summaryrefslogtreecommitdiffstats
path: root/lib/libaccess
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2005-03-07 14:49:18 +0000
committerRob Crittenden <rcritten@redhat.com>2005-03-07 14:49:18 +0000
commitab37199479f849ecae189e1a2314da49cc906187 (patch)
tree35e02b41332f187d083319cf486262c4df4d75e3 /lib/libaccess
parentea64bb776b54e43e117d516e7e0e818d48287370 (diff)
downloadds-ab37199479f849ecae189e1a2314da49cc906187.tar.gz
ds-ab37199479f849ecae189e1a2314da49cc906187.tar.xz
ds-ab37199479f849ecae189e1a2314da49cc906187.zip
149510
Remove files that aren't needed.
Diffstat (limited to 'lib/libaccess')
-rw-r--r--lib/libaccess/aclbuild.cpp1360
-rw-r--r--lib/libaccess/aclparse.cpp2241
-rw-r--r--lib/libaccess/attrec.cpp309
-rw-r--r--lib/libaccess/avadb.c298
-rw-r--r--lib/libaccess/avaparse.y140
-rw-r--r--lib/libaccess/avapfile.c428
-rw-r--r--lib/libaccess/avascan.l106
-rw-r--r--lib/libaccess/lcache.h23
-rw-r--r--lib/libaccess/leval.h18
-rw-r--r--lib/libaccess/lparse.h27
-rw-r--r--lib/libaccess/nsadb.cpp582
-rw-r--r--lib/libaccess/nsamgmt.cpp1567
-rw-r--r--lib/libaccess/nscert.cpp963
-rw-r--r--lib/libaccess/nsdb.cpp836
-rw-r--r--lib/libaccess/nsdbmgmt.cpp685
-rw-r--r--lib/libaccess/nsgmgmt.cpp434
-rw-r--r--lib/libaccess/nsgroup.cpp336
-rw-r--r--lib/libaccess/nslock.cpp268
-rw-r--r--lib/libaccess/nsumgmt.cpp456
-rw-r--r--lib/libaccess/nsuser.cpp309
-rw-r--r--lib/libaccess/register.h98
-rw-r--r--lib/libaccess/userauth.cpp12
-rw-r--r--lib/libaccess/utest.mk61
-rw-r--r--lib/libaccess/winnt.l762
-rw-r--r--lib/libaccess/winnt.v156
-rw-r--r--lib/libaccess/winnt.y793
-rw-r--r--lib/libaccess/wintab.h26
27 files changed, 0 insertions, 13294 deletions
diff --git a/lib/libaccess/aclbuild.cpp b/lib/libaccess/aclbuild.cpp
deleted file mode 100644
index d7ff6283..00000000
--- a/lib/libaccess/aclbuild.cpp
+++ /dev/null
@@ -1,1360 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (aclbuild.c)
- *
- * This module provides functions for building Access Control List
- * (ACL) structures in memory.
- *
- */
-
-#include <assert.h>
-#include "base/systems.h"
-#include "netsite.h"
-#include "libaccess/nsauth.h"
-#include "libaccess/nsuser.h"
-#include "libaccess/nsgroup.h"
-#include "libaccess/nsadb.h"
-#include "libaccess/aclerror.h"
-#include "libaccess/aclstruct.h"
-#include "libaccess/aclbuild.h"
-#include "libaccess/aclparse.h"
-#include "libaccess/acleval.h"
-#include "libaccess/usi.h"
-
-char * ACL_Program = "NSACL"; /* ACL facility name */
-
-/*
- * Description (accCreate)
- *
- * This function creates a new access control context, which
- * provides context information for a set of ACL definitions.
- * The caller also provides a handle for a symbol table to be
- * used to store definitions of ACL and rights names.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * stp - symbol table handle (may be null)
- * pacc - pointer to returned context handle
- *
- * Returns:
- *
- * If the context is created successfully, the return value is zero.
- * Otherwise it is a negative error code (ACLERRxxxx - see aclerror.h),
- * and an error frame will be generated if an error list is provided.
- */
-
-int accCreate(NSErr_t * errp, void * stp, ACContext_t **pacc)
-{
- ACContext_t * acc; /* pointer to new context */
- int rv; /* result value */
- int eid; /* error id */
-
- *pacc = 0;
-
- /* Do we need to create a symbol table? */
- if (stp == 0) {
-
- /* Yes, create a symbol table for ACL, rights, etc. names */
- rv = symTableNew(&stp);
- if (rv < 0) goto err_nomem1;
- }
-
- /* Allocate the context structure */
- acc = (ACContext_t *)MALLOC(sizeof(ACContext_t));
- if (acc == 0) goto err_nomem2;
-
- /* Initialize it */
- acc->acc_stp = stp;
- acc->acc_acls = 0;
- acc->acc_rights = 0;
- acc->acc_refcnt = 0;
-
- *pacc = acc;
- return 0;
-
- err_nomem1:
- rv = ACLERRNOMEM;
- eid = ACLERR3000;
- goto err_ret;
-
- err_nomem2:
- rv = ACLERRNOMEM;
- eid = ACLERR3020;
-
- err_ret:
- nserrGenerate(errp, rv, eid, ACL_Program, 0);
- return rv;
-}
-
-/*
- * Description (accDestroy)
- *
- * This function destroys a set of ACL data structures referenced
- * by a specified ACContext_t structure, including the ACContext_t
- * itself.
- *
- * Arguments:
- *
- * acc - pointer to ACContext_t structure
- * flags - bit flags (unused - must be zero)
- */
-
-void accDestroy(ACContext_t * acc, int flags)
-{
- ACL_t * acl;
-
- if (acc != 0) {
-
- /*
- * First destroy all ACLs and any unnamed structures they reference.
- * Note that aclDestroy() modifies the acc_acls list.
- */
- while ((acl = acc->acc_acls) != 0) {
-
- aclDelete(acl);
- }
-
- /* If there's a symbol table, destroy everything it references */
- if (acc->acc_stp != 0) {
- symTableEnumerate(acc->acc_stp, 0, accDestroySym);
-
- /* Destroy the symbol table itself */
- symTableDestroy(acc->acc_stp, 0);
- }
-
- /* Free the ACContext_t structure */
- FREE(acc);
- }
-}
-
-/*
- * Description (accDestroySym)
- *
- * This function is called to destroy the data structure associated
- * with a specified Symbol_t symbol table entry. It examines the
- * type of the symbol and calls the appropriate destructor.
- *
- * Arguments:
- *
- * sym - pointer to symbol table entry
- * argp - unused - must be zero
- *
- * Returns:
- *
- * The return value is SYMENUMREMOVE.
- */
-
-int accDestroySym(Symbol_t * sym, void * argp)
-{
- switch (sym->sym_type) {
- case ACLSYMACL: /* ACL */
- aclDestroy((ACL_t *)sym);
- break;
-
- case ACLSYMRIGHT: /* access right */
- {
- RightDef_t * rdp = (RightDef_t *)sym;
-
- if (rdp->rd_sym.sym_name != 0) {
- FREE(rdp->rd_sym.sym_name);
- }
- FREE(rdp);
- }
- break;
-
- case ACLSYMRDEF: /* access rights list */
- aclRightSpecDestroy((RightSpec_t *)sym);
- break;
-
- case ACLSYMREALM: /* realm name */
- aclRealmSpecDestroy((RealmSpec_t *)sym);
- break;
-
- case ACLSYMHOST: /* host specifications */
- aclHostSpecDestroy((HostSpec_t *)sym);
- break;
-
- case ACLSYMUSER: /* user/group list */
- aclUserSpecDestroy((UserSpec_t *)sym);
- break;
- }
-
- return SYMENUMREMOVE;
-}
-
-/*
- * Description (accReadFile)
- *
- * This function reads a specfied file containing ACL definitions
- * and creates data structures in memory to represent the ACLs.
- * The caller may provide a pointer to an existing ACContext_t
- * structure which will serve as the root of the ACL structures,
- * or else a new one will be created.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * aclfile - pointer to the ACL filename string
- * pacc - value/result ACContext_t
- *
- * Returns:
- *
- * If the ACL file is read successfully, the return value is zero.
- * Otherwise it is a negative error code (ACLERRxxxx - see aclerror.h),
- * and an error frame will be generated if an error list is provided.
- */
-
-int accReadFile(NSErr_t * errp, char * aclfile, ACContext_t **pacc)
-{
- ACContext_t * acc = *pacc; /* pointer to ACL root structure */
- ACLFile_t * acf = 0; /* pointer to ACL file handle */
- void * stp = 0; /* ACL symbol table handle */
- int rv; /* result value */
- int eid; /* error id value */
-
- /* Initialize the ACL parser */
- rv = aclParseInit();
- if (rv < 0) goto err_init;
-
- /* Do we need to create a new ACContext_t structure? */
- if (acc == 0) {
-
- /* Yes, create a symbol table for ACL, rights, etc. names */
- rv = symTableNew(&stp);
- if (rv < 0) goto err_crsym;
-
- /* Create a root structure for the ACLs, including the symbol table */
- rv = accCreate(errp, stp, &acc);
- if (rv < 0) goto err_ret2;
- }
-
- /* Open the ACL definition file */
- rv = aclFileOpen(errp, aclfile, 0, &acf);
- if (rv < 0) goto err_ret3;
-
- /* Parse the ACL definitions, building ACL structures in memory */
- rv = aclACLParse(errp, acf, acc, 0);
- if (rv < 0) goto err_ret4;
-
- aclFileClose(acf, 0);
-
- if (pacc) *pacc = acc;
-
- return rv;
-
- err_init:
- eid = ACLERR3100;
- goto err_ret;
-
- err_crsym:
- eid = ACLERR3120;
- rv = ACLERRNOMEM;
- goto err_ret;
-
- err_ret4:
- aclFileClose(acf, 0);
- err_ret3:
- /* Destroy the ACContext_t if we just created it */
- if (acc != *pacc) {
- accDestroy(acc, 0);
- }
- goto err_ret;
-
- err_ret2:
- symTableDestroy(stp, 0);
-
- err_ret:
- return rv;
-}
-
-/*
- * Description (aclAuthDNSAdd)
- *
- * This function adds a DNS name specification to the DNS filter
- * associated with a given host list. The DNS name specification is
- * either a fully-qualified domain name or a domain name suffix,
- * indicated by a leading ".", e.g. (".mcom.com"). The name
- * components included in a suffix must be complete. For example,
- * ".scape.com" will not match names ending in ".netscape.com".
- *
- * Arguments:
- *
- * hspp - pointer to host list pointer
- * dnsspec - DNS name or suffix string pointer
- * fqdn - non-zero if dnsspec is fully qualified
- *
- * Returns:
- *
- * If successful, the return code is zero.
- * An error is indicated by a negative return code (ACLERRxxxx
- * - see aclerror.h).
- */
-
-int aclAuthDNSAdd(HostSpec_t **hspp, char * dnsspec, int fqdn)
-{
- HostSpec_t * hsp; /* host list pointer */
- void * table; /* access control hash table pointer */
- Symbol_t * sym; /* hash table entry pointer */
- int rv; /* result value */
-
- fqdn = (fqdn) ? 1 : 0;
-
- /* Create the HostSpec_t if it doesn't exist */
- hsp = *hspp;
- if (hsp == 0) {
-
- hsp = (HostSpec_t *)MALLOC(sizeof(HostSpec_t));
- if (hsp == 0) goto err_nomem;
- memset((void *)hsp, 0, sizeof(HostSpec_t));
- hsp->hs_sym.sym_type = ACLSYMHOST;
- }
-
- /* Get pointer to hash table used for DNS filter */
- table = hsp->hs_host.inh_dnf.dnf_hash;
- if (table == 0) {
-
- /* None there yet, so create one */
- rv = symTableNew(&table);
- if (rv < 0) goto punt;
- hsp->hs_host.inh_dnf.dnf_hash = table;
- }
-
- /* See if the DNS spec is already in the table */
- rv = symTableFindSym(table, dnsspec, fqdn, (void **)&sym);
- if (rv < 0) {
- if (rv != SYMERRNOSYM) goto punt;
-
- /* It's not there, so add it */
- sym = (Symbol_t *)MALLOC(sizeof(Symbol_t));
- sym->sym_name = STRDUP(dnsspec);
- sym->sym_type = fqdn;
-
- rv = symTableAddSym(table, sym, (void *)sym);
- if (rv < 0) goto err_nomem;
- }
-
- *hspp = hsp;
-
- punt:
- return rv;
-
- err_nomem:
- rv = ACLERRNOMEM;
- goto punt;
-}
-
-/*
- * Description (aclAuthIPAdd)
- *
- * This function adds an IP address specification to the IP filter
- * associated with a given host list. The IP address specification
- * consists of an IP host or network address and an IP netmask.
- * For host addresses the netmask value is 255.255.255.255.
- *
- * Arguments:
- *
- * hspp - pointer to host list pointer
- * ipaddr - IP host or network address
- * netmask - IP netmask value
- *
- * Returns:
- *
- * If successful, the return code is zero.
- * An error is indicated by a negative return code (ACLERRxxxx
- * - see aclerror.h).
- */
-
-int aclAuthIPAdd(HostSpec_t **hspp, IPAddr_t ipaddr, IPAddr_t netmask)
-{
- HostSpec_t * hsp; /* host list pointer */
- IPFilter_t * ipf; /* IP filter pointer */
- IPNode_t * ipn; /* current node pointer */
- IPNode_t * lastipn; /* last (lower) node pointer */
- IPLeaf_t * leaf; /* leaf node pointer */
- IPAddr_t bitmask; /* bit mask for current node */
- int lastbit; /* number of last bit set in netmask */
- int i; /* loop index */
-
- /* Create the HostSpec_t if it doesn't exist */
- hsp = *hspp;
- if (hsp == 0) {
-
- hsp = (HostSpec_t *)MALLOC(sizeof(HostSpec_t));
- if (hsp == 0) goto err_nomem;
- memset((void *)hsp, 0, sizeof(HostSpec_t));
- hsp->hs_sym.sym_type = ACLSYMHOST;
- }
-
- ipf = &hsp->hs_host.inh_ipf;
-
- /* If the filter doesn't have a root node yet, create it */
- if (ipf->ipf_tree == 0) {
-
- /* Allocate node */
- ipn = (IPNode_t *)MALLOC(sizeof(IPNode_t));
- if (ipn == 0) goto err_nomem;
-
- /* Initialize it to test bit 31, but without any descendants */
- ipn->ipn_type = IPN_NODE;
- ipn->ipn_bit = 31;
- ipn->ipn_parent = NULL;
- ipn->ipn_clear = NULL;
- ipn->ipn_set = NULL;
- ipn->ipn_masked = NULL;
-
- /* Set it as the root node in the radix tree */
- ipf->ipf_tree = ipn;
- }
-
- /* First we search the tree to see where this IP specification fits */
-
- lastipn = NULL;
-
- for (ipn = ipf->ipf_tree; (ipn != NULL) && (ipn->ipn_type == IPN_NODE); ) {
-
- /* Get a mask for the bit this node tests */
- bitmask = (IPAddr_t) 1<<ipn->ipn_bit;
-
- /* Save pointer to last internal node */
- lastipn = ipn;
-
- /* Is this a bit we care about? */
- if (bitmask & netmask) {
-
- /* Yes, get address of set or clear descendant pointer */
- ipn = (bitmask & ipaddr) ? ipn->ipn_set : ipn->ipn_clear;
- }
- else {
- /* No, get the address of the masked descendant pointer */
- ipn = ipn->ipn_masked;
- }
- }
-
- /* Did we end up at a leaf node? */
- if (ipn == NULL) {
-
- /*
- * No, well, we need to find a leaf node if possible. The
- * reason is that we need an IP address and netmask to compare
- * to the IP address and netmask we're inserting. We know that
- * they're the same up to the bit tested by the lastipn node,
- * but we need to know the *highest* order bit that's different.
- * Any leaf node below lastipn will do.
- */
-
- leaf = NULL;
- ipn = lastipn;
-
- while (ipn != NULL) {
-
- /* Look for any non-null child link of the current node */
- for (i = 0; i < IPN_NLINKS; ++i) {
- if (ipn->ipn_links[i]) break;
- }
-
- /*
- * Fail search for leaf if no non-null child link found.
- * This should only happen on the root node of the tree
- * when the tree is empty.
- */
- if (i >= IPN_NLINKS) {
- assert(ipn == ipf->ipf_tree);
- break;
- }
-
- /* Step to the child node */
- ipn = ipn->ipn_links[i];
-
- /* Is it a leaf? */
- if (ipn->ipn_type == IPN_LEAF) {
-
- /* Yes, search is over */
- leaf = (IPLeaf_t *)ipn;
- ipn = NULL;
- break;
- }
- }
- }
- else {
-
- /* Yes, loop terminated on a leaf node */
- assert(ipn->ipn_type == IPN_LEAF);
- leaf = (IPLeaf_t *)ipn;
- }
-
- /* Got a leaf yet? */
- if (leaf != NULL) {
-
- /* Combine the IP address and netmask differences */
- bitmask = (leaf->ipl_ipaddr ^ ipaddr) | (leaf->ipl_netmask ^ netmask);
-
- /* Are both the IP address and the netmask the same? */
- if (bitmask == 0) {
-
- /* Yes, duplicate entry */
- return 0;
- }
-
- /* Find the bit number of the first different bit */
- for (lastbit = 31;
- (bitmask & 0x80000000) == 0; --lastbit, bitmask <<= 1) ;
-
- /* Generate a bit mask with just that bit */
- bitmask = (IPAddr_t) (1 << lastbit);
-
- /*
- * Go up the tree from lastipn, looking for an internal node
- * that tests lastbit. Stop if we get to a node that tests
- * a higher bit number first.
- */
- for (ipn = lastipn, lastipn = (IPNode_t *)leaf;
- ipn != NULL; ipn = ipn->ipn_parent) {
-
- if (ipn->ipn_bit >= lastbit) {
- if (ipn->ipn_bit == lastbit) {
- /* Need to add a leaf off ipn node */
- lastipn = NULL;
- }
- break;
- }
- lastipn = ipn;
- }
-
- assert(ipn != NULL);
- }
- else {
-
- /* Just hang a leaf off the lastipn node if no leaf */
- ipn = lastipn;
- lastipn = NULL;
- lastbit = ipn->ipn_bit;
- }
-
- /*
- * If lastipn is not NULL at this point, the new leaf will hang
- * off an internal node inserted between the upper node, referenced
- * by ipn, and the lower node, referenced by lastipn. The lower
- * node may be an internal node or a leaf.
- */
- if (lastipn != NULL) {
- IPNode_t * parent = ipn; /* parent of the new node */
-
- assert((lastipn->ipn_type == IPN_LEAF) ||
- (ipn == lastipn->ipn_parent));
-
- /* Allocate space for the internal node */
- ipn = (IPNode_t *)MALLOC(sizeof(IPNode_t));
- if (ipn == NULL) goto err_nomem;
-
- ipn->ipn_type = IPN_NODE;
- ipn->ipn_bit = lastbit;
- ipn->ipn_parent = parent;
- ipn->ipn_clear = NULL;
- ipn->ipn_set = NULL;
- ipn->ipn_masked = NULL;
-
- bitmask = (IPAddr_t) (1 << lastbit);
-
- /*
- * The values in the leaf we found above determine which
- * descendant link of the new internal node will reference
- * the subtree that we just ascended.
- */
- if (leaf->ipl_netmask & bitmask) {
- if (leaf->ipl_ipaddr & bitmask) {
- ipn->ipn_set = lastipn;
- }
- else {
- ipn->ipn_clear = lastipn;
- }
- }
- else {
- ipn->ipn_masked = lastipn;
- }
-
- /* Allocate space for the new leaf */
- leaf = (IPLeaf_t *)MALLOC(sizeof(IPLeaf_t));
- if (leaf == NULL) {
- FREE((void *)ipn);
- goto err_nomem;
- }
-
- /* Insert internal node in tree */
-
- /* First the downward link from the parent to the new node */
- for (i = 0; i < IPN_NLINKS; ++i) {
- if (parent->ipn_links[i] == lastipn) {
- parent->ipn_links[i] = ipn;
- break;
- }
- }
-
- /* Then the upward link from the child (if it's not a leaf) */
- if (lastipn->ipn_type == IPN_NODE) {
- lastipn->ipn_parent = ipn;
- }
- }
- else {
- /* Allocate space for a leaf node only */
- leaf = (IPLeaf_t *)MALLOC(sizeof(IPLeaf_t));
- if (leaf == NULL) goto err_nomem;
- }
-
- /* Initialize the new leaf */
- leaf->ipl_type = IPN_LEAF;
- leaf->ipl_ipaddr = ipaddr;
- leaf->ipl_netmask = netmask;
-
- /*
- * Select the appropriate descendant link of the internal node
- * and point it at the new leaf.
- */
- bitmask = (IPAddr_t) (1 << ipn->ipn_bit);
- if (bitmask & netmask) {
- if (bitmask & ipaddr) {
- assert(ipn->ipn_set == NULL);
- ipn->ipn_set = (IPNode_t *)leaf;
- }
- else {
- assert(ipn->ipn_clear == NULL);
- ipn->ipn_clear = (IPNode_t *)leaf;
- }
- }
- else {
- assert(ipn->ipn_masked == NULL);
- ipn->ipn_masked = (IPNode_t *)leaf;
- }
-
- *hspp = hsp;
-
- /* Successful completion */
- return 0;
-
- err_nomem:
- return ACLERRNOMEM;
-}
-
-/*
- * Description (aclAuthNameAdd)
- *
- * This function adds a user or group to a given user list,
- * in the context of a specified ACL that is being created. The
- * name of the user or group is provided by the caller, and is
- * looked up in the authentication database associated with the
- * specified user list. The return value indicates whether the name
- * matched a user or group name, and whether the corresponding user
- * or group id was already present in the given user list.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * usp - pointer to user list specification
- * rlm - pointer to current authentication realm
- * name - pointer to user or group name string
- *
- * Returns:
- *
- * The return value is zero if the name is not found in the
- * authentication database. If the name is found, the return value
- * is a positive value containing bit flags:
- *
- * AIF_GROUP - name matches a group name
- * AIF_USER - name matches a user name
- * AIF_DUP - name was already represented in the
- * specified user list
- *
- * An error is indicated by a negative return code (ACLERRxxxx
- * - see aclerror.h), and an error frame will be generated if
- * an error list is provided.
- */
-
-int aclAuthNameAdd(NSErr_t * errp, UserSpec_t * usp,
- Realm_t * rlm, char * name)
-{
- void * guoptr; /* group or user object pointer */
- int irv; /* insert result value */
- int eid; /* error id */
- int rv; /* result value */
-
- /* There must be a realm specified in order to handle users */
- if (rlm == 0) goto err_norealm;
-
- /* Open the authentication database if it's not already */
- if (rlm->rlm_authdb == 0) {
-
- if (rlm->rlm_aif == 0) {
- rlm->rlm_aif = &NSADB_AuthIF;
- }
-
- rv = (*rlm->rlm_aif->aif_open)(errp,
- rlm->rlm_dbname, 0, &rlm->rlm_authdb);
- if (rv < 0) goto err_open;
- }
-
- /* Look up the name in the authentication DB */
- rv = (*rlm->rlm_aif->aif_findname)(errp, rlm->rlm_authdb, name,
- (AIF_USER|AIF_GROUP), (void **)&guoptr);
- if (rv <= 0) {
- if (rv < 0) goto err_adb;
-
- /* The name was not found in the database */
- return 0;
- }
-
- /* The name was found. Was it a user name? */
- if (rv == AIF_USER) {
-
- /* Yes, add the user id to the user list */
- irv = usiInsert(&usp->us_user.uu_user, ((UserObj_t *)guoptr)->uo_uid);
- rv = ANA_USER;
- }
- else {
-
- /* No, must be a group name. Add group id to an_groups list. */
- irv = usiInsert(&usp->us_user.uu_group,
- ((GroupObj_t *)guoptr)->go_gid);
- rv = ANA_GROUP;
- }
-
- /* Examine the result of the insert operation */
- if (irv <= 0) {
- if (irv < 0) goto err_ins;
-
- /* Id was already in the list */
- rv |= ANA_DUP;
- }
-
- punt:
- return rv;
-
- err_norealm:
- eid = ACLERR3400;
- rv = ACLERRNORLM;
- nserrGenerate(errp, rv, eid, ACL_Program, 1, name);
- goto punt;
-
- err_open:
- eid = ACLERR3420;
- rv = ACLERROPEN;
- nserrGenerate(errp, rv, eid, ACL_Program,
- 2, rlm->rlm_dbname, system_errmsg());
- goto punt;
-
- err_adb:
- /* Error accessing authentication database. */
- eid = ACLERR3440;
- rv = ACLERRADB;
- nserrGenerate(errp, rv, eid, ACL_Program, 2, rlm->rlm_dbname, name);
- goto punt;
-
- err_ins:
- /* Error on insert operation. Must be lack of memory. */
- eid = ACLERR3460;
- rv = ACLERRNOMEM;
- nserrGenerate(errp, rv, eid, ACL_Program, 0);
- goto punt;
-}
-
-/*
- * Description (aclClientsDirCreate)
- *
- * This function allocates and initializes a new ACClients_t
- * ACL directive.
- *
- * Arguments:
- *
- * None.
- *
- * Returns:
- *
- * If successful, a pointer to the new ACClients_t is returned.
- * A shortage of dynamic memory is indicated by a null return value.
- */
-
-ACClients_t * aclClientsDirCreate()
-{
- ACClients_t * acd; /* pointer to new ACClients_t */
-
- acd = (ACClients_t *)MALLOC(sizeof(ACClients_t));
- if (acd != 0) {
- memset((void *)acd, 0, sizeof(ACClients_t));
- }
-
- return acd;
-}
-
-/*
- * Description (aclCreate)
- *
- * This function creates a new ACL root structure. The caller
- * specifies the name to be associated with the ACL. The ACL handle
- * returned by this function is passed to other functions in this
- * module when adding information to the ACL.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * acc - pointer to an access control context
- * aclname - pointer to ACL name string
- * pacl - pointer to returned ACL handle
- *
- * Returns:
- *
- * The return value is zero if the ACL is created successfully.
- * Otherwise it is a negative error code (ACLERRxxxx - see aclerror.h),
- * and an error frame will be generated if an error list is provided.
- */
-
-int aclCreate(NSErr_t * errp, ACContext_t * acc, char * aclname, ACL_t **pacl)
-{
- ACL_t * acl; /* pointer to created ACL */
- int rv; /* result value */
- int eid; /* error id */
-
- *pacl = 0;
-
- /* Allocate the ACL_t structure */
- acl = (ACL_t *) MALLOC(sizeof(ACL_t));
- if (acl == 0) goto err_nomem;
-
- /* Initialize the structure */
- memset((void *)acl, 0, sizeof(ACL_t));
- acl->acl_sym.sym_name = STRDUP(aclname);
- acl->acl_sym.sym_type = ACLSYMACL;
- acl->acl_acc = acc;
- acl->acl_refcnt = 1;
-
- /* Add it to the symbol table for the specified context */
- rv = symTableAddSym(acc->acc_stp, &acl->acl_sym, (void *)acl);
- if (rv < 0) goto err_addsym;
-
- /* Add it to the list of ACLs for the specified context */
- acl->acl_next = acc->acc_acls;
- acc->acc_acls = acl;
- acc->acc_refcnt += 1;
-
- *pacl = acl;
- return 0;
-
- err_nomem:
- rv = ACLERRNOMEM;
- eid = ACLERR3200;
- nserrGenerate(errp, rv, eid, ACL_Program, 0);
- goto done;
-
- err_addsym:
- FREE(acl);
- rv = ACLERRDUPSYM;
- eid = ACLERR3220;
- nserrGenerate(errp, rv, eid, ACL_Program, 1, aclname);
-
- done:
- return rv;
-}
-
-/*
- * Description (aclDestroy)
- *
- * This function destroys an ACL structure and its sub-structures.
- * It does not free the ACContext_t referenced by the ACL.
- *
- * Arguments:
- *
- * acl - pointer to ACL_t structure
- */
-
-void aclDestroy(ACL_t * acl)
-{
- ACL_t **pacl; /* ACL list link pointer */
- ACDirective_t * acd; /* ACL directive pointer */
- ACDirective_t * nacd; /* next ACL directive pointer */
-
- /* Is there an ACContext_t structure? */
- if (acl->acl_acc != 0) {
-
- /* Remove this ACL from the list in the ACContext_t structure */
- for (pacl = &acl->acl_acc->acc_acls;
- *pacl != 0; pacl = &(*pacl)->acl_next) {
-
- if (*pacl == acl) {
- *pacl = acl->acl_next;
- acl->acl_acc->acc_refcnt -= 1;
- break;
- }
- }
- }
-
- /* Destroy each ACL directive */
- for (acd = acl->acl_dirf; acd != 0; acd = nacd) {
- nacd = acd->acd_next;
- aclDirectiveDestroy(acd);
- }
-
- /* Free the ACL rights list if it is unnamed */
- if ((acl->acl_rights != 0) && (acl->acl_rights->rs_sym.sym_name == 0)) {
- aclRightSpecDestroy(acl->acl_rights);
- }
-
- /* Free the ACL name string, if any */
- if (acl->acl_sym.sym_name != 0) {
- FREE(acl->acl_sym.sym_name);
- }
-
- /* Free the ACL itself */
- FREE(acl);
-}
-
-/*
- * Description (aclDelete)
- *
- * This function removes a specified ACL from the symbol table
- * associated with its ACL context, and then destroys the ACL
- * structure and any unnamed objects it references (other than
- * the ACL context).
- *
- * Arguments:
- *
- * acl - pointer to the ACL
- */
-
-void aclDelete(ACL_t * acl)
-{
- ACContext_t * acc = acl->acl_acc;
-
- if ((acc != 0) && (acl->acl_sym.sym_name != 0)) {
- symTableRemoveSym(acc->acc_stp, &acl->acl_sym);
- }
-
- aclDestroy(acl);
-}
-
-/*
- * Description (aclDirectiveAdd)
- *
- * This function adds a given directive to a specified ACL.
- *
- * Arguments:
- *
- * acl - pointer to the ACL
- * acd - pointer to the directive to be added
- *
- * Returns:
- *
- * If successful, the return value is zero. An error is indicated
- * by a negative return value.
- */
-
-int aclDirectiveAdd(ACL_t * acl, ACDirective_t * acd)
-{
- /* Add the directive to the end of the ACL's directive list */
- acd->acd_next = 0;
-
- if (acl->acl_dirl == 0) {
- /* First entry in empty list */
- acl->acl_dirf = acd;
- }
- else {
- /* Append to end of list */
- acl->acl_dirl->acd_next = acd;
- }
-
- acl->acl_dirl = acd;
-
- return 0;
-}
-
-/*
- * Description (aclDirectiveCreate)
- *
- * This function allocates and initializes a new ACDirective_t
- * structure, representing an ACL directive.
- *
- * Arguments:
- *
- * None.
- *
- * Returns:
- *
- * If successful, the return value is a pointer to a new ACDirective_t.
- * Otherwise the return value is null.
- */
-
-ACDirective_t * aclDirectiveCreate()
-{
- ACDirective_t * acd;
-
- acd = (ACDirective_t *) MALLOC(sizeof(ACDirective_t));
- if (acd != 0) {
- memset((void *)acd, 0, sizeof(ACDirective_t));
- }
-
- return acd;
-}
-
-/*
- * Description (aclDirectiveDestroy)
- *
- * This function destroys an ACL directive structure.
- *
- * Arguments:
- *
- * acd - pointer to ACL directive structure
- */
-
-void aclDirectiveDestroy(ACDirective_t * acd)
-{
- switch (acd->acd_action) {
- case ACD_ALLOW:
- case ACD_DENY:
- {
- ACClients_t * acp;
- ACClients_t * nacp;
-
- /* Free a list of ACClients_t structures */
- for (acp = acd->acd_cl; acp != 0; acp = nacp) {
- nacp = acp->cl_next;
-
- /* Free the HostSpec_t if it's there and unnamed */
- if ((acp->cl_host != 0) &&
- (acp->cl_host->hs_sym.sym_name == 0)) {
- aclHostSpecDestroy(acp->cl_host);
- }
-
- /* Free the UserSpec_t if it's there and unnamed */
- if ((acp->cl_user != 0) &&
- (acp->cl_user->us_sym.sym_name == 0)) {
- aclUserSpecDestroy(acp->cl_user);
- }
- }
- }
- break;
-
- case ACD_AUTH:
- {
- RealmSpec_t * rsp = acd->acd_auth.au_realm;
-
- /* Destroy the RealmSpec_t if it's unnamed */
- if ((rsp != 0) && (rsp->rs_sym.sym_name == 0)) {
- aclRealmSpecDestroy(rsp);
- }
- }
- break;
- }
-
- FREE(acd);
-}
-
-/*
- * Description (aclDNSSpecDestroy)
- *
- * This function destroys an entry in a DNS filter. It is intended
- * mainly to be used by aclHostSpecDestroy().
- *
- * Arguments:
- *
- * sym - pointer to Symbol_t for DNS filter entry
- * argp - unused (must be zero)
- *
- * Returns:
- *
- * The return value is SYMENUMREMOVE.
- */
-
-int aclDNSSpecDestroy(Symbol_t * sym, void * argp)
-{
- if (sym != 0) {
-
- /* Free the DNS specification string if any */
- if (sym->sym_name != 0) {
- FREE(sym->sym_name);
- }
-
- /* Free the Symbol_t structure */
- FREE(sym);
- }
-
- /* Indicate that the symbol table entry should be removed */
- return SYMENUMREMOVE;
-}
-
-/*
- * Description (aclHostSpecDestroy)
- *
- * This function destroys a HostSpec_t structure and its sub-structures.
- *
- * Arguments:
- *
- * hsp - pointer to HostSpec_t structure
- */
-
-void aclHostSpecDestroy(HostSpec_t * hsp)
-{
- if (hsp == 0) return;
-
- /* Free the IP filter if any */
- if (hsp->hs_host.inh_ipf.ipf_tree != 0) {
- IPNode_t * ipn; /* current node pointer */
- IPNode_t * parent; /* parent node pointer */
- int i;
-
- /* Traverse tree, freeing nodes */
- for (parent = hsp->hs_host.inh_ipf.ipf_tree; parent != NULL; ) {
-
- /* Look for a link to a child node */
- for (i = 0; i < IPN_NLINKS; ++i) {
- ipn = parent->ipn_links[i];
- if (ipn != NULL) break;
- }
-
- /* Any children for the parent node? */
- if (ipn == NULL) {
-
- /* Otherwise back up the tree */
- ipn = parent;
- parent = ipn->ipn_parent;
-
- /* Free the lower node */
- FREE(ipn);
- continue;
- }
-
- /*
- * Found a child node for the current parent.
- * NULL out the downward link and check it out.
- */
- parent->ipn_links[i] = NULL;
-
- /* Is it a leaf? */
- if (ipn->ipn_type == IPN_LEAF) {
- /* Yes, free it */
- FREE(ipn);
- continue;
- }
-
- /* No, step down the tree */
- parent = ipn;
- }
- }
-
- /* Free the DNS filter if any */
- if (hsp->hs_host.inh_dnf.dnf_hash != 0) {
-
- /* Destroy each entry in the symbol table */
- symTableEnumerate(hsp->hs_host.inh_dnf.dnf_hash, 0,
- aclDNSSpecDestroy);
-
- /* Destroy the symbol table itself */
- symTableDestroy(hsp->hs_host.inh_dnf.dnf_hash, 0);
- }
-
- /* Free the symbol name if any */
- if (hsp->hs_sym.sym_name != 0) {
- FREE(hsp->hs_sym.sym_name);
- }
-
- /* Free the HostSpec_t structure */
- FREE(hsp);
-}
-
-/*
- * Description (aclRealmSpecDestroy)
- *
- * This function destroys a RealmSpec_t structure.
- *
- * Arguments:
- *
- * rsp - pointer to RealmSpec_t structure
- */
-
-void aclRealmSpecDestroy(RealmSpec_t * rsp)
-{
- /* Close the realm authentication database if it appears open */
- if ((rsp->rs_realm.rlm_aif != 0) &&
- (rsp->rs_realm.rlm_authdb != 0)) {
- (*rsp->rs_realm.rlm_aif->aif_close)(rsp->rs_realm.rlm_authdb, 0);
- }
-
- /* Free the prompt string if any */
- if (rsp->rs_realm.rlm_prompt != 0) {
- FREE(rsp->rs_realm.rlm_prompt);
- }
-
- /* Free the database filename string if any */
- if (rsp->rs_realm.rlm_dbname != 0) {
- FREE(rsp->rs_realm.rlm_dbname);
- }
-
- /* Free the realm specification name if any */
- if (rsp->rs_sym.sym_name != 0) {
- FREE(rsp->rs_sym.sym_name);
- }
-
- /* Free the RealmSpec_t structure */
- FREE(rsp);
-}
-
-/*
- * Description (aclRightDef)
- *
- * This function find or creates an access right with a specified
- * name in a given ACL context. If a new access right definition
- * is created, it assigns a unique integer identifier to the the
- * right, adds it to the ACL context symbol table and to the
- * list of all access rights for the context. Note that access
- * right names are case-insensitive.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * acc - pointer to an access control context
- * rname - access right name (e.g. "GET")
- * prd - pointer to returned RightDef_t pointer
- * (may be null)
- *
- * Returns:
- *
- * The return value is zero if the access right definition already
- * existed or one if it was created successfully. Otherwise it is
- * a negative error code (ACLERRxxxx - see aclerror.h), and an error
- * frame will be generated if an error list is provided.
- */
-
-int aclRightDef(NSErr_t * errp,
- ACContext_t * acc, char * rname, RightDef_t **prd)
-{
- RightDef_t * rdp; /* pointer to right definition */
- int eid; /* error id code */
- int rv; /* result value */
- static int last_rid = 0; /* last assigned right id */
-
- /* See if there's already a symbol table entry for it */
- rv = symTableFindSym(acc->acc_stp, rname, ACLSYMRIGHT, (void **)&rdp);
- if (rv) {
-
- /* No, create an entry */
-
- /* Allocate a right definition structure and initialize it */
- rdp = (RightDef_t *)MALLOC(sizeof(RightDef_t));
- if (rdp == 0) goto err_nomem;
-
- rdp->rd_sym.sym_name = STRDUP(rname);
- rdp->rd_sym.sym_type = ACLSYMRIGHT;
- rdp->rd_next = acc->acc_rights;
- rdp->rd_id = ++last_rid;
-
- /* Add the right name to the symbol table for the ACL context */
- rv = symTableAddSym(acc->acc_stp, &rdp->rd_sym, (void *)rdp);
- if (rv) goto err_stadd;
-
- /* Add the right definition to the list for the ACL context */
- acc->acc_rights = rdp;
-
- /* Indicate a new right definition was created */
- rv = 1;
- }
-
- /* Return a pointer to the RightDef_t structure if indicated */
- if (prd != 0) *prd = rdp;
-
- return rv;
-
- err_nomem:
- eid = ACLERR3600;
- rv = ACLERRNOMEM;
- nserrGenerate(errp, rv, eid, ACL_Program, 0);
- goto punt;
-
- err_stadd:
- FREE(rdp->rd_sym.sym_name);
- FREE(rdp);
- eid = ACLERR3620;
- rv = ACLERRDUPSYM;
- nserrGenerate(errp, rv, eid, ACL_Program, 1, rname);
-
- punt:
- return rv;
-}
-
-/*
- * Description (aclRightSpecDestroy)
- *
- * This function destroys a RightSpec_t structure.
- *
- * Arguments:
- *
- * rsp - pointer to RightSpec_t structure
- */
-
-void aclRightSpecDestroy(RightSpec_t * rsp)
-{
- if (rsp != 0) {
-
- UILFREE(&rsp->rs_list);
-
- if (rsp->rs_sym.sym_name != 0) {
- FREE(rsp->rs_sym.sym_name);
- }
-
- FREE(rsp);
- }
-}
-
-/*
- * Description (aclUserSpecCreate)
- *
- * This function allocates and initializes a new UserSpec_t
- * structure, representing a list of users and groups.
- *
- * Arguments:
- *
- * None.
- *
- * Returns:
- *
- * If successful, the return value is a pointer to a new UserSpec_t.
- * Otherwise the return value is null.
- */
-
-UserSpec_t * aclUserSpecCreate()
-{
- UserSpec_t * usp;
-
- usp = (UserSpec_t *) MALLOC(sizeof(UserSpec_t));
- if (usp != 0) {
- memset((void *)usp, 0, sizeof(UserSpec_t));
- usp->us_sym.sym_type = ACLSYMUSER;
- }
-
- return usp;
-}
-
-/*
- * Description (aclUserSpecDestroy)
- *
- * This function destroys a UserSpec_t structure.
- *
- * Arguments:
- *
- * usp - pointer to UserSpec_t structure
- */
-
-void aclUserSpecDestroy(UserSpec_t * usp)
-{
- if (usp != 0) {
-
- UILFREE(&usp->us_user.uu_user);
- UILFREE(&usp->us_user.uu_group);
-
- if (usp->us_sym.sym_name != 0) {
- FREE(usp->us_sym.sym_name);
- }
-
- FREE(usp);
- }
-}
diff --git a/lib/libaccess/aclparse.cpp b/lib/libaccess/aclparse.cpp
deleted file mode 100644
index 1ca1eae2..00000000
--- a/lib/libaccess/aclparse.cpp
+++ /dev/null
@@ -1,2241 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (aclparse.c)
- *
- * This module provides functions for parsing a file containing
- * Access Control List (ACL) definitions. It builds a representation
- * of the ACLs in memory, using the services of the aclbuild module.
- */
-
-#include <base/systems.h>
-#include <base/file.h>
-#include <base/util.h>
-#include <netsite.h>
-#include <libaccess/nsadb.h>
-#include <libaccess/aclerror.h>
-#include <libaccess/aclparse.h>
-#include <libaccess/symbols.h>
-
-#ifdef XP_UNIX
-#include <sys/types.h>
-#include <netinet/in.h> /* ntohl */
-#include <arpa/inet.h>
-#endif
-
-void * aclChTab = 0; /* character class table handle */
-
-static char * classv[] = {
- " \t\r\f\013", /* class 0 - whitespace */
- "\n", /* class 1 - newline */
- ",.;@*()+{}\"\'", /* class 2 - special characters */
- "0123456789", /* class 3 - digits */
- /* class 4 - letters */
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
- "-", /* class 5 - hyphen */
- "_", /* class 6 - underscore */
- "/-_.:" /* class 7 - filename special characters */
-};
-
-static int classc = sizeof(classv)/sizeof(char *);
-
-/*
- * Description (aclAuthListParse)
- *
- * This function parses an auth-list. An auth-list specifies
- * combinations of user/group names and host addresses/names.
- * An auth-list entry can identify a collection of users and/or
- * groups, a collection of hosts by IP addresses or DNS names,
- * or a combination of the two. Each auth-spec adds another
- * ACClients_t structure to the specified list.
- *
- * The syntax for an auth-list is:
- *
- * auth-list ::= auth-spec | auth-list "," auth-spec
- * auth-spec ::= auth-users [at-token auth-hosts]
- * auth-users - see aclAuthUsersParse()
- * auth-hosts - see aclAuthHostsParse()
- * at-token ::= "at" | "@"
- *
- * The caller provides a pointer to a ClientSpec_t structure,
- * which is built up with new information as auth-specs are parsed.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * acf - pointer to ACLFile_t for ACL file
- * acc - pointer to ACL context object
- * rlm - pointer to authentication realm object
- * clsp - pointer to returned ACClients_t list head
- *
- * Returns:
- *
- * If successful, the return value is the token type of the token
- * following the auth-list, i.e. the first token which is not
- * recognized as the start of an auth-spec. It is the caller's
- * responsibility to validate this token as a legitimate terminator
- * of an auth-list. If a parsing error occurs in the middle of
- * an auth-spec, the return value is ACLERRPARSE, and an error frame
- * is generated if an error list is provided. For other kinds of
- * errors a negative error code (from aclerror.h) is returned.
- */
-
-int aclAuthListParse(NSErr_t * errp, ACLFile_t * acf,
- ACContext_t * acc, Realm_t * rlm, ACClients_t **clsp)
-{
- void * token = acf->acf_token; /* token handle */
- ACClients_t * csp; /* client spec pointer */
- UserSpec_t * usp; /* user spec pointer */
- HostSpec_t * hsp; /* host spec pointer */
- int rv; /* result value */
- int eid; /* error id */
-
- /* Loop once for each auth-spec */
- for (rv = acf->acf_ttype; ; rv = aclGetToken(errp, acf, 0)) {
-
- usp = 0;
- hsp = 0;
-
- /* Parse auth-users into user and group lists in the ACClients_t */
- rv = aclAuthUsersParse(errp, acf, rlm, &usp, 0);
- if (rv < 0) break;
-
- /* Is the at-token there? */
- if ((rv == TOKEN_AT) || !strcasecmp(lex_token(token), KEYWORD_AT)) {
-
- /* Step to the next token after the at-token */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) break;
-
- /* Parse auth-hosts part, adding information to the HostSpec_t */
- rv = aclAuthHostsParse(errp, acf, acc, &hsp);
- if (rv < 0) break;
- }
-
- /* Create a new ACClients_t structure for the parsed information */
- csp = (ACClients_t *)MALLOC(sizeof(ACClients_t));
- if (csp == 0) goto err_nomem;
-
- csp->cl_next = 0;
- csp->cl_user = usp;
- csp->cl_host = hsp;
-
- /* Add it to the end of the list referenced by clsp */
- while (*clsp != 0) clsp = &(*clsp)->cl_next;
- *clsp = csp;
-
- /* Need a "," to keep going */
- if (rv != TOKEN_COMMA) break;
- }
-
- return rv;
-
- err_nomem:
- eid = ACLERR1000;
- nserrGenerate(errp, ACLERRNOMEM, eid, ACL_Program, 0);
- return ACLERRNOMEM;
-}
-
-/*
- * Description (aclAuthHostsParse)
- *
- * This function parses a list of IP address and/or DNS name
- * specifications, adding information to the IP and DNS filters
- * associated with a specified HostSpec_t. The syntax of the
- * auth-hosts construct is:
- *
- * auth-hosts ::= auth-host-elem | "(" auth-host-list ")"
- * | "hosts" host-list-name
- * auth-host-elem ::= auth-ip-spec | auth-dns-spec
- * auth-ip-spec ::= ipaddr | ipaddr netmask
- * auth-dns-spec ::= fqdn | dns-suffix
- * auth-host-list ::= auth-host-elem | auth-host-list "," auth-host-elem
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * acf - pointer to ACLFile_t for ACL file
- * acc - pointer to ACL context object
- * hspp - pointer to HostSpec_t pointer
- *
- * Returns:
- *
- * If successful, the return value is the token type of the token
- * following the auth-hosts, i.e. either the first token after a
- * single auth-host-elem or the first token after the closing ")"
- * of a list of auth-host-elems. It is the caller's responsibility
- * to validate this token as a legitimate successor of auth-hosts.
- * If a parsing error occurs in the middle of auth-hosts, the return
- * value is ACLERRPARSE, and an error frame is generated if an error
- * list is provided. For other kinds of errors a negative error
- * code (from aclerror.h) is returned.
