summaryrefslogtreecommitdiffstats
path: root/lib/libaccess/utest
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libaccess/utest')
-rw-r--r--lib/libaccess/utest/.purify19
-rw-r--r--lib/libaccess/utest/Makefile119
-rw-r--r--lib/libaccess/utest/acl.dat12
-rw-r--r--lib/libaccess/utest/aclfile055
-rw-r--r--lib/libaccess/utest/aclfile111
-rw-r--r--lib/libaccess/utest/aclfile1013
-rw-r--r--lib/libaccess/utest/aclfile1111
-rw-r--r--lib/libaccess/utest/aclfile1211
-rw-r--r--lib/libaccess/utest/aclfile1311
-rw-r--r--lib/libaccess/utest/aclfile1411
-rw-r--r--lib/libaccess/utest/aclfile1511
-rw-r--r--lib/libaccess/utest/aclfile1611
-rw-r--r--lib/libaccess/utest/aclfile1711
-rw-r--r--lib/libaccess/utest/aclfile1819
-rw-r--r--lib/libaccess/utest/aclfile1914
-rw-r--r--lib/libaccess/utest/aclfile211
-rw-r--r--lib/libaccess/utest/aclfile311
-rw-r--r--lib/libaccess/utest/aclfile411
-rw-r--r--lib/libaccess/utest/aclfile511
-rw-r--r--lib/libaccess/utest/aclfile623
-rw-r--r--lib/libaccess/utest/aclfile711
-rw-r--r--lib/libaccess/utest/aclfile811
-rw-r--r--lib/libaccess/utest/aclfile911
-rw-r--r--lib/libaccess/utest/aclgrp010
-rw-r--r--lib/libaccess/utest/aclgrp110
-rw-r--r--lib/libaccess/utest/aclgrp210
-rw-r--r--lib/libaccess/utest/aclgrp310
-rw-r--r--lib/libaccess/utest/aclgrp410
-rw-r--r--lib/libaccess/utest/acltest.cpp796
-rw-r--r--lib/libaccess/utest/lasemail.cpp180
-rw-r--r--lib/libaccess/utest/onetest.cpp47
-rw-r--r--lib/libaccess/utest/shexp.cpp294
-rw-r--r--lib/libaccess/utest/shexp.h131
-rw-r--r--lib/libaccess/utest/test.ref234
-rw-r--r--lib/libaccess/utest/testmain.cpp52
-rw-r--r--lib/libaccess/utest/twotest.cpp57
-rw-r--r--lib/libaccess/utest/ustubs.cpp283
37 files changed, 2563 insertions, 0 deletions
diff --git a/lib/libaccess/utest/.purify b/lib/libaccess/utest/.purify
new file mode 100644
index 00000000..56b9983e
--- /dev/null
+++ b/lib/libaccess/utest/.purify
@@ -0,0 +1,19 @@
+suppress umr process_gethost
+suppress umr _door_gethostbyname_r
+suppress umr _get_hostserv_inetnetdir_byname
+suppress umr _get_hostserv_inetnetdir_byaddr
+suppress umr gethostbyname_r
+suppress umr _nsc_trydoorcall
+suppress umr LASDnsBuild
+suppress umr PR_HashString
+suppress umr mthsearch
+suppress umr Hash
+suppress umr strcmp
+suppress umr mthsearch
+suppress umr strlen
+suppress umr strdup
+suppress umr strcpy
+suppress umr PListFindValue
+suppress umr LASIpEval
+suppress umr LASDnsEval
+suppress mlk system_strdup_perm
diff --git a/lib/libaccess/utest/Makefile b/lib/libaccess/utest/Makefile
new file mode 100644
index 00000000..2acedff0
--- /dev/null
+++ b/lib/libaccess/utest/Makefile
@@ -0,0 +1,119 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+#
+#
+MCOM_ROOT=../../../..
+MODULE=LibAcl
+include ../../../nsdefs.mk
+
+OBJDEST=.
+UTESTDEST=utest
+
+include ../../../nsconfig.mk
+
+MODULE_CFLAGS=-I$(NSROOT)/include/libaccess -I$(NSROOT)/include -I$(NSROOT)/include/public -I. -DACL_LIB_INTERNAL
+
+include $(INCLUDE_DEPENDS)
+
+#TESTFLAGS = -DUTEST -DDEBUG_LEVEL_2
+TESTFLAGS = -DUTEST
+CC = $(CCC)
+
+CSRC = acltest.cpp onetest.cpp ustubs.cpp twotest.cpp
+TSRC = aclfile0 aclfile1 aclfile2 aclfile3 aclfile4 aclfile5 aclfile6 aclfile7 aclfile8 aclfile9 aclfile10 aclfile11 aclfile12 aclfile13 aclfile14 aclfile15 aclfile16 aclfile17 aclfile18 aclfile19 test.ref
+SRC = $(CSRC) $(TSRC)
+XSRC = \
+ ../oneeval.cpp \
+ ../lastod.cpp \
+ ../lasip.cpp \
+ ../aclutil.cpp \
+ ../lasdns.cpp \
+ ../acl.tab.cpp \
+ ../acl.yy.cpp \
+ ../acltools.cpp \
+ ../aclspace.cpp \
+ ../lasgroup.cpp \
+ ../lasuser.cpp \
+ ../lasprogram.cpp \
+ ../nseframe.cpp \
+ ../aclcache.cpp \
+ ../register.cpp \
+ ../symbols.cpp \
+ ../method.cpp \
+ ../authdb.cpp
+
+COBJ = $(CSRC:%.cpp=%.o)
+XOBJ = $(XSRC:../%.cpp=%.o)
+
+# This may be needed for other platforms too
+ifeq ($(ARCH), IRIX)
+XLIBS = -rpath $(LDAP_LIBPATH)
+endif
+
+ifeq ($(ARCH), HPUX)
+XLIBS = -lpthread
+endif
+ifeq ($(ARCH), SOLARIS)
+XLIBS = -lsocket -lnsl -ldl -lposix4
+endif
+
+XLIBS+= $(OBJDIR)/lib/base/plist.o \
+ $(OBJDIR)/lib/base/pool.o \
+ $(OBJDIR)/lib/base/util.o \
+ $(OBJDIR)/lib/base/ereport.o \
+ $(OBJDIR)/lib/base/system.o \
+ $(OBJDIR)/lib/base/shexp.o \
+ $(OBJDIR)/lib/base/pblock.o \
+ $(OBJDIR)/lib/base/file.o \
+ $(OBJDIR)/lib/base/systhr.o \
+ $(OBJDIR)/lib/base/nscperror.o \
+ $(OBJDIR)/lib/libldapu.a \
+ $(LIBNSPR)
+
+all: $(COBJ) $(TSRC) acltest
+ ./acltest > test.out
+ diff test.ref test.out
+ @echo
+ @echo "The unit test is passed if there is no diff output, and the"
+ @echo "Purify window shows no errors and 0 bytes leaked."
+ @echo
+ @echo "Run - gmake coverage - manually to get code coverage analysis."
+ @echo
+
+aclparse: ustubs.o testmain.o $(XOBJ)
+ purify $(CC) -o aclparse testmain.o $(XOBJ) ustubs.o $(XLIBS)
+
+aclparse.pure: acl.tab.o acl.yy.o testmain.o acltools.o ustubs.o
+ purify -user-path=.. $(CC) -o aclparse.pure $(XOBJ) ustubs.o $(XLIBS)
+
+onetest: onetest.o ustubs.o $(XOBJ)
+ $(CC) -o onetest onetest.o $(XOBJ) ustubs.o $(XLIBS)
+
+twotest: twotest.o ustubs.o $(XOBJ)
+ $(CC) -o twotest twotest.o $(XOBJ) ustubs.o $(XLIBS)
+
+acltest: acltest.o ustubs.o $(XOBJ)
+# purify $(CC) -o acltest acltest.o $(XOBJ) ustubs.o $(XLIBS)
+ $(CC) -o acltest acltest.o $(XOBJ) ustubs.o $(XLIBS)
+
+coverage: acltest.o ustubs.o $(XOBJ)
+ purecov $(CC) -o acltestcov acltest.o $(XOBJ) ustubs.o $(XLIBS)
+ rm -f *.pcv
+ acltestcov
+
+lasemail: lasemail.o
+ $(LD) -G -h lasemail.so -o lasemail.so lasemail.o
+
+#$(XOBJ): $(XSRC)
+# cd ..; gmake OBJDEST=$(UTESTDEST) CC=$(OCC) TESTFLAGS=$(TESTFLAGS)
+
+%.o:../%.c
+ $(CC) -c $(CFLAGS) $(TESTFLAGS) $(MCC_INCLUDE) -I.. $< -o $(OBJDEST)/$*.o
+
+%.o:../%.cpp
+ $(CC) -c $(CFLAGS) $(TESTFLAGS) $(MCC_INCLUDE) -I.. $< -o $(OBJDEST)/$*.o
diff --git a/lib/libaccess/utest/acl.dat b/lib/libaccess/utest/acl.dat
new file mode 100644
index 00000000..d640adca
--- /dev/null
+++ b/lib/libaccess/utest/acl.dat
@@ -0,0 +1,12 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+
+acl davids;
+
+deny (all) dns=aruba.mcom.com;
diff --git a/lib/libaccess/utest/aclfile0 b/lib/libaccess/utest/aclfile0
new file mode 100644
index 00000000..8bb2a428
--- /dev/null
+++ b/lib/libaccess/utest/aclfile0
@@ -0,0 +1,55 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile0;
+deny with uri="test";
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
+
+acl aclfile0.0;
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
+acl aclfile0.1;
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
+acl aclfile0.2;
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
+acl aclfile0.3;
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
+acl aclfile0.4;
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
+acl aclfile0.5;
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
+acl aclfile0.6;
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
+acl aclfile0.7;
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
+acl aclfile0.8;
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
+acl aclfile0.9;
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
+acl aclfile0.10;
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
+acl aclfile0.11;
+allow (read, write, execute) (timeofday<2100);
+acl aclfile0.12;
+authenticate (user, group) {
+ database=franco;
+ method=basic;
+};
+allow (read, write, execute) (timeofday<2100);
+allow (read, write, execute) (dayofweek!=sun or ip="255.255.255.255+*.*.*.*, 255.255.0.0+190.198.162.1");
diff --git a/lib/libaccess/utest/aclfile1 b/lib/libaccess/utest/aclfile1
new file mode 100644
index 00000000..e148f1a1
--- /dev/null
+++ b/lib/libaccess/utest/aclfile1
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile1;
+deny (read, write, execute) (timeofday<2100);
+deny (read, write, execute) (dayofweek!=sun);
diff --git a/lib/libaccess/utest/aclfile10 b/lib/libaccess/utest/aclfile10
new file mode 100644
index 00000000..f0f5a223
--- /dev/null
+++ b/lib/libaccess/utest/aclfile10
@@ -0,0 +1,13 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile10;
+deny absolute (read) ip="17.34.*";
+allow (read,write) timeofday>1700;
+deny (read) dns="*.mcom.com";
+allow (read,write) dayofweek=mon;
diff --git a/lib/libaccess/utest/aclfile11 b/lib/libaccess/utest/aclfile11
new file mode 100644
index 00000000..9fe73cb2
--- /dev/null
+++ b/lib/libaccess/utest/aclfile11
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile11;
+allow (read) (timeofday<2100);
+allow (html_write, execute) (dayofweek!=sun);
diff --git a/lib/libaccess/utest/aclfile12 b/lib/libaccess/utest/aclfile12
new file mode 100644
index 00000000..ac154d7a
--- /dev/null
+++ b/lib/libaccess/utest/aclfile12
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile12;
+allow (read) (timeofday<2100);
+allow (read, html_write, execute) (dayofweek!=sun);
diff --git a/lib/libaccess/utest/aclfile13 b/lib/libaccess/utest/aclfile13
new file mode 100644
index 00000000..7334d03d
--- /dev/null
+++ b/lib/libaccess/utest/aclfile13
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile13;
+allow (read) (ip="17.34.1.1+255.255.0.0");
+allow (html_write) (dns!="*.microsoft.com");
