diff options
Diffstat (limited to 'lib/libaccess/utest')
37 files changed, 2563 insertions, 0 deletions
diff --git a/lib/libaccess/utest/.purify b/lib/libaccess/utest/.purify new file mode 100644 index 00000000..56b9983e --- /dev/null +++ b/lib/libaccess/utest/.purify @@ -0,0 +1,19 @@ +suppress umr process_gethost +suppress umr _door_gethostbyname_r +suppress umr _get_hostserv_inetnetdir_byname +suppress umr _get_hostserv_inetnetdir_byaddr +suppress umr gethostbyname_r +suppress umr _nsc_trydoorcall +suppress umr LASDnsBuild +suppress umr PR_HashString +suppress umr mthsearch +suppress umr Hash +suppress umr strcmp +suppress umr mthsearch +suppress umr strlen +suppress umr strdup +suppress umr strcpy +suppress umr PListFindValue +suppress umr LASIpEval +suppress umr LASDnsEval +suppress mlk system_strdup_perm diff --git a/lib/libaccess/utest/Makefile b/lib/libaccess/utest/Makefile new file mode 100644 index 00000000..2acedff0 --- /dev/null +++ b/lib/libaccess/utest/Makefile @@ -0,0 +1,119 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +# +# +MCOM_ROOT=../../../.. +MODULE=LibAcl +include ../../../nsdefs.mk + +OBJDEST=. +UTESTDEST=utest + +include ../../../nsconfig.mk + +MODULE_CFLAGS=-I$(NSROOT)/include/libaccess -I$(NSROOT)/include -I$(NSROOT)/include/public -I. -DACL_LIB_INTERNAL + +include $(INCLUDE_DEPENDS) + +#TESTFLAGS = -DUTEST -DDEBUG_LEVEL_2 +TESTFLAGS = -DUTEST +CC = $(CCC) + +CSRC = acltest.cpp onetest.cpp ustubs.cpp twotest.cpp +TSRC = aclfile0 aclfile1 aclfile2 aclfile3 aclfile4 aclfile5 aclfile6 aclfile7 aclfile8 aclfile9 aclfile10 aclfile11 aclfile12 aclfile13 aclfile14 aclfile15 aclfile16 aclfile17 aclfile18 aclfile19 test.ref +SRC = $(CSRC) $(TSRC) +XSRC = \ + ../oneeval.cpp \ + ../lastod.cpp \ + ../lasip.cpp \ + ../aclutil.cpp \ + ../lasdns.cpp \ + ../acl.tab.cpp \ + ../acl.yy.cpp \ + ../acltools.cpp \ + ../aclspace.cpp \ + ../lasgroup.cpp \ + ../lasuser.cpp \ + ../lasprogram.cpp \ + ../nseframe.cpp \ + ../aclcache.cpp \ + ../register.cpp \ + ../symbols.cpp \ + ../method.cpp \ + ../authdb.cpp + +COBJ = $(CSRC:%.cpp=%.o) +XOBJ = $(XSRC:../%.cpp=%.o) + +# This may be needed for other platforms too +ifeq ($(ARCH), IRIX) +XLIBS = -rpath $(LDAP_LIBPATH) +endif + +ifeq ($(ARCH), HPUX) +XLIBS = -lpthread +endif +ifeq ($(ARCH), SOLARIS) +XLIBS = -lsocket -lnsl -ldl -lposix4 +endif + +XLIBS+= $(OBJDIR)/lib/base/plist.o \ + $(OBJDIR)/lib/base/pool.o \ + $(OBJDIR)/lib/base/util.o \ + $(OBJDIR)/lib/base/ereport.o \ + $(OBJDIR)/lib/base/system.o \ + $(OBJDIR)/lib/base/shexp.o \ + $(OBJDIR)/lib/base/pblock.o \ + $(OBJDIR)/lib/base/file.o \ + $(OBJDIR)/lib/base/systhr.o \ + $(OBJDIR)/lib/base/nscperror.o \ + $(OBJDIR)/lib/libldapu.a \ + $(LIBNSPR) + +all: $(COBJ) $(TSRC) acltest + ./acltest > test.out + diff test.ref test.out + @echo + @echo "The unit test is passed if there is no diff output, and the" + @echo "Purify window shows no errors and 0 bytes leaked." + @echo + @echo "Run - gmake coverage - manually to get code coverage analysis." + @echo + +aclparse: ustubs.o testmain.o $(XOBJ) + purify $(CC) -o aclparse testmain.o $(XOBJ) ustubs.o $(XLIBS) + +aclparse.pure: acl.tab.o acl.yy.o testmain.o acltools.o ustubs.o + purify -user-path=.. $(CC) -o aclparse.pure $(XOBJ) ustubs.o $(XLIBS) + +onetest: onetest.o ustubs.o $(XOBJ) + $(CC) -o onetest onetest.o $(XOBJ) ustubs.o $(XLIBS) + +twotest: twotest.o ustubs.o $(XOBJ) + $(CC) -o twotest twotest.o $(XOBJ) ustubs.o $(XLIBS) + +acltest: acltest.o ustubs.o $(XOBJ) +# purify $(CC) -o acltest acltest.o $(XOBJ) ustubs.o $(XLIBS) + $(CC) -o acltest acltest.o $(XOBJ) ustubs.o $(XLIBS) + +coverage: acltest.o ustubs.o $(XOBJ) + purecov $(CC) -o acltestcov acltest.o $(XOBJ) ustubs.o $(XLIBS) + rm -f *.pcv + acltestcov + +lasemail: lasemail.o + $(LD) -G -h lasemail.so -o lasemail.so lasemail.o + +#$(XOBJ): $(XSRC) +# cd ..; gmake OBJDEST=$(UTESTDEST) CC=$(OCC) TESTFLAGS=$(TESTFLAGS) + +%.o:../%.c + $(CC) -c $(CFLAGS) $(TESTFLAGS) $(MCC_INCLUDE) -I.. $< -o $(OBJDEST)/$*.o + +%.o:../%.cpp + $(CC) -c $(CFLAGS) $(TESTFLAGS) $(MCC_INCLUDE) -I.. $< -o $(OBJDEST)/$*.o diff --git a/lib/libaccess/utest/acl.dat b/lib/libaccess/utest/acl.dat new file mode 100644 index 00000000..d640adca --- /dev/null +++ b/lib/libaccess/utest/acl.dat @@ -0,0 +1,12 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; + +acl davids; + +deny (all) dns=aruba.mcom.com; diff --git a/lib/libaccess/utest/aclfile0 b/lib/libaccess/utest/aclfile0 new file mode 100644 index 00000000..8bb2a428 --- /dev/null +++ b/lib/libaccess/utest/aclfile0 @@ -0,0 +1,55 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile0; +deny with uri="test"; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); + +acl aclfile0.0; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); +acl aclfile0.1; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); +acl aclfile0.2; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); +acl aclfile0.3; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); +acl aclfile0.4; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); +acl aclfile0.5; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); +acl aclfile0.6; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); +acl aclfile0.7; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); +acl aclfile0.8; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); +acl aclfile0.9; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); +acl aclfile0.10; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); +acl aclfile0.11; +allow (read, write, execute) (timeofday<2100); +acl aclfile0.12; +authenticate (user, group) { + database=franco; + method=basic; +}; +allow (read, write, execute) (timeofday<2100); +allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1"); diff --git a/lib/libaccess/utest/aclfile1 b/lib/libaccess/utest/aclfile1 new file mode 100644 index 00000000..e148f1a1 --- /dev/null +++ b/lib/libaccess/utest/aclfile1 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile1; +deny (read, write, execute) (timeofday<2100); +deny (read, write, execute) (dayofweek!=sun); diff --git a/lib/libaccess/utest/aclfile10 b/lib/libaccess/utest/aclfile10 new file mode 100644 index 00000000..f0f5a223 --- /dev/null +++ b/lib/libaccess/utest/aclfile10 @@ -0,0 +1,13 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile10; +deny absolute (read) ip="17.34.*"; +allow (read,write) timeofday>1700; +deny (read) dns="*.mcom.com"; +allow (read,write) dayofweek=mon; diff --git a/lib/libaccess/utest/aclfile11 b/lib/libaccess/utest/aclfile11 new file mode 100644 index 00000000..9fe73cb2 --- /dev/null +++ b/lib/libaccess/utest/aclfile11 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile11; +allow (read) (timeofday<2100); +allow (html_write, execute) (dayofweek!=sun); diff --git a/lib/libaccess/utest/aclfile12 b/lib/libaccess/utest/aclfile12 new file mode 100644 index 00000000..ac154d7a --- /dev/null +++ b/lib/libaccess/utest/aclfile12 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile12; +allow (read) (timeofday<2100); +allow (read, html_write, execute) (dayofweek!=sun); diff --git a/lib/libaccess/utest/aclfile13 b/lib/libaccess/utest/aclfile13 new file mode 100644 index 00000000..7334d03d --- /dev/null +++ b/lib/libaccess/utest/aclfile13 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile13; +allow (read) (ip="17.34.1.1+255.255.0.0"); +allow (html_write) (dns!="*.microsoft.com"); diff --git a/lib/libaccess/utest/aclfile14 b/lib/libaccess/utest/aclfile14 new file mode 100644 index 00000000..5fc5c706 --- /dev/null +++ b/lib/libaccess/utest/aclfile14 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile14; +allow (read, write) (ip="17.34.*"); +deny (write) (dns!="*.mcom.com"); diff --git a/lib/libaccess/utest/aclfile15 b/lib/libaccess/utest/aclfile15 new file mode 100644 index 00000000..2d8701ec --- /dev/null +++ b/lib/libaccess/utest/aclfile15 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile15; +allow (html_read, write) (dns="*.mcom.com"); +deny (read) (ip="17.34.