l" +{ return T_OP_LT; } + YY_BREAK +case 25: +YY_RULE_SETUP +#line 147 "nss_expr_scan.l" +{ return T_OP_LE; } + YY_BREAK +case 26: +YY_RULE_SETUP +#line 148 "nss_expr_scan.l" +{ return T_OP_LE; } + YY_BREAK +case 27: +YY_RULE_SETUP +#line 149 "nss_expr_scan.l" +{ return T_OP_GT; } + YY_BREAK +case 28: +YY_RULE_SETUP +#line 150 "nss_expr_scan.l" +{ return T_OP_GT; } + YY_BREAK +case 29: +YY_RULE_SETUP +#line 151 "nss_expr_scan.l" +{ return T_OP_GE; } + YY_BREAK +case 30: +YY_RULE_SETUP +#line 152 "nss_expr_scan.l" +{ return T_OP_GE; } + YY_BREAK +case 31: +YY_RULE_SETUP +#line 153 "nss_expr_scan.l" +{ return T_OP_REG; } + YY_BREAK +case 32: +YY_RULE_SETUP +#line 154 "nss_expr_scan.l" +{ return T_OP_NRE; } + YY_BREAK +case 33: +YY_RULE_SETUP +#line 155 "nss_expr_scan.l" +{ return T_OP_AND; } + YY_BREAK +case 34: +YY_RULE_SETUP +#line 156 "nss_expr_scan.l" +{ return T_OP_AND; } + YY_BREAK +case 35: +YY_RULE_SETUP +#line 157 "nss_expr_scan.l" +{ return T_OP_OR; } + YY_BREAK +case 36: +YY_RULE_SETUP +#line 158 "nss_expr_scan.l" +{ return T_OP_OR; } + YY_BREAK +case 37: +YY_RULE_SETUP +#line 159 "nss_expr_scan.l" +{ return T_OP_NOT; } + YY_BREAK +case 38: +YY_RULE_SETUP +#line 160 "nss_expr_scan.l" +{ return T_OP_NOT; } + YY_BREAK +case 39: +YY_RULE_SETUP +#line 161 "nss_expr_scan.l" +{ return T_OP_IN; } + YY_BREAK +/* + * Functions + */ +case 40: +YY_RULE_SETUP +#line 166 "nss_expr_scan.l" +{ return T_FUNC_FILE; } + YY_BREAK +/* + * Specials + */ +case 41: +YY_RULE_SETUP +#line 171 "nss_expr_scan.l" +{ return T_TRUE; } + YY_BREAK +case 42: +YY_RULE_SETUP +#line 172 "nss_expr_scan.l" +{ return T_FALSE; } + YY_BREAK +/* + * Digits + */ +case 43: +YY_RULE_SETUP +#line 177 "nss_expr_scan.l" +{ + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext); + return T_DIGIT; +} + YY_BREAK +/* + * Identifiers + */ +case 44: +YY_RULE_SETUP +#line 185 "nss_expr_scan.l" +{ + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext); + return T_ID; +} + YY_BREAK +/* + * Anything else is returned as is... + */ +case 45: +YY_RULE_SETUP +#line 193 "nss_expr_scan.l" +{ + return yytext[0]; +} + YY_BREAK +case 46: +YY_RULE_SETUP +#line 197 "nss_expr_scan.l" +YY_FATAL_ERROR( "flex scanner jammed" ); + YY_BREAK +#line 1052 "lex.nss_expr_yy.c" +case YY_STATE_EOF(INITIAL): +case YY_STATE_EOF(str): +case YY_STATE_EOF(regex): + yyterminate(); + + case YY_END_OF_BUFFER: + { + /* Amount of text matched not including the EOB char. */ + int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; + + /* Undo the effects of YY_DO_BEFORE_ACTION. */ + *yy_cp = yy_hold_char; + YY_RESTORE_YY_MORE_OFFSET + + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) + { + /* We're scanning a new file or input source. It's + * possible that this happened because the user + * just pointed yyin at a new source and called + * yylex(). If so, then we have to assure + * consistency between yy_current_buffer and our + * globals. Here is the right place to do so, because + * this is the first action (other than possibly a + * back-up) that will match for the new input source. + */ + yy_n_chars = yy_current_buffer->yy_n_chars; + yy_current_buffer->yy_input_file = yyin; + yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; + } + + /* Note that here we test for yy_c_buf_p "<=" to the position + * of the first EOB in the buffer, since yy_c_buf_p will + * already have been incremented past the NUL character + * (since all states make transitions on EOB to the + * end-of-buffer state). Contrast this with the test + * in input(). + */ + if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + { /* This was really a NUL. */ + yy_state_type yy_next_state; + + yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state(); + + /* Okay, we're now positioned to make the NUL + * transition. We couldn't have + * yy_get_previous_state() go ahead and do it + * for us because it doesn't know how to deal + * with the possibility of jamming (and we don't + * want to build jamming into it because then it + * will run more slowly). + */ + + yy_next_state = yy_try_NUL_trans( yy_current_state ); + + yy_bp = yytext_ptr + YY_MORE_ADJ; + + if ( yy_next_state ) + { + /* Consume the NUL. */ + yy_cp = ++yy_c_buf_p; + yy_current_state = yy_next_state; + goto yy_match; + } + + else + { + yy_cp = yy_last_accepting_cpos; + yy_current_state = yy_last_accepting_state; + goto yy_find_action; + } + } + + else switch ( yy_get_next_buffer() ) + { + case EOB_ACT_END_OF_FILE: + { + yy_did_buffer_switch_on_eof = 0; + + if ( yywrap() ) + { + /* Note: because we've taken care in + * yy_get_next_buffer() to have set up + * yytext, we can now set up + * yy_c_buf_p so that if some total + * hoser (like flex itself) wants to + * call the scanner after we return the + * YY_NULL, it'll still work - another + * YY_NULL will get returned. + */ + yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; + + yy_act = YY_STATE_EOF(YY_START); + goto do_action; + } + + else + { + if ( ! yy_did_buffer_switch_on_eof ) + YY_NEW_FILE; + } + break; + } + + case EOB_ACT_CONTINUE_SCAN: + yy_c_buf_p = + yytext_ptr + yy_amount_of_matched_text; + + yy_current_state = yy_get_previous_state(); + + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; + goto yy_match; + + case EOB_ACT_LAST_MATCH: + yy_c_buf_p = + &yy_current_buffer->yy_ch_buf[yy_n_chars]; + + yy_current_state = yy_get_previous_state(); + + yy_cp = yy_c_buf_p; + yy_bp = yytext_ptr + YY_MORE_ADJ; + goto yy_find_action; + } + break; + } + + default: + YY_FATAL_ERROR( + "fatal flex scanner internal error--no action found" ); + } /* end of action switch */ + } /* end of scanning one token */ + } /* end of yylex */ + + +/* yy_get_next_buffer - try to read in a new buffer + * + * Returns a code representing an action: + * EOB_ACT_LAST_MATCH - + * EOB_ACT_CONTINUE_SCAN - continue scanning from current position + * EOB_ACT_END_OF_FILE - end of file + */ + +static int yy_get_next_buffer() + { + register char *dest = yy_current_buffer->yy_ch_buf; + register char *source = yytext_ptr; + register int number_to_move, i; + int ret_val; + + if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) + YY_FATAL_ERROR( + "fatal flex scanner internal error--end of buffer missed" ); + + if ( yy_current_buffer->yy_fill_buffer == 0 ) + { /* Don't try to fill the buffer, so this is an EOF. */ + if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) + { + /* We matched a single character, the EOB, so + * treat this as a final EOF. + */ + return EOB_ACT_END_OF_FILE; + } + + else + { + /* We matched some text prior to the EOB, first + * process it. + */ + return EOB_ACT_LAST_MATCH; + } + } + + /* Try to read more data. */ + + /* First move last chars to start of buffer. */ + number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; + + for ( i = 0; i < number_to_move; ++i ) + *(dest++) = *(source++); + + if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) + /* don't do the read, it's not guaranteed to return an EOF, + * just force an EOF + */ + yy_current_buffer->yy_n_chars = yy_n_chars = 0; + + else + { + int num_to_read = + yy_current_buffer->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) + { /* Not enough room in the buffer - grow it. */ +#ifdef YY_USES_REJECT + YY_FATAL_ERROR( +"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); +#else + + /* just a shorter name for the current buffer */ + YY_BUFFER_STATE b = yy_current_buffer; + + int yy_c_buf_p_offset = + (int) (yy_c_buf_p - b->yy_ch_buf); + + if ( b->yy_is_our_buffer ) + { + int new_size = b->yy_buf_size * 2; + + if ( new_size <= 0 ) + b->yy_buf_size += b->yy_buf_size / 8; + else + b->yy_buf_size *= 2; + + b->yy_ch_buf = (char *) + /* Include room in for 2 EOB chars. */ + yy_flex_realloc( (void *) b->yy_ch_buf, + b->yy_buf_size + 2 ); + } + else + /* Can't grow it, we don't own it. */ + b->yy_ch_buf = 0; + + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( + "fatal error - scanner input buffer overflow" ); + + yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; + + num_to_read = yy_current_buffer->yy_buf_size - + number_to_move - 1; +#endif + } + + if ( num_to_read > YY_READ_BUF_SIZE ) + num_to_read = YY_READ_BUF_SIZE; + + /* Read in more data. */ + YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), + yy_n_chars, num_to_read ); + + yy_current_buffer->yy_n_chars = yy_n_chars; + } + + if ( yy_n_chars == 0 ) + { + if ( number_to_move == YY_MORE_ADJ ) + { + ret_val = EOB_ACT_END_OF_FILE; + yyrestart( yyin ); + } + + else + { + ret_val = EOB_ACT_LAST_MATCH; + yy_current_buffer->yy_buffer_status = + YY_BUFFER_EOF_PENDING; + } + } + + else + ret_val = EOB_ACT_CONTINUE_SCAN; + + yy_n_chars += number_to_move; + yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; + yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; + + yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; + + return ret_val; + } + + +/* yy_get_previous_state - get the state just before the EOB char was reached */ + +static yy_state_type yy_get_previous_state() + { + register yy_state_type yy_current_state; + register char *yy_cp; + + yy_current_state = yy_start; + + for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) + { + register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + if ( yy_accept[yy_current_state] ) + { + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 86 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + } + + return yy_current_state; + } + + +/* yy_try_NUL_trans - try to make a transition on the NUL character + * + * synopsis + * next_state = yy_try_NUL_trans( current_state ); + */ + +#ifdef YY_USE_PROTOS +static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) +#else +static yy_state_type yy_try_NUL_trans( yy_current_state ) +yy_state_type yy_current_state; +#endif + { + register int yy_is_jam; + register char *yy_cp = yy_c_buf_p; + + register YY_CHAR yy_c = 1; + if ( yy_accept[yy_current_state] ) + { + yy_last_accepting_state = yy_current_state; + yy_last_accepting_cpos = yy_cp; + } + while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) + { + yy_current_state = (int) yy_def[yy_current_state]; + if ( yy_current_state >= 86 ) + yy_c = yy_meta[(unsigned int) yy_c]; + } + yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_is_jam = (yy_current_state == 85); + + return yy_is_jam ? 0 : yy_current_state; + } + + +#ifndef YY_NO_UNPUT +#ifdef YY_USE_PROTOS +static void yyunput( int c, register char *yy_bp ) +#else +static void yyunput( c, yy_bp ) +int c; +register char *yy_bp; +#endif + { + register char *yy_cp = yy_c_buf_p; + + /* undo effects of setting up yytext */ + *yy_cp = yy_hold_char; + + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + { /* need to shift things up to make room */ + /* +2 for EOB chars. */ + register int number_to_move = yy_n_chars + 2; + register char *dest = &yy_current_buffer->yy_ch_buf[ + yy_current_buffer->yy_buf_size + 2]; + register char *source = + &yy_current_buffer->yy_ch_buf[number_to_move]; + + while ( source > yy_current_buffer->yy_ch_buf ) + *--dest = *--source; + + yy_cp += (int) (dest - source); + yy_bp += (int) (dest - source); + yy_current_buffer->yy_n_chars = + yy_n_chars = yy_current_buffer->yy_buf_size; + + if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) + YY_FATAL_ERROR( "flex scanner push-back overflow" ); + } + + *--yy_cp = (char) c; + + + yytext_ptr = yy_bp; + yy_hold_char = *yy_cp; + yy_c_buf_p = yy_cp; + } +#endif /* ifndef YY_NO_UNPUT */ + + +#ifdef __cplusplus +static int yyinput() +#else +static int input() +#endif + { + int c; + + *yy_c_buf_p = yy_hold_char; + + if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) + { + /* yy_c_buf_p now points to the character we want to return. + * If this occurs *before* the EOB characters, then it's a + * valid NUL; if not, then we've hit the end of the buffer. + */ + if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) + /* This was really a NUL. */ + *yy_c_buf_p = '\0'; + + else + { /* need more input */ + int offset = yy_c_buf_p - yytext_ptr; + ++yy_c_buf_p; + + switch ( yy_get_next_buffer() ) + { + case EOB_ACT_LAST_MATCH: + /* This happens because yy_g_n_b() + * sees that we've accumulated a + * token and flags that we need to + * try matching the token before + * proceeding. But for input(), + * there's no matching to consider. + * So convert the EOB_ACT_LAST_MATCH + * to EOB_ACT_END_OF_FILE. + */ + + /* Reset buffer status. */ + yyrestart( yyin ); + + /* fall through */ + + case EOB_ACT_END_OF_FILE: + { + if ( yywrap() ) + return EOF; + + if ( ! yy_did_buffer_switch_on_eof ) + YY_NEW_FILE; +#ifdef __cplusplus + return yyinput(); +#else + return input(); +#endif + } + + case EOB_ACT_CONTINUE_SCAN: + yy_c_buf_p = yytext_ptr + offset; + break; + } + } + } + + c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ + *yy_c_buf_p = '\0'; /* preserve yytext */ + yy_hold_char = *++yy_c_buf_p; + + + return c; + } + + +#ifdef YY_USE_PROTOS +void yyrestart( FILE *input_file ) +#else +void yyrestart( input_file ) +FILE *input_file; +#endif + { + if ( ! yy_current_buffer ) + yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); + + yy_init_buffer( yy_current_buffer, input_file ); + yy_load_buffer_state(); + } + + +#ifdef YY_USE_PROTOS +void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) +#else +void yy_switch_to_buffer( new_buffer ) +YY_BUFFER_STATE new_buffer; +#endif + { + if ( yy_current_buffer == new_buffer ) + return; + + if ( yy_current_buffer ) + { + /* Flush out information for old buffer. */ + *yy_c_buf_p = yy_hold_char; + yy_current_buffer->yy_buf_pos = yy_c_buf_p; + yy_current_buffer->yy_n_chars = yy_n_chars; + } + + yy_current_buffer = new_buffer; + yy_load_buffer_state(); + + /* We