diff --git a/lib/libaccess/utest/aclfile14 b/lib/libaccess/utest/aclfile14
new file mode 100644
index 00000000..5fc5c706
--- /dev/null
+++ b/lib/libaccess/utest/aclfile14
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile14;
+allow (read, write) (ip="17.34.*");
+deny (write) (dns!="*.mcom.com");
diff --git a/lib/libaccess/utest/aclfile15 b/lib/libaccess/utest/aclfile15
new file mode 100644
index 00000000..2d8701ec
--- /dev/null
+++ b/lib/libaccess/utest/aclfile15
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile15;
+allow (html_read, write) (dns="*.mcom.com");
+deny (read) (ip="17.34.*");
diff --git a/lib/libaccess/utest/aclfile16 b/lib/libaccess/utest/aclfile16
new file mode 100644
index 00000000..54ce99f8
--- /dev/null
+++ b/lib/libaccess/utest/aclfile16
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile16;
+allow (html_read, write) (dns="*.mcom.com");
+deny (read) (ip="17.34.1.1 + 255.255.0.0");
diff --git a/lib/libaccess/utest/aclfile17 b/lib/libaccess/utest/aclfile17
new file mode 100644
index 00000000..128076f3
--- /dev/null
+++ b/lib/libaccess/utest/aclfile17
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile17;
+allow absolute (all) (dns="*.mcom.com");
+deny (read) (ip="17.34.1.1+255.255.0.0");
diff --git a/lib/libaccess/utest/aclfile18 b/lib/libaccess/utest/aclfile18
new file mode 100644
index 00000000..4a80bc27
--- /dev/null
+++ b/lib/libaccess/utest/aclfile18
@@ -0,0 +1,19 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile18;
+authenticate (user) {
+ method=SSL;
+ database=LDAP;
+};
+allow (read, write, execute, create) dns="*.mcom.com";
+authenticate (user) {
+ method=basic;
+ database=20;
+};
+allow (read, write, execute, create) (timeofday>1700 or timeofday<0800);
diff --git a/lib/libaccess/utest/aclfile19 b/lib/libaccess/utest/aclfile19
new file mode 100644
index 00000000..4433f4c7
--- /dev/null
+++ b/lib/libaccess/utest/aclfile19
@@ -0,0 +1,14 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile19A;
+deny (read, write, execute, create) dns!="*.mcom.com";
+allow absolute (read) ((timeofday>1700 or timeofday<0800) or dayofweek=satsunmon);
+
+acl aclfile19B;
+deny (write) dns="*.mcom.com";
diff --git a/lib/libaccess/utest/aclfile2 b/lib/libaccess/utest/aclfile2
new file mode 100644
index 00000000..eee5c30c
--- /dev/null
+++ b/lib/libaccess/utest/aclfile2
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile2;
+deny (read) (timeofday<2100);
+deny (read) (dayofweek!=sun);
diff --git a/lib/libaccess/utest/aclfile3 b/lib/libaccess/utest/aclfile3
new file mode 100644
index 00000000..094c1abe
--- /dev/null
+++ b/lib/libaccess/utest/aclfile3
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile3;
+allow (read) (timeofday<2100);
+allow (read) (dayofweek!=sun);
diff --git a/lib/libaccess/utest/aclfile4 b/lib/libaccess/utest/aclfile4
new file mode 100644
index 00000000..befc7b4b
--- /dev/null
+++ b/lib/libaccess/utest/aclfile4
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile4;
+allow (read) (timeofday>0700);
+allow (write) (dayofweek!=sun);
diff --git a/lib/libaccess/utest/aclfile5 b/lib/libaccess/utest/aclfile5
new file mode 100644
index 00000000..8b0e1e8d
--- /dev/null
+++ b/lib/libaccess/utest/aclfile5
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile5;
+allow (read) (ip="17.34.*");
+allow (write) (dns!="*.microsoft.com");
diff --git a/lib/libaccess/utest/aclfile6 b/lib/libaccess/utest/aclfile6
new file mode 100644
index 00000000..9646b548
--- /dev/null
+++ b/lib/libaccess/utest/aclfile6
@@ -0,0 +1,23 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile6;
+allow (read,
+write) (ip="17.34.*");
+allow (read, write) (ip="17.34.*");
+allow (read, write) (ip="17.34.*");
+allow (read, write) (ip="17.34.*");
+allow (read, write) (ip="17.34.*");
+allow (read, write) (ip="17.34.*");
+deny (write)
+(dns!="*.mcom.com");
+deny (write) (dns!="*.mcom.com");
+deny (write) (dns!="*.mcom.com");
+deny (write) (dns!="*.mcom.com");
+deny (write) (dns!="*.mcom.com");
+deny (write) (dns!="*.mcom.com");
diff --git a/lib/libaccess/utest/aclfile7 b/lib/libaccess/utest/aclfile7
new file mode 100644
index 00000000..d8f9aa13
--- /dev/null
+++ b/lib/libaccess/utest/aclfile7
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile7;
+allow (read,write) (dns="*.mcom.com");
+deny (read) (ip="17.34.*");
diff --git a/lib/libaccess/utest/aclfile8 b/lib/libaccess/utest/aclfile8
new file mode 100644
index 00000000..b11cfe7e
--- /dev/null
+++ b/lib/libaccess/utest/aclfile8
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile8;
+allow (read, write, execute, create) dns="*.mcom.com";
+allow (read, write, execute, create) (timeofday>1700 or timeofday<0800);
diff --git a/lib/libaccess/utest/aclfile9 b/lib/libaccess/utest/aclfile9
new file mode 100644
index 00000000..2a0ab35e
--- /dev/null
+++ b/lib/libaccess/utest/aclfile9
@@ -0,0 +1,11 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclfile9;
+deny (read) ip="*.34.*+*.128.*.0";
+allow (read, write, execute, create) ((timeofday>1700 or timeofday<0800) or dayofweek=satsunmon);
diff --git a/lib/libaccess/utest/aclgrp0 b/lib/libaccess/utest/aclgrp0
new file mode 100644
index 00000000..ba08fbf1
--- /dev/null
+++ b/lib/libaccess/utest/aclgrp0
@@ -0,0 +1,10 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclgrp0;
+allow (read, write, execute) (group = marketing or group!="Directory Administrators");
diff --git a/lib/libaccess/utest/aclgrp1 b/lib/libaccess/utest/aclgrp1
new file mode 100644
index 00000000..7a804404
--- /dev/null
+++ b/lib/libaccess/utest/aclgrp1
@@ -0,0 +1,10 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclgrp1;
+allow (read, write, execute) (group!="Directory Administrators");
diff --git a/lib/libaccess/utest/aclgrp2 b/lib/libaccess/utest/aclgrp2
new file mode 100644
index 00000000..13938c19
--- /dev/null
+++ b/lib/libaccess/utest/aclgrp2
@@ -0,0 +1,10 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclgrp2;
+allow (read, write, execute) (group=marketing);
diff --git a/lib/libaccess/utest/aclgrp3 b/lib/libaccess/utest/aclgrp3
new file mode 100644
index 00000000..30b44d5c
--- /dev/null
+++ b/lib/libaccess/utest/aclgrp3
@@ -0,0 +1,10 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclgrp3;
+allow (read, write, execute) (group>"Directory Admin,marketing");
diff --git a/lib/libaccess/utest/aclgrp4 b/lib/libaccess/utest/aclgrp4
new file mode 100644
index 00000000..5b07d6c2
--- /dev/null
+++ b/lib/libaccess/utest/aclgrp4
@@ -0,0 +1,10 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+version 3.0;
+acl aclgrp4;
+allow (read, write, execute) (group = " marketing ,, Directory Administrators ,, ");
diff --git a/lib/libaccess/utest/acltest.cpp b/lib/libaccess/utest/acltest.cpp
new file mode 100644
index 00000000..c643f873
--- /dev/null
+++ b/lib/libaccess/utest/acltest.cpp
@@ -0,0 +1,796 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#include <stdio.h>
+#include <netsite.h>
+#include <base/session.h>
+#include <base/daemon.h>
+#include <base/systhr.h>
+#include <libaccess/nserror.h>
+#include <libaccess/acl.h>
+#include "../aclpriv.h"
+#include <libaccess/aclproto.h>
+#include "../aclcache.h"
+#include <libaccess/las.h>
+
+
+extern ACLListHandle_t *ACL_ParseFile(NSErr_t *errp, char *filename);
+
+int
+TestEvalFunc(NSErr_t *errp, char *attr, CmpOp_t comparator,
+ char *attr_pattern, ACLCachable_t *cachable,
+ void **las_cookie, PList_t subject, PList_t resource,
+ PList_t auth_info, PList_t global_auth)
+{
+ return 0;
+}
+
+void
+TestFlushFunc(void **cookie)
+{
+ return;
+}
+
+static int parse_dburl (NSErr_t *errp, ACLDbType_t dbtype,
+ const char *dbname, const char *url,
+ PList_t plist, void **db)
+{
+ *db = strdup(url);
+ return 0;
+}
+
+
+main()
+{
+ ACLListHandle_t *acl_list;
+ int result;
+ ACLCachable_t cachable = 0;
+ void *las_cookie=NULL;
+ ACLEvalHandle_t eval;
+ char *rights[3];
+ char filename[20];
+ char newfilename[25];
+ int i;
+ char *map_generic[7];
+ LASEvalFunc_t Eval_funcp;
+ LASFlushFunc_t Flush_funcp;
+ char *bong;
+ char *bong_type;
+ char *acl_tag;
+ int expr_num;
+ int ii;
+ char **name_list;
+ ACLMethod_t method=NULL;
+ ACLDbType_t dbtype=NULL;
+ int rv;
+ ACLAttrGetterList_t aglist;
+ ACLAttrGetter_t *agptr;
+ char **names;
+ int cnt;
+
+ systhread_init("acl_utest");
+
+ char *acl_file_list[3] = {"aclfile6", "aclfile7", NULL};
+ char *new_filename = "merge6_7";
+ char *acl_name_list[3] = {"aclfile6", "aclfile7", NULL};
+ char *new_aclname = "merge6_7";
+ char *bad_acl_file_list[3] = {"bad_aclfile6", "bad_aclfile7", NULL};
+
+ if ( ACL_FileMergeFile(NULL, new_filename, bad_acl_file_list, 0) < 0 ) {
+ printf("Failed ACL_FileMergeFile() test.\n");
+ }
+
+ if ( ACL_FileMergeFile(NULL, new_filename, acl_file_list, 0) < 0 ) {
+ printf("Failed ACL_FileMergeFile() test.\n");
+ }
+
+ if ( ACL_FileMergeAcl(NULL, new_filename, acl_name_list, new_aclname, 0) < 0 ) {
+ printf("Failed ACL_FileMergeAcl() test.\n");
+ }
+
+ /* LAS Registration Unit Tests */
+
+ ACL_Init();
+
+ rv = ACL_MethodRegister(NULL, "one", &method);
+ printf("Method one is #%d, rv=%d\n", (int)method, rv);
+
+ rv = ACL_MethodRegister(NULL, "two", &method);