*"); diff --git a/lib/libaccess/utest/aclfile16 b/lib/libaccess/utest/aclfile16 new file mode 100644 index 00000000..54ce99f8 --- /dev/null +++ b/lib/libaccess/utest/aclfile16 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile16; +allow (html_read, write) (dns="*.mcom.com"); +deny (read) (ip="17.34.1.1 + 255.255.0.0"); diff --git a/lib/libaccess/utest/aclfile17 b/lib/libaccess/utest/aclfile17 new file mode 100644 index 00000000..128076f3 --- /dev/null +++ b/lib/libaccess/utest/aclfile17 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile17; +allow absolute (all) (dns="*.mcom.com"); +deny (read) (ip="17.34.1.1+255.255.0.0"); diff --git a/lib/libaccess/utest/aclfile18 b/lib/libaccess/utest/aclfile18 new file mode 100644 index 00000000..4a80bc27 --- /dev/null +++ b/lib/libaccess/utest/aclfile18 @@ -0,0 +1,19 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile18; +authenticate (user) { + method=SSL; + database=LDAP; +}; +allow (read, write, execute, create) dns="*.mcom.com"; +authenticate (user) { + method=basic; + database=20; +}; +allow (read, write, execute, create) (timeofday>1700 or timeofday<0800); diff --git a/lib/libaccess/utest/aclfile19 b/lib/libaccess/utest/aclfile19 new file mode 100644 index 00000000..4433f4c7 --- /dev/null +++ b/lib/libaccess/utest/aclfile19 @@ -0,0 +1,14 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile19A; +deny (read, write, execute, create) dns!="*.mcom.com"; +allow absolute (read) ((timeofday>1700 or timeofday<0800) or dayofweek=satsunmon); + +acl aclfile19B; +deny (write) dns="*.mcom.com"; diff --git a/lib/libaccess/utest/aclfile2 b/lib/libaccess/utest/aclfile2 new file mode 100644 index 00000000..eee5c30c --- /dev/null +++ b/lib/libaccess/utest/aclfile2 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile2; +deny (read) (timeofday<2100); +deny (read) (dayofweek!=sun); diff --git a/lib/libaccess/utest/aclfile3 b/lib/libaccess/utest/aclfile3 new file mode 100644 index 00000000..094c1abe --- /dev/null +++ b/lib/libaccess/utest/aclfile3 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile3; +allow (read) (timeofday<2100); +allow (read) (dayofweek!=sun); diff --git a/lib/libaccess/utest/aclfile4 b/lib/libaccess/utest/aclfile4 new file mode 100644 index 00000000..befc7b4b --- /dev/null +++ b/lib/libaccess/utest/aclfile4 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile4; +allow (read) (timeofday>0700); +allow (write) (dayofweek!=sun); diff --git a/lib/libaccess/utest/aclfile5 b/lib/libaccess/utest/aclfile5 new file mode 100644 index 00000000..8b0e1e8d --- /dev/null +++ b/lib/libaccess/utest/aclfile5 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile5; +allow (read) (ip="17.34.*"); +allow (write) (dns!="*.microsoft.com"); diff --git a/lib/libaccess/utest/aclfile6 b/lib/libaccess/utest/aclfile6 new file mode 100644 index 00000000..9646b548 --- /dev/null +++ b/lib/libaccess/utest/aclfile6 @@ -0,0 +1,23 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile6; +allow (read, +write) (ip="17.34.*"); +allow (read, write) (ip="17.34.*"); +allow (read, write) (ip="17.34.*"); +allow (read, write) (ip="17.34.*"); +allow (read, write) (ip="17.34.*"); +allow (read, write) (ip="17.34.*"); +deny (write) +(dns!="*.mcom.com"); +deny (write) (dns!="*.mcom.com"); +deny (write) (dns!="*.mcom.com"); +deny (write) (dns!="*.mcom.com"); +deny (write) (dns!="*.mcom.com"); +deny (write) (dns!="*.mcom.com"); diff --git a/lib/libaccess/utest/aclfile7 b/lib/libaccess/utest/aclfile7 new file mode 100644 index 00000000..d8f9aa13 --- /dev/null +++ b/lib/libaccess/utest/aclfile7 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile7; +allow (read,write) (dns="*.mcom.com"); +deny (read) (ip="17.34.*"); diff --git a/lib/libaccess/utest/aclfile8 b/lib/libaccess/utest/aclfile8 new file mode 100644 index 00000000..b11cfe7e --- /dev/null +++ b/lib/libaccess/utest/aclfile8 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile8; +allow (read, write, execute, create) dns="*.mcom.com"; +allow (read, write, execute, create) (timeofday>1700 or timeofday<0800); diff --git a/lib/libaccess/utest/aclfile9 b/lib/libaccess/utest/aclfile9 new file mode 100644 index 00000000..2a0ab35e --- /dev/null +++ b/lib/libaccess/utest/aclfile9 @@ -0,0 +1,11 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclfile9; +deny (read) ip="*.34.*+*.128.*.0"; +allow (read, write, execute, create) ((timeofday>1700 or timeofday<0800) or dayofweek=satsunmon); diff --git a/lib/libaccess/utest/aclgrp0 b/lib/libaccess/utest/aclgrp0 new file mode 100644 index 00000000..ba08fbf1 --- /dev/null +++ b/lib/libaccess/utest/aclgrp0 @@ -0,0 +1,10 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclgrp0; +allow (read, write, execute) (group = marketing or group!="Directory Administrators"); diff --git a/lib/libaccess/utest/aclgrp1 b/lib/libaccess/utest/aclgrp1 new file mode 100644 index 00000000..7a804404 --- /dev/null +++ b/lib/libaccess/utest/aclgrp1 @@ -0,0 +1,10 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclgrp1; +allow (read, write, execute) (group!="Directory Administrators"); diff --git a/lib/libaccess/utest/aclgrp2 b/lib/libaccess/utest/aclgrp2 new file mode 100644 index 00000000..13938c19 --- /dev/null +++ b/lib/libaccess/utest/aclgrp2 @@ -0,0 +1,10 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclgrp2; +allow (read, write, execute) (group=marketing); diff --git a/lib/libaccess/utest/aclgrp3 b/lib/libaccess/utest/aclgrp3 new file mode 100644 index 00000000..30b44d5c --- /dev/null +++ b/lib/libaccess/utest/aclgrp3 @@ -0,0 +1,10 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclgrp3; +allow (read, write, execute) (group>"Directory Admin,marketing"); diff --git a/lib/libaccess/utest/aclgrp4 b/lib/libaccess/utest/aclgrp4 new file mode 100644 index 00000000..5b07d6c2 --- /dev/null +++ b/lib/libaccess/utest/aclgrp4 @@ -0,0 +1,10 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +version 3.0; +acl aclgrp4; +allow (read, write, execute) (group = " marketing ,, Directory Administrators ,, "); diff --git a/lib/libaccess/utest/acltest.cpp b/lib/libaccess/utest/acltest.cpp new file mode 100644 index 00000000..c643f873 --- /dev/null +++ b/lib/libaccess/utest/acltest.cpp @@ -0,0 +1,796 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#include <stdio.h> +#include <netsite.h> +#include <base/session.h> +#include <base/daemon.h> +#include <base/systhr.h> +#include <libaccess/nserror.h> +#include <libaccess/acl.h> +#include "../aclpriv.h" +#include <libaccess/aclproto.h> +#include "../aclcache.h" +#include <libaccess/las.h> + + +extern ACLListHandle_t *ACL_ParseFile(NSErr_t *errp, char *filename); + +int +TestEvalFunc(NSErr_t *errp, char *attr, CmpOp_t comparator, + char *attr_pattern, ACLCachable_t *cachable, + void **las_cookie, PList_t subject, PList_t resource, + PList_t auth_info, PList_t global_auth) +{ + return 0; +} + +void +TestFlushFunc(void **cookie) +{ + return; +} + +static int parse_dburl (NSErr_t *errp, ACLDbType_t dbtype, + const char *dbname, const char *url, + PList_t plist, void **db) +{ + *db = strdup(url); + return 0; +} + + +main() +{ + ACLListHandle_t *acl_list; + int result; + ACLCachable_t cachable = 0; + void *las_cookie=NULL; + ACLEvalHandle_t eval; + char *rights[3]; + char filename[20]; + char newfilename[25]; + int i; + char *map_generic[7]; + LASEvalFunc_t Eval_funcp; + LASFlushFunc_t Flush_funcp; + char *bong; + char *bong_type; + char *acl_tag; + int expr_num; + int ii; + char **name_list; + ACLMethod_t method=NULL; + ACLDbType_t dbtype=NULL; + int rv; + ACLAttrGetterList_t aglist; + ACLAttrGetter_t *agptr; + char **names; + int cnt; + + systhread_init("acl_utest"); + + char *acl_file_list[3] = {"aclfile6", "aclfile7", NULL}; + char *new_filename = "merge6_7"; + char *acl_name_list[3] = {"aclfile6", "aclfile7", NULL}; + char *new_aclname = "merge6_7"; + char *bad_acl_file_list[3] = {"bad_aclfile6", "bad_aclfile7", NULL}; + + if ( ACL_FileMergeFile(NULL, new_filename, bad_acl_file_list, 0) < 0 ) { + printf("Failed ACL_FileMergeFile() test.\n"); + } + + if ( ACL_FileMergeFile(NULL, new_filename, acl_file_list, 0) < 0 ) { + printf("Failed ACL_FileMergeFile() test.