- */
-
-int aclAuthHostsParse(NSErr_t * errp,
- ACLFile_t * acf, ACContext_t * acc, HostSpec_t **hspp)
-{
- void * token = acf->acf_token; /* token handle */
- char * tokenstr; /* token string pointer */
- int islist = 0; /* true if auth-host-list */
- int fqdn; /* fully qualified domain name */
- IPAddr_t ipaddr; /* IP address value */
- IPAddr_t netmask; /* IP netmask value */
- int arv; /* alternate result value */
- int rv; /* result value */
- int eid; /* error id */
- char linestr[16]; /* line number string buffer */
-
- rv = acf->acf_ttype;
-
- /* Are we starting an auth-host-list? */
- if (rv == TOKEN_LPAREN) {
-
- /* Yes, it appears so */
- islist = 1;
-
- /* Step token to first auth-host-elem */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) goto punt;
- }
- else if (rv == TOKEN_IDENT) {
-
- /* Could this be "hosts host-list-name"? */
- tokenstr = lex_token(token);
-
- if (!strcasecmp(tokenstr, KEYWORD_HOSTS)) {
-
- /* We don't support lists of host lists yet */
- if (*hspp != 0) goto err_unshl;
-
- /* Get host-list-name */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) goto punt;
-
- if (rv != TOKEN_IDENT) goto err_hlname;
-
- tokenstr = lex_token(token);
-
- /* Look up the host-list-name in the ACL symbol table */
- rv = symTableFindSym(acc->acc_stp,
- tokenstr, ACLSYMHOST, (void **)hspp);
- if (rv < 0) goto err_undefhl;
-
- /* Step to token after the host-list-name */
- rv = aclGetToken(errp, acf, 0);
-
- return rv;
- }
- }
-
- /* Loop for each auth-host-elem */
- for (rv = acf->acf_ttype; ; rv = aclGetToken(errp, acf, 0)) {
-
- /* Does this look like an auth-ip-spec? */
- if (rv == TOKEN_NUMBER) {
-
- /* Yes, go parse it */
- rv = aclGetIPAddr(errp, acf, &ipaddr, &netmask);
- if (rv < 0) goto punt;
-
- arv = aclAuthIPAdd(hspp, ipaddr, netmask);
- if (arv < 0) goto err_ipadd;
- }
- else if ((rv == TOKEN_STAR) || (rv == TOKEN_IDENT)) {
-
- /* Get fully qualified DNS name indicator value */
- fqdn = (rv == TOKEN_IDENT) ? 1 : 0;
-
- /* This looks like the start of an auth-dns-spec */
- rv = aclGetDNSString(errp, acf);
- if (rv < 0) goto punt;
-
- tokenstr = lex_token(token);
-
- /* If the DNS spec begins with "*.", strip the "*" */
- if (tokenstr && (tokenstr[0] == '*') && (tokenstr[1] == '.')) {
- tokenstr += 1;
- }
-
- arv = aclAuthDNSAdd(hspp, tokenstr, fqdn);
- if (arv < 0) goto err_dnsadd;
-
- /* Pick up the next token */
- rv = aclGetToken(errp, acf, 0);
- }
- else break;
-
- /* If this is a list, we need a "," to keep going */
- if (!islist || (rv != TOKEN_COMMA)) break;
- }
-
- /* Were we parsing an auth-host-list? */
- if (islist) {
-
- /* Yes, check for closing ")" */
- if (acf->acf_ttype != TOKEN_RPAREN) goto err_norp;
-
- /* Got it. Step to next token for caller. */
- rv = aclGetToken(errp, acf, 0);
- }
-
- punt:
- return rv;
-
- err_unshl:
- eid = ACLERR1100;
- goto err_parse;
-
- err_hlname:
- eid = ACLERR1120;
- goto err_parse;
-
- err_undefhl:
- eid = ACLERR1140;
- rv = ACLERRUNDEF;
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program,
- 3, acf->acf_filename, linestr, tokenstr);
- goto punt;
-
- err_ipadd:
- eid = ACLERR1180;
- rv = arv;
- goto err_ret;
-
- err_dnsadd:
- eid = ACLERR1200;
- rv = arv;
- goto err_ret;
-
- err_ret:
- nserrGenerate(errp, rv, eid, ACL_Program, 0);
- goto punt;
-
- err_norp:
- eid = ACLERR1220;
- err_parse:
- rv = ACLERRPARSE;
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
- goto punt;
-}
-
-/*
- * Description (aclAuthUsersParse)
- *
- * This function parses a list of users and groups subject to
- * authorization, adding the information to a specified UserSpec_t.
- * The syntax it parses is:
- *
- * auth-users ::= auth-user-elem | "(" auth-user-list ")"
- * auth-user-elem ::= username | groupname
- * | "all" | "anyone"
- * auth-user-list ::= auth-user-elem | auth-user-list "," auth-user-elem
- *
- * If the 'elist' argument is non-null, an auth-user-list will be
- * accepted without the enclosing parentheses. Any invalid user
- * or group names will not cause a fatal error, but will be returned
- * in an array of strings via 'elist'.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * acf - pointer to ACLFile_t for ACL file
- * rlm - pointer to authentication realm object
- * uspp - pointer to UserSpec_t pointer
- * elist - pointer to returned pointer to array
- * of strings containing invalid user or
- * group names (may be null)
- *
- * Returns:
- *
- * If successful, the return value is the token type of the token
- * following the auth-users, i.e. either the first token after a
- * single auth-user-elem or the first token after the closing ")"
- * of a list of auth-user-elems. It is the caller's responsibility
- * to validate this token as a legitimate successor of auth-users.
- * If a parsing error occurs in the middle of auth-users, the return
- * value is ACLERRPARSE, and an error frame is generated if an error
- * list is provided. For other kinds of errors a negative error
- * code (from aclerror.h) is returned.
- */
-
-int aclAuthUsersParse(NSErr_t * errp, ACLFile_t * acf,
- Realm_t * rlm, UserSpec_t **uspp, char ***elist)
-{
- void * token = acf->acf_token; /* token handle */
- char * tokenstr; /* token string pointer */
- UserSpec_t * usp; /* user list head structure */
- int islist = 0; /* true if auth-user-list */
- int inlist = 0; /* true if UserSpec_t was supplied */
- int any = 0; /* true if KEYWORD_ANY seen */
- int all = 0; /* true if KEYWORD_ALL seen */
- int elemcnt = 0; /* count of auth-user-elem seen */
- int elen = 0; /* length of evec in (char *) */
- int ecnt = 0; /* entries used in evec */
- char **evec = 0; /* list of bad user/group names */
- int rv; /* result value */
- int eid; /* error id */
- char linestr[16]; /* line number string buffer */
- int errc = 2;
-
- usp = *uspp;
- if ((usp != 0) && (usp->us_flags & ACL_USALL)) all = 1;
-
- if (elist != 0) inlist = 1;
- else {
-
- /* Check for opening "(" */
- if (acf->acf_ttype == TOKEN_LPAREN) {
-
- /* Looks like an auth-user-list */
- islist = 1;
-
- /* Step token to first auth-user-elem */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) goto punt;
- }
- }
-
- /* Loop for each auth-user-elem */
- for (rv = acf->acf_ttype; ; rv = aclGetToken(errp, acf, 0)) {
-
- /* Looking for a user or group identifier */
- if ((rv == TOKEN_IDENT) || (rv == TOKEN_STRING)) {
-
- /*
- * If KEYWORD_ALL or KEYWORD_ANY has already appeared
- * in this auth-spec, then return an error.
- */
- if (all | any) goto err_allany;
-
- /* Check for reserved words */
- tokenstr = lex_token(token);
-
- /* KEYWORD_AT begins auth-hosts, but is invalid here */
- if (!strcasecmp(tokenstr, KEYWORD_AT)) break;
-
- /* Check for special group names */
- if (!strcasecmp(tokenstr, KEYWORD_ANY)) {
-
- /*
- * Any user, with no authentication needed. This can
- * only appear once in an auth-spec, and cannot be used
- * in combination with KEYWORD_ALL (or any other user or
- * group identifiers, but that will get checked before
- * we return).
- */
-
- if ((elemcnt > 0) || (usp != 0)) goto err_any;
- any = 1;
- }
- else if (!strcasecmp(tokenstr, KEYWORD_ALL)) {
-
- /*
- * Any authenticated user. This can only appear once in
- * an auth-spec, and cannot be used in combination with
- * KEYWORD_ANY (or any other user or group identifiers,
- * but that will get checked before we return).
- */
-
- if (elemcnt > 0) goto err_all;
-
- /* Create a UserSpec_t structure if we haven't got one yet */
- if (usp == 0) {
- usp = aclUserSpecCreate();
- if (usp == 0) goto err_nomem1;
- *uspp = usp;
- }
-
- usp->us_flags |= ACL_USALL;
- all = 1;
- }
- else {
-
- /* Create a UserSpec_t structure if we haven't got one yet */
- if (usp == 0) {
- usp = aclUserSpecCreate();
- if (usp == 0) goto err_nomem2;
- *uspp = usp;
- }
-
- /* This should be a user or group name */
- rv = aclAuthNameAdd(errp, usp, rlm, tokenstr);
- if (rv <= 0) {
-
- /* The name was not found in the authentication DB */
- if (elist != 0) {
- if (evec == 0) {
- evec = (char **)MALLOC(4*sizeof(char *));
- evec[0] = 0;
- ecnt = 1;
- elen = 4;
- }
- else if (ecnt >= elen) {
- elen += 4;
- evec = (char **)REALLOC(evec, elen*sizeof(char *));
- }
- evec[ecnt-1] = STRDUP(tokenstr);
- evec[ecnt] = 0;
- ++ecnt;
-
- }
- else if (rv < 0) goto err_badgun;
- }
-
- /* Don't allow duplicate names */
- if (rv & ANA_DUP) {
- if (elist == 0) goto err_dupgun;
- }
- }
-
- /* Count number of auth-user-elems seen */
- elemcnt += 1;
-
- /* Get the token after the auth-user-elem */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) goto punt;
- }
-
- /* If this is a list, we need a "," to keep going */
- if (!(islist | inlist) || (rv != TOKEN_COMMA)) break;
- }
-
- /* Were we parsing an auth-user-list? */
- if (islist) {
-
- /* Yes, check for closing ")" */
- if (acf->acf_ttype != TOKEN_RPAREN) goto err_norp;
-
- /* Got it. Step to next token for caller. */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) goto punt;
- }
-
- /*
- * If we didn't see any auth-user-elems, then the auth-user we were
- * called to parse is missing. We will forgive and forget if the
- * current token is a comma, however, so as to allow empty auth-specs.
- */
- if ((elemcnt <= 0) && (rv != TOKEN_COMMA)) {
- goto err_noelem;
- }
-
- punt:
- /* Return list of bad names if indicated */
- if (elist != 0) *elist = evec;
-
- return rv;
-
- err_badgun:
- /* Encountered an unknown user or group name */
- eid = ACLERR1360;
- rv = ACLERRUNDEF;
- goto err_retgun;
-
- err_dupgun:
- /* A user or group name was specified multiple times */
- eid = ACLERR1380;
- rv = ACLERRDUPSYM;
- goto err_retgun;
-
- err_retgun:
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program,
- 3, acf->acf_filename, linestr, tokenstr);
- goto punt;
-
- err_norp:
- /* Missing ")" */
- eid = ACLERR1400;
- goto err_parse;
-
- err_noelem:
- eid = ACLERR1420;
- goto err_parse;
-
- err_all:
- eid = ACLERR1440;
- goto err_parse;
-
- err_any:
- eid = ACLERR1460;
- goto err_parse;
-
- err_allany:
- eid = ACLERR1480;
- goto err_parse;
-
- err_nomem1:
- eid = ACLERR1500;
- rv = ACLERRNOMEM;
- errc = 0;
- goto err_ret;
-
- err_nomem2:
- eid = ACLERR1520;
- rv = ACLERRNOMEM;
- errc = 0;
- goto err_ret;
-
- err_parse:
- rv = ACLERRPARSE;
- err_ret:
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program, errc, acf->acf_filename, linestr);
- goto punt;
-}
-
-/*
- * Description (aclDirectivesParse)
- *
- * This function parses the directives inside an ACL definition.
- * The syntax for a directive list is:
- *
- * dir-list ::= directive | dir-list ";" directive
- * directive ::= auth-directive | access-directive | exec-directive
- * auth-directive ::= dir-force "authenticate" ["in" realm-spec]
- * access-directive ::= dir-force dir-access auth-list
- * exec-directive ::= dir-force "execute" ["if" exec-optlist]
- * exec-optlist ::= exec-condition | exec-optlist "," exec-condition
- * exec-condition ::= dir-access | "authenticate"
- * dir-force ::= "Always" | "Default"
- * dir-access ::= "allow" | "deny"
- *
- * See aclAuthListParse() for auth-list syntax.
- * See aclRealmSpecParse() for realm-spec syntax.
- *
- * The caller provides a pointer to an ACL structure, which is
- * built up with new information as directives are parsed.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * acf - pointer to ACLFile_t for ACL file
- * acl - pointer to ACL structure
- *
- * Returns:
- *
- * If successful, the return value is the token type of the token
- * following the directive list, i.e. the first token which is not
- * recognized as the start of a directive. It is the caller's
- * responsibility to validate this token as a legitimate terminator
- * of a directive list. If a parsing error occurs in the middle of
- * a directive, the return value is ACLERRPARSE, and an error frame
- * is generated if an error list is provided. For other kinds of
- * errors a negative error code (from aclerror.h) is returned.
- */
-
-int aclDirectivesParse(NSErr_t * errp, ACLFile_t * acf, ACL_t * acl)
-{
- void * token = acf->acf_token; /* token handle */
- char * tokenstr; /* token string */
- Realm_t * rlm = 0; /* current realm pointer */
- ACDirective_t * acd; /* directive pointer */
- int action; /* directive action code */
- int flags; /* directive action flags */
- int arv; /* alternate return value */
- int rv; /* result value */
- int eid; /* error id */
- char linestr[16]; /* line number string buffer */
-
- /* Look for top-level directives */
- for (rv = acf->acf_ttype; ; rv = aclGetToken(errp, acf, 0)) {
-
- action = 0;
- flags = 0;
-
- /* Check for beginning of directive */
- if (rv == TOKEN_IDENT) {
-
- /* Check identifier for directive dir-force keywords */
- tokenstr = lex_token(token);
-
- if (!strcasecmp(tokenstr, KEYWORD_DEFAULT)) {
- flags = ACD_DEFAULT;
- }
- else if (!strcasecmp(tokenstr, "always")) {
- flags = ACD_ALWAYS;
- }
- else break;
-
- /*
- * Now we're looking for dir-access, "authenticate",
- * or "execute".
- */
- rv = aclGetToken(errp, acf, 0);
-
- /* An identifier would be nice ... */
- if (rv != TOKEN_IDENT) goto err_access;
-
- tokenstr = lex_token(token);
-
- if (!strcasecmp(tokenstr, KEYWORD_AUTH)) {
-
- /* process auth-directive */
- action = ACD_AUTH;
-
- /* Create a new directive object */
- acd = aclDirectiveCreate();
- if (acd == 0) goto err_nomem1;
-
- /* Get the next token after KEYWORD_AUTH */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) break;
-
- /* Could we have "in" realm-spec here? */
- if (rv == TOKEN_IDENT) {
-
- tokenstr = lex_token(token);
-
- if (!strcasecmp(tokenstr, KEYWORD_IN)) {
-
- /* Get the next token after KEYWORD_IN */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) break;
-
- /* Parse the realm-spec */
- rv = aclRealmSpecParse(errp, acf, acl->acl_acc,
- &acd->acd_auth.au_realm);
- if (rv < 0) break;
-
- /* Set current realm */
- if (acd->acd_auth.au_realm != 0) {
-
- /* Close database in current realm if any */
- if (rlm && rlm->rlm_authdb) {
- (*rlm->rlm_aif->aif_close)(rlm->rlm_authdb, 0);
- rlm->rlm_authdb = 0;
- }
-
- rlm = &acd->acd_auth.au_realm->rs_realm;
- }
- }
- }
-
- /* Add this directive to the ACL */
- acd->acd_action = action;
- acd->acd_flags = flags;
-
- arv = aclDirectiveAdd(acl, acd);
- if (arv < 0) goto err_diradd1;
- }
- else if (!strcasecmp(tokenstr, KEYWORD_EXECUTE)) {
-
- /* process exec-directive */
- action = ACD_EXEC;
-
- /* Create a new directive object */
- acd = aclDirectiveCreate();
- if (acd == 0) goto err_nomem3;
-
- /* Get the next token after KEYWORD_EXECUTE */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) break;
-
- /* Could we have "if" exec-optlist here? */
- if (rv == TOKEN_IDENT) {
-
- tokenstr = lex_token(token);
-
- if (!strcasecmp(tokenstr, KEYWORD_IF)) {
-
- for (;;) {
-
- /* Get the next token after KEYWORD_IF or "," */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) break;
-
- /*
- * Looking for "allow", "deny", or "authenticate"
- */
- if (rv == TOKEN_IDENT) {
-
- tokenstr = lex_token(token);
-
- if (!strcasecmp(tokenstr, KEYWORD_ALLOW)) {
- flags |= ACD_EXALLOW;
- }
- else if (!strcasecmp(tokenstr, KEYWORD_DENY)) {
- flags |= ACD_EXDENY;
- }
- else if (!strcasecmp(tokenstr, KEYWORD_AUTH)) {
- flags |= ACD_EXAUTH;
- }
- else goto err_exarg;
- }
-
- /* End of directive if no comma */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) break;
-
- if (rv != TOKEN_COMMA) break;
- }
- }
- }
- else flags = (ACD_EXALLOW|ACD_EXDENY|ACD_EXAUTH);
-
- if (rv < 0) break;
-
- /* Add this directive to the ACL */
- acd->acd_action = action;
- acd->acd_flags = flags;
-
- arv = aclDirectiveAdd(acl, acd);
- if (arv < 0) goto err_diradd3;
- }
- else {
-
- /* process access-directive */
-
- if (!strcasecmp(tokenstr, KEYWORD_ALLOW)) {
- action = ACD_ALLOW;
- }
- else if (!strcasecmp(tokenstr, KEYWORD_DENY)) {
- action = ACD_DENY;
- }
- else goto err_acctype;
-
- /* Get the next token after dir-access */
- rv = aclGetToken(errp, acf, 0);
-
- /* Create a new directive object */
- acd = aclDirectiveCreate();
- if (acd == 0) goto err_nomem2;
-
- /* Parse a list of auth-specs */
- rv = aclAuthListParse(errp, acf, acl->acl_acc, rlm,
- &acd->acd_cl);
- if (rv < 0) break;
-
- /* Add this directive to the ACL */
- acd->acd_action = action;
- acd->acd_flags = flags;
-
- arv = aclDirectiveAdd(acl, acd);
- if (arv < 0) goto err_diradd2;
- }
- }
-
- /* Need a ";" to keep going */
- if (rv != TOKEN_EOS) break;
- }
-
- punt:
- /* Close database in current realm if any */
- if (rlm && rlm->rlm_authdb) {
- (*rlm->rlm_aif->aif_close)(rlm->rlm_authdb, 0);
- rlm->rlm_authdb = 0;
- }
-
- return rv;
-
- err_access:
- /* dir-access not present */
- eid = ACLERR1600;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_acctype:
- /* dir-access identifier is invalid */
- eid = ACLERR1620;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_diradd1:
- eid = ACLERR1640;
- rv = arv;
- tokenstr = 0;
- goto err_ret;
-
- err_diradd2:
- eid = ACLERR1650;
- rv = arv;
- tokenstr = 0;
- goto err_ret;
-
- err_nomem1:
- eid = ACLERR1660;
- rv = ACLERRNOMEM;
- tokenstr = 0;
- goto err_ret;
-
- err_nomem2:
- eid = ACLERR1680;
- rv = ACLERRNOMEM;
- tokenstr = 0;
- goto err_ret;
-
- err_nomem3:
- eid = ACLERR1685;
- rv = ACLERRNOMEM;
- tokenstr = 0;
- goto err_ret;
-
- err_diradd3:
- eid = ACLERR1690;
- rv = arv;
- tokenstr = 0;
- goto err_ret;
-
- err_exarg:
- eid = ACLERR1695;
- rv = ACLERRSYNTAX;
- goto err_ret;
-
- err_ret:
- sprintf(linestr, "%d", acf->acf_lineno);
- if (tokenstr) {
- nserrGenerate(errp, rv, eid, ACL_Program,
- 3, acf->acf_filename, linestr, tokenstr);
- }
- else {
- nserrGenerate(errp, rv, eid, ACL_Program,
- 2, acf->acf_filename, linestr);
- }
- goto punt;
-}
-
-/*
- * Description (aclACLParse)
- *
- * This function parses a data stream containing ACL definitions,
- * and builds a representation of the ACLs in memory. Each ACL
- * has a user-specified name, and a pointer to the ACL structure
- * is stored under the name in a symbol table provided by the caller.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * acf - pointer to ACLFile_t for ACL file
- * acc - pointer to ACContext_t structure
- * flags - bit flags (unused - must be zero)
- *
- * Returns:
- *
- * The return value is zero if the stream is parsed successfully.
- * Otherwise it is a negative error code (ACLERRxxxx - see aclerror.h),
- * and an error frame will be generated if an error list is provided.
- */
-
-int aclACLParse(NSErr_t * errp, ACLFile_t * acf, ACContext_t * acc, int flags)
-{
- void * token = acf->acf_token; /* handle for current token */
- char * tokenstr; /* current token string */
- char * aclname; /* ACL name string */
- ACL_t * aclp; /* pointer to ACL structure */
- int rv; /* result value */
- int eid; /* error id value */
- char linestr[16]; /* line number string buffer */
-
- /* Look for top-level statements */
- for (;;) {
-
- /* Get a token to begin a statement */
- rv = aclGetToken(errp, acf, 0);
-
- /* An identifier would be nice ... */
- if (rv != TOKEN_IDENT) {
-
- /* Empty statements are ok, if pointless */
- if (rv == TOKEN_EOS) continue;
-
- /* EOF is valid here */
- if (rv == TOKEN_EOF) break;
-
- /* Anything else is unacceptable */
- goto err_nostmt;
- }
-
- /* Check identifier for statement keywords */
- tokenstr = lex_token(token);
-
- if (!strcasecmp(tokenstr, KEYWORD_ACL)) {
-
- /* ACL name rights-list { acl-def-list }; */
-
- /* Get the name of the ACL */
- rv = aclGetToken(errp, acf, 0);
- if (rv != TOKEN_IDENT) goto err_aclname;
- aclname = lex_token(token);
-
- /* Create the ACL structure */
- rv = aclCreate(errp, acc, aclname, &aclp);
- if (rv < 0) goto punt;
-
- /* Get the next token after the ACL name */
- rv = aclGetToken(errp, acf, 0);
-
- /* Parse the rights specification */
- rv = aclRightsParse(errp, acf, acc, &aclp->acl_rights);
-
- /* Want a "{" to open the ACL directive list */
- if (rv != TOKEN_LBRACE) {
- if (rv < 0) goto punt;
- goto err_aclopen;
- }
-
- /* Get the first token in the ACL directive list */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) goto punt;
-
- /* Parse the ACL directive list */
- rv = aclDirectivesParse(errp, acf, aclp);
-
- /* Want a "}" to close the ACL directive list */
- if (rv != TOKEN_RBRACE) {
- if (rv < 0) goto punt;
- goto err_aclclose;
- }
- }
- else if (!strcasecmp(tokenstr, KEYWORD_INCLUDE)) {
- /* Include "filename"; */
- }
- else if (!strcasecmp(tokenstr, KEYWORD_REALM)) {
- /* Realm name realm-spec */
- }
- else if (!strcasecmp(tokenstr, KEYWORD_RIGHTS)) {
- /* Rights name rights-def; */
- }
- else if (!strcasecmp(tokenstr, KEYWORD_HOSTS)) {
- /* Hosts name auth-hosts; */
- }
- else goto err_syntax;
- }
-
- return 0;
-
- err_nostmt:
- eid = ACLERR1700;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_aclname:
- eid = ACLERR1720;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_aclopen:
- eid = ACLERR1740;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_aclclose:
- eid = ACLERR1760;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_ret:
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
- goto punt;
-
- err_syntax:
- eid = ACLERR1780;
- rv = ACLERRPARSE;
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program,
- 3, acf->acf_filename, linestr, tokenstr);
-
- punt:
- return rv;
-}
-
-/*
- * Description (aclFileClose)
- *
- * This function closes an ACL file previously opened by aclFileOpen(),
- * and frees any associated data structures.
- *
- * Arguments:
- *
- * acf - pointer to ACL file information
- * flags - bit flags (unused - must be zero)
- */
-
-void aclFileClose(ACLFile_t * acf, int flags)
-{
- if (acf != 0) {
-
- /* Destroy the associated lexer stream if any */
- if (acf->acf_lst != 0) {
- lex_stream_destroy(acf->acf_lst);
- }
-
- /* Close the file if it's open */
- if (acf->acf_fd != SYS_ERROR_FD) {
- system_fclose(acf->acf_fd);
- }
-
- /* Destroy any associated token */
- if (acf->acf_token != 0) {
- lex_token_destroy(acf->acf_token);
- }
-
- /* Free the filename string if any */
- if (acf->acf_filename != 0) {
- FREE(acf->acf_filename);
- }
-
- /* Free the ACLFile_t structure */
- FREE(acf);
- }
-}
-
-/*
- * Description (aclFileOpen)
- *
- * This function opens a specified filename and creates a structure
- * to contain information about the file during parsing. This
- * includes a handle for a LEX data stream for the file.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * filename - name of file to be opened
- * flags - bit flags (unused - must be zero)
- * pacf - pointer to returned ACLFile_t pointer
- *
- * Returns:
- *
- * The return value is zero if the file is opened successfully, and
- * a pointer to the ACLFile_t is returned in the location specified
- * by 'pacf'. Otherwise a negative error code (ACLERRxxxx - see
- * aclerror.h) is returned, and an error frame will be generated if
- * an error list is provided.
- */
-
-int aclFileOpen(NSErr_t * errp,
- char * filename, int flags, ACLFile_t **pacf)
-{
- ACLFile_t * acf; /* pointer to ACL file structure */
- int rv; /* return value */
- int eid; /* error identifier */
- char * errmsg; /* system error message string */
-
- *pacf = 0;
-
- /* Allocate the ACLFile_t structure */
- acf = (ACLFile_t *)MALLOC(sizeof(ACLFile_t));
- if (acf == 0) goto err_nomem1;
-
- memset((void *)acf, 0, sizeof(ACLFile_t));
- acf->acf_filename = STRDUP(filename);
- acf->acf_lineno = 1;
- acf->acf_flags = flags;
-
- /* Create a LEX token object */
- rv = lex_token_new((pool_handle_t *)0, 32, 8, &acf->acf_token);
- if (rv < 0) goto err_nomem2;
-
- /* Open the file */
- acf->acf_fd = system_fopenRO(acf->acf_filename);
- if (acf->acf_fd == SYS_ERROR_FD) goto err_open;
-
- /* Create a LEX stream for the file */
- acf->acf_lst = lex_stream_create(aclStreamGet,
- (void *)acf->acf_fd, 0, 8192);
- if (acf->acf_lst == 0) goto err_nomem3;
-
- *pacf = acf;
- return 0;
-
- err_open: /* file open error */
- rv = ACLERROPEN;
- eid = ACLERR1900;
- errmsg = system_errmsg();
- nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg);
- goto punt;
-
- err_nomem1: /* MALLOC of ACLFile_t failed */
- rv = ACLERRNOMEM;
- eid = ACLERR1920;
- goto err_mem;
-
- err_nomem2: /* lex_token_new() failed */
- rv = ACLERRNOMEM;
- eid = ACLERR1940;
- goto err_mem;
-
- err_nomem3: /* lex_stream_create() failed */
- system_fclose(acf->acf_fd);
- rv = ACLERRNOMEM;
- eid = ACLERR1960;
-
- err_mem:
- nserrGenerate(errp, rv, eid, ACL_Program, 0);
- goto punt;
-
- punt:
- return rv;
-}
-
-/*
- * Description (aclGetDNSString)
- *
- * This function parses a DNS name specification, which consists
- * of a sequence of DNS name components separated by ".". Each
- * name component must start with a letter, and contains only
- * letters, digits, and hyphens. An exception is that the first
- * component may be the wildcard indicator, "*". This function
- * assumes that the current token already contains a TOKEN_STAR
- * or TOKEN_IDENT. The complete DNS name specification is
- * returned as the current token string.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * acf - pointer to ACLFile_t for ACL file
- *
- * Returns:
- *
- * The character terminating the DNS name specification is returned
- * as the function value. The current token type is unchanged, but
- * the string associated with the current token contains the
- * complete DNS name specification. An error is indicated by a
- * negative return value, and an error frame is generated if an
- * error list is provided.
- */
-
-int aclGetDNSString(NSErr_t * errp, ACLFile_t * acf)
-{
- LEXStream_t * lst = acf->acf_lst; /* LEX stream handle */
- void * token = acf->acf_token; /* LEX token handle */
- int rv; /* result value */
- int eid; /* error id value */
- char linestr[16]; /* line number string buffer */
-
- /* The current token should be TOKEN_STAR or TOKEN_IDENT */
- rv = acf->acf_ttype;
-
- if ((rv != TOKEN_STAR) && (rv != TOKEN_IDENT)) goto err_dns1;
-
- /* Loop to parse [ "." dns-component ]+ */
- for (;;) {
-
- /* Try to step over a "." */
- rv = lex_next_char(lst, aclChTab, 0);
-
- /* End of DNS string if there's not one there */
- if (rv != '.') break;
-
- /* Append the "." to the token string */
- (void)lex_token_append(token, 1, ".");
-
- /* Advance the input stream past the "." */
- rv = lex_next_char(lst, aclChTab, CCM_SPECIAL);
-
- /* Next we want to see a letter */
- rv = lex_next_char(lst, aclChTab, 0);
-
- /* Error if it's not there */
- if (!lex_class_check(aclChTab, rv, CCM_LETTER)) goto err_dns2;
-
- /* Append a string of letters, digits, hyphens to token */
- rv = lex_scan_over(lst, aclChTab, (CCM_LETTER|CCM_DIGIT|CCM_HYPHEN),
- token);
- if (rv < 0) goto err_dns3;
- }
-
- punt:
- return rv;
-
- err_dns1:
- eid = ACLERR2100;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_dns2:
- eid = ACLERR2120;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_dns3:
- eid = ACLERR2140;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_ret:
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
- goto punt;
-}
-
-int aclGetFileSpec(NSErr_t * errp, ACLFile_t * acf, int flags)
-{
- LEXStream_t * lst = acf->acf_lst; /* LEX stream handle */
- void * token = acf->acf_token; /* LEX token handle */
- char * tokenstr; /* token string pointer */
- int rv; /* result value */
- int eid; /* error id value */
- char linestr[16]; /* line number string buffer */
-
- /* Skip whitespace */
- rv = lex_skip_over(lst, aclChTab, CCM_WS);
- if (rv < 0) goto err_lex1;
-
- /* Begin a new token string */
- rv = lex_token_start(token);
-
- rv = lex_scan_over(lst, aclChTab, CCM_FILENAME, token);
- if (rv < 0) goto err_lex2;
-
- tokenstr = lex_token(token);
-
- if (!tokenstr || !*tokenstr) goto err_nofn;
-
- punt:
- return rv;
-
- err_lex1:
- eid = ACLERR2900;
- goto err_parse;
-
- err_lex2:
- eid = ACLERR2920;
- goto err_parse;
-
- err_nofn:
- eid = ACLERR2940;
-
- err_parse:
- rv = ACLERRPARSE;
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
- goto punt;
-}
-
-/*
- * Description (aclGetIPAddr)
- *
- * This function retrieves an IP address specification from a given
- * input stream. The specification consists of an IP address expressed
- * in the standard "." notation, possibly followed by whitespace and a
- * netmask, also in "." form. The IP address and netmask values are
- * returned. If no netmask is specified, a default value of 0xffffffff
- * is returned.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * acf - pointer to ACLFile_t for ACL file
- * pip - pointer to returned IP address value
- * pmask - pointer to returned IP netmask value
- *
- * Returns:
- *
- * If successful, the return value identifies the type of the token
- * following the IP address specification. This token type value is
- * also returned in acf_ttype. An error is indicated by a negative
- * error code (ACLERRxxxx - see aclerror.h), and an error frame will
- * be generated if an error list is provided. The token type code in
- * acf_ttype is TOKEN_ERROR when an error code is returned.
- */
-
-int aclGetIPAddr(NSErr_t * errp,
- ACLFile_t * acf, IPAddr_t * pip, IPAddr_t * pmask)
-{
- LEXStream_t * lst = acf->acf_lst; /* LEX stream handle */
- void * token = acf->acf_token; /* LEX token handle */
- char * tokenstr; /* token string pointer */
- IPAddr_t ipaddr; /* IP address */
- IPAddr_t netmask; /* IP netmask */
- int dotcnt; /* count of '.' seen in address */
- int rv; /* result value */
- int eid; /* error id value */
- char linestr[16]; /* line number string buffer */
-
- /* Set default return values */
- *pip = 0;
- *pmask = 0xffffffff;
-
- rv = acf->acf_ttype;
-
- /* The current token must be a number */
- if (rv != TOKEN_NUMBER) {
-
- /* No IP address present */
- return rv;
- }
-
- /* Assume no netmask */
- netmask = 0xffffffff;
-
- for (dotcnt = 0;;) {
-
- /* Append digits and letters to the current token */
- rv = lex_scan_over(lst, aclChTab, (CCM_DIGIT|CCM_LETTER), token);
- if (rv < 0) goto err_lex1;
-
- /* Stop when no "." follows the digits and letters */
- if (rv != '.') break;
-
- /* Stop if we've already seen three "." */
- if (++dotcnt > 3) break;
-
- /* Advance past the "." */
- (void)lex_next_char(lst, aclChTab, CCM_SPECIAL);
-
- /* Check the next character for a "*" */
- rv = lex_next_char(lst, aclChTab, 0);
- if (rv == '*') {
-
- /* Advance past the "*" */
- (void)lex_next_char(lst, aclChTab, CCM_SPECIAL);
-
- netmask <<= ((4-dotcnt)*8);
- netmask = htonl(netmask);
-
- while (dotcnt < 4) {
- (void)lex_token_append(token, 2, ".0");
- ++dotcnt;
- }
- break;
- }
- else {
- /* Append the "." to the token string */
- (void)lex_token_append(token, 1, ".");
- }
- }
-
- /* Get a pointer to the token string */
- tokenstr = lex_token(token);
-
- /* A NULL pointer or an empty string is an error */
- if (!tokenstr || !*tokenstr) goto err_noip;
-
- /* Convert IP address to binary */
- ipaddr = inet_addr(tokenstr);
- if (ipaddr == (unsigned long)-1) goto err_badip;
-
- /* Skip whitespace */
- rv = lex_skip_over(lst, aclChTab, CCM_WS);
- if (rv < 0) goto err_lex2;
-
- /* A digit is the start of a netmask */
- if ((netmask == 0xffffffff) && lex_class_check(aclChTab, rv, CCM_DIGIT)) {
-
- /* Initialize token for network mask */
- rv = lex_token_start(token);
-
- for (dotcnt = 0;;) {
-
- /* Collect token including digits, letters, and periods */
- rv = lex_scan_over(lst, aclChTab, (CCM_DIGIT|CCM_LETTER), token);
- if (rv < 0) goto err_lex3;
-
- /* Stop when no "." follows the digits and letters */
- if (rv != '.') break;
-
- /* Stop if we've already seen three "." */
- if (++dotcnt > 3) break;
-
- /* Append the "." to the token string */
- (void)lex_token_append(token, 1, ".");
-
- /* Advance past the "." */
- (void)lex_next_char(lst, aclChTab, CCM_SPECIAL);
- }
-
- /* Get a pointer to the token string */
- tokenstr = lex_token(token);
-
- /* A NULL pointer or an empty string is an error */
- if (!tokenstr || !*tokenstr) goto err_nonm;
-
- /* Convert netmask to binary. */
- netmask = inet_addr(tokenstr);
- if (netmask == (unsigned long)-1) {
-
- /*
- * Unfortunately inet_addr() doesn't distinguish between an
- * error and a valid conversion of "255.255.255.255". So
- * we check for it explicitly. Too bad if "0xff.0xff.0xff.0xff"
- * is specified. Don't do that!
- */
- if (strcmp(tokenstr, "255.255.255.255")) goto err_badnm;
- }
- }
-
- /* Return the IP address and netmask in host byte order */
- *pip = ntohl(ipaddr);
- *pmask = ntohl(netmask);
-
- /* Get the token following the IP address (and netmask) */
- rv = aclGetToken(errp, acf, 0);
-
- punt:
- acf->acf_ttype = (rv < 0) ? TOKEN_ERROR : rv;
- return rv;
-
- err_lex1:
- eid = ACLERR2200;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_lex2:
- eid = ACLERR2220;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_lex3:
- eid = ACLERR2240;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_noip:
- eid = ACLERR2260;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_badip:
- eid = ACLERR2280;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_nonm:
- eid = ACLERR2300;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_badnm:
- eid = ACLERR2320;
- rv = ACLERRPARSE;
- goto err_ret;
-
- err_ret:
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
- goto punt;
-}
-
-/*
- * Description (aclGetToken)
- *
- * This function retrieves the next token in an ACL definition file.
- * It skips blank lines, comments, and white space. It updates
- * the current line number as newlines are encountered.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * acf - pointer to ACLFile_t for ACL file
- * flags - bit flags:
- * AGT_NOSKIP - don't skip leading whitespace
- * AGT_APPEND - append to token buffer
- * (else start new token)
- *
- * Returns:
- *
- * The return value is a code identifying the next token if successful.
- * This token type value is also returned in acf_ttype. An error
- * is indicated by a negative error code (ACLERRxxxx - see aclerror.h),
- * and an error frame will be generated if an error list is provided.
- * The token type code in acf_ttype is TOKEN_ERROR when an error code
- * is returned.
- */
-
-int aclGetToken(NSErr_t * errp, ACLFile_t * acf, int flags)
-{
- LEXStream_t * lst = acf->acf_lst; /* LEX stream handle */
- void * token = acf->acf_token; /* LEX token handle */
- int dospecial = 0; /* handle CCM_SPECIAL character */
- int tv; /* token value */
- int rv; /* result value */
- int eid; /* error id */
- char spech;
- char linestr[16]; /* line number string buffer */
-
- /* Begin a new token, unless AGT_APPEND is set */
- if (!(flags & AGT_APPEND)) {
- rv = lex_token_start(token);
- }
-
- /* Loop to read file */
- tv = 0;
- do {
-
- /*
- * If the AGT_NOSKIP flag is not set, skip whitespace (but not
- * newline). If the flag is set, just get the next character.
- */
- rv = lex_skip_over(lst, aclChTab, (flags & AGT_NOSKIP) ? 0 : CCM_WS);
- if (rv <= 0) {
- if (rv < 0) goto err_lex1;
-
- /* Exit loop if EOF */
- if (rv == 0) {
- tv = TOKEN_EOF;
- break;
- }
- }
-
- /* Analyze character after whitespace */
- switch (rv) {
-
- case '\n': /* newline */
-
- /* Keep count of lines as we're skipping whitespace */
- acf->acf_lineno += 1;
- (void)lex_next_char(lst, aclChTab, CCM_NL);
- break;
-
- case '#': /* Beginning of comment */
-
- /* Skip to a newline if so */
- rv = lex_skip_to(lst, aclChTab, CCM_NL);
- break;
-
- case ';': /* End of statement */
- tv = TOKEN_EOS;
- dospecial = 1;
- break;
-
- case '@': /* at sign */
- tv = TOKEN_AT;
- dospecial = 1;
- break;
-
- case '+': /* plus sign */
- tv = TOKEN_PLUS;
- dospecial = 1;
- break;
-
- case '*': /* asterisk */
- tv = TOKEN_STAR;
- dospecial = 1;
- break;
-
- case '.': /* period */
- tv = TOKEN_PERIOD;
- dospecial = 1;
- break;
-
- case ',': /* comma */
- tv = TOKEN_COMMA;
- dospecial = 1;
- break;
-
- case '(': /* left parenthesis */
- tv = TOKEN_LPAREN;
- dospecial = 1;
- break;
-
- case ')': /* right parenthesis */
- tv = TOKEN_RPAREN;
- dospecial = 1;
- break;
-
- case '{': /* left brace */
- tv = TOKEN_LBRACE;
- dospecial = 1;
- break;
-
- case '}': /* right brace */
- tv = TOKEN_RBRACE;
- dospecial = 1;
- break;
-
- case '\"': /* double quote */
- case '\'': /* single quote */
-
- /* Append string contents to token buffer */
- rv = lex_scan_string(lst, token, 0);
- tv = TOKEN_STRING;
- break;
-
- default:
-
- /* Check for identifier, beginning with a letter */
- if (lex_class_check(aclChTab, rv, CCM_LETTER)) {
-
- /* Append valid identifier characters to token buffer */
- rv = lex_scan_over(lst, aclChTab, CCM_IDENT, token);
- tv = TOKEN_IDENT;
- break;
- }
-
- /* Check for a number, beginning with a digit */
- if (lex_class_check(aclChTab, rv, CCM_DIGIT)) {
- char digit;
-
- /* Save the first digit */
- digit = (char)rv;
-
- /* Append the first digit to the token */
- rv = lex_token_append(token, 1, &digit);
-
- /* Skip over the first digit */
- rv = lex_next_char(lst, aclChTab, CCM_DIGIT);
-
- /* If it's '0', we might have "0x.." */
- if (rv == '0') {
-
- /* Pick up the next character */
- rv = lex_next_char(lst, aclChTab, 0);
-
- /* Is it 'x'? */
- if (rv == 'x') {
-
- /* Yes, append it to the token */
- digit = (char)rv;
- rv = lex_token_append(token, 1, &digit);
-
- /* Step over it */
- rv = lex_next_char(lst, aclChTab, CCM_LETTER);
- }
- }
- /* Get more digits, if any */
- rv = lex_scan_over(lst, aclChTab, CCM_DIGIT, token);
- tv = TOKEN_NUMBER;
- break;
- }
-
- /* Unrecognized character */
-
- spech = *lst->lst_cp;
- lex_token_append(token, 1, &spech);
- lst->lst_cp += 1;
- lst->lst_len -= 1;
- tv = TOKEN_HUH;
- break;
- }
-
- /* Handle CCM_SPECIAL character? */
- if (dospecial) {
-
- /* Yes, clear the flag for next time */
- dospecial = 0;
-
- /* Get the character and advance past it */
- rv = lex_next_char(lst, aclChTab, CCM_SPECIAL);
-
- /* Append the character to the token buffer */
- spech = (char)rv;
- (void)lex_token_append(token, 1, &spech);
- }
- }
- while ((tv == 0) && (rv > 0));
-
- if (rv < 0) {
- tv = TOKEN_ERROR;
- }
- else rv = tv;
-
- acf->acf_ttype = tv;
- return rv;
-
- err_lex1:
- rv = ACLERRPARSE;
- eid = ACLERR2400;
-
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
-
- acf->acf_ttype = TOKEN_ERROR;
- return rv;
-}
-
-/*
- * Description (aclParseInit)
- *
- * This function is called to initialize the ACL parser. It
- * creates a LEX character class table to assist in parsing.
- *
- * Arguments:
- *
- * None.
- *
- * Returns:
- *
- * If successful, the return value is zero. An error is indicated
- * by a negative return value.
- */
-
-int aclParseInit()
-{
- int rv; /* result value */
-
- /* Have we created the character class table yet? */
- if (aclChTab == 0) {
-
- /* No, initialize character classes for lexer processing */
- rv = lex_class_create(classc, classv, &aclChTab);
- if (rv < 0) goto err_nomem;
- }
-
- return 0;
-
- err_nomem:
- return ACLERRNOMEM;
-}
-
-/*
- * Description (aclRealmSpecParse)
- *
- * This function parses an authentication realm specification. An
- * authentication realm includes an authentication database and
- * an authentication method. The syntax of a realm-spec is:
- *
- * realm-spec ::= "{" realm-directive-list "}" | "realm" realm-name
- * realm-directive-list ::= realm-directive |
- * realm-directive-list ";" realm-directive
- * realm-directive ::= realm-db-directive | realm-meth-directive
- * | realm-prompt-directive
- * realm-db-directive ::= "database" db-file-path
- * realm-meth-directive ::= "method" auth-method-name
- * auth-method-name ::= "basic" | "SSL"
- * realm-prompt-directive ::= "prompt" quote-char string quote-char
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * acf - pointer to ACLFile_t for ACL file
- * acc - pointer to ACContext_t structure
- * rspp - pointer to RealmSpec_t pointer
- *
- * Returns:
- *
- * If successful, the return value is the token type of the token
- * following the realm-spec, i.e. either the first token after a
- * realm-name or the first token after the closing "}". It is the
- * caller's responsibility to validate this token as a legitimate
- * successor of a realm-spec. If a parsing error occurs in the
- * middle of a realm-spec, the return value is ACLERRPARSE, and an
- * error frame is generated if an error list is provided. For
- * other kinds of errors a negative error code (from aclerror.h)
- * is returned.
- */
-
-int aclRealmSpecParse(NSErr_t * errp,
- ACLFile_t * acf, ACContext_t * acc, RealmSpec_t **rspp)
-{
- void * token = acf->acf_token; /* handle for current token */
- char * tokenstr; /* current token string */
- RealmSpec_t * rsp; /* realm spec pointer */
- RealmSpec_t * nrsp; /* named realm spec pointer */
- int rv; /* result value */
- int eid; /* error id value */
- char linestr[16]; /* line number string buffer */
-
- rv = acf->acf_ttype;
-
- /* Is the current token a "{" ? */
- if (rv != TOKEN_LBRACE) {
-
- /* No, could it be KEYWORD_REALM? */
- if (rv == TOKEN_IDENT) {
-
- tokenstr = lex_token(token);
-
- if (!strcasecmp(tokenstr, KEYWORD_REALM)) {
-
- /* Yes, step to the realm name */
- rv = aclGetToken(errp, acf, 0);
- if (rv != TOKEN_IDENT) {
- if (rv < 0) goto punt;
- goto err_rlmname;
- }
-
- tokenstr = lex_token(token);
-
- /* Look up the named realm specification */
- rv = symTableFindSym(acc->acc_stp, tokenstr, ACLSYMREALM,
- (void **)&nrsp);
- if (rv < 0) goto err_undrlm;
-
- /* Return the named realm specification */
- *rspp = nrsp;
-
- /* Step to the token after the realm name */
- rv = aclGetToken(errp, acf, 0);
- }
- }
-
- return rv;
- }
-
- /* Step to the token after the "{" */
- rv = aclGetToken(errp, acf, 0);
- if (rv < 0) goto punt;
-
- rsp = *rspp;
- if (rsp == 0) {
- rsp = (RealmSpec_t *)MALLOC(sizeof(RealmSpec_t));
- if (rsp == 0) goto err_nomem;
- memset((void *)rsp, 0, sizeof(RealmSpec_t));
- rsp->rs_sym.sym_type = ACLSYMREALM;
- *rspp = rsp;
- }
-
- /* Loop for each realm-directive */
- for (;; rv = aclGetToken(errp, acf, 0)) {
-
- if (rv != TOKEN_IDENT) {
-
- /* Exit loop on "}" */
- if (rv == TOKEN_RBRACE) break;
-
- /* Ignore null directives */
- if (rv == TOKEN_EOS) continue;
-
- /* Otherwise need an identifier to start a directive */
- goto err_nodir;
- }
-
- tokenstr = lex_token(token);
-
- /* Figure out which realm-directive this is */
- if (!strcasecmp(tokenstr, KEYWORD_DATABASE)) {
-
- /* Get a file specification for the database */
- rv = aclGetToken(errp, acf, 0);
- if (rv != TOKEN_STRING) {
- if (rv < 0) goto punt;
- goto err_nodb;
- }
-
- rsp->rs_realm.rlm_dbname = lex_token_take(token);
- rsp->rs_realm.rlm_aif = &NSADB_AuthIF;
- }
- else if (!strcasecmp(tokenstr, KEYWORD_METHOD)) {
-
- /* Step to the method identifier */
- rv = aclGetToken(errp, acf, 0);
- if (rv != TOKEN_IDENT) {
- if (rv < 0) goto punt;
- goto err_nometh;
- }
-
- tokenstr = lex_token(token);
-
- /* Interpret method name and set method in realm structure */
- if (!strcasecmp(tokenstr, KEYWORD_BASIC)) {
- rsp->rs_realm.rlm_ameth = AUTH_METHOD_BASIC;
- }
- else if (!strcasecmp(tokenstr, KEYWORD_SSL) && server_enterprise) {
- rsp->rs_realm.rlm_ameth = AUTH_METHOD_SSL;
- }
- else goto err_badmeth;
- }
- else if (!strcasecmp(tokenstr, KEYWORD_PROMPT)) {
-
- /* Step to the realm prompt string */
- rv = aclGetToken(errp, acf, 0);
- if ((rv != TOKEN_STRING) && (rv != TOKEN_IDENT)) {
- if (rv < 0) goto punt;
- goto err_noprompt;
- }
-
- /* Reference a copy of the prompt string from the realm */
- rsp->rs_realm.rlm_prompt = lex_token_take(token);
- }
- else goto err_baddir;
-
- /* Get the token after the realm-directive */
- rv = aclGetToken(errp, acf, 0);
-
- /* Need a ";" to keep going */
- if (rv != TOKEN_EOS) break;
- }
-
- if (rv != TOKEN_RBRACE) goto err_rbrace;
-
- /* Get the token after the realm-spec */
- rv = aclGetToken(errp, acf, 0);
-
- punt:
- return rv;
-
- err_rlmname:
- eid = ACLERR2500;
- goto err_parse;
-
- err_undrlm:
- eid = ACLERR2520;
- rv = ACLERRUNDEF;
- goto err_sym;
-
- err_nomem:
- eid = ACLERR2540;
- rv = ACLERRNOMEM;
- goto ret_err;
-
- err_nodir:
- eid = ACLERR2560;
- goto err_parse;
-
- err_nodb:
- eid = ACLERR2570;
- goto err_parse;
-
- err_nometh:
- eid = ACLERR2580;
- goto err_parse;
-
- err_badmeth:
- eid = ACLERR2600;
- goto err_sym;
-
- err_noprompt:
- eid = ACLERR2605;
- goto err_parse;
-
- err_baddir:
- eid = ACLERR2610;
- goto err_sym;
-
- err_rbrace:
- eid = ACLERR2620;
- goto err_parse;
-
- err_sym:
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program,
- 3, acf->acf_filename, linestr, tokenstr);
- goto punt;
-
- err_parse:
- rv = ACLERRPARSE;
- ret_err:
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
- goto punt;
-}
-
-/*
- * Description (aclRightsParse)
- *
- * This function parse an access rights list. The syntax for an
- * access rights list is:
- *
- * rights-list ::= "(" list-of-rights ")"
- * list-of-rights ::= rights-elem | list-of-rights "," rights-elem
- * rights-elem ::= right-name | "+" rights-def-name
- * right-name ::= identifier
- * rights-def-name ::= identifier
- *
- * An element of a rights list is either the name of a particular
- * access right (e.g. Read), or the name associated with an
- * external definition of an access rights list, preceded by "+"
- * (e.g. +editor-rights). The list is enclosed in parentheses,
- * and the elements are separated by commas.
