5
** Contains group file parser and routines to match IP
6
** address templates and to find out group membership.
10
** AL Ari Luotonen luotonen@dxcern.cern.ch
19
** GROUP DEFINITION GRAMMAR:
21
** string = "sequence of alphanumeric characters"
22
** user_name ::= string
23
** group_name ::= string
24
** group_ref ::= group_name
25
** user_def ::= user_name | group_ref
26
** user_def_list ::= user_def { ',' user_def }
27
** user_part = user_def | '(' user_def_list ')'
29
** templ = "sequence of alphanumeric characters and '*'s"
30
** ip_number_mask ::= templ '.' templ '.' templ '.' templ
31
** domain_name_mask ::= templ { '.' templ }
32
** address ::= ip_number_mask | domain_name_mask
33
** address_def ::= address
34
** address_def_list ::= address_def { ',' address_def }
35
** address_part = address_def | '(' address_def_list ')'
37
** item ::= [user_part] ['@' address_part]
38
** item_list ::= item { ',' item }
39
** group_def ::= item_list
40
** group_decl ::= group_name ':' group_def
48
#include <HTLex.h> /* Lexical analysor */
49
#include <HTGroup.h> /* Implemented here */
58
typedef HTList UserDefList;
59
typedef HTList AddressDefList;
62
UserDefList * user_def_list;
63
AddressDefList * address_def_list;
68
GroupDef * translation;
73
PRIVATE void syntax_error ARGS3(FILE *, fp,
81
while ((ch = getc(fp)) != EOF && ch != '\n')
82
if (cnt < 40) buffer[cnt++] = (char) ch;
83
buffer[cnt] = (char)0;
85
CTRACE((tfp, "%s %d before: '%s'\nHTGroup.c: %s (got %s)\n",
86
"HTGroup.c: Syntax error in rule file at line",
87
HTlex_line, buffer, msg, lex_verbose(lex_item)));
92
PRIVATE AddressDefList *parse_address_part ARGS1(FILE *, fp)
94
AddressDefList *address_def_list = NULL;
99
if (lex_item == LEX_ALPH_STR || lex_item == LEX_TMPL_STR)
101
else if (lex_item != LEX_OPEN_PAREN ||
102
((lex_item = lex(fp)) != LEX_ALPH_STR &&
103
lex_item != LEX_TMPL_STR)) {
104
syntax_error(fp, "Expecting a single address or '(' beginning list",
108
address_def_list = HTList_new();
111
Ref *ref = typecalloc(Ref);
113
outofmem(__FILE__, "parse_address_part");
115
ref->translation = NULL;
116
StrAllocCopy(ref->name, HTlex_buffer);
118
HTList_addObject(address_def_list, (void*)ref);
120
if (only_one || (lex_item = lex(fp)) != LEX_ITEM_SEP)
123
** Here lex_item == LEX_ITEM_SEP; after item separator it
124
** is ok to have one or more newlines (LEX_REC_SEP) and
125
** they are ignored (continuation line).
129
} while (lex_item == LEX_REC_SEP);
131
if (lex_item != LEX_ALPH_STR && lex_item != LEX_TMPL_STR) {
132
syntax_error(fp, "Expecting an address template", lex_item);
133
HTList_delete(address_def_list);
134
address_def_list = NULL;
139
if (!only_one && lex_item != LEX_CLOSE_PAREN) {
140
HTList_delete(address_def_list);
141
address_def_list = NULL;
142
syntax_error(fp, "Expecting ')' closing address list", lex_item);
145
return address_def_list;
149
PRIVATE UserDefList *parse_user_part ARGS1(FILE *, fp)
151
UserDefList *user_def_list = NULL;
156
if (lex_item == LEX_ALPH_STR)
158
else if (lex_item != LEX_OPEN_PAREN ||
159
(lex_item = lex(fp)) != LEX_ALPH_STR) {
160
syntax_error(fp, "Expecting a single name or '(' beginning list",
164
user_def_list = HTList_new();
167
Ref *ref = typecalloc(Ref);
169
outofmem(__FILE__, "parse_user_part");
171
ref->translation = NULL;
172
StrAllocCopy(ref->name, HTlex_buffer);
174
HTList_addObject(user_def_list, (void*)ref);
176
if (only_one || (lex_item = lex(fp)) != LEX_ITEM_SEP)
