diff options
61 files changed, 0 insertions, 15351 deletions
diff --git a/include/Makefile b/include/Makefile deleted file mode 100644 index d595a656..00000000 --- a/include/Makefile +++ /dev/null @@ -1,85 +0,0 @@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2005 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK -# -# Makefile for netsite.h - -BUILD_ROOT = .. -MODULE=netsiteInclude - -include $(BUILD_ROOT)/nsdefs.mk - -HDRDEST=$(OBJDIR)/include - -NSPRDEST=$(HDRDEST) -NSPRHDRS= \ - prio.h \ - prlong.h \ - prtypes.h \ - prtime.h \ - prthread.h \ - prinrval.h \ - md/prcpucfg.h \ - obsolete/protypes.h - -NSPRBINS=$(addprefix $(NSPRDEST)/, $(NSPRHDRS)) - -PREFIX=copyrght.h - - -NOSTDSTRIP=true -NOSTDDEPEND=true - -HDRS=netsite.h version.h - -BINS=$(addprefix $(HDRDEST)/,$(HDRS)) - -all: stuff nspr - -strip: -depend: - -include $(BUILD_ROOT)/nsconfig.mk - -ifeq ($(NSAPI_CAPABLE), true) - -stuff: $(HDRDEST) $(BINS) sub-hdrs - -$(HDRDEST): - mkdir -p $(HDRDEST) - -ifeq ($(PRODUCT), "Netscape Proxy Server") -sub-hdrs: - cd base; gmake - cd frame; gmake - cd libproxy; gmake -else -sub-hdrs: - cd base; gmake - cd frame; gmake -endif - -$(HDRDEST)/%.h: %.h - cat $(PREFIX) $< > $(HDRDEST)/$*.h - -else -stuff: - -endif - -$(NSPRDEST): - mkdir -p $(NSPRDEST) - -$(NSPRDEST)/md: $(NSPRDEST) - mkdir -p $(NSPRDEST)/md - -$(NSPRDEST)/obsolete: $(NSPRDEST) - mkdir -p $(NSPRDEST)/obsolete - -$(NSPRDEST)/%.h: - cp $(NSCP_DISTDIR)/include/nspr20/pr/$*.h $(NSPRDEST)/$*.h - -nspr: $(NSPRDEST)/md $(NSPRDEST)/obsolete $(NSPRBINS) diff --git a/include/base/Makefile b/include/base/Makefile deleted file mode 100644 index 67cbec88..00000000 --- a/include/base/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2005 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK -# -# Makefile for netsite.h - -BUILD_ROOT = ../.. -MODULE=netsiteIncludeBase - -include $(BUILD_ROOT)/nsdefs.mk - -HDRDEST=$(OBJDIR)/include/base - -PREFIX=../copyrght.h - - -NOSTDSTRIP=true -NOSTDDEPEND=true - -#HDRS=$(wildcard *.h) -HDRS=daemon.h cinfo.h crit.h ereport.h buffer.h net.h pblock.h sem.h session.h shexp.h shmem.h systhr.h util.h file.h pool.h regexp.h systems.h - - -BINS=$(addprefix $(HDRDEST)/,$(HDRS)) - -all: $(HDRDEST) $(BINS) - -$(HDRDEST): - mkdir -p $(HDRDEST) - -strip: -depend: - -include $(BUILD_ROOT)/nsconfig.mk - -$(HDRDEST)/%.h: %.h - cat $(PREFIX) $< > $(HDRDEST)/$*.h diff --git a/include/copyrght.h b/include/copyrght.h deleted file mode 100644 index ffee130a..00000000 --- a/include/copyrght.h +++ /dev/null @@ -1,6 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - diff --git a/include/libaccess/acladmin.h b/include/libaccess/acladmin.h deleted file mode 100644 index 7b17a028..00000000 --- a/include/libaccess/acladmin.h +++ /dev/null @@ -1,79 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __acladmin_h -#define __acladmin_h - - -/* - * Description (acladmin.h) - * - * This file describes the interface to access control list (ACL) - * administration functions. This interface provides mechanisms - * for inspecting, modifying, and writing out in text form ACL - * structures. - */ - -#include "aclstruct.h" - -NSPR_BEGIN_EXTERN_C - -/* Flags used for various functions */ -#define ACLF_NPREFIX 0x1 /* ACL name string is a name prefix */ -#define ACLF_REXACT 0x2 /* rights must match exactly */ -#define ACLF_RALL 0x4 /* must have all specified rights */ - -/* Functions in acladmin.c */ -extern NSAPI_PUBLIC int aclDNSAddHost(char * newhost, - char ***alist, int * asize); -extern NSAPI_PUBLIC int aclDNSAddAliases(char * host, - char ***alist, int * asize); -extern NSAPI_PUBLIC int aclDNSPutHost(char * hname, int fqdn, int aliases, - char ***alist, int * asize); -extern NSAPI_PUBLIC int aclFindByName(ACContext_t * acc, char * aclname, - char **rights, int flags, ACL_t **pacl); -extern NSAPI_PUBLIC char * aclGetAuthMethod(ACL_t * acl, int dirno); -extern NSAPI_PUBLIC char * aclGetDatabase(ACL_t * acl, int dirno); -extern NSAPI_PUBLIC char **aclGetHosts(ACL_t * acl, int dirno, int clsno); -extern NSAPI_PUBLIC char * aclGetPrompt(ACL_t * acl, int dirno); -extern NSAPI_PUBLIC char **aclGetRights(ACL_t * acl); -extern NSAPI_PUBLIC unsigned long aclGetRightsMask(ACContext_t * acc, char **rlist); -extern NSAPI_PUBLIC char * aclGetSignature(ACL_t * acl); -extern NSAPI_PUBLIC char **aclGetUsers(ACL_t * acl, int dirno, int clsno); -extern NSAPI_PUBLIC int aclDNSFilterStrings(char **list, DNSFilter_t * dnf); -extern NSAPI_PUBLIC int aclIPFilterStrings(char **list, IPFilter_t * ipf); -extern NSAPI_PUBLIC int aclIdsToNames(char **list, - USIList_t * uilptr, int uflag, Realm_t * rlm); -extern NSAPI_PUBLIC int aclMakeNew(ACContext_t * acc, char * aclsig, char * aclname, - char **rights, int flags, ACL_t **pacl); -extern NSAPI_PUBLIC int aclPutAllowDeny(NSErr_t * errp, ACL_t * acl, - int always, int allow, char **users, char **hosts); -extern NSAPI_PUBLIC int aclPutAuth(NSErr_t * errp, ACL_t * acl, - int always, int amethod, char * dbname, char * prompt); -extern NSAPI_PUBLIC char * aclSafeIdent(char * str); -extern NSAPI_PUBLIC int aclSetRights(ACL_t * acl, char **rights, int replace); -extern NSAPI_PUBLIC int accWriteFile(ACContext_t * acc, char * filename, int flags); -extern NSAPI_PUBLIC int aclStringGet(LEXStream_t * lst); -extern NSAPI_PUBLIC int aclStringOpen(NSErr_t * errp, - int slen, char * sptr, int flags, ACLFile_t **pacf); -extern NSAPI_PUBLIC int aclCheckUsers(NSErr_t * errp, char * dbpath, char * usernames, - char * groupnames, char ***uglist, char ***badulist, - char ***badglist); -extern NSAPI_PUBLIC int aclCheckHosts(NSErr_t * errp, - int hexpand, char * dnsspecs, char * ipspecs, - char ***hlist, char ***baddns, char ***badip); - -#ifdef NOTDEF -extern int aclSetAuthMethod(ACL_t * acl, int dirno, char * amethod); -extern int aclSetDatabase(ACL_t * acl, int dirno, char * dbname); -extern int aclSetExecOptions(ACL_t * acl, char **options); -extern int aclSetHosts(ACL_t * acl, int dirno, char **hostlist); -extern int aclSetPrompt(ACL_t * acl, int dirno, char * prompt); -extern int aclSetUsers(ACL_t * acl, int dirno, char **userlist); -#endif /* NOTDEF */ - -NSPR_END_EXTERN_C - -#endif /* __acladmin_h */ diff --git a/include/libaccess/aclbuild.h b/include/libaccess/aclbuild.h deleted file mode 100644 index 186ebae5..00000000 --- a/include/libaccess/aclbuild.h +++ /dev/null @@ -1,56 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __aclbuild_h -#define __aclbuild_h - -/* - * Description (aclbuild.h) - * - * This file describes the interface to a module which provides - * functions for building Access Control List (ACL) structures - * in memory. - */ - -#include "usi.h" -#include "nserror.h" -#include "aclstruct.h" - -/* Define flags for aclAuthNameAdd() return value */ -#define ANA_GROUP 0x1 /* name matches group name */ -#define ANA_USER 0x2 /* name matches user name */ -#define ANA_DUP 0x4 /* name already in AuthNode_t */ - -NSPR_BEGIN_EXTERN_C - -/* Functions in aclbuild.c */ -extern int accCreate(NSErr_t * errp, void * stp, ACContext_t **pacc); -extern void accDestroy(ACContext_t * acc, int flags); -extern int accDestroySym(Symbol_t * sym, void * argp); -extern int accReadFile(NSErr_t * errp, char * aclfile, ACContext_t **pacc); -extern int aclAuthDNSAdd(HostSpec_t **hspp, char * dnsspec, int fqdn); -extern int aclAuthIPAdd(HostSpec_t **hspp, IPAddr_t ipaddr, IPAddr_t netmask); -extern int aclAuthNameAdd(NSErr_t * errp, UserSpec_t * usp, - Realm_t * rlm, char * name); -extern ACClients_t * aclClientsDirCreate(); -extern int aclCreate(NSErr_t * errp, - ACContext_t * acc, char * aclname, ACL_t **pacl); -extern void aclDestroy(ACL_t * acl); -extern void aclDelete(ACL_t * acl); -extern int aclDirectiveAdd(ACL_t * acl, ACDirective_t * acd); -extern ACDirective_t * aclDirectiveCreate(); -extern void aclDirectiveDestroy(ACDirective_t * acd); -extern int aclDNSSpecDestroy(Symbol_t * sym, void * parg); -extern void aclHostSpecDestroy(HostSpec_t * hsp); -extern void aclRealmSpecDestroy(RealmSpec_t * rsp); -extern int aclRightDef(NSErr_t * errp, - ACContext_t * acc, char * rname, RightDef_t **prd); -extern void aclRightSpecDestroy(RightSpec_t * rsp); -extern UserSpec_t * aclUserSpecCreate(); -extern void aclUserSpecDestroy(UserSpec_t * usp); - -NSPR_END_EXTERN_C - -#endif /* __aclbuild_h */ diff --git a/include/libaccess/aclparse.h b/include/libaccess/aclparse.h deleted file mode 100644 index 0015e2a7..00000000 --- a/include/libaccess/aclparse.h +++ /dev/null @@ -1,112 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __aclparse_h -#define __aclparse_h - -/* - * Description (aclparse.h) - * - * This file describes the interface to a parser for files - * containing Access Control List (ACL) definitions. The parser - * uses the services of the aclbuild module to construct an - * in-memory representation of the ACLs it parses. - */ - -#include "nserror.h" -#include "aclbuild.h" - -/* Define keywords */ -#define KEYWORD_ACL "acl" -#define KEYWORD_ALL "all" -#define KEYWORD_ALLOW "allow" -#define KEYWORD_ANY "anyone" -#define KEYWORD_AT "at" -#define KEYWORD_AUTH "authenticate" -#define KEYWORD_BASIC "basic" -#define KEYWORD_DATABASE "database" -#define KEYWORD_DEFAULT "default" -#define KEYWORD_DENY "deny" -#define KEYWORD_EXECUTE "execute" -#define KEYWORD_HOSTS "hosts" -#define KEYWORD_IF "if" -#define KEYWORD_IN "in" -#define KEYWORD_INCLUDE "include" -#define KEYWORD_METHOD "method" -#define KEYWORD_PROMPT "prompt" -#define KEYWORD_REALM "realm" -#define KEYWORD_RIGHTS "rights" -#define KEYWORD_SSL "ssl" - -/* Define character classes */ -#define CCM_WS 0x1 /* whitespace */ -#define CCM_NL 0x2 /* newline */ -#define CCM_SPECIAL 0x4 /* special characters */ -#define CCM_DIGIT 0x8 /* digits */ -#define CCM_LETTER 0x10 /* letters */ -#define CCM_HYPHEN 0x20 /* hyphen */ -#define CCM_USCORE 0x40 /* underscore */ -#define CCM_FILESPEC 0x80 /* filename special characters */ - -#define CCM_HYPUND (CCM_HYPHEN|CCM_USCORE) -#define CCM_IDENT (CCM_LETTER|CCM_DIGIT|CCM_HYPUND) -#define CCM_FILENAME (CCM_LETTER|CCM_DIGIT|CCM_FILESPEC) - -/* Define token numbers */ -#define TOKEN_ERROR -1 /* error in reading data stream */ -#define TOKEN_EOF 0 /* end-of-file */ -#define TOKEN_EOS 1 /* end-of-statement */ -#define TOKEN_IDENT 2 /* identifier */ -#define TOKEN_NUMBER 3 /* number */ -#define TOKEN_COMMA 4 /* comma */ -#define TOKEN_SEMI 5 /* semicolon */ -#define TOKEN_PERIOD 6 /* period */ -#define TOKEN_LPAREN 7 /* left parenthesis */ -#define TOKEN_RPAREN 8 /* right parenthesis */ -#define TOKEN_LBRACE 9 /* left brace */ -#define TOKEN_RBRACE 10 /* right brace */ -#define TOKEN_AT 11 /* at sign */ -#define TOKEN_PLUS 12 /* plus sign */ -#define TOKEN_STAR 13 /* asterisk */ -#define TOKEN_STRING 14 /* quoted string */ -#define TOKEN_HUH 15 /* unrecognized input */ - -/* Define flags bits for aclGetToken() */ -#define AGT_NOSKIP 0x1 /* don't skip leading whitespace */ -#define AGT_APPEND 0x2 /* append next to token buffer */ - -NSPR_BEGIN_EXTERN_C - -extern void * aclChTab; /* character table for ACL parsing */ - -/* Functions in aclparse.c */ -extern int aclAuthListParse(NSErr_t * errp, ACLFile_t * acf, - ACContext_t * acc, Realm_t * rlm, - ACClients_t **clsp); -extern int aclAuthHostsParse(NSErr_t * errp, ACLFile_t * acf, - ACContext_t * acc, HostSpec_t **hspp); -extern int aclAuthUsersParse(NSErr_t * errp, ACLFile_t * acf, - Realm_t * rlm, UserSpec_t **uspp, char ***elist); -extern int aclDirectivesParse(NSErr_t * errp, ACLFile_t * acf, ACL_t * acl); -extern int aclACLParse(NSErr_t * errp, - ACLFile_t * acf, ACContext_t * acc, int flags); -extern void aclFileClose(ACLFile_t * acf, int flags); -extern int aclFileOpen(NSErr_t * errp, - char * filename, int flags, ACLFile_t **pacf); -extern int aclGetDNSString(NSErr_t * errp, ACLFile_t * acf); -extern int aclGetFileSpec(NSErr_t * errp, ACLFile_t * acf, int flags); -extern int aclGetIPAddr(NSErr_t * errp, - ACLFile_t * acf, IPAddr_t * pip, IPAddr_t * pmask); -extern int aclGetToken(NSErr_t * errp, ACLFile_t * acf, int flags); -extern int aclParseInit(); -extern int aclRealmSpecParse(NSErr_t * errp, ACLFile_t * acf, - ACContext_t * acc, RealmSpec_t **rspp); -extern int aclRightsParse(NSErr_t * errp, ACLFile_t * acf, ACContext_t * acc, - RightSpec_t **rights); -extern int aclStreamGet(LEXStream_t * lst); - -NSPR_END_EXTERN_C - -#endif /* __aclparse_h */ diff --git a/include/libaccess/ava.h b/include/libaccess/ava.h deleted file mode 100644 index 2ea662f4..00000000 --- a/include/libaccess/ava.h +++ /dev/null @@ -1,40 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef _ava_h -#define _ava_h - -#define ENTRIES_ALLOCSIZE 100 -#define ORGS_ALLOCSIZE 15 - - -#ifdef XP_WIN32 -#define NSAPI_PUBLIC __declspec(dllexport) -#else /* !XP_WIN32 */ -#define NSAPI_PUBLIC -#endif - - -typedef struct { - char *email; - char *locality; - char *userid; - char *state; - char *country; - char *company; - int numOrgs; - char **organizations; - char *CNEntry; -} AVAEntry; - -typedef struct { - char *userdb; - int numEntries; - AVAEntry **enteredTable; -} AVATable; - - -#endif - diff --git a/include/libaccess/avadb.h b/include/libaccess/avadb.h deleted file mode 100644 index fe89874a..00000000 --- a/include/libaccess/avadb.h +++ /dev/null @@ -1,15 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef _avadb_h_ -#define _avadb_h_ - -#define USE_NSAPI - -USE_NSAPI int AddEntry (char *key, char *value); -USE_NSAPI int DeleteEntry (char *key); -USE_NSAPI char *GetValue (char *key); - -#endif /*_avadb_h_*/ diff --git a/include/libaccess/avapfile.h b/include/libaccess/avapfile.h deleted file mode 100644 index fabfe75f..00000000 --- a/include/libaccess/avapfile.h +++ /dev/null @@ -1,59 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef _avaparsedfiles_h_ -#define _avaparsedfiles_h_ - -#include "libaccess/ava.h" -#include "frame/req.h" -#include "base/session.h" - -#define AUTH_DB_FILE "AvaCertmap" -#define AVADB_TAG "avadb" -#define AVA_DB_SEL "ava_db_sel" /*Variable name used in - *outputAVAdbs - */ - - -extern void outputAVAdbs (char *chosen); /*Outputs the selector of auth databases - *and makes it so that the form submits - *when onChange event occurs. - */ - - -/*For the following 3 functions, enter the full path of - *ava database file includint tag and filename - */ -/*Before calling _getTable, initializa yy_sn and yy_rq. Set to NULL if no - *Session* or Request* variables exist and an error will be reported with - *function report_error(libamin.h). Otherwise error will be logged into - *the server's error log - */ -extern AVATable *_getTable (char *avadbfile); -extern AVATable *_wasParsed (char *avadbfile);/*Assumes a call to yyparse was just - *completed - */ -extern int _hasBeenParsed (char *avadbfile);/*Check if _getTable returns NULL or not*/ - -extern AVAEntry* _getAVAEntry (char *groupid, AVATable *table); -extern AVAEntry* _deleteAVAEntry (char *groupid, AVATable *table); -extern void _addAVAtoTable (AVAEntry *entry, AVATable *table); -extern void AVAEntry_Free (AVAEntry *entry); - -/*Functions for writing out files*/ -extern void PrintHeader (FILE *outfile); -extern void writeOutFile (char *avadbfilename, AVATable *table); - - -extern int yyparse(); -extern FILE *yyin; - -extern char *currFile; - -extern Session *yy_sn; -extern Request *yy_rq; - - -#endif /*_avaparsedfiles_h_*/ diff --git a/include/libaccess/nsadb.h b/include/libaccess/nsadb.h deleted file mode 100644 index 59aec77a..00000000 --- a/include/libaccess/nsadb.h +++ /dev/null @@ -1,87 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __nsadb_h -#define __nsadb_h - -/* - * Description (nsadb.h) - * - * This file describes the interface for retrieving information - * from a Netscape authentication database. This facility is - * built on top of the Netscape (server) database interface as - * defined in nsdb.h. It represents a subclass of a more general - * authentication database interface defined in nsauth.h. - */ - -#include "nserror.h" /* error frame list support */ -#include "nsautherr.h" /* authentication error codes */ -#include "nsauth.h" - -/* Begin private definitions */ -#ifdef __PRIVATE_NSADB - -#include "nsdb.h" - -#if defined(CLIENT_AUTH) -#define ADBDBNAMES 3 /* number of named files */ -#else -#define ADBDBNAMES 2 /* number of named files */ -#endif -#define ADBUSERDBNAME "Users" /* name of user database */ -#define ADBGROUPDBNAME "Groups" /* name of group database */ -#if defined(CLIENT_AUTH) -#define ADBCERTDBNAME "Certs" /* name of certificate mapping DB */ -#define ADBUMAPDBNAME "Certs.nm" /* name of mapped user names DB */ -#endif - -typedef struct AuthDB_s AuthDB_t; -struct AuthDB_s { - char * adb_dbname; /* database name */ - void * adb_userdb; /* handle for user database */ - void * adb_groupdb; /* handle for group database */ -#if defined(CLIENT_AUTH) - void * adb_certdb; /* handle for cert mapping database */ - void * adb_certlock; /* lock for cert mapping database */ - void * adb_certnm; /* handle for username-to-certid DB */ -#endif - int adb_flags; /* flags */ -}; - -/* Definitions for adb_flags (also used on nsadbOpenXxxx() calls) */ -#define ADBF_NEW 0x1 /* newly created database */ -#define ADBF_UREAD 0x10 /* user database open for read */ -#define ADBF_UWRITE 0x20 /* user database open for write */ -#define ADBF_GREAD 0x100 /* group database open for read */ -#define ADBF_GWRITE 0x200 /* group database open for write */ -#define ADBF_CREAD 0x1000 /* cert database open for read */ -#define ADBF_CWRITE 0x2000 /* cert database open for write */ -#endif /* __PRIVATE_NSADB */ - -NSPR_BEGIN_EXTERN_C - -/* Functions in nsadb.c */ -extern NSAPI_PUBLIC int nsadbOpen(NSErr_t * errp, - char * adbname, int flags, void **rptr); -extern NSAPI_PUBLIC void nsadbClose(void * authdb, int flags); -extern NSAPI_PUBLIC int nsadbOpenUsers(NSErr_t * errp, - void * authdb, int flags); -extern NSAPI_PUBLIC int nsadbOpenGroups(NSErr_t * errp, - void * authdb, int flags); -extern NSAPI_PUBLIC int nsadbIdToName(NSErr_t * errp, void * authdb, - USI_t id, int flags, char **rptr); -extern NSAPI_PUBLIC int nsadbFindByName(NSErr_t * errp, void * authdb, - char * name, int flags, void **rptr); - -#if defined(CLIENT_AUTH) -#include "nscert.h" -#endif - -/* Authentication database interface structure in nsadb.c */ -extern AuthIF_t NSADB_AuthIF; - -NSPR_END_EXTERN_C - -#endif /* __nsadb_h */ diff --git a/include/libaccess/nsamgmt.h b/include/libaccess/nsamgmt.h deleted file mode 100644 index ccfd5ab5..00000000 --- a/include/libaccess/nsamgmt.h +++ /dev/null @@ -1,122 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __nsamgmt_h -#define __nsamgmt_h - -/* - * Description (nsamgmt.h) - * - * This file defines the interface for managing information in a - * Netscape authentication database. An authentication database - * consists of a user database and a group database. This - * implementation of an authentication database based on Netscape - * user and group databases defined in nsuser.h and nsgroup.h, - * which in turn are based on the Netscape (server) database - * implementation defined in nsdb.h. The interface for retrieving - * information from an authentication database is described - * separately in nsadb.h. - */ - -#include "nsadb.h" - -/* Flags used in enumeration call-back function return value */ -#define ADBF_KEEPOBJ 0x1 /* do not free user or group object */ -#define ADBF_STOPENUM 0x2 /* stop the enumeration */ - -NSPR_BEGIN_EXTERN_C - -/* Functions in nsamgmt.c */ -NSAPI_PUBLIC extern int nsadbAddGroupToGroup(NSErr_t * errp, void * authdb, - GroupObj_t * pgoptr, - GroupObj_t * cgoptr); - -NSAPI_PUBLIC extern int nsadbAddUserToGroup(NSErr_t * errp, void * authdb, - GroupObj_t * goptr, - UserObj_t * uoptr); - -NSAPI_PUBLIC extern int nsadbCreateGroup(NSErr_t * errp, - void * authdb, GroupObj_t * goptr); - -NSAPI_PUBLIC extern int nsadbCreateUser(NSErr_t * errp, - void * authdb, UserObj_t * uoptr); - -/* -for ANSI C++ standard on SCO UDK must typedef fn in arg list, otherwise fn -name is managled -*/ - -#ifdef UnixWare -typedef int(*ArgFn_EnumUsers)(NSErr_t * ferrp, void * authdb, void * parg, - UserObj_t * uoptr); - -NSAPI_PUBLIC extern int nsadbEnumerateUsers(NSErr_t * errp, void * authdb, - void * argp, ArgFn_EnumUsers); -#else /* UnixWare */ -NSAPI_PUBLIC extern int nsadbEnumerateUsers(NSErr_t * errp, void * authdb, - void * argp, - int (*func)(NSErr_t * ferrp, - void * authdb, - void * parg, - UserObj_t * uoptr)); -#endif /* UnixWare */ - -#ifdef UnixWare -typedef int(*ArgFn_EnumGroups)(NSErr_t * ferrp, void * authdb, void * parg, - GroupObj_t * goptr); -NSAPI_PUBLIC extern int nsadbEnumerateGroups(NSErr_t * errp, - void * authdb, void * argp, - ArgFn_EnumGroups); -#else /* UnixWare */ -NSAPI_PUBLIC extern int nsadbEnumerateGroups(NSErr_t * errp, - void * authdb, void * argp, - int (*func)(NSErr_t * ferrp, - void * authdb, - void * parg, - GroupObj_t * goptr)); -#endif /* UnixWare */ - -NSAPI_PUBLIC extern int nsadbIsUserInGroup(NSErr_t * errp, void * authdb, - USI_t uid, USI_t gid, - int ngroups, USI_t * grplist); - -NSAPI_PUBLIC extern int nsadbModifyGroup(NSErr_t * errp, - void * authdb, GroupObj_t * goptr); - -NSAPI_PUBLIC extern int nsadbModifyUser(NSErr_t * errp, - void * authdb, UserObj_t * uoptr); - -NSAPI_PUBLIC extern int nsadbRemoveGroup(NSErr_t * errp, - void * authdb, char * name); - -NSAPI_PUBLIC extern int nsadbRemoveUser(NSErr_t * errp, - void * authdb, char * name); - -NSAPI_PUBLIC extern int nsadbRemGroupFromGroup(NSErr_t * errp, void * authdb, - GroupObj_t * pgoptr, - GroupObj_t * cgoptr); - -NSAPI_PUBLIC extern int nsadbRemUserFromGroup(NSErr_t * errp, void * authdb, - GroupObj_t * goptr, - UserObj_t * uoptr); - -NSAPI_PUBLIC extern int nsadbSuperGroups(NSErr_t * errp, void * authdb, - GroupObj_t * goptr, - USIList_t * gsuper); - - -NSPR_END_EXTERN_C - -#if defined(CLIENT_AUTH) - -/* Removed for new ns security integration -#include <sec.h> -*/ -#include <key.h> -#include <cert.h> - -#endif /* defined(CLIENT_AUTH) */ - -#endif /* __nsamgmt_h */ diff --git a/include/libaccess/nscert.h b/include/libaccess/nscert.h deleted file mode 100644 index 64e52169..00000000 --- a/include/libaccess/nscert.h +++ /dev/null @@ -1,102 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __nscert_h -#define __nscert_h - -/* - * Description (nscert.h) - * - * This file describes the interface for accessing and storing - * information in a Netscape client certificate to username - * database. This facility is built on top of the Netscape - * (server) database interface as defined in nsdb.h. - */ - -#include <libaccess/nserror.h> /* error frame list support */ -#include <libaccess/nsautherr.h> /* authentication error codes */ -#include <libaccess/nsauth.h> - -#include <prtypes.h> -/* Removed for new ns security integration -#include <sec.h> -*/ -#include <cert.h> - -#if defined(CLIENT_AUTH) - -/* Certificate to user record attribute tags */ -#define CAT_USERNAME 0x61 /* username associated with cert */ -#define CAT_CERTID 0x62 /* id assigned to cert */ - -/* Attribute tags used in certificate key encoding */ -#define KAT_ISSUER 0x01 /* issuer DER */ -#define KAT_SUBJECT 0x02 /* subject DER */ - -typedef struct CertObj_s CertObj_t; -struct CertObj_s { - SECItem co_issuer; /* issuing authority */ - SECItem co_subject; /* certicate's subject */ - char * co_username; /* the local name it mapps to */ - USI_t co_certid; /* internal id for this client certificate */ -}; - -typedef int (*CertEnumCallback)(NSErr_t * ferrp, void * authdb, - void * argp, CertObj_t * coptr); - -NSPR_BEGIN_EXTERN_C - -extern NSAPI_PUBLIC int nsadbCertInitialize(void); - -extern NSAPI_PUBLIC int nsadbDecodeCertKey(int keylen, char * keyptr, - SECItem * issuer, - SECItem * subject); - -extern NSAPI_PUBLIC int nsadbDecodeCertRec(int reclen, char * recptr, - CertObj_t * coptr); - -extern NSAPI_PUBLIC int nsadbEncodeCertKey(SECItem * issuer, SECItem * subject, - int * keylen, char **keyptr); - -extern NSAPI_PUBLIC int nsadbEnumerateCerts(NSErr_t * errp, void * authdb, - void * argp, - CertEnumCallback func); - -extern NSAPI_PUBLIC void nsadbFreeCertObj(CertObj_t * coptr); - -extern NSAPI_PUBLIC int nsadbGetCertById(NSErr_t * errp, void * authdb, - USI_t certid, CertObj_t **coptr); - -extern NSAPI_PUBLIC int nsadbGetUserByCert(NSErr_t * errp, void * authdb, - CERTCertificate * cert, - char **username); - -extern NSAPI_PUBLIC int nsadbOpenCerts(NSErr_t * errp, - void * authdb, int flags); - -extern NSAPI_PUBLIC int nsadbPutUserByCert(NSErr_t * errp, void * authdb, - CERTCertificate * cert, - const char * username); - -extern NSAPI_PUBLIC int nsadbRemoveCert(NSErr_t * errp, void * authdb, - void * username, CertObj_t * coptr); - -extern NSAPI_PUBLIC int nsadbRemoveUserCert(NSErr_t * errp, void * authdb, - char * username); - -extern NSAPI_PUBLIC void nsadbCloseCerts(void * authdb, int flags); - -extern NSAPI_PUBLIC void nsadbCloseCertUsers(void * authdb, int flags); - -extern NSAPI_PUBLIC int nsadbFindCertUser(NSErr_t * errp, void * authdb, - const char * username, USI_t * id); - - -NSPR_END_EXTERN_C - -#endif /* CLIENT_AUTH */ - - -#endif /* __nscert_h */ diff --git a/include/libaccess/nsdb.h b/include/libaccess/nsdb.h deleted file mode 100644 index c6b442b3..00000000 --- a/include/libaccess/nsdb.h +++ /dev/null @@ -1,182 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __nsdb_h -#define __nsdb_h - -/* - * Description (nsdb.h) - * - * This file describes the interface for retrieving information - * from a Netscape (server) database. A database is composed of - * two (libdbm) DB files. One of these (<dbname>.db) contains - * records indexed by a string key. These records contain the - * primary information in the database. A second DB file - * (<dbname>.id) is used to map an integer id value to a string - * key, which can then be used to locate a record in the first file. - * The interface for managing information in a database is described - * in nsdbmgmt.h. - */ - -/* Begin private definitions */ -#ifdef __PRIVATE_NSDB - -#include "mcom_db.h" - -/* - * Description (NSDB_t) - * - * This type describes the structure that used to represent a - * Netscape server database. It includes fields to reference - * both the primary and id-to-name DB files, and information - * about the current state of the database. - */ - -typedef struct NSDB_s NSDB_t; -struct NSDB_s { - char * ndb_pname; /* primary DB file name pointer */ - DB * ndb_pdb; /* primary DB file handle */ - char * ndb_iname; /* id-to-name DB file name pointer */ - DB * ndb_idb; /* id-to-name DB file handle */ - int ndb_flags; /* bit flags */ -#define NDBF_RDNAME 0x1 /* primary DB open for read */ -#define NDBF_WRNAME 0x2 /* primary DB open for write */ -#define NDBF_NONAME 0x4 /* primary DB does not exist */ -#define NDBF_RDID 0x10 /* id-to-name DB open for read */ -#define NDBF_WRID 0x20 /* id-to-name DB open for write */ -#define NDBF_NOID 0x40 /* id-to-name DB does not exist */ - - int ndb_dbtype; /* database type */ - int ndb_version; /* type-specific version number */ -}; - -/* Define metadata record keys (must start with NDB_MDPREFIX) */ -#define NDB_DBTYPE "?dbtype" /* database type and version info */ -#define NDB_IDMAP "?idmap" /* id allocation bitmap */ - -#endif /* __PRIVATE_NSDB */ - -/* Begin public definitions */ - -#include "nserror.h" /* error frame list support */ -#include "nsdberr.h" /* error codes for NSDB facility */ - -/* Define the NSDB version number */ -#define NDB_VERSION 0x10 /* NSDB version 1.0 */ - -/* Define reserved database type codes for ndb_dbtype */ -#define NDB_TYPE_USERDB 1 /* user database */ -#define NDB_TYPE_GROUPDB 2 /* group database */ -#define NDB_TYPE_CLIENTDB 3 /* client database */ -#define NDB_TYPE_ACLDB 4 /* access control list database */ - -/* - * Define the metadata record key prefix character. Normal data record - * keys (names) cannot begin with this character. - */ -#define NDB_MDPREFIX '?' - -/* Define flags for ndbEnumerate() */ -#define NDBF_ENUMNORM 0x1 /* enumerate normal data records */ -#define NDBF_ENUMMETA 0x2 /* enumerate metadata records */ - -/* Define return values for a user function called by ndbEnumerate */ -#define NDB_ENUMSTOP -1 /* terminate enumeration */ -#define NDB_ENUMCONT 0 /* continue enumeration */ -#define NDB_ENUMRESET 1 /* restart enumeration at beginning */ - -NSPR_BEGIN_EXTERN_C - -/* Functions for database information retrieval in nsdb.c */ -extern void ndbClose(void * ndb, int flags); - -/* for ANSI C++ standard on SCO UDK, otherwise fn name is mangled */ -#ifdef UnixWare -typedef int (*ArgFn_ndbEnum)(NSErr_t * ferrp, void * parg, int namelen, - char * name, int reclen, char * recptr); -extern int ndbEnumerate(NSErr_t * errp, void * ndb, int flags, void * argp, - ArgFn_ndbEnum); -#else /* UnixWare */ -extern int ndbEnumerate(NSErr_t * errp, void * ndb, int flags, void * argp, - int (*func)(NSErr_t * ferrp, void * parg, - int namelen, char * name, - int reclen, char * recptr)); -#endif /* UnixWare */ -extern int ndbFindName(NSErr_t * errp, void * ndb, int namelen, char * name, - int * reclen, char **recptr); -extern int ndbIdToName(NSErr_t * errp, - void * ndb, unsigned int id, int * plen, char **pname); -extern int ndbInitPrimary(NSErr_t * errp, void * ndb); -extern void * ndbOpen(NSErr_t * errp, - char * dbname, int flags, int dbtype, int * version); -extern int ndbReOpen(NSErr_t * errp, void * ndb, int flags); - -NSPR_END_EXTERN_C - -/* richm - 20020218 - these macros were added as part of the port to DBM 1.6 - * apparently, these were exported for outside use from mcom_db.h in - * DBM 1.5x and earlier, but were made private in 1.6 - so I copied them - * here - */ -/* - * Little endian <==> big endian 32-bit swap macros. - * M_32_SWAP swap a memory location - * P_32_SWAP swap a referenced memory location - * P_32_COPY swap from one location to another - */ -#ifndef M_32_SWAP -#define M_32_SWAP(a) { \ - uint32 _tmp = a; \ - ((char *)&a)[0] = ((char *)&_tmp)[3]; \ - ((char *)&a)[1] = ((char *)&_tmp)[2]; \ - ((char *)&a)[2] = ((char *)&_tmp)[1]; \ - ((char *)&a)[3] = ((char *)&_tmp)[0]; \ -} -#endif -#ifndef P_32_SWAP -#define P_32_SWAP(a) { \ - uint32 _tmp = *(uint32 *)a; \ - ((char *)a)[0] = ((char *)&_tmp)[3]; \ - ((char *)a)[1] = ((char *)&_tmp)[2]; \ - ((char *)a)[2] = ((char *)&_tmp)[1]; \ - ((char *)a)[3] = ((char *)&_tmp)[0]; \ -} -#endif -#ifndef P_32_COPY -#define P_32_COPY(a, b) { \ - ((char *)&(b))[0] = ((char *)&(a))[3]; \ - ((char *)&(b))[1] = ((char *)&(a))[2]; \ - ((char *)&(b))[2] = ((char *)&(a))[1]; \ - ((char *)&(b))[3] = ((char *)&(a))[0]; \ -} -#endif -/* - * Little endian <==> big endian 16-bit swap macros. - * M_16_SWAP swap a memory location - * P_16_SWAP swap a referenced memory location - * P_16_COPY swap from one location to another - */ -#ifndef M_16_SWAP -#define M_16_SWAP(a) { \ - uint16 _tmp = a; \ - ((char *)&a)[0] = ((char *)&_tmp)[1]; \ - ((char *)&a)[1] = ((char *)&_tmp)[0]; \ -} -#endif -#ifndef P_16_SWAP -#define P_16_SWAP(a) { \ - uint16 _tmp = *(uint16 *)a; \ - ((char *)a)[0] = ((char *)&_tmp)[1]; \ - ((char *)a)[1] = ((char *)&_tmp)[0]; \ -} -#endif -#ifndef P_16_COPY -#define P_16_COPY(a, b) { \ - ((char *)&(b))[0] = ((char *)&(a))[1]; \ - ((char *)&(b))[1] = ((char *)&(a))[0]; \ -} -#endif - -#endif /* __nsdb_h */ diff --git a/include/libaccess/nsdberr.h b/include/libaccess/nsdberr.h deleted file mode 100644 index 8017b2eb..00000000 --- a/include/libaccess/nsdberr.h +++ /dev/null @@ -1,92 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __nsdberr_h -#define __nsdberr_h - -/* NSDB facility name (defined in nsdb,c) */ -extern char * NSDB_Program; - -/* Define error identifiers for NSDB facility */ - -/* Errors generated in nsdb.c */ - -/* ndbFindName() */ -#define NSDBERR1000 1000 /* primary DB get operation failed */ - -/* ndbIdToName() */ -#define NSDBERR1100 1100 /* id-to-name DB get operation failed */ - -/* ndbInitPrimary() */ -#define NSDBERR1200 1200 /* primary database already exists */ -#define NSDBERR1220 1220 /* primary database open failed */ -#define NSDBERR1240 1240 /* primary DB put operation failed */ -#define NSDBERR1260 1260 /* primary DB put operation failed */ - -/* ndbOpen() */ -#define NSDBERR1400 1400 /* insufficient dynamic memory */ -#define NSDBERR1420 1420 /* insufficient dynamic memory */ -#define NSDBERR1440 1440 /* insufficient dynamic memory */ -#define NSDBERR1460 1460 /* primary DB get metadata operation failed */ -#define NSDBERR1480 1480 /* metadata format error */ -#define NSDBERR1500 1500 /* unsupported database version number */ -#define NSDBERR1520 1520 /* wrong database type */ - -/* ndbReOpen() */ -#define NSDBERR1600 1600 /* create primary DB failed */ -#define NSDBERR1620 1620 /* open primary/write failed */ -#define NSDBERR1640 1640 /* open primary/read failed */ -#define NSDBERR1660 1660 /* create id-to-name DB failed */ -#define NSDBERR1680 1680 /* open id-to-name DB for write failed */ -#define NSDBERR1700 1700 /* open id-to-name DB for read failed */ - -/* Define error ids generated in nsdbmgmt.c */ - -/* ndbAllocId() */ -#define NSDBERR2000 2000 /* bad DB name key */ -#define NSDBERR2020 2020 /* metadata get operation failed */ -#define NSDBERR2040 2040 /* no space to grow DB id bitmap */ -#define NSDBERR2060 2060 /* no space to copy DB id bitmap */ -#define NSDBERR2080 2080 /* put bitmap to DB operation failed */ -#define NSDBERR2100 2100 /* put id-to-name operation failed */ - -/* ndbDeleteName() */ -#define NSDBERR2200 2200 /* error deleting record */ - -/* ndbFreeId() */ -#define NSDBERR2300 2300 /* invalid id value */ -#define NSDBERR2320 2320 /* error deleting id-to-name record */ -#define NSDBERR2340 2340 /* error reading id bitmap from primary DB */ -#define NSDBERR2360 2360 /* invalid id value */ -#define NSDBERR2380 2380 /* insufficient dynamic memory */ -#define NSDBERR2400 2400 /* error writing id bitmap back to DB */ - -/* ndbRenameId() */ -#define NSDBERR2500 2500 /* invalid new key name string */ -#define NSDBERR2520 2520 /* get id record operation failed */ -#define NSDBERR2540 2540 /* put id record operation failed */ - -/* ndbStoreName() */ -#define NSDBERR2700 2700 /* database put operation failed */ - -/* Define error return codes */ -#define NDBERRNOMEM -1 /* insufficient dynamic memory */ -#define NDBERRNAME -2 /* invalid key name string */ -#define NDBERROPEN -3 /* database open error */ -#define NDBERRMDGET -4 /* database metadata get failed */ -#define NDBERRMDPUT -5 /* database metadata put failed */ -#define NDBERRIDPUT -6 /* id-to-name record put failed */ -#define NDBERRNMDEL -7 /* delete named record failed */ -#define NDBERRPINIT -8 /* error creating primary DB file */ -#define NDBERRGET -9 /* database get failed */ -#define NDBERREXIST -10 /* DB already exists */ -#define NDBERRMDFMT -11 /* invalid metadata format */ -#define NDBERRDBTYPE -12 /* wrong DB type */ -#define NDBERRBADID -13 /* invalid id value for name */ -#define NDBERRPUT -14 /* database put operation failed */ -#define NDBERRVERS -15 /* unsupported database version */ -#define NDBERRIDDEL -16 /* delete id-to-name record failed */ - -#endif /* __nsdberr_h */ diff --git a/include/libaccess/nsdbmgmt.h b/include/libaccess/nsdbmgmt.h deleted file mode 100644 index a5dc5ac1..00000000 --- a/include/libaccess/nsdbmgmt.h +++ /dev/null @@ -1,52 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __nsdbmgmt_h -#define __nsdbmgmt_h - -/* - * Description (nsdbmgmt.h) - * - * The file describes the interface for managing information in - * a Netscape (server) database. A database is composed of - * two (libdbm) DB files. One of these (<dbname>.db) contains - * records indexed by a string key. These records contain the - * primary information in the database. A second DB file - * (<dbname>.id) is used to map an integer id value to a string - * key, which can then be used to locate a record in the first file. - * The interface for retrieving information from a database is - * described in nsdb.h. - * - * FUTURE: - * Normally the records in the primary DB file will contain the - * id values which are used to key the id-to-name DB. When this - * is the case, it is possible to construct the id-to-name DB from - * the primary DB file, and an interface is provided to facilitate - * this. - */ - -#include "nsdb.h" /* database access */ - -/* Define flags for ndbStoreName() */ -#define NDBF_NEWNAME 0x1 /* this is (should be) a new name */ - -NSPR_BEGIN_EXTERN_C - -/* Functions for database management in nsdbmgmt.c */ -extern int ndbAllocId(NSErr_t * errp, void * ndb, - int namelen, char * name, unsigned int * id); -extern int ndbDeleteName(NSErr_t * errp, - void * ndb, int flags, int namelen, char * name); -extern int ndbFreeId(NSErr_t * errp, - void * ndb, int namelen, char * name, unsigned int id); -extern int ndbRenameId(NSErr_t * errp, void * ndb, - int namelen, char * newname, unsigned int id); -extern int ndbStoreName(NSErr_t * errp, void * ndb, int flags, - int namelen, char * name, int reclen, char * recptr); -extern int ndbSync(NSErr_t * errp, void * ndb, int flags); - -NSPR_END_EXTERN_C - -#endif /* __nsdbmgmt_h */ diff --git a/include/libaccess/nsgmgmt.h b/include/libaccess/nsgmgmt.h deleted file mode 100644 index 6ce92865..00000000 --- a/include/libaccess/nsgmgmt.h +++ /dev/null @@ -1,35 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __nsgmgmt_h -#define __nsgmgmt_h - -/* - * Description (nsgmgmt.h) - * - * This file defines the interface to group management facilities - * implemented using a Netscape group database. This interface - * provides functions for adding, modifying, and removing group - * entries in the database, using the group object (GroupObj_t) - * structure to convey information across the interface. - */ - -#define __PRIVATE_NSGROUP -#include "nsgroup.h" /* group object access */ - -NSPR_BEGIN_EXTERN_C - -/* Group information management operations in nsgmgmt.c */ -extern NSAPI_PUBLIC int groupAddMember(GroupObj_t * goptr, int isgid, USI_t id); -extern NSAPI_PUBLIC GroupObj_t * groupCreate(NTS_t name, NTS_t desc); -extern NSAPI_PUBLIC int groupDeleteMember(GroupObj_t * goptr, int isgid, USI_t id); -extern NSAPI_PUBLIC int groupEncode(GroupObj_t * goptr, int * ureclen, ATR_t * urecptr); -extern NSAPI_PUBLIC int groupRemove(NSErr_t * errp, void * groupdb, int flags, NTS_t name); -extern NSAPI_PUBLIC int groupStore(NSErr_t * errp, - void * groupdb, int flags, GroupObj_t * goptr); - -NSPR_END_EXTERN_C - -#endif /* __nsgmgmt_h */ diff --git a/include/libaccess/nsgroup.h b/include/libaccess/nsgroup.h deleted file mode 100644 index 8350a8fc..00000000 --- a/include/libaccess/nsgroup.h +++ /dev/null @@ -1,73 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __nsgroup_h -#define __nsgroup_h - -/* - * Description (nsgroup.h) - * - * This file describes the interface to group information stored in - * a Netscape group database. Information about a group is provided - * to the caller in the form of a group object (GroupObj_t), defined - * in nsauth.h. This interface provides only read access to group - * information. The interface for managing the group database is - * described in nsgmgmt.h. - */ - -#include "nserror.h" /* error frame list support */ -#include "nsautherr.h" /* authentication error codes */ -#include "nsauth.h" /* authentication types */ - -/* Begin private definitions */ -#ifdef __PRIVATE_NSGROUP - -#include "nsdb.h" - -/* - * Define structure used to communicate between groupEnumerate() and - * groupEnumHelp(). - */ - -typedef struct GroupEnumArgs_s GroupEnumArgs_t; -struct GroupEnumArgs_s { - void * groupdb; /* group database handle */ - int flags; /* groupEnumerate() flags */ - int (*func)(NSErr_t * ferrp, void * parg, - GroupObj_t * goptr); /* user function pointer */ - void * user; /* user's argp pointer */ -}; - -/* Define attribute tags for group DB records */ -#define GAT_GID 0x50 /* group id (USI) */ -#define GAT_FLAGS 0x51 /* flags (USI) */ -#define GAT_DESCRIPT 0x52 /* group description (NTS) */ -#define GAT_USERS 0x53 /* list of users (USI...) */ -#define GAT_GROUPS 0x54 /* list of groups (USI...) */ -#define GAT_PGROUPS 0x55 /* list of paret groups (USI...) */ - -#endif /* __PRIVATE_NSGROUP */ - -/* Begin public definitions */ - -/* Define flags for groupEnumerate() */ -#define GOF_ENUMKEEP 0x1 /* don't free group objects */ - -NSPR_BEGIN_EXTERN_C - - /* Operations on a group object (see nsgroup.c) */ -extern NSAPI_PUBLIC GroupObj_t * groupDecode(NTS_t name, int ureclen, ATR_t urecptr); -extern NSAPI_PUBLIC int groupEnumerate(NSErr_t * errp, - void * groupdb, int flags, void * argp, - int (*func)(NSErr_t * ferrp, - void * parg, GroupObj_t * goptr)); -extern NSAPI_PUBLIC GroupObj_t * groupFindByName(NSErr_t * errp, - void * groupdb, NTS_t name); -extern NSAPI_PUBLIC GroupObj_t * groupFindByGid(NSErr_t * errp, void * groupdb, USI_t gid); -extern NSAPI_PUBLIC void groupFree(GroupObj_t * goptr); - -NSPR_END_EXTERN_C - -#endif /* __nsgroup_h */ diff --git a/include/libaccess/nslock.h b/include/libaccess/nslock.h deleted file mode 100644 index 097ecb98..00000000 --- a/include/libaccess/nslock.h +++ /dev/null @@ -1,74 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __nslock_h -#define __nslock_h - -/* - * Description (nslock.h) - * - * This file defines to interface for a locking facility that - * provides exclusive access to a resource across multiple - * server processes. - */ - -#include "nserror.h" -#include "base/crit.h" - -#ifdef __PRIVATE_NSLOCK - -/* - * Description (NSLock_t) - * - * This type represents a lock. It includes a name which - * uniquely identifies the lock, and a handle for referencing - * the lock once it has been initialized. - */ - -typedef struct NSLock_s NSLock_t; -struct NSLock_s { - NSLock_t * nl_next; /* next lock on NSLock_List */ - char * nl_name; /* name associate with lock */ -#if defined(FILE_UNIX) - CRITICAL nl_crit; /* critical section for threads */ - SYS_FILE nl_fd; /* file descriptor */ - int nl_cnt; /* nsLockAcquire() count */ -#elif defined(XP_WIN32) -#else -#error "nslock.h needs work for this platform" -#endif -}; - -#endif /* __PRIVATE_NSLOCK */ - -/* Define error identifiers */ - -/* nsLockOpen() */ -#define NSLERR1000 1000 /* insufficient dynamic memory */ -#define NSLERR1020 1020 /* error creating lock */ -#define NSLERR1040 1040 /* error accessing lock */ - -/* nsLockAcquire() */ -#define NSLERR1100 1100 /* error acquiring lock */ - -/* Define error return codes */ - -#define NSLERRNOMEM -1 /* insufficient dynamic memory */ -#define NSLERRCREATE -2 /* error creating lock */ -#define NSLERROPEN -3 /* error accessing lock */ -#define NSLERRLOCK -4 /* error acquiring lock */ - -NSPR_BEGIN_EXTERN_C - -/* Functions in nslock.c */ -extern NSAPI_PUBLIC int nsLockOpen(NSErr_t * errp, - char * lockname, void **plock); -extern NSAPI_PUBLIC int nsLockAcquire(NSErr_t * errp, void * lock); -extern NSAPI_PUBLIC void nsLockRelease(void * lock); -extern NSAPI_PUBLIC void nsLockClose(void * lock); - -NSPR_END_EXTERN_C - -#endif __nslock_h diff --git a/include/libaccess/nsumgmt.h b/include/libaccess/nsumgmt.h deleted file mode 100644 index 0367aade..00000000 --- a/include/libaccess/nsumgmt.h +++ /dev/null @@ -1,36 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __nsumgmt_h -#define __nsumgmt_h - -/* - * Description (nsumgmt.h) - * - * This file defines the interface to user management facilities - * implemented using a Netscape user database. This interface - * provides functions for adding, modifying, and removing user - * entries in the database, using the user object (UserObj_t) - * structure to convey information across the interface. - */ - -#include "nsuser.h" /* user object access */ - -NSPR_BEGIN_EXTERN_C - -/* User information management operations in nsumgmt.c */ -extern int userAddGroup(UserObj_t * uoptr, USI_t gid); -extern NSAPI_PUBLIC UserObj_t * userCreate(NTS_t name, NTS_t pwd, NTS_t rname); -extern int userDeleteGroup(UserObj_t * uoptr, USI_t gid); -extern int userEncode(UserObj_t * uoptr, int * ureclen, ATR_t * urecptr); -extern NSAPI_PUBLIC int userRemove(NSErr_t * errp, void * userdb, int flags, NTS_t name); -extern NSAPI_PUBLIC int userRename(NSErr_t * errp, - void * userdb, UserObj_t * uoptr, NTS_t newname); -extern NSAPI_PUBLIC int userStore(NSErr_t * errp, - void * userdb, int flags, UserObj_t * uoptr); - -NSPR_END_EXTERN_C - -#endif /* __nsumgmt_h */ diff --git a/include/libaccess/nsuser.h b/include/libaccess/nsuser.h deleted file mode 100644 index 2fec7d31..00000000 --- a/include/libaccess/nsuser.h +++ /dev/null @@ -1,70 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef __nsuser_h -#define __nsuser_h - -/* - * Description (nsuser.h) - * - * This file describes the interface to user information stored in - * a Netscape user database. Information about a user is provided - * to the caller in the form of a user object (UserObj_t), defined - * in nsauth.h. This interface provides only read access to user - * information. The interface for managing the user database is - * described in nsumgmt.h. - */ - -#include "nserror.h" /* error frame list support */ -#include "nsautherr.h" /* authentication error codes */ -#include "nsauth.h" /* authentication types */ - -/* Begin private definitions */ -#ifdef __PRIVATE_NSUSER - -#include "nsdb.h" - -/* - * Define structure used to communicate between userEnumerate() and - * userEnumHelp(). - */ - -typedef struct UserEnumArgs_s UserEnumArgs_t; -struct UserEnumArgs_s { - void * userdb; /* user database handle */ - int flags; /* userEnumerate() flags */ - int (*func)(NSErr_t * ferrp, void * parg, - UserObj_t * uoptr); /* user function pointer */ - void * user; /* user's argp pointer */ -}; - -/* Define attribute tags for user DB records */ -#define UAT_PASSWORD 0x40 /* password (NTS) */ -#define UAT_UID 0x41 /* user id (USI) */ -#define UAT_ACCFLAGS 0x42 /* account flags (USI) */ -#define UAT_REALNAME 0x43 /* real name (NTS) */ -#define UAT_GROUPS 0x44 /* list of groups (USI...) */ - -#endif /* __PRIVATE_NSUSER */ - -/* Begin public definitions */ - -/* Define flags for userEnumerate() */ -#define UOF_ENUMKEEP 0x1 /* don't free user objects */ - -NSPR_BEGIN_EXTERN_C - -/* User information retrieval operations in nsuser.c */ -extern UserObj_t * userDecode(NTS_t name, int ureclen, ATR_t urecptr); -extern int userEnumerate(NSErr_t * errp, void * userdb, int flags, void * argp, - int (*func)(NSErr_t * ferrp, - void * parg, UserObj_t * uoptr)); -extern UserObj_t * userFindByName(NSErr_t * errp, void * userdb, NTS_t name); -extern UserObj_t * userFindByUid(NSErr_t * errp, void * userdb, USI_t uid); -NSAPI_PUBLIC extern void userFree(UserObj_t * uoptr); - -NSPR_END_EXTERN_C - -#endif /* __nsuser_h */ diff --git a/include/libaccess/register.h b/include/libaccess/register.h deleted file mode 100644 index 051be9ae..00000000 --- a/include/libaccess/register.h +++ /dev/null @@ -1,215 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -#ifndef ACL_REGISTER_HEADER -#define ACL_REGISTER_HEADER - -#include <prhash.h> - -#include <ldap.h> -#include <base/pblock.h> -#include <base/plist.h> -#include <libaccess/nserror.h> -#include <libaccess/acl.h> - -typedef void * ACLMethod_t; -#define ACL_METHOD_ANY (ACLMethod_t)-1 -#define ACL_METHOD_INVALID (ACLMethod_t)-2 -extern ACLMethod_t ACL_METHOD_BASIC; - -typedef void * ACLDbType_t; -#define ACL_DBTYPE_ANY (ACLDbType_t)-1 -#define ACL_DBTYPE_INVALID (ACLDbType_t)-2 -extern ACLDbType_t ACL_ACL_DBTYPE_LDAP; - -typedef int (*AttrGetterFn)(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth, void *arg); -typedef int (*AclModuleInitFunc)(pblock *pb, Session *sn, Request *rq); -typedef int (*DbParseFn_t)(NSErr_t *errp, ACLDbType_t dbtype, - const char *name, const char *url, - PList_t plist, void **db); -typedef int (*AclCacheFlushFunc_t)(void); - -#ifdef __cplusplus -typedef int (*LASEvalFunc_t)(NSErr_t*, char*, CmpOp_t, char*, int*, void**, PList_t, PList_t, PList_t, PList_t); -typedef void (*LASFlushFunc_t)(void **); -#else -typedef int (*LASEvalFunc_t)(); -typedef void (*LASFlushFunc_t)(); -#endif - -/* We need to hide ACLGetter_t */ -typedef struct ACLGetter_s { - ACLMethod_t method; - ACLDbType_t db; - AttrGetterFn fn; - void *arg; -} ACLGetter_t; -typedef ACLGetter_t *ACLGetter_p; - -/* - * Command values for the "position" argument to ACL_RegisterGetter - * Any positive >0 value is the specific position in the list to insert - * the new function. - */ -#define ACL_AT_FRONT 0 -#define ACL_AT_END -1 -#define ACL_REPLACE_ALL -2 -#define ACL_REPLACE_MATCHING -3 - -#ifdef ACL_LIB_INTERNAL -#define ACL_MAX_METHOD 32 -#define ACL_MAX_DBTYPE 32 -#endif - -NSPR_BEGIN_EXTERN_C - -NSAPI_PUBLIC extern int - ACL_LasRegister( NSErr_t *errp, char *attr_name, LASEvalFunc_t - eval_func, LASFlushFunc_t flush_func ); -NSAPI_PUBLIC extern int - ACL_LasFindEval( NSErr_t *errp, char *attr_name, LASEvalFunc_t - *eval_funcp ); -NSAPI_PUBLIC extern int - ACL_LasFindFlush( NSErr_t *errp, char *attr_name, LASFlushFunc_t - *flush_funcp ); -extern void - ACL_LasHashInit( void ); -extern void - ACL_LasHashDestroy( void ); - -/* - * Revised, normalized method/dbtype registration routines - */ -NSAPI_PUBLIC extern int - ACL_MethodRegister(const char *name, ACLMethod_t *t); -NSAPI_PUBLIC extern int - ACL_MethodIsEqual(const ACLMethod_t t1, const ACLMethod_t t2); -NSAPI_PUBLIC extern int - ACL_MethodNameIsEqual(const ACLMethod_t t, const char *name); -NSAPI_PUBLIC extern int - ACL_MethodFind(const char *name, ACLMethod_t *t); -NSAPI_PUBLIC extern ACLMethod_t - ACL_MethodGetDefault(); -NSAPI_PUBLIC extern void - ACL_MethodSetDefault(const ACLMethod_t t); -NSAPI_PUBLIC extern int - ACL_AuthInfoGetMethod(PList_t auth_info, ACLMethod_t *t); - -NSAPI_PUBLIC extern int - ACL_DbTypeRegister(const char *name, DbParseFn_t func, ACLDbType_t *t); -NSAPI_PUBLIC extern int - ACL_DbTypeIsEqual(const ACLDbType_t t1, const ACLDbType_t t2); -NSAPI_PUBLIC extern int - ACL_DbTypeNameIsEqual(const ACLDbType_t t, const char *name); -NSAPI_PUBLIC extern int - ACL_DbTypeFind(const char *name, ACLDbType_t *t); -NSAPI_PUBLIC extern const ACLDbType_t - ACL_DbTypeGetDefault(); -NSAPI_PUBLIC extern void - ACL_DbTypeSetDefault(ACLDbType_t t); -NSAPI_PUBLIC extern int - ACL_AuthInfoGetDbType(PList_t auth_info, ACLDbType_t *t); -NSAPI_PUBLIC extern int - ACL_DbTypeIsRegistered(const ACLDbType_t dbtype); -NSAPI_PUBLIC extern DbParseFn_t - ACL_DbTypeParseFn(const ACLDbType_t dbtype); - -NSAPI_PUBLIC extern int - ACL_AttrGetterRegister(const char *attr, AttrGetterFn fn, ACLMethod_t m, - ACLDbType_t d, int position, void *arg); -typedef ACLGetter_t *AttrGetterList; /* TEMPORARY */ -NSAPI_PUBLIC extern int - ACL_AttrGetterFind(PList_t auth_info, const char *attr, - AttrGetterList *getters); - -NSPR_END_EXTERN_C - - -/* LAS return codes - Must all be negative numbers */ -#define LAS_EVAL_TRUE -1 -#define LAS_EVAL_FALSE -2 -#define LAS_EVAL_DECLINE -3 -#define LAS_EVAL_FAIL -4 -#define LAS_EVAL_INVALID -5 -#define LAS_EVAL_NEED_MORE_INFO -6 - -#define ACL_ATTR_GROUP "group" -#define ACL_ATTR_RAW_USER_LOGIN "user-login" -#define ACL_ATTR_AUTH_USER "auth-user" -#define ACL_ATTR_AUTH_TYPE "auth-type" -#define ACL_ATTR_AUTH_DB "auth-db" -#define ACL_ATTR_AUTH_PASSWORD "auth-password" -#define ACL_ATTR_USER "user" -#define ACL_ATTR_PASSWORD "pw" -#define ACL_ATTR_USERDN "userdn" -#define ACL_ATTR_RAW_USER "raw-user" -#define ACL_ATTR_RAW_PASSWORD "raw-pw" -#define ACL_ATTR_USER_ISMEMBER "user-ismember" -#define ACL_ATTR_DATABASE "database" -#define ACL_ATTR_DBTYPE "dbtype" -#define ACL_ATTR_DBNAME "dbname" -#define ACL_ATTR_DATABASE_URL "url" -#define ACL_ATTR_METHOD "method" -#define ACL_ATTR_AUTHTYPE "authtype" -#define ACL_ATTR_AUTHORIZATION "authorization" -#define ACL_ATTR_PARSEFN "parsefn" -#define ACL_ATTR_ATTRIBUTE "attr" -#define ACL_ATTR_GETTERFN "getterfunc" -#define ACL_ATTR_IP "ip" -#define ACL_ATTR_DNS "dns" -#define ACL_ATTR_MODULE "module" -#define ACL_ATTR_MODULEFUNC "func" -#define ACL_ATTR_GROUPS "groups" -#define ACL_ATTR_IS_VALID_PASSWORD "isvalid-password" -#define ACL_ATTR_CERT2USER "cert2user" -#define ACL_ATTR_USER_CERT "cert" -#define ACL_ATTR_PROMPT "prompt" -#define ACL_ATTR_TIME "time" -#define ACL_ATTR_USERS_GROUP "users-group" - -#define ACL_DBTYPE_LDAP "ldap" - -#define METHOD_DEFAULT "default" - -typedef PRHashTable AttrGetterTable_t; - -typedef struct { - char *method; - char *authtype; - char *dbtype; - AttrGetterTable_t *attrGetters; -} MethodInfo_t; - -NSPR_BEGIN_EXTERN_C - -NSAPI_PUBLIC int ACL_FindMethod (NSErr_t *errp, const char *method, MethodInfo_t **method_info_handle); -NSAPI_PUBLIC int ACL_RegisterModule (NSErr_t *errp, const char *moduleName, AclModuleInitFunc func); -NSAPI_PUBLIC int ACL_RegisterMethod (NSErr_t *errp, const char *method, const char *authtype, const char *dbtype, MethodInfo_t **method_info_handle); -NSAPI_PUBLIC int ACL_RegisterAttrGetter (NSErr_t *errp, MethodInfo_t *method_info_handle, const char *attr, AttrGetterFn func); -NSAPI_PUBLIC int ACL_UseAttrGettersFromMethod (NSErr_t *errp, const char *method, const char *usefrom); -NSAPI_PUBLIC int ACL_GetAttribute(NSErr_t *errp, const char *attr, void **val, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth); -NSAPI_PUBLIC int ACL_FindAttrGetter (NSErr_t *errp, const char *method, const char *attr, AttrGetterFn *func); -NSAPI_PUBLIC int ACL_CallAttrGetter (NSErr_t *errp, const char *method, const char *attr, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth); -NSAPI_PUBLIC int ACL_RegisterDbType(NSErr_t *errp, const char *dbtype, DbParseFn_t func); -NSAPI_PUBLIC int ACL_RegisterDbName(NSErr_t *errp, ACLDbType_t dbtype, const char *dbname, const char *url, PList_t plist); -NSAPI_PUBLIC int ACL_RegisterDbFromACL(NSErr_t *errp, const char *url, ACLDbType_t *dbtype); -NSAPI_PUBLIC int ACL_DatabaseFind(NSErr_t *errp, const char *dbname, - ACLDbType_t *dbtype, void **db); -NSAPI_PUBLIC int ACL_SetDefaultDatabase (NSErr_t *errp, const char *dbname); -NSAPI_PUBLIC int ACL_SetDefaultMethod (NSErr_t *errp, const char *method); -NSAPI_PUBLIC const char *ACL_DbnameGetDefault (NSErr_t *errp); -NSAPI_PUBLIC int ACL_LDAPDatabaseHandle (NSErr_t *errp, const char *dbname, LDAP **ld); -NSAPI_PUBLIC int ACL_AuthInfoGetDbname (NSErr_t *errp, PList_t auth_info, char **dbname); -NSAPI_PUBLIC int ACL_CacheFlushRegister(AclCacheFlushFunc_t func); - -NSPR_END_EXTERN_C - -struct program_groups { - char **groups; - char **programs; -}; - -#endif diff --git a/include/libaccess/stubs.h b/include/libaccess/stubs.h deleted file mode 100644 index 9aea601c..00000000 --- a/include/libaccess/stubs.h +++ /dev/null @@ -1,6 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -typedef void PropList_t; diff --git a/include/public/Makefile b/include/public/Makefile deleted file mode 100644 index cf0c3611..00000000 --- a/include/public/Makefile +++ /dev/null @@ -1,59 +0,0 @@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2005 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK -# -# Makefile for netsite.h - -BUILD_ROOT = ../.. -MODULE=netsiteInclude - -include $(BUILD_ROOT)/nsdefs.mk - -HDRDEST=$(OBJDIR)/include - -PREFIX=../copyrght.h - - -NOSTDSTRIP=true -NOSTDDEPEND=true - -HDRS=netsite.h nsapi.h - -BINS=$(addprefix $(HDRDEST)/,$(HDRS)) - -all: stuff - -strip: -depend: - -include $(BUILD_ROOT)/nsconfig.mk - -ifeq ($(NSAPI_CAPABLE), true) - -stuff: $(HDRDEST) $(BINS) sub-hdrs - -$(HDRDEST): - mkdir -p $(HDRDEST) - -ifeq ($(PRODUCT), "Netscape Proxy Server") -sub-hdrs: - cd base; $(MAKE) $(MAKEFLAGS) - cd frame; $(MAKE) $(MAKEFLAGS) - cd libproxy; $(MAKE) $(MAKEFLAGS) -else -sub-hdrs: - cd base; $(MAKE) $(MAKEFLAGS) - cd frame; $(MAKE) $(MAKEFLAGS) - cd nsacl; $(MAKE) $(MAKEFLAGS) -endif - -$(HDRDEST)/%.h: %.h - cat $(PREFIX) $< > $(HDRDEST)/$*.h - -else -stuff: - -endif diff --git a/include/public/base/Makefile b/include/public/base/Makefile deleted file mode 100644 index d92527a2..00000000 --- a/include/public/base/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2005 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK -# -# Makefile for netsite.h - -BUILD_ROOT = ../../.. -MODULE=netsiteIncludeBase - -include $(BUILD_ROOT)/nsdefs.mk - -HDRDEST=$(OBJDIR)/include/base - -PREFIX=../../copyrght.h - - -NOSTDSTRIP=true -NOSTDDEPEND=true - -#HDRS=$(wildcard *.h) -HDRS=daemon.h cinfo.h crit.h ereport.h buffer.h net.h pblock.h sem.h session.h shexp.h shmem.h systhr.h util.h file.h pool.h regexp.h systems.h - - -BINS=$(addprefix $(HDRDEST)/,$(HDRS)) - -all: $(HDRDEST) $(BINS) - -$(HDRDEST): - mkdir -p $(HDRDEST) - -strip: -depend: - -include $(BUILD_ROOT)/nsconfig.mk - -$(HDRDEST)/%.h: %.h - cat $(PREFIX) $< > $(HDRDEST)/$*.h diff --git a/include/public/base/crit.h b/include/public/base/crit.h deleted file mode 100644 index aa641f9e..00000000 --- a/include/public/base/crit.h +++ /dev/null @@ -1,21 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef PUBLIC_BASE_CRIT_H -#define PUBLIC_BASE_CRIT_H - -/* - * File: crit.h - * - * Description: - * - * Deprecated include file. - */ - -#ifndef PUBLIC_NSAPI_H -#include "../nsapi.h" -#endif /* !PUBLIC_NSAPI_H */ - -#endif /* !PUBLIC_BASE_CRIT_H */ diff --git a/include/public/base/ereport.h b/include/public/base/ereport.h deleted file mode 100644 index d866cd2c..00000000 --- a/include/public/base/ereport.h +++ /dev/null @@ -1,21 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef PUBLIC_BASE_EREPORT_H -#define PUBLIC_BASE_EREPORT_H - -/* - * File: ereport.h - * - * Description: - * - * Deprecated include file. - */ - -#ifndef PUBLIC_NSAPI_H -#include "../nsapi.h" -#endif /* !PUBLIC_NSAPI_H */ - -#endif /* !PUBLIC_BASE_EREPORT_H */ diff --git a/include/public/base/file.h b/include/public/base/file.h deleted file mode 100644 index eea8c59e..00000000 --- a/include/public/base/file.h +++ /dev/null @@ -1,21 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef PUBLIC_BASE_FILE_H -#define PUBLIC_BASE_FILE_H - -/* - * File: file.h - * - * Description: - * - * Deprecated include file. - */ - -#ifndef PUBLIC_NSAPI_H -#include "../nsapi.h" -#endif /* !PUBLIC_NSAPI_H */ - -#endif /* !PUBLIC_BASE_FILE_H */ diff --git a/include/public/base/pool.h b/include/public/base/pool.h deleted file mode 100644 index 6f9a6a67..00000000 --- a/include/public/base/pool.h +++ /dev/null @@ -1,22 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef PUBLIC_BASE_POOL_H -#define PUBLIC_BASE_POOL_H - -/* - * File: pool.h - * - * Description: - * - * Deprecated include file. - */ - -#ifndef PUBLIC_NSAPI_H -#include "../nsapi.h" -#endif /* !PUBLIC_NSAPI_H */ - -#endif /* !PUBLIC_BASE_POOL_H */ - diff --git a/include/public/base/shexp.h b/include/public/base/shexp.h deleted file mode 100644 index c9ba7e35..00000000 --- a/include/public/base/shexp.h +++ /dev/null @@ -1,22 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef PUBLIC_BASE_SHEXP_H -#define PUBLIC_BASE_SHEXP_H - -/* - * File: shexp.h - * - * Description: - * - * Deprecated include file. - */ - -#ifndef PUBLIC_NSAPI_H -#include "../nsapi.h" -#endif /* !PUBLIC_NSAPI_H */ - -#endif /* !PUBLIC_BASE_SHEXP_H */ - diff --git a/include/public/base/systhr.h b/include/public/base/systhr.h deleted file mode 100644 index 8a48c3fe..00000000 --- a/include/public/base/systhr.h +++ /dev/null @@ -1,21 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef PUBLIC_BASE_SYSTHR_H -#define PUBLIC_BASE_SYSTHR_H - -/* - * File: systhr.h - * - * Description: - * - * Deprecated include file. - */ - -#ifndef PUBLIC_NSAPI_H -#include "../nsapi.h" -#endif /* !PUBLIC_NSAPI_H */ - -#endif /* !PUBLIC_BASE_SYSTHR_H */ diff --git a/include/public/base/util.h b/include/public/base/util.h deleted file mode 100644 index 967a1ca8..00000000 --- a/include/public/base/util.h +++ /dev/null @@ -1,21 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#ifndef PUBLIC_BASE_UTIL_H -#define PUBLIC_BASE_UTIL_H - -/* - * File: util.h - * - * Description: - * - * Deprecated include file. - */ - -#ifndef PUBLIC_NSAPI_H -#include "../nsapi.h" -#endif /* !PUBLIC_NSAPI_H */ - -#endif /* PUBLIC_BASE_UTIL_H */ diff --git a/include/public/nsacl/Makefile b/include/public/nsacl/Makefile deleted file mode 100644 index cf5e94e5..00000000 --- a/include/public/nsacl/Makefile +++ /dev/null @@ -1,38 +0,0 @@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2005 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK -# -# Makefile for include/public/nsacl public header files - -BUILD_ROOT = ../../.. -MODULE=netsiteIncludeNsacl - -include $(BUILD_ROOT)/nsdefs.mk - -HDRDEST=$(OBJDIR)/include/nsacl - -PREFIX=copyrght.h - - -NOSTDSTRIP=true -NOSTDDEPEND=true - -HDRS=$(wildcard *.h) - -BINS=$(addprefix $(HDRDEST)/,$(HDRS)) - -all: $(HDRDEST) $(BINS) - -$(HDRDEST): - mkdir -p $(HDRDEST) - -strip: -depend: - -include $(BUILD_ROOT)/nsconfig.mk - -$(HDRDEST)/%.h: %.h - cat $(PREFIX) $< > $(HDRDEST)/$*.h diff --git a/include/public/nsacl/copyrght.h b/include/public/nsacl/copyrght.h deleted file mode 100644 index ffee130a..00000000 --- a/include/public/nsacl/copyrght.h +++ /dev/null @@ -1,6 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - diff --git a/lib/base/shmem.cpp b/lib/base/shmem.cpp deleted file mode 100644 index 66bd3a54..00000000 --- a/lib/base/shmem.cpp +++ /dev/null @@ -1,127 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -/* - * shmem.h: Portable abstraction for memory shared among a server's workers - * - * Rob McCool - */ - - -#include "shmem.h" - -#if defined (SHMEM_UNIX_MMAP) - -#include <sys/types.h> -#include <sys/stat.h> -#include <unistd.h> -#include <private/pprio.h> /* for nspr20 binary release */ - -NSPR_BEGIN_EXTERN_C -#include <sys/mman.h> -NSPR_END_EXTERN_C - -NSAPI_PUBLIC shmem_s *shmem_alloc(char *name, int size, int expose) -{ - shmem_s *ret = (shmem_s *) PERM_MALLOC(sizeof(shmem_s)); - char *growme; - - if( (ret->fd = PR_Open(name, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 0666)) == NULL) { - PERM_FREE(ret); - return NULL; - } - growme = (char *) PERM_MALLOC(size); - ZERO(growme, size); - if(PR_Write(ret->fd, (char *)growme, size) < 0) { - PR_Close(ret->fd); - PERM_FREE(growme); - PERM_FREE(ret); - return NULL; - } - PERM_FREE(growme); - PR_Seek(ret->fd, 0, PR_SEEK_SET); - if( (ret->data = (char *)mmap(NULL, size, PROT_READ | PROT_WRITE, - SHMEM_MMAP_FLAGS, PR_FileDesc2NativeHandle(ret->fd), 0)) == (caddr_t) -1) - { - PR_Close(ret->fd); - PERM_FREE(ret); - return NULL; - } - if(!expose) { - ret->name = NULL; - unlink(name); - } - else - ret->name = STRDUP(name); - ret->size = size; - return ret; -} - - -NSAPI_PUBLIC void shmem_free(shmem_s *region) -{ - if(region->name) { - unlink(region->name); - PERM_FREE(region->name); - } - munmap((char *)region->data, region->size); /* CLEARLY, C++ SUCKS */ - PR_Close(region->fd); - PERM_FREE(region); -} - -#elif defined (SHMEM_WIN32_MMAP) - -#define PAGE_SIZE (1024*8) -#define ALIGN(x) ( (x+PAGE_SIZE-1) & (~(PAGE_SIZE-1)) ) -NSAPI_PUBLIC shmem_s *shmem_alloc(char *name, int size, int expose) -{ - shmem_s *ret = (shmem_s *) PERM_MALLOC(sizeof(shmem_s)); - HANDLE fHandle; - - ret->fd = 0; /* not used on NT */ - - size = ALIGN(size); - if( !(ret->fdmap = CreateFileMapping( - (HANDLE)0xffffffff, - NULL, - PAGE_READWRITE, - 0, - size, - name)) ) - { - int err = GetLastError(); - PERM_FREE(ret); - return NULL; - } - if( !(ret->data = (char *)MapViewOfFile ( - ret->fdmap, - FILE_MAP_ALL_ACCESS, - 0, - 0, - 0)) ) - { - CloseHandle(ret->fdmap); - PERM_FREE(ret); - return NULL; - } - ret->size = size; - ret->name = NULL; - - return ret; -} - - -NSAPI_PUBLIC void shmem_free(shmem_s *region) -{ - if(region->name) { - DeleteFile(region->name); - PERM_FREE(region->name); - } - UnmapViewOfFile(region->data); - CloseHandle(region->fdmap); - PERM_FREE(region); -} - -#endif /* SHMEM_WIN32_MMAP */ diff --git a/lib/libaccess/aclbuild.cpp b/lib/libaccess/aclbuild.cpp deleted file mode 100644 index d7ff6283..00000000 --- a/lib/libaccess/aclbuild.cpp +++ /dev/null @@ -1,1360 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * Description (aclbuild.c) - * - * This module provides functions for building Access Control List - * (ACL) structures in memory. - * - */ - -#include <assert.h> -#include "base/systems.h" -#include "netsite.h" -#include "libaccess/nsauth.h" -#include "libaccess/nsuser.h" -#include "libaccess/nsgroup.h" -#include "libaccess/nsadb.h" -#include "libaccess/aclerror.h" -#include "libaccess/aclstruct.h" -#include "libaccess/aclbuild.h" -#include "libaccess/aclparse.h" -#include "libaccess/acleval.h" -#include "libaccess/usi.h" - -char * ACL_Program = "NSACL"; /* ACL facility name */ - -/* - * Description (accCreate) - * - * This function creates a new access control context, which - * provides context information for a set of ACL definitions. - * The caller also provides a handle for a symbol table to be - * used to store definitions of ACL and rights names. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * stp - symbol table handle (may be null) - * pacc - pointer to returned context handle - * - * Returns: - * - * If the context is created successfully, the return value is zero. - * Otherwise it is a negative error code (ACLERRxxxx - see aclerror.h), - * and an error frame will be generated if an error list is provided. - */ - -int accCreate(NSErr_t * errp, void * stp, ACContext_t **pacc) -{ - ACContext_t * acc; /* pointer to new context */ - int rv; /* result value */ - int eid; /* error id */ - - *pacc = 0; - - /* Do we need to create a symbol table? */ - if (stp == 0) { - - /* Yes, create a symbol table for ACL, rights, etc. names */ - rv = symTableNew(&stp); - if (rv < 0) goto err_nomem1; - } - - /* Allocate the context structure */ - acc = (ACContext_t *)MALLOC(sizeof(ACContext_t)); - if (acc == 0) goto err_nomem2; - - /* Initialize it */ - acc->acc_stp = stp; - acc->acc_acls = 0; - acc->acc_rights = 0; - acc->acc_refcnt = 0; - - *pacc = acc; - return 0; - - err_nomem1: - rv = ACLERRNOMEM; - eid = ACLERR3000; - goto err_ret; - - err_nomem2: - rv = ACLERRNOMEM; - eid = ACLERR3020; - - err_ret: - nserrGenerate(errp, rv, eid, ACL_Program, 0); - return rv; -} - -/* - * Description (accDestroy) - * - * This function destroys a set of ACL data structures referenced - * by a specified ACContext_t structure, including the ACContext_t - * itself. - * - * Arguments: - * - * acc - pointer to ACContext_t structure - * flags - bit flags (unused - must be zero) - */ - -void accDestroy(ACContext_t * acc, int flags) -{ - ACL_t * acl; - - if (acc != 0) { - - /* - * First destroy all ACLs and any unnamed structures they reference. - * Note that aclDestroy() modifies the acc_acls list. - */ - while ((acl = acc->acc_acls) != 0) { - - aclDelete(acl); - } - - /* If there's a symbol table, destroy everything it references */ - if (acc->acc_stp != 0) { - symTableEnumerate(acc->acc_stp, 0, accDestroySym); - - /* Destroy the symbol table itself */ - symTableDestroy(acc->acc_stp, 0); - } - - /* Free the ACContext_t structure */ - FREE(acc); - } -} - -/* - * Description (accDestroySym) - * - * This function is called to destroy the data structure associated - * with a specified Symbol_t symbol table entry. It examines the - * type of the symbol and calls the appropriate destructor. - * - * Arguments: - * - * sym - pointer to symbol table entry - * argp - unused - must be zero - * - * Returns: - * - * The return value is SYMENUMREMOVE. - */ - -int accDestroySym(Symbol_t * sym, void * argp) -{ - switch (sym->sym_type) { - case ACLSYMACL: /* ACL */ - aclDestroy((ACL_t *)sym); - break; - - case ACLSYMRIGHT: /* access right */ - { - RightDef_t * rdp = (RightDef_t *)sym; - - if (rdp->rd_sym.sym_name != 0) { - FREE(rdp->rd_sym.sym_name); - } - FREE(rdp); - } - break; - - case ACLSYMRDEF: /* access rights list */ - aclRightSpecDestroy((RightSpec_t *)sym); - break; - - case ACLSYMREALM: /* realm name */ - aclRealmSpecDestroy((RealmSpec_t *)sym); - break; - - case ACLSYMHOST: /* host specifications */ - aclHostSpecDestroy((HostSpec_t *)sym); - break; - - case ACLSYMUSER: /* user/group list */ - aclUserSpecDestroy((UserSpec_t *)sym); - break; - } - - return SYMENUMREMOVE; -} - -/* - * Description (accReadFile) - * - * This function reads a specfied file containing ACL definitions - * and creates data structures in memory to represent the ACLs. - * The caller may provide a pointer to an existing ACContext_t - * structure which will serve as the root of the ACL structures, - * or else a new one will be created. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * aclfile - pointer to the ACL filename string - * pacc - value/result ACContext_t - * - * Returns: - * - * If the ACL file is read successfully, the return value is zero. - * Otherwise it is a negative error code (ACLERRxxxx - see aclerror.h), - * and an error frame will be generated if an error list is provided. - */ - -int accReadFile(NSErr_t * errp, char * aclfile, ACContext_t **pacc) -{ - ACContext_t * acc = *pacc; /* pointer to ACL root structure */ - ACLFile_t * acf = 0; /* pointer to ACL file handle */ - void * stp = 0; /* ACL symbol table handle */ - int rv; /* result value */ - int eid; /* error id value */ - - /* Initialize the ACL parser */ - rv = aclParseInit(); - if (rv < 0) goto err_init; - - /* Do we need to create a new ACContext_t structure? */ - if (acc == 0) { - - /* Yes, create a symbol table for ACL, rights, etc. names */ - rv = symTableNew(&stp); - if (rv < 0) goto err_crsym; - - /* Create a root structure for the ACLs, including the symbol table */ - rv = accCreate(errp, stp, &acc); - if (rv < 0) goto err_ret2; - } - - /* Open the ACL definition file */ - rv = aclFileOpen(errp, aclfile, 0, &acf); - if (rv < 0) goto err_ret3; - - /* Parse the ACL definitions, building ACL structures in memory */ - rv = aclACLParse(errp, acf, acc, 0); - if (rv < 0) goto err_ret4; - - aclFileClose(acf, 0); - - if (pacc) *pacc = acc; - - return rv; - - err_init: - eid = ACLERR3100; - goto err_ret; - - err_crsym: - eid = ACLERR3120; - rv = ACLERRNOMEM; - goto err_ret; - - err_ret4: - aclFileClose(acf, 0); - err_ret3: - /* Destroy the ACContext_t if we just created it */ - if (acc != *pacc) { - accDestroy(acc, 0); - } - goto err_ret; - - err_ret2: - symTableDestroy(stp, 0); - - err_ret: - return rv; -} - -/* - * Description (aclAuthDNSAdd) - * - * This function adds a DNS name specification to the DNS filter - * associated with a given host list. The DNS name specification is - * either a fully-qualified domain name or a domain name suffix, - * indicated by a leading ".", e.g. (".mcom.com"). The name - * components included in a suffix must be complete. For example, - * ".scape.com" will not match names ending in ".netscape.com". - * - * Arguments: - * - * hspp - pointer to host list pointer - * dnsspec - DNS name or suffix string pointer - * fqdn - non-zero if dnsspec is fully qualified - * - * Returns: - * - * If successful, the return code is zero. - * An error is indicated by a negative return code (ACLERRxxxx - * - see aclerror.h). - */ - -int aclAuthDNSAdd(HostSpec_t **hspp, char * dnsspec, int fqdn) -{ - HostSpec_t * hsp; /* host list pointer */ - void * table; /* access control hash table pointer */ - Symbol_t * sym; /* hash table entry pointer */ - int rv; /* result value */ - - fqdn = (fqdn) ? 1 : 0; - - /* Create the HostSpec_t if it doesn't exist */ - hsp = *hspp; - if (hsp == 0) { - - hsp = (HostSpec_t *)MALLOC(sizeof(HostSpec_t)); - if (hsp == 0) goto err_nomem; - memset((void *)hsp, 0, sizeof(HostSpec_t)); - hsp->hs_sym.sym_type = ACLSYMHOST; - } - - /* Get pointer to hash table used for DNS filter */ - table = hsp->hs_host.inh_dnf.dnf_hash; - if (table == 0) { - - /* None there yet, so create one */ - rv = symTableNew(&table); - if (rv < 0) goto punt; - hsp->hs_host.inh_dnf.dnf_hash = table; - } - - /* See if the DNS spec is already in the table */ - rv = symTableFindSym(table, dnsspec, fqdn, (void **)&sym); - if (rv < 0) { - if (rv != SYMERRNOSYM) goto punt; - - /* It's not there, so add it */ - sym = (Symbol_t *)MALLOC(sizeof(Symbol_t)); - sym->sym_name = STRDUP(dnsspec); - sym->sym_type = fqdn; - - rv = symTableAddSym(table, sym, (void *)sym); - if (rv < 0) goto err_nomem; - } - - *hspp = hsp; - - punt: - return rv; - - err_nomem: - rv = ACLERRNOMEM; - goto punt; -} - -/* - * Description (aclAuthIPAdd) - * - * This function adds an IP address specification to the IP filter - * associated with a given host list. The IP address specification - * consists of an IP host or network address and an IP netmask. - * For host addresses the netmask value is 255.255.255.255. - * - * Arguments: - * - * hspp - pointer to host list pointer - * ipaddr - IP host or network address - * netmask - IP netmask value - * - * Returns: - * - * If successful, the return code is zero. - * An error is indicated by a negative return code (ACLERRxxxx - * - see aclerror.h). - */ - -int aclAuthIPAdd(HostSpec_t **hspp, IPAddr_t ipaddr, IPAddr_t netmask) -{ - HostSpec_t * hsp; /* host list pointer */ - IPFilter_t * ipf; /* IP filter pointer */ - IPNode_t * ipn; /* current node pointer */ - IPNode_t * lastipn; /* last (lower) node pointer */ - IPLeaf_t * leaf; /* leaf node pointer */ - IPAddr_t bitmask; /* bit mask for current node */ - int lastbit; /* number of last bit set in netmask */ - int i; /* loop index */ - - /* Create the HostSpec_t if it doesn't exist */ - hsp = *hspp; - if (hsp == 0) { - - hsp = (HostSpec_t *)MALLOC(sizeof(HostSpec_t)); - if (hsp == 0) goto err_nomem; - memset((void *)hsp, 0, sizeof(HostSpec_t)); - hsp->hs_sym.sym_type = ACLSYMHOST; - } - - ipf = &hsp->hs_host.inh_ipf; - - /* If the filter doesn't have a root node yet, create it */ - if (ipf->ipf_tree == 0) { - - /* Allocate node */ - ipn = (IPNode_t *)MALLOC(sizeof(IPNode_t)); - if (ipn == 0) goto err_nomem; - - /* Initialize it to test bit 31, but without any descendants */ - ipn->ipn_type = IPN_NODE; - ipn->ipn_bit = 31; - ipn->ipn_parent = NULL; - ipn->ipn_clear = NULL; - ipn->ipn_set = NULL; - ipn->ipn_masked = NULL; - - /* Set it as the root node in the radix tree */ - ipf->ipf_tree = ipn; - } - - /* First we search the tree to see where this IP specification fits */ - - lastipn = NULL; - - for (ipn = ipf->ipf_tree; (ipn != NULL) && (ipn->ipn_type == IPN_NODE); ) { - - /* Get a mask for the bit this node tests */ - bitmask = (IPAddr_t) 1<<ipn->ipn_bit; - - /* Save pointer to last internal node */ - lastipn = ipn; - - /* Is this a bit we care about? */ - if (bitmask & netmask) { - - /* Yes, get address of set or clear descendant pointer */ - ipn = (bitmask & ipaddr) ? ipn->ipn_set : ipn->ipn_clear; - } - else { - /* No, get the address of the masked descendant pointer */ - ipn = ipn->ipn_masked; - } - } - - /* Did we end up at a leaf node? */ - if (ipn == NULL) { - - /* - * No, well, we need to find a leaf node if possible. The - * reason is that we need an IP address and netmask to compare - * to the IP address and netmask we're inserting. We know that - * they're the same up to the bit tested by the lastipn node, - * but we need to know the *highest* order bit that's different. - * Any leaf node below lastipn will do. - */ - - leaf = NULL; - ipn = lastipn; - - while (ipn != NULL) { - - /* Look for any non-null child link of the current node */ - for (i = 0; i < IPN_NLINKS; ++i) { - if (ipn->ipn_links[i]) break; - } - - /* - * Fail search for leaf if no non-null child link found. - * This should only happen on the root node of the tree - * when the tree is empty. - */ - if (i >= IPN_NLINKS) { - assert(ipn == ipf->ipf_tree); - break; - } - - /* Step to the child node */ - ipn = ipn->ipn_links[i]; - - /* Is it a leaf? */ - if (ipn->ipn_type == IPN_LEAF) { - - /* Yes, search is over */ - leaf = (IPLeaf_t *)ipn; - ipn = NULL; - break; - } - } - } - else { - - /* Yes, loop terminated on a leaf node */ - assert(ipn->ipn_type == IPN_LEAF); - leaf = (IPLeaf_t *)ipn; - } - - /* Got a leaf yet? */ - if (leaf != NULL) { - - /* Combine the IP address and netmask differences */ - bitmask = (leaf->ipl_ipaddr ^ ipaddr) | (leaf->ipl_netmask ^ netmask); - - /* Are both the IP address and the netmask the same? */ - if (bitmask == 0) { - - /* Yes, duplicate entry */ - return 0; - } - - /* Find the bit number of the first different bit */ - for (lastbit = 31; - (bitmask & 0x80000000) == 0; --lastbit, bitmask <<= 1) ; - - /* Generate a bit mask with just that bit */ - bitmask = (IPAddr_t) (1 << lastbit); - - /* - * Go up the tree from lastipn, looking for an internal node - * that tests lastbit. Stop if we get to a node that tests - * a higher bit number first. - */ - for (ipn = lastipn, lastipn = (IPNode_t *)leaf; - ipn != NULL; ipn = ipn->ipn_parent) { - - if (ipn->ipn_bit >= lastbit) { - if (ipn->ipn_bit == lastbit) { - /* Need to add a leaf off ipn node */ - lastipn = NULL; - } - break; - } - lastipn = ipn; - } - - assert(ipn != NULL); - } - else { - - /* Just hang a leaf off the lastipn node if no leaf */ - ipn = lastipn; - lastipn = NULL; - lastbit = ipn->ipn_bit; - } - - /* - * If lastipn is not NULL at this point, the new leaf will hang - * off an internal node inserted between the upper node, referenced - * by ipn, and the lower node, referenced by lastipn. The lower - * node may be an internal node or a leaf. - */ - if (lastipn != NULL) { - IPNode_t * parent = ipn; /* parent of the new node */ - - assert((lastipn->ipn_type == IPN_LEAF) || - (ipn == lastipn->ipn_parent)); - - /* Allocate space for the internal node */ - ipn = (IPNode_t *)MALLOC(sizeof(IPNode_t)); - if (ipn == NULL) goto err_nomem; - - ipn->ipn_type = IPN_NODE; - ipn->ipn_bit = lastbit; - ipn->ipn_parent = parent; - ipn->ipn_clear = NULL; - ipn->ipn_set = NULL; - ipn->ipn_masked = NULL; - - bitmask = (IPAddr_t) (1 << lastbit); - - /* - * The values in the leaf we found above determine which - * descendant link of the new internal node will reference - * the subtree that we just ascended. - */ - if (leaf->ipl_netmask & bitmask) { - if (leaf->ipl_ipaddr & bitmask) { - ipn->ipn_set = lastipn; - } - else { - ipn->ipn_clear = lastipn; - } - } - else { - ipn->ipn_masked = lastipn; - } - - /* Allocate space for the new leaf */ - leaf = (IPLeaf_t *)MALLOC(sizeof(IPLeaf_t)); - if (leaf == NULL) { - FREE((void *)ipn); - goto err_nomem; - } - - /* Insert internal node in tree */ - - /* First the downward link from the parent to the new node */ - for (i = 0; i < IPN_NLINKS; ++i) { - if (parent->ipn_links[i] == lastipn) { - parent->ipn_links[i] = ipn; - break; - } - } - - /* Then the upward link from the child (if it's not a leaf) */ - if (lastipn->ipn_type == IPN_NODE) { - lastipn->ipn_parent = ipn; - } - } - else { - /* Allocate space for a leaf node only */ - leaf = (IPLeaf_t *)MALLOC(sizeof(IPLeaf_t)); - if (leaf == NULL) goto err_nomem; - } - - /* Initialize the new leaf */ - leaf->ipl_type = IPN_LEAF; - leaf->ipl_ipaddr = ipaddr; - leaf->ipl_netmask = netmask; - - /* - * Select the appropriate descendant link of the internal node - * and point it at the new leaf. - */ - bitmask = (IPAddr_t) (1 << ipn->ipn_bit); - if (bitmask & netmask) { - if (bitmask & ipaddr) { - assert(ipn->ipn_set == NULL); - ipn->ipn_set = (IPNode_t *)leaf; - } - else { - assert(ipn->ipn_clear == NULL); - ipn->ipn_clear = (IPNode_t *)leaf; - } - } - else { - assert(ipn->ipn_masked == NULL); - ipn->ipn_masked = (IPNode_t *)leaf; - } - - *hspp = hsp; - - /* Successful completion */ - return 0; - - err_nomem: - return ACLERRNOMEM; -} - -/* - * Description (aclAuthNameAdd) - * - * This function adds a user or group to a given user list, - * in the context of a specified ACL that is being created. The - * name of the user or group is provided by the caller, and is - * looked up in the authentication database associated with the - * specified user list. The return value indicates whether the name - * matched a user or group name, and whether the corresponding user - * or group id was already present in the given user list. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * usp - pointer to user list specification - * rlm - pointer to current authentication realm - * name - pointer to user or group name string - * - * Returns: - * - * The return value is zero if the name is not found in the - * authentication database. If the name is found, the return value - * is a positive value containing bit flags: - * - * AIF_GROUP - name matches a group name - * AIF_USER - name matches a user name - * AIF_DUP - name was already represented in the - * specified user list - * - * An error is indicated by a negative return code (ACLERRxxxx - * - see aclerror.h), and an error frame will be generated if - * an error list is provided. - */ - -int aclAuthNameAdd(NSErr_t * errp, UserSpec_t * usp, - Realm_t * rlm, char * name) -{ - void * guoptr; /* group or user object pointer */ - int irv; /* insert result value */ - int eid; /* error id */ - int rv; /* result value */ - - /* There must be a realm specified in order to handle users */ - if (rlm == 0) goto err_norealm; - - /* Open the authentication database if it's not already */ - if (rlm->rlm_authdb == 0) { - - if (rlm->rlm_aif == 0) { - rlm->rlm_aif = &NSADB_AuthIF; - } - - rv = (*rlm->rlm_aif->aif_open)(errp, - rlm->rlm_dbname, 0, &rlm->rlm_authdb); - if (rv < 0) goto err_open; - } - - /* Look up the name in the authentication DB */ - rv = (*rlm->rlm_aif->aif_findname)(errp, rlm->rlm_authdb, name, - (AIF_USER|AIF_GROUP), (void **)&guoptr); - if (rv <= 0) { - if (rv < 0) goto err_adb; - - /* The name was not found in the database */ - return 0; - } - - /* The name was found. Was it a user name? */ - if (rv == AIF_USER) { - - /* Yes, add the user id to the user list */ - irv = usiInsert(&usp->us_user.uu_user, ((UserObj_t *)guoptr)->uo_uid); - rv = ANA_USER; - } - else { - - /* No, must be a group name. Add group id to an_groups list. */ - irv = usiInsert(&usp->us_user.uu_group, - ((GroupObj_t *)guoptr)->go_gid); - rv = ANA_GROUP; - } - - /* Examine the result of the insert operation */ - if (irv <= 0) { - if (irv < 0) goto err_ins; - - /* Id was already in the list */ - rv |= ANA_DUP; - } - - punt: - return rv; - - err_norealm: - eid = ACLERR3400; - rv = ACLERRNORLM; - nserrGenerate(errp, rv, eid, ACL_Program, 1, name); - goto punt; - - err_open: - eid = ACLERR3420; - rv = ACLERROPEN; - nserrGenerate(errp, rv, eid, ACL_Program, - 2, rlm->rlm_dbname, system_errmsg()); - goto punt; - - err_adb: - /* Error accessing authentication database. */ - eid = ACLERR3440; - rv = ACLERRADB; - nserrGenerate(errp, rv, eid, ACL_Program, 2, rlm->rlm_dbname, name); - goto punt; - - err_ins: - /* Error on insert operation. Must be lack of memory. */ - eid = ACLERR3460; - rv = ACLERRNOMEM; - nserrGenerate(errp, rv, eid, ACL_Program, 0); - goto punt; -} - -/* - * Description (aclClientsDirCreate) - * - * This function allocates and initializes a new ACClients_t - * ACL directive. - * - * Arguments: - * - * None. - * - * Returns: - * - * If successful, a pointer to the new ACClients_t is returned. - * A shortage of dynamic memory is indicated by a null return value. - */ - -ACClients_t * aclClientsDirCreate() -{ - ACClients_t * acd; /* pointer to new ACClients_t */ - - acd = (ACClients_t *)MALLOC(sizeof(ACClients_t)); - if (acd != 0) { - memset((void *)acd, 0, sizeof(ACClients_t)); - } - - return acd; -} - -/* - * Description (aclCreate) - * - * This function creates a new ACL root structure. The caller - * specifies the name to be associated with the ACL. The ACL handle - * returned by this function is passed to other functions in this - * module when adding information to the ACL. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * acc - pointer to an access control context - * aclname - pointer to ACL name string - * pacl - pointer to returned ACL handle - * - * Returns: - * - * The return value is zero if the ACL is created successfully. - * Otherwise it is a negative error code (ACLERRxxxx - see aclerror.h), - * and an error frame will be generated if an error list is provided. - */ - -int aclCreate(NSErr_t * errp, ACContext_t * acc, char * aclname, ACL_t **pacl) -{ - ACL_t * acl; /* pointer to created ACL */ - int rv; /* result value */ - int eid; /* error id */ - - *pacl = 0; - - /* Allocate the ACL_t structure */ - acl = (ACL_t *) MALLOC(sizeof(ACL_t)); - if (acl == 0) goto err_nomem; - - /* Initialize the structure */ - memset((void *)acl, 0, sizeof(ACL_t)); - acl->acl_sym.sym_name = STRDUP(aclname); - acl->acl_sym.sym_type = ACLSYMACL; - acl->acl_acc = acc; - acl->acl_refcnt = 1; - - /* Add it to the symbol table for the specified context */ - rv = symTableAddSym(acc->acc_stp, &acl->acl_sym, (void *)acl); - if (rv < 0) goto err_addsym; - - /* Add it to the list of ACLs for the specified context */ - acl->acl_next = acc->acc_acls; - acc->acc_acls = acl; - acc->acc_refcnt += 1; - - *pacl = acl; - return 0; - - err_nomem: - rv = ACLERRNOMEM; - eid = ACLERR3200; - nserrGenerate(errp, rv, eid, ACL_Program, 0); - goto done; - - err_addsym: - FREE(acl); - rv = ACLERRDUPSYM; - eid = ACLERR3220; - nserrGenerate(errp, rv, eid, ACL_Program, 1, aclname); - - done: - return rv; -} - -/* - * Description (aclDestroy) - * - * This function destroys an ACL structure and its sub-structures. - * It does not free the ACContext_t referenced by the ACL. - * - * Arguments: - * - * acl - pointer to ACL_t structure - */ - -void aclDestroy(ACL_t * acl) -{ - ACL_t **pacl; /* ACL list link pointer */ - ACDirective_t * acd; /* ACL directive pointer */ - ACDirective_t * nacd; /* next ACL directive pointer */ - - /* Is there an ACContext_t structure? */ - if (acl->acl_acc != 0) { - - /* Remove this ACL from the list in the ACContext_t structure */ - for (pacl = &acl->acl_acc->acc_acls; - *pacl != 0; pacl = &(*pacl)->acl_next) { - - if (*pacl == acl) { - *pacl = acl->acl_next; - acl->acl_acc->acc_refcnt -= 1; - break; - } - } - } - - /* Destroy each ACL directive */ - for (acd = acl->acl_dirf; acd != 0; acd = nacd) { - nacd = acd->acd_next; - aclDirectiveDestroy(acd); - } - - /* Free the ACL rights list if it is unnamed */ - if ((acl->acl_rights != 0) && (acl->acl_rights->rs_sym.sym_name == 0)) { - aclRightSpecDestroy(acl->acl_rights); - } - - /* Free the ACL name string, if any */ - if (acl->acl_sym.sym_name != 0) { - FREE(acl->acl_sym.sym_name); - } - - /* Free the ACL itself */ - FREE(acl); -} - -/* - * Description (aclDelete) - * - * This function removes a specified ACL from the symbol table - * associated with its ACL context, and then destroys the ACL - * structure and any unnamed objects it references (other than - * the ACL context). - * - * Arguments: - * - * acl - pointer to the ACL - */ - -void aclDelete(ACL_t * acl) -{ - ACContext_t * acc = acl->acl_acc; - - if ((acc != 0) && (acl->acl_sym.sym_name != 0)) { - symTableRemoveSym(acc->acc_stp, &acl->acl_sym); - } - - aclDestroy(acl); -} - -/* - * Description (aclDirectiveAdd) - * - * This function adds a given directive to a specified ACL. - * - * Arguments: - * - * acl - pointer to the ACL - * acd - pointer to the directive to be added - * - * Returns: - * - * If successful, the return value is zero. An error is indicated - * by a negative return value. - */ - -int aclDirectiveAdd(ACL_t * acl, ACDirective_t * acd) -{ - /* Add the directive to the end of the ACL's directive list */ - acd->acd_next = 0; - - if (acl->acl_dirl == 0) { - /* First entry in empty list */ - acl->acl_dirf = acd; - } - else { - /* Append to end of list */ - acl->acl_dirl->acd_next = acd; - } - - acl->acl_dirl = acd; - - return 0; -} - -/* - * Description (aclDirectiveCreate) - * - * This function allocates and initializes a new ACDirective_t - * structure, representing an ACL directive. - * - * Arguments: - * - * None. - * - * Returns: - * - * If successful, the return value is a pointer to a new ACDirective_t. - * Otherwise the return value is null. - */ - -ACDirective_t * aclDirectiveCreate() -{ - ACDirective_t * acd; - - acd = (ACDirective_t *) MALLOC(sizeof(ACDirective_t)); - if (acd != 0) { - memset((void *)acd, 0, sizeof(ACDirective_t)); - } - - return acd; -} - -/* - * Description (aclDirectiveDestroy) - * - * This function destroys an ACL directive structure. - * - * Arguments: - * - * acd - pointer to ACL directive structure - */ - -void aclDirectiveDestroy(ACDirective_t * acd) -{ - switch (acd->acd_action) { - case ACD_ALLOW: - case ACD_DENY: - { - ACClients_t * acp; - ACClients_t * nacp; - - /* Free a list of ACClients_t structures */ - for (acp = acd->acd_cl; acp != 0; acp = nacp) { - nacp = acp->cl_next; - - /* Free the HostSpec_t if it's there and unnamed */ - if ((acp->cl_host != 0) && - (acp->cl_host->hs_sym.sym_name == 0)) { - aclHostSpecDestroy(acp->cl_host); - } - - /* Free the UserSpec_t if it's there and unnamed */ - if ((acp->cl_user != 0) && - (acp->cl_user->us_sym.sym_name == 0)) { - aclUserSpecDestroy(acp->cl_user); - } - } - } - break; - - case ACD_AUTH: - { - RealmSpec_t * rsp = acd->acd_auth.au_realm; - - /* Destroy the RealmSpec_t if it's unnamed */ - if ((rsp != 0) && (rsp->rs_sym.sym_name == 0)) { - aclRealmSpecDestroy(rsp); - } - } - break; - } - - FREE(acd); -} - -/* - * Description (aclDNSSpecDestroy) - * - * This function destroys an entry in a DNS filter. It is intended - * mainly to be used by aclHostSpecDestroy(). - * - * Arguments: - * - * sym - pointer to Symbol_t for DNS filter entry - * argp - unused (must be zero) - * - * Returns: - * - * The return value is SYMENUMREMOVE. - */ - -int aclDNSSpecDestroy(Symbol_t * sym, void * argp) -{ - if (sym != 0) { - - /* Free the DNS specification string if any */ - if (sym->sym_name != 0) { - FREE(sym->sym_name); - } - - /* Free the Symbol_t structure */ - FREE(sym); - } - - /* Indicate that the symbol table entry should be removed */ - return SYMENUMREMOVE; -} - -/* - * Description (aclHostSpecDestroy) - * - * This function destroys a HostSpec_t structure and its sub-structures. - * - * Arguments: - * - * hsp - pointer to HostSpec_t structure - */ - -void aclHostSpecDestroy(HostSpec_t * hsp) -{ - if (hsp == 0) return; - - /* Free the IP filter if any */ - if (hsp->hs_host.inh_ipf.ipf_tree != 0) { - IPNode_t * ipn; /* current node pointer */ - IPNode_t * parent; /* parent node pointer */ - int i; - - /* Traverse tree, freeing nodes */ - for (parent = hsp->hs_host.inh_ipf.ipf_tree; parent != NULL; ) { - - /* Look for a link to a child node */ - for (i = 0; i < IPN_NLINKS; ++i) { - ipn = parent->ipn_links[i]; - if (ipn != NULL) break; - } - - /* Any children for the parent node? */ - if (ipn == NULL) { - - /* Otherwise back up the tree */ - ipn = parent; - parent = ipn->ipn_parent; - - /* Free the lower node */ - FREE(ipn); - continue; - } - - /* - * Found a child node for the current parent. - * NULL out the downward link and check it out. - */ - parent->ipn_links[i] = NULL; - - /* Is it a leaf? */ - if (ipn->ipn_type == IPN_LEAF) { - /* Yes, free it */ - FREE(ipn); - continue; - } - - /* No, step down the tree */ - parent = ipn; - } - } - - /* Free the DNS filter if any */ - if (hsp->hs_host.inh_dnf.dnf_hash != 0) { - - /* Destroy each entry in the symbol table */ - symTableEnumerate(hsp->hs_host.inh_dnf.dnf_hash, 0, - aclDNSSpecDestroy); - - /* Destroy the symbol table itself */ - symTableDestroy(hsp->hs_host.inh_dnf.dnf_hash, 0); - } - - /* Free the symbol name if any */ - if (hsp->hs_sym.sym_name != 0) { - FREE(hsp->hs_sym.sym_name); - } - - /* Free the HostSpec_t structure */ - FREE(hsp); -} - -/* - * Description (aclRealmSpecDestroy) - * - * This function destroys a RealmSpec_t structure. - * - * Arguments: - * - * rsp - pointer to RealmSpec_t structure - */ - -void aclRealmSpecDestroy(RealmSpec_t * rsp) -{ - /* Close the realm authentication database if it appears open */ - if ((rsp->rs_realm.rlm_aif != 0) && - (rsp->rs_realm.rlm_authdb != 0)) { - (*rsp->rs_realm.rlm_aif->aif_close)(rsp->rs_realm.rlm_authdb, 0); - } - - /* Free the prompt string if any */ - if (rsp->rs_realm.rlm_prompt != 0) { - FREE(rsp->rs_realm.rlm_prompt); - } - - /* Free the database filename string if any */ - if (rsp->rs_realm.rlm_dbname != 0) { - FREE(rsp->rs_realm.rlm_dbname); - } - - /* Free the realm specification name if any */ - if (rsp->rs_sym.sym_name != 0) { - FREE(rsp->rs_sym.sym_name); - } - - /* Free the RealmSpec_t structure */ - FREE(rsp); -} - -/* - * Description (aclRightDef) - * - * This function find or creates an access right with a specified - * name in a given ACL context. If a new access right definition - * is created, it assigns a unique integer identifier to the the - * right, adds it to the ACL context symbol table and to the - * list of all access rights for the context. Note that access - * right names are case-insensitive. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * acc - pointer to an access control context - * rname - access right name (e.g. "GET") - * prd - pointer to returned RightDef_t pointer - * (may be null) - * - * Returns: - * - * The return value is zero if the access right definition already - * existed or one if it was created successfully. Otherwise it is - * a negative error code (ACLERRxxxx - see aclerror.h), and an error - * frame will be generated if an error list is provided. - */ - -int aclRightDef(NSErr_t * errp, - ACContext_t * acc, char * rname, RightDef_t **prd) -{ - RightDef_t * rdp; /* pointer to right definition */ - int eid; /* error id code */ - int rv; /* result value */ - static int last_rid = 0; /* last assigned right id */ - - /* See if there's already a symbol table entry for it */ - rv = symTableFindSym(acc->acc_stp, rname, ACLSYMRIGHT, (void **)&rdp); - if (rv) { - - /* No, create an entry */ - - /* Allocate a right definition structure and initialize it */ - rdp = (RightDef_t *)MALLOC(sizeof(RightDef_t)); - if (rdp == 0) goto err_nomem; - - rdp->rd_sym.sym_name = STRDUP(rname); - rdp->rd_sym.sym_type = ACLSYMRIGHT; - rdp->rd_next = acc->acc_rights; - rdp->rd_id = ++last_rid; - - /* Add the right name to the symbol table for the ACL context */ - rv = symTableAddSym(acc->acc_stp, &rdp->rd_sym, (void *)rdp); - if (rv) goto err_stadd; - - /* Add the right definition to the list for the ACL context */ - acc->acc_rights = rdp; - - /* Indicate a new right definition was created */ - rv = 1; - } - - /* Return a pointer to the RightDef_t structure if indicated */ - if (prd != 0) *prd = rdp; - - return rv; - - err_nomem: - eid = ACLERR3600; - rv = ACLERRNOMEM; - nserrGenerate(errp, rv, eid, ACL_Program, 0); - goto punt; - - err_stadd: - FREE(rdp->rd_sym.sym_name); - FREE(rdp); - eid = ACLERR3620; - rv = ACLERRDUPSYM; - nserrGenerate(errp, rv, eid, ACL_Program, 1, rname); - - punt: - return rv; -} - -/* - * Description (aclRightSpecDestroy) - * - * This function destroys a RightSpec_t structure. - * - * Arguments: - * - * rsp - pointer to RightSpec_t structure - */ - -void aclRightSpecDestroy(RightSpec_t * rsp) -{ - if (rsp != 0) { - - UILFREE(&rsp->rs_list); - - if (rsp->rs_sym.sym_name != 0) { - FREE(rsp->rs_sym.sym_name); - } - - FREE(rsp); - } -} - -/* - * Description (aclUserSpecCreate) - * - * This function allocates and initializes a new UserSpec_t - * structure, representing a list of users and groups. - * - * Arguments: - * - * None. - * - * Returns: - * - * If successful, the return value is a pointer to a new UserSpec_t. - * Otherwise the return value is null. - */ - -UserSpec_t * aclUserSpecCreate() -{ - UserSpec_t * usp; - - usp = (UserSpec_t *) MALLOC(sizeof(UserSpec_t)); - if (usp != 0) { - memset((void *)usp, 0, sizeof(UserSpec_t)); - usp->us_sym.sym_type = ACLSYMUSER; - } - - return usp; -} - -/* - * Description (aclUserSpecDestroy) - * - * This function destroys a UserSpec_t structure. - * - * Arguments: - * - * usp - pointer to UserSpec_t structure - */ - -void aclUserSpecDestroy(UserSpec_t * usp) -{ - if (usp != 0) { - - UILFREE(&usp->us_user.uu_user); - UILFREE(&usp->us_user.uu_group); - - if (usp->us_sym.sym_name != 0) { - FREE(usp->us_sym.sym_name); - } - - FREE(usp); - } -} diff --git a/lib/libaccess/aclparse.cpp b/lib/libaccess/aclparse.cpp deleted file mode 100644 index 1ca1eae2..00000000 --- a/lib/libaccess/aclparse.cpp +++ /dev/null @@ -1,2241 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * Description (aclparse.c) - * - * This module provides functions for parsing a file containing - * Access Control List (ACL) definitions. It builds a representation - * of the ACLs in memory, using the services of the aclbuild module. - */ - -#include <base/systems.h> -#include <base/file.h> -#include <base/util.h> -#include <netsite.h> -#include <libaccess/nsadb.h> -#include <libaccess/aclerror.h> -#include <libaccess/aclparse.h> -#include <libaccess/symbols.h> - -#ifdef XP_UNIX -#include <sys/types.h> -#include <netinet/in.h> /* ntohl */ -#include <arpa/inet.h> -#endif - -void * aclChTab = 0; /* character class table handle */ - -static char * classv[] = { - " \t\r\f\013", /* class 0 - whitespace */ - "\n", /* class 1 - newline */ - ",.;@*()+{}\"\'", /* class 2 - special characters */ - "0123456789", /* class 3 - digits */ - /* class 4 - letters */ - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz", - "-", /* class 5 - hyphen */ - "_", /* class 6 - underscore */ - "/-_.:" /* class 7 - filename special characters */ -}; - -static int classc = sizeof(classv)/sizeof(char *); - -/* - * Description (aclAuthListParse) - * - * This function parses an auth-list. An auth-list specifies - * combinations of user/group names and host addresses/names. - * An auth-list entry can identify a collection of users and/or - * groups, a collection of hosts by IP addresses or DNS names, - * or a combination of the two. Each auth-spec adds another - * ACClients_t structure to the specified list. - * - * The syntax for an auth-list is: - * - * auth-list ::= auth-spec | auth-list "," auth-spec - * auth-spec ::= auth-users [at-token auth-hosts] - * auth-users - see aclAuthUsersParse() - * auth-hosts - see aclAuthHostsParse() - * at-token ::= "at" | "@" - * - * The caller provides a pointer to a ClientSpec_t structure, - * which is built up with new information as auth-specs are parsed. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * acf - pointer to ACLFile_t for ACL file - * acc - pointer to ACL context object - * rlm - pointer to authentication realm object - * clsp - pointer to returned ACClients_t list head - * - * Returns: - * - * If successful, the return value is the token type of the token - * following the auth-list, i.e. the first token which is not - * recognized as the start of an auth-spec. It is the caller's - * responsibility to validate this token as a legitimate terminator - * of an auth-list. If a parsing error occurs in the middle of - * an auth-spec, the return value is ACLERRPARSE, and an error frame - * is generated if an error list is provided. For other kinds of - * errors a negative error code (from aclerror.h) is returned. - */ - -int aclAuthListParse(NSErr_t * errp, ACLFile_t * acf, - ACContext_t * acc, Realm_t * rlm, ACClients_t **clsp) -{ - void * token = acf->acf_token; /* token handle */ - ACClients_t * csp; /* client spec pointer */ - UserSpec_t * usp; /* user spec pointer */ - HostSpec_t * hsp; /* host spec pointer */ - int rv; /* result value */ - int eid; /* error id */ - - /* Loop once for each auth-spec */ - for (rv = acf->acf_ttype; ; rv = aclGetToken(errp, acf, 0)) { - - usp = 0; - hsp = 0; - - /* Parse auth-users into user and group lists in the ACClients_t */ - rv = aclAuthUsersParse(errp, acf, rlm, &usp, 0); - if (rv < 0) break; - - /* Is the at-token there? */ - if ((rv == TOKEN_AT) || !strcasecmp(lex_token(token), KEYWORD_AT)) { - - /* Step to the next token after the at-token */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) break; - - /* Parse auth-hosts part, adding information to the HostSpec_t */ - rv = aclAuthHostsParse(errp, acf, acc, &hsp); - if (rv < 0) break; - } - - /* Create a new ACClients_t structure for the parsed information */ - csp = (ACClients_t *)MALLOC(sizeof(ACClients_t)); - if (csp == 0) goto err_nomem; - - csp->cl_next = 0; - csp->cl_user = usp; - csp->cl_host = hsp; - - /* Add it to the end of the list referenced by clsp */ - while (*clsp != 0) clsp = &(*clsp)->cl_next; - *clsp = csp; - - /* Need a "," to keep going */ - if (rv != TOKEN_COMMA) break; - } - - return rv; - - err_nomem: - eid = ACLERR1000; - nserrGenerate(errp, ACLERRNOMEM, eid, ACL_Program, 0); - return ACLERRNOMEM; -} - -/* - * Description (aclAuthHostsParse) - * - * This function parses a list of IP address and/or DNS name - * specifications, adding information to the IP and DNS filters - * associated with a specified HostSpec_t. The syntax of the - * auth-hosts construct is: - * - * auth-hosts ::= auth-host-elem | "(" auth-host-list ")" - * | "hosts" host-list-name - * auth-host-elem ::= auth-ip-spec | auth-dns-spec - * auth-ip-spec ::= ipaddr | ipaddr netmask - * auth-dns-spec ::= fqdn | dns-suffix - * auth-host-list ::= auth-host-elem | auth-host-list "," auth-host-elem - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * acf - pointer to ACLFile_t for ACL file - * acc - pointer to ACL context object - * hspp - pointer to HostSpec_t pointer - * - * Returns: - * - * If successful, the return value is the token type of the token - * following the auth-hosts, i.e. either the first token after a - * single auth-host-elem or the first token after the closing ")" - * of a list of auth-host-elems. It is the caller's responsibility - * to validate this token as a legitimate successor of auth-hosts. - * If a parsing error occurs in the middle of auth-hosts, the return - * value is ACLERRPARSE, and an error frame is generated if an error - * list is provided. For other kinds of errors a negative error - * code (from aclerror.h) is returned. - */ - -int aclAuthHostsParse(NSErr_t * errp, - ACLFile_t * acf, ACContext_t * acc, HostSpec_t **hspp) -{ - void * token = acf->acf_token; /* token handle */ - char * tokenstr; /* token string pointer */ - int islist = 0; /* true if auth-host-list */ - int fqdn; /* fully qualified domain name */ - IPAddr_t ipaddr; /* IP address value */ - IPAddr_t netmask; /* IP netmask value */ - int arv; /* alternate result value */ - int rv; /* result value */ - int eid; /* error id */ - char linestr[16]; /* line number string buffer */ - - rv = acf->acf_ttype; - - /* Are we starting an auth-host-list? */ - if (rv == TOKEN_LPAREN) { - - /* Yes, it appears so */ - islist = 1; - - /* Step token to first auth-host-elem */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) goto punt; - } - else if (rv == TOKEN_IDENT) { - - /* Could this be "hosts host-list-name"? */ - tokenstr = lex_token(token); - - if (!strcasecmp(tokenstr, KEYWORD_HOSTS)) { - - /* We don't support lists of host lists yet */ - if (*hspp != 0) goto err_unshl; - - /* Get host-list-name */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) goto punt; - - if (rv != TOKEN_IDENT) goto err_hlname; - - tokenstr = lex_token(token); - - /* Look up the host-list-name in the ACL symbol table */ - rv = symTableFindSym(acc->acc_stp, - tokenstr, ACLSYMHOST, (void **)hspp); - if (rv < 0) goto err_undefhl; - - /* Step to token after the host-list-name */ - rv = aclGetToken(errp, acf, 0); - - return rv; - } - } - - /* Loop for each auth-host-elem */ - for (rv = acf->acf_ttype; ; rv = aclGetToken(errp, acf, 0)) { - - /* Does this look like an auth-ip-spec? */ - if (rv == TOKEN_NUMBER) { - - /* Yes, go parse it */ - rv = aclGetIPAddr(errp, acf, &ipaddr, &netmask); - if (rv < 0) goto punt; - - arv = aclAuthIPAdd(hspp, ipaddr, netmask); - if (arv < 0) goto err_ipadd; - } - else if ((rv == TOKEN_STAR) || (rv == TOKEN_IDENT)) { - - /* Get fully qualified DNS name indicator value */ - fqdn = (rv == TOKEN_IDENT) ? 1 : 0; - - /* This looks like the start of an auth-dns-spec */ - rv = aclGetDNSString(errp, acf); - if (rv < 0) goto punt; - - tokenstr = lex_token(token); - - /* If the DNS spec begins with "*.", strip the "*" */ - if (tokenstr && (tokenstr[0] == '*') && (tokenstr[1] == '.')) { - tokenstr += 1; - } - - arv = aclAuthDNSAdd(hspp, tokenstr, fqdn); - if (arv < 0) goto err_dnsadd; - - /* Pick up the next token */ - rv = aclGetToken(errp, acf, 0); - } - else break; - - /* If this is a list, we need a "," to keep going */ - if (!islist || (rv != TOKEN_COMMA)) break; - } - - /* Were we parsing an auth-host-list? */ - if (islist) { - - /* Yes, check for closing ")" */ - if (acf->acf_ttype != TOKEN_RPAREN) goto err_norp; - - /* Got it. Step to next token for caller. */ - rv = aclGetToken(errp, acf, 0); - } - - punt: - return rv; - - err_unshl: - eid = ACLERR1100; - goto err_parse; - - err_hlname: - eid = ACLERR1120; - goto err_parse; - - err_undefhl: - eid = ACLERR1140; - rv = ACLERRUNDEF; - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, - 3, acf->acf_filename, linestr, tokenstr); - goto punt; - - err_ipadd: - eid = ACLERR1180; - rv = arv; - goto err_ret; - - err_dnsadd: - eid = ACLERR1200; - rv = arv; - goto err_ret; - - err_ret: - nserrGenerate(errp, rv, eid, ACL_Program, 0); - goto punt; - - err_norp: - eid = ACLERR1220; - err_parse: - rv = ACLERRPARSE; - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr); - goto punt; -} - -/* - * Description (aclAuthUsersParse) - * - * This function parses a list of users and groups subject to - * authorization, adding the information to a specified UserSpec_t. - * The syntax it parses is: - * - * auth-users ::= auth-user-elem | "(" auth-user-list ")" - * auth-user-elem ::= username | groupname - * | "all" | "anyone" - * auth-user-list ::= auth-user-elem | auth-user-list "," auth-user-elem - * - * If the 'elist' argument is non-null, an auth-user-list will be - * accepted without the enclosing parentheses. Any invalid user - * or group names will not cause a fatal error, but will be returned - * in an array of strings via 'elist'. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * acf - pointer to ACLFile_t for ACL file - * rlm - pointer to authentication realm object - * uspp - pointer to UserSpec_t pointer - * elist - pointer to returned pointer to array - * of strings containing invalid user or - * group names (may be null) - * - * Returns: - * - * If successful, the return value is the token type of the token - * following the auth-users, i.e. either the first token after a - * single auth-user-elem or the first token after the closing ")" - * of a list of auth-user-elems. It is the caller's responsibility - * to validate this token as a legitimate successor of auth-users. - * If a parsing error occurs in the middle of auth-users, the return - * value is ACLERRPARSE, and an error frame is generated if an error - * list is provided. For other kinds of errors a negative error - * code (from aclerror.h) is returned. - */ - -int aclAuthUsersParse(NSErr_t * errp, ACLFile_t * acf, - Realm_t * rlm, UserSpec_t **uspp, char ***elist) -{ - void * token = acf->acf_token; /* token handle */ - char * tokenstr; /* token string pointer */ - UserSpec_t * usp; /* user list head structure */ - int islist = 0; /* true if auth-user-list */ - int inlist = 0; /* true if UserSpec_t was supplied */ - int any = 0; /* true if KEYWORD_ANY seen */ - int all = 0; /* true if KEYWORD_ALL seen */ - int elemcnt = 0; /* count of auth-user-elem seen */ - int elen = 0; /* length of evec in (char *) */ - int ecnt = 0; /* entries used in evec */ - char **evec = 0; /* list of bad user/group names */ - int rv; /* result value */ - int eid; /* error id */ - char linestr[16]; /* line number string buffer */ - int errc = 2; - - usp = *uspp; - if ((usp != 0) && (usp->us_flags & ACL_USALL)) all = 1; - - if (elist != 0) inlist = 1; - else { - - /* Check for opening "(" */ - if (acf->acf_ttype == TOKEN_LPAREN) { - - /* Looks like an auth-user-list */ - islist = 1; - - /* Step token to first auth-user-elem */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) goto punt; - } - } - - /* Loop for each auth-user-elem */ - for (rv = acf->acf_ttype; ; rv = aclGetToken(errp, acf, 0)) { - - /* Looking for a user or group identifier */ - if ((rv == TOKEN_IDENT) || (rv == TOKEN_STRING)) { - - /* - * If KEYWORD_ALL or KEYWORD_ANY has already appeared - * in this auth-spec, then return an error. - */ - if (all | any) goto err_allany; - - /* Check for reserved words */ - tokenstr = lex_token(token); - - /* KEYWORD_AT begins auth-hosts, but is invalid here */ - if (!strcasecmp(tokenstr, KEYWORD_AT)) break; - - /* Check for special group names */ - if (!strcasecmp(tokenstr, KEYWORD_ANY)) { - - /* - * Any user, with no authentication needed. This can - * only appear once in an auth-spec, and cannot be used - * in combination with KEYWORD_ALL (or any other user or - * group identifiers, but that will get checked before - * we return). - */ - - if ((elemcnt > 0) || (usp != 0)) goto err_any; - any = 1; - } - else if (!strcasecmp(tokenstr, KEYWORD_ALL)) { - - /* - * Any authenticated user. This can only appear once in - * an auth-spec, and cannot be used in combination with - * KEYWORD_ANY (or any other user or group identifiers, - * but that will get checked before we return). - */ - - if (elemcnt > 0) goto err_all; - - /* Create a UserSpec_t structure if we haven't got one yet */ - if (usp == 0) { - usp = aclUserSpecCreate(); - if (usp == 0) goto err_nomem1; - *uspp = usp; - } - - usp->us_flags |= ACL_USALL; - all = 1; - } - else { - - /* Create a UserSpec_t structure if we haven't got one yet */ - if (usp == 0) { - usp = aclUserSpecCreate(); - if (usp == 0) goto err_nomem2; - *uspp = usp; - } - - /* This should be a user or group name */ - rv = aclAuthNameAdd(errp, usp, rlm, tokenstr); - if (rv <= 0) { - - /* The name was not found in the authentication DB */ - if (elist != 0) { - if (evec == 0) { - evec = (char **)MALLOC(4*sizeof(char *)); - evec[0] = 0; - ecnt = 1; - elen = 4; - } - else if (ecnt >= elen) { - elen += 4; - evec = (char **)REALLOC(evec, elen*sizeof(char *)); - } - evec[ecnt-1] = STRDUP(tokenstr); - evec[ecnt] = 0; - ++ecnt; - - } - else if (rv < 0) goto err_badgun; - } - - /* Don't allow duplicate names */ - if (rv & ANA_DUP) { - if (elist == 0) goto err_dupgun; - } - } - - /* Count number of auth-user-elems seen */ - elemcnt += 1; - - /* Get the token after the auth-user-elem */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) goto punt; - } - - /* If this is a list, we need a "," to keep going */ - if (!(islist | inlist) || (rv != TOKEN_COMMA)) break; - } - - /* Were we parsing an auth-user-list? */ - if (islist) { - - /* Yes, check for closing ")" */ - if (acf->acf_ttype != TOKEN_RPAREN) goto err_norp; - - /* Got it. Step to next token for caller. */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) goto punt; - } - - /* - * If we didn't see any auth-user-elems, then the auth-user we were - * called to parse is missing. We will forgive and forget if the - * current token is a comma, however, so as to allow empty auth-specs. - */ - if ((elemcnt <= 0) && (rv != TOKEN_COMMA)) { - goto err_noelem; - } - - punt: - /* Return list of bad names if indicated */ - if (elist != 0) *elist = evec; - - return rv; - - err_badgun: - /* Encountered an unknown user or group name */ - eid = ACLERR1360; - rv = ACLERRUNDEF; - goto err_retgun; - - err_dupgun: - /* A user or group name was specified multiple times */ - eid = ACLERR1380; - rv = ACLERRDUPSYM; - goto err_retgun; - - err_retgun: - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, - 3, acf->acf_filename, linestr, tokenstr); - goto punt; - - err_norp: - /* Missing ")" */ - eid = ACLERR1400; - goto err_parse; - - err_noelem: - eid = ACLERR1420; - goto err_parse; - - err_all: - eid = ACLERR1440; - goto err_parse; - - err_any: - eid = ACLERR1460; - goto err_parse; - - err_allany: - eid = ACLERR1480; - goto err_parse; - - err_nomem1: - eid = ACLERR1500; - rv = ACLERRNOMEM; - errc = 0; - goto err_ret; - - err_nomem2: - eid = ACLERR1520; - rv = ACLERRNOMEM; - errc = 0; - goto err_ret; - - err_parse: - rv = ACLERRPARSE; - err_ret: - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, errc, acf->acf_filename, linestr); - goto punt; -} - -/* - * Description (aclDirectivesParse) - * - * This function parses the directives inside an ACL definition. - * The syntax for a directive list is: - * - * dir-list ::= directive | dir-list ";" directive - * directive ::= auth-directive | access-directive | exec-directive - * auth-directive ::= dir-force "authenticate" ["in" realm-spec] - * access-directive ::= dir-force dir-access auth-list - * exec-directive ::= dir-force "execute" ["if" exec-optlist] - * exec-optlist ::= exec-condition | exec-optlist "," exec-condition - * exec-condition ::= dir-access | "authenticate" - * dir-force ::= "Always" | "Default" - * dir-access ::= "allow" | "deny" - * - * See aclAuthListParse() for auth-list syntax. - * See aclRealmSpecParse() for realm-spec syntax. - * - * The caller provides a pointer to an ACL structure, which is - * built up with new information as directives are parsed. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * acf - pointer to ACLFile_t for ACL file - * acl - pointer to ACL structure - * - * Returns: - * - * If successful, the return value is the token type of the token - * following the directive list, i.e. the first token which is not - * recognized as the start of a directive. It is the caller's - * responsibility to validate this token as a legitimate terminator - * of a directive list. If a parsing error occurs in the middle of - * a directive, the return value is ACLERRPARSE, and an error frame - * is generated if an error list is provided. For other kinds of - * errors a negative error code (from aclerror.h) is returned. - */ - -int aclDirectivesParse(NSErr_t * errp, ACLFile_t * acf, ACL_t * acl) -{ - void * token = acf->acf_token; /* token handle */ - char * tokenstr; /* token string */ - Realm_t * rlm = 0; /* current realm pointer */ - ACDirective_t * acd; /* directive pointer */ - int action; /* directive action code */ - int flags; /* directive action flags */ - int arv; /* alternate return value */ - int rv; /* result value */ - int eid; /* error id */ - char linestr[16]; /* line number string buffer */ - - /* Look for top-level directives */ - for (rv = acf->acf_ttype; ; rv = aclGetToken(errp, acf, 0)) { - - action = 0; - flags = 0; - - /* Check for beginning of directive */ - if (rv == TOKEN_IDENT) { - - /* Check identifier for directive dir-force keywords */ - tokenstr = lex_token(token); - - if (!strcasecmp(tokenstr, KEYWORD_DEFAULT)) { - flags = ACD_DEFAULT; - } - else if (!strcasecmp(tokenstr, "always")) { - flags = ACD_ALWAYS; - } - else break; - - /* - * Now we're looking for dir-access, "authenticate", - * or "execute". - */ - rv = aclGetToken(errp, acf, 0); - - /* An identifier would be nice ... */ - if (rv != TOKEN_IDENT) goto err_access; - - tokenstr = lex_token(token); - - if (!strcasecmp(tokenstr, KEYWORD_AUTH)) { - - /* process auth-directive */ - action = ACD_AUTH; - - /* Create a new directive object */ - acd = aclDirectiveCreate(); - if (acd == 0) goto err_nomem1; - - /* Get the next token after KEYWORD_AUTH */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) break; - - /* Could we have "in" realm-spec here? */ - if (rv == TOKEN_IDENT) { - - tokenstr = lex_token(token); - - if (!strcasecmp(tokenstr, KEYWORD_IN)) { - - /* Get the next token after KEYWORD_IN */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) break; - - /* Parse the realm-spec */ - rv = aclRealmSpecParse(errp, acf, acl->acl_acc, - &acd->acd_auth.au_realm); - if (rv < 0) break; - - /* Set current realm */ - if (acd->acd_auth.au_realm != 0) { - - /* Close database in current realm if any */ - if (rlm && rlm->rlm_authdb) { - (*rlm->rlm_aif->aif_close)(rlm->rlm_authdb, 0); - rlm->rlm_authdb = 0; - } - - rlm = &acd->acd_auth.au_realm->rs_realm; - } - } - } - - /* Add this directive to the ACL */ - acd->acd_action = action; - acd->acd_flags = flags; - - arv = aclDirectiveAdd(acl, acd); - if (arv < 0) goto err_diradd1; - } - else if (!strcasecmp(tokenstr, KEYWORD_EXECUTE)) { - - /* process exec-directive */ - action = ACD_EXEC; - - /* Create a new directive object */ - acd = aclDirectiveCreate(); - if (acd == 0) goto err_nomem3; - - /* Get the next token after KEYWORD_EXECUTE */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) break; - - /* Could we have "if" exec-optlist here? */ - if (rv == TOKEN_IDENT) { - - tokenstr = lex_token(token); - - if (!strcasecmp(tokenstr, KEYWORD_IF)) { - - for (;;) { - - /* Get the next token after KEYWORD_IF or "," */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) break; - - /* - * Looking for "allow", "deny", or "authenticate" - */ - if (rv == TOKEN_IDENT) { - - tokenstr = lex_token(token); - - if (!strcasecmp(tokenstr, KEYWORD_ALLOW)) { - flags |= ACD_EXALLOW; - } - else if (!strcasecmp(tokenstr, KEYWORD_DENY)) { - flags |= ACD_EXDENY; - } - else if (!strcasecmp(tokenstr, KEYWORD_AUTH)) { - flags |= ACD_EXAUTH; - } - else goto err_exarg; - } - - /* End of directive if no comma */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) break; - - if (rv != TOKEN_COMMA) break; - } - } - } - else flags = (ACD_EXALLOW|ACD_EXDENY|ACD_EXAUTH); - - if (rv < 0) break; - - /* Add this directive to the ACL */ - acd->acd_action = action; - acd->acd_flags = flags; - - arv = aclDirectiveAdd(acl, acd); - if (arv < 0) goto err_diradd3; - } - else { - - /* process access-directive */ - - if (!strcasecmp(tokenstr, KEYWORD_ALLOW)) { - action = ACD_ALLOW; - } - else if (!strcasecmp(tokenstr, KEYWORD_DENY)) { - action = ACD_DENY; - } - else goto err_acctype; - - /* Get the next token after dir-access */ - rv = aclGetToken(errp, acf, 0); - - /* Create a new directive object */ - acd = aclDirectiveCreate(); - if (acd == 0) goto err_nomem2; - - /* Parse a list of auth-specs */ - rv = aclAuthListParse(errp, acf, acl->acl_acc, rlm, - &acd->acd_cl); - if (rv < 0) break; - - /* Add this directive to the ACL */ - acd->acd_action = action; - acd->acd_flags = flags; - - arv = aclDirectiveAdd(acl, acd); - if (arv < 0) goto err_diradd2; - } - } - - /* Need a ";" to keep going */ - if (rv != TOKEN_EOS) break; - } - - punt: - /* Close database in current realm if any */ - if (rlm && rlm->rlm_authdb) { - (*rlm->rlm_aif->aif_close)(rlm->rlm_authdb, 0); - rlm->rlm_authdb = 0; - } - - return rv; - - err_access: - /* dir-access not present */ - eid = ACLERR1600; - rv = ACLERRPARSE; - goto err_ret; - - err_acctype: - /* dir-access identifier is invalid */ - eid = ACLERR1620; - rv = ACLERRPARSE; - goto err_ret; - - err_diradd1: - eid = ACLERR1640; - rv = arv; - tokenstr = 0; - goto err_ret; - - err_diradd2: - eid = ACLERR1650; - rv = arv; - tokenstr = 0; - goto err_ret; - - err_nomem1: - eid = ACLERR1660; - rv = ACLERRNOMEM; - tokenstr = 0; - goto err_ret; - - err_nomem2: - eid = ACLERR1680; - rv = ACLERRNOMEM; - tokenstr = 0; - goto err_ret; - - err_nomem3: - eid = ACLERR1685; - rv = ACLERRNOMEM; - tokenstr = 0; - goto err_ret; - - err_diradd3: - eid = ACLERR1690; - rv = arv; - tokenstr = 0; - goto err_ret; - - err_exarg: - eid = ACLERR1695; - rv = ACLERRSYNTAX; - goto err_ret; - - err_ret: - sprintf(linestr, "%d", acf->acf_lineno); - if (tokenstr) { - nserrGenerate(errp, rv, eid, ACL_Program, - 3, acf->acf_filename, linestr, tokenstr); - } - else { - nserrGenerate(errp, rv, eid, ACL_Program, - 2, acf->acf_filename, linestr); - } - goto punt; -} - -/* - * Description (aclACLParse) - * - * This function parses a data stream containing ACL definitions, - * and builds a representation of the ACLs in memory. Each ACL - * has a user-specified name, and a pointer to the ACL structure - * is stored under the name in a symbol table provided by the caller. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * acf - pointer to ACLFile_t for ACL file - * acc - pointer to ACContext_t structure - * flags - bit flags (unused - must be zero) - * - * Returns: - * - * The return value is zero if the stream is parsed successfully. - * Otherwise it is a negative error code (ACLERRxxxx - see aclerror.h), - * and an error frame will be generated if an error list is provided. - */ - -int aclACLParse(NSErr_t * errp, ACLFile_t * acf, ACContext_t * acc, int flags) -{ - void * token = acf->acf_token; /* handle for current token */ - char * tokenstr; /* current token string */ - char * aclname; /* ACL name string */ - ACL_t * aclp; /* pointer to ACL structure */ - int rv; /* result value */ - int eid; /* error id value */ - char linestr[16]; /* line number string buffer */ - - /* Look for top-level statements */ - for (;;) { - - /* Get a token to begin a statement */ - rv = aclGetToken(errp, acf, 0); - - /* An identifier would be nice ... */ - if (rv != TOKEN_IDENT) { - - /* Empty statements are ok, if pointless */ - if (rv == TOKEN_EOS) continue; - - /* EOF is valid here */ - if (rv == TOKEN_EOF) break; - - /* Anything else is unacceptable */ - goto err_nostmt; - } - - /* Check identifier for statement keywords */ - tokenstr = lex_token(token); - - if (!strcasecmp(tokenstr, KEYWORD_ACL)) { - - /* ACL name rights-list { acl-def-list }; */ - - /* Get the name of the ACL */ - rv = aclGetToken(errp, acf, 0); - if (rv != TOKEN_IDENT) goto err_aclname; - aclname = lex_token(token); - - /* Create the ACL structure */ - rv = aclCreate(errp, acc, aclname, &aclp); - if (rv < 0) goto punt; - - /* Get the next token after the ACL name */ - rv = aclGetToken(errp, acf, 0); - - /* Parse the rights specification */ - rv = aclRightsParse(errp, acf, acc, &aclp->acl_rights); - - /* Want a "{" to open the ACL directive list */ - if (rv != TOKEN_LBRACE) { - if (rv < 0) goto punt; - goto err_aclopen; - } - - /* Get the first token in the ACL directive list */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) goto punt; - - /* Parse the ACL directive list */ - rv = aclDirectivesParse(errp, acf, aclp); - - /* Want a "}" to close the ACL directive list */ - if (rv != TOKEN_RBRACE) { - if (rv < 0) goto punt; - goto err_aclclose; - } - } - else if (!strcasecmp(tokenstr, KEYWORD_INCLUDE)) { - /* Include "filename"; */ - } - else if (!strcasecmp(tokenstr, KEYWORD_REALM)) { - /* Realm name realm-spec */ - } - else if (!strcasecmp(tokenstr, KEYWORD_RIGHTS)) { - /* Rights name rights-def; */ - } - else if (!strcasecmp(tokenstr, KEYWORD_HOSTS)) { - /* Hosts name auth-hosts; */ - } - else goto err_syntax; - } - - return 0; - - err_nostmt: - eid = ACLERR1700; - rv = ACLERRPARSE; - goto err_ret; - - err_aclname: - eid = ACLERR1720; - rv = ACLERRPARSE; - goto err_ret; - - err_aclopen: - eid = ACLERR1740; - rv = ACLERRPARSE; - goto err_ret; - - err_aclclose: - eid = ACLERR1760; - rv = ACLERRPARSE; - goto err_ret; - - err_ret: - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr); - goto punt; - - err_syntax: - eid = ACLERR1780; - rv = ACLERRPARSE; - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, - 3, acf->acf_filename, linestr, tokenstr); - - punt: - return rv; -} - -/* - * Description (aclFileClose) - * - * This function closes an ACL file previously opened by aclFileOpen(), - * and frees any associated data structures. - * - * Arguments: - * - * acf - pointer to ACL file information - * flags - bit flags (unused - must be zero) - */ - -void aclFileClose(ACLFile_t * acf, int flags) -{ - if (acf != 0) { - - /* Destroy the associated lexer stream if any */ - if (acf->acf_lst != 0) { - lex_stream_destroy(acf->acf_lst); - } - - /* Close the file if it's open */ - if (acf->acf_fd != SYS_ERROR_FD) { - system_fclose(acf->acf_fd); - } - - /* Destroy any associated token */ - if (acf->acf_token != 0) { - lex_token_destroy(acf->acf_token); - } - - /* Free the filename string if any */ - if (acf->acf_filename != 0) { - FREE(acf->acf_filename); - } - - /* Free the ACLFile_t structure */ - FREE(acf); - } -} - -/* - * Description (aclFileOpen) - * - * This function opens a specified filename and creates a structure - * to contain information about the file during parsing. This - * includes a handle for a LEX data stream for the file. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * filename - name of file to be opened - * flags - bit flags (unused - must be zero) - * pacf - pointer to returned ACLFile_t pointer - * - * Returns: - * - * The return value is zero if the file is opened successfully, and - * a pointer to the ACLFile_t is returned in the location specified - * by 'pacf'. Otherwise a negative error code (ACLERRxxxx - see - * aclerror.h) is returned, and an error frame will be generated if - * an error list is provided. - */ - -int aclFileOpen(NSErr_t * errp, - char * filename, int flags, ACLFile_t **pacf) -{ - ACLFile_t * acf; /* pointer to ACL file structure */ - int rv; /* return value */ - int eid; /* error identifier */ - char * errmsg; /* system error message string */ - - *pacf = 0; - - /* Allocate the ACLFile_t structure */ - acf = (ACLFile_t *)MALLOC(sizeof(ACLFile_t)); - if (acf == 0) goto err_nomem1; - - memset((void *)acf, 0, sizeof(ACLFile_t)); - acf->acf_filename = STRDUP(filename); - acf->acf_lineno = 1; - acf->acf_flags = flags; - - /* Create a LEX token object */ - rv = lex_token_new((pool_handle_t *)0, 32, 8, &acf->acf_token); - if (rv < 0) goto err_nomem2; - - /* Open the file */ - acf->acf_fd = system_fopenRO(acf->acf_filename); - if (acf->acf_fd == SYS_ERROR_FD) goto err_open; - - /* Create a LEX stream for the file */ - acf->acf_lst = lex_stream_create(aclStreamGet, - (void *)acf->acf_fd, 0, 8192); - if (acf->acf_lst == 0) goto err_nomem3; - - *pacf = acf; - return 0; - - err_open: /* file open error */ - rv = ACLERROPEN; - eid = ACLERR1900; - errmsg = system_errmsg(); - nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg); - goto punt; - - err_nomem1: /* MALLOC of ACLFile_t failed */ - rv = ACLERRNOMEM; - eid = ACLERR1920; - goto err_mem; - - err_nomem2: /* lex_token_new() failed */ - rv = ACLERRNOMEM; - eid = ACLERR1940; - goto err_mem; - - err_nomem3: /* lex_stream_create() failed */ - system_fclose(acf->acf_fd); - rv = ACLERRNOMEM; - eid = ACLERR1960; - - err_mem: - nserrGenerate(errp, rv, eid, ACL_Program, 0); - goto punt; - - punt: - return rv; -} - -/* - * Description (aclGetDNSString) - * - * This function parses a DNS name specification, which consists - * of a sequence of DNS name components separated by ".". Each - * name component must start with a letter, and contains only - * letters, digits, and hyphens. An exception is that the first - * component may be the wildcard indicator, "*". This function - * assumes that the current token already contains a TOKEN_STAR - * or TOKEN_IDENT. The complete DNS name specification is - * returned as the current token string. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * acf - pointer to ACLFile_t for ACL file - * - * Returns: - * - * The character terminating the DNS name specification is returned - * as the function value. The current token type is unchanged, but - * the string associated with the current token contains the - * complete DNS name specification. An error is indicated by a - * negative return value, and an error frame is generated if an - * error list is provided. - */ - -int aclGetDNSString(NSErr_t * errp, ACLFile_t * acf) -{ - LEXStream_t * lst = acf->acf_lst; /* LEX stream handle */ - void * token = acf->acf_token; /* LEX token handle */ - int rv; /* result value */ - int eid; /* error id value */ - char linestr[16]; /* line number string buffer */ - - /* The current token should be TOKEN_STAR or TOKEN_IDENT */ - rv = acf->acf_ttype; - - if ((rv != TOKEN_STAR) && (rv != TOKEN_IDENT)) goto err_dns1; - - /* Loop to parse [ "." dns-component ]+ */ - for (;;) { - - /* Try to step over a "." */ - rv = lex_next_char(lst, aclChTab, 0); - - /* End of DNS string if there's not one there */ - if (rv != '.') break; - - /* Append the "." to the token string */ - (void)lex_token_append(token, 1, "."); - - /* Advance the input stream past the "." */ - rv = lex_next_char(lst, aclChTab, CCM_SPECIAL); - - /* Next we want to see a letter */ - rv = lex_next_char(lst, aclChTab, 0); - - /* Error if it's not there */ - if (!lex_class_check(aclChTab, rv, CCM_LETTER)) goto err_dns2; - - /* Append a string of letters, digits, hyphens to token */ - rv = lex_scan_over(lst, aclChTab, (CCM_LETTER|CCM_DIGIT|CCM_HYPHEN), - token); - if (rv < 0) goto err_dns3; - } - - punt: - return rv; - - err_dns1: - eid = ACLERR2100; - rv = ACLERRPARSE; - goto err_ret; - - err_dns2: - eid = ACLERR2120; - rv = ACLERRPARSE; - goto err_ret; - - err_dns3: - eid = ACLERR2140; - rv = ACLERRPARSE; - goto err_ret; - - err_ret: - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr); - goto punt; -} - -int aclGetFileSpec(NSErr_t * errp, ACLFile_t * acf, int flags) -{ - LEXStream_t * lst = acf->acf_lst; /* LEX stream handle */ - void * token = acf->acf_token; /* LEX token handle */ - char * tokenstr; /* token string pointer */ - int rv; /* result value */ - int eid; /* error id value */ - char linestr[16]; /* line number string buffer */ - - /* Skip whitespace */ - rv = lex_skip_over(lst, aclChTab, CCM_WS); - if (rv < 0) goto err_lex1; - - /* Begin a new token string */ - rv = lex_token_start(token); - - rv = lex_scan_over(lst, aclChTab, CCM_FILENAME, token); - if (rv < 0) goto err_lex2; - - tokenstr = lex_token(token); - - if (!tokenstr || !*tokenstr) goto err_nofn; - - punt: - return rv; - - err_lex1: - eid = ACLERR2900; - goto err_parse; - - err_lex2: - eid = ACLERR2920; - goto err_parse; - - err_nofn: - eid = ACLERR2940; - - err_parse: - rv = ACLERRPARSE; - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr); - goto punt; -} - -/* - * Description (aclGetIPAddr) - * - * This function retrieves an IP address specification from a given - * input stream. The specification consists of an IP address expressed - * in the standard "." notation, possibly followed by whitespace and a - * netmask, also in "." form. The IP address and netmask values are - * returned. If no netmask is specified, a default value of 0xffffffff - * is returned. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * acf - pointer to ACLFile_t for ACL file - * pip - pointer to returned IP address value - * pmask - pointer to returned IP netmask value - * - * Returns: - * - * If successful, the return value identifies the type of the token - * following the IP address specification. This token type value is - * also returned in acf_ttype. An error is indicated by a negative - * error code (ACLERRxxxx - see aclerror.h), and an error frame will - * be generated if an error list is provided. The token type code in - * acf_ttype is TOKEN_ERROR when an error code is returned. - */ - -int aclGetIPAddr(NSErr_t * errp, - ACLFile_t * acf, IPAddr_t * pip, IPAddr_t * pmask) -{ - LEXStream_t * lst = acf->acf_lst; /* LEX stream handle */ - void * token = acf->acf_token; /* LEX token handle */ - char * tokenstr; /* token string pointer */ - IPAddr_t ipaddr; /* IP address */ - IPAddr_t netmask; /* IP netmask */ - int dotcnt; /* count of '.' seen in address */ - int rv; /* result value */ - int eid; /* error id value */ - char linestr[16]; /* line number string buffer */ - - /* Set default return values */ - *pip = 0; - *pmask = 0xffffffff; - - rv = acf->acf_ttype; - - /* The current token must be a number */ - if (rv != TOKEN_NUMBER) { - - /* No IP address present */ - return rv; - } - - /* Assume no netmask */ - netmask = 0xffffffff; - - for (dotcnt = 0;;) { - - /* Append digits and letters to the current token */ - rv = lex_scan_over(lst, aclChTab, (CCM_DIGIT|CCM_LETTER), token); - if (rv < 0) goto err_lex1; - - /* Stop when no "." follows the digits and letters */ - if (rv != '.') break; - - /* Stop if we've already seen three "." */ - if (++dotcnt > 3) break; - - /* Advance past the "." */ - (void)lex_next_char(lst, aclChTab, CCM_SPECIAL); - - /* Check the next character for a "*" */ - rv = lex_next_char(lst, aclChTab, 0); - if (rv == '*') { - - /* Advance past the "*" */ - (void)lex_next_char(lst, aclChTab, CCM_SPECIAL); - - netmask <<= ((4-dotcnt)*8); - netmask = htonl(netmask); - - while (dotcnt < 4) { - (void)lex_token_append(token, 2, ".0"); - ++dotcnt; - } - break; - } - else { - /* Append the "." to the token string */ - (void)lex_token_append(token, 1, "."); - } - } - - /* Get a pointer to the token string */ - tokenstr = lex_token(token); - - /* A NULL pointer or an empty string is an error */ - if (!tokenstr || !*tokenstr) goto err_noip; - - /* Convert IP address to binary */ - ipaddr = inet_addr(tokenstr); - if (ipaddr == (unsigned long)-1) goto err_badip; - - /* Skip whitespace */ - rv = lex_skip_over(lst, aclChTab, CCM_WS); - if (rv < 0) goto err_lex2; - - /* A digit is the start of a netmask */ - if ((netmask == 0xffffffff) && lex_class_check(aclChTab, rv, CCM_DIGIT)) { - - /* Initialize token for network mask */ - rv = lex_token_start(token); - - for (dotcnt = 0;;) { - - /* Collect token including digits, letters, and periods */ - rv = lex_scan_over(lst, aclChTab, (CCM_DIGIT|CCM_LETTER), token); - if (rv < 0) goto err_lex3; - - /* Stop when no "." follows the digits and letters */ - if (rv != '.') break; - - /* Stop if we've already seen three "." */ - if (++dotcnt > 3) break; - - /* Append the "." to the token string */ - (void)lex_token_append(token, 1, "."); - - /* Advance past the "." */ - (void)lex_next_char(lst, aclChTab, CCM_SPECIAL); - } - - /* Get a pointer to the token string */ - tokenstr = lex_token(token); - - /* A NULL pointer or an empty string is an error */ - if (!tokenstr || !*tokenstr) goto err_nonm; - - /* Convert netmask to binary. */ - netmask = inet_addr(tokenstr); - if (netmask == (unsigned long)-1) { - - /* - * Unfortunately inet_addr() doesn't distinguish between an - * error and a valid conversion of "255.255.255.255". So - * we check for it explicitly. Too bad if "0xff.0xff.0xff.0xff" - * is specified. Don't do that! - */ - if (strcmp(tokenstr, "255.255.255.255")) goto err_badnm; - } - } - - /* Return the IP address and netmask in host byte order */ - *pip = ntohl(ipaddr); - *pmask = ntohl(netmask); - - /* Get the token following the IP address (and netmask) */ - rv = aclGetToken(errp, acf, 0); - - punt: - acf->acf_ttype = (rv < 0) ? TOKEN_ERROR : rv; - return rv; - - err_lex1: - eid = ACLERR2200; - rv = ACLERRPARSE; - goto err_ret; - - err_lex2: - eid = ACLERR2220; - rv = ACLERRPARSE; - goto err_ret; - - err_lex3: - eid = ACLERR2240; - rv = ACLERRPARSE; - goto err_ret; - - err_noip: - eid = ACLERR2260; - rv = ACLERRPARSE; - goto err_ret; - - err_badip: - eid = ACLERR2280; - rv = ACLERRPARSE; - goto err_ret; - - err_nonm: - eid = ACLERR2300; - rv = ACLERRPARSE; - goto err_ret; - - err_badnm: - eid = ACLERR2320; - rv = ACLERRPARSE; - goto err_ret; - - err_ret: - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr); - goto punt; -} - -/* - * Description (aclGetToken) - * - * This function retrieves the next token in an ACL definition file. - * It skips blank lines, comments, and white space. It updates - * the current line number as newlines are encountered. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * acf - pointer to ACLFile_t for ACL file - * flags - bit flags: - * AGT_NOSKIP - don't skip leading whitespace - * AGT_APPEND - append to token buffer - * (else start new token) - * - * Returns: - * - * The return value is a code identifying the next token if successful. - * This token type value is also returned in acf_ttype. An error - * is indicated by a negative error code (ACLERRxxxx - see aclerror.h), - * and an error frame will be generated if an error list is provided. - * The token type code in acf_ttype is TOKEN_ERROR when an error code - * is returned. - */ - -int aclGetToken(NSErr_t * errp, ACLFile_t * acf, int flags) -{ - LEXStream_t * lst = acf->acf_lst; /* LEX stream handle */ - void * token = acf->acf_token; /* LEX token handle */ - int dospecial = 0; /* handle CCM_SPECIAL character */ - int tv; /* token value */ - int rv; /* result value */ - int eid; /* error id */ - char spech; - char linestr[16]; /* line number string buffer */ - - /* Begin a new token, unless AGT_APPEND is set */ - if (!(flags & AGT_APPEND)) { - rv = lex_token_start(token); - } - - /* Loop to read file */ - tv = 0; - do { - - /* - * If the AGT_NOSKIP flag is not set, skip whitespace (but not - * newline). If the flag is set, just get the next character. - */ - rv = lex_skip_over(lst, aclChTab, (flags & AGT_NOSKIP) ? 0 : CCM_WS); - if (rv <= 0) { - if (rv < 0) goto err_lex1; - - /* Exit loop if EOF */ - if (rv == 0) { - tv = TOKEN_EOF; - break; - } - } - - /* Analyze character after whitespace */ - switch (rv) { - - case '\n': /* newline */ - - /* Keep count of lines as we're skipping whitespace */ - acf->acf_lineno += 1; - (void)lex_next_char(lst, aclChTab, CCM_NL); - break; - - case '#': /* Beginning of comment */ - - /* Skip to a newline if so */ - rv = lex_skip_to(lst, aclChTab, CCM_NL); - break; - - case ';': /* End of statement */ - tv = TOKEN_EOS; - dospecial = 1; - break; - - case '@': /* at sign */ - tv = TOKEN_AT; - dospecial = 1; - break; - - case '+': /* plus sign */ - tv = TOKEN_PLUS; - dospecial = 1; - break; - - case '*': /* asterisk */ - tv = TOKEN_STAR; - dospecial = 1; - break; - - case '.': /* period */ - tv = TOKEN_PERIOD; - dospecial = 1; - break; - - case ',': /* comma */ - tv = TOKEN_COMMA; - dospecial = 1; - break; - - case '(': /* left parenthesis */ - tv = TOKEN_LPAREN; - dospecial = 1; - break; - - case ')': /* right parenthesis */ - tv = TOKEN_RPAREN; - dospecial = 1; - break; - - case '{': /* left brace */ - tv = TOKEN_LBRACE; - dospecial = 1; - break; - - case '}': /* right brace */ - tv = TOKEN_RBRACE; - dospecial = 1; - break; - - case '\"': /* double quote */ - case '\'': /* single quote */ - - /* Append string contents to token buffer */ - rv = lex_scan_string(lst, token, 0); - tv = TOKEN_STRING; - break; - - default: - - /* Check for identifier, beginning with a letter */ - if (lex_class_check(aclChTab, rv, CCM_LETTER)) { - - /* Append valid identifier characters to token buffer */ - rv = lex_scan_over(lst, aclChTab, CCM_IDENT, token); - tv = TOKEN_IDENT; - break; - } - - /* Check for a number, beginning with a digit */ - if (lex_class_check(aclChTab, rv, CCM_DIGIT)) { - char digit; - - /* Save the first digit */ - digit = (char)rv; - - /* Append the first digit to the token */ - rv = lex_token_append(token, 1, &digit); - - /* Skip over the first digit */ - rv = lex_next_char(lst, aclChTab, CCM_DIGIT); - - /* If it's '0', we might have "0x.." */ - if (rv == '0') { - - /* Pick up the next character */ - rv = lex_next_char(lst, aclChTab, 0); - - /* Is it 'x'? */ - if (rv == 'x') { - - /* Yes, append it to the token */ - digit = (char)rv; - rv = lex_token_append(token, 1, &digit); - - /* Step over it */ - rv = lex_next_char(lst, aclChTab, CCM_LETTER); - } - } - /* Get more digits, if any */ - rv = lex_scan_over(lst, aclChTab, CCM_DIGIT, token); - tv = TOKEN_NUMBER; - break; - } - - /* Unrecognized character */ - - spech = *lst->lst_cp; - lex_token_append(token, 1, &spech); - lst->lst_cp += 1; - lst->lst_len -= 1; - tv = TOKEN_HUH; - break; - } - - /* Handle CCM_SPECIAL character? */ - if (dospecial) { - - /* Yes, clear the flag for next time */ - dospecial = 0; - - /* Get the character and advance past it */ - rv = lex_next_char(lst, aclChTab, CCM_SPECIAL); - - /* Append the character to the token buffer */ - spech = (char)rv; - (void)lex_token_append(token, 1, &spech); - } - } - while ((tv == 0) && (rv > 0)); - - if (rv < 0) { - tv = TOKEN_ERROR; - } - else rv = tv; - - acf->acf_ttype = tv; - return rv; - - err_lex1: - rv = ACLERRPARSE; - eid = ACLERR2400; - - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr); - - acf->acf_ttype = TOKEN_ERROR; - return rv; -} - -/* - * Description (aclParseInit) - * - * This function is called to initialize the ACL parser. It - * creates a LEX character class table to assist in parsing. - * - * Arguments: - * - * None. - * - * Returns: - * - * If successful, the return value is zero. An error is indicated - * by a negative return value. - */ - -int aclParseInit() -{ - int rv; /* result value */ - - /* Have we created the character class table yet? */ - if (aclChTab == 0) { - - /* No, initialize character classes for lexer processing */ - rv = lex_class_create(classc, classv, &aclChTab); - if (rv < 0) goto err_nomem; - } - - return 0; - - err_nomem: - return ACLERRNOMEM; -} - -/* - * Description (aclRealmSpecParse) - * - * This function parses an authentication realm specification. An - * authentication realm includes an authentication database and - * an authentication method. The syntax of a realm-spec is: - * - * realm-spec ::= "{" realm-directive-list "}" | "realm" realm-name - * realm-directive-list ::= realm-directive | - * realm-directive-list ";" realm-directive - * realm-directive ::= realm-db-directive | realm-meth-directive - * | realm-prompt-directive - * realm-db-directive ::= "database" db-file-path - * realm-meth-directive ::= "method" auth-method-name - * auth-method-name ::= "basic" | "SSL" - * realm-prompt-directive ::= "prompt" quote-char string quote-char - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * acf - pointer to ACLFile_t for ACL file - * acc - pointer to ACContext_t structure - * rspp - pointer to RealmSpec_t pointer - * - * Returns: - * - * If successful, the return value is the token type of the token - * following the realm-spec, i.e. either the first token after a - * realm-name or the first token after the closing "}". It is the - * caller's responsibility to validate this token as a legitimate - * successor of a realm-spec. If a parsing error occurs in the - * middle of a realm-spec, the return value is ACLERRPARSE, and an - * error frame is generated if an error list is provided. For - * other kinds of errors a negative error code (from aclerror.h) - * is returned. - */ - -int aclRealmSpecParse(NSErr_t * errp, - ACLFile_t * acf, ACContext_t * acc, RealmSpec_t **rspp) -{ - void * token = acf->acf_token; /* handle for current token */ - char * tokenstr; /* current token string */ - RealmSpec_t * rsp; /* realm spec pointer */ - RealmSpec_t * nrsp; /* named realm spec pointer */ - int rv; /* result value */ - int eid; /* error id value */ - char linestr[16]; /* line number string buffer */ - - rv = acf->acf_ttype; - - /* Is the current token a "{" ? */ - if (rv != TOKEN_LBRACE) { - - /* No, could it be KEYWORD_REALM? */ - if (rv == TOKEN_IDENT) { - - tokenstr = lex_token(token); - - if (!strcasecmp(tokenstr, KEYWORD_REALM)) { - - /* Yes, step to the realm name */ - rv = aclGetToken(errp, acf, 0); - if (rv != TOKEN_IDENT) { - if (rv < 0) goto punt; - goto err_rlmname; - } - - tokenstr = lex_token(token); - - /* Look up the named realm specification */ - rv = symTableFindSym(acc->acc_stp, tokenstr, ACLSYMREALM, - (void **)&nrsp); - if (rv < 0) goto err_undrlm; - - /* Return the named realm specification */ - *rspp = nrsp; - - /* Step to the token after the realm name */ - rv = aclGetToken(errp, acf, 0); - } - } - - return rv; - } - - /* Step to the token after the "{" */ - rv = aclGetToken(errp, acf, 0); - if (rv < 0) goto punt; - - rsp = *rspp; - if (rsp == 0) { - rsp = (RealmSpec_t *)MALLOC(sizeof(RealmSpec_t)); - if (rsp == 0) goto err_nomem; - memset((void *)rsp, 0, sizeof(RealmSpec_t)); - rsp->rs_sym.sym_type = ACLSYMREALM; - *rspp = rsp; - } - - /* Loop for each realm-directive */ - for (;; rv = aclGetToken(errp, acf, 0)) { - - if (rv != TOKEN_IDENT) { - - /* Exit loop on "}" */ - if (rv == TOKEN_RBRACE) break; - - /* Ignore null directives */ - if (rv == TOKEN_EOS) continue; - - /* Otherwise need an identifier to start a directive */ - goto err_nodir; - } - - tokenstr = lex_token(token); - - /* Figure out which realm-directive this is */ - if (!strcasecmp(tokenstr, KEYWORD_DATABASE)) { - - /* Get a file specification for the database */ - rv = aclGetToken(errp, acf, 0); - if (rv != TOKEN_STRING) { - if (rv < 0) goto punt; - goto err_nodb; - } - - rsp->rs_realm.rlm_dbname = lex_token_take(token); - rsp->rs_realm.rlm_aif = &NSADB_AuthIF; - } - else if (!strcasecmp(tokenstr, KEYWORD_METHOD)) { - - /* Step to the method identifier */ - rv = aclGetToken(errp, acf, 0); - if (rv != TOKEN_IDENT) { - if (rv < 0) goto punt; - goto err_nometh; - } - - tokenstr = lex_token(token); - - /* Interpret method name and set method in realm structure */ - if (!strcasecmp(tokenstr, KEYWORD_BASIC)) { - rsp->rs_realm.rlm_ameth = AUTH_METHOD_BASIC; - } - else if (!strcasecmp(tokenstr, KEYWORD_SSL) && server_enterprise) { - rsp->rs_realm.rlm_ameth = AUTH_METHOD_SSL; - } - else goto err_badmeth; - } - else if (!strcasecmp(tokenstr, KEYWORD_PROMPT)) { - - /* Step to the realm prompt string */ - rv = aclGetToken(errp, acf, 0); - if ((rv != TOKEN_STRING) && (rv != TOKEN_IDENT)) { - if (rv < 0) goto punt; - goto err_noprompt; - } - - /* Reference a copy of the prompt string from the realm */ - rsp->rs_realm.rlm_prompt = lex_token_take(token); - } - else goto err_baddir; - - /* Get the token after the realm-directive */ - rv = aclGetToken(errp, acf, 0); - - /* Need a ";" to keep going */ - if (rv != TOKEN_EOS) break; - } - - if (rv != TOKEN_RBRACE) goto err_rbrace; - - /* Get the token after the realm-spec */ - rv = aclGetToken(errp, acf, 0); - - punt: - return rv; - - err_rlmname: - eid = ACLERR2500; - goto err_parse; - - err_undrlm: - eid = ACLERR2520; - rv = ACLERRUNDEF; - goto err_sym; - - err_nomem: - eid = ACLERR2540; - rv = ACLERRNOMEM; - goto ret_err; - - err_nodir: - eid = ACLERR2560; - goto err_parse; - - err_nodb: - eid = ACLERR2570; - goto err_parse; - - err_nometh: - eid = ACLERR2580; - goto err_parse; - - err_badmeth: - eid = ACLERR2600; - goto err_sym; - - err_noprompt: - eid = ACLERR2605; - goto err_parse; - - err_baddir: - eid = ACLERR2610; - goto err_sym; - - err_rbrace: - eid = ACLERR2620; - goto err_parse; - - err_sym: - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, - 3, acf->acf_filename, linestr, tokenstr); - goto punt; - - err_parse: - rv = ACLERRPARSE; - ret_err: - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr); - goto punt; -} - -/* - * Description (aclRightsParse) - * - * This function parse an access rights list. The syntax for an - * access rights list is: - * - * rights-list ::= "(" list-of-rights ")" - * list-of-rights ::= rights-elem | list-of-rights "," rights-elem - * rights-elem ::= right-name | "+" rights-def-name - * right-name ::= identifier - * rights-def-name ::= identifier - * - * An element of a rights list is either the name of a particular - * access right (e.g. Read), or the name associated with an - * external definition of an access rights list, preceded by "+" - * (e.g. +editor-rights). The list is enclosed in parentheses, - * and the elements are separated by commas. - * - * This function adds to a list of rights provided by the caller. - * Access rights are internally assigned unique integer identifiers, - * and a symbol table is maintained to map an access right name to - * its identifier. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * acf - pointer to ACLFile_t for ACL file - * acc - pointer to ACContext_t structure - * rights - pointer to rights list head - * - * Returns: - * - * The return value is a code identifying the next token if successful. - * End-of-stream is indicated by a return value of TOKEN_EOF. An error - * is indicated by a negative error code (ACLERRxxxx - see aclerror.h), - * and an error frame will be generated if an error list is provided. - */ - -int aclRightsParse(NSErr_t * errp, ACLFile_t * acf, ACContext_t * acc, - RightSpec_t **rights) -{ - void * token = acf->acf_token; /* LEX token handle */ - char * ename; /* element name string pointer */ - RightSpec_t * rsp; /* rights specification pointer */ - RightSpec_t * nrsp; /* named rights spec pointer */ - RightDef_t * rdp; /* right definition pointer */ - int rv; /* result value */ - int eid; /* error id */ - char linestr[16]; /* line number string buffer */ - - /* Look for a left parenthesis */ - if (acf->acf_ttype != TOKEN_LPAREN) { - - /* No rights list present */ - return 0; - } - - rsp = *rights; - - /* Create a RightSpec_t if we don't have one */ - if (rsp == 0) { - rsp = (RightSpec_t *)MALLOC(sizeof(RightSpec_t)); - if (rsp == 0) goto err_nomem1; - memset((void *)rsp, 0, sizeof(RightSpec_t)); - rsp->rs_sym.sym_type = ACLSYMRDEF; - *rights = rsp; - } - - /* Parse list elements */ - for (;;) { - - /* Look for an identifier */ - rv = aclGetToken(errp, acf, 0); - if (rv != TOKEN_IDENT) { - - /* No, maybe a "+" preceding a rights definition name? */ - if (rv != TOKEN_PLUS) { - - /* One more chance, we'll allow the closing ")" after "," */ - if (rv != TOKEN_RPAREN) { - /* No, bad news */ - if (rv < 0) goto punt; - goto err_elem; - } - - /* Got right paren after comma */ - break; - } - - /* Got a "+", try for the rights definition name */ - rv = aclGetToken(errp, acf, 0); - if (rv != TOKEN_IDENT) { - if (rv < 0) goto punt; - goto err_rdef; - } - - /* Get a pointer to the token string */ - ename = lex_token(token); - - /* See if it matches a rights definition in the symbol table */ - rv = symTableFindSym(acc->acc_stp, ename, ACLSYMRDEF, - (void **)&nrsp); - if (rv) goto err_undef; - - /* - * Merge the rights from the named rights list into the - * current rights list. - */ - rv = uilMerge(&rsp->rs_list, &nrsp->rs_list); - if (rv < 0) goto err_nomem2; - } - else { - - /* The current token is an access right name */ - - /* Get a pointer to the token string */ - ename = lex_token(token); - - - /* Find or create an access right definition */ - rv = aclRightDef(errp, acc, ename, &rdp); - if (rv < 0) goto err_radd; - - /* Add the id for this right to the current rights list */ - rv = usiInsert(&rsp->rs_list, rdp->rd_id); - if (rv < 0) goto err_nomem3; - } - - rv = aclGetToken(errp, acf, 0); - - /* Want a comma to continue the list */ - if (rv != TOKEN_COMMA) { - - /* A right parenthesis will end the list nicely */ - if (rv == TOKEN_RPAREN) { - - /* Get the first token after the rights list */ - rv = aclGetToken(errp, acf, 0); - break; - } - - /* Anything else is an error */ - if (rv < 0) goto punt; - goto err_list; - } - } - - return rv; - - err_elem: - eid = ACLERR2700; - rv = ACLERRSYNTAX; - goto err_ret; - - err_rdef: - eid = ACLERR2720; - rv = ACLERRSYNTAX; - goto err_ret; - - err_undef: - eid = ACLERR2740; - rv = ACLERRUNDEF; - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, - 3, acf->acf_filename, linestr, ename); - return rv; - - err_nomem1: - eid = ACLERR2760; - goto err_nomem; - - err_nomem2: - eid = ACLERR2780; - goto err_nomem; - - err_radd: - eid = ACLERR2800; - goto err_ret; - - err_nomem3: - eid = ACLERR2820; - goto err_nomem; - - err_nomem: - rv = ACLERRNOMEM; - goto err_ret; - - err_list: - - eid = ACLERR2840; - rv = ACLERRSYNTAX; - - err_ret: - sprintf(linestr, "%d", acf->acf_lineno); - nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr); - - punt: - return rv; -} - -/* - * Description (aclStreamGet) - * - * This function is the stream read function designated by - * aclFileOpen() to read the file associated with the LEX stream - * it creates. It reads the next chunk of the file into the - * stream buffer. - * - * Arguments: - * - * lst - pointer to LEX stream structure - * - * Returns: - * - * The return value is the number of bytes read if successful. - * A return value of zero indicates end-of-file. An error is - * indicated by a negative return value. - */ - -int aclStreamGet(LEXStream_t * lst) -{ - SYS_FILE fd = (SYS_FILE)(lst->lst_strmid); - int len; - - len = system_fread(fd, lst->lst_buf, lst->lst_buflen); - if (len >= 0) { - lst->lst_len = len; - lst->lst_cp = lst->lst_buf; - } - - return len; -} diff --git a/lib/libaccess/attrec.cpp b/lib/libaccess/attrec.cpp deleted file mode 100644 index d637ccd9..00000000 --- a/lib/libaccess/attrec.cpp +++ /dev/null @@ -1,309 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * Description (attrec.c) - * - * This module contains routines for encoding and decoding - * attribute records. See attrec.h for a description of attribute - * records. - */ - -#include "base/systems.h" -#include "netsite.h" -#include "assert.h" -#define __PRIVATE_ATTREC -#include "libaccess/attrec.h" - -/* - * Description (NTS_Length) - * - * This function returns the length of a null-terminated string. - * The length includes the terminating null octet. - * - * Use of the NTSLENGTH() macro is recommended (see attrec.h). - * - * Arguments: - * - * nts - a pointer to the null-terminate string - * (may be null) - * - * Returns: - * - * The length of the string. If 'nts' is null, the value is one, - * since there is always a null octet. - */ - -int NTS_Length(NTS_t nts) -{ - return ((nts) ? strlen((const char *)nts) + 1 : 1); -} - -/* - * Description (NTS_Decode) - * - * This function decodes a null-terminated string from a specified - * attribute record buffer. It copies the string into a dynamically - * allocated buffer, if 'pnts' is not null, and returns a pointer - * to it. The return value of the function is a pointer to the - * octet following the NTS in the attribute record buffer. - * - * Use of the NTSDECODE() macro is recommended (see attrec.h). - * - * Arguments: - * - * cp - pointer into the attribute record buffer - * pnts - pointer to returned reference to decoded - * NTS, or null, if the decoded NTS is not - * to be copied to a dynamic buffer - * - * Returns: - * - * The function return value is a pointer to the octet following - * the NTS in the attribute record buffer. A pointer to a - * dynamically allocated buffer containing the decoded NTS will - * be returned through 'pnts', if it is non-null. This returned - * pointer will be null if the NTS contains only a terminating - * octet. - */ - -ATR_t NTS_Decode(ATR_t cp, NTS_t * pnts) -{ - NTS_t nts = 0; - int len = NTSLENGTH(cp); /* length of the string */ - - /* Are we going to return a copy of the string? */ - if (pnts) { - - /* Yes, is it more than just a null octet? */ - if (len > 1) { - - /* Yes, allocate a buffer and copy the string to it */ - nts = (NTS_t)MALLOC(len); - if (nts) { - memcpy((void *)nts, (void *)cp, len); - } - } - - /* Return a pointer to the copied string, or null */ - *pnts = nts; - } - - /* Return pointer to octet after string */ - return cp + len; -} - -/* - * Description (NTS_Encode) - * - * This function encodes a null-terminated string into a specified - * attribute record buffer. It returns a pointer to the octet - * following the encoding. - * - * Use of the NTSENCODE() macro is recommended (see attrec.h). - * - * Arguments: - * - * cp - pointer into the attribute record buffer - * nts - pointer to the string to be encoded - * - * Returns: - * - * A pointer to the octet following the encoding in the attribute - * record buffer is returned. - */ - -ATR_t NTS_Encode(ATR_t cp, NTS_t nts) -{ - - /* Is the string pointer null? */ - if (nts) { - int len = NTSLENGTH(nts); - - /* No, copy the string to the attribute record buffer */ - memcpy((void *)cp, (void *)nts, len); - - /* Get pointer to octet after it */ - cp += len; - } - else { - - /* A null pointer indicates an empty NTS, i.e. just a null octet */ - *cp++ = 0; - } - - /* Return a pointer to the octet after the encoding */ - return cp; -} - -/* - * Description (USI_Decode) - * - * This function decodes an unsigned integer value from a specified - * attribute record buffer. - * - * Use of the USIDECODE() macro is recommended (see attrec.h). - * - * Arguments: - * - * cp - pointer into the attribute record buffer - * pval - pointer to returned integer value - * - * Returns: - * - * If 'pval' is not null, the decoded integer value is returned - * in the referenced location. The function return value is a - * pointer to the octet following the USI encoding in the attribute - * record buffer. - */ - -ATR_t USI_Decode(ATR_t cp, USI_t * pval) -{ - int val; - - /* Is this a length value? */ - if (*(cp) & 0x80) { - int i; - int len; - - /* Yes, build the value from the indicated number of octets */ - len = *cp++ & 0x7; - val = 0; - for (i = 0; i < len; ++i) { - val <<= 8; - val |= (cp[i] & 0xff); - } - cp += len; - } - else { - - /* This octet is the value */ - val = *cp++; - } - - /* Return the value if there's a place to put it */ - if (pval) *pval = val; - - /* Return a pointer to the next item in the attribute record */ - return cp; -} - -/* - * Description (USI_Encode) - * - * This function encodes an unsigned integer value into a specified - * attribute record buffer. - * - * Use of the USIENCODE() macro is recommended (see attrec.h). - * - * Arguments: - * - * cp - pointer into the attribute record buffer - * val - the value to be encoded - * - * Returns: - * - * A pointer to the octet following the generated encoding in the - * attribute record buffer is returned. - */ - -ATR_t USI_Encode(ATR_t cp, USI_t val) -{ - /* Check size of value to be encoded */ - if (val <= 0x7f) *cp++ = val; - else if (val <= 0xff) { - /* Length plus 8-bit value */ - *cp++ = 0x81; - *cp++ = val; - } - else if (val <= 0xffff) { - /* Length plus 16-bit value */ - *cp++ = 0x82; - cp[1] = val & 0xff; - val >>= 8; - cp[0] = val & 0xff; - cp += 2; - } - else if (val <= 0xffffff) { - /* Length plus 24-bit value */ - *cp++ = 0x83; - cp[2] = val & 0xff; - val >>= 8; - cp[1] = val & 0xff; - val >>= 8; - cp[0] = val & 0xff; - cp += 3; - } - else { - /* Length plus 32-bit value */ - *cp++ = 0x84; - cp[3] = val & 0xff; - val >>= 8; - cp[2] = val & 0xff; - val >>= 8; - cp[1] = val & 0xff; - val >>= 8; - cp[0] = val & 0xff; - cp += 4; - } - - /* Return a pointer to the next position in the attribute record */ - return cp; -} - -/* - * Description (USI_Insert) - * - * This function is a variation of USI_Encode() that always generates - * the maximum-length encoding for USI value, regardless of the - * actual specified value. For arguments, returns, see USI_Encode(). - * - * Use of the USIINSERT() macro is recommended. The USIALLOC() macro - * returns the number of octets that USIINSERT() will generate. - */ - -ATR_t USI_Insert(ATR_t cp, USI_t val) -{ - int i; - - assert(USIALLOC() == 5); - - *cp++ = 0x84; - for (i = 3; i >= 0; --i) { - cp[i] = val & 0xff; - val >>= 8; - } - - return cp + 5; -} - -/* - * Description (USI_Length) - * - * This function returns the number of octets required to encode - * an unsigned integer value. - * - * Use of the USILENGTH() macro is recommended (see attrec.h). - * - * Arguments: - * - * val - the unsigned integer value - * - * Returns: - * - * The number of octets required to encode the specified value is - * returned. - */ - -int USI_Length(USI_t val) -{ - return (((USI_t)(val) <= 0x7f) ? 1 - : (((USI_t)(val) <= 0xff) ? 2 - : (((USI_t)(val) <= 0xffff) ? 3 - : (((USI_t)(val) <= 0xffffff) ? 4 - : 5)))); -} - diff --git a/lib/libaccess/avadb.c b/lib/libaccess/avadb.c deleted file mode 100644 index ecf03167..00000000 --- a/lib/libaccess/avadb.c +++ /dev/null @@ -1,298 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "libaccess/ava.h" -#include "libaccess/avadb.h" -#include "base/session.h" -#include "base/pblock.h" - -#include "libadmin/libadmin.h" -#include "libaccess/avapfile.h" - -#define DB_NAME "AvaMap" - -enum {AVA_DB_SUCCESS=0,AVA_DB_FAILURE}; - -#ifdef XP_UNIX -#include "mcom_ndbm.h" - -USE_NSAPI int AddEntry (char *key, char *value) { - datum keyd; - datum valued; - DBM *db = NULL; - char dbpath[150]; - - sprintf (dbpath, "%s%c%s", get_httpacl_dir(), FILE_PATHSEP, DB_NAME); - - db = dbm_open (dbpath, O_RDWR | O_CREAT, 0644); - - if (!db) - return AVA_DB_FAILURE; - - keyd.dptr = key; - keyd.dsize = strlen (key) + 1; - - valued.dptr = value; - valued.dsize = strlen(value) + 1; - - dbm_store (db, keyd, valued, DBM_REPLACE); - dbm_close (db); - - return AVA_DB_SUCCESS; -} - -USE_NSAPI int DeleteEntry (char *key) { - datum keyd; - DBM *db = NULL; - char dbpath[150]; - - sprintf (dbpath, "%s%c%s", get_httpacl_dir(), FILE_PATHSEP, DB_NAME); - - db = dbm_open (dbpath, O_RDWR, 0644); - - if (!db) - return AVA_DB_FAILURE; - - keyd.dptr = key; - keyd.dsize = strlen (key) + 1; - - dbm_delete (db, keyd); - - dbm_close (db); - - return AVA_DB_SUCCESS; -} - -USE_NSAPI char *GetValue (char *key) { - datum keyd; - datum valued; - DBM *db = NULL; - char dbpath[150]; - - sprintf (dbpath, "%s%c%s", get_httpacl_dir(), FILE_PATHSEP, DB_NAME); - - db = dbm_open (dbpath, O_RDONLY, 0644); - - if (!db) - return NULL; - - keyd.dptr = key; - keyd.dsize = strlen (key) + 1; - - valued = dbm_fetch (db, keyd); - - dbm_close (db); - - return valued.dptr; -} - -#else - -#include <stdio.h> - - -#define lmemcpy memcpy -#define lmemcmp memcmp -#define lmemset memset - -static int mkhash8(char *x,int len) { - unsigned int i,hash = 0; - for (i=0; i < len; i++) { hash += x[i]; } - - return (int) (hash & 0xff); -} - -static void mkpath(char *target, char *dir, char sep, char *name) { - int len; - - len = strlen(dir); - lmemcpy(target,dir,len); - target += len; - - *target++ = sep; - - len = strlen(name); - lmemcpy(target,name,len); - target += len; - - *target = 0; -} - -#define DELETED_LEN 8 -static char DELETED[] = { 0xff, 0x0, 0xff, 0x0, 0xff, 0x0, 0xff , 0x0 }; - - -#define RECORD_SIZE 512 -USE_NSAPI int AddEntry (char *key, char *value) { - int empty, hash; - char dbpath[150]; - char record[RECORD_SIZE]; - int key_len, val_len,size; - FILE *f; - - mkpath (dbpath, get_httpacl_dir(), FILE_PATHSEP, DB_NAME); - - f = fopen(dbpath, "rb+"); - if (f == NULL) { - f = fopen(dbpath,"wb+"); - } - - if (f == NULL) - return AVA_DB_FAILURE; - - key_len = strlen(key)+1; - val_len = strlen(value); - - if ((key_len+val_len) > RECORD_SIZE) { - fclose(f); - return AVA_DB_FAILURE; - } - - - /* now hash the key */ - hash = mkhash8(key,key_len); - empty = -1; - - fseek(f,hash*RECORD_SIZE,SEEK_SET); - - for (;;) { - size= fread(record,1,RECORD_SIZE,f); - if (size < RECORD_SIZE) { - break; - } - if (lmemcmp(record,key,key_len) == 0) { - break; - } - if ((empty == -1) && (lmemcmp(record,DELETED,DELETED_LEN) == 0)) { - empty = hash; - } - if (record == 0) { - break; - } - hash++; - } - - if (empty != -1) { hash = empty; } - fseek(f,hash*RECORD_SIZE,SEEK_SET); - - /* build the record */ - lmemset(record,0,RECORD_SIZE); - - lmemcpy(record,key,key_len); - lmemcpy(&record[key_len],value,val_len); - size= fwrite(record,1,RECORD_SIZE,f); - if (size != RECORD_SIZE) { - fclose(f); - return AVA_DB_FAILURE; - } - fclose(f); - - return AVA_DB_SUCCESS; -} - -USE_NSAPI int DeleteEntry (char *key) { - int found,hash; - char dbpath[150]; - char record[RECORD_SIZE]; - int key_len,size; - FILE *f; - - mkpath (dbpath, get_httpacl_dir(), FILE_PATHSEP, DB_NAME); - - f = fopen(dbpath, "rb+"); - - if (f == NULL) - return AVA_DB_FAILURE; - - key_len = strlen(key)+1; - - - /* now hash the key */ - hash = mkhash8(key,key_len); - found = 0; - fseek(f,hash*RECORD_SIZE,SEEK_SET); - - for (;;) { - size= fread(record,1,RECORD_SIZE,f); - if (size < RECORD_SIZE) { - break; - } - if (lmemcmp(record,key,key_len) == 0) { - found++; - break; - } - if (record == 0) { - break; - } - hash++; - } - - if (!found) { - fclose(f); - return AVA_DB_SUCCESS; - } - fseek(f,hash*RECORD_SIZE,SEEK_SET); - - /* build the record */ - lmemset(record,0,RECORD_SIZE); - - lmemcpy(record,DELETED,DELETED_LEN); - size= fwrite(record,1,RECORD_SIZE,f); - if (size != RECORD_SIZE) { - fclose(f); - return AVA_DB_FAILURE; - } - fclose(f); - - return AVA_DB_SUCCESS; -} - -USE_NSAPI char *GetValue (char *key) { - int hash,size; - char dbpath[150]; - char record[RECORD_SIZE]; - int key_len,found = 0; - FILE *f; - - mkpath (dbpath, get_httpacl_dir(), FILE_PATHSEP, DB_NAME); - - f = fopen(dbpath, "rb"); - - if (f == NULL) - return NULL; - - key_len = strlen(key)+1; - - /* now hash the key */ - hash = mkhash8(key,key_len); - - fseek(f,hash*RECORD_SIZE,SEEK_SET); - - for(;;) { - size= fread(record,1,RECORD_SIZE,f); - if (size < RECORD_SIZE) { - break; - } - if (lmemcmp(record,key,key_len) == 0) { - found++; - break; - } - if (record == 0) { - break; - } - hash++; - } - - fclose(f); - if (!found) return NULL; - - return system_strdup(&record[key_len+1]); -} - -#endif diff --git a/lib/libaccess/avaparse.y b/lib/libaccess/avaparse.y deleted file mode 100644 index 6be06794..00000000 --- a/lib/libaccess/avaparse.y +++ /dev/null @@ -1,140 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -%{ - -#include <stdio.h> -#include <ctype.h> -#include <string.h> -#include "libaccess/ava.h" -#include "libaccess/avapfile.h" -#include "netsite.h" - -extern int linenum; -extern char yytext[]; - -static void AddDefType (int defType, char *defId); -static void AddAVA (char* userID); - -void yyerror(const char* string); -extern void logerror(const char* string,int num, char *file); - -AVAEntry tempEntry; -AVATable entryTable; - -%} - -%union { - char *string; - int num; -} - -%token DEF_C DEF_CO DEF_OU DEF_CN EQ_SIGN DEF_START -%token DEF_L DEF_E DEF_ST -%token <string> USER_ID DEF_ID - -%type <num> def.type - -%start source - -%% - -source: ava.database - | - ; - - -ava.database: ava.database ava - | ava - ; - -ava: USER_ID definitions {AddAVA($1);}; - -definitions: definition.list - | - ; - -definition.list: definition.list definition - | definition - ; - - -definition: def.type EQ_SIGN DEF_ID {AddDefType($1, $3);}; - -def.type: DEF_C {$$ = DEF_C; } - | DEF_CO {$$ = DEF_CO;} - | DEF_OU {$$ = DEF_OU;} - | DEF_CN {$$ = DEF_CN;} - | DEF_L {$$ = DEF_L; } - | DEF_E {$$ = DEF_E; } - | DEF_ST {$$ = DEF_ST;} - ; - -%% - -void yyerror(const char* string) { - logerror(string,linenum,currFile); -} - - -void AddDefType (int defType, char *defId) { - switch (defType) { - case DEF_C: - tempEntry.country = defId; - break; - case DEF_CO: - tempEntry.company = defId; - break; - case DEF_OU: - if (tempEntry.numOrgs % ORGS_ALLOCSIZE == 0) { - if (tempEntry.numOrgs == 0) { - tempEntry.organizations = - PERM_MALLOC (sizeof (char*) * ORGS_ALLOCSIZE); - } else { - char **temp; - temp = - PERM_MALLOC(sizeof(char*) * (tempEntry.numOrgs + ORGS_ALLOCSIZE)); - memcpy (temp, tempEntry.organizations, - sizeof(char*)*tempEntry.numOrgs); - PERM_FREE (tempEntry.organizations); - tempEntry.organizations = temp; - } - } - tempEntry.organizations[tempEntry.numOrgs++] = defId; - break; - case DEF_CN: - tempEntry.CNEntry = defId; - break; - case DEF_E: - tempEntry.email = defId; - break; - case DEF_L: - tempEntry.locality = defId; - break; - case DEF_ST: - tempEntry.state = defId; - break; - default: - break; - } -} - -void AddAVA (char* userID) { - AVAEntry *newAVA; - - newAVA = (AVAEntry*)PERM_MALLOC(sizeof(AVAEntry)); - if (!newAVA) { - yyerror ("Out of Memory in AddAVA"); - return; - } - *newAVA = tempEntry; - newAVA->userid = userID; - - _addAVAtoTable (newAVA, &entryTable); - - tempEntry.CNEntry = tempEntry.userid = tempEntry.country = tempEntry.company = 0; - tempEntry.email = tempEntry.locality = tempEntry.state = NULL; - tempEntry.numOrgs = 0; -} diff --git a/lib/libaccess/avapfile.c b/lib/libaccess/avapfile.c deleted file mode 100644 index 995c057b..00000000 --- a/lib/libaccess/avapfile.c +++ /dev/null @@ -1,428 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#include <stdio.h> -#include <stdlib.h> -#include <string.h> - -#include "libaccess/ava.h" - -#include "base/session.h" -#include "base/pblock.h" -#include "frame/req.h" -#include "frame/log.h" - -#include "libadmin/libadmin.h" -#include "libaccess/avapfile.h" - -#define ALLOC_SIZE 20 -#define SUCCESS 0 - -struct parsedStruct { - char *fileName; - AVATable *avaTable; -}; - -typedef struct parsedStruct Parsed; - -/* globals for yy_error if needed */ -Session *yy_sn = NULL; -Request *yy_rq = NULL; - -/*This will be a dynamic array of parsedStruct*. Re-sizing if necessary.*/ -struct ParsedTable { - Parsed **parsedTable; - int numEntries; -}; - -char *currFile; - -static struct ParsedTable parsedFiles = {NULL, 0}; - -extern AVATable entryTable; /*Table where entries are stored*/ -extern AVAEntry tempEntry; /*Used to restore parser's state*/ -extern linenum; - -AVAEntry * AVAEntry_Dup(AVAEntry *entry) { - int i; - AVAEntry *newAVA = NULL; -/* copy the AVA entry */ - - if (entry) { - newAVA = (AVAEntry *) PERM_MALLOC(sizeof(AVAEntry)); - memset(newAVA,0, sizeof(AVAEntry)); - newAVA->userid = 0; - newAVA->CNEntry = 0; - newAVA->email = 0; - newAVA->locality = 0; - newAVA->state = 0; - newAVA->country = 0; - newAVA->company = 0; - newAVA->organizations = 0; - newAVA->numOrgs = 0; - if (entry->userid) newAVA->userid = PERM_STRDUP(entry->userid); - if (entry->CNEntry) newAVA->CNEntry = PERM_STRDUP(entry->CNEntry); - if (entry->email) newAVA->email = PERM_STRDUP(entry->email); - if (entry->locality) newAVA->locality = PERM_STRDUP(entry->locality); - if (entry->state) newAVA->state = PERM_STRDUP(entry->state); - if (entry->country) newAVA->country = PERM_STRDUP(entry->country); - if (entry->company) newAVA->company = PERM_STRDUP(entry->company); - if (entry->organizations) { - newAVA->organizations = PERM_MALLOC(sizeof(char *)*entry->numOrgs); - newAVA->numOrgs = entry->numOrgs; - for (i=0; i<entry->numOrgs; i++) - newAVA->organizations[i] = PERM_STRDUP (entry->organizations[i]); - } - } - return newAVA; -} - -void _addAVAtoTable (AVAEntry *newAVA, AVATable *table) { - int i; - int insertIndex = -1; - - if (table->numEntries%ENTRIES_ALLOCSIZE == 0) { - if (table->numEntries == 0) { - table->enteredTable = - (AVAEntry**) PERM_MALLOC (sizeof(AVAEntry*) * ENTRIES_ALLOCSIZE); - } else { - AVAEntry **temp; - - temp = - PERM_MALLOC(sizeof(AVAEntry*)*(table->numEntries+ENTRIES_ALLOCSIZE)); - memmove(temp, table->enteredTable, sizeof(AVAEntry*)*table->numEntries); - PERM_FREE(table->enteredTable); - table->enteredTable = temp; - } - } - - for (i=table->numEntries-1; i >= 0; i--) { - if (strcmp(newAVA->userid, table->enteredTable[i]->userid) > 0) { - insertIndex = i+1; - break; - } else { - table->enteredTable[i+1] = table->enteredTable[i]; - } - } - - - table->enteredTable[(insertIndex == -1) ? 0 : insertIndex] = newAVA; - (table->numEntries)++; -} - -AVATable *AVATableDup(AVATable *table) { - AVATable *newTable = (AVATable*)PERM_MALLOC (sizeof(AVATable)); - /* round the puppy so _addAVAtoTable still works */ - int size = (table->numEntries + (ENTRIES_ALLOCSIZE-1))/ENTRIES_ALLOCSIZE; - int i; - - newTable->enteredTable = - (AVAEntry**)PERM_MALLOC(size*ENTRIES_ALLOCSIZE*sizeof(AVAEntry *)); - - for (i=0; i < table->numEntries; i++) { - newTable->enteredTable[i] = AVAEntry_Dup(table->enteredTable[i]); - } - newTable->numEntries = table->numEntries; - return newTable; -} - - - - -AVAEntry *_getAVAEntry(char *groupName, AVATable *mapTable) { - char line[BIG_LINE]; - int lh, rh, mid, cmp;; - - if (!mapTable) { - sprintf (line, "NULL Pointer passed as mapTable when trying to get entry %s", groupName); - report_error (SYSTEM_ERROR, "File Not Found", line); - } - - - lh = 0; - rh = mapTable->numEntries-1; - - while (lh <= rh) { - mid = lh + ((rh-lh)/2); - cmp = strcmp(groupName, mapTable->enteredTable[mid]->userid); - if (cmp == 0) - return mapTable->enteredTable[mid]; - else if (cmp > 0) - lh = mid + 1; - else - rh = mid - 1; - } - - return NULL; - -} - -AVATable *_getTable (char *fileName) { - int lh, rh, mid, cmp; - AVATable *table = NULL; - - /*First checks to see if it's already been parsed*/ - - lh = 0; - rh = parsedFiles.numEntries-1; - while (lh <= rh) { - mid = lh + ((rh - lh)/2); - cmp = strcmp(fileName, parsedFiles.parsedTable[mid]->fileName); - if (cmp == SUCCESS) { - return parsedFiles.parsedTable[mid]->avaTable; - } else if (cmp < SUCCESS) { - rh = mid-1; - } else { - lh = mid+1; - } - } - - yyin = fopen (fileName, "r"); - - if (yyin) { - if (!yyparse()) { - table = _wasParsed (fileName); - table->userdb = NULL; - } - fclose (yyin); - } - - return table; -} - -int _hasBeenParsed (char *aclFileName){ - return (_getTable(aclFileName) != NULL); -} - -AVATable* _wasParsed (char *inFileName) { - Parsed *newEntry; - int i; - - if (!inFileName) - return NULL; - - newEntry = (Parsed*) PERM_MALLOC (sizeof(Parsed)); - newEntry->fileName = PERM_STRDUP (inFileName); - newEntry->avaTable = AVATableDup(&entryTable); - - if (parsedFiles.numEntries % ALLOC_SIZE == 0) { - if (parsedFiles.numEntries) { - Parsed **temp; - - temp = PERM_MALLOC (sizeof(Parsed*)*(parsedFiles.numEntries + ALLOC_SIZE)); - if (!temp) - return NULL; - memcpy (temp, parsedFiles.parsedTable, sizeof(Parsed*)*parsedFiles.numEntries); - PERM_FREE (parsedFiles.parsedTable); - parsedFiles.parsedTable = temp; - } else { - parsedFiles.parsedTable = - (Parsed**) PERM_MALLOC (sizeof (Parsed*) * ALLOC_SIZE); - if (!parsedFiles.parsedTable) - return NULL; - } - } - for (i=parsedFiles.numEntries; i > 0; i--) { - if (strcmp(newEntry->fileName,parsedFiles.parsedTable[i-1]->fileName) < 0) { - parsedFiles.parsedTable[i] = parsedFiles.parsedTable[i-1]; - } else { - break; - } - } - parsedFiles.parsedTable[i] = newEntry; - parsedFiles.numEntries++; - -/*Initialize parser structures to resemble that before parse*/ - entryTable.numEntries = 0; - tempEntry.country = tempEntry.company = tempEntry.CNEntry = NULL; - tempEntry.email = tempEntry.locality = tempEntry.state = NULL; - linenum = 1; - - return newEntry->avaTable; -} - -AVAEntry *_deleteAVAEntry (char *group, AVATable *table) { - int removeIndex; - int lh, rh, mid, cmp; - AVAEntry *entry = NULL; - - if (!group || !table) - return NULL; - - lh = 0; - rh = table->numEntries - 1; - - while (lh <= rh) { - mid = lh + ((rh-lh)/2); - cmp = strcmp (group, table->enteredTable[mid]->userid); - if (cmp == SUCCESS) { - removeIndex = mid; - break; - } else if (cmp < SUCCESS) { - rh = mid-1; - } else { - lh = mid+1; - } - } - - if (lh > rh) - return NULL; - - entry = table->enteredTable[removeIndex]; - - memmove ((char*)(table->enteredTable)+(sizeof(AVAEntry*)*removeIndex), - (char*)(table->enteredTable)+(sizeof(AVAEntry*)*(removeIndex+1)), - (table->numEntries - removeIndex - 1)*sizeof(AVAEntry*)); - - (table->numEntries)--; - - return entry; -} - -void AVAEntry_Free (AVAEntry *entry) { - int i; - - if (entry) { - if (entry->userid) - PERM_FREE (entry->userid); - if (entry->CNEntry) - PERM_FREE (entry->CNEntry); - if (entry->email) - PERM_FREE (entry->email); - if (entry->locality) - PERM_FREE (entry->locality); - if (entry->state) - PERM_FREE (entry->state); - if (entry->country) - PERM_FREE (entry->country); - if (entry->company) - PERM_FREE (entry->company); - if (entry->organizations) { - for (i=0; i<entry->numOrgs; i++) - PERM_FREE (entry->organizations[i]); - PERM_FREE(entry->organizations); - } - } -} - -void PrintHeader(FILE *outfile){ - - fprintf (outfile,"/*This file is generated automatically by the admin server\n"); - fprintf (outfile," *Any changes you make manually may be lost if other\n"); - fprintf (outfile," *changes are made through the admin server.\n"); - fprintf (outfile," */\n\n\n"); - -} - -void writeOutEntry (FILE *outfile, AVAEntry *entry) { - int i; - - /*What should I do if the group id is not there?*/ - if (!entry || !(entry->userid)) - report_error (SYSTEM_ERROR, "AVA-DB Failure", - "Bad entry passed to write out function"); - - fprintf (outfile,"%s: {\n", entry->userid); - if (entry->CNEntry) - fprintf (outfile,"\tCN=\"%s\"\n", entry->CNEntry); - if (entry->email) - fprintf (outfile,"\tE=\"%s\"\n", entry->email); - if (entry->company) - fprintf (outfile,"\tO=\"%s\"\n", entry->company); - if (entry->organizations) { - for (i=0; i < entry->numOrgs; i++) { - fprintf (outfile, "\tOU=\"%s\"\n", entry->organizations[i]); - } - } - if (entry->locality) - fprintf (outfile,"\tL=\"%s\"\n",entry->locality); - if (entry->state) - fprintf (outfile,"\tST=\"%s\"\n",entry->state); - if (entry->country) - fprintf (outfile,"\tC=\"%s\"\n", entry->country); - - fprintf (outfile,"}\n\n\n"); - -} - -void writeOutFile (char *authdb, AVATable *table) { - char line[BIG_LINE]; - char mess[200]; - FILE *newfile; - int i; - - sprintf (line, "%s%c%s%c%s.%s", get_authdb_dir(), FILE_PATHSEP, authdb, FILE_PATHSEP, - AUTH_DB_FILE, AVADB_TAG); - - if (!table) { - sprintf (mess, "The structure for file %s was not loaded before writing out", line); - report_error (SYSTEM_ERROR, "Internal Error", mess); - } - - newfile = fopen (line, "w"); - - if (!newfile) { - sprintf (mess, "Could not open file %s for writing.", line); - report_error(FILE_ERROR, "No File", mess); - } - - PrintHeader (newfile); - - for (i=0;i < table->numEntries; i++) { - writeOutEntry (newfile, table->enteredTable[i]); - } - - fclose(newfile); -} - - -void -logerror(char *error,int line,char *file) { - /* paranoia */ - /*ava-mapping is only functin that initializes yy_sn and yy_rq*/ - if ((yy_sn != NULL) && (yy_rq != NULL)) { - log_error (LOG_FAILURE, "ava-mapping", yy_sn, yy_rq, - "Parse error line %d of %s: %s", line, file, error); - } else { - char errMess[250]; - - sprintf (errMess, "Parse error line %d of %s: %s", line, file, error); - report_error (SYSTEM_ERROR, "Failure: Loading AVA-DB Table", errMess); - } -} - - -void outputAVAdbs(char *chosen) { - char *authdbdir = get_authdb_dir(); - char **listings; - int i; - int numListings = 0; - int hasOptions = 0; - - listings = list_auth_dbs(authdbdir); - - while (listings[numListings++] != NULL); - - for (i=0; listings[i] != NULL ; i++) { - if (!hasOptions) { - printf ("<select name=\"%s\"%s onChange=\"form.submit()\">",AVA_DB_SEL, - (numListings > SELECT_OVERFLOW)?"size=5":""); - hasOptions = 1; - } - - printf ("<option value=\"%s\"%s>%s\n",listings[i], - (strcmp(chosen, listings[i]) == 0) ? "SELECTED":"",listings[i]); - } - - if (hasOptions) - printf ("</select>\n"); - else - printf ("<i><b>Insert an AVA-Database entry first</b></i>\n");/*This should never happen, - *since I never create an empty - *avadb file, - *but one never knows - */ - -} diff --git a/lib/libaccess/avascan.l b/lib/libaccess/avascan.l deleted file mode 100644 index 71d4c4fb..00000000 --- a/lib/libaccess/avascan.l +++ /dev/null @@ -1,106 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -%{ - -#include <stdio.h> -#include <ctype.h> -#include <string.h> -#include <stdlib.h> -#include "y.tab.h" -#include "libaccess/ava.h" -#include "netsite.h" - -int linenum = 1; -int first_time = 1; -int old_state; -int num_nested_comments = 0; - -extern AVAEntry tempEntry; -extern AVATable entryTable; - -void strip_quotes(void); - -%} - -%s COMMENT NORM DEFINES DEF_TYPE - -uc_letter [A-Z] -lc_letter [a-z] -digit [0-9] -under_score _ - -letter ([A-Z,a-z]) - -white_space ([ \t]*) -identifier ([_,A-Z,a-z][_,A-Z,a-z,0-9]*) -def_identifier (({white_space}{identifier})+) -text (\"[^\"]*\") -comments (([^"*/"\n])*) - - - -%% - -%{ - if (first_time) { - BEGIN NORM; - first_time = tempEntry.numOrgs = 0; - old_state = NORM; - tempEntry.userid = 0; - tempEntry.country = 0; - tempEntry.CNEntry = 0; - tempEntry.email = 0; - tempEntry.locality = 0; - tempEntry.state = 0; - entryTable.numEntries = 0; - } -%} - - -"/*" {BEGIN COMMENT; num_nested_comments++;} -<COMMENT>"*/" {num_nested_comments--; - if (!num_nested_comments) BEGIN old_state;} -<COMMENT>. {;} - -<NORM>{identifier} {yylval.string = PERM_STRDUP(yytext); - return USER_ID;} -<NORM>":"{white_space}\{ {BEGIN DEF_TYPE; - old_state = DEF_TYPE;} - -<DEF_TYPE>"C" {BEGIN DEFINES; old_state = DEFINES; - return DEF_C; } -<DEF_TYPE>"O" {BEGIN DEFINES; old_state = DEFINES; - return DEF_CO;} -<DEF_TYPE>"OU" {BEGIN DEFINES; old_state = DEFINES; - return DEF_OU;} -<DEF_TYPE>"CN" {BEGIN DEFINES; old_state = DEFINES; - return DEF_CN;} -<DEF_TYPE>"L" {BEGIN DEFINES; old_state = DEFINES; - return DEF_L;} -<DEF_TYPE>"E" {BEGIN DEFINES; old_state = DEFINES; - return DEF_E;} -<DEF_TYPE>"ST" {BEGIN DEFINES; old_state = DEFINES; - return DEF_ST;} -<DEF_TYPE>"}" {BEGIN NORM;old_state = NORM;} - -<DEFINES>= {return EQ_SIGN;} -<DEFINES>{text} {BEGIN DEF_TYPE; old_state = DEF_TYPE; - strip_quotes(); - return DEF_ID;} - -{white_space} {;} -\n {linenum++;} -. {yyerror("Bad input character");} -%% - -int yywrap () { - return 1; -} - -void strip_quotes(void) { - yytext[strlen(yytext)-1]= '\0'; - yylval.string = PERM_STRDUP(&yytext[1]); -} diff --git a/lib/libaccess/lcache.h b/lib/libaccess/lcache.h deleted file mode 100644 index ef176681..00000000 --- a/lib/libaccess/lcache.h +++ /dev/null @@ -1,23 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -#ifndef CACHE_H -#define CACHE_H - -NSPR_BEGIN_EXTERN_C - -extern void ACL_ListHashUpdate(ACLListHandle_t **acllistp); -extern void ACL_Init(void); -extern void ACL_CritEnter(void); -extern void ACL_CritExit(void); -extern ENTRY *ACL_GetUriHash(ENTRY item, ACTION action); -extern int ACL_CacheCheck(char *uri, ACLListHandle_t **acllist_p); -extern void ACL_CacheEnter(char *uri, ACLListHandle_t **acllist_p); -extern void ACL_CacheAbort(ACLListHandle_t **acllist_p); - -NSPR_END_EXTERN_C - -#endif diff --git a/lib/libaccess/leval.h b/lib/libaccess/leval.h deleted file mode 100644 index fcfb6ecc..00000000 --- a/lib/libaccess/leval.h +++ /dev/null @@ -1,18 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -#ifndef LEVAL_H -#define LEVAL_H - -NSPR_BEGIN_EXTERN_C - -int -freeLAS(NSErr_t *errp, char *attribute, void **las_cookie); - -NSPR_END_EXTERN_C - -#endif - diff --git a/lib/libaccess/lparse.h b/lib/libaccess/lparse.h deleted file mode 100644 index b6d3ffa6..00000000 --- a/lib/libaccess/lparse.h +++ /dev/null @@ -1,27 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * This grammar is intended to parse the version 3.0 ACL - * and output an ACLParseACE_t structure. - */ - -#ifndef LPARSE_H -#define LPARSE_H - -#ifdef __cplusplus -extern "C" { -#endif - -extern int aclPushListHandle(ACLListHandle_t *handle); -extern int aclparse(void); - - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/lib/libaccess/nsadb.cpp b/lib/libaccess/nsadb.cpp deleted file mode 100644 index 119111e9..00000000 --- a/lib/libaccess/nsadb.cpp +++ /dev/null @@ -1,582 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * Description (nsadb.c) - * - * This module contains routines for retrieving information from - * a Netscape authentication database. An authentication database - * consists of a user database and a group database. This module - * implements an authentication database based on Netscape user and - * group databases defined in nsuser.h and nsgroup.h, which in turn - * are based on the Netscape (server) database implementation - * defined in nsdb.h. The interface for managing information in - * an authentication database is described separately in nsamgmt.h. - */ - -#include <base/systems.h> -#include <netsite.h> -#include <base/file.h> -#include <base/fsmutex.h> -#include <libaccess/nsdbmgmt.h> -#define __PRIVATE_NSADB -#include <libaccess/nsadb.h> -#include <libaccess/nsuser.h> -#include <libaccess/nsgroup.h> - -/* - * Description (NSADB_AuthIF) - * - * This structure defines a generic authentication database - * interface for this module. It does not currently support - * user/group id lookup. - */ -AuthIF_t NSADB_AuthIF = { - 0, /* find user/group by id */ - nsadbFindByName, /* find user/group by name */ - nsadbIdToName, /* lookup name for user/group id */ - nsadbOpen, /* open a named database */ - nsadbClose, /* close a database */ -}; - -/* - * Description (nsadbClose) - * - * This function closes an authentication database previously opened - * via nsadbOpen(). - * - * Arguments: - * - * authdb - handle returned by nsadbOpen() - * flags - unused (must be zero) - */ - -NSAPI_PUBLIC void nsadbClose(void * authdb, int flags) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - - if (adb->adb_userdb != 0) { - ndbClose(adb->adb_userdb, 0); - } - - if (adb->adb_groupdb != 0) { - ndbClose(adb->adb_groupdb, 0); - } - -#if defined(CLIENT_AUTH) - nsadbCloseCerts(authdb, flags); -#endif - - if (adb->adb_dbname) { - FREE(adb->adb_dbname); - } - - FREE(adb); -} - -/* - * Description (nsadbOpen) - * - * This function is used to open an authentication database. - * The caller specifies a name for the database, which is actually - * the name of a directory containing the files which comprise the - * database. The caller also indicates whether this is a new - * database, in which case it is created. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * adbname - name of this database (directory) - * flags - open flags: - * AIF_CREATE - new database (create) - * rptr - pointer to returned handle - * - * Returns: - * - * A handle for accessing the database is always returned via 'rptr' - * unless there was a shortage of dynamic memory, in which case a - * null handle is returned. The return value of the function is - * 0 if it completes successfully. An error is indicated by a - * negative return value (see nsautherr.h). - */ - -NSAPI_PUBLIC int nsadbOpen(NSErr_t * errp, - char * adbname, int flags, void **rptr) -{ - AuthDB_t * authdb = 0; /* pointer to database descriptor */ - SYS_DIR dbdir; /* database directory handle */ - int eid; /* error id code */ - int rv; /* result value */ - - /* Make sure we have a place to return the database handle */ - if (rptr == 0) goto err_inval; - - /* Allocate the database descriptor */ - authdb = (AuthDB_t *)MALLOC(sizeof(AuthDB_t)); - if (authdb == 0) goto err_nomem; - - /* Return the descriptor pointer as the database handle */ - *rptr = (void *)authdb; - - authdb->adb_dbname = STRDUP(adbname); - authdb->adb_userdb = 0; - authdb->adb_groupdb = 0; -#if defined(CLIENT_AUTH) - authdb->adb_certdb = 0; - authdb->adb_certlock = 0; - authdb->adb_certnm = 0; -#endif - authdb->adb_flags = 0; - - /* See if the database directory exists */ - dbdir = dir_open(adbname); - if (dbdir == 0) { - /* No, create it if this is a new database, else error */ - if (flags & AIF_CREATE) { - rv = dir_create(adbname); - if (rv < 0) goto err_mkdir; - authdb->adb_flags |= ADBF_NEW; - } - else goto err_dopen; - } - else { - /* Ok, it's there */ - dir_close(dbdir); - } - - return 0; - - err_inval: - eid = NSAUERR3000; - rv = NSAERRINVAL; - goto err_ret; - - err_nomem: - /* Error - insufficient dynamic memory */ - eid = NSAUERR3020; - rv = NSAERRNOMEM; - goto err_ret; - - err_ret: - nserrGenerate(errp, rv, eid, NSAuth_Program, 0); - goto punt; - - err_mkdir: - eid = NSAUERR3040; - rv = NSAERRMKDIR; - goto err_dir; - - err_dopen: - eid = NSAUERR3060; - rv = NSAERROPEN; - goto err_dir; - - err_dir: - nserrGenerate(errp, rv, eid, NSAuth_Program, 1, adbname); - goto punt; - - punt: - /* Fatal error - free database descriptor and return null handle */ - if (authdb) { - if (authdb->adb_dbname) { - FREE(authdb->adb_dbname); - } - FREE(authdb); - } - - if (rptr) *rptr = 0; - - return rv; -} - -/* - * Description (nsadbOpenUsers) - * - * This function is called to open the users subdatabase of an - * open authentication database. The caller specifies flags to - * indicate whether read or write access is required. This - * function is normally called only by routines below the - * nsadbOpen() API, in response to perform particular operations - * on user or group objects. If the open is successful, the - * resulting handle is stored in the AuthDB_t structure. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle returned by nsadbOpen() - * flags - open flags: - * ADBF_UREAD - open for read - * ADBF_UWRITE - open for read/write - * Returns: - * - * The return value is zero if the operation is successfully - * completed. An error is indicated by a negative return value - * (see nsautherr.h), and an error frame is generated if an error - * frame list was provided. - */ - -NSAPI_PUBLIC int nsadbOpenUsers(NSErr_t * errp, void * authdb, int flags) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - char * userfn = 0; /* user database name */ - int dblen; /* strlen(adb_dbname) */ - int uversion; /* user database version number */ - int eid; /* error id code */ - int rv; /* result value */ - - if (adb == 0) goto err_inval; - - /* Is the user database already open? */ - if (adb->adb_userdb != 0) { - - /* Yes, is it open for the desired access? */ - if (adb->adb_flags & flags) { - - /* Yes, that was easy */ - return 0; - } - } - else { - - /* We need to open the database */ - - /* Allocate space for the user database filename */ - dblen = strlen(adb->adb_dbname); - - userfn = (char *)MALLOC(dblen + strlen(ADBUSERDBNAME) + 2); - if (userfn == 0) goto err_nomem; - - /* Construct user database name */ - strcpy(userfn, adb->adb_dbname); - - /* Put in a '/' (or '\') if it's not there */ - if (userfn[dblen-1] != FILE_PATHSEP) { - userfn[dblen] = FILE_PATHSEP; - userfn[dblen+1] = 0; - ++dblen; - } - - strcpy(&userfn[dblen], ADBUSERDBNAME); - - adb->adb_userdb = ndbOpen(errp, - userfn, 0, NDB_TYPE_USERDB, &uversion); - if (adb->adb_userdb == 0) goto err_uopen; - - FREE(userfn); - } - - /* - * We don't really reopen the database to get the desired - * access mode, since that is handled at the nsdb level. - * But we do update the flags, just for the record. - */ - adb->adb_flags &= ~(ADBF_UREAD|ADBF_UWRITE); - if (flags & ADBF_UWRITE) adb->adb_flags |= ADBF_UWRITE; - else adb->adb_flags |= ADBF_UREAD; - - return 0; - - err_inval: - eid = NSAUERR3200; - rv = NSAERRINVAL; - goto err_ret; - - err_nomem: - eid = NSAUERR3220; - rv = NSAERRNOMEM; - goto err_ret; - - err_ret: - nserrGenerate(errp, rv, eid, NSAuth_Program, 0); - goto punt; - - err_uopen: - eid = NSAUERR3240; - rv = NSAERROPEN; - nserrGenerate(errp, rv, eid, NSAuth_Program, 1, userfn); - goto punt; - - punt: - return rv; -} - -/* - * Description (nsadbOpenGroups) - * - * This function is called to open the groups subdatabase of an - * open authentication database. The caller specifies flags to - * indicate whether read or write access is required. This - * function is normally called only by routines below the - * nsadbOpen() API, in response to perform particular operations - * on user or group objects. If the open is successful, the - * resulting handle is stored in the AuthDB_t structure. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle returned by nsadbOpen() - * flags - open flags: - * ADBF_GREAD - open for read - * ADBF_GWRITE - open for read/write - * Returns: - * - * The return value is zero if the operation is successfully - * completed. An error is indicated by a negative return value - * (see nsautherr.h), and an error frame is generated if an error - * frame list was provided. - */ - -NSAPI_PUBLIC int nsadbOpenGroups(NSErr_t * errp, void * authdb, int flags) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - char * groupfn = 0; /* group database name */ - int dblen; /* strlen(adb_dbname) */ - int gversion; /* group database version number */ - int eid; /* error id code */ - int rv; /* result value */ - - if (adb == 0) goto err_inval; - - /* Is the group database already open? */ - if (adb->adb_groupdb != 0) { - - /* Yes, is it open for the desired access? */ - if (adb->adb_flags & flags) { - - /* Yes, that was easy */ - return 0; - } - } - else { - - /* We need to open the database */ - - /* Allocate space for the group database filename */ - dblen = strlen(adb->adb_dbname); - - groupfn = (char *)MALLOC(dblen + strlen(ADBGROUPDBNAME) + 2); - if (groupfn == 0) goto err_nomem; - - /* Construct group database name */ - strcpy(groupfn, adb->adb_dbname); - - /* Put in a '/' (or '\') if it's not there */ - if (groupfn[dblen-1] != FILE_PATHSEP) { - groupfn[dblen] = FILE_PATHSEP; - groupfn[dblen+1] = 0; - ++dblen; - } - - strcpy(&groupfn[dblen], ADBGROUPDBNAME); - - adb->adb_groupdb = ndbOpen(errp, - groupfn, 0, NDB_TYPE_GROUPDB, &gversion); - if (adb->adb_groupdb == 0) goto err_gopen; - - FREE(groupfn); - } - - /* - * We don't really reopen the database to get the desired - * access mode, since that is handled at the nsdb level. - * But we do update the flags, just for the record. - */ - adb->adb_flags &= ~(ADBF_GREAD|ADBF_GWRITE); - if (flags & ADBF_GWRITE) adb->adb_flags |= ADBF_GWRITE; - else adb->adb_flags |= ADBF_GREAD; - - return 0; - - err_inval: - eid = NSAUERR3300; - rv = NSAERRINVAL; - goto err_ret; - - err_nomem: - eid = NSAUERR3320; - rv = NSAERRNOMEM; - goto err_ret; - - err_ret: - nserrGenerate(errp, rv, eid, NSAuth_Program, 0); - goto punt; - - err_gopen: - eid = NSAUERR3340; - rv = NSAERROPEN; - nserrGenerate(errp, rv, eid, NSAuth_Program, 1, groupfn); - goto punt; - - punt: - return rv; -} - -/* - * Description (nsadbIdToName) - * - * This function looks up a specified user or group id in the - * authentication database. The name associated with the specified - * id is returned. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle returned by nsadbOpen() - * id - user or group id - * flags - AIF_USER or AIF_GROUP (defined in nsauth.h) - * rptr - pointer to returned group or user name - * - * Returns: - * - * The return value is zero if no error occurs, - * A negative return value indicates an error. - */ - -NSAPI_PUBLIC int nsadbIdToName(NSErr_t * errp, - void * authdb, USI_t id, int flags, char **rptr) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - void * whichdb = 0; - char * name; - int rv; - - if (rptr != 0) *rptr = 0; - - /* Decide whether to use user or group database */ - if (flags & AIF_USER) { - - whichdb = adb->adb_userdb; - if (whichdb == 0) { - rv = nsadbOpenUsers(errp, authdb, ADBF_UREAD); - if (rv < 0) goto punt; - whichdb = adb->adb_userdb; - } - } - else if (flags & AIF_GROUP) { - - whichdb = adb->adb_groupdb; - if (whichdb == 0) { - rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD); - if (rv < 0) goto punt; - whichdb = adb->adb_groupdb; - } - } - - if (whichdb != 0) { - - /* Get the name corresponding to the id */ - rv = ndbIdToName(errp, whichdb, id, 0, &name); - if (rv < 0) goto punt; - - if ((rptr != 0)) *rptr = name; - rv = 0; - } - - punt: - return rv; -} - -/* - * Description (nsadbFindByName) - * - * This function looks up a specified name in the authentication - * database. Flags specified by the caller indicate whether a - * group name, user name, or either should be found. The caller - * may optionally provide for the return of a user or group object - * pointer, in which case the information associated with a - * matching group or user is used to create a group or user object. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle returned by nsadbOpen() - * name - name of group or user - * flags - search flags (defined in nsauth.h) - * rptr - pointer to returned group or user - * object pointer (may be null) - * - * Returns: - * - * The return value is a non-negative value if no error occurs, - * and the value indicates whether the name matched a group or - * user: - * - * AIF_NONE - name did not match a group or user name - * AIF_GROUP - name matched a group name - * AIF_USER - name matched a user name - * - * If the value is AIF_GROUP or AIF_USER, and rptr is non-null, - * then a group or user object is created, and a pointer to it is - * returned in the location indicated by rptr. - * - * A negative return value indicates an error. - */ - -NSAPI_PUBLIC int nsadbFindByName(NSErr_t * errp, void * authdb, - char * name, int flags, void **rptr) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - ATR_t recptr; - int reclen; - int rv; - - if (rptr != 0) *rptr = 0; - - /* Search for group name? */ - if (flags & AIF_GROUP) { - - if (adb->adb_groupdb == 0) { - rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD); - if (rv < 0) goto punt; - } - - /* Look up the name in the group database */ - rv = ndbFindName(errp, adb->adb_groupdb, 0, (char *)name, - &reclen, (char **)&recptr); - if (rv == 0) { - - /* Found it. Make a group object if requested. */ - if (rptr != 0) { - - /* Got the group record. Decode into a group object. */ - *rptr = (void *)groupDecode((NTS_t)name, reclen, recptr); - } - - return AIF_GROUP; - } - } - - /* Search for user name? */ - if (flags & AIF_USER) { - - if (adb->adb_userdb == 0) { - rv = nsadbOpenUsers(errp, authdb, ADBF_UREAD); - if (rv < 0) goto punt; - } - - /* Look up the name in the user database */ - rv = ndbFindName(errp, adb->adb_userdb, 0, (char *)name, - &reclen, (char **)&recptr); - if (rv == 0) { - - /* Found it. Make a user object if requested. */ - if (rptr != 0) { - - /* Got the user record. Decode into a user object. */ - *rptr = (void *)userDecode((NTS_t)name, reclen, recptr); - } - - return AIF_USER; - } - } - - /* Nothing found */ - nserrDispose(errp); - return AIF_NONE; - - punt: - return rv; -} diff --git a/lib/libaccess/nsamgmt.cpp b/lib/libaccess/nsamgmt.cpp deleted file mode 100644 index f2bc93e7..00000000 --- a/lib/libaccess/nsamgmt.cpp +++ /dev/null @@ -1,1567 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * Description (nsamgmt.c) - * - * This module contains routines for managing information in a - * Netscape authentication database. An authentication database - * consists of a user database and a group database. This module - * implements an authentication database based on Netscape user and - * group databases defined in nsuser.h and nsgroup.h, which in turn - * are based on the Netscape (server) database implementation - * defined in nsdb.h. The interface for retrieving information - * from an authentication database is described separately in - * nsadb.h. - */ - -#include "base/systems.h" -#include "netsite.h" -#include "base/file.h" -#define __PRIVATE_NSADB -#include "libaccess/nsamgmt.h" -#include "libaccess/nsumgmt.h" -#include "libaccess/nsgmgmt.h" - -/* - * Description (nsadbEnumUsersHelp) - * - * This is a local function that is called by NSDB during user - * database enumeration. It decodes user records into user - * objects, and presents them to the caller of nsadbEnumerateUsers(), - * via the specified call-back function. The call-back function - * return value may be a negative error code, which will cause - * enumeration to stop, and the error code will be returned from - * nsadbEnumerateUsers(). If the return value of the call-back - * function is not negative, it can contain one or more of the - * following flags: - * - * ADBF_KEEPOBJ - do not free the UserObj_t structure - * that was passed to the call-back function - * ADBF_STOPENUM - stop the enumeration without an error - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * parg - pointer to UserEnumArgs_t structure - * namelen - user record key length including null - * terminator - * name - user record key (user account name) - * reclen - length of user record - * recptr - pointer to user record contents - * - * Returns: - * - * If the call-back returns a negative result, that value is - * returned. If the call-back returns ADBF_STOPENUM, then - * -1 is returned, causing the enumeration to stop. Otherwise - * the return value is zero. - */ - -typedef struct EnumUserArgs_s EnumUserArgs_t; -struct EnumUserArgs_s { - void * authdb; - int (*func)(NSErr_t * ferrp, - void * authdb, void * argp, UserObj_t * uoptr); - void * user; - int rv; -}; - -static int nsadbEnumUsersHelp(NSErr_t * errp, void * parg, - int namelen, char * name, - int reclen, char * recptr) -{ - EnumUserArgs_t * ue = (EnumUserArgs_t *)parg; - UserObj_t * uoptr; /* user object pointer */ - int rv; - - uoptr = userDecode((NTS_t)name, reclen, (ATR_t)recptr); - if (uoptr != 0) { - rv = (*ue->func)(errp, ue->authdb, ue->user, uoptr); - if (rv >= 0) { - - /* Count the number of users seen */ - ue->rv += 1; - - /* Free the user object unless the call-back says not to */ - if (!(rv & ADBF_KEEPOBJ)) { - userFree(uoptr); - } - /* Return either 0 or -1, depending on ADBF_STOPENUM */ - rv = (rv & ADBF_STOPENUM) ? -1 : 0; - } - else { - /* Free the user object in the event of an error */ - userFree(uoptr); - - /* Also return the error code */ - ue->rv = rv; - } - } - - return rv; -} - -/* - * Description (nsadbEnumGroupsHelp) - * - * This is a local function that is called by NSDB during group - * database enumeration. It decodes group records into group - * objects, and presents them to the caller of nsadbEnumerateGroups(), - * via the specified call-back function. The call-back function - * return value may be a negative error code, which will cause - * enumeration to stop, and the error code will be returned from - * nsadbEnumerateGroups(). If the return value of the call-back - * function is not negative, it can contain one or more of the - * following flags: - * - * ADBF_KEEPOBJ - do not free the GroupObj_t structure - * that was passed to the call-back function - * ADBF_STOPENUM - stop the enumeration without an error - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * parg - pointer to GroupEnumArgs_t structure - * namelen - group record key length including null - * terminator - * name - group record key (group name) - * reclen - length of group record - * recptr - pointer to group record contents - * - * Returns: - * - * If the call-back returns a negative result, that value is - * returned. If the call-back returns ADBF_STOPENUM, then - * -1 is returned, causing the enumeration to stop. Otherwise - * the return value is zero. - */ - -typedef struct EnumGroupArgs_s EnumGroupArgs_t; -struct EnumGroupArgs_s { - void * authdb; - int (*func)(NSErr_t * ferrp, - void * authdb, void * argp, GroupObj_t * goptr); - void * user; - int rv; -}; - -static int nsadbEnumGroupsHelp(NSErr_t * errp, void * parg, - int namelen, char * name, - int reclen, char * recptr) -{ - EnumGroupArgs_t * eg = (EnumGroupArgs_t *)parg; - GroupObj_t * goptr; /* group object pointer */ - int rv; - - goptr = groupDecode((NTS_t)name, reclen, (ATR_t)recptr); - if (goptr != 0) { - rv = (*eg->func)(errp, eg->authdb, eg->user, goptr); - if (rv >= 0) { - - /* Count the number of groups seen */ - eg->rv += 1; - - /* Free the group object unless the call-back says not to */ - if (!(rv & ADBF_KEEPOBJ)) { - groupFree(goptr); - } - /* Return either 0 or -1, depending on ADBF_STOPENUM */ - rv = (rv & ADBF_STOPENUM) ? -1 : 0; - } - else { - /* Free the group object in the event of an error */ - groupFree(goptr); - - /* Also return the error code */ - eg->rv = rv; - } - } - - return rv; -} - -NSPR_BEGIN_EXTERN_C - -/* - * Description (nsadbAddGroupToGroup) - * - * This function adds a child group, C, to the definition of a - * parent group P. This involves updating the group entries of - * C and P in the group database. It also involves updating - * the group lists of any user descendants of C, to reflect the - * fact that these users are now members of P and P's ancestors. - * A check is made for an attempt to create a cycle in the group - * hierarchy, and this is rejected as an error. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * pgoptr - pointer to parent group object - * cgoptr - pointer to child group object - * - * Returns: - * - * The return value is zero if group C was not already a direct - * member of group P, and was added successfully. A return value - * of +1 indicates that group C was already a direct member of - * group P. A negative return value indicates an error. - */ - -NSAPI_PUBLIC int nsadbAddGroupToGroup(NSErr_t * errp, void * authdb, - GroupObj_t * pgoptr, GroupObj_t * cgoptr) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - USIList_t gsuper; /* list of ancestors of group P */ - USIList_t dglist; /* descendant groups of C */ - GroupObj_t * dgoptr; /* descendant group object pointer */ - UserObj_t * uoptr; /* user object pointer */ - USI_t id; /* current descendant group id */ - int usercount; /* count of users for descendant */ - USI_t * userlist; /* pointer to array of descendant user ids */ - USI_t * idlist; /* pointer to array of descendant group ids */ - int pass; /* loop pass number */ - int i; /* loop index */ - int rv; /* result value */ - - /* Is C a direct member of P already? */ - if (usiPresent(&pgoptr->go_groups, cgoptr->go_gid)) { - /* Yes, indicate that */ - return 0; - } - - dgoptr = 0; - uoptr = 0; - - /* Initialize a list of the group descendants of group C */ - UILINIT(&dglist); - - /* Initialize a list of P and its ancestors */ - UILINIT(&gsuper); - - /* Add P to the ancestor list */ - rv = usiInsert(&gsuper, pgoptr->go_gid); - if (rv < 0) goto punt; - - /* Open user database since the group lists of users may be modified */ - rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE); - if (rv < 0) goto punt; - - /* Open group database since group entries will be modified */ - rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE); - if (rv < 0) goto punt; - - /* Merge all the ancestors of group P into the list */ - rv = nsadbSuperGroups(errp, authdb, pgoptr, &gsuper); - if (rv < 0) goto punt; - - /* - * Each pass through the following loop visits C and all of C's - * descendant groups. - * - * The first pass checks to see if making group C a member of - * group P would create a cycle in the group structure. It does - * this by examining C and all of its dependents to see if any - * appear in the list containing P and P's ancestors. - * - * The second pass updates the group lists of all users contained - * in group C to include P and P's ancestors. - */ - - for (pass = 1; pass < 3; ++pass) { - - /* Use the group C as the first descendant */ - id = cgoptr->go_gid; - dgoptr = cgoptr; - - for (;;) { - - if (pass == 1) { - /* - * Check for attempt to create a cycle in the group - * hierarchy. See if this descendant is a member of - * the list of P and P's ancestors (gsuper). - */ - if (usiPresent(&gsuper, id)) { - /* - * Error - operation would create a cycle - * in the group structure. - */ - return -1; - } - } - else { - - /* - * Merge the list of ancestors of P (gsuper) with the - * group lists of any direct user members of the current - * descendant group, referenced by dgoptr. - */ - - /* Get direct user member list size and pointer */ - usercount = UILCOUNT(&dgoptr->go_users); - userlist = UILLIST(&dgoptr->go_users); - - /* For each direct user member of this descendant ... */ - for (i = 0; i < usercount; ++i) { - - /* Get a user object for the user */ - uoptr = userFindByUid(errp, - adb->adb_userdb, userlist[i]); - if (uoptr == 0) { - /* - * Error - user not found, - * databases are inconsistent. - */ - rv = -1; - goto punt; - } - - /* Merge gsuper into the user's group list */ - rv = uilMerge(&uoptr->uo_groups, &gsuper); - if (rv < 0) goto punt; - - /* Write out the user object */ - uoptr->uo_flags |= UOF_MODIFIED; - rv = userStore(errp, adb->adb_userdb, 0, uoptr); - if (rv) goto punt; - - /* Free the user object */ - userFree(uoptr); - uoptr = 0; - } - } - - /* - * Merge the direct member groups of the current descendant - * group into the list of descendants to be processed. - */ - rv = uilMerge(&dglist, &dgoptr->go_groups); - if (rv < 0) goto punt; - - /* Free the group object for the current descendant */ - if (dgoptr != cgoptr) { - groupFree(dgoptr); - dgoptr = 0; - } - - /* Exit the loop if the descendant list is empty */ - if (UILCOUNT(&dglist) <= 0) break; - - /* Otherwise remove the next descendant from the list */ - idlist = UILLIST(&dglist); - id = idlist[0]; - rv = usiRemove(&dglist, id); - if (rv < 0) goto punt; - - /* Now get a group object for this descendant group */ - dgoptr = groupFindByGid(errp, adb->adb_groupdb, id); - if (dgoptr == 0) { - /* Error - group not found, databases are inconsistent */ - rv = -1; - goto punt; - } - } - } - - /* Now add C to P's list of member groups */ - rv = usiInsert(&pgoptr->go_groups, cgoptr->go_gid); - if (rv < 0) goto punt; - - /* Add P to C's list of parent groups */ - rv = usiInsert(&cgoptr->go_pgroups, pgoptr->go_gid); - if (rv < 0) goto punt; - - /* Update the database entry for group C */ - cgoptr->go_flags |= GOF_MODIFIED; - rv = groupStore(errp, adb->adb_groupdb, 0, cgoptr); - if (rv) goto punt; - - /* Update the database entry for group P */ - pgoptr->go_flags |= GOF_MODIFIED; - rv = groupStore(errp, adb->adb_groupdb, 0, pgoptr); - - return rv; - - punt: - /* Handle errors */ - UILFREE(&gsuper); - UILFREE(&dglist); - if (dgoptr) { - groupFree(dgoptr); - } - if (uoptr) { - userFree(uoptr); - } - return rv; -} - -/* - * Description (nsadbAddUserToGroup) - * - * This function adds a user to a group definition. This involves - * updating the group entry in the group database, and the user - * entry in the user database. The caller provides a pointer to - * a user object for the user to be added, a pointer to a group - * object for the group being modified, and a handle for the - * authentication databases (from nsadbOpen()). - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * goptr - pointer to group object - * uoptr - pointer to user object - * - * Returns: - * - * The return value is zero if the user was not already a direct - * member of the group, and was added successfully. A return value - * of +1 indicates that the user was already a direct member of the - * group. A negative return value indicates an error. - */ - -NSAPI_PUBLIC int nsadbAddUserToGroup(NSErr_t * errp, void * authdb, - GroupObj_t * goptr, UserObj_t * uoptr) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - USIList_t nglist; /* new group list for specified user */ - USIList_t gsuper; /* groups containing+ the specified group */ - GroupObj_t * aoptr; /* group object for 'id' group */ - USI_t * idlist; /* pointer to gsuper gid array */ - USI_t id; /* current gid from gsuper */ - int rv; /* result value */ - - /* Is the user already a direct member of the group? */ - if (usiPresent(&goptr->go_users, uoptr->uo_uid)) { - - /* Yes, nothing to do */ - return 1; - } - - /* - * The user object contains a list of all of the groups that contain - * the user, either directly or indirectly. We need to add the - * specified group and its ancestors to this list. Each group contains - * a list of the group's parents, which is used to locate all of the - * group's ancestors. As an optimization, we need not consider any - * ancestors which are already on the user's current group list. - */ - - /* - * The following loop will deal with two lists of group ids. One - * is the list that will become the new group list for the user, - * which is initialized to the user's current group list. The other - * is a list of ancestors of the group to be considered for addition - * to the user's group list. This list is initialized to the specified - * group. - */ - - /* Initialize both lists to be empty */ - UILINIT(&nglist); - UILINIT(&gsuper); - - /* Make a copy of the user's current group list */ - rv = uilDuplicate(&nglist, &uoptr->uo_groups); - if (rv < 0) goto punt; - - /* Start the other list with the specified group */ - rv = usiInsert(&gsuper, goptr->go_gid); - if (rv < 0) goto punt; - - /* Open user database since the group lists of users may be modified */ - rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE); - if (rv < 0) goto punt; - - /* Open group database since group entries will be modified */ - rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE); - if (rv < 0) goto punt; - - /* While entries remain on the ancestor list */ - while (UILCOUNT(&gsuper) > 0) { - - /* Get pointer to array of ancestor group ids */ - idlist = UILLIST(&gsuper); - - /* Remove the first ancestor */ - id = idlist[0]; - usiRemove(&gsuper, id); - - /* Is the ancestor on the user's current group list? */ - if (!usiPresent(&uoptr->uo_groups, id)) { - - /* No, add its parents to the ancestor list */ - - /* Look up the ancestor group (get a group object for it) */ - aoptr = groupFindByGid(errp, adb->adb_groupdb, id); - if (aoptr == 0) { - /* Error - group not found, database inconsistent */ - rv = -1; - goto punt; - } - - /* Merge the ancestors parents into the ancestor list */ - rv = uilMerge(&gsuper, &aoptr->go_pgroups); - - /* Lose the ancestor group object */ - groupFree(aoptr); - - /* See if the merge worked */ - if (rv < 0) goto punt; - } - - /* Add the ancestor to the new group list for the user */ - rv = usiInsert(&nglist, id); - if (rv < 0) goto punt; - } - - /* Add the user to the group's user member list */ - rv = usiInsert(&goptr->go_users, uoptr->uo_uid); - if (rv < 0) goto punt; - - /* Replace the user's group list with the new one */ - UILREPLACE(&uoptr->uo_groups, &nglist); - - /* Write out the updated user object */ - uoptr->uo_flags |= UOF_MODIFIED; - rv = userStore(errp, adb->adb_userdb, 0, uoptr); - if (rv < 0) goto punt; - - /* Write out the updated group object */ - goptr->go_flags |= GOF_MODIFIED; - rv = groupStore(errp, adb->adb_groupdb, 0, goptr); - - return rv; - - punt: - /* Handle error */ - - /* Free ancestor and new group lists */ - UILFREE(&nglist); - UILFREE(&gsuper); - - return rv; -} - -/* - * Description (nsadbCreateGroup) - * - * This function creates a new group in a specified authentication - * database. The group is described by a group object. A group - * object can be created by calling nsadbGroupNew(). - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * goptr - pointer to group object - * - * Returns: - */ - -NSAPI_PUBLIC int nsadbCreateGroup(NSErr_t * errp, void * authdb, GroupObj_t * goptr) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - int rv; - - /* Open the group database for write access */ - rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE); - if (rv < 0) goto punt; - - /* Add this group to the database */ - rv = groupStore(errp, adb->adb_groupdb, 0, goptr); - - punt: - return rv; -} - -/* - * Description (nsadbCreateUser) - * - * This function creates a new user in a specified authentication - * database. The user is described by a user object. A user - * object can be created by calling nsadbUserNew(). - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * uoptr - pointer to user object - * - * Returns: - */ - -NSAPI_PUBLIC int nsadbCreateUser(NSErr_t * errp, void * authdb, UserObj_t * uoptr) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - int rv; - - /* Open the user database for write access */ - rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE); - if (rv < 0) goto punt; - - /* Add this user to the database */ - rv = userStore(errp, adb->adb_userdb, 0, uoptr); - - punt: - return rv; -} - -/* - * Description (nsadbEnumerateUsers) - * - * This function is called to enumerate all of the users in a - * given authentication database to a call-back function specified - * by the caller. The call-back function is provided with a - * handle for the authentication database, an opaque value provided - * by the caller, and a pointer to a user object. See the - * description of nsadbEnumUsersHelp above for the interpretation - * of the call-back function's return value. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * argp - opaque value for call-back function - * func - pointer to call-back function - * - * Returns: - * - * If the call-back function returns a negative error code, this - * value is returned. A negative value may also be returned if - * nsadb encounters an error. Otherwise the result is the number - * of users enumerated. - */ - -NSAPI_PUBLIC int nsadbEnumerateUsers(NSErr_t * errp, void * authdb, void * argp, -#ifdef UnixWare - ArgFn_EnumUsers func) /* for ANSI C++ standard, see nsamgmt.h */ -#else - int (*func)(NSErr_t * ferrp, void * authdb, void * parg, UserObj_t * uoptr)) -#endif -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - EnumUserArgs_t args; /* arguments for enumeration helper */ - int rv; /* result value */ - - /* Open the users subdatabase for read access */ - rv = nsadbOpenUsers(errp, authdb, ADBF_UREAD); - if (rv < 0) goto punt; - - args.authdb = authdb; - args.func = func; - args.user = argp; - args.rv = 0; - - rv = ndbEnumerate(errp, adb->adb_userdb, - NDBF_ENUMNORM, (void *)&args, nsadbEnumUsersHelp); - if (rv < 0) goto punt; - - rv = args.rv; - - punt: - return rv; -} - -/* - * Description (nsadbEnumerateGroups) - * - * This function is called to enumerate all of the groups in a - * given authentication database to a call-back function specified - * by the caller. The call-back function is provided with a - * handle for the authentication database, an opaque value provided - * by the caller, and a pointer to a group object. See the - * description of nsadbEnumGroupsHelp above for the interpretation - * of the call-back function's return value. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * argp - opaque value for call-back function - * func - pointer to call-back function - * - * Returns: - * - * If the call-back function returns a negative error code, this - * value is returned. A negative value may also be returned if - * nsadb encounters an error. Otherwise the result is the number - * of groups enumerated. - */ - -NSAPI_PUBLIC int nsadbEnumerateGroups(NSErr_t * errp, void * authdb, void * argp, -#ifdef UnixWare - ArgFn_EnumGroups func) /* for ANSI C++ standard, see nsamgmt.h */ -#else - int (*func)(NSErr_t * ferrp, void * authdb, void * parg, GroupObj_t * goptr)) -#endif -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - EnumGroupArgs_t args; - int rv; /* result value */ - - /* Open group database for read access */ - rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD); - if (rv < 0) goto punt; - - args.authdb = authdb; - args.func = func; - args.user = argp; - args.rv = 0; - - rv = ndbEnumerate(errp, adb->adb_groupdb, - NDBF_ENUMNORM, (void *)&args, nsadbEnumGroupsHelp); - if (rv < 0) goto punt; - - rv = args.rv; - - punt: - return rv; -} - -/* - * Description (nsadbIsUserInGroup) - * - * This function tests whether a given user id is a member of the - * group associated with a specified group id. The caller may - * provide a list of group ids for groups to which the user is - * already known to belong, and this may speed up the check. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * uid - user id - * gid - group id - * ngroups - number of group ids in grplist - * grplist - groups the user is known to belong to - * - * Returns: - * - * The return value is +1 if the user is found to belong to the - * indicated group, or 0 if the user does not belong to the group. - * An error is indicated by a negative return value. - */ - -NSAPI_PUBLIC int nsadbIsUserInGroup(NSErr_t * errp, void * authdb, - USI_t uid, USI_t gid, int ngroups, USI_t * grplist) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - USIList_t dglist; /* descendant group list */ - GroupObj_t * goptr = 0; /* group object pointer */ - USI_t * idlist; /* pointer to array of group ids */ - USI_t tgid; /* test group id */ - int i; /* loop index */ - int rv; /* result value */ - - UILINIT(&dglist); - - /* Open group database for read access */ - rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD); - if (rv < 0) goto punt; - - for (tgid = gid;;) { - - /* Get a group object for this group id */ - goptr = groupFindByGid(errp, adb->adb_groupdb, tgid); - if (goptr == 0) { - /* Error - group id not found, databases are inconsistent */ - rv = -1; - goto punt; - } - - /* Is the user a direct member of this group? */ - if (usiPresent(&goptr->go_users, uid)) goto is_member; - - /* - * Is there any group to which the user is already known to - * belong that is a direct group member of this group? If so, - * the user is also a member of this group. - */ - - /* Scan list of groups to which the user is known to belong */ - for (i = 0; i < ngroups; ++i) { - - if (usiPresent(&goptr->go_groups, grplist[i])) goto is_member; - } - - /* Merge group member list of this group with descendants list */ - rv = uilMerge(&dglist, &goptr->go_groups); - if (rv < 0) goto punt; - - /* - * If descendants list is empty, the user is not contained in - * the specified group. - */ - if (UILCOUNT(&dglist) <= 0) { - rv = 0; - goto punt; - } - - /* Remove the next id from the descendants list */ - idlist = UILLIST(&dglist); - tgid = idlist[0]; - - rv = usiRemove(&dglist, tgid); - if (rv < 0) goto punt; - - groupFree(goptr); - goptr = 0; - } - - is_member: - rv = 1; - - punt: - if (goptr) { - groupFree(goptr); - } - UILFREE(&dglist); - return rv; -} - -/* - * Description (nsadbModifyGroup) - * - * This function is called to write modifications to a group to - * a specified authentication database. The group is assumed to - * already exist in the database. Information about the group - * is passed in a group object. This function should not be used - * to alter the lists of group members or parents. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * goptr - pointer to modified group object - * - * Returns: - * - * The return value is zero if the group information is successfully - * updated. An error is indicated by a negative return value, and - * an error frame is generated if an error frame list is provided. - */ - -NSAPI_PUBLIC int nsadbModifyGroup(NSErr_t * errp, void * authdb, GroupObj_t * goptr) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - int rv; - - rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE); - if (rv < 0) goto punt; - - rv = groupStore(errp, adb->adb_groupdb, 0, goptr); - - punt: - return rv; -} - -/* - * Description (nsadbModifyUser) - * - * This function is called to write modifications to a user to - * a specified authentication database. The user is assumed to - * already exist in the database. Information about the user - * is passed in a user object. This function should not be used - * to modify the list of groups which contain the user. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * uoptr - pointer to modified user object - * - * Returns: - * - * The return value is zero if the user information is successfully - * updated. An error is indicated by a negative return value, and - * an error frame is generated if an error frame list is provided. - */ - -NSAPI_PUBLIC int nsadbModifyUser(NSErr_t * errp, void * authdb, UserObj_t * uoptr) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - int rv; - - rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE); - if (rv < 0) goto punt; - - rv = userStore(errp, adb->adb_userdb, 0, uoptr); - - punt: - return rv; -} - -/* - * Description (nsadbRemoveGroup) - * - * This function is called to remove a given group name from - * a specified authentication database. This can cause updates - * to both the user and group subdatabases. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * name - pointer to name of group to remove - * - * Returns: - * - * The return value is zero if the group information is successfully - * removed. An error is indicated by a negative return value, and - * an error frame is generated if an error frame list is provided. - */ - -NSAPI_PUBLIC int nsadbRemoveGroup(NSErr_t * errp, void * authdb, char * name) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - UserObj_t * uoptr = 0; /* user object pointer */ - GroupObj_t * goptr = 0; /* group object pointer */ - GroupObj_t * ogoptr = 0; /* other group object pointer */ - char * ugname; /* user or group name */ - USI_t * list; /* pointer into user/group id list */ - int cnt; /* count of user or group ids */ - int i; /* loop index */ - int eid; /* error id code */ - int rv; /* result value */ - - /* Open the groups subdatabase for write access */ - rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE); - if (rv < 0) goto punt; - - /* Look up the group to be removed, and get a group object */ - rv = nsadbFindByName(errp, authdb, name, AIF_GROUP, (void **)&goptr); - if (rv != AIF_GROUP) { - if (rv < 0) goto punt; - goto err_nogroup; - } - - /* Mark the group for delete */ - goptr->go_flags |= GOF_DELPEND; - - /* Does the specified group belong to any groups? */ - cnt = UILCOUNT(&goptr->go_pgroups); - if (cnt > 0) { - - /* Yes, for each parent group ... */ - for (i = 0; i < cnt; ++i) { - - /* Note that nsadbRemGroupFromGroup() will shrink this list */ - list = UILLIST(&goptr->go_pgroups); - - /* Get group name associated with the group id */ - rv = nsadbIdToName(errp, authdb, *list, AIF_GROUP, &ugname); - if (rv < 0) goto punt; - - /* Look up the group by name and get a group object for it */ - rv = nsadbFindByName(errp, - authdb, ugname, AIF_GROUP, (void **)&ogoptr); - if (rv < 0) goto punt; - - /* Remove the specified group from the parent group */ - rv = nsadbRemGroupFromGroup(errp, authdb, ogoptr, goptr); - if (rv < 0) goto punt; - - /* Free the parent group object */ - groupFree(ogoptr); - ogoptr = 0; - } - } - - /* Are there any group members of this group? */ - cnt = UILCOUNT(&goptr->go_groups); - if (cnt > 0) { - - /* For each group member of the group ... */ - - for (i = 0; i < cnt; ++i) { - - /* Note that nsadbRemGroupFromGroup() will shrink this list */ - list = UILLIST(&goptr->go_groups); - - /* Get group name associated with the group id */ - rv = nsadbIdToName(errp, authdb, *list, AIF_GROUP, &ugname); - if (rv < 0) goto punt; - - /* Look up the group by name and get a group object for it */ - rv = nsadbFindByName(errp, - authdb, ugname, AIF_GROUP, (void **)&ogoptr); - if (rv < 0) goto punt; - - /* Remove member group from the specified group */ - rv = nsadbRemGroupFromGroup(errp, authdb, goptr, ogoptr); - if (rv < 0) goto punt; - - /* Free the member group object */ - groupFree(ogoptr); - ogoptr = 0; - } - } - - /* Are there any direct user members of this group? */ - cnt = UILCOUNT(&goptr->go_users); - if (cnt > 0) { - - /* Yes, open users subdatabase for write access */ - rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE); - if (rv < 0) goto punt; - - /* For each user member of the group ... */ - for (i = 0; i < cnt; ++i) { - - /* Note that nsadbRemUserFromGroup() will shrink this list */ - list = UILLIST(&goptr->go_users); - - /* Get user name associated with the user id */ - rv = nsadbIdToName(errp, authdb, *list, AIF_USER, &ugname); - if (rv < 0) goto punt; - - /* Look up the user by name and get a user object for it */ - rv = nsadbFindByName(errp, - authdb, ugname, AIF_USER, (void **)&uoptr); - if (rv < 0) goto punt; - - /* Remove user from the group */ - rv = nsadbRemUserFromGroup(errp, authdb, goptr, uoptr); - if (rv < 0) goto punt; - - /* Free the member user object */ - userFree(uoptr); - uoptr = 0; - } - } - - /* Free the group object for the specified group */ - groupFree(goptr); - goptr = 0; - - /* Now we can remove the group entry */ - rv = groupRemove(errp, adb->adb_groupdb, 0, (NTS_t)name); - - return rv; - - err_nogroup: - eid = NSAUERR4100; - rv = NSAERRNAME; - nserrGenerate(errp, rv, eid, NSAuth_Program, 2, adb->adb_dbname, name); - goto punt; - - punt: - /* Free any user or group objects that we created */ - if (ogoptr != 0) { - groupFree(ogoptr); - } - if (uoptr != 0) { - userFree(uoptr); - } - if (goptr != 0) { - groupFree(goptr); - } - return rv; -} - -/* - * Description (nsadbRemoveUser) - * - * This function is called to remove a given user name from - * a specified authentication database. This can cause updates - * to both the user and user subdatabases. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * name - pointer to name of user to remove - * - * Returns: - * - * The return value is zero if the user information is successfully - * removed. An error is indicated by a negative return value, and - * an error frame is generated if an error frame list is provided. - */ - -NSAPI_PUBLIC int nsadbRemoveUser(NSErr_t * errp, void * authdb, char * name) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - UserObj_t * uoptr = 0; /* user object pointer */ - GroupObj_t * goptr = 0; /* group object pointer */ - char * gname; /* group name */ - USI_t * list; /* pointer into group id list */ - int gcnt; /* number of groups containing user */ - int i; /* loop index */ - int eid; /* error id code */ - int rv; /* result value */ - - /* Open the users subdatabase for write access */ - rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE); - if (rv < 0) goto punt; - - /* Look up the user to be removed, and get a user object */ - rv = nsadbFindByName(errp, authdb, name, AIF_USER, (void **)&uoptr); - if (rv != AIF_USER) { - if (rv < 0) goto punt; - goto err_nouser; - } - - /* Mark the user for delete */ - uoptr->uo_flags |= UOF_DELPEND; - - /* Does this user belong to any groups? */ - gcnt = UILCOUNT(&uoptr->uo_groups); - if (gcnt > 0) { - - /* Yes, get pointer to list of group ids */ - list = UILLIST(&uoptr->uo_groups); - - /* Open groups subdatabase for write access */ - rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE); - if (rv < 0) goto punt; - - /* For each group that the user belongs to ... */ - for (i = 0; i < gcnt; ++i) { - - /* Get group name associated with the group id */ - rv = nsadbIdToName(errp, authdb, *list, AIF_GROUP, &gname); - if (rv < 0) goto punt; - - /* Look up the group by name and get a group object for it */ - rv = nsadbFindByName(errp, - authdb, gname, AIF_GROUP, (void **)&goptr); - if (rv < 0) goto punt; - - /* Remove user from group if it's a direct member */ - rv = nsadbRemUserFromGroup(errp, authdb, goptr, uoptr); - if (rv < 0) goto punt; - - /* Free the group object */ - groupFree(goptr); - goptr = 0; - - ++list; - } - } - -#ifdef CLIENT_AUTH - /* Remove certificate mapping for user, if any */ - rv = nsadbRemoveUserCert(errp, authdb, name); -#endif - - /* Free the user object */ - userFree(uoptr); - - /* Now we can remove the user entry */ - rv = userRemove(errp, adb->adb_userdb, 0, (NTS_t)name); - - return rv; - - err_nouser: - eid = NSAUERR4000; - rv = NSAERRNAME; - nserrGenerate(errp, rv, eid, NSAuth_Program, 2, adb->adb_dbname, name); - goto punt; - - punt: - if (goptr != 0) { - groupFree(goptr); - } - if (uoptr != 0) { - userFree(uoptr); - } - return rv; -} - -/* - * Description (nsadbRemGroupFromGroup) - * - * This function removes a given group C from a parent group P. - * The group C must be a direct member of the group P. However, - * group C may also be a member of one or more of P's ancestor or - * descendant groups, and this function deals with that. The - * group entries for C and P are updated in the group database. - * But the real work is updating the groups lists of all of the - * users contained in C. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * pgoptr - pointer to parent group object - * cgoptr - pointer to child group object - * - * Returns: - * - * The return value is zero if group C was a direct member of - * group P, and was removed successfully. A return value of +1 - * indicates that group C was not a direct member of the group P. - * A negative return value indicates an error. - */ - -NSAPI_PUBLIC int nsadbRemGroupFromGroup(NSErr_t * errp, void * authdb, - GroupObj_t * pgoptr, GroupObj_t * cgoptr) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - USIList_t dglist; /* list of descendant groups of C */ - GroupObj_t * dgoptr; /* descendant group object pointer */ - UserObj_t * uoptr; /* user object pointer */ - USI_t * gidlist; /* pointer to group id array */ - USI_t * userlist; /* pointer to array of descendant user ids */ - USI_t dgid; /* descendant group id */ - int iusr; /* index on descendant user list */ - int usercnt; /* count of descendant users */ - int igrp; /* index of group in user group id list */ - int rv; /* result value */ - - dgoptr = 0; - uoptr = 0; - - /* Initialize a list of descendant groups of C */ - UILINIT(&dglist); - - /* Is group C a direct member of group P? */ - if (!usiPresent(&pgoptr->go_groups, cgoptr->go_gid)) { - - /* No, nothing to do */ - return 1; - } - - /* Remove group C from group P's group member list */ - rv = usiRemove(&pgoptr->go_groups, cgoptr->go_gid); - if (rv < 0) goto punt; - - /* Remove group P from group C's parent group list */ - rv = usiRemove(&cgoptr->go_pgroups, pgoptr->go_gid); - if (rv < 0) goto punt; - - /* Open user database since the group lists of users may be modified */ - rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE); - if (rv < 0) goto punt; - - /* Open group database since group entries will be modified */ - rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE); - if (rv < 0) goto punt; - - /* Write out the updated group C object */ - cgoptr->go_flags |= GOF_MODIFIED; - rv = groupStore(errp, adb->adb_groupdb, 0, cgoptr); - if (rv) goto punt; - - /* Write out the updated group P object */ - pgoptr->go_flags |= GOF_MODIFIED; - rv = groupStore(errp, adb->adb_groupdb, 0, pgoptr); - if (rv) goto punt; - - /* Now check the group lists of all users contained in group C */ - dgoptr = cgoptr; - dgid = cgoptr->go_gid; - - for (;;) { - - /* Scan the direct user members of this descendant group */ - usercnt = UILCOUNT(&dgoptr->go_users); - userlist = UILLIST(&dgoptr->go_users); - - for (iusr = 0; iusr < usercnt; ++iusr) { - - /* Get a user object for this user member */ - uoptr = userFindByUid(errp, adb->adb_userdb, userlist[iusr]); - if (uoptr == 0) { - /* Error - user id not found, databases are inconsistent */ - rv = -1; - goto punt; - } - - /* Scan the group list for this user */ - for (igrp = 0; igrp < UILCOUNT(&uoptr->uo_groups); ) { - - gidlist = UILLIST(&uoptr->uo_groups); - - /* Is the user a member of this group? */ - if (nsadbIsUserInGroup(errp, authdb, - uoptr->uo_uid, gidlist[igrp], - igrp, gidlist)) { - - /* Yes, step to next group id */ - ++igrp; - } - else { - /* - * No, remove it from the user's list of groups. The - * next group id to consider will be shifted into the - * igrp position when the current id is removed. - */ - rv = usiRemove(&uoptr->uo_groups, gidlist[igrp]); - if (rv < 0) goto punt; - uoptr->uo_flags |= UOF_MODIFIED; - } - } - - /* Write out the user object if it was changed */ - if (uoptr->uo_flags & UOF_MODIFIED) { - rv = userStore(errp, adb->adb_userdb, 0, uoptr); - if (rv < 0) goto punt; - } - - /* Free the user object */ - userFree(uoptr); - uoptr = 0; - } - - /* - * Merge the direct member groups of this group into the - * descendants list. - */ - rv = uilMerge(&dglist, &dgoptr->go_groups); - if (rv < 0) goto punt; - - /* Free this descendant group object */ - if (dgoptr != cgoptr) { - groupFree(dgoptr); - dgoptr = 0; - } - - /* If the descendants list is empty, we're done */ - if (UILCOUNT(&dglist) <= 0) break; - - /* Remove the next group id from the descendants list */ - gidlist = UILLIST(&dglist); - dgid = gidlist[0]; - rv = usiRemove(&dglist, dgid); - if (rv < 0) goto punt; - - /* Get a group object for this descendant group */ - dgoptr = groupFindByGid(errp, adb->adb_groupdb, dgid); - if (dgoptr == 0) { - /* Error - group id not found, databases are inconsistent */ - rv = -1; - goto punt; - } - } - - UILFREE(&dglist); - return 0; - - punt: - if (dgoptr) { - groupFree(dgoptr); - } - if (uoptr) { - userFree(uoptr); - } - UILFREE(&dglist); - return rv; -} - -/* - * Description (nsadbRemUserFromGroup) - * - * This function removes a given user from a specified group G. - * The user must be a direct member of the group. However, the - * user may also be a member of one or more of G's descendant - * groups, and this function deals with that. The group entry - * for G is updated in the group database, with the user removed - * from its user member list. The user entry is updated in the - * user database, with an updated list of all groups which now - * contain the user. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * goptr - pointer to group object - * uoptr - pointer to user object - * - * Returns: - * - * The return value is zero if the user was a direct member of the - * group, and was removed successfully. A return value of +1 - * indicates that the user was not a direct member of the - * group. A negative return value indicates an error. - */ - -NSAPI_PUBLIC int nsadbRemUserFromGroup(NSErr_t * errp, void * authdb, - GroupObj_t * goptr, UserObj_t * uoptr) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - USI_t * idlist; /* pointer to user group id array */ - USI_t tgid; /* test group id */ - int igrp; /* position in user group list */ - int rv; /* result value */ - - /* Is the user a direct member of the group? */ - if (!usiPresent(&goptr->go_users, uoptr->uo_uid)) { - - /* No, nothing to do */ - return 1; - } - - /* Remove the user from the group's user member list */ - rv = usiRemove(&goptr->go_users, uoptr->uo_uid); - if (rv < 0) goto punt; - - /* If the user object is pending deletion, no need to open databases */ - if (!(uoptr->uo_flags & UOF_DELPEND)) { - - /* - * Open user database since the group list of the user - * will be modified. - */ - rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE); - if (rv < 0) goto punt; - - /* Open group database since group entries will be modified */ - rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE); - if (rv < 0) goto punt; - } - - /* - * Write out the updated group object. This must be done here - * because nsadbIsUserInGroup() in the loop below will read the - * entry for this group, and it needs to reflect the user's - * removal from being a direct member of the group. This does - * not preclude the possibility that the user will still be an - * indirect member of this group. - */ - goptr->go_flags |= GOF_MODIFIED; - rv = groupStore(errp, adb->adb_groupdb, 0, goptr); - if (rv) goto punt; - - /* If a delete is pending on the user, we're done */ - if (uoptr->uo_flags & UOF_DELPEND) goto punt; - - /* - * Begin loop to check whether user is still a member of each - * of the groups in its group list. Note that the group list - * may shrink during an iteration of the loop. - */ - - for (igrp = 0; igrp < UILCOUNT(&uoptr->uo_groups); ) { - - /* Get pointer to the user's array of group ids */ - idlist = UILLIST(&uoptr->uo_groups); - - /* Get the group id of the next group to consider */ - tgid = idlist[igrp]; - - /* Is the user a member of this group? */ - if (nsadbIsUserInGroup(errp, authdb, - uoptr->uo_uid, tgid, igrp, idlist)) { - - /* Yes, step to next group id */ - ++igrp; - } - else { - - /* - * No, remove it from the user's list of groups. The - * next group id to consider will be shifted into the - * igrp position when the current id is removed. - */ - rv = usiRemove(&uoptr->uo_groups, tgid); - if (rv < 0) goto punt; - } - } - - /* Write out the updated user object */ - uoptr->uo_flags |= UOF_MODIFIED; - rv = userStore(errp, adb->adb_userdb, 0, uoptr); - - punt: - return rv; -} - -/* - * Description (nsadbSuperGroups) - * - * This function builds a list of the group ids for all groups - * which contain, directly or indirectly, a specified group as - * a subgroup. We call these the supergroups of the specified - * group. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle for authentication databases - * goptr - pointer to group object - * gsuper - pointer to list to contain supergroups - * (caller must initialize) - * - * Returns: - * - * Returns the number of elements in gsuper if successful. An - * error is indicated by a negative return value. - */ - -NSAPI_PUBLIC int nsadbSuperGroups(NSErr_t * errp, void * authdb, - GroupObj_t * goptr, USIList_t * gsuper) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - USIList_t aglist; /* ancestor group id list */ - GroupObj_t * aoptr; /* ancestor group object pointer */ - USI_t * idlist; /* pointer to array of group ids */ - USI_t id; /* current group id */ - int rv; /* result value */ - - /* Initialize an empty ancestor group list */ - UILINIT(&aglist); - - /* Enter loop with specified group as first ancestor */ - id = goptr->go_gid; - aoptr = goptr; - - /* Open group database for read access */ - rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD); - if (rv < 0) goto punt; - - /* Loop until the ancestor list is empty */ - for (;;) { - - /* Merge parent groups of current ancestor into ancestor list */ - rv = uilMerge(&aglist, &aoptr->go_pgroups); - if (rv < 0) goto punt; - - /* Also merge parent groups into the result list */ - rv = uilMerge(gsuper, &aoptr->go_pgroups); - if (rv < 0) goto punt; - - /* Free the ancestor group object (but not the original) */ - if (aoptr != goptr) { - groupFree(aoptr); - aoptr = 0; - } - - /* Exit the loop if the ancestor list is empty */ - if (UILCOUNT(&aglist) <= 0) break; - - /* Get pointer to array of ancestor group ids */ - idlist = UILLIST(&aglist); - - /* Remove the first ancestor */ - id = idlist[0]; - rv = usiRemove(&aglist, id); - - /* Get a group object for the ancestor */ - aoptr = groupFindByGid(errp, adb->adb_groupdb, id); - if (aoptr == 0) { - /* Error - group not found, database inconsistent */ - rv = -1; - goto punt; - } - } - - return UILCOUNT(gsuper); - - punt: - /* Handle error */ - - /* Free ancestor list */ - UILFREE(&aglist); - - return rv; -} - -NSPR_END_EXTERN_C - diff --git a/lib/libaccess/nscert.cpp b/lib/libaccess/nscert.cpp deleted file mode 100644 index c73cc035..00000000 --- a/lib/libaccess/nscert.cpp +++ /dev/null @@ -1,963 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -/* - * Description (nsadb.c) - * - * This module contains routines for accessing and storing information - * in a Netscape client certificate to username database. This - * database is used to associate a username with a client certificate - * that is presented to a server. - */ - -#if defined(CLIENT_AUTH) - -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <base/systems.h> -#include <netsite.h> -#include <base/file.h> -#include <base/fsmutex.h> -#include <libaccess/nsdbmgmt.h> -#define __PRIVATE_NSADB -#include <libaccess/nsadb.h> -#include <libaccess/nsamgmt.h> - -static FSMUTEX nscert_lock = 0; - -NSAPI_PUBLIC int nsadbCertInitialize(void) -{ -#ifdef XP_UNIX - nscert_lock = fsmutex_init("NSCERTMAP", geteuid(), - FSMUTEX_VISIBLE|FSMUTEX_NEEDCRIT); -#else /* XP_WIN32 */ - char winuser[128]; - DWORD wulength; - strcpy(winuser, "NSCERTMAP_"); - wulength = 128 - 11; - GetUserName(winuser+10, &wulength); - nscert_lock = fsmutex_init(winuser, 0, - FSMUTEX_VISIBLE|FSMUTEX_NEEDCRIT); -#endif - return (nscert_lock == 0) ? -1 : 0; -} - -NSAPI_PUBLIC int nsadbDecodeCertRec(int reclen, char * recptr, - CertObj_t * coptr) -{ - ATR_t cp = (ATR_t)recptr; /* current pointer into record */ - USI_t tag; /* attribute tag */ - USI_t len; /* attribute value encoding length */ - - /* Parse user DB record */ - while ((cp - (ATR_t)recptr) < reclen) { - - /* Get the attribute tag */ - cp = USIDECODE(cp, &tag); - - /* Get the length of the encoding of the attribute value */ - cp = USIDECODE(cp, &len); - - /* Process this attribute */ - switch (tag) { - - case CAT_USERNAME: /* username associated with cert */ - cp = NTSDECODE(cp, (NTS_t *)&coptr->co_username); - break; - - case CAT_CERTID: /* certificate-to-user map id */ - cp = USIDECODE(cp, &coptr->co_certid); - break; - - default: /* unrecognized attribute */ - /* Just skip it */ - cp += len; - break; - } - } - - return 0; -} - -/* - * Description (nsadbDecodeCertKey) - * - * This function decodes information from a certificate key. - * Currently a certificate key includes the DER encoding of the - * issuer and subject distinguished names. This is used to - * uniquely identify client certificates, even across certificate - * renewals. SECItems for the issuer and subject are provided - * by the caller. These are updated with the pointers and lengths - * of DER encodings, which can be decoded using nsadbDecodeCertName() - * into SECName structures. The returned SECItems refer to data - * in the provided key buffer. - * - * Arguments: - * - * keylen - length of the certificate key encoding - * keyptr - buffer containing certificate key encoding - * issuer - pointer to SECItem for returning issuer - * subject - pointer to SECItem for returning subject - * - * Returns: - * - * Zero is returned if no errors are encountered. Otherwise -1. - */ - -NSAPI_PUBLIC int nsadbDecodeCertKey(int keylen, char * keyptr, - SECItem * issuer, SECItem * subject) -{ - ATR_t cp = (ATR_t)keyptr; /* current pointer into DB record */ - USI_t len; /* attribute value encoding length */ - USI_t tag; /* attribute tag */ - - /* Parse user DB record */ - while ((cp - (ATR_t)keyptr) < keylen) { - - /* Get the attribute tag */ - cp = USIDECODE(cp, &tag); - - /* Get the length of the encoding of the attribute value */ - cp = USIDECODE(cp, &len); - - /* Process this attribute */ - switch (tag) { - - case KAT_ISSUER: /* issuer DER encoding */ - issuer->len = len; - issuer->data = cp; - cp += len; - break; - - case KAT_SUBJECT: /* subject name DER encoding */ - subject->len = len; - subject->data = cp; - cp += len; - break; - - default: /* unrecognized attribute */ - /* Just skip it */ - cp += len; - break; - } - } - - return 0; -} - -/* - * Description (nsadbEncodeCertKey) - * - * This function encodes information provided by the caller into - * a certificate key. The certificate key is returned in a - * buffer obtained from MALLOC(). - * - * Arguments: - * - * issuer - pointer to SECItem for issuer DER - * subject - pointer to SECItem for subject DER - * keylen - returned length of certificate key - * keyptr - returned pointer to buffer containing - * certificate key encoding - * - * Returns: - * - * Zero is returned if no errors are encountered. Otherwise -1. - */ - -NSAPI_PUBLIC int nsadbEncodeCertKey(SECItem * issuer, SECItem * subject, - int * keylen, char **keyptr) -{ - ATR_t cp; /* pointer into key buffer */ - ATR_t kptr; /* pointer to key buffer */ - int klen; /* length of key */ - int rv = -1; - - /* Compute length of key encoding */ - klen = 1 + USILENGTH(issuer->len) + issuer->len + - 1 + USILENGTH(subject->len) + subject->len; - - /* Allocate buffer to contain the key */ - kptr = (ATR_t)MALLOC(klen); - if (kptr) { - /* Encode issuer and subject as attributes */ - cp = kptr; - *cp++ = KAT_ISSUER; - cp = USIENCODE(cp, issuer->len); - memcpy(cp, issuer->data, issuer->len); - cp += issuer->len; - *cp++ = KAT_SUBJECT; - cp = USIENCODE(cp, subject->len); - memcpy(cp, subject->data, subject->len); - rv = 0; - } - - /* Return length and buffer pointer */ - if (keylen) *keylen = klen; - *keyptr = (char *)kptr; - - return rv; -} - -/* - * Description (nsadbEnumCertsHelp) - * - * This is a local function that is called by NSDB during certificate - * to user database enumeration. It decodes certificate records into - * CertObj_t structures, and presents them to the caller of - * nsadbEnumerateCerts(), via the specified call-back function. - * The call-back function return value may be a negative error code, - * which will cause enumeration to stop, and the error code will be - * returned from nsadbEnumerateCerts(). If the return value of the - * call-back function is not negative, it can contain one or more of - * the following flags: - * - * ADBF_KEEPOBJ - do not free the CertObj_t structure - * that was passed to the call-back function - * ADBF_STOPENUM - stop the enumeration without an error - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * parg - pointer to CertEnumArgs_t structure - * keylen - certificate record key length - * keyptr - certificate record key - * reclen - length of certificate record - * recptr - pointer to certificate record contents - * - * Returns: - * - * If the call-back returns a negative result, that value is - * returned. If the call-back returns ADBF_STOPENUM, then - * -1 is returned, causing the enumeration to stop. Otherwise - * the return value is zero. - */ - -typedef struct CertEnumArgs_s CertEnumArgs_t; -struct CertEnumArgs_s { - int rv; /* just a return value */ - void * client; /* the current key for lookup */ - void * authdb; /* the authentication data base */ - CertEnumCallback func; /* client's callback function */ -}; - -static int nsadbEnumCertsHelp(NSErr_t * errp, void * parg, - int keylen, char * keyptr, - int reclen, char * recptr) -{ - CertEnumArgs_t * ce = (CertEnumArgs_t *)parg; - CertObj_t * coptr; - int rv = NSAERRNOMEM; - - /* Allocate a CertObj_t structure and initialize it */ - coptr = (CertObj_t *)MALLOC(sizeof(CertObj_t)); - if (coptr) { - - coptr->co_issuer.data = 0; - coptr->co_subject.data = 0; - coptr->co_username = 0; - coptr->co_certid = 0; - - /* Decode the certificate key */ - rv = nsadbDecodeCertKey(keylen, keyptr, - &coptr->co_issuer, &coptr->co_subject); - - /* Decode the certificate record */ - rv = nsadbDecodeCertRec(reclen, recptr, coptr); - - /* Pass the CertObj_t to the callback function */ - rv = (*ce->func)(errp, ce->authdb, ce->client, coptr); - if (rv >= 0) { - - /* Count the number of records seen */ - ce->rv += 1; - - /* Free the user object unless the call-back says not to */ - if (!