\n"); + } + + if ( ACL_FileMergeAcl(NULL, new_filename, acl_name_list, new_aclname, 0) < 0 ) { + printf("Failed ACL_FileMergeAcl() test.\n"); + } + + /* LAS Registration Unit Tests */ + + ACL_Init(); + + rv = ACL_MethodRegister(NULL, "one", &method); + printf("Method one is #%d, rv=%d\n", (int)method, rv); + + rv = ACL_MethodRegister(NULL, "two", &method); + printf("Method two is #%d, rv=%d\n", (int)method, rv); + + rv = ACL_MethodRegister(NULL, "one", &method); + printf("Method one repeated is #%d, rv=%d\n", (int)method, rv); + + rv = ACL_MethodRegister(NULL, "three", &method); + printf("Method three is #%d, rv=%d\n", (int)method, rv); + + rv = ACL_MethodNamesGet(NULL, &names, &cnt); + + for(i = 0; i < cnt; i++) { + printf("\tMethod[%d] = \"%s\"\n", i, names[i]); + } + + ACL_MethodNamesFree(NULL, names, cnt); + + if (!ACL_MethodIsEqual(NULL, method, method)) { + printf("Error comparing methods"); + } + + if (!ACL_MethodNameIsEqual(NULL, method, "three")) { + printf("Error comparing method by name"); + } + + /* Since LDAP is already registered by ACL_Init, the first number + * we'll get is actually 2. + */ + rv = ACL_DbTypeRegister(NULL, "two", parse_dburl, &dbtype); + printf("DbType two is #%d, rv=%d\n", (int)dbtype, rv); + + rv = ACL_DbTypeRegister(NULL, "three", parse_dburl, &dbtype); + printf("DbType three is #%d, rv=%d\n", (int)dbtype, rv); + + rv = ACL_DbTypeRegister(NULL, "two", parse_dburl, &dbtype); + printf("DbType two repeated is #%d, rv=%d\n", (int)dbtype, rv); + + rv = ACL_DbTypeRegister(NULL, "four", parse_dburl, &dbtype); + printf("DbType four is #%d, rv=%d\n", (int)dbtype, rv); + + if (!ACL_DbTypeIsEqual(NULL, dbtype, dbtype)) { + printf("Error comparing dbtypes\n"); + } + + if (!ACL_DbTypeNameIsEqual(NULL, dbtype, "four")) { + printf("Error comparing dbtype by name\n"); + } + + rv = ACL_DatabaseRegister(NULL, dbtype, "db1", "url for db1", NULL); + if (rv < 0) { + printf("ACL_DatabaseRegister failed for db1\n"); + } + + rv = ACL_DatabaseRegister(NULL, dbtype, "db2", "url for db2", NULL); + if (rv < 0) { + printf("ACL_DatabaseRegister failed for db2\n"); + } + + rv = ACL_DatabaseRegister(NULL, dbtype, "db3", "url for db3", NULL); + if (rv < 0) { + printf("ACL_DatabaseRegister failed for db3\n"); + } + + rv = ACL_DatabaseNamesGet(NULL, &names, &cnt); + + for(i = 0; i < cnt; i++) { + printf("\tDatabase[%d] = \"%s\"\n", i, names[i]); + } + + if (ACL_AttrGetterRegister(NULL, "attr", (ACLAttrGetterFn_t)2, (ACLMethod_t)10, (ACLDbType_t)20, ACL_AT_FRONT, NULL)) { + printf("Error registering attr getter\n"); + } + + if (ACL_AttrGetterRegister(NULL, "attr", (ACLAttrGetterFn_t)3, (ACLMethod_t)10, (ACLDbType_t)20, ACL_AT_END, NULL)) { + printf("Error registering attr getter\n"); + } + + if (ACL_AttrGetterRegister(NULL, "attr", (ACLAttrGetterFn_t)1, (ACLMethod_t)10, (ACLDbType_t)20, ACL_AT_FRONT, NULL)) { + printf("Error registering attr getter\n"); + } + + if (ACL_AttrGetterRegister(NULL, "attr", (ACLAttrGetterFn_t)4, (ACLMethod_t)10, (ACLDbType_t)20, ACL_AT_END, NULL)) { + printf("Error registering attr getter\n"); + } + + if (ACL_AttrGetterFind(NULL, "attr", &aglist)) { + printf("Error finding attr getter\n"); + } + + for (i = 0, agptr = ACL_AttrGetterFirst(&aglist); + i < 4; + i++, agptr = ACL_AttrGetterNext(&aglist, agptr)) { + + if (agptr) { + printf("position %d\n", (int)(agptr->fn)); + } + else { + printf("***Error: missing getter ***\n"); + } + } + +#ifndef XP_WIN32 + if (ACL_LasRegister(NULL, "test_attr", TestEvalFunc, TestFlushFunc)) { + printf("Error registering Test LAS functions\n"); + } + ACL_LasFindEval(NULL, "test_attr", &Eval_funcp); + if (Eval_funcp != TestEvalFunc) { + printf("Error finding Eval function - expecting %x, got %x\n", + TestEvalFunc, Eval_funcp); + } + ACL_LasFindFlush(NULL, "test_attr", &Flush_funcp); + if (Flush_funcp != TestFlushFunc) { + printf("Error finding Flush function - expecting %x, got %x\n", + TestFlushFunc, Flush_funcp); + } + ACL_LasFindEval(NULL, "wrong_attr", &Eval_funcp); + if (Eval_funcp != NULL) { + printf("Error finding Eval function - expecting NULL, got %x\n", + Eval_funcp); + } + ACL_LasFindFlush(NULL, "wrong_attr", &Flush_funcp); + if (Flush_funcp != NULL) { + printf("Error finding Flush function - expecting NULL, got %x\n", + Flush_funcp); + } +#endif /* !XP_WIN32 */ + + /* ACL Eval Unit Tests + */ + rights[0] = "http_get"; + rights[1] = "http_post"; + rights[2] = NULL; + + eval.subject = NULL; + eval.resource = NULL; + + for (i=0; i<10; i++) { + sprintf(filename, "aclfile%d", i); + eval.acllist = ACL_ParseFile((NSErr_t *)NULL, filename); + if ( eval.acllist == NULL ) { + printf("Couldn't parse.\n"); + continue; + } + + sprintf(newfilename, "%s.v30", filename); + if ( ACL_WriteFile(NULL, newfilename, eval.acllist) < 0) { + printf("Couldn't write %s.\n", newfilename); + } + result = ACL_EvalTestRights(NULL, &eval, &rights[0], + http_generic, &bong, &bong_type, &acl_tag, &expr_num); + ACL_ListDestroy(NULL, eval.acllist); + printf("%s = %d\n\n", filename, result); + } + +/******************************************************************** + + TEST #1 + + TEST ACL_ParseString() + TEST ACL_WriteFile() + TEST ACL_ParseFile() + TEST ACL_ListFind() + +*********************************************************************/ + acl_list = ACL_ParseString((NSErr_t *)NULL, + "version 3.0; acl > franco;"); + if ( acl_list != NULL ) { + ACL_ListDestroy(NULL, acl_list); + printf("Test #1a fails parsed invalid ACL\n"); + goto skip_test; + } + + acl_list = ACL_ParseString((NSErr_t *)NULL, + "version 3.0; acl franco; \nallow (read) user=franco;"); + if ( acl_list == NULL ) { + printf("Test #1b fails couldn't parse valid ACL\n"); + goto skip_test; + } else { + if ( ACL_WriteFile(NULL, "buffer", acl_list) < 0) { + printf("Test #1b, couldn't write %s.\n", "buffer"); + } + ACL_ListDestroy(NULL, acl_list); + } + + acl_list = ACL_ParseString((NSErr_t *)NULL, + "version 3.0; acl franco; \njunk (read) user=franco;"); + + if ( acl_list != NULL ) { + printf("Test #1c failed missed syntax error\n"); + ACL_ListDestroy(NULL, acl_list); + goto skip_test; + } + + acl_list = ACL_ParseString((NSErr_t *)NULL, + "version 3.0; acl franco; \nallow (read) user=franco;"); + + if ( acl_list == NULL ) { + printf("Test #1d couldn't parse valid ACL\n"); + } else { + ACL_ListDestroy(NULL, acl_list); + goto skip_test; + } + + acl_list= ACL_ParseFile((NSErr_t *)NULL, "buffer"); + if ( acl_list == NULL ) { + printf("Test #1e, couldn't perform ACL_ParseFile(buffer)\n"); + goto skip_test; + } else { + if ( ACL_ListFind(NULL, acl_list, "franco", ACL_CASE_INSENSITIVE) == NULL ) { + printf("Test #1e, couldn't find %s in %s.\n", "franco", "buffer"); + } + ACL_ListDestroy(NULL, acl_list); + } + +/******************************************************************** + + TEST #2 + + TEST ACL_FileDeleteAcl() + TEST ACL_ParseFile() + TEST ACL_ListFind() + +*********************************************************************/ + if ( ACL_FileDeleteAcl(NULL, "buffer", "franco", ACL_CASE_INSENSITIVE) < 0) { + printf("Test #2, couldn't write %s.\n", "buffer"); + } + acl_list= ACL_ParseFile((NSErr_t *)NULL, "buffer"); + if ( acl_list == NULL ) { + printf("Test #2, couldn't perform ACL_ParseFile(buffer)\n"); + goto skip_test; + } else { + if ( ACL_ListFind(NULL, acl_list, "franco", ACL_CASE_INSENSITIVE) ) { + printf("Couldn't delete %s from %s.\n", "franco", "buffer"); + } + ACL_ListDestroy(NULL, acl_list); + } + +/******************************************************************** + + TEST #3 + + TEST ACL_FileSetAcl() + TEST ACL_ParseFile() + TEST ACL_ListFind() + +*********************************************************************/ + if ( ACL_FileSetAcl(NULL, "buffer", + "version 3.0; acl FileSetAcl; \nallow (read) user=franco;", + ACL_CASE_INSENSITIVE)< 0) { + printf("Test #3, couldn't ACL_FileSetACL(%s).\n", "FileSetAcl"); + } + if ( ACL_FileSetAcl(NULL, "buffer", + "version 3.0; acl franco; \nallow (read) user=franco;", + ACL_CASE_INSENSITIVE)< 0) { + printf("Test #3, couldn't ACL_FileSetACL(%s).