+ printf("Method two is #%d, rv=%d\n", (int)method, rv);
+
+ rv = ACL_MethodRegister(NULL, "one", &method);
+ printf("Method one repeated is #%d, rv=%d\n", (int)method, rv);
+
+ rv = ACL_MethodRegister(NULL, "three", &method);
+ printf("Method three is #%d, rv=%d\n", (int)method, rv);
+
+ rv = ACL_MethodNamesGet(NULL, &names, &cnt);
+
+ for(i = 0; i < cnt; i++) {
+ printf("\tMethod[%d] = \"%s\"\n", i, names[i]);
+ }
+
+ ACL_MethodNamesFree(NULL, names, cnt);
+
+ if (!ACL_MethodIsEqual(NULL, method, method)) {
+ printf("Error comparing methods");
+ }
+
+ if (!ACL_MethodNameIsEqual(NULL, method, "three")) {
+ printf("Error comparing method by name");
+ }
+
+ /* Since LDAP is already registered by ACL_Init, the first number
+ * we'll get is actually 2.
+ */
+ rv = ACL_DbTypeRegister(NULL, "two", parse_dburl, &dbtype);
+ printf("DbType two is #%d, rv=%d\n", (int)dbtype, rv);
+
+ rv = ACL_DbTypeRegister(NULL, "three", parse_dburl, &dbtype);
+ printf("DbType three is #%d, rv=%d\n", (int)dbtype, rv);
+
+ rv = ACL_DbTypeRegister(NULL, "two", parse_dburl, &dbtype);
+ printf("DbType two repeated is #%d, rv=%d\n", (int)dbtype, rv);
+
+ rv = ACL_DbTypeRegister(NULL, "four", parse_dburl, &dbtype);
+ printf("DbType four is #%d, rv=%d\n", (int)dbtype, rv);
+
+ if (!ACL_DbTypeIsEqual(NULL, dbtype, dbtype)) {
+ printf("Error comparing dbtypes\n");
+ }
+
+ if (!ACL_DbTypeNameIsEqual(NULL, dbtype, "four")) {
+ printf("Error comparing dbtype by name\n");
+ }
+
+ rv = ACL_DatabaseRegister(NULL, dbtype, "db1", "url for db1", NULL);
+ if (rv < 0) {
+ printf("ACL_DatabaseRegister failed for db1\n");
+ }
+
+ rv = ACL_DatabaseRegister(NULL, dbtype, "db2", "url for db2", NULL);
+ if (rv < 0) {
+ printf("ACL_DatabaseRegister failed for db2\n");
+ }
+
+ rv = ACL_DatabaseRegister(NULL, dbtype, "db3", "url for db3", NULL);
+ if (rv < 0) {
+ printf("ACL_DatabaseRegister failed for db3\n");
+ }
+
+ rv = ACL_DatabaseNamesGet(NULL, &names, &cnt);
+
+ for(i = 0; i < cnt; i++) {
+ printf("\tDatabase[%d] = \"%s\"\n", i, names[i]);
+ }
+
+ if (ACL_AttrGetterRegister(NULL, "attr", (ACLAttrGetterFn_t)2, (ACLMethod_t)10, (ACLDbType_t)20, ACL_AT_FRONT, NULL)) {
+ printf("Error registering attr getter\n");
+ }
+
+ if (ACL_AttrGetterRegister(NULL, "attr", (ACLAttrGetterFn_t)3, (ACLMethod_t)10, (ACLDbType_t)20, ACL_AT_END, NULL)) {
+ printf("Error registering attr getter\n");
+ }
+
+ if (ACL_AttrGetterRegister(NULL, "attr", (ACLAttrGetterFn_t)1, (ACLMethod_t)10, (ACLDbType_t)20, ACL_AT_FRONT, NULL)) {
+ printf("Error registering attr getter\n");
+ }
+
+ if (ACL_AttrGetterRegister(NULL, "attr", (ACLAttrGetterFn_t)4, (ACLMethod_t)10, (ACLDbType_t)20, ACL_AT_END, NULL)) {
+ printf("Error registering attr getter\n");
+ }
+
+ if (ACL_AttrGetterFind(NULL, "attr", &aglist)) {
+ printf("Error finding attr getter\n");
+ }
+
+ for (i = 0, agptr = ACL_AttrGetterFirst(&aglist);
+ i < 4;
+ i++, agptr = ACL_AttrGetterNext(&aglist, agptr)) {
+
+ if (agptr) {
+ printf("position %d\n", (int)(agptr->fn));
+ }
+ else {
+ printf("***Error: missing getter ***\n");
+ }
+ }
+
+#ifndef XP_WIN32
+ if (ACL_LasRegister(NULL, "test_attr", TestEvalFunc, TestFlushFunc)) {
+ printf("Error registering Test LAS functions\n");
+ }
+ ACL_LasFindEval(NULL, "test_attr", &Eval_funcp);
+ if (Eval_funcp != TestEvalFunc) {
+ printf("Error finding Eval function - expecting %x, got %x\n",
+ TestEvalFunc, Eval_funcp);
+ }
+ ACL_LasFindFlush(NULL, "test_attr", &Flush_funcp);
+ if (Flush_funcp != TestFlushFunc) {
+ printf("Error finding Flush function - expecting %x, got %x\n",
+ TestFlushFunc, Flush_funcp);
+ }
+ ACL_LasFindEval(NULL, "wrong_attr", &Eval_funcp);
+ if (Eval_funcp != NULL) {
+ printf("Error finding Eval function - expecting NULL, got %x\n",
+ Eval_funcp);
+ }
+ ACL_LasFindFlush(NULL, "wrong_attr", &Flush_funcp);
+ if (Flush_funcp != NULL) {
+ printf("Error finding Flush function - expecting NULL, got %x\n",
+ Flush_funcp);
+ }
+#endif /* !XP_WIN32 */
+
+ /* ACL Eval Unit Tests
+ */
+ rights[0] = "http_get";
+ rights[1] = "http_post";
+ rights[2] = NULL;
+
+ eval.subject = NULL;
+ eval.resource = NULL;
+
+ for (i=0; i<10; i++) {
+ sprintf(filename, "aclfile%d", i);
+ eval.acllist = ACL_ParseFile((NSErr_t *)NULL, filename);
+ if ( eval.acllist == NULL ) {
+ printf("Couldn't parse.\n");
+ continue;
+ }
+
+ sprintf(newfilename, "%s.v30", filename);
+ if ( ACL_WriteFile(NULL, newfilename, eval.acllist) < 0) {
+ printf("Couldn't write %s.\n", newfilename);
+ }
+ result = ACL_EvalTestRights(NULL, &eval, &rights[0],
+ http_generic, &bong, &bong_type, &acl_tag, &expr_num);
+ ACL_ListDestroy(NULL, eval.acllist);
+ printf("%s = %d\n\n", filename, result);
+ }
+
+/********************************************************************
+
+ TEST #1
+
+ TEST ACL_ParseString()
+ TEST ACL_WriteFile()
+ TEST ACL_ParseFile()
+ TEST ACL_ListFind()
+
+*********************************************************************/
+ acl_list = ACL_ParseString((NSErr_t *)NULL,
+ "version 3.0; acl > franco;");
+ if ( acl_list != NULL ) {
+ ACL_ListDestroy(NULL, acl_list);
+ printf("Test #1a fails parsed invalid ACL\n");
+ goto skip_test;
+ }
+
+ acl_list = ACL_ParseString((NSErr_t *)NULL,
+ "version 3.0; acl franco; \nallow (read) user=franco;");
+ if ( acl_list == NULL ) {
+ printf("Test #1b fails couldn't parse valid ACL\n");
+ goto skip_test;
+ } else {
+ if ( ACL_WriteFile(NULL, "buffer", acl_list) < 0) {
+ printf("Test #1b, couldn't write %s.\n", "buffer");
+ }
+ ACL_ListDestroy(NULL, acl_list);
+ }
+
+ acl_list = ACL_ParseString((NSErr_t *)NULL,
+ "version 3.0; acl franco; \njunk (read) user=franco;");
+
+ if ( acl_list != NULL ) {
+ printf("Test #1c failed missed syntax error\n");
+ ACL_ListDestroy(NULL, acl_list);
+ goto skip_test;
+ }
+
+ acl_list = ACL_ParseString((NSErr_t *)NULL,
+ "version 3.0; acl franco; \nallow (read) user=franco;");
+
+ if ( acl_list == NULL ) {
+ printf("Test #1d couldn't parse valid ACL\n");
+ } else {
+ ACL_ListDestroy(NULL, acl_list);
+ goto skip_test;
+ }
+
+ acl_list= ACL_ParseFile((NSErr_t *)NULL, "buffer");
+ if ( acl_list == NULL ) {
+ printf("Test #1e, couldn't perform ACL_ParseFile(buffer)\n");
+ goto skip_test;
+ } else {
+ if ( ACL_ListFind(NULL, acl_list, "franco", ACL_CASE_INSENSITIVE) == NULL ) {
+ printf("Test #1e, couldn't find %s in %s.\n", "franco", "buffer");
+ }
+ ACL_ListDestroy(NULL, acl_list);
+ }
+
+/********************************************************************
+
+ TEST #2
+
+ TEST ACL_FileDeleteAcl()
+ TEST ACL_ParseFile()
+ TEST ACL_ListFind()
+
+*********************************************************************/
+ if ( ACL_FileDeleteAcl(NULL, "buffer", "franco", ACL_CASE_INSENSITIVE) < 0) {
+ printf("Test #2, couldn't write %s.\n", "buffer");
+ }
+ acl_list= ACL_ParseFile((NSErr_t *)NULL, "buffer");
+ if ( acl_list == NULL ) {
+ printf("Test #2, couldn't perform ACL_ParseFile(buffer)\n");
+ goto skip_test;
+ } else {
+ if ( ACL_ListFind(NULL, acl_list, "franco", ACL_CASE_INSENSITIVE) ) {
+ printf("Couldn't delete %s from %s.\n", "franco", "buffer");
+ }
+ ACL_ListDestroy(NULL, acl_list);
+ }
+
+/********************************************************************
+
+ TEST #3
+
+ TEST ACL_FileSetAcl()
+ TEST ACL_ParseFile()
+ TEST ACL_ListFind()
+
+*********************************************************************/
+ if ( ACL_FileSetAcl(NULL, "buffer",
+ "version 3.0; acl FileSetAcl; \nallow (read) user=franco;",
+ ACL_CASE_INSENSITIVE)< 0) {
+ printf("Test #3, couldn't ACL_FileSetACL(%s).\n", "FileSetAcl");
+ }
+ if ( ACL_FileSetAcl(NULL, "buffer",
+ "version 3.0; acl franco; \nallow (read) user=franco;",
+ ACL_CASE_INSENSITIVE)< 0) {
+ printf("Test #3, couldn't ACL_FileSetACL(%s).\n", "franco");
+ }
+ acl_list= ACL_ParseFile((NSErr_t *)NULL, "buffer");
+ if ( acl_list == NULL ) {
+ printf("Test #3, couldn't perform ACL_ParseFile(buffer)\n");
+ goto skip_test;
+ } else {
+ if ( ACL_ListFind(NULL, acl_list, "franco", ACL_CASE_INSENSITIVE) == NULL) {
+ printf("Test #3, couldn't set %s in %s.\n", "franco", "buffer");
+ }
+ if ( ACL_ListFind(NULL, acl_list, "filesetacl", ACL_CASE_INSENSITIVE) == NULL) {
+ printf("Test #3, couldn't set %s in %s.\n", "filesetacl", "buffer");
+ }
+ ACL_ListDestroy(NULL, acl_list);
+ }
+
+/********************************************************************
+
+ TEST #4
+
+ TEST ACL_FileRenameAcl()
+ TEST ACL_ParseFile()
+ TEST ACL_ListFind()
+
+*********************************************************************/
+ if ( ACL_FileRenameAcl(NULL, "buffer", "FileSetAcl", "loser", ACL_CASE_INSENSITIVE)< 0) {
+ printf("Test #4, fail ACL_FileRenameACL(filesetacl, loser).\n");
+ }
+ if ( ACL_FileRenameAcl(NULL, "buffer", "franco", "bigdogs",
+ ACL_CASE_INSENSITIVE)< 0) {
+ printf("Test #4, fail ACL_FileRenameACL(franco, bigdogs).\n");
+ }
+ acl_list= ACL_ParseFile((NSErr_t *)NULL, "buffer");
+ if ( acl_list == NULL ) {
+ printf("Test #3, couldn't perform ACL_ParseFile(buffer)\n");
+ goto skip_test;
+ } else {
+ if ( ACL_ListFind(NULL, acl_list, "loser", ACL_CASE_INSENSITIVE) == NULL) {