(rv & ADBF_KEEPOBJ)) { - nsadbFreeCertObj(coptr); - } - /* Return either 0 or -1, depending on ADBF_STOPENUM */ - rv = (rv & ADBF_STOPENUM) ? -1 : 0; - } - else { - /* return the error code */ - ce->rv = rv; - } - } - - return rv; -} - -/* - * Description (nsadbEnumerateClients) - * - * (See description for nsadbEnumerateUsers) - */ - -NSAPI_PUBLIC int nsadbEnumerateCerts(NSErr_t * errp, void * authdb, - void * argp, CertEnumCallback func) -{ - AuthDB_t * adb = (AuthDB_t*)authdb; - CertEnumArgs_t helper_data; - int rv; - - /* Open the certificate subdatabase for read access */ - rv = nsadbOpenCerts(errp, authdb, ADBF_CREAD); - if (rv >= 0) { - helper_data.authdb = authdb; - helper_data.func = func; - helper_data.client = argp; - helper_data.rv = 0; - - rv = ndbEnumerate(errp, adb->adb_certdb, NDBF_ENUMNORM, - (void*)&helper_data, nsadbEnumCertsHelp); - } - - return (rv < 0) ? rv: helper_data.rv; -} - -NSAPI_PUBLIC void nsadbFreeCertObj(CertObj_t * coptr) -{ - if (coptr) { - FREE(coptr->co_username); - FREE(coptr); - } -} - -NSAPI_PUBLIC int nsadbGetCertById(NSErr_t * errp, void * authdb, - USI_t certid, CertObj_t **coptr) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - CertObj_t * cop = 0; - char * keyptr; - char * recptr; - int keylen; - int reclen; - int rv; - - rv = nsadbOpenCerts(errp, authdb, ADBF_CREAD); - if (rv < 0) goto punt; - - /* Get the name corresponding to the id */ - rv = ndbIdToName(errp, adb->adb_certdb, certid, &keylen, &keyptr); - if (rv < 0) goto punt; - - rv = ndbFindName(errp, adb->adb_certdb, - keylen, keyptr, &reclen, &recptr); - if (rv < 0) goto punt; - - /* Allocate a CertObj_t structure and initialize it */ - cop = (CertObj_t *)MALLOC(sizeof(CertObj_t)); - if (cop) { - - cop->co_issuer.data = 0; - cop->co_subject.data = 0; - cop->co_username = 0; - cop->co_certid = 0; - - /* Decode the certificate key */ - rv = nsadbDecodeCertKey(keylen, keyptr, - &cop->co_issuer, &cop->co_subject); - - /* Decode the certificate record */ - rv = nsadbDecodeCertRec(reclen, recptr, cop); - - } - - punt: - if (coptr) *coptr = cop; - return rv; -} - -/* - * Description (nsadbGetUserByCert) - * - * This function looks up a specified client certificate in the - * authentication database. It returns a pointer to the username - * associated with the client certificate, if any. The username - * buffer remains valid until the authentication database is - * closed. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle returned by nsadbOpen() - * cert - pointer to client certificate - * username - pointer to returned user name (or null) - * - * Returns: - * - * The return value will be zero if the certificate is found. Also, - * *username will be set to the string value of the associated username - * iff username is not null. - */ - -NSAPI_PUBLIC int nsadbGetUserByCert(NSErr_t * errp, void * authdb, - CERTCertificate * cert, char **username) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - ATR_t cp; /* current pointer into DB record */ - char * user = 0; /* pointer to username */ - char * keyptr = 0; /* pointer to cert key */ - char * recptr; /* pointer to cert db record */ - int keylen; /* length of cert key */ - int reclen; /* length of cert db record */ - USI_t tag; /* attribute tag */ - USI_t len; /* attribute value encoding length */ - int rv; - - /* Construct the record key from the certificate */ - rv = nsadbEncodeCertKey(&cert->derIssuer, &cert->derSubject, - &keylen, &keyptr); - - if (adb->adb_certdb == NULL) { - rv = nsadbOpenCerts(errp, authdb, ADBF_CREAD); - if (rv < 0) goto punt; - } - - rv = ndbFindName(errp, adb->adb_certdb, - keylen, keyptr, &reclen, &recptr); - if (rv < 0) goto punt; - - /* Parse cert DB record */ - cp = (ATR_t)recptr; - - while ((cp - (ATR_t)recptr) < reclen) { - - /* Get the attribute tag */ - cp = USIDECODE(cp, &tag); - - /* Get the length of the encoding of the attribute value */ - cp = USIDECODE(cp, &len); - - /* We want the CAT_USERNAME attribute */ - if (tag == CAT_USERNAME) { - - /* Get the username associated with the cert */ - user = (char *)cp; - break; - } - - /* Just skip other attributes */ - cp += len; - } - - punt: - if (keyptr) { - FREE(keyptr); - } - if (username) *username = user; - return rv; -} - -/* - * Description (see description for nsadbOpenUsers) - */ - -int nsadbOpenCerts(NSErr_t * errp, void * authdb, int flags) -{ - AuthDB_t *adb = (AuthDB_t*)authdb; - char *dbname = NULL; /* user database name */ - int dblen; /* strlen(adb_dbname) */ - int version; /* database version */ - int eid; /* error id code */ - int rv; /* result value */ - - if (adb == NULL) goto err_inval; - - /* Is the user database already open? */ - if (adb->adb_certdb != 0) { - - /* Yes, is it open for the desired access? */ - if (adb->adb_flags & flags) { - - /* Yes, that was easy */ - return 0; - } - } - else { - /* Allocate space for the user database filename */ - dblen = strlen(adb->adb_dbname); - - dbname = (char *)MALLOC(dblen + strlen(ADBCERTDBNAME) + 2); - if (dbname == 0) goto err_nomem; - - /* Construct user database name */ - strcpy(dbname, adb->adb_dbname); - - /* Put in a '/' (or '\') if it's not there */ - if (dbname[dblen-1] != FILE_PATHSEP) { - dbname[dblen] = FILE_PATHSEP; - dbname[dblen+1] = 0; - ++dblen; - } - - strcpy(&dbname[dblen], ADBCERTDBNAME); - - if (nscert_lock == 0) { - rv = nsadbCertInitialize(); - if (rv < 0) goto err_lock; - } - adb->adb_certlock = nscert_lock; - if (adb->adb_certlock == 0) goto punt; - - fsmutex_lock((FSMUTEX)(adb->adb_certlock)); - - adb->adb_certdb = ndbOpen(errp, - dbname, 0, NDB_TYPE_CLIENTDB, &version); - if (adb->adb_certdb == 0) { - fsmutex_unlock((FSMUTEX)(adb->adb_certlock)); - goto err_open; - } - } - - /* - * We don't really reopen the database to get the desired - * access mode, since that is handled at the nsdb level. - * But we do update the flags, just for the record. - */ - adb->adb_flags &= ~(ADBF_CREAD|ADBF_CWRITE); - if (flags & ADBF_CWRITE) adb->adb_flags |= ADBF_CWRITE; - else adb->adb_flags |= ADBF_CREAD; - rv = 0; - - punt: - if (dbname != NULL) FREE(dbname); - return rv; - - err_inval: - eid = NSAUERR3400; - rv = NSAERRINVAL; - goto err_ret; - - err_nomem: - eid = NSAUERR3420; - rv = NSAERRNOMEM; - goto err_ret; - - err_lock: - eid = NSAUERR3430; - rv = NSAERRLOCK; - goto err_ret; - - err_open: - eid = NSAUERR3440; - rv = NSAERROPEN; - - err_ret: - nserrGenerate(errp, rv, eid, NSAuth_Program, 1, dbname); - goto punt; - -} - -NSAPI_PUBLIC void nsadbCloseCerts(void * authdb, int flags) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - - if (adb->adb_certnm != 0) { - /* Close the username-to-certid database */ - nsadbCloseCertUsers(authdb, flags); - } - - if (adb->adb_certdb != 0) { - - ndbClose(adb->adb_certdb, 0); - adb->adb_certdb = 0; - - /* - * A lock is held for the certificate map DB as long as it is - * open, so release the lock now. - */ - fsmutex_unlock((FSMUTEX)(adb->adb_certlock)); - } -} - -/* - * Description (nsadbOpenCertUsers) - * - * This function opens a database that maps user names to client - * certificates. The database appears as "Certs.nm" in the - * authentication database directory. This function requires - * that the primary certificate database be opened (Certs.db) - * first, and will open it if necessary, acquiring a global - * lock in the process. The lock will not be released until - * nsadbCloseCerts() or nsadbClose() is called. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle returned by nsadbOpen() - * flags - same as nsadbOpenCerts() - * - * Returns: - * - * The return value is zero if the operation is successful. - * Otherwise a negative error code is returned. - */ - -NSAPI_PUBLIC int nsadbOpenCertUsers(NSErr_t * errp, void * authdb, int flags) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - char * dbname = 0; - int dblen; - int oflags = O_RDONLY; /* assume read-only access */ - int eid; - int rv; - - /* The primary certificate mapping database must be open first */ - if (adb->adb_certdb != 0) { - - /* It's open, but is it read-only when we need write? */ - if (((flags & adb->adb_flags) == 0) && (flags & ADBF_CWRITE)) { - - /* Yes, close it */ - nsadbCloseCerts(authdb, 0); - } - } - - /* Open it for the desired access if necessary */ - if (adb->adb_certdb == 0) { - /* - * Open it for the desired access. Note that this acquires - * a global lock which is not released until nsadbClose() is - * called for the entire authentication database. - */ - rv = nsadbOpenCerts(errp, authdb, flags); - if (rv < 0) { - /* Go no further if that failed */ - return rv; - } - } - - /* Now look at the username-to-certid database in particular */ - if (adb->adb_certnm && (adb->adb_flags & flags)) { - - /* The database is already open for the desired access */ - return 0; - } - - dblen = strlen(adb->adb_dbname); - dbname = (char *)MALLOC(dblen + strlen(ADBUMAPDBNAME) + 2); - strcpy(dbname, adb->adb_dbname); - if (dbname[dblen-1] != FILE_PATHSEP) { - dbname[dblen] = FILE_PATHSEP; - dbname[++dblen] = 0; - } - strcpy(&dbname[dblen], ADBUMAPDBNAME); - - /* Check for write access and set open flags appropriately if so */ - if (flags & ADBF_CWRITE) { - oflags = O_CREAT|O_RDWR; - } - - /* Open the username-to-certid database */ -// adb->adb_certnm = dbopen(dbname, oflags, 0644, DB_HASH, 0); - adb->adb_certnm = 0; - if (adb->adb_certnm == 0) goto err_open; - - punt: - FREE(dbname); - - return rv; - - err_open: - eid = NSAUERR3600; - rv = NSAERROPEN; - nserrGenerate(errp, rv, eid, NSAuth_Program, 1, dbname); - goto punt; -} - -/* - * Description (nsadbFindCertUser) - * - * This function checks to see whether a client certificate is - * registered for a specified user name. If so, it returns the - * certificate mapping id (for use with nsadbGetCertById()). - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle returned by nsadbOpen() - * username - pointer to user name string - * id - pointer to returned certificate mapping id - * - * Returns: - * - * If a certificate is registered for the specified user, the return - * value is zero and the certificate mapping id is returned via 'id'. - * Otherwise the return value is a negative error code (nsautherr.h) - * and an error frame is generated if an error frame list is provided. - */ - -NSAPI_PUBLIC int nsadbFindCertUser(NSErr_t * errp, void * authdb, - const char * username, USI_t * id) -{ - int eid; - int rv; - eid = NSAUERR3700; - rv = NSAERRNAME; - nserrGenerate(errp, rv, eid, NSAuth_Program, 0); - return rv; -} - -/* - * Description (nsadbAddCertUser) - * - * This function adds an entry to the username-to-cert id database, - * with a given username and certificate mapping id. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle returned by nsadbOpen() - * username - pointer to user name string - * id - certificate mapping id - * - * Returns: - * - * If the entry is added successfully, the return value is zero. - * Otherwise the return value is a negative error code (nsautherr.h) - * and an error frame is generated if an error frame list is provided. - */ - -NSAPI_PUBLIC int nsadbAddCertUser(NSErr_t * errp, void * authdb, - const char * username, USI_t id) -{ - /* Need to be ported on NSS 3.2 */ - int eid; - int rv; - - eid = NSAUERR3800; - rv = NSAERRPUT; - nserrGenerate(errp, rv, eid, NSAuth_Program, 0); - return rv; -} - -NSAPI_PUBLIC int nsadbRemoveCertUser(NSErr_t * errp, void * authdb, - char * username) -{ - /* Need to be ported on NSS 3.2 */ - int eid; - int rv; - - eid = NSAUERR3800; - rv = NSAERRPUT; - nserrGenerate(errp, rv, eid, NSAuth_Program, 0); - return rv; -} - -NSAPI_PUBLIC void nsadbCloseCertUsers(void * authdb, int flags) -{ - /* Need to be ported on NSS 3.2 */ -} - -/* - * Description (nsadbPutUserByCert) - * - * This function looks up a stores a client certificate mapping - * in the authentication database along with the associated username. - * It assumes that a record with the specified certificate key does - * not already exist, and will replace it if it does. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * authdb - handle returned by nsadbOpen() - * certLen - length of the certificate key - * cert - certificate key pointer - * user - username to be associated with the - * certificate - * - * Returns: - * - */ - -NSAPI_PUBLIC int nsadbPutUserByCert(NSErr_t * errp, void * authdb, - CERTCertificate * cert, - const char * username) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - ATR_t cp; /* pointer into cert record contents */ - char * keyptr = 0; /* pointer to cert record key */ - char * recptr = 0; /* pointer to cert record contents */ - int keylen; /* length of cert record key */ - int reclen; /* length of cert record contents */ - USI_t certid; - int usrlen; - int certidlen; - int eid; - int rv; - - /* Construct the record key from the certificate */ - rv = nsadbEncodeCertKey(&cert->derIssuer, &cert->derSubject, - &keylen, &keyptr); - - /* Open the username-to-cert id database for write */ - rv = nsadbOpenCertUsers(errp, authdb, ADBF_CWRITE); - if (rv) goto punt; - - /* If the username is already mapped to a cert, it's an error */ - certid = 0; - rv = nsadbFindCertUser(errp, authdb, username, &certid); - if (rv == 0) goto err_map; - - /* - * Allocate a certificate id and write a record mapping this id - * to the specified certificate key. - */ - certid = 0; - rv = ndbAllocId(errp, adb->adb_certdb, keylen, keyptr, &certid); - if (rv) goto punt; - - /* Record the username as being mapped to the allocated cert id */ - rv = nsadbAddCertUser(errp, authdb, username, certid); - if (rv < 0) goto punt; - - nsadbCloseCertUsers(authdb, 0); - - /* - * First we need to figure out how long the generated record will be. - * This doesn't have to be exact, but it must not be smaller than the - * actual record size. - */ - - /* CAT_USERNAME attribute: tag, length, NTS */ - usrlen = NTSLENGTH(username); - if (usrlen > 127) goto err_user; - reclen = 2 + usrlen; - - /* CAT_CERTID attribute: tag, length, USI */ - certidlen = USILENGTH(certid); - reclen += 2 + certidlen; - - /* Allocate the attribute record buffer */ - recptr = (char *)MALLOC(reclen); - if (recptr) { - - cp = (ATR_t)recptr; - - /* Encode CAT_USERNAME attribute */ - *cp++ = CAT_USERNAME; - *cp++ = usrlen; - cp = NTSENCODE(cp, (NTS_t)username); - - /* Encode CAT_CERTID attribute */ - *cp++ = CAT_CERTID; - *cp++ = certidlen; - cp = USIENCODE(cp, certid); - } - - /* Store the record in the database under the certificate key */ - rv = ndbStoreName(errp, adb->adb_certdb, - 0, keylen, keyptr, reclen, recptr); - - punt: - if (keyptr) { - FREE(keyptr); - } - if (recptr) { - FREE(recptr); - } - - return rv; - - err_user: - eid = NSAUERR3500; - rv = NSAERRINVAL; - nserrGenerate(errp, rv, eid, NSAuth_Program, 1, adb->adb_dbname); - goto punt; - - err_map: - eid = NSAUERR3520; - rv = NSAERRCMAP; - nsadbCloseCertUsers(authdb, 0); - nserrGenerate(errp, rv, eid, NSAuth_Program, 1, adb->adb_dbname); - goto punt; -} - -NSAPI_PUBLIC int nsadbRemoveCert(NSErr_t * errp, void * authdb, - void * username, CertObj_t * coptr) -{ - AuthDB_t * adb = (AuthDB_t *)authdb; - char * keyptr = 0; /* pointer to cert record key */ - int keylen; /* length of cert record key */ - int rv; - int rv2; - - /* If a username is specified, require it to match */ - if (username && strcmp((char *)username, coptr->co_username)) { - return 0; - } - - /* Construct the record key from the certificate */ - rv = nsadbEncodeCertKey(&coptr->co_issuer, &coptr->co_subject, - &keylen, &keyptr); - - if (adb->adb_certdb == NULL) { - rv = nsadbOpenCerts(errp, authdb, ADBF_CWRITE); - if (rv < 0) goto punt; - } - - /* Remove the username-to-cert id entry from Certs.nm */ - rv = nsadbOpenCertUsers(errp, authdb, ADBF_CWRITE); - if (rv < 0) goto punt; - rv = nsadbRemoveCertUser(errp, authdb, coptr->co_username); - nsadbCloseCertUsers(authdb, 0); - - /* Free the cert id value, if any */ - rv = 0; - if (coptr->co_certid != 0) { - rv = ndbFreeId(errp, adb->adb_certdb, - keylen, keyptr, coptr->co_certid); - } - - /* Delete the cert record */ - rv2 = ndbDeleteName(errp, adb->adb_certdb, 0, keylen, keyptr); - - punt: - if (keyptr) { - FREE(keyptr); - } - return (rv) ? rv : rv2; -} - -NSAPI_PUBLIC int nsadbRemoveUserCert(NSErr_t * errp, - void * authdb, char * username) -{ - CertObj_t * coptr = 0; - USI_t certid = 0; - int rv; - - /* - * Open for read access at first. We don't want to create the - * database if it's not already there. This will do nothing - * if the database is already open for write, since that implies - * read access as well. - */ - rv = nsadbOpenCertUsers(errp, authdb, ADBF_CREAD); - if (rv < 0) goto punt; - - /* Find a certificate mapping id for the given username */ - rv = nsadbFindCertUser(errp, authdb, username, &certid); - if (rv < 0) goto punt; - - /* Look up the mapping from the mapping id */ - rv = nsadbGetCertById(errp, authdb, certid, &coptr); - if (rv < 0) goto punt; - - /* It's there, so remove it. This will re-open for write if needed. */ - rv = nsadbRemoveCert(errp, authdb, (void *)username, coptr); - - punt: - - if (coptr != 0) { - nsadbFreeCertObj(coptr); - } - - return rv; -} - -#endif /* defined(CLIENT_AUTH) */ diff --git a/lib/libaccess/nsdb.cpp b/lib/libaccess/nsdb.cpp deleted file mode 100644 index 0dd0d112..00000000 --- a/lib/libaccess/nsdb.cpp +++ /dev/null @@ -1,836 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * Description (nsdb.c) - * - * This provides access to a Netscape server database. - * A server database is composed of two (libdbm) DB files. One - * of these (<dbname>.db) contains records indexed by a string - * key. These records contain the primary information in the - * database. A second DB file (<dbname>.id) is used to map an - * integer id value to a string key, which can then be used to - * locate a record in the first file. - * - * Normally the records in the primary DB file will contain the - * id values which are used to key the id-to-name DB. When this - * is the case, it is possible to construct the id-to-name DB from - * the primary DB file, and an interface is provided to facilitate - * this. - */ - -#include <stdio.h> -#include <base/systems.h> -#include <netsite.h> -#include <base/file.h> -#define __PRIVATE_NSDB -#include <libaccess/nsdb.h> - -#include <errno.h> - -#define NDBMODE 0644 /* mode for creating files */ - -char * NSDB_Program = "NSDB"; /* NSDB facility name */ - -NSPR_BEGIN_EXTERN_C - -/* - * Description (ndbClose) - * - * This function closes the specified database. This involves - * closing the primary and id-to-name DB files, and freeing the - * NSDB_t object. - * - * Arguments: - * - * ndb - database handle from ndbOpen() - * flags - (currently unused - should be zero) - * - */ - -void ndbClose(void * ndb, int flags) -{ - NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */ - - if (ndbp->ndb_flags & (NDBF_WRNAME|NDBF_RDNAME)) { - (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb); - } - - if (ndbp->ndb_flags & (NDBF_WRID|NDBF_RDID)) { - (*ndbp->ndb_idb->close)(ndbp->ndb_idb); - } - - if (ndbp->ndb_pname) { - FREE(ndbp->ndb_pname); - } - - if (ndbp->ndb_iname) { - FREE(ndbp->ndb_iname); - } - - FREE(ndbp); -} - -/* - * Description (ndbEnumerate) - * - * This function is called to enumerate the records of the primary - * DB file to a caller-specified function. The function specified - * by the caller is called with the name (key), length and address - * of each record in the primary DB file. The 'flags' argument can - * be used to select normal data records, metadata records, or both. - * If the 'flags' value is zero, only normal data records are - * enumerated. The function specified by the caller returns -1 to - * terminate the enumeration, 0 to continue it, or +1 to restart - * the enumeration from the beginning. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * ndb - database handle from ndbOpen() - * flags - bit flags: - * NDBF_ENUMNORM - normal data records - * NDBF_ENUMMETA - metadata records - * func - pointer to caller's enumeration function - * - * Returns: - * - * If successful, the return value is zero. Otherwise a non-zero - * error code is returned, and an error frame is generated if an - * error frame list was provided by the caller. - */ - -int ndbEnumerate(NSErr_t * errp, void * ndb, int flags, void * argp, -#ifdef UnixWare - ArgFn_ndbEnum func) /* for ANSI C++ standard, see nsdb.h */ -#else - int (*func)(NSErr_t * ferrp, void * parg, - int namelen, char * name, - int reclen, char * recptr)) -#endif -{ - NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */ - DBT key; - DBT rec; - int rv; - int dbflag; - - /* Is the user DB open for reading names? */ - if (!(ndbp->ndb_flags & NDBF_RDNAME)) { - - /* No, (re)open it */ - rv = ndbReOpen(errp, ndb, NDBF_RDNAME); - if (rv) goto punt; - } - - if (flags == 0) flags = NDBF_ENUMNORM; - - for (dbflag = R_FIRST; ; dbflag = (rv > 0) ? R_FIRST : R_NEXT) { - - /* Retrieve the next (first) record from the primary DB */ - rv = (*ndbp->ndb_pdb->seq)(ndbp->ndb_pdb, &key, &rec, dbflag); - if (rv) break; - - /* Is this a metadata record? */ - if (*(char *)key.data == NDB_MDPREFIX) { - - /* Yes, skip it if metadata was not requested */ - if (!(flags & NDBF_ENUMMETA)) continue; - } - else { - /* Skip normal data if not requested */ - if (!(flags & NDBF_ENUMNORM)) continue; - } - - /* Pass this record to the caller's function */ - rv = (*func)(errp, argp, - key.size, (char *)key.data, rec.size, (char *)rec.data); - if (rv < 0) break; - } - - /* Indicate success */ - rv = 0; - - punt: - return rv; -} - -/* - * Description (ndbFindName) - * - * This function retrieves from the database a record with the - * specified key. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * ndb - database handle from ndbOpen() - * namelen - length of the key, including null - * terminator if any - * name - pointer to the key of the desired record - * reclen - pointer to returned record length - * recptr - pointer to returned record pointer - * - * Returns: - * - * If successful, the return value is zero, and the length and - * address of the returned record are returned through reclen and - * recptr. Otherwise the return value is non-zero, and an error - * frame is generated if an error frame list was provided by the - * caller. - * - * Notes: - * - * The record buffer is dynamically allocated and is freed - * automatically when the database is closed. - */ - -int ndbFindName(NSErr_t * errp, void * ndb, int namelen, char * name, - int * reclen, char **recptr) -{ - NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */ - DBT key; - DBT rec; - int eid; /* error id code */ - int rv; /* result value */ - - /* Is the user DB open for reading names? */ - if (!(ndbp->ndb_flags & NDBF_RDNAME)) { - - /* No, (re)open it */ - rv = ndbReOpen(errp, ndb, NDBF_RDNAME); - if (rv) goto punt; - } - - /* Set up record key. Include the terminating null byte. */ - key.data = (void *)name; - key.size = (namelen > 0) ? namelen : (strlen(name) + 1); - - /* Initialize record buffer descriptor */ - rec.data = 0; - rec.size = 0; - - /* Retrieve the record by its key */ - rv = (*ndbp->ndb_pdb->get)(ndbp->ndb_pdb, &key, &rec, 0); - if (rv) goto err_pget; - - /* Return record length and address */ - if (reclen) *reclen = rec.size; - if (recptr) *recptr = (char *)rec.data; - - /* Indicate success */ - rv = 0; - - punt: - return rv; - - err_pget: - eid = NSDBERR1000; - rv = NDBERRGET; - nserrGenerate(errp, rv, eid, NSDB_Program, 2, ndbp->ndb_pname, name); - goto punt; -} - -/* - * Description (ndbIdToName) - * - * This function looks up a specified id in the id-to-name DB - * file, and returns the associated name string. This name - * can be used to retrieve a record using ndbFindName(). - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * ndb - database handle from ndbOpen() - * id - id to look up - * plen - pointer to returned length of name - * (may be null, length includes null terminator - * in a string) - * pname - pointer to returned name string pointer - * - * Returns: - * - * The return value is zero if the operation is successful. An - * error is indicated by a negative return value (see nsdberr.h), - * and an error frame is generated if an error frame list was - * provided by the caller. - */ - -int ndbIdToName(NSErr_t * errp, - void * ndb, unsigned int id, int * plen, char **pname) -{ - NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */ - DBT key; - DBT rec; - char * name = 0; - int namelen = 0; - uint32 myid = id - 1; - int eid; /* error id code */ - int rv; /* result value */ - - /* Is the id-to-name DB open for reading ids? */ - if (!(ndbp->ndb_flags & NDBF_RDID)) { - - /* No, (re)open it */ - rv = ndbReOpen(errp, ndb, NDBF_RDID); - if (rv) goto punt; - } - - /* Set up record key */ -#if BYTE_ORDER == LITTLE_ENDIAN - M_32_SWAP(myid); -#endif - key.data = (void *)&myid; - key.size = sizeof(myid); - - /* Initialize record buffer descriptor */ - rec.data = 0; - rec.size = 0; - - /* Retrieve the record by its key */ - rv = (*ndbp->ndb_idb->get)(ndbp->ndb_idb, &key, &rec, 0); - if (rv) goto err_iget; - - /* Get the name pointer (terminating null is part of the name) */ - namelen = rec.size; - name = (char *) rec.data; - - punt: - /* Return name length and size if requested */ - if (plen) *plen = namelen; - if (pname) *pname = name; - - return rv; - - err_iget: - eid = NSDBERR1100; - rv = NDBERRGET; - nserrGenerate(errp, rv, eid, NSDB_Program, - 2, ndbp->ndb_iname, system_errmsg()); - goto punt; -} - -/* - * Description (ndbInitPrimary) - * - * This function creates and initializes the primary DB file. - * Initialization involves writing any required metadata records. - * Currently there is a ?dbtype record, which specifies the nsdb - * version number, and a database type and version number that - * were passed as arguments to ndbOpen(). There is also a - * ?idmap record, which contains an allocation bitmap for id values - * used as keys in the associated id-to-name DB file. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * ndb - database handle from ndbOpen() - * - * Returns: - * - * If successful, the return value is zero. Otherwise a non-zero - * error code is returned, and an error frame is generated if an - * error frame list was provided by the caller. - */ - -int ndbInitPrimary(NSErr_t * errp, void * ndb) -{ - NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */ - DBT key; - DBT rec; -#if BYTE_ORDER == LITTLE_ENDIAN - uint32 m; - int i; -#endif - int eid; /* error id code */ - int rv; /* result value */ - uint32 dbtype[4]; - - /* Error if the primary DB is marked as existing already */ - if (!(ndbp->ndb_flags & NDBF_NONAME)) goto err_exists; - - /* First create the primary DB file */ - ndbp->ndb_pdb = dbopen(ndbp->ndb_pname, O_RDWR | O_CREAT | O_TRUNC, - NDBMODE, DB_HASH, 0); - if (!ndbp->ndb_pdb) goto err_open; - - /* Generate data for the ?dbtype record */ - dbtype[0] = NDB_VERSION; - dbtype[1] = ndbp->ndb_dbtype; - dbtype[2] = ndbp->ndb_version; - dbtype[3] = 0; -#if BYTE_ORDER == LITTLE_ENDIAN - for (i = 0; i < 4; ++i) { - m = dbtype[i]; - M_32_SWAP(m); - dbtype[i] = m; - } -#endif - - /* Set up descriptors for the ?dbtype record key and data */ - key.data = (void *)NDB_DBTYPE; - key.size = strlen(NDB_DBTYPE) + 1; - - rec.data = (void *)dbtype; - rec.size = sizeof(dbtype); - - /* Write the ?dbtype record out */ - rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, 0); - if (rv) goto err_mput1; - - /* Write out an empty ?idmap record */ - key.data = (void *)NDB_IDMAP; - key.size = strlen(NDB_IDMAP) + 1; - - rec.data = 0; - rec.size = 0; - - /* Write the ?idmap record */ - rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, 0); - if (rv) goto err_mput2; - - /* Close the DB file */ - (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb); - - /* Clear the flag that says the primary DB file does not exist */ - ndbp->ndb_flags &= ~(NDBF_NONAME|NDBF_RDNAME|NDBF_WRNAME); - - /* Indicate success */ - return 0; - - err_exists: - /* Primary database already exists */ - eid = NSDBERR1200; - rv = NDBERREXIST; - nserrGenerate(errp, rv, eid, NSDB_Program, 1, ndbp->ndb_pname); - return rv; - - err_open: - /* Error opening primary database for write */ - eid = NSDBERR1220; - rv = NDBERROPEN; - goto err_dbio; - - err_mput1: - /* Error writing "?dbtype" record */ - eid = NSDBERR1240; - rv = NDBERRMDPUT; - goto err_dbio; - - err_mput2: - /* Error writing "?idmap" record */ - eid = NSDBERR1260; - rv = NDBERRMDPUT; - goto err_dbio; - - err_dbio: - nserrGenerate(errp, rv, eid, NSDB_Program, - 2, ndbp->ndb_pname, system_errmsg()); - - /* Close the primary DB file if it exists */ - if (ndbp->ndb_pdb) { - (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb); - ndbp->ndb_flags &= ~(NDBF_RDNAME|NDBF_WRNAME); - } - - /* Delete the file */ - system_unlink(ndbp->ndb_pname); - return rv; -} - -/* - * Description (ndbOpen) - * - * This function opens a server database by name. The specified - * name may be the name of the primary DB file, or the name - * without the ".db" suffix. This function will attempt to open - * both the primary and the id-to-name DB files for read access. - * If either of the DB files do not exist, they are not created - * here, but a handle for the database will still be returned. - * The DB files will be created when a subsequent access writes - * to the database. The caller also specifies an application - * database type, which is checked against a value stored in - * in the database metadata, if the primary DB file exists, or - * which is stored in the file metadata when the file is created. - * A type-specific version number is passed and returned. The - * value passed will be stored in the file metadata if it is - * subsequently created. If the file exists, the value in the - * file metadata is returned, and it is the caller's responsibility - * to interpret it. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * dbname - primary DB filename - * flags - (currently unused - should be zero) - * dbtype - application DB type (NDB_TYPE_xxxxx) - * version - (in/out) type-specific version number - * - * Returns: - * - * A handle that can be used for subsequent accesses to the database - * is returned, or 0, if an error occurs, and an error frame is - * generated if an error frame list was provided by the caller. - */ - -void * ndbOpen(NSErr_t * errp, - char * dbname, int flags, int dbtype, int * version) -{ - NSDB_t * ndbp = 0; /* database object pointer */ - char * pname = 0; /* primary DB file name */ - char * iname = 0; /* id-to-name DB file name */ - int namelen; - uint32 dbtrec[4]; - uint32 m; - DBT key; - DBT rec; - int eid; /* error id code */ - int rv; /* result value */ - - /* Get the database name */ - namelen = strlen(dbname); - if (!strcmp(&dbname[namelen-3], ".db")) { - namelen -= 3; - } - - /* Get the primary DB file name */ - pname = (char *)MALLOC(namelen + 4); - if (pname == 0) goto err_nomem1; - strncpy(pname, dbname, namelen); - strcpy(&pname[namelen], ".db"); - - /* Get the id-to-name DB file name */ - iname = (char *)MALLOC(namelen + 4); - if (iname == 0) goto err_nomem2; - strncpy(iname, dbname, namelen); - strcpy(&iname[namelen], ".id"); - - /* Allocate the database object */ - ndbp = (NSDB_t *)MALLOC(sizeof(NSDB_t)); - if (ndbp == 0) goto err_nomem3; - - /* Initialize the database object */ - ndbp->ndb_pname = pname; - ndbp->ndb_pdb = 0; - ndbp->ndb_iname = iname; - ndbp->ndb_idb = 0; - ndbp->ndb_flags = 0; - ndbp->ndb_dbtype = dbtype; - ndbp->ndb_version = (version) ? *version : 0; - - /* Open the primary DB file */ - ndbp->ndb_pdb = dbopen(pname, O_RDONLY, NDBMODE, DB_HASH, 0); - - /* Was it there? */ - if (ndbp->ndb_pdb) { - - /* Retrieve the ?dbtype record */ - key.data = (void *)NDB_DBTYPE; - key.size = strlen(NDB_DBTYPE) + 1; - - rec.data = 0; - rec.size = 0; - - /* Read the ?dbtype record */ - rv = (*ndbp->ndb_pdb->get)(ndbp->ndb_pdb, &key, &rec, 0); - if (rv) goto err_mdget; - - /* Check it out */ - if (rec.size < 16) goto err_fmt; - - /* Copy data to an aligned area */ - memcpy((void *)dbtrec, rec.data, sizeof(dbtrec)); - - /* Get the NSDB version number */ - m = dbtrec[0]; -#if BYTE_ORDER == LITTLE_ENDIAN - M_32_SWAP(m); -#endif - /* Assume forward compatibility with versions up to current + 0.5 */ - if (m > (NDB_VERSION + 5)) goto err_vers; - - /* XXX Assume infinite backward compatibility */ - - /* Get the application database type */ - m = dbtrec[1]; -#if BYTE_ORDER == LITTLE_ENDIAN - M_32_SWAP(m); -#endif - /* It's got to match */ - if (m != dbtype) goto err_type; - - /* Get the type-specific version number */ - m = dbtrec[3]; -#if BYTE_ORDER == LITTLE_ENDIAN - M_32_SWAP(m); -#endif - /* Don't check it. Just return it. */ - if (version) *version = m; - - /* The value in dbtrec[3] is currently ignored */ - - /* Mark the primary DB file open for read access */ - ndbp->ndb_flags |= NDBF_RDNAME; - } - else { - /* Indicate that the primary DB file does not exist */ - ndbp->ndb_flags |= NDBF_NONAME; - } - - return (void *)ndbp; - - err_nomem1: - eid = NSDBERR1400; - rv = NDBERRNOMEM; - goto err_nomem; - - err_nomem2: - eid = NSDBERR1420; - rv = NDBERRNOMEM; - goto err_nomem; - - err_nomem3: - eid = NSDBERR1440; - rv = NDBERRNOMEM; - err_nomem: - nserrGenerate(errp, rv, eid, NSDB_Program, 0); - goto punt; - - err_mdget: - eid = NSDBERR1460; - rv = NDBERRMDGET; - nserrGenerate(errp, rv, eid, NSDB_Program, 2, ndbp->ndb_pname, - system_errmsg()); - goto err_ret; - - err_fmt: - eid = NSDBERR1480; - rv = NDBERRMDFMT; - goto err_ret; - - err_vers: - { - char vnbuf[16]; - - eid = NSDBERR1500; - rv = NDBERRVERS; - sprintf(vnbuf, "%d", (int)m); - nserrGenerate(errp, rv, eid, NSDB_Program, 2, ndbp->ndb_pname, vnbuf); - } - goto punt; - - err_type: - eid = NSDBERR1520; - rv = NDBERRDBTYPE; - goto err_ret; - - err_ret: - nserrGenerate(errp, rv, eid, NSDB_Program, 1, ndbp->ndb_pname); - goto punt; - - punt: - /* Error clean-up */ - if (pname) FREE(pname); - if (iname) FREE(iname); - if (ndbp) { - /* Close the DB files if we got as far as opening them */ - if (ndbp->ndb_pdb) { - (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb); - } - if (ndbp->ndb_idb) { - (*ndbp->ndb_idb->close)(ndbp->ndb_idb); - } - FREE(ndbp); - } - return 0; -} - -/* - * Description (ndbReOpen) - * - * This function is called to ensure that the primary DB file - * and/or the id-to-name DB file are open with specified access - * rights. For example, a file may be open for read, and it needs - * to be open for write. Both the primary and id-to-name DB files - * can be manipulated with a single call. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * ndb - database handle from ndbOpen() - * flags - (currently unused - should be zero) - * - * Returns: - * - * If successful, the return value is zero. Otherwise a non-zero - * error code is returned (NDBERRxxxx - see nsdb.h). If an error - * list is provided, an error frame will be generated when the - * return value is non-zero. - */ - -int ndbReOpen(NSErr_t * errp, void * ndb, int flags) -{ - NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */ - char * dbname; /* database name pointer */ - int eid; - int rv; - - /* Want to read or write the primary DB file? */ - if (flags & (NDBF_RDNAME|NDBF_WRNAME)) { - - /* Need to open for write? */ - if ((flags & NDBF_WRNAME) && !(ndbp->ndb_flags & NDBF_WRNAME)) { - - /* If it's already open for read, close it first */ - if (ndbp->ndb_flags & NDBF_RDNAME) { - (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb); - ndbp->ndb_flags &= ~NDBF_RDNAME; - } - - /* Create it if it doesn't exist */ - if (ndbp->ndb_flags & NDBF_NONAME) { - rv = ndbInitPrimary(errp, ndb); - if (rv) goto err_init; - } - - /* Open primary DB file for write access */ - dbname = ndbp->ndb_pname; - ndbp->ndb_pdb = dbopen(dbname, O_RDWR, NDBMODE, DB_HASH, 0); - if (!ndbp->ndb_pdb) goto err_open1; - - /* Update flags to indicate successful open */ - ndbp->ndb_flags |= (NDBF_RDNAME|NDBF_WRNAME); - } - - /* Need to open for read? */ - if ((flags & NDBF_RDNAME) && !(ndbp->ndb_flags & NDBF_RDNAME)) { - - /* If it's already open for write, close it first */ - if (ndbp->ndb_flags & NDBF_WRNAME) { - (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb); - ndbp->ndb_flags &= ~(NDBF_RDNAME|NDBF_WRNAME); - } - - /* Open primary DB file for read access */ - dbname = ndbp->ndb_pname; - ndbp->ndb_pdb = dbopen(dbname, O_RDONLY, NDBMODE, DB_HASH, 0); - if (!ndbp->ndb_pdb) goto err_open2; - - /* Update flags to indicate successful open */ - ndbp->ndb_flags |= NDBF_RDNAME; - } - } - - /* Want to read or write the id-to-name DB file? */ - if (flags & (NDBF_RDID|NDBF_WRID)) { - - /* Need to open for write? */ - if ((flags & NDBF_WRID) && !(ndbp->ndb_flags & NDBF_WRID)) { - - /* - * If it's not open for read yet, try to open it for read - * in order to find out if it exists. - */ - if (!(ndbp->ndb_flags & NDBF_RDID)) { - - /* Open id-to-name DB file for read access */ - dbname = ndbp->ndb_iname; - ndbp->ndb_idb = dbopen(dbname, O_RDONLY, NDBMODE, DB_HASH,0); - - /* Does it exist? */ - if (ndbp->ndb_idb == 0) { - - /* No, create it */ - dbname = ndbp->ndb_iname; - ndbp->ndb_idb = dbopen(dbname,O_RDWR | O_CREAT | O_TRUNC, - NDBMODE, DB_HASH, 0); - if (!ndbp->ndb_idb) goto err_open3; - (*ndbp->ndb_idb->close)(ndbp->ndb_idb); - } - else { - /* Mark it open for read */ - ndbp->ndb_flags |= NDBF_RDID; - } - } - - /* If it's already open for read, close it first */ - if (ndbp->ndb_flags & NDBF_RDID) { - (*ndbp->ndb_idb->close)(ndbp->ndb_idb); - ndbp->ndb_flags &= ~NDBF_RDID; - } - - /* Open id-to-name DB file for write access */ - dbname = ndbp->ndb_iname; - ndbp->ndb_idb = dbopen(dbname, O_RDWR, NDBMODE, DB_HASH, 0); - if (!ndbp->ndb_idb) goto err_open4; - - /* Update flags to indicate successful open */ - ndbp->ndb_flags |= (NDBF_RDID|NDBF_WRID); - } - - /* Need to open for read? */ - if ((flags & NDBF_RDID) && !(ndbp->ndb_flags & NDBF_RDID)) { - - /* If it's already open for write, close it first */ - if (ndbp->ndb_flags & NDBF_WRID) { - (*ndbp->ndb_idb->close)(ndbp->ndb_idb); - ndbp->ndb_flags &= ~(NDBF_RDID|NDBF_WRID); - } - - /* Open id-to-name DB file for read access */ - dbname = ndbp->ndb_iname; - ndbp->ndb_idb = dbopen(dbname, O_RDONLY, NDBMODE, DB_HASH, 0); - if (!ndbp->ndb_idb) goto err_open5; - - /* Update flags to indicate successful open */ - ndbp->ndb_flags |= NDBF_RDID; - } - } - - /* Successful completion */ - return 0; - - /* Begin error handlers */ - - err_init: /* failed to create primary DB file */ - (void)nserrGenerate(errp, NDBERRPINIT, NSDBERR1600, NSDB_Program, - 1, - ndbp->ndb_pname /* primary DB filename */ - ); - rv = NDBERRPINIT; - goto punt; - - err_open1: - eid = NSDBERR1620; - goto err_open; - - err_open2: - eid = NSDBERR1640; - goto err_open; - - err_open3: - eid = NSDBERR1660; - goto err_open; - - err_open4: - eid = NSDBERR1680; - goto err_open; - - err_open5: - eid = NSDBERR1700; - goto err_open; - - err_open: /* database open error */ - rv = NDBERROPEN; - (void)nserrGenerate(errp, NDBERROPEN, eid, NSDB_Program, - 2, dbname, system_errmsg()); - - punt: - return rv; -} - -NSPR_END_EXTERN_C - diff --git a/lib/libaccess/nsdbmgmt.cpp b/lib/libaccess/nsdbmgmt.cpp deleted file mode 100644 index 1be11ec2..00000000 --- a/lib/libaccess/nsdbmgmt.cpp +++ /dev/null @@ -1,685 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * Description (nsdbmgmt.h) - * - * The file describes the interface for managing information in - * a Netscape (server) database. A database is composed of - * two (libdbm) DB files. One of these (<dbname>.db) contains - * records indexed by a string key. These records contain the - * primary information in the database. A second DB file - * (<dbname>.id) is used to map an integer id value to a string - * key, which can then be used to locate a record in the first file. - * The interface for retrieving information from a database is - * described in nsdb.h. - */ - -#include <base/systems.h> -#include <netsite.h> -#include <base/file.h> -#define __PRIVATE_NSDB -#include <libaccess/nsdbmgmt.h> -#include <base/util.h> - -/* - * Description (ndbAllocId) - * - * This function allocates a unique id to be associated with a - * name in the primary DB file. An id bitmap is maintained in - * the primary DB file as a metadata record, and an entry is - * created in the id-to-name DB for the assigned id and the - * specified name. An allocated id value is always non-zero. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * ndb - database handle from ndbOpen() - * namelen - length of key of the desired record, - * including null terminator if any - * name - pointer to the key of the desired record - * id - pointer to returned id value - * - * Returns: - * - * If successful, the return value is zero, and the allocated id - * is returned through 'id'. Otherwise a non-zero error code is - * returned (NDBERRxxxx - see nsdb.h). If an error list is - * provided, an error frame will be generated when the return - * value is non-zero. - */ - -int ndbAllocId(NSErr_t * errp, - void * ndb, int namelen, char * name, unsigned int * id) -{ - NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */ - DBT key; - DBT rec; - unsigned char * idmap; - unsigned char * newmap = 0; - int m; - int mmsk; - uint32 idval; - int myid; - int i, n; - int rv; - long eid; - - /* - * Ensure that the name does not start with the metadata - * prefix character. - */ - if (!name || (name[0] == NDB_MDPREFIX)) goto err_name; - - /* - * Read the primary DB file metadata record containing the id - * allocation bitmap. - */ - - /* - * We need the primary and the id-to-name DB files open for write - * (and implicitly read) access. - */ - if ((ndbp->ndb_flags & (NDBF_WRNAME|NDBF_WRID)) - != (NDBF_WRNAME|NDBF_WRID)) { - - /* No, (re)open it */ - rv = ndbReOpen(errp, ndb, (NDBF_WRNAME|NDBF_WRID)); - if (rv < 0) goto punt; - } - - /* Set the key to the id allocation bitmap record name */ - key.data = (void *)NDB_IDMAP; - key.size = strlen(NDB_IDMAP) + 1; - - rec.data = 0; - rec.size = 0; - - /* Retrieve the record by its key */ - rv = (*ndbp->ndb_pdb->get)(ndbp->ndb_pdb, &key, &rec, 0); - if (rv) goto err_mdget; - - /* Search for an available id in the bitmap */ - n = rec.size; - idmap = (unsigned char *)rec.data; - - for (i = 0, m = 0; i < n; ++i) { - - m = idmap[i]; - if (m != 0) break; - } - - /* Did we find a byte with an available bit? */ - if (m == 0) { - - /* No, need to grow the bitmap */ - newmap = (unsigned char *)MALLOC(rec.size + 32); - if (newmap == 0) goto err_nomem1; - - /* Initialize free space at the beginning of the new map */ - for (i = 0; i < 32; ++i) { - newmap[i] = 0xff; - } - - /* Copy the old map after it */ - n += 32; - for ( ; i < n; ++i) { - newmap[i] = idmap[i-32]; - } - - /* Set i and m to allocate the new highest id value */ - i = 0; - m = 0xff; - } - else { - - /* - * It's unfortunate, but it appears to be necessary to copy the - * the ?idmap record into a new buffer before updating it, rather - * than simply updating it in place. The problem is that the - * libdbm put routine deletes the old record and then re-inserts - * it. But once it has deleted the old record, it may take the - * opportunity to move another record into the space that the - * old record occupied, which is the same space that the new - * record occupies. So the new record data is overwritten before - * new record is inserted. :-( - */ - - newmap = (unsigned char *)MALLOC(rec.size); - if (newmap == 0) goto err_nomem2; - - memcpy((void *)newmap, (void *)idmap, rec.size); - } - - /* Calculate the id associated with the low-order bit of byte i */ - myid = (n - i - 1) << 3; - - /* Find the first free (set) bit in that word */ - for (mmsk = 1; !(m & mmsk); mmsk <<= 1, myid += 1) ; - - /* Clear the bit */ - m &= ~mmsk; - newmap[i] = m; - - /* Write the bitmap back out */ - - rec.data = (void *)newmap; - rec.size = n; - - rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, 0); - - /* Check for error on preceding put operation */ - if (rv) goto err_putpdb; - - /* Create the key for the id-to-name record */ - idval = myid; -#if BYTE_ORDER == LITTLE_ENDIAN - M_32_SWAP(idval); -#endif - - key.data = (void *)&idval; - key.size = sizeof(uint32); - - rec.data = (void *)name; - rec.size = (namelen > 0) ? namelen : (strlen(name) + 1); - - /* Write the id-to-name record */ - rv = (*ndbp->ndb_idb->put)(ndbp->ndb_idb, &key, &rec, 0); - if (rv) goto err_putidb; - - /* Return the id value + 1, to avoid returning a zero id */ - if (id) *id = myid + 1; - - punt: - - /* Free the new map space if any */ - if (newmap) { - FREE(newmap); - } - - return rv; - - err_name: /* invalid name parameter */ - eid = NSDBERR2000; - rv = NDBERRNAME; - if (name == 0) { - name = "(null)"; - } - else if ((namelen > 0) && (namelen != strlen(name) + 1)) { - name = "(unprintable)"; - } - (void)nserrGenerate(errp, rv, eid, NSDB_Program, - 2, - ndbp->ndb_pname, /* primary DB filename */ - name /* name string */ - ); - goto punt; - - err_mdget: /* error on get from primary DB file */ - eid = NSDBERR2020; - rv = NDBERRMDGET; - (void)nserrGenerate(errp, rv, eid, NSDB_Program, - 2, - ndbp->ndb_pname, /* primary DB filename */ - (char *)key.data /* key name string */ - ); - goto punt; - - err_nomem1: - eid = NSDBERR2040; - goto err_nomem; - - err_nomem2: - eid = NSDBERR2060; - err_nomem: /* insufficient memory */ - rv = NDBERRNOMEM; - (void)nserrGenerate(errp, rv, eid, NSDB_Program, 0); - goto punt; - - err_putpdb: /* error on put to primary DB file */ - eid = NSDBERR2080; - rv = NDBERRMDPUT; - (void)nserrGenerate(errp, rv, eid, NSDB_Program, - 2, - ndbp->ndb_pname, /* primary DB filename */ - (char *)key.data /* key name string */ - ); - goto punt; - - err_putidb: /* error on put to id-to-name DB */ - { - char idstring[16]; - - eid = NSDBERR2100; - rv = NDBERRIDPUT; - - util_sprintf(idstring, "%d", myid); - (void)nserrGenerate(errp, rv, eid, NSDB_Program, - 2, - ndbp->ndb_iname, /* id-to-name DB file */ - idstring /* id value for key */ - ); - } - goto punt; -} - -/* - * Description (ndbDeleteName) - * - * This function deletes a named record from the primary DB file. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * ndb - database handle from ndbOpen() - * flags - (currently unused - should be zero) - * namelen - length of name key, including null - * terminator if any - * name - pointer to name key - * - * Returns: - * - * If successful, the return value is zero. Otherwise a non-zero - * error code is returned (NDBERRxxxx - see nsdberr.h). If an error - * list is provided, an error frame will be generated when the - * return value is non-zero. - */ - -int ndbDeleteName(NSErr_t * errp, - void * ndb, int flags, int namelen, char * name) -{ - NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */ - DBT key; - int eid; - int rv; - - /* Is the primary DB open for write access? */ - if (!