\n", "franco"); + } + acl_list= ACL_ParseFile((NSErr_t *)NULL, "buffer"); + if ( acl_list == NULL ) { + printf("Test #3, couldn't perform ACL_ParseFile(buffer)\n"); + goto skip_test; + } else { + if ( ACL_ListFind(NULL, acl_list, "franco", ACL_CASE_INSENSITIVE) == NULL) { + printf("Test #3, couldn't set %s in %s.\n", "franco", "buffer"); + } + if ( ACL_ListFind(NULL, acl_list, "filesetacl", ACL_CASE_INSENSITIVE) == NULL) { + printf("Test #3, couldn't set %s in %s.\n", "filesetacl", "buffer"); + } + ACL_ListDestroy(NULL, acl_list); + } + +/******************************************************************** + + TEST #4 + + TEST ACL_FileRenameAcl() + TEST ACL_ParseFile() + TEST ACL_ListFind() + +*********************************************************************/ + if ( ACL_FileRenameAcl(NULL, "buffer", "FileSetAcl", "loser", ACL_CASE_INSENSITIVE)< 0) { + printf("Test #4, fail ACL_FileRenameACL(filesetacl, loser).\n"); + } + if ( ACL_FileRenameAcl(NULL, "buffer", "franco", "bigdogs", + ACL_CASE_INSENSITIVE)< 0) { + printf("Test #4, fail ACL_FileRenameACL(franco, bigdogs).\n"); + } + acl_list= ACL_ParseFile((NSErr_t *)NULL, "buffer"); + if ( acl_list == NULL ) { + printf("Test #3, couldn't perform ACL_ParseFile(buffer)\n"); + goto skip_test; + } else { + if ( ACL_ListFind(NULL, acl_list, "loser", ACL_CASE_INSENSITIVE) == NULL) { + printf("Test #4, fail rename %s in %s.\n", "loser", "buffer"); + } + if ( ACL_ListFind(NULL, acl_list, "bigdogs", ACL_CASE_INSENSITIVE) == NULL) { + printf("Test #4, fail rename %s in %s.\n", "bigdogs", "buffer"); + } + if ( ACL_ListGetNameList(NULL, acl_list, &name_list) < 0 ) { + printf("Test #4, yikes, the GetNameList failed.\n"); + } else { + for (ii = 0; name_list[ii]; ii++) + printf("ACL %s\n", name_list[ii]); + ACL_NameListDestroy(NULL, name_list); + } + ACL_ListDestroy(NULL, acl_list); + } + + + + +skip_test: +/******************************************************************** + + END + +*********************************************************************/ + + rights[0] = "html_read"; + rights[1] = "html_write"; + + map_generic[0] = "html_read"; + map_generic[1] = "html_write"; + map_generic[2] = "N/A"; + map_generic[3] = "html_create"; + map_generic[4] = "html_delete"; + map_generic[5] = "N/A"; + map_generic[6] = NULL; + + for (i=10; i<20; i++) { + sprintf(filename, "aclfile%d", i); + eval.acllist = ACL_ParseFile((NSErr_t *)NULL, filename); + if ( eval.acllist == NULL ) { + printf("Parse failed.\n"); + continue; + } + result = ACL_EvalTestRights(NULL, &eval, &rights[0], map_generic, &bong, &bong_type, &acl_tag, &expr_num); + ACL_ListDestroy(NULL, eval.acllist); + printf("%s = %d\n\n", filename, result); + } + + /* + * Program LAS Unit Tests + */ + char *groups[32] = { + "http-foo", + "http-bar", + "http-grog", + NULL + }; + char *programs[32] = { + "foo, fubar, frobozz", + "bar, shoo, fly", + "grog, beer", + NULL + }; + struct program_groups program_groups; + program_groups.groups = groups; + program_groups.programs = programs; + + result = LASProgramEval(NULL, "program", CMP_OP_EQ, "http-foo, http-bar,http-grog", &cachable, &las_cookie, (PList_t)"foo", (PList_t)&program_groups, NULL, NULL); + printf("program = foo %d\n\n", result); + + + result = LASProgramEval(NULL, "program", CMP_OP_EQ, "http-foo, http-bar,http-grog", &cachable, &las_cookie, (PList_t)"nomatch", (PList_t)&program_groups, NULL, NULL); + printf("program = nomatch %d\n\n", result); + + + result = LASProgramEval(NULL, "program", CMP_OP_EQ, "http-foo, http-bar,http-grog", &cachable, &las_cookie, (PList_t)"beer", (PList_t)&program_groups, NULL, NULL); + printf("program = beer %d\n\n", result); + + + result = LASProgramEval(NULL, "program", CMP_OP_EQ, "http-foo, http-bar, http-grog", &cachable, &las_cookie, (PList_t)"http-grog", (PList_t)&program_groups, NULL, NULL); + printf("program = http-grog %d\n\n", result); + + result = LASProgramEval(NULL, "program", CMP_OP_EQ, "http-foo", &cachable, &las_cookie, (PList_t)"ubar", (PList_t)&program_groups, NULL, NULL); + printf("program = ubar %d\n\n", result); + + + /* + * DNS LAS Unit Tests + */ + + result = LASDnsEval(NULL, "dnsalias", CMP_OP_EQ, "*", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("dnsalias = *? %d\n\n", result); + + LASDnsFlush(&las_cookie); + + result = LASDnsEval(NULL, "dnsalias", CMP_OP_EQ, "aruba.mcom.com brain251.mcom.com", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("dnsalias = aruba.mcom.com brain251.mcom.com? %d\n\n", result); + + LASDnsFlush(&las_cookie); + + result = LASDnsEval(NULL, "dns", CMP_OP_EQ, "*", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("dns = *? %d\n\n", result); + + result = LASDnsEval(NULL, "dns", CMP_OP_NE, "*", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("dns != *? %d\n\n", result); + + LASDnsFlush(&las_cookie); + + result = LASDnsEval(NULL, "dns", CMP_OP_EQ, "aruba.mcom.com", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("dns = aruba.mcom.com? %d\n\n", result); + + LASDnsFlush(&las_cookie); + + result = LASDnsEval(NULL, "dns", CMP_OP_EQ, "ai.mit.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("dns = ai.mit.edu? %d\n\n", result); + + LASDnsFlush(&las_cookie); + + result = LASDnsEval(NULL, "dns", CMP_OP_EQ, "*.ai.mit.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("dns = *.ai.mit.edu? %d\n\n", result); + + LASDnsFlush(&las_cookie); + + result = LASDnsEval(NULL, "dns", CMP_OP_EQ, "*.mit.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("dns = *.mit.edu? %d\n\n", result); + + LASDnsFlush(&las_cookie); + + result = LASDnsEval(NULL, "dns", CMP_OP_EQ, "*.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("dns = *.edu? %d\n\n", result); + + LASDnsFlush(&las_cookie); + + result = LASDnsEval(NULL, "dns", CMP_OP_NE, "*.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("dns != *.edu? %d\n\n", result); + + LASDnsFlush(&las_cookie); + + result = LASDnsEval(NULL, "mistake", CMP_OP_NE, "*.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("mistake != *.edu? %d\n\n", result); + + LASDnsFlush(&las_cookie); + + result = LASDnsEval(NULL, "dns", CMP_OP_GT, "*.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("dns > *.edu? %d\n\n", result); + + LASDnsFlush(&las_cookie); + + + /* + * IP LAS Unit Tests + */ + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "*", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = *? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_NE, "*", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip != *? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "*.*.*.*", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = *.*.*.*? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.*", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.*? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.*.*.*", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.*.*.*? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.*", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.34.*? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.*.*", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.34.*.*? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.*", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.34.51.*? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.*+255.255.255.255", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.34.51.*+255.255.255.255? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.69+255.255.255.254, 123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.34.51.69+255.255.255.254, 123.45.67.89? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_NE, "17.34.51.69+255.255.255.254, 123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip != 17.34.51.69+255.255.255.254, 123.45.67.89? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.68, 17.34.51.69", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.34.51.68, 17.34.51.69? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.68, 17.34.51.69, 123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.34.51.68, 17.34.51.69, 123.45.67.89? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_NE, "17.34.51.68, 17.34.51.69, 123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip != 17.34.51.68, 17.34.51.69, 123.45.67.89? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.68", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.34.51.68? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.69", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.34.51.69? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.69+255.255.255.254", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.34.51.69+255.255.255.254? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.50.69+255.255.254.0", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.34.50.69+255.255.254.0? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.35.50.69+255.254.0.0", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 17.35.50.69+255.254.0.0? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "16.35.50.69+254.0.0.0", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 16.35.50.69+254.0.0.0? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "ip", CMP_OP_EQ, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip = 123.45.67.89? %d\n\n", result); + + result = LASIpEval(NULL, "ip", CMP_OP_NE, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip != 123.45.67.89? %d\n\n", result); + + result = LASIpEval(NULL, "ip", CMP_OP_GT, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip > 123.45.67.89? %d\n\n", result); + + result = LASIpEval(NULL, "ip", CMP_OP_LT, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip < 123.45.67.89? %d\n\n", result); + + result = LASIpEval(NULL, "ip", CMP_OP_GE, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip >= 123.45.67.89? %d\n\n", result); + + result = LASIpEval(NULL, "ip", CMP_OP_LE, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("ip <= 123.45.67.89? %d\n\n", result); + + LASIpFlush(&las_cookie); + + result = LASIpEval(NULL, "mistake", CMP_OP_LE, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf ("mistake <= 123.45.67.89? %d\n\n", result); + + LASIpFlush(&las_cookie); + + + /* + * Time of Day unit tests. + */ + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_EQ, "2120", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time = 2120? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_NE, "2120", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time != 2120? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_EQ, "0700", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time = 0700? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_NE, "0700", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time != 0700? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_EQ, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time = 2400? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_NE, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time != 2400? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_GT, "2120", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time > 2120? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LT, "2120", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time < 2120? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_GT, "0700", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time > 0700? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LT, "0700", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time < 0700? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_GT, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time > 2400? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LT, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time < 2400? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_GE, "2120", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time >= 2120? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LE, "2120", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time <= 2120? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_GE, "0700", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time >= 0700? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LE, "0700", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time <= 0700? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_GE, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time >= 2400? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LE, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time <= 2400? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "mistake", CMP_OP_LE, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("mistake <= 2400? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_EQ, "0800-2200", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time = 0800-2200? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_NE, "0800-2200", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time != 0800-2200? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_EQ, "2200-0800", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time = 2200-0800? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_NE, "2200-0800", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time != 2200-0800? %d\n\n", result); + + result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LE, "2200-0800", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("time <= 2200-0800? %d\n\n", result); + + + /* + * Day Of Week Unit Tests + */ + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "Mon", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("= mon? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "tUe", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("= tUe? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "weD", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("= weD? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "THu", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("= THu? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "FrI", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("= FrI? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "sAT", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("= tUe? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "Sun", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("= Sun? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "mon,tuewed,thu,frisatsun", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("= mon,tuewed,thu,frisatsun? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_NE, "mon,tuewed,thu,frisatsun", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("!= mon,tuewed,thu,frisatsun? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_GT, "Sun", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("> Sun? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_LT, "Sun", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("< Sun? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_GE, "Sun", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf(">= Sun? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_LE, "Sun", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("<= Sun? %d\n\n", result); + + result = LASDayOfWeekEval(NULL, "mistake", CMP_OP_LE, "Sun", &cachable, &las_cookie, NULL, NULL, NULL, NULL); + printf("mistake <= Sun? %d\n\n", result); + + + ACL_Destroy(); + + exit(0); + +} diff --git a/lib/libaccess/utest/lasemail.cpp b/lib/libaccess/utest/lasemail.cpp new file mode 100644 index 00000000..469a315f --- /dev/null +++ b/lib/libaccess/utest/lasemail.cpp @@ -0,0 +1,180 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ + +/* lasemail.cpp + * This file contains the Email LAS code. + */ + +#include <ldap.h> +#include <nsacl/aclapi.h> + +#define ACL_ATTR_EMAIL "email" + +extern "C" { +extern int LASEmailEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator, char *attr_pattern, ACLCachable_t *cachable, void **LAS_cookie, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth); +extern void LASEmailFlush(void **las_cookie); +extern int LASEmailModuleInit(); +} + + +/* + * LASEmailEval + * INPUT + * attr_name The string "email" - in lower case. + * comparator CMP_OP_EQ or CMP_OP_NE only + * attr_pattern A comma-separated list of emails + * (we currently support only one e-mail addr) + * *cachable Always set to ACL_NOT_CACHABLE. + * subject Subject property list + * resource Resource property list + * auth_info Authentication