- *
- * This function adds to a list of rights provided by the caller.
- * Access rights are internally assigned unique integer identifiers,
- * and a symbol table is maintained to map an access right name to
- * its identifier.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * acf - pointer to ACLFile_t for ACL file
- * acc - pointer to ACContext_t structure
- * rights - pointer to rights list head
- *
- * Returns:
- *
- * The return value is a code identifying the next token if successful.
- * End-of-stream is indicated by a return value of TOKEN_EOF. An error
- * is indicated by a negative error code (ACLERRxxxx - see aclerror.h),
- * and an error frame will be generated if an error list is provided.
- */
-
-int aclRightsParse(NSErr_t * errp, ACLFile_t * acf, ACContext_t * acc,
- RightSpec_t **rights)
-{
- void * token = acf->acf_token; /* LEX token handle */
- char * ename; /* element name string pointer */
- RightSpec_t * rsp; /* rights specification pointer */
- RightSpec_t * nrsp; /* named rights spec pointer */
- RightDef_t * rdp; /* right definition pointer */
- int rv; /* result value */
- int eid; /* error id */
- char linestr[16]; /* line number string buffer */
-
- /* Look for a left parenthesis */
- if (acf->acf_ttype != TOKEN_LPAREN) {
-
- /* No rights list present */
- return 0;
- }
-
- rsp = *rights;
-
- /* Create a RightSpec_t if we don't have one */
- if (rsp == 0) {
- rsp = (RightSpec_t *)MALLOC(sizeof(RightSpec_t));
- if (rsp == 0) goto err_nomem1;
- memset((void *)rsp, 0, sizeof(RightSpec_t));
- rsp->rs_sym.sym_type = ACLSYMRDEF;
- *rights = rsp;
- }
-
- /* Parse list elements */
- for (;;) {
-
- /* Look for an identifier */
- rv = aclGetToken(errp, acf, 0);
- if (rv != TOKEN_IDENT) {
-
- /* No, maybe a "+" preceding a rights definition name? */
- if (rv != TOKEN_PLUS) {
-
- /* One more chance, we'll allow the closing ")" after "," */
- if (rv != TOKEN_RPAREN) {
- /* No, bad news */
- if (rv < 0) goto punt;
- goto err_elem;
- }
-
- /* Got right paren after comma */
- break;
- }
-
- /* Got a "+", try for the rights definition name */
- rv = aclGetToken(errp, acf, 0);
- if (rv != TOKEN_IDENT) {
- if (rv < 0) goto punt;
- goto err_rdef;
- }
-
- /* Get a pointer to the token string */
- ename = lex_token(token);
-
- /* See if it matches a rights definition in the symbol table */
- rv = symTableFindSym(acc->acc_stp, ename, ACLSYMRDEF,
- (void **)&nrsp);
- if (rv) goto err_undef;
-
- /*
- * Merge the rights from the named rights list into the
- * current rights list.
- */
- rv = uilMerge(&rsp->rs_list, &nrsp->rs_list);
- if (rv < 0) goto err_nomem2;
- }
- else {
-
- /* The current token is an access right name */
-
- /* Get a pointer to the token string */
- ename = lex_token(token);
-
-
- /* Find or create an access right definition */
- rv = aclRightDef(errp, acc, ename, &rdp);
- if (rv < 0) goto err_radd;
-
- /* Add the id for this right to the current rights list */
- rv = usiInsert(&rsp->rs_list, rdp->rd_id);
- if (rv < 0) goto err_nomem3;
- }
-
- rv = aclGetToken(errp, acf, 0);
-
- /* Want a comma to continue the list */
- if (rv != TOKEN_COMMA) {
-
- /* A right parenthesis will end the list nicely */
- if (rv == TOKEN_RPAREN) {
-
- /* Get the first token after the rights list */
- rv = aclGetToken(errp, acf, 0);
- break;
- }
-
- /* Anything else is an error */
- if (rv < 0) goto punt;
- goto err_list;
- }
- }
-
- return rv;
-
- err_elem:
- eid = ACLERR2700;
- rv = ACLERRSYNTAX;
- goto err_ret;
-
- err_rdef:
- eid = ACLERR2720;
- rv = ACLERRSYNTAX;
- goto err_ret;
-
- err_undef:
- eid = ACLERR2740;
- rv = ACLERRUNDEF;
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program,
- 3, acf->acf_filename, linestr, ename);
- return rv;
-
- err_nomem1:
- eid = ACLERR2760;
- goto err_nomem;
-
- err_nomem2:
- eid = ACLERR2780;
- goto err_nomem;
-
- err_radd:
- eid = ACLERR2800;
- goto err_ret;
-
- err_nomem3:
- eid = ACLERR2820;
- goto err_nomem;
-
- err_nomem:
- rv = ACLERRNOMEM;
- goto err_ret;
-
- err_list:
-
- eid = ACLERR2840;
- rv = ACLERRSYNTAX;
-
- err_ret:
- sprintf(linestr, "%d", acf->acf_lineno);
- nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
-
- punt:
- return rv;
-}
-
-/*
- * Description (aclStreamGet)
- *
- * This function is the stream read function designated by
- * aclFileOpen() to read the file associated with the LEX stream
- * it creates. It reads the next chunk of the file into the
- * stream buffer.
- *
- * Arguments:
- *
- * lst - pointer to LEX stream structure
- *
- * Returns:
- *
- * The return value is the number of bytes read if successful.
- * A return value of zero indicates end-of-file. An error is
- * indicated by a negative return value.
- */
-
-int aclStreamGet(LEXStream_t * lst)
-{
- SYS_FILE fd = (SYS_FILE)(lst->lst_strmid);
- int len;
-
- len = system_fread(fd, lst->lst_buf, lst->lst_buflen);
- if (len >= 0) {
- lst->lst_len = len;
- lst->lst_cp = lst->lst_buf;
- }
-
- return len;
-}
diff --git a/lib/libaccess/attrec.cpp b/lib/libaccess/attrec.cpp
deleted file mode 100644
index d637ccd9..00000000
--- a/lib/libaccess/attrec.cpp
+++ /dev/null
@@ -1,309 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (attrec.c)
- *
- * This module contains routines for encoding and decoding
- * attribute records. See attrec.h for a description of attribute
- * records.
- */
-
-#include "base/systems.h"
-#include "netsite.h"
-#include "assert.h"
-#define __PRIVATE_ATTREC
-#include "libaccess/attrec.h"
-
-/*
- * Description (NTS_Length)
- *
- * This function returns the length of a null-terminated string.
- * The length includes the terminating null octet.
- *
- * Use of the NTSLENGTH() macro is recommended (see attrec.h).
- *
- * Arguments:
- *
- * nts - a pointer to the null-terminate string
- * (may be null)
- *
- * Returns:
- *
- * The length of the string. If 'nts' is null, the value is one,
- * since there is always a null octet.
- */
-
-int NTS_Length(NTS_t nts)
-{
- return ((nts) ? strlen((const char *)nts) + 1 : 1);
-}
-
-/*
- * Description (NTS_Decode)
- *
- * This function decodes a null-terminated string from a specified
- * attribute record buffer. It copies the string into a dynamically
- * allocated buffer, if 'pnts' is not null, and returns a pointer
- * to it. The return value of the function is a pointer to the
- * octet following the NTS in the attribute record buffer.
- *
- * Use of the NTSDECODE() macro is recommended (see attrec.h).
- *
- * Arguments:
- *
- * cp - pointer into the attribute record buffer
- * pnts - pointer to returned reference to decoded
- * NTS, or null, if the decoded NTS is not
- * to be copied to a dynamic buffer
- *
- * Returns:
- *
- * The function return value is a pointer to the octet following
- * the NTS in the attribute record buffer. A pointer to a
- * dynamically allocated buffer containing the decoded NTS will
- * be returned through 'pnts', if it is non-null. This returned
- * pointer will be null if the NTS contains only a terminating
- * octet.
- */
-
-ATR_t NTS_Decode(ATR_t cp, NTS_t * pnts)
-{
- NTS_t nts = 0;
- int len = NTSLENGTH(cp); /* length of the string */
-
- /* Are we going to return a copy of the string? */
- if (pnts) {
-
- /* Yes, is it more than just a null octet? */
- if (len > 1) {
-
- /* Yes, allocate a buffer and copy the string to it */
- nts = (NTS_t)MALLOC(len);
- if (nts) {
- memcpy((void *)nts, (void *)cp, len);
- }
- }
-
- /* Return a pointer to the copied string, or null */
- *pnts = nts;
- }
-
- /* Return pointer to octet after string */
- return cp + len;
-}
-
-/*
- * Description (NTS_Encode)
- *
- * This function encodes a null-terminated string into a specified
- * attribute record buffer. It returns a pointer to the octet
- * following the encoding.
- *
- * Use of the NTSENCODE() macro is recommended (see attrec.h).
- *
- * Arguments:
- *
- * cp - pointer into the attribute record buffer
- * nts - pointer to the string to be encoded
- *
- * Returns:
- *
- * A pointer to the octet following the encoding in the attribute
- * record buffer is returned.
- */
-
-ATR_t NTS_Encode(ATR_t cp, NTS_t nts)
-{
-
- /* Is the string pointer null? */
- if (nts) {
- int len = NTSLENGTH(nts);
-
- /* No, copy the string to the attribute record buffer */
- memcpy((void *)cp, (void *)nts, len);
-
- /* Get pointer to octet after it */
- cp += len;
- }
- else {
-
- /* A null pointer indicates an empty NTS, i.e. just a null octet */
- *cp++ = 0;
- }
-
- /* Return a pointer to the octet after the encoding */
- return cp;
-}
-
-/*
- * Description (USI_Decode)
- *
- * This function decodes an unsigned integer value from a specified
- * attribute record buffer.
- *
- * Use of the USIDECODE() macro is recommended (see attrec.h).
- *
- * Arguments:
- *
- * cp - pointer into the attribute record buffer
- * pval - pointer to returned integer value
- *
- * Returns:
- *
- * If 'pval' is not null, the decoded integer value is returned
- * in the referenced location. The function return value is a
- * pointer to the octet following the USI encoding in the attribute
- * record buffer.
- */
-
-ATR_t USI_Decode(ATR_t cp, USI_t * pval)
-{
- int val;
-
- /* Is this a length value? */
- if (*(cp) & 0x80) {
- int i;
- int len;
-
- /* Yes, build the value from the indicated number of octets */
- len = *cp++ & 0x7;
- val = 0;
- for (i = 0; i < len; ++i) {
- val <<= 8;
- val |= (cp[i] & 0xff);
- }
- cp += len;
- }
- else {
-
- /* This octet is the value */
- val = *cp++;
- }
-
- /* Return the value if there's a place to put it */
- if (pval) *pval = val;
-
- /* Return a pointer to the next item in the attribute record */
- return cp;
-}
-
-/*
- * Description (USI_Encode)
- *
- * This function encodes an unsigned integer value into a specified
- * attribute record buffer.
- *
- * Use of the USIENCODE() macro is recommended (see attrec.h).
- *
- * Arguments:
- *
- * cp - pointer into the attribute record buffer
- * val - the value to be encoded
- *
- * Returns:
- *
- * A pointer to the octet following the generated encoding in the
- * attribute record buffer is returned.
- */
-
-ATR_t USI_Encode(ATR_t cp, USI_t val)
-{
- /* Check size of value to be encoded */
- if (val <= 0x7f) *cp++ = val;
- else if (val <= 0xff) {
- /* Length plus 8-bit value */
- *cp++ = 0x81;
- *cp++ = val;
- }
- else if (val <= 0xffff) {
- /* Length plus 16-bit value */
- *cp++ = 0x82;
- cp[1] = val & 0xff;
- val >>= 8;
- cp[0] = val & 0xff;
- cp += 2;
- }
- else if (val <= 0xffffff) {
- /* Length plus 24-bit value */
- *cp++ = 0x83;
- cp[2] = val & 0xff;
- val >>= 8;
- cp[1] = val & 0xff;
- val >>= 8;
- cp[0] = val & 0xff;
- cp += 3;
- }
- else {
- /* Length plus 32-bit value */
- *cp++ = 0x84;
- cp[3] = val & 0xff;
- val >>= 8;
- cp[2] = val & 0xff;
- val >>= 8;
- cp[1] = val & 0xff;
- val >>= 8;
- cp[0] = val & 0xff;
- cp += 4;
- }
-
- /* Return a pointer to the next position in the attribute record */
- return cp;
-}
-
-/*
- * Description (USI_Insert)
- *
- * This function is a variation of USI_Encode() that always generates
- * the maximum-length encoding for USI value, regardless of the
- * actual specified value. For arguments, returns, see USI_Encode().
- *
- * Use of the USIINSERT() macro is recommended. The USIALLOC() macro
- * returns the number of octets that USIINSERT() will generate.
- */
-
-ATR_t USI_Insert(ATR_t cp, USI_t val)
-{
- int i;
-
- assert(USIALLOC() == 5);
-
- *cp++ = 0x84;
- for (i = 3; i >= 0; --i) {
- cp[i] = val & 0xff;
- val >>= 8;
- }
-
- return cp + 5;
-}
-
-/*
- * Description (USI_Length)
- *
- * This function returns the number of octets required to encode
- * an unsigned integer value.
- *
- * Use of the USILENGTH() macro is recommended (see attrec.h).
- *
- * Arguments:
- *
- * val - the unsigned integer value
- *
- * Returns:
- *
- * The number of octets required to encode the specified value is
- * returned.
- */
-
-int USI_Length(USI_t val)
-{
- return (((USI_t)(val) <= 0x7f) ? 1
- : (((USI_t)(val) <= 0xff) ? 2
- : (((USI_t)(val) <= 0xffff) ? 3
- : (((USI_t)(val) <= 0xffffff) ? 4
- : 5))));
-}
-
diff --git a/lib/libaccess/avadb.c b/lib/libaccess/avadb.c
deleted file mode 100644
index ecf03167..00000000
--- a/lib/libaccess/avadb.c
+++ /dev/null
@@ -1,298 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "libaccess/ava.h"
-#include "libaccess/avadb.h"
-#include "base/session.h"
-#include "base/pblock.h"
-
-#include "libadmin/libadmin.h"
-#include "libaccess/avapfile.h"
-
-#define DB_NAME "AvaMap"
-
-enum {AVA_DB_SUCCESS=0,AVA_DB_FAILURE};
-
-#ifdef XP_UNIX
-#include "mcom_ndbm.h"
-
-USE_NSAPI int AddEntry (char *key, char *value) {
- datum keyd;
- datum valued;
- DBM *db = NULL;
- char dbpath[150];
-
- sprintf (dbpath, "%s%c%s", get_httpacl_dir(), FILE_PATHSEP, DB_NAME);
-
- db = dbm_open (dbpath, O_RDWR | O_CREAT, 0644);
-
- if (!db)
- return AVA_DB_FAILURE;
-
- keyd.dptr = key;
- keyd.dsize = strlen (key) + 1;
-
- valued.dptr = value;
- valued.dsize = strlen(value) + 1;
-
- dbm_store (db, keyd, valued, DBM_REPLACE);
- dbm_close (db);
-
- return AVA_DB_SUCCESS;
-}
-
-USE_NSAPI int DeleteEntry (char *key) {
- datum keyd;
- DBM *db = NULL;
- char dbpath[150];
-
- sprintf (dbpath, "%s%c%s", get_httpacl_dir(), FILE_PATHSEP, DB_NAME);
-
- db = dbm_open (dbpath, O_RDWR, 0644);
-
- if (!db)
- return AVA_DB_FAILURE;
-
- keyd.dptr = key;
- keyd.dsize = strlen (key) + 1;
-
- dbm_delete (db, keyd);
-
- dbm_close (db);
-
- return AVA_DB_SUCCESS;
-}
-
-USE_NSAPI char *GetValue (char *key) {
- datum keyd;
- datum valued;
- DBM *db = NULL;
- char dbpath[150];
-
- sprintf (dbpath, "%s%c%s", get_httpacl_dir(), FILE_PATHSEP, DB_NAME);
-
- db = dbm_open (dbpath, O_RDONLY, 0644);
-
- if (!db)
- return NULL;
-
- keyd.dptr = key;
- keyd.dsize = strlen (key) + 1;
-
- valued = dbm_fetch (db, keyd);
-
- dbm_close (db);
-
- return valued.dptr;
-}
-
-#else
-
-#include <stdio.h>
-
-
-#define lmemcpy memcpy
-#define lmemcmp memcmp
-#define lmemset memset
-
-static int mkhash8(char *x,int len) {
- unsigned int i,hash = 0;
- for (i=0; i < len; i++) { hash += x[i]; }
-
- return (int) (hash & 0xff);
-}
-
-static void mkpath(char *target, char *dir, char sep, char *name) {
- int len;
-
- len = strlen(dir);
- lmemcpy(target,dir,len);
- target += len;
-
- *target++ = sep;
-
- len = strlen(name);
- lmemcpy(target,name,len);
- target += len;
-
- *target = 0;
-}
-
-#define DELETED_LEN 8
-static char DELETED[] = { 0xff, 0x0, 0xff, 0x0, 0xff, 0x0, 0xff , 0x0 };
-
-
-#define RECORD_SIZE 512
-USE_NSAPI int AddEntry (char *key, char *value) {
- int empty, hash;
- char dbpath[150];
- char record[RECORD_SIZE];
- int key_len, val_len,size;
- FILE *f;
-
- mkpath (dbpath, get_httpacl_dir(), FILE_PATHSEP, DB_NAME);
-
- f = fopen(dbpath, "rb+");
- if (f == NULL) {
- f = fopen(dbpath,"wb+");
- }
-
- if (f == NULL)
- return AVA_DB_FAILURE;
-
- key_len = strlen(key)+1;
- val_len = strlen(value);
-
- if ((key_len+val_len) > RECORD_SIZE) {
- fclose(f);
- return AVA_DB_FAILURE;
- }
-
-
- /* now hash the key */
- hash = mkhash8(key,key_len);
- empty = -1;
-
- fseek(f,hash*RECORD_SIZE,SEEK_SET);
-
- for (;;) {
- size= fread(record,1,RECORD_SIZE,f);
- if (size < RECORD_SIZE) {
- break;
- }
- if (lmemcmp(record,key,key_len) == 0) {
- break;
- }
- if ((empty == -1) && (lmemcmp(record,DELETED,DELETED_LEN) == 0)) {
- empty = hash;
- }
- if (record == 0) {
- break;
- }
- hash++;
- }
-
- if (empty != -1) { hash = empty; }
- fseek(f,hash*RECORD_SIZE,SEEK_SET);
-
- /* build the record */
- lmemset(record,0,RECORD_SIZE);
-
- lmemcpy(record,key,key_len);
- lmemcpy(&record[key_len],value,val_len);
- size= fwrite(record,1,RECORD_SIZE,f);
- if (size != RECORD_SIZE) {
- fclose(f);
- return AVA_DB_FAILURE;
- }
- fclose(f);
-
- return AVA_DB_SUCCESS;
-}
-
-USE_NSAPI int DeleteEntry (char *key) {
- int found,hash;
- char dbpath[150];
- char record[RECORD_SIZE];
- int key_len,size;
- FILE *f;
-
- mkpath (dbpath, get_httpacl_dir(), FILE_PATHSEP, DB_NAME);
-
- f = fopen(dbpath, "rb+");
-
- if (f == NULL)
- return AVA_DB_FAILURE;
-
- key_len = strlen(key)+1;
-
-
- /* now hash the key */
- hash = mkhash8(key,key_len);
- found = 0;
- fseek(f,hash*RECORD_SIZE,SEEK_SET);
-
- for (;;) {
- size= fread(record,1,RECORD_SIZE,f);
- if (size < RECORD_SIZE) {
- break;
- }
- if (lmemcmp(record,key,key_len) == 0) {
- found++;
- break;
- }
- if (record == 0) {
- break;
- }
- hash++;
- }
-
- if (!found) {
- fclose(f);
- return AVA_DB_SUCCESS;
- }
- fseek(f,hash*RECORD_SIZE,SEEK_SET);
-
- /* build the record */
- lmemset(record,0,RECORD_SIZE);
-
- lmemcpy(record,DELETED,DELETED_LEN);
- size= fwrite(record,1,RECORD_SIZE,f);
- if (size != RECORD_SIZE) {
- fclose(f);
- return AVA_DB_FAILURE;
- }
- fclose(f);
-
- return AVA_DB_SUCCESS;
-}
-
-USE_NSAPI char *GetValue (char *key) {
- int hash,size;
- char dbpath[150];
- char record[RECORD_SIZE];
- int key_len,found = 0;
- FILE *f;
-
- mkpath (dbpath, get_httpacl_dir(), FILE_PATHSEP, DB_NAME);
-
- f = fopen(dbpath, "rb");
-
- if (f == NULL)
- return NULL;
-
- key_len = strlen(key)+1;
-
- /* now hash the key */
- hash = mkhash8(key,key_len);
-
- fseek(f,hash*RECORD_SIZE,SEEK_SET);
-
- for(;;) {
- size= fread(record,1,RECORD_SIZE,f);
- if (size < RECORD_SIZE) {
- break;
- }
- if (lmemcmp(record,key,key_len) == 0) {
- found++;
- break;
- }
- if (record == 0) {
- break;
- }
- hash++;
- }
-
- fclose(f);
- if (!found) return NULL;
-
- return system_strdup(&record[key_len+1]);
-}
-
-#endif
diff --git a/lib/libaccess/avaparse.y b/lib/libaccess/avaparse.y
deleted file mode 100644
index 6be06794..00000000
--- a/lib/libaccess/avaparse.y
+++ /dev/null
@@ -1,140 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-%{
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include "libaccess/ava.h"
-#include "libaccess/avapfile.h"
-#include "netsite.h"
-
-extern int linenum;
-extern char yytext[];
-
-static void AddDefType (int defType, char *defId);
-static void AddAVA (char* userID);
-
-void yyerror(const char* string);
-extern void logerror(const char* string,int num, char *file);
-
-AVAEntry tempEntry;
-AVATable entryTable;
-
-%}
-
-%union {
- char *string;
- int num;
-}
-
-%token DEF_C DEF_CO DEF_OU DEF_CN EQ_SIGN DEF_START
-%token DEF_L DEF_E DEF_ST
-%token <string> USER_ID DEF_ID
-
-%type <num> def.type
-
-%start source
-
-%%
-
-source: ava.database
- |
- ;
-
-
-ava.database: ava.database ava
- | ava
- ;
-
-ava: USER_ID definitions {AddAVA($1);};
-
-definitions: definition.list
- |
- ;
-
-definition.list: definition.list definition
- | definition
- ;
-
-
-definition: def.type EQ_SIGN DEF_ID {AddDefType($1, $3);};
-
-def.type: DEF_C {$$ = DEF_C; }
- | DEF_CO {$$ = DEF_CO;}
- | DEF_OU {$$ = DEF_OU;}
- | DEF_CN {$$ = DEF_CN;}
- | DEF_L {$$ = DEF_L; }
- | DEF_E {$$ = DEF_E; }
- | DEF_ST {$$ = DEF_ST;}
- ;
-
-%%
-
-void yyerror(const char* string) {
- logerror(string,linenum,currFile);
-}
-
-
-void AddDefType (int defType, char *defId) {
- switch (defType) {
- case DEF_C:
- tempEntry.country = defId;
- break;
- case DEF_CO:
- tempEntry.company = defId;
- break;
- case DEF_OU:
- if (tempEntry.numOrgs % ORGS_ALLOCSIZE == 0) {
- if (tempEntry.numOrgs == 0) {
- tempEntry.organizations =
- PERM_MALLOC (sizeof (char*) * ORGS_ALLOCSIZE);
- } else {
- char **temp;
- temp =
- PERM_MALLOC(sizeof(char*) * (tempEntry.numOrgs + ORGS_ALLOCSIZE));
- memcpy (temp, tempEntry.organizations,
- sizeof(char*)*tempEntry.numOrgs);
- PERM_FREE (tempEntry.organizations);
- tempEntry.organizations = temp;
- }
- }
- tempEntry.organizations[tempEntry.numOrgs++] = defId;
- break;
- case DEF_CN:
- tempEntry.CNEntry = defId;
- break;
- case DEF_E:
- tempEntry.email = defId;
- break;
- case DEF_L:
- tempEntry.locality = defId;
- break;
- case DEF_ST:
- tempEntry.state = defId;
- break;
- default:
- break;
- }
-}
-
-void AddAVA (char* userID) {
- AVAEntry *newAVA;
-
- newAVA = (AVAEntry*)PERM_MALLOC(sizeof(AVAEntry));
- if (!newAVA) {
- yyerror ("Out of Memory in AddAVA");
- return;
- }
- *newAVA = tempEntry;
- newAVA->userid = userID;
-
- _addAVAtoTable (newAVA, &entryTable);
-
- tempEntry.CNEntry = tempEntry.userid = tempEntry.country = tempEntry.company = 0;
- tempEntry.email = tempEntry.locality = tempEntry.state = NULL;
- tempEntry.numOrgs = 0;
-}
diff --git a/lib/libaccess/avapfile.c b/lib/libaccess/avapfile.c
deleted file mode 100644
index 995c057b..00000000
--- a/lib/libaccess/avapfile.c
+++ /dev/null
@@ -1,428 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "libaccess/ava.h"
-
-#include "base/session.h"
-#include "base/pblock.h"
-#include "frame/req.h"
-#include "frame/log.h"
-
-#include "libadmin/libadmin.h"
-#include "libaccess/avapfile.h"
-
-#define ALLOC_SIZE 20
-#define SUCCESS 0
-
-struct parsedStruct {
- char *fileName;
- AVATable *avaTable;
-};
-
-typedef struct parsedStruct Parsed;
-
-/* globals for yy_error if needed */
-Session *yy_sn = NULL;
-Request *yy_rq = NULL;
-
-/*This will be a dynamic array of parsedStruct*. Re-sizing if necessary.*/
-struct ParsedTable {
- Parsed **parsedTable;
- int numEntries;
-};
-
-char *currFile;
-
-static struct ParsedTable parsedFiles = {NULL, 0};
-
-extern AVATable entryTable; /*Table where entries are stored*/
-extern AVAEntry tempEntry; /*Used to restore parser's state*/
-extern linenum;
-
-AVAEntry * AVAEntry_Dup(AVAEntry *entry) {
- int i;
- AVAEntry *newAVA = NULL;
-/* copy the AVA entry */
-
- if (entry) {
- newAVA = (AVAEntry *) PERM_MALLOC(sizeof(AVAEntry));
- memset(newAVA,0, sizeof(AVAEntry));
- newAVA->userid = 0;
- newAVA->CNEntry = 0;
- newAVA->email = 0;
- newAVA->locality = 0;
- newAVA->state = 0;
- newAVA->country = 0;
- newAVA->company = 0;
- newAVA->organizations = 0;
- newAVA->numOrgs = 0;
- if (entry->userid) newAVA->userid = PERM_STRDUP(entry->userid);
- if (entry->CNEntry) newAVA->CNEntry = PERM_STRDUP(entry->CNEntry);
- if (entry->email) newAVA->email = PERM_STRDUP(entry->email);
- if (entry->locality) newAVA->locality = PERM_STRDUP(entry->locality);
- if (entry->state) newAVA->state = PERM_STRDUP(entry->state);
- if (entry->country) newAVA->country = PERM_STRDUP(entry->country);
- if (entry->company) newAVA->company = PERM_STRDUP(entry->company);
- if (entry->organizations) {
- newAVA->organizations = PERM_MALLOC(sizeof(char *)*entry->numOrgs);
- newAVA->numOrgs = entry->numOrgs;
- for (i=0; i<entry->numOrgs; i++)
- newAVA->organizations[i] = PERM_STRDUP (entry->organizations[i]);
- }
- }
- return newAVA;
-}
-
-void _addAVAtoTable (AVAEntry *newAVA, AVATable *table) {
- int i;
- int insertIndex = -1;
-
- if (table->numEntries%ENTRIES_ALLOCSIZE == 0) {
- if (table->numEntries == 0) {
- table->enteredTable =
- (AVAEntry**) PERM_MALLOC (sizeof(AVAEntry*) * ENTRIES_ALLOCSIZE);
- } else {
- AVAEntry **temp;
-
- temp =
- PERM_MALLOC(sizeof(AVAEntry*)*(table->numEntries+ENTRIES_ALLOCSIZE));
- memmove(temp, table->enteredTable, sizeof(AVAEntry*)*table->numEntries);
- PERM_FREE(table->enteredTable);
- table->enteredTable = temp;
- }
- }
-
- for (i=table->numEntries-1; i >= 0; i--) {
- if (strcmp(newAVA->userid, table->enteredTable[i]->userid) > 0) {
- insertIndex = i+1;
- break;
- } else {
- table->enteredTable[i+1] = table->enteredTable[i];
- }
- }
-
-
- table->enteredTable[(insertIndex == -1) ? 0 : insertIndex] = newAVA;
- (table->numEntries)++;
-}
-
-AVATable *AVATableDup(AVATable *table) {
- AVATable *newTable = (AVATable*)PERM_MALLOC (sizeof(AVATable));
- /* round the puppy so _addAVAtoTable still works */
- int size = (table->numEntries + (ENTRIES_ALLOCSIZE-1))/ENTRIES_ALLOCSIZE;
- int i;
-
- newTable->enteredTable =
- (AVAEntry**)PERM_MALLOC(size*ENTRIES_ALLOCSIZE*sizeof(AVAEntry *));
-
- for (i=0; i < table->numEntries; i++) {
- newTable->enteredTable[i] = AVAEntry_Dup(table->enteredTable[i]);
- }
- newTable->numEntries = table->numEntries;
- return newTable;
-}
-
-
-
-
-AVAEntry *_getAVAEntry(char *groupName, AVATable *mapTable) {
- char line[BIG_LINE];
- int lh, rh, mid, cmp;;
-
- if (!mapTable) {
- sprintf (line, "NULL Pointer passed as mapTable when trying to get entry %s", groupName);
- report_error (SYSTEM_ERROR, "File Not Found", line);
- }
-
-
- lh = 0;
- rh = mapTable->numEntries-1;
-
- while (lh <= rh) {
- mid = lh + ((rh-lh)/2);
- cmp = strcmp(groupName, mapTable->enteredTable[mid]->userid);
- if (cmp == 0)
- return mapTable->enteredTable[mid];
- else if (cmp > 0)
- lh = mid + 1;
- else
- rh = mid - 1;
- }
-
- return NULL;
-
-}
-
-AVATable *_getTable (char *fileName) {
- int lh, rh, mid, cmp;
- AVATable *table = NULL;
-
- /*First checks to see if it's already been parsed*/
-
- lh = 0;
- rh = parsedFiles.numEntries-1;
- while (lh <= rh) {
- mid = lh + ((rh - lh)/2);
- cmp = strcmp(fileName, parsedFiles.parsedTable[mid]->fileName);
- if (cmp == SUCCESS) {
- return parsedFiles.parsedTable[mid]->avaTable;
- } else if (cmp < SUCCESS) {
- rh = mid-1;
- } else {
- lh = mid+1;
- }
- }
-
- yyin = fopen (fileName, "r");
-
- if (yyin) {
- if (!yyparse()) {
- table = _wasParsed (fileName);
- table->userdb = NULL;
- }
- fclose (yyin);
- }
-
- return table;
-}
-
-int _hasBeenParsed (char *aclFileName){
- return (_getTable(aclFileName) != NULL);
-}
-
-AVATable* _wasParsed (char *inFileName) {
- Parsed *newEntry;
- int i;
-
- if (!inFileName)
- return NULL;
-
- newEntry = (Parsed*) PERM_MALLOC (sizeof(Parsed));
- newEntry->fileName = PERM_STRDUP (inFileName);
- newEntry->avaTable = AVATableDup(&entryTable);
-
- if (parsedFiles.numEntries % ALLOC_SIZE == 0) {
- if (parsedFiles.numEntries) {
- Parsed **temp;
-
- temp = PERM_MALLOC (sizeof(Parsed*)*(parsedFiles.numEntries + ALLOC_SIZE));
- if (!temp)
- return NULL;
- memcpy (temp, parsedFiles.parsedTable, sizeof(Parsed*)*parsedFiles.numEntries);
- PERM_FREE (parsedFiles.parsedTable);
- parsedFiles.parsedTable = temp;
- } else {
- parsedFiles.parsedTable =
- (Parsed**) PERM_MALLOC (sizeof (Parsed*) * ALLOC_SIZE);
- if (!parsedFiles.parsedTable)
- return NULL;
- }
- }
- for (i=parsedFiles.numEntries; i > 0; i--) {
- if (strcmp(newEntry->fileName,parsedFiles.parsedTable[i-1]->fileName) < 0) {
- parsedFiles.parsedTable[i] = parsedFiles.parsedTable[i-1];
- } else {
- break;
- }
- }
- parsedFiles.parsedTable[i] = newEntry;
- parsedFiles.numEntries++;
-
-/*Initialize parser structures to resemble that before parse*/
- entryTable.numEntries = 0;
- tempEntry.country = tempEntry.company = tempEntry.CNEntry = NULL;
- tempEntry.email = tempEntry.locality = tempEntry.state = NULL;
- linenum = 1;
-
- return newEntry->avaTable;
-}
-
-AVAEntry *_deleteAVAEntry (char *group, AVATable *table) {
- int removeIndex;
- int lh, rh, mid, cmp;
- AVAEntry *entry = NULL;
-
- if (!group || !table)
- return NULL;
-
- lh = 0;
- rh = table->numEntries - 1;
-
- while (lh <= rh) {
- mid = lh + ((rh-lh)/2);
- cmp = strcmp (group, table->enteredTable[mid]->userid);
- if (cmp == SUCCESS) {
- removeIndex = mid;
- break;
- } else if (cmp < SUCCESS) {
- rh = mid-1;
- } else {
- lh = mid+1;
- }
- }
-
- if (lh > rh)
- return NULL;
-
- entry = table->enteredTable[removeIndex];
-
- memmove ((char*)(table->enteredTable)+(sizeof(AVAEntry*)*removeIndex),
- (char*)(table->enteredTable)+(sizeof(AVAEntry*)*(removeIndex+1)),
- (table->numEntries - removeIndex - 1)*sizeof(AVAEntry*));
-
- (table->numEntries)--;
-
- return entry;
-}
-
-void AVAEntry_Free (AVAEntry *entry) {
- int i;
-
- if (entry) {
- if (entry->userid)
- PERM_FREE (entry->userid);
- if (entry->CNEntry)
- PERM_FREE (entry->CNEntry);
- if (entry->email)
- PERM_FREE (entry->email);
- if (entry->locality)
- PERM_FREE (entry->locality);
- if (entry->state)
- PERM_FREE (entry->state);
- if (entry->country)
- PERM_FREE (entry->country);
- if (entry->company)
- PERM_FREE (entry->company);
- if (entry->organizations) {
- for (i=0; i<entry->numOrgs; i++)
- PERM_FREE (entry->organizations[i]);
- PERM_FREE(entry->organizations);
- }
- }
-}
-
-void PrintHeader(FILE *outfile){
-
- fprintf (outfile,"/*This file is generated automatically by the admin server\n");
- fprintf (outfile," *Any changes you make manually may be lost if other\n");
- fprintf (outfile," *changes are made through the admin server.\n");
- fprintf (outfile," */\n\n\n");
-
-}
-
-void writeOutEntry (FILE *outfile, AVAEntry *entry) {
- int i;
-
- /*What should I do if the group id is not there?*/
- if (!entry || !(entry->userid))
- report_error (SYSTEM_ERROR, "AVA-DB Failure",
- "Bad entry passed to write out function");
-
- fprintf (outfile,"%s: {\n", entry->userid);
- if (entry->CNEntry)
- fprintf (outfile,"\tCN=\"%s\"\n", entry->CNEntry);
- if (entry->email)
- fprintf (outfile,"\tE=\"%s\"\n", entry->email);
- if (entry->company)
- fprintf (outfile,"\tO=\"%s\"\n", entry->company);
- if (entry->organizations) {
- for (i=0; i < entry->numOrgs; i++) {
- fprintf (outfile, "\tOU=\"%s\"\n", entry->organizations[i]);
- }
- }
- if (entry->locality)
- fprintf (outfile,"\tL=\"%s\"\n",entry->locality);
- if (entry->state)
- fprintf (outfile,"\tST=\"%s\"\n",entry->state);
- if (entry->country)
- fprintf (outfile,"\tC=\"%s\"\n", entry->country);
-
- fprintf (outfile,"}\n\n\n");
-
-}
-
-void writeOutFile (char *authdb, AVATable *table) {
- char line[BIG_LINE];
- char mess[200];
- FILE *newfile;
- int i;
-
- sprintf (line, "%s%c%s%c%s.%s", get_authdb_dir(), FILE_PATHSEP, authdb, FILE_PATHSEP,
- AUTH_DB_FILE, AVADB_TAG);
-
- if (!table) {
- sprintf (mess, "The structure for file %s was not loaded before writing out", line);
- report_error (SYSTEM_ERROR, "Internal Error", mess);
- }
-
- newfile = fopen (line, "w");
-
- if (!newfile) {
- sprintf (mess, "Could not open file %s for writing.", line);
- report_error(FILE_ERROR, "No File", mess);
- }
-
- PrintHeader (newfile);
-
- for (i=0;i < table->numEntries; i++) {
- writeOutEntry (newfile, table->enteredTable[i]);
- }
-
- fclose(newfile);
-}
-
-
-void
-logerror(char *error,int line,char *file) {
- /* paranoia */
- /*ava-mapping is only functin that initializes yy_sn and yy_rq*/
- if ((yy_sn != NULL) && (yy_rq != NULL)) {
- log_error (LOG_FAILURE, "ava-mapping", yy_sn, yy_rq,
- "Parse error line %d of %s: %s", line, file, error);
- } else {
- char errMess[250];
-
- sprintf (errMess, "Parse error line %d of %s: %s", line, file, error);
- report_error (SYSTEM_ERROR, "Failure: Loading AVA-DB Table", errMess);
- }
-}
-
-
-void outputAVAdbs(char *chosen) {
- char *authdbdir = get_authdb_dir();
- char **listings;
- int i;
- int numListings = 0;
- int hasOptions = 0;
-
- listings = list_auth_dbs(authdbdir);
-
- while (listings[numListings++] != NULL);
-
- for (i=0; listings[i] != NULL ; i++) {
- if (!hasOptions) {
- printf ("<select name=\"%s\"%s onChange=\"form.submit()\">",AVA_DB_SEL,
- (numListings > SELECT_OVERFLOW)?"size=5":"");
- hasOptions = 1;
- }
-
- printf ("<option value=\"%s\"%s>%s\n",listings[i],
- (strcmp(chosen, listings[i]) == 0) ? "SELECTED":"",listings[i]);
- }
-
- if (hasOptions)
- printf ("</select>\n");
- else
- printf ("<i><b>Insert an AVA-Database entry first</b></i>\n");/*This should never happen,
- *since I never create an empty
- *avadb file,
- *but one never knows
- */
-
-}
diff --git a/lib/libaccess/avascan.l b/lib/libaccess/avascan.l
deleted file mode 100644
index 71d4c4fb..00000000
--- a/lib/libaccess/avascan.l
+++ /dev/null
@@ -1,106 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-%{
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include "y.tab.h"
-#include "libaccess/ava.h"
-#include "netsite.h"
-
-int linenum = 1;
-int first_time = 1;
-int old_state;
-int num_nested_comments = 0;
-
-extern AVAEntry tempEntry;
-extern AVATable entryTable;
-
-void strip_quotes(void);
-
-%}
-
-%s COMMENT NORM DEFINES DEF_TYPE
-
-uc_letter [A-Z]
-lc_letter [a-z]
-digit [0-9]
-under_score _
-
-letter ([A-Z,a-z])
-
-white_space ([ \t]*)
-identifier ([_,A-Z,a-z][_,A-Z,a-z,0-9]*)
-def_identifier (({white_space}{identifier})+)
-text (\"[^\"]*\")
-comments (([^"*/"\n])*)
-
-
-
-%%
-
-%{
- if (first_time) {
- BEGIN NORM;
- first_time = tempEntry.numOrgs = 0;
- old_state = NORM;
- tempEntry.userid = 0;
- tempEntry.country = 0;
- tempEntry.CNEntry = 0;
- tempEntry.email = 0;
- tempEntry.locality = 0;
- tempEntry.state = 0;
- entryTable.numEntries = 0;
- }
-%}
-
-
-"/*" {BEGIN COMMENT; num_nested_comments++;}
-<COMMENT>"*/" {num_nested_comments--;
- if (!num_nested_comments) BEGIN old_state;}
-<COMMENT>. {;}
-
-<NORM>{identifier} {yylval.string = PERM_STRDUP(yytext);
- return USER_ID;}
-<NORM>":"{white_space}\{ {BEGIN DEF_TYPE;
- old_state = DEF_TYPE;}
-
-<DEF_TYPE>"C" {BEGIN DEFINES; old_state = DEFINES;
- return DEF_C; }
-<DEF_TYPE>"O" {BEGIN DEFINES; old_state = DEFINES;
- return DEF_CO;}
-<DEF_TYPE>"OU" {BEGIN DEFINES; old_state = DEFINES;
- return DEF_OU;}
-<DEF_TYPE>"CN" {BEGIN DEFINES; old_state = DEFINES;
- return DEF_CN;}
-<DEF_TYPE>"L" {BEGIN DEFINES; old_state = DEFINES;
- return DEF_L;}
-<DEF_TYPE>"E" {BEGIN DEFINES; old_state = DEFINES;
- return DEF_E;}
-<DEF_TYPE>"ST" {BEGIN DEFINES; old_state = DEFINES;
- return DEF_ST;}
-<DEF_TYPE>"}" {BEGIN NORM;old_state = NORM;}
-
-<DEFINES>= {return EQ_SIGN;}
-<DEFINES>{text} {BEGIN DEF_TYPE; old_state = DEF_TYPE;
- strip_quotes();
- return DEF_ID;}
-
-{white_space} {;}
-\n {linenum++;}
-. {yyerror("Bad input character");}
-%%
-
-int yywrap () {
- return 1;
-}
-
-void strip_quotes(void) {
- yytext[strlen(yytext)-1]= '\0';
- yylval.string = PERM_STRDUP(&yytext[1]);
-}
diff --git a/lib/libaccess/lcache.h b/lib/libaccess/lcache.h
deleted file mode 100644
index ef176681..00000000
--- a/lib/libaccess/lcache.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-#ifndef CACHE_H
-#define CACHE_H
-
-NSPR_BEGIN_EXTERN_C
-
-extern void ACL_ListHashUpdate(ACLListHandle_t **acllistp);
-extern void ACL_Init(void);
-extern void ACL_CritEnter(void);
-extern void ACL_CritExit(void);
-extern ENTRY *ACL_GetUriHash(ENTRY item, ACTION action);
-extern int ACL_CacheCheck(char *uri, ACLListHandle_t **acllist_p);
-extern void ACL_CacheEnter(char *uri, ACLListHandle_t **acllist_p);
-extern void ACL_CacheAbort(ACLListHandle_t **acllist_p);
-
-NSPR_END_EXTERN_C
-
-#endif
diff --git a/lib/libaccess/leval.h b/lib/libaccess/leval.h
deleted file mode 100644
index fcfb6ecc..00000000
--- a/lib/libaccess/leval.h
+++ /dev/null
@@ -1,18 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-#ifndef LEVAL_H
-#define LEVAL_H
-
-NSPR_BEGIN_EXTERN_C
-
-int
-freeLAS(NSErr_t *errp, char *attribute, void **las_cookie);
-
-NSPR_END_EXTERN_C
-
-#endif
-
diff --git a/lib/libaccess/lparse.h b/lib/libaccess/lparse.h
deleted file mode 100644
index b6d3ffa6..00000000
--- a/lib/libaccess/lparse.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * This grammar is intended to parse the version 3.0 ACL
- * and output an ACLParseACE_t structure.
- */
-
-#ifndef LPARSE_H
-#define LPARSE_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-extern int aclPushListHandle(ACLListHandle_t *handle);
-extern int aclparse(void);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/lib/libaccess/nsadb.cpp b/lib/libaccess/nsadb.cpp
deleted file mode 100644
index 119111e9..00000000
--- a/lib/libaccess/nsadb.cpp
+++ /dev/null
@@ -1,582 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsadb.c)
- *
- * This module contains routines for retrieving information from
- * a Netscape authentication database. An authentication database
- * consists of a user database and a group database. This module
- * implements an authentication database based on Netscape user and
- * group databases defined in nsuser.h and nsgroup.h, which in turn
- * are based on the Netscape (server) database implementation
- * defined in nsdb.h. The interface for managing information in
- * an authentication database is described separately in nsamgmt.h.
- */
-
-#include <base/systems.h>
-#include <netsite.h>
-#include <base/file.h>
-#include <base/fsmutex.h>
-#include <libaccess/nsdbmgmt.h>
-#define __PRIVATE_NSADB
-#include <libaccess/nsadb.h>
-#include <libaccess/nsuser.h>
-#include <libaccess/nsgroup.h>
-
-/*
- * Description (NSADB_AuthIF)
- *
- * This structure defines a generic authentication database
- * interface for this module. It does not currently support
- * user/group id lookup.
- */
-AuthIF_t NSADB_AuthIF = {
- 0, /* find user/group by id */
- nsadbFindByName, /* find user/group by name */
- nsadbIdToName, /* lookup name for user/group id */
- nsadbOpen, /* open a named database */
- nsadbClose, /* close a database */
-};
-
-/*
- * Description (nsadbClose)
- *
- * This function closes an authentication database previously opened
- * via nsadbOpen().
