149510

Remove files that aren't needed.

include/Makefile

@@ -1,85 +0,0 @@
-#
-# BEGIN COPYRIGHT BLOCK
-# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
-# All rights reserved.
-# END COPYRIGHT BLOCK
-#
-# Makefile for netsite.h
-
-BUILD_ROOT = ..
-MODULE=netsiteInclude
-
-include $(BUILD_ROOT)/nsdefs.mk
-
-HDRDEST=$(OBJDIR)/include
-
-NSPRDEST=$(HDRDEST)
-NSPRHDRS= \
-	prio.h \
-	prlong.h \
-	prtypes.h \
-	prtime.h \
-	prthread.h \
-	prinrval.h \
-	md/prcpucfg.h \
-	obsolete/protypes.h
-
-NSPRBINS=$(addprefix $(NSPRDEST)/, $(NSPRHDRS))
-
-PREFIX=copyrght.h
-
-
-NOSTDSTRIP=true
-NOSTDDEPEND=true
-
-HDRS=netsite.h version.h
-
-BINS=$(addprefix $(HDRDEST)/,$(HDRS))
-
-all: stuff nspr
-
-strip:
-depend:
-
-include $(BUILD_ROOT)/nsconfig.mk
-
-ifeq ($(NSAPI_CAPABLE), true)
-
-stuff: $(HDRDEST) $(BINS) sub-hdrs
-
-$(HDRDEST):
-	mkdir -p $(HDRDEST)
-
-ifeq ($(PRODUCT), "Netscape Proxy Server")
-sub-hdrs:
-	cd base; gmake
-	cd frame; gmake
-	cd libproxy; gmake
-else
-sub-hdrs:
-	cd base; gmake
-	cd frame; gmake
-endif
-
-$(HDRDEST)/%.h: %.h
-	cat $(PREFIX) $< > $(HDRDEST)/$*.h
-
-else
-stuff:
-
-endif
-
-$(NSPRDEST): 
-	mkdir -p $(NSPRDEST)
-
-$(NSPRDEST)/md: $(NSPRDEST)
-	mkdir -p $(NSPRDEST)/md
-
-$(NSPRDEST)/obsolete: $(NSPRDEST)
-	mkdir -p $(NSPRDEST)/obsolete
-
-$(NSPRDEST)/%.h: 
-	cp $(NSCP_DISTDIR)/include/nspr20/pr/$*.h $(NSPRDEST)/$*.h
-
-nspr: $(NSPRDEST)/md $(NSPRDEST)/obsolete $(NSPRBINS)

include/base/Makefile

@@ -1,40 +0,0 @@
-#
-# BEGIN COPYRIGHT BLOCK
-# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
-# All rights reserved.
-# END COPYRIGHT BLOCK
-#
-# Makefile for netsite.h
-
-BUILD_ROOT = ../..
-MODULE=netsiteIncludeBase
-
-include $(BUILD_ROOT)/nsdefs.mk
-
-HDRDEST=$(OBJDIR)/include/base
-
-PREFIX=../copyrght.h
-
-
-NOSTDSTRIP=true
-NOSTDDEPEND=true
-
-#HDRS=$(wildcard *.h)
-HDRS=daemon.h cinfo.h crit.h ereport.h buffer.h net.h pblock.h sem.h session.h shexp.h shmem.h systhr.h util.h file.h pool.h regexp.h systems.h
-
-
-BINS=$(addprefix $(HDRDEST)/,$(HDRS))
-
-all: $(HDRDEST) $(BINS)
-
-$(HDRDEST):
-	mkdir -p $(HDRDEST)
-
-strip:
-depend:
-
-include $(BUILD_ROOT)/nsconfig.mk
-
-$(HDRDEST)/%.h: %.h
-	cat $(PREFIX) $< > $(HDRDEST)/$*.h

include/copyrght.h

@@ -1,6 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-

include/libaccess/acladmin.h

@@ -1,79 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __acladmin_h
-#define __acladmin_h
-
-
-/*
- * Description (acladmin.h)
- *
- *	This file describes the interface to access control list (ACL)
- *	administration functions.  This interface provides mechanisms
- *	for inspecting, modifying, and writing out in text form ACL
- *	structures.
- */
-
-#include "aclstruct.h"
-
-NSPR_BEGIN_EXTERN_C
-
-/* Flags used for various functions */
-#define ACLF_NPREFIX	0x1		/* ACL name string is a name prefix */
-#define ACLF_REXACT	0x2		/* rights must match exactly */
-#define ACLF_RALL	0x4		/* must have all specified rights */
-
-/* Functions in acladmin.c */
-extern NSAPI_PUBLIC int aclDNSAddHost(char * newhost,
-				      char ***alist, int * asize);
-extern NSAPI_PUBLIC int aclDNSAddAliases(char * host,
-					 char ***alist, int * asize);
-extern NSAPI_PUBLIC int aclDNSPutHost(char * hname, int fqdn, int aliases,
-				      char ***alist, int * asize);
-extern NSAPI_PUBLIC int aclFindByName(ACContext_t * acc, char * aclname,
-			 char **rights, int flags, ACL_t **pacl);
-extern NSAPI_PUBLIC char * aclGetAuthMethod(ACL_t * acl, int dirno);
-extern NSAPI_PUBLIC char * aclGetDatabase(ACL_t * acl, int dirno);
-extern NSAPI_PUBLIC char **aclGetHosts(ACL_t * acl, int dirno, int clsno);
-extern NSAPI_PUBLIC char * aclGetPrompt(ACL_t * acl, int dirno);
-extern NSAPI_PUBLIC char **aclGetRights(ACL_t * acl);
-extern NSAPI_PUBLIC unsigned long aclGetRightsMask(ACContext_t * acc, char **rlist);
-extern NSAPI_PUBLIC char * aclGetSignature(ACL_t * acl);
-extern NSAPI_PUBLIC char **aclGetUsers(ACL_t * acl, int dirno, int clsno);
-extern NSAPI_PUBLIC int aclDNSFilterStrings(char **list, DNSFilter_t * dnf);
-extern NSAPI_PUBLIC int aclIPFilterStrings(char **list, IPFilter_t * ipf);
-extern NSAPI_PUBLIC int aclIdsToNames(char **list,
-			 USIList_t * uilptr, int uflag, Realm_t * rlm);
-extern NSAPI_PUBLIC int aclMakeNew(ACContext_t * acc, char * aclsig, char * aclname,
-		      char **rights, int flags, ACL_t **pacl);
-extern NSAPI_PUBLIC int aclPutAllowDeny(NSErr_t * errp, ACL_t * acl,
-			   int always, int allow, char **users, char **hosts);
-extern NSAPI_PUBLIC int aclPutAuth(NSErr_t * errp, ACL_t * acl,
-		      int always, int amethod, char * dbname, char * prompt);
-extern NSAPI_PUBLIC char * aclSafeIdent(char * str);
-extern NSAPI_PUBLIC int aclSetRights(ACL_t * acl, char **rights, int replace);
-extern NSAPI_PUBLIC int accWriteFile(ACContext_t * acc, char * filename, int flags);
-extern NSAPI_PUBLIC int aclStringGet(LEXStream_t * lst);
-extern NSAPI_PUBLIC int aclStringOpen(NSErr_t * errp,
-			 int slen, char * sptr, int flags, ACLFile_t **pacf);
-extern NSAPI_PUBLIC int aclCheckUsers(NSErr_t * errp, char * dbpath, char * usernames,
-			 char * groupnames, char ***uglist, char ***badulist,
-			 char ***badglist);
-extern NSAPI_PUBLIC int aclCheckHosts(NSErr_t * errp,
-			 int hexpand, char * dnsspecs, char * ipspecs,
-			 char ***hlist, char ***baddns, char ***badip);
-
-#ifdef NOTDEF
-extern int aclSetAuthMethod(ACL_t * acl, int dirno, char * amethod);
-extern int aclSetDatabase(ACL_t * acl, int dirno, char * dbname);
-extern int aclSetExecOptions(ACL_t * acl, char **options);
-extern int aclSetHosts(ACL_t * acl, int dirno, char **hostlist);
-extern int aclSetPrompt(ACL_t * acl, int dirno, char * prompt);
-extern int aclSetUsers(ACL_t * acl, int dirno, char **userlist);
-#endif /* NOTDEF */
-
-NSPR_END_EXTERN_C
-
-#endif /* __acladmin_h */

include/libaccess/aclbuild.h

@@ -1,56 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __aclbuild_h
-#define __aclbuild_h
-
-/*
- * Description (aclbuild.h)
- *
- *	This file describes the interface to a module which provides
- *	functions for building Access Control List (ACL) structures
- *	in memory.
- */
-
-#include "usi.h"
-#include "nserror.h"
-#include "aclstruct.h"
-
-/* Define flags for aclAuthNameAdd() return value */
-#define ANA_GROUP	0x1		/* name matches group name */
-#define ANA_USER	0x2		/* name matches user name */
-#define ANA_DUP		0x4		/* name already in AuthNode_t */
-
-NSPR_BEGIN_EXTERN_C
-
-/* Functions in aclbuild.c */
-extern int accCreate(NSErr_t * errp, void * stp, ACContext_t **pacc);
-extern void accDestroy(ACContext_t * acc, int flags);
-extern int accDestroySym(Symbol_t * sym, void * argp);
-extern int accReadFile(NSErr_t * errp, char * aclfile, ACContext_t **pacc);
-extern int aclAuthDNSAdd(HostSpec_t **hspp, char * dnsspec, int fqdn);
-extern int aclAuthIPAdd(HostSpec_t **hspp, IPAddr_t ipaddr, IPAddr_t netmask);
-extern int aclAuthNameAdd(NSErr_t * errp, UserSpec_t * usp,
-			  Realm_t * rlm, char * name);
-extern ACClients_t * aclClientsDirCreate();
-extern int aclCreate(NSErr_t * errp,
-		     ACContext_t * acc, char * aclname, ACL_t **pacl);
-extern void aclDestroy(ACL_t * acl);
-extern void aclDelete(ACL_t * acl);
-extern int aclDirectiveAdd(ACL_t * acl, ACDirective_t * acd);
-extern ACDirective_t * aclDirectiveCreate();
-extern void aclDirectiveDestroy(ACDirective_t * acd);
-extern int aclDNSSpecDestroy(Symbol_t * sym, void * parg);
-extern void aclHostSpecDestroy(HostSpec_t * hsp);
-extern void aclRealmSpecDestroy(RealmSpec_t * rsp);
-extern int aclRightDef(NSErr_t * errp,
-		       ACContext_t * acc, char * rname, RightDef_t **prd);
-extern void aclRightSpecDestroy(RightSpec_t * rsp);
-extern UserSpec_t * aclUserSpecCreate();
-extern void aclUserSpecDestroy(UserSpec_t * usp);
-
-NSPR_END_EXTERN_C
-
-#endif /* __aclbuild_h */

include/libaccess/aclparse.h

@@ -1,112 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __aclparse_h
-#define __aclparse_h
-
-/*
- * Description (aclparse.h)
- *
- *	This file describes the interface to a parser for files
- *	containing Access Control List (ACL) definitions.  The parser
- *	uses the services of the aclbuild module to construct an
- *	in-memory representation of the ACLs it parses.
- */
-
-#include "nserror.h"
-#include "aclbuild.h"
-
-/* Define keywords */
-#define KEYWORD_ACL	"acl"
-#define KEYWORD_ALL	"all"
-#define KEYWORD_ALLOW	"allow"
-#define KEYWORD_ANY	"anyone"
-#define KEYWORD_AT	"at"
-#define KEYWORD_AUTH	"authenticate"
-#define KEYWORD_BASIC	"basic"
-#define KEYWORD_DATABASE "database"
-#define KEYWORD_DEFAULT	"default"
-#define KEYWORD_DENY	"deny"
-#define KEYWORD_EXECUTE	"execute"
-#define KEYWORD_HOSTS	"hosts"
-#define KEYWORD_IF	"if"
-#define KEYWORD_IN	"in"
-#define KEYWORD_INCLUDE	"include"
-#define KEYWORD_METHOD	"method"
-#define KEYWORD_PROMPT	"prompt"
-#define KEYWORD_REALM	"realm"
-#define KEYWORD_RIGHTS	"rights"
-#define KEYWORD_SSL	"ssl"
-
-/* Define character classes */
-#define CCM_WS		0x1	/* whitespace */
-#define CCM_NL		0x2	/* newline */
-#define CCM_SPECIAL	0x4	/* special characters */
-#define CCM_DIGIT	0x8	/* digits */
-#define CCM_LETTER	0x10	/* letters */
-#define CCM_HYPHEN	0x20	/* hyphen */
-#define CCM_USCORE	0x40	/* underscore */
-#define CCM_FILESPEC	0x80	/* filename special characters */
-
-#define CCM_HYPUND	(CCM_HYPHEN|CCM_USCORE)
-#define CCM_IDENT	(CCM_LETTER|CCM_DIGIT|CCM_HYPUND)
-#define CCM_FILENAME	(CCM_LETTER|CCM_DIGIT|CCM_FILESPEC)
-
-/* Define token numbers */
-#define TOKEN_ERROR	-1	/* error in reading data stream */
-#define TOKEN_EOF	0	/* end-of-file */
-#define TOKEN_EOS	1	/* end-of-statement */
-#define TOKEN_IDENT	2	/* identifier */
-#define TOKEN_NUMBER	3	/* number */
-#define TOKEN_COMMA	4	/* comma */
-#define TOKEN_SEMI	5	/* semicolon */
-#define TOKEN_PERIOD	6	/* period */
-#define TOKEN_LPAREN	7	/* left parenthesis */
-#define TOKEN_RPAREN	8	/* right parenthesis */
-#define TOKEN_LBRACE	9	/* left brace */
-#define TOKEN_RBRACE	10	/* right brace */
-#define TOKEN_AT	11	/* at sign */
-#define TOKEN_PLUS	12	/* plus sign */
-#define TOKEN_STAR	13	/* asterisk */
-#define TOKEN_STRING	14	/* quoted string */
-#define TOKEN_HUH	15	/* unrecognized input */
-
-/* Define flags bits for aclGetToken() */
-#define AGT_NOSKIP	0x1		/* don't skip leading whitespace */
-#define AGT_APPEND	0x2		/* append next to token buffer */
-
-NSPR_BEGIN_EXTERN_C
-
-extern void * aclChTab;			/* character table for ACL parsing */
-
-/* Functions in aclparse.c */
-extern int aclAuthListParse(NSErr_t * errp, ACLFile_t * acf,
-			    ACContext_t * acc, Realm_t * rlm,
-			    ACClients_t **clsp);
-extern int aclAuthHostsParse(NSErr_t * errp, ACLFile_t * acf,
-			     ACContext_t * acc, HostSpec_t **hspp);
-extern int aclAuthUsersParse(NSErr_t * errp, ACLFile_t * acf,
-			     Realm_t * rlm, UserSpec_t **uspp, char ***elist);
-extern int aclDirectivesParse(NSErr_t * errp, ACLFile_t * acf, ACL_t * acl);
-extern int aclACLParse(NSErr_t * errp,
-		       ACLFile_t * acf, ACContext_t * acc, int flags);
-extern void aclFileClose(ACLFile_t * acf, int flags);
-extern int aclFileOpen(NSErr_t * errp,
-		       char * filename, int flags, ACLFile_t **pacf);
-extern int aclGetDNSString(NSErr_t * errp, ACLFile_t * acf);
-extern int aclGetFileSpec(NSErr_t * errp, ACLFile_t * acf, int flags);
-extern int aclGetIPAddr(NSErr_t * errp,
-			ACLFile_t * acf, IPAddr_t * pip, IPAddr_t * pmask);
-extern int aclGetToken(NSErr_t * errp, ACLFile_t * acf, int flags);
-extern int aclParseInit();
-extern int aclRealmSpecParse(NSErr_t * errp, ACLFile_t * acf,
-			     ACContext_t * acc, RealmSpec_t **rspp);
-extern int aclRightsParse(NSErr_t * errp, ACLFile_t * acf, ACContext_t * acc,
-			  RightSpec_t **rights);
-extern int aclStreamGet(LEXStream_t * lst);
-
-NSPR_END_EXTERN_C
-
-#endif /* __aclparse_h */

include/libaccess/ava.h

@@ -1,40 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef _ava_h
-#define _ava_h
-
-#define ENTRIES_ALLOCSIZE 100
-#define ORGS_ALLOCSIZE    15
-
-
-#ifdef XP_WIN32
-#define NSAPI_PUBLIC __declspec(dllexport)
-#else /* !XP_WIN32 */
-#define NSAPI_PUBLIC
-#endif
-
-
-typedef struct {
-  char *email;
-  char *locality;
-  char *userid; 
-  char *state;
-  char *country;
-  char *company;
-  int numOrgs;
-  char **organizations;
-  char *CNEntry;
-} AVAEntry;
-
-typedef struct {
-  char *userdb;
-  int numEntries;
-  AVAEntry **enteredTable; 
-} AVATable;
-
-
-#endif
-

include/libaccess/avadb.h

@@ -1,15 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef _avadb_h_
-#define _avadb_h_
-
-#define USE_NSAPI 
-
-USE_NSAPI int   AddEntry    (char *key, char *value);
-USE_NSAPI int   DeleteEntry (char *key);
-USE_NSAPI char *GetValue    (char *key);
-
-#endif /*_avadb_h_*/

include/libaccess/avapfile.h

@@ -1,59 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef _avaparsedfiles_h_
-#define _avaparsedfiles_h_
-
-#include "libaccess/ava.h"
-#include "frame/req.h"
-#include "base/session.h"
-
-#define AUTH_DB_FILE "AvaCertmap"
-#define AVADB_TAG    "avadb"
-#define AVA_DB_SEL   "ava_db_sel" /*Variable name used in
-				   *outputAVAdbs
-				   */
-
-
-extern void outputAVAdbs (char *chosen); /*Outputs the selector of auth databases
-					  *and makes it so that the form submits 
-					  *when onChange event occurs. 
-					  */
-
-
-/*For the following 3 functions, enter the full path of 
- *ava database file includint tag and filename
- */
-/*Before calling _getTable, initializa yy_sn and yy_rq.  Set to NULL if no
- *Session* or Request* variables exist and an error will be reported with 
- *function report_error(libamin.h).  Otherwise error will be logged into
- *the server's error log
- */
-extern AVATable *_getTable (char *avadbfile);
-extern AVATable *_wasParsed (char *avadbfile);/*Assumes a call to yyparse was just
-					       *completed
-					       */
-extern int _hasBeenParsed (char *avadbfile);/*Check if _getTable returns NULL or not*/
-
-extern AVAEntry* _getAVAEntry (char *groupid, AVATable *table);
-extern AVAEntry* _deleteAVAEntry (char *groupid, AVATable *table);
-extern void _addAVAtoTable (AVAEntry *entry, AVATable *table);
-extern void AVAEntry_Free (AVAEntry *entry);
-
-/*Functions for writing out files*/
-extern void PrintHeader (FILE *outfile);
-extern void writeOutFile (char *avadbfilename, AVATable *table);
-
-
-extern int yyparse();
-extern FILE *yyin;
-
-extern char *currFile;
-
-extern Session *yy_sn;
-extern Request *yy_rq;
-
-
-#endif /*_avaparsedfiles_h_*/

include/libaccess/nsadb.h

@@ -1,87 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __nsadb_h
-#define __nsadb_h
-
-/*
- * Description (nsadb.h)
- *
- *	This file describes the interface for retrieving information
- *	from a Netscape authentication database.  This facility is
- *	built on top of the Netscape (server) database interface as
- *	defined in nsdb.h.  It represents a subclass of a more general
- *	authentication database interface defined in nsauth.h.
- */
-
-#include "nserror.h"		/* error frame list support */
-#include "nsautherr.h"		/* authentication error codes */
-#include "nsauth.h"
-
-/* Begin private definitions */
-#ifdef __PRIVATE_NSADB
-
-#include "nsdb.h"
-
-#if defined(CLIENT_AUTH)
-#define ADBDBNAMES	3		/* number of named files */
-#else
-#define ADBDBNAMES	2		/* number of named files */
-#endif
-#define ADBUSERDBNAME	"Users"		/* name of user database */
-#define ADBGROUPDBNAME	"Groups"	/* name of group database */
-#if defined(CLIENT_AUTH)
-#define ADBCERTDBNAME	"Certs"		/* name of certificate mapping DB */
-#define ADBUMAPDBNAME	"Certs.nm"	/* name of mapped user names DB */
-#endif
-
-typedef struct AuthDB_s AuthDB_t;
-struct AuthDB_s {
-    char * adb_dbname;			/* database name */
-    void * adb_userdb;			/* handle for user database */
-    void * adb_groupdb;			/* handle for group database */
-#if defined(CLIENT_AUTH)
-    void * adb_certdb;			/* handle for cert mapping database */
-    void * adb_certlock;		/* lock for cert mapping database */
-    void * adb_certnm;			/* handle for username-to-certid DB */
-#endif
-    int adb_flags;			/* flags */
-};
-
-/* Definitions for adb_flags (also used on nsadbOpenXxxx() calls) */
-#define ADBF_NEW	0x1		/* newly created database */
-#define ADBF_UREAD	0x10		/* user database open for read */
-#define ADBF_UWRITE	0x20		/* user database open for write */
-#define ADBF_GREAD	0x100		/* group database open for read */
-#define ADBF_GWRITE	0x200		/* group database open for write */
-#define ADBF_CREAD	0x1000		/* cert database open for read */
-#define ADBF_CWRITE	0x2000		/* cert database open for write */
-#endif /* __PRIVATE_NSADB */
-
-NSPR_BEGIN_EXTERN_C
-
-/* Functions in nsadb.c */
-extern NSAPI_PUBLIC int nsadbOpen(NSErr_t * errp,
-				  char * adbname, int flags, void **rptr);
-extern NSAPI_PUBLIC void nsadbClose(void * authdb, int flags);
-extern NSAPI_PUBLIC int nsadbOpenUsers(NSErr_t * errp,
-				       void * authdb, int flags);
-extern NSAPI_PUBLIC int nsadbOpenGroups(NSErr_t * errp,
-					void * authdb, int flags);
-extern NSAPI_PUBLIC int nsadbIdToName(NSErr_t * errp, void * authdb,
-				      USI_t id, int flags, char **rptr);
-extern NSAPI_PUBLIC int nsadbFindByName(NSErr_t * errp, void * authdb,
-					char * name, int flags, void **rptr);
-
-#if defined(CLIENT_AUTH)
-#include "nscert.h"
-#endif
-
-/* Authentication database interface structure in nsadb.c */
-extern AuthIF_t NSADB_AuthIF;
-
-NSPR_END_EXTERN_C
-
-#endif /* __nsadb_h */

include/libaccess/nsamgmt.h

@@ -1,122 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __nsamgmt_h
-#define __nsamgmt_h
-
-/*
- * Description (nsamgmt.h)
- *
- *	This file defines the interface for managing information in a
- *	Netscape authentication database.  An authentication database
- *	consists of a user database and a group database.  This
- *	implementation of an authentication database based on Netscape
- *	user and group databases defined in nsuser.h and nsgroup.h,
- *	which in turn are based on the Netscape (server) database
- *	implementation defined in nsdb.h.  The interface for retrieving
- *	information from an authentication database is described
- *	separately in nsadb.h.
- */
-
-#include "nsadb.h"
-
-/* Flags used in enumeration call-back function return value */
-#define ADBF_KEEPOBJ	0x1		/* do not free user or group object */
-#define ADBF_STOPENUM	0x2		/* stop the enumeration */
-
-NSPR_BEGIN_EXTERN_C
-
-/* Functions in nsamgmt.c */
-NSAPI_PUBLIC extern int nsadbAddGroupToGroup(NSErr_t * errp, void * authdb,
-					     GroupObj_t * pgoptr,
-					     GroupObj_t * cgoptr);
-
-NSAPI_PUBLIC extern int nsadbAddUserToGroup(NSErr_t * errp, void * authdb,
-					    GroupObj_t * goptr,
-					    UserObj_t * uoptr);
-
-NSAPI_PUBLIC extern int nsadbCreateGroup(NSErr_t * errp,
-					 void * authdb, GroupObj_t * goptr);
-
-NSAPI_PUBLIC extern int nsadbCreateUser(NSErr_t * errp,
-					void * authdb, UserObj_t * uoptr);
-
-/*
-for ANSI C++ standard on SCO UDK must typedef fn in arg list, otherwise fn
-name is managled
-*/
-
-#ifdef UnixWare
-typedef int(*ArgFn_EnumUsers)(NSErr_t * ferrp, void * authdb, void * parg,
-                 UserObj_t * uoptr);
-
-NSAPI_PUBLIC extern int nsadbEnumerateUsers(NSErr_t * errp, void * authdb,
-					void * argp, ArgFn_EnumUsers);
-#else /* UnixWare */
-NSAPI_PUBLIC extern int nsadbEnumerateUsers(NSErr_t * errp, void * authdb,
-					    void * argp,
-					    int (*func)(NSErr_t * ferrp,
-							void * authdb,
-							void * parg,
-							UserObj_t * uoptr));
-#endif /* UnixWare */
- 
-#ifdef UnixWare
-typedef int(*ArgFn_EnumGroups)(NSErr_t * ferrp, void * authdb, void * parg,
-                 GroupObj_t * goptr);
-NSAPI_PUBLIC extern int nsadbEnumerateGroups(NSErr_t * errp,
-						void * authdb, void * argp,
-                       				ArgFn_EnumGroups);
-#else /* UnixWare */
-NSAPI_PUBLIC extern int nsadbEnumerateGroups(NSErr_t * errp,
-                                             void * authdb, void * argp,
-					     int (*func)(NSErr_t * ferrp,
-							 void * authdb,
-							 void * parg,
-							 GroupObj_t * goptr));
-#endif /* UnixWare */
-
-NSAPI_PUBLIC extern int nsadbIsUserInGroup(NSErr_t * errp, void * authdb,
-					   USI_t uid, USI_t gid,
-					   int ngroups, USI_t * grplist);
-
-NSAPI_PUBLIC extern int nsadbModifyGroup(NSErr_t * errp,
-					 void * authdb, GroupObj_t * goptr);
-
-NSAPI_PUBLIC extern int nsadbModifyUser(NSErr_t * errp,
-					void * authdb, UserObj_t * uoptr);
-
-NSAPI_PUBLIC extern int nsadbRemoveGroup(NSErr_t * errp,
-					 void * authdb, char * name);
-
-NSAPI_PUBLIC extern int nsadbRemoveUser(NSErr_t * errp,
-					void * authdb, char * name);
-
-NSAPI_PUBLIC extern int nsadbRemGroupFromGroup(NSErr_t * errp, void * authdb,
-					       GroupObj_t * pgoptr,
-					       GroupObj_t * cgoptr);
-
-NSAPI_PUBLIC extern int nsadbRemUserFromGroup(NSErr_t * errp, void * authdb,
-					      GroupObj_t * goptr,
-					      UserObj_t * uoptr);
-
-NSAPI_PUBLIC extern int nsadbSuperGroups(NSErr_t * errp, void * authdb,
-					 GroupObj_t * goptr,
-					 USIList_t * gsuper);
-
-
-NSPR_END_EXTERN_C
-
-#if defined(CLIENT_AUTH)
-
-/* Removed for new ns security integration
-#include <sec.h>
-*/
-#include <key.h>
-#include <cert.h>
-
-#endif /* defined(CLIENT_AUTH) */
-
-#endif /* __nsamgmt_h */

include/libaccess/nscert.h

@@ -1,102 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __nscert_h
-#define __nscert_h
-
-/*
- * Description (nscert.h)
- *
- *	This file describes the interface for accessing and storing
- *	information in a Netscape client certificate to username
- *	database.  This facility is built on top of the Netscape
- *	(server) database interface as defined in nsdb.h.  
- */
-
-#include <libaccess/nserror.h>		/* error frame list support */
-#include <libaccess/nsautherr.h>	/* authentication error codes */
-#include <libaccess/nsauth.h>
-
-#include <prtypes.h>
-/* Removed for new ns security integration
-#include <sec.h>
-*/
-#include <cert.h>
-
-#if defined(CLIENT_AUTH)
-
-/* Certificate to user record attribute tags */
-#define CAT_USERNAME	0x61		/* username associated with cert */
-#define CAT_CERTID	0x62		/* id assigned to cert */
-
-/* Attribute tags used in certificate key encoding */
-#define KAT_ISSUER	0x01		/* issuer DER */
-#define KAT_SUBJECT	0x02		/* subject DER */
-
-typedef struct CertObj_s CertObj_t;
-struct CertObj_s {
-    SECItem co_issuer;		/* issuing authority */
-    SECItem co_subject;		/* certicate's subject */
-    char * co_username;		/* the local name it mapps to */
-    USI_t co_certid;		/* internal id for this client certificate */
-};
-
-typedef int (*CertEnumCallback)(NSErr_t * ferrp, void * authdb,
-				void * argp, CertObj_t * coptr);
-    
-NSPR_BEGIN_EXTERN_C
-
-extern NSAPI_PUBLIC int nsadbCertInitialize(void);
-
-extern NSAPI_PUBLIC int nsadbDecodeCertKey(int keylen, char * keyptr,
-					   SECItem * issuer,
-					   SECItem * subject);
-
-extern NSAPI_PUBLIC int nsadbDecodeCertRec(int reclen, char * recptr,
-					   CertObj_t * coptr);
-
-extern NSAPI_PUBLIC int nsadbEncodeCertKey(SECItem * issuer, SECItem * subject,
-					   int * keylen, char **keyptr);
-
-extern NSAPI_PUBLIC int nsadbEnumerateCerts(NSErr_t * errp, void * authdb,
-					    void * argp,
-					    CertEnumCallback func);
-
-extern NSAPI_PUBLIC void nsadbFreeCertObj(CertObj_t * coptr);
-
-extern NSAPI_PUBLIC int nsadbGetCertById(NSErr_t * errp, void * authdb,
-					 USI_t certid, CertObj_t **coptr);
-
-extern NSAPI_PUBLIC int nsadbGetUserByCert(NSErr_t * errp, void * authdb,
-					   CERTCertificate * cert,
-					   char **username);
-
-extern NSAPI_PUBLIC int nsadbOpenCerts(NSErr_t * errp,
-				       void * authdb, int flags);
-
-extern NSAPI_PUBLIC int nsadbPutUserByCert(NSErr_t * errp, void * authdb,
-					   CERTCertificate * cert,
-					   const char * username);
-
-extern NSAPI_PUBLIC int nsadbRemoveCert(NSErr_t * errp, void * authdb,
-					void * username, CertObj_t * coptr);
-
-extern NSAPI_PUBLIC int nsadbRemoveUserCert(NSErr_t * errp, void * authdb,
-					    char * username);
-
-extern NSAPI_PUBLIC void nsadbCloseCerts(void * authdb, int flags);
-
-extern NSAPI_PUBLIC void nsadbCloseCertUsers(void * authdb, int flags);
-
-extern NSAPI_PUBLIC int nsadbFindCertUser(NSErr_t * errp, void * authdb,
-					  const char * username, USI_t * id);
-
-
-NSPR_END_EXTERN_C
-
-#endif /* CLIENT_AUTH */
-
-
-#endif /* __nscert_h */

include/libaccess/nsdb.h

@@ -1,182 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __nsdb_h
-#define __nsdb_h
-
-/*
- * Description (nsdb.h)
- *
- *	This file describes the interface for retrieving information
- *	from a Netscape (server) database.  A database is composed of
- *	two (libdbm) DB files.  One of these (<dbname>.db) contains
- *	records indexed by a string key.  These records contain the
- *	primary information in the database.  A second DB file
- *	(<dbname>.id) is used to map an integer id value to a string
- *	key, which can then be used to locate a record in the first file.
- *	The interface for managing information in a database is described
- *	in nsdbmgmt.h.
- */
-
-/* Begin private definitions */
-#ifdef __PRIVATE_NSDB
-
-#include "mcom_db.h"
-
-/*
- * Description (NSDB_t)
- *
- *	This type describes the structure that used to represent a
- *	Netscape server database.  It includes fields to reference
- *	both the primary and id-to-name DB files, and information
- *	about the current state of the database.
- */
-
-typedef struct NSDB_s NSDB_t;
-struct NSDB_s {
-    char * ndb_pname;			/* primary DB file name pointer */
-    DB * ndb_pdb;			/* primary DB file handle */
-    char * ndb_iname;			/* id-to-name DB file name pointer */
-    DB * ndb_idb;			/* id-to-name DB file handle */
-    int ndb_flags;			/* bit flags */
-#define NDBF_RDNAME	0x1		/* primary DB open for read */
-#define NDBF_WRNAME	0x2		/* primary DB open for write */
-#define NDBF_NONAME	0x4		/* primary DB does not exist */
-#define NDBF_RDID	0x10		/* id-to-name DB open for read */
-#define NDBF_WRID	0x20		/* id-to-name DB open for write */
-#define NDBF_NOID	0x40		/* id-to-name DB does not exist */
-
-    int ndb_dbtype;			/* database type */
-    int ndb_version;			/* type-specific version number */
-};
-
-/* Define metadata record keys (must start with NDB_MDPREFIX) */
-#define NDB_DBTYPE	"?dbtype"	/* database type and version info */
-#define NDB_IDMAP	"?idmap"	/* id allocation bitmap */
-
-#endif /* __PRIVATE_NSDB */
-
-/* Begin public definitions */
-
-#include "nserror.h"		/* error frame list support */
-#include "nsdberr.h"		/* error codes for NSDB facility */
-
-/* Define the NSDB version number */
-#define NDB_VERSION		0x10	/* NSDB version 1.0 */
-
-/* Define reserved database type codes for ndb_dbtype */
-#define NDB_TYPE_USERDB		1	/* user database */
-#define NDB_TYPE_GROUPDB	2	/* group database */
-#define NDB_TYPE_CLIENTDB	3	/* client database */
-#define NDB_TYPE_ACLDB		4	/* access control list database */
-
-/*
- * Define the metadata record key prefix character.  Normal data record
- * keys (names) cannot begin with this character.
- */
-#define NDB_MDPREFIX	'?'
-
-/* Define flags for ndbEnumerate() */
-#define NDBF_ENUMNORM	0x1		/* enumerate normal data records */
-#define NDBF_ENUMMETA	0x2		/* enumerate metadata records */
-
-/* Define return values for a user function called by ndbEnumerate */
-#define NDB_ENUMSTOP	-1		/* terminate enumeration */
-#define NDB_ENUMCONT	0		/* continue enumeration */
-#define NDB_ENUMRESET	1		/* restart enumeration at beginning */
-
-NSPR_BEGIN_EXTERN_C
-
-/* Functions for database information retrieval in nsdb.c */
-extern void ndbClose(void * ndb, int flags);
-
-/* for ANSI C++ standard on SCO UDK, otherwise fn name is mangled */
-#ifdef UnixWare
-typedef int (*ArgFn_ndbEnum)(NSErr_t * ferrp, void * parg, int namelen,
-                           char * name, int reclen, char * recptr);
-extern int ndbEnumerate(NSErr_t * errp, void * ndb, int flags, void * argp,
-                        ArgFn_ndbEnum);
-#else /* UnixWare */
-extern int ndbEnumerate(NSErr_t * errp, void * ndb, int flags, void * argp,
-			int (*func)(NSErr_t * ferrp, void * parg,
-				    int namelen, char * name,
-				    int reclen, char * recptr));
-#endif /* UnixWare */
-extern int ndbFindName(NSErr_t * errp, void * ndb, int namelen, char * name,
-		       int * reclen, char **recptr);
-extern int ndbIdToName(NSErr_t * errp,
-		       void * ndb, unsigned int id, int * plen, char **pname);
-extern int ndbInitPrimary(NSErr_t * errp, void * ndb);
-extern void * ndbOpen(NSErr_t * errp,
-		      char * dbname, int flags, int dbtype, int * version);
-extern int ndbReOpen(NSErr_t * errp, void * ndb, int flags);
-
-NSPR_END_EXTERN_C
-
-/* richm - 20020218 - these macros were added as part of the port to DBM 1.6
- * apparently, these were exported for outside use from mcom_db.h in
- * DBM 1.5x and earlier, but were made private in 1.6 - so I copied them
- * here
- */
-/*
- * Little endian <==> big endian 32-bit swap macros.
- *	M_32_SWAP	swap a memory location
- *	P_32_SWAP	swap a referenced memory location
- *	P_32_COPY	swap from one location to another
- */
-#ifndef M_32_SWAP
-#define	M_32_SWAP(a) {							\
-	uint32 _tmp = a;						\
-	((char *)&a)[0] = ((char *)&_tmp)[3];				\
-	((char *)&a)[1] = ((char *)&_tmp)[2];				\
-	((char *)&a)[2] = ((char *)&_tmp)[1];				\
-	((char *)&a)[3] = ((char *)&_tmp)[0];				\
-}
-#endif
-#ifndef P_32_SWAP
-#define	P_32_SWAP(a) {							\
-	uint32 _tmp = *(uint32 *)a;				\
-	((char *)a)[0] = ((char *)&_tmp)[3];				\
-	((char *)a)[1] = ((char *)&_tmp)[2];				\
-	((char *)a)[2] = ((char *)&_tmp)[1];				\
-	((char *)a)[3] = ((char *)&_tmp)[0];				\
-}
-#endif
-#ifndef P_32_COPY
-#define	P_32_COPY(a, b) {						\
-	((char *)&(b))[0] = ((char *)&(a))[3];				\
-	((char *)&(b))[1] = ((char *)&(a))[2];				\
-	((char *)&(b))[2] = ((char *)&(a))[1];				\
-	((char *)&(b))[3] = ((char *)&(a))[0];				\
-}
-#endif
-/*
- * Little endian <==> big endian 16-bit swap macros.
- *	M_16_SWAP	swap a memory location
- *	P_16_SWAP	swap a referenced memory location
- *	P_16_COPY	swap from one location to another
- */
-#ifndef M_16_SWAP
-#define	M_16_SWAP(a) {							\
-	uint16 _tmp = a;						\
-	((char *)&a)[0] = ((char *)&_tmp)[1];				\
-	((char *)&a)[1] = ((char *)&_tmp)[0];				\
-}
-#endif
-#ifndef P_16_SWAP
-#define	P_16_SWAP(a) {							\
-	uint16 _tmp = *(uint16 *)a;				\
-	((char *)a)[0] = ((char *)&_tmp)[1];				\
-	((char *)a)[1] = ((char *)&_tmp)[0];				\
-}
-#endif
-#ifndef P_16_COPY
-#define	P_16_COPY(a, b) {						\
-	((char *)&(b))[0] = ((char *)&(a))[1];				\
-	((char *)&(b))[1] = ((char *)&(a))[0];				\
-}
-#endif
-
-#endif /* __nsdb_h */

include/libaccess/nsdberr.h

@@ -1,92 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __nsdberr_h
-#define __nsdberr_h
-
-/* NSDB facility name (defined in nsdb,c) */
-extern char * NSDB_Program;
-
-/* Define error identifiers for NSDB facility */
-
-/* Errors generated in nsdb.c */
-
-/* ndbFindName() */
-#define NSDBERR1000	1000	/* primary DB get operation failed */
-
-/* ndbIdToName() */
-#define NSDBERR1100	1100	/* id-to-name DB get operation failed */
-
-/* ndbInitPrimary() */
-#define NSDBERR1200	1200	/* primary database already exists */
-#define NSDBERR1220	1220	/* primary database open failed */
-#define NSDBERR1240	1240	/* primary DB put operation failed */
-#define NSDBERR1260	1260	/* primary DB put operation failed */
-
-/* ndbOpen() */
-#define NSDBERR1400	1400	/* insufficient dynamic memory */
-#define NSDBERR1420	1420	/* insufficient dynamic memory */
-#define NSDBERR1440	1440	/* insufficient dynamic memory */
-#define NSDBERR1460	1460	/* primary DB get metadata operation failed */
-#define NSDBERR1480	1480	/* metadata format error */
-#define NSDBERR1500	1500	/* unsupported database version number */
-#define NSDBERR1520	1520	/* wrong database type */
-
-/* ndbReOpen() */
-#define NSDBERR1600	1600	/* create primary DB failed */
-#define NSDBERR1620	1620	/* open primary/write failed */
-#define NSDBERR1640	1640	/* open primary/read failed */
-#define NSDBERR1660	1660	/* create id-to-name DB failed */
-#define NSDBERR1680	1680	/* open id-to-name DB for write failed */
-#define NSDBERR1700	1700	/* open id-to-name DB for read failed */
-
-/* Define error ids generated in nsdbmgmt.c */
-
-/* ndbAllocId() */
-#define NSDBERR2000	2000	/* bad DB name key */
-#define NSDBERR2020	2020	/* metadata get operation failed */
-#define NSDBERR2040	2040	/* no space to grow DB id bitmap */
-#define NSDBERR2060	2060	/* no space to copy DB id bitmap */
-#define NSDBERR2080	2080	/* put bitmap to DB operation failed */
-#define NSDBERR2100	2100	/* put id-to-name operation failed */
-
-/* ndbDeleteName() */
-#define NSDBERR2200	2200	/* error deleting record */
-
-/* ndbFreeId() */
-#define NSDBERR2300	2300	/* invalid id value */
-#define NSDBERR2320	2320	/* error deleting id-to-name record */
-#define NSDBERR2340	2340	/* error reading id bitmap from primary DB */
-#define NSDBERR2360	2360	/* invalid id value */
-#define NSDBERR2380	2380	/* insufficient dynamic memory */
-#define NSDBERR2400	2400	/* error writing id bitmap back to DB */
-
-/* ndbRenameId() */
-#define NSDBERR2500	2500	/* invalid new key name string */
-#define NSDBERR2520	2520	/* get id record operation failed */
-#define NSDBERR2540	2540	/* put id record operation failed */
-
-/* ndbStoreName() */
-#define NSDBERR2700	2700	/* database put operation failed */
-
-/* Define error return codes */
-#define NDBERRNOMEM	-1		/* insufficient dynamic memory */
-#define NDBERRNAME	-2		/* invalid key name string */
-#define NDBERROPEN	-3		/* database open error */
-#define NDBERRMDGET	-4		/* database metadata get failed */
-#define NDBERRMDPUT	-5		/* database metadata put failed */
-#define NDBERRIDPUT	-6		/* id-to-name record put failed */
-#define NDBERRNMDEL	-7		/* delete named record failed */
-#define NDBERRPINIT	-8		/* error creating primary DB file */
-#define NDBERRGET	-9		/* database get failed */
-#define NDBERREXIST	-10		/* DB already exists */
-#define NDBERRMDFMT	-11		/* invalid metadata format */
-#define NDBERRDBTYPE	-12		/* wrong DB type */
-#define NDBERRBADID	-13		/* invalid id value for name */
-#define NDBERRPUT	-14		/* database put operation failed */
-#define NDBERRVERS	-15		/* unsupported database version */
-#define NDBERRIDDEL	-16		/* delete id-to-name record failed */
-
-#endif /* __nsdberr_h */

include/libaccess/nsdbmgmt.h

@@ -1,52 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __nsdbmgmt_h
-#define __nsdbmgmt_h
-
-/*
- * Description (nsdbmgmt.h)
- *
- *	The file describes the interface for managing information in
- *	a Netscape (server) database.  A database is composed of
- *	two (libdbm) DB files.  One of these (<dbname>.db) contains
- *	records indexed by a string key.  These records contain the
- *	primary information in the database.  A second DB file
- *	(<dbname>.id) is used to map an integer id value to a string
- *	key, which can then be used to locate a record in the first file.
- *	The interface for retrieving information from a database is
- *	described in nsdb.h.
- *
- * FUTURE:
- *	Normally the records in the primary DB file will contain the
- *	id values which are used to key the id-to-name DB.  When this
- *	is the case, it is possible to construct the id-to-name DB from
- *	the primary DB file, and an interface is provided to facilitate
- *	this.
- */
-
-#include "nsdb.h"			/* database access */
-
-/* Define flags for ndbStoreName() */
-#define NDBF_NEWNAME	0x1		/* this is (should be) a new name */
-
-NSPR_BEGIN_EXTERN_C
-
-/* Functions for database management in nsdbmgmt.c */
-extern int ndbAllocId(NSErr_t * errp, void * ndb,
-		      int namelen, char * name, unsigned int * id);
-extern int ndbDeleteName(NSErr_t * errp,
-			 void * ndb, int flags, int namelen, char * name);
-extern int ndbFreeId(NSErr_t * errp,
-		     void * ndb, int namelen, char * name, unsigned int id);
-extern int ndbRenameId(NSErr_t * errp, void * ndb,
-		       int namelen, char * newname, unsigned int id);
-extern int ndbStoreName(NSErr_t * errp, void * ndb, int flags,
-			int namelen, char * name, int reclen, char * recptr);
-extern int ndbSync(NSErr_t * errp, void * ndb, int flags);
-
-NSPR_END_EXTERN_C
-
-#endif /* __nsdbmgmt_h */

include/libaccess/nsgmgmt.h

@@ -1,35 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __nsgmgmt_h
-#define __nsgmgmt_h
-
-/*
- * Description (nsgmgmt.h)
- *
- *	This file defines the interface to group management facilities
- *	implemented using a Netscape group database.  This interface
- *	provides functions for adding, modifying, and removing group
- *	entries in the database, using the group object (GroupObj_t)
- *	structure to convey information across the interface.
- */
-
-#define __PRIVATE_NSGROUP
-#include "nsgroup.h"		/* group object access */
-
-NSPR_BEGIN_EXTERN_C
-
-/* Group information management operations in nsgmgmt.c */
-extern NSAPI_PUBLIC int groupAddMember(GroupObj_t * goptr, int isgid, USI_t id);
-extern NSAPI_PUBLIC GroupObj_t * groupCreate(NTS_t name, NTS_t desc);
-extern NSAPI_PUBLIC int groupDeleteMember(GroupObj_t * goptr, int isgid, USI_t id);
-extern NSAPI_PUBLIC int groupEncode(GroupObj_t * goptr, int * ureclen, ATR_t * urecptr);
-extern NSAPI_PUBLIC int groupRemove(NSErr_t * errp, void * groupdb, int flags, NTS_t name);
-extern NSAPI_PUBLIC int groupStore(NSErr_t * errp,
-		      void * groupdb, int flags, GroupObj_t * goptr);
-
-NSPR_END_EXTERN_C
-
-#endif /* __nsgmgmt_h */

include/libaccess/nsgroup.h

@@ -1,73 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __nsgroup_h
-#define __nsgroup_h
-
-/*
- * Description (nsgroup.h)
- *
- *	This file describes the interface to group information stored in
- *	a Netscape group database.  Information about a group is provided
- *	to the caller in the form of a group object (GroupObj_t), defined
- *	in nsauth.h.  This interface provides only read access to group
- *	information.  The interface for managing the group database is
- *	described in nsgmgmt.h.
- */
-
-#include "nserror.h"		/* error frame list support */
-#include "nsautherr.h"		/* authentication error codes */
-#include "nsauth.h"		/* authentication types */
-
-/* Begin private definitions */
-#ifdef __PRIVATE_NSGROUP
-
-#include "nsdb.h"
-
-/*
- * Define structure used to communicate between groupEnumerate() and
- * groupEnumHelp().
- */
-
-typedef struct GroupEnumArgs_s GroupEnumArgs_t;
-struct GroupEnumArgs_s {
-    void * groupdb;			/* group database handle */
-    int flags;				/* groupEnumerate() flags */
-    int (*func)(NSErr_t * ferrp, void * parg,
-		GroupObj_t * goptr);	/* user function pointer */
-    void * user;			/* user's argp pointer */
-};
-
-/* Define attribute tags for group DB records */
-#define GAT_GID		0x50		/* group id (USI) */
-#define GAT_FLAGS	0x51		/* flags (USI) */
-#define GAT_DESCRIPT	0x52		/* group description (NTS) */
-#define GAT_USERS	0x53		/* list of users (USI...) */
-#define GAT_GROUPS	0x54		/* list of groups (USI...) */
-#define GAT_PGROUPS	0x55		/* list of paret groups (USI...) */
-
-#endif /* __PRIVATE_NSGROUP */
-
-/* Begin public definitions */
-
-/* Define flags for groupEnumerate() */
-#define GOF_ENUMKEEP	0x1		/* don't free group objects */
-
-NSPR_BEGIN_EXTERN_C
-
-    /* Operations on a group object (see nsgroup.c) */
-extern NSAPI_PUBLIC GroupObj_t * groupDecode(NTS_t name, int ureclen, ATR_t urecptr);
-extern NSAPI_PUBLIC int groupEnumerate(NSErr_t * errp,
-			  void * groupdb, int flags, void * argp,
-			  int (*func)(NSErr_t * ferrp,
-				     void * parg, GroupObj_t * goptr));
-extern NSAPI_PUBLIC GroupObj_t * groupFindByName(NSErr_t * errp,
-				    void * groupdb, NTS_t name);
-extern NSAPI_PUBLIC GroupObj_t * groupFindByGid(NSErr_t * errp, void * groupdb, USI_t gid);
-extern NSAPI_PUBLIC void groupFree(GroupObj_t * goptr);
-
-NSPR_END_EXTERN_C
-
-#endif /* __nsgroup_h */

include/libaccess/nslock.h

@@ -1,74 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __nslock_h
-#define __nslock_h
-
-/*
- * Description (nslock.h)
- *
- *	This file defines to interface for a locking facility that
- *	provides exclusive access to a resource across multiple
- *	server processes.
- */
-
-#include "nserror.h"
-#include "base/crit.h"
-
-#ifdef __PRIVATE_NSLOCK
-
-/*
- * Description (NSLock_t)
- *
- *	This type represents a lock.  It includes a name which
- *	uniquely identifies the lock, and a handle for referencing
- *	the lock once it has been initialized.
- */
-
-typedef struct NSLock_s NSLock_t;
-struct NSLock_s {
-    NSLock_t * nl_next;			/* next lock on NSLock_List */
-    char * nl_name;			/* name associate with lock */
-#if defined(FILE_UNIX)
-    CRITICAL nl_crit;			/* critical section for threads */
-    SYS_FILE nl_fd;			/* file descriptor */
-    int nl_cnt;				/* nsLockAcquire() count */
-#elif defined(XP_WIN32)
-#else
-#error "nslock.h needs work for this platform"
-#endif
-};
-
-#endif /* __PRIVATE_NSLOCK */
-
-/* Define error identifiers */
-
-/* nsLockOpen() */
-#define NSLERR1000	1000		/* insufficient dynamic memory */
-#define NSLERR1020	1020		/* error creating lock */
-#define NSLERR1040	1040		/* error accessing lock */
-
-/* nsLockAcquire() */
-#define NSLERR1100	1100		/* error acquiring lock */
-
-/* Define error return codes */
-
-#define NSLERRNOMEM	-1		/* insufficient dynamic memory */
-#define NSLERRCREATE	-2		/* error creating lock */
-#define NSLERROPEN	-3		/* error accessing lock */
-#define NSLERRLOCK	-4		/* error acquiring lock */
-
-NSPR_BEGIN_EXTERN_C
-
-/* Functions in nslock.c */
-extern NSAPI_PUBLIC int nsLockOpen(NSErr_t * errp,
-				   char * lockname, void **plock);
-extern NSAPI_PUBLIC int nsLockAcquire(NSErr_t * errp, void * lock);
-extern NSAPI_PUBLIC void nsLockRelease(void * lock);
-extern NSAPI_PUBLIC void nsLockClose(void * lock);
-
-NSPR_END_EXTERN_C
-
-#endif __nslock_h