info, if any + * RETURNS + * retcode The usual LAS return codes. + */ +int LASEmailEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator, + char *attr_pattern, ACLCachable_t *cachable, + void **LAS_cookie, PList_t subject, PList_t resource, + PList_t auth_info, PList_t global_auth) +{ + char *uid; + char *email; + int rv; + LDAP *ld; + char *basedn; + LDAPMessage *res; + int numEntries; + char filter[1024]; + int matched; + + *cachable = ACL_NOT_CACHABLE; + *LAS_cookie = (void *)0; + + if (strcmp(attr_name, ACL_ATTR_EMAIL) != 0) { + fprintf(stderr, "LASEmailEval called for incorrect attr \"%s\"\n", + attr_name); + return LAS_EVAL_INVALID; + } + + if ((comparator != CMP_OP_EQ) && (comparator != CMP_OP_NE)) { + fprintf(stderr, "LASEmailEval called with incorrect comparator %d\n", + comparator); + return LAS_EVAL_INVALID; + } + + if (!strcmp(attr_pattern, "anyone")) { + *cachable = ACL_INDEF_CACHABLE; + return comparator == CMP_OP_EQ ? LAS_EVAL_TRUE : LAS_EVAL_FALSE; + } + + /* get the authenticated user name */ + rv = ACL_GetAttribute(errp, ACL_ATTR_USER, (void **)&uid, + subject, resource, auth_info, global_auth); + + if (rv != LAS_EVAL_TRUE) { + return rv; + } + + /* We have an authenticated user */ + if (!strcmp(attr_pattern, "all")) { + return comparator == CMP_OP_EQ ? LAS_EVAL_TRUE : LAS_EVAL_FALSE; + } + + /* do an ldap lookup for: (& (uid=<user>) (mail=<email>)) */ + rv = ACL_LDAPDatabaseHandle(errp, NULL, &ld, &basedn); + + if (rv != LAS_EVAL_TRUE) { + fprintf(stderr, "unable to get LDAP handle\n"); + return rv; + } + + /* Formulate the filter -- assume single e-mail in attr_pattern */ + /* If we support multiple comma separated e-mail addresses in the + * attr_pattern then the filter will look like: + * (& (uid=<user>) (| (mail=<email1>) (mail=<email2>))) + */ + sprintf(filter, "(& (uid=%s) (mail=%s))", uid, attr_pattern); + + rv = ldap_search_s(ld, basedn, LDAP_SCOPE_SUBTREE, filter, + 0, 0, &res); + + if (rv != LDAP_SUCCESS) + { + fprintf(stderr, "ldap_search_s: %s\n", ldap_err2string(rv)); + return LAS_EVAL_FAIL; + } + + numEntries = ldap_count_entries(ld, res); + + if (numEntries == 1) { + /* success */ + LDAPMessage *entry = ldap_first_entry(ld, res); + char *dn = ldap_get_dn(ld, entry); + + fprintf(stderr, "ldap_search_s: Entry found. DN: \"%s\"\n", dn); + ldap_memfree(dn); + matched = 1; + } + else if (numEntries == 0) { + /* not found -- but not an error */ + fprintf(stderr, "ldap_search_s: Entry not found. Filter: \"%s\"\n", + filter); + matched = 0; + } + else if (numEntries > 0) { + /* Found more than one entry! */ + fprintf(stderr, "ldap_search_s: Found more than one entry. Filter: \"%s\"\n", + filter); + return LAS_EVAL_FAIL; + } + + if (comparator == CMP_OP_EQ) { + rv = (matched ? LAS_EVAL_TRUE : LAS_EVAL_FALSE); + } + else { + rv = (matched ? LAS_EVAL_FALSE : LAS_EVAL_TRUE); + } + + return rv; +} + + +/* LASEmailFlush + * Deallocates any memory previously allocated by the LAS + */ +void +LASEmailFlush(void **las_cookie) +{ + /* do nothing */ + return; +} + +/* LASEmailModuleInit -- + * Register the e-mail LAS. + * + * To load this functions in the web server, compile the file in + * "lasemail.so" and add the following lines to the + * <ServerRoot>/https-<name>/config/obj.conf file. Be sure to change the + * "lasemail.so" portion to the full pathname. E.g. /nshome/lib/lasemail.so. + * + * Init fn="load-modules" funcs="LASEmailModuleInit" shlib="lasemail.so" + * Init fn="acl-register-module" module="lasemail" func="LASEmailModuleInit" + */ +int LASEmailModuleInit () +{ + NSErr_t err = NSERRINIT; + NSErr_t *errp = &err; + int rv; + + rv = ACL_LasRegister(errp, ACL_ATTR_EMAIL, LASEmailEval, LASEmailFlush); + + if (rv < 0) { + fprintf(stderr, "ACL_LasRegister failed. Error: %d\n", rv); + return rv; + } + + return rv; +} + diff --git a/lib/libaccess/utest/onetest.cpp b/lib/libaccess/utest/onetest.cpp new file mode 100644 index 00000000..3bcccbb1 --- /dev/null +++ b/lib/libaccess/utest/onetest.cpp @@ -0,0 +1,47 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#include <stdio.h> +#include <netsite.h> +#include <libaccess/nserror.h> +#include <base/session.h> +#include <libaccess/acl.h> +#include "../aclpriv.h" +#include <libaccess/aclproto.h> +#include <libaccess/las.h> +#include <base/plist.h> +#include <base/ereport.h> + +extern ACLListHandle_t *ACL_ParseFile(NSErr_t *errp, char *filename); +extern ACLEvalDestroyContext(NSErr_t *errp, ACLEvalHandle_t *acleval); + + +main(int arc, char **argv) +{ + int result; + int cachable; + void *las_cookie=NULL; + ACLEvalHandle_t eval; + char *rights[2]; + char filename[20]; + int i; + char *bong; + char *bong_type; + char *acl_tag; + int expr_num; + + /* ACL Eval Unit Tests + */ + rights[0] = "read"; + rights[1] = "write"; + rights[2] = NULL; + + eval.acllist = ACL_ParseFile((NSErr_t *)NULL, argv[1]); + result = ACL_EvalTestRights(NULL, &eval, &rights[0], NULL, &bong, &bong_type, &acl_tag, &expr_num); + ACLEvalDestroyContext(NULL, &eval); + ACL_ListDestroy(NULL, eval.acllist); + printf("%s = %d\n\n", argv[1], result); + +} diff --git a/lib/libaccess/utest/shexp.cpp b/lib/libaccess/utest/shexp.cpp new file mode 100644 index 00000000..23e9e909 --- /dev/null +++ b/lib/libaccess/utest/shexp.cpp @@ -0,0 +1,294 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +/* + * shexp.c: shell-like wildcard match routines + * + * + * See shexp.h for public documentation. + * + * Rob McCool + * + */ + +#include "shexp.h" +#include <ctype.h> /* isalpha, tolower */ + + +/* ----------------------------- shexp_valid ------------------------------ */ + + +int valid_subexp(char *exp, char stop) +{ + register int x,y,t; + int nsc,np,tld; + + x=0;nsc=0;tld=0; + + while(exp[x] && (exp[x] != stop)) { + switch(exp[x]) { + case '~': + if(tld) return INVALID_SXP; + else ++tld; + case '*': + case '?': + case '^': + case '$': + ++nsc; + break; + case '[': + ++nsc; + if((!exp[++x]) || (exp[x] == ']')) + return INVALID_SXP; + for(++x;exp[x] && (exp[x] != ']');++x) + if(exp[x] == '\\') + if(!exp[++x]) + return INVALID_SXP; + if(!exp[x]) + return INVALID_SXP; + break; + case '(': + ++nsc;np = 0; + while(1) { + if(exp[++x] == ')') + return INVALID_SXP; + for(y=x;(exp[y]) && (exp[y] != '|') && (exp[y] != ')');++y) + if(exp[y] == '\\') + if(!exp[++y]) + return INVALID_SXP; + if(!exp[y]) + return INVALID_SXP; + if(exp[y] == '|') + ++np; + t = valid_subexp(&exp[x],exp[y]); + if(t == INVALID_SXP) + return INVALID_SXP; + x+=t; + if(exp[x] == ')') { + if(!np) + return INVALID_SXP; + break; + } + } + break; + case ')': + case ']': + return INVALID_SXP; + case '\\': + if(!exp[++x]) + return INVALID_SXP; + default: + break; + } + ++x; + } + if((!stop) && (!nsc)) + return NON_SXP; + return ((exp[x] == stop) ? x : INVALID_SXP); +} + +NSAPI_PUBLIC int shexp_valid(char *exp) { + int x; + + x = valid_subexp(exp, '\0'); + return (x < 0 ? x : VALID_SXP); +} + + +/* ----------------------------- shexp_match ----------------------------- */ + + +#define MATCH 0 +#define NOMATCH 1 +#define ABORTED -1 + +int _shexp_match(char *str, char *exp); + +int handle_union(char *str, char *exp) +{ + char *e2 = (char *) MALLOC(sizeof(char)*strlen(exp)); + register int t,p2,p1 = 1; + int cp; + + while(1) { + for(cp=1;exp[cp] != ')';cp++) + if(exp[cp] == '\\') + ++cp; + for(p2 = 0;(exp[p1] != '|') && (p1 != cp);p1++,p2++) { + if(exp[p1] == '\\') + e2[p2++] = exp[p1++]; + e2[p2] = exp[p1]; + } + for(t=cp+1;(e2[p2] = exp[t]);++t,++p2); + if(_shexp_match(str,e2) == MATCH) { + FREE(e2); + return MATCH; + } + if(p1 == cp) { + FREE(e2); + return NOMATCH; + } + else ++p1; + } +} + + +int _shexp_match(char *str, char *exp) +{ + register int x,y; + int ret,neg; + + ret = 0; + for(x=0,y=0;exp[y];++y,++x) { + if((!str[x]) && (exp[y] != '(') && (exp[y] != '$') && (exp[y] != '*')) + ret = ABORTED; + else { + switch(exp[y]) { + case '$': + if( (str[x]) ) + ret = NOMATCH; + else + --x; /* we don't want loop to increment x */ + break; + case '*': + while(exp[++y] == '*'); + if(!exp[y]) + return MATCH; + while(str[x]) { + switch(_shexp_match(&str[x++],&exp[y])) { + case NOMATCH: + continue; + case ABORTED: + ret = ABORTED; + break; + default: + return MATCH; + } + break; + } + if((exp[y] == '$') && (exp[y+1] == '\0') && (!str[x])) + return MATCH; + else + ret = ABORTED; + break; + case '[': + if((neg = ((exp[++y] == '^') && (exp[y+1] != ']')))) + ++y; + + if((isalnum(exp[y])) && (exp[y+1] == '-') && + (isalnum(exp[y+2])) && (exp[y+3] == ']')) + { + int start = exp[y], end = exp[y+2]; + + /* Droolproofing for pinheads not included */ + if(neg ^ ((str[x] < start) || (str[x] > end))) { + ret = NOMATCH; + break; + } + y+=3; + } + else { + int matched; + + for(matched=0;exp[y] != ']';y++) + matched |= (str[x] == exp[y]); + if(neg ^ (!matched)) + ret = NOMATCH; + } + break; + case '(': + return handle_union(&str[x],&exp[y]); + break; + case '?': + break; + case '\\': + ++y; + default: +#ifdef XP_UNIX + if(str[x] != exp[y]) +#else /* XP_WIN32 */ + if(strnicmp(str + x, exp + y, 1)) +#endif /* XP_WIN32 */ + ret = NOMATCH; + break; + } + } + if(ret) + break; + } + return (ret ? ret : (str[x] ? NOMATCH : MATCH)); +} + +NSAPI_PUBLIC int shexp_match(char *str, char *xp) { + register int x; + char *exp = STRDUP(xp); + + for(x=strlen(exp)-1;x;--x) { + if((exp[x] == '~') && (exp[x-1] != '\\')) { + exp[x] = '\0'; + if(_shexp_match(str,&exp[++x]) == MATCH) + goto punt; + break; + } + } + if(_shexp_match(str,exp) == MATCH) { + FREE(exp); + return 0; + } + + punt: + FREE(exp); + return 1; +} + + +/* ------------------------------ shexp_cmp ------------------------------- */ + + +NSAPI_PUBLIC int shexp_cmp(char *str, char *exp) +{ + switch(shexp_valid(exp)) { + case INVALID_SXP: + return -1; + case NON_SXP: +#ifdef XP_UNIX + return (strcmp(exp,str) ? 1 : 0); +#else /* XP_WIN32 */ + return (stricmp(exp,str) ? 1 : 0); +#endif /* XP_WIN32 */ + default: + return shexp_match(str, exp); + } +} + + +/* ---------------------------- shexp_casecmp ----------------------------- */ + + +NSAPI_PUBLIC int shexp_casecmp(char *str, char *exp) +{ + char *lstr = STRDUP(str), *lexp = STRDUP(exp), *t; + int ret; + + for(t = lstr; *t; t++) + if(isalpha(*t)) *t = tolower(*t); + for(t = lexp; *t; t++) + if(isalpha(*t)) *t = tolower(*t); + + switch(shexp_valid(lexp)) { + case INVALID_SXP: + ret = -1; + break; + case NON_SXP: + ret = (strcmp(lexp, lstr) ? 1 : 0); + break; + default: + ret = shexp_match(lstr, lexp); + } + FREE(lstr); + FREE(lexp); + return ret; +} + diff --git a/lib/libaccess/utest/shexp.h b/lib/libaccess/utest/shexp.h new file mode 100644 index 00000000..edc91842 --- /dev/null +++ b/lib/libaccess/utest/shexp.h @@ -0,0 +1,131 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +/* + * shexp.h: Defines and prototypes for shell exp. match routines + * + * + * This routine will match a string with a shell expression. The expressions + * accepted are based loosely on the expressions accepted by zsh. + * + * o * matches anything + * o ? matches one character + * o \ will escape a special character + * o $ matches the end of the string + * o [abc] matches one occurence of a, b, or c. The only character that needs + * to be escaped in this is ], all others are not special. + * o [a-z] matches any character between a and z + * o [^az] matches any character except a or z + * o ~ followed by another shell expression will remove any pattern + * matching the shell expression from the match list + * o (foo|bar) will match either the substring foo, or the substring bar. + * These can be shell expressions as well. + * + * The public interface to these routines is documented below. + * + * Rob McCool + * + */ + +#ifndef SHEXP_H +#define SHEXP_H + +/* + * Requires that the macro MALLOC be set to a "safe" malloc that will + * exit if no memory is available. If not under MCC httpd, define MALLOC + * to be the real malloc and play with fire, or make your own function. + */ + +#include "../netsite.h" + +#include <ctype.h> /* isalnum */ +#include <string.h> /* strlen */ + + +/* + * Wrappers for shexp/regexp + * + * Portions of code that explicitly want to have either shexp's + * or regexp's should call those functions directly. + * + * Common code bases for multiple products should use the following + * macros instead to use either shell or regular expressions, + * depending on the flavor chosen for a given server. + * + */ +#if defined(MCC_PROXY) && defined(USE_REGEX) + +#include "base/regexp.h" + +#define WILDPAT_VALID(exp) regexp_valid(exp) +#define WILDPAT_MATCH(str, exp) regexp_match(str, exp) +#define WILDPAT_CMP(str, exp) regexp_cmp(str, exp) +#define WILDPAT_CASECMP(str, exp) regexp_casecmp(str, exp) + +#else /* HTTP servers */ + +#define WILDPAT_VALID(exp) shexp_valid(exp) +#define WILDPAT_MATCH(str, exp) shexp_match(str, exp) +#define WILDPAT_CMP(str, exp) shexp_cmp(str, exp) +#define WILDPAT_CASECMP(str, exp) shexp_casecmp(str, exp) + +#endif + + +/* --------------------------- Public routines ---------------------------- */ + +NSPR_BEGIN_EXTERN_C + +/* + * shexp_valid takes a shell expression exp as input. It returns: + * + * NON_SXP if exp is a standard string + * INVALID_SXP if exp is a shell expression, but invalid + * VALID_SXP if exp is a valid shell expression + */ + +#define NON_SXP -1 +#define INVALID_SXP -2 +#define VALID_SXP 1 + +/* and generic shexp/regexp versions */ +#define NON_WILDPAT NON_SXP +#define INVALID_WILDPAT INVALID_SXP +#define VALID_WILDPAT VALID_SXP + +/* and regexp versions */ +#define NON_REGEXP NON_SXP +#define INVALID_REGEXP INVALID_SXP +#define VALID_REGEXP VALID_SXP + + +NSAPI_PUBLIC int shexp_valid(char *exp); + +/* + * shexp_match + * + * Takes a prevalidated shell expression exp, and a string str. + * + * Returns 0 on match and 1 on non-match. + */ + +NSAPI_PUBLIC int shexp_match(char *str, char *exp); + + +/* + * shexp_cmp + * + * Same as above, but validates the exp first. 0 on match, 1 on non-match, + * -1 on invalid exp. shexp_casecmp does the same thing but is case + * insensitive. + */ + +NSAPI_PUBLIC int shexp_cmp(char *str, char *exp); +NSAPI_PUBLIC int shexp_casecmp(char *str, char *exp); + +NSPR_END_EXTERN_C + +#endif + diff --git a/lib/libaccess/utest/test.ref b/lib/libaccess/utest/test.ref new file mode 100644 index 00000000..d5207382 --- /dev/null +++ b/lib/libaccess/utest/test.ref @@ -0,0 +1,234 @@ +# +# BEGIN COPYRIGHT BLOCK +# Copyright 2001 Sun Microsystems, Inc. +# Portions copyright 1999, 2001-2003 Netscape Communications Corporation. +# All rights reserved. +# END COPYRIGHT BLOCK +# +Failed ACL_FileMergeFile() test. +Method one is #1, rv=0 +Method two is #2, rv=0 +Method one repeated is #1, rv=0 +Method three is #3, rv=0 + Method[0] = "two" + Method[1] = "three" + Method[2] = "one" +DbType two is #2, rv=0 +DbType three is #3, rv=0 +DbType two repeated is #2, rv=0 +DbType four is #4, rv=0 + Database[0] = "db2" + Database[1] = "db1" + Database[2] = "db3" +position 1 +position 2 +position 3 +position 4 +aclfile0 = 0 + +aclfile1 = 1 + +aclfile2 = 1 + +aclfile3 = 1 + +aclfile4 = 0 + +aclfile5 = 0 + +aclfile6 = 0 + +aclfile7 = 1 + +aclfile8 = 0 + +aclfile9 = 3 + +ACL file: internal-buffer +Syntax error at line: 1, token: > +ACL file: internal-buffer +Syntax error at line: 2, token: junk +aclfile10 = 1 + +aclfile11 = 1 + +aclfile12 = 0 + +aclfile13 = 0 + +aclfile14 = 0 + +aclfile15 = 1 + +aclfile16 = 1 + +aclfile17 = 0 + +aclfile18 = 0 + +aclfile19 = 1 + +program = foo -1 + +program = nomatch -2 + +program = beer -1 + +program = http-grog -2 + +program = ubar -2 + +dnsalias = *? -1 + +dnsalias = aruba.mcom.com brain251.mcom.com? -1 + +dns = *? -1 + +dns != *? -2 + +dns = aruba.mcom.com? -1 + +dns = ai.mit.edu? -2 + +dns = *.ai.mit.edu? -2 + +dns = *.mit.edu? -2 + +dns = *.edu? -2 + +dns != *.edu? -1 + +mistake != *.edu? -5 + +dns > *.edu? -5 + +ip = *? -1 + +ip != *? -2 + +ip = *.*.*.*? -1 + +ip = 17.*? -1 + +ip = 17.*.*.*? -1 + +ip = 17.34.*? -1 + +ip = 17.34.*.*? -1 + +ip = 17.34.51.*? -1 + +ip = 17.34.51.