don't actually know whether we did this switch during + * EOF (yywrap()) processing, but the only time this flag + * is looked at is after yywrap() is called, so it's safe + * to go ahead and always set it. + */ + yy_did_buffer_switch_on_eof = 1; + } + + +#ifdef YY_USE_PROTOS +void yy_load_buffer_state( void ) +#else +void yy_load_buffer_state() +#endif + { + yy_n_chars = yy_current_buffer->yy_n_chars; + yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; + yyin = yy_current_buffer->yy_input_file; + yy_hold_char = *yy_c_buf_p; + } + + +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) +#else +YY_BUFFER_STATE yy_create_buffer( file, size ) +FILE *file; +int size; +#endif + { + YY_BUFFER_STATE b; + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_buf_size = size; + + /* yy_ch_buf has to be 2 characters longer than the size given because + * we need to put in 2 end-of-buffer characters. + */ + b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); + if ( ! b->yy_ch_buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + + b->yy_is_our_buffer = 1; + + yy_init_buffer( b, file ); + + return b; + } + + +#ifdef YY_USE_PROTOS +void yy_delete_buffer( YY_BUFFER_STATE b ) +#else +void yy_delete_buffer( b ) +YY_BUFFER_STATE b; +#endif + { + if ( ! b ) + return; + + if ( b == yy_current_buffer ) + yy_current_buffer = (YY_BUFFER_STATE) 0; + + if ( b->yy_is_our_buffer ) + yy_flex_free( (void *) b->yy_ch_buf ); + + yy_flex_free( (void *) b ); + } + + + +#ifdef YY_USE_PROTOS +void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) +#else +void yy_init_buffer( b, file ) +YY_BUFFER_STATE b; +FILE *file; +#endif + + + { + yy_flush_buffer( b ); + + b->yy_input_file = file; + b->yy_fill_buffer = 1; + +#if YY_ALWAYS_INTERACTIVE + b->yy_is_interactive = 1; +#else +#if YY_NEVER_INTERACTIVE + b->yy_is_interactive = 0; +#else + b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; +#endif +#endif + } + + +#ifdef YY_USE_PROTOS +void yy_flush_buffer( YY_BUFFER_STATE b ) +#else +void yy_flush_buffer( b ) +YY_BUFFER_STATE b; +#endif + + { + if ( ! b ) + return; + + b->yy_n_chars = 0; + + /* We always need two end-of-buffer characters. The first causes + * a transition to the end-of-buffer state. The second causes + * a jam in that state. + */ + b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; + b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; + + b->yy_buf_pos = &b->yy_ch_buf[0]; + + b->yy_at_bol = 1; + b->yy_buffer_status = YY_BUFFER_NEW; + + if ( b == yy_current_buffer ) + yy_load_buffer_state(); + } + + +#ifndef YY_NO_SCAN_BUFFER +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) +#else +YY_BUFFER_STATE yy_scan_buffer( base, size ) +char *base; +yy_size_t size; +#endif + { + YY_BUFFER_STATE b; + + if ( size < 2 || + base[size-2] != YY_END_OF_BUFFER_CHAR || + base[size-1] != YY_END_OF_BUFFER_CHAR ) + /* They forgot to leave room for the EOB's. */ + return 0; + + b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); + if ( ! b ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); + + b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ + b->yy_buf_pos = b->yy_ch_buf = base; + b->yy_is_our_buffer = 0; + b->yy_input_file = 0; + b->yy_n_chars = b->yy_buf_size; + b->yy_is_interactive = 0; + b->yy_at_bol = 1; + b->yy_fill_buffer = 0; + b->yy_buffer_status = YY_BUFFER_NEW; + + yy_switch_to_buffer( b ); + + return b; + } +#endif + + +#ifndef YY_NO_SCAN_STRING +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) +#else +YY_BUFFER_STATE yy_scan_string( yy_str ) +yyconst char *yy_str; +#endif + { + int len; + for ( len = 0; yy_str[len]; ++len ) + ; + + return yy_scan_bytes( yy_str, len ); + } +#endif + + +#ifndef YY_NO_SCAN_BYTES +#ifdef YY_USE_PROTOS +YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) +#else +YY_BUFFER_STATE yy_scan_bytes( bytes, len ) +yyconst char *bytes; +int len; +#endif + { + YY_BUFFER_STATE b; + char *buf; + yy_size_t n; + int i; + + /* Get memory for full buffer, including space for trailing EOB's. */ + n = len + 2; + buf = (char *) yy_flex_alloc( n ); + if ( ! buf ) + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); + + for ( i = 0; i < len; ++i ) + buf[i] = bytes[i]; + + buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; + + b = yy_scan_buffer( buf, n ); + if ( ! b ) + YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); + + /* It's okay to grow etc. this buffer, and we should throw it + * away when we're done. + */ + b->yy_is_our_buffer = 1; + + return b; + } +#endif + + +#ifndef YY_NO_PUSH_STATE +#ifdef YY_USE_PROTOS +static void yy_push_state( int new_state ) +#else +static void yy_push_state( new_state ) +int new_state; +#endif + { + if ( yy_start_stack_ptr >= yy_start_stack_depth ) + { + yy_size_t new_size; + + yy_start_stack_depth += YY_START_STACK_INCR; + new_size = yy_start_stack_depth * sizeof( int ); + + if ( ! yy_start_stack ) + yy_start_stack = (int *) yy_flex_alloc( new_size ); + + else + yy_start_stack = (int *) yy_flex_realloc( + (void *) yy_start_stack, new_size ); + + if ( ! yy_start_stack ) + YY_FATAL_ERROR( + "out of memory expanding start-condition stack" ); + } + + yy_start_stack[yy_start_stack_ptr++] = YY_START; + + BEGIN(new_state); + } +#endif + + +#ifndef YY_NO_POP_STATE +static void yy_pop_state() + { + if ( --yy_start_stack_ptr < 0 ) + YY_FATAL_ERROR( "start-condition stack underflow" ); + + BEGIN(yy_start_stack[yy_start_stack_ptr]); + } +#endif + + +#ifndef YY_NO_TOP_STATE +static int yy_top_state() + { + return yy_start_stack[yy_start_stack_ptr - 1]; + } +#endif + +#ifndef YY_EXIT_FAILURE +#define YY_EXIT_FAILURE 2 +#endif + +#ifdef YY_USE_PROTOS +static void yy_fatal_error( yyconst char msg[] ) +#else +static void yy_fatal_error( msg ) +char msg[]; +#endif + { + (void) fprintf( stderr, "%s\n", msg ); + exit( YY_EXIT_FAILURE ); + } + + + +/* Redefine yyless() so it works in section 3 code. */ + +#undef yyless +#define yyless(n) \ + do \ + { \ + /* Undo effects of setting up yytext. */ \ + yytext[yyleng] = yy_hold_char; \ + yy_c_buf_p = yytext + n; \ + yy_hold_char = *yy_c_buf_p; \ + *yy_c_buf_p = '\0'; \ + yyleng = n; \ + } \ + while ( 0 ) + + +/* Internal utility routines. */ + +#ifndef yytext_ptr +#ifdef YY_USE_PROTOS +static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) +#else +static void yy_flex_strncpy( s1, s2, n ) +char *s1; +yyconst char *s2; +int n; +#endif + { + register int i; + for ( i = 0; i < n; ++i ) + s1[i] = s2[i]; + } +#endif + +#ifdef YY_NEED_STRLEN +#ifdef YY_USE_PROTOS +static int yy_flex_strlen( yyconst char *s ) +#else +static int yy_flex_strlen( s ) +yyconst char *s; +#endif + { + register int n; + for ( n = 0; s[n]; ++n ) + ; + + return n; + } +#endif + + +#ifdef YY_USE_PROTOS +static void *yy_flex_alloc( yy_size_t size ) +#else +static void *yy_flex_alloc( size ) +yy_size_t size; +#endif + { + return (void *) malloc( size ); + } + +#ifdef YY_USE_PROTOS +static void *yy_flex_realloc( void *ptr, yy_size_t size ) +#else +static void *yy_flex_realloc( ptr, size ) +void *ptr; +yy_size_t size; +#endif + { + /* The cast to (char *) in the following accommodates both + * implementations that use char* generic pointers, and those + * that use void* generic pointers. It works with the latter + * because both ANSI C and C++ allow castless assignment from + * any pointer type to void*, and deal with argument conversions + * as though doing an assignment. + */ + return (void *) realloc( (char *) ptr, size ); + } + +#ifdef YY_USE_PROTOS +static void yy_flex_free( void *ptr ) +#else +static void yy_flex_free( ptr ) +void *ptr; +#endif + { + free( ptr ); + } + +#if YY_MAIN +int main() + { + yylex(); + return 0; + } +#endif +#line 197 "nss_expr_scan.l" + + +int yyinput(char *buf, int max_size) +{ + int n; + + if ((n = MIN(max_size, nss_expr_info.inputbuf + + nss_expr_info.inputlen + - nss_expr_info.inputptr)) <= 0) + return YY_NULL; + memcpy(buf, nss_expr_info.inputptr, n); + nss_expr_info.inputptr += n; + return n; +} + diff --git a/nss_expr_scan.l b/nss_expr_scan.l new file mode 100644 index 0000000..e237de2 --- /dev/null +++ b/nss_expr_scan.l @@ -0,0 +1,211 @@ +/* Copyright 2001-2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* _________________________________________________________________ +** +** Expression Scanner +** _________________________________________________________________ +*/ + +%{ +#include "mod_nss.h" + +#include "nss_expr_parse.h" + +#define YY_NO_UNPUT 1 +int yyinput(char *buf, int max_size); + +#undef YY_INPUT +#define YY_INPUT(buf,result,max_size) \ + (result = yyinput(buf, max_size)) + +#define MAX_STR_LEN 2048 +%} + +%pointer +/* %option stack */ +%option never-interactive +%option noyywrap +%x str +%x regex regex_flags + +%% + + char caStr[MAX_STR_LEN]; + char *cpStr = NULL; + char caRegex[MAX_STR_LEN]; + char *cpRegex = NULL; + char cRegexDel = NUL; + + /* + * Whitespaces + */ +[ \t\n]+ { + /* NOP */ +} + + /* + * C-style strings ("...") + */ +\" { + cpStr = caStr; + BEGIN(str); +} +\" { + BEGIN(INITIAL); + *cpStr = NUL; + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caStr); + return T_STRING; +} +\n { + yyerror("Unterminated string"); +} +\\[0-7]{1,3} { + int result; + + (void)sscanf(yytext+1, "%o", &result); + if (result > 0xff) + yyerror("Escape sequence out of bound"); + else + *cpStr++ = result; +} +\\[0-9]+ { + yyerror("Bad escape sequence"); +} +\\n { *cpStr++ = '\n'; } +\\r { *cpStr++ = '\r'; } +\\t { *cpStr++ = '\t'; } +\\b { *cpStr++ = '\b'; } +\\f { *cpStr++ = '\f'; } +\\(.|\n) { + *cpStr++ = yytext[1]; +} +[^\\\n\"]+ { + char *cp = yytext; + while (*cp != NUL) + *cpStr++ = *cp++; +} +. { + *cpStr++ = yytext[1]; +} + + /* + * Regular Expression + */ +"m". { + cRegexDel = yytext[1]; + cpRegex = caRegex; + BEGIN(regex); +} +.|\n { + if (yytext[0] == cRegexDel) { + *cpRegex = NUL; + BEGIN(regex_flags); + } + else { + *cpRegex++ = yytext[0]; + } +} +i { + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex); + BEGIN(INITIAL); + return T_REGEX_I; +} +.|\n { + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex); + yyless(0); + BEGIN(INITIAL); + return T_REGEX; +} +<> { + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, caRegex); + BEGIN(INITIAL); + return T_REGEX; +} + + /* + * Operators + */ +"eq" { return T_OP_EQ; } +"==" { return T_OP_EQ; } +"ne" { return T_OP_NE; } +"!=" { return T_OP_NE; } +"lt" { return T_OP_LT; } +"<" { return T_OP_LT; } +"le" { return T_OP_LE; } +"<=" { return T_OP_LE; } +"gt" { return T_OP_GT; } +">" { return T_OP_GT; } +"ge" { return T_OP_GE; } +">=" { return T_OP_GE; } +"=~" { return T_OP_REG; } +"!~" { return T_OP_NRE; } +"and" { return T_OP_AND; } +"&&" { return T_OP_AND; } +"or" { return T_OP_OR; } +"||" { return T_OP_OR; } +"not" { return T_OP_NOT; } +"!" { return T_OP_NOT; } +"in" { return T_OP_IN; } + + /* + * Functions + */ +"file" { return T_FUNC_FILE; } + + /* + * Specials + */ +"true" { return T_TRUE; } +"false" { return T_FALSE; } + + /* + * Digits + */ +[0-9]+ { + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext); + return T_DIGIT; +} + + /* + * Identifiers + */ +[a-zA-Z][a-zA-Z0-9_:-]* { + yylval.cpVal = apr_pstrdup(nss_expr_info.pool, yytext); + return T_ID; +} + + /* + * Anything else is returned as is... + */ +.|\n { + return yytext[0]; +} + +%% + +int yyinput(char *buf, int max_size) +{ + int n; + + if ((n = MIN(max_size, nss_expr_info.inputbuf + + nss_expr_info.inputlen + - nss_expr_info.inputptr)) <= 0) + return YY_NULL; + memcpy(buf, nss_expr_info.inputptr, n); + nss_expr_info.inputptr += n; + return n; +} + diff --git a/nss_util.c b/nss_util.c index 502964c..2a5b91c 100644 --- a/nss_util.c +++ b/nss_util.c @@ -24,7 +24,7 @@ ** _________________________________________________________________ */ -char *ssl_util_vhostid(apr_pool_t *p, server_rec *s) +char *nss_util_vhostid(apr_pool_t *p, server_rec *s) { char *id; SSLSrvConfigRec *sc; @@ -45,24 +45,24 @@ char *ssl_util_vhostid(apr_pool_t *p, server_rec *s) return id; } -void ssl_util_strupper(char *s) +void nss_util_strupper(char *s) { for (; *s; ++s) *s = apr_toupper(*s); return; } -static const char ssl_util_uuencode_six2pr[64+1] = +static const char nss_util_uuencode_six2pr[64+1] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -void ssl_util_uuencode(char *szTo, const char *szFrom, BOOL bPad) +void nss_util_uuencode(char *szTo, const char *szFrom, BOOL bPad) { - ssl_util_uuencode_binary((unsigned char *)szTo, + nss_util_uuencode_binary((unsigned char *)szTo, (const unsigned char *)szFrom, strlen(szFrom), bPad); } -void ssl_util_uuencode_binary(unsigned char *szTo, +void nss_util_uuencode_binary(unsigned char *szTo, const unsigned char *szFrom, int nLength, BOOL bPad) { @@ -70,18 +70,18 @@ void ssl_util_uuencode_binary(unsigned char *szTo, int nPad = 0; for (s = szFrom; nLength > 0; s += 3) { - *szTo++ = ssl_util_uuencode_six2pr[s[0] >> 2]; - *szTo++ = ssl_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f]; + *szTo++ = nss_util_uuencode_six2pr[s[0] >> 2]; + *szTo++ = nss_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f]; if (--nLength == 0) { nPad = 2; break; } - *szTo++ = ssl_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f]; + *szTo++ = nss_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f]; if (--nLength == 0) { nPad = 1; break; } - *szTo++ = ssl_util_uuencode_six2pr[s[2] & 0x3f]; + *szTo++ = nss_util_uuencode_six2pr[s[2] & 0x3f]; --nLength; } while(bPad && nPad--) { @@ -91,7 +91,7 @@ void ssl_util_uuencode_binary(unsigned char *szTo, return; } -apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd, +apr_file_t *nss_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd, const char * const *argv) { apr_procattr_t *procattr; @@ -114,7 +114,7 @@ apr_file_t *ssl_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd, return proc->out; } -void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp) +void nss_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp) { apr_file_close(fp); return; @@ -123,7 +123,7 @@ void ssl_util_ppclose(server_rec *s, apr_pool_t *p, apr_file_t *fp) /* * Run a filter program and read the first line of its stdout output */ -char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd, +char *nss_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd, const char * const *argv) { static char buf[MAX_STRING_LEN]; @@ -132,7 +132,7 @@ char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd, char c; int k; - if ((fp = ssl_util_ppopen(s, p, cmd, argv)) == NULL) + if ((fp = nss_util_ppopen(s, p, cmd, argv)) == NULL) return NULL; /* XXX: we are reading 1 byte at a time here */ for (k = 0; apr_file_read(fp, &c, &nbytes) == APR_SUCCESS @@ -142,7 +142,7 @@ char *ssl_util_readfilter(server_rec *s, apr_pool_t *p, const char *cmd, buf[k++] = c; } buf[k] = NUL; - ssl_util_ppclose(s, p, fp); + nss_util_ppclose(s, p, fp); return buf; } diff --git a/ssl_expr_parse.c b/ssl_expr_parse.c deleted file mode 100644 index 2eed2a0..0000000 --- a/ssl_expr_parse.c +++ /dev/null @@ -1,1079 +0,0 @@ - -/* A Bison parser, made from ssl_expr_parse.y - by GNU Bison version 1.28 */ - -#define YYBISON 1 /* Identify Bison output. */ - -#define T_TRUE 257 -#define T_FALSE 258 -#define T_DIGIT 259 -#define T_ID 260 -#define T_STRING 261 -#define T_REGEX 262 -#define T_REGEX_I 263 -#define T_FUNC_FILE 264 -#define T_OP_EQ 265 -#define T_OP_NE 266 -#define T_OP_LT 267 -#define T_OP_LE 268 -#define T_OP_GT 269 -#define T_OP_GE 270 -#define T_OP_REG 271 -#define T_OP_NRE 272 -#define T_OP_IN 273 -#define T_OP_OR 274 -#define T_OP_AND 275 -#define T_OP_NOT 276 - -#line 34 "ssl_expr_parse.y" - -#include "mod_nss.h" - -#line 38 "ssl_expr_parse.y" -typedef union { - char *cpVal; - ssl_expr *exVal; -} YYSTYPE; -#include - -#ifndef __cplusplus -#ifndef __STDC__ -#define const -#endif -#endif - - - -#define YYFINAL 53 -#define YYFLAG -32768 -#define YYNTBASE 29 - -#define YYTRANSLATE(x) ((unsigned)(x) <= 276 ? ssl_expr_yytranslate[x] : 36) - -static const char ssl_expr_yytranslate[] = { 0, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 28, 2, 2, 23, - 24, 2, 2, 27, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 25, 2, 26, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 1, 3, 4, 5, 6, - 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, - 17, 18, 19, 20, 21, 22 -}; - -#if YYDEBUG != 0 -static const short ssl_expr_yyprhs[] = { 0, - 0, 2, 4, 6, 9, 13, 17, 19, 23, 27, - 31, 35, 39, 43, 47, 53, 57, 61, 63, 67, - 69, 71, 76, 78, 80, 82 -}; - -static const short ssl_expr_yyrhs[] = { 30, - 0, 3, 0, 4, 0, 22, 30, 0, 30, 20, - 30, 0, 30, 21, 30, 0, 31, 0, 23, 30, - 24, 0, 33, 11, 33, 0, 33, 12, 33, 0, - 33, 13, 33, 0, 33, 14, 33, 0, 33, 15, - 33, 0, 33, 16, 33, 0, 33, 19, 25, 32, - 26, 0, 33, 17, 34, 0, 33, 18, 34, 0, - 33, 0, 32, 27, 33, 0, 5, 0, 7, 0, - 28, 25, 6, 26, 0, 35, 0, 8, 0, 9, - 0, 10, 23, 7, 24, 0 -}; - -#endif - -#if YYDEBUG != 0 -static const short ssl_expr_yyrline[] = { 0, - 81, 84, 85, 86, 87, 88, 89, 90, 93, 94, - 95, 96, 97, 98, 99, 100, 101, 104, 105, 108, - 109, 110, 111, 114, 123, 134 -}; -#endif - - -#if YYDEBUG != 0 || defined (YYERROR_VERBOSE) - -static const char * const ssl_expr_yytname[] = { "$","error","$undefined.","T_TRUE", -"T_FALSE","T_DIGIT","T_ID","T_STRING","T_REGEX","T_REGEX_I","T_FUNC_FILE","T_OP_EQ", -"T_OP_NE","T_OP_LT","T_OP_LE","T_OP_GT","T_OP_GE","T_OP_REG","T_OP_NRE","T_OP_IN", -"T_OP_OR","T_OP_AND","T_OP_NOT","'('","')'","'{'","'}'","','","'%'","root","expr", -"comparison","words","word","regex","funccall", NULL -}; -#endif - -static const short ssl_expr_yyr1[] = { 0, - 29, 30, 30, 30, 30, 30, 30, 30, 31, 31, - 31, 31, 31, 31, 31, 31, 31, 32, 32, 33, - 33, 33, 33, 34, 34, 35 -}; - -static const short ssl_expr_yyr2[] = { 0, - 1, 1, 1, 2, 3, 3, 1, 3, 3, 3, - 3, 3, 3, 3, 5, 3, 3, 1, 3, 1, - 1, 4, 1, 1, 1, 4 -}; - -static const short ssl_expr_yydefact[] = { 0, - 2, 3, 20, 21, 0, 0, 0, 0, 1, 7, - 0, 23, 0, 4, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 8, 0, - 5, 6, 9, 10, 11, 12, 13, 14, 24, 25, - 16, 17, 0, 26, 22, 0, 18, 15, 0, 19, - 0, 0, 0 -}; - -static const short ssl_expr_yydefgoto[] = { 51, - 9, 10, 46, 11, 41, 12 -}; - -static const short ssl_expr_yypact[] = { 3, --32768,-32768,-32768,-32768, -11, 3, 3, -10, 0,-32768, - 22,-32768, 16,-32768, -2, 23, 3, 3, 4, 4, - 4, 4, 4, 4, 34, 34, 21, 24,-32768, 25, - 26,-32768,-32768,-32768,-32768,-32768,-32768,-32768,-32768,-32768, --32768,-32768, 4,-32768,-32768, 18,-32768,-32768, 4,-32768, - 49, 50,-32768 -}; - -static const short ssl_expr_yypgoto[] = {-32768, - 10,-32768,-32768, -19, 27,-32768 -}; - - -#define YYLAST 53 - - -static const short ssl_expr_yytable[] = { 33, - 34, 35, 36, 37, 38, 1, 2, 3, 3, 4, - 4, 13, 5, 5, 16, 14, 15, 17, 18, 17, - 18, 29, 28, 47, 6, 7, 31, 32, 30, 50, - 8, 8, 19, 20, 21, 22, 23, 24, 25, 26, - 27, 39, 40, 48, 49, 43, 18, 44, 52, 53, - 45, 0, 42 -}; - -static const short ssl_expr_yycheck[] = { 19, - 20, 21, 22, 23, 24, 3, 4, 5, 5, 7, - 7, 23, 10, 10, 25, 6, 7, 20, 21, 20, - 21, 24, 7, 43, 22, 23, 17, 18, 6, 49, - 28, 28, 11, 12, 13, 14, 15, 16, 17, 18, - 19, 8, 9, 26, 27, 25, 21, 24, 0, 0, - 26, -1, 26 -}; -/* -*-C-*- Note some compilers choke on comments on `#line' lines. */ -#line 3 "/usr/lib/bison.simple" -/* This file comes from bison-1.28. */ - -/* Skeleton output parser for bison, - Copyright (C) 1984, 1989, 1990 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ - -/* As a special exception, when this file is copied by Bison into a - Bison output file, you may use that output file without restriction. - This special exception was added by the Free Software Foundation - in version 1.24 of Bison. */ - -/* This is the parser code that is written into each bison parser - when the %semantic_parser declaration is not specified in the grammar. - It was written by Richard Stallman by simplifying the hairy parser - used when %semantic_parser is specified. */ - -#ifndef YYSTACK_USE_ALLOCA -#ifdef alloca -#define YYSTACK_USE_ALLOCA -#else /* alloca not defined */ -#ifdef __GNUC__ -#define YYSTACK_USE_ALLOCA -#define alloca __builtin_alloca -#else /* not GNU C. */ -#if (!defined (__STDC__) && defined (sparc)) || defined (__sparc__) || defined (__sparc) || defined (__sgi) || (defined (__sun) && defined (__i386)) -#define YYSTACK_USE_ALLOCA -#include -#else /* not sparc */ -/* We think this test detects Watcom and Microsoft C. */ -/* This used to test MSDOS, but that is a bad idea - since that symbol is in the user namespace. */ -#if (defined (_MSDOS) || defined (_MSDOS_)) && !defined (__TURBOC__) -#if 0 /* No need for malloc.h, which pollutes the namespace; - instead, just don't use alloca. */ -#include -#endif -#else /* not MSDOS, or __TURBOC__ */ -#if defined(_AIX) -/* I don't know what this was needed for, but it pollutes the namespace. - So I turned it off. rms, 2 May 1997. */ -/* #include */ - #pragma alloca -#define YYSTACK_USE_ALLOCA -#else /* not MSDOS, or __TURBOC__, or _AIX */ -#if 0 -#ifdef __hpux /* haible@ilog.fr says this works for HPUX 9.05 and up, - and on HPUX 10. Eventually we can turn this on. */ -#define YYSTACK_USE_ALLOCA -#define alloca __builtin_alloca -#endif /* __hpux */ -#endif -#endif /* not _AIX */ -#endif /* not MSDOS, or __TURBOC__ */ -#endif /* not sparc */ -#endif /* not GNU C */ -#endif /* alloca not defined */ -#endif /* YYSTACK_USE_ALLOCA not defined */ - -#ifdef YYSTACK_USE_ALLOCA -#define YYSTACK_ALLOC alloca -#else -#define YYSTACK_ALLOC malloc -#endif - -/* Note: there must be only one dollar sign in this file. - It is replaced by the list of actions, each action - as one case of the switch. */ - -#define ssl_expr_yyerrok (ssl_expr_yyerrstatus = 0) -#define ssl_expr_yyclearin (ssl_expr_yychar = YYEMPTY) -#define YYEMPTY -2 -#define YYEOF 0 -#define YYACCEPT goto ssl_expr_yyacceptlab -#define YYABORT goto ssl_expr_yyabortlab -#define YYERROR goto ssl_expr_yyerrlab1 -/* Like YYERROR except do call ssl_expr_yyerror. - This remains here temporarily to ease the - transition to the new meaning of YYERROR, for GCC. - Once GCC version 2 has supplanted version 1, this can go. */ -#define YYFAIL goto ssl_expr_yyerrlab -#define YYRECOVERING() (!!ssl_expr_yyerrstatus) -#define YYBACKUP(token, value) \ -do \ - if (ssl_expr_yychar == YYEMPTY && ssl_expr_yylen == 1) \ - { ssl_expr_yychar = (token), ssl_expr_yylval = (value); \ - ssl_expr_yychar1 = YYTRANSLATE (ssl_expr_yychar); \ - YYPOPSTACK; \ - goto ssl_expr_yybackup; \ - } \ - else \ - { ssl_expr_yyerror ("syntax error: cannot back up"); YYERROR; } \ -while (0) - -#define YYTERROR 1 -#define YYERRCODE 256 - -#ifndef YYPURE -#define YYLEX ssl_expr_yylex() -#endif - -#ifdef YYPURE -#ifdef YYLSP_NEEDED -#ifdef YYLEX_PARAM -#define YYLEX ssl_expr_yylex(&ssl_expr_yylval, &ssl_expr_yylloc, YYLEX_PARAM) -#else -#define YYLEX ssl_expr_yylex(&ssl_expr_yylval, &ssl_expr_yylloc) -#endif -#else /* not YYLSP_NEEDED */ -#ifdef YYLEX_PARAM -#define YYLEX ssl_expr_yylex(&ssl_expr_yylval, YYLEX_PARAM) -#else -#define YYLEX ssl_expr_yylex(&ssl_expr_yylval) -#endif -#endif /* not YYLSP_NEEDED */ -#endif - -/* If nonreentrant, generate the variables here */ - -#ifndef YYPURE - -int ssl_expr_yychar; /* the lookahead symbol */ -YYSTYPE ssl_expr_yylval; /* the semantic value of the */ - /* lookahead symbol */ - -#ifdef YYLSP_NEEDED -YYLTYPE ssl_expr_yylloc; /* location data for the lookahead */ - /* symbol */ -#endif - -int ssl_expr_yynerrs; /* number of parse errors so far */ -#endif /* not YYPURE */ - -#if YYDEBUG != 0 -int ssl_expr_yydebug; /* nonzero means print parse trace */ -/* Since this is uninitialized, it does not stop multiple parsers - from coexisting. */ -#endif - -/* YYINITDEPTH indicates the initial size of the parser's stacks */ - -#ifndef YYINITDEPTH -#define YYINITDEPTH 200 -#endif - -/* YYMAXDEPTH is the maximum size the stacks can grow to - (effective only if the built-in stack extension method is used). */ - -#if YYMAXDEPTH == 0 -#undef YYMAXDEPTH -#endif - -#ifndef YYMAXDEPTH -#define YYMAXDEPTH 10000 -#endif - -/* Define __ssl_expr_yy_memcpy. Note that the size argument - should be passed with type unsigned int, because that is what the non-GCC - definitions require. With GCC, __builtin_memcpy takes an arg - of type size_t, but it can handle unsigned int. */ - -#if __GNUC__ > 1 /* GNU C and GNU C++ define this. */ -#define __ssl_expr_yy_memcpy(TO,FROM,COUNT) __builtin_memcpy(TO,FROM,COUNT) -#else /* not GNU C or C++ */ -#ifndef __cplusplus - -/* This is the most reliable way to avoid incompatibilities - in available built-in functions on various systems. */ -static void -__ssl_expr_yy_memcpy (to, from, count) - char *to; - char *from; - unsigned int count; -{ - register char *f = from; - register char *t = to; - register int i = count; - - while (i-- > 0) - *t++ = *f++; -} - -#else /* __cplusplus */ - -/* This is the most reliable way to avoid incompatibilities - in available built-in functions on various systems. */ -static void -__ssl_expr_yy_memcpy (char *to, char *from, unsigned int count) -{ - register char *t = to; - register char *f = from; - register int i = count; - - while (i-- > 0) - *t++ = *f++; -} - -#endif -#endif - -#line 217 "/usr/lib/bison.simple" - -/* The user can define YYPARSE_PARAM as the name of an argument to be passed - into ssl_expr_yyparse. The argument should have type void *. - It should actually point to an object. - Grammar actions can access the variable by casting it - to the proper pointer type. */ - -#ifdef YYPARSE_PARAM -#ifdef __cplusplus -#define YYPARSE_PARAM_ARG void *YYPARSE_PARAM -#define YYPARSE_PARAM_DECL -#else /* not __cplusplus */ -#define YYPARSE_PARAM_ARG YYPARSE_PARAM -#define YYPARSE_PARAM_DECL void *YYPARSE_PARAM; -#endif /* not __cplusplus */ -#else /* not YYPARSE_PARAM */ -#define YYPARSE_PARAM_ARG -#define YYPARSE_PARAM_DECL -#endif /* not YYPARSE_PARAM */ - -/* Prevent warning if -Wstrict-prototypes. */ -#ifdef __GNUC__ -#ifdef YYPARSE_PARAM -int ssl_expr_yyparse (void *); -#else -int ssl_expr_yyparse (void); -#endif -#endif - -int -ssl_expr_yyparse(YYPARSE_PARAM_ARG) - YYPARSE_PARAM_DECL -{ - register int ssl_expr_yystate; - register int ssl_expr_yyn; - register short *ssl_expr_yyssp; - register YYSTYPE *ssl_expr_yyvsp; - int ssl_expr_yyerrstatus; /* number of tokens to shift before error messages enabled */ - int ssl_expr_yychar1 = 0; /* lookahead token as an internal (translated) token number */ - - short ssl_expr_yyssa[YYINITDEPTH]; /* the state stack */ - YYSTYPE ssl_expr_yyvsa[YYINITDEPTH]; /* the semantic value stack */ - - short *ssl_expr_yyss = ssl_expr_yyssa; /* refer to the stacks thru separate pointers */ - YYSTYPE *ssl_expr_yyvs = ssl_expr_yyvsa; /* to allow ssl_expr_yyoverflow to reallocate them elsewhere */ - -#ifdef YYLSP_NEEDED - YYLTYPE ssl_expr_yylsa[YYINITDEPTH]; /* the location stack */ - YYLTYPE *ssl_expr_yyls = ssl_expr_yylsa; - YYLTYPE *ssl_expr_yylsp; - -#define YYPOPSTACK (ssl_expr_yyvsp--, ssl_expr_yyssp--, ssl_expr_yylsp--) -#else -#define YYPOPSTACK (ssl_expr_yyvsp--, ssl_expr_yyssp--) -#endif - - int ssl_expr_yystacksize = YYINITDEPTH; - int ssl_expr_yyfree_stacks = 0; - -#ifdef YYPURE - int ssl_expr_yychar; - YYSTYPE ssl_expr_yylval; - int ssl_expr_yynerrs; -#ifdef YYLSP_NEEDED - YYLTYPE ssl_expr_yylloc; -#endif -#endif - - YYSTYPE ssl_expr_yyval; /* the variable used to return */ - /* semantic values from the action */ - /* routines */ - - int ssl_expr_yylen; - -#if YYDEBUG != 0 - if (ssl_expr_yydebug) - fprintf(stderr, "Starting parse\n"); -#endif - - ssl_expr_yystate = 0; - ssl_expr_yyerrstatus = 0; - ssl_expr_yynerrs = 0; - ssl_expr_yychar = YYEMPTY; /* Cause a token to be read. */ - - /* Initialize stack pointers. - Waste one element of value and location stack - so that they stay on the same level as the state stack. - The wasted elements are never initialized. */ - - ssl_expr_yyssp = ssl_expr_yyss - 1; - ssl_expr_yyvsp = ssl_expr_yyvs; -#ifdef YYLSP_NEEDED - ssl_expr_yylsp = ssl_expr_yyls; -#endif - -/* Push a new state, which is found in ssl_expr_yystate . */ -/* In all cases, when you get here, the value and location stacks - have just been pushed. so pushing a state here evens the stacks. */ -ssl_expr_yynewstate: - - *++ssl_expr_yyssp = ssl_expr_yystate; - - if (ssl_expr_yyssp >= ssl_expr_yyss + ssl_expr_yystacksize - 1) - { - /* Give user a chance to reallocate the stack */ - /* Use copies of these so that the &'s don't force the real ones into memory. */ - YYSTYPE *ssl_expr_yyvs1 = ssl_expr_yyvs; - short *ssl_expr_yyss1 = ssl_expr_yyss; -#ifdef YYLSP_NEEDED - YYLTYPE *ssl_expr_yyls1 = ssl_expr_yyls; -#endif - - /* Get the current used size of the three stacks, in elements. */ - int size = ssl_expr_yyssp - ssl_expr_yyss + 1; - -#ifdef ssl_expr_yyoverflow - /* Each stack pointer address is followed by the size of - the data in use in that stack, in bytes. */ -#ifdef YYLSP_NEEDED - /* This used to be a conditional around just the two extra args, - but that might be undefined if ssl_expr_yyoverflow is a macro. */ - ssl_expr_yyoverflow("parser stack overflow", - &ssl_expr_yyss1, size * sizeof (*ssl_expr_yyssp), - &ssl_expr_yyvs1, size * sizeof (*ssl_expr_yyvsp), - &ssl_expr_yyls1, size * sizeof (*ssl_expr_yylsp), - &ssl_expr_yystacksize); -#else - ssl_expr_yyoverflow("parser stack overflow", - &ssl_expr_yyss1, size * sizeof (*ssl_expr_yyssp), - &ssl_expr_yyvs1, size * sizeof (*ssl_expr_yyvsp), - &ssl_expr_yystacksize); -#endif - - ssl_expr_yyss = ssl_expr_yyss1; ssl_expr_yyvs = ssl_expr_yyvs1; -#ifdef YYLSP_NEEDED - ssl_expr_yyls = ssl_expr_yyls1; -#endif -#else /* no ssl_expr_yyoverflow */ - /* Extend the stack our own way. */ - if (ssl_expr_yystacksize >= YYMAXDEPTH) - { - ssl_expr_yyerror("parser stack overflow"); - if (ssl_expr_yyfree_stacks) - { - free (ssl_expr_yyss); - free (ssl_expr_yyvs); -#ifdef YYLSP_NEEDED - free (ssl_expr_yyls); -#endif - } - return 2; - } - ssl_expr_yystacksize *= 2; - if (ssl_expr_yystacksize > YYMAXDEPTH) - ssl_expr_yystacksize = YYMAXDEPTH; -#ifndef YYSTACK_USE_ALLOCA - ssl_expr_yyfree_stacks = 1; -#endif - ssl_expr_yyss = (short *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yyssp)); - __ssl_expr_yy_memcpy ((char *)ssl_expr_yyss, (char *)ssl_expr_yyss1, - size * (unsigned int) sizeof (*ssl_expr_yyssp)); - ssl_expr_yyvs = (YYSTYPE *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yyvsp)); - __ssl_expr_yy_memcpy ((char *)ssl_expr_yyvs, (char *)ssl_expr_yyvs1, - size * (unsigned int) sizeof (*ssl_expr_yyvsp)); -#ifdef YYLSP_NEEDED - ssl_expr_yyls = (YYLTYPE *) YYSTACK_ALLOC (ssl_expr_yystacksize * sizeof (*ssl_expr_yylsp)); - __ssl_expr_yy_memcpy ((char *)ssl_expr_yyls, (char *)ssl_expr_yyls1, - size * (unsigned int) sizeof (*ssl_expr_yylsp)); -#endif -#endif /* no ssl_expr_yyoverflow */ - - ssl_expr_yyssp = ssl_expr_yyss + size - 1; - ssl_expr_yyvsp = ssl_expr_yyvs + size - 1; -#ifdef YYLSP_NEEDED - ssl_expr_yylsp = ssl_expr_yyls + size - 1; -#endif - -#if YYDEBUG != 0 - if (ssl_expr_yydebug) - fprintf(stderr, "Stack size increased to %d\n", ssl_expr_yystacksize); -#endif - - if (ssl_expr_yyssp >= ssl_expr_yyss + ssl_expr_yystacksize - 1) - YYABORT; - } - -#if YYDEBUG != 0 - if (ssl_expr_yydebug) - fprintf(stderr, "Entering state %d\n", ssl_expr_yystate); -#endif - - goto ssl_expr_yybackup; - ssl_expr_yybackup: - -/* Do appropriate processing given the current state. */ -/* Read a lookahead token if we need one and don't already have one. */ -/* ssl_expr_yyresume: */ - - /* First try to decide what to do without reference to lookahead token. */ - - ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate]; - if (ssl_expr_yyn == YYFLAG) - goto ssl_expr_yydefault; - - /* Not known => get a lookahead token if don't already have one. */ - - /* ssl_expr_yychar is either YYEMPTY or YYEOF - or a valid token in external form. */ - - if (ssl_expr_yychar == YYEMPTY) - { -#if YYDEBUG != 0 - if (ssl_expr_yydebug) - fprintf(stderr, "Reading a token: "); -#endif - ssl_expr_yychar = YYLEX; - } - - /* Convert token to internal form (in ssl_expr_yychar1) for indexing tables with */ - - if (ssl_expr_yychar <= 0) /* This means end of input. */ - { - ssl_expr_yychar1 = 0; - ssl_expr_yychar = YYEOF; /* Don't call YYLEX any more */ - -#if YYDEBUG != 0 - if (ssl_expr_yydebug) - fprintf(stderr, "Now at end of input.\n"); -#endif - } - else - { - ssl_expr_yychar1 = YYTRANSLATE(ssl_expr_yychar); - -#if YYDEBUG != 0 - if (ssl_expr_yydebug) - { - fprintf (stderr, "Next token is %d (%s", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]); - /* Give the individual parser a way to print the precise meaning - of a token, for further debugging info. */ -#ifdef YYPRINT - YYPRINT (stderr, ssl_expr_yychar, ssl_expr_yylval); -#endif - fprintf (stderr, ")\n"); - } -#endif - } - - ssl_expr_yyn += ssl_expr_yychar1; - if (ssl_expr_yyn < 0 || ssl_expr_yyn > YYLAST || ssl_expr_yycheck[ssl_expr_yyn] != ssl_expr_yychar1) - goto ssl_expr_yydefault; - - ssl_expr_yyn = ssl_expr_yytable[ssl_expr_yyn]; - - /* ssl_expr_yyn is what to do for this token type in this state. - Negative => reduce, -ssl_expr_yyn is rule number. - Positive => shift, ssl_expr_yyn is new state. - New state is final state => don't bother to shift, - just return success. - 0, or most negative number => error. */ - - if (ssl_expr_yyn < 0) - { - if (ssl_expr_yyn == YYFLAG) - goto ssl_expr_yyerrlab; - ssl_expr_yyn = -ssl_expr_yyn; - goto ssl_expr_yyreduce; - } - else if (ssl_expr_yyn == 0) - goto ssl_expr_yyerrlab; - - if (ssl_expr_yyn == YYFINAL) - YYACCEPT; - - /* Shift the lookahead token. */ - -#if YYDEBUG != 0 - if (ssl_expr_yydebug) - fprintf(stderr, "Shifting token %d (%s), ", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]); -#endif - - /* Discard the token being shifted unless it is eof. */ - if (ssl_expr_yychar != YYEOF) - ssl_expr_yychar = YYEMPTY; - - *++ssl_expr_yyvsp = ssl_expr_yylval; -#ifdef YYLSP_NEEDED - *++ssl_expr_yylsp = ssl_expr_yylloc; -#endif - - /* count tokens shifted since error; after three, turn off error status. */ - if (ssl_expr_yyerrstatus) ssl_expr_yyerrstatus--; - - ssl_expr_yystate = ssl_expr_yyn; - goto ssl_expr_yynewstate; - -/* Do the default action for the current state. */ -ssl_expr_yydefault: - - ssl_expr_yyn = ssl_expr_yydefact[ssl_expr_yystate]; - if (ssl_expr_yyn == 0) - goto ssl_expr_yyerrlab; - -/* Do a reduction. ssl_expr_yyn is the number of a rule to reduce with. */ -ssl_expr_yyreduce: - ssl_expr_yylen = ssl_expr_yyr2[ssl_expr_yyn]; - if (ssl_expr_yylen > 0) - ssl_expr_yyval = ssl_expr_yyvsp[1-ssl_expr_yylen]; /* implement default value of the action */ - -#if YYDEBUG != 0 - if (ssl_expr_yydebug) - { - int i; - - fprintf (stderr, "Reducing via rule %d (line %d), ", - ssl_expr_yyn, ssl_expr_yyrline[ssl_expr_yyn]); - - /* Print the symbols being reduced, and their result. */ - for (i = ssl_expr_yyprhs[ssl_expr_yyn]; ssl_expr_yyrhs[i] > 0; i++) - fprintf (stderr, "%s ", ssl_expr_yytname[ssl_expr_yyrhs[i]]); - fprintf (stderr, " -> %s\n", ssl_expr_yytname[ssl_expr_yyr1[ssl_expr_yyn]]); - } -#endif - - - switch (ssl_expr_yyn) { - -case 1: -#line 81 "ssl_expr_parse.y" -{ ssl_expr_info.expr = ssl_expr_yyvsp[0].exVal; ; - break;} -case 2: -#line 84 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_True, NULL, NULL); ; - break;} -case 3: -#line 85 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_False, NULL, NULL); ; - break;} -case 4: -#line 86 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_Not, ssl_expr_yyvsp[0].exVal, NULL); ; - break;} -case 5: -#line 87 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_Or, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; - break;} -case 6: -#line 88 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_And, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; - break;} -case 7: -#line 89 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_Comp, ssl_expr_yyvsp[0].exVal, NULL); ; - break;} -case 8: -#line 90 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_yyvsp[-1].exVal; ; - break;} -case 9: -#line 93 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_EQ, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; - break;} -case 10: -#line 94 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_NE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; - break;} -case 11: -#line 95 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_LT, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; - break;} -case 12: -#line 96 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_LE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; - break;} -case 13: -#line 97 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_GT, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; - break;} -case 14: -#line 98 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_GE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; - break;} -case 15: -#line 99 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_IN, ssl_expr_yyvsp[-4].exVal, ssl_expr_yyvsp[-1].exVal); ; - break;} -case 16: -#line 100 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_REG, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; - break;} -case 17: -#line 101 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_NRE, ssl_expr_yyvsp[-2].exVal, ssl_expr_yyvsp[0].exVal); ; - break;} -case 18: -#line 104 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[0].exVal, NULL); ; - break;} -case 19: -#line 105 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[0].exVal, ssl_expr_yyvsp[-2].exVal); ; - break;} -case 20: -#line 108 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_Digit, ssl_expr_yyvsp[0].cpVal, NULL); ; - break;} -case 21: -#line 109 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_String, ssl_expr_yyvsp[0].cpVal, NULL); ; - break;} -case 22: -#line 110 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_make(op_Var, ssl_expr_yyvsp[-1].cpVal, NULL); ; - break;} -case 23: -#line 111 "ssl_expr_parse.y" -{ ssl_expr_yyval.exVal = ssl_expr_yyvsp[0].exVal; ; - break;} -case 24: -#line 114 "ssl_expr_parse.y" -{ - regex_t *regex; - if ((regex = ap_pregcomp(ssl_expr_info.pool, ssl_expr_yyvsp[0].cpVal, - REG_EXTENDED|REG_NOSUB)) == NULL) { - ssl_expr_error = "Failed to compile regular expression"; - YYERROR; - } - ssl_expr_yyval.exVal = ssl_expr_make(op_Regex, regex, NULL); - ; - break;} -case 25: -#line 123 "ssl_expr_parse.y" -{ - regex_t *regex; - if ((regex = ap_pregcomp(ssl_expr_info.pool, ssl_expr_yyvsp[0].cpVal, - REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) { - ssl_expr_error = "Failed to compile regular expression"; - YYERROR; - } - ssl_expr_yyval.exVal = ssl_expr_make(op_Regex, regex, NULL); - ; - break;} -case 26: -#line 134 "ssl_expr_parse.y" -{ - ssl_expr *args = ssl_expr_make(op_ListElement, ssl_expr_yyvsp[-1].cpVal, NULL); - ssl_expr_yyval.exVal = ssl_expr_make(op_Func, "file", args); - ; - break;} -} - /* the action file gets copied in in place of this dollarsign */ -#line 543 "/usr/lib/bison.simple" - - ssl_expr_yyvsp -= ssl_expr_yylen; - ssl_expr_yyssp -= ssl_expr_yylen; -#ifdef YYLSP_NEEDED - ssl_expr_yylsp -= ssl_expr_yylen; -#endif - -#if YYDEBUG != 0 - if (ssl_expr_yydebug) - { - short *ssp1 = ssl_expr_yyss - 1; - fprintf (stderr, "state stack now"); - while (ssp1 != ssl_expr_yyssp) - fprintf (stderr, " %d", *++ssp1); - fprintf (stderr, "\n"); - } -#endif - - *++ssl_expr_yyvsp = ssl_expr_yyval; - -#ifdef YYLSP_NEEDED - ssl_expr_yylsp++; - if (ssl_expr_yylen == 0) - { - ssl_expr_yylsp->first_line = ssl_expr_yylloc.first_line; - ssl_expr_yylsp->first_column = ssl_expr_yylloc.first_column; - ssl_expr_yylsp->last_line = (ssl_expr_yylsp-1)->last_line; - ssl_expr_yylsp->last_column = (ssl_expr_yylsp-1)->last_column; - ssl_expr_yylsp->text = 0; - } - else - { - ssl_expr_yylsp->last_line = (ssl_expr_yylsp+ssl_expr_yylen-1)->last_line; - ssl_expr_yylsp->last_column = (ssl_expr_yylsp+ssl_expr_yylen-1)->last_column; - } -#endif - - /* Now "shift" the result of the reduction. - Determine what state that goes to, - based on the state we popped back to - and the rule number reduced by. */ - - ssl_expr_yyn = ssl_expr_yyr1[ssl_expr_yyn]; - - ssl_expr_yystate = ssl_expr_yypgoto[ssl_expr_yyn - YYNTBASE] + *ssl_expr_yyssp; - if (ssl_expr_yystate >= 0 && ssl_expr_yystate <= YYLAST && ssl_expr_yycheck[ssl_expr_yystate] == *ssl_expr_yyssp) - ssl_expr_yystate = ssl_expr_yytable[ssl_expr_yystate]; - else - ssl_expr_yystate = ssl_expr_yydefgoto[ssl_expr_yyn - YYNTBASE]; - - goto ssl_expr_yynewstate; - -ssl_expr_yyerrlab: /* here on detecting error */ - - if (! ssl_expr_yyerrstatus) - /* If not already recovering from an error, report this error. */ - { - ++ssl_expr_yynerrs; - -#ifdef YYERROR_VERBOSE - ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate]; - - if (ssl_expr_yyn > YYFLAG && ssl_expr_yyn < YYLAST) - { - int size = 0; - char *msg; - int x, count; - - count = 0; - /* Start X at -ssl_expr_yyn if nec to avoid negative indexes in ssl_expr_yycheck. */ - for (x = (ssl_expr_yyn < 0 ? -ssl_expr_yyn : 0); - x < (sizeof(ssl_expr_yytname) / sizeof(char *)); x++) - if (ssl_expr_yycheck[x + ssl_expr_yyn] == x) - size += strlen(ssl_expr_yytname[x]) + 15, count++; - msg = (char *) malloc(size + 15); - if (msg != 0) - { - strcpy(msg, "parse error"); - - if (count < 5) - { - count = 0; - for (x = (ssl_expr_yyn < 0 ? -ssl_expr_yyn : 0); - x < (sizeof(ssl_expr_yytname) / sizeof(char *)); x++) - if (ssl_expr_yycheck[x + ssl_expr_yyn] == x) - { - strcat(msg, count == 0 ? ", expecting `" : " or `"); - strcat(msg, ssl_expr_yytname[x]); - strcat(msg, "'"); - count++; - } - } - ssl_expr_yyerror(msg); - free(msg); - } - else - ssl_expr_yyerror ("parse error; also virtual memory exceeded"); - } - else -#endif /* YYERROR_VERBOSE */ - ssl_expr_yyerror("parse error"); - } - - goto ssl_expr_yyerrlab1; -ssl_expr_yyerrlab1: /* here on error raised explicitly by an action */ - - if (ssl_expr_yyerrstatus == 3) - { - /* if just tried and failed to reuse lookahead token after an error, discard it. */ - - /* return failure if at end of input */ - if (ssl_expr_yychar == YYEOF) - YYABORT; - -#if YYDEBUG != 0 - if (ssl_expr_yydebug) - fprintf(stderr, "Discarding token %d (%s).