+ printf("Test #4, fail rename %s in %s.\n", "loser", "buffer");
+ }
+ if ( ACL_ListFind(NULL, acl_list, "bigdogs", ACL_CASE_INSENSITIVE) == NULL) {
+ printf("Test #4, fail rename %s in %s.\n", "bigdogs", "buffer");
+ }
+ if ( ACL_ListGetNameList(NULL, acl_list, &name_list) < 0 ) {
+ printf("Test #4, yikes, the GetNameList failed.\n");
+ } else {
+ for (ii = 0; name_list[ii]; ii++)
+ printf("ACL %s\n", name_list[ii]);
+ ACL_NameListDestroy(NULL, name_list);
+ }
+ ACL_ListDestroy(NULL, acl_list);
+ }
+
+
+
+
+skip_test:
+/********************************************************************
+
+ END
+
+*********************************************************************/
+
+ rights[0] = "html_read";
+ rights[1] = "html_write";
+
+ map_generic[0] = "html_read";
+ map_generic[1] = "html_write";
+ map_generic[2] = "N/A";
+ map_generic[3] = "html_create";
+ map_generic[4] = "html_delete";
+ map_generic[5] = "N/A";
+ map_generic[6] = NULL;
+
+ for (i=10; i<20; i++) {
+ sprintf(filename, "aclfile%d", i);
+ eval.acllist = ACL_ParseFile((NSErr_t *)NULL, filename);
+ if ( eval.acllist == NULL ) {
+ printf("Parse failed.\n");
+ continue;
+ }
+ result = ACL_EvalTestRights(NULL, &eval, &rights[0], map_generic, &bong, &bong_type, &acl_tag, &expr_num);
+ ACL_ListDestroy(NULL, eval.acllist);
+ printf("%s = %d\n\n", filename, result);
+ }
+
+ /*
+ * Program LAS Unit Tests
+ */
+ char *groups[32] = {
+ "http-foo",
+ "http-bar",
+ "http-grog",
+ NULL
+ };
+ char *programs[32] = {
+ "foo, fubar, frobozz",
+ "bar, shoo, fly",
+ "grog, beer",
+ NULL
+ };
+ struct program_groups program_groups;
+ program_groups.groups = groups;
+ program_groups.programs = programs;
+
+ result = LASProgramEval(NULL, "program", CMP_OP_EQ, "http-foo, http-bar,http-grog", &cachable, &las_cookie, (PList_t)"foo", (PList_t)&program_groups, NULL, NULL);
+ printf("program = foo %d\n\n", result);
+
+
+ result = LASProgramEval(NULL, "program", CMP_OP_EQ, "http-foo, http-bar,http-grog", &cachable, &las_cookie, (PList_t)"nomatch", (PList_t)&program_groups, NULL, NULL);
+ printf("program = nomatch %d\n\n", result);
+
+
+ result = LASProgramEval(NULL, "program", CMP_OP_EQ, "http-foo, http-bar,http-grog", &cachable, &las_cookie, (PList_t)"beer", (PList_t)&program_groups, NULL, NULL);
+ printf("program = beer %d\n\n", result);
+
+
+ result = LASProgramEval(NULL, "program", CMP_OP_EQ, "http-foo, http-bar, http-grog", &cachable, &las_cookie, (PList_t)"http-grog", (PList_t)&program_groups, NULL, NULL);
+ printf("program = http-grog %d\n\n", result);
+
+ result = LASProgramEval(NULL, "program", CMP_OP_EQ, "http-foo", &cachable, &las_cookie, (PList_t)"ubar", (PList_t)&program_groups, NULL, NULL);
+ printf("program = ubar %d\n\n", result);
+
+
+ /*
+ * DNS LAS Unit Tests
+ */
+
+ result = LASDnsEval(NULL, "dnsalias", CMP_OP_EQ, "*", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("dnsalias = *? %d\n\n", result);
+
+ LASDnsFlush(&las_cookie);
+
+ result = LASDnsEval(NULL, "dnsalias", CMP_OP_EQ, "aruba.mcom.com brain251.mcom.com", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("dnsalias = aruba.mcom.com brain251.mcom.com? %d\n\n", result);
+
+ LASDnsFlush(&las_cookie);
+
+ result = LASDnsEval(NULL, "dns", CMP_OP_EQ, "*", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("dns = *? %d\n\n", result);
+
+ result = LASDnsEval(NULL, "dns", CMP_OP_NE, "*", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("dns != *? %d\n\n", result);
+
+ LASDnsFlush(&las_cookie);
+
+ result = LASDnsEval(NULL, "dns", CMP_OP_EQ, "aruba.mcom.com", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("dns = aruba.mcom.com? %d\n\n", result);
+
+ LASDnsFlush(&las_cookie);
+
+ result = LASDnsEval(NULL, "dns", CMP_OP_EQ, "ai.mit.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("dns = ai.mit.edu? %d\n\n", result);
+
+ LASDnsFlush(&las_cookie);
+
+ result = LASDnsEval(NULL, "dns", CMP_OP_EQ, "*.ai.mit.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("dns = *.ai.mit.edu? %d\n\n", result);
+
+ LASDnsFlush(&las_cookie);
+
+ result = LASDnsEval(NULL, "dns", CMP_OP_EQ, "*.mit.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("dns = *.mit.edu? %d\n\n", result);
+
+ LASDnsFlush(&las_cookie);
+
+ result = LASDnsEval(NULL, "dns", CMP_OP_EQ, "*.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("dns = *.edu? %d\n\n", result);
+
+ LASDnsFlush(&las_cookie);
+
+ result = LASDnsEval(NULL, "dns", CMP_OP_NE, "*.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("dns != *.edu? %d\n\n", result);
+
+ LASDnsFlush(&las_cookie);
+
+ result = LASDnsEval(NULL, "mistake", CMP_OP_NE, "*.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("mistake != *.edu? %d\n\n", result);
+
+ LASDnsFlush(&las_cookie);
+
+ result = LASDnsEval(NULL, "dns", CMP_OP_GT, "*.edu", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("dns > *.edu? %d\n\n", result);
+
+ LASDnsFlush(&las_cookie);
+
+
+ /*
+ * IP LAS Unit Tests
+ */
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "*", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = *? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_NE, "*", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip != *? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "*.*.*.*", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = *.*.*.*? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.*", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.*? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.*.*.*", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.*.*.*? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.*", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.34.*? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.*.*", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.34.*.*? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.*", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.34.51.*? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.*+255.255.255.255", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.34.51.*+255.255.255.255? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.69+255.255.255.254, 123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.34.51.69+255.255.255.254, 123.45.67.89? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_NE, "17.34.51.69+255.255.255.254, 123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip != 17.34.51.69+255.255.255.254, 123.45.67.89? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.68, 17.34.51.69", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.34.51.68, 17.34.51.69? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.68, 17.34.51.69, 123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.34.51.68, 17.34.51.69, 123.45.67.89? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_NE, "17.34.51.68, 17.34.51.69, 123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip != 17.34.51.68, 17.34.51.69, 123.45.67.89? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.68", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.34.51.68? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.69", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.34.51.69? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.51.69+255.255.255.254", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.34.51.69+255.255.255.254? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.34.50.69+255.255.254.0", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.34.50.69+255.255.254.0? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "17.35.50.69+255.254.0.0", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 17.35.50.69+255.254.0.0? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "16.35.50.69+254.0.0.0", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 16.35.50.69+254.0.0.0? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_EQ, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip = 123.45.67.89? %d\n\n", result);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_NE, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip != 123.45.67.89? %d\n\n", result);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_GT, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip > 123.45.67.89? %d\n\n", result);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_LT, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip < 123.45.67.89? %d\n\n", result);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_GE, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip >= 123.45.67.89? %d\n\n", result);
+
+ result = LASIpEval(NULL, "ip", CMP_OP_LE, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("ip <= 123.45.67.89? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+ result = LASIpEval(NULL, "mistake", CMP_OP_LE, "123.45.67.89", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf ("mistake <= 123.45.67.89? %d\n\n", result);
+
+ LASIpFlush(&las_cookie);
+
+
+ /*
+ * Time of Day unit tests.
+ */