- *
- * Arguments:
- *
- * authdb - handle returned by nsadbOpen()
- * flags - unused (must be zero)
- */
-
-NSAPI_PUBLIC void nsadbClose(void * authdb, int flags)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
-
- if (adb->adb_userdb != 0) {
- ndbClose(adb->adb_userdb, 0);
- }
-
- if (adb->adb_groupdb != 0) {
- ndbClose(adb->adb_groupdb, 0);
- }
-
-#if defined(CLIENT_AUTH)
- nsadbCloseCerts(authdb, flags);
-#endif
-
- if (adb->adb_dbname) {
- FREE(adb->adb_dbname);
- }
-
- FREE(adb);
-}
-
-/*
- * Description (nsadbOpen)
- *
- * This function is used to open an authentication database.
- * The caller specifies a name for the database, which is actually
- * the name of a directory containing the files which comprise the
- * database. The caller also indicates whether this is a new
- * database, in which case it is created.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * adbname - name of this database (directory)
- * flags - open flags:
- * AIF_CREATE - new database (create)
- * rptr - pointer to returned handle
- *
- * Returns:
- *
- * A handle for accessing the database is always returned via 'rptr'
- * unless there was a shortage of dynamic memory, in which case a
- * null handle is returned. The return value of the function is
- * 0 if it completes successfully. An error is indicated by a
- * negative return value (see nsautherr.h).
- */
-
-NSAPI_PUBLIC int nsadbOpen(NSErr_t * errp,
- char * adbname, int flags, void **rptr)
-{
- AuthDB_t * authdb = 0; /* pointer to database descriptor */
- SYS_DIR dbdir; /* database directory handle */
- int eid; /* error id code */
- int rv; /* result value */
-
- /* Make sure we have a place to return the database handle */
- if (rptr == 0) goto err_inval;
-
- /* Allocate the database descriptor */
- authdb = (AuthDB_t *)MALLOC(sizeof(AuthDB_t));
- if (authdb == 0) goto err_nomem;
-
- /* Return the descriptor pointer as the database handle */
- *rptr = (void *)authdb;
-
- authdb->adb_dbname = STRDUP(adbname);
- authdb->adb_userdb = 0;
- authdb->adb_groupdb = 0;
-#if defined(CLIENT_AUTH)
- authdb->adb_certdb = 0;
- authdb->adb_certlock = 0;
- authdb->adb_certnm = 0;
-#endif
- authdb->adb_flags = 0;
-
- /* See if the database directory exists */
- dbdir = dir_open(adbname);
- if (dbdir == 0) {
- /* No, create it if this is a new database, else error */
- if (flags & AIF_CREATE) {
- rv = dir_create(adbname);
- if (rv < 0) goto err_mkdir;
- authdb->adb_flags |= ADBF_NEW;
- }
- else goto err_dopen;
- }
- else {
- /* Ok, it's there */
- dir_close(dbdir);
- }
-
- return 0;
-
- err_inval:
- eid = NSAUERR3000;
- rv = NSAERRINVAL;
- goto err_ret;
-
- err_nomem:
- /* Error - insufficient dynamic memory */
- eid = NSAUERR3020;
- rv = NSAERRNOMEM;
- goto err_ret;
-
- err_ret:
- nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
- goto punt;
-
- err_mkdir:
- eid = NSAUERR3040;
- rv = NSAERRMKDIR;
- goto err_dir;
-
- err_dopen:
- eid = NSAUERR3060;
- rv = NSAERROPEN;
- goto err_dir;
-
- err_dir:
- nserrGenerate(errp, rv, eid, NSAuth_Program, 1, adbname);
- goto punt;
-
- punt:
- /* Fatal error - free database descriptor and return null handle */
- if (authdb) {
- if (authdb->adb_dbname) {
- FREE(authdb->adb_dbname);
- }
- FREE(authdb);
- }
-
- if (rptr) *rptr = 0;
-
- return rv;
-}
-
-/*
- * Description (nsadbOpenUsers)
- *
- * This function is called to open the users subdatabase of an
- * open authentication database. The caller specifies flags to
- * indicate whether read or write access is required. This
- * function is normally called only by routines below the
- * nsadbOpen() API, in response to perform particular operations
- * on user or group objects. If the open is successful, the
- * resulting handle is stored in the AuthDB_t structure.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle returned by nsadbOpen()
- * flags - open flags:
- * ADBF_UREAD - open for read
- * ADBF_UWRITE - open for read/write
- * Returns:
- *
- * The return value is zero if the operation is successfully
- * completed. An error is indicated by a negative return value
- * (see nsautherr.h), and an error frame is generated if an error
- * frame list was provided.
- */
-
-NSAPI_PUBLIC int nsadbOpenUsers(NSErr_t * errp, void * authdb, int flags)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- char * userfn = 0; /* user database name */
- int dblen; /* strlen(adb_dbname) */
- int uversion; /* user database version number */
- int eid; /* error id code */
- int rv; /* result value */
-
- if (adb == 0) goto err_inval;
-
- /* Is the user database already open? */
- if (adb->adb_userdb != 0) {
-
- /* Yes, is it open for the desired access? */
- if (adb->adb_flags & flags) {
-
- /* Yes, that was easy */
- return 0;
- }
- }
- else {
-
- /* We need to open the database */
-
- /* Allocate space for the user database filename */
- dblen = strlen(adb->adb_dbname);
-
- userfn = (char *)MALLOC(dblen + strlen(ADBUSERDBNAME) + 2);
- if (userfn == 0) goto err_nomem;
-
- /* Construct user database name */
- strcpy(userfn, adb->adb_dbname);
-
- /* Put in a '/' (or '\') if it's not there */
- if (userfn[dblen-1] != FILE_PATHSEP) {
- userfn[dblen] = FILE_PATHSEP;
- userfn[dblen+1] = 0;
- ++dblen;
- }
-
- strcpy(&userfn[dblen], ADBUSERDBNAME);
-
- adb->adb_userdb = ndbOpen(errp,
- userfn, 0, NDB_TYPE_USERDB, &uversion);
- if (adb->adb_userdb == 0) goto err_uopen;
-
- FREE(userfn);
- }
-
- /*
- * We don't really reopen the database to get the desired
- * access mode, since that is handled at the nsdb level.
- * But we do update the flags, just for the record.
- */
- adb->adb_flags &= ~(ADBF_UREAD|ADBF_UWRITE);
- if (flags & ADBF_UWRITE) adb->adb_flags |= ADBF_UWRITE;
- else adb->adb_flags |= ADBF_UREAD;
-
- return 0;
-
- err_inval:
- eid = NSAUERR3200;
- rv = NSAERRINVAL;
- goto err_ret;
-
- err_nomem:
- eid = NSAUERR3220;
- rv = NSAERRNOMEM;
- goto err_ret;
-
- err_ret:
- nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
- goto punt;
-
- err_uopen:
- eid = NSAUERR3240;
- rv = NSAERROPEN;
- nserrGenerate(errp, rv, eid, NSAuth_Program, 1, userfn);
- goto punt;
-
- punt:
- return rv;
-}
-
-/*
- * Description (nsadbOpenGroups)
- *
- * This function is called to open the groups subdatabase of an
- * open authentication database. The caller specifies flags to
- * indicate whether read or write access is required. This
- * function is normally called only by routines below the
- * nsadbOpen() API, in response to perform particular operations
- * on user or group objects. If the open is successful, the
- * resulting handle is stored in the AuthDB_t structure.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle returned by nsadbOpen()
- * flags - open flags:
- * ADBF_GREAD - open for read
- * ADBF_GWRITE - open for read/write
- * Returns:
- *
- * The return value is zero if the operation is successfully
- * completed. An error is indicated by a negative return value
- * (see nsautherr.h), and an error frame is generated if an error
- * frame list was provided.
- */
-
-NSAPI_PUBLIC int nsadbOpenGroups(NSErr_t * errp, void * authdb, int flags)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- char * groupfn = 0; /* group database name */
- int dblen; /* strlen(adb_dbname) */
- int gversion; /* group database version number */
- int eid; /* error id code */
- int rv; /* result value */
-
- if (adb == 0) goto err_inval;
-
- /* Is the group database already open? */
- if (adb->adb_groupdb != 0) {
-
- /* Yes, is it open for the desired access? */
- if (adb->adb_flags & flags) {
-
- /* Yes, that was easy */
- return 0;
- }
- }
- else {
-
- /* We need to open the database */
-
- /* Allocate space for the group database filename */
- dblen = strlen(adb->adb_dbname);
-
- groupfn = (char *)MALLOC(dblen + strlen(ADBGROUPDBNAME) + 2);
- if (groupfn == 0) goto err_nomem;
-
- /* Construct group database name */
- strcpy(groupfn, adb->adb_dbname);
-
- /* Put in a '/' (or '\') if it's not there */
- if (groupfn[dblen-1] != FILE_PATHSEP) {
- groupfn[dblen] = FILE_PATHSEP;
- groupfn[dblen+1] = 0;
- ++dblen;
- }
-
- strcpy(&groupfn[dblen], ADBGROUPDBNAME);
-
- adb->adb_groupdb = ndbOpen(errp,
- groupfn, 0, NDB_TYPE_GROUPDB, &gversion);
- if (adb->adb_groupdb == 0) goto err_gopen;
-
- FREE(groupfn);
- }
-
- /*
- * We don't really reopen the database to get the desired
- * access mode, since that is handled at the nsdb level.
- * But we do update the flags, just for the record.
- */
- adb->adb_flags &= ~(ADBF_GREAD|ADBF_GWRITE);
- if (flags & ADBF_GWRITE) adb->adb_flags |= ADBF_GWRITE;
- else adb->adb_flags |= ADBF_GREAD;
-
- return 0;
-
- err_inval:
- eid = NSAUERR3300;
- rv = NSAERRINVAL;
- goto err_ret;
-
- err_nomem:
- eid = NSAUERR3320;
- rv = NSAERRNOMEM;
- goto err_ret;
-
- err_ret:
- nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
- goto punt;
-
- err_gopen:
- eid = NSAUERR3340;
- rv = NSAERROPEN;
- nserrGenerate(errp, rv, eid, NSAuth_Program, 1, groupfn);
- goto punt;
-
- punt:
- return rv;
-}
-
-/*
- * Description (nsadbIdToName)
- *
- * This function looks up a specified user or group id in the
- * authentication database. The name associated with the specified
- * id is returned.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle returned by nsadbOpen()
- * id - user or group id
- * flags - AIF_USER or AIF_GROUP (defined in nsauth.h)
- * rptr - pointer to returned group or user name
- *
- * Returns:
- *
- * The return value is zero if no error occurs,
- * A negative return value indicates an error.
- */
-
-NSAPI_PUBLIC int nsadbIdToName(NSErr_t * errp,
- void * authdb, USI_t id, int flags, char **rptr)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- void * whichdb = 0;
- char * name;
- int rv;
-
- if (rptr != 0) *rptr = 0;
-
- /* Decide whether to use user or group database */
- if (flags & AIF_USER) {
-
- whichdb = adb->adb_userdb;
- if (whichdb == 0) {
- rv = nsadbOpenUsers(errp, authdb, ADBF_UREAD);
- if (rv < 0) goto punt;
- whichdb = adb->adb_userdb;
- }
- }
- else if (flags & AIF_GROUP) {
-
- whichdb = adb->adb_groupdb;
- if (whichdb == 0) {
- rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD);
- if (rv < 0) goto punt;
- whichdb = adb->adb_groupdb;
- }
- }
-
- if (whichdb != 0) {
-
- /* Get the name corresponding to the id */
- rv = ndbIdToName(errp, whichdb, id, 0, &name);
- if (rv < 0) goto punt;
-
- if ((rptr != 0)) *rptr = name;
- rv = 0;
- }
-
- punt:
- return rv;
-}
-
-/*
- * Description (nsadbFindByName)
- *
- * This function looks up a specified name in the authentication
- * database. Flags specified by the caller indicate whether a
- * group name, user name, or either should be found. The caller
- * may optionally provide for the return of a user or group object
- * pointer, in which case the information associated with a
- * matching group or user is used to create a group or user object.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle returned by nsadbOpen()
- * name - name of group or user
- * flags - search flags (defined in nsauth.h)
- * rptr - pointer to returned group or user
- * object pointer (may be null)
- *
- * Returns:
- *
- * The return value is a non-negative value if no error occurs,
- * and the value indicates whether the name matched a group or
- * user:
- *
- * AIF_NONE - name did not match a group or user name
- * AIF_GROUP - name matched a group name
- * AIF_USER - name matched a user name
- *
- * If the value is AIF_GROUP or AIF_USER, and rptr is non-null,
- * then a group or user object is created, and a pointer to it is
- * returned in the location indicated by rptr.
- *
- * A negative return value indicates an error.
- */
-
-NSAPI_PUBLIC int nsadbFindByName(NSErr_t * errp, void * authdb,
- char * name, int flags, void **rptr)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- ATR_t recptr;
- int reclen;
- int rv;
-
- if (rptr != 0) *rptr = 0;
-
- /* Search for group name? */
- if (flags & AIF_GROUP) {
-
- if (adb->adb_groupdb == 0) {
- rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD);
- if (rv < 0) goto punt;
- }
-
- /* Look up the name in the group database */
- rv = ndbFindName(errp, adb->adb_groupdb, 0, (char *)name,
- &reclen, (char **)&recptr);
- if (rv == 0) {
-
- /* Found it. Make a group object if requested. */
- if (rptr != 0) {
-
- /* Got the group record. Decode into a group object. */
- *rptr = (void *)groupDecode((NTS_t)name, reclen, recptr);
- }
-
- return AIF_GROUP;
- }
- }
-
- /* Search for user name? */
- if (flags & AIF_USER) {
-
- if (adb->adb_userdb == 0) {
- rv = nsadbOpenUsers(errp, authdb, ADBF_UREAD);
- if (rv < 0) goto punt;
- }
-
- /* Look up the name in the user database */
- rv = ndbFindName(errp, adb->adb_userdb, 0, (char *)name,
- &reclen, (char **)&recptr);
- if (rv == 0) {
-
- /* Found it. Make a user object if requested. */
- if (rptr != 0) {
-
- /* Got the user record. Decode into a user object. */
- *rptr = (void *)userDecode((NTS_t)name, reclen, recptr);
- }
-
- return AIF_USER;
- }
- }
-
- /* Nothing found */
- nserrDispose(errp);
- return AIF_NONE;
-
- punt:
- return rv;
-}
diff --git a/lib/libaccess/nsamgmt.cpp b/lib/libaccess/nsamgmt.cpp
deleted file mode 100644
index f2bc93e7..00000000
--- a/lib/libaccess/nsamgmt.cpp
+++ /dev/null
@@ -1,1567 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsamgmt.c)
- *
- * This module contains routines for managing information in a
- * Netscape authentication database. An authentication database
- * consists of a user database and a group database. This module
- * implements an authentication database based on Netscape user and
- * group databases defined in nsuser.h and nsgroup.h, which in turn
- * are based on the Netscape (server) database implementation
- * defined in nsdb.h. The interface for retrieving information
- * from an authentication database is described separately in
- * nsadb.h.
- */
-
-#include "base/systems.h"
-#include "netsite.h"
-#include "base/file.h"
-#define __PRIVATE_NSADB
-#include "libaccess/nsamgmt.h"
-#include "libaccess/nsumgmt.h"
-#include "libaccess/nsgmgmt.h"
-
-/*
- * Description (nsadbEnumUsersHelp)
- *
- * This is a local function that is called by NSDB during user
- * database enumeration. It decodes user records into user
- * objects, and presents them to the caller of nsadbEnumerateUsers(),
- * via the specified call-back function. The call-back function
- * return value may be a negative error code, which will cause
- * enumeration to stop, and the error code will be returned from
- * nsadbEnumerateUsers(). If the return value of the call-back
- * function is not negative, it can contain one or more of the
- * following flags:
- *
- * ADBF_KEEPOBJ - do not free the UserObj_t structure
- * that was passed to the call-back function
- * ADBF_STOPENUM - stop the enumeration without an error
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * parg - pointer to UserEnumArgs_t structure
- * namelen - user record key length including null
- * terminator
- * name - user record key (user account name)
- * reclen - length of user record
- * recptr - pointer to user record contents
- *
- * Returns:
- *
- * If the call-back returns a negative result, that value is
- * returned. If the call-back returns ADBF_STOPENUM, then
- * -1 is returned, causing the enumeration to stop. Otherwise
- * the return value is zero.
- */
-
-typedef struct EnumUserArgs_s EnumUserArgs_t;
-struct EnumUserArgs_s {
- void * authdb;
- int (*func)(NSErr_t * ferrp,
- void * authdb, void * argp, UserObj_t * uoptr);
- void * user;
- int rv;
-};
-
-static int nsadbEnumUsersHelp(NSErr_t * errp, void * parg,
- int namelen, char * name,
- int reclen, char * recptr)
-{
- EnumUserArgs_t * ue = (EnumUserArgs_t *)parg;
- UserObj_t * uoptr; /* user object pointer */
- int rv;
-
- uoptr = userDecode((NTS_t)name, reclen, (ATR_t)recptr);
- if (uoptr != 0) {
- rv = (*ue->func)(errp, ue->authdb, ue->user, uoptr);
- if (rv >= 0) {
-
- /* Count the number of users seen */
- ue->rv += 1;
-
- /* Free the user object unless the call-back says not to */
- if (!(rv & ADBF_KEEPOBJ)) {
- userFree(uoptr);
- }
- /* Return either 0 or -1, depending on ADBF_STOPENUM */
- rv = (rv & ADBF_STOPENUM) ? -1 : 0;
- }
- else {
- /* Free the user object in the event of an error */
- userFree(uoptr);
-
- /* Also return the error code */
- ue->rv = rv;
- }
- }
-
- return rv;
-}
-
-/*
- * Description (nsadbEnumGroupsHelp)
- *
- * This is a local function that is called by NSDB during group
- * database enumeration. It decodes group records into group
- * objects, and presents them to the caller of nsadbEnumerateGroups(),
- * via the specified call-back function. The call-back function
- * return value may be a negative error code, which will cause
- * enumeration to stop, and the error code will be returned from
- * nsadbEnumerateGroups(). If the return value of the call-back
- * function is not negative, it can contain one or more of the
- * following flags:
- *
- * ADBF_KEEPOBJ - do not free the GroupObj_t structure
- * that was passed to the call-back function
- * ADBF_STOPENUM - stop the enumeration without an error
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * parg - pointer to GroupEnumArgs_t structure
- * namelen - group record key length including null
- * terminator
- * name - group record key (group name)
- * reclen - length of group record
- * recptr - pointer to group record contents
- *
- * Returns:
- *
- * If the call-back returns a negative result, that value is
- * returned. If the call-back returns ADBF_STOPENUM, then
- * -1 is returned, causing the enumeration to stop. Otherwise
- * the return value is zero.
- */
-
-typedef struct EnumGroupArgs_s EnumGroupArgs_t;
-struct EnumGroupArgs_s {
- void * authdb;
- int (*func)(NSErr_t * ferrp,
- void * authdb, void * argp, GroupObj_t * goptr);
- void * user;
- int rv;
-};
-
-static int nsadbEnumGroupsHelp(NSErr_t * errp, void * parg,
- int namelen, char * name,
- int reclen, char * recptr)
-{
- EnumGroupArgs_t * eg = (EnumGroupArgs_t *)parg;
- GroupObj_t * goptr; /* group object pointer */
- int rv;
-
- goptr = groupDecode((NTS_t)name, reclen, (ATR_t)recptr);
- if (goptr != 0) {
- rv = (*eg->func)(errp, eg->authdb, eg->user, goptr);
- if (rv >= 0) {
-
- /* Count the number of groups seen */
- eg->rv += 1;
-
- /* Free the group object unless the call-back says not to */
- if (!(rv & ADBF_KEEPOBJ)) {
- groupFree(goptr);
- }
- /* Return either 0 or -1, depending on ADBF_STOPENUM */
- rv = (rv & ADBF_STOPENUM) ? -1 : 0;
- }
- else {
- /* Free the group object in the event of an error */
- groupFree(goptr);
-
- /* Also return the error code */
- eg->rv = rv;
- }
- }
-
- return rv;
-}
-
-NSPR_BEGIN_EXTERN_C
-
-/*
- * Description (nsadbAddGroupToGroup)
- *
- * This function adds a child group, C, to the definition of a
- * parent group P. This involves updating the group entries of
- * C and P in the group database. It also involves updating
- * the group lists of any user descendants of C, to reflect the
- * fact that these users are now members of P and P's ancestors.
- * A check is made for an attempt to create a cycle in the group
- * hierarchy, and this is rejected as an error.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * pgoptr - pointer to parent group object
- * cgoptr - pointer to child group object
- *
- * Returns:
- *
- * The return value is zero if group C was not already a direct
- * member of group P, and was added successfully. A return value
- * of +1 indicates that group C was already a direct member of
- * group P. A negative return value indicates an error.
- */
-
-NSAPI_PUBLIC int nsadbAddGroupToGroup(NSErr_t * errp, void * authdb,
- GroupObj_t * pgoptr, GroupObj_t * cgoptr)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- USIList_t gsuper; /* list of ancestors of group P */
- USIList_t dglist; /* descendant groups of C */
- GroupObj_t * dgoptr; /* descendant group object pointer */
- UserObj_t * uoptr; /* user object pointer */
- USI_t id; /* current descendant group id */
- int usercount; /* count of users for descendant */
- USI_t * userlist; /* pointer to array of descendant user ids */
- USI_t * idlist; /* pointer to array of descendant group ids */
- int pass; /* loop pass number */
- int i; /* loop index */
- int rv; /* result value */
-
- /* Is C a direct member of P already? */
- if (usiPresent(&pgoptr->go_groups, cgoptr->go_gid)) {
- /* Yes, indicate that */
- return 0;
- }
-
- dgoptr = 0;
- uoptr = 0;
-
- /* Initialize a list of the group descendants of group C */
- UILINIT(&dglist);
-
- /* Initialize a list of P and its ancestors */
- UILINIT(&gsuper);
-
- /* Add P to the ancestor list */
- rv = usiInsert(&gsuper, pgoptr->go_gid);
- if (rv < 0) goto punt;
-
- /* Open user database since the group lists of users may be modified */
- rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
- if (rv < 0) goto punt;
-
- /* Open group database since group entries will be modified */
- rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
- if (rv < 0) goto punt;
-
- /* Merge all the ancestors of group P into the list */
- rv = nsadbSuperGroups(errp, authdb, pgoptr, &gsuper);
- if (rv < 0) goto punt;
-
- /*
- * Each pass through the following loop visits C and all of C's
- * descendant groups.
- *
- * The first pass checks to see if making group C a member of
- * group P would create a cycle in the group structure. It does
- * this by examining C and all of its dependents to see if any
- * appear in the list containing P and P's ancestors.
- *
- * The second pass updates the group lists of all users contained
- * in group C to include P and P's ancestors.
- */
-
- for (pass = 1; pass < 3; ++pass) {
-
- /* Use the group C as the first descendant */
- id = cgoptr->go_gid;
- dgoptr = cgoptr;
-
- for (;;) {
-
- if (pass == 1) {
- /*
- * Check for attempt to create a cycle in the group
- * hierarchy. See if this descendant is a member of
- * the list of P and P's ancestors (gsuper).
- */
- if (usiPresent(&gsuper, id)) {
- /*
- * Error - operation would create a cycle
- * in the group structure.
- */
- return -1;
- }
- }
- else {
-
- /*
- * Merge the list of ancestors of P (gsuper) with the
- * group lists of any direct user members of the current
- * descendant group, referenced by dgoptr.
- */
-
- /* Get direct user member list size and pointer */
- usercount = UILCOUNT(&dgoptr->go_users);
- userlist = UILLIST(&dgoptr->go_users);
-
- /* For each direct user member of this descendant ... */
- for (i = 0; i < usercount; ++i) {
-
- /* Get a user object for the user */
- uoptr = userFindByUid(errp,
- adb->adb_userdb, userlist[i]);
- if (uoptr == 0) {
- /*
- * Error - user not found,
- * databases are inconsistent.
- */
- rv = -1;
- goto punt;
- }
-
- /* Merge gsuper into the user's group list */
- rv = uilMerge(&uoptr->uo_groups, &gsuper);
- if (rv < 0) goto punt;
-
- /* Write out the user object */
- uoptr->uo_flags |= UOF_MODIFIED;
- rv = userStore(errp, adb->adb_userdb, 0, uoptr);
- if (rv) goto punt;
-
- /* Free the user object */
- userFree(uoptr);
- uoptr = 0;
- }
- }
-
- /*
- * Merge the direct member groups of the current descendant
- * group into the list of descendants to be processed.
- */
- rv = uilMerge(&dglist, &dgoptr->go_groups);
- if (rv < 0) goto punt;
-
- /* Free the group object for the current descendant */
- if (dgoptr != cgoptr) {
- groupFree(dgoptr);
- dgoptr = 0;
- }
-
- /* Exit the loop if the descendant list is empty */
- if (UILCOUNT(&dglist) <= 0) break;
-
- /* Otherwise remove the next descendant from the list */
- idlist = UILLIST(&dglist);
- id = idlist[0];
- rv = usiRemove(&dglist, id);
- if (rv < 0) goto punt;
-
- /* Now get a group object for this descendant group */
- dgoptr = groupFindByGid(errp, adb->adb_groupdb, id);
- if (dgoptr == 0) {
- /* Error - group not found, databases are inconsistent */
- rv = -1;
- goto punt;
- }
- }
- }
-
- /* Now add C to P's list of member groups */
- rv = usiInsert(&pgoptr->go_groups, cgoptr->go_gid);
- if (rv < 0) goto punt;
-
- /* Add P to C's list of parent groups */
- rv = usiInsert(&cgoptr->go_pgroups, pgoptr->go_gid);
- if (rv < 0) goto punt;
-
- /* Update the database entry for group C */
- cgoptr->go_flags |= GOF_MODIFIED;
- rv = groupStore(errp, adb->adb_groupdb, 0, cgoptr);
- if (rv) goto punt;
-
- /* Update the database entry for group P */
- pgoptr->go_flags |= GOF_MODIFIED;
- rv = groupStore(errp, adb->adb_groupdb, 0, pgoptr);
-
- return rv;
-
- punt:
- /* Handle errors */
- UILFREE(&gsuper);
- UILFREE(&dglist);
- if (dgoptr) {
- groupFree(dgoptr);
- }
- if (uoptr) {
- userFree(uoptr);
- }
- return rv;
-}
-
-/*
- * Description (nsadbAddUserToGroup)
- *
- * This function adds a user to a group definition. This involves
- * updating the group entry in the group database, and the user
- * entry in the user database. The caller provides a pointer to
- * a user object for the user to be added, a pointer to a group
- * object for the group being modified, and a handle for the
- * authentication databases (from nsadbOpen()).
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * goptr - pointer to group object
- * uoptr - pointer to user object
- *
- * Returns:
- *
- * The return value is zero if the user was not already a direct
- * member of the group, and was added successfully. A return value
- * of +1 indicates that the user was already a direct member of the
- * group. A negative return value indicates an error.
- */
-
-NSAPI_PUBLIC int nsadbAddUserToGroup(NSErr_t * errp, void * authdb,
- GroupObj_t * goptr, UserObj_t * uoptr)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- USIList_t nglist; /* new group list for specified user */
- USIList_t gsuper; /* groups containing+ the specified group */
- GroupObj_t * aoptr; /* group object for 'id' group */
- USI_t * idlist; /* pointer to gsuper gid array */
- USI_t id; /* current gid from gsuper */
- int rv; /* result value */
-
- /* Is the user already a direct member of the group? */
- if (usiPresent(&goptr->go_users, uoptr->uo_uid)) {
-
- /* Yes, nothing to do */
- return 1;
- }
-
- /*
- * The user object contains a list of all of the groups that contain
- * the user, either directly or indirectly. We need to add the
- * specified group and its ancestors to this list. Each group contains
- * a list of the group's parents, which is used to locate all of the
- * group's ancestors. As an optimization, we need not consider any
- * ancestors which are already on the user's current group list.
- */
-
- /*
- * The following loop will deal with two lists of group ids. One
- * is the list that will become the new group list for the user,
- * which is initialized to the user's current group list. The other
- * is a list of ancestors of the group to be considered for addition
- * to the user's group list. This list is initialized to the specified
- * group.
- */
-
- /* Initialize both lists to be empty */
- UILINIT(&nglist);
- UILINIT(&gsuper);
-
- /* Make a copy of the user's current group list */
- rv = uilDuplicate(&nglist, &uoptr->uo_groups);
- if (rv < 0) goto punt;
-
- /* Start the other list with the specified group */
- rv = usiInsert(&gsuper, goptr->go_gid);
- if (rv < 0) goto punt;
-
- /* Open user database since the group lists of users may be modified */
- rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
- if (rv < 0) goto punt;
-
- /* Open group database since group entries will be modified */
- rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
- if (rv < 0) goto punt;
-
- /* While entries remain on the ancestor list */
- while (UILCOUNT(&gsuper) > 0) {
-
- /* Get pointer to array of ancestor group ids */
- idlist = UILLIST(&gsuper);
-
- /* Remove the first ancestor */
- id = idlist[0];
- usiRemove(&gsuper, id);
-
- /* Is the ancestor on the user's current group list? */
- if (!usiPresent(&uoptr->uo_groups, id)) {
-
- /* No, add its parents to the ancestor list */
-
- /* Look up the ancestor group (get a group object for it) */
- aoptr = groupFindByGid(errp, adb->adb_groupdb, id);
- if (aoptr == 0) {
- /* Error - group not found, database inconsistent */
- rv = -1;
- goto punt;
- }
-
- /* Merge the ancestors parents into the ancestor list */
- rv = uilMerge(&gsuper, &aoptr->go_pgroups);
-
- /* Lose the ancestor group object */
- groupFree(aoptr);
-
- /* See if the merge worked */
- if (rv < 0) goto punt;
- }
-
- /* Add the ancestor to the new group list for the user */
- rv = usiInsert(&nglist, id);
- if (rv < 0) goto punt;
- }
-
- /* Add the user to the group's user member list */
- rv = usiInsert(&goptr->go_users, uoptr->uo_uid);
- if (rv < 0) goto punt;
-
- /* Replace the user's group list with the new one */
- UILREPLACE(&uoptr->uo_groups, &nglist);
-
- /* Write out the updated user object */
- uoptr->uo_flags |= UOF_MODIFIED;
- rv = userStore(errp, adb->adb_userdb, 0, uoptr);
- if (rv < 0) goto punt;
-
- /* Write out the updated group object */
- goptr->go_flags |= GOF_MODIFIED;
- rv = groupStore(errp, adb->adb_groupdb, 0, goptr);
-
- return rv;
-
- punt:
- /* Handle error */
-
- /* Free ancestor and new group lists */
- UILFREE(&nglist);
- UILFREE(&gsuper);
-
- return rv;
-}
-
-/*
- * Description (nsadbCreateGroup)
- *
- * This function creates a new group in a specified authentication
- * database. The group is described by a group object. A group
- * object can be created by calling nsadbGroupNew().
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * goptr - pointer to group object
- *
- * Returns:
- */
-
-NSAPI_PUBLIC int nsadbCreateGroup(NSErr_t * errp, void * authdb, GroupObj_t * goptr)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- int rv;
-
- /* Open the group database for write access */
- rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
- if (rv < 0) goto punt;
-
- /* Add this group to the database */
- rv = groupStore(errp, adb->adb_groupdb, 0, goptr);
-
- punt:
- return rv;
-}
-
-/*
- * Description (nsadbCreateUser)
- *
- * This function creates a new user in a specified authentication
- * database. The user is described by a user object. A user
- * object can be created by calling nsadbUserNew().
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * uoptr - pointer to user object
- *
- * Returns:
- */
-
-NSAPI_PUBLIC int nsadbCreateUser(NSErr_t * errp, void * authdb, UserObj_t * uoptr)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- int rv;
-
- /* Open the user database for write access */
- rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
- if (rv < 0) goto punt;
-
- /* Add this user to the database */
- rv = userStore(errp, adb->adb_userdb, 0, uoptr);
-
- punt:
- return rv;
-}
-
-/*
- * Description (nsadbEnumerateUsers)
- *
- * This function is called to enumerate all of the users in a
- * given authentication database to a call-back function specified
- * by the caller. The call-back function is provided with a
- * handle for the authentication database, an opaque value provided
- * by the caller, and a pointer to a user object. See the
- * description of nsadbEnumUsersHelp above for the interpretation
- * of the call-back function's return value.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * argp - opaque value for call-back function
- * func - pointer to call-back function
- *
- * Returns:
- *
- * If the call-back function returns a negative error code, this
- * value is returned. A negative value may also be returned if
- * nsadb encounters an error. Otherwise the result is the number
- * of users enumerated.
- */
-
-NSAPI_PUBLIC int nsadbEnumerateUsers(NSErr_t * errp, void * authdb, void * argp,
-#ifdef UnixWare
- ArgFn_EnumUsers func) /* for ANSI C++ standard, see nsamgmt.h */
-#else
- int (*func)(NSErr_t * ferrp, void * authdb, void * parg, UserObj_t * uoptr))
-#endif
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- EnumUserArgs_t args; /* arguments for enumeration helper */
- int rv; /* result value */
-
- /* Open the users subdatabase for read access */
- rv = nsadbOpenUsers(errp, authdb, ADBF_UREAD);
- if (rv < 0) goto punt;
-
- args.authdb = authdb;
- args.func = func;
- args.user = argp;
- args.rv = 0;
-
- rv = ndbEnumerate(errp, adb->adb_userdb,
- NDBF_ENUMNORM, (void *)&args, nsadbEnumUsersHelp);
- if (rv < 0) goto punt;
-
- rv = args.rv;
-
- punt:
- return rv;
-}
-
-/*
- * Description (nsadbEnumerateGroups)
- *
- * This function is called to enumerate all of the groups in a
- * given authentication database to a call-back function specified
- * by the caller. The call-back function is provided with a
- * handle for the authentication database, an opaque value provided
- * by the caller, and a pointer to a group object. See the
- * description of nsadbEnumGroupsHelp above for the interpretation
- * of the call-back function's return value.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * argp - opaque value for call-back function
- * func - pointer to call-back function
- *
- * Returns:
- *
- * If the call-back function returns a negative error code, this
- * value is returned. A negative value may also be returned if
- * nsadb encounters an error. Otherwise the result is the number
- * of groups enumerated.
- */
-
-NSAPI_PUBLIC int nsadbEnumerateGroups(NSErr_t * errp, void * authdb, void * argp,
-#ifdef UnixWare
- ArgFn_EnumGroups func) /* for ANSI C++ standard, see nsamgmt.h */
-#else
- int (*func)(NSErr_t * ferrp, void * authdb, void * parg, GroupObj_t * goptr))
-#endif
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- EnumGroupArgs_t args;
- int rv; /* result value */
-
- /* Open group database for read access */
- rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD);
- if (rv < 0) goto punt;
-
- args.authdb = authdb;
- args.func = func;
- args.user = argp;
- args.rv = 0;
-
- rv = ndbEnumerate(errp, adb->adb_groupdb,
- NDBF_ENUMNORM, (void *)&args, nsadbEnumGroupsHelp);
- if (rv < 0) goto punt;
-
- rv = args.rv;
-
- punt:
- return rv;
-}
-
-/*
- * Description (nsadbIsUserInGroup)
- *
- * This function tests whether a given user id is a member of the
- * group associated with a specified group id. The caller may
- * provide a list of group ids for groups to which the user is
- * already known to belong, and this may speed up the check.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * uid - user id
- * gid - group id
- * ngroups - number of group ids in grplist
- * grplist - groups the user is known to belong to
- *
- * Returns:
- *
- * The return value is +1 if the user is found to belong to the
- * indicated group, or 0 if the user does not belong to the group.
- * An error is indicated by a negative return value.
- */
-
-NSAPI_PUBLIC int nsadbIsUserInGroup(NSErr_t * errp, void * authdb,
- USI_t uid, USI_t gid, int ngroups, USI_t * grplist)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- USIList_t dglist; /* descendant group list */
- GroupObj_t * goptr = 0; /* group object pointer */
- USI_t * idlist; /* pointer to array of group ids */
- USI_t tgid; /* test group id */
- int i; /* loop index */
- int rv; /* result value */
-
- UILINIT(&dglist);
-
- /* Open group database for read access */
- rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD);
- if (rv < 0) goto punt;
-
- for (tgid = gid;;) {
-
- /* Get a group object for this group id */
- goptr = groupFindByGid(errp, adb->adb_groupdb, tgid);
- if (goptr == 0) {
- /* Error - group id not found, databases are inconsistent */
- rv = -1;
- goto punt;
- }
-
- /* Is the user a direct member of this group? */
- if (usiPresent(&goptr->go_users, uid)) goto is_member;
-
- /*
- * Is there any group to which the user is already known to
- * belong that is a direct group member of this group? If so,
- * the user is also a member of this group.
- */
-
- /* Scan list of groups to which the user is known to belong */
- for (i = 0; i < ngroups; ++i) {
-
- if (usiPresent(&goptr->go_groups, grplist[i])) goto is_member;
- }
-
- /* Merge group member list of this group with descendants list */
- rv = uilMerge(&dglist, &goptr->go_groups);
- if (rv < 0) goto punt;
-
- /*
- * If descendants list is empty, the user is not contained in
- * the specified group.
- */
- if (UILCOUNT(&dglist) <= 0) {
- rv = 0;
- goto punt;
- }
-
- /* Remove the next id from the descendants list */
- idlist = UILLIST(&dglist);
- tgid = idlist[0];
-
- rv = usiRemove(&dglist, tgid);
- if (rv < 0) goto punt;
-
- groupFree(goptr);
- goptr = 0;
- }
-
- is_member:
- rv = 1;
-
- punt:
- if (goptr) {
- groupFree(goptr);
- }
- UILFREE(&dglist);
- return rv;
-}
-
-/*
- * Description (nsadbModifyGroup)
- *
- * This function is called to write modifications to a group to
- * a specified authentication database. The group is assumed to
- * already exist in the database. Information about the group
- * is passed in a group object. This function should not be used
- * to alter the lists of group members or parents.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * goptr - pointer to modified group object
- *
- * Returns:
- *
- * The return value is zero if the group information is successfully
- * updated. An error is indicated by a negative return value, and
- * an error frame is generated if an error frame list is provided.
- */
-
-NSAPI_PUBLIC int nsadbModifyGroup(NSErr_t * errp, void * authdb, GroupObj_t * goptr)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- int rv;
-
- rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
- if (rv < 0) goto punt;
-
- rv = groupStore(errp, adb->adb_groupdb, 0, goptr);
-
- punt:
- return rv;
-}
-
-/*
- * Description (nsadbModifyUser)
- *
- * This function is called to write modifications to a user to
- * a specified authentication database. The user is assumed to
- * already exist in the database. Information about the user
- * is passed in a user object. This function should not be used
- * to modify the list of groups which contain the user.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * uoptr - pointer to modified user object
- *
- * Returns:
- *
- * The return value is zero if the user information is successfully
- * updated. An error is indicated by a negative return value, and
- * an error frame is generated if an error frame list is provided.
- */
-
-NSAPI_PUBLIC int nsadbModifyUser(NSErr_t * errp, void * authdb, UserObj_t * uoptr)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- int rv;
-
- rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
- if (rv < 0) goto punt;
-
- rv = userStore(errp, adb->adb_userdb, 0, uoptr);
-
- punt:
- return rv;
-}
-
-/*
- * Description (nsadbRemoveGroup)
- *
- * This function is called to remove a given group name from
- * a specified authentication database. This can cause updates
- * to both the user and group subdatabases.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * name - pointer to name of group to remove
- *
- * Returns:
- *
- * The return value is zero if the group information is successfully
- * removed. An error is indicated by a negative return value, and
- * an error frame is generated if an error frame list is provided.
- */
-
-NSAPI_PUBLIC int nsadbRemoveGroup(NSErr_t * errp, void * authdb, char * name)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- UserObj_t * uoptr = 0; /* user object pointer */
- GroupObj_t * goptr = 0; /* group object pointer */
- GroupObj_t * ogoptr = 0; /* other group object pointer */
- char * ugname; /* user or group name */
- USI_t * list; /* pointer into user/group id list */
- int cnt; /* count of user or group ids */
- int i; /* loop index */
- int eid; /* error id code */
- int rv; /* result value */
-
- /* Open the groups subdatabase for write access */
- rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
- if (rv < 0) goto punt;
-
- /* Look up the group to be removed, and get a group object */
- rv = nsadbFindByName(errp, authdb, name, AIF_GROUP, (void **)&goptr);
- if (rv != AIF_GROUP) {
- if (rv < 0) goto punt;
- goto err_nogroup;
- }
-
- /* Mark the group for delete */
- goptr->go_flags |= GOF_DELPEND;
-
- /* Does the specified group belong to any groups? */
- cnt = UILCOUNT(&goptr->go_pgroups);
- if (cnt > 0) {
-
- /* Yes, for each parent group ... */
- for (i = 0; i < cnt; ++i) {
-
- /* Note that nsadbRemGroupFromGroup() will shrink this list */
- list = UILLIST(&goptr->go_pgroups);
-
- /* Get group name associated with the group id */
- rv = nsadbIdToName(errp, authdb, *list, AIF_GROUP, &ugname);
- if (rv < 0) goto punt;
-
- /* Look up the group by name and get a group object for it */
- rv = nsadbFindByName(errp,
- authdb, ugname, AIF_GROUP, (void **)&ogoptr);
- if (rv < 0) goto punt;
-
- /* Remove the specified group from the parent group */
- rv = nsadbRemGroupFromGroup(errp, authdb, ogoptr, goptr);
- if (rv < 0) goto punt;
-
- /* Free the parent group object */
- groupFree(ogoptr);
- ogoptr = 0;
- }
- }
-
- /* Are there any group members of this group? */
- cnt = UILCOUNT(&goptr->go_groups);
- if (cnt > 0) {
-
- /* For each group member of the group ... */
-
- for (i = 0; i < cnt; ++i) {
-
- /* Note that nsadbRemGroupFromGroup() will shrink this list */
- list = UILLIST(&goptr->go_groups);
-
- /* Get group name associated with the group id */
- rv = nsadbIdToName(errp, authdb, *list, AIF_GROUP, &ugname);
- if (rv < 0) goto punt;
-
- /* Look up the group by name and get a group object for it */
- rv = nsadbFindByName(errp,
- authdb, ugname, AIF_GROUP, (void **)&ogoptr);
- if (rv < 0) goto punt;
-
- /* Remove member group from the specified group */
- rv = nsadbRemGroupFromGroup(errp, authdb, goptr, ogoptr);
- if (rv < 0) goto punt;
-
- /* Free the member group object */
- groupFree(ogoptr);
- ogoptr = 0;
- }
- }
-
- /* Are there any direct user members of this group? */
- cnt = UILCOUNT(&goptr->go_users);
- if (cnt > 0) {
-
- /* Yes, open users subdatabase for write access */
- rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
- if (rv < 0) goto punt;
-
- /* For each user member of the group ... */
- for (i = 0; i < cnt; ++i) {
-
- /* Note that nsadbRemUserFromGroup() will shrink this list */
- list = UILLIST(&goptr->go_users);
-
- /* Get user name associated with the user id */
- rv = nsadbIdToName(errp, authdb, *list, AIF_USER, &ugname);
- if (rv < 0) goto punt;
-
- /* Look up the user by name and get a user object for it */
- rv = nsadbFindByName(errp,
- authdb, ugname, AIF_USER, (void **)&uoptr);
- if (rv < 0) goto punt;
-
- /* Remove user from the group */
- rv = nsadbRemUserFromGroup(errp, authdb, goptr, uoptr);
- if (rv < 0) goto punt;
-
- /* Free the member user object */
- userFree(uoptr);
- uoptr = 0;
- }
- }
-
- /* Free the group object for the specified group */
- groupFree(goptr);
- goptr = 0;
-
- /* Now we can remove the group entry */
- rv = groupRemove(errp, adb->adb_groupdb, 0, (NTS_t)name);
-
- return rv;
-
- err_nogroup:
- eid = NSAUERR4100;
- rv = NSAERRNAME;
- nserrGenerate(errp, rv, eid, NSAuth_Program, 2, adb->adb_dbname, name);
- goto punt;
-
- punt:
- /* Free any user or group objects that we created */
- if (ogoptr != 0) {
- groupFree(ogoptr);
- }
- if (uoptr != 0) {
- userFree(uoptr);
- }
- if (goptr != 0) {
- groupFree(goptr);
- }
- return rv;
-}
-
-/*
- * Description (nsadbRemoveUser)
- *
- * This function is called to remove a given user name from
- * a specified authentication database. This can cause updates
- * to both the user and user subdatabases.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * name - pointer to name of user to remove
- *
- * Returns:
- *
- * The return value is zero if the user information is successfully
- * removed. An error is indicated by a negative return value, and
- * an error frame is generated if an error frame list is provided.
- */
-
-NSAPI_PUBLIC int nsadbRemoveUser(NSErr_t * errp, void * authdb, char * name)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- UserObj_t * uoptr = 0; /* user object pointer */
- GroupObj_t * goptr = 0; /* group object pointer */
- char * gname; /* group name */
- USI_t * list; /* pointer into group id list */
- int gcnt; /* number of groups containing user */
- int i; /* loop index */
- int eid; /* error id code */
- int rv; /* result value */
-
- /* Open the users subdatabase for write access */
- rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
- if (rv < 0) goto punt;
-
- /* Look up the user to be removed, and get a user object */
- rv = nsadbFindByName(errp, authdb, name, AIF_USER, (void **)&uoptr);
- if (rv != AIF_USER) {
- if (rv < 0) goto punt;
- goto err_nouser;
- }
-
- /* Mark the user for delete */
- uoptr->uo_flags |= UOF_DELPEND;
-
- /* Does this user belong to any groups? */
- gcnt = UILCOUNT(&uoptr->uo_groups);
- if (gcnt > 0) {
-
- /* Yes, get pointer to list of group ids */
- list = UILLIST(&uoptr->uo_groups);
-
- /* Open groups subdatabase for write access */
- rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
- if (rv < 0) goto punt;
-
- /* For each group that the user belongs to ... */
- for (i = 0; i < gcnt; ++i) {
-
- /* Get group name associated with the group id */
- rv = nsadbIdToName(errp, authdb, *list, AIF_GROUP, &gname);
- if (rv < 0) goto punt;
-
- /* Look up the group by name and get a group object for it */
- rv = nsadbFindByName(errp,
- authdb, gname, AIF_GROUP, (void **)&goptr);
- if (rv < 0) goto punt;
-
- /* Remove user from group if it's a direct member */
- rv = nsadbRemUserFromGroup(errp, authdb, goptr, uoptr);
- if (rv < 0) goto punt;
-
- /* Free the group object */
- groupFree(goptr);
- goptr = 0;
-
- ++list;
- }
- }
-
-#ifdef CLIENT_AUTH
- /* Remove certificate mapping for user, if any */
- rv = nsadbRemoveUserCert(errp, authdb, name);
-#endif
-
- /* Free the user object */
- userFree(uoptr);
-
- /* Now we can remove the user entry */
- rv = userRemove(errp, adb->adb_userdb, 0, (NTS_t)name);
-
- return rv;
-
- err_nouser:
- eid = NSAUERR4000;
- rv = NSAERRNAME;
- nserrGenerate(errp, rv, eid, NSAuth_Program, 2, adb->adb_dbname, name);
- goto punt;
-
- punt:
- if (goptr != 0) {
- groupFree(goptr);
- }
- if (uoptr != 0) {
- userFree(uoptr);
- }
- return rv;
-}
-
-/*
- * Description (nsadbRemGroupFromGroup)
- *
- * This function removes a given group C from a parent group P.
- * The group C must be a direct member of the group P. However,
- * group C may also be a member of one or more of P's ancestor or
- * descendant groups, and this function deals with that. The
- * group entries for C and P are updated in the group database.
- * But the real work is updating the groups lists of all of the
- * users contained in C.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * pgoptr - pointer to parent group object
- * cgoptr - pointer to child group object
- *
- * Returns:
- *
- * The return value is zero if group C was a direct member of
- * group P, and was removed successfully. A return value of +1
- * indicates that group C was not a direct member of the group P.
- * A negative return value indicates an error.