include/libaccess/nsumgmt.h

@@ -1,36 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __nsumgmt_h
-#define __nsumgmt_h
-
-/*
- * Description (nsumgmt.h)
- *
- *	This file defines the interface to user management facilities
- *	implemented using a Netscape user database.  This interface
- *	provides functions for adding, modifying, and removing user
- *	entries in the database, using the user object (UserObj_t)
- *	structure to convey information across the interface.
- */
-
-#include "nsuser.h"		/* user object access */
-
-NSPR_BEGIN_EXTERN_C
-
-/* User information management operations in nsumgmt.c */
-extern int userAddGroup(UserObj_t * uoptr, USI_t gid);
-extern NSAPI_PUBLIC UserObj_t * userCreate(NTS_t name, NTS_t pwd, NTS_t rname);
-extern int userDeleteGroup(UserObj_t * uoptr, USI_t gid);
-extern int userEncode(UserObj_t * uoptr, int * ureclen, ATR_t * urecptr);
-extern NSAPI_PUBLIC int userRemove(NSErr_t * errp, void * userdb, int flags, NTS_t name);
-extern NSAPI_PUBLIC int userRename(NSErr_t * errp,
-		      void * userdb, UserObj_t * uoptr, NTS_t newname);
-extern NSAPI_PUBLIC int userStore(NSErr_t * errp,
-		     void * userdb, int flags, UserObj_t * uoptr);
-
-NSPR_END_EXTERN_C
-
-#endif /* __nsumgmt_h */

include/libaccess/nsuser.h

@@ -1,70 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef __nsuser_h
-#define __nsuser_h
-
-/*
- * Description (nsuser.h)
- *
- *	This file describes the interface to user information stored in
- *	a Netscape user database.  Information about a user is provided
- *	to the caller in the form of a user object (UserObj_t), defined
- *	in nsauth.h.  This interface provides only read access to user
- *	information.  The interface for managing the user database is
- *	described in nsumgmt.h.
- */
-
-#include "nserror.h"		/* error frame list support */
-#include "nsautherr.h"		/* authentication error codes */
-#include "nsauth.h"		/* authentication types */
-
-/* Begin private definitions */
-#ifdef __PRIVATE_NSUSER
-
-#include "nsdb.h"
-
-/*
- * Define structure used to communicate between userEnumerate() and
- * userEnumHelp().
- */
-
-typedef struct UserEnumArgs_s UserEnumArgs_t;
-struct UserEnumArgs_s {
-    void * userdb;			/* user database handle */
-    int flags;				/* userEnumerate() flags */
-    int (*func)(NSErr_t * ferrp, void * parg,
-		UserObj_t * uoptr);	/* user function pointer */
-    void * user;			/* user's argp pointer */
-};
-
-/* Define attribute tags for user DB records */
-#define UAT_PASSWORD	0x40		/* password (NTS) */
-#define UAT_UID		0x41		/* user id (USI) */
-#define UAT_ACCFLAGS	0x42		/* account flags (USI) */
-#define UAT_REALNAME	0x43		/* real name (NTS) */
-#define UAT_GROUPS	0x44		/* list of groups (USI...) */
-
-#endif /* __PRIVATE_NSUSER */
-
-/* Begin public definitions */
-
-/* Define flags for userEnumerate() */
-#define UOF_ENUMKEEP	0x1		/* don't free user objects */
-
-NSPR_BEGIN_EXTERN_C
-
-/* User information retrieval operations in nsuser.c */
-extern UserObj_t * userDecode(NTS_t name, int ureclen, ATR_t urecptr);
-extern int userEnumerate(NSErr_t * errp, void * userdb, int flags, void * argp,
-			 int (*func)(NSErr_t * ferrp,
-				     void * parg, UserObj_t * uoptr));
-extern UserObj_t * userFindByName(NSErr_t * errp, void * userdb, NTS_t name);
-extern UserObj_t * userFindByUid(NSErr_t * errp, void * userdb, USI_t uid);
-NSAPI_PUBLIC extern void userFree(UserObj_t * uoptr);
-
-NSPR_END_EXTERN_C
-
-#endif /* __nsuser_h */

include/libaccess/register.h

@@ -1,215 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-#ifndef ACL_REGISTER_HEADER
-#define ACL_REGISTER_HEADER
-
-#include <prhash.h>
-
-#include <ldap.h>
-#include <base/pblock.h>
-#include <base/plist.h>
-#include <libaccess/nserror.h>
-#include <libaccess/acl.h>
-
-typedef	void * ACLMethod_t;
-#define	ACL_METHOD_ANY		(ACLMethod_t)-1
-#define	ACL_METHOD_INVALID	(ACLMethod_t)-2
-extern ACLMethod_t ACL_METHOD_BASIC;
-
-typedef	void * ACLDbType_t;
-#define	ACL_DBTYPE_ANY		(ACLDbType_t)-1
-#define	ACL_DBTYPE_INVALID	(ACLDbType_t)-2
-extern ACLDbType_t ACL_ACL_DBTYPE_LDAP;
-
-typedef int (*AttrGetterFn)(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth, void *arg);
-typedef int (*AclModuleInitFunc)(pblock *pb, Session *sn, Request *rq);
-typedef int (*DbParseFn_t)(NSErr_t *errp, ACLDbType_t dbtype,
-			   const char *name, const char *url,
-			   PList_t plist, void **db);
-typedef int (*AclCacheFlushFunc_t)(void);
-
-#ifdef __cplusplus
-typedef int (*LASEvalFunc_t)(NSErr_t*, char*, CmpOp_t, char*, int*, void**, PList_t, PList_t, PList_t, PList_t);
-typedef void (*LASFlushFunc_t)(void **);
-#else
-typedef int (*LASEvalFunc_t)();
-typedef void (*LASFlushFunc_t)();
-#endif
-
-/* We need to hide ACLGetter_t */
-typedef struct ACLGetter_s {
-	ACLMethod_t	method;
-	ACLDbType_t	db;
-	AttrGetterFn	fn;
-	void 		*arg;
-} ACLGetter_t;
-typedef ACLGetter_t *ACLGetter_p;
-
-/*
- *	Command values for the "position" argument to ACL_RegisterGetter
- *	Any positive >0 value is the specific position in the list to insert
- *	the new function.
- */
-#define	ACL_AT_FRONT		0
-#define	ACL_AT_END		-1
-#define	ACL_REPLACE_ALL 	-2
-#define	ACL_REPLACE_MATCHING	-3
-
-#ifdef	ACL_LIB_INTERNAL
-#define	ACL_MAX_METHOD		32
-#define	ACL_MAX_DBTYPE		32
-#endif
-
-NSPR_BEGIN_EXTERN_C
-
-NSAPI_PUBLIC extern int
-	ACL_LasRegister( NSErr_t *errp, char *attr_name, LASEvalFunc_t
-	eval_func, LASFlushFunc_t flush_func );
-NSAPI_PUBLIC extern int
-	ACL_LasFindEval( NSErr_t *errp, char *attr_name, LASEvalFunc_t
-	*eval_funcp );
-NSAPI_PUBLIC extern int
-	ACL_LasFindFlush( NSErr_t *errp, char *attr_name, LASFlushFunc_t
-	*flush_funcp );
-extern void
-	ACL_LasHashInit( void );
-extern void
-	ACL_LasHashDestroy( void );
-
-/*
- *	Revised, normalized method/dbtype registration routines
- */
-NSAPI_PUBLIC extern int
-	ACL_MethodRegister(const char *name, ACLMethod_t *t);
-NSAPI_PUBLIC extern int
-	ACL_MethodIsEqual(const ACLMethod_t t1, const ACLMethod_t t2);
-NSAPI_PUBLIC extern int
-	ACL_MethodNameIsEqual(const ACLMethod_t t, const char *name);
-NSAPI_PUBLIC extern int
-	ACL_MethodFind(const char *name, ACLMethod_t *t);
-NSAPI_PUBLIC extern ACLMethod_t
-	ACL_MethodGetDefault();
-NSAPI_PUBLIC extern void
-	ACL_MethodSetDefault(const ACLMethod_t t);
-NSAPI_PUBLIC extern int
-	ACL_AuthInfoGetMethod(PList_t auth_info, ACLMethod_t *t);
-
-NSAPI_PUBLIC extern int
-	ACL_DbTypeRegister(const char *name, DbParseFn_t func, ACLDbType_t *t);
-NSAPI_PUBLIC extern int
-	ACL_DbTypeIsEqual(const ACLDbType_t t1, const ACLDbType_t t2);
-NSAPI_PUBLIC extern int
-	ACL_DbTypeNameIsEqual(const ACLDbType_t t, const char *name);
-NSAPI_PUBLIC extern int
-	ACL_DbTypeFind(const char *name, ACLDbType_t *t);
-NSAPI_PUBLIC extern const ACLDbType_t
-	ACL_DbTypeGetDefault();
-NSAPI_PUBLIC extern void
-	ACL_DbTypeSetDefault(ACLDbType_t t);
-NSAPI_PUBLIC extern int
-	ACL_AuthInfoGetDbType(PList_t auth_info, ACLDbType_t *t);
-NSAPI_PUBLIC extern int
-	ACL_DbTypeIsRegistered(const ACLDbType_t dbtype);
-NSAPI_PUBLIC extern DbParseFn_t
-	ACL_DbTypeParseFn(const ACLDbType_t dbtype);
-
-NSAPI_PUBLIC extern int
-	ACL_AttrGetterRegister(const char *attr, AttrGetterFn fn, ACLMethod_t m,
-	ACLDbType_t d, int position, void *arg);
-typedef ACLGetter_t *AttrGetterList; /* TEMPORARY */
-NSAPI_PUBLIC extern int
-	ACL_AttrGetterFind(PList_t auth_info, const char *attr,
-	AttrGetterList *getters);
-
-NSPR_END_EXTERN_C
-
-
-/* LAS return codes - Must all be negative numbers */
-#define	LAS_EVAL_TRUE		-1
-#define	LAS_EVAL_FALSE		-2
-#define	LAS_EVAL_DECLINE	-3
-#define	LAS_EVAL_FAIL		-4
-#define	LAS_EVAL_INVALID	-5
-#define	LAS_EVAL_NEED_MORE_INFO	-6
-
-#define ACL_ATTR_GROUP	    "group"
-#define ACL_ATTR_RAW_USER_LOGIN "user-login"
-#define ACL_ATTR_AUTH_USER	    "auth-user"
-#define ACL_ATTR_AUTH_TYPE	    "auth-type"
-#define ACL_ATTR_AUTH_DB	    "auth-db"
-#define ACL_ATTR_AUTH_PASSWORD  "auth-password"
-#define ACL_ATTR_USER	    "user"
-#define ACL_ATTR_PASSWORD	    "pw"
-#define ACL_ATTR_USERDN	    "userdn"
-#define ACL_ATTR_RAW_USER	    "raw-user"
-#define ACL_ATTR_RAW_PASSWORD   "raw-pw"
-#define ACL_ATTR_USER_ISMEMBER  "user-ismember"
-#define ACL_ATTR_DATABASE	    "database"
-#define ACL_ATTR_DBTYPE	    "dbtype"
-#define ACL_ATTR_DBNAME	    "dbname"
-#define ACL_ATTR_DATABASE_URL   "url"
-#define ACL_ATTR_METHOD	    "method"
-#define ACL_ATTR_AUTHTYPE	    "authtype"
-#define ACL_ATTR_AUTHORIZATION  "authorization"
-#define ACL_ATTR_PARSEFN	    "parsefn"
-#define ACL_ATTR_ATTRIBUTE	    "attr"
-#define ACL_ATTR_GETTERFN	    "getterfunc"
-#define ACL_ATTR_IP		    "ip"
-#define ACL_ATTR_DNS	    "dns"
-#define ACL_ATTR_MODULE	    "module"
-#define ACL_ATTR_MODULEFUNC	    "func"
-#define ACL_ATTR_GROUPS	    "groups"
-#define ACL_ATTR_IS_VALID_PASSWORD "isvalid-password"
-#define ACL_ATTR_CERT2USER	    "cert2user"
-#define ACL_ATTR_USER_CERT	    "cert"
-#define ACL_ATTR_PROMPT	    "prompt"
-#define ACL_ATTR_TIME	    "time"
-#define ACL_ATTR_USERS_GROUP    "users-group"
-
-#define ACL_DBTYPE_LDAP	    "ldap"
-
-#define METHOD_DEFAULT	    "default"
-
-typedef PRHashTable AttrGetterTable_t;
-
-typedef struct {
-    char *method;
-    char *authtype;
-    char *dbtype;
-    AttrGetterTable_t *attrGetters;
-} MethodInfo_t;
-
-NSPR_BEGIN_EXTERN_C
-
-NSAPI_PUBLIC int ACL_FindMethod (NSErr_t *errp, const char *method, MethodInfo_t **method_info_handle);
-NSAPI_PUBLIC int ACL_RegisterModule (NSErr_t *errp, const char *moduleName, AclModuleInitFunc func);
-NSAPI_PUBLIC int ACL_RegisterMethod (NSErr_t *errp, const char *method, const char *authtype, const char *dbtype, MethodInfo_t **method_info_handle);
-NSAPI_PUBLIC int ACL_RegisterAttrGetter (NSErr_t *errp, MethodInfo_t *method_info_handle, const char *attr, AttrGetterFn func);
-NSAPI_PUBLIC int ACL_UseAttrGettersFromMethod (NSErr_t *errp, const char *method, const char *usefrom);
-NSAPI_PUBLIC int ACL_GetAttribute(NSErr_t *errp, const char *attr, void **val, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
-NSAPI_PUBLIC int ACL_FindAttrGetter (NSErr_t *errp, const char *method, const char *attr, AttrGetterFn *func);
-NSAPI_PUBLIC int ACL_CallAttrGetter (NSErr_t *errp, const char *method, const char *attr, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
-NSAPI_PUBLIC int ACL_RegisterDbType(NSErr_t *errp, const char *dbtype, DbParseFn_t func);
-NSAPI_PUBLIC int ACL_RegisterDbName(NSErr_t *errp, ACLDbType_t dbtype, const char *dbname, const char *url, PList_t plist);
-NSAPI_PUBLIC int ACL_RegisterDbFromACL(NSErr_t *errp, const char *url, ACLDbType_t *dbtype);
-NSAPI_PUBLIC int ACL_DatabaseFind(NSErr_t *errp, const char *dbname,
-				  ACLDbType_t *dbtype, void **db);
-NSAPI_PUBLIC int ACL_SetDefaultDatabase (NSErr_t *errp, const char *dbname);
-NSAPI_PUBLIC int ACL_SetDefaultMethod (NSErr_t *errp, const char *method);
-NSAPI_PUBLIC const char *ACL_DbnameGetDefault (NSErr_t *errp);
-NSAPI_PUBLIC int ACL_LDAPDatabaseHandle (NSErr_t *errp, const char *dbname, LDAP **ld);
-NSAPI_PUBLIC int ACL_AuthInfoGetDbname (NSErr_t *errp, PList_t auth_info, char **dbname);
-NSAPI_PUBLIC int ACL_CacheFlushRegister(AclCacheFlushFunc_t func);
-
-NSPR_END_EXTERN_C
-
-struct program_groups {
-	char **groups;
-	char **programs;
-};
-  
-#endif

include/libaccess/stubs.h

@@ -1,6 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-typedef	void	PropList_t;

include/public/Makefile

@@ -1,59 +0,0 @@
-#
-# BEGIN COPYRIGHT BLOCK
-# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
-# All rights reserved.
-# END COPYRIGHT BLOCK
-#
-# Makefile for netsite.h
-
-BUILD_ROOT = ../..
-MODULE=netsiteInclude
-
-include $(BUILD_ROOT)/nsdefs.mk
-
-HDRDEST=$(OBJDIR)/include
-
-PREFIX=../copyrght.h
-
-
-NOSTDSTRIP=true
-NOSTDDEPEND=true
-
-HDRS=netsite.h nsapi.h
-
-BINS=$(addprefix $(HDRDEST)/,$(HDRS))
-
-all: stuff
-
-strip:
-depend:
-
-include $(BUILD_ROOT)/nsconfig.mk
-
-ifeq ($(NSAPI_CAPABLE), true)
-
-stuff: $(HDRDEST) $(BINS) sub-hdrs
-
-$(HDRDEST):
-	mkdir -p $(HDRDEST)
-
-ifeq ($(PRODUCT), "Netscape Proxy Server")
-sub-hdrs:
-	cd base; $(MAKE) $(MAKEFLAGS)
-	cd frame; $(MAKE) $(MAKEFLAGS)
-	cd libproxy; $(MAKE) $(MAKEFLAGS)
-else
-sub-hdrs:
-	cd base; $(MAKE) $(MAKEFLAGS) 
-	cd frame; $(MAKE) $(MAKEFLAGS) 
-	cd nsacl; $(MAKE) $(MAKEFLAGS) 
-endif
-
-$(HDRDEST)/%.h: %.h
-	cat $(PREFIX) $< > $(HDRDEST)/$*.h
-
-else
-stuff:
-
-endif

include/public/base/Makefile

@@ -1,40 +0,0 @@
-#
-# BEGIN COPYRIGHT BLOCK
-# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
-# All rights reserved.
-# END COPYRIGHT BLOCK
-#
-# Makefile for netsite.h
-
-BUILD_ROOT = ../../..
-MODULE=netsiteIncludeBase
-
-include $(BUILD_ROOT)/nsdefs.mk
-
-HDRDEST=$(OBJDIR)/include/base
-
-PREFIX=../../copyrght.h
-
-
-NOSTDSTRIP=true
-NOSTDDEPEND=true
-
-#HDRS=$(wildcard *.h)
-HDRS=daemon.h cinfo.h crit.h ereport.h buffer.h net.h pblock.h sem.h session.h shexp.h shmem.h systhr.h util.h file.h pool.h regexp.h systems.h
-
-
-BINS=$(addprefix $(HDRDEST)/,$(HDRS))
-
-all: $(HDRDEST) $(BINS)
-
-$(HDRDEST):
-	mkdir -p $(HDRDEST)
-
-strip:
-depend:
-
-include $(BUILD_ROOT)/nsconfig.mk
-
-$(HDRDEST)/%.h: %.h
-	cat $(PREFIX) $< > $(HDRDEST)/$*.h

include/public/base/crit.h

@@ -1,21 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef PUBLIC_BASE_CRIT_H
-#define PUBLIC_BASE_CRIT_H
-
-/*
- * File:        crit.h
- *
- * Description:
- *
- *      Deprecated include file.
- */
-
-#ifndef PUBLIC_NSAPI_H
-#include "../nsapi.h"
-#endif /* !PUBLIC_NSAPI_H */
-
-#endif /* !PUBLIC_BASE_CRIT_H */

include/public/base/ereport.h

@@ -1,21 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef PUBLIC_BASE_EREPORT_H
-#define PUBLIC_BASE_EREPORT_H
-
-/*
- * File:        ereport.h
- *
- * Description:
- *
- *      Deprecated include file.
- */
-
-#ifndef PUBLIC_NSAPI_H
-#include "../nsapi.h"
-#endif /* !PUBLIC_NSAPI_H */
-
-#endif /* !PUBLIC_BASE_EREPORT_H */

include/public/base/file.h

@@ -1,21 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef PUBLIC_BASE_FILE_H
-#define PUBLIC_BASE_FILE_H
-
-/*
- * File:        file.h
- *
- * Description:
- *
- *      Deprecated include file.
- */
-
-#ifndef PUBLIC_NSAPI_H
-#include "../nsapi.h"
-#endif /* !PUBLIC_NSAPI_H */
-
-#endif /* !PUBLIC_BASE_FILE_H */

include/public/base/pool.h

@@ -1,22 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef PUBLIC_BASE_POOL_H
-#define PUBLIC_BASE_POOL_H
-
-/*
- * File:        pool.h
- *
- * Description:
- *
- *      Deprecated include file.
- */
-
-#ifndef PUBLIC_NSAPI_H
-#include "../nsapi.h"
-#endif /* !PUBLIC_NSAPI_H */
-
-#endif /* !PUBLIC_BASE_POOL_H */
-

include/public/base/shexp.h

@@ -1,22 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef PUBLIC_BASE_SHEXP_H
-#define PUBLIC_BASE_SHEXP_H
-
-/*
- * File:        shexp.h
- *
- * Description:
- *
- *      Deprecated include file.
- */
-
-#ifndef PUBLIC_NSAPI_H
-#include "../nsapi.h"
-#endif /* !PUBLIC_NSAPI_H */
-
-#endif /* !PUBLIC_BASE_SHEXP_H */
-

include/public/base/systhr.h

@@ -1,21 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef PUBLIC_BASE_SYSTHR_H
-#define PUBLIC_BASE_SYSTHR_H
-
-/*
- * File:        systhr.h
- *
- * Description:
- *
- *      Deprecated include file.
- */
-
-#ifndef PUBLIC_NSAPI_H
-#include "../nsapi.h"
-#endif /* !PUBLIC_NSAPI_H */
-
-#endif /* !PUBLIC_BASE_SYSTHR_H */

include/public/base/util.h

@@ -1,21 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#ifndef PUBLIC_BASE_UTIL_H
-#define PUBLIC_BASE_UTIL_H
-
-/*
- * File:        util.h
- *
- * Description:
- *
- *      Deprecated include file.
- */
-
-#ifndef PUBLIC_NSAPI_H
-#include "../nsapi.h"
-#endif /* !PUBLIC_NSAPI_H */
-
-#endif /* PUBLIC_BASE_UTIL_H */

include/public/nsacl/Makefile

@@ -1,38 +0,0 @@
-#
-# BEGIN COPYRIGHT BLOCK
-# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
-# All rights reserved.
-# END COPYRIGHT BLOCK
-#
-# Makefile for include/public/nsacl public header files
-
-BUILD_ROOT = ../../..
-MODULE=netsiteIncludeNsacl
-
-include $(BUILD_ROOT)/nsdefs.mk
-
-HDRDEST=$(OBJDIR)/include/nsacl
-
-PREFIX=copyrght.h
-
-
-NOSTDSTRIP=true
-NOSTDDEPEND=true
-
-HDRS=$(wildcard *.h)
-
-BINS=$(addprefix $(HDRDEST)/,$(HDRS))
-
-all: $(HDRDEST) $(BINS)
-
-$(HDRDEST):
-	mkdir -p $(HDRDEST)
-
-strip:
-depend:
-
-include $(BUILD_ROOT)/nsconfig.mk
-
-$(HDRDEST)/%.h: %.h
-	cat $(PREFIX) $< > $(HDRDEST)/$*.h

include/public/nsacl/copyrght.h

@@ -1,6 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-

lib/base/shmem.cpp

@@ -1,127 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-/*
- * shmem.h: Portable abstraction for memory shared among a server's workers
- * 
- * Rob McCool
- */
-
-
-#include "shmem.h"
-
-#if defined (SHMEM_UNIX_MMAP)
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <private/pprio.h>  /* for nspr20 binary release */
-
-NSPR_BEGIN_EXTERN_C
-#include <sys/mman.h>
-NSPR_END_EXTERN_C
-
-NSAPI_PUBLIC shmem_s *shmem_alloc(char *name, int size, int expose)
-{
-    shmem_s *ret = (shmem_s *) PERM_MALLOC(sizeof(shmem_s));
-    char *growme;
-
-    if( (ret->fd = PR_Open(name, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 0666)) == NULL) {
-        PERM_FREE(ret);
-        return NULL;
-    }
-    growme = (char *) PERM_MALLOC(size);
-    ZERO(growme, size);
-    if(PR_Write(ret->fd, (char *)growme, size) < 0) {
-        PR_Close(ret->fd);
-        PERM_FREE(growme);
-        PERM_FREE(ret);
-        return NULL;
-    }
-    PERM_FREE(growme);
-    PR_Seek(ret->fd, 0, PR_SEEK_SET);
-    if( (ret->data = (char *)mmap(NULL, size, PROT_READ | PROT_WRITE,
-                          SHMEM_MMAP_FLAGS, PR_FileDesc2NativeHandle(ret->fd), 0)) == (caddr_t) -1)
-    {
-        PR_Close(ret->fd);
-        PERM_FREE(ret);
-        return NULL;
-    }
-    if(!expose) {
-        ret->name = NULL;
-        unlink(name);
-    }
-    else
-        ret->name = STRDUP(name);
-    ret->size = size;
-    return ret;
-}
-
-
-NSAPI_PUBLIC void shmem_free(shmem_s *region)
-{
-    if(region->name) {
-        unlink(region->name);
-        PERM_FREE(region->name);
-    }
-    munmap((char *)region->data, region->size);  /* CLEARLY, C++ SUCKS */
-    PR_Close(region->fd);
-    PERM_FREE(region);
-}
-
-#elif defined (SHMEM_WIN32_MMAP)
-
-#define PAGE_SIZE	(1024*8)
-#define ALIGN(x)	( (x+PAGE_SIZE-1) & (~(PAGE_SIZE-1)) )
-NSAPI_PUBLIC shmem_s *shmem_alloc(char *name, int size, int expose)
-{
-    shmem_s *ret = (shmem_s *) PERM_MALLOC(sizeof(shmem_s));
-    HANDLE fHandle;
-
-    ret->fd = 0; /* not used on NT */
-  
-    size = ALIGN(size);
-    if( !(ret->fdmap = CreateFileMapping(
-                           (HANDLE)0xffffffff,
-                           NULL, 
-                           PAGE_READWRITE,
-                           0, 
-                           size, 
-                           name)) )
-    {
-        int err = GetLastError();
-        PERM_FREE(ret);
-        return NULL;
-    }
-    if( !(ret->data = (char *)MapViewOfFile (
-                               ret->fdmap, 
-                               FILE_MAP_ALL_ACCESS,
-                               0, 
-                               0, 
-                               0)) )
-    {
-        CloseHandle(ret->fdmap);
-        PERM_FREE(ret);
-        return NULL;
-    }
-    ret->size = size;
-    ret->name = NULL;
-
-    return ret;
-}
-
-
-NSAPI_PUBLIC void shmem_free(shmem_s *region)
-{
-    if(region->name) {
-        DeleteFile(region->name);
-        PERM_FREE(region->name);
-    }
-    UnmapViewOfFile(region->data);
-    CloseHandle(region->fdmap);
-    PERM_FREE(region);
-}
-
-#endif /* SHMEM_WIN32_MMAP */

lib/libaccess/aclbuild.cpp

@@ -1,1360 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (aclbuild.c)
- *
- *	This module provides functions for building Access Control List
- *	(ACL) structures in memory.
- *
- */
-
-#include <assert.h>
-#include "base/systems.h"
-#include "netsite.h"
-#include "libaccess/nsauth.h"
-#include "libaccess/nsuser.h"
-#include "libaccess/nsgroup.h"
-#include "libaccess/nsadb.h"
-#include "libaccess/aclerror.h"
-#include "libaccess/aclstruct.h"
-#include "libaccess/aclbuild.h"
-#include "libaccess/aclparse.h"
-#include "libaccess/acleval.h"
-#include "libaccess/usi.h"
-
-char * ACL_Program = "NSACL";		/* ACL facility name */
-
-/*
- * Description (accCreate)
- *
- *	This function creates a new access control context, which
- *	provides context information for a set of ACL definitions.
- *	The caller also provides a handle for a symbol table to be
- *	used to store definitions of ACL and rights names.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	stp			- symbol table handle (may be null)
- *	pacc			- pointer to returned context handle
- *
- * Returns:
- *
- *	If the context is created successfully, the return value is zero.
- *	Otherwise it is a negative error code (ACLERRxxxx - see aclerror.h),
- *	and an error frame will be generated if an error list is provided.
- */
-
-int accCreate(NSErr_t * errp, void * stp, ACContext_t **pacc)
-{
-    ACContext_t * acc;			/* pointer to new context */
-    int rv;				/* result value */
-    int eid;				/* error id */
-
-    *pacc = 0;
-
-    /* Do we need to create a symbol table? */
-    if (stp == 0) {
-
-	/* Yes, create a symbol table for ACL, rights, etc. names */
-	rv = symTableNew(&stp);
-	if (rv < 0) goto err_nomem1;
-    }
-
-    /* Allocate the context structure */
-    acc = (ACContext_t *)MALLOC(sizeof(ACContext_t));
-    if (acc == 0) goto err_nomem2;
-
-    /* Initialize it */
-    acc->acc_stp = stp;
-    acc->acc_acls = 0;
-    acc->acc_rights = 0;
-    acc->acc_refcnt = 0;
-
-    *pacc = acc;
-    return 0;
-
-  err_nomem1:
-    rv = ACLERRNOMEM;
-    eid = ACLERR3000;
-    goto err_ret;
-
-  err_nomem2:
-    rv = ACLERRNOMEM;
-    eid = ACLERR3020;
-
-  err_ret:
-    nserrGenerate(errp, rv, eid, ACL_Program, 0);
-    return rv;
-}
-
-/*
- * Description (accDestroy)
- *
- *	This function destroys a set of ACL data structures referenced
- *	by a specified ACContext_t structure, including the ACContext_t
- *	itself.
- *
- * Arguments:
- *
- *	acc			- pointer to ACContext_t structure
- *	flags			- bit flags (unused - must be zero)
- */
-
-void accDestroy(ACContext_t * acc, int flags)
-{
-    ACL_t * acl;
-
-    if (acc != 0) {
-
-	/*
-	 * First destroy all ACLs and any unnamed structures they reference.
-	 * Note that aclDestroy() modifies the acc_acls list.
-	 */
-	while ((acl = acc->acc_acls) != 0) {
-
-	    aclDelete(acl);
-	}
-
-	/* If there's a symbol table, destroy everything it references */
-	if (acc->acc_stp != 0) {
-	    symTableEnumerate(acc->acc_stp, 0, accDestroySym);
-
-	    /* Destroy the symbol table itself */
-	    symTableDestroy(acc->acc_stp, 0);
-	}
-
-	/* Free the ACContext_t structure */
-	FREE(acc);
-    }
-}
-
-/*
- * Description (accDestroySym)
- *
- *	This function is called to destroy the data structure associated
- *	with a specified Symbol_t symbol table entry.  It examines the
- *	type of the symbol and calls the appropriate destructor.
- *
- * Arguments:
- *
- *	sym			- pointer to symbol table entry
- *	argp			- unused - must be zero
- *
- * Returns:
- *
- *	The return value is SYMENUMREMOVE.
- */
-
-int accDestroySym(Symbol_t * sym, void * argp)
-{
-    switch (sym->sym_type) {
-      case ACLSYMACL:				/* ACL */
-	aclDestroy((ACL_t *)sym);
-	break;
-
-      case ACLSYMRIGHT:			/* access right */
-	{
-	    RightDef_t * rdp = (RightDef_t *)sym;
-
-	    if (rdp->rd_sym.sym_name != 0) {
-		FREE(rdp->rd_sym.sym_name);
-	    }
-	    FREE(rdp);
-	}
-	break;
-
-      case ACLSYMRDEF:			/* access rights list */
-	aclRightSpecDestroy((RightSpec_t *)sym);
-	break;
-
-      case ACLSYMREALM:			/* realm name */
-	aclRealmSpecDestroy((RealmSpec_t *)sym);
-	break;
-
-      case ACLSYMHOST:			/* host specifications */
-	aclHostSpecDestroy((HostSpec_t *)sym);
-	break;
-
-      case ACLSYMUSER:			/* user/group list */
-	aclUserSpecDestroy((UserSpec_t *)sym);
-	break;
-    }
-
-    return SYMENUMREMOVE;
-}
-
-/*
- * Description (accReadFile)
- *
- *	This function reads a specfied file containing ACL definitions
- *	and creates data structures in memory to represent the ACLs.
- *	The caller may provide a pointer to an existing ACContext_t
- *	structure which will serve as the root of the ACL structures,
- *	or else a new one will be created.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	aclfile			- pointer to the ACL filename string
- *	pacc			- value/result ACContext_t
- *
- * Returns:
- *
- *	If the ACL file is read successfully, the return value is zero.
- *	Otherwise it is a negative error code (ACLERRxxxx - see aclerror.h),
- *	and an error frame will be generated if an error list is provided.
- */
-
-int accReadFile(NSErr_t * errp, char * aclfile, ACContext_t **pacc)
-{
-    ACContext_t * acc = *pacc;	/* pointer to ACL root structure */
-    ACLFile_t * acf = 0;	/* pointer to ACL file handle */
-    void * stp = 0;		/* ACL symbol table handle */
-    int rv;			/* result value */
-    int eid;			/* error id value */
-
-    /* Initialize the ACL parser */
-    rv = aclParseInit();
-    if (rv < 0) goto err_init;
-
-    /* Do we need to create a new ACContext_t structure? */
-    if (acc == 0) {
-
-	/* Yes, create a symbol table for ACL, rights, etc. names */
-	rv = symTableNew(&stp);
-	if (rv < 0) goto err_crsym;
-
-	/* Create a root structure for the ACLs, including the symbol table */
-	rv = accCreate(errp, stp, &acc);
-	if (rv < 0) goto err_ret2;
-    }
-
-    /* Open the ACL definition file */
-    rv = aclFileOpen(errp, aclfile, 0, &acf);
-    if (rv < 0) goto err_ret3;
-
-    /* Parse the ACL definitions, building ACL structures in memory */
-    rv = aclACLParse(errp, acf, acc, 0);
-    if (rv < 0) goto err_ret4;
-
-    aclFileClose(acf, 0);
-
-    if (pacc) *pacc = acc;
-
-    return rv;
-
-  err_init:
-    eid = ACLERR3100;
-    goto err_ret;
-
-  err_crsym:
-    eid = ACLERR3120;
-    rv = ACLERRNOMEM;
-    goto err_ret;
-
-  err_ret4:
-    aclFileClose(acf, 0);
-  err_ret3:
-    /* Destroy the ACContext_t if we just created it */
-    if (acc != *pacc) {
-	accDestroy(acc, 0);
-    }
-    goto err_ret;
-
-  err_ret2:
-    symTableDestroy(stp, 0);
-
-  err_ret:
-    return rv;
-}
-
-/*
- * Description (aclAuthDNSAdd)
- *
- *	This function adds a DNS name specification to the DNS filter
- *	associated with a given host list.  The DNS name specification is
- *	either a fully-qualified domain name or a domain name suffix,
- *	indicated by a leading ".", e.g. (".mcom.com").  The name
- *	components included in a suffix must be complete.  For example,
- *	".scape.com" will not match names ending in ".netscape.com".
- *
- * Arguments:
- *
- *	hspp			- pointer to host list pointer
- *	dnsspec			- DNS name or suffix string pointer
- *	fqdn			- non-zero if dnsspec is fully qualified
- *
- * Returns:
- *
- *	If successful, the return code is zero.
- *	An error is indicated by a negative return code (ACLERRxxxx
- *	- see aclerror.h).
- */
-
-int aclAuthDNSAdd(HostSpec_t **hspp, char * dnsspec, int fqdn)
-{
-    HostSpec_t * hsp;		/* host list pointer */
-    void * table;		/* access control hash table pointer */
-    Symbol_t * sym;		/* hash table entry pointer */
-    int rv;			/* result value */
-
-    fqdn = (fqdn) ? 1 : 0;
-
-    /* Create the HostSpec_t if it doesn't exist */
-    hsp = *hspp;
-    if (hsp == 0) {
-
-	hsp = (HostSpec_t *)MALLOC(sizeof(HostSpec_t));
-	if (hsp == 0) goto err_nomem;
-	memset((void *)hsp, 0, sizeof(HostSpec_t));
-	hsp->hs_sym.sym_type = ACLSYMHOST;
-    }
-
-    /* Get pointer to hash table used for DNS filter */
-    table = hsp->hs_host.inh_dnf.dnf_hash;
-    if (table == 0) {
-
-	/* None there yet, so create one */
-	rv = symTableNew(&table);
-	if (rv < 0) goto punt;
-	hsp->hs_host.inh_dnf.dnf_hash = table;
-    }
-
-    /* See if the DNS spec is already in the table */
-    rv = symTableFindSym(table, dnsspec, fqdn, (void **)&sym);
-    if (rv < 0) {
-	if (rv != SYMERRNOSYM) goto punt;
-
-	/* It's not there, so add it */
-	sym = (Symbol_t *)MALLOC(sizeof(Symbol_t));
-	sym->sym_name = STRDUP(dnsspec);
-	sym->sym_type = fqdn;
-
-	rv = symTableAddSym(table, sym, (void *)sym);
-	if (rv < 0) goto err_nomem;
-    }
-
-    *hspp = hsp;
-
-  punt:
-    return rv;
-
-  err_nomem:
-    rv = ACLERRNOMEM;
-    goto punt;
-}
-
-/*
- * Description (aclAuthIPAdd)
- *
- *	This function adds an IP address specification to the IP filter
- *	associated with a given host list.  The IP address specification
- *	consists of an IP host or network address and an IP netmask.
- *	For host addresses the netmask value is 255.255.255.255.
- *
- * Arguments:
- *
- *	hspp			- pointer to host list pointer
- *	ipaddr			- IP host or network address
- *	netmask			- IP netmask value
- *
- * Returns:
- *
- *	If successful, the return code is zero.
- *	An error is indicated by a negative return code (ACLERRxxxx
- *	- see aclerror.h).
- */
-
-int aclAuthIPAdd(HostSpec_t **hspp, IPAddr_t ipaddr, IPAddr_t netmask)
-{
-    HostSpec_t * hsp;		/* host list pointer */
-    IPFilter_t * ipf;		/* IP filter pointer */
-    IPNode_t * ipn;		/* current node pointer */
-    IPNode_t * lastipn;		/* last (lower) node pointer */
-    IPLeaf_t * leaf;		/* leaf node pointer */
-    IPAddr_t bitmask;		/* bit mask for current node */
-    int lastbit;		/* number of last bit set in netmask */
-    int i;			/* loop index */
-
-    /* Create the HostSpec_t if it doesn't exist */
-    hsp = *hspp;
-    if (hsp == 0) {
-
-	hsp = (HostSpec_t *)MALLOC(sizeof(HostSpec_t));
-	if (hsp == 0) goto err_nomem;
-	memset((void *)hsp, 0, sizeof(HostSpec_t));
-	hsp->hs_sym.sym_type = ACLSYMHOST;
-    }
-
-    ipf = &hsp->hs_host.inh_ipf;
-
-    /* If the filter doesn't have a root node yet, create it */
-    if (ipf->ipf_tree == 0) {
-
-	/* Allocate node */
-	ipn = (IPNode_t *)MALLOC(sizeof(IPNode_t));
-	if (ipn == 0) goto err_nomem;
-
-	/* Initialize it to test bit 31, but without any descendants */
-	ipn->ipn_type = IPN_NODE;
-	ipn->ipn_bit = 31;
-	ipn->ipn_parent = NULL;
-	ipn->ipn_clear = NULL;
-	ipn->ipn_set = NULL;
-	ipn->ipn_masked = NULL;
-
-	/* Set it as the root node in the radix tree */
-	ipf->ipf_tree = ipn;
-    }
-
-    /* First we search the tree to see where this IP specification fits */
-
-    lastipn = NULL;
-
-    for (ipn = ipf->ipf_tree; (ipn != NULL) && (ipn->ipn_type == IPN_NODE); ) {
-
-	/* Get a mask for the bit this node tests */
-	bitmask = (IPAddr_t) 1<<ipn->ipn_bit;
-
-	/* Save pointer to last internal node */
-	lastipn = ipn;
-
-	/* Is this a bit we care about? */
-	if (bitmask & netmask) {
-
-	    /* Yes, get address of set or clear descendant pointer */
-	    ipn = (bitmask & ipaddr) ? ipn->ipn_set : ipn->ipn_clear;
-	}
-	else {
-	    /* No, get the address of the masked descendant pointer */
-	    ipn = ipn->ipn_masked;
-	}
-    }
-
-    /* Did we end up at a leaf node? */
-    if (ipn == NULL) {
-
-	/*
-         * No, well, we need to find a leaf node if possible.  The
-         * reason is that we need an IP address and netmask to compare
-         * to the IP address and netmask we're inserting.  We know that
-         * they're the same up to the bit tested by the lastipn node,
-         * but we need to know the *highest* order bit that's different.
-         * Any leaf node below lastipn will do.
-         */
-
-	leaf = NULL;
-        ipn = lastipn;
-
-        while (ipn != NULL) {
-
-            /* Look for any non-null child link of the current node */
-            for (i = 0; i < IPN_NLINKS; ++i) {
-                if (ipn->ipn_links[i]) break;
-            }
-
-            /*
-             * Fail search for leaf if no non-null child link found.
-             * This should only happen on the root node of the tree
-             * when the tree is empty.
-             */
-            if (i >= IPN_NLINKS) {
-                assert(ipn == ipf->ipf_tree);
-                break;
-            }
-
-            /* Step to the child node */
-            ipn = ipn->ipn_links[i];
-
-            /* Is it a leaf? */
-            if (ipn->ipn_type == IPN_LEAF) {
-
-                /* Yes, search is over */
-                leaf = (IPLeaf_t *)ipn;
-                ipn = NULL;
-                break;
-	    }
-	}
-    }
-    else {
-
-	/* Yes, loop terminated on a leaf node */
-	assert(ipn->ipn_type == IPN_LEAF);
-	leaf = (IPLeaf_t *)ipn;
-    }
-
-    /* Got a leaf yet? */
-    if (leaf != NULL) {
-
-	/* Combine the IP address and netmask differences */
-	bitmask = (leaf->ipl_ipaddr ^ ipaddr) | (leaf->ipl_netmask ^ netmask);
-
-	/* Are both the IP address and the netmask the same? */
-	if (bitmask == 0) {
-
-	    /* Yes, duplicate entry */
-	    return 0;
-	}
-
-	/* Find the bit number of the first different bit */
-	for (lastbit = 31;
-	     (bitmask & 0x80000000) == 0; --lastbit, bitmask <<= 1) ;
-
-	/* Generate a bit mask with just that bit */
-	bitmask = (IPAddr_t) (1 << lastbit);
-
-	/*
-	 * Go up the tree from lastipn, looking for an internal node
-	 * that tests lastbit.  Stop if we get to a node that tests
-	 * a higher bit number first.
-	 */
-	for (ipn = lastipn, lastipn = (IPNode_t *)leaf;
-	     ipn != NULL; ipn = ipn->ipn_parent) {
-
-	    if (ipn->ipn_bit >= lastbit) {
-		if (ipn->ipn_bit == lastbit) {
-		    /* Need to add a leaf off ipn node */
-		    lastipn = NULL;
-		}
-		break;
-	    }
-	    lastipn = ipn;
-	}
-
-	assert(ipn != NULL);
-    }
-    else {
-
-	/* Just hang a leaf off the lastipn node if no leaf */
-	ipn = lastipn;
-	lastipn = NULL;
-	lastbit = ipn->ipn_bit;
-    }
-
-    /*
-     * If lastipn is not NULL at this point, the new leaf will hang
-     * off an internal node inserted between the upper node, referenced
-     * by ipn, and the lower node, referenced by lastipn.  The lower
-     * node may be an internal node or a leaf.
-     */
-    if (lastipn != NULL) {
-	IPNode_t * parent = ipn;	/* parent of the new node */
-
-	assert((lastipn->ipn_type == IPN_LEAF) ||
-	       (ipn == lastipn->ipn_parent));
-
-	/* Allocate space for the internal node */
-	ipn = (IPNode_t *)MALLOC(sizeof(IPNode_t));
-	if (ipn == NULL) goto err_nomem;
-
-	ipn->ipn_type = IPN_NODE;
-	ipn->ipn_bit = lastbit;
-	ipn->ipn_parent = parent;
-	ipn->ipn_clear = NULL;
-	ipn->ipn_set = NULL;
-	ipn->ipn_masked = NULL;
-
-	bitmask = (IPAddr_t) (1 << lastbit);
-
-	/*
-	 * The values in the leaf we found above determine which
-	 * descendant link of the new internal node will reference
-	 * the subtree that we just ascended.
-	 */
-	if (leaf->ipl_netmask & bitmask) {
-	    if (leaf->ipl_ipaddr & bitmask) {
-		ipn->ipn_set = lastipn;
-	    }
-	    else {
-		ipn->ipn_clear = lastipn;
-	    }
-	}
-	else {
-	    ipn->ipn_masked = lastipn;
-	}
-
-	/* Allocate space for the new leaf */
-	leaf = (IPLeaf_t *)MALLOC(sizeof(IPLeaf_t));
-	if (leaf == NULL) {
-	    FREE((void *)ipn);
-	    goto err_nomem;
-	}
-
-	/* Insert internal node in tree */
-
-	/* First the downward link from the parent to the new node */
-	for (i = 0; i < IPN_NLINKS; ++i) {
-	    if (parent->ipn_links[i] == lastipn) {
-		parent->ipn_links[i] = ipn;
-		break;
-	    }
-	}
-
-	/* Then the upward link from the child (if it's not a leaf) */
-	if (lastipn->ipn_type == IPN_NODE) {
-	    lastipn->ipn_parent = ipn;
-	}
-    }
-    else {
-	/* Allocate space for a leaf node only */
-	leaf = (IPLeaf_t *)MALLOC(sizeof(IPLeaf_t));
-	if (leaf == NULL) goto err_nomem;
-    }
-
-    /* Initialize the new leaf */
-    leaf->ipl_type = IPN_LEAF;
-    leaf->ipl_ipaddr = ipaddr;
-    leaf->ipl_netmask = netmask;
-
-    /*
-     * Select the appropriate descendant link of the internal node
-     * and point it at the new leaf.
-     */
-    bitmask = (IPAddr_t) (1 << ipn->ipn_bit);
-    if (bitmask & netmask) {
-	if (bitmask & ipaddr) {
-	    assert(ipn->ipn_set == NULL);
-	    ipn->ipn_set = (IPNode_t *)leaf;
-	}
-	else {
-	    assert(ipn->ipn_clear == NULL);
-	    ipn->ipn_clear = (IPNode_t *)leaf;
-	}
-    }
-    else {
-	assert(ipn->ipn_masked == NULL);
-	ipn->ipn_masked = (IPNode_t *)leaf;
-    }
-
-    *hspp = hsp;
-
-    /* Successful completion */
-    return 0;
-
-  err_nomem:
-    return ACLERRNOMEM;
-}
-
-/*
- * Description (aclAuthNameAdd)
- *
- *	This function adds a user or group to a given user list,
- *	in the context of a specified ACL that is being created.  The
- *	name of the user or group is provided by the caller, and is
- *	looked up in the authentication database associated with the
- *	specified user list.  The return value indicates whether the name
- *	matched a user or group name, and whether the corresponding user
- *	or group id was already present in the given user list.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	usp			- pointer to user list specification
- *	rlm			- pointer to current authentication realm
- *	name			- pointer to user or group name string
- *
- * Returns:
- *
- *	The return value is zero if the name is not found in the
- *	authentication database.  If the name is found, the return value
- *	is a positive value containing bit flags:
- *
- *	AIF_GROUP		- name matches a group name
- *	AIF_USER		- name matches a user name
- *	AIF_DUP			- name was already represented in the
- *				  specified user list
- *
- *	An error is indicated by a negative return code (ACLERRxxxx
- *	- see aclerror.h), and an error frame will be generated if
- *	an error list is provided.
- */
-
-int aclAuthNameAdd(NSErr_t * errp, UserSpec_t * usp,
-		   Realm_t * rlm, char * name)
-{
-    void * guoptr;			/* group or user object pointer */
-    int irv;				/* insert result value */
-    int eid;				/* error id */
-    int rv;				/* result value */
-
-    /* There must be a realm specified in order to handle users */
-    if (rlm == 0) goto err_norealm;
-    
-    /* Open the authentication database if it's not already */
-    if (rlm->rlm_authdb == 0) {
-
-	if (rlm->rlm_aif == 0) {
-	    rlm->rlm_aif = &NSADB_AuthIF;
-	}
-
-	rv = (*rlm->rlm_aif->aif_open)(errp,
-				       rlm->rlm_dbname, 0, &rlm->rlm_authdb);
-	if (rv < 0) goto err_open;
-    }
-
-    /* Look up the name in the authentication DB */
-    rv = (*rlm->rlm_aif->aif_findname)(errp, rlm->rlm_authdb, name,
-				       (AIF_USER|AIF_GROUP), (void **)&guoptr);
-    if (rv <= 0) {
-	if (rv < 0) goto err_adb;
-
-	/* The name was not found in the database */
-	return 0;
-    }
-
-    /* The name was found.  Was it a user name? */
-    if (rv == AIF_USER) {
-
-	/* Yes, add the user id to the user list */
-	irv = usiInsert(&usp->us_user.uu_user, ((UserObj_t *)guoptr)->uo_uid);
-	rv = ANA_USER;
-    }
-    else {
-
-	/* No, must be a group name.  Add group id to an_groups list. */
-	irv = usiInsert(&usp->us_user.uu_group,
-			((GroupObj_t *)guoptr)->go_gid);
-	rv = ANA_GROUP;
-    }
-
-    /* Examine the result of the insert operation */
-    if (irv <= 0) {
-	if (irv < 0) goto err_ins;
-
-	/* Id was already in the list */
-	rv |= ANA_DUP;
-    }
-
-  punt:
-    return rv;
-
-  err_norealm:
-    eid = ACLERR3400;
-    rv = ACLERRNORLM;
-    nserrGenerate(errp, rv, eid, ACL_Program, 1, name);
-    goto punt;
-
-  err_open:
-    eid = ACLERR3420;
-    rv = ACLERROPEN;
-    nserrGenerate(errp, rv, eid, ACL_Program,
-		  2, rlm->rlm_dbname, system_errmsg());
-    goto punt;
-
-  err_adb:
-    /* Error accessing authentication database. */
-    eid = ACLERR3440;
-    rv = ACLERRADB;
-    nserrGenerate(errp, rv, eid, ACL_Program, 2, rlm->rlm_dbname, name);
-    goto punt;
-
-  err_ins:
-    /* Error on insert operation.  Must be lack of memory. */
-    eid = ACLERR3460;
-    rv = ACLERRNOMEM;
-    nserrGenerate(errp, rv, eid, ACL_Program, 0);
-    goto punt;
-}
-
-/*
- * Description (aclClientsDirCreate)
- *
- *	This function allocates and initializes a new ACClients_t
- *	ACL directive.
- *
- * Arguments:
- *
- *	None.
- *
- * Returns:
- *
- *	If successful, a pointer to the new ACClients_t is returned.
- *	A shortage of dynamic memory is indicated by a null return value.
- */
-
-ACClients_t * aclClientsDirCreate()
-{
-    ACClients_t * acd;			/* pointer to new ACClients_t */
-
-    acd = (ACClients_t *)MALLOC(sizeof(ACClients_t));
-    if (acd != 0) {
-	memset((void *)acd, 0, sizeof(ACClients_t));
-    }
-
-    return acd;
-}
-
-/*
- * Description (aclCreate)
- *
- *	This function creates a new ACL root structure.  The caller
- *	specifies the name to be associated with the ACL.  The ACL handle
- *	returned by this function is passed to other functions in this
- *	module when adding information to the ACL.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	acc			- pointer to an access control context
- *	aclname			- pointer to ACL name string
- *	pacl			- pointer to returned ACL handle
- *
- * Returns:
- *
- *	The return value is zero if the ACL is created successfully.
- *	Otherwise it is a negative error code (ACLERRxxxx - see aclerror.h),
- *	and an error frame will be generated if an error list is provided.
- */
-
-int aclCreate(NSErr_t * errp, ACContext_t * acc, char * aclname, ACL_t **pacl)
-{
-    ACL_t * acl;		/* pointer to created ACL */
-    int rv;			/* result value */
-    int eid;			/* error id */
-
-    *pacl = 0;
-
-    /* Allocate the ACL_t structure */
-    acl = (ACL_t *) MALLOC(sizeof(ACL_t));
-    if (acl == 0) goto err_nomem;
-
-    /* Initialize the structure */
-    memset((void *)acl, 0, sizeof(ACL_t));
-    acl->acl_sym.sym_name = STRDUP(aclname);
-    acl->acl_sym.sym_type = ACLSYMACL;
-    acl->acl_acc = acc;
-    acl->acl_refcnt = 1;
-
-    /* Add it to the symbol table for the specified context */
-    rv = symTableAddSym(acc->acc_stp, &acl->acl_sym, (void *)acl);
-    if (rv < 0) goto err_addsym;
-
-    /* Add it to the list of ACLs for the specified context */
-    acl->acl_next = acc->acc_acls;
-    acc->acc_acls = acl;
-    acc->acc_refcnt += 1;
-
-    *pacl = acl;
-    return 0;
-
-  err_nomem:
-    rv = ACLERRNOMEM;
-    eid = ACLERR3200;
-    nserrGenerate(errp, rv, eid, ACL_Program, 0);
-    goto done;
-
-  err_addsym:
-    FREE(acl);
-    rv = ACLERRDUPSYM;
-    eid = ACLERR3220;
-    nserrGenerate(errp, rv, eid, ACL_Program, 1, aclname);
-
-  done:
-    return rv;
-}
-
-/*
- * Description (aclDestroy)
- *
- *	This function destroys an ACL structure and its sub-structures.
- *	It does not free the ACContext_t referenced by the ACL.
- *
- * Arguments:
- *
- *	acl			- pointer to ACL_t structure
- */
-
-void aclDestroy(ACL_t * acl)
-{
-    ACL_t **pacl;		/* ACL list link pointer */
-    ACDirective_t * acd;	/* ACL directive pointer */
-    ACDirective_t * nacd;	/* next ACL directive pointer */
-
-    /* Is there an ACContext_t structure? */
-    if (acl->acl_acc != 0) {
-
-	/* Remove this ACL from the list in the ACContext_t structure */
-	for (pacl = &acl->acl_acc->acc_acls;
-	     *pacl != 0; pacl = &(*pacl)->acl_next) {
-
-	    if (*pacl == acl) {
-		*pacl = acl->acl_next;
-		acl->acl_acc->acc_refcnt -= 1;
-		break;
-	    }
-	}
-    }
-
-    /* Destroy each ACL directive */
-    for (acd = acl->acl_dirf; acd != 0; acd = nacd) {
-	nacd = acd->acd_next;
-	aclDirectiveDestroy(acd);
-    }
-
-    /* Free the ACL rights list if it is unnamed */
-    if ((acl->acl_rights != 0) && (acl->acl_rights->rs_sym.sym_name == 0)) {
-	aclRightSpecDestroy(acl->acl_rights);
-    }
-
-    /* Free the ACL name string, if any */
-    if (acl->acl_sym.sym_name != 0) {
-	FREE(acl->acl_sym.sym_name);
-    }
-
-    /* Free the ACL itself */
-    FREE(acl);
-}
-
-/*
- * Description (aclDelete)
- *
- *	This function removes a specified ACL from the symbol table
- *	associated with its ACL context, and then destroys the ACL
- *	structure and any unnamed objects it references (other than
- *	the ACL context).
- *
- * Arguments:
- *
- *	acl			- pointer to the ACL
- */
-
-void aclDelete(ACL_t * acl)
-{
-    ACContext_t * acc = acl->acl_acc;
-
-    if ((acc != 0) && (acl->acl_sym.sym_name != 0)) {
-	symTableRemoveSym(acc->acc_stp, &acl->acl_sym);
-    }
-
-    aclDestroy(acl);
-}
-
-/*
- * Description (aclDirectiveAdd)
- *
- *	This function adds a given directive to a specified ACL.
- *
- * Arguments:
- *
- *	acl			- pointer to the ACL
- *	acd			- pointer to the directive to be added
- *
- * Returns:
- *
- *	If successful, the return value is zero.  An error is indicated
- *	by a negative return value.
- */
-
-int aclDirectiveAdd(ACL_t * acl, ACDirective_t * acd)
-{
-    /* Add the directive to the end of the ACL's directive list */
-    acd->acd_next = 0;
-
-    if (acl->acl_dirl == 0) {
-	/* First entry in empty list */
-	acl->acl_dirf = acd;
-    }
-    else {
-	/* Append to end of list */
-	acl->acl_dirl->acd_next = acd;
-    }
-
-    acl->acl_dirl = acd;
-
-    return 0;
-}
-
-/*
- * Description (aclDirectiveCreate)
- *
- *	This function allocates and initializes a new ACDirective_t
- *	structure, representing an ACL directive.
- *
- * Arguments:
- *
- *	None.
- *
- * Returns:
- *
- *	If successful, the return value is a pointer to a new ACDirective_t.
- *	Otherwise the return value is null.
- */
-
-ACDirective_t * aclDirectiveCreate()
-{
-    ACDirective_t * acd;
-
-    acd = (ACDirective_t *) MALLOC(sizeof(ACDirective_t));
-    if (acd != 0) {
-	memset((void *)acd, 0, sizeof(ACDirective_t));
-    }
-
-    return acd;
-}
-
-/*
- * Description (aclDirectiveDestroy)
- *
- *	This function destroys an ACL directive structure.
- *
- * Arguments:
- *
- *	acd			- pointer to ACL directive structure
- */
-
-void aclDirectiveDestroy(ACDirective_t * acd)
-{
-    switch (acd->acd_action) {
-      case ACD_ALLOW:
-      case ACD_DENY:
-	{
-	    ACClients_t * acp;
-	    ACClients_t * nacp;
-
-	    /* Free a list of ACClients_t structures */
-	    for (acp = acd->acd_cl; acp != 0; acp = nacp) {
-		nacp = acp->cl_next;
-
-		/* Free the HostSpec_t if it's there and unnamed */
-		if ((acp->cl_host != 0) &&
-		    (acp->cl_host->hs_sym.sym_name == 0)) {
-		    aclHostSpecDestroy(acp->cl_host);
-		}
-
-		/* Free the UserSpec_t if it's there and unnamed */
-		if ((acp->cl_user != 0) &&
-		    (acp->cl_user->us_sym.sym_name == 0)) {
-		    aclUserSpecDestroy(acp->cl_user);
-		}
-	    }
-	}
-	break;
-
-      case ACD_AUTH:
-	{
-	    RealmSpec_t * rsp = acd->acd_auth.au_realm;
-
-	    /* Destroy the RealmSpec_t if it's unnamed */
-	    if ((rsp != 0) && (rsp->rs_sym.sym_name == 0)) {
-		aclRealmSpecDestroy(rsp);
-	    }
-	}
-	break;
-    }
-
-    FREE(acd);
-}
-
-/*
- * Description (aclDNSSpecDestroy)
- *
- *	This function destroys an entry in a DNS filter.  It is intended
- *	mainly to be used by aclHostSpecDestroy().
- *
- * Arguments:
- *
- *	sym			- pointer to Symbol_t for DNS filter entry
- *	argp			- unused (must be zero)
- *
- * Returns:
- *
- *	The return value is SYMENUMREMOVE.
- */
-
-int aclDNSSpecDestroy(Symbol_t * sym, void * argp)
-{
-    if (sym != 0) {
-
-	/* Free the DNS specification string if any */
-	if (sym->sym_name != 0) {
-	    FREE(sym->sym_name);
-	}
-
-	/* Free the Symbol_t structure */
-	FREE(sym);
-    }
-
-    /* Indicate that the symbol table entry should be removed */
-    return SYMENUMREMOVE;
-}
-
-/*
- * Description (aclHostSpecDestroy)
- *
- *	This function destroys a HostSpec_t structure and its sub-structures.
- *
- * Arguments:
- *
- *	hsp			- pointer to HostSpec_t structure
- */
-
-void aclHostSpecDestroy(HostSpec_t * hsp)
-{
-    if (hsp == 0) return;
-
-    /* Free the IP filter if any */
-    if (hsp->hs_host.inh_ipf.ipf_tree != 0) {
-	IPNode_t * ipn;			/* current node pointer */
-	IPNode_t * parent;		/* parent node pointer */
-	int i;
-
-	/* Traverse tree, freeing nodes */
-	for (parent = hsp->hs_host.inh_ipf.ipf_tree; parent != NULL; ) {
-
-	    /* Look for a link to a child node */
-	    for (i = 0; i < IPN_NLINKS; ++i) {
-		ipn = parent->ipn_links[i];
-		if (ipn != NULL) break;
-	    }
-
-	    /* Any children for the parent node? */
-	    if (ipn == NULL) {
-
-		/* Otherwise back up the tree */
-		ipn = parent;
-		parent = ipn->ipn_parent;
-
-		/* Free the lower node */
-		FREE(ipn);
-		continue;
-	    }
-
-	    /*
-	     * Found a child node for the current parent.
-	     * NULL out the downward link and check it out.
-	     */
-	    parent->ipn_links[i] = NULL;
-
-	    /* Is it a leaf? */
-	    if (ipn->ipn_type == IPN_LEAF) {
-		/* Yes, free it */
-		FREE(ipn);
-		continue;
-	    }
-
-	    /* No, step down the tree */
-	    parent = ipn;
-	}
-    }
-
-    /* Free the DNS filter if any */
-    if (hsp->hs_host.inh_dnf.dnf_hash != 0) {
-
-	/* Destroy each entry in the symbol table */
-	symTableEnumerate(hsp->hs_host.inh_dnf.dnf_hash, 0,
-			  aclDNSSpecDestroy);
-
-	/* Destroy the symbol table itself */
-	symTableDestroy(hsp->hs_host.inh_dnf.dnf_hash, 0);
-    }
-
-    /* Free the symbol name if any */
-    if (hsp->hs_sym.sym_name != 0) {
-	FREE(hsp->hs_sym.sym_name);
-    }
-
-    /* Free the HostSpec_t structure */
-    FREE(hsp);
-}
-
-/*
- * Description (aclRealmSpecDestroy)
- *
- *	This function destroys a RealmSpec_t structure.
- *
- * Arguments:
- *
- *	rsp			- pointer to RealmSpec_t structure
- */
-
-void aclRealmSpecDestroy(RealmSpec_t * rsp)
-{
-    /* Close the realm authentication database if it appears open */
-    if ((rsp->rs_realm.rlm_aif != 0) &&
-	(rsp->rs_realm.rlm_authdb != 0)) {
-	(*rsp->rs_realm.rlm_aif->aif_close)(rsp->rs_realm.rlm_authdb, 0);
-    }
-
-    /* Free the prompt string if any */
-    if (rsp->rs_realm.rlm_prompt != 0) {
-	FREE(rsp->rs_realm.rlm_prompt);
-    }
-
-    /* Free the database filename string if any */
-    if (rsp->rs_realm.rlm_dbname != 0) {
-	FREE(rsp->rs_realm.rlm_dbname);
-    }
-
-    /* Free the realm specification name if any */
-    if (rsp->rs_sym.sym_name != 0) {
-	FREE(rsp->rs_sym.sym_name);
-    }
-
-    /* Free the RealmSpec_t structure */
-    FREE(rsp);
-}
-
-/*
- * Description (aclRightDef)
- *
- *	This function find or creates an access right with a specified
- *	name in a given ACL context.  If a new access right definition
- *	is created, it assigns a unique integer identifier to the the
- *	right, adds it to the ACL context symbol table and to the
- *	list of all access rights for the context.  Note that access
- *	right names are case-insensitive.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	acc			- pointer to an access control context
- *	rname			- access right name (e.g. "GET")
- *	prd			- pointer to returned RightDef_t pointer
- *				  (may be null)
- *
- * Returns:
- *
- *	The return value is zero if the access right definition already
- *	existed or one if it was created successfully.  Otherwise it is
- *	a negative error code (ACLERRxxxx - see aclerror.h), and an error
- *	frame will be generated if an error list is provided.
- */
-
-int aclRightDef(NSErr_t * errp,
-		ACContext_t * acc, char * rname, RightDef_t **prd)
-{
-    RightDef_t * rdp;			/* pointer to right definition */
-    int eid;				/* error id code */
-    int rv;				/* result value */
-    static int last_rid = 0;		/* last assigned right id */
-
-    /* See if there's already a symbol table entry for it */
-    rv = symTableFindSym(acc->acc_stp, rname, ACLSYMRIGHT, (void **)&rdp);
-    if (rv) {
-
-	/* No, create an entry */
-
-	/* Allocate a right definition structure and initialize it */
-	rdp = (RightDef_t *)MALLOC(sizeof(RightDef_t));
-	if (rdp == 0) goto err_nomem;
-
-	rdp->rd_sym.sym_name = STRDUP(rname);
-	rdp->rd_sym.sym_type = ACLSYMRIGHT;
-	rdp->rd_next = acc->acc_rights;
-	rdp->rd_id = ++last_rid;
-
-	/* Add the right name to the symbol table for the ACL context */
-	rv = symTableAddSym(acc->acc_stp, &rdp->rd_sym, (void *)rdp);
-	if (rv) goto err_stadd;
-
-	/* Add the right definition to the list for the ACL context */
-	acc->acc_rights = rdp;
-
-	/* Indicate a new right definition was created */
-	rv = 1;
-    }
-
-    /* Return a pointer to the RightDef_t structure if indicated */
-    if (prd != 0) *prd = rdp;
-
-    return rv;
-
-  err_nomem:
-    eid = ACLERR3600;
-    rv = ACLERRNOMEM;
-    nserrGenerate(errp, rv, eid, ACL_Program, 0);
-    goto punt;
-
-  err_stadd:
-    FREE(rdp->rd_sym.sym_name);
-    FREE(rdp);
-    eid = ACLERR3620;
-    rv = ACLERRDUPSYM;
-    nserrGenerate(errp, rv, eid, ACL_Program, 1, rname);
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (aclRightSpecDestroy)
- *
- *	This function destroys a RightSpec_t structure.
- *
- * Arguments:
- *
- *	rsp			- pointer to RightSpec_t structure
- */
-
-void aclRightSpecDestroy(RightSpec_t * rsp)
-{
-    if (rsp != 0) {
-
-	UILFREE(&rsp->rs_list);
-
-	if (rsp->rs_sym.sym_name != 0) {
-	    FREE(rsp->rs_sym.sym_name);
-	}
-
-	FREE(rsp);
-    }
-}
-
-/*
- * Description (aclUserSpecCreate)
- *
- *	This function allocates and initializes a new UserSpec_t
- *	structure, representing a list of users and groups.
- *
- * Arguments:
- *
- *	None.
- *
- * Returns:
- *
- *	If successful, the return value is a pointer to a new UserSpec_t.
- *	Otherwise the return value is null.
- */
-
-UserSpec_t * aclUserSpecCreate()
-{
-    UserSpec_t * usp;
-
-    usp = (UserSpec_t *) MALLOC(sizeof(UserSpec_t));
-    if (usp != 0) {
-	memset((void *)usp, 0, sizeof(UserSpec_t));
-	usp->us_sym.sym_type = ACLSYMUSER;
-    }
-
-    return usp;
-}
-
-/*
- * Description (aclUserSpecDestroy)
- *
- *	This function destroys a UserSpec_t structure.
- *
- * Arguments:
- *
- *	usp			- pointer to UserSpec_t structure
- */
-
-void aclUserSpecDestroy(UserSpec_t * usp)
-{
-    if (usp != 0) {
-
-	UILFREE(&usp->us_user.uu_user);
-	UILFREE(&usp->us_user.uu_group);
-
-	if (usp->us_sym.sym_name != 0) {
-	    FREE(usp->us_sym.sym_name);
-	}
-
-	FREE(usp);
-    }
-}