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_EQ, "2120", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time = 2120? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_NE, "2120", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time != 2120? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_EQ, "0700", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time = 0700? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_NE, "0700", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time != 0700? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_EQ, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time = 2400? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_NE, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time != 2400? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_GT, "2120", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time > 2120? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LT, "2120", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time < 2120? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_GT, "0700", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time > 0700? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LT, "0700", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time < 0700? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_GT, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time > 2400? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LT, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time < 2400? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_GE, "2120", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time >= 2120? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LE, "2120", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time <= 2120? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_GE, "0700", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time >= 0700? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LE, "0700", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time <= 0700? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_GE, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time >= 2400? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LE, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time <= 2400? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "mistake", CMP_OP_LE, "2400", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("mistake <= 2400? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_EQ, "0800-2200", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time = 0800-2200? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_NE, "0800-2200", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time != 0800-2200? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_EQ, "2200-0800", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time = 2200-0800? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_NE, "2200-0800", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time != 2200-0800? %d\n\n", result);
+
+ result = LASTimeOfDayEval(NULL, "timeofday", CMP_OP_LE, "2200-0800", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("time <= 2200-0800? %d\n\n", result);
+
+
+ /*
+ * Day Of Week Unit Tests
+ */
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "Mon", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("= mon? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "tUe", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("= tUe? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "weD", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("= weD? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "THu", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("= THu? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "FrI", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("= FrI? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "sAT", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("= tUe? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "Sun", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("= Sun? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_EQ, "mon,tuewed,thu,frisatsun", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("= mon,tuewed,thu,frisatsun? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_NE, "mon,tuewed,thu,frisatsun", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("!= mon,tuewed,thu,frisatsun? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_GT, "Sun", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("> Sun? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_LT, "Sun", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("< Sun? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_GE, "Sun", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf(">= Sun? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "dayofweek", CMP_OP_LE, "Sun", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("<= Sun? %d\n\n", result);
+
+ result = LASDayOfWeekEval(NULL, "mistake", CMP_OP_LE, "Sun", &cachable, &las_cookie, NULL, NULL, NULL, NULL);
+ printf("mistake <= Sun? %d\n\n", result);
+
+
+ ACL_Destroy();
+
+ exit(0);
+
+}
diff --git a/lib/libaccess/utest/lasemail.cpp b/lib/libaccess/utest/lasemail.cpp
new file mode 100644
index 00000000..469a315f
--- /dev/null
+++ b/lib/libaccess/utest/lasemail.cpp
@@ -0,0 +1,180 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+/* lasemail.cpp
+ * This file contains the Email LAS code.
+ */
+
+#include <ldap.h>
+#include <nsacl/aclapi.h>
+
+#define ACL_ATTR_EMAIL "email"
+
+extern "C" {
+extern int LASEmailEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator, char *attr_pattern, ACLCachable_t *cachable, void **LAS_cookie, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
+extern void LASEmailFlush(void **las_cookie);
+extern int LASEmailModuleInit();
+}
+
+
+/*
+ * LASEmailEval
+ * INPUT
+ * attr_name The string "email" - in lower case.
+ * comparator CMP_OP_EQ or CMP_OP_NE only
+ * attr_pattern A comma-separated list of emails
+ * (we currently support only one e-mail addr)
+ * *cachable Always set to ACL_NOT_CACHABLE.
+ * subject Subject property list
+ * resource Resource property list
+ * auth_info Authentication info, if any
+ * RETURNS
+ * retcode The usual LAS return codes.
+ */
+int LASEmailEval(NSErr_t *errp, char *attr_name, CmpOp_t comparator,
+ char *attr_pattern, ACLCachable_t *cachable,
+ void **LAS_cookie, PList_t subject, PList_t resource,
+ PList_t auth_info, PList_t global_auth)
+{
+ char *uid;
+ char *email;
+ int rv;
+ LDAP *ld;
+ char *basedn;
+ LDAPMessage *res;
+ int numEntries;
+ char filter[1024];
+ int matched;
+
+ *cachable = ACL_NOT_CACHABLE;
+ *LAS_cookie = (void *)0;
+
+ if (strcmp(attr_name, ACL_ATTR_EMAIL) != 0) {
+ fprintf(stderr, "LASEmailEval called for incorrect attr \"%s\"\n",
+ attr_name);
+ return LAS_EVAL_INVALID;
+ }
+
+ if ((comparator != CMP_OP_EQ) && (comparator != CMP_OP_NE)) {
+ fprintf(stderr, "LASEmailEval called with incorrect comparator %d\n",
+ comparator);
+ return LAS_EVAL_INVALID;
+ }
+
+ if (!strcmp(attr_pattern, "anyone")) {
+ *cachable = ACL_INDEF_CACHABLE;
+ return comparator == CMP_OP_EQ ? LAS_EVAL_TRUE : LAS_EVAL_FALSE;
+ }
+
+ /* get the authenticated user name */
+ rv = ACL_GetAttribute(errp, ACL_ATTR_USER, (void **)&uid,
+ subject, resource, auth_info, global_auth);
+
+ if (rv != LAS_EVAL_TRUE) {
+ return rv;
+ }
+
+ /* We have an authenticated user */
+ if (!strcmp(attr_pattern, "all")) {
+ return comparator == CMP_OP_EQ ? LAS_EVAL_TRUE : LAS_EVAL_FALSE;
+ }
+
+ /* do an ldap lookup for: (& (uid=<user>) (mail=<email>)) */
+ rv = ACL_LDAPDatabaseHandle(errp, NULL, &ld, &basedn);
+
+ if (rv != LAS_EVAL_TRUE) {
+ fprintf(stderr, "unable to get LDAP handle\n");
+ return rv;
+ }
+
+ /* Formulate the filter -- assume single e-mail in attr_pattern */
+ /* If we support multiple comma separated e-mail addresses in the
+ * attr_pattern then the filter will look like:
+ * (& (uid=<user>) (| (mail=<email1>) (mail=<email2>)))
+ */
+ sprintf(filter, "(& (uid=%s) (mail=%s))", uid, attr_pattern);
+
+ rv = ldap_search_s(ld, basedn, LDAP_SCOPE_SUBTREE, filter,
+ 0, 0, &res);
+
+ if (rv != LDAP_SUCCESS)
+ {
+ fprintf(stderr, "ldap_search_s: %s\n", ldap_err2string(rv));
+ return LAS_EVAL_FAIL;
+ }
+
+ numEntries = ldap_count_entries(ld, res);
+
+ if (numEntries == 1) {
+ /* success */
+ LDAPMessage *entry = ldap_first_entry(ld, res);
+ char *dn = ldap_get_dn(ld, entry);
+
+ fprintf(stderr, "ldap_search_s: Entry found. DN: \"%s\"\n", dn);
+ ldap_memfree(dn);
+ matched = 1;
+ }
+ else if (numEntries == 0) {
+ /* not found -- but not an error */
+ fprintf(stderr, "ldap_search_s: Entry not found. Filter: \"%s\"\n",
+ filter);
+ matched = 0;
+ }
+ else if (numEntries > 0) {
+ /* Found more than one entry! */
+ fprintf(stderr, "ldap_search_s: Found more than one entry. Filter: \"%s\"\n",
+ filter);
+ return LAS_EVAL_FAIL;
+ }
+
+ if (comparator == CMP_OP_EQ) {
+ rv = (matched ? LAS_EVAL_TRUE : LAS_EVAL_FALSE);
+ }
+ else {
+ rv = (matched ? LAS_EVAL_FALSE : LAS_EVAL_TRUE);
+ }
+
+ return rv;
+}
+
+
+/* LASEmailFlush
+ * Deallocates any memory previously allocated by the LAS
+ */
+void
+LASEmailFlush(void **las_cookie)
+{
+ /* do nothing */
+ return;
+}
+
+/* LASEmailModuleInit --
+ * Register the e-mail LAS.