179
** Here lex_item == LEX_ITEM_SEP; after item separator it
180
** is ok to have one or more newlines (LEX_REC_SEP) and
181
** they are ignored (continuation line).
185
} while (lex_item == LEX_REC_SEP);
187
if (lex_item != LEX_ALPH_STR) {
188
syntax_error(fp, "Expecting user or group name", lex_item);
189
HTList_delete(user_def_list);
190
user_def_list = NULL;
195
if (!only_one && lex_item != LEX_CLOSE_PAREN) {
196
HTList_delete(user_def_list);
197
user_def_list = NULL;
198
syntax_error(fp, "Expecting ')' closing user/group list", lex_item);
201
return user_def_list;
205
PRIVATE Item *parse_item ARGS1(FILE *, fp)
208
UserDefList *user_def_list = NULL;
209
AddressDefList *address_def_list = NULL;
213
if (lex_item == LEX_ALPH_STR || lex_item == LEX_OPEN_PAREN) {
215
user_def_list = parse_user_part(fp);
219
if (lex_item == LEX_AT_SIGN) {
221
if (lex_item == LEX_ALPH_STR || lex_item == LEX_TMPL_STR ||
222
lex_item == LEX_OPEN_PAREN) {
224
address_def_list = parse_address_part(fp);
228
HTList_delete(user_def_list); /* @@@@ */
229
user_def_list = NULL;
231
syntax_error(fp, "Expected address part (single address or list)",
236
else unlex(lex_item);
238
if (!user_def_list && !address_def_list) {
239
syntax_error(fp, "Empty item not allowed", lex_item);
242
item = typecalloc(Item);
244
outofmem(__FILE__, "parse_item");
245
item->user_def_list = user_def_list;
246
item->address_def_list = address_def_list;
251
PRIVATE ItemList *parse_item_list ARGS1(FILE *, fp)
253
ItemList *item_list = HTList_new();
258
if (!(item = parse_item(fp))) {
259
HTList_delete(item_list); /* @@@@ */
263
HTList_addObject(item_list, (void*)item);
265
if (lex_item != LEX_ITEM_SEP) {
270
** Here lex_item == LEX_ITEM_SEP; after item separator it
271
** is ok to have one or more newlines (LEX_REC_SEP) and
272
** they are ignored (continuation line).
276
} while (lex_item == LEX_REC_SEP);
282
PUBLIC GroupDef *HTAA_parseGroupDef ARGS1(FILE *, fp)
284
ItemList *item_list = NULL;
285
GroupDef *group_def = NULL;
288
if (!(item_list = parse_item_list(fp))) {
291
group_def = typecalloc(GroupDef);
292
if (group_def == NULL)
293
outofmem(__FILE__, "HTAA_parseGroupDef");
294
group_def->group_name = NULL;
295
group_def->item_list = item_list;
297
if ((lex_item = lex(fp)) != LEX_REC_SEP) {
298
syntax_error(fp, "Garbage after group definition", lex_item);
305
PRIVATE GroupDef *parse_group_decl ARGS1(FILE *, fp)
307
char *group_name = NULL;
308
GroupDef *group_def = NULL;
313
} while (lex_item == LEX_REC_SEP); /* Ignore empty lines */
315
if (lex_item != LEX_ALPH_STR) {
316
if (lex_item != LEX_EOF)
317
syntax_error(fp, "Expecting group name", lex_item);
320
StrAllocCopy(group_name, HTlex_buffer);
322
if (LEX_FIELD_SEP != (lex_item = lex(fp))) {
323
syntax_error(fp, "Expecting field separator", lex_item);
328
if (!(group_def = HTAA_parseGroupDef(fp))) {
332
group_def->group_name = group_name;
340
** Group manipulation routines
343
PRIVATE GroupDef *find_group_def ARGS2(GroupDefList *, group_list,
344
CONST char *, group_name)
346
if (group_list && group_name) {
347
GroupDefList *cur = group_list;
350
while (NULL != (group_def = (GroupDef*)HTList_nextObject(cur))) {
351
if (!strcmp(group_name, group_def->group_name)) {
360
PUBLIC void HTAA_resolveGroupReferences ARGS2(GroupDef *, group_def,
361
GroupDefList *, group_def_list)
363
if (group_def && group_def->item_list && group_def_list) {
364
ItemList *cur1 = group_def->item_list;
367
while (NULL != (item = (Item*)HTList_nextObject(cur1))) {
368
UserDefList *cur2 = item->user_def_list;
371
while (NULL != (ref = (Ref*)HTList_nextObject(cur2)))
372
ref->translation = find_group_def(group_def_list, ref->name);
374
/* Does NOT translate address_def_list */
380
PRIVATE void add_group_def ARGS2(GroupDefList *, group_def_list,