- */
-
-NSAPI_PUBLIC int nsadbRemGroupFromGroup(NSErr_t * errp, void * authdb,
- GroupObj_t * pgoptr, GroupObj_t * cgoptr)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- USIList_t dglist; /* list of descendant groups of C */
- GroupObj_t * dgoptr; /* descendant group object pointer */
- UserObj_t * uoptr; /* user object pointer */
- USI_t * gidlist; /* pointer to group id array */
- USI_t * userlist; /* pointer to array of descendant user ids */
- USI_t dgid; /* descendant group id */
- int iusr; /* index on descendant user list */
- int usercnt; /* count of descendant users */
- int igrp; /* index of group in user group id list */
- int rv; /* result value */
-
- dgoptr = 0;
- uoptr = 0;
-
- /* Initialize a list of descendant groups of C */
- UILINIT(&dglist);
-
- /* Is group C a direct member of group P? */
- if (!usiPresent(&pgoptr->go_groups, cgoptr->go_gid)) {
-
- /* No, nothing to do */
- return 1;
- }
-
- /* Remove group C from group P's group member list */
- rv = usiRemove(&pgoptr->go_groups, cgoptr->go_gid);
- if (rv < 0) goto punt;
-
- /* Remove group P from group C's parent group list */
- rv = usiRemove(&cgoptr->go_pgroups, pgoptr->go_gid);
- if (rv < 0) goto punt;
-
- /* Open user database since the group lists of users may be modified */
- rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
- if (rv < 0) goto punt;
-
- /* Open group database since group entries will be modified */
- rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
- if (rv < 0) goto punt;
-
- /* Write out the updated group C object */
- cgoptr->go_flags |= GOF_MODIFIED;
- rv = groupStore(errp, adb->adb_groupdb, 0, cgoptr);
- if (rv) goto punt;
-
- /* Write out the updated group P object */
- pgoptr->go_flags |= GOF_MODIFIED;
- rv = groupStore(errp, adb->adb_groupdb, 0, pgoptr);
- if (rv) goto punt;
-
- /* Now check the group lists of all users contained in group C */
- dgoptr = cgoptr;
- dgid = cgoptr->go_gid;
-
- for (;;) {
-
- /* Scan the direct user members of this descendant group */
- usercnt = UILCOUNT(&dgoptr->go_users);
- userlist = UILLIST(&dgoptr->go_users);
-
- for (iusr = 0; iusr < usercnt; ++iusr) {
-
- /* Get a user object for this user member */
- uoptr = userFindByUid(errp, adb->adb_userdb, userlist[iusr]);
- if (uoptr == 0) {
- /* Error - user id not found, databases are inconsistent */
- rv = -1;
- goto punt;
- }
-
- /* Scan the group list for this user */
- for (igrp = 0; igrp < UILCOUNT(&uoptr->uo_groups); ) {
-
- gidlist = UILLIST(&uoptr->uo_groups);
-
- /* Is the user a member of this group? */
- if (nsadbIsUserInGroup(errp, authdb,
- uoptr->uo_uid, gidlist[igrp],
- igrp, gidlist)) {
-
- /* Yes, step to next group id */
- ++igrp;
- }
- else {
- /*
- * No, remove it from the user's list of groups. The
- * next group id to consider will be shifted into the
- * igrp position when the current id is removed.
- */
- rv = usiRemove(&uoptr->uo_groups, gidlist[igrp]);
- if (rv < 0) goto punt;
- uoptr->uo_flags |= UOF_MODIFIED;
- }
- }
-
- /* Write out the user object if it was changed */
- if (uoptr->uo_flags & UOF_MODIFIED) {
- rv = userStore(errp, adb->adb_userdb, 0, uoptr);
- if (rv < 0) goto punt;
- }
-
- /* Free the user object */
- userFree(uoptr);
- uoptr = 0;
- }
-
- /*
- * Merge the direct member groups of this group into the
- * descendants list.
- */
- rv = uilMerge(&dglist, &dgoptr->go_groups);
- if (rv < 0) goto punt;
-
- /* Free this descendant group object */
- if (dgoptr != cgoptr) {
- groupFree(dgoptr);
- dgoptr = 0;
- }
-
- /* If the descendants list is empty, we're done */
- if (UILCOUNT(&dglist) <= 0) break;
-
- /* Remove the next group id from the descendants list */
- gidlist = UILLIST(&dglist);
- dgid = gidlist[0];
- rv = usiRemove(&dglist, dgid);
- if (rv < 0) goto punt;
-
- /* Get a group object for this descendant group */
- dgoptr = groupFindByGid(errp, adb->adb_groupdb, dgid);
- if (dgoptr == 0) {
- /* Error - group id not found, databases are inconsistent */
- rv = -1;
- goto punt;
- }
- }
-
- UILFREE(&dglist);
- return 0;
-
- punt:
- if (dgoptr) {
- groupFree(dgoptr);
- }
- if (uoptr) {
- userFree(uoptr);
- }
- UILFREE(&dglist);
- return rv;
-}
-
-/*
- * Description (nsadbRemUserFromGroup)
- *
- * This function removes a given user from a specified group G.
- * The user must be a direct member of the group. However, the
- * user may also be a member of one or more of G's descendant
- * groups, and this function deals with that. The group entry
- * for G is updated in the group database, with the user removed
- * from its user member list. The user entry is updated in the
- * user database, with an updated list of all groups which now
- * contain the user.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * goptr - pointer to group object
- * uoptr - pointer to user object
- *
- * Returns:
- *
- * The return value is zero if the user was a direct member of the
- * group, and was removed successfully. A return value of +1
- * indicates that the user was not a direct member of the
- * group. A negative return value indicates an error.
- */
-
-NSAPI_PUBLIC int nsadbRemUserFromGroup(NSErr_t * errp, void * authdb,
- GroupObj_t * goptr, UserObj_t * uoptr)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- USI_t * idlist; /* pointer to user group id array */
- USI_t tgid; /* test group id */
- int igrp; /* position in user group list */
- int rv; /* result value */
-
- /* Is the user a direct member of the group? */
- if (!usiPresent(&goptr->go_users, uoptr->uo_uid)) {
-
- /* No, nothing to do */
- return 1;
- }
-
- /* Remove the user from the group's user member list */
- rv = usiRemove(&goptr->go_users, uoptr->uo_uid);
- if (rv < 0) goto punt;
-
- /* If the user object is pending deletion, no need to open databases */
- if (!(uoptr->uo_flags & UOF_DELPEND)) {
-
- /*
- * Open user database since the group list of the user
- * will be modified.
- */
- rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
- if (rv < 0) goto punt;
-
- /* Open group database since group entries will be modified */
- rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
- if (rv < 0) goto punt;
- }
-
- /*
- * Write out the updated group object. This must be done here
- * because nsadbIsUserInGroup() in the loop below will read the
- * entry for this group, and it needs to reflect the user's
- * removal from being a direct member of the group. This does
- * not preclude the possibility that the user will still be an
- * indirect member of this group.
- */
- goptr->go_flags |= GOF_MODIFIED;
- rv = groupStore(errp, adb->adb_groupdb, 0, goptr);
- if (rv) goto punt;
-
- /* If a delete is pending on the user, we're done */
- if (uoptr->uo_flags & UOF_DELPEND) goto punt;
-
- /*
- * Begin loop to check whether user is still a member of each
- * of the groups in its group list. Note that the group list
- * may shrink during an iteration of the loop.
- */
-
- for (igrp = 0; igrp < UILCOUNT(&uoptr->uo_groups); ) {
-
- /* Get pointer to the user's array of group ids */
- idlist = UILLIST(&uoptr->uo_groups);
-
- /* Get the group id of the next group to consider */
- tgid = idlist[igrp];
-
- /* Is the user a member of this group? */
- if (nsadbIsUserInGroup(errp, authdb,
- uoptr->uo_uid, tgid, igrp, idlist)) {
-
- /* Yes, step to next group id */
- ++igrp;
- }
- else {
-
- /*
- * No, remove it from the user's list of groups. The
- * next group id to consider will be shifted into the
- * igrp position when the current id is removed.
- */
- rv = usiRemove(&uoptr->uo_groups, tgid);
- if (rv < 0) goto punt;
- }
- }
-
- /* Write out the updated user object */
- uoptr->uo_flags |= UOF_MODIFIED;
- rv = userStore(errp, adb->adb_userdb, 0, uoptr);
-
- punt:
- return rv;
-}
-
-/*
- * Description (nsadbSuperGroups)
- *
- * This function builds a list of the group ids for all groups
- * which contain, directly or indirectly, a specified group as
- * a subgroup. We call these the supergroups of the specified
- * group.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle for authentication databases
- * goptr - pointer to group object
- * gsuper - pointer to list to contain supergroups
- * (caller must initialize)
- *
- * Returns:
- *
- * Returns the number of elements in gsuper if successful. An
- * error is indicated by a negative return value.
- */
-
-NSAPI_PUBLIC int nsadbSuperGroups(NSErr_t * errp, void * authdb,
- GroupObj_t * goptr, USIList_t * gsuper)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- USIList_t aglist; /* ancestor group id list */
- GroupObj_t * aoptr; /* ancestor group object pointer */
- USI_t * idlist; /* pointer to array of group ids */
- USI_t id; /* current group id */
- int rv; /* result value */
-
- /* Initialize an empty ancestor group list */
- UILINIT(&aglist);
-
- /* Enter loop with specified group as first ancestor */
- id = goptr->go_gid;
- aoptr = goptr;
-
- /* Open group database for read access */
- rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD);
- if (rv < 0) goto punt;
-
- /* Loop until the ancestor list is empty */
- for (;;) {
-
- /* Merge parent groups of current ancestor into ancestor list */
- rv = uilMerge(&aglist, &aoptr->go_pgroups);
- if (rv < 0) goto punt;
-
- /* Also merge parent groups into the result list */
- rv = uilMerge(gsuper, &aoptr->go_pgroups);
- if (rv < 0) goto punt;
-
- /* Free the ancestor group object (but not the original) */
- if (aoptr != goptr) {
- groupFree(aoptr);
- aoptr = 0;
- }
-
- /* Exit the loop if the ancestor list is empty */
- if (UILCOUNT(&aglist) <= 0) break;
-
- /* Get pointer to array of ancestor group ids */
- idlist = UILLIST(&aglist);
-
- /* Remove the first ancestor */
- id = idlist[0];
- rv = usiRemove(&aglist, id);
-
- /* Get a group object for the ancestor */
- aoptr = groupFindByGid(errp, adb->adb_groupdb, id);
- if (aoptr == 0) {
- /* Error - group not found, database inconsistent */
- rv = -1;
- goto punt;
- }
- }
-
- return UILCOUNT(gsuper);
-
- punt:
- /* Handle error */
-
- /* Free ancestor list */
- UILFREE(&aglist);
-
- return rv;
-}
-
-NSPR_END_EXTERN_C
-
diff --git a/lib/libaccess/nscert.cpp b/lib/libaccess/nscert.cpp
deleted file mode 100644
index c73cc035..00000000
--- a/lib/libaccess/nscert.cpp
+++ /dev/null
@@ -1,963 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-/*
- * Description (nsadb.c)
- *
- * This module contains routines for accessing and storing information
- * in a Netscape client certificate to username database. This
- * database is used to associate a username with a client certificate
- * that is presented to a server.
- */
-
-#if defined(CLIENT_AUTH)
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <base/systems.h>
-#include <netsite.h>
-#include <base/file.h>
-#include <base/fsmutex.h>
-#include <libaccess/nsdbmgmt.h>
-#define __PRIVATE_NSADB
-#include <libaccess/nsadb.h>
-#include <libaccess/nsamgmt.h>
-
-static FSMUTEX nscert_lock = 0;
-
-NSAPI_PUBLIC int nsadbCertInitialize(void)
-{
-#ifdef XP_UNIX
- nscert_lock = fsmutex_init("NSCERTMAP", geteuid(),
- FSMUTEX_VISIBLE|FSMUTEX_NEEDCRIT);
-#else /* XP_WIN32 */
- char winuser[128];
- DWORD wulength;
- strcpy(winuser, "NSCERTMAP_");
- wulength = 128 - 11;
- GetUserName(winuser+10, &wulength);
- nscert_lock = fsmutex_init(winuser, 0,
- FSMUTEX_VISIBLE|FSMUTEX_NEEDCRIT);
-#endif
- return (nscert_lock == 0) ? -1 : 0;
-}
-
-NSAPI_PUBLIC int nsadbDecodeCertRec(int reclen, char * recptr,
- CertObj_t * coptr)
-{
- ATR_t cp = (ATR_t)recptr; /* current pointer into record */
- USI_t tag; /* attribute tag */
- USI_t len; /* attribute value encoding length */
-
- /* Parse user DB record */
- while ((cp - (ATR_t)recptr) < reclen) {
-
- /* Get the attribute tag */
- cp = USIDECODE(cp, &tag);
-
- /* Get the length of the encoding of the attribute value */
- cp = USIDECODE(cp, &len);
-
- /* Process this attribute */
- switch (tag) {
-
- case CAT_USERNAME: /* username associated with cert */
- cp = NTSDECODE(cp, (NTS_t *)&coptr->co_username);
- break;
-
- case CAT_CERTID: /* certificate-to-user map id */
- cp = USIDECODE(cp, &coptr->co_certid);
- break;
-
- default: /* unrecognized attribute */
- /* Just skip it */
- cp += len;
- break;
- }
- }
-
- return 0;
-}
-
-/*
- * Description (nsadbDecodeCertKey)
- *
- * This function decodes information from a certificate key.
- * Currently a certificate key includes the DER encoding of the
- * issuer and subject distinguished names. This is used to
- * uniquely identify client certificates, even across certificate
- * renewals. SECItems for the issuer and subject are provided
- * by the caller. These are updated with the pointers and lengths
- * of DER encodings, which can be decoded using nsadbDecodeCertName()
- * into SECName structures. The returned SECItems refer to data
- * in the provided key buffer.
- *
- * Arguments:
- *
- * keylen - length of the certificate key encoding
- * keyptr - buffer containing certificate key encoding
- * issuer - pointer to SECItem for returning issuer
- * subject - pointer to SECItem for returning subject
- *
- * Returns:
- *
- * Zero is returned if no errors are encountered. Otherwise -1.
- */
-
-NSAPI_PUBLIC int nsadbDecodeCertKey(int keylen, char * keyptr,
- SECItem * issuer, SECItem * subject)
-{
- ATR_t cp = (ATR_t)keyptr; /* current pointer into DB record */
- USI_t len; /* attribute value encoding length */
- USI_t tag; /* attribute tag */
-
- /* Parse user DB record */
- while ((cp - (ATR_t)keyptr) < keylen) {
-
- /* Get the attribute tag */
- cp = USIDECODE(cp, &tag);
-
- /* Get the length of the encoding of the attribute value */
- cp = USIDECODE(cp, &len);
-
- /* Process this attribute */
- switch (tag) {
-
- case KAT_ISSUER: /* issuer DER encoding */
- issuer->len = len;
- issuer->data = cp;
- cp += len;
- break;
-
- case KAT_SUBJECT: /* subject name DER encoding */
- subject->len = len;
- subject->data = cp;
- cp += len;
- break;
-
- default: /* unrecognized attribute */
- /* Just skip it */
- cp += len;
- break;
- }
- }
-
- return 0;
-}
-
-/*
- * Description (nsadbEncodeCertKey)
- *
- * This function encodes information provided by the caller into
- * a certificate key. The certificate key is returned in a
- * buffer obtained from MALLOC().
- *
- * Arguments:
- *
- * issuer - pointer to SECItem for issuer DER
- * subject - pointer to SECItem for subject DER
- * keylen - returned length of certificate key
- * keyptr - returned pointer to buffer containing
- * certificate key encoding
- *
- * Returns:
- *
- * Zero is returned if no errors are encountered. Otherwise -1.
- */
-
-NSAPI_PUBLIC int nsadbEncodeCertKey(SECItem * issuer, SECItem * subject,
- int * keylen, char **keyptr)
-{
- ATR_t cp; /* pointer into key buffer */
- ATR_t kptr; /* pointer to key buffer */
- int klen; /* length of key */
- int rv = -1;
-
- /* Compute length of key encoding */
- klen = 1 + USILENGTH(issuer->len) + issuer->len +
- 1 + USILENGTH(subject->len) + subject->len;
-
- /* Allocate buffer to contain the key */
- kptr = (ATR_t)MALLOC(klen);
- if (kptr) {
- /* Encode issuer and subject as attributes */
- cp = kptr;
- *cp++ = KAT_ISSUER;
- cp = USIENCODE(cp, issuer->len);
- memcpy(cp, issuer->data, issuer->len);
- cp += issuer->len;
- *cp++ = KAT_SUBJECT;
- cp = USIENCODE(cp, subject->len);
- memcpy(cp, subject->data, subject->len);
- rv = 0;
- }
-
- /* Return length and buffer pointer */
- if (keylen) *keylen = klen;
- *keyptr = (char *)kptr;
-
- return rv;
-}
-
-/*
- * Description (nsadbEnumCertsHelp)
- *
- * This is a local function that is called by NSDB during certificate
- * to user database enumeration. It decodes certificate records into
- * CertObj_t structures, and presents them to the caller of
- * nsadbEnumerateCerts(), via the specified call-back function.
- * The call-back function return value may be a negative error code,
- * which will cause enumeration to stop, and the error code will be
- * returned from nsadbEnumerateCerts(). If the return value of the
- * call-back function is not negative, it can contain one or more of
- * the following flags:
- *
- * ADBF_KEEPOBJ - do not free the CertObj_t structure
- * that was passed to the call-back function
- * ADBF_STOPENUM - stop the enumeration without an error
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * parg - pointer to CertEnumArgs_t structure
- * keylen - certificate record key length
- * keyptr - certificate record key
- * reclen - length of certificate record
- * recptr - pointer to certificate record contents
- *
- * Returns:
- *
- * If the call-back returns a negative result, that value is
- * returned. If the call-back returns ADBF_STOPENUM, then
- * -1 is returned, causing the enumeration to stop. Otherwise
- * the return value is zero.
- */
-
-typedef struct CertEnumArgs_s CertEnumArgs_t;
-struct CertEnumArgs_s {
- int rv; /* just a return value */
- void * client; /* the current key for lookup */
- void * authdb; /* the authentication data base */
- CertEnumCallback func; /* client's callback function */
-};
-
-static int nsadbEnumCertsHelp(NSErr_t * errp, void * parg,
- int keylen, char * keyptr,
- int reclen, char * recptr)
-{
- CertEnumArgs_t * ce = (CertEnumArgs_t *)parg;
- CertObj_t * coptr;
- int rv = NSAERRNOMEM;
-
- /* Allocate a CertObj_t structure and initialize it */
- coptr = (CertObj_t *)MALLOC(sizeof(CertObj_t));
- if (coptr) {
-
- coptr->co_issuer.data = 0;
- coptr->co_subject.data = 0;
- coptr->co_username = 0;
- coptr->co_certid = 0;
-
- /* Decode the certificate key */
- rv = nsadbDecodeCertKey(keylen, keyptr,
- &coptr->co_issuer, &coptr->co_subject);
-
- /* Decode the certificate record */
- rv = nsadbDecodeCertRec(reclen, recptr, coptr);
-
- /* Pass the CertObj_t to the callback function */
- rv = (*ce->func)(errp, ce->authdb, ce->client, coptr);
- if (rv >= 0) {
-
- /* Count the number of records seen */
- ce->rv += 1;
-
- /* Free the user object unless the call-back says not to */
- if (!(rv & ADBF_KEEPOBJ)) {
- nsadbFreeCertObj(coptr);
- }
- /* Return either 0 or -1, depending on ADBF_STOPENUM */
- rv = (rv & ADBF_STOPENUM) ? -1 : 0;
- }
- else {
- /* return the error code */
- ce->rv = rv;
- }
- }
-
- return rv;
-}
-
-/*
- * Description (nsadbEnumerateClients)
- *
- * (See description for nsadbEnumerateUsers)
- */
-
-NSAPI_PUBLIC int nsadbEnumerateCerts(NSErr_t * errp, void * authdb,
- void * argp, CertEnumCallback func)
-{
- AuthDB_t * adb = (AuthDB_t*)authdb;
- CertEnumArgs_t helper_data;
- int rv;
-
- /* Open the certificate subdatabase for read access */
- rv = nsadbOpenCerts(errp, authdb, ADBF_CREAD);
- if (rv >= 0) {
- helper_data.authdb = authdb;
- helper_data.func = func;
- helper_data.client = argp;
- helper_data.rv = 0;
-
- rv = ndbEnumerate(errp, adb->adb_certdb, NDBF_ENUMNORM,
- (void*)&helper_data, nsadbEnumCertsHelp);
- }
-
- return (rv < 0) ? rv: helper_data.rv;
-}
-
-NSAPI_PUBLIC void nsadbFreeCertObj(CertObj_t * coptr)
-{
- if (coptr) {
- FREE(coptr->co_username);
- FREE(coptr);
- }
-}
-
-NSAPI_PUBLIC int nsadbGetCertById(NSErr_t * errp, void * authdb,
- USI_t certid, CertObj_t **coptr)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- CertObj_t * cop = 0;
- char * keyptr;
- char * recptr;
- int keylen;
- int reclen;
- int rv;
-
- rv = nsadbOpenCerts(errp, authdb, ADBF_CREAD);
- if (rv < 0) goto punt;
-
- /* Get the name corresponding to the id */
- rv = ndbIdToName(errp, adb->adb_certdb, certid, &keylen, &keyptr);
- if (rv < 0) goto punt;
-
- rv = ndbFindName(errp, adb->adb_certdb,
- keylen, keyptr, &reclen, &recptr);
- if (rv < 0) goto punt;
-
- /* Allocate a CertObj_t structure and initialize it */
- cop = (CertObj_t *)MALLOC(sizeof(CertObj_t));
- if (cop) {
-
- cop->co_issuer.data = 0;
- cop->co_subject.data = 0;
- cop->co_username = 0;
- cop->co_certid = 0;
-
- /* Decode the certificate key */
- rv = nsadbDecodeCertKey(keylen, keyptr,
- &cop->co_issuer, &cop->co_subject);
-
- /* Decode the certificate record */
- rv = nsadbDecodeCertRec(reclen, recptr, cop);
-
- }
-
- punt:
- if (coptr) *coptr = cop;
- return rv;
-}
-
-/*
- * Description (nsadbGetUserByCert)
- *
- * This function looks up a specified client certificate in the
- * authentication database. It returns a pointer to the username
- * associated with the client certificate, if any. The username
- * buffer remains valid until the authentication database is
- * closed.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle returned by nsadbOpen()
- * cert - pointer to client certificate
- * username - pointer to returned user name (or null)
- *
- * Returns:
- *
- * The return value will be zero if the certificate is found. Also,
- * *username will be set to the string value of the associated username
- * iff username is not null.
- */
-
-NSAPI_PUBLIC int nsadbGetUserByCert(NSErr_t * errp, void * authdb,
- CERTCertificate * cert, char **username)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- ATR_t cp; /* current pointer into DB record */
- char * user = 0; /* pointer to username */
- char * keyptr = 0; /* pointer to cert key */
- char * recptr; /* pointer to cert db record */
- int keylen; /* length of cert key */
- int reclen; /* length of cert db record */
- USI_t tag; /* attribute tag */
- USI_t len; /* attribute value encoding length */
- int rv;
-
- /* Construct the record key from the certificate */
- rv = nsadbEncodeCertKey(&cert->derIssuer, &cert->derSubject,
- &keylen, &keyptr);
-
- if (adb->adb_certdb == NULL) {
- rv = nsadbOpenCerts(errp, authdb, ADBF_CREAD);
- if (rv < 0) goto punt;
- }
-
- rv = ndbFindName(errp, adb->adb_certdb,
- keylen, keyptr, &reclen, &recptr);
- if (rv < 0) goto punt;
-
- /* Parse cert DB record */
- cp = (ATR_t)recptr;
-
- while ((cp - (ATR_t)recptr) < reclen) {
-
- /* Get the attribute tag */
- cp = USIDECODE(cp, &tag);
-
- /* Get the length of the encoding of the attribute value */
- cp = USIDECODE(cp, &len);
-
- /* We want the CAT_USERNAME attribute */
- if (tag == CAT_USERNAME) {
-
- /* Get the username associated with the cert */
- user = (char *)cp;
- break;
- }
-
- /* Just skip other attributes */
- cp += len;
- }
-
- punt:
- if (keyptr) {
- FREE(keyptr);
- }
- if (username) *username = user;
- return rv;
-}
-
-/*
- * Description (see description for nsadbOpenUsers)
- */
-
-int nsadbOpenCerts(NSErr_t * errp, void * authdb, int flags)
-{
- AuthDB_t *adb = (AuthDB_t*)authdb;
- char *dbname = NULL; /* user database name */
- int dblen; /* strlen(adb_dbname) */
- int version; /* database version */
- int eid; /* error id code */
- int rv; /* result value */
-
- if (adb == NULL) goto err_inval;
-
- /* Is the user database already open? */
- if (adb->adb_certdb != 0) {
-
- /* Yes, is it open for the desired access? */
- if (adb->adb_flags & flags) {
-
- /* Yes, that was easy */
- return 0;
- }
- }
- else {
- /* Allocate space for the user database filename */
- dblen = strlen(adb->adb_dbname);
-
- dbname = (char *)MALLOC(dblen + strlen(ADBCERTDBNAME) + 2);
- if (dbname == 0) goto err_nomem;
-
- /* Construct user database name */
- strcpy(dbname, adb->adb_dbname);
-
- /* Put in a '/' (or '\') if it's not there */
- if (dbname[dblen-1] != FILE_PATHSEP) {
- dbname[dblen] = FILE_PATHSEP;
- dbname[dblen+1] = 0;
- ++dblen;
- }
-
- strcpy(&dbname[dblen], ADBCERTDBNAME);
-
- if (nscert_lock == 0) {
- rv = nsadbCertInitialize();
- if (rv < 0) goto err_lock;
- }
- adb->adb_certlock = nscert_lock;
- if (adb->adb_certlock == 0) goto punt;
-
- fsmutex_lock((FSMUTEX)(adb->adb_certlock));
-
- adb->adb_certdb = ndbOpen(errp,
- dbname, 0, NDB_TYPE_CLIENTDB, &version);
- if (adb->adb_certdb == 0) {
- fsmutex_unlock((FSMUTEX)(adb->adb_certlock));
- goto err_open;
- }
- }
-
- /*
- * We don't really reopen the database to get the desired
- * access mode, since that is handled at the nsdb level.
- * But we do update the flags, just for the record.
- */
- adb->adb_flags &= ~(ADBF_CREAD|ADBF_CWRITE);
- if (flags & ADBF_CWRITE) adb->adb_flags |= ADBF_CWRITE;
- else adb->adb_flags |= ADBF_CREAD;
- rv = 0;
-
- punt:
- if (dbname != NULL) FREE(dbname);
- return rv;
-
- err_inval:
- eid = NSAUERR3400;
- rv = NSAERRINVAL;
- goto err_ret;
-
- err_nomem:
- eid = NSAUERR3420;
- rv = NSAERRNOMEM;
- goto err_ret;
-
- err_lock:
- eid = NSAUERR3430;
- rv = NSAERRLOCK;
- goto err_ret;
-
- err_open:
- eid = NSAUERR3440;
- rv = NSAERROPEN;
-
- err_ret:
- nserrGenerate(errp, rv, eid, NSAuth_Program, 1, dbname);
- goto punt;
-
-}
-
-NSAPI_PUBLIC void nsadbCloseCerts(void * authdb, int flags)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
-
- if (adb->adb_certnm != 0) {
- /* Close the username-to-certid database */
- nsadbCloseCertUsers(authdb, flags);
- }
-
- if (adb->adb_certdb != 0) {
-
- ndbClose(adb->adb_certdb, 0);
- adb->adb_certdb = 0;
-
- /*
- * A lock is held for the certificate map DB as long as it is
- * open, so release the lock now.
- */
- fsmutex_unlock((FSMUTEX)(adb->adb_certlock));
- }
-}
-
-/*
- * Description (nsadbOpenCertUsers)
- *
- * This function opens a database that maps user names to client
- * certificates. The database appears as "Certs.nm" in the
- * authentication database directory. This function requires
- * that the primary certificate database be opened (Certs.db)
- * first, and will open it if necessary, acquiring a global
- * lock in the process. The lock will not be released until
- * nsadbCloseCerts() or nsadbClose() is called.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle returned by nsadbOpen()
- * flags - same as nsadbOpenCerts()
- *
- * Returns:
- *
- * The return value is zero if the operation is successful.
- * Otherwise a negative error code is returned.
- */
-
-NSAPI_PUBLIC int nsadbOpenCertUsers(NSErr_t * errp, void * authdb, int flags)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- char * dbname = 0;
- int dblen;
- int oflags = O_RDONLY; /* assume read-only access */
- int eid;
- int rv;
-
- /* The primary certificate mapping database must be open first */
- if (adb->adb_certdb != 0) {
-
- /* It's open, but is it read-only when we need write? */
- if (((flags & adb->adb_flags) == 0) && (flags & ADBF_CWRITE)) {
-
- /* Yes, close it */
- nsadbCloseCerts(authdb, 0);
- }
- }
-
- /* Open it for the desired access if necessary */
- if (adb->adb_certdb == 0) {
- /*
- * Open it for the desired access. Note that this acquires
- * a global lock which is not released until nsadbClose() is
- * called for the entire authentication database.
- */
- rv = nsadbOpenCerts(errp, authdb, flags);
- if (rv < 0) {
- /* Go no further if that failed */
- return rv;
- }
- }
-
- /* Now look at the username-to-certid database in particular */
- if (adb->adb_certnm && (adb->adb_flags & flags)) {
-
- /* The database is already open for the desired access */
- return 0;
- }
-
- dblen = strlen(adb->adb_dbname);
- dbname = (char *)MALLOC(dblen + strlen(ADBUMAPDBNAME) + 2);
- strcpy(dbname, adb->adb_dbname);
- if (dbname[dblen-1] != FILE_PATHSEP) {
- dbname[dblen] = FILE_PATHSEP;
- dbname[++dblen] = 0;
- }
- strcpy(&dbname[dblen], ADBUMAPDBNAME);
-
- /* Check for write access and set open flags appropriately if so */
- if (flags & ADBF_CWRITE) {
- oflags = O_CREAT|O_RDWR;
- }
-
- /* Open the username-to-certid database */
-// adb->adb_certnm = dbopen(dbname, oflags, 0644, DB_HASH, 0);
- adb->adb_certnm = 0;
- if (adb->adb_certnm == 0) goto err_open;
-
- punt:
- FREE(dbname);
-
- return rv;
-
- err_open:
- eid = NSAUERR3600;
- rv = NSAERROPEN;
- nserrGenerate(errp, rv, eid, NSAuth_Program, 1, dbname);
- goto punt;
-}
-
-/*
- * Description (nsadbFindCertUser)
- *
- * This function checks to see whether a client certificate is
- * registered for a specified user name. If so, it returns the
- * certificate mapping id (for use with nsadbGetCertById()).
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle returned by nsadbOpen()
- * username - pointer to user name string
- * id - pointer to returned certificate mapping id
- *
- * Returns:
- *
- * If a certificate is registered for the specified user, the return
- * value is zero and the certificate mapping id is returned via 'id'.
- * Otherwise the return value is a negative error code (nsautherr.h)
- * and an error frame is generated if an error frame list is provided.
- */
-
-NSAPI_PUBLIC int nsadbFindCertUser(NSErr_t * errp, void * authdb,
- const char * username, USI_t * id)
-{
- int eid;
- int rv;
- eid = NSAUERR3700;
- rv = NSAERRNAME;
- nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
- return rv;
-}
-
-/*
- * Description (nsadbAddCertUser)
- *
- * This function adds an entry to the username-to-cert id database,
- * with a given username and certificate mapping id.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle returned by nsadbOpen()
- * username - pointer to user name string
- * id - certificate mapping id
- *
- * Returns:
- *
- * If the entry is added successfully, the return value is zero.
- * Otherwise the return value is a negative error code (nsautherr.h)
- * and an error frame is generated if an error frame list is provided.
- */
-
-NSAPI_PUBLIC int nsadbAddCertUser(NSErr_t * errp, void * authdb,
- const char * username, USI_t id)
-{
- /* Need to be ported on NSS 3.2 */
- int eid;
- int rv;
-
- eid = NSAUERR3800;
- rv = NSAERRPUT;
- nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
- return rv;
-}
-
-NSAPI_PUBLIC int nsadbRemoveCertUser(NSErr_t * errp, void * authdb,
- char * username)
-{
- /* Need to be ported on NSS 3.2 */
- int eid;
- int rv;
-
- eid = NSAUERR3800;
- rv = NSAERRPUT;
- nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
- return rv;
-}
-
-NSAPI_PUBLIC void nsadbCloseCertUsers(void * authdb, int flags)
-{
- /* Need to be ported on NSS 3.2 */
-}
-
-/*
- * Description (nsadbPutUserByCert)
- *
- * This function looks up a stores a client certificate mapping
- * in the authentication database along with the associated username.
- * It assumes that a record with the specified certificate key does
- * not already exist, and will replace it if it does.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * authdb - handle returned by nsadbOpen()
- * certLen - length of the certificate key
- * cert - certificate key pointer
- * user - username to be associated with the
- * certificate
- *
- * Returns:
- *
- */
-
-NSAPI_PUBLIC int nsadbPutUserByCert(NSErr_t * errp, void * authdb,
- CERTCertificate * cert,
- const char * username)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- ATR_t cp; /* pointer into cert record contents */
- char * keyptr = 0; /* pointer to cert record key */
- char * recptr = 0; /* pointer to cert record contents */
- int keylen; /* length of cert record key */
- int reclen; /* length of cert record contents */
- USI_t certid;
- int usrlen;
- int certidlen;
- int eid;
- int rv;
-
- /* Construct the record key from the certificate */
- rv = nsadbEncodeCertKey(&cert->derIssuer, &cert->derSubject,
- &keylen, &keyptr);
-
- /* Open the username-to-cert id database for write */
- rv = nsadbOpenCertUsers(errp, authdb, ADBF_CWRITE);
- if (rv) goto punt;
-
- /* If the username is already mapped to a cert, it's an error */
- certid = 0;
- rv = nsadbFindCertUser(errp, authdb, username, &certid);
- if (rv == 0) goto err_map;
-
- /*
- * Allocate a certificate id and write a record mapping this id
- * to the specified certificate key.
- */
- certid = 0;
- rv = ndbAllocId(errp, adb->adb_certdb, keylen, keyptr, &certid);
- if (rv) goto punt;
-
- /* Record the username as being mapped to the allocated cert id */
- rv = nsadbAddCertUser(errp, authdb, username, certid);
- if (rv < 0) goto punt;
-
- nsadbCloseCertUsers(authdb, 0);
-
- /*
- * First we need to figure out how long the generated record will be.
- * This doesn't have to be exact, but it must not be smaller than the
- * actual record size.
- */
-
- /* CAT_USERNAME attribute: tag, length, NTS */
- usrlen = NTSLENGTH(username);
- if (usrlen > 127) goto err_user;
- reclen = 2 + usrlen;
-
- /* CAT_CERTID attribute: tag, length, USI */
- certidlen = USILENGTH(certid);
- reclen += 2 + certidlen;
-
- /* Allocate the attribute record buffer */
- recptr = (char *)MALLOC(reclen);
- if (recptr) {
-
- cp = (ATR_t)recptr;
-
- /* Encode CAT_USERNAME attribute */
- *cp++ = CAT_USERNAME;
- *cp++ = usrlen;
- cp = NTSENCODE(cp, (NTS_t)username);
-
- /* Encode CAT_CERTID attribute */
- *cp++ = CAT_CERTID;
- *cp++ = certidlen;
- cp = USIENCODE(cp, certid);
- }
-
- /* Store the record in the database under the certificate key */
- rv = ndbStoreName(errp, adb->adb_certdb,
- 0, keylen, keyptr, reclen, recptr);
-
- punt:
- if (keyptr) {
- FREE(keyptr);
- }
- if (recptr) {
- FREE(recptr);
- }
-
- return rv;
-
- err_user:
- eid = NSAUERR3500;
- rv = NSAERRINVAL;
- nserrGenerate(errp, rv, eid, NSAuth_Program, 1, adb->adb_dbname);
- goto punt;
-
- err_map:
- eid = NSAUERR3520;
- rv = NSAERRCMAP;
- nsadbCloseCertUsers(authdb, 0);
- nserrGenerate(errp, rv, eid, NSAuth_Program, 1, adb->adb_dbname);
- goto punt;
-}
-
-NSAPI_PUBLIC int nsadbRemoveCert(NSErr_t * errp, void * authdb,
- void * username, CertObj_t * coptr)
-{
- AuthDB_t * adb = (AuthDB_t *)authdb;
- char * keyptr = 0; /* pointer to cert record key */
- int keylen; /* length of cert record key */
- int rv;
- int rv2;
-
- /* If a username is specified, require it to match */
- if (username && strcmp((char *)username, coptr->co_username)) {
- return 0;
- }
-
- /* Construct the record key from the certificate */
- rv = nsadbEncodeCertKey(&coptr->co_issuer, &coptr->co_subject,
- &keylen, &keyptr);
-
- if (adb->adb_certdb == NULL) {
- rv = nsadbOpenCerts(errp, authdb, ADBF_CWRITE);
- if (rv < 0) goto punt;
- }
-
- /* Remove the username-to-cert id entry from Certs.nm */
- rv = nsadbOpenCertUsers(errp, authdb, ADBF_CWRITE);
- if (rv < 0) goto punt;
- rv = nsadbRemoveCertUser(errp, authdb, coptr->co_username);
- nsadbCloseCertUsers(authdb, 0);
-
- /* Free the cert id value, if any */
- rv = 0;
- if (coptr->co_certid != 0) {
- rv = ndbFreeId(errp, adb->adb_certdb,
- keylen, keyptr, coptr->co_certid);
- }
-
- /* Delete the cert record */
- rv2 = ndbDeleteName(errp, adb->adb_certdb, 0, keylen, keyptr);
-
- punt:
- if (keyptr) {
- FREE(keyptr);
- }
- return (rv) ? rv : rv2;
-}
-
-NSAPI_PUBLIC int nsadbRemoveUserCert(NSErr_t * errp,
- void * authdb, char * username)
-{
- CertObj_t * coptr = 0;
- USI_t certid = 0;
- int rv;
-
- /*
- * Open for read access at first. We don't want to create the
- * database if it's not already there. This will do nothing
- * if the database is already open for write, since that implies
- * read access as well.
- */
- rv = nsadbOpenCertUsers(errp, authdb, ADBF_CREAD);
- if (rv < 0) goto punt;
-
- /* Find a certificate mapping id for the given username */
- rv = nsadbFindCertUser(errp, authdb, username, &certid);
- if (rv < 0) goto punt;
-
- /* Look up the mapping from the mapping id */
- rv = nsadbGetCertById(errp, authdb, certid, &coptr);
- if (rv < 0) goto punt;
-
- /* It's there, so remove it. This will re-open for write if needed. */
- rv = nsadbRemoveCert(errp, authdb, (void *)username, coptr);
-
- punt:
-
- if (coptr != 0) {
- nsadbFreeCertObj(coptr);
- }
-
- return rv;
-}
-
-#endif /* defined(CLIENT_AUTH) */
diff --git a/lib/libaccess/nsdb.cpp b/lib/libaccess/nsdb.cpp
deleted file mode 100644
index 0dd0d112..00000000
--- a/lib/libaccess/nsdb.cpp
+++ /dev/null
@@ -1,836 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsdb.c)
- *
- * This provides access to a Netscape server database.
- * A server database is composed of two (libdbm) DB files. One
- * of these (<dbname>.db) contains records indexed by a string
- * key. These records contain the primary information in the
- * database. A second DB file (<dbname>.id) is used to map an
- * integer id value to a string key, which can then be used to
- * locate a record in the first file.
- *
- * Normally the records in the primary DB file will contain the
- * id values which are used to key the id-to-name DB. When this
- * is the case, it is possible to construct the id-to-name DB from
- * the primary DB file, and an interface is provided to facilitate
- * this.
- */
-
-#include <stdio.h>
-#include <base/systems.h>
-#include <netsite.h>
-#include <base/file.h>
-#define __PRIVATE_NSDB
-#include <libaccess/nsdb.h>
-
-#include <errno.h>
-
-#define NDBMODE 0644 /* mode for creating files */
-
-char * NSDB_Program = "NSDB"; /* NSDB facility name */
-
-NSPR_BEGIN_EXTERN_C
-
-/*
- * Description (ndbClose)
- *
- * This function closes the specified database. This involves
- * closing the primary and id-to-name DB files, and freeing the
- * NSDB_t object.
- *
- * Arguments:
- *
- * ndb - database handle from ndbOpen()
- * flags - (currently unused - should be zero)
- *
- */
-
-void ndbClose(void * ndb, int flags)
-{
- NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */
-
- if (ndbp->ndb_flags & (NDBF_WRNAME|NDBF_RDNAME)) {
- (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb);
- }
-
- if (ndbp->ndb_flags & (NDBF_WRID|NDBF_RDID)) {
- (*ndbp->ndb_idb->close)(ndbp->ndb_idb);
- }
-
- if (ndbp->ndb_pname) {
- FREE(ndbp->ndb_pname);
- }
-
- if (ndbp->ndb_iname) {
- FREE(ndbp->ndb_iname);
- }
-
- FREE(ndbp);
-}
-
-/*
- * Description (ndbEnumerate)
- *
- * This function is called to enumerate the records of the primary
- * DB file to a caller-specified function. The function specified
- * by the caller is called with the name (key), length and address
- * of each record in the primary DB file. The 'flags' argument can
- * be used to select normal data records, metadata records, or both.
- * If the 'flags' value is zero, only normal data records are
- * enumerated. The function specified by the caller returns -1 to
- * terminate the enumeration, 0 to continue it, or +1 to restart
- * the enumeration from the beginning.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * ndb - database handle from ndbOpen()
- * flags - bit flags:
- * NDBF_ENUMNORM - normal data records
- * NDBF_ENUMMETA - metadata records
- * func - pointer to caller's enumeration function
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise a non-zero
- * error code is returned, and an error frame is generated if an
- * error frame list was provided by the caller.
- */
-
-int ndbEnumerate(NSErr_t * errp, void * ndb, int flags, void * argp,
-#ifdef UnixWare
- ArgFn_ndbEnum func) /* for ANSI C++ standard, see nsdb.h */
-#else
- int (*func)(NSErr_t * ferrp, void * parg,
- int namelen, char * name,
- int reclen, char * recptr))
-#endif
-{
- NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */
- DBT key;
- DBT rec;
- int rv;
- int dbflag;
-
- /* Is the user DB open for reading names? */
- if (!(ndbp->ndb_flags & NDBF_RDNAME)) {
-
- /* No, (re)open it */
- rv = ndbReOpen(errp, ndb, NDBF_RDNAME);
- if (rv) goto punt;
- }
-
- if (flags == 0) flags = NDBF_ENUMNORM;
-
- for (dbflag = R_FIRST; ; dbflag = (rv > 0) ? R_FIRST : R_NEXT) {
-
- /* Retrieve the next (first) record from the primary DB */
- rv = (*ndbp->ndb_pdb->seq)(ndbp->ndb_pdb, &key, &rec, dbflag);
- if (rv) break;
-
- /* Is this a metadata record? */
- if (*(char *)key.data == NDB_MDPREFIX) {
-
- /* Yes, skip it if metadata was not requested */
- if (!(flags & NDBF_ENUMMETA)) continue;
- }
- else {
- /* Skip normal data if not requested */
- if (!(flags & NDBF_ENUMNORM)) continue;
- }
-
- /* Pass this record to the caller's function */
- rv = (*func)(errp, argp,
- key.size, (char *)key.data, rec.size, (char *)rec.data);
- if (rv < 0) break;
- }
-
- /* Indicate success */
- rv = 0;
-
- punt:
- return rv;
-}
-
-/*
- * Description (ndbFindName)
- *
- * This function retrieves from the database a record with the
- * specified key.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * ndb - database handle from ndbOpen()
- * namelen - length of the key, including null
- * terminator if any
- * name - pointer to the key of the desired record
- * reclen - pointer to returned record length
- * recptr - pointer to returned record pointer
- *
- * Returns:
- *
- * If successful, the return value is zero, and the length and
- * address of the returned record are returned through reclen and
- * recptr. Otherwise the return value is non-zero, and an error
- * frame is generated if an error frame list was provided by the
- * caller.
- *
- * Notes:
- *
- * The record buffer is dynamically allocated and is freed
- * automatically when the database is closed.
- */
-
-int ndbFindName(NSErr_t * errp, void * ndb, int namelen, char * name,
- int * reclen, char **recptr)
-{
- NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */
- DBT key;
- DBT rec;
- int eid; /* error id code */
- int rv; /* result value */
-
- /* Is the user DB open for reading names? */
- if (!(ndbp->ndb_flags & NDBF_RDNAME)) {
-
- /* No, (re)open it */
- rv = ndbReOpen(errp, ndb, NDBF_RDNAME);
- if (rv) goto punt;
- }
-
- /* Set up record key. Include the terminating null byte. */
- key.data = (void *)name;
- key.size = (namelen > 0) ? namelen : (strlen(name) + 1);
-
- /* Initialize record buffer descriptor */
- rec.data = 0;
- rec.size = 0;
-
- /* Retrieve the record by its key */
- rv = (*ndbp->ndb_pdb->get)(ndbp->ndb_pdb, &key, &rec, 0);
- if (rv) goto err_pget;
-
- /* Return record length and address */
- if (reclen) *reclen = rec.size;
- if (recptr) *recptr = (char *)rec.data;
-
- /* Indicate success */
- rv = 0;
-
- punt:
- return rv;
-
- err_pget:
- eid = NSDBERR1000;
- rv = NDBERRGET;
- nserrGenerate(errp, rv, eid, NSDB_Program, 2, ndbp->ndb_pname, name);
- goto punt;
-}
-
-/*
- * Description (ndbIdToName)
- *
- * This function looks up a specified id in the id-to-name DB
- * file, and returns the associated name string. This name
- * can be used to retrieve a record using ndbFindName().
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * ndb - database handle from ndbOpen()
- * id - id to look up
- * plen - pointer to returned length of name
- * (may be null, length includes null terminator
- * in a string)
- * pname - pointer to returned name string pointer
- *
- * Returns:
- *
- * The return value is zero if the operation is successful. An
- * error is indicated by a negative return value (see nsdberr.h),
- * and an error frame is generated if an error frame list was
- * provided by the caller.
- */
-
-int ndbIdToName(NSErr_t * errp,
- void * ndb, unsigned int id, int * plen, char **pname)
-{
- NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */
- DBT key;
- DBT rec;
- char * name = 0;
- int namelen = 0;
- uint32 myid = id - 1;
- int eid; /* error id code */
- int rv; /* result value */
-
- /* Is the id-to-name DB open for reading ids? */
- if (!(ndbp->ndb_flags & NDBF_RDID)) {
-
- /* No, (re)open it */
- rv = ndbReOpen(errp, ndb, NDBF_RDID);
- if (rv) goto punt;
- }
-
- /* Set up record key */
-#if BYTE_ORDER == LITTLE_ENDIAN
- M_32_SWAP(myid);
-#endif
- key.data = (void *)&myid;
- key.size = sizeof(myid);
-
- /* Initialize record buffer descriptor */
- rec.data = 0;
- rec.size = 0;
-
- /* Retrieve the record by its key */
- rv = (*ndbp->ndb_idb->get)(ndbp->ndb_idb, &key, &rec, 0);
- if (rv) goto err_iget;
-
- /* Get the name pointer (terminating null is part of the name) */
- namelen = rec.size;
- name = (char *) rec.data;
-
- punt:
- /* Return name length and size if requested */
- if (plen) *plen = namelen;
- if (pname) *pname = name;
-
- return rv;
-
- err_iget:
- eid = NSDBERR1100;
- rv = NDBERRGET;
- nserrGenerate(errp, rv, eid, NSDB_Program,
- 2, ndbp->ndb_iname, system_errmsg());
- goto punt;
-}
-
-/*
- * Description (ndbInitPrimary)
- *
- * This function creates and initializes the primary DB file.
- * Initialization involves writing any required metadata records.