(ndbp->ndb_flags & NDBF_WRNAME)) { - - /* No, (re)open it */ - rv = ndbReOpen(errp, ndb, NDBF_WRNAME); - if (rv) goto punt; - } - - /* Set up the key descriptor */ - key.data = (void *)name; - key.size = (namelen > 0) ? namelen : (strlen(name) + 1); - - /* Delete the record from the primary DB file */ - rv = (*ndbp->ndb_pdb->del)(ndbp->ndb_pdb, &key, 0); - if (rv) goto err_delpdb; - - /* Successful completion */ - return 0; - - /* Begin error handlers */ - - err_delpdb: /* error deleting record from primary DB */ - eid = NSDBERR2200; - rv = NDBERRNMDEL; - (void)nserrGenerate(errp, rv, eid, NSDB_Program, - 2, - ndbp->ndb_pname, /* primary DB name */ - (char *)key.data /* primary key */ - ); - punt: - return rv; -} - -/* - * Description (ndbFreeId) - * - * This function frees an id value associated with a name in the - * primary DB file. It is normally called when the named record - * is being deleted from the primary DB file. It deletes the - * record in the id-to-name DB file that is keyed by the id value, - * and updates the id allocation bitmap in the primary DB file. - * The caller may specify the name that is associated with the id - * value, in which case the id-to-name record will be fetched, - * and the name matched, before the record is deleted. Alternatively - * the name parameter can be specified as zero, and id-to-name - * record will be deleted without a check. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * ndb - database handle from ndbOpen() - * namelen - length of name (including null terminator) - * name - name associated with the id value (optional) - * id - id value to be freed - * - * Returns: - * - * If successful, the return value is zero. Otherwise a non-zero - * error code is returned, and an error frame is generated if the - * caller provided an error frame list. - */ - -int ndbFreeId(NSErr_t * errp, - void * ndb, int namelen, char * name, unsigned int id) -{ - NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */ - char * recname; - DBT key; - DBT rec; - uint32 idval; - int reclen; - int mmsk; - unsigned char * idmap = 0; - int i; - int eid; - int rv; - - /* - * We need the primary and the id-to-name DB files open for write - * (and implicitly read) access. - */ - if ((ndbp->ndb_flags & (NDBF_WRNAME|NDBF_WRID)) - != (NDBF_WRNAME|NDBF_WRID)) { - - /* No, (re)open it */ - rv = ndbReOpen(errp, ndb, (NDBF_WRNAME|NDBF_WRID)); - if (rv) goto punt; - } - - /* Was the name for this id value provided by the caller? */ - if (name) { - - /* Get length of name if not provided */ - if (namelen <= 0) namelen = strlen(name) + 1; - - /* Yes, look up the id and check for a match */ - rv = ndbIdToName(errp, ndb, id, &reclen, &recname); - if (rv < 0) goto punt; - - /* Fail if the supplied name doesn't match */ - if ((namelen != reclen) || - strncmp(recname, name, reclen)) goto err_badid1; - } - - /* Caller views the id space as starting at 1, but we start at 0 */ - id -= 1; - - /* Create the key for the id-to-name record */ - idval = id; -#if BYTE_ORDER == LITTLE_ENDIAN - M_32_SWAP(idval); -#endif - - key.data = (void *)&idval; - key.size = sizeof(uint32); - - /* Delete the id-to-name record */ - rv = (*ndbp->ndb_idb->del)(ndbp->ndb_idb, &key, 0); - if (rv) goto err_del; - - /* Set the key to the id allocation bitmap record name */ - key.data = (void *)NDB_IDMAP; - key.size = strlen(NDB_IDMAP) + 1; - - rec.data = 0; - rec.size = 0; - - /* Retrieve the record by its key */ - rv = (*ndbp->ndb_pdb->get)(ndbp->ndb_pdb, &key, &rec, 0); - if (rv) goto err_mdget; - - /* Make sure the id is in the range of the bitmap */ - i = (rec.size << 3) - id - 1; - if (i < 0) goto err_badid2; - - /* - * See comment in ndbAllocId() about updating ?idmap. Bottom line - * is: we have to copy the record before updating it. - */ - - idmap = (unsigned char *)MALLOC(rec.size); - if (idmap == 0) goto err_nomem; - - memcpy((void *)idmap, rec.data, rec.size); - - /* Calculate the index of the byte with this id's bit */ - i >>= 3; - - /* Calculate the bitmask for the bitmap byte */ - mmsk = 1 << (id & 7); - - /* Set the bit in the bitmap */ - idmap[i] |= mmsk; - - /* Write the bitmap back out */ - - rec.data = (void *)idmap; - - rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, 0); - if (rv) goto err_mdput; - - punt: - - if (idmap) { - FREE(idmap); - } - - return rv; - - err_badid1: - /* Name associated with id doesn't match supplied name */ - eid = NSDBERR2300; - rv = NDBERRBADID; - goto err_id; - - err_del: - /* Error deleting id-to-name record */ - eid = NSDBERR2320; - rv = NDBERRIDDEL; - goto err_dbio; - - err_mdget: - /* Error reading id bitmap from primary DB file */ - eid = NSDBERR2340; - rv = NDBERRMDGET; - goto err_dbio; - - err_badid2: - eid = NSDBERR2360; - rv = NDBERRBADID; - err_id: - { - char idbuf[16]; - - util_sprintf(idbuf, "%d", id); - nserrGenerate(errp, rv, eid, NSDB_Program, 2, ndbp->ndb_pname, idbuf); - } - goto punt; - - err_nomem: - eid = NSDBERR2380; - rv = NDBERRNOMEM; - nserrGenerate(errp, rv, eid, NSDB_Program, 0); - goto punt; - - err_mdput: - eid = NSDBERR2400; - rv = NDBERRMDPUT; - goto err_dbio; - - err_dbio: - nserrGenerate(errp, rv, eid, NSDB_Program, - 2, ndbp->ndb_pname, system_errmsg()); - goto punt; -} - -/* - * Description (ndbRenameId) - * - * This function changes the name associated with a specified id - * int the id-to-name DB file. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * ndb - database handle from ndbOpen() - * namelen - length of new name string, including - * null terminator if any - * newname - pointer to the new name string - * id - id value to be renamed - * - * Returns: - * - * The return value is zero if the operation is successful. An - * error is indicated by a non-zero return value, and an error - * frame is generated if the caller provided an error frame list. - */ - -int ndbRenameId(NSErr_t * errp, - void * ndb, int namelen, char * newname, unsigned int id) -{ - NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */ - DBT key; - DBT rec; - uint32 idval = id - 1; - int eid; - int rv; - - /* - * Ensure that the name does not start with the metadata - * prefix character. - */ - if (!newname || (newname[0] == NDB_MDPREFIX)) goto err_name; - - /* - * We need the id-to-name DB file open for write - * (and implicitly read) access. - */ - if (!(ndbp->ndb_flags & NDBF_WRID)) { - - /* No, (re)open it */ - rv = ndbReOpen(errp, ndb, NDBF_WRID); - if (rv) goto punt; - } - - /* Set up record key */ -#if BYTE_ORDER == LITTLE_ENDIAN - M_32_SWAP(idval); -#endif - key.data = (void *)&idval; - key.size = sizeof(uint32); - - rec.data = 0; - rec.size = 0; - - /* Retrieve the record by its key */ - rv = (*ndbp->ndb_idb->get)(ndbp->ndb_idb, &key, &rec, 0); - if (rv) goto err_idget; - - /* Set up to write the new name */ - rec.data = (void *)newname; - rec.size = (namelen > 0) ? namelen : (strlen(newname) + 1); - - /* Write the id-to-name record */ - rv = (*ndbp->ndb_idb->put)(ndbp->ndb_idb, &key, &rec, 0); - if (rv) goto err_idput; - - punt: - return rv; - - err_name: - eid = NSDBERR2500; - rv = NDBERRNAME; - if (newname == 0) newname = "(null)"; - else if ((namelen > 0) && (namelen != (strlen(newname) + 1))) { - newname = "(unprintable)"; - } - (void)nserrGenerate(errp, rv, eid, NSDB_Program, - 2, - ndbp->ndb_pname, /* primary DB filename */ - newname /* name string */ - ); - goto punt; - - err_idget: - /* Error getting id record from id-to-name database */ - eid = NSDBERR2520; - rv = NDBERRGET; - goto err_dbio; - - err_idput: - /* Error putting id record back to id-to-name database */ - eid = NSDBERR2540; - rv = NDBERRIDPUT; - err_dbio: - nserrGenerate(errp, rv, eid, NSDB_Program, - 2, ndbp->ndb_pname, system_errmsg()); - goto punt; -} - -/* - * Description (ndbStoreName) - * - * This function stores a record, keyed by a specified name, in the - * primary DB file. The record will overwrite any existing record - * with the same key, unless NDBF_NEWNAME, is included in the 'flags' - * argument. If NDBF_NEWNAME is set, and the record already exists, - * it is not overwritten, and an error is returned. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * ndb - database handle from ndbOpen() - * flags - bit flags: - * NDBF_NEWNAME - name is new - * namelen - length of name key, including null - * terminator if any - * name - pointer to name key - * reclen - length of the record data - * recptr - pointer to the record data - * - * Returns: - * - * If successful, the return value is zero. Otherwise a non-zero - * error code is returned, and an error frame is generated if the - * caller provided an error frame list. - */ - -int ndbStoreName(NSErr_t * errp, void * ndb, int flags, - int namelen, char * name, int reclen, char * recptr) -{ - NSDB_t * ndbp = (NSDB_t *)ndb; /* database object pointer */ - DBT key; - DBT rec; - int eid; - int rv; - - /* Is the primary DB open for write access? */ - if (!(ndbp->ndb_flags & NDBF_WRNAME)) { - - /* No, (re)open it */ - rv = ndbReOpen(errp, ndb, NDBF_WRNAME); - if (rv) goto punt; - } - - /* Set up the key and record descriptors */ - key.data = (void *)name; - key.size = (namelen > 0) ? namelen : (strlen(name) + 1); - - rec.data = (void *)recptr; - rec.size = reclen; - - /* Write the record to the primary DB file */ - rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, - (flags & NDBF_NEWNAME) ? R_NOOVERWRITE : 0); - if (rv) goto err_put; - - punt: - return rv; - - err_put: - eid = NSDBERR2700; - rv = NDBERRPUT; - nserrGenerate(errp, rv, eid, NSDB_Program, - 2, ndbp->ndb_pname, system_errmsg()); - goto punt; -} diff --git a/lib/libaccess/nsgmgmt.cpp b/lib/libaccess/nsgmgmt.cpp deleted file mode 100644 index 5257992b..00000000 --- a/lib/libaccess/nsgmgmt.cpp +++ /dev/null @@ -1,434 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * Description (nsgmgmt.c) - * - * This module contains routines for managing information in a - * Netscape group database. Information for a particular group - * is modified by retrieving the current information in the form - * of a group object (GroupObj_t), calling functions in this module, - * to modify the group object, and then calling groupStore() to - * write the information in the group object back to the database. - */ - -#include "base/systems.h" -#include "netsite.h" -#include "assert.h" -#include "libaccess/nsdbmgmt.h" -#define __PRIVATE_NSGROUP -#include "libaccess/nsgmgmt.h" - -/* - * Description (groupAddMember) - * - * This function adds a member to a group object. The member may - * be another group or a user, expressed as a group id or user id, - * respectively. The 'isgid' argument is non-zero if the new - * member is a group, or zero if it is a user. - * - * Arguments: - * - * goptr - group object pointer - * isgid - non-zero if 'id' is a group id - * zero if 'id' is a user id - * id - group or user id to be added - * - * Returns: - * - * Returns zero if the specified member is already a direct member - * of the group. Returns one if the member was added successfully. - */ - -NSAPI_PUBLIC int groupAddMember(GroupObj_t * goptr, int isgid, USI_t id) -{ - USIList_t * uilptr; - int rv = 0; - - /* Point to the relevant uid or gid list */ - uilptr = (isgid) ? &goptr->go_groups : &goptr->go_users; - - /* Add the id to the selected list */ - rv = usiInsert(uilptr, id); - if (rv > 0) { - goptr->go_flags |= GOF_MODIFIED; - } - - return rv; -} - -/* - * Description (groupCreate) - * - * This function creates a group object, using information about - * the group provided by the caller. The strings passed for the - * group name and description may be on the stack. The group id - * is set to zero, but the group object is marked as being new. - * A group id will be assigned when groupStore() is called to add - * the group to a group database. - * - * Arguments: - * - * name - pointer to group name string - * desc - pointer to group description string - * - * Returns: - * - * A pointer to a dynamically allocated GroupObj_t structure is - * returned. - */ - -NSAPI_PUBLIC GroupObj_t * groupCreate(NTS_t name, NTS_t desc) -{ - GroupObj_t * goptr; /* group object pointer */ - - goptr = (GroupObj_t *)MALLOC(sizeof(GroupObj_t)); - if (goptr) { - goptr->go_name = (NTS_t)STRDUP((char *)name); - goptr->go_gid = 0; - goptr->go_flags = (GOF_MODIFIED | GOF_NEW); - if (desc) { - goptr->go_desc = (desc) ? (NTS_t)STRDUP((char *)desc) : 0; - } - UILINIT(&goptr->go_users); - UILINIT(&goptr->go_groups); - UILINIT(&goptr->go_pgroups); - } - - return goptr; -} - -/* - * Description (groupDeleteMember) - * - * This function removes a specified member from a group object's - * list of members. The member to be remove may be a group or a - * user, expressed as a group id or user id, respectively. The - * 'isgid' argument is non-zero if the member being removed is a - * group, or zero if it is a user. - * - * Arguments: - * - * goptr - pointer to group object - * isgid - non-zero if 'id' is a group id - * zero if 'id' is a user id - * id - group or user id to be removed - * - * Returns: - * - * The return value is zero if the specified member was not present - * in the group object, or one if the member was successfully removed. - */ - -NSAPI_PUBLIC int groupDeleteMember(GroupObj_t * goptr, int isgid, USI_t id) -{ - USIList_t * uilptr; /* pointer to list of member users or groups */ - int rv; /* return value */ - - /* Get pointer to appropriate list of ids */ - uilptr = (isgid) ? &goptr->go_groups : &goptr->go_users; - - /* Remove the specified id */ - rv = usiRemove(uilptr, id); - if (rv > 0) { - goptr->go_flags |= GOF_MODIFIED; - } - - return rv; -} - -/* - * Description (groupEncode) - * - * This function encodes a group object into a group DB record. - * - * Arguments: - * - * goptr - pointer to group object - * greclen - pointer to returned record length - * grecptr - pointer to returned record pointer - * - * Returns: - * - * The function return value is zero if successful. The length - * and location of the created attribute record are returned - * through 'greclen' and 'grecptr'. A non-zero function value - * is returned if there's an error. - */ - -NSAPI_PUBLIC int groupEncode(GroupObj_t * goptr, int * greclen, ATR_t * grecptr) -{ - int reclen; /* length of DB record */ - ATR_t rptr; /* DB record pointer */ - ATR_t rstart = 0; /* pointer to beginning of DB record */ - ATR_t glptr; /* saved pointer to UAT_GROUPS length */ - ATR_t gptr; /* saved pointer to after length at glptr */ - int gidlen; /* gid encoding length */ - int fllen; /* flags encoding length */ - USI_t dsclen; /* group description encoding length */ - USI_t nulen; /* member user count encoding length */ - USI_t nglen; /* member group count encoding length */ - int idcnt; /* count of user or group ids */ - USI_t * ids; /* pointer to array of user or group ids */ - int i; /* id index */ - int rv = -1; - - /* - * First we need to figure out how long the generated record will be. - * This doesn't have to be exact, but it must not be smaller than the - * actual record size. - */ - - /* GAT_GID attribute: tag, length, USI */ - gidlen = USILENGTH(goptr->go_gid); - reclen = (1 + 1 + gidlen); - - /* GAT_FLAGS attribute: tag, length, USI */ - fllen = USILENGTH(goptr->go_flags & GOF_DBFLAGS); - reclen += (1 + 1 + fllen); - - /* GAT_DESCRIPT attribute: tag, length, NTS */ - dsclen = NTSLENGTH(goptr->go_desc); - reclen += (1 + USILENGTH(dsclen) + dsclen); - - /* GAT_USERS attribute: tag, length, USI(count), USI(uid)... */ - idcnt = UILCOUNT(&goptr->go_users); - nulen = USILENGTH(idcnt); - reclen += (1 + USIALLOC() + nulen + (5 * idcnt)); - - /* GAT_GROUPS attribute: tag, length, USI(count), USI(gid)... */ - idcnt = UILCOUNT(&goptr->go_groups); - nglen = USILENGTH(idcnt); - reclen += (1 + USIALLOC() + nglen + (5 * idcnt)); - - /* GAT_PGROUPS attribute: tag, length, USI(count), USI(gid)... */ - idcnt = UILCOUNT(&goptr->go_pgroups); - nglen = USILENGTH(idcnt); - reclen += (1 + USIALLOC() + nglen + (5 * idcnt)); - - /* Allocate the attribute record buffer */ - rptr = (ATR_t)MALLOC(reclen); - if (rptr) { - - /* Save pointer to start of record */ - rstart = rptr; - - /* Encode GAT_GID attribute */ - *rptr++ = GAT_GID; - *rptr++ = gidlen; - rptr = USIENCODE(rptr, goptr->go_gid); - - /* Encode GAT_FLAGS attribute */ - *rptr++ = GAT_FLAGS; - *rptr++ = fllen; - rptr = USIENCODE(rptr, (goptr->go_flags & GOF_DBFLAGS)); - - /* Encode GAT_DESCRIPT attribute */ - *rptr++ = GAT_DESCRIPT; - rptr = USIENCODE(rptr, dsclen); - rptr = NTSENCODE(rptr, goptr->go_desc); - - /* Encode GAT_USERS attribute */ - *rptr++ = GAT_USERS; - - /* - * Save a pointer to the attribute encoding length, and reserve - * space for the maximum encoding size of a USI_t value. - */ - glptr = rptr; - rptr += USIALLOC(); - gptr = rptr; - - /* Encode number of user members */ - idcnt = UILCOUNT(&goptr->go_users); - rptr = USIENCODE(rptr, idcnt); - - /* Generate user ids encodings */ - ids = UILLIST(&goptr->go_users); - for (i = 0; i < idcnt; ++i) { - rptr = USIENCODE(rptr, ids[i]); - } - - /* Now fix up the GAT_USERS attribute encoding length */ - glptr = USIINSERT(glptr, (USI_t)(rptr - gptr)); - - /* Encode GAT_GROUPS attribute */ - *rptr++ = GAT_GROUPS; - - /* - * Save a pointer to the attribute encoding length, and reserve - * space for the maximum encoding size of a USI_t value. - */ - glptr = rptr; - rptr += USIALLOC(); - gptr = rptr; - - /* Encode number of groups */ - idcnt = UILCOUNT(&goptr->go_groups); - rptr = USIENCODE(rptr, idcnt); - - /* Generate group ids encodings */ - ids = UILLIST(&goptr->go_groups); - for (i = 0; i < idcnt; ++i) { - rptr = USIENCODE(rptr, ids[i]); - } - - /* Now fix up the GAT_GROUPS attribute encoding length */ - glptr = USIINSERT(glptr, (USI_t)(rptr - gptr)); - - /* Encode GAT_PGROUPS attribute */ - *rptr++ = GAT_PGROUPS; - - /* - * Save a pointer to the attribute encoding length, and reserve - * space for the maximum encoding size of a USI_t value. - */ - glptr = rptr; - rptr += USIALLOC(); - gptr = rptr; - - /* Encode number of groups */ - idcnt = UILCOUNT(&goptr->go_pgroups); - rptr = USIENCODE(rptr, idcnt); - - /* Generate group ids encodings */ - ids = UILLIST(&goptr->go_pgroups); - for (i = 0; i < idcnt; ++i) { - rptr = USIENCODE(rptr, ids[i]); - } - - /* Now fix up the GAT_PGROUPS attribute encoding length */ - glptr = USIINSERT(glptr, (USI_t)(rptr - gptr)); - - /* Return record length and location if requested */ - if (greclen) *greclen = rptr - rstart; - if (grecptr) *grecptr = rstart; - - /* Indicate success */ - rv = 0; - } - - return rv; -} - -/* - * Description (groupRemove) - * - * This function is called to remove a group from a specified group - * database. Both the primary DB file and the id-to-name DB file - * are updated. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * groupdb - handle for group DB access - * flags - (unused - must be zero) - * name - pointer to group name - * - * Returns: - * - * If successful, the return value is zero. Otherwise it is a - * non-zero error code. - */ - -NSAPI_PUBLIC int groupRemove(NSErr_t * errp, void * groupdb, int flags, NTS_t name) -{ - GroupObj_t * goptr; /* group object pointer */ - int rv; - int rv2; - - /* First retrieve the group record */ - goptr = groupFindByName(errp, groupdb, name); - if (!goptr) { - /* Error - specified group not found */ - return NSAERRNAME; - } - - /* Free the group id value, if any */ - rv = 0; - if (goptr->go_gid != 0) { - rv = ndbFreeId(errp, groupdb, 0, (char *)name, goptr->go_gid); - } - - rv2 = ndbDeleteName(errp, groupdb, 0, 0, (char *)name); - - return (rv) ? rv : rv2; -} - -/* - * Description (groupStore) - * - * This function is called to store a group object in the database. - * If the object was created by groupCreate(), it is assumed to be - * a new group, the group account name must not match any existing - * group account names in the database, and a gid is assigned before - * adding the group to the database. If the object was created by - * groupFindByName(), the information in the group object will - * replace the existing database entry for the indicated group - * name. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * groupdb - handle for group DB access - * flags - (unused - must be zero) - * goptr - group object pointer - * - * Returns: - * - * If successful, the return value is zero. Otherwise it is a - * non-zero error code. The group object remains intact in either - * case. - */ - -NSAPI_PUBLIC int groupStore(NSErr_t * errp, void * groupdb, int flags, GroupObj_t * goptr) -{ - ATR_t recptr = 0; - USI_t gid; - int reclen = 0; - int stflags = 0; - int eid; - int rv; - - /* If this is a new group, allocate a uid value */ - if (goptr->go_flags & GOF_NEW) { - - rv = ndbAllocId(errp, groupdb, 0, (char *)goptr->go_name, &gid); - if (rv) goto punt; - - goptr->go_gid = gid; - - /* Let the database manager know that this is a new entry */ - stflags = NDBF_NEWNAME; - } - - /* Convert the information in the group object to a DB record */ - rv = groupEncode(goptr, &reclen, &recptr); - if (rv) goto err_nomem; - - /* - * Store the record in the database under the group name. - * If this is a new entry, a group id to group name mapping - * also will be added to the id-to-name DB file. - */ - rv = ndbStoreName(errp, groupdb, stflags, - 0, (char *)goptr->go_name, reclen, (char *)recptr); - - FREE(recptr); - - if (rv == 0) { - goptr->go_flags &= ~(GOF_NEW | GOF_MODIFIED); - } - - punt: - return rv; - - err_nomem: - eid = NSAUERR2000; - rv = NSAERRNOMEM; - nserrGenerate(errp, rv, eid, NSAuth_Program, 0); - goto punt; -} diff --git a/lib/libaccess/nsgroup.cpp b/lib/libaccess/nsgroup.cpp deleted file mode 100644 index 83dcf950..00000000 --- a/lib/libaccess/nsgroup.cpp +++ /dev/null @@ -1,336 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * Description (nsgroup.c) - * - * This module contains routines for accessing information in a - * Netscape group database. Group information is returned in the - * form of a group object (GroupObj_t), defined in nsauth.h. - */ - -#include "base/systems.h" -#include "netsite.h" -#include "assert.h" -#define __PRIVATE_NSGROUP -#include "libaccess/nsgroup.h" - -/* - * Description (groupDecode) - * - * This function decodes an external group DB record into a - * dynamically allocated GroupObj_t structure. The DB record is - * encoded as an attribute record as defined in attrec.h. - * - * Arguments: - * - * name - pointer to group name string - * greclen - length of the group DB record, in octets - * grecptr - pointer to group DB record - * - * Returns: - * - * A pointer to the allocated GroupObj_t structure is returned. - */ - -NSAPI_PUBLIC GroupObj_t * groupDecode(NTS_t name, int greclen, ATR_t grecptr) -{ - ATR_t cp = grecptr; /* current pointer into DB record */ - USI_t tag; /* attribute tag */ - USI_t len; /* attribute value encoding length */ - int i; /* group id index */ - int idcnt; /* count of user or group ids */ - USI_t * ids; /* pointer to array of ids */ - GroupObj_t * goptr; /* group object pointer */ - - /* Allocate a group object structure */ - goptr = (GroupObj_t *)MALLOC(sizeof(GroupObj_t)); - if (goptr) { - - goptr->go_name = (unsigned char *) STRDUP((char *)name); - goptr->go_gid = 0; - goptr->go_flags = GOF_MODIFIED; - goptr->go_desc = 0; - UILINIT(&goptr->go_users); - UILINIT(&goptr->go_groups); - UILINIT(&goptr->go_pgroups); - - /* Parse group DB record */ - while ((cp - grecptr) < greclen) { - - /* Get the attribute tag */ - cp = USIDECODE(cp, &tag); - - /* Get the length of the encoding of the attribute value */ - cp = USIDECODE(cp, &len); - - /* Process this attribute */ - switch (tag) { - - case GAT_GID: /* group id */ - cp = USIDECODE(cp, &goptr->go_gid); - break; - - case GAT_FLAGS: /* flags */ - cp = USIDECODE(cp, &goptr->go_flags); - break; - - case GAT_DESCRIPT: /* group description */ - cp = NTSDECODE(cp, &goptr->go_desc); - break; - - case GAT_USERS: /* member users of this group */ - - /* First get the number of user ids following */ - cp = USIDECODE(cp, (unsigned *)&idcnt); - - if (idcnt > 0) { - - /* Allocate space for user ids */ - ids = usiAlloc(&goptr->go_users, idcnt); - if (ids) { - for (i = 0; i < idcnt; ++i) { - cp = USIDECODE(cp, ids + i); - } - } - } - break; - - case GAT_GROUPS: /* member groups of this group */ - - /* First get the number of group ids following */ - cp = USIDECODE(cp, (unsigned *)&idcnt); - - if (idcnt > 0) { - - /* Allocate space for group ids */ - ids = usiAlloc(&goptr->go_groups, idcnt); - if (ids) { - for (i = 0; i < idcnt; ++i) { - cp = USIDECODE(cp, ids + i); - } - } - } - break; - - case GAT_PGROUPS: /* parent groups of this group */ - - /* First get the number of group ids following */ - cp = USIDECODE(cp, (USI_t *)&idcnt); - - if (idcnt > 0) { - - /* Allocate space for group ids */ - ids = usiAlloc(&goptr->go_pgroups, idcnt); - if (ids) { - for (i = 0; i < idcnt; ++i) { - cp = USIDECODE(cp, ids + i); - } - } - } - break; - - default: /* unrecognized attribute */ - /* Just skip it */ - cp += len; - break; - } - } - } - - return goptr; -} - -/* - * Description (groupEnumHelp) - * - * This is a local function that is called by NSDB during group - * database enumeration. It decodes group records into group - * objects, and presents them to the caller of groupEnumerate(). - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * parg - pointer to GroupEnumArgs_t structure - * namelen - length of group record key, including null - * terminator - * name - group record key (group account name) - * reclen - length of group record - * recptr - pointer to group record contents - * - * Returns: - * - * Returns whatever value is returned from the upcall to the caller - * of groupEnumerate(). - */ - -static int groupEnumHelp(NSErr_t * errp, void * parg, - int namelen, char * name, int reclen, char * recptr) -{ - GroupEnumArgs_t * ge = (GroupEnumArgs_t *)parg; - GroupObj_t * goptr; /* group object pointer */ - int rv; - - goptr = groupDecode((NTS_t)name, reclen, (ATR_t)recptr); - - rv = (*ge->func)(errp, ge->user, goptr); - - if (!(ge->flags & GOF_ENUMKEEP)) { - FREE(goptr); - } - - return rv; -} - -/* - * Description (groupEnumerate) - * - * This function enumerates all of the groups in a specified group - * database, calling a caller-specified function with a group object - * for each group in the database. A 'flags' value of GOF_ENUMKEEP - * can be specified to keep the group objects around (not free them) - * after the caller's function returns. Otherwise, each group - * object is freed after being presented to the caller's function. - * The 'argp' argument is an opaque pointer, which is passed to - * the caller's function as 'parg' on each call, along with a - * group object pointer. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * groupdb - handle for group DB access - * flags - bit flags: - * GOF_ENUMKEEP - keep group objects - * argp - passed to 'func' as 'parg' - * func - pointer to caller's enumeration function - * - * Returns: - * - * If successful, the return value is zero. Otherwise it is a - * non-zero error code. - */ - -NSAPI_PUBLIC int groupEnumerate(NSErr_t * errp, void * groupdb, int flags, void * argp, - int (*func)(NSErr_t * ferrp, - void * parg, GroupObj_t * goptr)) -{ - int rv; - GroupEnumArgs_t args; - - args.groupdb = groupdb; - args.flags = flags; - args.func = func; - args.user = argp; - - rv = ndbEnumerate(errp, - groupdb, NDBF_ENUMNORM, (void *)&args, groupEnumHelp); - - return rv; -} - -/* - * Description (groupFindByName) - * - * This function looks up a group record for a specified group name, - * converts the group record to the internal group object form, and - * returns a pointer to the group object. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * groupdb - handle for group DB access - * name - group name to find - * - * Returns: - * - * If successful, the return value is a pointer to a group object - * for the specified group. Otherwise it is 0. - */ - -NSAPI_PUBLIC GroupObj_t * groupFindByName(NSErr_t * errp, void * groupdb, NTS_t name) -{ - GroupObj_t * goptr = 0; - ATR_t grecptr; - int greclen; - int rv; - - /* Look up the group name in the database */ - rv = ndbFindName(errp, groupdb, 0, (char *)name, &greclen, (char **)&grecptr); - if (rv == 0) { - - /* Got the group record. Decode into a group object. */ - goptr = groupDecode(name, greclen, grecptr); - } - - return goptr; -} - -/* - * Description (groupFindByGid) - * - * This function looks up a group record for a specified group id, - * converts the group record to the internal group object form, and - * returns a pointer to the group object. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * groupdb - handle for group DB access - * gid - group id to find - * - * Returns: - * - * If successful, the return value is a pointer to a group object - * for the specified group. Otherwise it is 0. - */ - -NSAPI_PUBLIC GroupObj_t * groupFindByGid(NSErr_t * errp, void * groupdb, USI_t gid) -{ - GroupObj_t * goptr = 0; - NTS_t name; - ATR_t grecptr; - int greclen; - int rv; - - /* Get the group account name corresponding to the gid */ - rv = ndbIdToName(errp, groupdb, gid, 0, (char **)&name); - if (rv == 0) { - - rv = ndbFindName(errp, groupdb, 0, (char *)name, &greclen, (char **)&grecptr); - if (rv == 0) { - - /* Got the group record. Decode into a group object. */ - goptr = groupDecode(name, greclen, grecptr); - } - } - - return goptr; -} - -/* - * Description (groupFree) - * - * This function is called to free a group object. Group objects - * are not automatically freed when a group database is closed. - * - * Arguments: - * - * goptr - group object pointer - * - */ - -NSAPI_PUBLIC void groupFree(GroupObj_t * goptr) -{ - if (goptr) { - - if (goptr->go_name) FREE(goptr->go_name); - if (goptr->go_desc) FREE(goptr->go_desc); - UILFREE(&goptr->go_users); - UILFREE(&goptr->go_groups); - UILFREE(&goptr->go_pgroups); - FREE(goptr); - } -} diff --git a/lib/libaccess/nslock.cpp b/lib/libaccess/nslock.cpp deleted file mode 100644 index 40841a86..00000000 --- a/lib/libaccess/nslock.cpp +++ /dev/null @@ -1,268 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * Description (nslock.c) - * - * This modules provides an interprocess locking mechanism, based - * on a named lock. - */ - -#include "netsite.h" -#include "base/file.h" -#define __PRIVATE_NSLOCK -#include "nslock.h" -#include <assert.h> - -char * NSLock_Program = "NSLOCK"; - -#ifdef FILE_UNIX -/* - * The process-wide list of locks, NSLock_List, is protected by the - * critical section, NSLock_Crit. - */ -CRITICAL NSLock_Crit = 0; -NSLock_t * NSLock_List = 0; -#endif /* FILE_UNIX */ - -/* - * Description (nsLockOpen) - * - * This function is used to initialize a handle for a lock. The - * caller specifies a unique name for the lock, and a handle is - * returned. The returned handle should be used by only one - * thread at a time, i.e. if multiple threads in a process are - * using the same lock, they should either have their own handles - * or protect a single handle with a critical section. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * lockname - pointer to name of lock - * plock - pointer to returned handle for lock - * - * Returns: - * - * If successful, a handle for the specified lock is returned via - * 'plock', and the return value is zero. Otherwise the return - * value is a negative error code (see nslock.h), and an error - * frame is generated if an error frame list was provided. - */ - -NSAPI_PUBLIC int nsLockOpen(NSErr_t * errp, char * lockname, void **plock) -{ - NSLock_t * nl = 0; /* pointer to lock structure */ - int len; /* length of lockname */ - int eid; - int rv; - -#ifdef FILE_UNIX - /* Have we created the critical section for NSLock_List yet? */ - if (NSLock_Crit == 0) { - - /* Narrow the window for simultaneous initialization */ - NSLock_Crit = (CRITICAL)(-1); - - /* Create it */ - NSLock_Crit = crit_init(); - } - - /* Lock the list of locks */ - crit_enter(NSLock_Crit); - - /* See if a lock with the specified name exists already */ - for (nl = NSLock_List; nl != 0; nl = nl->nl_next) { - if (!strcmp(nl->nl_name, lockname)) break; - } - - /* Create a new lock if we didn't find it */ - if (nl == 0) { - - len = strlen(lockname); - - nl = (NSLock_t *)PERM_MALLOC(sizeof(NSLock_t) + len + 5); - if (nl == 0) goto err_nomem; - - nl->nl_name = (char *)(nl + 1); - strcpy(nl->nl_name, lockname); - strcpy(&nl->nl_name[len], ".lck"); - nl->nl_cnt = 0; - - nl->nl_fd = open(nl->nl_name, O_RDWR|O_CREAT|O_EXCL, 0644); - if (nl->nl_fd < 0) { - - if (errno != EEXIST) { - crit_exit(NSLock_Crit); - goto err_create; - } - - /* O_RDWR or O_WRONLY is required to use lockf on Solaris */ - nl->nl_fd = open(nl->nl_name, O_RDWR, 0); - if (nl->nl_fd < 0) { - crit_exit(NSLock_Crit); - goto err_open; - } - } - - /* Remove ".lck" from the lock name */ - nl->nl_name[len] = 0; - - /* Create a critical section for this lock (gag!) */ - nl->nl_crit = crit_init(); - - /* Add this lock to NSLock_List */ - nl->nl_next = NSLock_List; - NSLock_List = nl; - } - - crit_exit(NSLock_Crit); - -#else -/* write me */ - nl = (void *)4; -#endif /* FILE_UNIX */ - - *plock = (void *)nl; - return 0; - - err_nomem: - eid = NSLERR1000; - rv = NSLERRNOMEM; - nserrGenerate(errp, rv, eid, NSLock_Program, 0); - goto punt; - - err_create: - eid = NSLERR1020; - rv = NSLERRCREATE; - goto err_file; - - err_open: - eid = NSLERR1040; - rv = NSLERROPEN; - err_file: - nserrGenerate(errp, rv, eid, NSLock_Program, 1, nl->nl_name); - punt: - if (nl) { - FREE(nl); - } - *plock = 0; - return rv; -} - -/* - * Description (nsLockAcquire) - * - * This function is used to acquire exclusive ownership of a lock - * previously accessed via nsLockOpen(). The calling thread will - * be blocked until the lock is acquired. Other threads in the - * process should not be blocked. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * lock - handle for lock from nsLockOpen() - * - * Returns: - * - * If successful, the return value is zero. Otherwise the return - * value is a negative error code (see nslock.h), and an error - * frame is generated if an error frame list was provided. - */ - -NSAPI_PUBLIC int nsLockAcquire(NSErr_t * errp, void * lock) -{ - NSLock_t * nl = (NSLock_t *)lock; - int eid; - int rv; - -#ifdef FILE_UNIX - /* Enter the critical section for the lock */ - crit_enter(nl->nl_crit); - - /* Acquire the file lock if we haven't already */ - if (nl->nl_cnt == 0) { - rv = system_flock(nl->nl_fd); - if (rv) { - crit_exit(nl->nl_crit); - goto err_lock; - } - } - - /* Bump the lock count */ - nl->nl_cnt++; - - crit_exit(nl->nl_crit); -#else - /* write me */ -#endif /* FILE_UNIX */ - - /* Indicate success */ - return 0; - - err_lock: - eid = NSLERR1100; - rv = NSLERRLOCK; - nserrGenerate(errp, rv, eid, NSLock_Program, 1, nl->nl_name); - - return rv; -} - -/* - * Description (nsLockRelease) - * - * This function is used to release exclusive ownership to a lock - * that was previously obtained via nsLockAcquire(). - * - * Arguments: - * - * lock - handle for lock from nsLockOpen() - */ - -NSAPI_PUBLIC void nsLockRelease(void * lock) -{ - NSLock_t * nl = (NSLock_t *)lock; - -#ifdef FILE_UNIX - assert(nl->nl_cnt > 0); - - crit_enter(nl->nl_crit); - - if (--nl->nl_cnt <= 0) { - system_ulock(nl->nl_fd); - nl->nl_cnt = 0; - } - - crit_exit(nl->nl_crit); -#endif /* FILE_UNIX */ -} - -/* - * Description (nsLockClose) - * - * This function is used to close a lock handle that was previously - * acquired via nsLockOpen(). The lock should not be owned. - * - * Arguments: - * - * lock - handle for lock from nsLockOpen() - */ - -NSAPI_PUBLIC void nsLockClose(void * lock) -{ - NSLock_t * nl = (NSLock_t *)lock; - -#ifdef FILE_UNIX - /* Don't do anything with the lock, since it will get used again */ -#if 0 - crit_enter(nl->nl_crit); - close(nl->nl_fd); - crit_exit(nl->nl_crit); - FREE(nl); -#endif -#else - /* write me */ -#endif FILE_UNIX -} diff --git a/lib/libaccess/nsumgmt.cpp b/lib/libaccess/nsumgmt.cpp deleted file mode 100644 index 06987483..00000000 --- a/lib/libaccess/nsumgmt.cpp +++ /dev/null @@ -1,456 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * Description (nsumgmt.c) - * - * This module contains routines for managing information in a - * Netscape user database. Information for a particular user - * is modified by retrieving the current information in the form - * of a user object (UserObj_t), calling functions in this module, - * to modify the user object, and then calling userStore() to - * write the information in the user object back to the database. - */ - -#include "base/systems.h" -#include "netsite.h" -#include "assert.h" -#include "libaccess/nsdbmgmt.h" -#define __PRIVATE_NSUSER -#include "libaccess/nsumgmt.h" - -/* - * Description (userAddGroup) - * - * This function adds a group id to the list of group ids associated - * with a user object. - * - * Arguments: - * - * uoptr - user object pointer - * gid - group id to be added - * - * Returns: - * - * Returns zero if the group id is already present in the group id list. - * Returns one if the group id was added successfully. - * Returns a negative value if an error occurs. - */ - -int userAddGroup(UserObj_t * uoptr, USI_t gid) -{ - int rv; - - rv = usiInsert(&uoptr->uo_groups, gid); - - if (rv > 0) { - - uoptr->uo_flags |= UOF_MODIFIED; - } - - return rv; -} - -/* - * Description (userCreate) - * - * This function creates a user object, using information about - * the user provided by the caller. The strings passed for the - * user account name, password, and real user name may be on the - * stack. The user id is set to zero, but the user object is - * marked as being new. A user id will be assigned when - * userStore() is called to add the user to a user database. - * - * Arguments: - * - * name - pointer to user account name string - * pwd - pointer to (encrypted) password string - * rname - real user name (gecos string) - * - * Returns: - * - * A pointer to a dynamically allocated UserObj_t structure is - * returned. - */ - -NSAPI_PUBLIC UserObj_t * userCreate(NTS_t name, NTS_t pwd, NTS_t rname) -{ - UserObj_t * uoptr; /* user object pointer */ - - uoptr = (UserObj_t *)MALLOC(sizeof(UserObj_t)); - if (uoptr) { - uoptr->uo_name = (NTS_t)STRDUP((char *)name); - uoptr->uo_pwd = (pwd) ? (NTS_t)STRDUP((char *)pwd) : 0; - uoptr->uo_uid = 0; - uoptr->uo_flags = (UOF_MODIFIED | UOF_NEW); - uoptr->uo_rname = (rname) ? (NTS_t)STRDUP((char *)rname) : 0; - UILINIT(&uoptr->uo_groups); - } - - return uoptr; -} - -/* - * Description (userDeleteGroup) - * - * This function removes a specified group id from a user object's - * list of groups. - * - * Arguments: - * - * uoptr - pointer to user object - * gid - group id to remove - * - * Returns: - * - * The return value is zero if the specified group id was not present - * in the user object, or one if the group was successfully removed. - */ - -int userDeleteGroup(UserObj_t * uoptr, USI_t gid) -{ - int rv; /* return value */ - - rv = usiRemove(&uoptr->uo_groups, gid); - if (rv > 0) { - uoptr->uo_flags |= UOF_MODIFIED; - } - - return rv; -} - -/* - * Description (userEncode) - * - * This function encodes a user object into a user DB record. - * - * Arguments: - * - * uoptr - pointer to user object - * ureclen - pointer to returned record length - * urecptr - pointer to returned record pointer - * - * Returns: - * - * The function return value is zero if successful. The length - * and location of the created attribute record are returned - * through 'ureclen' and 'urecptr'. A non-zero function value - * is returned if there's an error. - */ - -int userEncode(UserObj_t * uoptr, int * ureclen, ATR_t * urecptr) -{ - int reclen; /* length of DB record */ - ATR_t rptr; /* DB record pointer */ - ATR_t rstart = 0; /* pointer to beginning of DB record */ - ATR_t glptr; /* saved pointer to UAT_GROUPS length */ - ATR_t gptr; /* saved pointer to after length at glptr */ - int pwdlen; /* password encoding length */ - int uidlen; /* uid encoding length */ - int fllen; /* account flags encoding length */ - USI_t rnlen; /* real name encoding length */ - USI_t nglen; /* group count encoding length */ - USI_t gcnt; /* number of group ids */ - USI_t * gids; /* pointer to array of group ids */ - int i; /* group id index */ - int rv = -1; - - /* - * First we need to figure out how long the generated record will be. - * This doesn't have to be exact, but it must not be smaller than the - * actual record size. - */ - - /* UAT_PASSWORD attribute: tag, length, NTS */ - pwdlen = NTSLENGTH(uoptr->uo_pwd); - reclen = 1 + 1 + pwdlen; - if (pwdlen > 127) goto punt; - - /* UAT_UID attribute: tag, length, USI */ - uidlen = USILENGTH(uoptr->uo_uid); - reclen += (1 + 1 + uidlen); - - /* UAT_ACCFLAGS attribute: tag, length, USI */ - fllen = USILENGTH(uoptr->uo_flags & UOF_DBFLAGS); - reclen += (1 + 1 + fllen); - - /* UAT_REALNAME attribute: tag, length, NTS */ - rnlen = NTSLENGTH(uoptr->uo_rname); - reclen += (1 + USILENGTH(rnlen) + rnlen); - - /* UAT_GROUPS attribute: tag, length, USI(count), USI(gid)... */ - gcnt = UILCOUNT(&uoptr->uo_groups); - nglen = USILENGTH(gcnt); - reclen += (1 + USIALLOC() + nglen + (5 * gcnt)); - - /* Allocate the attribute record buffer */ - rptr = (ATR_t)MALLOC(reclen); - if (rptr) { - - /* Save pointer to start of record */ - rstart = rptr; - - /* Encode UAT_PASSWORD attribute */ - *rptr++ = UAT_PASSWORD; - *rptr++ = pwdlen; - rptr = NTSENCODE(rptr, uoptr->uo_pwd); - - /* Encode UAT_UID attribute */ - *rptr++ = UAT_UID; - *rptr++ = uidlen; - rptr = USIENCODE(rptr, uoptr->uo_uid); - - /* Encode UAT_ACCFLAGS attribute */ - *rptr++ = UAT_ACCFLAGS; - *rptr++ = fllen; - rptr = USIENCODE(rptr, (uoptr->uo_flags & UOF_DBFLAGS)); - - /* Encode UAT_REALNAME attribute */ - *rptr++ = UAT_REALNAME; - rptr = USIENCODE(rptr, rnlen); - rptr = NTSENCODE(rptr, uoptr->uo_rname); - - /* Encode UAT_GROUPS attribute */ - *rptr++ = UAT_GROUPS; - - /* - * Save a pointer to the attribute encoding length, and reserve - * space for the maximum encoding size of a USI_t value. - */ - glptr = rptr; - rptr += USIALLOC(); - gptr = rptr; - - /* Encode number of groups */ - rptr = USIENCODE(rptr, gcnt); - - /* Generate group ids encodings */ - gids = UILLIST(&uoptr->uo_groups); - for (i = 0; i < gcnt; ++i) { - rptr = USIENCODE(rptr, gids[i]); - } - - /* Now fix up the UAT_GROUPS attribute encoding length */ - glptr = USIINSERT(glptr, (USI_t)(rptr - gptr)); - - /* Return record length and location if requested */ - if (ureclen) *ureclen = rptr - rstart; - if (urecptr) *urecptr = rstart; - - /* Indicate success */ - rv = 0; - } - - punt: - return rv; -} - -/* - * Description (userRemove) - * - * This function is called to remove a user from a specified user - * database. Both the primary DB file and the id-to-name DB file - * are updated. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * userdb - handle for user DB access - * flags - (unused - must be zero) - * name - pointer to user account name - * - * Returns: - * - * If successful, the return value is zero. Otherwise it is a - * non-zero error code. - */ - -NSAPI_PUBLIC int userRemove(NSErr_t * errp, void * userdb, int flags, NTS_t name) -{ - UserObj_t * uoptr; /* user object pointer */ - int rv; - int rv2; - - /* First retrieve the user record */ - uoptr = userFindByName(errp, userdb, name); - if (!uoptr) { - /* Error - specified user not found */ - return NSAERRNAME; - } - - /* Free the user id value, if any */ - rv = 0; - if (uoptr->uo_uid != 0) { - rv = ndbFreeId(errp, userdb, 0, (char *)name, uoptr->uo_uid); - } - - rv2 = ndbDeleteName(errp, userdb, 0, 0, (char *)name); - - return (rv) ? rv : rv2; -} - -/* - * Description (userRename) - * - * This function is called to change the account name associated - * with an existing user. The caller provides a pointer to a - * user object for the existing user (with the current user account - * name referenced by uo_name), and the new account name for this - * user. A check is made to ensure the uniqueness of the new name - * in the specified user database. The account name in the user - * object is modified. The user database is not modified until - * userStore() is called. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * userdb - handle for user DB access - * uoptr - user object pointer - * newname - pointer to new account name string - * - * Returns: - * - * If successful, the return value is zero. Otherwise it is a - * non-zero error code. The user object remains intact in either - * case. - */ - -NSAPI_PUBLIC int userRename(NSErr_t * errp, void * userdb, UserObj_t * uoptr, NTS_t newname) -{ - int reclen; /* user record length */ - ATR_t recptr = 0; /* user record pointer */ - char * oldname; /* old user account name */ - int eid; /* error id code */ - int rv; /* result value */ - - /* Save the current account name and replace it with the new one */ - oldname = (char *)uoptr->uo_name; - uoptr->uo_name = (unsigned char *) STRDUP((char *)newname); - - if ((oldname != 0) && !(uoptr->uo_flags & UOF_NEW)) { - - /* Convert the information in the user object to a DB record */ - rv = userEncode(uoptr, &reclen, &recptr); - if (rv) goto err_nomem; - - /* - * Store the record in the database - * under the new user account name. - */ - rv = ndbStoreName(errp, userdb, NDBF_NEWNAME, - 0, (char *)uoptr->uo_name, reclen, (char *)recptr); - if (rv) goto punt; - - /* Change the mapping of the user id to the new name */ - rv = ndbRenameId(errp, userdb, 0, (char *)uoptr->uo_name, uoptr->uo_uid); - if (rv) goto punt; - - /* Delete the user record with the old account name */ - rv = ndbDeleteName(errp, userdb, 0, 0, oldname); - if (rv) goto punt; - } - else { - /* Set flags in user object for userStore() */ - uoptr->uo_flags |= UOF_MODIFIED; - } - - punt: - if (recptr) { - FREE(recptr); - } - if (oldname) { - FREE(oldname); - } - return rv; - - err_nomem: - eid = NSAUERR1000; - rv = NSAERRNOMEM; - nserrGenerate(errp, rv, eid, NSAuth_Program, 0); - goto punt; -} - -/* - * Description (userStore) - * - * This function is called to store a user object in the database. - * If the object was created by userCreate(), it is assumed to be - * a new user account, the user account name must not match any - * existing user account names in the database, and a uid is - * assigned before adding the user to the database. If the object - * was created by userFindByName(), the information in the user - * object will replace the existing database entry for the - * indicated user account name. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * userdb - handle for user DB access - * flags - (unused - must be zero) - * uoptr - user object pointer - * - * Returns: - * - * If successful, the return value is zero. Otherwise it is a - * non-zero error code. The user object remains intact in either - * case. - */ - -NSAPI_PUBLIC int userStore(NSErr_t * errp, void * userdb, int flags, UserObj_t * uoptr) -{ - ATR_t recptr = 0; - USI_t uid; - int reclen = 0; - int stflags = 0; - int eid; - int rv; - - /* If this is a new user, allocate a uid value */ - if (uoptr->uo_flags & UOF_NEW) { - /* - * Yes, allocate a user id and add a user id to user - * account name mapping to the id-to-name DB file. - */ - uid = 0; - rv = ndbAllocId(errp, userdb, 0, (char *)uoptr->uo_name, &uid); - if (rv) goto punt; - - uoptr->uo_uid = uid; - - /* Let the database manager know that this is a new entry */ - stflags = NDBF_NEWNAME; - } - - /* Convert the information in the user object to a DB record */ - rv = userEncode(uoptr, &reclen, &recptr); - if (rv) goto err_nomem; - - /* Store the record in the database under the user account name. */ - rv = ndbStoreName(errp, userdb, stflags, - 0, (char *)uoptr->uo_name, reclen, (char *)recptr); - if (rv) goto punt; - - FREE(recptr); - recptr = 0; - - uoptr->uo_flags &= ~(UOF_NEW | UOF_MODIFIED); - return 0; - - err_nomem: - eid = NSAUERR1100; - rv = NSAERRNOMEM; - nserrGenerate(errp, rv, eid, NSAuth_Program, 0); - - punt: - if (recptr) { - FREE(recptr); - } - if ((uoptr->uo_flags & UOF_NEW) && (uid != 0)) { - /* Free the user id value if we failed after allocating it */ - ndbFreeId(errp, userdb, 0, (char *)uoptr->uo_name, uid); - } - return rv; -} diff --git a/lib/libaccess/nsuser.cpp b/lib/libaccess/nsuser.cpp deleted file mode 100644 index 6ce44fdc..00000000 --- a/lib/libaccess/nsuser.cpp +++ /dev/null @@ -1,309 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* - * Description (nsuser.c) - * - * This module contains routines for accessing information in a - * Netscape user database. User information is returned in the - * form of a user object (UserObj_t), defined in nsauth.h. - */ - -#include "base/systems.h" -#include "netsite.h" -#include "assert.h" -#define __PRIVATE_NSUSER -#include "libaccess/nsuser.h" - -/* Authentication facility name for error frame generation */ -char * NSAuth_Program = "NSAUTH"; - -/* - * Description (userDecode) - * - * This function decodes an external user DB record into a dynamically - * allocated UserObj_t structure. The DB record is encoded as an - * attribute record as defined in attrec.h. - * - * Arguments: - * - * name - pointer to user account name string - * ureclen - length of the user DB record, in octets - * urecptr - pointer to user DB record - * - * Returns: - * - * A pointer to the allocated UserObj_t structure is returned. - */ - -UserObj_t * userDecode(NTS_t name, int ureclen, ATR_t urecptr) -{ - ATR_t cp = urecptr; /* current pointer into DB record */ - USI_t tag; /* attribute tag */ - USI_t len; /* attribute value encoding length */ - USI_t gcnt; /* number of group ids */ - USI_t * gids; /* pointer to array of group ids */ - int i; /* group id index */ - UserObj_t * uoptr; /* user object pointer */ - - /* Allocate a user object structure */ - uoptr = (UserObj_t *)MALLOC(sizeof(UserObj_t)); - if (uoptr) { - - uoptr->uo_name = (unsigned char *) STRDUP((char *)name); - uoptr->uo_pwd = 0; - uoptr->uo_uid = 0; - uoptr->uo_flags = 0; - uoptr->uo_rname = 0; - UILINIT(&uoptr->uo_groups); - - /* Parse user DB record */ - while ((cp - urecptr) < ureclen) { - - /* Get the attribute tag */ - cp = USIDECODE(cp, &tag); - - /* Get the length of the encoding of the attribute value */ - cp = USIDECODE(cp, &len); - - /* Process this attribute */ - switch (tag) { - - case UAT_PASSWORD: /* encrypted password */ - cp = NTSDECODE(cp, &uoptr->uo_pwd); - break; - - case UAT_UID: /* user id */ - cp = USIDECODE(cp, &uoptr->uo_uid); - break; - - case UAT_ACCFLAGS: /* account flags */ - cp = USIDECODE(cp, &uoptr->uo_flags); - break; - - case UAT_REALNAME: /* real name of user */ - cp = NTSDECODE(cp, &uoptr->uo_rname); - break; - - case UAT_GROUPS: /* groups which include user */ - - /* First get the number of group ids following */ - cp = USIDECODE(cp, &gcnt); - - if (gcnt > 0) { - - /* Allocate space for group ids */ - gids = usiAlloc(&uoptr->uo_groups, gcnt); - if (gids) { - for (i = 0; i < gcnt; ++i) { - cp = USIDECODE(cp, gids + i); - } - } - } - break; - - default: /* unrecognized attribute */ - /* Just skip it */ - cp += len; - break; - } - } - } - - return uoptr; -} - -/* - * Description (userEnumHelp) - * - * This is a local function that is called by NSDB during user - * database enumeration. It decodes user records into user - * objects, and presents them to the caller of userEnumerate(). - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * parg - pointer to UserEnumArgs_t structure - * namelen - user record key length including null - * terminator - * name - user record key (user account name) - * reclen - length of user record - * recptr - pointer to user record contents - * - * Returns: - * - * Returns whatever value is returned from the upcall to the caller - * of userEnumerate(). - */ - -static int userEnumHelp(NSErr_t * errp, void * parg, - int namelen, char * name, int reclen, char * recptr) -{ - UserEnumArgs_t * ue = (UserEnumArgs_t *)parg; - UserObj_t * uoptr; /* user object pointer */ - int rv; - - uoptr = userDecode((NTS_t)name, reclen, (ATR_t)recptr); - - rv = (*ue->func)(errp, ue->user, uoptr); - - if (!(ue->flags & UOF_ENUMKEEP)) { - userFree(uoptr); - } - - return rv; -} - -/* - * Description (userEnumerate) - * - * This function enumerates all of the users in a specified user - * database, calling a caller-specified function with a user object - * for each user in the database. A 'flags' value of UOF_ENUMKEEP - * can be specified to keep the user objects around (not free them) - * after the caller's function returns. Otherwise, each user - * object is freed after being presented to the caller's function. - * The 'argp' argument is an opaque pointer, which is passed to - * the caller's function as 'parg' on each call, along with a - * user object pointer. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * userdb - handle for user DB access - * flags - bit flags: - * UOF_ENUMKEEP - keep user objects - * argp - passed to 'func' as 'parg' - * func - pointer to caller's enumeration function - * - * Returns: - * - * If successful, the return value is zero. Otherwise it is a - * non-zero error code, and an error frame is generated if an error - * frame list was provided by the caller. - */ - -int userEnumerate(NSErr_t * errp, void * userdb, int flags, void * argp, - int (*func)(NSErr_t * ferrp, void * parg, UserObj_t * uoptr)) -{ - int rv; - UserEnumArgs_t args; - - args.userdb = userdb; - args.flags = flags; - args.func = func; - args.user = argp; - - rv = ndbEnumerate(errp, - userdb, NDBF_ENUMNORM, (void *)&args, userEnumHelp); - - return rv; -} - -/* - * Description (userFindByName) - * - * This function looks up a user record for a specified user account - * name, converts the user record to the internal user object form, - * and returns a pointer to the user object. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * userdb - handle for user DB access - * name - user account name to find - * - * Returns: - * - * If successful, the return value is a pointer to a user object - * for the specified user. Otherwise it is 0, and an error frame - * is generated if an error frame list was provided by the caller. - */ - -UserObj_t * userFindByName(NSErr_t * errp, void * userdb, NTS_t name) -{ - UserObj_t * uoptr = 0; - ATR_t urecptr; - int ureclen; - int rv; - - /* Look up the user name in the database */ - rv = ndbFindName(errp, userdb, 0, (char *) name, &ureclen, (char **)&urecptr); - if (rv == 0) { - - /* Got the user record. Decode into a user object. */ - uoptr = userDecode(name, ureclen, urecptr); - } - - return uoptr; -} - -/* - * Description (userFindByUid) - * - * This function looks up a user record for a specified user id, - * converts the user record to the internal user object form, and - * returns a pointer to the user object. - * - * Arguments: - * - * errp - error frame list pointer (may be null) - * userdb - handle for user DB access - * uid - user id to find - * - * Returns: - * - * If successful, the return value is a pointer to a user object - * for the specified user. Otherwise it is 0, and an error frame - * is generated if an error frame list was provided by the caller. - */ - -UserObj_t * userFindByUid(NSErr_t * errp, void * userdb, USI_t uid) -{ - UserObj_t * uoptr = 0; - NTS_t name; - ATR_t urecptr; - int ureclen; - int rv; - - /* Get the user account name corresponding to the uid */ - rv = ndbIdToName(errp, userdb, uid, 0, (char **)&name); - if (rv == 0) { - - rv = ndbFindName(errp, userdb, 0, (char *)name, &ureclen, (char **)&urecptr); - if (rv == 0) { - - /* Got the user record. Decode into a user object. */ - uoptr = userDecode(name, ureclen, urecptr); - } - } - - return uoptr; -} - -/* - * Description (userFree) - * - * This function is called to free a user object. User objects - * are not automatically freed when a user database is closed. - * - * Arguments: - * - * uoptr - user object pointer - * - */ - -NSAPI_PUBLIC void userFree(UserObj_t * uoptr) -{ - if (uoptr) { - - if (uoptr->uo_name) FREE(uoptr->uo_name); - if (uoptr->uo_pwd) FREE(uoptr->uo_pwd); - if (uoptr->uo_rname) FREE(uoptr->uo_rname); - UILFREE(&uoptr->uo_groups); - FREE(uoptr); - } -} diff --git a/lib/libaccess/register.h b/lib/libaccess/register.h deleted file mode 100644 index 18e6a4b4..00000000 --- a/lib/libaccess/register.h +++ /dev/null @@ -1,98 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -#ifndef ACL_REGISTER_HEADER -#define ACL_REGISTER_HEADER - -#include <libaccess/nserror.h> -#include <libaccess/acl.h> -#include <libaccess/las.h> - -typedef void * ACLMethod_t; -#define ACL_METHOD_ANY (ACLMethod_t)-1 -#define ACL_METHOD_INVALID (ACLMethod_t)-2 -typedef void * ACLDbType_t; -#define ACL_DBTYPE_ANY (ACLDbType_t)-1 -#define ACL_DBTYPE_INVALID (ACLDbType_t)-2 - -typedef struct ACLGetter_s { - ACLMethod_t method; - ACLDbType_t db; - AttrGetterFn fn; -} ACLGetter_t; -typedef ACLGetter_s * ACLGetter_p; - -/* - * Command values for the "position" argument to ACL_RegisterGetter - * Any positive >0 value is the specific position in the list to insert - * the new function. - */ -#define ACL_AT_FRONT 0 -#define ACL_AT_END -1 -#define ACL_REPLACE_ALL -2 -#define ACL_REPLACE_MATCHING -3 - -#ifdef ACL_LIB_INTERNAL -#define ACL_MAX_METHOD 32 -#define ACL_MAX_DBTYPE 32 -#endif - -NSPR_BEGIN_EXTERN_C - -NSAPI_PUBLIC extern int - ACL_LasRegister( NSErr_t *errp, char *attr_name, LASEvalFunc_t - eval_func, LASFlushFunc_t flush_func ); -NSAPI_PUBLIC extern int - ACL_LasFindEval( NSErr_t *errp, char *attr_name, LASEvalFunc_t - *eval_funcp ); -NSAPI_PUBLIC extern int - ACL_LasFindFlush( NSErr_t *errp, char *attr_name, LASFlushFunc_t - *flush_funcp ); -extern void - ACL_LasHashInit( void ); -extern void - ACL_LasHashDestroy( void ); - -/* - * Revised, normalized method/dbtype registration routines - */ -NSAPI_PUBLIC extern int - ACL_MethodRegister(const char *name, ACLMethod_t *t); -NSAPI_PUBLIC extern int - ACL_MethodIsEqual(ACLMethod_t t1, ACLMethod_t t2); -NSAPI_PUBLIC extern int - ACL_MethodNameIsEqual(ACLMethod_t t, const char *name); -NSAPI_PUBLIC extern int - ACL_MethodFind(const char *name, ACLMethod_t *t); -NSAPI_PUBLIC extern ACLMethod_t - ACL_MethodGetDefault(); -NSAPI_PUBLIC extern void - ACL_MethodSetDefault(); -NSAPI_PUBLIC extern int - ACL_AuthInfoGetMethod(PList_t auth_info, ACLMethod_t *t); - -NSAPI_PUBLIC extern int - ACL_DbTypeRegister(const char *name, DbParseFn_t func, ACLDbType_t *t); -NSAPI_PUBLIC extern int - ACL_DbTypeIsEqual(ACLDbType_t t1, ACLDbType_t t2); -NSAPI_PUBLIC extern int - ACL_DbTypeNameIsEqual(ACLDbType_t t, const char *name); -NSAPI_PUBLIC extern int - ACL_DbTypeFind(const char *name, ACLDbType_t *t); -NSAPI_PUBLIC extern ACLDbType_t - ACL_DbTypeGetDefault(); -NSAPI_PUBLIC extern void - ACL_DbTypeSetDefault(); -NSAPI_PUBLIC extern int - ACL_AuthInfoGetDbType(PList_t auth_info, ACLDbType_t *t); - -NSAPI_PUBLIC extern int - ACL_RegisterGetter(AttrGetterFn fn, ACLMethod_t m, ACLDbType_t d, int - position, void *arg); - -NSPR_END_EXTERN_C - -#endif diff --git a/lib/libaccess/userauth.cpp b/lib/libaccess/userauth.cpp deleted file mode 100644 index 00a95e84..00000000 --- a/lib/libaccess/userauth.cpp +++ /dev/null @@ -1,12 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -/* userauth.c - * This file contain code to authenticate user. - */ - - - diff --git a/lib/libaccess/utest.mk b/lib/libaccess/utest.mk deleted file mode 100644 index 69f25b4e..00000000 --- a/lib/libaccess/utest.mk +++ /dev/null @@ -1,61 +0,0 @@ -# -# BEGIN COPYRIGHT BLOCK -# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. -# Copyright (C) 2005 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK -# - -#CFLAGS = -g -DDEBUG -I. -CFLAGS = -g -I. -I../../../include $(TESTFLAGS) -#LEX = flex -CC=gcc - -HEAD = aclparse.h acltools.h lparse.h acl.h acleval.h lasdns.h lasip.h mthash.h stubs.h aclscan.h acl.tab.h -XSRC = aclparse.y aclscan.l -CSRC = acleval.c aclutil.c lasdns.c lasip.c lastod.c mthash.c testmain.c acltools.c space.c acl.tab.c acl.yy.c -SRC = $(HEAD) $(XSRC) $(CSRC) - -XOBJ = acl.tab.o acl.yy.o testmain.o acltools.o -COBJ = $(CSRC:%.c=%.o) -OBJ = $(XOBJ) $(COBJ) - -always: $(OBJ) - -acleval.o: stubs.h aclparse.h acl.h acleval.h mthash.h - -aclutil.o: acl.h aclparse.h - -lasdns.o: acl.h aclparse.h lasdns.h mthash.h - -lasip.o: acl.h aclparse.h lasip.h - -lastod.o: acl.h aclparse.h - -acltools.o: aclparse.h aclscan.h lparse.h aclparse.y - -testmain.o: aclparse.h acltools.h - -acl.yy.o: acl.yy.c acl.tab.h - -acl.yy.o acl.tab.o acltools.o: aclparse.h acltools.h lparse.h - -yacc: aclparse.y - $(YACC) -dv aclparse.y - mv y.tab.h acl.tab.h - mv y.tab.c acl.tab.c -#sed -f yy-sed y.tab.h > acl.tab.h -#sed -f yy-sed y.tab.c > acl.tab.c - -# Should only run this on an SGI, where flex() is present -flex: aclscan.l - $(LEX) aclscan.l - mv lex.yy.c acl.yy.c -#sed -f yy-sed lex.yy.c > acl.yy.c - -clean: - rm -f aclparse aclparse.pure y.output acl.tab.c acl.tab.h acl.yy.c lex.yy.c y.tab.c y.tab.h aclparse.c $(OBJ) - -# Check it out from the RCS directory -$(SRC): RCS/$$@,v - co $@ diff --git a/lib/libaccess/winnt.l b/lib/libaccess/winnt.l deleted file mode 100644 index 38fc4594..00000000 --- a/lib/libaccess/winnt.l +++ /dev/null @@ -1,762 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ -#include <stdio.h> -# define U(x) x -# define NLSTATE yyprevious=YYNEWLINE -# define BEGIN yybgin = yysvec + 1 + -# define INITIAL 0 -# define YYLERR yysvec -# define YYSTATE (yyestate-yysvec-1) -# define YYOPTIM 1 -# define YYLMAX BUFSIZ -#ifndef __cplusplus -# define output(c) (void)putc(c,yyout) -#else -# define lex_output(c) (void)putc(c,yyout) -#endif - -#if defined(__cplusplus) || defined(__STDC__) - -#if defined(__cplusplus) && defined(__EXTERN_C__) -extern "C" { -#endif - int yyback(int *, int); - int yyinput(void); - int yylook(void); - void yyoutput(int); - int yyracc(int); - int yyreject(void); - void yyunput(int); - int yylex(void); -#ifdef YYLEX_E - void yywoutput(wchar_t); - wchar_t yywinput(void); -#endif -#ifndef yyless - void yyless(int); -#endif -#ifndef yywrap - int yywrap(void); -#endif -#ifdef LEXDEBUG - void allprint(char); - void sprint(char *); -#endif -#if defined(__cplusplus) && defined(__EXTERN_C__) -} -#endif - -#ifdef __cplusplus -extern "C" { -#endif - void exit(int); -#ifdef __cplusplus -} -#endif - -#endif -# define unput(c) {yytchar= (c);if(yytchar=='\n')yylineno--;*yysptr++=yytchar;} -# define yymore() (yymorfg=1) -#ifndef __cplusplus -# define input() (((yytchar=yysptr>yysbuf?U(*--yysptr):getc(yyin))==10?(yylineno++,yytchar):yytchar)==EOF?0:yytchar) -#else -# define lex_input() (((yytchar=yysptr>yysbuf?U(*--yysptr):getc(yyin))==10?(yylineno++,yytchar):yytchar)==EOF?0:yytchar) -#endif -#define ECHO fprintf(yyout, "%s",yytext) -# define REJECT { nstr = yyreject(); goto yyfussy;} -int yyleng; extern char yytext[]; -int yymorfg; -extern char *yysptr, yysbuf[]; -int yytchar; -FILE *yyin = NULL, *yyout = NULL; -extern int yylineno; -struct yysvf { - struct yywork *yystoff; - struct yysvf *yyother; - int *yystops;}; -struct yysvf *yyestate; -extern struct yysvf yysvec[], *yybgin; - -#include <stdio.h> -#include <ctype.h> -#include <string.h> -#include <stdlib.h> -#include "y.tab.h" -#include "libaccess/ava.h" -/*#include "netsite.h" */ - -int linenum = 1; -int first_time = 1; -int old_state; -int num_nested_comments = 0; - -extern AVAEntry tempEntry; -extern AVATable entryTable; - -void strip_quotes(void); - -# define COMMENT 2 -# define NORM 4 -# define DEFINES 6 -# define DEF_TYPE 8 -# define YYNEWLINE 10 -yylex(){ -int nstr; extern int yyprevious; - - if (yyin == NULL) yyin = stdin; - if (yyout == NULL) yyout = stdout; - if (first_time) { - BEGIN NORM; - first_time = tempEntry.numOrgs = 0; - old_state = NORM; - tempEntry.userid = 0; - tempEntry.country = 0; - tempEntry.CNEntry = 0; - tempEntry.email = 0; - tempEntry.locality = 0; - tempEntry.state = 0; - entryTable.numEntries = 0; - } -#ifdef __cplusplus -/* to avoid CC and lint complaining yyfussy not being used ...*/ -static int __lex_hack = 0; -if (__lex_hack) goto yyfussy; -#endif -while((nstr = yylook()) >= 0) -yyfussy: switch(nstr){ -case 0: -if(yywrap()) return(0); break; -case 1: - -# line 58 "avascan.l" - {BEGIN COMMENT; num_nested_comments++;} -break; -case 2: - -# line 59 "avascan.l" - {num_nested_comments--; - if (!num_nested_comments) BEGIN old_state;} -break; -case 3: - -# line 61 "avascan.l" - {;} -break; -case 4: - -# line 63 "avascan.l" - {yylval.string = system_strdup(yytext); - return USER_ID;} -break; -case 5: - -# line 65 "avascan.l" -{BEGIN DEF_TYPE; - old_state = DEF_TYPE;} -break; -case 6: - -# line 68 "avascan.l" - {BEGIN DEFINES; old_state = DEFINES; - return DEF_C; } -break; -case 7: - -# line 70 "avascan.l" - {BEGIN DEFINES; old_state = DEFINES; - return DEF_CO;} -break; -case 8: - -# line 72 "avascan.l" - {BEGIN DEFINES; old_state = DEFINES; - return DEF_OU;} -break; -case 9: - -# line 74 "avascan.l" - {BEGIN DEFINES; old_state = DEFINES; - return DEF_CN;} -break; -case 10: - -# line 76 "avascan.l" - {BEGIN DEFINES; old_state = DEFINES; - return DEF_L;} -break; -case 11: - -# line 78 "avascan.l" - {BEGIN DEFINES; old_state = DEFINES; - return DEF_E;} -break; -case 12: - -# line 80 "avascan.l" - {BEGIN DEFINES; old_state = DEFINES; - return DEF_ST;} -break; -case 13: - -# line 82 "avascan.l" - {BEGIN NORM;old_state = NORM;} -break; -case 14: - -# line 84 "avascan.l" - {return EQ_SIGN;} -break; -case 15: - -# line 85 "avascan.l" - {BEGIN DEF_TYPE; old_state = DEF_TYPE; - strip_quotes(); - return DEF_ID;} -break; -case 16: - -# line 89 "avascan.l" - {;} -break; -case 17: - -# line 90 "avascan.l" - {linenum++;} -break; -case 18: - -# line 91 "avascan.l" - {yyerror("Bad input character");} -break; -case -1: -break; -default: -(void)fprintf(yyout,"bad switch yylook %d",nstr); -} return(0); } -/* end of yylex */ - -int yywrap () { - return 1; -} - -void strip_quotes(void) { - yytext[strlen(yytext)-1]= '\0'; - yylval.string = system_strdup(&yytext[1]); -} -int yyvstop[] = { -0, - -16, -0, - -16, -0, - -16, -0, - -16, -0, - -16, -0, - -16, -0, - -16, -0, - -16, -0, - -16, -0, - -16, -0, - -18, -0, - -16, -18, -0, - -17, -0, - -18, -0, - -3, -18, -0, - -3, -16, -18, -0, - -3, -18, -0, - -3, -18, -0, - -4, -18, -0, - -18, -0, - -18, -0, - -14, -18, -0, - -6, -18, -0, - -11, -18, -0, - -10, -18, -0, - -7, -18, -0, - -18, -0, - -13, -18, -0, - -16, -0, - -1, -0, - -2, -0, - -4, -0, - -5, -0, - -15, -0, - -9, -0, - -8, -0, - -12, -0, -0}; -# define YYTYPE unsigned char -struct yywork { YYTYPE verify, advance; } yycrank[] = { -0,0, 0,0, 1,11, 0,0, -0,0, 0,0, 0,0, 0,0, -0,0, 0,0, 1,12, 1,13, -0,0, 3,15, 12,29, 0,0, -20,33, 0,0, 0,0, 0,0, -0,0, 3,16, 3,13, 0,0, -0,0, 0,0, 0,0, 0,0, -0,0, 0,0, 0,0, 0,0, -0,0, 9,11, 0,0, 1,11, -0,0, 12,29, 7,21, 20,33, -8,21, 9,12, 9,13, 14,30, -0,0, 1,11, 3,15, 4,17, -1,14, 1,11, 2,14, 7,14, -4,18, 8,14, 3,17, 5,19, -3,15, 17,31, 5,14, 3,18, -3,15, 6,19, 10,14, 21,35, -6,14, 7,22, 9,11, 8,22, -0,0, 5,20, 0,0, 21,35, -21,35, 0,0, 0,0, 6,20, -9,11, 0,0, 0,0, 9,14, -9,11, 23,37, 10,23, 0,0, -10,24, 27,39, 26,38, 0,0, -0,0, 0,0, 0,0, 10,25, -0,0, 0,0, 10,26, 0,0, -21,36, 0,0, 10,27, 9,23, -0,0, 9,24, 0,0, 0,0, -0,0, 0,0, 21,35, 0,0, -9,25, 0,0, 21,35, 9,26, -0,0, 0,0, 0,0, 9,27, -0,0, 0,0, 0,0, 0,0, -0,0, 0,0, 0,0, 0,0, -0,0, 0,0, 0,0, 0,0, -0,0, 0,0, 20,34, 0,0, -0,0, 0,0, 0,0, 0,0, -0,0, 19,32, 0,0, 0,0, -10,28, 19,32, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -19,32, 19,32, 19,32, 0,0, -0,0, 0,0, 0,0, 0,0, -0,0, 9,28, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -0,0, 0,0, 0,0, 0,0, -19,32, 0,0, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -19,32, 19,32, 19,32, 19,32, -0,0}; -struct yysvf yysvec[] = { -0, 0, 0, -yycrank+-1, 0, yyvstop+1, -yycrank+-3, yysvec+1, yyvstop+3, -yycrank+-12, 0, yyvstop+5, -yycrank+-5, yysvec+3, yyvstop+7, -yycrank+-11, yysvec+1, yyvstop+9, -yycrank+-17, yysvec+1, yyvstop+11, -yycrank+-4, yysvec+1, yyvstop+13, -yycrank+-6, yysvec+1, yyvstop+15, -yycrank+-32, 0, yyvstop+17, -yycrank+-15, yysvec+9, yyvstop+19, -yycrank+0, 0, yyvstop+21, -yycrank+5, 0, yyvstop+23, -yycrank+0, 0, yyvstop+26, -yycrank+1, 0, yyvstop+28, -yycrank+0, 0, yyvstop+30, -yycrank+0, yysvec+12, yyvstop+33, -yycrank+10, 0, yyvstop+37, -yycrank+0, yysvec+14, yyvstop+40, -yycrank+93, 0, yyvstop+43, -yycrank+7, 0, yyvstop+46, -yycrank+-62, 0, yyvstop+48, -yycrank+0, 0, yyvstop+50, -yycrank+3, 0, yyvstop+53, -yycrank+0, 0, yyvstop+56, -yycrank+0, 0, yyvstop+59, -yycrank+1, 0, yyvstop+62, -yycrank+1, 0, yyvstop+65, -yycrank+0, 0, yyvstop+67, -yycrank+0, yysvec+12, yyvstop+70, -yycrank+0, 0, yyvstop+72, -yycrank+0, 0, yyvstop+74, -yycrank+0, yysvec+19, yyvstop+76, -yycrank+0, yysvec+20, 0, -yycrank+0, 0, yyvstop+78, -yycrank+0, yysvec+21, 0, -yycrank+0, 0, yyvstop+80, -yycrank+0, 0, yyvstop+82, -yycrank+0, 0, yyvstop+84, -yycrank+0, 0, yyvstop+86, -0, 0, 0}; -struct yywork *yytop = yycrank+215; -struct yysvf *yybgin = yysvec+1; -char yymatch[] = { - 0, 1, 1, 1, 1, 1, 1, 1, - 1, 9, 10, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 9, 1, 34, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 44, 1, 1, 1, - 48, 48, 48, 48, 48, 48, 48, 48, - 48, 48, 1, 1, 1, 1, 1, 1, - 1, 44, 44, 44, 44, 44, 44, 44, - 44, 44, 44, 44, 44, 44, 44, 44, - 44, 44, 44, 44, 44, 44, 44, 44, - 44, 44, 44, 1, 1, 1, 1, 44, - 1, 44, 44, 44, 44, 44, 44, 44, - 44, 44, 44, 44, 44, 44, 44, 44, - 44, 44, 44, 44, 44, 44, 44, 44, - 44, 44, 44, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, -0}; -char yyextra[] = { -0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0, -0,0,0,0,0,0,0,0, -0}; -/* Copyright (c) 1989 AT&T */ -/* All Rights Reserved */ - -/* THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T */ -/* The copyright notice above does not evidence any */ -/* actual or intended publication of such source code. */ - -#pragma ident "@(#)ncform 6.7 93/06/07 SMI" - -int yylineno =1; -# define YYU(x) x -# define NLSTATE yyprevious=YYNEWLINE -char yytext[YYLMAX]; -struct yysvf *yylstate [YYLMAX], **yylsp, **yyolsp; -char yysbuf[YYLMAX]; -char *yysptr = yysbuf; -int *yyfnd; -extern struct yysvf *yyestate; -int yyprevious = YYNEWLINE; -#if defined(__cplusplus) || defined(__STDC__) -int yylook(void) -#else -yylook() -#endif -{ - register struct yysvf *yystate, **lsp; - register struct yywork *yyt; - struct yysvf *yyz; - int yych, yyfirst; - struct yywork *yyr; -# ifdef LEXDEBUG - int debug; -# endif - char *yylastch; - /* start off machines */ -# ifdef LEXDEBUG - debug = 0; -# endif - yyfirst=1; - if (!yymorfg) - yylastch = yytext; - else { - yymorfg=0; - yylastch = yytext+yyleng; - } - for(;;){ - lsp = yylstate; - yyestate = yystate = yybgin; - if (yyprevious==YYNEWLINE) yystate++; - for (;;){ -# ifdef LEXDEBUG - if(debug)fprintf(yyout,"state %d\n",yystate-yysvec-1); -# endif - yyt = yystate->yystoff; - if(yyt == yycrank && !yyfirst){ /* may not be any transitions */ - yyz = yystate->yyother; - if(yyz == 0)break; - if(yyz->yystoff == yycrank)break; - } -#ifndef __cplusplus - *yylastch++ = yych = input(); -#else - *yylastch++ = yych = lex_input(); -#endif - if(yylastch > &yytext[YYLMAX]) { - fprintf(yyout,"Input string too long, limit %d\n",YYLMAX); - exit(1); - } - yyfirst=0; - tryagain: -# ifdef LEXDEBUG - if(debug){ - fprintf(yyout,"char "); - allprint(yych); - putchar('\n'); - } -# endif - yyr = yyt; - if ( (int)yyt > (int)yycrank){ - yyt = yyr + yych; - if (yyt <= yytop && yyt->verify+yysvec == yystate){ - if(yyt->advance+yysvec == YYLERR) /* error transitions */ - {unput(*--yylastch);break;} - *lsp++ = yystate = yyt->advance+yysvec; - if(lsp > &yylstate[YYLMAX]) { - fprintf(yyout,"Input string too long, limit %d\n",YYLMAX); - exit(1); - } - goto contin; - } - } -# ifdef YYOPTIM - else if((int)yyt < (int)yycrank) { /* r < yycrank */ - yyt = yyr = yycrank+(yycrank-yyt); -# ifdef LEXDEBUG - if(debug)fprintf(yyout,"compressed state\n"); -# endif - yyt = yyt + yych; - if(yyt <= yytop && yyt->verify+yysvec == yystate){ - if(yyt->advance+yysvec == YYLERR) /* error transitions */ - {unput(*--yylastch);break;} - *lsp++ = yystate = yyt->advance+yysvec; - if(lsp > &yylstate[YYLMAX]) { - fprintf(yyout,"Input string too long, limit %d\n",YYLMAX); - exit(1); - } - goto contin; - } - yyt = yyr + YYU(yymatch[yych]); -# ifdef LEXDEBUG - if(debug){ - fprintf(yyout,"try fall back character "); - allprint(YYU(yymatch[yych])); - putchar('\n'); - } -# endif - if(yyt <= yytop && yyt->verify+yysvec == yystate){ - if(yyt->advance+yysvec == YYLERR) /* error transition */ - {unput(*--yylastch);break;} - *lsp++ = yystate = yyt->advance+yysvec; - if(lsp > &yylstate[YYLMAX]) { - fprintf(yyout,"Input string too long, limit %d\n",YYLMAX); - exit(1); - } - goto contin; - } - } - if ((yystate = yystate->yyother) && (yyt= yystate->yystoff) != yycrank){ -# ifdef LEXDEBUG - if(debug)fprintf(yyout,"fall back to state %d\n",yystate-yysvec-1); -# endif - goto tryagain; - } -# endif - else - {unput(*--yylastch);break;} - contin: -# ifdef LEXDEBUG - if(debug){ - fprintf(yyout,"state %d char ",yystate-yysvec-1); - allprint(yych); - putchar('\n'); - } -# endif - ; - } -# ifdef LEXDEBUG - if(debug){ - fprintf(yyout,"stopped at %d with ",*(lsp-1)-yysvec-1); - allprint(yych); - putchar('\n'); - } -# endif - while (lsp-- > yylstate){ - *yylastch-- = 0; - if (*lsp != 0 && (yyfnd= (*lsp)->yystops) && *yyfnd > 0){ - yyolsp = lsp; - if(yyextra[*yyfnd]){ /* must backup */ - while(yyback((*lsp)->yystops,-*yyfnd) != 1 && lsp > yylstate){ - lsp--; - unput(*yylastch--); - } - } - yyprevious = YYU(*yylastch); - yylsp = lsp; - yyleng = yylastch-yytext+1; - yytext[yyleng] = 0; -# ifdef LEXDEBUG - if(debug){ - fprintf(yyout,"\nmatch "); - sprint(yytext); - fprintf(yyout," action %d\n",*yyfnd); - } -# endif - return(*yyfnd++); - } - unput(*yylastch); - } - if (yytext[0] == 0 /* && feof(yyin) */) - { - yysptr=yysbuf; - return(0); - } -#ifndef __cplusplus - yyprevious = yytext[0] = input(); - if (yyprevious>0) - output(yyprevious); -#else - yyprevious = yytext[0] = lex_input(); - if (yyprevious>0) - lex_output(yyprevious); -#endif - yylastch=yytext; -# ifdef LEXDEBUG - if(debug)putchar('\n'); -# endif - } - } -#if defined(__cplusplus) || defined(__STDC__) -int yyback(int *p, int m) -#else -yyback(p, m) - int *p; -#endif -{ - if (p==0) return(0); - while (*p) { - if (*p++ == m) - return(1); - } - return(0); -} - /* the following are only used in the lex library */ -#if defined(__cplusplus) || defined(__STDC__) -int yyinput(void) -#else -yyinput() -#endif -{ -#ifndef __cplusplus - return(input()); -#else - return(lex_input()); -#endif - } -#if defined(__cplusplus) || defined(__STDC__) -void yyoutput(int c) -#else -yyoutput(c) - int c; -#endif -{ -#ifndef __cplusplus - output(c); -#else - lex_output(c); -#endif - } -#if defined(__cplusplus) || defined(__STDC__) -void yyunput(int c) -#else -yyunput(c) - int c; -#endif -{ - unput(c); - } diff --git a/lib/libaccess/winnt.v b/lib/libaccess/winnt.v deleted file mode 100644 index 9fea3453..00000000 --- a/lib/libaccess/winnt.v +++ /dev/null @@ -1,156 +0,0 @@ -/* Copyright (c) 1988 AT&T */
-/* All Rights Reserved */
-
-/* THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T */
-/* The copyright notice above does not evidence any */
-/* actual or intended publication of such source code. */
-
-#ifndef _VALUES_H
-#define _VALUES_H
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * These values work with any binary representation of integers
- * where the high-order bit contains the sign.
- */
-
-/* a number used normally for size of a shift */
-#define BITSPERBYTE 8
-
-#define BITS(type) (BITSPERBYTE * (int)sizeof (type))
-
-/* short, regular and long ints with only the high-order bit turned on */
-#define HIBITS ((short)(1 << BITS(short) - 1))
-
-#if defined(__STDC__)
-
-#define HIBITI (1U << BITS(int) - 1)
-#define HIBITL (1UL << BITS(long) - 1)
-
-#else
-
-#define HIBITI ((unsigned)1 << BITS(int) - 1)
-#define HIBITL (1L << BITS(long) - 1)
-
-#endif
-
-/* largest short, regular and long int */
-#define MAXSHORT ((short)~HIBITS)
-#define MAXINT ((int)(~HIBITI))
-#define MAXLONG ((long)(~HIBITL))
-
-/*
- * various values that describe the binary floating-point representation
- * _EXPBASE - the exponent base
- * DMAXEXP - the maximum exponent of a double (as returned by frexp())
- * FMAXEXP - the maximum exponent of a float (as returned by frexp())
- * DMINEXP - the minimum exponent of a double (as returned by frexp())
- * FMINEXP - the minimum exponent of a float (as returned by frexp())
- * MAXDOUBLE - the largest double
- * ((_EXPBASE ** DMAXEXP) * (1 - (_EXPBASE ** -DSIGNIF)))
- * MAXFLOAT - the largest float
- * ((_EXPBASE ** FMAXEXP) * (1 - (_EXPBASE ** -FSIGNIF)))
- * MINDOUBLE - the smallest double (_EXPBASE ** (DMINEXP - 1))
- * MINFLOAT - the smallest float (_EXPBASE ** (FMINEXP - 1))
- * DSIGNIF - the number of significant bits in a double
- * FSIGNIF - the number of significant bits in a float
- * DMAXPOWTWO - the largest power of two exactly representable as a double
- * FMAXPOWTWO - the largest power of two exactly representable as a float
- * _IEEE - 1 if IEEE standard representation is used
- * _DEXPLEN - the number of bits for the exponent of a double
- * _FEXPLEN - the number of bits for the exponent of a float
- * _HIDDENBIT - 1 if high-significance bit of mantissa is implicit
- * LN_MAXDOUBLE - the natural log of the largest double -- log(MAXDOUBLE)
- * LN_MINDOUBLE - the natural log of the smallest double -- log(MINDOUBLE)
- * LN_MAXFLOAT - the natural log of the largest float -- log(MAXFLOAT)
- * LN_MINFLOAT - the natural log of the smallest float -- log(MINFLOAT)
- */
-
-#if defined(__STDC__)
-
-/*
- * Note that the following construct, "!#machine(name)", is a non-standard
- * extension to ANSI-C. It is maintained here to provide compatibility
- * for existing compilations systems, but should be viewed as transitional
- * and may be removed in a future release. If it is required that this
- * file not contain this extension, edit this file to remove the offending
- * condition.
- *
- * These machines are all IEEE-754:
- */
-#if #machine(i386) || defined(__i386) || #machine(sparc) || defined(__sparc)
-#define MAXDOUBLE 1.79769313486231570e+308
-#define MAXFLOAT ((float)3.40282346638528860e+38)
-#define MINDOUBLE 4.94065645841246544e-324
-#define MINFLOAT ((float)1.40129846432481707e-45)
-#define _IEEE 1
-#define _DEXPLEN 11
-#define _HIDDENBIT 1
-#define _LENBASE 1
-#define DMINEXP (-(DMAXEXP + DSIGNIF - _HIDDENBIT - 3))
-#define FMINEXP (-(FMAXEXP + FSIGNIF - _HIDDENBIT - 3))
-#else
-#error ISA not supported
-#endif
-
-#else
-
-/*
- * These machines are all IEEE-754:
- */
-#if defined(i386) || defined(__i386) || defined(sparc) || defined(__sparc)
-#define MAXDOUBLE 1.79769313486231570e+308
-#define MAXFLOAT ((float)3.40282346638528860e+38)
-#define MINDOUBLE 4.94065645841246544e-324
-#define MINFLOAT ((float)1.40129846432481707e-45)
-#define _IEEE 1
-#define _DEXPLEN 11
-#define _HIDDENBIT 1
-#define _LENBASE 1
-#define DMINEXP (-(DMAXEXP + DSIGNIF - _HIDDENBIT - 3))
-#define FMINEXP (-(FMAXEXP + FSIGNIF - _HIDDENBIT - 3))
-#else
-/* #error is strictly ansi-C, but works as well as anything for K&R systems. */
-/*#error ISA not supported */
-#endif
-
-#endif /* __STDC__ */
-
-#define _EXPBASE (1 << _LENBASE)
-#define _FEXPLEN 8
-#define DSIGNIF (BITS(double) - _DEXPLEN + _HIDDENBIT - 1)
-#define FSIGNIF (BITS(float) - _FEXPLEN + _HIDDENBIT - 1)
-#define DMAXPOWTWO ((double)(1L << BITS(long) - 2) * \
- (1L << DSIGNIF - BITS(long) + 1))
-#define FMAXPOWTWO ((float)(1L << FSIGNIF - 1))
-#define DMAXEXP ((1 << _DEXPLEN - 1) - 1 + _IEEE)
-#define FMAXEXP ((1 << _FEXPLEN - 1) - 1 + _IEEE)
-#define LN_MAXDOUBLE (M_LN2 * DMAXEXP)
-#define LN_MAXFLOAT (float)(M_LN2 * FMAXEXP)
-#define LN_MINDOUBLE (M_LN2 * (DMINEXP - 1))
-#define LN_MINFLOAT (float)(M_LN2 * (FMINEXP - 1))
-#define H_PREC (DSIGNIF % 2 ? (1L << DSIGNIF/2) * M_SQRT2 : 1L << DSIGNIF/2)
-#define FH_PREC \
- (float)(FSIGNIF % 2 ? (1L << FSIGNIF/2) * M_SQRT2 : 1L << FSIGNIF/2)
-#define X_EPS (1.0/H_PREC)
-#define FX_EPS (float)((float)1.0/FH_PREC)
-#define X_PLOSS ((double)(long)(M_PI * H_PREC))
-#define FX_PLOSS ((float)(long)(M_PI * FH_PREC))
-#define X_TLOSS (M_PI * DMAXPOWTWO)
-#define FX_TLOSS (float)(M_PI * FMAXPOWTWO)
-#define M_LN2 0.69314718055994530942
-#define M_PI 3.14159265358979323846
-#define M_SQRT2 1.41421356237309504880
-#define MAXBEXP DMAXEXP /* for backward compatibility */
-#define MINBEXP DMINEXP /* for backward compatibility */
-#define MAXPOWTWO DMAXPOWTWO /* for backward compatibility */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _VALUES_H */
diff --git a/lib/libaccess/winnt.y b/lib/libaccess/winnt.y deleted file mode 100644 index f035570b..00000000 --- a/lib/libaccess/winnt.y +++ /dev/null @@ -1,793 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - - -#include <stdio.h> -#include <ctype.h> -#include <string.h> -#include "libaccess/ava.h" -/*#include "libaccess/avapfile.h" */ -/* #include "netsite.h" */ - -extern char *currFile; - -extern int linenum; -extern char yytext[]; - -static void AddDefType (int defType, char *defId); -static void AddAVA (char* userID); - -void yyerror(const char* string); -extern void logerror(const char* string,int num, char *file); - -AVAEntry tempEntry; -AVATable entryTable; - - -typedef union -#ifdef __cplusplus - YYSTYPE -#endif - { - char *string; - int num; -} YYSTYPE; -# define DEF_C 257 -# define DEF_CO 258 -# define DEF_OU 259 -# define DEF_CN 260 -# define EQ_SIGN 261 -# define DEF_START 262 -# define DEF_L 263 -# define DEF_E 264 -# define DEF_ST 265 -# define USER_ID 266 -# define DEF_ID 267 - -#ifdef __STDC__ -#include <stdlib.h> -#include <string.h> -#else -#include <malloc.h> -#include <memory.h> -#endif - -#include <values.h> - -#ifdef __cplusplus - -#ifndef yyerror - void yyerror(const char *); -#endif - -#ifndef yylex -#ifdef __EXTERN_C__ - extern "C" { int yylex(void); } -#else - int yylex(void); -#endif -#endif - int yyparse(void); - -#endif -#define yyclearin yychar = -1 -#define yyerrok yyerrflag = 0 -extern int yychar; -extern int yyerrflag; -YYSTYPE yylval; -YYSTYPE yyval; -typedef int yytabelem; -#ifndef YYMAXDEPTH -#define YYMAXDEPTH 150 -#endif -#if YYMAXDEPTH > 0 -int yy_yys[YYMAXDEPTH], *yys = yy_yys; -YYSTYPE yy_yyv[YYMAXDEPTH], *yyv = yy_yyv; -#else /* user does initial allocation */ -int *yys; -YYSTYPE *yyv; -#endif -static int yymaxdepth = YYMAXDEPTH; -# define YYERRCODE 256 - - - -void yyerror(const char* string) { - logerror(string,linenum,currFile); -} - - -void AddDefType (int defType, char *defId) { - switch (defType) { - case DEF_C: - tempEntry.country = defId; - break; - case DEF_CO: - tempEntry.company = defId; - break; - case DEF_OU: - if (tempEntry.numOrgs % ORGS_ALLOCSIZE == 0) { - if (tempEntry.numOrgs == 0) { - tempEntry.organizations = - system_malloc_perm (sizeof (char*) * ORGS_ALLOCSIZE); - } else { - char **temp; - temp = - system_malloc_perm(sizeof(char*) * (tempEntry.numOrgs + ORGS_ALLOCSIZE)); - memcpy (temp, tempEntry.organizations, - sizeof(char*)*tempEntry.numOrgs); - system_free_perm(tempEntry.organizations); - tempEntry.organizations = temp; - } - } - tempEntry.organizations[tempEntry.numOrgs++] = defId; - break; - case DEF_CN: - tempEntry.CNEntry = defId; - break; - case DEF_E: - tempEntry.email = defId; - break; - case DEF_L: - tempEntry.locality = defId; - break; - case DEF_ST: - tempEntry.state = defId; - break; - default: - break; - } -} - -void AddAVA (char* userID) { - AVAEntry *newAVA; - - newAVA = (AVAEntry*)system_malloc_perm(sizeof(AVAEntry)); - if (!newAVA) { - yyerror ("Out of Memory in AddAVA"); - return; - } - *newAVA = tempEntry; - newAVA->userid = userID; - - _addAVAtoTable (newAVA, &entryTable); - - tempEntry.CNEntry = tempEntry.userid = tempEntry.country = tempEntry.company = 0; - tempEntry.email = tempEntry.locality = tempEntry.state = NULL; - tempEntry.numOrgs = 0; -} -yytabelem yyexca[] ={ --1, 1, - 0, -1, - -2, 0, - }; -# define YYNPROD 18 -# define YYLAST 19 -yytabelem yyact[]={ - - 10, 11, 12, 13, 19, 4, 14, 15, 16, 18, - 8, 3, 7, 6, 5, 2, 1, 9, 17 }; -yytabelem yypact[]={ - - -261,-10000000, -261,-10000000, -257,-10000000,-10000000, -257,-10000000, -252, --10000000,-10000000,-10000000,-10000000,-10000000,-10000000,-10000000,-10000000, -263,-10000000 }; -yytabelem yypgo[]={ - - 0, 17, 16, 15, 11, 13, 12, 10 }; -yytabelem yyr1[]={ - - 0, 2, 2, 3, 3, 4, 5, 5, 6, 6, - 7, 1, 1, 1, 1, 1, 1, 1 }; -yytabelem yyr2[]={ - - 0, 2, 0, 4, 2, 5, 2, 0, 4, 2, - 7, 3, 3, 3, 3, 3, 3, 3 }; -yytabelem yychk[]={ - --10000000, -2, -3, -4, 266, -4, -5, -6, -7, -1, - 257, 258, 259, 260, 263, 264, 265, -7, 261, 267 }; -yytabelem yydef[]={ - - 2, -2, 1, 4, 7, 3, 5, 6, 9, 0, - 11, 12, 13, 14, 15, 16, 17, 8, 0, 10 }; -typedef struct -#ifdef __cplusplus - yytoktype -#endif -{ char *t_name; int t_val; } yytoktype; -#ifndef YYDEBUG -# define YYDEBUG 0 /* don't allow debugging */ -#endif - -#if YYDEBUG - -yytoktype yytoks[] = -{ - "DEF_C", 257, - "DEF_CO", 258, - "DEF_OU", 259, - "DEF_CN", 260, - "EQ_SIGN", 261, - "DEF_START", 262, - "DEF_L", 263, - "DEF_E", 264, - "DEF_ST", 265, - "USER_ID", 266, - "DEF_ID", 267, - "-unknown-", -1 /* ends search */ -}; - -char * yyreds[] = -{ - "-no such reduction-", - "source : ava.database", - "source : /* empty */", - "ava.database : ava.database ava", - "ava.database : ava", - "ava : USER_ID definitions", - "definitions : definition.list", - "definitions : /* empty */", - "definition.list : definition.list definition", - "definition.list : definition", - "definition : def.type EQ_SIGN DEF_ID", - "def.type : DEF_C", - "def.type : DEF_CO", - "def.type : DEF_OU", - "def.type : DEF_CN", - "def.type : DEF_L", - "def.type : DEF_E", - "def.type : DEF_ST", -}; -#endif /* YYDEBUG */ - - -/* -** Skeleton parser driver for yacc output -*/ - -/* -** yacc user known macros and defines -*/ -#define YYERROR goto yyerrlab -#define YYACCEPT return(0) -#define YYABORT return(1) -#define YYBACKUP( newtoken, newvalue )\ -{\ - if ( yychar >= 0 || ( yyr2[ yytmp ] >> 1 ) != 1 )\ - {\ - yyerror( "syntax error - cannot backup" );\ - goto yyerrlab;\ - }\ - yychar = newtoken;\ - yystate = *yyps;\ - yylval = newvalue;\ - goto yynewstate;\ -} -#define YYRECOVERING() (!!yyerrflag) -#define YYNEW(type) system_malloc(sizeof(type) * yynewmax) -#define YYCOPY(to, from, type) \ - (type *) memcpy(to, (char *) from, yynewmax * sizeof(type)) -#define YYENLARGE( from, type) \ - (type *) system_realloc((char *) from, yynewmax * sizeof(type)) -#ifndef YYDEBUG -# define YYDEBUG 1 /* make debugging available */ -#endif - -/* -** user known globals -*/ -int yydebug; /* set to 1 to get debugging */ - -/* -** driver internal defines -*/ -#define YYFLAG (-10000000) - -/* -** global variables used by the parser -*/ -YYSTYPE *yypv; /* top of value stack */ -int *yyps; /* top of state stack */ - -int yystate; /* current state */ -int yytmp; /* extra var (lasts between blocks) */ - -int yynerrs; /* number of errors */ -int yyerrflag; /* error recovery flag */ -int yychar; /* current input token number */ - - - -#ifdef YYNMBCHARS -#define YYLEX() yycvtok(yylex()) -/* -** yycvtok - return a token if i is a wchar_t value that exceeds 255. -** If i<255, i itself is the token. If i>255 but the neither -** of the 30th or 31st bit is on, i is already a token. -*/ -#if defined(__STDC__) || defined(__cplusplus) -int yycvtok(int i) -#else -int yycvtok(i) int i; -#endif -{ - int first = 0; - int last = YYNMBCHARS - 1; - int mid; - wchar_t j; - - if(i&0x60000000){/*Must convert to a token. */ - if( yymbchars[last].character < i ){ - return i;/*Giving up*/ - } - while ((last>=first)&&(first>=0)) {/*Binary search loop*/ - mid = (first+last)/2; - j = yymbchars[mid].character; - if( j==i ){/*Found*/ - return yymbchars[mid].tvalue; - }else if( j<i ){ - first = mid + 1; - }else{ - last = mid -1; - } - } - /*No entry in the table.*/ - return i;/* Giving up.*/ - }else{/* i is already a token. */ - return i; - } -} -#else/*!YYNMBCHARS*/ -#define YYLEX() yylex() -#endif/*!YYNMBCHARS*/ - -/* -** yyparse - return 0 if worked, 1 if syntax error not recovered from -*/ -#if defined(__STDC__) || defined(__cplusplus) -int yyparse(void) -#else -int yyparse() -#endif -{ - register YYSTYPE *yypvt; /* top of value stack for $vars */ - -#if defined(__cplusplus) || defined(lint) -/* - hacks to please C++ and lint - goto's inside switch should never be - executed; yypvt is set to 0 to avoid "used before set" warning. -*/ - static int __yaccpar_lint_hack__ = 0; - switch (__yaccpar_lint_hack__) - { - case 1: goto yyerrlab; - case 2: goto yynewstate; - } - yypvt = 0; -#endif - - /* - ** Initialize externals - yyparse may be called more than once - */ - yypv = &yyv[-1]; - yyps = &yys[-1]; - yystate = 0; - yytmp = 0; - yynerrs = 0; - yyerrflag = 0; - yychar = -1; - -#if YYMAXDEPTH <= 0 - if (yymaxdepth <= 0) - { - if ((yymaxdepth = YYEXPAND(0)) <= 0) - { - yyerror("yacc initialization error"); - YYABORT; - } - } -#endif - - { - register YYSTYPE *yy_pv; /* top of value stack */ - register int *yy_ps; /* top of state stack */ - register int yy_state; /* current state */ - register int yy_n; /* internal state number info */ - goto yystack; /* moved from 6 lines above to here to please C++ */ - - /* - ** get globals into registers. - ** branch to here only if YYBACKUP was called. - */ - yynewstate: - yy_pv = yypv; - yy_ps = yyps; - yy_state = yystate; - goto yy_newstate; - - /* - ** get globals into registers. - ** either we just started, or we just finished a reduction - */ - yystack: - yy_pv = yypv; - yy_ps = yyps; - yy_state = yystate; - - /* - ** top of for (;;) loop while no reductions done - */ - yy_stack: - /* - ** put a state and value onto the stacks - */ -#if YYDEBUG - /* - ** if debugging, look up token value in list of value vs. - ** name pairs. 0 and negative (-1) are special values. - ** Note: linear search is used since time is not a real - ** consideration while debugging. - */ - if ( yydebug ) - { - register int yy_i; - - printf( "State %d, token ", yy_state ); - if ( yychar == 0 ) - printf( "end-of-file\n" ); - else if ( yychar < 0 ) - printf( "-none-\n" ); - else - { - for ( yy_i = 0; yytoks[yy_i].t_val >= 0; - yy_i++ ) - { - if ( yytoks[yy_i].t_val == yychar ) - break; - } - printf( "%s\n", yytoks[yy_i].t_name ); - } - } -#endif /* YYDEBUG */ - if ( ++yy_ps >= &yys[ yymaxdepth ] ) /* room on stack? */ - { - /* - ** reallocate and recover. Note that pointers - ** have to be reset, or bad things will happen - */ - int yyps_index = (yy_ps - yys); - int yypv_index = (yy_pv - yyv); - int yypvt_index = (yypvt - yyv); - int yynewmax; -#ifdef YYEXPAND - yynewmax = YYEXPAND(yymaxdepth); -#else - yynewmax = 2 * yymaxdepth; /* double table size */ - if (yymaxdepth == YYMAXDEPTH) /* first time growth */ - { - char *newyys = (char *)YYNEW(int); - char *newyyv = (char *)YYNEW(YYSTYPE); - if (newyys != 0 && newyyv != 0) - { - yys = YYCOPY(newyys, yys, int); - yyv = YYCOPY(newyyv, yyv, YYSTYPE); - } - else - yynewmax = 0; /* failed */ - } - else /* not first time */ - { - yys = YYENLARGE(yys, int); - yyv = YYENLARGE(yyv, YYSTYPE); - if (yys == 0 || yyv == 0) - yynewmax = 0; /* failed */ - } -#endif - if (yynewmax <= yymaxdepth) /* tables not expanded */ - { - yyerror( "yacc stack overflow" ); - YYABORT; - } - yymaxdepth = yynewmax; - - yy_ps = yys + yyps_index; - yy_pv = yyv + yypv_index; - yypvt = yyv + yypvt_index; - } - *yy_ps = yy_state; - *++yy_pv = yyval; - - /* - ** we have a new state - find out what to do - */ - yy_newstate: - if ( ( yy_n = yypact[ yy_state ] ) <= YYFLAG ) - goto yydefault; /* simple state */ -#if YYDEBUG - /* - ** if debugging, need to mark whether new token grabbed - */ - yytmp = yychar < 0; -#endif - if ( ( yychar < 0 ) && ( ( yychar = YYLEX() ) < 0 ) ) - yychar = 0; /* reached EOF */ -#if YYDEBUG - if ( yydebug && yytmp ) - { - register int yy_i; - - printf( "Received token " ); - if ( yychar == 0 ) - printf( "end-of-file\n" ); - else if ( yychar < 0 ) - printf( "-none-\n" ); - else - { - for ( yy_i = 0; yytoks[yy_i].t_val >= 0; - yy_i++ ) - { - if ( yytoks[yy_i].t_val == yychar ) - break; - } - printf( "%s\n", yytoks[yy_i].t_name ); - } - } -#endif /* YYDEBUG */ - if ( ( ( yy_n += yychar ) < 0 ) || ( yy_n >= YYLAST ) ) - goto yydefault; - if ( yychk[ yy_n = yyact[ yy_n ] ] == yychar ) /*valid shift*/ - { - yychar = -1; - yyval = yylval; - yy_state = yy_n; - if ( yyerrflag > 0 ) - yyerrflag--; - goto yy_stack; - } - - yydefault: - if ( ( yy_n = yydef[ yy_state ] ) == -2 ) - { -#if YYDEBUG - yytmp = yychar < 0; -#endif - if ( ( yychar < 0 ) && ( ( yychar = YYLEX() ) < 0 ) ) - yychar = 0; /* reached EOF */ -#if YYDEBUG - if ( yydebug && yytmp ) - { - register int yy_i; - - printf( "Received token " ); - if ( yychar == 0 ) - printf( "end-of-file\n" ); - else if ( yychar < 0 ) - printf( "-none-\n" ); - else - { - for ( yy_i = 0; - yytoks[yy_i].t_val >= 0; - yy_i++ ) - { - if ( yytoks[yy_i].t_val - == yychar ) - { - break; - } - } - printf( "%s\n", yytoks[yy_i].t_name ); - } - } -#endif /* YYDEBUG */ - /* - ** look through exception table - */ - { - register int *yyxi = yyexca; - - while ( ( *yyxi != -1 ) || - ( yyxi[1] != yy_state ) ) - { - yyxi += 2; - } - while ( ( *(yyxi += 2) >= 0 ) && - ( *yyxi != yychar ) ) - ; - if ( ( yy_n = yyxi[1] ) < 0 ) - YYACCEPT; - } - } - - /* - ** check for syntax error - */ - if ( yy_n == 0 ) /* have an error */ - { - /* no worry about speed here! */ - switch ( yyerrflag ) - { - case 0: /* new error */ - yyerror( "syntax error" ); - goto skip_init; - yyerrlab: - /* - ** get globals into registers. - ** we have a user generated syntax type error - */ - yy_pv = yypv; - yy_ps = yyps; - yy_state = yystate; - skip_init: - yynerrs++; - /* FALLTHRU */ - case 1: - case 2: /* incompletely recovered error */ - /* try again... */ - yyerrflag = 3; - /* - ** find state where "error" is a legal - ** shift action - */ - while ( yy_ps >= yys ) - { - yy_n = yypact[ *yy_ps ] + YYERRCODE; - if ( yy_n >= 0 && yy_n < YYLAST && - yychk[yyact[yy_n]] == YYERRCODE) { - /* - ** simulate shift of "error" - */ - yy_state = yyact[ yy_n ]; - goto yy_stack; - } - /* - ** current state has no shift on - ** "error", pop stack - */ -#if YYDEBUG -# define _POP_ "Error recovery pops state %d, uncovers state %d\n" - if ( yydebug ) - printf( _POP_, *yy_ps, - yy_ps[-1] ); -# undef _POP_ -#endif - yy_ps--; - yy_pv--; - } - /* - ** there is no state on stack with "error" as - ** a valid shift. give up. - */ - YYABORT; - case 3: /* no shift yet; eat a token */ -#if YYDEBUG - /* - ** if debugging, look up token in list of - ** pairs. 0 and negative shouldn't occur, - ** but since timing doesn't matter when - ** debugging, it doesn't hurt to leave the - ** tests here. - */ - if ( yydebug ) - { - register int yy_i; - - printf( "Error recovery discards " ); - if ( yychar == 0 ) - printf( "token end-of-file\n" ); - else if ( yychar < 0 ) - printf( "token -none-\n" ); - else - { - for ( yy_i = 0; - yytoks[yy_i].t_val >= 0; - yy_i++ ) - { - if ( yytoks[yy_i].t_val - == yychar ) - { - break; - } - } - printf( "token %s\n", - yytoks[yy_i].t_name ); - } - } -#endif /* YYDEBUG */ - if ( yychar == 0 ) /* reached EOF. quit */ - YYABORT; - yychar = -1; - goto yy_newstate; - } - }/* end if ( yy_n == 0 ) */ - /* - ** reduction by production yy_n - ** put stack tops, etc. so things right after switch - */ -#if YYDEBUG - /* - ** if debugging, print the string that is the user's - ** specification of the reduction which is just about - ** to be done. - */ - if ( yydebug ) - printf( "Reduce by (%d) \"%s\"\n", - yy_n, yyreds[ yy_n ] ); -#endif - yytmp = yy_n; /* value to switch over */ - yypvt = yy_pv; /* $vars top of value stack */ - /* - ** Look in goto table for next state - ** Sorry about using yy_state here as temporary - ** register variable, but why not, if it works... - ** If yyr2[ yy_n ] doesn't have the low order bit - ** set, then there is no action to be done for - ** this reduction. So, no saving & unsaving of - ** registers done. The only difference between the - ** code just after the if and the body of the if is - ** the goto yy_stack in the body. This way the test - ** can be made before the choice of what to do is needed. - */ - { - /* length of production doubled with extra bit */ - register int yy_len = yyr2[ yy_n ]; - - if ( !( yy_len & 01 ) ) - { - yy_len >>= 1; - yyval = ( yy_pv -= yy_len )[1]; /* $$ = $1 */ - yy_state = yypgo[ yy_n = yyr1[ yy_n ] ] + - *( yy_ps -= yy_len ) + 1; - if ( yy_state >= YYLAST || - yychk[ yy_state = - yyact[ yy_state ] ] != -yy_n ) - { - yy_state = yyact[ yypgo[ yy_n ] ]; - } - goto yy_stack; - } - yy_len >>= 1; - yyval = ( yy_pv -= yy_len )[1]; /* $$ = $1 */ - yy_state = yypgo[ yy_n = yyr1[ yy_n ] ] + - *( yy_ps -= yy_len ) + 1; - if ( yy_state >= YYLAST || - yychk[ yy_state = yyact[ yy_state ] ] != -yy_n ) - { - yy_state = yyact[ yypgo[ yy_n ] ]; - } - } - /* save until reenter driver code */ - yystate = yy_state; - yyps = yy_ps; - yypv = yy_pv; - } - /* - ** code supplied by user is placed in this switch - */ - switch( yytmp ) - { - -case 5: -{AddAVA(yypvt[-1].string);} break; -case 10: -{AddDefType(yypvt[-2].num, yypvt[-0].string);} break; -case 11: -{yyval.num = DEF_C; } break; -case 12: -{yyval.num = DEF_CO;} break; -case 13: -{yyval.num = DEF_OU;} break; -case 14: -{yyval.num = DEF_CN;} break; -case 15: -{yyval.num = DEF_L; } break; -case 16: -{yyval.num = DEF_E; } break; -case 17: -{yyval.num = DEF_ST;} break; - } - goto yystack; /* reset registers in driver code */ -} - diff --git a/lib/libaccess/wintab.h b/lib/libaccess/wintab.h deleted file mode 100644 index 49ba3ef9..00000000 --- a/lib/libaccess/wintab.h +++ /dev/null @@ -1,26 +0,0 @@ -/** BEGIN COPYRIGHT BLOCK - * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. - * Copyright (C) 2005 Red Hat, Inc. - * All rights reserved. - * END COPYRIGHT BLOCK **/ - -typedef union -#ifdef __cplusplus - YYSTYPE -#endif - { - char *string; - int num; -} YYSTYPE; -extern YYSTYPE yylval; -# define DEF_C 257 -# define DEF_CO 258 -# define DEF_OU 259 -# define DEF_CN 260 -# define EQ_SIGN 261 -# define DEF_START 262 -# define DEF_L 263 -# define DEF_E 264 -# define DEF_ST 265 -# define USER_ID 266 -# define DEF_ID 267 |