381
GroupDef *, group_def)
383
HTAA_resolveGroupReferences(group_def, group_def_list);
384
HTList_addObject(group_def_list, (void*)group_def);
388
PRIVATE GroupDefList *parse_group_file ARGS1(FILE *, fp)
390
GroupDefList *group_def_list = HTList_new();
393
while (NULL != (group_def = parse_group_decl(fp)))
394
add_group_def(group_def_list, group_def);
396
return group_def_list;
404
PRIVATE void print_item ARGS1(Item *, item)
407
fprintf(tfp, "\tNULL-ITEM\n");
409
UserDefList *cur1 = item->user_def_list;
410
AddressDefList *cur2 = item->address_def_list;
411
Ref *user_ref = (Ref*)HTList_nextObject(cur1);
412
Ref *addr_ref = (Ref*)HTList_nextObject(cur2);
415
fprintf(tfp, "\t[%s%s", user_ref->name,
416
(user_ref->translation ? "*REF*" : ""));
417
while (NULL != (user_ref = (Ref*)HTList_nextObject(cur1)))
418
fprintf(tfp, "; %s%s", user_ref->name,
419
(user_ref->translation ? "*REF*" : ""));
421
} else fprintf(tfp, "\tANYBODY ");
424
fprintf(tfp, "@ [%s", addr_ref->name);
425
while (NULL != (addr_ref = (Ref*)HTList_nextObject(cur2)))
426
fprintf(tfp, "; %s", addr_ref->name);
428
} else fprintf(tfp, "@ ANYADDRESS\n");
433
PRIVATE void print_item_list ARGS1(ItemList *, item_list)
435
ItemList *cur = item_list;
439
fprintf(tfp, "EMPTY");
440
else while (NULL != (item = (Item*)HTList_nextObject(cur)))
445
PUBLIC void HTAA_printGroupDef ARGS1(GroupDef *, group_def)
448
fprintf(tfp, "\nNULL RECORD\n");
452
fprintf(tfp, "\nGroup %s:\n",
453
(group_def->group_name ? group_def->group_name : "NULL"));
455
print_item_list(group_def->item_list);
460
PRIVATE void print_group_def_list ARGS1(GroupDefList *, group_list)
462
GroupDefList *cur = group_list;
465
while (NULL != (group_def = (GroupDef*)HTList_nextObject(cur)))
466
HTAA_printGroupDef(group_def);
472
** IP address template matching
475
/* PRIVATE part_match()
476
** MATCH ONE PART OF INET ADDRESS AGAIST
477
** A PART OF MASK (inet address has 4 parts)
479
** tcur pointer to the beginning of template part.
480
** icur pointer to the beginning of actual inet
484
** returns YES, if match.
486
PRIVATE BOOL part_match ARGS2(CONST char *, tcur,
495
if (!tcur || !icur) return NO;
499
while (cnt < 3 && *cur && *cur != '.')
500
required[cnt++] = *(cur++);
501
required[cnt] = (char)0;
505
while (cnt < 3 && *cur && *cur != '.')
506
actual[cnt++] = *(cur++);
507
actual[cnt] = (char)0;
509
status = HTAA_templateMatch(required, actual);
510
CTRACE((tfp, "part_match: req: '%s' act: '%s' match: %s\n",
511
required, actual, (status ? "yes" : "no")));
518
/* PRIVATE ip_number_match()
519
** MATCH INET NUMBER AGAINST AN INET NUMBER MASK
521
** template mask to match agaist, e.g., 128.141.*.*
522
** the_inet_addr actual inet address, e.g., 128.141.201.74
525
** returns YES, if match; NO, if not.
527
PRIVATE BOOL ip_number_match ARGS2(CONST char *, template,
528
CONST char *, the_inet_addr)
530
CONST char *tcur = template;
531
CONST char *icur = the_inet_addr;
534
for (cnt=0; cnt<4; cnt++) {
535
if (!tcur || !icur || !part_match(tcur, icur))
537
if (NULL != (tcur = strchr(tcur, '.'))) tcur++;
538
if (NULL != (icur = strchr(icur, '.'))) icur++;
545
/* PRIVATE is_domain_mask()
546
** DETERMINE IF A GIVEN MASK IS A
547
** DOMAIN NAME MASK OR AN INET NUMBER MASK
549
** mask either a domain name mask,
553
** or an inet number mask,
558
** returns YES, if mask is a domain name mask.
559
** NO, if it is an inet number mask.
561
PRIVATE BOOL is_domain_mask ARGS1(CONST char *, mask)
563
CONST char *cur = mask;
565
if (!mask) return NO;
568
if (*cur != '.' && *cur != '*' && (*cur < '0' || *cur > '9'))
569
return YES; /* Even one non-digit makes it a domain name mask */
572
return NO; /* All digits and dots, so it is an inet number mask */
577
/* PRIVATE ip_mask_match()