lib/libaccess/aclparse.cpp

@@ -1,2241 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (aclparse.c)
- *
- *	This module provides functions for parsing a file containing
- *	Access Control List (ACL) definitions.  It builds a representation
- *	of the ACLs in memory, using the services of the aclbuild module.
- */
-
-#include <base/systems.h>
-#include <base/file.h>
-#include <base/util.h>
-#include <netsite.h>
-#include <libaccess/nsadb.h>
-#include <libaccess/aclerror.h>
-#include <libaccess/aclparse.h>
-#include <libaccess/symbols.h>
-
-#ifdef XP_UNIX
-#include <sys/types.h>
-#include <netinet/in.h>  /* ntohl */
-#include <arpa/inet.h>
-#endif
-
-void * aclChTab = 0;		/* character class table handle */
-
-static char * classv[] = {
-    " \t\r\f\013",		/* class 0 - whitespace */
-    "\n",			/* class 1 - newline */
-    ",.;@*()+{}\"\'",		/* class 2 - special characters */
-    "0123456789",		/* class 3 - digits */
-				/* class 4 - letters */
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
-    "-",			/* class 5 - hyphen */
-    "_",			/* class 6 - underscore */
-    "/-_.:"			/* class 7 - filename special characters */
-};
-
-static int classc = sizeof(classv)/sizeof(char *);
-
-/*
- * Description (aclAuthListParse)
- *
- *	This function parses an auth-list.  An auth-list specifies
- *	combinations of user/group names and host addresses/names.
- *	An auth-list entry can identify a collection of users and/or
- *	groups, a collection of hosts by IP addresses or DNS names,
- *	or a combination of the two.  Each auth-spec adds another
- *	ACClients_t structure to the specified list.
- *
- *	The syntax for an auth-list is:
- *
- *	auth-list ::= auth-spec | auth-list "," auth-spec
- *	auth-spec ::= auth-users [at-token auth-hosts]
- *	auth-users - see aclAuthUsersParse()
- *	auth-hosts - see aclAuthHostsParse()
- *	at-token ::= "at" | "@"
- *
- *	The caller provides a pointer to a ClientSpec_t structure,
- *	which is built up with new information as auth-specs are parsed.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	acf			- pointer to ACLFile_t for ACL file
- *	acc			- pointer to ACL context object
- *	rlm			- pointer to authentication realm object
- *	clsp			- pointer to returned ACClients_t list head
- *
- * Returns:
- *
- *	If successful, the return value is the token type of the token
- *	following the auth-list, i.e. the first token which is not
- *	recognized as the start of an auth-spec.  It is the caller's
- *	responsibility to validate this token as a legitimate terminator
- *	of an auth-list.  If a parsing error occurs in the middle of
- *	an auth-spec, the return value is ACLERRPARSE, and an error frame
- *	is generated if an error list is provided.  For other kinds of
- *	errors a negative error code (from aclerror.h) is returned.
- */
-
-int aclAuthListParse(NSErr_t * errp, ACLFile_t * acf,
-		     ACContext_t * acc, Realm_t * rlm, ACClients_t **clsp)
-{
-    void * token = acf->acf_token;	/* token handle */
-    ACClients_t * csp;			/* client spec pointer */
-    UserSpec_t * usp;			/* user spec pointer */
-    HostSpec_t * hsp;			/* host spec pointer */
-    int rv;				/* result value */
-    int eid;				/* error id */
-
-    /* Loop once for each auth-spec */
-    for (rv = acf->acf_ttype; ; rv = aclGetToken(errp, acf, 0)) {
-
-	usp = 0;
-	hsp = 0;
-
-	/* Parse auth-users into user and group lists in the ACClients_t */
-	rv = aclAuthUsersParse(errp, acf, rlm, &usp, 0);
-	if (rv < 0) break;
-
-	/* Is the at-token there? */
-	if ((rv == TOKEN_AT) || !strcasecmp(lex_token(token), KEYWORD_AT)) {
-
-	    /* Step to the next token after the at-token */
-	    rv = aclGetToken(errp, acf, 0);
-	    if (rv < 0) break;
-
-	    /* Parse auth-hosts part, adding information to the HostSpec_t */
-	    rv = aclAuthHostsParse(errp, acf, acc, &hsp);
-	    if (rv < 0) break;
-	}
-
-	/* Create a new ACClients_t structure for the parsed information */
-	csp = (ACClients_t *)MALLOC(sizeof(ACClients_t));
-	if (csp == 0) goto err_nomem;
-
-	csp->cl_next = 0;
-	csp->cl_user = usp;
-	csp->cl_host = hsp;
-
-	/* Add it to the end of the list referenced by clsp */
-	while (*clsp != 0) clsp = &(*clsp)->cl_next;
-	*clsp = csp;
-
-	/* Need a "," to keep going */
-	if (rv != TOKEN_COMMA) break;
-    }
-
-    return rv;
-
-  err_nomem:
-    eid = ACLERR1000;
-    nserrGenerate(errp, ACLERRNOMEM, eid, ACL_Program, 0);
-    return ACLERRNOMEM;
-}
-
-/*
- * Description (aclAuthHostsParse)
- *
- *	This function parses a list of IP address and/or DNS name
- *	specifications, adding information to the IP and DNS filters
- *	associated with a specified HostSpec_t.  The syntax of the
- *	auth-hosts construct is:
- *
- *	auth-hosts ::= auth-host-elem | "(" auth-host-list ")"
- *				      | "hosts" host-list-name
- *	auth-host-elem ::= auth-ip-spec | auth-dns-spec
- *	auth-ip-spec ::= ipaddr | ipaddr netmask
- *	auth-dns-spec ::= fqdn | dns-suffix
- *	auth-host-list ::= auth-host-elem | auth-host-list "," auth-host-elem
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	acf			- pointer to ACLFile_t for ACL file
- *	acc			- pointer to ACL context object
- *	hspp			- pointer to HostSpec_t pointer
- *
- * Returns:
- *
- *	If successful, the return value is the token type of the token
- *	following the auth-hosts, i.e. either the first token after a
- *	single auth-host-elem or the first token after the closing ")"
- *	of a list of auth-host-elems.  It is the caller's responsibility
- *	to validate this token as a legitimate successor of auth-hosts.
- *	If a parsing error occurs in the middle of auth-hosts, the return
- *	value is ACLERRPARSE, and an error frame is generated if an error
- *	list is provided.  For other kinds of errors a negative error
- *	code (from aclerror.h) is returned.
- */
-
-int aclAuthHostsParse(NSErr_t * errp,
-		      ACLFile_t * acf, ACContext_t * acc, HostSpec_t **hspp)
-{
-    void * token = acf->acf_token;	/* token handle */
-    char * tokenstr;			/* token string pointer */
-    int islist = 0;			/* true if auth-host-list */
-    int fqdn;				/* fully qualified domain name */
-    IPAddr_t ipaddr;			/* IP address value */
-    IPAddr_t netmask;			/* IP netmask value */
-    int arv;				/* alternate result value */
-    int rv;				/* result value */
-    int eid;				/* error id */
-    char linestr[16];			/* line number string buffer */
-
-    rv = acf->acf_ttype;
-
-    /* Are we starting an auth-host-list? */
-    if (rv == TOKEN_LPAREN) {
-
-	/* Yes, it appears so */
-	islist = 1;
-
-	/* Step token to first auth-host-elem */
-	rv = aclGetToken(errp, acf, 0);
-	if (rv < 0) goto punt;
-    }
-    else if (rv == TOKEN_IDENT) {
-
-	/* Could this be "hosts host-list-name"? */
-	tokenstr = lex_token(token);
-
-	if (!strcasecmp(tokenstr, KEYWORD_HOSTS)) {
-
-	    /* We don't support lists of host lists yet */
-	    if (*hspp != 0) goto err_unshl;
-
-	    /* Get host-list-name */
-	    rv = aclGetToken(errp, acf, 0);
-	    if (rv < 0) goto punt;
-
-	    if (rv != TOKEN_IDENT) goto err_hlname;
-
-	    tokenstr = lex_token(token);
-
-	    /* Look up the host-list-name in the ACL symbol table */
-	    rv = symTableFindSym(acc->acc_stp,
-				 tokenstr, ACLSYMHOST, (void **)hspp);
-	    if (rv < 0) goto err_undefhl;
-
-	    /* Step to token after the host-list-name */
-	    rv = aclGetToken(errp, acf, 0);
-
-	    return rv;
-	}
-    }
-
-    /* Loop for each auth-host-elem */
-    for (rv = acf->acf_ttype; ; rv = aclGetToken(errp, acf, 0)) {
-
-	/* Does this look like an auth-ip-spec? */
-	if (rv == TOKEN_NUMBER) {
-
-	    /* Yes, go parse it */
-	    rv = aclGetIPAddr(errp, acf, &ipaddr, &netmask);
-	    if (rv < 0) goto punt;
-
-	    arv = aclAuthIPAdd(hspp, ipaddr, netmask);
-	    if (arv < 0) goto err_ipadd;
-	}
-	else if ((rv == TOKEN_STAR) || (rv == TOKEN_IDENT)) {
-
-	    /* Get fully qualified DNS name indicator value */
-	    fqdn = (rv == TOKEN_IDENT) ? 1 : 0;
-
-	    /* This looks like the start of an auth-dns-spec */
-	    rv = aclGetDNSString(errp, acf);
-	    if (rv < 0) goto punt;
-
-	    tokenstr = lex_token(token);
-
-	    /* If the DNS spec begins with "*.", strip the "*" */
-	    if (tokenstr && (tokenstr[0] == '*') && (tokenstr[1] == '.')) {
-		tokenstr += 1;
-	    }
-
-	    arv = aclAuthDNSAdd(hspp, tokenstr, fqdn);
-	    if (arv < 0) goto err_dnsadd;
-
-	    /* Pick up the next token */
-	    rv = aclGetToken(errp, acf, 0);
-	}
-	else break;
-
-	/* If this is a list, we need a "," to keep going */
-	if (!islist || (rv != TOKEN_COMMA)) break;
-    }
-
-    /* Were we parsing an auth-host-list? */
-    if (islist) {
-
-	/* Yes, check for closing ")" */
-	if (acf->acf_ttype != TOKEN_RPAREN) goto err_norp;
-
-	/* Got it.  Step to next token for caller. */
-	rv = aclGetToken(errp, acf, 0);
-    }
-
-  punt:
-    return rv;
-
-  err_unshl:
-    eid = ACLERR1100;
-    goto err_parse;
-
-  err_hlname:
-    eid = ACLERR1120;
-    goto err_parse;
-
-  err_undefhl:
-    eid = ACLERR1140;
-    rv = ACLERRUNDEF;
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program,
-		  3, acf->acf_filename, linestr, tokenstr);
-    goto punt;
-
-  err_ipadd:
-    eid = ACLERR1180;
-    rv = arv;
-    goto err_ret;
-
-  err_dnsadd:
-    eid = ACLERR1200;
-    rv = arv;
-    goto err_ret;
-
-  err_ret:
-    nserrGenerate(errp, rv, eid, ACL_Program, 0);
-    goto punt;
-
-  err_norp:
-    eid = ACLERR1220;
-  err_parse:
-    rv = ACLERRPARSE;
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
-    goto punt;
-}
-
-/*
- * Description (aclAuthUsersParse)
- *
- *	This function parses a list of users and groups subject to
- *	authorization, adding the information to a specified UserSpec_t.
- *	The syntax it parses is:
- *
- *	auth-users ::= auth-user-elem | "(" auth-user-list ")"
- *	auth-user-elem ::= username | groupname
- *				    | "all" | "anyone"
- *	auth-user-list ::= auth-user-elem | auth-user-list "," auth-user-elem
- *
- *	If the 'elist' argument is non-null, an auth-user-list will be
- *	accepted without the enclosing parentheses.  Any invalid user
- *	or group names will not cause a fatal error, but will be returned
- *	in an array of strings via 'elist'.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	acf			- pointer to ACLFile_t for ACL file
- *	rlm			- pointer to authentication realm object
- *	uspp			- pointer to UserSpec_t pointer
- *	elist			- pointer to returned pointer to array
- *				  of strings containing invalid user or
- *				  group names (may be null)
- *
- * Returns:
- *
- *	If successful, the return value is the token type of the token
- *	following the auth-users, i.e. either the first token after a
- *	single auth-user-elem or the first token after the closing ")"
- *	of a list of auth-user-elems.  It is the caller's responsibility
- *	to validate this token as a legitimate successor of auth-users.
- *	If a parsing error occurs in the middle of auth-users, the return
- *	value is ACLERRPARSE, and an error frame is generated if an error
- *	list is provided.  For other kinds of errors a negative error
- *	code (from aclerror.h) is returned.
- */
-
-int aclAuthUsersParse(NSErr_t * errp, ACLFile_t * acf,
-		      Realm_t * rlm, UserSpec_t **uspp, char ***elist)
-{
-    void * token = acf->acf_token;	/* token handle */
-    char * tokenstr;			/* token string pointer */
-    UserSpec_t * usp;			/* user list head structure */
-    int islist = 0;			/* true if auth-user-list */
-    int inlist = 0;			/* true if UserSpec_t was supplied */
-    int any = 0;			/* true if KEYWORD_ANY seen */
-    int all = 0;			/* true if KEYWORD_ALL seen */
-    int elemcnt = 0;			/* count of auth-user-elem seen */
-    int elen = 0;			/* length of evec in (char *) */
-    int ecnt = 0;			/* entries used in evec */
-    char **evec = 0;			/* list of bad user/group names */
-    int rv;				/* result value */
-    int eid;				/* error id */
-    char linestr[16];			/* line number string buffer */
-    int errc = 2;
-
-    usp = *uspp;
-    if ((usp != 0) && (usp->us_flags & ACL_USALL)) all = 1;
-
-    if (elist != 0) inlist = 1;
-    else {
-
-	/* Check for opening "(" */
-	if (acf->acf_ttype == TOKEN_LPAREN) {
-
-	    /* Looks like an auth-user-list */
-	    islist = 1;
-
-	    /* Step token to first auth-user-elem */
-	    rv = aclGetToken(errp, acf, 0);
-	    if (rv < 0) goto punt;
-	}
-    }
-
-    /* Loop for each auth-user-elem */
-    for (rv = acf->acf_ttype; ; rv = aclGetToken(errp, acf, 0)) {
-
-	/* Looking for a user or group identifier */
-	if ((rv == TOKEN_IDENT) || (rv == TOKEN_STRING)) {
-
-	    /*
-	     * If KEYWORD_ALL or KEYWORD_ANY has already appeared
-	     * in this auth-spec, then return an error.
-	     */
-	    if (all | any) goto err_allany;
-
-	    /* Check for reserved words */
-	    tokenstr = lex_token(token);
-
-	    /* KEYWORD_AT begins auth-hosts, but is invalid here */
-	    if (!strcasecmp(tokenstr, KEYWORD_AT)) break;
-
-	    /* Check for special group names */
-	    if (!strcasecmp(tokenstr, KEYWORD_ANY)) {
-
-		/*
-		 * Any user, with no authentication needed.  This can
-		 * only appear once in an auth-spec, and cannot be used
-		 * in combination with KEYWORD_ALL (or any other user or
-		 * group identifiers, but that will get checked before
-		 * we return).
-		 */
-
-		if ((elemcnt > 0) || (usp != 0)) goto err_any;
-		any = 1;
-	    }
-	    else if (!strcasecmp(tokenstr, KEYWORD_ALL)) {
-
-		/*
-		 * Any authenticated user.  This can only appear once in
-		 * an auth-spec, and cannot be used in combination with
-		 * KEYWORD_ANY (or any other user or group identifiers,
-		 * but that will get checked before we return).
-		 */
-
-		if (elemcnt > 0) goto err_all;
-
-		/* Create a UserSpec_t structure if we haven't got one yet */
-		if (usp == 0) {
-		    usp = aclUserSpecCreate();
-		    if (usp == 0) goto err_nomem1;
-		    *uspp = usp;
-		}
-
-		usp->us_flags |= ACL_USALL;
-		all = 1;
-	    }
-	    else {
-
-		/* Create a UserSpec_t structure if we haven't got one yet */
-		if (usp == 0) {
-		    usp = aclUserSpecCreate();
-		    if (usp == 0) goto err_nomem2;
-		    *uspp = usp;
-		}
-
-		/* This should be a user or group name */
-		rv = aclAuthNameAdd(errp, usp, rlm, tokenstr);
-		if (rv <= 0) {
-
-		    /* The name was not found in the authentication DB */
-		    if (elist != 0) {
-			if (evec == 0) {
-			    evec = (char **)MALLOC(4*sizeof(char *));
-			    evec[0] = 0;
-			    ecnt = 1;
-			    elen = 4;
-			}
-			else if (ecnt >= elen) {
-			    elen += 4;
-			    evec = (char **)REALLOC(evec, elen*sizeof(char *));
-			}
-			evec[ecnt-1] = STRDUP(tokenstr);
-			evec[ecnt] = 0;
-			++ecnt;
-			
-		    }
-		    else if (rv < 0) goto err_badgun;
-		}
-
-		/* Don't allow duplicate names */
-		if (rv & ANA_DUP) {
-		    if (elist == 0) goto err_dupgun;
-		}
-	    }
-
-	    /* Count number of auth-user-elems seen */
-	    elemcnt += 1;
-
-	    /* Get the token after the auth-user-elem */
-	    rv = aclGetToken(errp, acf, 0);
-	    if (rv < 0) goto punt;
-	}
-
-	/* If this is a list, we need a "," to keep going */
-	if (!(islist | inlist) || (rv != TOKEN_COMMA)) break;
-    }
-
-    /* Were we parsing an auth-user-list? */
-    if (islist) {
-
-	/* Yes, check for closing ")" */
-	if (acf->acf_ttype != TOKEN_RPAREN) goto err_norp;
-
-	/* Got it.  Step to next token for caller. */
-	rv = aclGetToken(errp, acf, 0);
-	if (rv < 0) goto punt;
-    }
-
-    /*
-     * If we didn't see any auth-user-elems, then the auth-user we were
-     * called to parse is missing.  We will forgive and forget if the
-     * current token is a comma, however, so as to allow empty auth-specs.
-     */
-    if ((elemcnt <= 0) && (rv != TOKEN_COMMA)) {
-	goto err_noelem;
-    }
-
-  punt:
-    /* Return list of bad names if indicated */
-    if (elist != 0) *elist = evec;
-
-    return rv;
-
-  err_badgun:
-    /* Encountered an unknown user or group name */
-    eid = ACLERR1360;
-    rv = ACLERRUNDEF;
-    goto err_retgun;
-
-  err_dupgun:
-    /* A user or group name was specified multiple times */
-    eid = ACLERR1380;
-    rv = ACLERRDUPSYM;
-    goto err_retgun;
-
-  err_retgun:
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program,
-		  3, acf->acf_filename, linestr, tokenstr);
-    goto punt;
-
-  err_norp:
-    /* Missing ")" */
-    eid = ACLERR1400;
-    goto err_parse;
-
-  err_noelem:
-    eid = ACLERR1420;
-    goto err_parse;
-
-  err_all:
-    eid = ACLERR1440;
-    goto err_parse;
-
-  err_any:
-    eid = ACLERR1460;
-    goto err_parse;
-
-  err_allany:
-    eid = ACLERR1480;
-    goto err_parse;
-
-  err_nomem1:
-    eid = ACLERR1500;
-    rv = ACLERRNOMEM;
-    errc = 0;
-    goto err_ret;
-
-  err_nomem2:
-    eid = ACLERR1520;
-    rv = ACLERRNOMEM;
-    errc = 0;
-    goto err_ret;
-
-  err_parse:
-    rv = ACLERRPARSE;
-  err_ret:
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program, errc, acf->acf_filename, linestr);
-    goto punt;
-}
-
-/*
- * Description (aclDirectivesParse)
- *
- *	This function parses the directives inside an ACL definition.
- *	The syntax for a directive list is:
- *
- *	dir-list ::= directive | dir-list ";" directive
- *	directive ::= auth-directive | access-directive | exec-directive
- *	auth-directive ::= dir-force "authenticate" ["in" realm-spec]
- *	access-directive ::= dir-force dir-access auth-list
- *	exec-directive ::= dir-force "execute" ["if" exec-optlist]
- *	exec-optlist ::= exec-condition | exec-optlist "," exec-condition
- *	exec-condition ::= dir-access | "authenticate"
- *	dir-force ::= "Always" | "Default"
- *	dir-access ::= "allow" | "deny"
- *
- *	See aclAuthListParse() for auth-list syntax.
- *	See aclRealmSpecParse() for realm-spec syntax.
- *
- *	The caller provides a pointer to an ACL structure, which is
- *	built up with new information as directives are parsed.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	acf			- pointer to ACLFile_t for ACL file
- *	acl			- pointer to ACL structure
- *
- * Returns:
- *
- *	If successful, the return value is the token type of the token
- *	following the directive list, i.e. the first token which is not
- *	recognized as the start of a directive.  It is the caller's
- *	responsibility to validate this token as a legitimate terminator
- *	of a directive list.  If a parsing error occurs in the middle of
- *	a directive, the return value is ACLERRPARSE, and an error frame
- *	is generated if an error list is provided.  For other kinds of
- *	errors a negative error code (from aclerror.h) is returned.
- */
-
-int aclDirectivesParse(NSErr_t * errp, ACLFile_t * acf, ACL_t * acl)
-{
-    void * token = acf->acf_token;	/* token handle */
-    char * tokenstr;			/* token string */
-    Realm_t * rlm = 0;			/* current realm pointer */
-    ACDirective_t * acd;		/* directive pointer */
-    int action;				/* directive action code */
-    int flags;				/* directive action flags */
-    int arv;				/* alternate return value */
-    int rv;				/* result value */
-    int eid;				/* error id */
-    char linestr[16];			/* line number string buffer */
-
-    /* Look for top-level directives */
-    for (rv = acf->acf_ttype; ; rv = aclGetToken(errp, acf, 0)) {
-
-	action = 0;
-	flags = 0;
-
-	/* Check for beginning of directive */
-	if (rv == TOKEN_IDENT) {
-
-	    /* Check identifier for directive dir-force keywords */
-	    tokenstr = lex_token(token);
-
-	    if (!strcasecmp(tokenstr, KEYWORD_DEFAULT)) {
-		flags = ACD_DEFAULT;
-	    }
-	    else if (!strcasecmp(tokenstr, "always")) {
-		flags = ACD_ALWAYS;
-	    }
-	    else break;
-
-	    /*
-	     * Now we're looking for dir-access, "authenticate",
-	     * or "execute".
-	     */
-	    rv = aclGetToken(errp, acf, 0);
-
-	    /* An identifier would be nice ... */
-	    if (rv != TOKEN_IDENT) goto err_access;
-
-	    tokenstr = lex_token(token);
-
-	    if (!strcasecmp(tokenstr, KEYWORD_AUTH)) {
-
-		/* process auth-directive */
-		action = ACD_AUTH;
-
-		/* Create a new directive object */
-		acd = aclDirectiveCreate();
-		if (acd == 0) goto err_nomem1;
-
-		/* Get the next token after KEYWORD_AUTH */
-		rv = aclGetToken(errp, acf, 0);
-		if (rv < 0) break;
-
-		/* Could we have "in" realm-spec here? */
-		if (rv == TOKEN_IDENT) {
-
-		    tokenstr = lex_token(token);
-
-		    if (!strcasecmp(tokenstr, KEYWORD_IN)) {
-
-			/* Get the next token after KEYWORD_IN */
-			rv = aclGetToken(errp, acf, 0);
-			if (rv < 0) break;
-
-			/* Parse the realm-spec */
-			rv = aclRealmSpecParse(errp, acf, acl->acl_acc,
-					       &acd->acd_auth.au_realm);
-			if (rv < 0) break;
-
-			/* Set current realm */
-			if (acd->acd_auth.au_realm != 0) {
-
-			    /* Close database in current realm if any */
-			    if (rlm && rlm->rlm_authdb) {
-				(*rlm->rlm_aif->aif_close)(rlm->rlm_authdb, 0);
-				rlm->rlm_authdb = 0;
-			    }
-
-			    rlm = &acd->acd_auth.au_realm->rs_realm;
-			}
-		    }
-		}
-
-		/* Add this directive to the ACL */
-		acd->acd_action = action;
-		acd->acd_flags = flags;
-
-		arv = aclDirectiveAdd(acl, acd);
-		if (arv < 0) goto err_diradd1;
-	    }
-	    else if (!strcasecmp(tokenstr, KEYWORD_EXECUTE)) {
-
-		/* process exec-directive */
-		action = ACD_EXEC;
-
-		/* Create a new directive object */
-		acd = aclDirectiveCreate();
-		if (acd == 0) goto err_nomem3;
-
-		/* Get the next token after KEYWORD_EXECUTE */
-		rv = aclGetToken(errp, acf, 0);
-		if (rv < 0) break;
-
-		/* Could we have "if" exec-optlist here? */
-		if (rv == TOKEN_IDENT) {
-
-		    tokenstr = lex_token(token);
-
-		    if (!strcasecmp(tokenstr, KEYWORD_IF)) {
-
-			for (;;) {
-
-			    /* Get the next token after KEYWORD_IF or "," */
-			    rv = aclGetToken(errp, acf, 0);
-			    if (rv < 0) break;
-
-			    /*
-			     * Looking for "allow", "deny", or "authenticate"
-			     */
-			    if (rv == TOKEN_IDENT) {
-
-				tokenstr = lex_token(token);
-
-				if (!strcasecmp(tokenstr, KEYWORD_ALLOW)) {
-				    flags |= ACD_EXALLOW;
-				}
-				else if (!strcasecmp(tokenstr, KEYWORD_DENY)) {
-				    flags |= ACD_EXDENY;
-				}
-				else if (!strcasecmp(tokenstr, KEYWORD_AUTH)) {
-				    flags |= ACD_EXAUTH;
-				}
-				else goto err_exarg;
-			    }
-
-			    /* End of directive if no comma */
-			    rv = aclGetToken(errp, acf, 0);
-			    if (rv < 0) break;
-
-			    if (rv != TOKEN_COMMA) break;
-			}
-		    }
-		}
-		else flags = (ACD_EXALLOW|ACD_EXDENY|ACD_EXAUTH);
-
-		if (rv < 0) break;
-
-		/* Add this directive to the ACL */
-		acd->acd_action = action;
-		acd->acd_flags = flags;
-
-		arv = aclDirectiveAdd(acl, acd);
-		if (arv < 0) goto err_diradd3;
-	    }
-	    else {
-
-		/* process access-directive */
-
-		if (!strcasecmp(tokenstr, KEYWORD_ALLOW)) {
-		    action = ACD_ALLOW;
-		}
-		else if (!strcasecmp(tokenstr, KEYWORD_DENY)) {
-		    action = ACD_DENY;
-		}
-		else goto err_acctype;
-
-		/* Get the next token after dir-access */
-		rv = aclGetToken(errp, acf, 0);
-
-		/* Create a new directive object */
-		acd = aclDirectiveCreate();
-		if (acd == 0) goto err_nomem2;
-
-		/* Parse a list of auth-specs */
-		rv = aclAuthListParse(errp, acf, acl->acl_acc, rlm,
-				      &acd->acd_cl);
-		if (rv < 0) break;
-
-		/* Add this directive to the ACL */
-		acd->acd_action = action;
-		acd->acd_flags = flags;
-
-		arv = aclDirectiveAdd(acl, acd);
-		if (arv < 0) goto err_diradd2;
-	    }
-	}
-
-	/* Need a ";" to keep going */
-	if (rv != TOKEN_EOS) break;
-    }
-
-  punt:
-    /* Close database in current realm if any */
-    if (rlm && rlm->rlm_authdb) {
-	(*rlm->rlm_aif->aif_close)(rlm->rlm_authdb, 0);
-	rlm->rlm_authdb = 0;
-    }
-
-    return rv;
-
-  err_access:
-    /* dir-access not present */
-    eid = ACLERR1600;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_acctype:
-    /* dir-access identifier is invalid */
-    eid = ACLERR1620;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_diradd1:
-    eid = ACLERR1640;
-    rv = arv;
-    tokenstr = 0;
-    goto err_ret;
-
-  err_diradd2:
-    eid = ACLERR1650;
-    rv = arv;
-    tokenstr = 0;
-    goto err_ret;
-
-  err_nomem1:
-    eid = ACLERR1660;
-    rv = ACLERRNOMEM;
-    tokenstr = 0;
-    goto err_ret;
-
-  err_nomem2:
-    eid = ACLERR1680;
-    rv = ACLERRNOMEM;
-    tokenstr = 0;
-    goto err_ret;
-
-  err_nomem3:
-    eid = ACLERR1685;
-    rv = ACLERRNOMEM;
-    tokenstr = 0;
-    goto err_ret;
-
-  err_diradd3:
-    eid = ACLERR1690;
-    rv = arv;
-    tokenstr = 0;
-    goto err_ret;
-
-  err_exarg:
-    eid = ACLERR1695;
-    rv = ACLERRSYNTAX;
-    goto err_ret;
-
-  err_ret:
-    sprintf(linestr, "%d", acf->acf_lineno);
-    if (tokenstr) {
-	nserrGenerate(errp, rv, eid, ACL_Program,
-		      3, acf->acf_filename, linestr, tokenstr);
-    }
-    else {
-	nserrGenerate(errp, rv, eid, ACL_Program,
-		      2, acf->acf_filename, linestr);
-    }
-    goto punt;
-}
-
-/*
- * Description (aclACLParse)
- *
- *	This function parses a data stream containing ACL definitions,
- *	and builds a representation of the ACLs in memory.  Each ACL
- *	has a user-specified name, and a pointer to the ACL structure
- *	is stored under the name in a symbol table provided by the caller.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	acf			- pointer to ACLFile_t for ACL file
- *	acc			- pointer to ACContext_t structure
- *	flags			- bit flags (unused - must be zero)
- *
- * Returns:
- *
- *	The return value is zero if the stream is parsed successfully.
- *	Otherwise it is a negative error code (ACLERRxxxx - see aclerror.h),
- *	and an error frame will be generated if an error list is provided.
- */
-
-int aclACLParse(NSErr_t * errp, ACLFile_t * acf, ACContext_t * acc, int flags)
-{
-    void * token = acf->acf_token;	/* handle for current token */
-    char * tokenstr;			/* current token string */
-    char * aclname;			/* ACL name string */
-    ACL_t * aclp;			/* pointer to ACL structure */
-    int rv;				/* result value */
-    int eid;				/* error id value */
-    char linestr[16];			/* line number string buffer */
-
-    /* Look for top-level statements */
-    for (;;) {
-
-	/* Get a token to begin a statement */
-	rv = aclGetToken(errp, acf, 0);
-
-	/* An identifier would be nice ... */
-	if (rv != TOKEN_IDENT) {
-
-	    /* Empty statements are ok, if pointless */
-	    if (rv == TOKEN_EOS) continue;
-
-	    /* EOF is valid here */
-	    if (rv == TOKEN_EOF) break;
-
-	    /* Anything else is unacceptable */
-	    goto err_nostmt;
-	}
-
-	/* Check identifier for statement keywords */
-	tokenstr = lex_token(token);
-
-	if (!strcasecmp(tokenstr, KEYWORD_ACL)) {
-
-	    /* ACL name rights-list { acl-def-list }; */
-
-	    /* Get the name of the ACL */
-	    rv = aclGetToken(errp, acf, 0);
-	    if (rv != TOKEN_IDENT) goto err_aclname;
-	    aclname = lex_token(token);
-
-	    /* Create the ACL structure */
-	    rv = aclCreate(errp, acc, aclname, &aclp);
-	    if (rv < 0) goto punt;
-
-	    /* Get the next token after the ACL name */
-	    rv = aclGetToken(errp, acf, 0);
-
-	    /* Parse the rights specification */
-	    rv = aclRightsParse(errp, acf, acc, &aclp->acl_rights);
-
-	    /* Want a "{" to open the ACL directive list */
-	    if (rv != TOKEN_LBRACE) {
-		if (rv < 0) goto punt;
-		goto err_aclopen;
-	    }
-
-	    /* Get the first token in the ACL directive list */
-	    rv = aclGetToken(errp, acf, 0);
-	    if (rv < 0) goto punt;
-
-	    /* Parse the ACL directive list */
-	    rv = aclDirectivesParse(errp, acf, aclp);
-
-	    /* Want a "}" to close the ACL directive list */
-	    if (rv != TOKEN_RBRACE) {
-		if (rv < 0) goto punt;
-		goto err_aclclose;
-	    }
-	}
-	else if (!strcasecmp(tokenstr, KEYWORD_INCLUDE)) {
-	    /* Include "filename"; */
-	}
-	else if (!strcasecmp(tokenstr, KEYWORD_REALM)) {
-	    /* Realm name realm-spec */
-	}
-	else if (!strcasecmp(tokenstr, KEYWORD_RIGHTS)) {
-	    /* Rights name rights-def; */
-	}
-	else if (!strcasecmp(tokenstr, KEYWORD_HOSTS)) {
-	    /* Hosts name auth-hosts; */
-	}
-	else goto err_syntax;
-    }
-
-    return 0;
-
-  err_nostmt:
-    eid = ACLERR1700;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_aclname:
-    eid = ACLERR1720;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_aclopen:
-    eid = ACLERR1740;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_aclclose:
-    eid = ACLERR1760;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_ret:
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
-    goto punt;
-
-  err_syntax:
-    eid = ACLERR1780;
-    rv = ACLERRPARSE;
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program,
-		  3, acf->acf_filename, linestr, tokenstr);
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (aclFileClose)
- *
- *	This function closes an ACL file previously opened by aclFileOpen(),
- *	and frees any associated data structures.
- *
- * Arguments:
- *
- *	acf			- pointer to ACL file information
- *	flags			- bit flags (unused - must be zero)
- */
-
-void aclFileClose(ACLFile_t * acf, int flags)
-{
-    if (acf != 0) {
-
-	/* Destroy the associated lexer stream if any */
-	if (acf->acf_lst != 0) {
-	    lex_stream_destroy(acf->acf_lst);
-	}
-
-	/* Close the file if it's open */
-	if (acf->acf_fd != SYS_ERROR_FD) {
-	    system_fclose(acf->acf_fd);
-	}
-
-	/* Destroy any associated token */
-	if (acf->acf_token != 0) {
-	    lex_token_destroy(acf->acf_token);
-	}
-
-	/* Free the filename string if any */
-	if (acf->acf_filename != 0) {
-	    FREE(acf->acf_filename);
-	}
-
-	/* Free the ACLFile_t structure */
-	FREE(acf);
-    }
-}
-
-/*
- * Description (aclFileOpen)
- *
- *	This function opens a specified filename and creates a structure
- *	to contain information about the file during parsing.  This
- *	includes a handle for a LEX data stream for the file.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	filename		- name of file to be opened
- *	flags			- bit flags (unused - must be zero)
- *	pacf			- pointer to returned ACLFile_t pointer
- *
- * Returns:
- *
- *	The return value is zero if the file is opened successfully, and
- *	a pointer to the ACLFile_t is returned in the location specified
- *	by 'pacf'.  Otherwise a negative error code (ACLERRxxxx - see
- *	aclerror.h) is returned, and an error frame will be generated if
- *	an error list is provided.
- */
-
-int aclFileOpen(NSErr_t * errp,
-		char * filename, int flags, ACLFile_t **pacf)
-{
-    ACLFile_t * acf;		/* pointer to ACL file structure */
-    int rv;			/* return value */
-    int eid;			/* error identifier */
-    char * errmsg;		/* system error message string */
-
-    *pacf = 0;
-
-    /* Allocate the ACLFile_t structure */
-    acf = (ACLFile_t *)MALLOC(sizeof(ACLFile_t));
-    if (acf == 0) goto err_nomem1;
-
-    memset((void *)acf, 0, sizeof(ACLFile_t));
-    acf->acf_filename = STRDUP(filename);
-    acf->acf_lineno = 1;
-    acf->acf_flags = flags;
-
-    /* Create a LEX token object */
-    rv = lex_token_new((pool_handle_t *)0, 32, 8, &acf->acf_token);
-    if (rv < 0) goto err_nomem2;
-
-    /* Open the file */
-    acf->acf_fd = system_fopenRO(acf->acf_filename);
-    if (acf->acf_fd == SYS_ERROR_FD) goto err_open;
-
-    /* Create a LEX stream for the file */
-    acf->acf_lst = lex_stream_create(aclStreamGet,
-				     (void *)acf->acf_fd, 0, 8192);
-    if (acf->acf_lst == 0) goto err_nomem3;
-
-    *pacf = acf;
-    return 0;
-
-  err_open:				/* file open error */
-    rv = ACLERROPEN;
-    eid = ACLERR1900;
-    errmsg = system_errmsg();
-    nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg);
-    goto punt;
-
-  err_nomem1:				/* MALLOC of ACLFile_t failed */
-    rv = ACLERRNOMEM;
-    eid = ACLERR1920;
-    goto err_mem;
-
-  err_nomem2:				/* lex_token_new() failed */
-    rv = ACLERRNOMEM;
-    eid = ACLERR1940;
-    goto err_mem;
-
-  err_nomem3:				/* lex_stream_create() failed */
-    system_fclose(acf->acf_fd);
-    rv = ACLERRNOMEM;
-    eid = ACLERR1960;
-
-  err_mem:
-    nserrGenerate(errp, rv, eid, ACL_Program, 0);
-    goto punt;
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (aclGetDNSString)
- *
- *	This function parses a DNS name specification, which consists
- *	of a sequence of DNS name components separated by ".".  Each
- *	name component must start with a letter, and contains only
- *	letters, digits, and hyphens.  An exception is that the first
- *	component may be the wildcard indicator, "*".  This function
- *	assumes that the current token already contains a TOKEN_STAR
- *	or TOKEN_IDENT.  The complete DNS name specification is
- *	returned as the current token string.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	acf			- pointer to ACLFile_t for ACL file
- *
- * Returns:
- *
- *	The character terminating the DNS name specification is returned
- *	as the function value.  The current token type is unchanged, but
- *	the string associated with the current token contains the
- *	complete DNS name specification.  An error is indicated by a
- *	negative return value, and an error frame is generated if an
- *	error list is provided.
- */
-
-int aclGetDNSString(NSErr_t * errp, ACLFile_t * acf)
-{
-    LEXStream_t * lst = acf->acf_lst;	/* LEX stream handle */
-    void * token = acf->acf_token;	/* LEX token handle */
-    int rv;				/* result value */
-    int eid;				/* error id value */
-    char linestr[16];			/* line number string buffer */
-
-    /* The current token should be TOKEN_STAR or TOKEN_IDENT */
-    rv = acf->acf_ttype;
-
-    if ((rv != TOKEN_STAR) && (rv != TOKEN_IDENT)) goto err_dns1;
-
-    /* Loop to parse [ "." dns-component ]+ */
-    for (;;) {
-
-	/* Try to step over a "." */
-	rv = lex_next_char(lst, aclChTab, 0);
-
-	/* End of DNS string if there's not one there */
-	if (rv != '.') break;
-
-	/* Append the "." to the token string */
-	(void)lex_token_append(token, 1, ".");
-
-	/* Advance the input stream past the "." */
-	rv = lex_next_char(lst, aclChTab, CCM_SPECIAL);
-
-	/* Next we want to see a letter */
-	rv = lex_next_char(lst, aclChTab, 0);
-
-	/* Error if it's not there */
-	if (!lex_class_check(aclChTab, rv, CCM_LETTER)) goto err_dns2;
-
-	/* Append a string of letters, digits, hyphens to token */
-	rv = lex_scan_over(lst, aclChTab, (CCM_LETTER|CCM_DIGIT|CCM_HYPHEN),
-			   token);
-	if (rv < 0) goto err_dns3;
-    }
-
-  punt:
-    return rv;
-
-  err_dns1:
-    eid = ACLERR2100;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_dns2:
-    eid = ACLERR2120;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_dns3:
-    eid = ACLERR2140;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_ret:
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
-    goto punt;
-}
-
-int aclGetFileSpec(NSErr_t * errp, ACLFile_t * acf, int flags)
-{
-    LEXStream_t * lst = acf->acf_lst;	/* LEX stream handle */
-    void * token = acf->acf_token;	/* LEX token handle */
-    char * tokenstr;			/* token string pointer */
-    int rv;				/* result value */
-    int eid;				/* error id value */
-    char linestr[16];			/* line number string buffer */
-
-    /* Skip whitespace */
-    rv = lex_skip_over(lst, aclChTab, CCM_WS);
-    if (rv < 0) goto err_lex1;
-
-    /* Begin a new token string */
-    rv = lex_token_start(token);
-
-    rv = lex_scan_over(lst, aclChTab, CCM_FILENAME, token);
-    if (rv < 0) goto err_lex2;
-
-    tokenstr = lex_token(token);
-
-    if (!tokenstr || !*tokenstr) goto err_nofn;
-
-  punt:
-    return rv;
-
-  err_lex1:
-    eid = ACLERR2900;
-    goto err_parse;
-
-  err_lex2:
-    eid = ACLERR2920;
-    goto err_parse;
-
-  err_nofn:
-    eid = ACLERR2940;
-
-  err_parse:
-    rv = ACLERRPARSE;
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
-    goto punt;
-}
-
-/*
- * Description (aclGetIPAddr)
- *
- *	This function retrieves an IP address specification from a given
- *	input stream.  The specification consists of an IP address expressed
- *	in the standard "." notation, possibly followed by whitespace and a
- *	netmask, also in "." form.  The IP address and netmask values are
- *	returned.  If no netmask is specified, a default value of 0xffffffff
- *	is returned.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	acf			- pointer to ACLFile_t for ACL file
- *	pip			- pointer to returned IP address value
- *	pmask			- pointer to returned IP netmask value
- *
- * Returns:
- *
- *	If successful, the return value identifies the type of the token
- *	following the IP address specification. This token type value is
- *	also returned in acf_ttype.  An error is indicated by a negative
- *	error code (ACLERRxxxx - see aclerror.h), and an error frame will
- *	be generated if an error list is provided. The token type code in
- *	acf_ttype is TOKEN_ERROR when an error code is returned.
- */
-
-int aclGetIPAddr(NSErr_t * errp,
-		 ACLFile_t * acf, IPAddr_t * pip, IPAddr_t * pmask)
-{
-    LEXStream_t * lst = acf->acf_lst;	/* LEX stream handle */
-    void * token = acf->acf_token;	/* LEX token handle */
-    char * tokenstr;			/* token string pointer */
-    IPAddr_t ipaddr;			/* IP address */
-    IPAddr_t netmask;			/* IP netmask */
-    int dotcnt;				/* count of '.' seen in address */
-    int rv;				/* result value */
-    int eid;				/* error id value */
-    char linestr[16];			/* line number string buffer */
-
-    /* Set default return values */
-    *pip = 0;
-    *pmask = 0xffffffff;
-
-    rv = acf->acf_ttype;
-
-    /* The current token must be a number */
-    if (rv != TOKEN_NUMBER) {
-
-	/* No IP address present */
-	return rv;
-    }
-
-    /* Assume no netmask */
-    netmask = 0xffffffff;
-
-    for (dotcnt = 0;;) {
-
-	/* Append digits and letters to the current token */
-	rv = lex_scan_over(lst, aclChTab, (CCM_DIGIT|CCM_LETTER), token);
-	if (rv < 0) goto err_lex1;
-
-	/* Stop when no "." follows the digits and letters */
-	if (rv != '.') break;
-
-	/* Stop if we've already seen three "." */
-	if (++dotcnt > 3) break;
-
-	/* Advance past the "." */
-	(void)lex_next_char(lst, aclChTab, CCM_SPECIAL);
-
-	/* Check the next character for a "*" */
-	rv = lex_next_char(lst, aclChTab, 0);
-	if (rv == '*') {
-
-	    /* Advance past the "*" */
-	    (void)lex_next_char(lst, aclChTab, CCM_SPECIAL);
-
-	    netmask <<= ((4-dotcnt)*8);
-	    netmask = htonl(netmask);
-
-	    while (dotcnt < 4) {
-		(void)lex_token_append(token, 2, ".0");
-		++dotcnt;
-	    }
-	    break;
-	}
-	else {
-	    /* Append the "." to the token string */
-	    (void)lex_token_append(token, 1, ".");
-	}
-    }
-
-    /* Get a pointer to the token string */
-    tokenstr = lex_token(token);
-
-    /* A NULL pointer or an empty string is an error */
-    if (!tokenstr || !*tokenstr) goto err_noip;
-	
-    /* Convert IP address to binary */
-    ipaddr = inet_addr(tokenstr);
-    if (ipaddr == (unsigned long)-1) goto err_badip;
-
-    /* Skip whitespace */
-    rv = lex_skip_over(lst, aclChTab, CCM_WS);
-    if (rv < 0) goto err_lex2;
-
-    /* A digit is the start of a netmask */
-    if ((netmask == 0xffffffff) && lex_class_check(aclChTab, rv, CCM_DIGIT)) {
-
-	/* Initialize token for network mask */
-	rv = lex_token_start(token);
-
-	for (dotcnt = 0;;) {
-
-	    /* Collect token including digits, letters, and periods */
-	    rv = lex_scan_over(lst, aclChTab, (CCM_DIGIT|CCM_LETTER), token);
-	    if (rv < 0) goto err_lex3;
-
-	    /* Stop when no "." follows the digits and letters */
-	    if (rv != '.') break;
-
-	    /* Stop if we've already seen three "." */
-	    if (++dotcnt > 3) break;
-
-	    /* Append the "." to the token string */
-	    (void)lex_token_append(token, 1, ".");
-
-	    /* Advance past the "." */
-	    (void)lex_next_char(lst, aclChTab, CCM_SPECIAL);
-	}
-
-	/* Get a pointer to the token string */
-	tokenstr = lex_token(token);
-
-	/* A NULL pointer or an empty string is an error */
-	if (!tokenstr || !*tokenstr) goto err_nonm;
-
-	/* Convert netmask to binary. */
-	netmask = inet_addr(tokenstr);
-	if (netmask == (unsigned long)-1) {
-	    
-	    /*
-	     * Unfortunately inet_addr() doesn't distinguish between an
-	     * error and a valid conversion of "255.255.255.255".  So
-	     * we check for it explicitly.  Too bad if "0xff.0xff.0xff.0xff"
-	     * is specified.  Don't do that!
-	     */
-	    if (strcmp(tokenstr, "255.255.255.255")) goto err_badnm;
-	}
-    }
-
-    /* Return the IP address and netmask in host byte order */
-    *pip = ntohl(ipaddr);
-    *pmask = ntohl(netmask);
-
-    /* Get the token following the IP address (and netmask) */
-    rv = aclGetToken(errp, acf, 0);
-
-  punt:
-    acf->acf_ttype = (rv < 0) ? TOKEN_ERROR : rv;
-    return rv;
-
-  err_lex1:
-    eid = ACLERR2200;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_lex2:
-    eid = ACLERR2220;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_lex3:
-    eid = ACLERR2240;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_noip:
-    eid = ACLERR2260;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_badip:
-    eid = ACLERR2280;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_nonm:
-    eid = ACLERR2300;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_badnm:
-    eid = ACLERR2320;
-    rv = ACLERRPARSE;
-    goto err_ret;
-
-  err_ret:
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
-    goto punt;
-}
-
-/*
- * Description (aclGetToken)
- *
- *	This function retrieves the next token in an ACL definition file.
- *	It skips blank lines, comments, and white space.  It updates
- *	the current line number as newlines are encountered.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	acf			- pointer to ACLFile_t for ACL file
- *	flags			- bit flags:
- *				  AGT_NOSKIP - don't skip leading whitespace
- *				  AGT_APPEND - append to token buffer
- *					       (else start new token)
- *
- * Returns:
- *
- *	The return value is a code identifying the next token if successful.
- *	This token type value is also returned in acf_ttype.  An error
- *	is indicated by a negative error code (ACLERRxxxx - see aclerror.h),
- *	and an error frame will be generated if an error list is provided.
- *	The token type code in acf_ttype is TOKEN_ERROR when an error code
- *	is returned.
- */
-
-int aclGetToken(NSErr_t * errp, ACLFile_t * acf, int flags)
-{
-    LEXStream_t * lst = acf->acf_lst;	/* LEX stream handle */
-    void * token = acf->acf_token;	/* LEX token handle */
-    int dospecial = 0;			/* handle CCM_SPECIAL character */
-    int tv;				/* token value */
-    int rv;				/* result value */
-    int eid;				/* error id */
-    char spech;
-    char linestr[16];			/* line number string buffer */
-
-    /* Begin a new token, unless AGT_APPEND is set */
-    if (!(flags & AGT_APPEND)) {
-	rv = lex_token_start(token);
-    }
-
-    /* Loop to read file */
-    tv = 0;
-    do {
-
-	/*
-	 * If the AGT_NOSKIP flag is not set, skip whitespace (but not
-	 * newline).  If the flag is set, just get the next character.
-	 */
-	rv = lex_skip_over(lst, aclChTab, (flags & AGT_NOSKIP) ? 0 : CCM_WS);
-	if (rv <= 0) {
-	    if (rv < 0) goto err_lex1;
-
-	    /* Exit loop if EOF */
-	    if (rv == 0) {
-		tv = TOKEN_EOF;
-		break;
-	    }
-	}
-
-	/* Analyze character after whitespace */
-	switch (rv) {
-
-	  case '\n':		/* newline */
-
-	    /* Keep count of lines as we're skipping whitespace */
-	    acf->acf_lineno += 1;
-	    (void)lex_next_char(lst, aclChTab, CCM_NL);
-	    break;
-
-	  case '#':		/* Beginning of comment */
-
-	    /* Skip to a newline if so */
-	    rv = lex_skip_to(lst, aclChTab, CCM_NL);
-	    break;
-
-	  case ';':		/* End of statement */
-	    tv = TOKEN_EOS;
-	    dospecial = 1;
-	    break;
-
-	  case '@':		/* at sign */
-	    tv = TOKEN_AT;
-	    dospecial = 1;
-	    break;
-
-	  case '+':		/* plus sign */
-	    tv = TOKEN_PLUS;
-	    dospecial = 1;
-	    break;
-
-	  case '*':		/* asterisk */
-	    tv = TOKEN_STAR;
-	    dospecial = 1;
-	    break;
-
-	  case '.':		/* period */
-	    tv = TOKEN_PERIOD;
-	    dospecial = 1;
-	    break;
-
-	  case ',':		/* comma */
-	    tv = TOKEN_COMMA;
-	    dospecial = 1;
-	    break;
-
-	  case '(':		/* left parenthesis */
-	    tv = TOKEN_LPAREN;
-	    dospecial = 1;
-	    break;
-
-	  case ')':		/* right parenthesis */
-	    tv = TOKEN_RPAREN;
-	    dospecial = 1;
-	    break;
-
-	  case '{':		/* left brace */
-	    tv = TOKEN_LBRACE;
-	    dospecial = 1;
-	    break;
-
-	  case '}':		/* right brace */
-	    tv = TOKEN_RBRACE;
-	    dospecial = 1;
-	    break;
-
-	  case '\"':		/* double quote */
-	  case '\'':		/* single quote */
-
-	    /* Append string contents to token buffer */
-	    rv = lex_scan_string(lst, token, 0);
-	    tv = TOKEN_STRING;
-	    break;
-
-	  default:
-
-	    /* Check for identifier, beginning with a letter */
-	    if (lex_class_check(aclChTab, rv, CCM_LETTER)) {
-
-		/* Append valid identifier characters to token buffer */
-		rv = lex_scan_over(lst, aclChTab, CCM_IDENT, token);
-		tv = TOKEN_IDENT;
-		break;
-	    }
-
-	    /* Check for a number, beginning with a digit */
-	    if (lex_class_check(aclChTab, rv, CCM_DIGIT)) {
-		char digit;
-
-		/* Save the first digit */
-		digit = (char)rv;
-
-		/* Append the first digit to the token */
-		rv = lex_token_append(token, 1, &digit);
-
-		/* Skip over the first digit */
-		rv = lex_next_char(lst, aclChTab, CCM_DIGIT);
-
-		/* If it's '0', we might have "0x.." */
-		if (rv == '0') {
-
-		    /* Pick up the next character */
-		    rv = lex_next_char(lst, aclChTab, 0);
-
-		    /* Is it 'x'? */
-		    if (rv == 'x') {
-
-			/* Yes, append it to the token */
-			digit = (char)rv;
-			rv = lex_token_append(token, 1, &digit);
-
-			/* Step over it */
-			rv = lex_next_char(lst, aclChTab, CCM_LETTER);
-		    }
-		}
-		/* Get more digits, if any */
-		rv = lex_scan_over(lst, aclChTab, CCM_DIGIT, token);
-		tv = TOKEN_NUMBER;
-		break;
-	    }
-
-	    /* Unrecognized character */
-
-	    spech = *lst->lst_cp;
-	    lex_token_append(token, 1, &spech);
-	    lst->lst_cp += 1;
-	    lst->lst_len -= 1;
-	    tv = TOKEN_HUH;
-	    break;
-	}
-
-	/* Handle CCM_SPECIAL character? */
-	if (dospecial) {
-
-	    /* Yes, clear the flag for next time */
-	    dospecial = 0;
-
-	    /* Get the character and advance past it */
-	    rv = lex_next_char(lst, aclChTab, CCM_SPECIAL);
-
-	    /* Append the character to the token buffer */
-	    spech = (char)rv;
-	    (void)lex_token_append(token, 1, &spech);
-	}
-    }
-    while ((tv == 0) && (rv > 0));
-
-    if (rv < 0) {
-	tv = TOKEN_ERROR;
-    }
-    else rv = tv;
-
-    acf->acf_ttype = tv;
-    return rv;
-
-  err_lex1:
-    rv = ACLERRPARSE;
-    eid = ACLERR2400;
-
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
-
-    acf->acf_ttype = TOKEN_ERROR;
-    return rv;
-}
-
-/*
- * Description (aclParseInit)
- *
- *	This function is called to initialize the ACL parser.  It
- *	creates a LEX character class table to assist in parsing.
- *
- * Arguments:
- *
- *	None.
- *
- * Returns:
- *
- *	If successful, the return value is zero.  An error is indicated
- *	by a negative return value.
- */
-
-int aclParseInit()
-{
-    int rv;				/* result value */
-
-    /* Have we created the character class table yet? */
-    if (aclChTab == 0) {
-
-	/* No, initialize character classes for lexer processing */
-	rv = lex_class_create(classc, classv, &aclChTab);
-	if (rv < 0) goto err_nomem;
-    }
-
-    return 0;
-
-  err_nomem:
-    return ACLERRNOMEM;
-}
-
-/*
- * Description (aclRealmSpecParse)
- *
- *	This function parses an authentication realm specification.  An
- *	authentication realm includes an authentication database and
- *	an authentication method.  The syntax of a realm-spec is:
- *
- *	realm-spec ::= "{" realm-directive-list "}" | "realm" realm-name
- *	realm-directive-list ::= realm-directive |
- *				 realm-directive-list ";" realm-directive
- *	realm-directive ::= realm-db-directive | realm-meth-directive
- *				| realm-prompt-directive
- *	realm-db-directive ::= "database" db-file-path
- *	realm-meth-directive ::= "method" auth-method-name
- *	auth-method-name ::= "basic" | "SSL"
- *	realm-prompt-directive ::= "prompt" quote-char string quote-char
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	acf			- pointer to ACLFile_t for ACL file
- *	acc			- pointer to ACContext_t structure
- *	rspp			- pointer to RealmSpec_t pointer
- *
- * Returns:
- *
- *	If successful, the return value is the token type of the token
- *	following the realm-spec, i.e. either the first token after a
- *	realm-name or the first token after the closing "}".  It is the
- *	caller's responsibility to validate this token as a legitimate
- *	successor of a realm-spec.  If a parsing error occurs in the
- *	middle of a realm-spec, the return value is ACLERRPARSE, and an
- *	error frame is generated if an error list is provided.  For
- *	other kinds of errors a negative error code (from aclerror.h)
- *	is returned.
- */
-
-int aclRealmSpecParse(NSErr_t * errp,
-		      ACLFile_t * acf, ACContext_t * acc, RealmSpec_t **rspp)
-{
-    void * token = acf->acf_token;	/* handle for current token */
-    char * tokenstr;			/* current token string */
-    RealmSpec_t * rsp;			/* realm spec pointer */
-    RealmSpec_t * nrsp;			/* named realm spec pointer */
-    int rv;				/* result value */
-    int eid;				/* error id value */
-    char linestr[16];			/* line number string buffer */
-
-    rv = acf->acf_ttype;
-
-    /* Is the current token a "{" ? */
-    if (rv != TOKEN_LBRACE) {
-
-	/* No, could it be KEYWORD_REALM? */
-	if (rv == TOKEN_IDENT) {
-
-	    tokenstr = lex_token(token);
-
-	    if (!strcasecmp(tokenstr, KEYWORD_REALM)) {
-
-		/* Yes, step to the realm name */
-		rv = aclGetToken(errp, acf, 0);
-		if (rv != TOKEN_IDENT) {
-		    if (rv < 0) goto punt;
-		    goto err_rlmname;
-		}
-
-		tokenstr = lex_token(token);
-
-		/* Look up the named realm specification */
-		rv = symTableFindSym(acc->acc_stp, tokenstr, ACLSYMREALM,
-				     (void **)&nrsp);
-		if (rv < 0) goto err_undrlm;
-
-		/* Return the named realm specification */
-		*rspp = nrsp;
-
-		/* Step to the token after the realm name */
-		rv = aclGetToken(errp, acf, 0);
-	    }
-	}
-
-	return rv;
-    }
-
-    /* Step to the token after the "{" */
-    rv = aclGetToken(errp, acf, 0);
-    if (rv < 0) goto punt;
-
-    rsp = *rspp;
-    if (rsp == 0) {
-	rsp = (RealmSpec_t *)MALLOC(sizeof(RealmSpec_t));
-	if (rsp == 0) goto err_nomem;
-	memset((void *)rsp, 0, sizeof(RealmSpec_t));
-	rsp->rs_sym.sym_type = ACLSYMREALM;
-	*rspp = rsp;
-    }
-
-    /* Loop for each realm-directive */
-    for (;; rv = aclGetToken(errp, acf, 0)) {
-
-	if (rv != TOKEN_IDENT) {
-
-	    /* Exit loop on "}" */
-	    if (rv == TOKEN_RBRACE) break;
-
-	    /* Ignore null directives */
-	    if (rv == TOKEN_EOS) continue;
-
-	    /* Otherwise need an identifier to start a directive */
-	    goto err_nodir;
-	}
-
-	tokenstr = lex_token(token);
-
-	/* Figure out which realm-directive this is */
-	if (!strcasecmp(tokenstr, KEYWORD_DATABASE)) {
-
-	    /* Get a file specification for the database */
-	    rv = aclGetToken(errp, acf, 0);
-	    if (rv != TOKEN_STRING) {
-		if (rv < 0) goto punt;
-		goto err_nodb;
-	    }
-
-	    rsp->rs_realm.rlm_dbname = lex_token_take(token);
-	    rsp->rs_realm.rlm_aif = &NSADB_AuthIF;
-	}
-	else if (!strcasecmp(tokenstr, KEYWORD_METHOD)) {
-
-	    /* Step to the method identifier */
-	    rv = aclGetToken(errp, acf, 0);
-	    if (rv != TOKEN_IDENT) {
-		if (rv < 0) goto punt;
-		goto err_nometh;
-	    }
-
-	    tokenstr = lex_token(token);
-
-	    /* Interpret method name and set method in realm structure */
-	    if (!strcasecmp(tokenstr, KEYWORD_BASIC)) {
-		rsp->rs_realm.rlm_ameth = AUTH_METHOD_BASIC;
-	    }
-	    else if (!strcasecmp(tokenstr, KEYWORD_SSL) && server_enterprise) {
-		rsp->rs_realm.rlm_ameth = AUTH_METHOD_SSL;
-	    }
-	    else goto err_badmeth;
-	}
-	else if (!strcasecmp(tokenstr, KEYWORD_PROMPT)) {
-
-	    /* Step to the realm prompt string */
-	    rv = aclGetToken(errp, acf, 0);
-	    if ((rv != TOKEN_STRING) && (rv != TOKEN_IDENT)) {
-		if (rv < 0) goto punt;
-		goto err_noprompt;
-	    }
-
-	    /* Reference a copy of the prompt string from the realm */
-	    rsp->rs_realm.rlm_prompt = lex_token_take(token);
-	}
-	else goto err_baddir;
-
-	/* Get the token after the realm-directive */
-	rv = aclGetToken(errp, acf, 0);
-
-	/* Need a ";" to keep going */
-	if (rv != TOKEN_EOS) break;
-    }
-
-    if (rv != TOKEN_RBRACE) goto err_rbrace;
-
-    /* Get the token after the realm-spec */
-    rv = aclGetToken(errp, acf, 0);
-
-  punt:
-    return rv;
-
-  err_rlmname:
-    eid = ACLERR2500;
-    goto err_parse;
-
-  err_undrlm:
-    eid = ACLERR2520;
-    rv = ACLERRUNDEF;
-    goto err_sym;
-
-  err_nomem:
-    eid = ACLERR2540;
-    rv = ACLERRNOMEM;
-    goto ret_err;
-
-  err_nodir:
-    eid = ACLERR2560;
-    goto err_parse;
-
-  err_nodb:
-    eid = ACLERR2570;
-    goto err_parse;
-
-  err_nometh:
-    eid = ACLERR2580;
-    goto err_parse;
-
-  err_badmeth:
-    eid = ACLERR2600;
-    goto err_sym;
-
-  err_noprompt:
-    eid = ACLERR2605;
-    goto err_parse;
-
-  err_baddir:
-    eid = ACLERR2610;
-    goto err_sym;
-
-  err_rbrace:
-    eid = ACLERR2620;
-    goto err_parse;
-
-  err_sym:
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program,
-		  3, acf->acf_filename, linestr, tokenstr);
-    goto punt;
-
-  err_parse:
-    rv = ACLERRPARSE;
-  ret_err:
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
-    goto punt;
-}
-
-/*
- * Description (aclRightsParse)
- *
- *	This function parse an access rights list.  The syntax for an
- *	access rights list is:
- *
- *	rights-list ::= "(" list-of-rights ")"
- *	list-of-rights ::= rights-elem | list-of-rights "," rights-elem
- *	rights-elem ::= right-name | "+" rights-def-name
- *	right-name ::= identifier
- *	rights-def-name ::= identifier
- *
- *	An element of a rights list is either the name of a particular
- *	access right (e.g. Read), or the name associated with an
- *	external definition of an access rights list, preceded by "+"
- *	(e.g. +editor-rights).  The list is enclosed in parentheses,
- *	and the elements are separated by commas.
- *
- *	This function adds to a list of rights provided by the caller.
- *	Access rights are internally assigned unique integer identifiers,
- *	and a symbol table is maintained to map an access right name to
- *	its identifier.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	acf			- pointer to ACLFile_t for ACL file
- *	acc			- pointer to ACContext_t structure
- *	rights			- pointer to rights list head
- *
- * Returns:
- *
- *	The return value is a code identifying the next token if successful.
- *	End-of-stream is indicated by a return value of TOKEN_EOF.  An error
- *	is indicated by a negative error code (ACLERRxxxx - see aclerror.h),
- *	and an error frame will be generated if an error list is provided.
- */
-
-int aclRightsParse(NSErr_t * errp, ACLFile_t * acf, ACContext_t * acc,
-		   RightSpec_t **rights)
-{
-    void * token = acf->acf_token;	/* LEX token handle */
-    char * ename;			/* element name string pointer */
-    RightSpec_t * rsp;			/* rights specification pointer */
-    RightSpec_t * nrsp;			/* named rights spec pointer */
-    RightDef_t * rdp;			/* right definition pointer */
-    int rv;				/* result value */
-    int eid;				/* error id */
-    char linestr[16];			/* line number string buffer */
-
-    /* Look for a left parenthesis */
-    if (acf->acf_ttype != TOKEN_LPAREN) {
-
-	/* No rights list present */
-	return 0;
-    }
-
-    rsp = *rights;
-
-    /* Create a RightSpec_t if we don't have one */
-    if (rsp == 0) {
-	rsp = (RightSpec_t *)MALLOC(sizeof(RightSpec_t));
-	if (rsp == 0) goto err_nomem1;
-	memset((void *)rsp, 0, sizeof(RightSpec_t));
-	rsp->rs_sym.sym_type = ACLSYMRDEF;
-	*rights = rsp;
-    }
-
-    /* Parse list elements */
-    for (;;) {
-
-	/* Look for an identifier */
-	rv = aclGetToken(errp, acf, 0);
-	if (rv != TOKEN_IDENT) {
-
-	    /* No, maybe a "+" preceding a rights definition name? */
-	    if (rv != TOKEN_PLUS) {
-
-		/* One more chance, we'll allow the closing ")" after "," */
-		if (rv != TOKEN_RPAREN) {
-		    /* No, bad news */
-		    if (rv < 0) goto punt;
-		    goto err_elem;
-		}
-
-		/* Got right paren after comma */
-		break;
-	    }
-
-	    /* Got a "+", try for the rights definition name */
-	    rv = aclGetToken(errp, acf, 0);
-	    if (rv != TOKEN_IDENT) {
-		if (rv < 0) goto punt;
-		goto err_rdef;
-	    }
-
-	    /* Get a pointer to the token string */
-	    ename = lex_token(token);
-
-	    /* See if it matches a rights definition in the symbol table */
-	    rv = symTableFindSym(acc->acc_stp, ename, ACLSYMRDEF,
-				 (void **)&nrsp);
-	    if (rv) goto err_undef;
-
-	    /*
-	     * Merge the rights from the named rights list into the
-	     * current rights list.
-	     */
-	    rv = uilMerge(&rsp->rs_list, &nrsp->rs_list);
-	    if (rv < 0) goto err_nomem2;
-	}
-	else {
-
-	    /* The current token is an access right name */
-
-	    /* Get a pointer to the token string */
-	    ename = lex_token(token);
-
-
-	    /* Find or create an access right definition */
-	    rv = aclRightDef(errp, acc, ename, &rdp);
-	    if (rv < 0) goto err_radd;
-
-	    /* Add the id for this right to the current rights list */
-	    rv = usiInsert(&rsp->rs_list, rdp->rd_id);
-	    if (rv < 0) goto err_nomem3;
-	}
-
-	rv = aclGetToken(errp, acf, 0);
-
-	/* Want a comma to continue the list */
-	if (rv != TOKEN_COMMA) {
-
-	    /* A right parenthesis will end the list nicely */
-	    if (rv == TOKEN_RPAREN) {
-
-		/* Get the first token after the rights list */
-		rv = aclGetToken(errp, acf, 0);
-		break;
-	    }
-
-	    /* Anything else is an error */
-	    if (rv < 0) goto punt;
-	    goto err_list;
-	}
-    }
-
-    return rv;
-
-  err_elem:
-    eid = ACLERR2700;
-    rv = ACLERRSYNTAX;
-    goto err_ret;
-
-  err_rdef:
-    eid = ACLERR2720;
-    rv = ACLERRSYNTAX;
-    goto err_ret;
-
-  err_undef:
-    eid = ACLERR2740;
-    rv = ACLERRUNDEF;
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program,
-		  3, acf->acf_filename, linestr, ename);
-    return rv;
-
-  err_nomem1:
-    eid = ACLERR2760;
-    goto err_nomem;
-
-  err_nomem2:
-    eid = ACLERR2780;
-    goto err_nomem;
-
-  err_radd:
-    eid = ACLERR2800;
-    goto err_ret;
-
-  err_nomem3:
-    eid = ACLERR2820;
-    goto err_nomem;
-
-  err_nomem:
-    rv = ACLERRNOMEM;
-    goto err_ret;
-
-  err_list:
-
-    eid = ACLERR2840;
-    rv = ACLERRSYNTAX;
-
-  err_ret:
-    sprintf(linestr, "%d", acf->acf_lineno);
-    nserrGenerate(errp, rv, eid, ACL_Program, 2, acf->acf_filename, linestr);
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (aclStreamGet)
- *
- *	This function is the stream read function designated by
- *	aclFileOpen() to read the file associated with the LEX stream
- *	it creates.  It reads the next chunk of the file into the
- *	stream buffer.
- *
- * Arguments:
- *
- *	lst			- pointer to LEX stream structure
- *
- * Returns:
- *
- *	The return value is the number of bytes read if successful.
- *	A return value of zero indicates end-of-file.  An error is
- *	indicated by a negative return value.
- */
-
-int aclStreamGet(LEXStream_t * lst)
-{
-    SYS_FILE fd = (SYS_FILE)(lst->lst_strmid);
-    int len;
-
-    len = system_fread(fd, lst->lst_buf, lst->lst_buflen);
-    if (len >= 0) {
-	lst->lst_len = len;
-	lst->lst_cp = lst->lst_buf;
-    }
-
-    return len;
-}