\n", ssl_expr_yychar, ssl_expr_yytname[ssl_expr_yychar1]); -#endif - - ssl_expr_yychar = YYEMPTY; - } - - /* Else will try to reuse lookahead token - after shifting the error token. */ - - ssl_expr_yyerrstatus = 3; /* Each real token shifted decrements this */ - - goto ssl_expr_yyerrhandle; - -ssl_expr_yyerrdefault: /* current state does not do anything special for the error token. */ - -#if 0 - /* This is wrong; only states that explicitly want error tokens - should shift them. */ - ssl_expr_yyn = ssl_expr_yydefact[ssl_expr_yystate]; /* If its default is to accept any token, ok. Otherwise pop it.*/ - if (ssl_expr_yyn) goto ssl_expr_yydefault; -#endif - -ssl_expr_yyerrpop: /* pop the current state because it cannot handle the error token */ - - if (ssl_expr_yyssp == ssl_expr_yyss) YYABORT; - ssl_expr_yyvsp--; - ssl_expr_yystate = *--ssl_expr_yyssp; -#ifdef YYLSP_NEEDED - ssl_expr_yylsp--; -#endif - -#if YYDEBUG != 0 - if (ssl_expr_yydebug) - { - short *ssp1 = ssl_expr_yyss - 1; - fprintf (stderr, "Error: state stack now"); - while (ssp1 != ssl_expr_yyssp) - fprintf (stderr, " %d", *++ssp1); - fprintf (stderr, "\n"); - } -#endif - -ssl_expr_yyerrhandle: - - ssl_expr_yyn = ssl_expr_yypact[ssl_expr_yystate]; - if (ssl_expr_yyn == YYFLAG) - goto ssl_expr_yyerrdefault; - - ssl_expr_yyn += YYTERROR; - if (ssl_expr_yyn < 0 || ssl_expr_yyn > YYLAST || ssl_expr_yycheck[ssl_expr_yyn] != YYTERROR) - goto ssl_expr_yyerrdefault; - - ssl_expr_yyn = ssl_expr_yytable[ssl_expr_yyn]; - if (ssl_expr_yyn < 0) - { - if (ssl_expr_yyn == YYFLAG) - goto ssl_expr_yyerrpop; - ssl_expr_yyn = -ssl_expr_yyn; - goto ssl_expr_yyreduce; - } - else if (ssl_expr_yyn == 0) - goto ssl_expr_yyerrpop; - - if (ssl_expr_yyn == YYFINAL) - YYACCEPT; - -#if YYDEBUG != 0 - if (ssl_expr_yydebug) - fprintf(stderr, "Shifting error token, "); -#endif - - *++ssl_expr_yyvsp = ssl_expr_yylval; -#ifdef YYLSP_NEEDED - *++ssl_expr_yylsp = ssl_expr_yylloc; -#endif - - ssl_expr_yystate = ssl_expr_yyn; - goto ssl_expr_yynewstate; - - ssl_expr_yyacceptlab: - /* YYACCEPT comes here. */ - if (ssl_expr_yyfree_stacks) - { - free (ssl_expr_yyss); - free (ssl_expr_yyvs); -#ifdef YYLSP_NEEDED - free (ssl_expr_yyls); -#endif - } - return 0; - - ssl_expr_yyabortlab: - /* YYABORT comes here. */ - if (ssl_expr_yyfree_stacks) - { - free (ssl_expr_yyss); - free (ssl_expr_yyvs); -#ifdef YYLSP_NEEDED - free (ssl_expr_yyls); -#endif - } - return 1; -} -#line 140 "ssl_expr_parse.y" - - -int ssl_expr_yyerror(char *s) -{ - ssl_expr_error = s; - return 2; -} - diff --git a/ssl_expr_parse.h b/ssl_expr_parse.h deleted file mode 100644 index 5378e28..0000000 --- a/ssl_expr_parse.h +++ /dev/null @@ -1,27 +0,0 @@ -typedef union { - char *cpVal; - ssl_expr *exVal; -} YYSTYPE; -#define T_TRUE 257 -#define T_FALSE 258 -#define T_DIGIT 259 -#define T_ID 260 -#define T_STRING 261 -#define T_REGEX 262 -#define T_REGEX_I 263 -#define T_FUNC_FILE 264 -#define T_OP_EQ 265 -#define T_OP_NE 266 -#define T_OP_LT 267 -#define T_OP_LE 268 -#define T_OP_GT 269 -#define T_OP_GE 270 -#define T_OP_REG 271 -#define T_OP_NRE 272 -#define T_OP_IN 273 -#define T_OP_OR 274 -#define T_OP_AND 275 -#define T_OP_NOT 276 - - -extern YYSTYPE ssl_expr_yylval; diff --git a/ssl_expr_parse.y b/ssl_expr_parse.y deleted file mode 100644 index 21fe64c..0000000 --- a/ssl_expr_parse.y +++ /dev/null @@ -1,147 +0,0 @@ -/* Copyright 2001-2004 The Apache Software Foundation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* _ _ - * _ __ ___ ___ __| | ___ ___| | - * | '_ ` _ \ / _ \ / _` | / __/ __| | - * | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to OpenSSL - * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/ - * |_____| - * ssl_expr_parse.y - * Expression LR(1) Parser - */ - /* ``What you see is all you get.'' - -- Brian Kernighan */ - -/* _________________________________________________________________ -** -** Expression Parser -** _________________________________________________________________ -*/ - -%{ -#include "mod_nss.h" -%} - -%union { - char *cpVal; - ssl_expr *exVal; -} - -%token T_TRUE -%token T_FALSE - -%token T_DIGIT -%token T_ID -%token T_STRING -%token T_REGEX -%token T_REGEX_I - -%token T_FUNC_FILE - -%token T_OP_EQ -%token T_OP_NE -%token T_OP_LT -%token T_OP_LE -%token T_OP_GT -%token T_OP_GE -%token T_OP_REG -%token T_OP_NRE -%token T_OP_IN - -%token T_OP_OR -%token T_OP_AND -%token T_OP_NOT - -%left T_OP_OR -%left T_OP_AND -%left T_OP_NOT - -%type expr -%type comparison -%type funccall -%type regex -%type words -%type word - -%% - -root : expr { ssl_expr_info.expr = $1; } - ; - -expr : T_TRUE { $$ = ssl_expr_make(op_True, NULL, NULL); } - | T_FALSE { $$ = ssl_expr_make(op_False, NULL, NULL); } - | T_OP_NOT expr { $$ = ssl_expr_make(op_Not, $2, NULL); } - | expr T_OP_OR expr { $$ = ssl_expr_make(op_Or, $1, $3); } - | expr T_OP_AND expr { $$ = ssl_expr_make(op_And, $1, $3); } - | comparison { $$ = ssl_expr_make(op_Comp, $1, NULL); } - | '(' expr ')' { $$ = $2; } - ; - -comparison: word T_OP_EQ word { $$ = ssl_expr_make(op_EQ, $1, $3); } - | word T_OP_NE word { $$ = ssl_expr_make(op_NE, $1, $3); } - | word T_OP_LT word { $$ = ssl_expr_make(op_LT, $1, $3); } - | word T_OP_LE word { $$ = ssl_expr_make(op_LE, $1, $3); } - | word T_OP_GT word { $$ = ssl_expr_make(op_GT, $1, $3); } - | word T_OP_GE word { $$ = ssl_expr_make(op_GE, $1, $3); } - | word T_OP_IN '{' words '}' { $$ = ssl_expr_make(op_IN, $1, $4); } - | word T_OP_REG regex { $$ = ssl_expr_make(op_REG, $1, $3); } - | word T_OP_NRE regex { $$ = ssl_expr_make(op_NRE, $1, $3); } - ; - -words : word { $$ = ssl_expr_make(op_ListElement, $1, NULL); } - | words ',' word { $$ = ssl_expr_make(op_ListElement, $3, $1); } - ; - -word : T_DIGIT { $$ = ssl_expr_make(op_Digit, $1, NULL); } - | T_STRING { $$ = ssl_expr_make(op_String, $1, NULL); } - | '%' '{' T_ID '}' { $$ = ssl_expr_make(op_Var, $3, NULL); } - | funccall { $$ = $1; } - ; - -regex : T_REGEX { - regex_t *regex; - if ((regex = ap_pregcomp(ssl_expr_info.pool, $1, - REG_EXTENDED|REG_NOSUB)) == NULL) { - ssl_expr_error = "Failed to compile regular expression"; - YYERROR; - } - $$ = ssl_expr_make(op_Regex, regex, NULL); - } - | T_REGEX_I { - regex_t *regex; - if ((regex = ap_pregcomp(ssl_expr_info.pool, $1, - REG_EXTENDED|REG_NOSUB|REG_ICASE)) == NULL) { - ssl_expr_error = "Failed to compile regular expression"; - YYERROR; - } - $$ = ssl_expr_make(op_Regex, regex, NULL); - } - ; - -funccall : T_FUNC_FILE '(' T_STRING ')' { - ssl_expr *args = ssl_expr_make(op_ListElement, $3, NULL); - $$ = ssl_expr_make(op_Func, "file", args); - } - ; - -%% - -int yyerror(char *s) -{ - ssl_expr_error = s; - return 2; -} - diff --git a/ssl_expr_scan.c b/ssl_expr_scan.c deleted file mode 100644 index a351735..0000000 --- a/ssl_expr_scan.c +++ /dev/null @@ -1,1961 +0,0 @@ -#define yy_create_buffer ssl_expr_yy_create_buffer -#define yy_delete_buffer ssl_expr_yy_delete_buffer -#define yy_scan_buffer ssl_expr_yy_scan_buffer -#define yy_scan_string ssl_expr_yy_scan_string -#define yy_scan_bytes ssl_expr_yy_scan_bytes -#define yy_flex_debug ssl_expr_yy_flex_debug -#define yy_init_buffer ssl_expr_yy_init_buffer -#define yy_flush_buffer ssl_expr_yy_flush_buffer -#define yy_load_buffer_state ssl_expr_yy_load_buffer_state -#define yy_switch_to_buffer ssl_expr_yy_switch_to_buffer -#define yyin ssl_expr_yyin -#define yyleng ssl_expr_yyleng -#define yylex ssl_expr_yylex -#define yyout ssl_expr_yyout -#define yyrestart ssl_expr_yyrestart -#define yytext ssl_expr_yytext - -/* A lexical scanner generated by flex */ - -/* Scanner skeleton version: - */ - -#define FLEX_SCANNER -#define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 - -#include -#include - - -/* cfront 1.2 defines "c_plusplus" instead of "__cplusplus" */ -#ifdef c_plusplus -#ifndef __cplusplus -#define __cplusplus -#endif -#endif - - -#ifdef __cplusplus - -#include - -/* Use prototypes in function declarations. */ -#define YY_USE_PROTOS - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -#if __STDC__ - -#define YY_USE_PROTOS -#define YY_USE_CONST - -#endif /* __STDC__ */ -#endif /* ! __cplusplus */ - -#ifdef __TURBOC__ - #pragma warn -rch - #pragma warn -use -#include -#include -#define YY_USE_CONST -#define YY_USE_PROTOS -#endif - -#ifdef YY_USE_CONST -#define yyconst const -#else -#define yyconst -#endif - - -#ifdef YY_USE_PROTOS -#define YY_PROTO(proto) proto -#else -#define YY_PROTO(proto) () -#endif - -/* Returned upon end-of-file. */ -#define YY_NULL 0 - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. - */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) - -/* Enter a start condition. This macro really ought to take a parameter, - * but we do it the disgusting crufty way forced on us by the ()-less - * definition of BEGIN. - */ -#define BEGIN yy_start = 1 + 2 * - -/* Translate the current start state into a value that can be later handed - * to BEGIN to return to the state. The YYSTATE alias is for lex - * compatibility. - */ -#define YY_START ((yy_start - 1) / 2) -#define YYSTATE YY_START - -/* Action number for EOF rule of a given start state. */ -#define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - -/* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart( yyin ) - -#define YY_END_OF_BUFFER_CHAR 0 - -/* Size of default input buffer. */ -#define YY_BUF_SIZE 16384 - -typedef struct yy_buffer_state *YY_BUFFER_STATE; - -extern int yyleng; -extern FILE *yyin, *yyout; - -#define EOB_ACT_CONTINUE_SCAN 0 -#define EOB_ACT_END_OF_FILE 1 -#define EOB_ACT_LAST_MATCH 2 - -/* The funky do-while in the following #define is used to turn the definition - * int a single C statement (which needs a semi-colon terminator). This - * avoids problems with code like: - * - * if ( condition_holds ) - * yyless( 5 ); - * else - * do_something_else(); - * - * Prior to using the do-while the compiler would get upset at the - * "else" because it interpreted the "if" statement as being all - * done when it reached the ';' after the yyless() call. - */ - -/* Return all but the first 'n' matched characters back to the input stream. */ - -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - *yy_cp = yy_hold_char; \ - YY_RESTORE_YY_MORE_OFFSET \ - yy_c_buf_p = yy_cp = yy_bp + n - YY_MORE_ADJ; \ - YY_DO_BEFORE_ACTION; /* set up yytext again */ \ - } \ - while ( 0 ) - -#define unput(c) yyunput( c, yytext_ptr ) - -/* The following is because we cannot portably get our hands on size_t - * (without autoconf's help, which isn't available because we want - * flex-generated scanners to compile on their own). - */ -typedef unsigned int yy_size_t; - - -struct yy_buffer_state - { - FILE *yy_input_file; - - char *yy_ch_buf; /* input buffer */ - char *yy_buf_pos; /* current position in input buffer */ - - /* Size of input buffer in bytes, not including room for EOB - * characters. - */ - yy_size_t yy_buf_size; - - /* Number of characters read into yy_ch_buf, not including EOB - * characters. - */ - int yy_n_chars; - - /* Whether we "own" the buffer - i.e., we know we created it, - * and can realloc() it to grow it, and should free() it to - * delete it. - */ - int yy_is_our_buffer; - - /* Whether this is an "interactive" input source; if so, and - * if we're using stdio for input, then we want to use getc() - * instead of fread(), to make sure we stop fetching input after - * each newline. - */ - int yy_is_interactive; - - /* Whether we're considered to be at the beginning of a line. - * If so, '^' rules will be active on the next match, otherwise - * not. - */ - int yy_at_bol; - - /* Whether to try to fill the input buffer when we reach the - * end of it. - */ - int yy_fill_buffer; - - int yy_buffer_status; -#define YY_BUFFER_NEW 0 -#define YY_BUFFER_NORMAL 1 - /* When an EOF's been seen but there's still some text to process - * then we mark the buffer as YY_EOF_PENDING, to indicate that we - * shouldn't try reading from the input source any more. We might - * still have a bunch of tokens to match, though, because of - * possible backing-up. - * - * When we actually see the EOF, we change the status to "new" - * (via yyrestart()), so that the user can continue scanning by - * just pointing yyin at a new input file. - */ -#define YY_BUFFER_EOF_PENDING 2 - }; - -static YY_BUFFER_STATE yy_current_buffer = 0; - -/* We provide macros for accessing buffer states in case in the - * future we want to put the buffer states in a more general - * "scanner state". - */ -#define YY_CURRENT_BUFFER yy_current_buffer - - -/* yy_hold_char holds the character lost when yytext is formed. */ -static char