578
** MATCH AN IP NUMBER MASK OR IP NAME MASK
579
** AGAINST ACTUAL IP NUMBER OR IP NAME
582
** mask mask. Mask may be either an inet number
583
** mask or a domain name mask,
589
** ip_number IP number of connecting host.
590
** ip_name IP name of the connecting host.
593
** returns YES, if hostname/internet number
595
** NO, if no match (no fire).
597
PRIVATE BOOL ip_mask_match ARGS3(CONST char *, mask,
598
CONST char *, ip_number,
599
CONST char *, ip_name)
601
if (mask && (ip_number || ip_name)) {
602
if (is_domain_mask(mask)) {
603
if (HTAA_templateMatch(mask, ip_name))
607
if (ip_number_match(mask, ip_number))
617
PRIVATE BOOL ip_in_def_list ARGS3(AddressDefList *, address_def_list,
621
if (address_def_list && (ip_number || ip_name)) {
622
AddressDefList *cur = address_def_list;
625
while (NULL != (ref = (Ref*)HTList_nextObject(cur))) {
626
/* Value of ref->translation is ignored, i.e., */
627
/* no recursion for ip address tamplates. */
628
if (ip_mask_match(ref->name, ip_number, ip_name))
637
** Group file cached reading
641
char * group_filename;
642
GroupDefList * group_list;
645
typedef HTList GroupCacheList;
647
PRIVATE GroupCacheList *group_cache_list = NULL;
650
PUBLIC GroupDefList *HTAA_readGroupFile ARGS1(CONST char *, filename)
653
GroupCache *group_cache;
655
if (isEmpty(filename)) return NULL;
657
if (!group_cache_list)
658
group_cache_list = HTList_new();
660
GroupCacheList *cur = group_cache_list;
662
while (NULL != (group_cache = (GroupCache*)HTList_nextObject(cur))) {
663
if (!strcmp(filename, group_cache->group_filename)) {
664
CTRACE((tfp, "%s '%s' %s\n",
665
"HTAA_readGroupFile: group file",
666
filename, "already found in cache"));
667
return group_cache->group_list;
668
} /* if cache match */
669
} /* while cached files remain */
672
CTRACE((tfp, "HTAA_readGroupFile: reading group file `%s'\n",
675
if (!(fp = fopen(filename, TXT_R))) {
676
CTRACE((tfp, "%s '%s'\n",
677
"HTAA_readGroupFile: unable to open group file",
682
if ((group_cache = typecalloc(GroupCache)) == 0)
683
outofmem(__FILE__, "HTAA_readGroupFile");
685
group_cache->group_filename = NULL;
686
StrAllocCopy(group_cache->group_filename, filename);
687
group_cache->group_list = parse_group_file(fp);
688
HTList_addObject(group_cache_list, (void*)group_cache);
691
CTRACE((tfp, "Read group file '%s', results follow:\n", filename));
693
print_group_def_list(group_cache->group_list);
695
return group_cache->group_list;
699
/* PUBLIC HTAA_userAndInetInGroup()
700
** CHECK IF USER BELONGS TO TO A GIVEN GROUP
701
** AND THAT THE CONNECTION COMES FROM AN
702
** ADDRESS THAT IS ALLOWED BY THAT GROUP
704
** group the group definition structure.
705
** username connecting user.
706
** ip_number browser host IP number, optional.
707
** ip_name browser host IP name, optional.
708
** However, one of ip_number or ip_name
711
** returns HTAA_IP_MASK, if IP address mask was
712
** reason for failing.
713
** HTAA_NOT_MEMBER, if user does not belong
715
** HTAA_OK if both IP address and user are ok.
717
PUBLIC HTAAFailReasonType HTAA_userAndInetInGroup ARGS4(GroupDef *, group,
722
HTAAFailReasonType reason = HTAA_NOT_MEMBER;
724
if (group && username) {
725
ItemList *cur1 = group->item_list;
728
while (NULL != (item = (Item*)HTList_nextObject(cur1))) {
729
if (!item->address_def_list || /* Any address allowed */
730
ip_in_def_list(item->address_def_list, ip_number, ip_name)) {
732
if (!item->user_def_list) /* Any user allowed */
735
UserDefList *cur2 = item->user_def_list;
738
while (NULL != (ref = (Ref*)HTList_nextObject(cur2))) {
740
if (ref->translation) { /* Group, check recursively */
741
reason = HTAA_userAndInetInGroup(ref->translation,
744
if (reason == HTAA_OK)
747
else { /* Username, check directly */
748
if (username && *username &&
749
0==strcmp(ref->name, username))
752
} /* Every user/group name in this group */
753
} /* search for username */
754
} /* IP address ok */
756
reason = HTAA_IP_MASK;
758
} /* while items in group */
759
} /* valid parameters */
761
return reason; /* No match, or invalid parameters */
765
PUBLIC void GroupDef_delete ARGS1(GroupDef *, group_def)
768
FREE(group_def->group_name);
769
if (group_def->item_list) {
770
HTList_delete(group_def->item_list); /* @@@@ */
771
group_def->item_list = NULL;