+ *
+ * To load this functions in the web server, compile the file in
+ * "lasemail.so" and add the following lines to the
+ * <ServerRoot>/https-<name>/config/obj.conf file. Be sure to change the
+ * "lasemail.so" portion to the full pathname. E.g. /nshome/lib/lasemail.so.
+ *
+ * Init fn="load-modules" funcs="LASEmailModuleInit" shlib="lasemail.so"
+ * Init fn="acl-register-module" module="lasemail" func="LASEmailModuleInit"
+ */
+int LASEmailModuleInit ()
+{
+ NSErr_t err = NSERRINIT;
+ NSErr_t *errp = &err;
+ int rv;
+
+ rv = ACL_LasRegister(errp, ACL_ATTR_EMAIL, LASEmailEval, LASEmailFlush);
+
+ if (rv < 0) {
+ fprintf(stderr, "ACL_LasRegister failed. Error: %d\n", rv);
+ return rv;
+ }
+
+ return rv;
+}
+
diff --git a/lib/libaccess/utest/onetest.cpp b/lib/libaccess/utest/onetest.cpp
new file mode 100644
index 00000000..3bcccbb1
--- /dev/null
+++ b/lib/libaccess/utest/onetest.cpp
@@ -0,0 +1,47 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#include <stdio.h>
+#include <netsite.h>
+#include <libaccess/nserror.h>
+#include <base/session.h>
+#include <libaccess/acl.h>
+#include "../aclpriv.h"
+#include <libaccess/aclproto.h>
+#include <libaccess/las.h>
+#include <base/plist.h>
+#include <base/ereport.h>
+
+extern ACLListHandle_t *ACL_ParseFile(NSErr_t *errp, char *filename);
+extern ACLEvalDestroyContext(NSErr_t *errp, ACLEvalHandle_t *acleval);
+
+
+main(int arc, char **argv)
+{
+ int result;
+ int cachable;
+ void *las_cookie=NULL;
+ ACLEvalHandle_t eval;
+ char *rights[2];
+ char filename[20];
+ int i;
+ char *bong;
+ char *bong_type;
+ char *acl_tag;
+ int expr_num;
+
+ /* ACL Eval Unit Tests
+ */
+ rights[0] = "read";
+ rights[1] = "write";
+ rights[2] = NULL;
+
+ eval.acllist = ACL_ParseFile((NSErr_t *)NULL, argv[1]);
+ result = ACL_EvalTestRights(NULL, &eval, &rights[0], NULL, &bong, &bong_type, &acl_tag, &expr_num);
+ ACLEvalDestroyContext(NULL, &eval);
+ ACL_ListDestroy(NULL, eval.acllist);
+ printf("%s = %d\n\n", argv[1], result);
+
+}
diff --git a/lib/libaccess/utest/shexp.cpp b/lib/libaccess/utest/shexp.cpp
new file mode 100644
index 00000000..23e9e909
--- /dev/null
+++ b/lib/libaccess/utest/shexp.cpp
@@ -0,0 +1,294 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/*
+ * shexp.c: shell-like wildcard match routines
+ *
+ *
+ * See shexp.h for public documentation.
+ *
+ * Rob McCool
+ *
+ */
+
+#include "shexp.h"
+#include <ctype.h> /* isalpha, tolower */
+
+
+/* ----------------------------- shexp_valid ------------------------------ */
+
+
+int valid_subexp(char *exp, char stop)
+{
+ register int x,y,t;
+ int nsc,np,tld;
+
+ x=0;nsc=0;tld=0;
+
+ while(exp[x] && (exp[x] != stop)) {
+ switch(exp[x]) {
+ case '~':
+ if(tld) return INVALID_SXP;
+ else ++tld;
+ case '*':
+ case '?':
+ case '^':
+ case '$':
+ ++nsc;
+ break;
+ case '[':
+ ++nsc;
+ if((!exp[++x]) || (exp[x] == ']'))
+ return INVALID_SXP;
+ for(++x;exp[x] && (exp[x] != ']');++x)
+ if(exp[x] == '\\')
+ if(!exp[++x])
+ return INVALID_SXP;
+ if(!exp[x])
+ return INVALID_SXP;
+ break;
+ case '(':
+ ++nsc;np = 0;
+ while(1) {
+ if(exp[++x] == ')')
+ return INVALID_SXP;
+ for(y=x;(exp[y]) && (exp[y] != '|') && (exp[y] != ')');++y)
+ if(exp[y] == '\\')
+ if(!exp[++y])
+ return INVALID_SXP;
+ if(!exp[y])
+ return INVALID_SXP;
+ if(exp[y] == '|')
+ ++np;
+ t = valid_subexp(&exp[x],exp[y]);
+ if(t == INVALID_SXP)
+ return INVALID_SXP;
+ x+=t;
+ if(exp[x] == ')') {
+ if(!np)
+ return INVALID_SXP;
+ break;
+ }
+ }
+ break;
+ case ')':
+ case ']':
+ return INVALID_SXP;
+ case '\\':
+ if(!exp[++x])
+ return INVALID_SXP;
+ default:
+ break;
+ }
+ ++x;
+ }
+ if((!stop) && (!nsc))
+ return NON_SXP;
+ return ((exp[x] == stop) ? x : INVALID_SXP);
+}
+
+NSAPI_PUBLIC int shexp_valid(char *exp) {
+ int x;
+
+ x = valid_subexp(exp, '\0');
+ return (x < 0 ? x : VALID_SXP);
+}
+
+
+/* ----------------------------- shexp_match ----------------------------- */
+
+
+#define MATCH 0
+#define NOMATCH 1
+#define ABORTED -1
+
+int _shexp_match(char *str, char *exp);
+
+int handle_union(char *str, char *exp)
+{
+ char *e2 = (char *) MALLOC(sizeof(char)*strlen(exp));
+ register int t,p2,p1 = 1;
+ int cp;
+
+ while(1) {
+ for(cp=1;exp[cp] != ')';cp++)
+ if(exp[cp] == '\\')
+ ++cp;
+ for(p2 = 0;(exp[p1] != '|') && (p1 != cp);p1++,p2++) {
+ if(exp[p1] == '\\')
+ e2[p2++] = exp[p1++];
+ e2[p2] = exp[p1];
+ }
+ for(t=cp+1;(e2[p2] = exp[t]);++t,++p2);
+ if(_shexp_match(str,e2) == MATCH) {
+ FREE(e2);
+ return MATCH;
+ }
+ if(p1 == cp) {
+ FREE(e2);
+ return NOMATCH;
+ }
+ else ++p1;
+ }
+}
+
+
+int _shexp_match(char *str, char *exp)
+{
+ register int x,y;
+ int ret,neg;
+
+ ret = 0;
+ for(x=0,y=0;exp[y];++y,++x) {
+ if((!str[x]) && (exp[y] != '(') && (exp[y] != '$') && (exp[y] != '*'))
+ ret = ABORTED;
+ else {
+ switch(exp[y]) {
+ case '$':
+ if( (str[x]) )
+ ret = NOMATCH;
+ else
+ --x; /* we don't want loop to increment x */
+ break;
+ case '*':
+ while(exp[++y] == '*');
+ if(!exp[y])
+ return MATCH;
+ while(str[x]) {
+ switch(_shexp_match(&str[x++],&exp[y])) {
+ case NOMATCH:
+ continue;
+ case ABORTED:
+ ret = ABORTED;
+ break;
+ default:
+ return MATCH;
+ }
+ break;
+ }
+ if((exp[y] == '$') && (exp[y+1] == '\0') && (!str[x]))
+ return MATCH;
+ else
+ ret = ABORTED;
+ break;
+ case '[':
+ if((neg = ((exp[++y] == '^') && (exp[y+1] != ']'))))
+ ++y;
+
+ if((isalnum(exp[y])) && (exp[y+1] == '-') &&
+ (isalnum(exp[y+2])) && (exp[y+3] == ']'))
+ {
+ int start = exp[y], end = exp[y+2];
+
+ /* Droolproofing for pinheads not included */
+ if(neg ^ ((str[x] < start) || (str[x] > end))) {
+ ret = NOMATCH;
+ break;
+ }
+ y+=3;
+ }
+ else {
+ int matched;
+
+ for(matched=0;exp[y] != ']';y++)
+ matched |= (str[x] == exp[y]);
+ if(neg ^ (!matched))
+ ret = NOMATCH;
+ }
+ break;
+ case '(':
+ return handle_union(&str[x],&exp[y]);
+ break;
+ case '?':
+ break;
+ case '\\':
+ ++y;
+ default:
+#ifdef XP_UNIX
+ if(str[x] != exp[y])
+#else /* XP_WIN32 */
+ if(strnicmp(str + x, exp + y, 1))
+#endif /* XP_WIN32 */
+ ret = NOMATCH;
+ break;
+ }
+ }
+ if(ret)
+ break;
+ }
+ return (ret ? ret : (str[x] ? NOMATCH : MATCH));
+}
+
+NSAPI_PUBLIC int shexp_match(char *str, char *xp) {
+ register int x;
+ char *exp = STRDUP(xp);
+
+ for(x=strlen(exp)-1;x;--x) {
+ if((exp[x] == '~') && (exp[x-1] != '\\')) {
+ exp[x] = '\0';
+ if(_shexp_match(str,&exp[++x]) == MATCH)
+ goto punt;
+ break;
+ }
+ }
+ if(_shexp_match(str,exp) == MATCH) {
+ FREE(exp);
+ return 0;
+ }
+
+ punt:
+ FREE(exp);
+ return 1;
+}
+
+
+/* ------------------------------ shexp_cmp ------------------------------- */
+
+
+NSAPI_PUBLIC int shexp_cmp(char *str, char *exp)
+{
+ switch(shexp_valid(exp)) {
+ case INVALID_SXP:
+ return -1;
+ case NON_SXP:
+#ifdef XP_UNIX
+ return (strcmp(exp,str) ? 1 : 0);
+#else /* XP_WIN32 */
+ return (stricmp(exp,str) ? 1 : 0);
+#endif /* XP_WIN32 */
+ default:
+ return shexp_match(str, exp);
+ }
+}
+
+
+/* ---------------------------- shexp_casecmp ----------------------------- */
+
+
+NSAPI_PUBLIC int shexp_casecmp(char *str, char *exp)
+{
+ char *lstr = STRDUP(str), *lexp = STRDUP(exp), *t;
+ int ret;
+
+ for(t = lstr; *t; t++)
+ if(isalpha(*t)) *t = tolower(*t);
+ for(t = lexp; *t; t++)
+ if(isalpha(*t)) *t = tolower(*t);
+
+ switch(shexp_valid(lexp)) {
+ case INVALID_SXP:
+ ret = -1;
+ break;
+ case NON_SXP:
+ ret = (strcmp(lexp, lstr) ? 1 : 0);
+ break;
+ default:
+ ret = shexp_match(lstr, lexp);
+ }
+ FREE(lstr);
+ FREE(lexp);
+ return ret;
+}
+
diff --git a/lib/libaccess/utest/shexp.h b/lib/libaccess/utest/shexp.h
new file mode 100644
index 00000000..edc91842
--- /dev/null
+++ b/lib/libaccess/utest/shexp.h
@@ -0,0 +1,131 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/*
+ * shexp.h: Defines and prototypes for shell exp. match routines
+ *
+ *
+ * This routine will match a string with a shell expression. The expressions
+ * accepted are based loosely on the expressions accepted by zsh.