yy_hold_char; - -static int yy_n_chars; /* number of characters read into yy_ch_buf */ - - -int yyleng; - -/* Points to current character in buffer. */ -static char *yy_c_buf_p = (char *) 0; -static int yy_init = 1; /* whether we need to initialize */ -static int yy_start = 0; /* start state number */ - -/* Flag which is used to allow yywrap()'s to do buffer switches - * instead of setting up a fresh yyin. A bit of a hack ... - */ -static int yy_did_buffer_switch_on_eof; - -void yyrestart YY_PROTO(( FILE *input_file )); - -void yy_switch_to_buffer YY_PROTO(( YY_BUFFER_STATE new_buffer )); -void yy_load_buffer_state YY_PROTO(( void )); -YY_BUFFER_STATE yy_create_buffer YY_PROTO(( FILE *file, int size )); -void yy_delete_buffer YY_PROTO(( YY_BUFFER_STATE b )); -void yy_init_buffer YY_PROTO(( YY_BUFFER_STATE b, FILE *file )); -void yy_flush_buffer YY_PROTO(( YY_BUFFER_STATE b )); -#define YY_FLUSH_BUFFER yy_flush_buffer( yy_current_buffer ) - -YY_BUFFER_STATE yy_scan_buffer YY_PROTO(( char *base, yy_size_t size )); -YY_BUFFER_STATE yy_scan_string YY_PROTO(( yyconst char *yy_str )); -YY_BUFFER_STATE yy_scan_bytes YY_PROTO(( yyconst char *bytes, int len )); - -static void *yy_flex_alloc YY_PROTO(( yy_size_t )); -static void *yy_flex_realloc YY_PROTO(( void *, yy_size_t )); -static void yy_flex_free YY_PROTO(( void * )); - -#define yy_new_buffer yy_create_buffer - -#define yy_set_interactive(is_interactive) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_is_interactive = is_interactive; \ - } - -#define yy_set_bol(at_bol) \ - { \ - if ( ! yy_current_buffer ) \ - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); \ - yy_current_buffer->yy_at_bol = at_bol; \ - } - -#define YY_AT_BOL() (yy_current_buffer->yy_at_bol) - - -#define yywrap() 1 -#define YY_SKIP_YYWRAP -typedef unsigned char YY_CHAR; -FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; -typedef int yy_state_type; -extern char *yytext; -#define yytext_ptr yytext - -static yy_state_type yy_get_previous_state YY_PROTO(( void )); -static yy_state_type yy_try_NUL_trans YY_PROTO(( yy_state_type current_state )); -static int yy_get_next_buffer YY_PROTO(( void )); -static void yy_fatal_error YY_PROTO(( yyconst char msg[] )); - -/* Done after the current pattern has been matched and before the - * corresponding action - sets up yytext. - */ -#define YY_DO_BEFORE_ACTION \ - yytext_ptr = yy_bp; \ - yyleng = (int) (yy_cp - yy_bp); \ - yy_hold_char = *yy_cp; \ - *yy_cp = '\0'; \ - yy_c_buf_p = yy_cp; - -#define YY_NUM_RULES 46 -#define YY_END_OF_BUFFER 47 -static yyconst short int yy_accept[86] = - { 0, - 0, 0, 0, 0, 0, 0, 0, 0, 47, 45, - 1, 38, 2, 45, 43, 24, 45, 28, 44, 44, - 44, 44, 44, 44, 44, 44, 44, 44, 44, 45, - 13, 4, 3, 14, 16, 18, 17, 1, 22, 32, - 34, 43, 26, 20, 31, 30, 44, 44, 19, 44, - 44, 29, 27, 39, 25, 23, 15, 15, 21, 44, - 35, 44, 36, 13, 12, 5, 6, 10, 11, 7, - 8, 9, 33, 44, 44, 37, 44, 5, 6, 44, - 40, 41, 5, 42, 0 - } ; - -static yyconst int yy_ec[256] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 2, 4, 5, 1, 1, 1, 6, 1, 1, - 1, 1, 1, 1, 7, 1, 1, 8, 8, 8, - 8, 8, 8, 8, 8, 9, 9, 7, 1, 10, - 11, 12, 1, 1, 13, 13, 13, 13, 13, 13, - 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, - 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, - 1, 14, 1, 1, 7, 1, 15, 16, 13, 17, - - 18, 19, 20, 13, 21, 13, 13, 22, 23, 24, - 25, 13, 26, 27, 28, 29, 30, 13, 13, 13, - 13, 13, 1, 31, 1, 32, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1 - } ; - -static yyconst int yy_meta[33] = - { 0, - 1, 1, 2, 1, 3, 1, 4, 4, 4, 1, - 1, 1, 4, 3, 4, 4, 4, 4, 4, 4, - 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, - 1, 1 - } ; - -static yyconst short int yy_base[93] = - { 0, - 0, 0, 30, 31, 0, 0, 82, 81, 101, 142, - 35, 28, 142, 94, 32, 88, 31, 87, 0, 69, - 66, 28, 28, 67, 29, 63, 30, 63, 62, 57, - 0, 142, 142, 88, 142, 142, 142, 48, 142, 142, - 142, 44, 142, 142, 142, 142, 0, 70, 0, 64, - 63, 0, 0, 0, 0, 0, 142, 0, 0, 55, - 0, 46, 142, 0, 142, 53, 62, 142, 142, 142, - 142, 142, 0, 44, 48, 0, 41, 70, 72, 38, - 0, 0, 74, 0, 142, 117, 121, 125, 50, 129, - 133, 137 - - } ; - -static yyconst short int yy_def[93] = - { 0, - 85, 1, 86, 86, 87, 87, 88, 88, 85, 85, - 85, 85, 85, 85, 85, 85, 85, 85, 89, 89, - 89, 89, 89, 89, 89, 90, 89, 89, 89, 85, - 91, 85, 85, 92, 85, 85, 85, 85, 85, 85, - 85, 85, 85, 85, 85, 85, 89, 89, 89, 89, - 89, 89, 89, 89, 89, 89, 85, 89, 89, 89, - 89, 89, 85, 91, 85, 85, 85, 85, 85, 85, - 85, 85, 89, 89, 89, 89, 89, 85, 85, 89, - 89, 89, 85, 89, 0, 85, 85, 85, 85, 85, - 85, 85 - - } ; - -static yyconst short int yy_nxt[175] = - { 0, - 10, 11, 11, 12, 13, 14, 10, 15, 15, 16, - 17, 18, 19, 10, 20, 19, 19, 21, 22, 23, - 24, 25, 26, 27, 28, 19, 19, 19, 29, 19, - 30, 10, 32, 32, 33, 33, 38, 38, 39, 42, - 42, 44, 50, 34, 34, 52, 55, 59, 51, 38, - 38, 42, 42, 47, 60, 84, 53, 56, 82, 40, - 78, 79, 45, 57, 57, 81, 57, 57, 57, 79, - 79, 80, 57, 57, 57, 77, 57, 83, 79, 79, - 79, 79, 79, 76, 75, 74, 73, 63, 62, 61, - 54, 49, 48, 57, 57, 66, 67, 46, 43, 41, - - 85, 37, 37, 68, 85, 85, 69, 85, 85, 85, - 85, 70, 85, 85, 71, 85, 72, 31, 31, 31, - 31, 35, 35, 35, 35, 36, 36, 36, 36, 58, - 85, 58, 58, 64, 85, 85, 64, 65, 65, 65, - 65, 9, 85, 85, 85, 85, 85, 85, 85, 85, - 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, - 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, - 85, 85, 85, 85 - } ; - -static yyconst short int yy_chk[175] = - { 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 3, 4, 3, 4, 11, 11, 12, 15, - 15, 17, 22, 3, 4, 23, 25, 27, 22, 38, - 38, 42, 42, 89, 27, 80, 23, 25, 77, 12, - 66, 66, 17, 26, 26, 75, 26, 26, 26, 67, - 67, 74, 26, 26, 26, 62, 26, 78, 78, 79, - 79, 83, 83, 60, 51, 50, 48, 30, 29, 28, - 24, 21, 20, 26, 26, 34, 34, 18, 16, 14, - - 9, 8, 7, 34, 0, 0, 34, 0, 0, 0, - 0, 34, 0, 0, 34, 0, 34, 86, 86, 86, - 86, 87, 87, 87, 87, 88, 88, 88, 88, 90, - 0, 90, 90, 91, 0, 0, 91, 92, 92, 92, - 92, 85, 85, 85, 85, 85, 85, 85, 85, 85, - 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, - 85, 85, 85, 85, 85, 85, 85, 85, 85, 85, - 85, 85, 85, 85 - } ; - -static yy_state_type yy_last_accepting_state; -static char *yy_last_accepting_cpos; - -/* The intent behind this definition is that it'll catch - * any uses of REJECT which flex missed. - */ -#define REJECT reject_used_but_not_detected -#define yymore() yymore_used_but_not_detected -#define YY_MORE_ADJ 0 -#define YY_RESTORE_YY_MORE_OFFSET -char *yytext; -#line 1 "ssl_expr_scan.l" -#define INITIAL 0 -/* Copyright 2001-2004 The Apache Software Foundation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* _ _ - * _ __ ___ ___ __| | ___ ___| | - * | '_ ` _ \ / _ \ / _` | / __/ __| | - * | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to OpenSSL - * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/ - * |_____| - * ssl_expr_scan.l - * Expression Scanner - */ -/* ``Killing for peace is -like fucking for virginity.'' --- Unknown */ -/* _________________________________________________________________ -** -** Expression Scanner -** _________________________________________________________________ -*/ -#line 36 "ssl_expr_scan.l" -#include "mod_nss.h" - -#include "ssl_expr_parse.h" - -#define YY_NO_UNPUT 1 -int yyinput(char *buf, int max_size); - -#undef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - (result = yyinput(buf, max_size)) - -#define MAX_STR_LEN 2048 -/* %option stack */ -#define YY_NEVER_INTERACTIVE 1 -#define str 1 - -#define regex 2 -#define regex_flags 3 - -#line 501 "lex.ssl_expr_yy.c" - -/* Macros after this point can all be overridden by user definitions in - * section 1. - */ - -#ifndef YY_SKIP_YYWRAP -#ifdef __cplusplus -extern "C" int yywrap YY_PROTO(( void )); -#else -extern int yywrap YY_PROTO(( void )); -#endif -#endif - -#ifndef YY_NO_UNPUT -static void yyunput YY_PROTO(( int c, char *buf_ptr )); -#endif - -#ifndef yytext_ptr -static void yy_flex_strncpy YY_PROTO(( char *, yyconst char *, int )); -#endif - -#ifdef YY_NEED_STRLEN -static int yy_flex_strlen YY_PROTO(( yyconst char * )); -#endif - -#ifndef YY_NO_INPUT -#ifdef __cplusplus -static int yyinput YY_PROTO(( void )); -#else -static int input YY_PROTO(( void )); -#endif -#endif - -#if YY_STACK_USED -static int yy_start_stack_ptr = 0; -static int yy_start_stack_depth = 0; -static int *yy_start_stack = 0; -#ifndef YY_NO_PUSH_STATE -static void yy_push_state YY_PROTO(( int new_state )); -#endif -#ifndef YY_NO_POP_STATE -static void yy_pop_state YY_PROTO(( void )); -#endif -#ifndef YY_NO_TOP_STATE -static int yy_top_state YY_PROTO(( void )); -#endif - -#else -#define YY_NO_PUSH_STATE 1 -#define YY_NO_POP_STATE 1 -#define YY_NO_TOP_STATE 1 -#endif - -#ifdef YY_MALLOC_DECL -YY_MALLOC_DECL -#else -#if __STDC__ -#ifndef __cplusplus -#include -#endif -#else -/* Just try to get by without declaring the routines. This will fail - * miserably on non-ANSI systems for which sizeof(size_t) != sizeof(int) - * or sizeof(void*) != sizeof(int). - */ -#endif -#endif - -/* Amount of stuff to slurp up with each read. */ -#ifndef YY_READ_BUF_SIZE -#define YY_READ_BUF_SIZE 8192 -#endif - -/* Copy whatever the last rule matched to the standard output. */ - -#ifndef ECHO -/* This used to be an fputs(), but since the string might contain NUL's, - * we now use fwrite(). - */ -#define ECHO (void) fwrite( yytext, yyleng, 1, yyout ) -#endif - -/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, - * is returned in "result". - */ -#ifndef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - if ( yy_current_buffer->yy_is_interactive ) \ - { \ - int c = '*', n; \ - for ( n = 0; n < max_size && \ - (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ - buf[n] = (char) c; \ - if ( c == '\n' ) \ - buf[n++] = (char) c; \ - if ( c == EOF && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); \ - result = n; \ - } \ - else if ( ((result = fread( buf, 1, max_size, yyin )) == 0) \ - && ferror( yyin ) ) \ - YY_FATAL_ERROR( "input in flex scanner failed" ); -#endif - -/* No semi-colon after return; correct usage is to write "yyterminate();" - - * we don't want an extra ';' after the "return" because that will cause - * some compilers to complain about unreachable statements. - */ -#ifndef yyterminate -#define yyterminate() return YY_NULL -#endif - -/* Number of entries by which start-condition stack grows. */ -#ifndef YY_START_STACK_INCR -#define YY_START_STACK_INCR 25 -#endif - -/* Report a fatal error. */ -#ifndef YY_FATAL_ERROR -#define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) -#endif - -/* Default declaration of generated scanner - a define so the user can - * easily add parameters. - */ -#ifndef YY_DECL -#define YY_DECL int yylex YY_PROTO(( void )) -#endif - -/* Code executed at the beginning of each rule, after yytext and yyleng - * have been set up. - */ -#ifndef YY_USER_ACTION -#define YY_USER_ACTION -#endif - -/* Code executed at the end of each rule. */ -#ifndef YY_BREAK -#define YY_BREAK break; -#endif - -#define YY_RULE_SETUP \ - YY_USER_ACTION - -YY_DECL - { - register yy_state_type yy_current_state; - register char *yy_cp = NULL, *yy_bp = NULL; - register int yy_act; - -#line 57 "ssl_expr_scan.l" - - - char caStr[MAX_STR_LEN]; - char *cpStr = NULL; - char caRegex[MAX_STR_LEN]; - char *cpRegex = NULL; - char cRegexDel = NUL; - - /* - * Whitespaces - */ -#line 664 "lex.ssl_expr_yy.c" - - if ( yy_init ) - { - yy_init = 0; - -#ifdef YY_USER_INIT - YY_USER_INIT; -#endif - - if ( ! yy_start ) - yy_start = 1; /* first start state */ - - if ( ! yyin ) - yyin = stdin; - - if ( ! yyout ) - yyout = stdout; - - if ( ! yy_current_buffer ) - yy_current_buffer = - yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_load_buffer_state(); - } - - while ( 1 ) /* loops until end-of-file is reached */ - { - yy_cp = yy_c_buf_p; - - /* Support of yytext. */ - *yy_cp = yy_hold_char; - - /* yy_bp points to the position in yy_ch_buf of the start of - * the current run. - */ - yy_bp = yy_cp; - - yy_current_state = yy_start; -yy_match: - do - { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 86 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - ++yy_cp; - } - while ( yy_current_state != 85 ); - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - -yy_find_action: - yy_act = yy_accept[yy_current_state]; - - YY_DO_BEFORE_ACTION; - - -do_action: /* This label is used only to access EOF actions. */ - - - switch ( yy_act ) - { /* beginning of action switch */ - case 0: /* must back up */ - /* undo the effects of YY_DO_BEFORE_ACTION */ - *yy_cp = yy_hold_char; - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - goto yy_find_action; - -case 1: -YY_RULE_SETUP -#line 68 "ssl_expr_scan.l" -{ - /* NOP */ -} - YY_BREAK -/* - * C-style strings ("...") - */ -case 2: -YY_RULE_SETUP -#line 75 "ssl_expr_scan.l" -{ - cpStr = caStr; - BEGIN(str); -} - YY_BREAK -case 3: -YY_RULE_SETUP -#line 79 "ssl_expr_scan.l" -{ - BEGIN(INITIAL); - *cpStr = NUL; - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caStr); - return T_STRING; -} - YY_BREAK -case 4: -YY_RULE_SETUP -#line 85 "ssl_expr_scan.l" -{ - yyerror("Unterminated string"); -} - YY_BREAK -case 5: -YY_RULE_SETUP -#line 88 "ssl_expr_scan.l" -{ - int result; - - (void)sscanf(yytext+1, "%o", &result); - if (result > 0xff) - yyerror("Escape sequence out of bound"); - else - *cpStr++ = result; -} - YY_BREAK -case 6: -YY_RULE_SETUP -#line 97 "ssl_expr_scan.l" -{ - yyerror("Bad escape sequence"); -} - YY_BREAK -case 7: -YY_RULE_SETUP -#line 100 "ssl_expr_scan.l" -{ *cpStr++ = '\n'; } - YY_BREAK -case 8: -YY_RULE_SETUP -#line 101 "ssl_expr_scan.l" -{ *cpStr++ = '\r'; } - YY_BREAK -case 9: -YY_RULE_SETUP -#line 102 "ssl_expr_scan.l" -{ *cpStr++ = '\t'; } - YY_BREAK -case 10: -YY_RULE_SETUP -#line 103 "ssl_expr_scan.l" -{ *cpStr++ = '\b'; } - YY_BREAK -case 11: -YY_RULE_SETUP -#line 104 "ssl_expr_scan.l" -{ *cpStr++ = '\f'; } - YY_BREAK -case 12: -YY_RULE_SETUP -#line 105 "ssl_expr_scan.l" -{ - *cpStr++ = yytext[1]; -} - YY_BREAK -case 13: -YY_RULE_SETUP -#line 108 "ssl_expr_scan.l" -{ - char *cp = yytext; - while (*cp != NUL) - *cpStr++ = *cp++; -} - YY_BREAK -case 14: -YY_RULE_SETUP -#line 113 "ssl_expr_scan.l" -{ - *cpStr++ = yytext[1]; -} - YY_BREAK -/* - * Regular Expression - */ -case 15: -YY_RULE_SETUP -#line 120 "ssl_expr_scan.l" -{ - cRegexDel = yytext[1]; - cpRegex = caRegex; - BEGIN(regex); -} - YY_BREAK -case 16: -YY_RULE_SETUP -#line 125 "ssl_expr_scan.l" -{ - if (yytext[0] == cRegexDel) { - *cpRegex = NUL; - BEGIN(regex_flags); - } - else { - *cpRegex++ = yytext[0]; - } -} - YY_BREAK -case 17: -YY_RULE_SETUP -#line 134 "ssl_expr_scan.l" -{ - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex); - BEGIN(INITIAL); - return T_REGEX_I; -} - YY_BREAK -case 18: -YY_RULE_SETUP -#line 139 "ssl_expr_scan.l" -{ - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex); - yyless(0); - BEGIN(INITIAL); - return T_REGEX; -} - YY_BREAK -case YY_STATE_EOF(regex_flags): -#line 145 "ssl_expr_scan.l" -{ - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex); - BEGIN(INITIAL); - return T_REGEX; -} - YY_BREAK -/* - * Operators - */ -case 19: -YY_RULE_SETUP -#line 154 "ssl_expr_scan.l" -{ return T_OP_EQ; } - YY_BREAK -case 20: -YY_RULE_SETUP -#line 155 "ssl_expr_scan.l" -{ return T_OP_EQ; } - YY_BREAK -case 21: -YY_RULE_SETUP -#line 156 "ssl_expr_scan.l" -{ return T_OP_NE; } - YY_BREAK -case 22: -YY_RULE_SETUP -#line 157 "ssl_expr_scan.l" -{ return T_OP_NE; } - YY_BREAK -case 23: -YY_RULE_SETUP -#line 158 "ssl_expr_scan.l" -{ return T_OP_LT; } - YY_BREAK -case 24: -YY_RULE_SETUP -#line 159 "ssl_expr_scan.l" -{ return T_OP_LT; } - YY_BREAK -case 25: -YY_RULE_SETUP -#line 160 "ssl_expr_scan.l" -{ return T_OP_LE; } - YY_BREAK -case 26: -YY_RULE_SETUP -#line 161 "ssl_expr_scan.l" -{ return T_OP_LE; } - YY_BREAK -case 27: -YY_RULE_SETUP -#line 162 "ssl_expr_scan.l" -{ return T_OP_GT; } - YY_BREAK -case 28: -YY_RULE_SETUP -#line 163 "ssl_expr_scan.l" -{ return T_OP_GT; } - YY_BREAK -case 29: -YY_RULE_SETUP -#line 164 "ssl_expr_scan.l" -{ return T_OP_GE; } - YY_BREAK -case 30: -YY_RULE_SETUP -#line 165 "ssl_expr_scan.l" -{ return T_OP_GE; } - YY_BREAK -case 31: -YY_RULE_SETUP -#line 166 "ssl_expr_scan.l" -{ return T_OP_REG; } - YY_BREAK -case 32: -YY_RULE_SETUP -#line 167 "ssl_expr_scan.l" -{ return T_OP_NRE; } - YY_BREAK -case 33: -YY_RULE_SETUP -#line 168 "ssl_expr_scan.l" -{ return T_OP_AND; } - YY_BREAK -case 34: -YY_RULE_SETUP -#line 169 "ssl_expr_scan.l" -{ return T_OP_AND; } - YY_BREAK -case 35: -YY_RULE_SETUP -#line 170 "ssl_expr_scan.l" -{ return T_OP_OR; } - YY_BREAK -case 36: -YY_RULE_SETUP -#line 171 "ssl_expr_scan.l" -{ return T_OP_OR; } - YY_BREAK -case 37: -YY_RULE_SETUP -#line 172 "ssl_expr_scan.l" -{ return T_OP_NOT; } - YY_BREAK -case 38: -YY_RULE_SETUP -#line 173 "ssl_expr_scan.l" -{ return T_OP_NOT; } - YY_BREAK -case 39: -YY_RULE_SETUP -#line 174 "ssl_expr_scan.l" -{ return T_OP_IN; } - YY_BREAK -/* - * Functions - */ -case 40: -YY_RULE_SETUP -#line 179 "ssl_expr_scan.l" -{ return T_FUNC_FILE; } - YY_BREAK -/* - * Specials - */ -case 41: -YY_RULE_SETUP -#line 184 "ssl_expr_scan.l" -{ return T_TRUE; } - YY_BREAK -case 42: -YY_RULE_SETUP -#line 185 "ssl_expr_scan.l" -{ return T_FALSE; } - YY_BREAK -/* - * Digits - */ -case 43: -YY_RULE_SETUP -#line 190 "ssl_expr_scan.l" -{ - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext); - return T_DIGIT; -} - YY_BREAK -/* - * Identifiers - */ -case 44: -YY_RULE_SETUP -#line 198 "ssl_expr_scan.l" -{ - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext); - return T_ID; -} - YY_BREAK -/* - * Anything else is returned as is... - */ -case 45: -YY_RULE_SETUP -#line 206 "ssl_expr_scan.l" -{ - return yytext[0]; -} - YY_BREAK -case 46: -YY_RULE_SETUP -#line 210 "ssl_expr_scan.l" -YY_FATAL_ERROR( "flex scanner jammed" ); - YY_BREAK -#line 1064 "lex.ssl_expr_yy.c" -case YY_STATE_EOF(INITIAL): -case YY_STATE_EOF(str): -case YY_STATE_EOF(regex): - yyterminate(); - - case YY_END_OF_BUFFER: - { - /* Amount of text matched not including the EOB char. */ - int yy_amount_of_matched_text = (int) (yy_cp - yytext_ptr) - 1; - - /* Undo the effects of YY_DO_BEFORE_ACTION. */ - *yy_cp = yy_hold_char; - YY_RESTORE_YY_MORE_OFFSET - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_NEW ) - { - /* We're scanning a new file or input source. It's - * possible that this happened because the user - * just pointed yyin at a new source and called - * yylex(). If so, then we have to assure - * consistency between yy_current_buffer and our - * globals. Here is the right place to do so, because - * this is the first action (other than possibly a - * back-up) that will match for the new input source. - */ - yy_n_chars = yy_current_buffer->yy_n_chars; - yy_current_buffer->yy_input_file = yyin; - yy_current_buffer->yy_buffer_status = YY_BUFFER_NORMAL; - } - - /* Note that here we test for yy_c_buf_p "<=" to the position - * of the first EOB in the buffer, since yy_c_buf_p will - * already have been incremented past the NUL character - * (since all states make transitions on EOB to the - * end-of-buffer state). Contrast this with the test - * in input(). - */ - if ( yy_c_buf_p <= &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - { /* This was really a NUL. */ - yy_state_type yy_next_state; - - yy_c_buf_p = yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - /* Okay, we're now positioned to make the NUL - * transition. We couldn't have - * yy_get_previous_state() go ahead and do it - * for us because it doesn't know how to deal - * with the possibility of jamming (and we don't - * want to build jamming into it because then it - * will run more slowly). - */ - - yy_next_state = yy_try_NUL_trans( yy_current_state ); - - yy_bp = yytext_ptr + YY_MORE_ADJ; - - if ( yy_next_state ) - { - /* Consume the NUL. */ - yy_cp = ++yy_c_buf_p; - yy_current_state = yy_next_state; - goto yy_match; - } - - else - { - yy_cp = yy_last_accepting_cpos; - yy_current_state = yy_last_accepting_state; - goto yy_find_action; - } - } - - else switch ( yy_get_next_buffer() ) - { - case EOB_ACT_END_OF_FILE: - { - yy_did_buffer_switch_on_eof = 0; - - if ( yywrap() ) - { - /* Note: because we've taken care in - * yy_get_next_buffer() to have set up - * yytext, we can now set up - * yy_c_buf_p so that if some total - * hoser (like flex itself) wants to - * call the scanner after we return the - * YY_NULL, it'll still work - another - * YY_NULL will get returned. - */ - yy_c_buf_p = yytext_ptr + YY_MORE_ADJ; - - yy_act = YY_STATE_EOF(YY_START); - goto do_action; - } - - else - { - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; - } - break; - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = - yytext_ptr + yy_amount_of_matched_text; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_match; - - case EOB_ACT_LAST_MATCH: - yy_c_buf_p = - &yy_current_buffer->yy_ch_buf[yy_n_chars]; - - yy_current_state = yy_get_previous_state(); - - yy_cp = yy_c_buf_p; - yy_bp = yytext_ptr + YY_MORE_ADJ; - goto yy_find_action; - } - break; - } - - default: - YY_FATAL_ERROR( - "fatal flex scanner internal error--no action found" ); - } /* end of action switch */ - } /* end of scanning one token */ - } /* end of yylex */ - - -/* yy_get_next_buffer - try to read in a new buffer - * - * Returns a code representing an action: - * EOB_ACT_LAST_MATCH - - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position - * EOB_ACT_END_OF_FILE - end of file - */ - -static int yy_get_next_buffer() - { - register char *dest = yy_current_buffer->yy_ch_buf; - register char *source = yytext_ptr; - register int number_to_move, i; - int ret_val; - - if ( yy_c_buf_p > &yy_current_buffer->yy_ch_buf[yy_n_chars + 1] ) - YY_FATAL_ERROR( - "fatal flex scanner internal error--end of buffer missed" ); - - if ( yy_current_buffer->yy_fill_buffer == 0 ) - { /* Don't try to fill the buffer, so this is an EOF. */ - if ( yy_c_buf_p - yytext_ptr - YY_MORE_ADJ == 1 ) - { - /* We matched a single character, the EOB, so - * treat this as a final EOF. - */ - return EOB_ACT_END_OF_FILE; - } - - else - { - /* We matched some text prior to the EOB, first - * process it. - */ - return EOB_ACT_LAST_MATCH; - } - } - - /* Try to read more data. */ - - /* First move last chars to start of buffer. */ - number_to_move = (int) (yy_c_buf_p - yytext_ptr) - 1; - - for ( i = 0; i < number_to_move; ++i ) - *(dest++) = *(source++); - - if ( yy_current_buffer->yy_buffer_status == YY_BUFFER_EOF_PENDING ) - /* don't do the read, it's not guaranteed to return an EOF, - * just force an EOF - */ - yy_current_buffer->yy_n_chars = yy_n_chars = 0; - - else - { - int num_to_read = - yy_current_buffer->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) - { /* Not enough room in the buffer - grow it. */ -#ifdef YY_USES_REJECT - YY_FATAL_ERROR( -"input buffer overflow, can't enlarge buffer because scanner uses REJECT" ); -#else - - /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = yy_current_buffer; - - int yy_c_buf_p_offset = - (int) (yy_c_buf_p - b->yy_ch_buf); - - if ( b->yy_is_our_buffer ) - { - int new_size = b->yy_buf_size * 2; - - if ( new_size <= 0 ) - b->yy_buf_size += b->yy_buf_size / 8; - else - b->yy_buf_size *= 2; - - b->yy_ch_buf = (char *) - /* Include room in for 2 EOB chars. */ - yy_flex_realloc( (void *) b->yy_ch_buf, - b->yy_buf_size + 2 ); - } - else - /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; - - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( - "fatal error - scanner input buffer overflow" ); - - yy_c_buf_p = &b->yy_ch_buf[yy_c_buf_p_offset]; - - num_to_read = yy_current_buffer->yy_buf_size - - number_to_move - 1; -#endif - } - - if ( num_to_read > YY_READ_BUF_SIZE ) - num_to_read = YY_READ_BUF_SIZE; - - /* Read in more data. */ - YY_INPUT( (&yy_current_buffer->yy_ch_buf[number_to_move]), - yy_n_chars, num_to_read ); - - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - if ( yy_n_chars == 0 ) - { - if ( number_to_move == YY_MORE_ADJ ) - { - ret_val = EOB_ACT_END_OF_FILE; - yyrestart( yyin ); - } - - else - { - ret_val = EOB_ACT_LAST_MATCH; - yy_current_buffer->yy_buffer_status = - YY_BUFFER_EOF_PENDING; - } - } - - else - ret_val = EOB_ACT_CONTINUE_SCAN; - - yy_n_chars += number_to_move; - yy_current_buffer->yy_ch_buf[yy_n_chars] = YY_END_OF_BUFFER_CHAR; - yy_current_buffer->yy_ch_buf[yy_n_chars + 1] = YY_END_OF_BUFFER_CHAR; - - yytext_ptr = &yy_current_buffer->yy_ch_buf[0]; - - return ret_val; - } - - -/* yy_get_previous_state - get the state just before the EOB char was reached */ - -static yy_state_type yy_get_previous_state() - { - register yy_state_type yy_current_state; - register char *yy_cp; - - yy_current_state = yy_start; - - for ( yy_cp = yytext_ptr + YY_MORE_ADJ; yy_cp < yy_c_buf_p; ++yy_cp ) - { - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 86 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - } - - return yy_current_state; - } - - -/* yy_try_NUL_trans - try to make a transition on the NUL character - * - * synopsis - * next_state = yy_try_NUL_trans( current_state ); - */ - -#ifdef YY_USE_PROTOS -static yy_state_type yy_try_NUL_trans( yy_state_type yy_current_state ) -#else -static yy_state_type yy_try_NUL_trans( yy_current_state ) -yy_state_type yy_current_state; -#endif - { - register int yy_is_jam; - register char *yy_cp = yy_c_buf_p; - - register YY_CHAR yy_c = 1; - if ( yy_accept[yy_current_state] ) - { - yy_last_accepting_state = yy_current_state; - yy_last_accepting_cpos = yy_cp; - } - while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) - { - yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 86 ) - yy_c = yy_meta[(unsigned int) yy_c]; - } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 85); - - return yy_is_jam ? 