- * Currently there is a ?dbtype record, which specifies the nsdb
- * version number, and a database type and version number that
- * were passed as arguments to ndbOpen(). There is also a
- * ?idmap record, which contains an allocation bitmap for id values
- * used as keys in the associated id-to-name DB file.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * ndb - database handle from ndbOpen()
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise a non-zero
- * error code is returned, and an error frame is generated if an
- * error frame list was provided by the caller.
- */
-
-int ndbInitPrimary(NSErr_t * errp, void * ndb)
-{
- NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */
- DBT key;
- DBT rec;
-#if BYTE_ORDER == LITTLE_ENDIAN
- uint32 m;
- int i;
-#endif
- int eid; /* error id code */
- int rv; /* result value */
- uint32 dbtype[4];
-
- /* Error if the primary DB is marked as existing already */
- if (!(ndbp->ndb_flags & NDBF_NONAME)) goto err_exists;
-
- /* First create the primary DB file */
- ndbp->ndb_pdb = dbopen(ndbp->ndb_pname, O_RDWR | O_CREAT | O_TRUNC,
- NDBMODE, DB_HASH, 0);
- if (!ndbp->ndb_pdb) goto err_open;
-
- /* Generate data for the ?dbtype record */
- dbtype[0] = NDB_VERSION;
- dbtype[1] = ndbp->ndb_dbtype;
- dbtype[2] = ndbp->ndb_version;
- dbtype[3] = 0;
-#if BYTE_ORDER == LITTLE_ENDIAN
- for (i = 0; i < 4; ++i) {
- m = dbtype[i];
- M_32_SWAP(m);
- dbtype[i] = m;
- }
-#endif
-
- /* Set up descriptors for the ?dbtype record key and data */
- key.data = (void *)NDB_DBTYPE;
- key.size = strlen(NDB_DBTYPE) + 1;
-
- rec.data = (void *)dbtype;
- rec.size = sizeof(dbtype);
-
- /* Write the ?dbtype record out */
- rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, 0);
- if (rv) goto err_mput1;
-
- /* Write out an empty ?idmap record */
- key.data = (void *)NDB_IDMAP;
- key.size = strlen(NDB_IDMAP) + 1;
-
- rec.data = 0;
- rec.size = 0;
-
- /* Write the ?idmap record */
- rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, 0);
- if (rv) goto err_mput2;
-
- /* Close the DB file */
- (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb);
-
- /* Clear the flag that says the primary DB file does not exist */
- ndbp->ndb_flags &= ~(NDBF_NONAME|NDBF_RDNAME|NDBF_WRNAME);
-
- /* Indicate success */
- return 0;
-
- err_exists:
- /* Primary database already exists */
- eid = NSDBERR1200;
- rv = NDBERREXIST;
- nserrGenerate(errp, rv, eid, NSDB_Program, 1, ndbp->ndb_pname);
- return rv;
-
- err_open:
- /* Error opening primary database for write */
- eid = NSDBERR1220;
- rv = NDBERROPEN;
- goto err_dbio;
-
- err_mput1:
- /* Error writing "?dbtype" record */
- eid = NSDBERR1240;
- rv = NDBERRMDPUT;
- goto err_dbio;
-
- err_mput2:
- /* Error writing "?idmap" record */
- eid = NSDBERR1260;
- rv = NDBERRMDPUT;
- goto err_dbio;
-
- err_dbio:
- nserrGenerate(errp, rv, eid, NSDB_Program,
- 2, ndbp->ndb_pname, system_errmsg());
-
- /* Close the primary DB file if it exists */
- if (ndbp->ndb_pdb) {
- (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb);
- ndbp->ndb_flags &= ~(NDBF_RDNAME|NDBF_WRNAME);
- }
-
- /* Delete the file */
- system_unlink(ndbp->ndb_pname);
- return rv;
-}
-
-/*
- * Description (ndbOpen)
- *
- * This function opens a server database by name. The specified
- * name may be the name of the primary DB file, or the name
- * without the ".db" suffix. This function will attempt to open
- * both the primary and the id-to-name DB files for read access.
- * If either of the DB files do not exist, they are not created
- * here, but a handle for the database will still be returned.
- * The DB files will be created when a subsequent access writes
- * to the database. The caller also specifies an application
- * database type, which is checked against a value stored in
- * in the database metadata, if the primary DB file exists, or
- * which is stored in the file metadata when the file is created.
- * A type-specific version number is passed and returned. The
- * value passed will be stored in the file metadata if it is
- * subsequently created. If the file exists, the value in the
- * file metadata is returned, and it is the caller's responsibility
- * to interpret it.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * dbname - primary DB filename
- * flags - (currently unused - should be zero)
- * dbtype - application DB type (NDB_TYPE_xxxxx)
- * version - (in/out) type-specific version number
- *
- * Returns:
- *
- * A handle that can be used for subsequent accesses to the database
- * is returned, or 0, if an error occurs, and an error frame is
- * generated if an error frame list was provided by the caller.
- */
-
-void * ndbOpen(NSErr_t * errp,
- char * dbname, int flags, int dbtype, int * version)
-{
- NSDB_t * ndbp = 0; /* database object pointer */
- char * pname = 0; /* primary DB file name */
- char * iname = 0; /* id-to-name DB file name */
- int namelen;
- uint32 dbtrec[4];
- uint32 m;
- DBT key;
- DBT rec;
- int eid; /* error id code */
- int rv; /* result value */
-
- /* Get the database name */
- namelen = strlen(dbname);
- if (!strcmp(&dbname[namelen-3], ".db")) {
- namelen -= 3;
- }
-
- /* Get the primary DB file name */
- pname = (char *)MALLOC(namelen + 4);
- if (pname == 0) goto err_nomem1;
- strncpy(pname, dbname, namelen);
- strcpy(&pname[namelen], ".db");
-
- /* Get the id-to-name DB file name */
- iname = (char *)MALLOC(namelen + 4);
- if (iname == 0) goto err_nomem2;
- strncpy(iname, dbname, namelen);
- strcpy(&iname[namelen], ".id");
-
- /* Allocate the database object */
- ndbp = (NSDB_t *)MALLOC(sizeof(NSDB_t));
- if (ndbp == 0) goto err_nomem3;
-
- /* Initialize the database object */
- ndbp->ndb_pname = pname;
- ndbp->ndb_pdb = 0;
- ndbp->ndb_iname = iname;
- ndbp->ndb_idb = 0;
- ndbp->ndb_flags = 0;
- ndbp->ndb_dbtype = dbtype;
- ndbp->ndb_version = (version) ? *version : 0;
-
- /* Open the primary DB file */
- ndbp->ndb_pdb = dbopen(pname, O_RDONLY, NDBMODE, DB_HASH, 0);
-
- /* Was it there? */
- if (ndbp->ndb_pdb) {
-
- /* Retrieve the ?dbtype record */
- key.data = (void *)NDB_DBTYPE;
- key.size = strlen(NDB_DBTYPE) + 1;
-
- rec.data = 0;
- rec.size = 0;
-
- /* Read the ?dbtype record */
- rv = (*ndbp->ndb_pdb->get)(ndbp->ndb_pdb, &key, &rec, 0);
- if (rv) goto err_mdget;
-
- /* Check it out */
- if (rec.size < 16) goto err_fmt;
-
- /* Copy data to an aligned area */
- memcpy((void *)dbtrec, rec.data, sizeof(dbtrec));
-
- /* Get the NSDB version number */
- m = dbtrec[0];
-#if BYTE_ORDER == LITTLE_ENDIAN
- M_32_SWAP(m);
-#endif
- /* Assume forward compatibility with versions up to current + 0.5 */
- if (m > (NDB_VERSION + 5)) goto err_vers;
-
- /* XXX Assume infinite backward compatibility */
-
- /* Get the application database type */
- m = dbtrec[1];
-#if BYTE_ORDER == LITTLE_ENDIAN
- M_32_SWAP(m);
-#endif
- /* It's got to match */
- if (m != dbtype) goto err_type;
-
- /* Get the type-specific version number */
- m = dbtrec[3];
-#if BYTE_ORDER == LITTLE_ENDIAN
- M_32_SWAP(m);
-#endif
- /* Don't check it. Just return it. */
- if (version) *version = m;
-
- /* The value in dbtrec[3] is currently ignored */
-
- /* Mark the primary DB file open for read access */
- ndbp->ndb_flags |= NDBF_RDNAME;
- }
- else {
- /* Indicate that the primary DB file does not exist */
- ndbp->ndb_flags |= NDBF_NONAME;
- }
-
- return (void *)ndbp;
-
- err_nomem1:
- eid = NSDBERR1400;
- rv = NDBERRNOMEM;
- goto err_nomem;
-
- err_nomem2:
- eid = NSDBERR1420;
- rv = NDBERRNOMEM;
- goto err_nomem;
-
- err_nomem3:
- eid = NSDBERR1440;
- rv = NDBERRNOMEM;
- err_nomem:
- nserrGenerate(errp, rv, eid, NSDB_Program, 0);
- goto punt;
-
- err_mdget:
- eid = NSDBERR1460;
- rv = NDBERRMDGET;
- nserrGenerate(errp, rv, eid, NSDB_Program, 2, ndbp->ndb_pname,
- system_errmsg());
- goto err_ret;
-
- err_fmt:
- eid = NSDBERR1480;
- rv = NDBERRMDFMT;
- goto err_ret;
-
- err_vers:
- {
- char vnbuf[16];
-
- eid = NSDBERR1500;
- rv = NDBERRVERS;
- sprintf(vnbuf, "%d", (int)m);
- nserrGenerate(errp, rv, eid, NSDB_Program, 2, ndbp->ndb_pname, vnbuf);
- }
- goto punt;
-
- err_type:
- eid = NSDBERR1520;
- rv = NDBERRDBTYPE;
- goto err_ret;
-
- err_ret:
- nserrGenerate(errp, rv, eid, NSDB_Program, 1, ndbp->ndb_pname);
- goto punt;
-
- punt:
- /* Error clean-up */
- if (pname) FREE(pname);
- if (iname) FREE(iname);
- if (ndbp) {
- /* Close the DB files if we got as far as opening them */
- if (ndbp->ndb_pdb) {
- (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb);
- }
- if (ndbp->ndb_idb) {
- (*ndbp->ndb_idb->close)(ndbp->ndb_idb);
- }
- FREE(ndbp);
- }
- return 0;
-}
-
-/*
- * Description (ndbReOpen)
- *
- * This function is called to ensure that the primary DB file
- * and/or the id-to-name DB file are open with specified access
- * rights. For example, a file may be open for read, and it needs
- * to be open for write. Both the primary and id-to-name DB files
- * can be manipulated with a single call.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * ndb - database handle from ndbOpen()
- * flags - (currently unused - should be zero)
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise a non-zero
- * error code is returned (NDBERRxxxx - see nsdb.h). If an error
- * list is provided, an error frame will be generated when the
- * return value is non-zero.
- */
-
-int ndbReOpen(NSErr_t * errp, void * ndb, int flags)
-{
- NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */
- char * dbname; /* database name pointer */
- int eid;
- int rv;
-
- /* Want to read or write the primary DB file? */
- if (flags & (NDBF_RDNAME|NDBF_WRNAME)) {
-
- /* Need to open for write? */
- if ((flags & NDBF_WRNAME) && !(ndbp->ndb_flags & NDBF_WRNAME)) {
-
- /* If it's already open for read, close it first */
- if (ndbp->ndb_flags & NDBF_RDNAME) {
- (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb);
- ndbp->ndb_flags &= ~NDBF_RDNAME;
- }
-
- /* Create it if it doesn't exist */
- if (ndbp->ndb_flags & NDBF_NONAME) {
- rv = ndbInitPrimary(errp, ndb);
- if (rv) goto err_init;
- }
-
- /* Open primary DB file for write access */
- dbname = ndbp->ndb_pname;
- ndbp->ndb_pdb = dbopen(dbname, O_RDWR, NDBMODE, DB_HASH, 0);
- if (!ndbp->ndb_pdb) goto err_open1;
-
- /* Update flags to indicate successful open */
- ndbp->ndb_flags |= (NDBF_RDNAME|NDBF_WRNAME);
- }
-
- /* Need to open for read? */
- if ((flags & NDBF_RDNAME) && !(ndbp->ndb_flags & NDBF_RDNAME)) {
-
- /* If it's already open for write, close it first */
- if (ndbp->ndb_flags & NDBF_WRNAME) {
- (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb);
- ndbp->ndb_flags &= ~(NDBF_RDNAME|NDBF_WRNAME);
- }
-
- /* Open primary DB file for read access */
- dbname = ndbp->ndb_pname;
- ndbp->ndb_pdb = dbopen(dbname, O_RDONLY, NDBMODE, DB_HASH, 0);
- if (!ndbp->ndb_pdb) goto err_open2;
-
- /* Update flags to indicate successful open */
- ndbp->ndb_flags |= NDBF_RDNAME;
- }
- }
-
- /* Want to read or write the id-to-name DB file? */
- if (flags & (NDBF_RDID|NDBF_WRID)) {
-
- /* Need to open for write? */
- if ((flags & NDBF_WRID) && !(ndbp->ndb_flags & NDBF_WRID)) {
-
- /*
- * If it's not open for read yet, try to open it for read
- * in order to find out if it exists.
- */
- if (!(ndbp->ndb_flags & NDBF_RDID)) {
-
- /* Open id-to-name DB file for read access */
- dbname = ndbp->ndb_iname;
- ndbp->ndb_idb = dbopen(dbname, O_RDONLY, NDBMODE, DB_HASH,0);
-
- /* Does it exist? */
- if (ndbp->ndb_idb == 0) {
-
- /* No, create it */
- dbname = ndbp->ndb_iname;
- ndbp->ndb_idb = dbopen(dbname,O_RDWR | O_CREAT | O_TRUNC,
- NDBMODE, DB_HASH, 0);
- if (!ndbp->ndb_idb) goto err_open3;
- (*ndbp->ndb_idb->close)(ndbp->ndb_idb);
- }
- else {
- /* Mark it open for read */
- ndbp->ndb_flags |= NDBF_RDID;
- }
- }
-
- /* If it's already open for read, close it first */
- if (ndbp->ndb_flags & NDBF_RDID) {
- (*ndbp->ndb_idb->close)(ndbp->ndb_idb);
- ndbp->ndb_flags &= ~NDBF_RDID;
- }
-
- /* Open id-to-name DB file for write access */
- dbname = ndbp->ndb_iname;
- ndbp->ndb_idb = dbopen(dbname, O_RDWR, NDBMODE, DB_HASH, 0);
- if (!ndbp->ndb_idb) goto err_open4;
-
- /* Update flags to indicate successful open */
- ndbp->ndb_flags |= (NDBF_RDID|NDBF_WRID);
- }
-
- /* Need to open for read? */
- if ((flags & NDBF_RDID) && !(ndbp->ndb_flags & NDBF_RDID)) {
-
- /* If it's already open for write, close it first */
- if (ndbp->ndb_flags & NDBF_WRID) {
- (*ndbp->ndb_idb->close)(ndbp->ndb_idb);
- ndbp->ndb_flags &= ~(NDBF_RDID|NDBF_WRID);
- }
-
- /* Open id-to-name DB file for read access */
- dbname = ndbp->ndb_iname;
- ndbp->ndb_idb = dbopen(dbname, O_RDONLY, NDBMODE, DB_HASH, 0);
- if (!ndbp->ndb_idb) goto err_open5;
-
- /* Update flags to indicate successful open */
- ndbp->ndb_flags |= NDBF_RDID;
- }
- }
-
- /* Successful completion */
- return 0;
-
- /* Begin error handlers */
-
- err_init: /* failed to create primary DB file */
- (void)nserrGenerate(errp, NDBERRPINIT, NSDBERR1600, NSDB_Program,
- 1,
- ndbp->ndb_pname /* primary DB filename */
- );
- rv = NDBERRPINIT;
- goto punt;
-
- err_open1:
- eid = NSDBERR1620;
- goto err_open;
-
- err_open2:
- eid = NSDBERR1640;
- goto err_open;
-
- err_open3:
- eid = NSDBERR1660;
- goto err_open;
-
- err_open4:
- eid = NSDBERR1680;
- goto err_open;
-
- err_open5:
- eid = NSDBERR1700;
- goto err_open;
-
- err_open: /* database open error */
- rv = NDBERROPEN;
- (void)nserrGenerate(errp, NDBERROPEN, eid, NSDB_Program,
- 2, dbname, system_errmsg());
-
- punt:
- return rv;
-}
-
-NSPR_END_EXTERN_C
-
diff --git a/lib/libaccess/nsdbmgmt.cpp b/lib/libaccess/nsdbmgmt.cpp
deleted file mode 100644
index 1be11ec2..00000000
--- a/lib/libaccess/nsdbmgmt.cpp
+++ /dev/null
@@ -1,685 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsdbmgmt.h)
- *
- * The file describes the interface for managing information in
- * a Netscape (server) database. A database is composed of
- * two (libdbm) DB files. One of these (<dbname>.db) contains
- * records indexed by a string key. These records contain the
- * primary information in the database. A second DB file
- * (<dbname>.id) is used to map an integer id value to a string
- * key, which can then be used to locate a record in the first file.
- * The interface for retrieving information from a database is
- * described in nsdb.h.
- */
-
-#include <base/systems.h>
-#include <netsite.h>
-#include <base/file.h>
-#define __PRIVATE_NSDB
-#include <libaccess/nsdbmgmt.h>
-#include <base/util.h>
-
-/*
- * Description (ndbAllocId)
- *
- * This function allocates a unique id to be associated with a
- * name in the primary DB file. An id bitmap is maintained in
- * the primary DB file as a metadata record, and an entry is
- * created in the id-to-name DB for the assigned id and the
- * specified name. An allocated id value is always non-zero.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * ndb - database handle from ndbOpen()
- * namelen - length of key of the desired record,
- * including null terminator if any
- * name - pointer to the key of the desired record
- * id - pointer to returned id value
- *
- * Returns:
- *
- * If successful, the return value is zero, and the allocated id
- * is returned through 'id'. Otherwise a non-zero error code is
- * returned (NDBERRxxxx - see nsdb.h). If an error list is
- * provided, an error frame will be generated when the return
- * value is non-zero.
- */
-
-int ndbAllocId(NSErr_t * errp,
- void * ndb, int namelen, char * name, unsigned int * id)
-{
- NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */
- DBT key;
- DBT rec;
- unsigned char * idmap;
- unsigned char * newmap = 0;
- int m;
- int mmsk;
- uint32 idval;
- int myid;
- int i, n;
- int rv;
- long eid;
-
- /*
- * Ensure that the name does not start with the metadata
- * prefix character.
- */
- if (!name || (name[0] == NDB_MDPREFIX)) goto err_name;
-
- /*
- * Read the primary DB file metadata record containing the id
- * allocation bitmap.
- */
-
- /*
- * We need the primary and the id-to-name DB files open for write
- * (and implicitly read) access.
- */
- if ((ndbp->ndb_flags & (NDBF_WRNAME|NDBF_WRID))
- != (NDBF_WRNAME|NDBF_WRID)) {
-
- /* No, (re)open it */
- rv = ndbReOpen(errp, ndb, (NDBF_WRNAME|NDBF_WRID));
- if (rv < 0) goto punt;
- }
-
- /* Set the key to the id allocation bitmap record name */
- key.data = (void *)NDB_IDMAP;
- key.size = strlen(NDB_IDMAP) + 1;
-
- rec.data = 0;
- rec.size = 0;
-
- /* Retrieve the record by its key */
- rv = (*ndbp->ndb_pdb->get)(ndbp->ndb_pdb, &key, &rec, 0);
- if (rv) goto err_mdget;
-
- /* Search for an available id in the bitmap */
- n = rec.size;
- idmap = (unsigned char *)rec.data;
-
- for (i = 0, m = 0; i < n; ++i) {
-
- m = idmap[i];
- if (m != 0) break;
- }
-
- /* Did we find a byte with an available bit? */
- if (m == 0) {
-
- /* No, need to grow the bitmap */
- newmap = (unsigned char *)MALLOC(rec.size + 32);
- if (newmap == 0) goto err_nomem1;
-
- /* Initialize free space at the beginning of the new map */
- for (i = 0; i < 32; ++i) {
- newmap[i] = 0xff;
- }
-
- /* Copy the old map after it */
- n += 32;
- for ( ; i < n; ++i) {
- newmap[i] = idmap[i-32];
- }
-
- /* Set i and m to allocate the new highest id value */
- i = 0;
- m = 0xff;
- }
- else {
-
- /*
- * It's unfortunate, but it appears to be necessary to copy the
- * the ?idmap record into a new buffer before updating it, rather
- * than simply updating it in place. The problem is that the
- * libdbm put routine deletes the old record and then re-inserts
- * it. But once it has deleted the old record, it may take the
- * opportunity to move another record into the space that the
- * old record occupied, which is the same space that the new
- * record occupies. So the new record data is overwritten before
- * new record is inserted. :-(
- */
-
- newmap = (unsigned char *)MALLOC(rec.size);
- if (newmap == 0) goto err_nomem2;
-
- memcpy((void *)newmap, (void *)idmap, rec.size);
- }
-
- /* Calculate the id associated with the low-order bit of byte i */
- myid = (n - i - 1) << 3;
-
- /* Find the first free (set) bit in that word */
- for (mmsk = 1; !(m & mmsk); mmsk <<= 1, myid += 1) ;
-
- /* Clear the bit */
- m &= ~mmsk;
- newmap[i] = m;
-
- /* Write the bitmap back out */
-
- rec.data = (void *)newmap;
- rec.size = n;
-
- rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, 0);
-
- /* Check for error on preceding put operation */
- if (rv) goto err_putpdb;
-
- /* Create the key for the id-to-name record */
- idval = myid;
-#if BYTE_ORDER == LITTLE_ENDIAN
- M_32_SWAP(idval);
-#endif
-
- key.data = (void *)&idval;
- key.size = sizeof(uint32);
-
- rec.data = (void *)name;
- rec.size = (namelen > 0) ? namelen : (strlen(name) + 1);
-
- /* Write the id-to-name record */
- rv = (*ndbp->ndb_idb->put)(ndbp->ndb_idb, &key, &rec, 0);
- if (rv) goto err_putidb;
-
- /* Return the id value + 1, to avoid returning a zero id */
- if (id) *id = myid + 1;
-
- punt:
-
- /* Free the new map space if any */
- if (newmap) {
- FREE(newmap);
- }
-
- return rv;
-
- err_name: /* invalid name parameter */
- eid = NSDBERR2000;
- rv = NDBERRNAME;
- if (name == 0) {
- name = "(null)";
- }
- else if ((namelen > 0) && (namelen != strlen(name) + 1)) {
- name = "(unprintable)";
- }
- (void)nserrGenerate(errp, rv, eid, NSDB_Program,
- 2,
- ndbp->ndb_pname, /* primary DB filename */
- name /* name string */
- );
- goto punt;
-
- err_mdget: /* error on get from primary DB file */
- eid = NSDBERR2020;
- rv = NDBERRMDGET;
- (void)nserrGenerate(errp, rv, eid, NSDB_Program,
- 2,
- ndbp->ndb_pname, /* primary DB filename */
- (char *)key.data /* key name string */
- );
- goto punt;
-
- err_nomem1:
- eid = NSDBERR2040;
- goto err_nomem;
-
- err_nomem2:
- eid = NSDBERR2060;
- err_nomem: /* insufficient memory */
- rv = NDBERRNOMEM;
- (void)nserrGenerate(errp, rv, eid, NSDB_Program, 0);
- goto punt;
-
- err_putpdb: /* error on put to primary DB file */
- eid = NSDBERR2080;
- rv = NDBERRMDPUT;
- (void)nserrGenerate(errp, rv, eid, NSDB_Program,
- 2,
- ndbp->ndb_pname, /* primary DB filename */
- (char *)key.data /* key name string */
- );
- goto punt;
-
- err_putidb: /* error on put to id-to-name DB */
- {
- char idstring[16];
-
- eid = NSDBERR2100;
- rv = NDBERRIDPUT;
-
- util_sprintf(idstring, "%d", myid);
- (void)nserrGenerate(errp, rv, eid, NSDB_Program,
- 2,
- ndbp->ndb_iname, /* id-to-name DB file */
- idstring /* id value for key */
- );
- }
- goto punt;
-}
-
-/*
- * Description (ndbDeleteName)
- *
- * This function deletes a named record from the primary DB file.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * ndb - database handle from ndbOpen()
- * flags - (currently unused - should be zero)
- * namelen - length of name key, including null
- * terminator if any
- * name - pointer to name key
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise a non-zero
- * error code is returned (NDBERRxxxx - see nsdberr.h). If an error
- * list is provided, an error frame will be generated when the
- * return value is non-zero.
- */
-
-int ndbDeleteName(NSErr_t * errp,
- void * ndb, int flags, int namelen, char * name)
-{
- NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */
- DBT key;
- int eid;
- int rv;
-
- /* Is the primary DB open for write access? */
- if (!(ndbp->ndb_flags & NDBF_WRNAME)) {
-
- /* No, (re)open it */
- rv = ndbReOpen(errp, ndb, NDBF_WRNAME);
- if (rv) goto punt;
- }
-
- /* Set up the key descriptor */
- key.data = (void *)name;
- key.size = (namelen > 0) ? namelen : (strlen(name) + 1);
-
- /* Delete the record from the primary DB file */
- rv = (*ndbp->ndb_pdb->del)(ndbp->ndb_pdb, &key, 0);
- if (rv) goto err_delpdb;
-
- /* Successful completion */
- return 0;
-
- /* Begin error handlers */
-
- err_delpdb: /* error deleting record from primary DB */
- eid = NSDBERR2200;
- rv = NDBERRNMDEL;
- (void)nserrGenerate(errp, rv, eid, NSDB_Program,
- 2,
- ndbp->ndb_pname, /* primary DB name */
- (char *)key.data /* primary key */
- );
- punt:
- return rv;
-}
-
-/*
- * Description (ndbFreeId)
- *
- * This function frees an id value associated with a name in the
- * primary DB file. It is normally called when the named record
- * is being deleted from the primary DB file. It deletes the
- * record in the id-to-name DB file that is keyed by the id value,
- * and updates the id allocation bitmap in the primary DB file.
- * The caller may specify the name that is associated with the id
- * value, in which case the id-to-name record will be fetched,
- * and the name matched, before the record is deleted. Alternatively
- * the name parameter can be specified as zero, and id-to-name
- * record will be deleted without a check.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * ndb - database handle from ndbOpen()
- * namelen - length of name (including null terminator)
- * name - name associated with the id value (optional)
- * id - id value to be freed
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise a non-zero
- * error code is returned, and an error frame is generated if the
- * caller provided an error frame list.
- */
-
-int ndbFreeId(NSErr_t * errp,
- void * ndb, int namelen, char * name, unsigned int id)
-{
- NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */
- char * recname;
- DBT key;
- DBT rec;
- uint32 idval;
- int reclen;
- int mmsk;
- unsigned char * idmap = 0;
- int i;
- int eid;
- int rv;
-
- /*
- * We need the primary and the id-to-name DB files open for write
- * (and implicitly read) access.
- */
- if ((ndbp->ndb_flags & (NDBF_WRNAME|NDBF_WRID))
- != (NDBF_WRNAME|NDBF_WRID)) {
-
- /* No, (re)open it */
- rv = ndbReOpen(errp, ndb, (NDBF_WRNAME|NDBF_WRID));
- if (rv) goto punt;
- }
-
- /* Was the name for this id value provided by the caller? */
- if (name) {
-
- /* Get length of name if not provided */
- if (namelen <= 0) namelen = strlen(name) + 1;
-
- /* Yes, look up the id and check for a match */
- rv = ndbIdToName(errp, ndb, id, &reclen, &recname);
- if (rv < 0) goto punt;
-
- /* Fail if the supplied name doesn't match */
- if ((namelen != reclen) ||
- strncmp(recname, name, reclen)) goto err_badid1;
- }
-
- /* Caller views the id space as starting at 1, but we start at 0 */
- id -= 1;
-
- /* Create the key for the id-to-name record */
- idval = id;
-#if BYTE_ORDER == LITTLE_ENDIAN
- M_32_SWAP(idval);
-#endif
-
- key.data = (void *)&idval;
- key.size = sizeof(uint32);
-
- /* Delete the id-to-name record */
- rv = (*ndbp->ndb_idb->del)(ndbp->ndb_idb, &key, 0);
- if (rv) goto err_del;
-
- /* Set the key to the id allocation bitmap record name */
- key.data = (void *)NDB_IDMAP;
- key.size = strlen(NDB_IDMAP) + 1;
-
- rec.data = 0;
- rec.size = 0;
-
- /* Retrieve the record by its key */
- rv = (*ndbp->ndb_pdb->get)(ndbp->ndb_pdb, &key, &rec, 0);
- if (rv) goto err_mdget;
-
- /* Make sure the id is in the range of the bitmap */
- i = (rec.size << 3) - id - 1;
- if (i < 0) goto err_badid2;
-
- /*
- * See comment in ndbAllocId() about updating ?idmap. Bottom line
- * is: we have to copy the record before updating it.
- */
-
- idmap = (unsigned char *)MALLOC(rec.size);
- if (idmap == 0) goto err_nomem;
-
- memcpy((void *)idmap, rec.data, rec.size);
-
- /* Calculate the index of the byte with this id's bit */
- i >>= 3;
-
- /* Calculate the bitmask for the bitmap byte */
- mmsk = 1 << (id & 7);
-
- /* Set the bit in the bitmap */
- idmap[i] |= mmsk;
-
- /* Write the bitmap back out */
-
- rec.data = (void *)idmap;
-
- rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, 0);
- if (rv) goto err_mdput;
-
- punt:
-
- if (idmap) {
- FREE(idmap);
- }
-
- return rv;
-
- err_badid1:
- /* Name associated with id doesn't match supplied name */
- eid = NSDBERR2300;
- rv = NDBERRBADID;
- goto err_id;
-
- err_del:
- /* Error deleting id-to-name record */
- eid = NSDBERR2320;
- rv = NDBERRIDDEL;
- goto err_dbio;
-
- err_mdget:
- /* Error reading id bitmap from primary DB file */
- eid = NSDBERR2340;
- rv = NDBERRMDGET;
- goto err_dbio;
-
- err_badid2:
- eid = NSDBERR2360;
- rv = NDBERRBADID;
- err_id:
- {
- char idbuf[16];
-
- util_sprintf(idbuf, "%d", id);
- nserrGenerate(errp, rv, eid, NSDB_Program, 2, ndbp->ndb_pname, idbuf);
- }
- goto punt;
-
- err_nomem:
- eid = NSDBERR2380;
- rv = NDBERRNOMEM;
- nserrGenerate(errp, rv, eid, NSDB_Program, 0);
- goto punt;
-
- err_mdput:
- eid = NSDBERR2400;
- rv = NDBERRMDPUT;
- goto err_dbio;
-
- err_dbio:
- nserrGenerate(errp, rv, eid, NSDB_Program,
- 2, ndbp->ndb_pname, system_errmsg());
- goto punt;
-}
-
-/*
- * Description (ndbRenameId)
- *
- * This function changes the name associated with a specified id
- * int the id-to-name DB file.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * ndb - database handle from ndbOpen()
- * namelen - length of new name string, including
- * null terminator if any
- * newname - pointer to the new name string
- * id - id value to be renamed
- *
- * Returns:
- *
- * The return value is zero if the operation is successful. An
- * error is indicated by a non-zero return value, and an error
- * frame is generated if the caller provided an error frame list.
- */
-
-int ndbRenameId(NSErr_t * errp,
- void * ndb, int namelen, char * newname, unsigned int id)
-{
- NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */
- DBT key;
- DBT rec;
- uint32 idval = id - 1;
- int eid;
- int rv;
-
- /*
- * Ensure that the name does not start with the metadata
- * prefix character.
- */
- if (!newname || (newname[0] == NDB_MDPREFIX)) goto err_name;
-
- /*
- * We need the id-to-name DB file open for write
- * (and implicitly read) access.
- */
- if (!(ndbp->ndb_flags & NDBF_WRID)) {
-
- /* No, (re)open it */
- rv = ndbReOpen(errp, ndb, NDBF_WRID);
- if (rv) goto punt;
- }
-
- /* Set up record key */
-#if BYTE_ORDER == LITTLE_ENDIAN
- M_32_SWAP(idval);
-#endif
- key.data = (void *)&idval;
- key.size = sizeof(uint32);
-
- rec.data = 0;
- rec.size = 0;
-
- /* Retrieve the record by its key */
- rv = (*ndbp->ndb_idb->get)(ndbp->ndb_idb, &key, &rec, 0);
- if (rv) goto err_idget;
-
- /* Set up to write the new name */
- rec.data = (void *)newname;
- rec.size = (namelen > 0) ? namelen : (strlen(newname) + 1);
-
- /* Write the id-to-name record */
- rv = (*ndbp->ndb_idb->put)(ndbp->ndb_idb, &key, &rec, 0);
- if (rv) goto err_idput;
-
- punt:
- return rv;
-
- err_name:
- eid = NSDBERR2500;
- rv = NDBERRNAME;
- if (newname == 0) newname = "(null)";
- else if ((namelen > 0) && (namelen != (strlen(newname) + 1))) {
- newname = "(unprintable)";
- }
- (void)nserrGenerate(errp, rv, eid, NSDB_Program,
- 2,
- ndbp->ndb_pname, /* primary DB filename */
- newname /* name string */
- );
- goto punt;
-
- err_idget:
- /* Error getting id record from id-to-name database */
- eid = NSDBERR2520;
- rv = NDBERRGET;
- goto err_dbio;
-
- err_idput:
- /* Error putting id record back to id-to-name database */
- eid = NSDBERR2540;
- rv = NDBERRIDPUT;
- err_dbio:
- nserrGenerate(errp, rv, eid, NSDB_Program,
- 2, ndbp->ndb_pname, system_errmsg());
- goto punt;
-}
-
-/*
- * Description (ndbStoreName)
- *
- * This function stores a record, keyed by a specified name, in the
- * primary DB file. The record will overwrite any existing record
- * with the same key, unless NDBF_NEWNAME, is included in the 'flags'
- * argument. If NDBF_NEWNAME is set, and the record already exists,
- * it is not overwritten, and an error is returned.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * ndb - database handle from ndbOpen()
- * flags - bit flags:
- * NDBF_NEWNAME - name is new
- * namelen - length of name key, including null
- * terminator if any
- * name - pointer to name key
- * reclen - length of the record data
- * recptr - pointer to the record data
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise a non-zero
- * error code is returned, and an error frame is generated if the
- * caller provided an error frame list.
- */
-
-int ndbStoreName(NSErr_t * errp, void * ndb, int flags,
- int namelen, char * name, int reclen, char * recptr)
-{
- NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */
- DBT key;
- DBT rec;
- int eid;
- int rv;
-
- /* Is the primary DB open for write access? */
- if (!(ndbp->ndb_flags & NDBF_WRNAME)) {
-
- /* No, (re)open it */
- rv = ndbReOpen(errp, ndb, NDBF_WRNAME);
- if (rv) goto punt;
- }
-
- /* Set up the key and record descriptors */
- key.data = (void *)name;
- key.size = (namelen > 0) ? namelen : (strlen(name) + 1);
-
- rec.data = (void *)recptr;
- rec.size = reclen;
-
- /* Write the record to the primary DB file */
- rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec,
- (flags & NDBF_NEWNAME) ? R_NOOVERWRITE : 0);
- if (rv) goto err_put;
-
- punt:
- return rv;
-
- err_put:
- eid = NSDBERR2700;
- rv = NDBERRPUT;
- nserrGenerate(errp, rv, eid, NSDB_Program,
- 2, ndbp->ndb_pname, system_errmsg());
- goto punt;
-}
diff --git a/lib/libaccess/nsgmgmt.cpp b/lib/libaccess/nsgmgmt.cpp
deleted file mode 100644
index 5257992b..00000000
--- a/lib/libaccess/nsgmgmt.cpp
+++ /dev/null
@@ -1,434 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsgmgmt.c)
- *
- * This module contains routines for managing information in a
- * Netscape group database. Information for a particular group
- * is modified by retrieving the current information in the form
- * of a group object (GroupObj_t), calling functions in this module,
- * to modify the group object, and then calling groupStore() to
- * write the information in the group object back to the database.
- */
-
-#include "base/systems.h"
-#include "netsite.h"
-#include "assert.h"
-#include "libaccess/nsdbmgmt.h"
-#define __PRIVATE_NSGROUP
-#include "libaccess/nsgmgmt.h"
-
-/*
- * Description (groupAddMember)
- *
- * This function adds a member to a group object. The member may
- * be another group or a user, expressed as a group id or user id,
- * respectively. The 'isgid' argument is non-zero if the new
- * member is a group, or zero if it is a user.
- *
- * Arguments:
- *
- * goptr - group object pointer
- * isgid - non-zero if 'id' is a group id
- * zero if 'id' is a user id
- * id - group or user id to be added
- *
- * Returns:
- *
- * Returns zero if the specified member is already a direct member
- * of the group. Returns one if the member was added successfully.
- */
-
-NSAPI_PUBLIC int groupAddMember(GroupObj_t * goptr, int isgid, USI_t id)
-{
- USIList_t * uilptr;
- int rv = 0;
-
- /* Point to the relevant uid or gid list */
- uilptr = (isgid) ? &goptr->go_groups : &goptr->go_users;
-
- /* Add the id to the selected list */
- rv = usiInsert(uilptr, id);
- if (rv > 0) {
- goptr->go_flags |= GOF_MODIFIED;
- }
-
- return rv;
-}
-
-/*
- * Description (groupCreate)
- *
- * This function creates a group object, using information about
- * the group provided by the caller. The strings passed for the
- * group name and description may be on the stack. The group id
- * is set to zero, but the group object is marked as being new.
- * A group id will be assigned when groupStore() is called to add
- * the group to a group database.
- *
- * Arguments:
- *
- * name - pointer to group name string
- * desc - pointer to group description string
- *
- * Returns:
- *
- * A pointer to a dynamically allocated GroupObj_t structure is
- * returned.
- */
-
-NSAPI_PUBLIC GroupObj_t * groupCreate(NTS_t name, NTS_t desc)
-{
- GroupObj_t * goptr; /* group object pointer */
-
- goptr = (GroupObj_t *)MALLOC(sizeof(GroupObj_t));
- if (goptr) {
- goptr->go_name = (NTS_t)STRDUP((char *)name);
- goptr->go_gid = 0;
- goptr->go_flags = (GOF_MODIFIED | GOF_NEW);
- if (desc) {
- goptr->go_desc = (desc) ? (NTS_t)STRDUP((char *)desc) : 0;
- }
- UILINIT(&goptr->go_users);
- UILINIT(&goptr->go_groups);
- UILINIT(&goptr->go_pgroups);
- }
-
- return goptr;
-}
-
-/*
- * Description (groupDeleteMember)
- *
- * This function removes a specified member from a group object's
- * list of members. The member to be remove may be a group or a
- * user, expressed as a group id or user id, respectively. The
- * 'isgid' argument is non-zero if the member being removed is a
- * group, or zero if it is a user.
- *
- * Arguments:
- *
- * goptr - pointer to group object
- * isgid - non-zero if 'id' is a group id
- * zero if 'id' is a user id
- * id - group or user id to be removed
- *
- * Returns:
- *
- * The return value is zero if the specified member was not present
- * in the group object, or one if the member was successfully removed.
- */
-
-NSAPI_PUBLIC int groupDeleteMember(GroupObj_t * goptr, int isgid, USI_t id)
-{
- USIList_t * uilptr; /* pointer to list of member users or groups */
- int rv; /* return value */
-
- /* Get pointer to appropriate list of ids */
- uilptr = (isgid) ? &goptr->go_groups : &goptr->go_users;
-
- /* Remove the specified id */
- rv = usiRemove(uilptr, id);
- if (rv > 0) {
- goptr->go_flags |= GOF_MODIFIED;
- }
-
- return rv;
-}
-
-/*
- * Description (groupEncode)
- *
- * This function encodes a group object into a group DB record.
- *
- * Arguments:
- *
- * goptr - pointer to group object
- * greclen - pointer to returned record length
- * grecptr - pointer to returned record pointer
- *
- * Returns:
- *
- * The function return value is zero if successful. The length
- * and location of the created attribute record are returned
- * through 'greclen' and 'grecptr'. A non-zero function value
- * is returned if there's an error.
- */
-
-NSAPI_PUBLIC int groupEncode(GroupObj_t * goptr, int * greclen, ATR_t * grecptr)
-{
- int reclen; /* length of DB record */
- ATR_t rptr; /* DB record pointer */
- ATR_t rstart = 0; /* pointer to beginning of DB record */
- ATR_t glptr; /* saved pointer to UAT_GROUPS length */
- ATR_t gptr; /* saved pointer to after length at glptr */
- int gidlen; /* gid encoding length */
- int fllen; /* flags encoding length */
- USI_t dsclen; /* group description encoding length */
- USI_t nulen; /* member user count encoding length */
- USI_t nglen; /* member group count encoding length */
- int idcnt; /* count of user or group ids */
- USI_t * ids; /* pointer to array of user or group ids */
- int i; /* id index */
- int rv = -1;
-
- /*
- * First we need to figure out how long the generated record will be.
- * This doesn't have to be exact, but it must not be smaller than the
- * actual record size.
- */
-
- /* GAT_GID attribute: tag, length, USI */
- gidlen = USILENGTH(goptr->go_gid);
- reclen = (1 + 1 + gidlen);
-
- /* GAT_FLAGS attribute: tag, length, USI */
- fllen = USILENGTH(goptr->go_flags & GOF_DBFLAGS);
- reclen += (1 + 1 + fllen);
-
- /* GAT_DESCRIPT attribute: tag, length, NTS */
- dsclen = NTSLENGTH(goptr->go_desc);
- reclen += (1 + USILENGTH(dsclen) + dsclen);
-
- /* GAT_USERS attribute: tag, length, USI(count), USI(uid)... */
- idcnt = UILCOUNT(&goptr->go_users);
- nulen = USILENGTH(idcnt);
- reclen += (1 + USIALLOC() + nulen + (5 * idcnt));
-
- /* GAT_GROUPS attribute: tag, length, USI(count), USI(gid)... */
- idcnt = UILCOUNT(&goptr->go_groups);
- nglen = USILENGTH(idcnt);
- reclen += (1 + USIALLOC() + nglen + (5 * idcnt));
-
- /* GAT_PGROUPS attribute: tag, length, USI(count), USI(gid)... */
- idcnt = UILCOUNT(&goptr->go_pgroups);
- nglen = USILENGTH(idcnt);
- reclen += (1 + USIALLOC() + nglen + (5 * idcnt));
-
- /* Allocate the attribute record buffer */
- rptr = (ATR_t)MALLOC(reclen);
- if (rptr) {
-
- /* Save pointer to start of record */
- rstart = rptr;
-
- /* Encode GAT_GID attribute */
- *rptr++ = GAT_GID;
- *rptr++ = gidlen;
- rptr = USIENCODE(rptr, goptr->go_gid);
-
- /* Encode GAT_FLAGS attribute */
- *rptr++ = GAT_FLAGS;
- *rptr++ = fllen;
- rptr = USIENCODE(rptr, (goptr->go_flags & GOF_DBFLAGS));
-
- /* Encode GAT_DESCRIPT attribute */
- *rptr++ = GAT_DESCRIPT;
- rptr = USIENCODE(rptr, dsclen);
- rptr = NTSENCODE(rptr, goptr->go_desc);
-
- /* Encode GAT_USERS attribute */
- *rptr++ = GAT_USERS;
-
- /*
- * Save a pointer to the attribute encoding length, and reserve
- * space for the maximum encoding size of a USI_t value.
- */
- glptr = rptr;
- rptr += USIALLOC();
- gptr = rptr;
-
- /* Encode number of user members */
- idcnt = UILCOUNT(&goptr->go_users);
- rptr = USIENCODE(rptr, idcnt);
-
- /* Generate user ids encodings */
- ids = UILLIST(&goptr->go_users);
- for (i = 0; i < idcnt; ++i) {
- rptr = USIENCODE(rptr, ids[i]);
- }
-
- /* Now fix up the GAT_USERS attribute encoding length */
- glptr = USIINSERT(glptr, (USI_t)(rptr - gptr));
-
- /* Encode GAT_GROUPS attribute */
- *rptr++ = GAT_GROUPS;
-
- /*
- * Save a pointer to the attribute encoding length, and reserve
- * space for the maximum encoding size of a USI_t value.
- */
- glptr = rptr;
- rptr += USIALLOC();
- gptr = rptr;
-
- /* Encode number of groups */
- idcnt = UILCOUNT(&goptr->go_groups);
- rptr = USIENCODE(rptr, idcnt);
-
- /* Generate group ids encodings */
- ids = UILLIST(&goptr->go_groups);
- for (i = 0; i < idcnt; ++i) {
- rptr = USIENCODE(rptr, ids[i]);
- }
-
- /* Now fix up the GAT_GROUPS attribute encoding length */
- glptr = USIINSERT(glptr, (USI_t)(rptr - gptr));
-
- /* Encode GAT_PGROUPS attribute */
- *rptr++ = GAT_PGROUPS;
-
- /*
- * Save a pointer to the attribute encoding length, and reserve
- * space for the maximum encoding size of a USI_t value.
- */
- glptr = rptr;
- rptr += USIALLOC();
- gptr = rptr;
-
- /* Encode number of groups */
- idcnt = UILCOUNT(&goptr->go_pgroups);
- rptr = USIENCODE(rptr, idcnt);
-
- /* Generate group ids encodings */
- ids = UILLIST(&goptr->go_pgroups);
- for (i = 0; i < idcnt; ++i) {
- rptr = USIENCODE(rptr, ids[i]);
- }
-
- /* Now fix up the GAT_PGROUPS attribute encoding length */
- glptr = USIINSERT(glptr, (USI_t)(rptr - gptr));
-
- /* Return record length and location if requested */
- if (greclen) *greclen = rptr - rstart;
- if (grecptr) *grecptr = rstart;
-
- /* Indicate success */
- rv = 0;
- }
-
- return rv;
-}
-
-/*
- * Description (groupRemove)
- *
- * This function is called to remove a group from a specified group
- * database. Both the primary DB file and the id-to-name DB file
- * are updated.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * groupdb - handle for group DB access
- * flags - (unused - must be zero)
- * name - pointer to group name
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise it is a
- * non-zero error code.
- */
-
-NSAPI_PUBLIC int groupRemove(NSErr_t * errp, void * groupdb, int flags, NTS_t name)
-{
- GroupObj_t * goptr; /* group object pointer */
- int rv;
- int rv2;
-
- /* First retrieve the group record */
- goptr = groupFindByName(errp, groupdb, name);
- if (!goptr) {
- /* Error - specified group not found */
- return NSAERRNAME;
- }
-
- /* Free the group id value, if any */
- rv = 0;
- if (goptr->go_gid != 0) {
- rv = ndbFreeId(errp, groupdb, 0, (char *)name, goptr->go_gid);
- }
-
- rv2 = ndbDeleteName(errp, groupdb, 0, 0, (char *)name);
-
- return (rv) ? rv : rv2;
-}
-
-/*
- * Description (groupStore)
- *
- * This function is called to store a group object in the database.
- * If the object was created by groupCreate(), it is assumed to be
- * a new group, the group account name must not match any existing
- * group account names in the database, and a gid is assigned before
- * adding the group to the database. If the object was created by
- * groupFindByName(), the information in the group object will
- * replace the existing database entry for the indicated group
- * name.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * groupdb - handle for group DB access
- * flags - (unused - must be zero)
- * goptr - group object pointer
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise it is a
- * non-zero error code. The group object remains intact in either
- * case.
- */
-
-NSAPI_PUBLIC int groupStore(NSErr_t * errp, void * groupdb, int flags, GroupObj_t * goptr)
-{
- ATR_t recptr = 0;
- USI_t gid;
- int reclen = 0;
- int stflags = 0;
- int eid;
- int rv;
-
- /* If this is a new group, allocate a uid value */
- if (goptr->go_flags & GOF_NEW) {
-
- rv = ndbAllocId(errp, groupdb, 0, (char *)goptr->go_name, &gid);
- if (rv) goto punt;
-
- goptr->go_gid = gid;
-
- /* Let the database manager know that this is a new entry */
- stflags = NDBF_NEWNAME;
- }
-
- /* Convert the information in the group object to a DB record */
- rv = groupEncode(goptr, &reclen, &recptr);
- if (rv) goto err_nomem;
-
- /*
- * Store the record in the database under the group name.