lib/libaccess/attrec.cpp

@@ -1,309 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (attrec.c)
- *
- *	This module contains routines for encoding and decoding
- *	attribute records.  See attrec.h for a description of attribute
- *	records.
- */
-
-#include "base/systems.h"
-#include "netsite.h"
-#include "assert.h"
-#define __PRIVATE_ATTREC
-#include "libaccess/attrec.h"
-
-/*
- * Description (NTS_Length)
- *
- *	This function returns the length of a null-terminated string.
- *	The length includes the terminating null octet.
- *
- *	Use of the NTSLENGTH() macro is recommended (see attrec.h).
- *
- * Arguments:
- *
- *	nts			- a pointer to the null-terminate string
- *				  (may be null)
- *
- * Returns:
- *
- *	The length of the string.  If 'nts' is null, the value is one,
- *	since there is always a null octet.
- */
-
-int NTS_Length(NTS_t nts)
-{
-    return ((nts) ? strlen((const char *)nts) + 1 : 1);
-}
-
-/*
- * Description (NTS_Decode)
- *
- *	This function decodes a null-terminated string from a specified
- *	attribute record buffer.  It copies the string into a dynamically
- *	allocated buffer, if 'pnts' is not null, and returns a pointer
- *	to it.  The return value of the function is a pointer to the
- *	octet following the NTS in the attribute record buffer.
- *
- *	Use of the NTSDECODE() macro is recommended (see attrec.h).
- *
- * Arguments:
- *
- *	cp			- pointer into the attribute record buffer
- *	pnts			- pointer to returned reference to decoded
- *				  NTS, or null, if the decoded NTS is not
- *				  to be copied to a dynamic buffer
- *
- * Returns:
- *
- *	The function return value is a pointer to the octet following
- *	the NTS in the attribute record buffer.  A pointer to a
- *	dynamically allocated buffer containing the decoded NTS will
- *	be returned through 'pnts', if it is non-null.  This returned
- *	pointer will be null if the NTS contains only a terminating
- *	octet.
- */
-
-ATR_t NTS_Decode(ATR_t cp, NTS_t * pnts)
-{
-    NTS_t nts = 0;
-    int len = NTSLENGTH(cp);		/* length of the string */
-
-    /* Are we going to return a copy of the string? */
-    if (pnts) {
-
-	/* Yes, is it more than just a null octet? */
-	if (len > 1) {
-
-	    /* Yes, allocate a buffer and copy the string to it */
-	    nts = (NTS_t)MALLOC(len);
-	    if (nts) {
-		memcpy((void *)nts, (void *)cp, len);
-	    }
-	}
-
-	/* Return a pointer to the copied string, or null */
-	*pnts = nts;
-    }
-
-    /* Return pointer to octet after string */
-    return cp + len;
-}
-
-/*
- * Description (NTS_Encode)
- *
- *	This function encodes a null-terminated string into a specified
- *	attribute record buffer.  It returns a pointer to the octet
- *	following the encoding.
- *
- *	Use of the NTSENCODE() macro is recommended (see attrec.h).
- *
- * Arguments:
- *
- *	cp			- pointer into the attribute record buffer
- *	nts			- pointer to the string to be encoded
- *
- * Returns:
- *
- *	A pointer to the octet following the encoding in the attribute
- *	record buffer is returned.
- */
-
-ATR_t NTS_Encode(ATR_t cp, NTS_t nts)
-{
-
-    /* Is the string pointer null? */
-    if (nts) {
-	int len = NTSLENGTH(nts);
-
-	/* No, copy the string to the attribute record buffer */
-	memcpy((void *)cp, (void *)nts, len);
-
-	/* Get pointer to octet after it */
-	cp += len;
-    }
-    else {
-
-	/* A null pointer indicates an empty NTS, i.e. just a null octet */
-	*cp++ = 0;
-    }
-
-    /* Return a pointer to the octet after the encoding */
-    return cp;
-}
-
-/*
- * Description (USI_Decode)
- *
- *	This function decodes an unsigned integer value from a specified
- *	attribute record buffer.
- *
- *	Use of the USIDECODE() macro is recommended (see attrec.h).
- *
- * Arguments:
- *
- *	cp			- pointer into the attribute record buffer
- *	pval			- pointer to returned integer value
- *
- * Returns:
- *
- *	If 'pval' is not null, the decoded integer value is returned
- *	in the referenced location.  The function return value is a
- *	pointer to the octet following the USI encoding in the attribute
- *	record buffer.
- */
-
-ATR_t USI_Decode(ATR_t cp, USI_t * pval)
-{
-    int val;
-
-    /* Is this a length value? */
-    if (*(cp) & 0x80) {
-	int i;
-	int len;
-
-	/* Yes, build the value from the indicated number of octets */
-	len = *cp++ & 0x7;
-	val = 0;
-	for (i = 0; i < len; ++i) {
-	    val <<= 8;
-	    val |= (cp[i] & 0xff);
-	}
-	cp += len;
-    }
-    else {
-
-	/* This octet is the value */
-	val = *cp++;
-    }
-
-    /* Return the value if there's a place to put it */
-    if (pval) *pval = val;
-
-    /* Return a pointer to the next item in the attribute record */
-    return cp;
-}
-
-/*
- * Description (USI_Encode)
- *
- *	This function encodes an unsigned integer value into a specified
- *	attribute record buffer.
- *
- *	Use of the USIENCODE() macro is recommended (see attrec.h).
- *
- * Arguments:
- *
- *	cp			- pointer into the attribute record buffer
- *	val			- the value to be encoded
- *
- * Returns:
- *
- *	A pointer to the octet following the generated encoding in the
- *	attribute record buffer is returned.
- */
-
-ATR_t USI_Encode(ATR_t cp, USI_t val)
-{
-    /* Check size of value to be encoded */
-    if (val <= 0x7f) *cp++ = val;
-    else if (val <= 0xff) {
-	/* Length plus 8-bit value */
-	*cp++ = 0x81;
-	*cp++ = val;
-    }
-    else if (val <= 0xffff) {
-	/* Length plus 16-bit value */
-	*cp++ = 0x82;
-	cp[1] = val & 0xff;
-	val >>= 8;
-	cp[0] = val & 0xff;
-	cp += 2;
-    }
-    else if (val <= 0xffffff) {
-	/* Length plus 24-bit value */
-	*cp++ = 0x83;
-	cp[2] = val & 0xff;
-	val >>= 8;
-	cp[1] = val & 0xff;
-	val >>= 8;
-	cp[0] = val & 0xff;
-	cp += 3;
-    }
-    else {
-	/* Length plus 32-bit value */
-	*cp++ = 0x84;
-	cp[3] = val & 0xff;
-	val >>= 8;
-	cp[2] = val & 0xff;
-	val >>= 8;
-	cp[1] = val & 0xff;
-	val >>= 8;
-	cp[0] = val & 0xff;
-	cp += 4;
-    }
-
-    /* Return a pointer to the next position in the attribute record */
-    return cp;
-}
-
-/*
- * Description (USI_Insert)
- *
- *	This function is a variation of USI_Encode() that always generates
- *	the maximum-length encoding for USI value, regardless of the
- *	actual specified value.  For arguments, returns, see USI_Encode().
- *
- *	Use of the USIINSERT() macro is recommended.  The USIALLOC() macro
- *	returns the number of octets that USIINSERT() will generate.
- */
-
-ATR_t USI_Insert(ATR_t cp, USI_t val)
-{
-    int i;
-
-    assert(USIALLOC() == 5);
-
-    *cp++ = 0x84;
-    for (i = 3; i >= 0; --i) {
-	cp[i] = val & 0xff;
-	val >>= 8;
-    }
-
-    return cp + 5;
-}
-
-/*
- * Description (USI_Length)
- *
- *	This function returns the number of octets required to encode
- *	an unsigned integer value.
- *
- *	Use of the USILENGTH() macro is recommended (see attrec.h).
- *
- * Arguments:
- *
- *	val			- the unsigned integer value
- *
- * Returns:
- *
- *	The number of octets required to encode the specified value is
- *	returned.
- */
-
-int USI_Length(USI_t val)
-{
-    return (((USI_t)(val) <= 0x7f) ? 1
-				   : (((USI_t)(val) <= 0xff) ? 2
-				   : (((USI_t)(val) <= 0xffff) ? 3
-				   : (((USI_t)(val) <= 0xffffff) ? 4
-				   : 5))));
-}
-

lib/libaccess/avadb.c

@@ -1,298 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "libaccess/ava.h"
-#include "libaccess/avadb.h"
-#include "base/session.h"
-#include "base/pblock.h"
-
-#include "libadmin/libadmin.h"
-#include "libaccess/avapfile.h"
-
-#define DB_NAME "AvaMap"
-
-enum {AVA_DB_SUCCESS=0,AVA_DB_FAILURE}; 
-
-#ifdef XP_UNIX
-#include "mcom_ndbm.h" 
-
-USE_NSAPI int AddEntry (char *key, char *value) {
-  datum keyd;
-  datum valued;
-  DBM *db = NULL;
-  char dbpath[150];
-
-  sprintf (dbpath, "%s%c%s", get_httpacl_dir(), FILE_PATHSEP, DB_NAME);
-
-  db = dbm_open (dbpath, O_RDWR | O_CREAT, 0644);
-
-  if (!db) 
-    return AVA_DB_FAILURE;
-
-  keyd.dptr = key;
-  keyd.dsize = strlen (key) + 1;
-
-  valued.dptr = value;
-  valued.dsize = strlen(value) + 1;
-
-  dbm_store (db, keyd, valued, DBM_REPLACE);
-  dbm_close (db);
-  
-  return AVA_DB_SUCCESS;
-}
-
-USE_NSAPI int DeleteEntry (char *key) {
-  datum keyd;
-  DBM *db = NULL;
-  char dbpath[150];
-
-  sprintf (dbpath, "%s%c%s", get_httpacl_dir(), FILE_PATHSEP, DB_NAME);
-
-  db = dbm_open (dbpath, O_RDWR, 0644);
-
-  if (!db) 
-    return AVA_DB_FAILURE;
-
-  keyd.dptr = key;
-  keyd.dsize = strlen (key) + 1;
-
-  dbm_delete (db, keyd);
-
-  dbm_close (db);
-    
-  return AVA_DB_SUCCESS;
-}
-
-USE_NSAPI char *GetValue (char *key) {
-  datum keyd;
-  datum valued;
-  DBM *db = NULL;
-  char dbpath[150];
-
-  sprintf (dbpath, "%s%c%s", get_httpacl_dir(), FILE_PATHSEP, DB_NAME);
-
-  db = dbm_open (dbpath, O_RDONLY, 0644);
-
-  if (!db) 
-    return NULL;
-
-  keyd.dptr = key;
-  keyd.dsize = strlen (key) + 1;  
-
-  valued = dbm_fetch (db, keyd);
-
-  dbm_close (db);
-
-  return valued.dptr;
-}
-
-#else
-
-#include <stdio.h>
-
-
-#define lmemcpy memcpy
-#define lmemcmp memcmp
-#define lmemset memset
-
-static int mkhash8(char *x,int len) {
-   unsigned int i,hash = 0;
-   for (i=0; i < len; i++) { hash += x[i]; }
-
-   return (int) (hash & 0xff);
-}
-
-static void mkpath(char *target, char *dir, char sep, char *name) {
-    int len;
-
-    len = strlen(dir);
-    lmemcpy(target,dir,len);
-    target += len;
-
-    *target++ = sep;
-
-    len = strlen(name);
-    lmemcpy(target,name,len);
-    target += len;
-
-    *target = 0;
-}
-
-#define DELETED_LEN 8
-static char DELETED[] = { 0xff, 0x0, 0xff, 0x0, 0xff, 0x0, 0xff , 0x0 };
-
-
-#define RECORD_SIZE 512
-USE_NSAPI int AddEntry (char *key, char *value) {
-  int empty, hash;
-  char dbpath[150];
-  char record[RECORD_SIZE];
-  int key_len, val_len,size;
-  FILE *f;
-
-  mkpath (dbpath, get_httpacl_dir(), FILE_PATHSEP, DB_NAME);
-
-  f = fopen(dbpath, "rb+");
-  if (f == NULL) {
-	f = fopen(dbpath,"wb+");
-  }
-
-  if (f == NULL) 
-    return AVA_DB_FAILURE;
-
-  key_len = strlen(key)+1;
-  val_len = strlen(value);
-
-  if ((key_len+val_len) > RECORD_SIZE) {
-    fclose(f);
-    return AVA_DB_FAILURE;
-  }
-
-
-  /* now hash the key */
-  hash = mkhash8(key,key_len);
-  empty = -1;
-
-  fseek(f,hash*RECORD_SIZE,SEEK_SET);
-
-  for (;;) {
-    size= fread(record,1,RECORD_SIZE,f);
-    if (size < RECORD_SIZE) {
-       break;
-    }
-    if (lmemcmp(record,key,key_len) == 0) {
-       break;
-    }
-    if ((empty == -1) && (lmemcmp(record,DELETED,DELETED_LEN) == 0)) {
-       empty = hash;
-    }
-    if (record == 0) {
-       break;
-    }
-    hash++;
-  }
-
-  if (empty != -1) { hash = empty; }
-  fseek(f,hash*RECORD_SIZE,SEEK_SET);
-
-  /* build the record */
-  lmemset(record,0,RECORD_SIZE);
-
-  lmemcpy(record,key,key_len);
-  lmemcpy(&record[key_len],value,val_len);
-  size= fwrite(record,1,RECORD_SIZE,f);
-  if (size != RECORD_SIZE) {
-    fclose(f);
-    return AVA_DB_FAILURE;
-  }
-  fclose(f);
-
-  return AVA_DB_SUCCESS;
-}
-
-USE_NSAPI int DeleteEntry (char *key) {
-  int found,hash;
-  char dbpath[150];
-  char record[RECORD_SIZE];
-  int key_len,size;
-  FILE *f;
-
-  mkpath (dbpath, get_httpacl_dir(), FILE_PATHSEP, DB_NAME);
-
-  f = fopen(dbpath, "rb+");
-
-  if (f == NULL) 
-    return AVA_DB_FAILURE;
-
-  key_len = strlen(key)+1;
-
-
-  /* now hash the key */
-  hash = mkhash8(key,key_len);
-  found = 0;
-  fseek(f,hash*RECORD_SIZE,SEEK_SET);
-
-  for (;;) {
-    size= fread(record,1,RECORD_SIZE,f);
-    if (size < RECORD_SIZE) {
-       break;
-    }
-    if (lmemcmp(record,key,key_len) == 0) {
-       found++;
-       break;
-    }
-    if (record == 0) {
-       break;
-    }
-    hash++;
-  } 
-
-  if (!found) {
-    fclose(f);
-    return AVA_DB_SUCCESS;
-  }
-  fseek(f,hash*RECORD_SIZE,SEEK_SET);
-
-  /* build the record */
-  lmemset(record,0,RECORD_SIZE);
-
-  lmemcpy(record,DELETED,DELETED_LEN);
-  size= fwrite(record,1,RECORD_SIZE,f);
-  if (size != RECORD_SIZE) {
-    fclose(f);
-    return AVA_DB_FAILURE;
-  }
-  fclose(f);
-    
-  return AVA_DB_SUCCESS;
-}
-
-USE_NSAPI char *GetValue (char *key) {
-  int hash,size;
-  char dbpath[150];
-  char record[RECORD_SIZE];
-  int key_len,found = 0;
-  FILE *f;
-
-  mkpath (dbpath, get_httpacl_dir(), FILE_PATHSEP, DB_NAME);
-
-  f = fopen(dbpath, "rb");
-
-  if (f == NULL) 
-    return NULL;
-
-  key_len = strlen(key)+1;
-
-  /* now hash the key */
-  hash = mkhash8(key,key_len);
-
-  fseek(f,hash*RECORD_SIZE,SEEK_SET);
-
-  for(;;) {
-    size= fread(record,1,RECORD_SIZE,f);
-    if (size < RECORD_SIZE) {
-       break;
-    }
-    if (lmemcmp(record,key,key_len) == 0) {
-       found++;
-       break;
-    }
-    if (record == 0) {
-       break;
-    }
-    hash++;
-  } 
-
-  fclose(f);
-  if (!found) return NULL;
-
-  return system_strdup(&record[key_len+1]);
-}
-
-#endif

lib/libaccess/avaparse.y

@@ -1,140 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-%{
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include "libaccess/ava.h"
-#include "libaccess/avapfile.h"
-#include "netsite.h"
-
-extern int linenum;
-extern char yytext[];
-
-static void AddDefType (int defType, char *defId);
-static void AddAVA (char* userID);
-
-void yyerror(const char* string);
-extern void logerror(const char* string,int num, char *file);
-
-AVAEntry tempEntry;
-AVATable entryTable;
-
-%}
-
-%union {
-  char *string;
-  int  num;
-}
-
-%token DEF_C DEF_CO DEF_OU DEF_CN EQ_SIGN DEF_START
-%token DEF_L DEF_E DEF_ST
-%token <string> USER_ID DEF_ID
-
-%type <num> def.type
-
-%start source
-
-%%
-
-source: ava.database
-     |
-     ;
-
-
-ava.database: ava.database ava 
-     |        ava              
-     ;
-
-ava: USER_ID definitions  {AddAVA($1);};
-
-definitions: definition.list
-     |
-     ;
-
-definition.list: definition.list definition
-     |           definition                   
-     ;
-
-
-definition: def.type EQ_SIGN DEF_ID {AddDefType($1, $3);};
-
-def.type: DEF_C    {$$ = DEF_C; }
-     |    DEF_CO   {$$ = DEF_CO;}
-     |    DEF_OU   {$$ = DEF_OU;}
-     |    DEF_CN   {$$ = DEF_CN;}
-     |    DEF_L    {$$ = DEF_L; }
-     |    DEF_E    {$$ = DEF_E; }
-     |    DEF_ST   {$$ = DEF_ST;}
-     ;
-
-%%
-
-void yyerror(const char* string) {
- logerror(string,linenum,currFile);
-}
-
-
-void AddDefType (int defType, char *defId) {
-  switch (defType) {
-    case DEF_C:
-      tempEntry.country = defId;
-      break;
-    case DEF_CO:
-      tempEntry.company = defId;
-      break;
-    case DEF_OU:
-      if (tempEntry.numOrgs % ORGS_ALLOCSIZE == 0) {
-	if (tempEntry.numOrgs == 0) {
-	  tempEntry.organizations =
-	    PERM_MALLOC  (sizeof (char*) * ORGS_ALLOCSIZE);
-	} else {
-	  char **temp;
-	  temp = 
-	    PERM_MALLOC(sizeof(char*) * (tempEntry.numOrgs + ORGS_ALLOCSIZE));
-	  memcpy (temp, tempEntry.organizations, 
-		  sizeof(char*)*tempEntry.numOrgs);
-	  PERM_FREE (tempEntry.organizations);
-	  tempEntry.organizations = temp;
-	}
-      }
-      tempEntry.organizations[tempEntry.numOrgs++] = defId;
-      break;
-    case DEF_CN:
-      tempEntry.CNEntry = defId;
-      break; 
-    case DEF_E:
-      tempEntry.email = defId;
-      break;
-    case DEF_L:
-      tempEntry.locality = defId;
-      break;
-    case DEF_ST:
-      tempEntry.state = defId;
-      break;
-    default:
-      break;
-  }
-}
-
-void AddAVA (char* userID) {
-  AVAEntry *newAVA;
-
-  newAVA = (AVAEntry*)PERM_MALLOC(sizeof(AVAEntry));
-  if (!newAVA) {
-    yyerror ("Out of Memory in AddAVA");
-    return;
-  }
-  *newAVA = tempEntry;
-  newAVA->userid = userID;
-
-  _addAVAtoTable (newAVA, &entryTable);
-
-  tempEntry.CNEntry = tempEntry.userid = tempEntry.country = tempEntry.company = 0;
-  tempEntry.email = tempEntry.locality = tempEntry.state = NULL;
-  tempEntry.numOrgs = 0;
-}