*+255.255.255.255? -1 + +ip = 17.34.51.69+255.255.255.254, 123.45.67.89? -1 + +ip != 17.34.51.69+255.255.255.254, 123.45.67.89? -2 + +ip = 17.34.51.68, 17.34.51.69? -1 + +ip = 17.34.51.68, 17.34.51.69, 123.45.67.89? -1 + +ip != 17.34.51.68, 17.34.51.69, 123.45.67.89? -2 + +ip = 17.34.51.68? -1 + +ip = 17.34.51.69? -2 + +ip = 17.34.51.69+255.255.255.254? -1 + +ip = 17.34.50.69+255.255.254.0? -1 + +ip = 17.35.50.69+255.254.0.0? -1 + +ip = 16.35.50.69+254.0.0.0? -1 + +ip = 123.45.67.89? -2 + +ip != 123.45.67.89? -1 + +ip > 123.45.67.89? -5 + +ip < 123.45.67.89? -5 + +ip >= 123.45.67.89? -5 + +ip <= 123.45.67.89? -5 + +mistake <= 123.45.67.89? -5 + +time = 2120? -1 + +time != 2120? -2 + +time = 0700? -2 + +time != 0700? -1 + +time = 2400? -2 + +time != 2400? -1 + +time > 2120? -2 + +time < 2120? -2 + +time > 0700? -1 + +time < 0700? -2 + +time > 2400? -2 + +time < 2400? -1 + +time >= 2120? -1 + +time <= 2120? -1 + +time >= 0700? -1 + +time <= 0700? -2 + +time >= 2400? -2 + +time <= 2400? -1 + +mistake <= 2400? -5 + +time = 0800-2200? -1 + +time != 0800-2200? -2 + +time = 2200-0800? -2 + +time != 2200-0800? -1 + +time <= 2200-0800? -5 + += mon? -1 + += tUe? -2 + += weD? -2 + += THu? -2 + += FrI? -2 + += tUe? -2 + += Sun? -2 + += mon,tuewed,thu,frisatsun? -1 + +!= mon,tuewed,thu,frisatsun? -2 + +> Sun? -5 + +< Sun? -5 + +>= Sun? -5 + +<= Sun? -5 + +mistake <= Sun? -5 + diff --git a/lib/libaccess/utest/testmain.cpp b/lib/libaccess/utest/testmain.cpp new file mode 100644 index 00000000..4da14cee --- /dev/null +++ b/lib/libaccess/utest/testmain.cpp @@ -0,0 +1,52 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +/* + * ACL parser unit test program + */ + +#include <stdio.h> +#include <netsite.h> +#include <libaccess/acl.h> +#include <libaccess/nserror.h> +#include "../aclpriv.h" +#include <libaccess/aclproto.h> + +main(int argc, char **argv) +{ + +ACLListHandle_t *acllist; +int ii; +char filename[255]; +ACLWrapper_t *wrap; +ACLExprHandle_t *expr; + + if ( argc < 2 ) { + fprintf(stderr, "usage: aclparse <filenames>\n"); + exit(1); + } + for (ii = 1; ii < argc; ii++ ) { + acllist = ACL_ParseFile(NULL, argv[ii]); + if ( acllist == NULL ) { + printf("Failed to parse ACL.\n"); + + } else { + for (wrap = acllist->acl_list_head; wrap; + wrap = wrap->wrap_next) { + for (expr=wrap->acl->expr_list_head; + expr; + expr = expr->expr_next ) { + ACL_ExprDisplay(expr); + } + } + } + + + sprintf(filename, "%s.v30", argv[ii]); + ACL_WriteFile(NULL, filename, acllist); + ACL_ListDestroy( acllist ); + } + +} diff --git a/lib/libaccess/utest/twotest.cpp b/lib/libaccess/utest/twotest.cpp new file mode 100644 index 00000000..2d4fb503 --- /dev/null +++ b/lib/libaccess/utest/twotest.cpp @@ -0,0 +1,57 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#include <stdio.h> +#include <netsite.h> +#include <base/session.h> +#include <base/plist.h> +#include <base/ereport.h> +#include <libaccess/nserror.h> +#include <libaccess/acl.h> +#include "../aclpriv.h" +#include <libaccess/aclproto.h> +#include <libaccess/las.h> + + +extern ACLListHandle_t *ACL_ParseFile(NSErr_t *errp, char *filename); +extern ACLEvalDestroyContext(NSErr_t *errp, ACLEvalHandle_t *acleval); + +main(int arc, char **argv) +{ + int result; + int cachable; + void *las_cookie=NULL; + ACLEvalHandle_t eval; + char *rights[2]; + char *map_generic[7]; + char filename[20]; + int i; + char *bong; + char *bong_type; + char *acl_tag; + int expr_num; + + /* ACL Eval Unit Tests + */ + + rights[0] = "html_read"; + rights[1] = "html_write"; + rights[2] = NULL; + + map_generic[0] = "html_read"; + map_generic[1] = "html_write"; + map_generic[2] = "N/A"; + map_generic[3] = "html_create"; + map_generic[4] = "html_delete"; + map_generic[5] = "N/A"; + map_generic[6] = NULL; + + eval.acllist = ACL_ParseFile((NSErr_t *)NULL, argv[1]); + result = ACL_EvalTestRights(NULL, &eval, &rights[0], map_generic, &bong, &bong_type, &acl_tag, &expr_num); + ACLEvalDestroyContext(NULL, &eval); + ACL_ListDestroy(NULL, eval.acllist); + printf("%s = %d\n\n", argv[1], result); + +} diff --git a/lib/libaccess/utest/ustubs.cpp b/lib/libaccess/utest/ustubs.cpp new file mode 100644 index 00000000..ccfa3108 --- /dev/null +++ b/lib/libaccess/utest/ustubs.cpp @@ -0,0 +1,283 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#include <sys/types.h> +#include <malloc.h> +#include <string.h> +#include <base/crit.h> +#include <base/plist.h> + +#include <libaccess/nserror.h> +#include <libaccess/acl.h> +#include "../aclpriv.h" +#include <libaccess/aclproto.h> +#include <libaccess/ldapacl.h> +#include <ldaputil/dbconf.h> +#ifdef NSPR20 +#include <prprf.h> +#else +#include <nspr/prprf.h> +#endif + +NSPR_BEGIN_EXTERN_C +extern char * ACL_Program; +extern int conf_getglobals(); +extern int SPconf_getglobals(); +extern int ereport(int, char*, ...); +extern int SPereport(int, char*, ...); +extern char * GetAdminLanguage(void); +extern char * XP_GetStringFromDatabase(char *strLibraryName, char *strLanguage, int iToken); +extern void ACL_Restart(void *cntlData); +extern int XP_SetError(); +extern int XP_GetError(); +extern int acl_usr_cache_init(); +extern int acl_usr_cache_set_group(); +extern int acl_usr_cache_group_check(); +extern int sema_destroy(); +extern char *ldapu_err2string(int err); +extern int ACL_CacheFlush(void); +NSPR_END_EXTERN_C + +static char errbuf[10]; + +char * +ldapu_err2string(int err) +{ + sprintf(errbuf, "%d", err); + return errbuf; +} + + +void init_ldb_rwlock () +{ +} + +sema_destroy() +{ + return 0; +} + +#ifdef notdef +char *system_errmsg() +{ + static char errmsg[1024]; + + sprintf(errmsg, "Stubbed system_errmsg"); + return errmsg; +} +#endif + +int +ACL_CacheFlushRegister(AclCacheFlushFunc_t flush_func) +{ + return 0; +} + +acl_usr_cache_init() +{ + return 0; +} + +acl_usr_cache_group_check() +{ + return 0; +} + +acl_usr_cache_set_group() +{ + return 0; +} + +XP_SetError() +{ + return 0; +} + +XP_GetError() +{ + return 0; +} + +CRITICAL +crit_init() +{ + return (CRITICAL)1; +} + +void +crit_enter(CRITICAL c) +{ + return; +} + +void +crit_exit(CRITICAL c) +{ + return; +} + +void +crit_terminate(CRITICAL c) +{ + return; +} + +int crit_owner_is_me(CRITICAL id) +{ + return 1; +} + +symTableFindSym() +{ + return 0; +} + +int +ldap_auth_uid_groupid(LDAP *ld, char *uid, char *groupid, + char *base) +{ + return 0; +} + +LDAP * +init_ldap (char *host, int port, int use_ssl) +{ + return (LDAP *)"init_ldap_stub"; +} + +int ACL_LDAPDatabaseHandle (NSErr_t *errp, const char *dbname, LDAP **ld, + char **basedn) +{ + *ld = (LDAP *)"ACL_LDAPDatabaseHandle_stub"; + if (basedn) *basedn = strdup("unknown basedn"); + return LAS_EVAL_TRUE; +} + +#ifdef notdef +NSEFrame_t * nserrGenerate(NSErr_t * errp, long retcode, long errorid, + char * program, int errc, ...) +{ + return 0; +} +#endif + +char * ACL_Program; + +char * +LASUserGetUser() +{ + return "hmiller"; +} + +LASIpGetIp() +{ + return(0x11223344); +} + +LASDnsGetDns(char **dnsv) +{ + *dnsv = "aruba.mcom.com"; + return 0; +} + +int +ACL_DestroyList() +{ +return(0); +} + +aclCheckHosts() +{ +return(0); +} + +aclCheckUsers() +{ +return(0); +} + +char *LASGroupGetUser() +{ + return("hmiller"); +} + +int +SPconf_getglobals() +{ + return 0; +} + +int +conf_getglobals() +{ + return 0; +} + +int +SPereport(int degree, char *fmt, ...) +{ + va_list args; + char errstr[1024]; + + va_start(args, fmt); + PR_vsnprintf(&errstr[0], sizeof(errstr), fmt, args); + printf("%s", errstr); + va_end(args); + return 0; +} + +int +ereport(int degree, char *fmt, ...) +{ + va_list args; + char errstr[1024]; + + va_start(args, fmt); + PR_vsnprintf(&errstr[0], sizeof(errstr), fmt, args); + printf("%s", errstr); + va_end(args); + return 0; +} + +#ifdef notdef +int dbconf_read_config_file (const char *file, DBConfInfo_t **conf_info_out) +{ + return 0; +} +#endif + +char * +GetAdminLanguage(void) +{ + return ""; +} + +static char errstr[1024]; + +char * +XP_GetStringFromDatabase(char *strLibraryName, char *strLanguage, int iToken) +{ + sprintf(errstr, "XP_GetAdminStr called for error %d\n", iToken); + return errstr; +} + +void +ACL_Restart(void * cntlData) +{ + return; +} + +NSAPI_PUBLIC int +parse_ldap_url(NSErr_t *errp, ACLDbType_t dbtype, const char *name, const char +*url, PList_t plist, void **db) +{ + return 0; +} + +int +ACL_CacheFlush(void) +{ + return 0; +} |