- * If this is a new entry, a group id to group name mapping
- * also will be added to the id-to-name DB file.
- */
- rv = ndbStoreName(errp, groupdb, stflags,
- 0, (char *)goptr->go_name, reclen, (char *)recptr);
-
- FREE(recptr);
-
- if (rv == 0) {
- goptr->go_flags &= ~(GOF_NEW | GOF_MODIFIED);
- }
-
- punt:
- return rv;
-
- err_nomem:
- eid = NSAUERR2000;
- rv = NSAERRNOMEM;
- nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
- goto punt;
-}
diff --git a/lib/libaccess/nsgroup.cpp b/lib/libaccess/nsgroup.cpp
deleted file mode 100644
index 83dcf950..00000000
--- a/lib/libaccess/nsgroup.cpp
+++ /dev/null
@@ -1,336 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsgroup.c)
- *
- * This module contains routines for accessing information in a
- * Netscape group database. Group information is returned in the
- * form of a group object (GroupObj_t), defined in nsauth.h.
- */
-
-#include "base/systems.h"
-#include "netsite.h"
-#include "assert.h"
-#define __PRIVATE_NSGROUP
-#include "libaccess/nsgroup.h"
-
-/*
- * Description (groupDecode)
- *
- * This function decodes an external group DB record into a
- * dynamically allocated GroupObj_t structure. The DB record is
- * encoded as an attribute record as defined in attrec.h.
- *
- * Arguments:
- *
- * name - pointer to group name string
- * greclen - length of the group DB record, in octets
- * grecptr - pointer to group DB record
- *
- * Returns:
- *
- * A pointer to the allocated GroupObj_t structure is returned.
- */
-
-NSAPI_PUBLIC GroupObj_t * groupDecode(NTS_t name, int greclen, ATR_t grecptr)
-{
- ATR_t cp = grecptr; /* current pointer into DB record */
- USI_t tag; /* attribute tag */
- USI_t len; /* attribute value encoding length */
- int i; /* group id index */
- int idcnt; /* count of user or group ids */
- USI_t * ids; /* pointer to array of ids */
- GroupObj_t * goptr; /* group object pointer */
-
- /* Allocate a group object structure */
- goptr = (GroupObj_t *)MALLOC(sizeof(GroupObj_t));
- if (goptr) {
-
- goptr->go_name = (unsigned char *) STRDUP((char *)name);
- goptr->go_gid = 0;
- goptr->go_flags = GOF_MODIFIED;
- goptr->go_desc = 0;
- UILINIT(&goptr->go_users);
- UILINIT(&goptr->go_groups);
- UILINIT(&goptr->go_pgroups);
-
- /* Parse group DB record */
- while ((cp - grecptr) < greclen) {
-
- /* Get the attribute tag */
- cp = USIDECODE(cp, &tag);
-
- /* Get the length of the encoding of the attribute value */
- cp = USIDECODE(cp, &len);
-
- /* Process this attribute */
- switch (tag) {
-
- case GAT_GID: /* group id */
- cp = USIDECODE(cp, &goptr->go_gid);
- break;
-
- case GAT_FLAGS: /* flags */
- cp = USIDECODE(cp, &goptr->go_flags);
- break;
-
- case GAT_DESCRIPT: /* group description */
- cp = NTSDECODE(cp, &goptr->go_desc);
- break;
-
- case GAT_USERS: /* member users of this group */
-
- /* First get the number of user ids following */
- cp = USIDECODE(cp, (unsigned *)&idcnt);
-
- if (idcnt > 0) {
-
- /* Allocate space for user ids */
- ids = usiAlloc(&goptr->go_users, idcnt);
- if (ids) {
- for (i = 0; i < idcnt; ++i) {
- cp = USIDECODE(cp, ids + i);
- }
- }
- }
- break;
-
- case GAT_GROUPS: /* member groups of this group */
-
- /* First get the number of group ids following */
- cp = USIDECODE(cp, (unsigned *)&idcnt);
-
- if (idcnt > 0) {
-
- /* Allocate space for group ids */
- ids = usiAlloc(&goptr->go_groups, idcnt);
- if (ids) {
- for (i = 0; i < idcnt; ++i) {
- cp = USIDECODE(cp, ids + i);
- }
- }
- }
- break;
-
- case GAT_PGROUPS: /* parent groups of this group */
-
- /* First get the number of group ids following */
- cp = USIDECODE(cp, (USI_t *)&idcnt);
-
- if (idcnt > 0) {
-
- /* Allocate space for group ids */
- ids = usiAlloc(&goptr->go_pgroups, idcnt);
- if (ids) {
- for (i = 0; i < idcnt; ++i) {
- cp = USIDECODE(cp, ids + i);
- }
- }
- }
- break;
-
- default: /* unrecognized attribute */
- /* Just skip it */
- cp += len;
- break;
- }
- }
- }
-
- return goptr;
-}
-
-/*
- * Description (groupEnumHelp)
- *
- * This is a local function that is called by NSDB during group
- * database enumeration. It decodes group records into group
- * objects, and presents them to the caller of groupEnumerate().
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * parg - pointer to GroupEnumArgs_t structure
- * namelen - length of group record key, including null
- * terminator
- * name - group record key (group account name)
- * reclen - length of group record
- * recptr - pointer to group record contents
- *
- * Returns:
- *
- * Returns whatever value is returned from the upcall to the caller
- * of groupEnumerate().
- */
-
-static int groupEnumHelp(NSErr_t * errp, void * parg,
- int namelen, char * name, int reclen, char * recptr)
-{
- GroupEnumArgs_t * ge = (GroupEnumArgs_t *)parg;
- GroupObj_t * goptr; /* group object pointer */
- int rv;
-
- goptr = groupDecode((NTS_t)name, reclen, (ATR_t)recptr);
-
- rv = (*ge->func)(errp, ge->user, goptr);
-
- if (!(ge->flags & GOF_ENUMKEEP)) {
- FREE(goptr);
- }
-
- return rv;
-}
-
-/*
- * Description (groupEnumerate)
- *
- * This function enumerates all of the groups in a specified group
- * database, calling a caller-specified function with a group object
- * for each group in the database. A 'flags' value of GOF_ENUMKEEP
- * can be specified to keep the group objects around (not free them)
- * after the caller's function returns. Otherwise, each group
- * object is freed after being presented to the caller's function.
- * The 'argp' argument is an opaque pointer, which is passed to
- * the caller's function as 'parg' on each call, along with a
- * group object pointer.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * groupdb - handle for group DB access
- * flags - bit flags:
- * GOF_ENUMKEEP - keep group objects
- * argp - passed to 'func' as 'parg'
- * func - pointer to caller's enumeration function
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise it is a
- * non-zero error code.
- */
-
-NSAPI_PUBLIC int groupEnumerate(NSErr_t * errp, void * groupdb, int flags, void * argp,
- int (*func)(NSErr_t * ferrp,
- void * parg, GroupObj_t * goptr))
-{
- int rv;
- GroupEnumArgs_t args;
-
- args.groupdb = groupdb;
- args.flags = flags;
- args.func = func;
- args.user = argp;
-
- rv = ndbEnumerate(errp,
- groupdb, NDBF_ENUMNORM, (void *)&args, groupEnumHelp);
-
- return rv;
-}
-
-/*
- * Description (groupFindByName)
- *
- * This function looks up a group record for a specified group name,
- * converts the group record to the internal group object form, and
- * returns a pointer to the group object.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * groupdb - handle for group DB access
- * name - group name to find
- *
- * Returns:
- *
- * If successful, the return value is a pointer to a group object
- * for the specified group. Otherwise it is 0.
- */
-
-NSAPI_PUBLIC GroupObj_t * groupFindByName(NSErr_t * errp, void * groupdb, NTS_t name)
-{
- GroupObj_t * goptr = 0;
- ATR_t grecptr;
- int greclen;
- int rv;
-
- /* Look up the group name in the database */
- rv = ndbFindName(errp, groupdb, 0, (char *)name, &greclen, (char **)&grecptr);
- if (rv == 0) {
-
- /* Got the group record. Decode into a group object. */
- goptr = groupDecode(name, greclen, grecptr);
- }
-
- return goptr;
-}
-
-/*
- * Description (groupFindByGid)
- *
- * This function looks up a group record for a specified group id,
- * converts the group record to the internal group object form, and
- * returns a pointer to the group object.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * groupdb - handle for group DB access
- * gid - group id to find
- *
- * Returns:
- *
- * If successful, the return value is a pointer to a group object
- * for the specified group. Otherwise it is 0.
- */
-
-NSAPI_PUBLIC GroupObj_t * groupFindByGid(NSErr_t * errp, void * groupdb, USI_t gid)
-{
- GroupObj_t * goptr = 0;
- NTS_t name;
- ATR_t grecptr;
- int greclen;
- int rv;
-
- /* Get the group account name corresponding to the gid */
- rv = ndbIdToName(errp, groupdb, gid, 0, (char **)&name);
- if (rv == 0) {
-
- rv = ndbFindName(errp, groupdb, 0, (char *)name, &greclen, (char **)&grecptr);
- if (rv == 0) {
-
- /* Got the group record. Decode into a group object. */
- goptr = groupDecode(name, greclen, grecptr);
- }
- }
-
- return goptr;
-}
-
-/*
- * Description (groupFree)
- *
- * This function is called to free a group object. Group objects
- * are not automatically freed when a group database is closed.
- *
- * Arguments:
- *
- * goptr - group object pointer
- *
- */
-
-NSAPI_PUBLIC void groupFree(GroupObj_t * goptr)
-{
- if (goptr) {
-
- if (goptr->go_name) FREE(goptr->go_name);
- if (goptr->go_desc) FREE(goptr->go_desc);
- UILFREE(&goptr->go_users);
- UILFREE(&goptr->go_groups);
- UILFREE(&goptr->go_pgroups);
- FREE(goptr);
- }
-}
diff --git a/lib/libaccess/nslock.cpp b/lib/libaccess/nslock.cpp
deleted file mode 100644
index 40841a86..00000000
--- a/lib/libaccess/nslock.cpp
+++ /dev/null
@@ -1,268 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nslock.c)
- *
- * This modules provides an interprocess locking mechanism, based
- * on a named lock.
- */
-
-#include "netsite.h"
-#include "base/file.h"
-#define __PRIVATE_NSLOCK
-#include "nslock.h"
-#include <assert.h>
-
-char * NSLock_Program = "NSLOCK";
-
-#ifdef FILE_UNIX
-/*
- * The process-wide list of locks, NSLock_List, is protected by the
- * critical section, NSLock_Crit.
- */
-CRITICAL NSLock_Crit = 0;
-NSLock_t * NSLock_List = 0;
-#endif /* FILE_UNIX */
-
-/*
- * Description (nsLockOpen)
- *
- * This function is used to initialize a handle for a lock. The
- * caller specifies a unique name for the lock, and a handle is
- * returned. The returned handle should be used by only one
- * thread at a time, i.e. if multiple threads in a process are
- * using the same lock, they should either have their own handles
- * or protect a single handle with a critical section.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * lockname - pointer to name of lock
- * plock - pointer to returned handle for lock
- *
- * Returns:
- *
- * If successful, a handle for the specified lock is returned via
- * 'plock', and the return value is zero. Otherwise the return
- * value is a negative error code (see nslock.h), and an error
- * frame is generated if an error frame list was provided.
- */
-
-NSAPI_PUBLIC int nsLockOpen(NSErr_t * errp, char * lockname, void **plock)
-{
- NSLock_t * nl = 0; /* pointer to lock structure */
- int len; /* length of lockname */
- int eid;
- int rv;
-
-#ifdef FILE_UNIX
- /* Have we created the critical section for NSLock_List yet? */
- if (NSLock_Crit == 0) {
-
- /* Narrow the window for simultaneous initialization */
- NSLock_Crit = (CRITICAL)(-1);
-
- /* Create it */
- NSLock_Crit = crit_init();
- }
-
- /* Lock the list of locks */
- crit_enter(NSLock_Crit);
-
- /* See if a lock with the specified name exists already */
- for (nl = NSLock_List; nl != 0; nl = nl->nl_next) {
- if (!strcmp(nl->nl_name, lockname)) break;
- }
-
- /* Create a new lock if we didn't find it */
- if (nl == 0) {
-
- len = strlen(lockname);
-
- nl = (NSLock_t *)PERM_MALLOC(sizeof(NSLock_t) + len + 5);
- if (nl == 0) goto err_nomem;
-
- nl->nl_name = (char *)(nl + 1);
- strcpy(nl->nl_name, lockname);
- strcpy(&nl->nl_name[len], ".lck");
- nl->nl_cnt = 0;
-
- nl->nl_fd = open(nl->nl_name, O_RDWR|O_CREAT|O_EXCL, 0644);
- if (nl->nl_fd < 0) {
-
- if (errno != EEXIST) {
- crit_exit(NSLock_Crit);
- goto err_create;
- }
-
- /* O_RDWR or O_WRONLY is required to use lockf on Solaris */
- nl->nl_fd = open(nl->nl_name, O_RDWR, 0);
- if (nl->nl_fd < 0) {
- crit_exit(NSLock_Crit);
- goto err_open;
- }
- }
-
- /* Remove ".lck" from the lock name */
- nl->nl_name[len] = 0;
-
- /* Create a critical section for this lock (gag!) */
- nl->nl_crit = crit_init();
-
- /* Add this lock to NSLock_List */
- nl->nl_next = NSLock_List;
- NSLock_List = nl;
- }
-
- crit_exit(NSLock_Crit);
-
-#else
-/* write me */
- nl = (void *)4;
-#endif /* FILE_UNIX */
-
- *plock = (void *)nl;
- return 0;
-
- err_nomem:
- eid = NSLERR1000;
- rv = NSLERRNOMEM;
- nserrGenerate(errp, rv, eid, NSLock_Program, 0);
- goto punt;
-
- err_create:
- eid = NSLERR1020;
- rv = NSLERRCREATE;
- goto err_file;
-
- err_open:
- eid = NSLERR1040;
- rv = NSLERROPEN;
- err_file:
- nserrGenerate(errp, rv, eid, NSLock_Program, 1, nl->nl_name);
- punt:
- if (nl) {
- FREE(nl);
- }
- *plock = 0;
- return rv;
-}
-
-/*
- * Description (nsLockAcquire)
- *
- * This function is used to acquire exclusive ownership of a lock
- * previously accessed via nsLockOpen(). The calling thread will
- * be blocked until the lock is acquired. Other threads in the
- * process should not be blocked.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * lock - handle for lock from nsLockOpen()
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise the return
- * value is a negative error code (see nslock.h), and an error
- * frame is generated if an error frame list was provided.
- */
-
-NSAPI_PUBLIC int nsLockAcquire(NSErr_t * errp, void * lock)
-{
- NSLock_t * nl = (NSLock_t *)lock;
- int eid;
- int rv;
-
-#ifdef FILE_UNIX
- /* Enter the critical section for the lock */
- crit_enter(nl->nl_crit);
-
- /* Acquire the file lock if we haven't already */
- if (nl->nl_cnt == 0) {
- rv = system_flock(nl->nl_fd);
- if (rv) {
- crit_exit(nl->nl_crit);
- goto err_lock;
- }
- }
-
- /* Bump the lock count */
- nl->nl_cnt++;
-
- crit_exit(nl->nl_crit);
-#else
- /* write me */
-#endif /* FILE_UNIX */
-
- /* Indicate success */
- return 0;
-
- err_lock:
- eid = NSLERR1100;
- rv = NSLERRLOCK;
- nserrGenerate(errp, rv, eid, NSLock_Program, 1, nl->nl_name);
-
- return rv;
-}
-
-/*
- * Description (nsLockRelease)
- *
- * This function is used to release exclusive ownership to a lock
- * that was previously obtained via nsLockAcquire().
- *
- * Arguments:
- *
- * lock - handle for lock from nsLockOpen()
- */
-
-NSAPI_PUBLIC void nsLockRelease(void * lock)
-{
- NSLock_t * nl = (NSLock_t *)lock;
-
-#ifdef FILE_UNIX
- assert(nl->nl_cnt > 0);
-
- crit_enter(nl->nl_crit);
-
- if (--nl->nl_cnt <= 0) {
- system_ulock(nl->nl_fd);
- nl->nl_cnt = 0;
- }
-
- crit_exit(nl->nl_crit);
-#endif /* FILE_UNIX */
-}
-
-/*
- * Description (nsLockClose)
- *
- * This function is used to close a lock handle that was previously
- * acquired via nsLockOpen(). The lock should not be owned.
- *
- * Arguments:
- *
- * lock - handle for lock from nsLockOpen()
- */
-
-NSAPI_PUBLIC void nsLockClose(void * lock)
-{
- NSLock_t * nl = (NSLock_t *)lock;
-
-#ifdef FILE_UNIX
- /* Don't do anything with the lock, since it will get used again */
-#if 0
- crit_enter(nl->nl_crit);
- close(nl->nl_fd);
- crit_exit(nl->nl_crit);
- FREE(nl);
-#endif
-#else
- /* write me */
-#endif FILE_UNIX
-}
diff --git a/lib/libaccess/nsumgmt.cpp b/lib/libaccess/nsumgmt.cpp
deleted file mode 100644
index 06987483..00000000
--- a/lib/libaccess/nsumgmt.cpp
+++ /dev/null
@@ -1,456 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsumgmt.c)
- *
- * This module contains routines for managing information in a
- * Netscape user database. Information for a particular user
- * is modified by retrieving the current information in the form
- * of a user object (UserObj_t), calling functions in this module,
- * to modify the user object, and then calling userStore() to
- * write the information in the user object back to the database.
- */
-
-#include "base/systems.h"
-#include "netsite.h"
-#include "assert.h"
-#include "libaccess/nsdbmgmt.h"
-#define __PRIVATE_NSUSER
-#include "libaccess/nsumgmt.h"
-
-/*
- * Description (userAddGroup)
- *
- * This function adds a group id to the list of group ids associated
- * with a user object.
- *
- * Arguments:
- *
- * uoptr - user object pointer
- * gid - group id to be added
- *
- * Returns:
- *
- * Returns zero if the group id is already present in the group id list.
- * Returns one if the group id was added successfully.
- * Returns a negative value if an error occurs.
- */
-
-int userAddGroup(UserObj_t * uoptr, USI_t gid)
-{
- int rv;
-
- rv = usiInsert(&uoptr->uo_groups, gid);
-
- if (rv > 0) {
-
- uoptr->uo_flags |= UOF_MODIFIED;
- }
-
- return rv;
-}
-
-/*
- * Description (userCreate)
- *
- * This function creates a user object, using information about
- * the user provided by the caller. The strings passed for the
- * user account name, password, and real user name may be on the
- * stack. The user id is set to zero, but the user object is
- * marked as being new. A user id will be assigned when
- * userStore() is called to add the user to a user database.
- *
- * Arguments:
- *
- * name - pointer to user account name string
- * pwd - pointer to (encrypted) password string
- * rname - real user name (gecos string)
- *
- * Returns:
- *
- * A pointer to a dynamically allocated UserObj_t structure is
- * returned.
- */
-
-NSAPI_PUBLIC UserObj_t * userCreate(NTS_t name, NTS_t pwd, NTS_t rname)
-{
- UserObj_t * uoptr; /* user object pointer */
-
- uoptr = (UserObj_t *)MALLOC(sizeof(UserObj_t));
- if (uoptr) {
- uoptr->uo_name = (NTS_t)STRDUP((char *)name);
- uoptr->uo_pwd = (pwd) ? (NTS_t)STRDUP((char *)pwd) : 0;
- uoptr->uo_uid = 0;
- uoptr->uo_flags = (UOF_MODIFIED | UOF_NEW);
- uoptr->uo_rname = (rname) ? (NTS_t)STRDUP((char *)rname) : 0;
- UILINIT(&uoptr->uo_groups);
- }
-
- return uoptr;
-}
-
-/*
- * Description (userDeleteGroup)
- *
- * This function removes a specified group id from a user object's
- * list of groups.
- *
- * Arguments:
- *
- * uoptr - pointer to user object
- * gid - group id to remove
- *
- * Returns:
- *
- * The return value is zero if the specified group id was not present
- * in the user object, or one if the group was successfully removed.
- */
-
-int userDeleteGroup(UserObj_t * uoptr, USI_t gid)
-{
- int rv; /* return value */
-
- rv = usiRemove(&uoptr->uo_groups, gid);
- if (rv > 0) {
- uoptr->uo_flags |= UOF_MODIFIED;
- }
-
- return rv;
-}
-
-/*
- * Description (userEncode)
- *
- * This function encodes a user object into a user DB record.
- *
- * Arguments:
- *
- * uoptr - pointer to user object
- * ureclen - pointer to returned record length
- * urecptr - pointer to returned record pointer
- *
- * Returns:
- *
- * The function return value is zero if successful. The length
- * and location of the created attribute record are returned
- * through 'ureclen' and 'urecptr'. A non-zero function value
- * is returned if there's an error.
- */
-
-int userEncode(UserObj_t * uoptr, int * ureclen, ATR_t * urecptr)
-{
- int reclen; /* length of DB record */
- ATR_t rptr; /* DB record pointer */
- ATR_t rstart = 0; /* pointer to beginning of DB record */
- ATR_t glptr; /* saved pointer to UAT_GROUPS length */
- ATR_t gptr; /* saved pointer to after length at glptr */
- int pwdlen; /* password encoding length */
- int uidlen; /* uid encoding length */
- int fllen; /* account flags encoding length */
- USI_t rnlen; /* real name encoding length */
- USI_t nglen; /* group count encoding length */
- USI_t gcnt; /* number of group ids */
- USI_t * gids; /* pointer to array of group ids */
- int i; /* group id index */
- int rv = -1;
-
- /*
- * First we need to figure out how long the generated record will be.
- * This doesn't have to be exact, but it must not be smaller than the
- * actual record size.
- */
-
- /* UAT_PASSWORD attribute: tag, length, NTS */
- pwdlen = NTSLENGTH(uoptr->uo_pwd);
- reclen = 1 + 1 + pwdlen;
- if (pwdlen > 127) goto punt;
-
- /* UAT_UID attribute: tag, length, USI */
- uidlen = USILENGTH(uoptr->uo_uid);
- reclen += (1 + 1 + uidlen);
-
- /* UAT_ACCFLAGS attribute: tag, length, USI */
- fllen = USILENGTH(uoptr->uo_flags & UOF_DBFLAGS);
- reclen += (1 + 1 + fllen);
-
- /* UAT_REALNAME attribute: tag, length, NTS */
- rnlen = NTSLENGTH(uoptr->uo_rname);
- reclen += (1 + USILENGTH(rnlen) + rnlen);
-
- /* UAT_GROUPS attribute: tag, length, USI(count), USI(gid)... */
- gcnt = UILCOUNT(&uoptr->uo_groups);
- nglen = USILENGTH(gcnt);
- reclen += (1 + USIALLOC() + nglen + (5 * gcnt));
-
- /* Allocate the attribute record buffer */
- rptr = (ATR_t)MALLOC(reclen);
- if (rptr) {
-
- /* Save pointer to start of record */
- rstart = rptr;
-
- /* Encode UAT_PASSWORD attribute */
- *rptr++ = UAT_PASSWORD;
- *rptr++ = pwdlen;
- rptr = NTSENCODE(rptr, uoptr->uo_pwd);
-
- /* Encode UAT_UID attribute */
- *rptr++ = UAT_UID;
- *rptr++ = uidlen;
- rptr = USIENCODE(rptr, uoptr->uo_uid);
-
- /* Encode UAT_ACCFLAGS attribute */
- *rptr++ = UAT_ACCFLAGS;
- *rptr++ = fllen;
- rptr = USIENCODE(rptr, (uoptr->uo_flags & UOF_DBFLAGS));
-
- /* Encode UAT_REALNAME attribute */
- *rptr++ = UAT_REALNAME;
- rptr = USIENCODE(rptr, rnlen);
- rptr = NTSENCODE(rptr, uoptr->uo_rname);
-
- /* Encode UAT_GROUPS attribute */
- *rptr++ = UAT_GROUPS;
-
- /*
- * Save a pointer to the attribute encoding length, and reserve
- * space for the maximum encoding size of a USI_t value.
- */
- glptr = rptr;
- rptr += USIALLOC();
- gptr = rptr;
-
- /* Encode number of groups */
- rptr = USIENCODE(rptr, gcnt);
-
- /* Generate group ids encodings */
- gids = UILLIST(&uoptr->uo_groups);
- for (i = 0; i < gcnt; ++i) {
- rptr = USIENCODE(rptr, gids[i]);
- }
-
- /* Now fix up the UAT_GROUPS attribute encoding length */
- glptr = USIINSERT(glptr, (USI_t)(rptr - gptr));
-
- /* Return record length and location if requested */
- if (ureclen) *ureclen = rptr - rstart;
- if (urecptr) *urecptr = rstart;
-
- /* Indicate success */
- rv = 0;
- }
-
- punt:
- return rv;
-}
-
-/*
- * Description (userRemove)
- *
- * This function is called to remove a user from a specified user
- * database. Both the primary DB file and the id-to-name DB file
- * are updated.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * userdb - handle for user DB access
- * flags - (unused - must be zero)
- * name - pointer to user account name
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise it is a
- * non-zero error code.
- */
-
-NSAPI_PUBLIC int userRemove(NSErr_t * errp, void * userdb, int flags, NTS_t name)
-{
- UserObj_t * uoptr; /* user object pointer */
- int rv;
- int rv2;
-
- /* First retrieve the user record */
- uoptr = userFindByName(errp, userdb, name);
- if (!uoptr) {
- /* Error - specified user not found */
- return NSAERRNAME;
- }
-
- /* Free the user id value, if any */
- rv = 0;
- if (uoptr->uo_uid != 0) {
- rv = ndbFreeId(errp, userdb, 0, (char *)name, uoptr->uo_uid);
- }
-
- rv2 = ndbDeleteName(errp, userdb, 0, 0, (char *)name);
-
- return (rv) ? rv : rv2;
-}
-
-/*
- * Description (userRename)
- *
- * This function is called to change the account name associated
- * with an existing user. The caller provides a pointer to a
- * user object for the existing user (with the current user account
- * name referenced by uo_name), and the new account name for this
- * user. A check is made to ensure the uniqueness of the new name
- * in the specified user database. The account name in the user
- * object is modified. The user database is not modified until
- * userStore() is called.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * userdb - handle for user DB access
- * uoptr - user object pointer
- * newname - pointer to new account name string
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise it is a
- * non-zero error code. The user object remains intact in either
- * case.
- */
-
-NSAPI_PUBLIC int userRename(NSErr_t * errp, void * userdb, UserObj_t * uoptr, NTS_t newname)
-{
- int reclen; /* user record length */
- ATR_t recptr = 0; /* user record pointer */
- char * oldname; /* old user account name */
- int eid; /* error id code */
- int rv; /* result value */
-
- /* Save the current account name and replace it with the new one */
- oldname = (char *)uoptr->uo_name;
- uoptr->uo_name = (unsigned char *) STRDUP((char *)newname);
-
- if ((oldname != 0) && !(uoptr->uo_flags & UOF_NEW)) {
-
- /* Convert the information in the user object to a DB record */
- rv = userEncode(uoptr, &reclen, &recptr);
- if (rv) goto err_nomem;
-
- /*
- * Store the record in the database
- * under the new user account name.
- */
- rv = ndbStoreName(errp, userdb, NDBF_NEWNAME,
- 0, (char *)uoptr->uo_name, reclen, (char *)recptr);
- if (rv) goto punt;
-
- /* Change the mapping of the user id to the new name */
- rv = ndbRenameId(errp, userdb, 0, (char *)uoptr->uo_name, uoptr->uo_uid);
- if (rv) goto punt;
-
- /* Delete the user record with the old account name */
- rv = ndbDeleteName(errp, userdb, 0, 0, oldname);
- if (rv) goto punt;
- }
- else {
- /* Set flags in user object for userStore() */
- uoptr->uo_flags |= UOF_MODIFIED;
- }
-
- punt:
- if (recptr) {
- FREE(recptr);
- }
- if (oldname) {
- FREE(oldname);
- }
- return rv;
-
- err_nomem:
- eid = NSAUERR1000;
- rv = NSAERRNOMEM;
- nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
- goto punt;
-}
-
-/*
- * Description (userStore)
- *
- * This function is called to store a user object in the database.
- * If the object was created by userCreate(), it is assumed to be
- * a new user account, the user account name must not match any
- * existing user account names in the database, and a uid is
- * assigned before adding the user to the database. If the object
- * was created by userFindByName(), the information in the user
- * object will replace the existing database entry for the
- * indicated user account name.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * userdb - handle for user DB access
- * flags - (unused - must be zero)
- * uoptr - user object pointer
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise it is a
- * non-zero error code. The user object remains intact in either
- * case.
- */
-
-NSAPI_PUBLIC int userStore(NSErr_t * errp, void * userdb, int flags, UserObj_t * uoptr)
-{
- ATR_t recptr = 0;
- USI_t uid;
- int reclen = 0;
- int stflags = 0;
- int eid;
- int rv;
-
- /* If this is a new user, allocate a uid value */
- if (uoptr->uo_flags & UOF_NEW) {
- /*
- * Yes, allocate a user id and add a user id to user
- * account name mapping to the id-to-name DB file.
- */
- uid = 0;
- rv = ndbAllocId(errp, userdb, 0, (char *)uoptr->uo_name, &uid);
- if (rv) goto punt;
-
- uoptr->uo_uid = uid;
-
- /* Let the database manager know that this is a new entry */
- stflags = NDBF_NEWNAME;
- }
-
- /* Convert the information in the user object to a DB record */
- rv = userEncode(uoptr, &reclen, &recptr);
- if (rv) goto err_nomem;
-
- /* Store the record in the database under the user account name. */
- rv = ndbStoreName(errp, userdb, stflags,
- 0, (char *)uoptr->uo_name, reclen, (char *)recptr);
- if (rv) goto punt;
-
- FREE(recptr);
- recptr = 0;
-
- uoptr->uo_flags &= ~(UOF_NEW | UOF_MODIFIED);
- return 0;
-
- err_nomem:
- eid = NSAUERR1100;
- rv = NSAERRNOMEM;
- nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
-
- punt:
- if (recptr) {
- FREE(recptr);
- }
- if ((uoptr->uo_flags & UOF_NEW) && (uid != 0)) {
- /* Free the user id value if we failed after allocating it */
- ndbFreeId(errp, userdb, 0, (char *)uoptr->uo_name, uid);
- }
- return rv;
-}
diff --git a/lib/libaccess/nsuser.cpp b/lib/libaccess/nsuser.cpp
deleted file mode 100644
index 6ce44fdc..00000000
--- a/lib/libaccess/nsuser.cpp
+++ /dev/null
@@ -1,309 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsuser.c)
- *
- * This module contains routines for accessing information in a
- * Netscape user database. User information is returned in the
- * form of a user object (UserObj_t), defined in nsauth.h.
- */
-
-#include "base/systems.h"
-#include "netsite.h"
-#include "assert.h"
-#define __PRIVATE_NSUSER
-#include "libaccess/nsuser.h"
-
-/* Authentication facility name for error frame generation */
-char * NSAuth_Program = "NSAUTH";
-
-/*
- * Description (userDecode)
- *
- * This function decodes an external user DB record into a dynamically
- * allocated UserObj_t structure. The DB record is encoded as an
- * attribute record as defined in attrec.h.
- *
- * Arguments:
- *
- * name - pointer to user account name string
- * ureclen - length of the user DB record, in octets
- * urecptr - pointer to user DB record
- *
- * Returns:
- *
- * A pointer to the allocated UserObj_t structure is returned.
- */
-
-UserObj_t * userDecode(NTS_t name, int ureclen, ATR_t urecptr)
-{
- ATR_t cp = urecptr; /* current pointer into DB record */
- USI_t tag; /* attribute tag */
- USI_t len; /* attribute value encoding length */
- USI_t gcnt; /* number of group ids */
- USI_t * gids; /* pointer to array of group ids */
- int i; /* group id index */
- UserObj_t * uoptr; /* user object pointer */
-
- /* Allocate a user object structure */
- uoptr = (UserObj_t *)MALLOC(sizeof(UserObj_t));
- if (uoptr) {
-
- uoptr->uo_name = (unsigned char *) STRDUP((char *)name);
- uoptr->uo_pwd = 0;
- uoptr->uo_uid = 0;
- uoptr->uo_flags = 0;
- uoptr->uo_rname = 0;
- UILINIT(&uoptr->uo_groups);
-
- /* Parse user DB record */
- while ((cp - urecptr) < ureclen) {
-
- /* Get the attribute tag */
- cp = USIDECODE(cp, &tag);
-
- /* Get the length of the encoding of the attribute value */
- cp = USIDECODE(cp, &len);
-
- /* Process this attribute */
- switch (tag) {
-
- case UAT_PASSWORD: /* encrypted password */
- cp = NTSDECODE(cp, &uoptr->uo_pwd);
- break;
-
- case UAT_UID: /* user id */
- cp = USIDECODE(cp, &uoptr->uo_uid);
- break;
-
- case UAT_ACCFLAGS: /* account flags */
- cp = USIDECODE(cp, &uoptr->uo_flags);
- break;
-
- case UAT_REALNAME: /* real name of user */
- cp = NTSDECODE(cp, &uoptr->uo_rname);
- break;
-
- case UAT_GROUPS: /* groups which include user */
-
- /* First get the number of group ids following */
- cp = USIDECODE(cp, &gcnt);
-
- if (gcnt > 0) {
-
- /* Allocate space for group ids */
- gids = usiAlloc(&uoptr->uo_groups, gcnt);
- if (gids) {
- for (i = 0; i < gcnt; ++i) {
- cp = USIDECODE(cp, gids + i);
- }
- }
- }
- break;
-
- default: /* unrecognized attribute */
- /* Just skip it */
- cp += len;
- break;
- }
- }
- }
-
- return uoptr;
-}
-
-/*
- * Description (userEnumHelp)
- *
- * This is a local function that is called by NSDB during user
- * database enumeration. It decodes user records into user
- * objects, and presents them to the caller of userEnumerate().
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * parg - pointer to UserEnumArgs_t structure
- * namelen - user record key length including null
- * terminator
- * name - user record key (user account name)
- * reclen - length of user record
- * recptr - pointer to user record contents
- *
- * Returns:
- *
- * Returns whatever value is returned from the upcall to the caller
- * of userEnumerate().
- */
-
-static int userEnumHelp(NSErr_t * errp, void * parg,
- int namelen, char * name, int reclen, char * recptr)
-{
- UserEnumArgs_t * ue = (UserEnumArgs_t *)parg;
- UserObj_t * uoptr; /* user object pointer */
- int rv;
-
- uoptr = userDecode((NTS_t)name, reclen, (ATR_t)recptr);
-
- rv = (*ue->func)(errp, ue->user, uoptr);
-
- if (!(ue->flags & UOF_ENUMKEEP)) {
- userFree(uoptr);
- }
-
- return rv;
-}
-
-/*
- * Description (userEnumerate)
- *
- * This function enumerates all of the users in a specified user
- * database, calling a caller-specified function with a user object
- * for each user in the database. A 'flags' value of UOF_ENUMKEEP
- * can be specified to keep the user objects around (not free them)
- * after the caller's function returns. Otherwise, each user
- * object is freed after being presented to the caller's function.
- * The 'argp' argument is an opaque pointer, which is passed to
- * the caller's function as 'parg' on each call, along with a
- * user object pointer.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * userdb - handle for user DB access
- * flags - bit flags:
- * UOF_ENUMKEEP - keep user objects
- * argp - passed to 'func' as 'parg'
- * func - pointer to caller's enumeration function
- *
- * Returns:
- *
- * If successful, the return value is zero. Otherwise it is a
- * non-zero error code, and an error frame is generated if an error
- * frame list was provided by the caller.
- */
-
-int userEnumerate(NSErr_t * errp, void * userdb, int flags, void * argp,
- int (*func)(NSErr_t * ferrp, void * parg, UserObj_t * uoptr))
-{
- int rv;
- UserEnumArgs_t args;
-
- args.userdb = userdb;
- args.flags = flags;
- args.func = func;
- args.user = argp;
-
- rv = ndbEnumerate(errp,
- userdb, NDBF_ENUMNORM, (void *)&args, userEnumHelp);
-
- return rv;
-}
-
-/*
- * Description (userFindByName)
- *
- * This function looks up a user record for a specified user account
- * name, converts the user record to the internal user object form,
- * and returns a pointer to the user object.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * userdb - handle for user DB access
- * name - user account name to find
- *
- * Returns:
- *
- * If successful, the return value is a pointer to a user object
- * for the specified user. Otherwise it is 0, and an error frame
- * is generated if an error frame list was provided by the caller.
- */
-
-UserObj_t * userFindByName(NSErr_t * errp, void * userdb, NTS_t name)
-{
- UserObj_t * uoptr = 0;
- ATR_t urecptr;
- int ureclen;
- int rv;
-
- /* Look up the user name in the database */
- rv = ndbFindName(errp, userdb, 0, (char *) name, &ureclen, (char **)&urecptr);
- if (rv == 0) {
-
- /* Got the user record. Decode into a user object. */
- uoptr = userDecode(name, ureclen, urecptr);
- }
-
- return uoptr;
-}
-
-/*
- * Description (userFindByUid)
- *
- * This function looks up a user record for a specified user id,
- * converts the user record to the internal user object form, and
- * returns a pointer to the user object.
- *
- * Arguments:
- *
- * errp - error frame list pointer (may be null)
- * userdb - handle for user DB access
- * uid - user id to find
- *
- * Returns:
- *
- * If successful, the return value is a pointer to a user object
- * for the specified user. Otherwise it is 0, and an error frame
- * is generated if an error frame list was provided by the caller.
- */
-
-UserObj_t * userFindByUid(NSErr_t * errp, void * userdb, USI_t uid)
-{
- UserObj_t * uoptr = 0;
- NTS_t name;
- ATR_t urecptr;
- int ureclen;
- int rv;
-
- /* Get the user account name corresponding to the uid */
- rv = ndbIdToName(errp, userdb, uid, 0, (char **)&name);
- if (rv == 0) {
-
- rv = ndbFindName(errp, userdb, 0, (char *)name, &ureclen, (char **)&urecptr);
- if (rv == 0) {
-
- /* Got the user record. Decode into a user object. */
- uoptr = userDecode(name, ureclen, urecptr);
- }
- }
-
- return uoptr;
-}
-
-/*
- * Description (userFree)
- *
- * This function is called to free a user object. User objects
- * are not automatically freed when a user database is closed.
- *
- * Arguments:
- *
- * uoptr - user object pointer
- *
- */
-
-NSAPI_PUBLIC void userFree(UserObj_t * uoptr)
-{
- if (uoptr) {
-
- if (uoptr->uo_name) FREE(uoptr->uo_name);
- if (uoptr->uo_pwd) FREE(uoptr->uo_pwd);
- if (uoptr->uo_rname) FREE(uoptr->uo_rname);
- UILFREE(&uoptr->uo_groups);
- FREE(uoptr);
- }
-}
diff --git a/lib/libaccess/register.h b/lib/libaccess/register.h
deleted file mode 100644
index 18e6a4b4..00000000
--- a/lib/libaccess/register.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-#ifndef ACL_REGISTER_HEADER
-#define ACL_REGISTER_HEADER
-
-#include <libaccess/nserror.h>
-#include <libaccess/acl.h>
-#include <libaccess/las.h>
-
-typedef void * ACLMethod_t;
-#define ACL_METHOD_ANY (ACLMethod_t)-1
-#define ACL_METHOD_INVALID (ACLMethod_t)-2
-typedef void * ACLDbType_t;
-#define ACL_DBTYPE_ANY (ACLDbType_t)-1
-#define ACL_DBTYPE_INVALID (ACLDbType_t)-2
-
-typedef struct ACLGetter_s {
- ACLMethod_t method;
- ACLDbType_t db;
- AttrGetterFn fn;
-} ACLGetter_t;
-typedef ACLGetter_s * ACLGetter_p;
-
-/*
- * Command values for the "position" argument to ACL_RegisterGetter
- * Any positive >0 value is the specific position in the list to insert
- * the new function.
- */
-#define ACL_AT_FRONT 0
-#define ACL_AT_END -1
-#define ACL_REPLACE_ALL -2
-#define ACL_REPLACE_MATCHING -3
-
-#ifdef ACL_LIB_INTERNAL
-#define ACL_MAX_METHOD 32
-#define ACL_MAX_DBTYPE 32
-#endif
-
-NSPR_BEGIN_EXTERN_C
-
-NSAPI_PUBLIC extern int
- ACL_LasRegister( NSErr_t *errp, char *attr_name, LASEvalFunc_t
- eval_func, LASFlushFunc_t flush_func );
-NSAPI_PUBLIC extern int
- ACL_LasFindEval( NSErr_t *errp, char *attr_name, LASEvalFunc_t
- *eval_funcp );
-NSAPI_PUBLIC extern int
- ACL_LasFindFlush( NSErr_t *errp, char *attr_name, LASFlushFunc_t
- *flush_funcp );
-extern void
- ACL_LasHashInit( void );
-extern void
- ACL_LasHashDestroy( void );
-
-/*
- * Revised, normalized method/dbtype registration routines
- */
-NSAPI_PUBLIC extern int
- ACL_MethodRegister(const char *name, ACLMethod_t *t);
-NSAPI_PUBLIC extern int
- ACL_MethodIsEqual(ACLMethod_t t1, ACLMethod_t t2);
-NSAPI_PUBLIC extern int
- ACL_MethodNameIsEqual(ACLMethod_t t, const char *name);
-NSAPI_PUBLIC extern int
- ACL_MethodFind(const char *name, ACLMethod_t *t);
-NSAPI_PUBLIC extern ACLMethod_t
- ACL_MethodGetDefault();
-NSAPI_PUBLIC extern void
- ACL_MethodSetDefault();
-NSAPI_PUBLIC extern int
- ACL_AuthInfoGetMethod(PList_t auth_info, ACLMethod_t *t);
-
-NSAPI_PUBLIC extern int
- ACL_DbTypeRegister(const char *name, DbParseFn_t func, ACLDbType_t *t);
-NSAPI_PUBLIC extern int
- ACL_DbTypeIsEqual(ACLDbType_t t1, ACLDbType_t t2);
-NSAPI_PUBLIC extern int
- ACL_DbTypeNameIsEqual(ACLDbType_t t, const char *name);
-NSAPI_PUBLIC extern int
- ACL_DbTypeFind(const char *name, ACLDbType_t *t);
-NSAPI_PUBLIC extern ACLDbType_t
- ACL_DbTypeGetDefault();
-NSAPI_PUBLIC extern void
- ACL_DbTypeSetDefault();
-NSAPI_PUBLIC extern int
- ACL_AuthInfoGetDbType(PList_t auth_info, ACLDbType_t *t);
-
-NSAPI_PUBLIC extern int
- ACL_RegisterGetter(AttrGetterFn fn, ACLMethod_t m, ACLDbType_t d, int
- position, void *arg);
-
-NSPR_END_EXTERN_C
-
-#endif
diff --git a/lib/libaccess/userauth.cpp b/lib/libaccess/userauth.cpp
deleted file mode 100644
index 00a95e84..00000000
--- a/lib/libaccess/userauth.cpp
+++ /dev/null
@@ -1,12 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/* userauth.c
- * This file contain code to authenticate user.
- */
-
-
-
diff --git a/lib/libaccess/utest.mk b/lib/libaccess/utest.mk
deleted file mode 100644
index 69f25b4e..00000000
--- a/lib/libaccess/utest.mk
+++ /dev/null
@@ -1,61 +0,0 @@
-#
-# BEGIN COPYRIGHT BLOCK
-# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
-# All rights reserved.
-# END COPYRIGHT BLOCK
-#
-
-#CFLAGS = -g -DDEBUG -I.