lib/libaccess/avapfile.c

@@ -1,428 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "libaccess/ava.h"
-
-#include "base/session.h"
-#include "base/pblock.h"
-#include "frame/req.h"
-#include "frame/log.h"
-
-#include "libadmin/libadmin.h"
-#include "libaccess/avapfile.h"
-
-#define ALLOC_SIZE 20
-#define SUCCESS 0
-
-struct parsedStruct {
-  char     *fileName;
-  AVATable *avaTable; 
-};
-
-typedef struct parsedStruct Parsed;
-
-/* globals for yy_error if needed */
-Session *yy_sn = NULL;
-Request *yy_rq = NULL;
-
-/*This will be a dynamic array of parsedStruct*. Re-sizing if necessary.*/
-struct ParsedTable {
-  Parsed **parsedTable;
-  int numEntries;
-};
-
-char *currFile;
-
-static struct ParsedTable parsedFiles = {NULL, 0};
-
-extern AVATable entryTable; /*Table where entries are stored*/
-extern AVAEntry tempEntry;  /*Used to restore parser's state*/
-extern linenum;
-
-AVAEntry * AVAEntry_Dup(AVAEntry *entry) {
-  int i;
-  AVAEntry *newAVA = NULL;
-/* copy the AVA entry */
-
-  if (entry) {
-    newAVA = (AVAEntry *) PERM_MALLOC(sizeof(AVAEntry));
-    memset(newAVA,0, sizeof(AVAEntry));
-    newAVA->userid = 0;
-    newAVA->CNEntry = 0;
-    newAVA->email = 0;
-    newAVA->locality = 0;
-    newAVA->state = 0;
-    newAVA->country = 0;
-    newAVA->company = 0;
-    newAVA->organizations  = 0;
-    newAVA->numOrgs = 0;
-    if (entry->userid) newAVA->userid = PERM_STRDUP(entry->userid);
-    if (entry->CNEntry) newAVA->CNEntry = PERM_STRDUP(entry->CNEntry);
-    if (entry->email) newAVA->email = PERM_STRDUP(entry->email);
-    if (entry->locality) newAVA->locality = PERM_STRDUP(entry->locality);
-    if (entry->state) newAVA->state = PERM_STRDUP(entry->state);
-    if (entry->country) newAVA->country = PERM_STRDUP(entry->country);
-    if (entry->company) newAVA->company = PERM_STRDUP(entry->company);
-    if (entry->organizations) {
-      newAVA->organizations = PERM_MALLOC(sizeof(char *)*entry->numOrgs);
-      newAVA->numOrgs = entry->numOrgs;
-      for (i=0; i<entry->numOrgs; i++)
-	newAVA->organizations[i] = PERM_STRDUP (entry->organizations[i]);
-    }
-  }
-  return newAVA;
-}
-
-void _addAVAtoTable (AVAEntry *newAVA, AVATable *table) {
-  int i;
-  int insertIndex = -1;
-
-  if (table->numEntries%ENTRIES_ALLOCSIZE == 0) {
-    if (table->numEntries == 0) {
-      table->enteredTable = 
-	(AVAEntry**) PERM_MALLOC  (sizeof(AVAEntry*) * ENTRIES_ALLOCSIZE);
-    } else {
-      AVAEntry **temp;
-      
-      temp = 
-       PERM_MALLOC(sizeof(AVAEntry*)*(table->numEntries+ENTRIES_ALLOCSIZE));
-      memmove(temp, table->enteredTable, sizeof(AVAEntry*)*table->numEntries);
-      PERM_FREE(table->enteredTable);
-      table->enteredTable = temp;
-    }
-  }
-
-  for (i=table->numEntries-1; i >= 0; i--) {
-    if (strcmp(newAVA->userid, table->enteredTable[i]->userid) >  0) {
-      insertIndex = i+1;
-      break;
-    } else {
-      table->enteredTable[i+1] = table->enteredTable[i];
-    }
-  }
-
-  
-  table->enteredTable[(insertIndex == -1) ? 0 : insertIndex] = newAVA;
-  (table->numEntries)++;
-}
-
-AVATable *AVATableDup(AVATable *table) {
-  AVATable *newTable = (AVATable*)PERM_MALLOC (sizeof(AVATable));
-  /* round the puppy so _addAVAtoTable still works */
-  int size = (table->numEntries + (ENTRIES_ALLOCSIZE-1))/ENTRIES_ALLOCSIZE;
-  int i;
-
-  newTable->enteredTable = 
-	(AVAEntry**)PERM_MALLOC(size*ENTRIES_ALLOCSIZE*sizeof(AVAEntry *));
-
-  for (i=0; i < table->numEntries; i++) {
-	newTable->enteredTable[i] = AVAEntry_Dup(table->enteredTable[i]);
-  }
-  newTable->numEntries = table->numEntries;
-  return newTable;
-}
-
-   
- 
-
-AVAEntry *_getAVAEntry(char *groupName, AVATable *mapTable) {
-  char line[BIG_LINE];
-  int lh, rh, mid, cmp;;
-
-  if (!mapTable) {
-      sprintf (line, "NULL Pointer passed as mapTable when trying to get entry %s", groupName);
-      report_error (SYSTEM_ERROR, "File Not Found", line);
-  }
-    
-
-  lh = 0;
-  rh = mapTable->numEntries-1;
-
-  while (lh <= rh) {
-    mid = lh + ((rh-lh)/2);
-    cmp = strcmp(groupName, mapTable->enteredTable[mid]->userid);
-    if (cmp == 0)
-      return mapTable->enteredTable[mid];
-    else if (cmp > 0)
-      lh = mid + 1;
-    else
-      rh = mid - 1;
-  }
-
-  return NULL;
-
-} 
-
-AVATable *_getTable (char *fileName) {
-  int lh, rh, mid, cmp;
-  AVATable *table = NULL;
-
-  /*First checks to see if it's already been parsed*/
-
-  lh = 0;
-  rh = parsedFiles.numEntries-1;
-  while (lh <= rh) {
-    mid = lh + ((rh - lh)/2);
-    cmp = strcmp(fileName, parsedFiles.parsedTable[mid]->fileName);
-    if (cmp == SUCCESS) {
-      return parsedFiles.parsedTable[mid]->avaTable;
-    } else if (cmp < SUCCESS) {
-      rh = mid-1;
-    } else {
-      lh = mid+1;
-    }
-  }
-
-  yyin = fopen (fileName, "r");
-
-  if (yyin) {
-    if (!yyparse()) {
-      table = _wasParsed (fileName);
-      table->userdb = NULL;
-    }
-    fclose (yyin);
-  }
-
-  return table;
-}
-
-int _hasBeenParsed (char *aclFileName){
-  return (_getTable(aclFileName) != NULL);
-}
-
-AVATable* _wasParsed (char *inFileName) {
-  Parsed *newEntry;
-  int i;
-
-  if (!inFileName)
-    return NULL;
-
-  newEntry = (Parsed*) PERM_MALLOC (sizeof(Parsed));
-  newEntry->fileName = PERM_STRDUP (inFileName);
-  newEntry->avaTable = AVATableDup(&entryTable);
-
-  if (parsedFiles.numEntries % ALLOC_SIZE == 0) {
-    if (parsedFiles.numEntries) {
-      Parsed **temp;
-
-      temp = PERM_MALLOC (sizeof(Parsed*)*(parsedFiles.numEntries + ALLOC_SIZE));
-      if (!temp)
-	return NULL;
-      memcpy (temp, parsedFiles.parsedTable, sizeof(Parsed*)*parsedFiles.numEntries);
-      PERM_FREE (parsedFiles.parsedTable);
-      parsedFiles.parsedTable = temp;
-    } else {
-      parsedFiles.parsedTable = 
-	(Parsed**) PERM_MALLOC (sizeof (Parsed*) * ALLOC_SIZE);
-      if (!parsedFiles.parsedTable)
-	return NULL;
-    }
-  } 
-  for (i=parsedFiles.numEntries; i > 0; i--) {
-    if (strcmp(newEntry->fileName,parsedFiles.parsedTable[i-1]->fileName) < 0) {
-      parsedFiles.parsedTable[i] = parsedFiles.parsedTable[i-1];
-    } else {
-      break;
-    }
-  }
-  parsedFiles.parsedTable[i] = newEntry;
-  parsedFiles.numEntries++;
-  
-/*Initialize parser structures to resemble that before parse*/
-  entryTable.numEntries = 0;
-  tempEntry.country = tempEntry.company = tempEntry.CNEntry = NULL;
-  tempEntry.email = tempEntry.locality = tempEntry.state = NULL; 
-  linenum = 1;
-
-  return newEntry->avaTable;
-}
-
-AVAEntry *_deleteAVAEntry (char *group, AVATable *table) {
-  int removeIndex;
-  int lh, rh, mid, cmp;
-  AVAEntry *entry = NULL;
-
-  if (!group || !table)
-    return NULL;
-
-  lh = 0;
-  rh = table->numEntries - 1;
-
-  while (lh <= rh) {
-    mid = lh + ((rh-lh)/2);
-    cmp = strcmp (group, table->enteredTable[mid]->userid);
-    if (cmp == SUCCESS) {
-      removeIndex = mid;
-      break;
-    } else if (cmp < SUCCESS) {
-      rh = mid-1;
-    } else {
-      lh = mid+1;
-    }
-  }
-
-  if (lh > rh)
-    return NULL;
-  
-  entry = table->enteredTable[removeIndex];
-
-  memmove ((char*)(table->enteredTable)+(sizeof(AVAEntry*)*removeIndex),
-	   (char*)(table->enteredTable)+(sizeof(AVAEntry*)*(removeIndex+1)),
-	   (table->numEntries - removeIndex - 1)*sizeof(AVAEntry*));
-  
-  (table->numEntries)--;
-
-  return entry;
-}
-
-void AVAEntry_Free (AVAEntry *entry) {
-  int i;
-
-  if (entry) {
-    if (entry->userid)
-      PERM_FREE (entry->userid);
-    if (entry->CNEntry)
-      PERM_FREE (entry->CNEntry);
-    if (entry->email)
-      PERM_FREE (entry->email);
-    if (entry->locality)
-      PERM_FREE (entry->locality);
-    if (entry->state)
-      PERM_FREE (entry->state);
-    if (entry->country)
-      PERM_FREE (entry->country);
-    if (entry->company)
-      PERM_FREE (entry->company);
-    if (entry->organizations) {
-      for (i=0; i<entry->numOrgs; i++)
-	PERM_FREE (entry->organizations[i]);
-      PERM_FREE(entry->organizations);
-    }
-  }
-}
-
-void PrintHeader(FILE *outfile){
-
-  fprintf (outfile,"/*This file is generated automatically by the admin server\n");
-  fprintf (outfile," *Any changes you make manually may be lost if other\n");
-  fprintf (outfile," *changes are made through the admin server.\n");
-  fprintf (outfile," */\n\n\n");
-
-}
-
-void writeOutEntry (FILE *outfile, AVAEntry *entry) {
-  int i;
-
-  /*What should I do if the group id is not there?*/
-  if (!entry || !(entry->userid))
-    report_error (SYSTEM_ERROR, "AVA-DB Failure",
-		  "Bad entry passed to write out function");
-
-  fprintf (outfile,"%s: {\n", entry->userid);
-  if (entry->CNEntry)
-    fprintf (outfile,"\tCN=\"%s\"\n", entry->CNEntry);
-  if (entry->email)
-    fprintf (outfile,"\tE=\"%s\"\n", entry->email);
-  if (entry->company)
-    fprintf (outfile,"\tO=\"%s\"\n", entry->company);
-  if (entry->organizations) {
-    for (i=0; i < entry->numOrgs; i++) {
-      fprintf (outfile, "\tOU=\"%s\"\n", entry->organizations[i]);
-    }
-  }
-  if (entry->locality)
-    fprintf (outfile,"\tL=\"%s\"\n",entry->locality);
-  if (entry->state)
-    fprintf (outfile,"\tST=\"%s\"\n",entry->state);
-  if (entry->country)
-    fprintf (outfile,"\tC=\"%s\"\n", entry->country);
-
-  fprintf (outfile,"}\n\n\n");
-
-}
-
-void writeOutFile (char *authdb, AVATable *table) {
-  char line[BIG_LINE];
-  char mess[200];
-  FILE *newfile;
-  int i;
-
-  sprintf (line, "%s%c%s%c%s.%s", get_authdb_dir(), FILE_PATHSEP, authdb, FILE_PATHSEP,
-	   AUTH_DB_FILE, AVADB_TAG);
-
-  if (!table) {
-    sprintf (mess, "The structure for file %s was not loaded before writing out", line);
-    report_error (SYSTEM_ERROR, "Internal Error", mess);
-  }
-
-  newfile = fopen (line, "w");
-
-  if (!newfile) {
-    sprintf (mess, "Could not open file %s for writing.", line);
-    report_error(FILE_ERROR, "No File", mess);
-  }
-
-  PrintHeader (newfile);
-
-  for (i=0;i < table->numEntries; i++) {
-    writeOutEntry (newfile, table->enteredTable[i]);
-  }
-
-  fclose(newfile);
-}
-
-
-void
-logerror(char *error,int line,char *file) {
-  /* paranoia */
-  /*ava-mapping is only functin that initializes yy_sn and yy_rq*/
-  if ((yy_sn != NULL) && (yy_rq != NULL)) {
-    log_error (LOG_FAILURE, "ava-mapping", yy_sn, yy_rq,
-	       "Parse error line %d of %s: %s", line, file, error); 
-  } else {
-    char errMess[250];
-
-    sprintf (errMess, "Parse error line %d of %s: %s", line, file, error);
-    report_error (SYSTEM_ERROR, "Failure: Loading AVA-DB Table", errMess);
-  }
-}
-
-
-void outputAVAdbs(char *chosen) {
-  char *authdbdir = get_authdb_dir();
-  char **listings;
-  int i;
-  int numListings = 0;
-  int hasOptions = 0;
- 
-  listings = list_auth_dbs(authdbdir);
-  
-  while (listings[numListings++] != NULL);
-
-  for (i=0; listings[i] != NULL ; i++) {
-    if (!hasOptions) {
-      printf ("<select name=\"%s\"%s onChange=\"form.submit()\">",AVA_DB_SEL,
-	      (numListings > SELECT_OVERFLOW)?"size=5":"");
-      hasOptions = 1;
-    }
-
-    printf ("<option value=\"%s\"%s>%s\n",listings[i],
-	   (strcmp(chosen, listings[i]) == 0) ? "SELECTED":"",listings[i]);
-  }
-
-  if (hasOptions) 
-    printf ("</select>\n");
-  else 
-    printf ("<i><b>Insert an AVA-Database entry first</b></i>\n");/*This should never happen,
-								   *since I never create an empty
-								   *avadb file,
-								   *but one never knows
-								   */
-
-}

lib/libaccess/avascan.l

@@ -1,106 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-%{
- 
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include "y.tab.h"
-#include "libaccess/ava.h"
-#include "netsite.h"
- 
-int linenum = 1;
-int first_time = 1;
-int old_state;
-int num_nested_comments = 0;
-
-extern AVAEntry tempEntry;   
-extern AVATable entryTable;  
-                             
-void strip_quotes(void);
- 
-%}
- 
-%s  COMMENT NORM DEFINES DEF_TYPE 
- 
-uc_letter                           [A-Z]                               
-lc_letter                           [a-z]
-digit                               [0-9]
-under_score                         _
-
-letter                              ([A-Z,a-z])
-
-white_space                         ([ \t]*)
-identifier                          ([_,A-Z,a-z][_,A-Z,a-z,0-9]*)
-def_identifier                      (({white_space}{identifier})+)
-text                                (\"[^\"]*\")
-comments                            (([^"*/"\n])*)
-
-
-
-%%
-
-%{
-   if (first_time) {
-      BEGIN NORM;
-      first_time = tempEntry.numOrgs = 0;
-      old_state = NORM;
-      tempEntry.userid = 0;
-      tempEntry.country = 0;
-      tempEntry.CNEntry = 0;
-      tempEntry.email = 0;
-      tempEntry.locality = 0;
-      tempEntry.state = 0;
-      entryTable.numEntries = 0;
-   }
-%}
-
-
-"/*"                  {BEGIN COMMENT; num_nested_comments++;}
-<COMMENT>"*/"         {num_nested_comments--; 
-                       if (!num_nested_comments) BEGIN old_state;}
-<COMMENT>.   {;}
-
-<NORM>{identifier}  {yylval.string = PERM_STRDUP(yytext);
-			 return USER_ID;}
-<NORM>":"{white_space}\{ {BEGIN DEF_TYPE;
-                          old_state = DEF_TYPE;}
-
-<DEF_TYPE>"C"               {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_C; }
-<DEF_TYPE>"O"               {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_CO;}
-<DEF_TYPE>"OU"              {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_OU;}
-<DEF_TYPE>"CN"              {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_CN;}
-<DEF_TYPE>"L"               {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_L;}
-<DEF_TYPE>"E"               {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_E;}
-<DEF_TYPE>"ST"              {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_ST;}
-<DEF_TYPE>"}"               {BEGIN NORM;old_state = NORM;}
-
-<DEFINES>=                     {return EQ_SIGN;}
-<DEFINES>{text}  {BEGIN DEF_TYPE; old_state = DEF_TYPE;
-                                strip_quotes();
-                                return DEF_ID;}
-
-{white_space}   {;}
-\n              {linenum++;}
-.               {yyerror("Bad input character");} 
-%%
-
-int yywrap () {
- return 1;
-}
-
-void strip_quotes(void) {
-  yytext[strlen(yytext)-1]= '\0';
-  yylval.string = PERM_STRDUP(&yytext[1]);
-}

lib/libaccess/lcache.h

@@ -1,23 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-#ifndef CACHE_H
-#define CACHE_H
-
-NSPR_BEGIN_EXTERN_C
-
-extern void ACL_ListHashUpdate(ACLListHandle_t **acllistp);
-extern void ACL_Init(void);
-extern void ACL_CritEnter(void);
-extern void ACL_CritExit(void);
-extern ENTRY *ACL_GetUriHash(ENTRY item, ACTION action);
-extern int  ACL_CacheCheck(char *uri, ACLListHandle_t **acllist_p);
-extern void  ACL_CacheEnter(char *uri, ACLListHandle_t **acllist_p);
-extern void  ACL_CacheAbort(ACLListHandle_t **acllist_p);
-
-NSPR_END_EXTERN_C
-
-#endif

lib/libaccess/leval.h

@@ -1,18 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-#ifndef LEVAL_H
-#define LEVAL_H
-
-NSPR_BEGIN_EXTERN_C
-
-int
-freeLAS(NSErr_t *errp, char *attribute, void **las_cookie);
-
-NSPR_END_EXTERN_C
-
-#endif
-

lib/libaccess/lparse.h

@@ -1,27 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- *  This grammar is intended to parse the version 3.0 ACL
- *  and output an ACLParseACE_t structure.
- */
-
-#ifndef LPARSE_H
-#define LPARSE_H
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-extern int aclPushListHandle(ACLListHandle_t *handle);
-extern int aclparse(void);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif

lib/libaccess/nsadb.cpp

@@ -1,582 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsadb.c)
- *
- *	This module contains routines for retrieving information from
- *	a Netscape authentication database.  An authentication database
- *	consists of a user database and a group database.  This module
- *	implements an authentication database based on Netscape user and
- *	group databases defined in nsuser.h and nsgroup.h, which in turn
- *	are based on the Netscape (server) database implementation
- *	defined in nsdb.h.  The interface for managing information in
- *	an authentication database is described separately in nsamgmt.h.
- */
-
-#include <base/systems.h>
-#include <netsite.h>
-#include <base/file.h>
-#include <base/fsmutex.h>
-#include <libaccess/nsdbmgmt.h>
-#define __PRIVATE_NSADB
-#include <libaccess/nsadb.h>
-#include <libaccess/nsuser.h>
-#include <libaccess/nsgroup.h>
-
-/*
- * Description (NSADB_AuthIF)
- *
- *	This structure defines a generic authentication database
- *	interface for this module.  It does not currently support
- *	user/group id lookup.
- */
-AuthIF_t NSADB_AuthIF = {
-    0,					/* find user/group by id */
-    nsadbFindByName,			/* find user/group by name */
-    nsadbIdToName,			/* lookup name for user/group id */
-    nsadbOpen,				/* open a named database */
-    nsadbClose,				/* close a database */
-};
-
-/*
- * Description (nsadbClose)
- *
- *	This function closes an authentication database previously opened
- *	via nsadbOpen().
- *
- * Arguments:
- *
- *	authdb				- handle returned by nsadbOpen()
- *	flags				- unused (must be zero)
- */
-
-NSAPI_PUBLIC void nsadbClose(void * authdb, int flags)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-
-    if (adb->adb_userdb != 0) {
-	ndbClose(adb->adb_userdb, 0);
-    }
-
-    if (adb->adb_groupdb != 0) {
-	ndbClose(adb->adb_groupdb, 0);
-    }
-
-#if defined(CLIENT_AUTH)
-    nsadbCloseCerts(authdb, flags);
-#endif
-
-    if (adb->adb_dbname) {
-	FREE(adb->adb_dbname);
-    }
-
-    FREE(adb);
-}
-
-/*
- * Description (nsadbOpen)
- *
- *	This function is used to open an authentication database.
- *	The caller specifies a name for the database, which is actually
- *	the name of a directory containing the files which comprise the
- *	database.  The caller also indicates whether this is a new
- *	database, in which case it is created.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	adbname			- name of this database (directory)
- *	flags			- open flags:
- *				    AIF_CREATE - new database (create)
- *	rptr			- pointer to returned handle
- *
- * Returns:
- *
- *	A handle for accessing the database is always returned via 'rptr'
- *	unless there was a shortage of dynamic memory, in which case a
- *	null handle is returned.  The return value of the function is
- *	0 if it completes successfully.  An error is indicated by a
- *	negative return value (see nsautherr.h).
- */
-
-NSAPI_PUBLIC int nsadbOpen(NSErr_t * errp,
-			   char * adbname, int flags, void **rptr)
-{
-    AuthDB_t * authdb = 0;		/* pointer to database descriptor */
-    SYS_DIR dbdir;			/* database directory handle */
-    int eid;				/* error id code */
-    int rv;				/* result value */
-
-    /* Make sure we have a place to return the database handle */
-    if (rptr == 0) goto err_inval;
-
-    /* Allocate the database descriptor */
-    authdb = (AuthDB_t *)MALLOC(sizeof(AuthDB_t));
-    if (authdb == 0) goto err_nomem;
-
-    /* Return the descriptor pointer as the database handle */
-    *rptr = (void *)authdb;
-
-    authdb->adb_dbname = STRDUP(adbname);
-    authdb->adb_userdb = 0;
-    authdb->adb_groupdb = 0;
-#if defined(CLIENT_AUTH)
-    authdb->adb_certdb = 0;
-    authdb->adb_certlock = 0;
-    authdb->adb_certnm = 0;
-#endif
-    authdb->adb_flags = 0;
-
-    /* See if the database directory exists */
-    dbdir = dir_open(adbname);
-    if (dbdir == 0) {
-	/* No, create it if this is a new database, else error */
-	if (flags & AIF_CREATE) {
-	    rv = dir_create(adbname);
-	    if (rv < 0) goto err_mkdir;
-	    authdb->adb_flags |= ADBF_NEW;
-	}
-	else goto err_dopen;
-    }
-    else {
-	/* Ok, it's there */
-	dir_close(dbdir);
-    }
-
-    return 0;
-
-  err_inval:
-    eid = NSAUERR3000;
-    rv = NSAERRINVAL;
-    goto err_ret;
-
-  err_nomem:
-    /* Error - insufficient dynamic memory */
-    eid = NSAUERR3020;
-    rv = NSAERRNOMEM;
-    goto err_ret;
-
-  err_ret:
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
-    goto punt;
-
-  err_mkdir:
-    eid = NSAUERR3040;
-    rv = NSAERRMKDIR;
-    goto err_dir;
-
-  err_dopen:
-    eid = NSAUERR3060;
-    rv = NSAERROPEN;
-    goto err_dir;
-
-  err_dir:
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 1, adbname);
-    goto punt;
-
-  punt:
-    /* Fatal error - free database descriptor and return null handle */
-    if (authdb) {
-	if (authdb->adb_dbname) {
-	    FREE(authdb->adb_dbname);
-	}
-	FREE(authdb);
-    }
-
-    if (rptr) *rptr = 0;
-
-    return rv;
-}
-
-/*
- * Description (nsadbOpenUsers)
- *
- *	This function is called to open the users subdatabase of an
- *	open authentication database.  The caller specifies flags to
- *	indicate whether read or write access is required.  This
- *	function is normally called only by routines below the
- *	nsadbOpen() API, in response to perform particular operations
- *	on user or group objects.  If the open is successful, the
- *	resulting handle is stored in the AuthDB_t structure.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle returned by nsadbOpen()
- *	flags			- open flags:
- *					ADBF_UREAD - open for read
- *					ADBF_UWRITE - open for read/write
- * Returns:
- *
- *	The return value is zero if the operation is successfully
- *	completed.  An error is indicated by a negative return value
- *	(see nsautherr.h), and an error frame is generated if an error
- *	frame list was provided.
- */
-
-NSAPI_PUBLIC int nsadbOpenUsers(NSErr_t * errp, void * authdb, int flags)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    char * userfn = 0;			/* user database name */
-    int dblen;				/* strlen(adb_dbname) */
-    int uversion;			/* user database version number */
-    int eid;				/* error id code */
-    int rv;				/* result value */
-
-    if (adb == 0) goto err_inval;
-
-    /* Is the user database already open? */
-    if (adb->adb_userdb != 0) {
-
-	/* Yes, is it open for the desired access? */
-	if (adb->adb_flags & flags) {
-
-	    /* Yes, that was easy */
-	    return 0;
-	}
-    }
-    else {
-
-	/* We need to open the database */
-
-	/* Allocate space for the user database filename */
-	dblen = strlen(adb->adb_dbname);
-
-	userfn = (char *)MALLOC(dblen + strlen(ADBUSERDBNAME) + 2);
-	if (userfn == 0) goto err_nomem;
-
-	/* Construct user database name */
-	strcpy(userfn, adb->adb_dbname);
-
-	/* Put in a '/' (or '\') if it's not there */
-	if (userfn[dblen-1] != FILE_PATHSEP) {
-	    userfn[dblen] = FILE_PATHSEP;
-	    userfn[dblen+1] = 0;
-	    ++dblen;
-	}
-
-	strcpy(&userfn[dblen], ADBUSERDBNAME);
-
-	adb->adb_userdb = ndbOpen(errp,
-				  userfn, 0, NDB_TYPE_USERDB, &uversion);
-	if (adb->adb_userdb == 0) goto err_uopen;
-
-	FREE(userfn);
-    }
-
-    /*
-     * We don't really reopen the database to get the desired
-     * access mode, since that is handled at the nsdb level.
-     * But we do update the flags, just for the record.
-     */
-    adb->adb_flags &= ~(ADBF_UREAD|ADBF_UWRITE);
-    if (flags & ADBF_UWRITE) adb->adb_flags |= ADBF_UWRITE;
-    else adb->adb_flags |= ADBF_UREAD;
-
-    return 0;
-
-  err_inval:
-    eid = NSAUERR3200;
-    rv = NSAERRINVAL;
-    goto err_ret;
-
-  err_nomem:
-    eid = NSAUERR3220;
-    rv = NSAERRNOMEM;
-    goto err_ret;
-
-  err_ret:
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
-    goto punt;
-
-  err_uopen:
-    eid = NSAUERR3240;
-    rv = NSAERROPEN;
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 1, userfn);
-    goto punt;
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (nsadbOpenGroups)
- *
- *	This function is called to open the groups subdatabase of an
- *	open authentication database.  The caller specifies flags to
- *	indicate whether read or write access is required.  This
- *	function is normally called only by routines below the
- *	nsadbOpen() API, in response to perform particular operations
- *	on user or group objects.  If the open is successful, the
- *	resulting handle is stored in the AuthDB_t structure.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle returned by nsadbOpen()
- *	flags			- open flags:
- *					ADBF_GREAD - open for read
- *					ADBF_GWRITE - open for read/write
- * Returns:
- *
- *	The return value is zero if the operation is successfully
- *	completed.  An error is indicated by a negative return value
- *	(see nsautherr.h), and an error frame is generated if an error
- *	frame list was provided.
- */
-
-NSAPI_PUBLIC int nsadbOpenGroups(NSErr_t * errp, void * authdb, int flags)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    char * groupfn = 0;			/* group database name */
-    int dblen;				/* strlen(adb_dbname) */
-    int gversion;			/* group database version number */
-    int eid;				/* error id code */
-    int rv;				/* result value */
-
-    if (adb == 0) goto err_inval;
-
-    /* Is the group database already open? */
-    if (adb->adb_groupdb != 0) {
-
-	/* Yes, is it open for the desired access? */
-	if (adb->adb_flags & flags) {
-
-	    /* Yes, that was easy */
-	    return 0;
-	}
-    }
-    else {
-
-	/* We need to open the database */
-
-	/* Allocate space for the group database filename */
-	dblen = strlen(adb->adb_dbname);
-
-	groupfn = (char *)MALLOC(dblen + strlen(ADBGROUPDBNAME) + 2);
-	if (groupfn == 0) goto err_nomem;
-
-	/* Construct group database name */
-	strcpy(groupfn, adb->adb_dbname);
-
-	/* Put in a '/' (or '\') if it's not there */
-	if (groupfn[dblen-1] != FILE_PATHSEP) {
-	    groupfn[dblen] = FILE_PATHSEP;
-	    groupfn[dblen+1] = 0;
-	    ++dblen;
-	}
-
-	strcpy(&groupfn[dblen], ADBGROUPDBNAME);
-
-	adb->adb_groupdb = ndbOpen(errp,
-				   groupfn, 0, NDB_TYPE_GROUPDB, &gversion);
-	if (adb->adb_groupdb == 0) goto err_gopen;
-
-	FREE(groupfn);
-    }
-
-    /*
-     * We don't really reopen the database to get the desired
-     * access mode, since that is handled at the nsdb level.
-     * But we do update the flags, just for the record.
-     */
-    adb->adb_flags &= ~(ADBF_GREAD|ADBF_GWRITE);
-    if (flags & ADBF_GWRITE) adb->adb_flags |= ADBF_GWRITE;
-    else adb->adb_flags |= ADBF_GREAD;
-
-    return 0;
-
-  err_inval:
-    eid = NSAUERR3300;
-    rv = NSAERRINVAL;
-    goto err_ret;
-
-  err_nomem:
-    eid = NSAUERR3320;
-    rv = NSAERRNOMEM;
-    goto err_ret;
-
-  err_ret:
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
-    goto punt;
-
-  err_gopen:
-    eid = NSAUERR3340;
-    rv = NSAERROPEN;
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 1, groupfn);
-    goto punt;
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (nsadbIdToName)
- *
- *	This function looks up a specified user or group id in the
- *	authentication database.  The name associated with the specified
- *	id is returned.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle returned by nsadbOpen()
- *	id			- user or group id
- *	flags			- AIF_USER or AIF_GROUP (defined in nsauth.h)
- *	rptr			- pointer to returned group or user name
- *
- * Returns:
- *
- *	The return value is zero if no error occurs,
- *	A negative return value indicates an error.
- */
-
-NSAPI_PUBLIC int nsadbIdToName(NSErr_t * errp,
-			       void * authdb, USI_t id, int flags, char **rptr)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    void * whichdb = 0;
-    char * name;
-    int rv;
-
-    if (rptr != 0) *rptr = 0;
-
-    /* Decide whether to use user or group database */
-    if (flags & AIF_USER) {
-
-	whichdb = adb->adb_userdb;
-	if (whichdb == 0) {
-	    rv = nsadbOpenUsers(errp, authdb, ADBF_UREAD);
-	    if (rv < 0) goto punt;
-	    whichdb = adb->adb_userdb;
-	}
-    }
-    else if (flags & AIF_GROUP) {
-
-	whichdb = adb->adb_groupdb;
-	if (whichdb == 0) {
-	    rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD);
-	    if (rv < 0) goto punt;
-	    whichdb = adb->adb_groupdb;
-	}
-    }
-
-    if (whichdb != 0) {
-
-	/* Get the name corresponding to the id */
-	rv = ndbIdToName(errp, whichdb, id, 0, &name);
-	if (rv < 0) goto punt;
-
-	if ((rptr != 0)) *rptr = name;
-	rv = 0;
-    }
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (nsadbFindByName)
- *
- *	This function looks up a specified name in the authentication
- *	database.  Flags specified by the caller indicate whether a
- *	group name, user name, or either should be found.  The caller
- *	may optionally provide for the return of a user or group object
- *	pointer, in which case the information associated with a
- *	matching group or user is used to create a group or user object.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle returned by nsadbOpen()
- *	name			- name of group or user
- *	flags			- search flags (defined in nsauth.h)
- *	rptr			- pointer to returned group or user
- *				  object pointer (may be null)
- *
- * Returns:
- *
- *	The return value is a non-negative value if no error occurs,
- *	and the value indicates whether the name matched a group or
- *	user:
- *
- *	AIF_NONE		- name did not match a group or user name
- *	AIF_GROUP		- name matched a group name
- *	AIF_USER		- name matched a user name
- *
- *	If the value is AIF_GROUP or AIF_USER, and rptr is non-null,
- *	then a group or user object is created, and a pointer to it is
- *	returned in the location indicated by rptr.
- *
- *	A negative return value indicates an error.
- */
-
-NSAPI_PUBLIC int nsadbFindByName(NSErr_t * errp, void * authdb,
-				 char * name, int flags, void **rptr)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    ATR_t recptr;
-    int reclen;
-    int rv;
-
-    if (rptr != 0) *rptr = 0;
-
-    /* Search for group name? */
-    if (flags & AIF_GROUP) {
-
-	if (adb->adb_groupdb == 0) {
-	    rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD);
-	    if (rv < 0) goto punt;
-	}
-
-	/* Look up the name in the group database */
-	rv = ndbFindName(errp, adb->adb_groupdb, 0, (char *)name,
-			 &reclen, (char **)&recptr);
-	if (rv == 0) {
-
-	    /* Found it.  Make a group object if requested. */
-	    if (rptr != 0) {
-
-		/* Got the group record.  Decode into a group object. */
-		*rptr = (void *)groupDecode((NTS_t)name, reclen, recptr);
-	    }
-
-	    return AIF_GROUP;
-	}
-    }
-
-    /* Search for user name? */
-    if (flags & AIF_USER) {
-
-	if (adb->adb_userdb == 0) {
-	    rv = nsadbOpenUsers(errp, authdb, ADBF_UREAD);
-	    if (rv < 0) goto punt;
-	}
-
-	/* Look up the name in the user database */
-	rv = ndbFindName(errp, adb->adb_userdb, 0, (char *)name,
-			 &reclen, (char **)&recptr);
-	if (rv == 0) {
-
-	    /* Found it.  Make a user object if requested. */
-	    if (rptr != 0) {
-
-		/* Got the user record.  Decode into a user object. */
-		*rptr = (void *)userDecode((NTS_t)name, reclen, recptr);
-	    }
-
-	    return AIF_USER;
-	}
-    }
-
-    /* Nothing found */
-    nserrDispose(errp);
-    return AIF_NONE;
-
-  punt:
-    return rv;
-}