0 : yy_current_state; - } - - -#ifndef YY_NO_UNPUT -#ifdef YY_USE_PROTOS -static void yyunput( int c, register char *yy_bp ) -#else -static void yyunput( c, yy_bp ) -int c; -register char *yy_bp; -#endif - { - register char *yy_cp = yy_c_buf_p; - - /* undo effects of setting up yytext */ - *yy_cp = yy_hold_char; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - { /* need to shift things up to make room */ - /* +2 for EOB chars. */ - register int number_to_move = yy_n_chars + 2; - register char *dest = &yy_current_buffer->yy_ch_buf[ - yy_current_buffer->yy_buf_size + 2]; - register char *source = - &yy_current_buffer->yy_ch_buf[number_to_move]; - - while ( source > yy_current_buffer->yy_ch_buf ) - *--dest = *--source; - - yy_cp += (int) (dest - source); - yy_bp += (int) (dest - source); - yy_current_buffer->yy_n_chars = - yy_n_chars = yy_current_buffer->yy_buf_size; - - if ( yy_cp < yy_current_buffer->yy_ch_buf + 2 ) - YY_FATAL_ERROR( "flex scanner push-back overflow" ); - } - - *--yy_cp = (char) c; - - - yytext_ptr = yy_bp; - yy_hold_char = *yy_cp; - yy_c_buf_p = yy_cp; - } -#endif /* ifndef YY_NO_UNPUT */ - - -#ifdef __cplusplus -static int yyinput() -#else -static int input() -#endif - { - int c; - - *yy_c_buf_p = yy_hold_char; - - if ( *yy_c_buf_p == YY_END_OF_BUFFER_CHAR ) - { - /* yy_c_buf_p now points to the character we want to return. - * If this occurs *before* the EOB characters, then it's a - * valid NUL; if not, then we've hit the end of the buffer. - */ - if ( yy_c_buf_p < &yy_current_buffer->yy_ch_buf[yy_n_chars] ) - /* This was really a NUL. */ - *yy_c_buf_p = '\0'; - - else - { /* need more input */ - int offset = yy_c_buf_p - yytext_ptr; - ++yy_c_buf_p; - - switch ( yy_get_next_buffer() ) - { - case EOB_ACT_LAST_MATCH: - /* This happens because yy_g_n_b() - * sees that we've accumulated a - * token and flags that we need to - * try matching the token before - * proceeding. But for input(), - * there's no matching to consider. - * So convert the EOB_ACT_LAST_MATCH - * to EOB_ACT_END_OF_FILE. - */ - - /* Reset buffer status. */ - yyrestart( yyin ); - - /* fall through */ - - case EOB_ACT_END_OF_FILE: - { - if ( yywrap() ) - return EOF; - - if ( ! yy_did_buffer_switch_on_eof ) - YY_NEW_FILE; -#ifdef __cplusplus - return yyinput(); -#else - return input(); -#endif - } - - case EOB_ACT_CONTINUE_SCAN: - yy_c_buf_p = yytext_ptr + offset; - break; - } - } - } - - c = *(unsigned char *) yy_c_buf_p; /* cast for 8-bit char's */ - *yy_c_buf_p = '\0'; /* preserve yytext */ - yy_hold_char = *++yy_c_buf_p; - - - return c; - } - - -#ifdef YY_USE_PROTOS -void yyrestart( FILE *input_file ) -#else -void yyrestart( input_file ) -FILE *input_file; -#endif - { - if ( ! yy_current_buffer ) - yy_current_buffer = yy_create_buffer( yyin, YY_BUF_SIZE ); - - yy_init_buffer( yy_current_buffer, input_file ); - yy_load_buffer_state(); - } - - -#ifdef YY_USE_PROTOS -void yy_switch_to_buffer( YY_BUFFER_STATE new_buffer ) -#else -void yy_switch_to_buffer( new_buffer ) -YY_BUFFER_STATE new_buffer; -#endif - { - if ( yy_current_buffer == new_buffer ) - return; - - if ( yy_current_buffer ) - { - /* Flush out information for old buffer. */ - *yy_c_buf_p = yy_hold_char; - yy_current_buffer->yy_buf_pos = yy_c_buf_p; - yy_current_buffer->yy_n_chars = yy_n_chars; - } - - yy_current_buffer = new_buffer; - yy_load_buffer_state(); - - /* We don't actually know whether we did this switch during - * EOF (yywrap()) processing, but the only time this flag - * is looked at is after yywrap() is called, so it's safe - * to go ahead and always set it. - */ - yy_did_buffer_switch_on_eof = 1; - } - - -#ifdef YY_USE_PROTOS -void yy_load_buffer_state( void ) -#else -void yy_load_buffer_state() -#endif - { - yy_n_chars = yy_current_buffer->yy_n_chars; - yytext_ptr = yy_c_buf_p = yy_current_buffer->yy_buf_pos; - yyin = yy_current_buffer->yy_input_file; - yy_hold_char = *yy_c_buf_p; - } - - -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_create_buffer( FILE *file, int size ) -#else -YY_BUFFER_STATE yy_create_buffer( file, size ) -FILE *file; -int size; -#endif - { - YY_BUFFER_STATE b; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_buf_size = size; - - /* yy_ch_buf has to be 2 characters longer than the size given because - * we need to put in 2 end-of-buffer characters. - */ - b->yy_ch_buf = (char *) yy_flex_alloc( b->yy_buf_size + 2 ); - if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); - - b->yy_is_our_buffer = 1; - - yy_init_buffer( b, file ); - - return b; - } - - -#ifdef YY_USE_PROTOS -void yy_delete_buffer( YY_BUFFER_STATE b ) -#else -void yy_delete_buffer( b ) -YY_BUFFER_STATE b; -#endif - { - if ( ! b ) - return; - - if ( b == yy_current_buffer ) - yy_current_buffer = (YY_BUFFER_STATE) 0; - - if ( b->yy_is_our_buffer ) - yy_flex_free( (void *) b->yy_ch_buf ); - - yy_flex_free( (void *) b ); - } - - - -#ifdef YY_USE_PROTOS -void yy_init_buffer( YY_BUFFER_STATE b, FILE *file ) -#else -void yy_init_buffer( b, file ) -YY_BUFFER_STATE b; -FILE *file; -#endif - - - { - yy_flush_buffer( b ); - - b->yy_input_file = file; - b->yy_fill_buffer = 1; - -#if YY_ALWAYS_INTERACTIVE - b->yy_is_interactive = 1; -#else -#if YY_NEVER_INTERACTIVE - b->yy_is_interactive = 0; -#else - b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; -#endif -#endif - } - - -#ifdef YY_USE_PROTOS -void yy_flush_buffer( YY_BUFFER_STATE b ) -#else -void yy_flush_buffer( b ) -YY_BUFFER_STATE b; -#endif - - { - if ( ! b ) - return; - - b->yy_n_chars = 0; - - /* We always need two end-of-buffer characters. The first causes - * a transition to the end-of-buffer state. The second causes - * a jam in that state. - */ - b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; - b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; - - b->yy_buf_pos = &b->yy_ch_buf[0]; - - b->yy_at_bol = 1; - b->yy_buffer_status = YY_BUFFER_NEW; - - if ( b == yy_current_buffer ) - yy_load_buffer_state(); - } - - -#ifndef YY_NO_SCAN_BUFFER -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_buffer( char *base, yy_size_t size ) -#else -YY_BUFFER_STATE yy_scan_buffer( base, size ) -char *base; -yy_size_t size; -#endif - { - YY_BUFFER_STATE b; - - if ( size < 2 || - base[size-2] != YY_END_OF_BUFFER_CHAR || - base[size-1] != YY_END_OF_BUFFER_CHAR ) - /* They forgot to leave room for the EOB's. */ - return 0; - - b = (YY_BUFFER_STATE) yy_flex_alloc( sizeof( struct yy_buffer_state ) ); - if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ - b->yy_buf_pos = b->yy_ch_buf = base; - b->yy_is_our_buffer = 0; - b->yy_input_file = 0; - b->yy_n_chars = b->yy_buf_size; - b->yy_is_interactive = 0; - b->yy_at_bol = 1; - b->yy_fill_buffer = 0; - b->yy_buffer_status = YY_BUFFER_NEW; - - yy_switch_to_buffer( b ); - - return b; - } -#endif - - -#ifndef YY_NO_SCAN_STRING -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_string( yyconst char *yy_str ) -#else -YY_BUFFER_STATE yy_scan_string( yy_str ) -yyconst char *yy_str; -#endif - { - int len; - for ( len = 0; yy_str[len]; ++len ) - ; - - return yy_scan_bytes( yy_str, len ); - } -#endif - - -#ifndef YY_NO_SCAN_BYTES -#ifdef YY_USE_PROTOS -YY_BUFFER_STATE yy_scan_bytes( yyconst char *bytes, int len ) -#else -YY_BUFFER_STATE yy_scan_bytes( bytes, len ) -yyconst char *bytes; -int len; -#endif - { - YY_BUFFER_STATE b; - char *buf; - yy_size_t n; - int i; - - /* Get memory for full buffer, including space for trailing EOB's. */ - n = len + 2; - buf = (char *) yy_flex_alloc( n ); - if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); - - for ( i = 0; i < len; ++i ) - buf[i] = bytes[i]; - - buf[len] = buf[len+1] = YY_END_OF_BUFFER_CHAR; - - b = yy_scan_buffer( buf, n ); - if ( ! b ) - YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); - - /* It's okay to grow etc. this buffer, and we should throw it - * away when we're done. - */ - b->yy_is_our_buffer = 1; - - return b; - } -#endif - - -#ifndef YY_NO_PUSH_STATE -#ifdef YY_USE_PROTOS -static void yy_push_state( int new_state ) -#else -static void yy_push_state( new_state ) -int new_state; -#endif - { - if ( yy_start_stack_ptr >= yy_start_stack_depth ) - { - yy_size_t new_size; - - yy_start_stack_depth += YY_START_STACK_INCR; - new_size = yy_start_stack_depth * sizeof( int ); - - if ( ! yy_start_stack ) - yy_start_stack = (int *) yy_flex_alloc( new_size ); - - else - yy_start_stack = (int *) yy_flex_realloc( - (void *) yy_start_stack, new_size ); - - if ( ! yy_start_stack ) - YY_FATAL_ERROR( - "out of memory expanding start-condition stack" ); - } - - yy_start_stack[yy_start_stack_ptr++] = YY_START; - - BEGIN(new_state); - } -#endif - - -#ifndef YY_NO_POP_STATE -static void yy_pop_state() - { - if ( --yy_start_stack_ptr < 0 ) - YY_FATAL_ERROR( "start-condition stack underflow" ); - - BEGIN(yy_start_stack[yy_start_stack_ptr]); - } -#endif - - -#ifndef YY_NO_TOP_STATE -static int yy_top_state() - { - return yy_start_stack[yy_start_stack_ptr - 1]; - } -#endif - -#ifndef YY_EXIT_FAILURE -#define YY_EXIT_FAILURE 2 -#endif - -#ifdef YY_USE_PROTOS -static void yy_fatal_error( yyconst char msg[] ) -#else -static void yy_fatal_error( msg ) -char msg[]; -#endif - { - (void) fprintf( stderr, "%s\n", msg ); - exit( YY_EXIT_FAILURE ); - } - - - -/* Redefine yyless() so it works in section 3 code. */ - -#undef yyless -#define yyless(n) \ - do \ - { \ - /* Undo effects of setting up yytext. */ \ - yytext[yyleng] = yy_hold_char; \ - yy_c_buf_p = yytext + n; \ - yy_hold_char = *yy_c_buf_p; \ - *yy_c_buf_p = '\0'; \ - yyleng = n; \ - } \ - while ( 0 ) - - -/* Internal utility routines. */ - -#ifndef yytext_ptr -#ifdef YY_USE_PROTOS -static void yy_flex_strncpy( char *s1, yyconst char *s2, int n ) -#else -static void yy_flex_strncpy( s1, s2, n ) -char *s1; -yyconst char *s2; -int n; -#endif - { - register int i; - for ( i = 0; i < n; ++i ) - s1[i] = s2[i]; - } -#endif - -#ifdef YY_NEED_STRLEN -#ifdef YY_USE_PROTOS -static int yy_flex_strlen( yyconst char *s ) -#else -static int yy_flex_strlen( s ) -yyconst char *s; -#endif - { - register int n; - for ( n = 0; s[n]; ++n ) - ; - - return n; - } -#endif - - -#ifdef YY_USE_PROTOS -static void *yy_flex_alloc( yy_size_t size ) -#else -static void *yy_flex_alloc( size ) -yy_size_t size; -#endif - { - return (void *) malloc( size ); - } - -#ifdef YY_USE_PROTOS -static void *yy_flex_realloc( void *ptr, yy_size_t size ) -#else -static void *yy_flex_realloc( ptr, size ) -void *ptr; -yy_size_t size; -#endif - { - /* The cast to (char *) in the following accommodates both - * implementations that use char* generic pointers, and those - * that use void* generic pointers. It works with the latter - * because both ANSI C and C++ allow castless assignment from - * any pointer type to void*, and deal with argument conversions - * as though doing an assignment. - */ - return (void *) realloc( (char *) ptr, size ); - } - -#ifdef YY_USE_PROTOS -static void yy_flex_free( void *ptr ) -#else -static void yy_flex_free( ptr ) -void *ptr; -#endif - { - free( ptr ); - } - -#if YY_MAIN -int main() - { - yylex(); - return 0; - } -#endif -#line 210 "ssl_expr_scan.l" - - -int yyinput(char *buf, int max_size) -{ - int n; - - if ((n = MIN(max_size, ssl_expr_info.inputbuf - + ssl_expr_info.inputlen - - ssl_expr_info.inputptr)) <= 0) - return YY_NULL; - memcpy(buf, ssl_expr_info.inputptr, n); - ssl_expr_info.inputptr += n; - return n; -} - diff --git a/ssl_expr_scan.l b/ssl_expr_scan.l deleted file mode 100644 index c22bd3e..0000000 --- a/ssl_expr_scan.l +++ /dev/null @@ -1,224 +0,0 @@ -/* Copyright 2001-2004 The Apache Software Foundation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* _ _ - * _ __ ___ ___ __| | ___ ___| | - * | '_ ` _ \ / _ \ / _` | / __/ __| | - * | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to OpenSSL - * |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.modssl.org/ - * |_____| - * ssl_expr_scan.l - * Expression Scanner - */ - /* ``Killing for peace is - like fucking for virginity.'' - -- Unknown */ - -/* _________________________________________________________________ -** -** Expression Scanner -** _________________________________________________________________ -*/ - -%{ -#include "mod_nss.h" - -#include "ssl_expr_parse.h" - -#define YY_NO_UNPUT 1 -int yyinput(char *buf, int max_size); - -#undef YY_INPUT -#define YY_INPUT(buf,result,max_size) \ - (result = yyinput(buf, max_size)) - -#define MAX_STR_LEN 2048 -%} - -%pointer -/* %option stack */ -%option never-interactive -%option noyywrap -%x str -%x regex regex_flags - -%% - - char caStr[MAX_STR_LEN]; - char *cpStr = NULL; - char caRegex[MAX_STR_LEN]; - char *cpRegex = NULL; - char cRegexDel = NUL; - - /* - * Whitespaces - */ -[ \t\n]+ { - /* NOP */ -} - - /* - * C-style strings ("...") - */ -\" { - cpStr = caStr; - BEGIN(str); -} -\" { - BEGIN(INITIAL); - *cpStr = NUL; - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caStr); - return T_STRING; -} -\n { - yyerror("Unterminated string"); -} -\\[0-7]{1,3} { - int result; - - (void)sscanf(yytext+1, "%o", &result); - if (result > 0xff) - yyerror("Escape sequence out of bound"); - else - *cpStr++ = result; -} -\\[0-9]+ { - yyerror("Bad escape sequence"); -} -\\n { *cpStr++ = '\n'; } -\\r { *cpStr++ = '\r'; } -\\t { *cpStr++ = '\t'; } -\\b { *cpStr++ = '\b'; } -\\f { *cpStr++ = '\f'; } -\\(.|\n) { - *cpStr++ = yytext[1]; -} -[^\\\n\"]+ { - char *cp = yytext; - while (*cp != NUL) - *cpStr++ = *cp++; -} -. { - *cpStr++ = yytext[1]; -} - - /* - * Regular Expression - */ -"m". { - cRegexDel = yytext[1]; - cpRegex = caRegex; - BEGIN(regex); -} -.|\n { - if (yytext[0] == cRegexDel) { - *cpRegex = NUL; - BEGIN(regex_flags); - } - else { - *cpRegex++ = yytext[0]; - } -} -i { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex); - BEGIN(INITIAL); - return T_REGEX_I; -} -.|\n { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex); - yyless(0); - BEGIN(INITIAL); - return T_REGEX; -} -<> { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex); - BEGIN(INITIAL); - return T_REGEX; -} - - /* - * Operators - */ -"eq" { return T_OP_EQ; } -"==" { return T_OP_EQ; } -"ne" { return T_OP_NE; } -"!=" { return T_OP_NE; } -"lt" { return T_OP_LT; } -"<" { return T_OP_LT; } -"le" { return T_OP_LE; } -"<=" { return T_OP_LE; } -"gt" { return T_OP_GT; } -">" { return T_OP_GT; } -"ge" { return T_OP_GE; } -">=" { return T_OP_GE; } -"=~" { return T_OP_REG; } -"!~" { return T_OP_NRE; } -"and" { return T_OP_AND; } -"&&" { return T_OP_AND; } -"or" { return T_OP_OR; } -"||" { return T_OP_OR; } -"not" { return T_OP_NOT; } -"!" { return T_OP_NOT; } -"in" { return T_OP_IN; } - - /* - * Functions - */ -"file" { return T_FUNC_FILE; } - - /* - * Specials - */ -"true" { return T_TRUE; } -"false" { return T_FALSE; } - - /* - * Digits - */ -[0-9]+ { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext); - return T_DIGIT; -} - - /* - * Identifiers - */ -[a-zA-Z][a-zA-Z0-9_:-]* { - yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext); - return T_ID; -} - - /* - * Anything else is returned as is... - */ -.|\n { - return yytext[0]; -} - -%% - -int yyinput(char *buf, int max_size) -{ - int n; - - if ((n = MIN(max_size, ssl_expr_info.inputbuf - + ssl_expr_info.inputlen - - ssl_expr_info.inputptr)) <= 0) - return YY_NULL; - memcpy(buf, ssl_expr_info.inputptr, n); - ssl_expr_info.inputptr += n; - return n; -} - -- cgit