-CFLAGS = -g -I. -I../../../include $(TESTFLAGS)
-#LEX = flex
-CC=gcc
-
-HEAD = aclparse.h acltools.h lparse.h acl.h acleval.h lasdns.h lasip.h mthash.h stubs.h aclscan.h acl.tab.h
-XSRC = aclparse.y aclscan.l
-CSRC = acleval.c aclutil.c lasdns.c lasip.c lastod.c mthash.c testmain.c acltools.c space.c acl.tab.c acl.yy.c
-SRC = $(HEAD) $(XSRC) $(CSRC)
-
-XOBJ = acl.tab.o acl.yy.o testmain.o acltools.o
-COBJ = $(CSRC:%.c=%.o)
-OBJ = $(XOBJ) $(COBJ)
-
-always: $(OBJ)
-
-acleval.o: stubs.h aclparse.h acl.h acleval.h mthash.h
-
-aclutil.o: acl.h aclparse.h
-
-lasdns.o: acl.h aclparse.h lasdns.h mthash.h
-
-lasip.o: acl.h aclparse.h lasip.h
-
-lastod.o: acl.h aclparse.h
-
-acltools.o: aclparse.h aclscan.h lparse.h aclparse.y
-
-testmain.o: aclparse.h acltools.h
-
-acl.yy.o: acl.yy.c acl.tab.h
-
-acl.yy.o acl.tab.o acltools.o: aclparse.h acltools.h lparse.h
-
-yacc: aclparse.y
- $(YACC) -dv aclparse.y
- mv y.tab.h acl.tab.h
- mv y.tab.c acl.tab.c
-#sed -f yy-sed y.tab.h > acl.tab.h
-#sed -f yy-sed y.tab.c > acl.tab.c
-
-# Should only run this on an SGI, where flex() is present
-flex: aclscan.l
- $(LEX) aclscan.l
- mv lex.yy.c acl.yy.c
-#sed -f yy-sed lex.yy.c > acl.yy.c
-
-clean:
- rm -f aclparse aclparse.pure y.output acl.tab.c acl.tab.h acl.yy.c lex.yy.c y.tab.c y.tab.h aclparse.c $(OBJ)
-
-# Check it out from the RCS directory
-$(SRC): RCS/$$@,v
- co $@
diff --git a/lib/libaccess/winnt.l b/lib/libaccess/winnt.l
deleted file mode 100644
index 38fc4594..00000000
--- a/lib/libaccess/winnt.l
+++ /dev/null
@@ -1,762 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#include <stdio.h>
-# define U(x) x
-# define NLSTATE yyprevious=YYNEWLINE
-# define BEGIN yybgin = yysvec + 1 +
-# define INITIAL 0
-# define YYLERR yysvec
-# define YYSTATE (yyestate-yysvec-1)
-# define YYOPTIM 1
-# define YYLMAX BUFSIZ
-#ifndef __cplusplus
-# define output(c) (void)putc(c,yyout)
-#else
-# define lex_output(c) (void)putc(c,yyout)
-#endif
-
-#if defined(__cplusplus) || defined(__STDC__)
-
-#if defined(__cplusplus) && defined(__EXTERN_C__)
-extern "C" {
-#endif
- int yyback(int *, int);
- int yyinput(void);
- int yylook(void);
- void yyoutput(int);
- int yyracc(int);
- int yyreject(void);
- void yyunput(int);
- int yylex(void);
-#ifdef YYLEX_E
- void yywoutput(wchar_t);
- wchar_t yywinput(void);
-#endif
-#ifndef yyless
- void yyless(int);
-#endif
-#ifndef yywrap
- int yywrap(void);
-#endif
-#ifdef LEXDEBUG
- void allprint(char);
- void sprint(char *);
-#endif
-#if defined(__cplusplus) && defined(__EXTERN_C__)
-}
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
- void exit(int);
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-# define unput(c) {yytchar= (c);if(yytchar=='\n')yylineno--;*yysptr++=yytchar;}
-# define yymore() (yymorfg=1)
-#ifndef __cplusplus
-# define input() (((yytchar=yysptr>yysbuf?U(*--yysptr):getc(yyin))==10?(yylineno++,yytchar):yytchar)==EOF?0:yytchar)
-#else
-# define lex_input() (((yytchar=yysptr>yysbuf?U(*--yysptr):getc(yyin))==10?(yylineno++,yytchar):yytchar)==EOF?0:yytchar)
-#endif
-#define ECHO fprintf(yyout, "%s",yytext)
-# define REJECT { nstr = yyreject(); goto yyfussy;}
-int yyleng; extern char yytext[];
-int yymorfg;
-extern char *yysptr, yysbuf[];
-int yytchar;
-FILE *yyin = NULL, *yyout = NULL;
-extern int yylineno;
-struct yysvf {
- struct yywork *yystoff;
- struct yysvf *yyother;
- int *yystops;};
-struct yysvf *yyestate;
-extern struct yysvf yysvec[], *yybgin;
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include "y.tab.h"
-#include "libaccess/ava.h"
-/*#include "netsite.h" */
-
-int linenum = 1;
-int first_time = 1;
-int old_state;
-int num_nested_comments = 0;
-
-extern AVAEntry tempEntry;
-extern AVATable entryTable;
-
-void strip_quotes(void);
-
-# define COMMENT 2
-# define NORM 4
-# define DEFINES 6
-# define DEF_TYPE 8
-# define YYNEWLINE 10
-yylex(){
-int nstr; extern int yyprevious;
-
- if (yyin == NULL) yyin = stdin;
- if (yyout == NULL) yyout = stdout;
- if (first_time) {
- BEGIN NORM;
- first_time = tempEntry.numOrgs = 0;
- old_state = NORM;
- tempEntry.userid = 0;
- tempEntry.country = 0;
- tempEntry.CNEntry = 0;
- tempEntry.email = 0;
- tempEntry.locality = 0;
- tempEntry.state = 0;
- entryTable.numEntries = 0;
- }
-#ifdef __cplusplus
-/* to avoid CC and lint complaining yyfussy not being used ...*/
-static int __lex_hack = 0;
-if (__lex_hack) goto yyfussy;
-#endif
-while((nstr = yylook()) >= 0)
-yyfussy: switch(nstr){
-case 0:
-if(yywrap()) return(0); break;
-case 1:
-
-# line 58 "avascan.l"
- {BEGIN COMMENT; num_nested_comments++;}
-break;
-case 2:
-
-# line 59 "avascan.l"
- {num_nested_comments--;
- if (!num_nested_comments) BEGIN old_state;}
-break;
-case 3:
-
-# line 61 "avascan.l"
- {;}
-break;
-case 4:
-
-# line 63 "avascan.l"
- {yylval.string = system_strdup(yytext);
- return USER_ID;}
-break;
-case 5:
-
-# line 65 "avascan.l"
-{BEGIN DEF_TYPE;
- old_state = DEF_TYPE;}
-break;
-case 6:
-
-# line 68 "avascan.l"
- {BEGIN DEFINES; old_state = DEFINES;
- return DEF_C; }
-break;
-case 7:
-
-# line 70 "avascan.l"
- {BEGIN DEFINES; old_state = DEFINES;
- return DEF_CO;}
-break;
-case 8:
-
-# line 72 "avascan.l"
- {BEGIN DEFINES; old_state = DEFINES;
- return DEF_OU;}
-break;
-case 9:
-
-# line 74 "avascan.l"
- {BEGIN DEFINES; old_state = DEFINES;
- return DEF_CN;}
-break;
-case 10:
-
-# line 76 "avascan.l"
- {BEGIN DEFINES; old_state = DEFINES;
- return DEF_L;}
-break;
-case 11:
-
-# line 78 "avascan.l"
- {BEGIN DEFINES; old_state = DEFINES;
- return DEF_E;}
-break;
-case 12:
-
-# line 80 "avascan.l"
- {BEGIN DEFINES; old_state = DEFINES;
- return DEF_ST;}
-break;
-case 13:
-
-# line 82 "avascan.l"
- {BEGIN NORM;old_state = NORM;}
-break;
-case 14:
-
-# line 84 "avascan.l"
- {return EQ_SIGN;}
-break;
-case 15:
-
-# line 85 "avascan.l"
- {BEGIN DEF_TYPE; old_state = DEF_TYPE;
- strip_quotes();
- return DEF_ID;}
-break;
-case 16:
-
-# line 89 "avascan.l"
- {;}
-break;
-case 17:
-
-# line 90 "avascan.l"
- {linenum++;}
-break;
-case 18:
-
-# line 91 "avascan.l"
- {yyerror("Bad input character");}
-break;
-case -1:
-break;
-default:
-(void)fprintf(yyout,"bad switch yylook %d",nstr);
-} return(0); }
-/* end of yylex */
-
-int yywrap () {
- return 1;
-}
-
-void strip_quotes(void) {
- yytext[strlen(yytext)-1]= '\0';
- yylval.string = system_strdup(&yytext[1]);
-}
-int yyvstop[] = {
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-18,
-0,
-
-16,
-18,
-0,
-
-17,
-0,
-
-18,
-0,
-
-3,
-18,
-0,
-
-3,
-16,
-18,
-0,
-
-3,
-18,
-0,
-
-3,
-18,
-0,
-
-4,
-18,
-0,
-
-18,
-0,
-
-18,
-0,
-
-14,
-18,
-0,
-
-6,
-18,
-0,
-
-11,
-18,
-0,
-
-10,
-18,
-0,
-
-7,
-18,
-0,
-
-18,
-0,
-
-13,
-18,
-0,
-
-16,
-0,
-
-1,
-0,
-
-2,
-0,
-
-4,
-0,
-
-5,
-0,
-
-15,
-0,
-
-9,
-0,
-
-8,
-0,
-
-12,
-0,
-0};
-# define YYTYPE unsigned char
-struct yywork { YYTYPE verify, advance; } yycrank[] = {
-0,0, 0,0, 1,11, 0,0,
-0,0, 0,0, 0,0, 0,0,
-0,0, 0,0, 1,12, 1,13,
-0,0, 3,15, 12,29, 0,0,
-20,33, 0,0, 0,0, 0,0,
-0,0, 3,16, 3,13, 0,0,
-0,0, 0,0, 0,0, 0,0,
-0,0, 0,0, 0,0, 0,0,
-0,0, 9,11, 0,0, 1,11,
-0,0, 12,29, 7,21, 20,33,
-8,21, 9,12, 9,13, 14,30,
-0,0, 1,11, 3,15, 4,17,
-1,14, 1,11, 2,14, 7,14,
-4,18, 8,14, 3,17, 5,19,
-3,15, 17,31, 5,14, 3,18,
-3,15, 6,19, 10,14, 21,35,
-6,14, 7,22, 9,11, 8,22,
-0,0, 5,20, 0,0, 21,35,
-21,35, 0,0, 0,0, 6,20,
-9,11, 0,0, 0,0, 9,14,
-9,11, 23,37, 10,23, 0,0,
-10,24, 27,39, 26,38, 0,0,
-0,0, 0,0, 0,0, 10,25,
-0,0, 0,0, 10,26, 0,0,
-21,36, 0,0, 10,27, 9,23,
-0,0, 9,24, 0,0, 0,0,
-0,0, 0,0, 21,35, 0,0,
-9,25, 0,0, 21,35, 9,26,
-0,0, 0,0, 0,0, 9,27,
-0,0, 0,0, 0,0, 0,0,
-0,0, 0,0, 0,0, 0,0,
-0,0, 0,0, 0,0, 0,0,
-0,0, 0,0, 20,34, 0,0,
-0,0, 0,0, 0,0, 0,0,
-0,0, 19,32, 0,0, 0,0,
-10,28, 19,32, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-19,32, 19,32, 19,32, 0,0,
-0,0, 0,0, 0,0, 0,0,
-0,0, 9,28, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-0,0, 0,0, 0,0, 0,0,
-19,32, 0,0, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-19,32, 19,32, 19,32, 19,32,
-0,0};
-struct yysvf yysvec[] = {
-0, 0, 0,
-yycrank+-1, 0, yyvstop+1,
-yycrank+-3, yysvec+1, yyvstop+3,
-yycrank+-12, 0, yyvstop+5,
-yycrank+-5, yysvec+3, yyvstop+7,
-yycrank+-11, yysvec+1, yyvstop+9,
-yycrank+-17, yysvec+1, yyvstop+11,
-yycrank+-4, yysvec+1, yyvstop+13,
-yycrank+-6, yysvec+1, yyvstop+15,
-yycrank+-32, 0, yyvstop+17,
-yycrank+-15, yysvec+9, yyvstop+19,
-yycrank+0, 0, yyvstop+21,
-yycrank+5, 0, yyvstop+23,
-yycrank+0, 0, yyvstop+26,
-yycrank+1, 0, yyvstop+28,
-yycrank+0, 0, yyvstop+30,
-yycrank+0, yysvec+12, yyvstop+33,
-yycrank+10, 0, yyvstop+37,
-yycrank+0, yysvec+14, yyvstop+40,
-yycrank+93, 0, yyvstop+43,
-yycrank+7, 0, yyvstop+46,
-yycrank+-62, 0, yyvstop+48,
-yycrank+0, 0, yyvstop+50,
-yycrank+3, 0, yyvstop+53,
-yycrank+0, 0, yyvstop+56,
-yycrank+0, 0, yyvstop+59,
-yycrank+1, 0, yyvstop+62,
-yycrank+1, 0, yyvstop+65,
-yycrank+0, 0, yyvstop+67,
-yycrank+0, yysvec+12, yyvstop+70,
-yycrank+0, 0, yyvstop+72,
-yycrank+0, 0, yyvstop+74,
-yycrank+0, yysvec+19, yyvstop+76,
-yycrank+0, yysvec+20, 0,
-yycrank+0, 0, yyvstop+78,
-yycrank+0, yysvec+21, 0,
-yycrank+0, 0, yyvstop+80,
-yycrank+0, 0, yyvstop+82,
-yycrank+0, 0, yyvstop+84,
-yycrank+0, 0, yyvstop+86,
-0, 0, 0};
-struct yywork *yytop = yycrank+215;
-struct yysvf *yybgin = yysvec+1;
-char yymatch[] = {
- 0, 1, 1, 1, 1, 1, 1, 1,
- 1, 9, 10, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 9, 1, 34, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 44, 1, 1, 1,
- 48, 48, 48, 48, 48, 48, 48, 48,
- 48, 48, 1, 1, 1, 1, 1, 1,
- 1, 44, 44, 44, 44, 44, 44, 44,
- 44, 44, 44, 44, 44, 44, 44, 44,
- 44, 44, 44, 44, 44, 44, 44, 44,
- 44, 44, 44, 1, 1, 1, 1, 44,
- 1, 44, 44, 44, 44, 44, 44, 44,
- 44, 44, 44, 44, 44, 44, 44, 44,
- 44, 44, 44, 44, 44, 44, 44, 44,
- 44, 44, 44, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1,
-0};
-char yyextra[] = {
-0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,
-0};
-/* Copyright (c) 1989 AT&T */
-/* All Rights Reserved */
-
-/* THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T */
-/* The copyright notice above does not evidence any */
-/* actual or intended publication of such source code. */
-
-#pragma ident "@(#)ncform 6.7 93/06/07 SMI"
-
-int yylineno =1;
-# define YYU(x) x
-# define NLSTATE yyprevious=YYNEWLINE
-char yytext[YYLMAX];
-struct yysvf *yylstate [YYLMAX], **yylsp, **yyolsp;
-char yysbuf[YYLMAX];
-char *yysptr = yysbuf;
-int *yyfnd;
-extern struct yysvf *yyestate;
-int yyprevious = YYNEWLINE;
-#if defined(__cplusplus) || defined(__STDC__)
-int yylook(void)
-#else
-yylook()
-#endif
-{
- register struct yysvf *yystate, **lsp;
- register struct yywork *yyt;
- struct yysvf *yyz;
- int yych, yyfirst;
- struct yywork *yyr;
-# ifdef LEXDEBUG
- int debug;
-# endif
- char *yylastch;
- /* start off machines */
-# ifdef LEXDEBUG
- debug = 0;
-# endif
- yyfirst=1;
- if (!yymorfg)
- yylastch = yytext;
- else {
- yymorfg=0;
- yylastch = yytext+yyleng;
- }
- for(;;){
- lsp = yylstate;
- yyestate = yystate = yybgin;
- if (yyprevious==YYNEWLINE) yystate++;
- for (;;){
-# ifdef LEXDEBUG
- if(debug)fprintf(yyout,"state %d\n",yystate-yysvec-1);
-# endif
- yyt = yystate->yystoff;
- if(yyt == yycrank && !yyfirst){ /* may not be any transitions */
- yyz = yystate->yyother;
- if(yyz == 0)break;
- if(yyz->yystoff == yycrank)break;
- }
-#ifndef __cplusplus
- *yylastch++ = yych = input();
-#else
- *yylastch++ = yych = lex_input();
-#endif
- if(yylastch > &yytext[YYLMAX]) {
- fprintf(yyout,"Input string too long, limit %d\n",YYLMAX);
- exit(1);
- }
- yyfirst=0;
- tryagain:
-# ifdef LEXDEBUG
- if(debug){
- fprintf(yyout,"char ");
- allprint(yych);
- putchar('\n');
- }
-# endif
- yyr = yyt;
- if ( (int)yyt > (int)yycrank){
- yyt = yyr + yych;
- if (yyt <= yytop && yyt->verify+yysvec == yystate){
- if(yyt->advance+yysvec == YYLERR) /* error transitions */
- {unput(*--yylastch);break;}
- *lsp++ = yystate = yyt->advance+yysvec;
- if(lsp > &yylstate[YYLMAX]) {
- fprintf(yyout,"Input string too long, limit %d\n",YYLMAX);
- exit(1);
- }
- goto contin;
- }
- }
-# ifdef YYOPTIM
- else if((int)yyt < (int)yycrank) { /* r < yycrank */
- yyt = yyr = yycrank+(yycrank-yyt);
-# ifdef LEXDEBUG
- if(debug)fprintf(yyout,"compressed state\n");
-# endif
- yyt = yyt + yych;
- if(yyt <= yytop && yyt->verify+yysvec == yystate){
- if(yyt->advance+yysvec == YYLERR) /* error transitions */
- {unput(*--yylastch);break;}
- *lsp++ = yystate = yyt->advance+yysvec;
- if(lsp > &yylstate[YYLMAX]) {
- fprintf(yyout,"Input string too long, limit %d\n",YYLMAX);
- exit(1);
- }
- goto contin;
- }
- yyt = yyr + YYU(yymatch[yych]);
-# ifdef LEXDEBUG
- if(debug){
- fprintf(yyout,"try fall back character ");
- allprint(YYU(yymatch[yych]));
- putchar('\n');
- }
-# endif
- if(yyt <= yytop && yyt->verify+yysvec == yystate){
- if(yyt->advance+yysvec == YYLERR) /* error transition */
- {unput(*--yylastch);break;}
- *lsp++ = yystate = yyt->advance+yysvec;
- if(lsp > &yylstate[YYLMAX]) {
- fprintf(yyout,"Input string too long, limit %d\n",YYLMAX);
- exit(1);
- }
- goto contin;
- }
- }
- if ((yystate = yystate->yyother) && (yyt= yystate->yystoff) != yycrank){
-# ifdef LEXDEBUG
- if(debug)fprintf(yyout,"fall back to state %d\n",yystate-yysvec-1);
-# endif
- goto tryagain;
- }
-# endif
- else
- {unput(*--yylastch);break;}
- contin:
-# ifdef LEXDEBUG
- if(debug){
- fprintf(yyout,"state %d char ",yystate-yysvec-1);
- allprint(yych);
- putchar('\n');
- }
-# endif
- ;
- }
-# ifdef LEXDEBUG
- if(debug){
- fprintf(yyout,"stopped at %d with ",*(lsp-1)-yysvec-1);
- allprint(yych);
- putchar('\n');
- }
-# endif
- while (lsp-- > yylstate){
- *yylastch-- = 0;
- if (*lsp != 0 && (yyfnd= (*lsp)->yystops) && *yyfnd > 0){
- yyolsp = lsp;
- if(yyextra[*yyfnd]){ /* must backup */
- while(yyback((*lsp)->yystops,-*yyfnd) != 1 && lsp > yylstate){
- lsp--;
- unput(*yylastch--);
- }
- }
- yyprevious = YYU(*yylastch);
- yylsp = lsp;
- yyleng = yylastch-yytext+1;
- yytext[yyleng] = 0;
-# ifdef LEXDEBUG
- if(debug){
- fprintf(yyout,"\nmatch ");
- sprint(yytext);
- fprintf(yyout," action %d\n",*yyfnd);
- }
-# endif
- return(*yyfnd++);
- }
- unput(*yylastch);
- }
- if (yytext[0] == 0 /* && feof(yyin) */)
- {
- yysptr=yysbuf;
- return(0);
- }
-#ifndef __cplusplus
- yyprevious = yytext[0] = input();
- if (yyprevious>0)
- output(yyprevious);
-#else
- yyprevious = yytext[0] = lex_input();
- if (yyprevious>0)
- lex_output(yyprevious);
-#endif
- yylastch=yytext;
-# ifdef LEXDEBUG
- if(debug)putchar('\n');
-# endif
- }
- }
-#if defined(__cplusplus) || defined(__STDC__)
-int yyback(int *p, int m)
-#else
-yyback(p, m)
- int *p;
-#endif
-{
- if (p==0) return(0);
- while (*p) {
- if (*p++ == m)
- return(1);
- }
- return(0);
-}
- /* the following are only used in the lex library */
-#if defined(__cplusplus) || defined(__STDC__)
-int yyinput(void)
-#else
-yyinput()
-#endif
-{
-#ifndef __cplusplus
- return(input());
-#else
- return(lex_input());
-#endif
- }
-#if defined(__cplusplus) || defined(__STDC__)
-void yyoutput(int c)
-#else
-yyoutput(c)
- int c;
-#endif
-{
-#ifndef __cplusplus
- output(c);
-#else
- lex_output(c);
-#endif
- }
-#if defined(__cplusplus) || defined(__STDC__)
-void yyunput(int c)
-#else
-yyunput(c)
- int c;
-#endif
-{
- unput(c);
- }
diff --git a/lib/libaccess/winnt.v b/lib/libaccess/winnt.v
deleted file mode 100644
index 9fea3453..00000000
--- a/lib/libaccess/winnt.v
+++ /dev/null
@@ -1,156 +0,0 @@
-/* Copyright (c) 1988 AT&T */
-/* All Rights Reserved */
-
-/* THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T */
-/* The copyright notice above does not evidence any */
-/* actual or intended publication of such source code. */
-
-#ifndef _VALUES_H
-#define _VALUES_H
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * These values work with any binary representation of integers
- * where the high-order bit contains the sign.
- */
-
-/* a number used normally for size of a shift */
-#define BITSPERBYTE 8
-
-#define BITS(type) (BITSPERBYTE * (int)sizeof (type))
-
-/* short, regular and long ints with only the high-order bit turned on */
-#define HIBITS ((short)(1 << BITS(short) - 1))
-
-#if defined(__STDC__)
-
-#define HIBITI (1U << BITS(int) - 1)
-#define HIBITL (1UL << BITS(long) - 1)
-
-#else
-
-#define HIBITI ((unsigned)1 << BITS(int) - 1)
-#define HIBITL (1L << BITS(long) - 1)
-
-#endif
-
-/* largest short, regular and long int */
-#define MAXSHORT ((short)~HIBITS)
-#define MAXINT ((int)(~HIBITI))
-#define MAXLONG ((long)(~HIBITL))
-
-/*
- * various values that describe the binary floating-point representation
- * _EXPBASE - the exponent base
- * DMAXEXP - the maximum exponent of a double (as returned by frexp())
- * FMAXEXP - the maximum exponent of a float (as returned by frexp())
- * DMINEXP - the minimum exponent of a double (as returned by frexp())
- * FMINEXP - the minimum exponent of a float (as returned by frexp())
- * MAXDOUBLE - the largest double
- * ((_EXPBASE ** DMAXEXP) * (1 - (_EXPBASE ** -DSIGNIF)))
- * MAXFLOAT - the largest float
- * ((_EXPBASE ** FMAXEXP) * (1 - (_EXPBASE ** -FSIGNIF)))
- * MINDOUBLE - the smallest double (_EXPBASE ** (DMINEXP - 1))
- * MINFLOAT - the smallest float (_EXPBASE ** (FMINEXP - 1))
- * DSIGNIF - the number of significant bits in a double
- * FSIGNIF - the number of significant bits in a float
- * DMAXPOWTWO - the largest power of two exactly representable as a double
- * FMAXPOWTWO - the largest power of two exactly representable as a float
- * _IEEE - 1 if IEEE standard representation is used
- * _DEXPLEN - the number of bits for the exponent of a double
- * _FEXPLEN - the number of bits for the exponent of a float
- * _HIDDENBIT - 1 if high-significance bit of mantissa is implicit
- * LN_MAXDOUBLE - the natural log of the largest double -- log(MAXDOUBLE)
- * LN_MINDOUBLE - the natural log of the smallest double -- log(MINDOUBLE)
- * LN_MAXFLOAT - the natural log of the largest float -- log(MAXFLOAT)
- * LN_MINFLOAT - the natural log of the smallest float -- log(MINFLOAT)
- */
-
-#if defined(__STDC__)
-
-/*
- * Note that the following construct, "!#machine(name)", is a non-standard
- * extension to ANSI-C. It is maintained here to provide compatibility
- * for existing compilations systems, but should be viewed as transitional
- * and may be removed in a future release. If it is required that this
- * file not contain this extension, edit this file to remove the offending
- * condition.
- *
- * These machines are all IEEE-754:
- */
-#if #machine(i386) || defined(__i386) || #machine(sparc) || defined(__sparc)
-#define MAXDOUBLE 1.79769313486231570e+308
-#define MAXFLOAT ((float)3.40282346638528860e+38)
-#define MINDOUBLE 4.94065645841246544e-324
-#define MINFLOAT ((float)1.40129846432481707e-45)
-#define _IEEE 1
-#define _DEXPLEN 11
-#define _HIDDENBIT 1
-#define _LENBASE 1
-#define DMINEXP (-(DMAXEXP + DSIGNIF - _HIDDENBIT - 3))
-#define FMINEXP (-(FMAXEXP + FSIGNIF - _HIDDENBIT - 3))
-#else
-#error ISA not supported
-#endif
-
-#else
-
-/*
- * These machines are all IEEE-754:
- */
-#if defined(i386) || defined(__i386) || defined(sparc) || defined(__sparc)
-#define MAXDOUBLE 1.79769313486231570e+308
-#define MAXFLOAT ((float)3.40282346638528860e+38)
-#define MINDOUBLE 4.94065645841246544e-324
-#define MINFLOAT ((float)1.40129846432481707e-45)
-#define _IEEE 1
-#define _DEXPLEN 11
-#define _HIDDENBIT 1
-#define _LENBASE 1
-#define DMINEXP (-(DMAXEXP + DSIGNIF - _HIDDENBIT - 3))
-#define FMINEXP (-(FMAXEXP + FSIGNIF - _HIDDENBIT - 3))
-#else
-/* #error is strictly ansi-C, but works as well as anything for K&R systems. */
-/*#error ISA not supported */
-#endif
-
-#endif /* __STDC__ */
-
-#define _EXPBASE (1 << _LENBASE)
-#define _FEXPLEN 8
-#define DSIGNIF (BITS(double) - _DEXPLEN + _HIDDENBIT - 1)
-#define FSIGNIF (BITS(float) - _FEXPLEN + _HIDDENBIT - 1)
-#define DMAXPOWTWO ((double)(1L << BITS(long) - 2) * \
- (1L << DSIGNIF - BITS(long) + 1))
-#define FMAXPOWTWO ((float)(1L << FSIGNIF - 1))
-#define DMAXEXP ((1 << _DEXPLEN - 1) - 1 + _IEEE)
-#define FMAXEXP ((1 << _FEXPLEN - 1) - 1 + _IEEE)
-#define LN_MAXDOUBLE (M_LN2 * DMAXEXP)
-#define LN_MAXFLOAT (float)(M_LN2 * FMAXEXP)
-#define LN_MINDOUBLE (M_LN2 * (DMINEXP - 1))
-#define LN_MINFLOAT (float)(M_LN2 * (FMINEXP - 1))
-#define H_PREC (DSIGNIF % 2 ? (1L << DSIGNIF/2) * M_SQRT2 : 1L << DSIGNIF/2)
-#define FH_PREC \
- (float)(FSIGNIF % 2 ? (1L << FSIGNIF/2) * M_SQRT2 : 1L << FSIGNIF/2)
-#define X_EPS (1.0/H_PREC)
-#define FX_EPS (float)((float)1.0/FH_PREC)
-#define X_PLOSS ((double)(long)(M_PI * H_PREC))
-#define FX_PLOSS ((float)(long)(M_PI * FH_PREC))
-#define X_TLOSS (M_PI * DMAXPOWTWO)
-#define FX_TLOSS (float)(M_PI * FMAXPOWTWO)
-#define M_LN2 0.69314718055994530942
-#define M_PI 3.14159265358979323846
-#define M_SQRT2 1.41421356237309504880
-#define MAXBEXP DMAXEXP /* for backward compatibility */
-#define MINBEXP DMINEXP /* for backward compatibility */
-#define MAXPOWTWO DMAXPOWTWO /* for backward compatibility */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _VALUES_H */
diff --git a/lib/libaccess/winnt.y b/lib/libaccess/winnt.y
deleted file mode 100644
index f035570b..00000000
--- a/lib/libaccess/winnt.y
+++ /dev/null
@@ -1,793 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include "libaccess/ava.h"
-/*#include "libaccess/avapfile.h" */
-/* #include "netsite.h" */
-
-extern char *currFile;
-
-extern int linenum;
-extern char yytext[];
-
-static void AddDefType (int defType, char *defId);
-static void AddAVA (char* userID);
-
-void yyerror(const char* string);
-extern void logerror(const char* string,int num, char *file);
-
-AVAEntry tempEntry;
-AVATable entryTable;
-
-
-typedef union
-#ifdef __cplusplus
- YYSTYPE
-#endif
- {
- char *string;
- int num;
-} YYSTYPE;
-# define DEF_C 257
-# define DEF_CO 258
-# define DEF_OU 259
-# define DEF_CN 260
-# define EQ_SIGN 261
-# define DEF_START 262
-# define DEF_L 263
-# define DEF_E 264
-# define DEF_ST 265
-# define USER_ID 266
-# define DEF_ID 267
-
-#ifdef __STDC__
-#include <stdlib.h>
-#include <string.h>
-#else
-#include <malloc.h>
-#include <memory.h>
-#endif
-
-#include <values.h>
-
-#ifdef __cplusplus
-
-#ifndef yyerror
- void yyerror(const char *);
-#endif
-
-#ifndef yylex
-#ifdef __EXTERN_C__
- extern "C" { int yylex(void); }
-#else
- int yylex(void);
-#endif
-#endif
- int yyparse(void);
-
-#endif
-#define yyclearin yychar = -1
-#define yyerrok yyerrflag = 0
-extern int yychar;
-extern int yyerrflag;
-YYSTYPE yylval;
-YYSTYPE yyval;
-typedef int yytabelem;
-#ifndef YYMAXDEPTH
-#define YYMAXDEPTH 150
-#endif
-#if YYMAXDEPTH > 0
-int yy_yys[YYMAXDEPTH], *yys = yy_yys;
-YYSTYPE yy_yyv[YYMAXDEPTH], *yyv = yy_yyv;
-#else /* user does initial allocation */
-int *yys;
-YYSTYPE *yyv;
-#endif
-static int yymaxdepth = YYMAXDEPTH;
-# define YYERRCODE 256
-
-
-
-void yyerror(const char* string) {
- logerror(string,linenum,currFile);
-}
-
-
-void AddDefType (int defType, char *defId) {
- switch (defType) {
- case DEF_C:
- tempEntry.country = defId;
- break;
- case DEF_CO:
- tempEntry.company = defId;
- break;
- case DEF_OU:
- if (tempEntry.numOrgs % ORGS_ALLOCSIZE == 0) {
- if (tempEntry.numOrgs == 0) {
- tempEntry.organizations =
- system_malloc_perm (sizeof (char*) * ORGS_ALLOCSIZE);
- } else {
- char **temp;
- temp =
- system_malloc_perm(sizeof(char*) * (tempEntry.numOrgs + ORGS_ALLOCSIZE));
- memcpy (temp, tempEntry.organizations,
- sizeof(char*)*tempEntry.numOrgs);
- system_free_perm(tempEntry.organizations);
- tempEntry.organizations = temp;
- }
- }
- tempEntry.organizations[tempEntry.numOrgs++] = defId;
- break;
- case DEF_CN:
- tempEntry.CNEntry = defId;
- break;
- case DEF_E:
- tempEntry.email = defId;
- break;
- case DEF_L:
- tempEntry.locality = defId;
- break;
- case DEF_ST:
- tempEntry.state = defId;
- break;
- default:
- break;
- }
-}
-
-void AddAVA (char* userID) {
- AVAEntry *newAVA;
-
- newAVA = (AVAEntry*)system_malloc_perm(sizeof(AVAEntry));
- if (!newAVA) {
- yyerror ("Out of Memory in AddAVA");
- return;
- }
- *newAVA = tempEntry;
- newAVA->userid = userID;
-
- _addAVAtoTable (newAVA, &entryTable);
-
- tempEntry.CNEntry = tempEntry.userid = tempEntry.country = tempEntry.company = 0;
- tempEntry.email = tempEntry.locality = tempEntry.state = NULL;
- tempEntry.numOrgs = 0;
-}
-yytabelem yyexca[] ={
--1, 1,
- 0, -1,
- -2, 0,
- };
-# define YYNPROD 18
-# define YYLAST 19
-yytabelem yyact[]={
-
- 10, 11, 12, 13, 19, 4, 14, 15, 16, 18,
- 8, 3, 7, 6, 5, 2, 1, 9, 17 };
-yytabelem yypact[]={
-
- -261,-10000000, -261,-10000000, -257,-10000000,-10000000, -257,-10000000, -252,
--10000000,-10000000,-10000000,-10000000,-10000000,-10000000,-10000000,-10000000, -263,-10000000 };
-yytabelem yypgo[]={
-
- 0, 17, 16, 15, 11, 13, 12, 10 };
-yytabelem yyr1[]={
-
- 0, 2, 2, 3, 3, 4, 5, 5, 6, 6,
- 7, 1, 1, 1, 1, 1, 1, 1 };
-yytabelem yyr2[]={
-
- 0, 2, 0, 4, 2, 5, 2, 0, 4, 2,
- 7, 3, 3, 3, 3, 3, 3, 3 };
-yytabelem yychk[]={
-
--10000000, -2, -3, -4, 266, -4, -5, -6, -7, -1,
- 257, 258, 259, 260, 263, 264, 265, -7, 261, 267 };
-yytabelem yydef[]={
-
- 2, -2, 1, 4, 7, 3, 5, 6, 9, 0,
- 11, 12, 13, 14, 15, 16, 17, 8, 0, 10 };
-typedef struct
-#ifdef __cplusplus
- yytoktype
-#endif
-{ char *t_name; int t_val; } yytoktype;
-#ifndef YYDEBUG
-# define YYDEBUG 0 /* don't allow debugging */
-#endif
-
-#if YYDEBUG
-
-yytoktype yytoks[] =
-{
- "DEF_C", 257,
- "DEF_CO", 258,
- "DEF_OU", 259,
- "DEF_CN", 260,
- "EQ_SIGN", 261,
- "DEF_START", 262,
- "DEF_L", 263,
- "DEF_E", 264,
- "DEF_ST", 265,
- "USER_ID", 266,
- "DEF_ID", 267,
- "-unknown-", -1 /* ends search */
-};
-
-char * yyreds[] =
-{
- "-no such reduction-",
- "source : ava.database",
- "source : /* empty */",
- "ava.database : ava.database ava",
- "ava.database : ava",
- "ava : USER_ID definitions",
- "definitions : definition.list",
- "definitions : /* empty */",
- "definition.list : definition.list definition",
- "definition.list : definition",
- "definition : def.type EQ_SIGN DEF_ID",
- "def.type : DEF_C",
- "def.type : DEF_CO",
- "def.type : DEF_OU",
- "def.type : DEF_CN",
- "def.type : DEF_L",
- "def.type : DEF_E",
- "def.type : DEF_ST",
-};
-#endif /* YYDEBUG */
-
-
-/*
-** Skeleton parser driver for yacc output
-*/
-
-/*
-** yacc user known macros and defines
-*/
-#define YYERROR goto yyerrlab
-#define YYACCEPT return(0)
-#define YYABORT return(1)
-#define YYBACKUP( newtoken, newvalue )\
-{\
- if ( yychar >= 0 || ( yyr2[ yytmp ] >> 1 ) != 1 )\
- {\
- yyerror( "syntax error - cannot backup" );\
- goto yyerrlab;\
- }\
- yychar = newtoken;\
- yystate = *yyps;\
- yylval = newvalue;\
- goto yynewstate;\
-}
-#define YYRECOVERING() (!!yyerrflag)
-#define YYNEW(type) system_malloc(sizeof(type) * yynewmax)
-#define YYCOPY(to, from, type) \
- (type *) memcpy(to, (char *) from, yynewmax * sizeof(type))
-#define YYENLARGE( from, type) \
- (type *) system_realloc((char *) from, yynewmax * sizeof(type))
-#ifndef YYDEBUG
-# define YYDEBUG 1 /* make debugging available */
-#endif
-
-/*
-** user known globals
-*/
-int yydebug; /* set to 1 to get debugging */
-
-/*
-** driver internal defines
-*/
-#define YYFLAG (-10000000)
-
-/*
-** global variables used by the parser
-*/
-YYSTYPE *yypv; /* top of value stack */
-int *yyps; /* top of state stack */
-
-int yystate; /* current state */
-int yytmp; /* extra var (lasts between blocks) */
-
-int yynerrs; /* number of errors */
-int yyerrflag; /* error recovery flag */
-int yychar; /* current input token number */
-
-
-
-#ifdef YYNMBCHARS
-#define YYLEX() yycvtok(yylex())
-/*
-** yycvtok - return a token if i is a wchar_t value that exceeds 255.
-** If i<255, i itself is the token. If i>255 but the neither
-** of the 30th or 31st bit is on, i is already a token.
-*/
-#if defined(__STDC__) || defined(__cplusplus)
-int yycvtok(int i)
-#else
-int yycvtok(i) int i;
-#endif
-{
- int first = 0;
- int last = YYNMBCHARS - 1;
- int mid;
- wchar_t j;
-
- if(i&0x60000000){/*Must convert to a token. */
- if( yymbchars[last].character < i ){
- return i;/*Giving up*/
- }
- while ((last>=first)&&(first>=0)) {/*Binary search loop*/
- mid = (first+last)/2;
- j = yymbchars[mid].character;
- if( j==i ){/*Found*/
- return yymbchars[mid].tvalue;
- }else if( j<i ){
- first = mid + 1;
- }else{
- last = mid -1;
- }
- }
- /*No entry in the table.*/
- return i;/* Giving up.*/
- }else{/* i is already a token. */
- return i;
- }
-}
-#else/*!YYNMBCHARS*/
-#define YYLEX() yylex()
-#endif/*!YYNMBCHARS*/
-
-/*
-** yyparse - return 0 if worked, 1 if syntax error not recovered from
-*/
-#if defined(__STDC__) || defined(__cplusplus)
-int yyparse(void)
-#else
-int yyparse()
-#endif
-{
- register YYSTYPE *yypvt; /* top of value stack for $vars */
-
-#if defined(__cplusplus) || defined(lint)
-/*
- hacks to please C++ and lint - goto's inside switch should never be
- executed; yypvt is set to 0 to avoid "used before set" warning.
-*/
- static int __yaccpar_lint_hack__ = 0;
- switch (__yaccpar_lint_hack__)
- {
- case 1: goto yyerrlab;
- case 2: goto yynewstate;
- }
- yypvt = 0;
-#endif
-
- /*
- ** Initialize externals - yyparse may be called more than once
- */
- yypv = &yyv[-1];
- yyps = &yys[-1];
- yystate = 0;
- yytmp = 0;
- yynerrs = 0;
- yyerrflag = 0;
- yychar = -1;
-
-#if YYMAXDEPTH <= 0
- if (yymaxdepth <= 0)
- {
- if ((yymaxdepth = YYEXPAND(0)) <= 0)
- {
- yyerror("yacc initialization error");
- YYABORT;
- }
- }
-#endif
-
- {
- register YYSTYPE *yy_pv; /* top of value stack */
- register int *yy_ps; /* top of state stack */
- register int yy_state; /* current state */
- register int yy_n; /* internal state number info */
- goto yystack; /* moved from 6 lines above to here to please C++ */
-
- /*
- ** get globals into registers.
- ** branch to here only if YYBACKUP was called.
- */
- yynewstate:
- yy_pv = yypv;
- yy_ps = yyps;
- yy_state = yystate;
- goto yy_newstate;
-
- /*
- ** get globals into registers.
- ** either we just started, or we just finished a reduction
- */
- yystack:
- yy_pv = yypv;
- yy_ps = yyps;
- yy_state = yystate;
-
- /*
- ** top of for (;;) loop while no reductions done
- */
- yy_stack:
- /*
- ** put a state and value onto the stacks
- */
-#if YYDEBUG
- /*
- ** if debugging, look up token value in list of value vs.
- ** name pairs. 0 and negative (-1) are special values.
- ** Note: linear search is used since time is not a real
- ** consideration while debugging.
- */
- if ( yydebug )
- {
- register int yy_i;
-
- printf( "State %d, token ", yy_state );
- if ( yychar == 0 )
- printf( "end-of-file\n" );
- else if ( yychar < 0 )
- printf( "-none-\n" );
- else
- {
- for ( yy_i = 0; yytoks[yy_i].t_val >= 0;
- yy_i++ )
- {
- if ( yytoks[yy_i].t_val == yychar )
- break;
- }
- printf( "%s\n", yytoks[yy_i].t_name );
- }
- }
-#endif /* YYDEBUG */
- if ( ++yy_ps >= &yys[ yymaxdepth ] ) /* room on stack? */
- {
- /*
- ** reallocate and recover. Note that pointers
- ** have to be reset, or bad things will happen
- */
- int yyps_index = (yy_ps - yys);
- int yypv_index = (yy_pv - yyv);
- int yypvt_index = (yypvt - yyv);
- int yynewmax;
-#ifdef YYEXPAND
- yynewmax = YYEXPAND(yymaxdepth);
-#else
- yynewmax = 2 * yymaxdepth; /* double table size */
- if (yymaxdepth == YYMAXDEPTH) /* first time growth */
- {
- char *newyys = (char *)YYNEW(int);
- char *newyyv = (char *)YYNEW(YYSTYPE);
- if (newyys != 0 && newyyv != 0)
- {
- yys = YYCOPY(newyys, yys, int);
- yyv = YYCOPY(newyyv, yyv, YYSTYPE);
- }
- else
- yynewmax = 0; /* failed */
- }
- else /* not first time */
- {
- yys = YYENLARGE(yys, int);
- yyv = YYENLARGE(yyv, YYSTYPE);
- if (yys == 0 || yyv == 0)
- yynewmax = 0; /* failed */
- }
-#endif
- if (yynewmax <= yymaxdepth) /* tables not expanded */
- {
- yyerror( "yacc stack overflow" );
- YYABORT;
- }
- yymaxdepth = yynewmax;
-
- yy_ps = yys + yyps_index;
- yy_pv = yyv + yypv_index;
- yypvt = yyv + yypvt_index;
- }
- *yy_ps = yy_state;
- *++yy_pv = yyval;
-
- /*
- ** we have a new state - find out what to do
- */
- yy_newstate:
- if ( ( yy_n = yypact[ yy_state ] ) <= YYFLAG )
- goto yydefault; /* simple state */
-#if YYDEBUG
- /*
- ** if debugging, need to mark whether new token grabbed
- */
- yytmp = yychar < 0;
-#endif
- if ( ( yychar < 0 ) && ( ( yychar = YYLEX() ) < 0 ) )
- yychar = 0; /* reached EOF */
-#if YYDEBUG
- if ( yydebug && yytmp )
- {
- register int yy_i;
-
- printf( "Received token " );
- if ( yychar == 0 )
- printf( "end-of-file\n" );
- else if ( yychar < 0 )
- printf( "-none-\n" );
- else
- {
- for ( yy_i = 0; yytoks[yy_i].t_val >= 0;
- yy_i++ )
- {
- if ( yytoks[yy_i].t_val == yychar )
- break;
- }
- printf( "%s\n", yytoks[yy_i].t_name );
- }
- }
-#endif /* YYDEBUG */
- if ( ( ( yy_n += yychar ) < 0 ) || ( yy_n >= YYLAST ) )
- goto yydefault;
- if ( yychk[ yy_n = yyact[ yy_n ] ] == yychar ) /*valid shift*/
- {
- yychar = -1;
- yyval = yylval;
- yy_state = yy_n;
- if ( yyerrflag > 0 )
- yyerrflag--;
- goto yy_stack;
- }
-
- yydefault:
- if ( ( yy_n = yydef[ yy_state ] ) == -2 )
- {
-#if YYDEBUG
- yytmp = yychar < 0;
-#endif
- if ( ( yychar < 0 ) && ( ( yychar = YYLEX() ) < 0 ) )
- yychar = 0; /* reached EOF */
-#if YYDEBUG
- if ( yydebug && yytmp )
- {
- register int yy_i;
-
- printf( "Received token " );
- if ( yychar == 0 )
- printf( "end-of-file\n" );
- else if ( yychar < 0 )
- printf( "-none-\n" );
- else
- {
- for ( yy_i = 0;
- yytoks[yy_i].t_val >= 0;
- yy_i++ )
- {
- if ( yytoks[yy_i].t_val
- == yychar )
- {
- break;
- }
- }
- printf( "%s\n", yytoks[yy_i].t_name );
- }
- }
-#endif /* YYDEBUG */
- /*
- ** look through exception table
- */
- {
- register int *yyxi = yyexca;
-
- while ( ( *yyxi != -1 ) ||
- ( yyxi[1] != yy_state ) )
- {
- yyxi += 2;
- }
- while ( ( *(yyxi += 2) >= 0 ) &&
- ( *yyxi != yychar ) )
- ;
- if ( ( yy_n = yyxi[1] ) < 0 )
- YYACCEPT;
- }
- }
-
- /*
- ** check for syntax error
- */
- if ( yy_n == 0 ) /* have an error */
- {
- /* no worry about speed here! */
- switch ( yyerrflag )
- {
- case 0: /* new error */
- yyerror( "syntax error" );
- goto skip_init;
- yyerrlab:
- /*
- ** get globals into registers.
- ** we have a user generated syntax type error
- */
- yy_pv = yypv;
- yy_ps = yyps;
- yy_state = yystate;
- skip_init:
- yynerrs++;
- /* FALLTHRU */
- case 1:
- case 2: /* incompletely recovered error */
- /* try again... */
- yyerrflag = 3;
- /*
- ** find state where "error" is a legal
- ** shift action
- */
- while ( yy_ps >= yys )
- {
- yy_n = yypact[ *yy_ps ] + YYERRCODE;
- if ( yy_n >= 0 && yy_n < YYLAST &&
- yychk[yyact[yy_n]] == YYERRCODE) {
- /*
- ** simulate shift of "error"
- */
- yy_state = yyact[ yy_n ];
- goto yy_stack;
- }
- /*
- ** current state has no shift on
- ** "error", pop stack
- */
-#if YYDEBUG
-# define _POP_ "Error recovery pops state %d, uncovers state %d\n"
- if ( yydebug )
- printf( _POP_, *yy_ps,
- yy_ps[-1] );
-# undef _POP_
-#endif
- yy_ps--;
- yy_pv--;
- }
- /*
- ** there is no state on stack with "error" as
- ** a valid shift. give up.
- */
- YYABORT;
- case 3: /* no shift yet; eat a token */
-#if YYDEBUG
- /*
- ** if debugging, look up token in list of
- ** pairs. 0 and negative shouldn't occur,
- ** but since timing doesn't matter when
- ** debugging, it doesn't hurt to leave the
- ** tests here.
- */
- if ( yydebug )
- {
- register int yy_i;
-
- printf( "Error recovery discards " );
- if ( yychar == 0 )
- printf( "token end-of-file\n" );
- else if ( yychar < 0 )
- printf( "token -none-\n" );
- else
- {
- for ( yy_i = 0;
- yytoks[yy_i].t_val >= 0;
- yy_i++ )
- {
- if ( yytoks[yy_i].t_val
- == yychar )
- {
- break;
- }
- }
- printf( "token %s\n",
- yytoks[yy_i].t_name );
- }
- }
-#endif /* YYDEBUG */
- if ( yychar == 0 ) /* reached EOF. quit */
- YYABORT;
- yychar = -1;
- goto yy_newstate;
- }
- }/* end if ( yy_n == 0 ) */
- /*
- ** reduction by production yy_n
- ** put stack tops, etc. so things right after switch
- */
-#if YYDEBUG
- /*
- ** if debugging, print the string that is the user's
- ** specification of the reduction which is just about
- ** to be done.
- */
- if ( yydebug )
- printf( "Reduce by (%d) \"%s\"\n",
- yy_n, yyreds[ yy_n ] );
-#endif
- yytmp = yy_n; /* value to switch over */
- yypvt = yy_pv; /* $vars top of value stack */
- /*
- ** Look in goto table for next state
- ** Sorry about using yy_state here as temporary
- ** register variable, but why not, if it works...
- ** If yyr2[ yy_n ] doesn't have the low order bit
- ** set, then there is no action to be done for
- ** this reduction. So, no saving & unsaving of
- ** registers done. The only difference between the
- ** code just after the if and the body of the if is
- ** the goto yy_stack in the body. This way the test
- ** can be made before the choice of what to do is needed.
- */
- {
- /* length of production doubled with extra bit */
- register int yy_len = yyr2[ yy_n ];
-
- if ( !( yy_len & 01 ) )
- {
- yy_len >>= 1;
- yyval = ( yy_pv -= yy_len )[1]; /* $$ = $1 */
- yy_state = yypgo[ yy_n = yyr1[ yy_n ] ] +
- *( yy_ps -= yy_len ) + 1;
- if ( yy_state >= YYLAST ||
- yychk[ yy_state =
- yyact[ yy_state ] ] != -yy_n )
- {
- yy_state = yyact[ yypgo[ yy_n ] ];
- }
- goto yy_stack;
- }
- yy_len >>= 1;
- yyval = ( yy_pv -= yy_len )[1]; /* $$ = $1 */
- yy_state = yypgo[ yy_n = yyr1[ yy_n ] ] +
- *( yy_ps -= yy_len ) + 1;
- if ( yy_state >= YYLAST ||
- yychk[ yy_state = yyact[ yy_state ] ] != -yy_n )
- {
- yy_state = yyact[ yypgo[ yy_n ] ];
- }
- }
- /* save until reenter driver code */
- yystate = yy_state;
- yyps = yy_ps;
- yypv = yy_pv;
- }
- /*
- ** code supplied by user is placed in this switch
- */
- switch( yytmp )
- {
-
-case 5:
-{AddAVA(yypvt[-1].string);} break;
-case 10:
-{AddDefType(yypvt[-2].num, yypvt[-0].string);} break;
-case 11:
-{yyval.num = DEF_C; } break;
-case 12:
-{yyval.num = DEF_CO;} break;
-case 13:
-{yyval.num = DEF_OU;} break;
-case 14:
-{yyval.num = DEF_CN;} break;
-case 15:
-{yyval.num = DEF_L; } break;
-case 16:
-{yyval.num = DEF_E; } break;
-case 17:
-{yyval.num = DEF_ST;} break;
- }
- goto yystack; /* reset registers in driver code */
-}
-
diff --git a/lib/libaccess/wintab.h b/lib/libaccess/wintab.h
deleted file mode 100644
index 49ba3ef9..00000000
--- a/lib/libaccess/wintab.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-typedef union
-#ifdef __cplusplus
- YYSTYPE
-#endif
- {
- char *string;
- int num;
-} YYSTYPE;
-extern YYSTYPE yylval;
-# define DEF_C 257
-# define DEF_CO 258
-# define DEF_OU 259
-# define DEF_CN 260
-# define EQ_SIGN 261
-# define DEF_START 262
-# define DEF_L 263
-# define DEF_E 264
-# define DEF_ST 265
-# define USER_ID 266
-# define DEF_ID 267
generated by cgit (git 2.34.1) at 2024-09-26 21:00:44 +0000