lib/libaccess/nsamgmt.cpp

@@ -1,1567 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsamgmt.c)
- *
- *	This module contains routines for managing information in a
- *	Netscape authentication database.  An authentication database
- *	consists of a user database and a group database.  This module
- *	implements an authentication database based on Netscape user and
- *	group databases defined in nsuser.h and nsgroup.h, which in turn
- *	are based on the Netscape (server) database implementation
- *	defined in nsdb.h.  The interface for retrieving information
- *	from an authentication database is described separately in
- *	nsadb.h.
- */
-
-#include "base/systems.h"
-#include "netsite.h"
-#include "base/file.h"
-#define __PRIVATE_NSADB
-#include "libaccess/nsamgmt.h"
-#include "libaccess/nsumgmt.h"
-#include "libaccess/nsgmgmt.h"
-
-/*
- * Description (nsadbEnumUsersHelp)
- *
- *	This is a local function that is called by NSDB during user
- *	database enumeration.  It decodes user records into user
- *	objects, and presents them to the caller of nsadbEnumerateUsers(),
- *	via the specified call-back function.  The call-back function
- *	return value may be a negative error code, which will cause
- *	enumeration to stop, and the error code will be returned from
- *	nsadbEnumerateUsers().  If the return value of the call-back
- *	function is not negative, it can contain one or more of the
- *	following flags:
- *
- *		ADBF_KEEPOBJ	- do not free the UserObj_t structure
- *				  that was passed to the call-back function
- *		ADBF_STOPENUM	- stop the enumeration without an error
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	parg			- pointer to UserEnumArgs_t structure
- *	namelen			- user record key length including null
- *				  terminator
- *	name			- user record key (user account name)
- *	reclen			- length of user record
- *	recptr			- pointer to user record contents
- *
- * Returns:
- *
- *	If the call-back returns a negative result, that value is
- *	returned.  If the call-back returns ADBF_STOPENUM, then
- *	-1 is returned, causing the enumeration to stop.  Otherwise
- *	the return value is zero.
- */
-
-typedef struct EnumUserArgs_s EnumUserArgs_t;
-struct EnumUserArgs_s {
-    void * authdb;
-    int (*func)(NSErr_t * ferrp,
-		void * authdb, void * argp, UserObj_t * uoptr);
-    void * user;
-    int rv;
-};
-
-static int nsadbEnumUsersHelp(NSErr_t * errp, void * parg,
-			      int namelen, char * name,
-			      int reclen, char * recptr)
-{
-    EnumUserArgs_t * ue = (EnumUserArgs_t *)parg;
-    UserObj_t * uoptr;			/* user object pointer */
-    int rv;
-
-    uoptr = userDecode((NTS_t)name, reclen, (ATR_t)recptr);
-    if (uoptr != 0) {
-	rv = (*ue->func)(errp, ue->authdb, ue->user, uoptr);
-	if (rv >= 0) {
-
-	    /* Count the number of users seen */
-	    ue->rv += 1;
-
-	    /* Free the user object unless the call-back says not to */
-	    if (!(rv & ADBF_KEEPOBJ)) {
-		userFree(uoptr);
-	    }
-	    /* Return either 0 or -1, depending on ADBF_STOPENUM */
-	    rv = (rv & ADBF_STOPENUM) ? -1 : 0;
-	}
-	else {
-	    /* Free the user object in the event of an error */
-	    userFree(uoptr);
-
-	    /* Also return the error code */
-	    ue->rv = rv;
-	}
-    }
-
-    return rv;
-}
-
-/*
- * Description (nsadbEnumGroupsHelp)
- *
- *	This is a local function that is called by NSDB during group
- *	database enumeration.  It decodes group records into group
- *	objects, and presents them to the caller of nsadbEnumerateGroups(),
- *	via the specified call-back function.  The call-back function
- *	return value may be a negative error code, which will cause
- *	enumeration to stop, and the error code will be returned from
- *	nsadbEnumerateGroups().  If the return value of the call-back
- *	function is not negative, it can contain one or more of the
- *	following flags:
- *
- *		ADBF_KEEPOBJ	- do not free the GroupObj_t structure
- *				  that was passed to the call-back function
- *		ADBF_STOPENUM	- stop the enumeration without an error
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	parg			- pointer to GroupEnumArgs_t structure
- *	namelen			- group record key length including null
- *				  terminator
- *	name			- group record key (group name)
- *	reclen			- length of group record
- *	recptr			- pointer to group record contents
- *
- * Returns:
- *
- *	If the call-back returns a negative result, that value is
- *	returned.  If the call-back returns ADBF_STOPENUM, then
- *	-1 is returned, causing the enumeration to stop.  Otherwise
- *	the return value is zero.
- */
-
-typedef struct EnumGroupArgs_s EnumGroupArgs_t;
-struct EnumGroupArgs_s {
-    void * authdb;
-    int (*func)(NSErr_t * ferrp,
-		void * authdb, void * argp, GroupObj_t * goptr);
-    void * user;
-    int rv;
-};
-
-static int nsadbEnumGroupsHelp(NSErr_t * errp, void * parg,
-			       int namelen, char * name,
-			       int reclen, char * recptr)
-{
-    EnumGroupArgs_t * eg = (EnumGroupArgs_t *)parg;
-    GroupObj_t * goptr;			/* group object pointer */
-    int rv;
-
-    goptr = groupDecode((NTS_t)name, reclen, (ATR_t)recptr);
-    if (goptr != 0) {
-	rv = (*eg->func)(errp, eg->authdb, eg->user, goptr);
-	if (rv >= 0) {
-
-	    /* Count the number of groups seen */
-	    eg->rv += 1;
-
-	    /* Free the group object unless the call-back says not to */
-	    if (!(rv & ADBF_KEEPOBJ)) {
-		groupFree(goptr);
-	    }
-	    /* Return either 0 or -1, depending on ADBF_STOPENUM */
-	    rv = (rv & ADBF_STOPENUM) ? -1 : 0;
-	}
-	else {
-	    /* Free the group object in the event of an error */
-	    groupFree(goptr);
-
-	    /* Also return the error code */
-	    eg->rv = rv;
-	}
-    }
-
-    return rv;
-}
-
-NSPR_BEGIN_EXTERN_C
-
-/*
- * Description (nsadbAddGroupToGroup)
- *
- *	This function adds a child group, C, to the definition of a
- *	parent group P.  This involves updating the group entries of
- *	C and P in the group database.  It also involves updating
- *	the group lists of any user descendants of C, to reflect the
- *	fact that these users are now members of P and P's ancestors.
- *	A check is made for an attempt to create a cycle in the group
- *	hierarchy, and this is rejected as an error.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	pgoptr			- pointer to parent group object
- *	cgoptr			- pointer to child group object
- *
- * Returns:
- *
- *	The return value is zero if group C was not already a direct
- *	member of group P, and was added successfully.  A return value
- *	of +1 indicates that group C was already a direct member of
- *	group P.  A negative return value indicates an error.
- */
-
-NSAPI_PUBLIC int nsadbAddGroupToGroup(NSErr_t * errp, void * authdb,
-			 GroupObj_t * pgoptr, GroupObj_t * cgoptr)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    USIList_t gsuper;		/* list of ancestors of group P */
-    USIList_t dglist;		/* descendant groups of C */
-    GroupObj_t * dgoptr;	/* descendant group object pointer */
-    UserObj_t * uoptr;		/* user object pointer */
-    USI_t id;			/* current descendant group id */
-    int usercount;		/* count of users for descendant */
-    USI_t * userlist;		/* pointer to array of descendant user ids */
-    USI_t * idlist;		/* pointer to array of descendant group ids */
-    int pass;			/* loop pass number */
-    int i;			/* loop index */
-    int rv;			/* result value */
-
-    /* Is C a direct member of P already? */
-    if (usiPresent(&pgoptr->go_groups, cgoptr->go_gid)) {
-	/* Yes, indicate that */
-	return 0;
-    }
-
-    dgoptr = 0;
-    uoptr = 0;
-
-    /* Initialize a list of the group descendants of group C */
-    UILINIT(&dglist);
-
-    /* Initialize a list of P and its ancestors */
-    UILINIT(&gsuper);
-
-    /* Add P to the ancestor list */
-    rv = usiInsert(&gsuper, pgoptr->go_gid);
-    if (rv < 0) goto punt;
-
-    /* Open user database since the group lists of users may be modified */
-    rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
-    if (rv < 0) goto punt;
-
-    /* Open group database since group entries will be modified */
-    rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
-    if (rv < 0) goto punt;
-
-    /* Merge all the ancestors of group P into the list */
-    rv = nsadbSuperGroups(errp, authdb, pgoptr, &gsuper);
-    if (rv < 0) goto punt;
-
-    /*
-     * Each pass through the following loop visits C and all of C's
-     * descendant groups.
-     *
-     * The first pass checks to see if making group C a member of
-     * group P would create a cycle in the group structure.  It does
-     * this by examining C and all of its dependents to see if any
-     * appear in the list containing P and P's ancestors.
-     *
-     * The second pass updates the group lists of all users contained
-     * in group C to include P and P's ancestors.
-     */
-
-    for (pass = 1; pass < 3; ++pass) {
-
-	/* Use the group C as the first descendant */
-	id = cgoptr->go_gid;
-	dgoptr = cgoptr;
-
-	for (;;) {
-
-	    if (pass == 1) {
-		/*
-		 * Check for attempt to create a cycle in the group
-		 * hierarchy.  See if this descendant is a member of
-		 * the list of P and P's ancestors (gsuper).
-		 */
-		if (usiPresent(&gsuper, id)) {
-		    /*
-		     * Error - operation would create a cycle
-		     * in the group structure.
-		     */
-		    return -1;
-		}
-	    }
-	    else {
-
-		/*
-		 * Merge the list of ancestors of P (gsuper) with the
-		 * group lists of any direct user members of the current
-		 * descendant group, referenced by dgoptr.
-		 */
-
-		/* Get direct user member list size and pointer */
-		usercount = UILCOUNT(&dgoptr->go_users);
-		userlist = UILLIST(&dgoptr->go_users);
-
-		/* For each direct user member of this descendant ... */
-		for (i = 0; i < usercount; ++i) {
-
-		    /* Get a user object for the user */
-		    uoptr = userFindByUid(errp,
-					  adb->adb_userdb, userlist[i]);
-		    if (uoptr == 0) {
-			/*
-			 * Error - user not found,
-			 * databases are inconsistent.
-			 */
-			rv = -1;
-			goto punt;
-		    }
-
-		    /* Merge gsuper into the user's group list */
-		    rv = uilMerge(&uoptr->uo_groups, &gsuper);
-		    if (rv < 0) goto punt;
-
-		    /* Write out the user object */
-		    uoptr->uo_flags |= UOF_MODIFIED;
-		    rv = userStore(errp, adb->adb_userdb, 0, uoptr);
-		    if (rv) goto punt;
-
-		    /* Free the user object */
-		    userFree(uoptr);
-		    uoptr = 0;
-		}
-	    }
-
-	    /*
-	     * Merge the direct member groups of the current descendant
-	     * group into the list of descendants to be processed.
-	     */
-	    rv = uilMerge(&dglist, &dgoptr->go_groups);
-	    if (rv < 0) goto punt;
-
-	    /* Free the group object for the current descendant */
-	    if (dgoptr != cgoptr) {
-		groupFree(dgoptr);
-		dgoptr = 0;
-	    }
-
-	    /* Exit the loop if the descendant list is empty */
-	    if (UILCOUNT(&dglist) <= 0) break;
-
-	    /* Otherwise remove the next descendant from the list */
-	    idlist = UILLIST(&dglist);
-	    id = idlist[0];
-	    rv = usiRemove(&dglist, id);
-	    if (rv < 0) goto punt;
-
-	    /* Now get a group object for this descendant group */
-	    dgoptr = groupFindByGid(errp, adb->adb_groupdb, id);
-	    if (dgoptr == 0) {
-		/* Error - group not found, databases are inconsistent */
-		rv = -1;
-		goto punt;
-	    }
-	}
-    }
-
-    /* Now add C to P's list of member groups */
-    rv = usiInsert(&pgoptr->go_groups, cgoptr->go_gid);
-    if (rv < 0) goto punt;
-
-    /* Add P to C's list of parent groups */
-    rv = usiInsert(&cgoptr->go_pgroups, pgoptr->go_gid);
-    if (rv < 0) goto punt;
-
-    /* Update the database entry for group C */
-    cgoptr->go_flags |= GOF_MODIFIED;
-    rv = groupStore(errp, adb->adb_groupdb, 0, cgoptr);
-    if (rv) goto punt;
-
-    /* Update the database entry for group P */
-    pgoptr->go_flags |= GOF_MODIFIED;
-    rv = groupStore(errp, adb->adb_groupdb, 0, pgoptr);
-
-    return rv;
-
-  punt:
-    /* Handle errors */
-    UILFREE(&gsuper);
-    UILFREE(&dglist);
-    if (dgoptr) {
-	groupFree(dgoptr);
-    }
-    if (uoptr) {
-	userFree(uoptr);
-    }
-    return rv;
-}
-
-/*
- * Description (nsadbAddUserToGroup)
- *
- *	This function adds a user to a group definition.  This involves
- *	updating the group entry in the group database, and the user
- *	entry in the user database.  The caller provides a pointer to
- *	a user object for the user to be added, a pointer to a group
- *	object for the group being modified, and a handle for the
- *	authentication databases (from nsadbOpen()).
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	goptr			- pointer to group object
- *	uoptr			- pointer to user object
- *
- * Returns:
- *
- *	The return value is zero if the user was not already a direct
- *	member of the group, and was added successfully.  A return value
- *	of +1 indicates that the user was already a direct member of the
- *	group.  A negative return value indicates an error.
- */
-
-NSAPI_PUBLIC int nsadbAddUserToGroup(NSErr_t * errp, void * authdb,
-			GroupObj_t * goptr, UserObj_t * uoptr)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    USIList_t nglist;		/* new group list for specified user */
-    USIList_t gsuper;		/* groups containing+ the specified group */
-    GroupObj_t * aoptr;		/* group object for 'id' group */
-    USI_t * idlist;		/* pointer to gsuper gid array */
-    USI_t id;			/* current gid from gsuper */
-    int rv;			/* result value */
-
-    /* Is the user already a direct member of the group? */
-    if (usiPresent(&goptr->go_users, uoptr->uo_uid)) {
-
-	/* Yes, nothing to do */
-	return 1;
-    }
-
-    /*
-     * The user object contains a list of all of the groups that contain
-     * the user, either directly or indirectly.  We need to add the
-     * specified group and its ancestors to this list.  Each group contains
-     * a list of the group's parents, which is used to locate all of the
-     * group's ancestors.  As an optimization, we need not consider any
-     * ancestors which are already on the user's current group list.
-     */
-
-    /*
-     * The following loop will deal with two lists of group ids.  One
-     * is the list that will become the new group list for the user,
-     * which is initialized to the user's current group list.  The other
-     * is a list of ancestors of the group to be considered for addition
-     * to the user's group list.  This list is initialized to the specified
-     * group.
-     */
-
-    /* Initialize both lists to be empty */
-    UILINIT(&nglist);
-    UILINIT(&gsuper);
-
-    /* Make a copy of the user's current group list */
-    rv = uilDuplicate(&nglist, &uoptr->uo_groups);
-    if (rv < 0) goto punt;
-
-    /* Start the other list with the specified group */
-    rv = usiInsert(&gsuper, goptr->go_gid);
-    if (rv < 0) goto punt;
-
-    /* Open user database since the group lists of users may be modified */
-    rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
-    if (rv < 0) goto punt;
-
-    /* Open group database since group entries will be modified */
-    rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
-    if (rv < 0) goto punt;
-
-    /* While entries remain on the ancestor list */
-    while (UILCOUNT(&gsuper) > 0) {
-
-	/* Get pointer to array of ancestor group ids */
-	idlist = UILLIST(&gsuper);
-
-	/* Remove the first ancestor */
-	id = idlist[0];
-	usiRemove(&gsuper, id);
-
-	/* Is the ancestor on the user's current group list? */
-	if (!usiPresent(&uoptr->uo_groups, id)) {
-
-	    /* No, add its parents to the ancestor list */
-
-	    /* Look up the ancestor group (get a group object for it) */
-	    aoptr = groupFindByGid(errp, adb->adb_groupdb, id);
-	    if (aoptr == 0) {
-		/* Error - group not found, database inconsistent */
-		rv = -1;
-		goto punt;
-	    }
-
-	    /* Merge the ancestors parents into the ancestor list */
-	    rv = uilMerge(&gsuper, &aoptr->go_pgroups);
-
-	    /* Lose the ancestor group object */
-	    groupFree(aoptr);
-
-	    /* See if the merge worked */
-	    if (rv < 0) goto punt;
-	}
-
-	/* Add the ancestor to the new group list for the user */
-	rv = usiInsert(&nglist, id);
-	if (rv < 0) goto punt;
-    }
-
-    /* Add the user to the group's user member list */
-    rv = usiInsert(&goptr->go_users, uoptr->uo_uid);
-    if (rv < 0) goto punt;
-
-    /* Replace the user's group list with the new one */
-    UILREPLACE(&uoptr->uo_groups, &nglist);
-    
-    /* Write out the updated user object */
-    uoptr->uo_flags |= UOF_MODIFIED;
-    rv = userStore(errp, adb->adb_userdb, 0, uoptr);
-    if (rv < 0) goto punt;
-
-    /* Write out the updated group object */
-    goptr->go_flags |= GOF_MODIFIED;
-    rv = groupStore(errp, adb->adb_groupdb, 0, goptr);
-    
-    return rv;
-
-  punt:
-    /* Handle error */
-
-    /* Free ancestor and new group lists */
-    UILFREE(&nglist);
-    UILFREE(&gsuper);
-
-    return rv;
-}
-
-/*
- * Description (nsadbCreateGroup)
- *
- *	This function creates a new group in a specified authentication
- *	database.  The group is described by a group object.  A group
- *	object can be created by calling nsadbGroupNew().
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	goptr			- pointer to group object
- *
- * Returns:
- */
-
-NSAPI_PUBLIC int nsadbCreateGroup(NSErr_t * errp, void * authdb, GroupObj_t * goptr)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    int rv;
-
-    /* Open the group database for write access */
-    rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
-    if (rv < 0) goto punt;
-
-    /* Add this group to the database */
-    rv = groupStore(errp, adb->adb_groupdb, 0, goptr);
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (nsadbCreateUser)
- *
- *	This function creates a new user in a specified authentication
- *	database.  The user is described by a user object.  A user
- *	object can be created by calling nsadbUserNew().
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	uoptr			- pointer to user object
- *
- * Returns:
- */
-
-NSAPI_PUBLIC int nsadbCreateUser(NSErr_t * errp, void * authdb, UserObj_t * uoptr)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    int rv;
-
-    /* Open the user database for write access */
-    rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
-    if (rv < 0) goto punt;
-
-    /* Add this user to the database */
-    rv = userStore(errp, adb->adb_userdb, 0, uoptr);
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (nsadbEnumerateUsers)
- *
- *	This function is called to enumerate all of the users in a
- *	given authentication database to a call-back function specified
- *	by the caller.  The call-back function is provided with a
- *	handle for the authentication database, an opaque value provided
- *	by the caller, and a pointer to a user object.  See the
- *	description of nsadbEnumUsersHelp above for the interpretation
- *	of the call-back function's return value.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	argp			- opaque value for call-back function
- *	func			- pointer to call-back function
- *
- * Returns:
- *
- *	If the call-back function returns a negative error code, this
- *	value is returned.  A negative value may also be returned if
- *	nsadb encounters an error.  Otherwise the result is the number
- *	of users enumerated.
- */
-
-NSAPI_PUBLIC int nsadbEnumerateUsers(NSErr_t * errp, void * authdb, void * argp,
-#ifdef UnixWare
-	ArgFn_EnumUsers func) /* for ANSI C++ standard, see nsamgmt.h */
-#else
-	int (*func)(NSErr_t * ferrp, void * authdb, void * parg, UserObj_t * uoptr))
-#endif
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    EnumUserArgs_t args;		/* arguments for enumeration helper */
-    int rv;				/* result value */
-
-    /* Open the users subdatabase for read access */
-    rv = nsadbOpenUsers(errp, authdb, ADBF_UREAD);
-    if (rv < 0) goto punt;
-
-    args.authdb = authdb;
-    args.func = func;
-    args.user = argp;
-    args.rv = 0;
-
-    rv = ndbEnumerate(errp, adb->adb_userdb,
-		      NDBF_ENUMNORM, (void *)&args, nsadbEnumUsersHelp);
-    if (rv < 0) goto punt;
-
-    rv = args.rv;
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (nsadbEnumerateGroups)
- *
- *	This function is called to enumerate all of the groups in a
- *	given authentication database to a call-back function specified
- *	by the caller.  The call-back function is provided with a
- *	handle for the authentication database, an opaque value provided
- *	by the caller, and a pointer to a group object.  See the
- *	description of nsadbEnumGroupsHelp above for the interpretation
- *	of the call-back function's return value.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	argp			- opaque value for call-back function
- *	func			- pointer to call-back function
- *
- * Returns:
- *
- *	If the call-back function returns a negative error code, this
- *	value is returned.  A negative value may also be returned if
- *	nsadb encounters an error.  Otherwise the result is the number
- *	of groups enumerated.
- */
-
-NSAPI_PUBLIC int nsadbEnumerateGroups(NSErr_t * errp, void * authdb, void * argp,
-#ifdef UnixWare
-	ArgFn_EnumGroups func) /* for ANSI C++ standard, see nsamgmt.h */
-#else
-	int (*func)(NSErr_t * ferrp, void * authdb, void * parg, GroupObj_t * goptr))
-#endif
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    EnumGroupArgs_t args;
-    int rv;				/* result value */
-
-    /* Open group database for read access */
-    rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD);
-    if (rv < 0) goto punt;
-
-    args.authdb = authdb;
-    args.func = func;
-    args.user = argp;
-    args.rv = 0;
-
-    rv = ndbEnumerate(errp, adb->adb_groupdb,
-		      NDBF_ENUMNORM, (void *)&args, nsadbEnumGroupsHelp);
-    if (rv < 0) goto punt;
-
-    rv = args.rv;
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (nsadbIsUserInGroup)
- *
- *	This function tests whether a given user id is a member of the
- *	group associated with a specified group id.  The caller may
- *	provide a list of group ids for groups to which the user is
- *	already known to belong, and this may speed up the check.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	uid			- user id
- *	gid			- group id
- *	ngroups			- number of group ids in grplist
- *	grplist			- groups the user is known to belong to
- *
- * Returns:
- *
- *	The return value is +1 if the user is found to belong to the
- *	indicated group, or 0 if the user does not belong to the group.
- *	An error is indicated by a negative return value.
- */
-
-NSAPI_PUBLIC int nsadbIsUserInGroup(NSErr_t * errp, void * authdb,
-		       USI_t uid, USI_t gid, int ngroups, USI_t * grplist)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    USIList_t dglist;			/* descendant group list */
-    GroupObj_t * goptr = 0;		/* group object pointer */
-    USI_t * idlist;			/* pointer to array of group ids */
-    USI_t tgid;				/* test group id */
-    int i;				/* loop index */
-    int rv;				/* result value */
-
-    UILINIT(&dglist);
-
-    /* Open group database for read access */
-    rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD);
-    if (rv < 0) goto punt;
-
-    for (tgid = gid;;) {
-
-	/* Get a group object for this group id */
-	goptr = groupFindByGid(errp, adb->adb_groupdb, tgid);
-	if (goptr == 0) {
-	    /* Error - group id not found, databases are inconsistent */
-	    rv = -1;
-	    goto punt;
-	}
-
-	/* Is the user a direct member of this group? */
-	if (usiPresent(&goptr->go_users, uid)) goto is_member;
-
-	/*
-	 * Is there any group to which the user is already known to
-	 * belong that is a direct group member of this group?  If so,
-	 * the user is also a member of this group.
-	 */
-
-	/* Scan list of groups to which the user is known to belong */
-	for (i = 0; i < ngroups; ++i) {
-
-	    if (usiPresent(&goptr->go_groups, grplist[i])) goto is_member;
-	}
-
-	/* Merge group member list of this group with descendants list */
-	rv = uilMerge(&dglist, &goptr->go_groups);
-	if (rv < 0) goto punt;
-
-	/*
-	 * If descendants list is empty, the user is not contained in
-	 * the specified group.
-	 */
-	if (UILCOUNT(&dglist) <= 0) {
-	    rv = 0;
-	    goto punt;
-	}
-
-	/* Remove the next id from the descendants list */
-	idlist = UILLIST(&dglist);
-	tgid = idlist[0];
-
-	rv = usiRemove(&dglist, tgid);
-	if (rv < 0) goto punt;
-
-	groupFree(goptr);
-	goptr = 0;
-    }
-
-  is_member:
-    rv = 1;
-
-  punt:
-    if (goptr) {
-	groupFree(goptr);
-    }
-    UILFREE(&dglist);
-    return rv;
-}
-
-/*
- * Description (nsadbModifyGroup)
- *
- *	This function is called to write modifications to a group to
- *	a specified authentication database.  The group is assumed to
- *	already exist in the database.  Information about the group
- *	is passed in a group object.  This function should not be used
- *	to alter the lists of group members or parents.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	goptr			- pointer to modified group object
- *
- * Returns:
- *
- *	The return value is zero if the group information is successfully
- *	updated.  An error is indicated by a negative return value, and
- *	an error frame is generated if an error frame list is provided.
- */
-
-NSAPI_PUBLIC int nsadbModifyGroup(NSErr_t * errp, void * authdb, GroupObj_t * goptr)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    int rv;
-
-    rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
-    if (rv < 0) goto punt;
-
-    rv = groupStore(errp, adb->adb_groupdb, 0, goptr);
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (nsadbModifyUser)
- *
- *	This function is called to write modifications to a user to
- *	a specified authentication database.  The user is assumed to
- *	already exist in the database.  Information about the user
- *	is passed in a user object.  This function should not be used
- *	to modify the list of groups which contain the user.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	uoptr			- pointer to modified user object
- *
- * Returns:
- *
- *	The return value is zero if the user information is successfully
- *	updated.  An error is indicated by a negative return value, and
- *	an error frame is generated if an error frame list is provided.
- */
-
-NSAPI_PUBLIC int nsadbModifyUser(NSErr_t * errp, void * authdb, UserObj_t * uoptr)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    int rv;
-
-    rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
-    if (rv < 0) goto punt;
-
-    rv = userStore(errp, adb->adb_userdb, 0, uoptr);
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (nsadbRemoveGroup)
- *
- *	This function is called to remove a given group name from
- *	a specified authentication database.  This can cause updates
- *	to both the user and group subdatabases.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	name			- pointer to name of group to remove
- *
- * Returns:
- *
- *	The return value is zero if the group information is successfully
- *	removed.  An error is indicated by a negative return value, and
- *	an error frame is generated if an error frame list is provided.
- */
-
-NSAPI_PUBLIC int nsadbRemoveGroup(NSErr_t * errp, void * authdb, char * name)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    UserObj_t * uoptr = 0;		/* user object pointer */
-    GroupObj_t * goptr = 0;		/* group object pointer */
-    GroupObj_t * ogoptr = 0;		/* other group object pointer */
-    char * ugname;			/* user or group name */
-    USI_t * list;			/* pointer into user/group id list */
-    int cnt;				/* count of user or group ids */
-    int i;				/* loop index */
-    int eid;				/* error id code */
-    int rv;				/* result value */
-
-    /* Open the groups subdatabase for write access */
-    rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
-    if (rv < 0) goto punt;
-
-    /* Look up the group to be removed, and get a group object */
-    rv = nsadbFindByName(errp, authdb, name, AIF_GROUP, (void **)&goptr);
-    if (rv != AIF_GROUP) {
-	if (rv < 0) goto punt;
-	goto err_nogroup;
-    }
-
-    /* Mark the group for delete */
-    goptr->go_flags |= GOF_DELPEND;
-
-    /* Does the specified group belong to any groups? */
-    cnt = UILCOUNT(&goptr->go_pgroups);
-    if (cnt > 0) {
-
-	/* Yes, for each parent group ... */
-	for (i = 0; i < cnt; ++i) {
-
-	    /* Note that nsadbRemGroupFromGroup() will shrink this list */
-	    list = UILLIST(&goptr->go_pgroups);
-
-	    /* Get group name associated with the group id */
-	    rv = nsadbIdToName(errp, authdb, *list, AIF_GROUP, &ugname);
-	    if (rv < 0) goto punt;
-
-	    /* Look up the group by name and get a group object for it */
-	    rv = nsadbFindByName(errp,
-				 authdb, ugname, AIF_GROUP, (void **)&ogoptr);
-	    if (rv < 0) goto punt;
-
-	    /* Remove the specified group from the parent group */
-	    rv = nsadbRemGroupFromGroup(errp, authdb, ogoptr, goptr);
-	    if (rv < 0) goto punt;
-
-	    /* Free the parent group object */
-	    groupFree(ogoptr);
-	    ogoptr = 0;
-	}
-    }
-
-    /* Are there any group members of this group? */
-    cnt = UILCOUNT(&goptr->go_groups);
-    if (cnt > 0) {
-
-	/* For each group member of the group ... */
-
-	for (i = 0; i < cnt; ++i) {
-
-	    /* Note that nsadbRemGroupFromGroup() will shrink this list */
-	    list = UILLIST(&goptr->go_groups);
-
-	    /* Get group name associated with the group id */
-	    rv = nsadbIdToName(errp, authdb, *list, AIF_GROUP, &ugname);
-	    if (rv < 0) goto punt;
-
-	    /* Look up the group by name and get a group object for it */
-	    rv = nsadbFindByName(errp,
-				 authdb, ugname, AIF_GROUP, (void **)&ogoptr);
-	    if (rv < 0) goto punt;
-
-	    /* Remove member group from the specified group */
-	    rv = nsadbRemGroupFromGroup(errp, authdb, goptr, ogoptr);
-	    if (rv < 0) goto punt;
-
-	    /* Free the member group object */
-	    groupFree(ogoptr);
-	    ogoptr = 0;
-	}
-    }
-
-    /* Are there any direct user members of this group? */
-    cnt = UILCOUNT(&goptr->go_users);
-    if (cnt > 0) {
-
-	/* Yes, open users subdatabase for write access */
-	rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
-	if (rv < 0) goto punt;
-
-	/* For each user member of the group ... */
-	for (i = 0; i < cnt; ++i) {
-
-	    /* Note that nsadbRemUserFromGroup() will shrink this list */
-	    list = UILLIST(&goptr->go_users);
-
-	    /* Get user name associated with the user id */
-	    rv = nsadbIdToName(errp, authdb, *list, AIF_USER, &ugname);
-	    if (rv < 0) goto punt;
-
-	    /* Look up the user by name and get a user object for it */
-	    rv = nsadbFindByName(errp,
-				 authdb, ugname, AIF_USER, (void **)&uoptr);
-	    if (rv < 0) goto punt;
-
-	    /* Remove user from the group */
-	    rv = nsadbRemUserFromGroup(errp, authdb, goptr, uoptr);
-	    if (rv < 0) goto punt;
-
-	    /* Free the member user object */
-	    userFree(uoptr);
-	    uoptr = 0;
-	}
-    }
-
-    /* Free the group object for the specified group */
-    groupFree(goptr);
-    goptr = 0;
-
-    /* Now we can remove the group entry */
-    rv = groupRemove(errp, adb->adb_groupdb, 0, (NTS_t)name);
-
-    return rv;
-
-  err_nogroup:
-    eid = NSAUERR4100;
-    rv = NSAERRNAME;
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 2, adb->adb_dbname, name);
-    goto punt;
-
-  punt:
-    /* Free any user or group objects that we created */
-    if (ogoptr != 0) {
-	groupFree(ogoptr);
-    }
-    if (uoptr != 0) {
-	userFree(uoptr);
-    }
-    if (goptr != 0) {
-	groupFree(goptr);
-    }
-    return rv;
-}
-
-/*
- * Description (nsadbRemoveUser)
- *
- *	This function is called to remove a given user name from
- *	a specified authentication database.  This can cause updates
- *	to both the user and user subdatabases.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	name			- pointer to name of user to remove
- *
- * Returns:
- *
- *	The return value is zero if the user information is successfully
- *	removed.  An error is indicated by a negative return value, and
- *	an error frame is generated if an error frame list is provided.
- */
-
-NSAPI_PUBLIC int nsadbRemoveUser(NSErr_t * errp, void * authdb, char * name)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    UserObj_t * uoptr = 0;		/* user object pointer */
-    GroupObj_t * goptr = 0;		/* group object pointer */
-    char * gname;			/* group name */
-    USI_t * list;			/* pointer into group id list */
-    int gcnt;				/* number of groups containing user */
-    int i;				/* loop index */
-    int eid;				/* error id code */
-    int rv;				/* result value */
-
-    /* Open the users subdatabase for write access */
-    rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
-    if (rv < 0) goto punt;
-
-    /* Look up the user to be removed, and get a user object */
-    rv = nsadbFindByName(errp, authdb, name, AIF_USER, (void **)&uoptr);
-    if (rv != AIF_USER) {
-	if (rv < 0) goto punt;
-	goto err_nouser;
-    }
-
-    /* Mark the user for delete */
-    uoptr->uo_flags |= UOF_DELPEND;
-
-    /* Does this user belong to any groups? */
-    gcnt = UILCOUNT(&uoptr->uo_groups);
-    if (gcnt > 0) {
-
-	/* Yes, get pointer to list of group ids */
-	list = UILLIST(&uoptr->uo_groups);
-
-	/* Open groups subdatabase for write access */
-	rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
-	if (rv < 0) goto punt;
-
-	/* For each group that the user belongs to ... */
-	for (i = 0; i < gcnt; ++i) {
-
-	    /* Get group name associated with the group id */
-	    rv = nsadbIdToName(errp, authdb, *list, AIF_GROUP, &gname);
-	    if (rv < 0) goto punt;
-
-	    /* Look up the group by name and get a group object for it */
-	    rv = nsadbFindByName(errp,
-				 authdb, gname, AIF_GROUP, (void **)&goptr);
-	    if (rv < 0) goto punt;
-
-	    /* Remove user from group if it's a direct member */
-	    rv = nsadbRemUserFromGroup(errp, authdb, goptr, uoptr);
-	    if (rv < 0) goto punt;
-
-	    /* Free the group object */
-	    groupFree(goptr);
-	    goptr = 0;
-
-	    ++list;
-	}
-    }
-
-#ifdef CLIENT_AUTH
-    /* Remove certificate mapping for user, if any */
-    rv = nsadbRemoveUserCert(errp, authdb, name);
-#endif
-
-    /* Free the user object */
-    userFree(uoptr);
-
-    /* Now we can remove the user entry */
-    rv = userRemove(errp, adb->adb_userdb, 0, (NTS_t)name);
-
-    return rv;
-
-  err_nouser:
-    eid = NSAUERR4000;
-    rv = NSAERRNAME;
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 2, adb->adb_dbname, name);
-    goto punt;
-
-  punt:
-    if (goptr != 0) {
-	groupFree(goptr);
-    }
-    if (uoptr != 0) {
-	userFree(uoptr);
-    }
-    return rv;
-}
-
-/*
- * Description (nsadbRemGroupFromGroup)
- *
- *	This function removes a given group C from a parent group P.
- *	The group C must be a direct member of the group P.  However,
- *	group C may also be a member of one or more of P's ancestor or
- *	descendant groups, and this function deals with that.  The
- *	group entries for C and P are updated in the group database.
- *	But the real work is updating the groups lists of all of the
- *	users contained in C.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	pgoptr			- pointer to parent group object
- *	cgoptr			- pointer to child group object
- *
- * Returns:
- *
- *	The return value is zero if group C was a direct member of
- *	group P, and was removed successfully.  A return value of +1
- *	indicates that group C was not a direct member of the group P.
- *	A negative return value indicates an error.
- */
-
-NSAPI_PUBLIC int nsadbRemGroupFromGroup(NSErr_t * errp, void * authdb,
-			   GroupObj_t * pgoptr, GroupObj_t * cgoptr)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    USIList_t dglist;		/* list of descendant groups of C */
-    GroupObj_t * dgoptr;	/* descendant group object pointer */
-    UserObj_t * uoptr;		/* user object pointer */
-    USI_t * gidlist;		/* pointer to group id array */
-    USI_t * userlist;		/* pointer to array of descendant user ids */
-    USI_t dgid;			/* descendant group id */
-    int iusr;			/* index on descendant user list */
-    int usercnt;		/* count of descendant users */
-    int igrp;			/* index of group in user group id list */
-    int rv;			/* result value */
-
-    dgoptr = 0;
-    uoptr = 0;
-
-    /* Initialize a list of descendant groups of C */
-    UILINIT(&dglist);
-
-    /* Is group C a direct member of group P? */
-    if (!usiPresent(&pgoptr->go_groups, cgoptr->go_gid)) {
-
-	/* No, nothing to do */
-	return 1;
-    }
-
-    /* Remove group C from group P's group member list */
-    rv = usiRemove(&pgoptr->go_groups, cgoptr->go_gid);
-    if (rv < 0) goto punt;
-
-    /* Remove group P from group C's parent group list */
-    rv = usiRemove(&cgoptr->go_pgroups, pgoptr->go_gid);
-    if (rv < 0) goto punt;
-
-    /* Open user database since the group lists of users may be modified */
-    rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
-    if (rv < 0) goto punt;
-
-    /* Open group database since group entries will be modified */
-    rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
-    if (rv < 0) goto punt;
-
-    /* Write out the updated group C object */
-    cgoptr->go_flags |= GOF_MODIFIED;
-    rv = groupStore(errp, adb->adb_groupdb, 0, cgoptr);
-    if (rv) goto punt;
-
-    /* Write out the updated group P object */
-    pgoptr->go_flags |= GOF_MODIFIED;
-    rv = groupStore(errp, adb->adb_groupdb, 0, pgoptr);
-    if (rv) goto punt;
-
-    /* Now check the group lists of all users contained in group C */
-    dgoptr = cgoptr;
-    dgid = cgoptr->go_gid;
-
-    for (;;) {
-
-	/* Scan the direct user members of this descendant group */
-	usercnt = UILCOUNT(&dgoptr->go_users);
-	userlist = UILLIST(&dgoptr->go_users);
-
-	for (iusr = 0; iusr < usercnt; ++iusr) {
-
-	    /* Get a user object for this user member */
-	    uoptr = userFindByUid(errp, adb->adb_userdb, userlist[iusr]);
-	    if (uoptr == 0) {
-		/* Error - user id not found, databases are inconsistent */
-		rv = -1;
-		goto punt;
-	    }
-
-	    /* Scan the group list for this user */
-	    for (igrp = 0; igrp < UILCOUNT(&uoptr->uo_groups); ) {
-
-		gidlist = UILLIST(&uoptr->uo_groups);
-
-		/* Is the user a member of this group? */
-		if (nsadbIsUserInGroup(errp, authdb,
-				       uoptr->uo_uid, gidlist[igrp],
-				       igrp, gidlist)) {
-
-		    /* Yes, step to next group id */
-		    ++igrp;
-		}
-		else {
-		    /*
-		     * No, remove it from the user's list of groups.  The
-		     * next group id to consider will be shifted into the
-		     * igrp position when the current id is removed.
-		     */
-		    rv = usiRemove(&uoptr->uo_groups, gidlist[igrp]);
-		    if (rv < 0) goto punt;
-		    uoptr->uo_flags |= UOF_MODIFIED;
-		}
-	    }
-
-	    /* Write out the user object if it was changed */
-	    if (uoptr->uo_flags & UOF_MODIFIED) {
-		rv = userStore(errp, adb->adb_userdb, 0, uoptr);
-		if (rv < 0) goto punt;
-	    }
-
-	    /* Free the user object */
-	    userFree(uoptr);
-	    uoptr = 0;
-	}
-
-	/*
-	 * Merge the direct member groups of this group into the
-	 * descendants list.
-	 */
-	rv = uilMerge(&dglist, &dgoptr->go_groups);
-	if (rv < 0) goto punt;
-
-	/* Free this descendant group object */
-	if (dgoptr != cgoptr) {
-	    groupFree(dgoptr);
-	    dgoptr = 0;
-	}
-
-	/* If the descendants list is empty, we're done */
-	if (UILCOUNT(&dglist) <= 0) break;
-
-	/* Remove the next group id from the descendants list */
-	gidlist = UILLIST(&dglist);
-	dgid = gidlist[0];
-	rv = usiRemove(&dglist, dgid);
-	if (rv < 0) goto punt;
-
-	/* Get a group object for this descendant group */
-	dgoptr = groupFindByGid(errp, adb->adb_groupdb, dgid);
-	if (dgoptr == 0) {
-	    /* Error - group id not found, databases are inconsistent */
-	    rv = -1;
-	    goto punt;
-	}
-    }
-
-    UILFREE(&dglist);
-    return 0;
-
-  punt:
-    if (dgoptr) {
-	groupFree(dgoptr);
-    }
-    if (uoptr) {
-	userFree(uoptr);
-    }
-    UILFREE(&dglist);
-    return rv;
-}
-
-/*
- * Description (nsadbRemUserFromGroup)
- *
- *	This function removes a given user from a specified group G.
- *	The user must be a direct member of the group.  However, the
- *	user may also be a member of one or more of G's descendant
- *	groups, and this function deals with that.  The group entry
- *	for G is updated in the group database, with the user removed
- *	from its user member list.  The user entry is updated in the
- *	user database, with an updated list of all groups which now
- *	contain the user.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	goptr			- pointer to group object
- *	uoptr			- pointer to user object
- *
- * Returns:
- *
- *	The return value is zero if the user was a direct member of the
- *	group, and was removed successfully.  A return value of +1
- *	indicates that the user was not a direct member of the
- *	group.  A negative return value indicates an error.
- */
-
-NSAPI_PUBLIC int nsadbRemUserFromGroup(NSErr_t * errp, void * authdb,
-			  GroupObj_t * goptr, UserObj_t * uoptr)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    USI_t * idlist;		/* pointer to user group id array */
-    USI_t tgid;			/* test group id */
-    int igrp;			/* position in user group list */
-    int rv;			/* result value */
-
-    /* Is the user a direct member of the group? */
-    if (!usiPresent(&goptr->go_users, uoptr->uo_uid)) {
-
-	/* No, nothing to do */
-	return 1;
-    }
-
-    /* Remove the user from the group's user member list */
-    rv = usiRemove(&goptr->go_users, uoptr->uo_uid);
-    if (rv < 0) goto punt;
-
-    /* If the user object is pending deletion, no need to open databases */
-    if (!(uoptr->uo_flags & UOF_DELPEND)) {
-
-	/*
-	 * Open user database since the group list of the user
-	 * will be modified.
-	 */
-	rv = nsadbOpenUsers(errp, authdb, ADBF_UWRITE);
-	if (rv < 0) goto punt;
-
-	/* Open group database since group entries will be modified */
-	rv = nsadbOpenGroups(errp, authdb, ADBF_GWRITE);
-	if (rv < 0) goto punt;
-    }
-
-    /*
-     * Write out the updated group object.  This must be done here
-     * because nsadbIsUserInGroup() in the loop below will read the
-     * entry for this group, and it needs to reflect the user's
-     * removal from being a direct member of the group.  This does
-     * not preclude the possibility that the user will still be an
-     * indirect member of this group.
-     */
-    goptr->go_flags |= GOF_MODIFIED;
-    rv = groupStore(errp, adb->adb_groupdb, 0, goptr);
-    if (rv) goto punt;
-
-    /* If a delete is pending on the user, we're done */
-    if (uoptr->uo_flags & UOF_DELPEND) goto punt;
-
-    /*
-     * Begin loop to check whether user is still a member of each
-     * of the groups in its group list.  Note that the group list
-     * may shrink during an iteration of the loop.
-     */
-
-    for (igrp = 0; igrp < UILCOUNT(&uoptr->uo_groups); ) {
-
-	/* Get pointer to the user's array of group ids */
-	idlist = UILLIST(&uoptr->uo_groups);
-
-	/* Get the group id of the next group to consider */
-	tgid = idlist[igrp];
-
-	/* Is the user a member of this group? */
-	if (nsadbIsUserInGroup(errp, authdb,
-			       uoptr->uo_uid, tgid, igrp, idlist)) {
-
-	    /* Yes, step to next group id */
-	    ++igrp;
-	}
-	else {
-
-	    /*
-	     * No, remove it from the user's list of groups.  The
-	     * next group id to consider will be shifted into the
-	     * igrp position when the current id is removed.
-	     */
-	    rv = usiRemove(&uoptr->uo_groups, tgid);
-	    if (rv < 0) goto punt;
-	}
-    }
-
-    /* Write out the updated user object */
-    uoptr->uo_flags |= UOF_MODIFIED;
-    rv = userStore(errp, adb->adb_userdb, 0, uoptr);
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (nsadbSuperGroups)
- *
- *	This function builds a list of the group ids for all groups
- *	which contain, directly or indirectly, a specified group as
- *	a subgroup.  We call these the supergroups of the specified
- *	group.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle for authentication databases
- *	goptr			- pointer to group object
- *	gsuper			- pointer to list to contain supergroups
- *				  (caller must initialize)
- *
- * Returns:
- *
- *	Returns the number of elements in gsuper if successful.  An
- *	error is indicated by a negative return value.
- */
-
-NSAPI_PUBLIC int nsadbSuperGroups(NSErr_t * errp, void * authdb,
-		     GroupObj_t * goptr, USIList_t * gsuper)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    USIList_t aglist;			/* ancestor group id list */
-    GroupObj_t * aoptr;			/* ancestor group object pointer */
-    USI_t * idlist;			/* pointer to array of group ids */
-    USI_t id;				/* current group id */
-    int rv;				/* result value */
-
-    /* Initialize an empty ancestor group list */
-    UILINIT(&aglist);
-
-    /* Enter loop with specified group as first ancestor */
-    id = goptr->go_gid;
-    aoptr = goptr;
-
-    /* Open group database for read access */
-    rv = nsadbOpenGroups(errp, authdb, ADBF_GREAD);
-    if (rv < 0) goto punt;
-
-    /* Loop until the ancestor list is empty */
-    for (;;) {
-
-	/* Merge parent groups of current ancestor into ancestor list */
-	rv = uilMerge(&aglist, &aoptr->go_pgroups);
-	if (rv < 0) goto punt;
-
-	/* Also merge parent groups into the result list */
-	rv = uilMerge(gsuper, &aoptr->go_pgroups);
-	if (rv < 0) goto punt;
-
-	/* Free the ancestor group object (but not the original) */
-	if (aoptr != goptr) {
-	    groupFree(aoptr);
-	    aoptr = 0;
-	}
-
-	/* Exit the loop if the ancestor list is empty */
-	if (UILCOUNT(&aglist) <= 0) break;
-
-	/* Get pointer to array of ancestor group ids */
-	idlist = UILLIST(&aglist);
-
-	/* Remove the first ancestor */
-	id = idlist[0];
-	rv = usiRemove(&aglist, id);
-
-	/* Get a group object for the ancestor */
-	aoptr = groupFindByGid(errp, adb->adb_groupdb, id);
-	if (aoptr == 0) {
-	    /* Error - group not found, database inconsistent */
-	    rv = -1;
-	    goto punt;
-	}
-    }
-
-    return UILCOUNT(gsuper);
-
-  punt:
-    /* Handle error */
-
-    /* Free ancestor list */
-    UILFREE(&aglist);
-
-    return rv;
-}
-
-NSPR_END_EXTERN_C
-

lib/libaccess/nscert.cpp

@@ -1,963 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-/*
- * Description (nsadb.c)
- *
- *	This module contains routines for accessing and storing information
- *	in a Netscape client certificate to username database.  This
- *	database is used to associate a username with a client certificate
- *	that is presented to a server.
- */
-
-#if defined(CLIENT_AUTH)
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <base/systems.h>
-#include <netsite.h>
-#include <base/file.h>
-#include <base/fsmutex.h>
-#include <libaccess/nsdbmgmt.h>
-#define __PRIVATE_NSADB
-#include <libaccess/nsadb.h>
-#include <libaccess/nsamgmt.h>
-
-static FSMUTEX nscert_lock = 0;
-
-NSAPI_PUBLIC int nsadbCertInitialize(void)
-{
-#ifdef XP_UNIX
-    nscert_lock = fsmutex_init("NSCERTMAP", geteuid(),
-			       FSMUTEX_VISIBLE|FSMUTEX_NEEDCRIT);
-#else /* XP_WIN32 */
-    char winuser[128];
-    DWORD wulength;
-    strcpy(winuser, "NSCERTMAP_");
-    wulength = 128 - 11;
-    GetUserName(winuser+10, &wulength);
-    nscert_lock = fsmutex_init(winuser, 0,
-			       FSMUTEX_VISIBLE|FSMUTEX_NEEDCRIT);
-#endif
-    return (nscert_lock == 0) ? -1 : 0;
-}
-
-NSAPI_PUBLIC int nsadbDecodeCertRec(int reclen, char * recptr,
-				    CertObj_t * coptr)
-{
-    ATR_t cp = (ATR_t)recptr;		/* current pointer into record */
-    USI_t tag;				/* attribute tag */
-    USI_t len;				/* attribute value encoding length */
-
-    /* Parse user DB record */
-    while ((cp - (ATR_t)recptr) < reclen) {
-
-	/* Get the attribute tag */
-	cp = USIDECODE(cp, &tag);
-
-	/* Get the length of the encoding of the attribute value */
-	cp = USIDECODE(cp, &len);
-
-	/* Process this attribute */
-	switch (tag) {
-
-	  case CAT_USERNAME:	/* username associated with cert */
-	    cp = NTSDECODE(cp, (NTS_t *)&coptr->co_username);
-	    break;
-
-	  case CAT_CERTID:		/* certificate-to-user map id */
-	    cp = USIDECODE(cp, &coptr->co_certid);
-	    break;
-
-	  default:			/* unrecognized attribute */
-	    /* Just skip it */
-	    cp += len;
-	    break;
-	}
-    }
-
-    return 0;
-}
-
-/*
- * Description (nsadbDecodeCertKey)
- *
- *	This function decodes information from a certificate key.
- *	Currently a certificate key includes the DER encoding of the
- *	issuer and subject distinguished names.  This is used to
- *	uniquely identify client certificates, even across certificate
- *	renewals.  SECItems for the issuer and subject are provided
- *	by the caller.  These are updated with the pointers and lengths
- *	of DER encodings, which can be decoded using nsadbDecodeCertName()
- *	into SECName structures.  The returned SECItems refer to data
- *	in the provided key buffer.
- *
- * Arguments:
- *
- *	keylen			- length of the certificate key encoding
- *	keyptr			- buffer containing certificate key encoding
- *	issuer			- pointer to SECItem for returning issuer
- *	subject			- pointer to SECItem for returning subject
- *
- * Returns:
- *
- *	Zero is returned if no errors are encountered.  Otherwise -1.
- */
-
-NSAPI_PUBLIC int nsadbDecodeCertKey(int keylen, char * keyptr,
-				    SECItem * issuer, SECItem * subject)
-{
-    ATR_t cp = (ATR_t)keyptr;		/* current pointer into DB record */
-    USI_t len;				/* attribute value encoding length */
-    USI_t tag;				/* attribute tag */
-
-    /* Parse user DB record */
-    while ((cp - (ATR_t)keyptr) < keylen) {
-
-	/* Get the attribute tag */
-	cp = USIDECODE(cp, &tag);
-
-	/* Get the length of the encoding of the attribute value */
-	cp = USIDECODE(cp, &len);
-
-	/* Process this attribute */
-	switch (tag) {
-
-	  case KAT_ISSUER:		/* issuer DER encoding */
-	    issuer->len = len;
-	    issuer->data = cp;
-	    cp += len;
-	    break;
-
-	  case KAT_SUBJECT:		/* subject name DER encoding */
-	    subject->len = len;
-	    subject->data = cp;
-	    cp += len;
-	    break;
-
-	  default:			/* unrecognized attribute */
-	    /* Just skip it */
-	    cp += len;
-	    break;
-	}
-    }
-
-    return 0;
-}
-
-/*
- * Description (nsadbEncodeCertKey)
- *
- *	This function encodes information provided by the caller into
- *	a certificate key.  The certificate key is returned in a
- *	buffer obtained from MALLOC().
- *
- * Arguments:
- *
- *	issuer			- pointer to SECItem for issuer DER
- *	subject			- pointer to SECItem for subject DER
- *	keylen			- returned length of certificate key
- *	keyptr			- returned pointer to buffer containing
- *				  certificate key encoding
- *
- * Returns:
- *
- *	Zero is returned if no errors are encountered.  Otherwise -1.
- */
-
-NSAPI_PUBLIC int nsadbEncodeCertKey(SECItem * issuer, SECItem * subject,
-				    int * keylen, char **keyptr)
-{
-    ATR_t cp;			/* pointer into key buffer */
-    ATR_t kptr;			/* pointer to key buffer */
-    int klen;			/* length of key */
-    int rv = -1;
-
-    /* Compute length of key encoding */
-    klen = 1 + USILENGTH(issuer->len) + issuer->len +
-	   1 + USILENGTH(subject->len) + subject->len;
-
-    /* Allocate buffer to contain the key */
-    kptr = (ATR_t)MALLOC(klen);
-    if (kptr) {
-	/* Encode issuer and subject as attributes */
-	cp = kptr;
-	*cp++ = KAT_ISSUER;
-	cp = USIENCODE(cp, issuer->len);
-	memcpy(cp, issuer->data, issuer->len);
-	cp += issuer->len;
-	*cp++ = KAT_SUBJECT;
-	cp = USIENCODE(cp, subject->len);
-	memcpy(cp, subject->data, subject->len);
-	rv = 0;
-    }
-	
-    /* Return length and buffer pointer */
-    if (keylen) *keylen = klen;
-    *keyptr = (char *)kptr;
-
-    return rv;
-}
-
-/*
- * Description (nsadbEnumCertsHelp)
- *
- *	This is a local function that is called by NSDB during certificate
- *	to user database enumeration.  It decodes certificate records into
- *	CertObj_t structures, and presents them to the caller of
- *	nsadbEnumerateCerts(), via the specified call-back function.
- *	The call-back function return value may be a negative error code,
- *	which will cause enumeration to stop, and the error code will be
- *	returned from nsadbEnumerateCerts().  If the return value of the
- *	call-back function is not negative, it can contain one or more of
- *	the following flags:
- *
- *		ADBF_KEEPOBJ	- do not free the CertObj_t structure
- *				  that was passed to the call-back function
- *		ADBF_STOPENUM	- stop the enumeration without an error
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	parg			- pointer to CertEnumArgs_t structure
- *	keylen			- certificate record key length
- *	keyptr			- certificate record key
- *	reclen			- length of certificate record
- *	recptr			- pointer to certificate record contents
- *
- * Returns:
- *
- *	If the call-back returns a negative result, that value is
- *	returned.  If the call-back returns ADBF_STOPENUM, then
- *	-1 is returned, causing the enumeration to stop.  Otherwise
- *	the return value is zero.
- */
-
-typedef struct CertEnumArgs_s CertEnumArgs_t;
-struct CertEnumArgs_s {
-    int rv;			/* just a return value */
-    void * client;		/* the current key for lookup */
-    void * authdb;		/* the authentication data base */
-    CertEnumCallback func;	/* client's callback function */
-};
-
-static int nsadbEnumCertsHelp(NSErr_t * errp, void * parg,
-			      int keylen, char * keyptr,
-			      int reclen, char * recptr)
-{
-    CertEnumArgs_t * ce = (CertEnumArgs_t *)parg;
-    CertObj_t * coptr;
-    int rv = NSAERRNOMEM;
-
-    /* Allocate a CertObj_t structure and initialize it */
-    coptr = (CertObj_t *)MALLOC(sizeof(CertObj_t));
-    if (coptr) {
-
-	coptr->co_issuer.data = 0;
-	coptr->co_subject.data = 0;
-	coptr->co_username = 0;
-	coptr->co_certid = 0;
-
-	/* Decode the certificate key */
-	rv = nsadbDecodeCertKey(keylen, keyptr,
-				&coptr->co_issuer, &coptr->co_subject);
-
-	/* Decode the certificate record */
-	rv = nsadbDecodeCertRec(reclen, recptr, coptr);
-
-	/* Pass the CertObj_t to the callback function */
-	rv = (*ce->func)(errp, ce->authdb, ce->client, coptr);
-	if (rv >= 0) {
-
-	    /* Count the number of records seen */
-	    ce->rv += 1;
-
-	    /* Free the user object unless the call-back says not to */
-	    if (!(rv & ADBF_KEEPOBJ)) {
-		nsadbFreeCertObj(coptr);
-	    }
-	    /* Return either 0 or -1, depending on ADBF_STOPENUM */
-	    rv = (rv & ADBF_STOPENUM) ? -1 : 0;
-	}
-	else {
-	    /* return the error code */
-	    ce->rv = rv;
-	}
-    }
-
-    return rv;
-}
-
-/*
- * Description (nsadbEnumerateClients)
- *
- *	(See description for nsadbEnumerateUsers)
- */
-
-NSAPI_PUBLIC int nsadbEnumerateCerts(NSErr_t * errp, void * authdb,
-				     void * argp, CertEnumCallback func)
-{
-    AuthDB_t * adb = (AuthDB_t*)authdb;
-    CertEnumArgs_t helper_data;
-    int rv;
-
-    /* Open the certificate subdatabase for read access */
-    rv = nsadbOpenCerts(errp, authdb, ADBF_CREAD);
-    if (rv >= 0) {
-	helper_data.authdb = authdb;
-	helper_data.func = func;
-	helper_data.client = argp;
-	helper_data.rv = 0;
-    
-	rv = ndbEnumerate(errp, adb->adb_certdb, NDBF_ENUMNORM,
-			  (void*)&helper_data, nsadbEnumCertsHelp);
-    }
-
-    return (rv < 0) ? rv: helper_data.rv;
-}
-
-NSAPI_PUBLIC void nsadbFreeCertObj(CertObj_t * coptr)
-{
-    if (coptr) {
-	FREE(coptr->co_username);
-	FREE(coptr);
-    }
-}
-
-NSAPI_PUBLIC int nsadbGetCertById(NSErr_t * errp, void * authdb,
-				  USI_t certid, CertObj_t **coptr)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    CertObj_t * cop = 0;
-    char * keyptr;
-    char * recptr;
-    int keylen;
-    int reclen;
-    int rv;
-
-    rv = nsadbOpenCerts(errp, authdb, ADBF_CREAD);
-    if (rv < 0) goto punt;
-
-    /* Get the name corresponding to the id */
-    rv = ndbIdToName(errp, adb->adb_certdb, certid, &keylen, &keyptr);
-    if (rv < 0) goto punt;
-
-    rv = ndbFindName(errp, adb->adb_certdb,
-		     keylen, keyptr, &reclen, &recptr);
-    if (rv < 0) goto punt;
-
-    /* Allocate a CertObj_t structure and initialize it */
-    cop = (CertObj_t *)MALLOC(sizeof(CertObj_t));
-    if (cop) {
-
-	cop->co_issuer.data = 0;
-	cop->co_subject.data = 0;
-	cop->co_username = 0;
-	cop->co_certid = 0;
-
-	/* Decode the certificate key */
-	rv = nsadbDecodeCertKey(keylen, keyptr,
-				&cop->co_issuer, &cop->co_subject);
-
-	/* Decode the certificate record */
-	rv = nsadbDecodeCertRec(reclen, recptr, cop);
-
-    }
-
-  punt:
-    if (coptr) *coptr = cop;
-    return rv;
-}
-
-/*
- * Description (nsadbGetUserByCert)
- *
- *	This function looks up a specified client certificate in the
- *	authentication database.  It returns a pointer to the username
- *	associated with the client certificate, if any.  The username
- *	buffer remains valid until the authentication database is
- *	closed.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle returned by nsadbOpen()
- *	cert			- pointer to client certificate
- *	username		- pointer to returned user name (or null)
- *
- * Returns:
- *
- *	The return value will be zero if the certificate is found. Also,
- *	*username will be set to the string value of the associated username
- *	iff username is not null.
- */
-
-NSAPI_PUBLIC int nsadbGetUserByCert(NSErr_t * errp, void * authdb,
-				    CERTCertificate * cert, char **username)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    ATR_t cp;				/* current pointer into DB record */
-    char * user = 0;			/* pointer to username */
-    char * keyptr = 0;			/* pointer to cert key */
-    char * recptr;			/* pointer to cert db record */
-    int keylen;				/* length of cert key */
-    int reclen;				/* length of cert db record */
-    USI_t tag;				/* attribute tag */
-    USI_t len;				/* attribute value encoding length */
-    int rv;
-
-    /* Construct the record key from the certificate */
-    rv = nsadbEncodeCertKey(&cert->derIssuer, &cert->derSubject,
-			    &keylen, &keyptr);
-
-    if (adb->adb_certdb == NULL) {
-	rv = nsadbOpenCerts(errp, authdb, ADBF_CREAD);
-	if (rv < 0) goto punt;
-    }
-
-    rv = ndbFindName(errp, adb->adb_certdb,
-		     keylen, keyptr, &reclen, &recptr);
-    if (rv < 0) goto punt;
-
-    /* Parse cert DB record */
-    cp = (ATR_t)recptr;
-
-    while ((cp - (ATR_t)recptr) < reclen) {
-
-	/* Get the attribute tag */
-	cp = USIDECODE(cp, &tag);
-
-	/* Get the length of the encoding of the attribute value */
-	cp = USIDECODE(cp, &len);
-
-	/* We want the CAT_USERNAME attribute */
-	if (tag == CAT_USERNAME) {
-
-	    /* Get the username associated with the cert */
-	    user = (char *)cp;
-	    break;
-	}
-
-	/* Just skip other attributes */
-	cp += len;
-    }
-
-  punt:
-    if (keyptr) {
-	FREE(keyptr);
-    }
-    if (username) *username = user;
-    return rv;
-}
-
-/*
- * Description (see description for nsadbOpenUsers)
- */
-
-int nsadbOpenCerts(NSErr_t * errp, void * authdb, int flags)
-{
-    AuthDB_t *adb = (AuthDB_t*)authdb;
-    char *dbname = NULL;		/* user database name */
-    int dblen;				/* strlen(adb_dbname) */
-    int version;			/* database version */
-    int eid;				/* error id code */
-    int rv;				/* result value */
-
-    if (adb == NULL) goto err_inval;
-
-    /* Is the user database already open? */
-    if (adb->adb_certdb != 0) {
-
-	/* Yes, is it open for the desired access? */
-	if (adb->adb_flags & flags) {
-
-	    /* Yes, that was easy */
-	    return 0;
-	}
-    }
-    else {
-	/* Allocate space for the user database filename */
-	dblen = strlen(adb->adb_dbname);
-
-	dbname = (char *)MALLOC(dblen + strlen(ADBCERTDBNAME) + 2);
-	if (dbname == 0) goto err_nomem;
-
-	/* Construct user database name */
-	strcpy(dbname, adb->adb_dbname);
-
-	/* Put in a '/' (or '\') if it's not there */
-	if (dbname[dblen-1] != FILE_PATHSEP) {
-	    dbname[dblen] = FILE_PATHSEP;
-	    dbname[dblen+1] = 0;
-	    ++dblen;
-	}
-
-	strcpy(&dbname[dblen], ADBCERTDBNAME);
-
-	if (nscert_lock == 0) {
-	    rv = nsadbCertInitialize();
-	    if (rv < 0) goto err_lock;
-	}
-	adb->adb_certlock = nscert_lock;
-	if (adb->adb_certlock == 0) goto punt;
-
-	fsmutex_lock((FSMUTEX)(adb->adb_certlock));
-
-	adb->adb_certdb = ndbOpen(errp,
-				  dbname, 0, NDB_TYPE_CLIENTDB, &version);
-	if (adb->adb_certdb == 0) {
-	    fsmutex_unlock((FSMUTEX)(adb->adb_certlock));
-	    goto err_open;
-	}
-    }
-
-    /*
-     * We don't really reopen the database to get the desired
-     * access mode, since that is handled at the nsdb level.
-     * But we do update the flags, just for the record.
-     */
-    adb->adb_flags &= ~(ADBF_CREAD|ADBF_CWRITE);
-    if (flags & ADBF_CWRITE) adb->adb_flags |= ADBF_CWRITE;
-    else adb->adb_flags |= ADBF_CREAD;
-    rv = 0;
-
-  punt:
-    if (dbname != NULL) FREE(dbname);
-    return rv;
-
-  err_inval:
-    eid = NSAUERR3400;
-    rv = NSAERRINVAL;
-    goto err_ret;
-
-  err_nomem:
-    eid = NSAUERR3420;
-    rv = NSAERRNOMEM;
-    goto err_ret;
-
-  err_lock:
-    eid = NSAUERR3430;
-    rv = NSAERRLOCK;
-    goto err_ret;
-
-  err_open:
-    eid = NSAUERR3440;
-    rv = NSAERROPEN;
-
-  err_ret:
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 1, dbname);
-    goto punt;
-
-}
-
-NSAPI_PUBLIC void nsadbCloseCerts(void * authdb, int flags)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-
-    if (adb->adb_certnm != 0) {
-	/* Close the username-to-certid database */
-	nsadbCloseCertUsers(authdb, flags);
-    }
-
-    if (adb->adb_certdb != 0) {
-
-	ndbClose(adb->adb_certdb, 0);
-	adb->adb_certdb = 0;
-
-	/*
-	 * A lock is held for the certificate map DB as long as it is
-	 * open, so release the lock now.
-	 */
-	fsmutex_unlock((FSMUTEX)(adb->adb_certlock));
-    }
-}
-
-/*
- * Description (nsadbOpenCertUsers)
- *
- *	This function opens a database that maps user names to client
- *	certificates.  The database appears as "Certs.nm" in the
- *	authentication database directory.  This function requires
- *	that the primary certificate database be opened (Certs.db)
- *	first, and will open it if necessary, acquiring a global
- *	lock in the process.  The lock will not be released until
- *	nsadbCloseCerts() or nsadbClose() is called.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle returned by nsadbOpen()
- *	flags			- same as nsadbOpenCerts()
- *
- * Returns:
- *
- *	The return value is zero if the operation is successful.
- *	Otherwise a negative error code is returned.
- */
-
-NSAPI_PUBLIC int nsadbOpenCertUsers(NSErr_t * errp, void * authdb, int flags)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    char * dbname = 0;
-    int dblen;
-    int oflags = O_RDONLY;		/* assume read-only access */
-    int eid;
-    int rv;
-
-    /* The primary certificate mapping database must be open first */
-    if (adb->adb_certdb != 0) {
-
-	/* It's open, but is it read-only when we need write? */
-	if (((flags & adb->adb_flags) == 0) && (flags & ADBF_CWRITE)) {
-
-	    /* Yes, close it */
-	    nsadbCloseCerts(authdb, 0);
-	}
-    }
-
-    /* Open it for the desired access if necessary */
-    if (adb->adb_certdb == 0) {
-	/*
-	 * Open it for the desired access.  Note that this acquires
-	 * a global lock which is not released until nsadbClose() is
-	 * called for the entire authentication database.
-	 */
-	rv = nsadbOpenCerts(errp, authdb, flags);
-	if (rv < 0) {
-	    /* Go no further if that failed */
-	    return rv;
-	}
-    }
-
-    /* Now look at the username-to-certid database in particular */
-    if (adb->adb_certnm && (adb->adb_flags & flags)) {
-
-	/* The database is already open for the desired access */
-	return 0;
-    }
-
-    dblen = strlen(adb->adb_dbname);
-    dbname = (char *)MALLOC(dblen + strlen(ADBUMAPDBNAME) + 2);
-    strcpy(dbname, adb->adb_dbname);
-    if (dbname[dblen-1] != FILE_PATHSEP) {
-	dbname[dblen] = FILE_PATHSEP;
-	dbname[++dblen] = 0;
-    }
-    strcpy(&dbname[dblen], ADBUMAPDBNAME);
-
-    /* Check for write access and set open flags appropriately if so */
-    if (flags & ADBF_CWRITE) {
-	oflags = O_CREAT|O_RDWR;
-    }
-
-    /* Open the username-to-certid database */
-//    adb->adb_certnm = dbopen(dbname, oflags, 0644, DB_HASH, 0);
-	adb->adb_certnm = 0;
-    if (adb->adb_certnm == 0) goto err_open;
-
-  punt:
-    FREE(dbname);
-
-    return rv;
-
-  err_open:
-    eid = NSAUERR3600;
-    rv = NSAERROPEN;
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 1, dbname);
-    goto punt;
-}
-
-/*
- * Description (nsadbFindCertUser)
- *
- *	This function checks to see whether a client certificate is
- *	registered for a specified user name.  If so, it returns the
- *	certificate mapping id (for use with nsadbGetCertById()).
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle returned by nsadbOpen()
- *	username		- pointer to user name string
- *	id			- pointer to returned certificate mapping id
- *
- * Returns:
- *
- *	If a certificate is registered for the specified user, the return
- *	value is zero and the certificate mapping id is returned via 'id'.
- *	Otherwise the return value is a negative error code (nsautherr.h)
- *	and an error frame is generated if an error frame list is provided.
- */
-
-NSAPI_PUBLIC int nsadbFindCertUser(NSErr_t * errp, void * authdb,
-				   const char * username, USI_t * id)
-{
-    int eid;
-    int rv;
-    eid = NSAUERR3700;
-    rv = NSAERRNAME;
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
-    return rv;
-}
-
-/*
- * Description (nsadbAddCertUser)
- *
- *	This function adds an entry to the username-to-cert id database,
- *	with a given username and certificate mapping id.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle returned by nsadbOpen()
- *	username		- pointer to user name string
- *	id			- certificate mapping id
- *
- * Returns:
- *
- *	If the entry is added successfully, the return value is zero.
- *	Otherwise the return value is a negative error code (nsautherr.h)
- *	and an error frame is generated if an error frame list is provided.
- */
-
-NSAPI_PUBLIC int nsadbAddCertUser(NSErr_t * errp, void * authdb,
-				  const char * username, USI_t id)
-{
-	/* Need to be ported on NSS 3.2 */
-    int eid;
-    int rv;
-
-    eid = NSAUERR3800;
-    rv = NSAERRPUT;
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
-    return rv;
-}
-
-NSAPI_PUBLIC int nsadbRemoveCertUser(NSErr_t * errp, void * authdb,
-				     char * username)
-{
-	/* Need to be ported on NSS 3.2 */
-    int eid;
-    int rv;
-
-    eid = NSAUERR3800;
-    rv = NSAERRPUT;
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
-    return rv;
-}
-
-NSAPI_PUBLIC void nsadbCloseCertUsers(void * authdb, int flags)
-{
-	/* Need to be ported on NSS 3.2 */
-}
-
-/*
- * Description (nsadbPutUserByCert)
- *
- *	This function looks up a stores a client certificate mapping
- *	in the authentication database along with the associated username.
- *	It assumes that a record with the specified certificate key does
- *	not already exist, and will replace it if it does.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	authdb			- handle returned by nsadbOpen()
- *	certLen			- length of the certificate key
- *	cert			- certificate key pointer
- *	user			- username to be associated with the
- *				  certificate
- *
- * Returns:
- *
- */
-
-NSAPI_PUBLIC int nsadbPutUserByCert(NSErr_t * errp, void * authdb,
-				    CERTCertificate * cert,
-				    const char * username)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    ATR_t cp;			/* pointer into cert record contents */
-    char * keyptr = 0;		/* pointer to cert record key */
-    char * recptr = 0;		/* pointer to cert record contents */
-    int keylen;			/* length of cert record key */
-    int reclen;			/* length of cert record contents */
-    USI_t certid;
-    int usrlen;
-    int certidlen;
-    int eid;
-    int rv;
-
-    /* Construct the record key from the certificate */
-    rv = nsadbEncodeCertKey(&cert->derIssuer, &cert->derSubject,
-			    &keylen, &keyptr);
-
-    /* Open the username-to-cert id database for write */
-    rv = nsadbOpenCertUsers(errp, authdb, ADBF_CWRITE);
-    if (rv) goto punt;
-
-    /* If the username is already mapped to a cert, it's an error */
-    certid = 0;
-    rv = nsadbFindCertUser(errp, authdb, username, &certid);
-    if (rv == 0) goto err_map;
-
-    /*
-     * Allocate a certificate id and write a record mapping this id
-     * to the specified certificate key.
-     */
-    certid = 0;
-    rv = ndbAllocId(errp, adb->adb_certdb, keylen, keyptr, &certid);
-    if (rv) goto punt;
-
-    /* Record the username as being mapped to the allocated cert id */
-    rv = nsadbAddCertUser(errp, authdb, username, certid);
-    if (rv < 0) goto punt;
-
-    nsadbCloseCertUsers(authdb, 0);
-
-    /*
-     * First we need to figure out how long the generated record will be.
-     * This doesn't have to be exact, but it must not be smaller than the
-     * actual record size.
-     */
-
-    /* CAT_USERNAME attribute: tag, length, NTS */
-    usrlen = NTSLENGTH(username);
-    if (usrlen > 127) goto err_user;
-    reclen = 2 + usrlen;
-
-    /* CAT_CERTID attribute: tag, length, USI */
-    certidlen = USILENGTH(certid);
-    reclen += 2 + certidlen;
-
-    /* Allocate the attribute record buffer */
-    recptr = (char *)MALLOC(reclen);
-    if (recptr) {
-
-	cp = (ATR_t)recptr;
-
-	/* Encode CAT_USERNAME attribute */
-	*cp++ = CAT_USERNAME;
-	*cp++ = usrlen;
-	cp = NTSENCODE(cp, (NTS_t)username);
-
-	/* Encode CAT_CERTID attribute */
-	*cp++ = CAT_CERTID;
-	*cp++ = certidlen;
-	cp = USIENCODE(cp, certid);
-    }
-
-    /* Store the record in the database under the certificate key */
-    rv = ndbStoreName(errp, adb->adb_certdb,
-		      0, keylen, keyptr, reclen, recptr);
-
-  punt:
-    if (keyptr) {
-	FREE(keyptr);
-    }
-    if (recptr) {
-	FREE(recptr);
-    }
-
-    return rv;
-
-  err_user:
-    eid = NSAUERR3500;
-    rv = NSAERRINVAL;
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 1, adb->adb_dbname);
-    goto punt;
-
-  err_map:
-    eid = NSAUERR3520;
-    rv = NSAERRCMAP;
-    nsadbCloseCertUsers(authdb, 0);
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 1, adb->adb_dbname);
-    goto punt;
-}
-
-NSAPI_PUBLIC int nsadbRemoveCert(NSErr_t * errp, void * authdb, 
-				 void * username, CertObj_t * coptr)
-{
-    AuthDB_t * adb = (AuthDB_t *)authdb;
-    char * keyptr = 0;			/* pointer to cert record key */
-    int keylen;				/* length of cert record key */
-    int rv;
-    int rv2;
-
-    /* If a username is specified, require it to match */
-    if (username && strcmp((char *)username, coptr->co_username)) {
-	return 0;
-    }
-
-    /* Construct the record key from the certificate */
-    rv = nsadbEncodeCertKey(&coptr->co_issuer, &coptr->co_subject,
-			    &keylen, &keyptr);
-
-    if (adb->adb_certdb == NULL) {
-	rv = nsadbOpenCerts(errp, authdb, ADBF_CWRITE);
-	if (rv < 0) goto punt;
-    }
-
-    /* Remove the username-to-cert id entry from Certs.nm */
-    rv = nsadbOpenCertUsers(errp, authdb, ADBF_CWRITE);
-    if (rv < 0) goto punt;
-    rv = nsadbRemoveCertUser(errp, authdb, coptr->co_username);
-    nsadbCloseCertUsers(authdb, 0);
-
-    /* Free the cert id value, if any */
-    rv = 0;
-    if (coptr->co_certid != 0) {
-	rv = ndbFreeId(errp, adb->adb_certdb,
-		       keylen, keyptr, coptr->co_certid);
-    }
-
-    /* Delete the cert record */
-    rv2 = ndbDeleteName(errp, adb->adb_certdb, 0, keylen, keyptr);
-
-  punt:
-    if (keyptr) {
-	FREE(keyptr);
-    }
-    return (rv) ? rv : rv2;
-}
-
-NSAPI_PUBLIC int nsadbRemoveUserCert(NSErr_t * errp,
-				     void * authdb, char * username)
-{
-    CertObj_t * coptr = 0;
-    USI_t certid = 0;
-    int rv;
-
-    /*
-     * Open for read access at first.  We don't want to create the
-     * database if it's not already there.  This will do nothing
-     * if the database is already open for write, since that implies
-     * read access as well.
-     */
-    rv = nsadbOpenCertUsers(errp, authdb, ADBF_CREAD);
-    if (rv < 0) goto punt;
-
-    /* Find a certificate mapping id for the given username */
-    rv = nsadbFindCertUser(errp, authdb, username, &certid);
-    if (rv < 0) goto punt;
-
-    /* Look up the mapping from the mapping id */
-    rv = nsadbGetCertById(errp, authdb, certid, &coptr);
-    if (rv < 0) goto punt;
-
-    /* It's there, so remove it.  This will re-open for write if needed. */
-    rv = nsadbRemoveCert(errp, authdb, (void *)username, coptr);
-
-  punt:
-
-    if (coptr != 0) {
-	nsadbFreeCertObj(coptr);
-    }
-
-    return rv;
-}
-
-#endif /* defined(CLIENT_AUTH) */