+ *
+ * o * matches anything
+ * o ? matches one character
+ * o \ will escape a special character
+ * o $ matches the end of the string
+ * o [abc] matches one occurence of a, b, or c. The only character that needs
+ * to be escaped in this is ], all others are not special.
+ * o [a-z] matches any character between a and z
+ * o [^az] matches any character except a or z
+ * o ~ followed by another shell expression will remove any pattern
+ * matching the shell expression from the match list
+ * o (foo|bar) will match either the substring foo, or the substring bar.
+ * These can be shell expressions as well.
+ *
+ * The public interface to these routines is documented below.
+ *
+ * Rob McCool
+ *
+ */
+
+#ifndef SHEXP_H
+#define SHEXP_H
+
+/*
+ * Requires that the macro MALLOC be set to a "safe" malloc that will
+ * exit if no memory is available. If not under MCC httpd, define MALLOC
+ * to be the real malloc and play with fire, or make your own function.
+ */
+
+#include "../netsite.h"
+
+#include <ctype.h> /* isalnum */
+#include <string.h> /* strlen */
+
+
+/*
+ * Wrappers for shexp/regexp
+ *
+ * Portions of code that explicitly want to have either shexp's
+ * or regexp's should call those functions directly.
+ *
+ * Common code bases for multiple products should use the following
+ * macros instead to use either shell or regular expressions,
+ * depending on the flavor chosen for a given server.
+ *
+ */
+#if defined(MCC_PROXY) && defined(USE_REGEX)
+
+#include "base/regexp.h"
+
+#define WILDPAT_VALID(exp) regexp_valid(exp)
+#define WILDPAT_MATCH(str, exp) regexp_match(str, exp)
+#define WILDPAT_CMP(str, exp) regexp_cmp(str, exp)
+#define WILDPAT_CASECMP(str, exp) regexp_casecmp(str, exp)
+
+#else /* HTTP servers */
+
+#define WILDPAT_VALID(exp) shexp_valid(exp)
+#define WILDPAT_MATCH(str, exp) shexp_match(str, exp)
+#define WILDPAT_CMP(str, exp) shexp_cmp(str, exp)
+#define WILDPAT_CASECMP(str, exp) shexp_casecmp(str, exp)
+
+#endif
+
+
+/* --------------------------- Public routines ---------------------------- */
+
+NSPR_BEGIN_EXTERN_C
+
+/*
+ * shexp_valid takes a shell expression exp as input. It returns:
+ *
+ * NON_SXP if exp is a standard string
+ * INVALID_SXP if exp is a shell expression, but invalid
+ * VALID_SXP if exp is a valid shell expression
+ */
+
+#define NON_SXP -1
+#define INVALID_SXP -2
+#define VALID_SXP 1
+
+/* and generic shexp/regexp versions */
+#define NON_WILDPAT NON_SXP
+#define INVALID_WILDPAT INVALID_SXP
+#define VALID_WILDPAT VALID_SXP
+
+/* and regexp versions */
+#define NON_REGEXP NON_SXP
+#define INVALID_REGEXP INVALID_SXP
+#define VALID_REGEXP VALID_SXP
+
+
+NSAPI_PUBLIC int shexp_valid(char *exp);
+
+/*
+ * shexp_match
+ *
+ * Takes a prevalidated shell expression exp, and a string str.
+ *
+ * Returns 0 on match and 1 on non-match.
+ */
+
+NSAPI_PUBLIC int shexp_match(char *str, char *exp);
+
+
+/*
+ * shexp_cmp
+ *
+ * Same as above, but validates the exp first. 0 on match, 1 on non-match,
+ * -1 on invalid exp. shexp_casecmp does the same thing but is case
+ * insensitive.
+ */
+
+NSAPI_PUBLIC int shexp_cmp(char *str, char *exp);
+NSAPI_PUBLIC int shexp_casecmp(char *str, char *exp);
+
+NSPR_END_EXTERN_C
+
+#endif
+
diff --git a/lib/libaccess/utest/test.ref b/lib/libaccess/utest/test.ref
new file mode 100644
index 00000000..d5207382
--- /dev/null
+++ b/lib/libaccess/utest/test.ref
@@ -0,0 +1,234 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+Failed ACL_FileMergeFile() test.
+Method one is #1, rv=0
+Method two is #2, rv=0
+Method one repeated is #1, rv=0
+Method three is #3, rv=0
+ Method[0] = "two"
+ Method[1] = "three"
+ Method[2] = "one"
+DbType two is #2, rv=0
+DbType three is #3, rv=0
+DbType two repeated is #2, rv=0
+DbType four is #4, rv=0
+ Database[0] = "db2"
+ Database[1] = "db1"
+ Database[2] = "db3"
+position 1
+position 2
+position 3
+position 4
+aclfile0 = 0
+
+aclfile1 = 1
+
+aclfile2 = 1
+
+aclfile3 = 1
+
+aclfile4 = 0
+
+aclfile5 = 0
+
+aclfile6 = 0
+
+aclfile7 = 1
+
+aclfile8 = 0
+
+aclfile9 = 3
+
+ACL file: internal-buffer
+Syntax error at line: 1, token: >
+ACL file: internal-buffer
+Syntax error at line: 2, token: junk
+aclfile10 = 1
+
+aclfile11 = 1
+
+aclfile12 = 0
+
+aclfile13 = 0
+
+aclfile14 = 0
+
+aclfile15 = 1
+
+aclfile16 = 1
+
+aclfile17 = 0
+
+aclfile18 = 0
+
+aclfile19 = 1
+
+program = foo -1
+
+program = nomatch -2
+
+program = beer -1
+
+program = http-grog -2
+
+program = ubar -2
+
+dnsalias = *? -1
+
+dnsalias = aruba.mcom.com brain251.mcom.com? -1
+
+dns = *? -1
+
+dns != *? -2
+
+dns = aruba.mcom.com? -1
+
+dns = ai.mit.edu? -2
+
+dns = *.ai.mit.edu? -2
+
+dns = *.mit.edu? -2
+
+dns = *.edu? -2
+
+dns != *.edu? -1
+
+mistake != *.edu? -5
+
+dns > *.edu? -5
+
+ip = *? -1
+
+ip != *? -2
+
+ip = *.*.*.*? -1
+
+ip = 17.*? -1
+
+ip = 17.*.*.*? -1
+
+ip = 17.34.*? -1
+
+ip = 17.34.*.*? -1
+
+ip = 17.34.51.*? -1
+
+ip = 17.34.51.*+255.255.255.255? -1
+
+ip = 17.34.51.69+255.255.255.254, 123.45.67.89? -1
+
+ip != 17.34.51.69+255.255.255.254, 123.45.67.89? -2
+
+ip = 17.34.51.68, 17.34.51.69? -1
+
+ip = 17.34.51.68, 17.34.51.69, 123.45.67.89? -1
+
+ip != 17.34.51.68, 17.34.51.69, 123.45.67.89? -2
+
+ip = 17.34.51.68? -1
+
+ip = 17.34.51.69? -2
+
+ip = 17.34.51.69+255.255.255.254? -1
+
+ip = 17.34.50.69+255.255.254.0? -1
+
+ip = 17.35.50.69+255.254.0.0? -1
+
+ip = 16.35.50.69+254.0.0.0? -1
+
+ip = 123.45.67.89? -2
+
+ip != 123.45.67.89? -1
+
+ip > 123.45.67.89? -5
+
+ip < 123.45.67.89? -5
+
+ip >= 123.45.67.89? -5
+
+ip <= 123.45.67.89? -5
+
+mistake <= 123.45.67.89? -5
+
+time = 2120? -1
+
+time != 2120? -2
+
+time = 0700? -2
+
+time != 0700? -1
+
+time = 2400? -2
+
+time != 2400? -1
+
+time > 2120? -2
+
+time < 2120? -2
+
+time > 0700? -1
+
+time < 0700? -2
+
+time > 2400? -2
+
+time < 2400? -1
+
+time >= 2120? -1
+
+time <= 2120? -1
+
+time >= 0700? -1
+
+time <= 0700? -2
+
+time >= 2400? -2
+
+time <= 2400? -1
+
+mistake <= 2400? -5
+
+time = 0800-2200? -1
+
+time != 0800-2200? -2
+
+time = 2200-0800? -2
+
+time != 2200-0800? -1
+
+time <= 2200-0800? -5
+
+= mon? -1
+
+= tUe? -2
+
+= weD? -2
+
+= THu? -2
+
+= FrI? -2
+
+= tUe? -2
+
+= Sun? -2
+
+= mon,tuewed,thu,frisatsun? -1
+
+!= mon,tuewed,thu,frisatsun? -2
+
+> Sun? -5
+
+< Sun? -5
+
+>= Sun? -5
+
+<= Sun? -5
+
+mistake <= Sun? -5
+
diff --git a/lib/libaccess/utest/testmain.cpp b/lib/libaccess/utest/testmain.cpp
new file mode 100644
index 00000000..4da14cee
--- /dev/null
+++ b/lib/libaccess/utest/testmain.cpp
@@ -0,0 +1,52 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/*
+ * ACL parser unit test program
+ */
+
+#include <stdio.h>
+#include <netsite.h>