lib/libaccess/nsdb.cpp

@@ -1,836 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsdb.c)
- *
- *	This provides access to a Netscape server database.
- *	A server database is composed of two (libdbm) DB files.  One
- *	of these (<dbname>.db) contains records indexed by a string
- *	key.  These records contain the primary information in the
- *	database.  A second DB file (<dbname>.id) is used to map an
- *	integer id value to a string key, which can then be used to
- *	locate a record in the first file.
- *
- *	Normally the records in the primary DB file will contain the
- *	id values which are used to key the id-to-name DB.  When this
- *	is the case, it is possible to construct the id-to-name DB from
- *	the primary DB file, and an interface is provided to facilitate
- *	this.
- */
-
-#include <stdio.h>
-#include <base/systems.h>
-#include <netsite.h>
-#include <base/file.h>
-#define __PRIVATE_NSDB
-#include <libaccess/nsdb.h>
-
-#include <errno.h>
-
-#define NDBMODE	0644			/* mode for creating files */
-
-char * NSDB_Program = "NSDB";		/* NSDB facility name */
-
-NSPR_BEGIN_EXTERN_C
-
-/*
- * Description (ndbClose)
- *
- *	This function closes the specified database.  This involves
- *	closing the primary and id-to-name DB files, and freeing the
- *	NSDB_t object.
- *
- * Arguments:
- *
- *	ndb			- database handle from ndbOpen()
- *	flags			- (currently unused - should be zero)
- *
- */
-
-void ndbClose(void * ndb, int flags)
-{
-    NSDB_t * ndbp = (NSDB_t *)ndb;	/* database object pointer */
-
-    if (ndbp->ndb_flags & (NDBF_WRNAME|NDBF_RDNAME)) {
-	(*ndbp->ndb_pdb->close)(ndbp->ndb_pdb);
-    }
-
-    if (ndbp->ndb_flags & (NDBF_WRID|NDBF_RDID)) {
-	(*ndbp->ndb_idb->close)(ndbp->ndb_idb);
-    }
-
-    if (ndbp->ndb_pname) {
-	FREE(ndbp->ndb_pname);
-    }
-
-    if (ndbp->ndb_iname) {
-	FREE(ndbp->ndb_iname);
-    }
-
-    FREE(ndbp);
-}
-
-/*
- * Description (ndbEnumerate)
- *
- *	This function is called to enumerate the records of the primary
- *	DB file to a caller-specified function.  The function specified
- *	by the caller is called with the name (key), length and address
- *	of each record in the primary DB file.  The 'flags' argument can
- *	be used to select normal data records, metadata records, or both.
- *	If the 'flags' value is zero, only normal data records are
- *	enumerated.  The function specified by the caller returns -1 to
- *	terminate the enumeration, 0 to continue it, or +1 to restart
- *	the enumeration from the beginning.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	ndb			- database handle from ndbOpen()
- *	flags			- bit flags:
- *					NDBF_ENUMNORM - normal data records
- *					NDBF_ENUMMETA - metadata records
- *	func			- pointer to caller's enumeration function
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise a non-zero
- *	error code is returned, and an error frame is generated if an
- *	error frame list was provided by the caller.
- */
-
-int ndbEnumerate(NSErr_t * errp, void * ndb, int flags, void * argp,
-#ifdef UnixWare
-	ArgFn_ndbEnum func) /* for ANSI C++ standard, see nsdb.h */
-#else
-	int (*func)(NSErr_t * ferrp, void * parg,
-		    int namelen, char * name,
-		    int reclen, char * recptr))
-#endif
-{
-    NSDB_t * ndbp = (NSDB_t *)ndb;	/* database object pointer */
-    DBT key;
-    DBT rec;
-    int rv;
-    int dbflag;
-
-    /* Is the user DB open for reading names? */
-    if (!(ndbp->ndb_flags & NDBF_RDNAME)) {
-
-	/* No, (re)open it */
-	rv = ndbReOpen(errp, ndb, NDBF_RDNAME);
-	if (rv) goto punt;
-    }
-
-    if (flags == 0) flags = NDBF_ENUMNORM;
-
-    for (dbflag = R_FIRST; ; dbflag = (rv > 0) ? R_FIRST : R_NEXT) {
-
-	/* Retrieve the next (first) record from the primary DB */
-	rv = (*ndbp->ndb_pdb->seq)(ndbp->ndb_pdb, &key, &rec, dbflag);
-	if (rv) break;
-
-	/* Is this a metadata record? */
-	if (*(char *)key.data == NDB_MDPREFIX) {
-
-	    /* Yes, skip it if metadata was not requested */
-	    if (!(flags & NDBF_ENUMMETA)) continue;
-	}
-	else {
-	    /* Skip normal data if not requested */
-	    if (!(flags & NDBF_ENUMNORM)) continue;
-	}
-
-	/* Pass this record to the caller's function */
-	rv = (*func)(errp, argp,
-		     key.size, (char *)key.data, rec.size, (char *)rec.data);
-	if (rv < 0) break;
-    }
-
-    /* Indicate success */
-    rv = 0;
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (ndbFindName)
- *
- *	This function retrieves from the database a record with the
- *	specified key.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	ndb			- database handle from ndbOpen()
- *	namelen			- length of the key, including null
- *				  terminator if any
- *	name			- pointer to the key of the desired record
- *	reclen			- pointer to returned record length
- *	recptr			- pointer to returned record pointer
- *
- * Returns:
- *
- *	If successful, the return value is zero, and the length and
- *	address of the returned record are returned through reclen and
- *	recptr.  Otherwise the return value is non-zero, and an error
- *	frame is generated if an error frame list was provided by the
- *	caller.
- *
- * Notes:
- *
- *	The record buffer is dynamically allocated and is freed 
- *	automatically when the database is closed.
- */
-
-int ndbFindName(NSErr_t * errp, void * ndb, int namelen, char * name,
-		int * reclen, char **recptr)
-{
-    NSDB_t * ndbp = (NSDB_t *)ndb;	/* database object pointer */
-    DBT key;
-    DBT rec;
-    int eid;				/* error id code */
-    int rv;				/* result value */
-
-    /* Is the user DB open for reading names? */
-    if (!(ndbp->ndb_flags & NDBF_RDNAME)) {
-
-	/* No, (re)open it */
-	rv = ndbReOpen(errp, ndb, NDBF_RDNAME);
-	if (rv) goto punt;
-    }
-
-    /* Set up record key.  Include the terminating null byte. */
-    key.data = (void *)name;
-    key.size = (namelen > 0) ? namelen : (strlen(name) + 1);
-
-    /* Initialize record buffer descriptor */
-    rec.data = 0;
-    rec.size = 0;
-
-    /* Retrieve the record by its key */
-    rv = (*ndbp->ndb_pdb->get)(ndbp->ndb_pdb, &key, &rec, 0);
-    if (rv) goto err_pget;
-
-    /* Return record length and address */
-    if (reclen) *reclen = rec.size;
-    if (recptr) *recptr = (char *)rec.data;
-
-    /* Indicate success */
-    rv = 0;
-
-  punt:
-    return rv;
-
-  err_pget:
-    eid = NSDBERR1000;
-    rv = NDBERRGET;
-    nserrGenerate(errp, rv, eid, NSDB_Program, 2, ndbp->ndb_pname, name);
-    goto punt;
-}
-
-/*
- * Description (ndbIdToName)
- *
- *	This function looks up a specified id in the id-to-name DB
- *	file, and returns the associated name string.  This name
- *	can be used to retrieve a record using ndbFindName().
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	ndb			- database handle from ndbOpen()
- *	id			- id to look up
- *	plen			- pointer to returned length of name
- *				  (may be null, length includes null terminator
- *				  in a string)
- *	pname			- pointer to returned name string pointer
- *
- * Returns:
- *
- *	The return value is zero if the operation is successful.  An
- *	error is indicated by a negative return value (see nsdberr.h),
- *	and an error frame is generated if an error frame list was
- *	provided by the caller.
- */
-
-int ndbIdToName(NSErr_t * errp,
-		void * ndb, unsigned int id, int * plen, char **pname)
-{
-    NSDB_t * ndbp = (NSDB_t *)ndb;	/* database object pointer */
-    DBT key;
-    DBT rec;
-    char * name = 0;
-    int namelen = 0;
-    uint32 myid = id - 1;
-    int eid;				/* error id code */
-    int rv;				/* result value */
-
-    /* Is the id-to-name DB open for reading ids? */
-    if (!(ndbp->ndb_flags & NDBF_RDID)) {
-
-	/* No, (re)open it */
-	rv = ndbReOpen(errp, ndb, NDBF_RDID);
-	if (rv) goto punt;
-    }
-
-    /* Set up record key */
-#if BYTE_ORDER == LITTLE_ENDIAN
-    M_32_SWAP(myid);
-#endif
-    key.data = (void *)&myid;
-    key.size = sizeof(myid);
-
-    /* Initialize record buffer descriptor */
-    rec.data = 0;
-    rec.size = 0;
-
-    /* Retrieve the record by its key */
-    rv = (*ndbp->ndb_idb->get)(ndbp->ndb_idb, &key, &rec, 0);
-    if (rv) goto err_iget;
-
-    /* Get the name pointer (terminating null is part of the name) */
-    namelen = rec.size;
-    name = (char *) rec.data;
-
-  punt:
-    /* Return name length and size if requested */
-    if (plen) *plen = namelen;
-    if (pname) *pname = name;
-
-    return rv;
-
-  err_iget:
-    eid = NSDBERR1100;
-    rv = NDBERRGET;
-    nserrGenerate(errp, rv, eid, NSDB_Program,
-		  2, ndbp->ndb_iname, system_errmsg());
-    goto punt;
-}
-
-/*
- * Description (ndbInitPrimary)
- *
- *	This function creates and initializes the primary DB file.
- *	Initialization involves writing any required metadata records.
- *	Currently there is a ?dbtype record, which specifies the nsdb
- *	version number, and a database type and version number that
- *	were passed as arguments to ndbOpen().  There is also a
- *	?idmap record, which contains an allocation bitmap for id values
- *	used as keys in the associated id-to-name DB file.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	ndb			- database handle from ndbOpen()
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise a non-zero
- *	error code is returned, and an error frame is generated if an
- *	error frame list was provided by the caller.
- */
-
-int ndbInitPrimary(NSErr_t * errp, void * ndb)
-{
-    NSDB_t * ndbp = (NSDB_t *)ndb;	/* database object pointer */
-    DBT key;
-    DBT rec;
-#if BYTE_ORDER == LITTLE_ENDIAN
-    uint32 m;
-    int i;
-#endif
-    int eid;				/* error id code */
-    int rv;				/* result value */
-    uint32 dbtype[4];
-
-    /* Error if the primary DB is marked as existing already */
-    if (!(ndbp->ndb_flags & NDBF_NONAME)) goto err_exists;
-
-    /* First create the primary DB file */
-    ndbp->ndb_pdb = dbopen(ndbp->ndb_pname, O_RDWR | O_CREAT | O_TRUNC,
-			   NDBMODE, DB_HASH, 0);
-    if (!ndbp->ndb_pdb) goto err_open;
-
-    /* Generate data for the ?dbtype record */
-    dbtype[0] = NDB_VERSION;
-    dbtype[1] = ndbp->ndb_dbtype;
-    dbtype[2] = ndbp->ndb_version;
-    dbtype[3] = 0;
-#if BYTE_ORDER == LITTLE_ENDIAN
-    for (i = 0; i < 4; ++i) {
-	m = dbtype[i];
-	M_32_SWAP(m);
-	dbtype[i] = m;
-    }
-#endif
-
-    /* Set up descriptors for the ?dbtype record key and data */
-    key.data = (void *)NDB_DBTYPE;
-    key.size = strlen(NDB_DBTYPE) + 1;
-
-    rec.data = (void *)dbtype;
-    rec.size = sizeof(dbtype);
-
-    /* Write the ?dbtype record out */
-    rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, 0);
-    if (rv) goto err_mput1;
-
-    /* Write out an empty ?idmap record */
-    key.data = (void *)NDB_IDMAP;
-    key.size = strlen(NDB_IDMAP) + 1;
-
-    rec.data = 0;
-    rec.size = 0;
-
-    /* Write the ?idmap record */
-    rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, 0);
-    if (rv) goto err_mput2;
-
-    /* Close the DB file */
-    (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb);
-
-    /* Clear the flag that says the primary DB file does not exist */
-    ndbp->ndb_flags &= ~(NDBF_NONAME|NDBF_RDNAME|NDBF_WRNAME);
-
-    /* Indicate success */
-    return 0;
-
-  err_exists:
-    /* Primary database already exists */
-    eid = NSDBERR1200;
-    rv = NDBERREXIST;
-    nserrGenerate(errp, rv, eid, NSDB_Program, 1, ndbp->ndb_pname);
-    return rv;
-
-  err_open:
-    /* Error opening primary database for write */
-    eid = NSDBERR1220;
-    rv = NDBERROPEN;
-    goto err_dbio;
-
-  err_mput1:
-    /* Error writing "?dbtype" record */
-    eid = NSDBERR1240;
-    rv = NDBERRMDPUT;
-    goto err_dbio;
-
-  err_mput2:
-    /* Error writing "?idmap" record */
-    eid = NSDBERR1260;
-    rv = NDBERRMDPUT;
-    goto err_dbio;
-
-  err_dbio:
-    nserrGenerate(errp, rv, eid, NSDB_Program,
-		  2, ndbp->ndb_pname, system_errmsg());
-    
-    /* Close the primary DB file if it exists */
-    if (ndbp->ndb_pdb) {
-	(*ndbp->ndb_pdb->close)(ndbp->ndb_pdb);
-	ndbp->ndb_flags &= ~(NDBF_RDNAME|NDBF_WRNAME);
-    }
-
-    /* Delete the file */
-    system_unlink(ndbp->ndb_pname);
-    return rv;
-}
-
-/*
- * Description (ndbOpen)
- *
- *	This function opens a server database by name.  The specified
- *	name may be the name of the primary DB file, or the name
- *	without the ".db" suffix.  This function will attempt to open
- *	both the primary and the id-to-name DB files for read access.
- *	If either of the DB files do not exist, they are not created
- *	here, but a handle for the database will still be returned.
- *	The DB files will be created when a subsequent access writes
- *	to the database.  The caller also specifies an application
- *	database type, which is checked against a value stored in
- *	in the database metadata, if the primary DB file exists, or
- *	which is stored in the file metadata when the file is created.
- *	A type-specific version number is passed and returned.  The
- *	value passed will be stored in the file metadata if it is
- *	subsequently created.  If the file exists, the value in the
- *	file metadata is returned, and it is the caller's responsibility
- *	to interpret it.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	dbname			- primary DB filename
- *	flags			- (currently unused - should be zero)
- *	dbtype			- application DB type (NDB_TYPE_xxxxx)
- *	version			- (in/out) type-specific version number
- *
- * Returns:
- *
- *	A handle that can be used for subsequent accesses to the database
- *	is returned, or 0, if an error occurs, and an error frame is
- *	generated if an error frame list was provided by the caller.
- */
-
-void * ndbOpen(NSErr_t * errp,
-	       char * dbname, int flags, int dbtype, int * version)
-{
-    NSDB_t * ndbp = 0;		/* database object pointer */
-    char * pname = 0;		/* primary DB file name */
-    char * iname = 0;		/* id-to-name DB file name */
-    int namelen;
-    uint32 dbtrec[4];
-    uint32 m;
-    DBT key;
-    DBT rec;
-    int eid;				/* error id code */
-    int rv;				/* result value */
-
-    /* Get the database name */
-    namelen = strlen(dbname);
-    if (!strcmp(&dbname[namelen-3], ".db")) {
-	namelen -= 3;
-    }
-
-    /* Get the primary DB file name */
-    pname = (char *)MALLOC(namelen + 4);
-    if (pname == 0) goto err_nomem1;
-    strncpy(pname, dbname, namelen);
-    strcpy(&pname[namelen], ".db");
-
-    /* Get the id-to-name DB file name */
-    iname = (char *)MALLOC(namelen + 4);
-    if (iname == 0) goto err_nomem2;
-    strncpy(iname, dbname, namelen);
-    strcpy(&iname[namelen], ".id");
-
-    /* Allocate the database object */
-    ndbp = (NSDB_t *)MALLOC(sizeof(NSDB_t));
-    if (ndbp == 0) goto err_nomem3;
-
-    /* Initialize the database object */
-    ndbp->ndb_pname = pname;
-    ndbp->ndb_pdb = 0;
-    ndbp->ndb_iname = iname;
-    ndbp->ndb_idb = 0;
-    ndbp->ndb_flags = 0;
-    ndbp->ndb_dbtype = dbtype;
-    ndbp->ndb_version = (version) ? *version : 0;
-
-    /* Open the primary DB file */
-    ndbp->ndb_pdb = dbopen(pname, O_RDONLY, NDBMODE, DB_HASH, 0);
-
-    /* Was it there? */
-    if (ndbp->ndb_pdb) {
-
-	/* Retrieve the ?dbtype record */
-	key.data = (void *)NDB_DBTYPE;
-	key.size = strlen(NDB_DBTYPE) + 1;
-
-	rec.data = 0;
-	rec.size = 0;
-
-	/* Read the ?dbtype record */
-	rv = (*ndbp->ndb_pdb->get)(ndbp->ndb_pdb, &key, &rec, 0);
-	if (rv) goto err_mdget;
-
-	/* Check it out */
-	if (rec.size < 16) goto err_fmt;
-
-	/* Copy data to an aligned area */
-	memcpy((void *)dbtrec, rec.data, sizeof(dbtrec));
-
-	/* Get the NSDB version number */
-	m = dbtrec[0];
-#if BYTE_ORDER == LITTLE_ENDIAN
-	M_32_SWAP(m);
-#endif
-	/* Assume forward compatibility with versions up to current + 0.5 */
-	if (m > (NDB_VERSION + 5)) goto err_vers;
-
-	/* XXX Assume infinite backward compatibility */
-
-	/* Get the application database type */
-	m = dbtrec[1];
-#if BYTE_ORDER == LITTLE_ENDIAN
-	M_32_SWAP(m);
-#endif
-	/* It's got to match */
-	if (m != dbtype) goto err_type;
-
-	/* Get the type-specific version number */
-	m = dbtrec[3];
-#if BYTE_ORDER == LITTLE_ENDIAN
-	M_32_SWAP(m);
-#endif
-	/* Don't check it.  Just return it. */
-	if (version) *version = m;
-
-	/* The value in dbtrec[3] is currently ignored */
-
-	/* Mark the primary DB file open for read access */
-	ndbp->ndb_flags |= NDBF_RDNAME;
-    }
-    else {
-	/* Indicate that the primary DB file does not exist */
-	ndbp->ndb_flags |= NDBF_NONAME;
-    }
-
-    return (void *)ndbp;
-
-  err_nomem1:
-    eid = NSDBERR1400;
-    rv = NDBERRNOMEM;
-    goto err_nomem;
-
-  err_nomem2:
-    eid = NSDBERR1420;
-    rv = NDBERRNOMEM;
-    goto err_nomem;
-
-  err_nomem3:
-    eid = NSDBERR1440;
-    rv = NDBERRNOMEM;
-  err_nomem:
-    nserrGenerate(errp, rv, eid, NSDB_Program, 0);
-    goto punt;
-
-  err_mdget:
-    eid = NSDBERR1460;
-    rv = NDBERRMDGET;
-    nserrGenerate(errp, rv, eid, NSDB_Program, 2, ndbp->ndb_pname,
-		  system_errmsg());
-    goto err_ret;
-
-  err_fmt:
-    eid = NSDBERR1480;
-    rv = NDBERRMDFMT;
-    goto err_ret;
-
-  err_vers:
-    {
-	char vnbuf[16];
-
-	eid = NSDBERR1500;
-	rv = NDBERRVERS;
-	sprintf(vnbuf, "%d", (int)m);
-	nserrGenerate(errp, rv, eid, NSDB_Program, 2, ndbp->ndb_pname, vnbuf);
-    }
-    goto punt;
-
-  err_type:
-    eid = NSDBERR1520;
-    rv = NDBERRDBTYPE;
-    goto err_ret;
-
-  err_ret:
-    nserrGenerate(errp, rv, eid, NSDB_Program, 1, ndbp->ndb_pname);
-    goto punt;
-
-  punt:
-    /* Error clean-up */
-    if (pname) FREE(pname);
-    if (iname) FREE(iname);
-    if (ndbp) {
-	/* Close the DB files if we got as far as opening them */
-	if (ndbp->ndb_pdb) {
-	    (*ndbp->ndb_pdb->close)(ndbp->ndb_pdb);
-	}
-	if (ndbp->ndb_idb) {
-	    (*ndbp->ndb_idb->close)(ndbp->ndb_idb);
-	}
-	FREE(ndbp);
-    }
-    return 0;
-}
-
-/*
- * Description (ndbReOpen)
- *
- *	This function is called to ensure that the primary DB file
- *	and/or the id-to-name DB file are open with specified access
- *	rights.  For example, a file may be open for read, and it needs
- *	to be open for write.  Both the primary and id-to-name DB files
- *	can be manipulated with a single call.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	ndb			- database handle from ndbOpen()
- *	flags			- (currently unused - should be zero)
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise a non-zero
- *	error code is returned (NDBERRxxxx - see nsdb.h).  If an error
- *	list is provided, an error frame will be generated when the
- *	return value is non-zero.
- */
-
-int ndbReOpen(NSErr_t * errp, void * ndb, int flags)
-{
-    NSDB_t * ndbp = (NSDB_t *)ndb;	/* database object pointer */
-    char * dbname;			/* database name pointer */
-    int eid;
-    int rv;
-
-    /* Want to read or write the primary DB file? */
-    if (flags & (NDBF_RDNAME|NDBF_WRNAME)) {
-
-	/* Need to open for write? */
-	if ((flags & NDBF_WRNAME) && !(ndbp->ndb_flags & NDBF_WRNAME)) {
-
-	    /* If it's already open for read, close it first */
-	    if (ndbp->ndb_flags & NDBF_RDNAME) {
-		(*ndbp->ndb_pdb->close)(ndbp->ndb_pdb);
-		ndbp->ndb_flags &= ~NDBF_RDNAME;
-	    }
-
-	    /* Create it if it doesn't exist */
-	    if (ndbp->ndb_flags & NDBF_NONAME) {
-		rv = ndbInitPrimary(errp, ndb);
-		if (rv) goto err_init;
-	    }
-
-	    /* Open primary DB file for write access */
-	    dbname = ndbp->ndb_pname;
-	    ndbp->ndb_pdb = dbopen(dbname, O_RDWR, NDBMODE, DB_HASH, 0);
-	    if (!ndbp->ndb_pdb) goto err_open1;
-
-	    /* Update flags to indicate successful open */
-	    ndbp->ndb_flags |= (NDBF_RDNAME|NDBF_WRNAME);
-	}
-
-	/* Need to open for read? */
-	if ((flags & NDBF_RDNAME) && !(ndbp->ndb_flags & NDBF_RDNAME)) {
-
-	    /* If it's already open for write, close it first */
-	    if (ndbp->ndb_flags & NDBF_WRNAME) {
-		(*ndbp->ndb_pdb->close)(ndbp->ndb_pdb);
-		ndbp->ndb_flags &= ~(NDBF_RDNAME|NDBF_WRNAME);
-	    }
-
-	    /* Open primary DB file for read access */
-	    dbname = ndbp->ndb_pname;
-	    ndbp->ndb_pdb = dbopen(dbname, O_RDONLY, NDBMODE, DB_HASH, 0);
-	    if (!ndbp->ndb_pdb) goto err_open2;
-
-	    /* Update flags to indicate successful open */
-	    ndbp->ndb_flags |= NDBF_RDNAME;
-	}
-    }
-
-    /* Want to read or write the id-to-name DB file? */
-    if (flags & (NDBF_RDID|NDBF_WRID)) {
-
-	/* Need to open for write? */
-	if ((flags & NDBF_WRID) && !(ndbp->ndb_flags & NDBF_WRID)) {
-
-	    /*
-	     * If it's not open for read yet, try to open it for read
-	     * in order to find out if it exists.
-	     */
-	    if (!(ndbp->ndb_flags & NDBF_RDID)) {
-
-		/* Open id-to-name DB file for read access */
-		dbname = ndbp->ndb_iname;
-		ndbp->ndb_idb = dbopen(dbname, O_RDONLY, NDBMODE, DB_HASH,0);
-
-		/* Does it exist? */
-		if (ndbp->ndb_idb == 0) {
-
-		    /* No, create it */
-		    dbname = ndbp->ndb_iname;
-		    ndbp->ndb_idb = dbopen(dbname,O_RDWR | O_CREAT | O_TRUNC,
-					      NDBMODE, DB_HASH, 0);
-		    if (!ndbp->ndb_idb) goto err_open3;
-		    (*ndbp->ndb_idb->close)(ndbp->ndb_idb);
-		}
-		else {
-		    /* Mark it open for read */
-		    ndbp->ndb_flags |= NDBF_RDID;
-		}
-	    }
-
-	    /* If it's already open for read, close it first */
-	    if (ndbp->ndb_flags & NDBF_RDID) {
-		(*ndbp->ndb_idb->close)(ndbp->ndb_idb);
-		ndbp->ndb_flags &= ~NDBF_RDID;
-	    }
-
-	    /* Open id-to-name DB file for write access */
-	    dbname = ndbp->ndb_iname;
-	    ndbp->ndb_idb = dbopen(dbname, O_RDWR, NDBMODE, DB_HASH, 0);
-	    if (!ndbp->ndb_idb) goto err_open4;
-
-	    /* Update flags to indicate successful open */
-	    ndbp->ndb_flags |= (NDBF_RDID|NDBF_WRID);
-	}
-
-	/* Need to open for read? */
-	if ((flags & NDBF_RDID) && !(ndbp->ndb_flags & NDBF_RDID)) {
-
-	    /* If it's already open for write, close it first */
-	    if (ndbp->ndb_flags & NDBF_WRID) {
-		(*ndbp->ndb_idb->close)(ndbp->ndb_idb);
-		ndbp->ndb_flags &= ~(NDBF_RDID|NDBF_WRID);
-	    }
-
-	    /* Open id-to-name DB file for read access */
-	    dbname = ndbp->ndb_iname;
-	    ndbp->ndb_idb = dbopen(dbname, O_RDONLY, NDBMODE, DB_HASH, 0);
-	    if (!ndbp->ndb_idb) goto err_open5;
-
-	    /* Update flags to indicate successful open */
-	    ndbp->ndb_flags |= NDBF_RDID;
-	}
-    }
-
-    /* Successful completion */
-    return 0;
-
-    /* Begin error handlers */
-
-  err_init:			/* failed to create primary DB file */
-    (void)nserrGenerate(errp, NDBERRPINIT, NSDBERR1600, NSDB_Program,
-			1,
-			ndbp->ndb_pname		/* primary DB filename */
-			);
-    rv = NDBERRPINIT;
-    goto punt;
-
-  err_open1:
-    eid = NSDBERR1620;
-    goto err_open;
-
-  err_open2:
-    eid = NSDBERR1640;
-    goto err_open;
-
-  err_open3:
-    eid = NSDBERR1660;
-    goto err_open;
-
-  err_open4:
-    eid = NSDBERR1680;
-    goto err_open;
-
-  err_open5:
-    eid = NSDBERR1700;
-    goto err_open;
-
-  err_open:			/* database open error */
-    rv = NDBERROPEN;
-    (void)nserrGenerate(errp, NDBERROPEN, eid, NSDB_Program,
-			2, dbname, system_errmsg());
-
-  punt:
-    return rv;
-}
-
-NSPR_END_EXTERN_C
-

lib/libaccess/nsdbmgmt.cpp

@@ -1,685 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsdbmgmt.h)
- *
- *	The file describes the interface for managing information in
- *	a Netscape (server) database.  A database is composed of
- *	two (libdbm) DB files.  One of these (<dbname>.db) contains
- *	records indexed by a string key.  These records contain the
- *	primary information in the database.  A second DB file
- *	(<dbname>.id) is used to map an integer id value to a string
- *	key, which can then be used to locate a record in the first file.
- *	The interface for retrieving information from a database is
- *	described in nsdb.h.
- */
-
-#include <base/systems.h>
-#include <netsite.h>
-#include <base/file.h>
-#define __PRIVATE_NSDB
-#include <libaccess/nsdbmgmt.h>
-#include <base/util.h>
-
-/*
- * Description (ndbAllocId)
- *
- *	This function allocates a unique id to be associated with a
- *	name in the primary DB file.  An id bitmap is maintained in
- *	the primary DB file as a metadata record, and an entry is
- *	created in the id-to-name DB for the assigned id and the
- *	specified name.  An allocated id value is always non-zero.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	ndb			- database handle from ndbOpen()
- *	namelen			- length of key of the desired record,
- *				  including null terminator if any
- *	name			- pointer to the key of the desired record
- *	id			- pointer to returned id value
- *
- * Returns:
- *
- *	If successful, the return value is zero, and the allocated id
- *	is returned through 'id'.  Otherwise a non-zero error code is
- *	returned (NDBERRxxxx - see nsdb.h).  If an error list is
- *	provided, an error frame will be generated when the return
- *	value is non-zero.
- */
-
-int ndbAllocId(NSErr_t * errp,
-	       void * ndb, int namelen, char * name, unsigned int * id)
-{
-    NSDB_t * ndbp = (NSDB_t *)ndb;	/* database object pointer */
-    DBT key;
-    DBT rec;
-    unsigned char * idmap;
-    unsigned char * newmap = 0;
-    int m;
-    int mmsk;
-    uint32 idval;
-    int myid;
-    int i, n;
-    int rv;
-    long eid;
-
-    /*
-     * Ensure that the name does not start with the metadata
-     * prefix character.
-     */
-    if (!name || (name[0] == NDB_MDPREFIX)) goto err_name;
-
-    /*
-     * Read the primary DB file metadata record containing the id
-     * allocation bitmap.
-     */
-
-    /*
-     * We need the primary and the id-to-name DB files open for write
-     * (and implicitly read) access.
-     */
-    if ((ndbp->ndb_flags & (NDBF_WRNAME|NDBF_WRID))
-	!= (NDBF_WRNAME|NDBF_WRID)) {
-
-	/* No, (re)open it */
-	rv = ndbReOpen(errp, ndb, (NDBF_WRNAME|NDBF_WRID));
-	if (rv < 0) goto punt;
-    }
-
-    /* Set the key to the id allocation bitmap record name */
-    key.data = (void *)NDB_IDMAP;
-    key.size = strlen(NDB_IDMAP) + 1;
-
-    rec.data = 0;
-    rec.size = 0;
-
-    /* Retrieve the record by its key */
-    rv = (*ndbp->ndb_pdb->get)(ndbp->ndb_pdb, &key, &rec, 0);
-    if (rv) goto err_mdget;
-
-    /* Search for an available id in the bitmap */
-    n = rec.size;
-    idmap = (unsigned char *)rec.data;
-
-    for (i = 0, m = 0; i < n; ++i) {
-
-	m = idmap[i];
-	if (m != 0) break;
-    }
-
-    /* Did we find a byte with an available bit? */
-    if (m == 0) {
-
-	/* No, need to grow the bitmap */
-	newmap = (unsigned char *)MALLOC(rec.size + 32);
-	if (newmap == 0) goto err_nomem1;
-
-	/* Initialize free space at the beginning of the new map */
-	for (i = 0; i < 32; ++i) {
-	    newmap[i] = 0xff;
-	}
-
-	/* Copy the old map after it */
-	n += 32;
-	for ( ; i < n; ++i) {
-	    newmap[i] = idmap[i-32];
-	}
-
-	/* Set i and m to allocate the new highest id value */
-	i = 0;
-	m = 0xff;
-    }
-    else {
-
-	/*
-	 * It's unfortunate, but it appears to be necessary to copy the
-	 * the ?idmap record into a new buffer before updating it, rather
-	 * than simply updating it in place.  The problem is that the
-	 * libdbm put routine deletes the old record and then re-inserts
-	 * it.  But once it has deleted the old record, it may take the
-	 * opportunity to move another record into the space that the
-	 * old record occupied, which is the same space that the new
-	 * record occupies.  So the new record data is overwritten before
-	 * new record is inserted.  :-(
-	 */
-
-	newmap = (unsigned char *)MALLOC(rec.size);
-	if (newmap == 0) goto err_nomem2;
-
-	memcpy((void *)newmap, (void *)idmap, rec.size);
-    }
-
-    /* Calculate the id associated with the low-order bit of byte i */
-    myid = (n - i - 1) << 3;
-
-    /* Find the first free (set) bit in that word */
-    for (mmsk = 1; !(m & mmsk); mmsk <<= 1, myid += 1) ;
-
-    /* Clear the bit */
-    m &= ~mmsk;
-    newmap[i] = m;
-
-    /* Write the bitmap back out */
-
-    rec.data = (void *)newmap;
-    rec.size = n;
-
-    rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, 0);
-
-    /* Check for error on preceding put operation */
-    if (rv) goto err_putpdb;
-
-    /* Create the key for the id-to-name record */
-    idval = myid;
-#if BYTE_ORDER == LITTLE_ENDIAN
-    M_32_SWAP(idval);
-#endif
-
-    key.data = (void *)&idval;
-    key.size = sizeof(uint32);
-
-    rec.data = (void *)name;
-    rec.size = (namelen > 0) ? namelen : (strlen(name) + 1);
-
-    /* Write the id-to-name record */
-    rv = (*ndbp->ndb_idb->put)(ndbp->ndb_idb, &key, &rec, 0);
-    if (rv) goto err_putidb;
-
-    /* Return the id value + 1, to avoid returning a zero id */
-    if (id) *id = myid + 1;
-
-  punt:
-
-    /* Free the new map space if any */
-    if (newmap) {
-	FREE(newmap);
-    }
-
-    return rv;
-
-  err_name:				/* invalid name parameter */
-    eid = NSDBERR2000;
-    rv = NDBERRNAME;
-    if (name == 0) {
-	name = "(null)";
-    }
-    else if ((namelen > 0) && (namelen != strlen(name) + 1)) {
-	name = "(unprintable)";
-    }
-    (void)nserrGenerate(errp, rv, eid, NSDB_Program,
-			2,
-			ndbp->ndb_pname,	/* primary DB filename */
-			name			/* name string */
-			);
-    goto punt;
-
-  err_mdget:				/* error on get from primary DB file */
-    eid = NSDBERR2020;
-    rv = NDBERRMDGET;
-    (void)nserrGenerate(errp, rv, eid, NSDB_Program,
-			2,
-			ndbp->ndb_pname,	/* primary DB filename */
-			(char *)key.data	/* key name string */
-			);
-    goto punt;
-
-  err_nomem1:
-    eid = NSDBERR2040;
-    goto err_nomem;
-
-  err_nomem2:
-    eid = NSDBERR2060;
-  err_nomem:				/* insufficient memory */
-    rv = NDBERRNOMEM;
-    (void)nserrGenerate(errp, rv, eid, NSDB_Program, 0);
-    goto punt;
-    
-  err_putpdb:				/* error on put to primary DB file */
-    eid = NSDBERR2080;
-    rv = NDBERRMDPUT;
-    (void)nserrGenerate(errp, rv, eid, NSDB_Program,
-			2,
-			ndbp->ndb_pname,	/* primary DB filename */
-			(char *)key.data	/* key name string */
-			);
-    goto punt;
-
-  err_putidb:				/* error on put to id-to-name DB */
-    {
-	char idstring[16];
-
-	eid = NSDBERR2100;
-	rv = NDBERRIDPUT;
-
-	util_sprintf(idstring, "%d", myid);
-	(void)nserrGenerate(errp, rv, eid, NSDB_Program,
-			    2,
-			    ndbp->ndb_iname,	/* id-to-name DB file */
-			    idstring		/* id value for key */
-			    );
-    }
-    goto punt;
-}
-
-/*
- * Description (ndbDeleteName)
- *
- *	This function deletes a named record from the primary DB file.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	ndb			- database handle from ndbOpen()
- *	flags			- (currently unused - should be zero)
- *	namelen			- length of name key, including null
- *				  terminator if any
- *	name			- pointer to name key
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise a non-zero
- *	error code is returned (NDBERRxxxx - see nsdberr.h).  If an error
- *	list is provided, an error frame will be generated when the
- *	return value is non-zero.
- */
-
-int ndbDeleteName(NSErr_t * errp,
-		  void * ndb, int flags, int namelen, char * name)
-{
-    NSDB_t * ndbp = (NSDB_t *)ndb;	/* database object pointer */
-    DBT key;
-    int eid;
-    int rv;
-
-    /* Is the primary DB open for write access? */
-    if (!(ndbp->ndb_flags & NDBF_WRNAME)) {
-
-	/* No, (re)open it */
-	rv = ndbReOpen(errp, ndb, NDBF_WRNAME);
-	if (rv) goto punt;
-    }
-
-    /* Set up the key descriptor */
-    key.data = (void *)name;
-    key.size = (namelen > 0) ? namelen : (strlen(name) + 1);
-
-    /* Delete the record from the primary DB file */
-    rv = (*ndbp->ndb_pdb->del)(ndbp->ndb_pdb, &key, 0);
-    if (rv) goto err_delpdb;
-
-    /* Successful completion */
-    return 0;
-
-    /* Begin error handlers */
-
-  err_delpdb:			/* error deleting record from primary DB */
-    eid = NSDBERR2200;
-    rv = NDBERRNMDEL;
-    (void)nserrGenerate(errp, rv, eid, NSDB_Program,
-			2,
-			ndbp->ndb_pname,	/* primary DB name */
-			(char *)key.data	/* primary key */
-			);
-  punt:
-    return rv;
-}
-
-/*
- * Description (ndbFreeId)
- *
- *	This function frees an id value associated with a name in the
- *	primary DB file.  It is normally called when the named record
- *	is being deleted from the primary DB file.  It deletes the
- *	record in the id-to-name DB file that is keyed by the id value,
- *	and updates the id allocation bitmap in the primary DB file.
- *	The caller may specify the name that is associated with the id
- *	value, in which case the id-to-name record will be fetched,
- *	and the name matched, before the record is deleted.  Alternatively
- *	the name parameter can be specified as zero, and id-to-name
- *	record will be deleted without a check.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	ndb			- database handle from ndbOpen()
- *	namelen			- length of name (including null terminator)
- *	name			- name associated with the id value (optional)
- *	id			- id value to be freed
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise a non-zero
- *	error code is returned, and an error frame is generated if the
- *	caller provided an error frame list.
- */
-
-int ndbFreeId(NSErr_t * errp,
-	      void * ndb, int namelen, char * name, unsigned int id)
-{
-    NSDB_t * ndbp = (NSDB_t *)ndb;	/* database object pointer */
-    char * recname;
-    DBT key;
-    DBT rec;
-    uint32 idval;
-    int reclen;
-    int mmsk;
-    unsigned char * idmap = 0;
-    int i;
-    int eid;
-    int rv;
-
-    /*
-     * We need the primary and the id-to-name DB files open for write
-     * (and implicitly read) access.
-     */
-    if ((ndbp->ndb_flags & (NDBF_WRNAME|NDBF_WRID))
-	!= (NDBF_WRNAME|NDBF_WRID)) {
-
-	/* No, (re)open it */
-	rv = ndbReOpen(errp, ndb, (NDBF_WRNAME|NDBF_WRID));
-	if (rv) goto punt;
-    }
-
-    /* Was the name for this id value provided by the caller? */
-    if (name) {
-
-	/* Get length of name if not provided */
-	if (namelen <= 0) namelen = strlen(name) + 1;
-
-	/* Yes, look up the id and check for a match */
-	rv = ndbIdToName(errp, ndb, id, &reclen, &recname);
-	if (rv < 0) goto punt;
-
-	/* Fail if the supplied name doesn't match */
-	if ((namelen != reclen) ||
-	    strncmp(recname, name, reclen)) goto err_badid1;
-    }
-
-    /* Caller views the id space as starting at 1, but we start at 0 */
-    id -= 1;
-
-    /* Create the key for the id-to-name record */
-    idval = id;
-#if BYTE_ORDER == LITTLE_ENDIAN
-    M_32_SWAP(idval);
-#endif
-
-    key.data = (void *)&idval;
-    key.size = sizeof(uint32);
-
-    /* Delete the id-to-name record */
-    rv = (*ndbp->ndb_idb->del)(ndbp->ndb_idb, &key, 0);
-    if (rv) goto err_del;
-
-    /* Set the key to the id allocation bitmap record name */
-    key.data = (void *)NDB_IDMAP;
-    key.size = strlen(NDB_IDMAP) + 1;
-
-    rec.data = 0;
-    rec.size = 0;
-
-    /* Retrieve the record by its key */
-    rv = (*ndbp->ndb_pdb->get)(ndbp->ndb_pdb, &key, &rec, 0);
-    if (rv) goto err_mdget;
-
-    /* Make sure the id is in the range of the bitmap */
-    i = (rec.size << 3) - id - 1;
-    if (i < 0) goto err_badid2;
-
-    /*
-     * See comment in ndbAllocId() about updating ?idmap.  Bottom line
-     * is: we have to copy the record before updating it.
-     */
-
-    idmap = (unsigned char *)MALLOC(rec.size);
-    if (idmap == 0) goto err_nomem;
-
-    memcpy((void *)idmap, rec.data, rec.size);
-
-    /* Calculate the index of the byte with this id's bit */
-    i >>= 3;
-
-    /* Calculate the bitmask for the bitmap byte */
-    mmsk = 1 << (id & 7);
-
-    /* Set the bit in the bitmap */
-    idmap[i] |= mmsk;
-
-    /* Write the bitmap back out */
-
-    rec.data = (void *)idmap;
-
-    rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec, 0);
-    if (rv) goto err_mdput;
-
-  punt:
-
-    if (idmap) {
-	FREE(idmap);
-    }
-
-    return rv;
-
-  err_badid1:
-    /* Name associated with id doesn't match supplied name */
-    eid = NSDBERR2300;
-    rv = NDBERRBADID;
-    goto err_id;
-
-  err_del:
-    /* Error deleting id-to-name record */
-    eid = NSDBERR2320;
-    rv = NDBERRIDDEL;
-    goto err_dbio;
-
-  err_mdget:
-    /* Error reading id bitmap from primary DB file */
-    eid = NSDBERR2340;
-    rv = NDBERRMDGET;
-    goto err_dbio;
-
-  err_badid2:
-    eid = NSDBERR2360;
-    rv = NDBERRBADID;
-  err_id:
-    {
-	char idbuf[16];
-
-	util_sprintf(idbuf, "%d", id);
-	nserrGenerate(errp, rv, eid, NSDB_Program, 2, ndbp->ndb_pname, idbuf);
-    }
-    goto punt;
-
-  err_nomem:
-    eid = NSDBERR2380;
-    rv = NDBERRNOMEM;
-    nserrGenerate(errp, rv, eid, NSDB_Program, 0);
-    goto punt;
-
-  err_mdput:
-    eid = NSDBERR2400;
-    rv = NDBERRMDPUT;
-    goto err_dbio;
-
-  err_dbio:
-    nserrGenerate(errp, rv, eid, NSDB_Program,
-		  2, ndbp->ndb_pname, system_errmsg());
-    goto punt;
-}
-
-/*
- * Description (ndbRenameId)
- *
- *	This function changes the name associated with a specified id
- *	int the id-to-name DB file.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	ndb			- database handle from ndbOpen()
- *	namelen			- length of new name string, including
- *				  null terminator if any
- *	newname			- pointer to the new name string
- *	id			- id value to be renamed
- *
- * Returns:
- *
- *	The return value is zero if the operation is successful.  An
- *	error is indicated by a non-zero return value, and an error
- *	frame is generated if the caller provided an error frame list.
- */
-
-int ndbRenameId(NSErr_t * errp,
-		void * ndb, int namelen, char * newname, unsigned int id)
-{
-    NSDB_t * ndbp = (NSDB_t *)ndb;	/* database object pointer */
-    DBT key;
-    DBT rec;
-    uint32 idval = id - 1;
-    int eid;
-    int rv;
-
-    /*
-     * Ensure that the name does not start with the metadata
-     * prefix character.
-     */
-    if (!newname || (newname[0] == NDB_MDPREFIX)) goto err_name;
-
-    /*
-     * We need the id-to-name DB file open for write
-     * (and implicitly read) access.
-     */
-    if (!(ndbp->ndb_flags & NDBF_WRID)) {
-
-	/* No, (re)open it */
-	rv = ndbReOpen(errp, ndb, NDBF_WRID);
-	if (rv) goto punt;
-    }
-
-    /* Set up record key */
-#if BYTE_ORDER == LITTLE_ENDIAN
-    M_32_SWAP(idval);
-#endif
-    key.data = (void *)&idval;
-    key.size = sizeof(uint32);
-
-    rec.data = 0;
-    rec.size = 0;
-
-    /* Retrieve the record by its key */
-    rv = (*ndbp->ndb_idb->get)(ndbp->ndb_idb, &key, &rec, 0);
-    if (rv) goto err_idget;
-
-    /* Set up to write the new name */
-    rec.data = (void *)newname;
-    rec.size = (namelen > 0) ? namelen : (strlen(newname) + 1);
-
-    /* Write the id-to-name record */
-    rv = (*ndbp->ndb_idb->put)(ndbp->ndb_idb, &key, &rec, 0);
-    if (rv) goto err_idput;
-
-  punt:
-    return rv;
-
-  err_name:
-    eid = NSDBERR2500;
-    rv = NDBERRNAME;
-    if (newname == 0) newname = "(null)";
-    else if ((namelen > 0) && (namelen != (strlen(newname) + 1))) {
-	newname = "(unprintable)";
-    }
-    (void)nserrGenerate(errp, rv, eid, NSDB_Program,
-			2,
-			ndbp->ndb_pname,	/* primary DB filename */
-			newname			/* name string */
-			);
-    goto punt;
-
-  err_idget:
-    /* Error getting id record from id-to-name database */
-    eid = NSDBERR2520;
-    rv = NDBERRGET;
-    goto err_dbio;
-
-  err_idput:
-    /* Error putting id record back to id-to-name database */
-    eid = NSDBERR2540;
-    rv = NDBERRIDPUT;
-  err_dbio:
-    nserrGenerate(errp, rv, eid, NSDB_Program,
-		  2, ndbp->ndb_pname, system_errmsg());
-    goto punt;
-}
-
-/*
- * Description (ndbStoreName)
- *
- *	This function stores a record, keyed by a specified name, in the
- *	primary DB file.  The record will overwrite any existing record
- *	with the same key, unless NDBF_NEWNAME, is included in the 'flags'
- *	argument.  If NDBF_NEWNAME is set, and the record already exists,
- *	it is not overwritten, and an error is returned.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	ndb			- database handle from ndbOpen()
- *	flags			- bit flags:
- *					NDBF_NEWNAME - name is new
- *	namelen			- length of name key, including null
- *				  terminator if any
- *	name			- pointer to name key
- *	reclen			- length of the record data
- *	recptr			- pointer to the record data
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise a non-zero
- *	error code is returned, and an error frame is generated if the
- *	caller provided an error frame list.
- */
-
-int ndbStoreName(NSErr_t * errp, void * ndb, int flags,
-		 int namelen, char * name, int reclen, char * recptr)
-{
-    NSDB_t * ndbp = (NSDB_t *)ndb;	/* database object pointer */
-    DBT key;
-    DBT rec;
-    int eid;
-    int rv;
-
-    /* Is the primary DB open for write access? */
-    if (!(ndbp->ndb_flags & NDBF_WRNAME)) {
-
-	/* No, (re)open it */
-	rv = ndbReOpen(errp, ndb, NDBF_WRNAME);
-	if (rv) goto punt;
-    }
-
-    /* Set up the key and record descriptors */
-    key.data = (void *)name;
-    key.size = (namelen > 0) ? namelen : (strlen(name) + 1);
-
-    rec.data = (void *)recptr;
-    rec.size = reclen;
-
-    /* Write the record to the primary DB file */
-    rv = (*ndbp->ndb_pdb->put)(ndbp->ndb_pdb, &key, &rec,
-			       (flags & NDBF_NEWNAME) ? R_NOOVERWRITE : 0);
-    if (rv) goto err_put;
-
-  punt:
-    return rv;
-
-  err_put:
-    eid = NSDBERR2700;
-    rv = NDBERRPUT;
-    nserrGenerate(errp, rv, eid, NSDB_Program,
-		  2, ndbp->ndb_pname, system_errmsg());
-    goto punt;
-}