+#include <libaccess/acl.h>
+#include <libaccess/nserror.h>
+#include "../aclpriv.h"
+#include <libaccess/aclproto.h>
+
+main(int argc, char **argv)
+{
+
+ACLListHandle_t *acllist;
+int ii;
+char filename[255];
+ACLWrapper_t *wrap;
+ACLExprHandle_t *expr;
+
+ if ( argc < 2 ) {
+ fprintf(stderr, "usage: aclparse <filenames>\n");
+ exit(1);
+ }
+ for (ii = 1; ii < argc; ii++ ) {
+ acllist = ACL_ParseFile(NULL, argv[ii]);
+ if ( acllist == NULL ) {
+ printf("Failed to parse ACL.\n");
+
+ } else {
+ for (wrap = acllist->acl_list_head; wrap;
+ wrap = wrap->wrap_next) {
+ for (expr=wrap->acl->expr_list_head;
+ expr;
+ expr = expr->expr_next ) {
+ ACL_ExprDisplay(expr);
+ }
+ }
+ }
+
+
+ sprintf(filename, "%s.v30", argv[ii]);
+ ACL_WriteFile(NULL, filename, acllist);
+ ACL_ListDestroy( acllist );
+ }
+
+}
diff --git a/lib/libaccess/utest/twotest.cpp b/lib/libaccess/utest/twotest.cpp
new file mode 100644
index 00000000..2d4fb503
--- /dev/null
+++ b/lib/libaccess/utest/twotest.cpp
@@ -0,0 +1,57 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#include <stdio.h>
+#include <netsite.h>
+#include <base/session.h>
+#include <base/plist.h>
+#include <base/ereport.h>
+#include <libaccess/nserror.h>
+#include <libaccess/acl.h>
+#include "../aclpriv.h"
+#include <libaccess/aclproto.h>
+#include <libaccess/las.h>
+
+
+extern ACLListHandle_t *ACL_ParseFile(NSErr_t *errp, char *filename);
+extern ACLEvalDestroyContext(NSErr_t *errp, ACLEvalHandle_t *acleval);
+
+main(int arc, char **argv)
+{
+ int result;
+ int cachable;
+ void *las_cookie=NULL;
+ ACLEvalHandle_t eval;
+ char *rights[2];
+ char *map_generic[7];
+ char filename[20];
+ int i;
+ char *bong;
+ char *bong_type;
+ char *acl_tag;
+ int expr_num;
+
+ /* ACL Eval Unit Tests
+ */
+
+ rights[0] = "html_read";
+ rights[1] = "html_write";
+ rights[2] = NULL;
+
+ map_generic[0] = "html_read";
+ map_generic[1] = "html_write";
+ map_generic[2] = "N/A";
+ map_generic[3] = "html_create";
+ map_generic[4] = "html_delete";
+ map_generic[5] = "N/A";
+ map_generic[6] = NULL;
+
+ eval.acllist = ACL_ParseFile((NSErr_t *)NULL, argv[1]);
+ result = ACL_EvalTestRights(NULL, &eval, &rights[0], map_generic, &bong, &bong_type, &acl_tag, &expr_num);
+ ACLEvalDestroyContext(NULL, &eval);
+ ACL_ListDestroy(NULL, eval.acllist);
+ printf("%s = %d\n\n", argv[1], result);
+
+}
diff --git a/lib/libaccess/utest/ustubs.cpp b/lib/libaccess/utest/ustubs.cpp
new file mode 100644
index 00000000..ccfa3108
--- /dev/null
+++ b/lib/libaccess/utest/ustubs.cpp
@@ -0,0 +1,283 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#include <sys/types.h>
+#include <malloc.h>
+#include <string.h>
+#include <base/crit.h>
+#include <base/plist.h>
+
+#include <libaccess/nserror.h>
+#include <libaccess/acl.h>
+#include "../aclpriv.h"
+#include <libaccess/aclproto.h>
+#include <libaccess/ldapacl.h>
+#include <ldaputil/dbconf.h>
+#ifdef NSPR20
+#include <prprf.h>
+#else
+#include <nspr/prprf.h>
+#endif
+
+NSPR_BEGIN_EXTERN_C
+extern char * ACL_Program;
+extern int conf_getglobals();
+extern int SPconf_getglobals();
+extern int ereport(int, char*, ...);
+extern int SPereport(int, char*, ...);
+extern char * GetAdminLanguage(void);
+extern char * XP_GetStringFromDatabase(char *strLibraryName, char *strLanguage, int iToken);
+extern void ACL_Restart(void *cntlData);
+extern int XP_SetError();
+extern int XP_GetError();
+extern int acl_usr_cache_init();
+extern int acl_usr_cache_set_group();
+extern int acl_usr_cache_group_check();
+extern int sema_destroy();
+extern char *ldapu_err2string(int err);
+extern int ACL_CacheFlush(void);
+NSPR_END_EXTERN_C
+
+static char errbuf[10];
+
+char *
+ldapu_err2string(int err)
+{
+ sprintf(errbuf, "%d", err);
+ return errbuf;
+}
+
+
+void init_ldb_rwlock ()
+{
+}
+
+sema_destroy()
+{
+ return 0;
+}
+
+#ifdef notdef
+char *system_errmsg()
+{
+ static char errmsg[1024];
+
+ sprintf(errmsg, "Stubbed system_errmsg");
+ return errmsg;
+}
+#endif
+
+int
+ACL_CacheFlushRegister(AclCacheFlushFunc_t flush_func)
+{
+ return 0;
+}
+
+acl_usr_cache_init()
+{
+ return 0;
+}
+
+acl_usr_cache_group_check()
+{
+ return 0;
+}
+
+acl_usr_cache_set_group()
+{
+ return 0;
+}
+
+XP_SetError()
+{
+ return 0;
+}
+
+XP_GetError()
+{
+ return 0;
+}
+
+CRITICAL
+crit_init()
+{
+ return (CRITICAL)1;
+}
+
+void
+crit_enter(CRITICAL c)
+{
+ return;
+}
+
+void
+crit_exit(CRITICAL c)
+{
+ return;
+}
+
+void
+crit_terminate(CRITICAL c)
+{
+ return;
+}
+
+int crit_owner_is_me(CRITICAL id)
+{
+ return 1;
+}
+
+symTableFindSym()
+{
+ return 0;
+}
+
+int
+ldap_auth_uid_groupid(LDAP *ld, char *uid, char *groupid,
+ char *base)
+{
+ return 0;
+}
+
+LDAP *
+init_ldap (char *host, int port, int use_ssl)
+{
+ return (LDAP *)"init_ldap_stub";
+}
+
+int ACL_LDAPDatabaseHandle (NSErr_t *errp, const char *dbname, LDAP **ld,
+ char **basedn)
+{
+ *ld = (LDAP *)"ACL_LDAPDatabaseHandle_stub";
+ if (basedn) *basedn = strdup("unknown basedn");
+ return LAS_EVAL_TRUE;
+}
+
+#ifdef notdef
+NSEFrame_t * nserrGenerate(NSErr_t * errp, long retcode, long errorid,
+ char * program, int errc, ...)
+{
+ return 0;
+}
+#endif
+
+char * ACL_Program;
+
+char *
+LASUserGetUser()
+{
+ return "hmiller";
+}
+
+LASIpGetIp()
+{
+ return(0x11223344);
+}
+
+LASDnsGetDns(char **dnsv)
+{
+ *dnsv = "aruba.mcom.com";
+ return 0;
+}
+
+int
+ACL_DestroyList()
+{
+return(0);
+}
+
+aclCheckHosts()
+{
+return(0);
+}
+
+aclCheckUsers()
+{
+return(0);
+}
+
+char *LASGroupGetUser()
+{
+ return("hmiller");
+}
+
+int
+SPconf_getglobals()
+{
+ return 0;
+}
+
+int
+conf_getglobals()
+{
+ return 0;
+}
+
+int
+SPereport(int degree, char *fmt, ...)
+{
+ va_list args;
+ char errstr[1024];
+
+ va_start(args, fmt);
+ PR_vsnprintf(&errstr[0], sizeof(errstr), fmt, args);
+ printf("%s", errstr);
+ va_end(args);
+ return 0;
+}
+
+int
+ereport(int degree, char *fmt, ...)
+{
+ va_list args;
+ char errstr[1024];
+
+ va_start(args, fmt);
+ PR_vsnprintf(&errstr[0], sizeof(errstr), fmt, args);
+ printf("%s", errstr);
+ va_end(args);
+ return 0;
+}
+
+#ifdef notdef
+int dbconf_read_config_file (const char *file, DBConfInfo_t **conf_info_out)
+{
+ return 0;
+}
+#endif
+
+char *
+GetAdminLanguage(void)
+{
+ return "";
+}
+
+static char errstr[1024];
+
+char *
+XP_GetStringFromDatabase(char *strLibraryName, char *strLanguage, int iToken)
+{
+ sprintf(errstr, "XP_GetAdminStr called for error %d\n", iToken);
+ return errstr;
+}
+
+void
+ACL_Restart(void * cntlData)
+{
+ return;
+}
+
+NSAPI_PUBLIC int
+parse_ldap_url(NSErr_t *errp, ACLDbType_t dbtype, const char *name, const char
+*url, PList_t plist, void **db)
+{
+ return 0;
+}
+
+int
+ACL_CacheFlush(void)
+{
+ return 0;
+}