lib/libaccess/nsgmgmt.cpp

@@ -1,434 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsgmgmt.c)
- *
- *	This module contains routines for managing information in a
- *	Netscape group database.  Information for a particular group
- *	is modified by retrieving the current information in the form
- *	of a group object (GroupObj_t), calling functions in this module,
- *	to modify the group object, and then calling groupStore() to
- *	write the information in the group object back to the database.
- */
-
-#include "base/systems.h"
-#include "netsite.h"
-#include "assert.h"
-#include "libaccess/nsdbmgmt.h"
-#define __PRIVATE_NSGROUP
-#include "libaccess/nsgmgmt.h"
-
-/*
- * Description (groupAddMember)
- *
- *	This function adds a member to a group object.  The member may
- *	be another group or a user, expressed as a group id or user id,
- *	respectively.  The 'isgid' argument is non-zero if the new
- *	member is a group, or zero if it is a user.
- *
- * Arguments:
- *
- *	goptr			- group object pointer
- *	isgid			- non-zero if 'id' is a group id
- *				  zero if 'id' is a user id
- *	id			- group or user id to be added
- *
- * Returns:
- *
- *	Returns zero if the specified member is already a direct member
- *	of the group.  Returns one if the member was added successfully.
- */
-
-NSAPI_PUBLIC int groupAddMember(GroupObj_t * goptr, int isgid, USI_t id)
-{
-    USIList_t * uilptr;
-    int rv = 0;
-
-    /* Point to the relevant uid or gid list */
-    uilptr = (isgid) ? &goptr->go_groups : &goptr->go_users;
-
-    /* Add the id to the selected list */
-    rv = usiInsert(uilptr, id);
-    if (rv > 0) {
-	goptr->go_flags |= GOF_MODIFIED;
-    }
-
-    return rv;
-}
-
-/*
- * Description (groupCreate)
- *
- *	This function creates a group object, using information about
- *	the group provided by the caller.  The strings passed for the
- *	group name and description may be on the stack.  The group id
- *	is set to zero, but the group object is marked as being new.
- *	A group id will be assigned when groupStore() is called to add
- *	the group to a group database.
- *
- * Arguments:
- *
- *	name		- pointer to group name string
- *	desc		- pointer to group description string
- *
- * Returns:
- *
- *	A pointer to a dynamically allocated GroupObj_t structure is
- *	returned.
- */
-
-NSAPI_PUBLIC GroupObj_t * groupCreate(NTS_t name, NTS_t desc)
-{
-    GroupObj_t * goptr;		/* group object pointer */
-
-    goptr = (GroupObj_t *)MALLOC(sizeof(GroupObj_t));
-    if (goptr) {
-	goptr->go_name = (NTS_t)STRDUP((char *)name);
-	goptr->go_gid = 0;
-	goptr->go_flags = (GOF_MODIFIED | GOF_NEW);
-	if (desc) {
-	    goptr->go_desc = (desc) ? (NTS_t)STRDUP((char *)desc) : 0;
-	}
-	UILINIT(&goptr->go_users);
-	UILINIT(&goptr->go_groups);
-	UILINIT(&goptr->go_pgroups);
-    }
-
-    return goptr;
-}
-
-/*
- * Description (groupDeleteMember)
- *
- *	This function removes a specified member from a group object's
- *	list of members.  The member to be remove may be a group or a
- *	user, expressed as a group id or user id, respectively.  The
- *	'isgid' argument is non-zero if the member being removed is a
- *	group, or zero if it is a user.
- *
- * Arguments:
- *
- *	goptr			- pointer to group object
- *	isgid			- non-zero if 'id' is a group id
- *				  zero if 'id' is a user id
- *	id			- group or user id to be removed
- *
- * Returns:
- *
- *	The return value is zero if the specified member was not present
- *	in the group object, or one if the member was successfully removed.
- */
-
-NSAPI_PUBLIC int groupDeleteMember(GroupObj_t * goptr, int isgid, USI_t id)
-{
-    USIList_t * uilptr;		/* pointer to list of member users or groups */
-    int rv;			/* return value */
-
-    /* Get pointer to appropriate list of ids */
-    uilptr = (isgid) ? &goptr->go_groups : &goptr->go_users;
-
-    /* Remove the specified id */
-    rv = usiRemove(uilptr, id);
-    if (rv > 0) {
-	goptr->go_flags |= GOF_MODIFIED;
-    }
-
-    return rv;
-}
-
-/*
- * Description (groupEncode)
- *
- *	This function encodes a group object into a group DB record.
- *
- * Arguments:
- *
- *	goptr			- pointer to group object
- *	greclen			- pointer to returned record length
- *	grecptr			- pointer to returned record pointer
- *
- * Returns:
- *
- *	The function return value is zero if successful.  The length
- *	and location of the created attribute record are returned
- *	through 'greclen' and 'grecptr'.  A non-zero function value
- *	is returned if there's an error.
- */
-
-NSAPI_PUBLIC int groupEncode(GroupObj_t * goptr, int * greclen, ATR_t * grecptr)
-{
-    int reclen;			/* length of DB record */
-    ATR_t rptr;			/* DB record pointer */
-    ATR_t rstart = 0;		/* pointer to beginning of DB record */
-    ATR_t glptr;		/* saved pointer to UAT_GROUPS length */
-    ATR_t gptr;			/* saved pointer to after length at glptr */
-    int gidlen;			/* gid encoding length */
-    int fllen;			/* flags encoding length */
-    USI_t dsclen;		/* group description encoding length */
-    USI_t nulen;		/* member user count encoding length */
-    USI_t nglen;		/* member group count encoding length */
-    int idcnt;			/* count of user or group ids */
-    USI_t * ids;		/* pointer to array of user or group ids */
-    int i;			/* id index */
-    int rv = -1;
-
-    /*
-     * First we need to figure out how long the generated record will be.
-     * This doesn't have to be exact, but it must not be smaller than the
-     * actual record size.
-     */
-
-    /* GAT_GID attribute: tag, length, USI */
-    gidlen = USILENGTH(goptr->go_gid);
-    reclen = (1 + 1 + gidlen);
-
-    /* GAT_FLAGS attribute: tag, length, USI */
-    fllen = USILENGTH(goptr->go_flags & GOF_DBFLAGS);
-    reclen += (1 + 1 + fllen);
-
-    /* GAT_DESCRIPT attribute: tag, length, NTS */
-    dsclen = NTSLENGTH(goptr->go_desc);
-    reclen += (1 + USILENGTH(dsclen) + dsclen);
-
-    /* GAT_USERS attribute: tag, length, USI(count), USI(uid)... */
-    idcnt = UILCOUNT(&goptr->go_users);
-    nulen = USILENGTH(idcnt);
-    reclen += (1 + USIALLOC() + nulen + (5 * idcnt));
-
-    /* GAT_GROUPS attribute: tag, length, USI(count), USI(gid)... */
-    idcnt = UILCOUNT(&goptr->go_groups);
-    nglen = USILENGTH(idcnt);
-    reclen += (1 + USIALLOC() + nglen + (5 * idcnt));
-
-    /* GAT_PGROUPS attribute: tag, length, USI(count), USI(gid)... */
-    idcnt = UILCOUNT(&goptr->go_pgroups);
-    nglen = USILENGTH(idcnt);
-    reclen += (1 + USIALLOC() + nglen + (5 * idcnt));
-
-    /* Allocate the attribute record buffer */
-    rptr = (ATR_t)MALLOC(reclen);
-    if (rptr) {
-
-	/* Save pointer to start of record */
-	rstart = rptr;
-
-	/* Encode GAT_GID attribute */
-	*rptr++ = GAT_GID;
-	*rptr++ = gidlen;
-	rptr = USIENCODE(rptr, goptr->go_gid);
-
-	/* Encode GAT_FLAGS attribute */
-	*rptr++ = GAT_FLAGS;
-	*rptr++ = fllen;
-	rptr = USIENCODE(rptr, (goptr->go_flags & GOF_DBFLAGS));
-
-	/* Encode GAT_DESCRIPT attribute */
-	*rptr++ = GAT_DESCRIPT;
-	rptr = USIENCODE(rptr, dsclen);
-	rptr = NTSENCODE(rptr, goptr->go_desc);
-
-	/* Encode GAT_USERS attribute */
-	*rptr++ = GAT_USERS;
-
-	/*
-	 * Save a pointer to the attribute encoding length, and reserve
-	 * space for the maximum encoding size of a USI_t value.
-	 */
-	glptr = rptr;
-	rptr += USIALLOC();
-	gptr = rptr;
-
-	/* Encode number of user members */
-	idcnt = UILCOUNT(&goptr->go_users);
-	rptr = USIENCODE(rptr, idcnt);
-
-	/* Generate user ids encodings */
-	ids = UILLIST(&goptr->go_users);
-	for (i = 0; i < idcnt; ++i) {
-	    rptr = USIENCODE(rptr, ids[i]);
-	}
-
-	/* Now fix up the GAT_USERS attribute encoding length */
-	glptr = USIINSERT(glptr, (USI_t)(rptr - gptr));
-
-	/* Encode GAT_GROUPS attribute */
-	*rptr++ = GAT_GROUPS;
-
-	/*
-	 * Save a pointer to the attribute encoding length, and reserve
-	 * space for the maximum encoding size of a USI_t value.
-	 */
-	glptr = rptr;
-	rptr += USIALLOC();
-	gptr = rptr;
-
-	/* Encode number of groups */
-	idcnt = UILCOUNT(&goptr->go_groups);
-	rptr = USIENCODE(rptr, idcnt);
-
-	/* Generate group ids encodings */
-	ids = UILLIST(&goptr->go_groups);
-	for (i = 0; i < idcnt; ++i) {
-	    rptr = USIENCODE(rptr, ids[i]);
-	}
-
-	/* Now fix up the GAT_GROUPS attribute encoding length */
-	glptr = USIINSERT(glptr, (USI_t)(rptr - gptr));
-
-	/* Encode GAT_PGROUPS attribute */
-	*rptr++ = GAT_PGROUPS;
-
-	/*
-	 * Save a pointer to the attribute encoding length, and reserve
-	 * space for the maximum encoding size of a USI_t value.
-	 */
-	glptr = rptr;
-	rptr += USIALLOC();
-	gptr = rptr;
-
-	/* Encode number of groups */
-	idcnt = UILCOUNT(&goptr->go_pgroups);
-	rptr = USIENCODE(rptr, idcnt);
-
-	/* Generate group ids encodings */
-	ids = UILLIST(&goptr->go_pgroups);
-	for (i = 0; i < idcnt; ++i) {
-	    rptr = USIENCODE(rptr, ids[i]);
-	}
-
-	/* Now fix up the GAT_PGROUPS attribute encoding length */
-	glptr = USIINSERT(glptr, (USI_t)(rptr - gptr));
-
-	/* Return record length and location if requested */
-	if (greclen) *greclen = rptr - rstart;
-	if (grecptr) *grecptr = rstart;
-
-	/* Indicate success */
-	rv = 0;
-    }
-
-    return rv;
-}
-
-/*
- * Description (groupRemove)
- *
- *	This function is called to remove a group from a specified group
- *	database.  Both the primary DB file and the id-to-name DB file
- *	are updated.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	groupdb			- handle for group DB access
- *	flags			- (unused - must be zero)
- *	name			- pointer to group name
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise it is a
- *	non-zero error code.
- */
-
-NSAPI_PUBLIC int groupRemove(NSErr_t * errp, void * groupdb, int flags, NTS_t name)
-{
-    GroupObj_t * goptr;		/* group object pointer */
-    int rv;
-    int rv2;
-
-    /* First retrieve the group record */
-    goptr = groupFindByName(errp, groupdb, name);
-    if (!goptr) {
-	/* Error - specified group not found */
-	return NSAERRNAME;
-    }
-
-    /* Free the group id value, if any */
-    rv = 0;
-    if (goptr->go_gid != 0) {
-	rv = ndbFreeId(errp, groupdb, 0, (char *)name, goptr->go_gid);
-    }
-
-    rv2 = ndbDeleteName(errp, groupdb, 0, 0, (char *)name);
-
-    return (rv) ? rv : rv2;
-}
-
-/*
- * Description (groupStore)
- *
- *	This function is called to store a group object in the database.
- *	If the object was created by groupCreate(), it is assumed to be
- *	a new group, the group account name must not match any existing
- *	group account names in the database, and a gid is assigned before
- *	adding the group to the database.  If the object was created by
- *	groupFindByName(), the information in the group object will
- *	replace the existing database entry for the indicated group
- *	name.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	groupdb			- handle for group DB access
- *	flags			- (unused - must be zero)
- *	goptr			- group object pointer
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise it is a
- *	non-zero error code.  The group object remains intact in either
- *	case.
- */
-
-NSAPI_PUBLIC int groupStore(NSErr_t * errp, void * groupdb, int flags, GroupObj_t * goptr)
-{
-    ATR_t recptr = 0;
-    USI_t gid;
-    int reclen = 0;
-    int stflags = 0;
-    int eid;
-    int rv;
-
-    /* If this is a new group, allocate a uid value */
-    if (goptr->go_flags & GOF_NEW) {
-
-	rv = ndbAllocId(errp, groupdb, 0, (char *)goptr->go_name, &gid);
-	if (rv) goto punt;
-
-	goptr->go_gid = gid;
-
-	/* Let the database manager know that this is a new entry */
-	stflags = NDBF_NEWNAME;
-    }
-
-    /* Convert the information in the group object to a DB record */
-    rv = groupEncode(goptr, &reclen, &recptr);
-    if (rv) goto err_nomem;
-
-    /*
-     * Store the record in the database under the group name.
-     * If this is a new entry, a group id to group name mapping
-     * also will be added to the id-to-name DB file.
-     */
-    rv = ndbStoreName(errp, groupdb, stflags,
-		      0, (char *)goptr->go_name, reclen, (char *)recptr);
-
-    FREE(recptr);
-
-    if (rv == 0) {
-	goptr->go_flags &= ~(GOF_NEW | GOF_MODIFIED);
-    }
-
-  punt:
-    return rv;
-
-  err_nomem:
-    eid = NSAUERR2000;
-    rv = NSAERRNOMEM;
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
-    goto punt;
-}

lib/libaccess/nsgroup.cpp

@@ -1,336 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsgroup.c)
- *
- *	This module contains routines for accessing information in a
- *	Netscape group database.  Group information is returned in the
- *	form of a group object (GroupObj_t), defined in nsauth.h.
- */
-
-#include "base/systems.h"
-#include "netsite.h"
-#include "assert.h"
-#define __PRIVATE_NSGROUP
-#include "libaccess/nsgroup.h"
-
-/*
- * Description (groupDecode)
- *
- *	This function decodes an external group DB record into a
- *	dynamically allocated GroupObj_t structure.  The DB record is
- *	encoded as an attribute record as defined in attrec.h.
- *
- * Arguments:
- *
- *	name		- pointer to group name string
- *	greclen		- length of the group DB record, in octets
- *	grecptr		- pointer to group DB record
- *
- * Returns:
- *
- *	A pointer to the allocated GroupObj_t structure is returned.
- */
-
-NSAPI_PUBLIC GroupObj_t * groupDecode(NTS_t name, int greclen, ATR_t grecptr)
-{
-    ATR_t cp = grecptr;			/* current pointer into DB record */
-    USI_t tag;				/* attribute tag */
-    USI_t len;				/* attribute value encoding length */
-    int i;				/* group id index */
-    int idcnt;				/* count of user or group ids */
-    USI_t * ids;			/* pointer to array of ids */
-    GroupObj_t * goptr;			/* group object pointer */
-
-    /* Allocate a group object structure */
-    goptr = (GroupObj_t *)MALLOC(sizeof(GroupObj_t));
-    if (goptr) {
-
-	goptr->go_name = (unsigned char *) STRDUP((char *)name);
-	goptr->go_gid = 0;
-	goptr->go_flags = GOF_MODIFIED;
-	goptr->go_desc = 0;
-	UILINIT(&goptr->go_users);
-	UILINIT(&goptr->go_groups);
-	UILINIT(&goptr->go_pgroups);
-
-	/* Parse group DB record */
-	while ((cp - grecptr) < greclen) {
-
-	    /* Get the attribute tag */
-	    cp = USIDECODE(cp, &tag);
-
-	    /* Get the length of the encoding of the attribute value */
-	    cp = USIDECODE(cp, &len);
-
-	    /* Process this attribute */
-	    switch (tag) {
-
-	      case GAT_GID:		/* group id */
-		cp = USIDECODE(cp, &goptr->go_gid);
-		break;
-
-	      case GAT_FLAGS:		/* flags */
-		cp = USIDECODE(cp, &goptr->go_flags);
-		break;
-
-	      case GAT_DESCRIPT:	/* group description */
-		cp = NTSDECODE(cp, &goptr->go_desc);
-		break;
-
-	      case GAT_USERS:		/* member users of this group */
-
-		/* First get the number of user ids following */
-		cp = USIDECODE(cp, (unsigned *)&idcnt);
-
-		if (idcnt > 0) {
-
-		    /* Allocate space for user ids */
-		    ids = usiAlloc(&goptr->go_users, idcnt);
-		    if (ids) {
-			for (i = 0; i < idcnt; ++i) {
-			    cp = USIDECODE(cp, ids + i);
-			}
-		    }
-		}
-		break;
-
-	      case GAT_GROUPS:		/* member groups of this group */
-
-		/* First get the number of group ids following */
-		cp = USIDECODE(cp, (unsigned *)&idcnt);
-
-		if (idcnt > 0) {
-
-		    /* Allocate space for group ids */
-		    ids = usiAlloc(&goptr->go_groups, idcnt);
-		    if (ids) {
-			for (i = 0; i < idcnt; ++i) {
-			    cp = USIDECODE(cp, ids + i);
-			}
-		    }
-		}
-		break;
-
-	      case GAT_PGROUPS:		/* parent groups of this group */
-
-		/* First get the number of group ids following */
-		cp = USIDECODE(cp, (USI_t *)&idcnt);
-
-		if (idcnt > 0) {
-
-		    /* Allocate space for group ids */
-		    ids = usiAlloc(&goptr->go_pgroups, idcnt);
-		    if (ids) {
-			for (i = 0; i < idcnt; ++i) {
-			    cp = USIDECODE(cp, ids + i);
-			}
-		    }
-		}
-		break;
-
-	      default:			/* unrecognized attribute */
-		/* Just skip it */
-		cp += len;
-		break;
-	    }
-	}
-    }
-
-    return goptr;
-}
-
-/*
- * Description (groupEnumHelp)
- *
- *	This is a local function that is called by NSDB during group
- *	database enumeration.  It decodes group records into group
- *	objects, and presents them to the caller of groupEnumerate().
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	parg			- pointer to GroupEnumArgs_t structure
- *	namelen			- length of group record key, including null
- *				  terminator
- *	name			- group record key (group account name)
- *	reclen			- length of group record
- *	recptr			- pointer to group record contents
- *
- * Returns:
- *
- *	Returns whatever value is returned from the upcall to the caller
- *	of groupEnumerate().
- */
-
-static int groupEnumHelp(NSErr_t * errp, void * parg,
-			 int namelen, char * name, int reclen, char * recptr)
-{
-    GroupEnumArgs_t * ge = (GroupEnumArgs_t *)parg;
-    GroupObj_t * goptr;			/* group object pointer */
-    int rv;
-
-    goptr = groupDecode((NTS_t)name, reclen, (ATR_t)recptr);
-
-    rv = (*ge->func)(errp, ge->user, goptr);
-
-    if (!(ge->flags & GOF_ENUMKEEP)) {
-	FREE(goptr);
-    }
-
-    return rv;
-}
-
-/*
- * Description (groupEnumerate)
- *
- *	This function enumerates all of the groups in a specified group
- *	database, calling a caller-specified function with a group object
- *	for each group in the database.  A 'flags' value of GOF_ENUMKEEP
- *	can be specified to keep the group objects around (not free them)
- *	after the caller's function returns.  Otherwise, each group
- *	object is freed after being presented to the caller's function.
- *	The 'argp' argument is an opaque pointer, which is passed to
- *	the caller's function as 'parg' on each call, along with a
- *	group object pointer.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	groupdb			- handle for group DB access
- *	flags			- bit flags:
- *					GOF_ENUMKEEP - keep group objects
- *	argp			- passed to 'func' as 'parg'
- *	func			- pointer to caller's enumeration function
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise it is a
- *	non-zero error code.
- */
-
-NSAPI_PUBLIC int groupEnumerate(NSErr_t * errp, void * groupdb, int flags, void * argp,
-		  int (*func)(NSErr_t * ferrp,
-			      void * parg, GroupObj_t * goptr))
-{
-    int rv;
-    GroupEnumArgs_t args;
-
-    args.groupdb = groupdb;
-    args.flags = flags;
-    args.func = func;
-    args.user = argp;
-
-    rv = ndbEnumerate(errp,
-		      groupdb, NDBF_ENUMNORM, (void *)&args, groupEnumHelp);
-
-    return rv;
-}
-
-/*
- * Description (groupFindByName)
- *
- *	This function looks up a group record for a specified group name,
- *	converts the group record to the internal group object form, and
- *	returns a pointer to the group object.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	groupdb			- handle for group DB access
- *	name			- group name to find
- *
- * Returns:
- *
- *	If successful, the return value is a pointer to a group object
- *	for the specified group.  Otherwise it is 0.
- */
-
-NSAPI_PUBLIC GroupObj_t * groupFindByName(NSErr_t * errp, void * groupdb, NTS_t name)
-{
-    GroupObj_t * goptr = 0;
-    ATR_t grecptr;
-    int greclen;
-    int rv;
-
-    /* Look up the group name in the database */
-    rv = ndbFindName(errp, groupdb, 0, (char *)name, &greclen, (char **)&grecptr);
-    if (rv == 0) {
-
-	/* Got the group record.  Decode into a group object. */
-	goptr = groupDecode(name, greclen, grecptr);
-    }
-
-    return goptr;
-}
-
-/*
- * Description (groupFindByGid)
- *
- *	This function looks up a group record for a specified group id,
- *	converts the group record to the internal group object form, and
- *	returns a pointer to the group object.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	groupdb			- handle for group DB access
- *	gid			- group id to find
- *
- * Returns:
- *
- *	If successful, the return value is a pointer to a group object
- *	for the specified group.  Otherwise it is 0.
- */
-
-NSAPI_PUBLIC GroupObj_t * groupFindByGid(NSErr_t * errp, void * groupdb, USI_t gid)
-{
-    GroupObj_t * goptr = 0;
-    NTS_t name;
-    ATR_t grecptr;
-    int greclen;
-    int rv;
-
-    /* Get the group account name corresponding to the gid */
-    rv = ndbIdToName(errp, groupdb, gid, 0, (char **)&name);
-    if (rv == 0) {
-
-	rv = ndbFindName(errp, groupdb, 0, (char *)name, &greclen, (char **)&grecptr);
-	if (rv == 0) {
-
-	    /* Got the group record.  Decode into a group object. */
-	    goptr = groupDecode(name, greclen, grecptr);
-	}
-    }
-
-    return goptr;
-}
-
-/*
- * Description (groupFree)
- *
- *	This function is called to free a group object.  Group objects
- *	are not automatically freed when a group database is closed.
- *
- * Arguments:
- *
- *	goptr			- group object pointer
- *
- */
-
-NSAPI_PUBLIC void groupFree(GroupObj_t * goptr)
-{
-    if (goptr) {
-
-	if (goptr->go_name) FREE(goptr->go_name);
-	if (goptr->go_desc) FREE(goptr->go_desc);
-	UILFREE(&goptr->go_users);
-	UILFREE(&goptr->go_groups);
-	UILFREE(&goptr->go_pgroups);
-	FREE(goptr);
-    }
-}

lib/libaccess/nslock.cpp

@@ -1,268 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nslock.c)
- *
- *	This modules provides an interprocess locking mechanism, based
- *	on a named lock.
- */
-
-#include "netsite.h"
-#include "base/file.h"
-#define __PRIVATE_NSLOCK
-#include "nslock.h"
-#include <assert.h>
-
-char * NSLock_Program = "NSLOCK";
-
-#ifdef FILE_UNIX
-/*
- * The process-wide list of locks, NSLock_List, is protected by the
- * critical section, NSLock_Crit.
- */
-CRITICAL NSLock_Crit = 0;
-NSLock_t * NSLock_List = 0;
-#endif /* FILE_UNIX */
-
-/*
- * Description (nsLockOpen)
- *
- *	This function is used to initialize a handle for a lock.  The
- *	caller specifies a unique name for the lock, and a handle is
- *	returned.  The returned handle should be used by only one
- *	thread at a time, i.e. if multiple threads in a process are
- *	using the same lock, they should either have their own handles
- *	or protect a single handle with a critical section.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	lockname		- pointer to name of lock
- *	plock			- pointer to returned handle for lock
- *
- * Returns:
- *
- *	If successful, a handle for the specified lock is returned via
- *	'plock', and the return value is zero.  Otherwise the return
- *	value is a negative error code (see nslock.h), and an error
- *	frame is generated if an error frame list was provided.
- */
-
-NSAPI_PUBLIC int nsLockOpen(NSErr_t * errp, char * lockname, void **plock)
-{
-    NSLock_t * nl = 0;			/* pointer to lock structure */
-    int len;				/* length of lockname */
-    int eid;
-    int rv;
-
-#ifdef FILE_UNIX
-    /* Have we created the critical section for NSLock_List yet? */
-    if (NSLock_Crit == 0) {
-
-	/* Narrow the window for simultaneous initialization */
-	NSLock_Crit = (CRITICAL)(-1);
-
-	/* Create it */
-	NSLock_Crit = crit_init();
-    }
-
-    /* Lock the list of locks */
-    crit_enter(NSLock_Crit);
-
-    /* See if a lock with the specified name exists already */
-    for (nl = NSLock_List; nl != 0; nl = nl->nl_next) {
-	if (!strcmp(nl->nl_name, lockname)) break;
-    }
-
-    /* Create a new lock if we didn't find it */
-    if (nl == 0) {
-
-	len = strlen(lockname);
-
-	nl = (NSLock_t *)PERM_MALLOC(sizeof(NSLock_t) + len + 5);
-	if (nl == 0) goto err_nomem;
-
-	nl->nl_name = (char *)(nl + 1);
-	strcpy(nl->nl_name, lockname);
-	strcpy(&nl->nl_name[len], ".lck");
-	nl->nl_cnt = 0;
-
-	nl->nl_fd = open(nl->nl_name, O_RDWR|O_CREAT|O_EXCL, 0644);
-	if (nl->nl_fd < 0) {
-
-	    if (errno != EEXIST) {
-		crit_exit(NSLock_Crit);
-		goto err_create;
-	    }
-
-	    /* O_RDWR or O_WRONLY is required to use lockf on Solaris */
-	    nl->nl_fd = open(nl->nl_name, O_RDWR, 0);
-	    if (nl->nl_fd < 0) {
-		crit_exit(NSLock_Crit);
-		goto err_open;
-	    }
-	}
-
-	/* Remove ".lck" from the lock name */
-	nl->nl_name[len] = 0;
-
-	/* Create a critical section for this lock (gag!) */
-	nl->nl_crit = crit_init();
-
-	/* Add this lock to NSLock_List */
-	nl->nl_next = NSLock_List;
-	NSLock_List = nl;
-    }
-
-    crit_exit(NSLock_Crit);
-
-#else
-/* write me */
-    nl = (void *)4;
-#endif /* FILE_UNIX */
-
-    *plock = (void *)nl;
-    return 0;
-
-  err_nomem:
-    eid = NSLERR1000;
-    rv = NSLERRNOMEM;
-    nserrGenerate(errp, rv, eid, NSLock_Program, 0);
-    goto punt;
-
-  err_create:
-    eid = NSLERR1020;
-    rv = NSLERRCREATE;
-    goto err_file;
-
-  err_open:
-    eid = NSLERR1040;
-    rv = NSLERROPEN;
-  err_file:
-    nserrGenerate(errp, rv, eid, NSLock_Program, 1, nl->nl_name);
-  punt:
-    if (nl) {
-	FREE(nl);
-    }
-    *plock = 0;
-    return rv;
-}
-
-/*
- * Description (nsLockAcquire)
- *
- *	This function is used to acquire exclusive ownership of a lock
- *	previously accessed via nsLockOpen().  The calling thread will
- *	be blocked until the lock is acquired.  Other threads in the
- *	process should not be blocked.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	lock			- handle for lock from nsLockOpen()
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise the return
- *	value is a negative error code (see nslock.h), and an error
- *	frame is generated if an error frame list was provided.
- */
-
-NSAPI_PUBLIC int nsLockAcquire(NSErr_t * errp, void * lock)
-{
-    NSLock_t * nl = (NSLock_t *)lock;
-    int eid;
-    int rv;
-
-#ifdef FILE_UNIX
-    /* Enter the critical section for the lock */
-    crit_enter(nl->nl_crit);
-
-    /* Acquire the file lock if we haven't already */
-    if (nl->nl_cnt == 0) {
-	rv = system_flock(nl->nl_fd);
-	if (rv) {
-	    crit_exit(nl->nl_crit);
-	    goto err_lock;
-	}
-    }
-
-    /* Bump the lock count */
-    nl->nl_cnt++;
-
-    crit_exit(nl->nl_crit);
-#else
- /* write me */
-#endif /* FILE_UNIX */
-
-    /* Indicate success */
-    return 0;
-
-  err_lock:
-    eid = NSLERR1100;
-    rv = NSLERRLOCK;
-    nserrGenerate(errp, rv, eid, NSLock_Program, 1, nl->nl_name);
-
-    return rv;
-}
-
-/*
- * Description (nsLockRelease)
- *
- *	This function is used to release exclusive ownership to a lock
- *	that was previously obtained via nsLockAcquire().
- *
- * Arguments:
- *
- *	lock			- handle for lock from nsLockOpen()
- */
-
-NSAPI_PUBLIC void nsLockRelease(void * lock)
-{
-    NSLock_t * nl = (NSLock_t *)lock;
-
-#ifdef FILE_UNIX
-    assert(nl->nl_cnt > 0);
-
-    crit_enter(nl->nl_crit);
-
-    if (--nl->nl_cnt <= 0) {
-	system_ulock(nl->nl_fd);
-	nl->nl_cnt = 0;
-    }
-
-    crit_exit(nl->nl_crit);
-#endif /* FILE_UNIX */
-}
-
-/*
- * Description (nsLockClose)
- *
- *	This function is used to close a lock handle that was previously
- *	acquired via nsLockOpen().  The lock should not be owned.
- *
- * Arguments:
- *
- *	lock			- handle for lock from nsLockOpen()
- */
-
-NSAPI_PUBLIC void nsLockClose(void * lock)
-{
-    NSLock_t * nl = (NSLock_t *)lock;
-
-#ifdef FILE_UNIX
-    /* Don't do anything with the lock, since it will get used again */
-#if 0
-    crit_enter(nl->nl_crit);
-    close(nl->nl_fd);
-    crit_exit(nl->nl_crit);
-    FREE(nl);
-#endif
-#else
- /* write me */
-#endif FILE_UNIX
-}

lib/libaccess/nsumgmt.cpp

@@ -1,456 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsumgmt.c)
- *
- *	This module contains routines for managing information in a
- *	Netscape user database.  Information for a particular user
- *	is modified by retrieving the current information in the form
- *	of a user object (UserObj_t), calling functions in this module,
- *	to modify the user object, and then calling userStore() to
- *	write the information in the user object back to the database.
- */
-
-#include "base/systems.h"
-#include "netsite.h"
-#include "assert.h"
-#include "libaccess/nsdbmgmt.h"
-#define __PRIVATE_NSUSER
-#include "libaccess/nsumgmt.h"
-
-/*
- * Description (userAddGroup)
- *
- *	This function adds a group id to the list of group ids associated
- *	with a user object.
- *
- * Arguments:
- *
- *	uoptr			- user object pointer
- *	gid			- group id to be added
- *
- * Returns:
- *
- *	Returns zero if the group id is already present in the group id list.
- *	Returns one if the group id was added successfully.
- *	Returns a negative value if an error occurs.
- */
-
-int userAddGroup(UserObj_t * uoptr, USI_t gid)
-{
-    int rv;
-
-    rv = usiInsert(&uoptr->uo_groups, gid);
-
-    if (rv > 0) {
-
-	uoptr->uo_flags |= UOF_MODIFIED;
-    }
-
-    return rv;
-}
-
-/*
- * Description (userCreate)
- *
- *	This function creates a user object, using information about
- *	the user provided by the caller.  The strings passed for the
- *	user account name, password, and real user name may be on the
- *	stack.  The user id is set to zero, but the user object is
- *	marked as being new.  A user id will be assigned when
- *	userStore() is called to add the user to a user database.
- *
- * Arguments:
- *
- *	name		- pointer to user account name string
- *	pwd		- pointer to (encrypted) password string
- *	rname		- real user name (gecos string)
- *
- * Returns:
- *
- *	A pointer to a dynamically allocated UserObj_t structure is
- *	returned.
- */
-
-NSAPI_PUBLIC UserObj_t * userCreate(NTS_t name, NTS_t pwd, NTS_t rname)
-{
-    UserObj_t * uoptr;		/* user object pointer */
-
-    uoptr = (UserObj_t *)MALLOC(sizeof(UserObj_t));
-    if (uoptr) {
-	uoptr->uo_name = (NTS_t)STRDUP((char *)name);
-	uoptr->uo_pwd = (pwd) ? (NTS_t)STRDUP((char *)pwd) : 0;
-	uoptr->uo_uid = 0;
-	uoptr->uo_flags = (UOF_MODIFIED | UOF_NEW);
-	uoptr->uo_rname = (rname) ? (NTS_t)STRDUP((char *)rname) : 0;
-	UILINIT(&uoptr->uo_groups);
-    }
-
-    return uoptr;
-}
-
-/*
- * Description (userDeleteGroup)
- *
- *	This function removes a specified group id from a user object's
- *	list of groups.
- *
- * Arguments:
- *
- *	uoptr			- pointer to user object
- *	gid			- group id to remove
- *
- * Returns:
- *
- *	The return value is zero if the specified group id was not present
- *	in the user object, or one if the group was successfully removed.
- */
-
-int userDeleteGroup(UserObj_t * uoptr, USI_t gid)
-{
-    int rv;			/* return value */
-
-    rv = usiRemove(&uoptr->uo_groups, gid);
-    if (rv > 0) {
-	uoptr->uo_flags |= UOF_MODIFIED;
-    }
-
-    return rv;
-}
-
-/*
- * Description (userEncode)
- *
- *	This function encodes a user object into a user DB record.
- *
- * Arguments:
- *
- *	uoptr			- pointer to user object
- *	ureclen			- pointer to returned record length
- *	urecptr			- pointer to returned record pointer
- *
- * Returns:
- *
- *	The function return value is zero if successful.  The length
- *	and location of the created attribute record are returned
- *	through 'ureclen' and 'urecptr'.  A non-zero function value
- *	is returned if there's an error.
- */
-
-int userEncode(UserObj_t * uoptr, int * ureclen, ATR_t * urecptr)
-{
-    int reclen;			/* length of DB record */
-    ATR_t rptr;			/* DB record pointer */
-    ATR_t rstart = 0;		/* pointer to beginning of DB record */
-    ATR_t glptr;		/* saved pointer to UAT_GROUPS length */
-    ATR_t gptr;			/* saved pointer to after length at glptr */
-    int pwdlen;			/* password encoding length */
-    int uidlen;			/* uid encoding length */
-    int fllen;			/* account flags encoding length */
-    USI_t rnlen;		/* real name encoding length */
-    USI_t nglen;		/* group count encoding length */
-    USI_t gcnt;			/* number of group ids */
-    USI_t * gids;		/* pointer to array of group ids */
-    int i;			/* group id index */
-    int rv = -1;
-
-    /*
-     * First we need to figure out how long the generated record will be.
-     * This doesn't have to be exact, but it must not be smaller than the
-     * actual record size.
-     */
-
-    /* UAT_PASSWORD attribute: tag, length, NTS */
-    pwdlen = NTSLENGTH(uoptr->uo_pwd);
-    reclen = 1 + 1 + pwdlen;
-    if (pwdlen > 127) goto punt;
-
-    /* UAT_UID attribute: tag, length, USI */
-    uidlen = USILENGTH(uoptr->uo_uid);
-    reclen += (1 + 1 + uidlen);
-
-    /* UAT_ACCFLAGS attribute: tag, length, USI */
-    fllen = USILENGTH(uoptr->uo_flags & UOF_DBFLAGS);
-    reclen += (1 + 1 + fllen);
-
-    /* UAT_REALNAME attribute: tag, length, NTS */
-    rnlen = NTSLENGTH(uoptr->uo_rname);
-    reclen += (1 + USILENGTH(rnlen) + rnlen);
-
-    /* UAT_GROUPS attribute: tag, length, USI(count), USI(gid)... */
-    gcnt = UILCOUNT(&uoptr->uo_groups);
-    nglen = USILENGTH(gcnt);
-    reclen += (1 + USIALLOC() + nglen + (5 * gcnt));
-
-    /* Allocate the attribute record buffer */
-    rptr = (ATR_t)MALLOC(reclen);
-    if (rptr) {
-
-	/* Save pointer to start of record */
-	rstart = rptr;
-
-	/* Encode UAT_PASSWORD attribute */
-	*rptr++ = UAT_PASSWORD;
-	*rptr++ = pwdlen;
-	rptr = NTSENCODE(rptr, uoptr->uo_pwd);
-
-	/* Encode UAT_UID attribute */
-	*rptr++ = UAT_UID;
-	*rptr++ = uidlen;
-	rptr = USIENCODE(rptr, uoptr->uo_uid);
-
-	/* Encode UAT_ACCFLAGS attribute */
-	*rptr++ = UAT_ACCFLAGS;
-	*rptr++ = fllen;
-	rptr = USIENCODE(rptr, (uoptr->uo_flags & UOF_DBFLAGS));
-
-	/* Encode UAT_REALNAME attribute */
-	*rptr++ = UAT_REALNAME;
-	rptr = USIENCODE(rptr, rnlen);
-	rptr = NTSENCODE(rptr, uoptr->uo_rname);
-
-	/* Encode UAT_GROUPS attribute */
-	*rptr++ = UAT_GROUPS;
-
-	/*
-	 * Save a pointer to the attribute encoding length, and reserve
-	 * space for the maximum encoding size of a USI_t value.
-	 */
-	glptr = rptr;
-	rptr += USIALLOC();
-	gptr = rptr;
-
-	/* Encode number of groups */
-	rptr = USIENCODE(rptr, gcnt);
-
-	/* Generate group ids encodings */
-	gids = UILLIST(&uoptr->uo_groups);
-	for (i = 0; i < gcnt; ++i) {
-	    rptr = USIENCODE(rptr, gids[i]);
-	}
-
-	/* Now fix up the UAT_GROUPS attribute encoding length */
-	glptr = USIINSERT(glptr, (USI_t)(rptr - gptr));
-
-	/* Return record length and location if requested */
-	if (ureclen) *ureclen = rptr - rstart;
-	if (urecptr) *urecptr = rstart;
-
-	/* Indicate success */
-	rv = 0;
-    }
-
-  punt:
-    return rv;
-}
-
-/*
- * Description (userRemove)
- *
- *	This function is called to remove a user from a specified user
- *	database.  Both the primary DB file and the id-to-name DB file
- *	are updated.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	userdb			- handle for user DB access
- *	flags			- (unused - must be zero)
- *	name			- pointer to user account name
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise it is a
- *	non-zero error code.
- */
-
-NSAPI_PUBLIC int userRemove(NSErr_t * errp, void * userdb, int flags, NTS_t name)
-{
-    UserObj_t * uoptr;		/* user object pointer */
-    int rv;
-    int rv2;
-
-    /* First retrieve the user record */
-    uoptr = userFindByName(errp, userdb, name);
-    if (!uoptr) {
-	/* Error - specified user not found */
-	return NSAERRNAME;
-    }
-
-    /* Free the user id value, if any */
-    rv = 0;
-    if (uoptr->uo_uid != 0) {
-	rv = ndbFreeId(errp, userdb, 0, (char *)name, uoptr->uo_uid);
-    }
-
-    rv2 = ndbDeleteName(errp, userdb, 0, 0, (char *)name);
-
-    return (rv) ? rv : rv2;
-}
-
-/*
- * Description (userRename)
- *
- *	This function is called to change the account name associated
- *	with an existing user.  The caller provides a pointer to a
- *	user object for the existing user (with the current user account
- *	name referenced by uo_name), and the new account name for this
- *	user.  A check is made to ensure the uniqueness of the new name
- *	in the specified user database.  The account name in the user
- *	object is modified.  The user database is not modified until
- *	userStore() is called.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	userdb			- handle for user DB access
- *	uoptr			- user object pointer
- *	newname			- pointer to new account name string
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise it is a
- *	non-zero error code.  The user object remains intact in either
- *	case.
- */
-
-NSAPI_PUBLIC int userRename(NSErr_t * errp, void * userdb, UserObj_t * uoptr, NTS_t newname)
-{
-    int reclen;				/* user record length */
-    ATR_t recptr = 0;			/* user record pointer */
-    char * oldname;			/* old user account name */
-    int eid;				/* error id code */
-    int rv;				/* result value */
-
-    /* Save the current account name and replace it with the new one */
-    oldname = (char *)uoptr->uo_name;
-    uoptr->uo_name = (unsigned char *) STRDUP((char *)newname);
-
-    if ((oldname != 0) && !(uoptr->uo_flags & UOF_NEW)) {
-
-	/* Convert the information in the user object to a DB record */
-	rv = userEncode(uoptr, &reclen, &recptr);
-	if (rv) goto err_nomem;
-
-	/*
-	 * Store the record in the database
-	 * under the new user account name.
-	 */
-	rv = ndbStoreName(errp, userdb, NDBF_NEWNAME,
-			  0, (char *)uoptr->uo_name, reclen, (char *)recptr);
-	if (rv) goto punt;
-
-	/* Change the mapping of the user id to the new name */
-	rv = ndbRenameId(errp, userdb, 0, (char *)uoptr->uo_name, uoptr->uo_uid);
-	if (rv) goto punt;
-
-	/* Delete the user record with the old account name */
-	rv = ndbDeleteName(errp, userdb, 0, 0, oldname);
-	if (rv) goto punt;
-    }
-    else {
-	/* Set flags in user object for userStore() */
-	uoptr->uo_flags |= UOF_MODIFIED;
-    }
-
-  punt:
-    if (recptr) {
-	FREE(recptr);
-    }
-    if (oldname) {
-	FREE(oldname);
-    }
-    return rv;
-
-  err_nomem:
-    eid = NSAUERR1000;
-    rv = NSAERRNOMEM;
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
-    goto punt;
-}
-
-/*
- * Description (userStore)
- *
- *	This function is called to store a user object in the database.
- *	If the object was created by userCreate(), it is assumed to be
- *	a new user account, the user account name must not match any
- *	existing user account names in the database, and a uid is
- *	assigned before adding the user to the database.  If the object
- *	was created by userFindByName(), the information in the user
- *	object will replace the existing database entry for the
- *	indicated user account name.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	userdb			- handle for user DB access
- *	flags			- (unused - must be zero)
- *	uoptr			- user object pointer
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise it is a
- *	non-zero error code.  The user object remains intact in either
- *	case.
- */
-
-NSAPI_PUBLIC int userStore(NSErr_t * errp, void * userdb, int flags, UserObj_t * uoptr)
-{
-    ATR_t recptr = 0;
-    USI_t uid;
-    int reclen = 0;
-    int stflags = 0;
-    int eid;
-    int rv;
-
-    /* If this is a new user, allocate a uid value */
-    if (uoptr->uo_flags & UOF_NEW) {
-	/*
-	 * Yes, allocate a user id and add a user id to user
-	 * account name mapping to the id-to-name DB file.
-	 */
-	uid = 0;
-	rv = ndbAllocId(errp, userdb, 0, (char *)uoptr->uo_name, &uid);
-	if (rv) goto punt;
-
-	uoptr->uo_uid = uid;
-
-	/* Let the database manager know that this is a new entry */
-	stflags = NDBF_NEWNAME;
-    }
-
-    /* Convert the information in the user object to a DB record */
-    rv = userEncode(uoptr, &reclen, &recptr);
-    if (rv) goto err_nomem;
-
-    /* Store the record in the database under the user account name. */
-    rv = ndbStoreName(errp, userdb, stflags,
-		      0, (char *)uoptr->uo_name, reclen, (char *)recptr);
-    if (rv) goto punt;
-
-    FREE(recptr);
-    recptr = 0;
-
-    uoptr->uo_flags &= ~(UOF_NEW | UOF_MODIFIED);
-    return 0;
-
-  err_nomem:
-    eid = NSAUERR1100;
-    rv = NSAERRNOMEM;
-    nserrGenerate(errp, rv, eid, NSAuth_Program, 0);
-
-  punt:
-    if (recptr) {
-	FREE(recptr);
-    }
-    if ((uoptr->uo_flags & UOF_NEW) && (uid != 0)) {
-	/* Free the user id value if we failed after allocating it */
-	ndbFreeId(errp, userdb, 0, (char *)uoptr->uo_name, uid);
-    }
-    return rv;
-}

lib/libaccess/nsuser.cpp

@@ -1,309 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*
- * Description (nsuser.c)
- *
- *	This module contains routines for accessing information in a
- *	Netscape user database.  User information is returned in the
- *	form of a user object (UserObj_t), defined in nsauth.h.
- */
-
-#include "base/systems.h"
-#include "netsite.h"
-#include "assert.h"
-#define __PRIVATE_NSUSER
-#include "libaccess/nsuser.h"
-
-/* Authentication facility name for error frame generation */
-char * NSAuth_Program = "NSAUTH";
-
-/*
- * Description (userDecode)
- *
- *	This function decodes an external user DB record into a dynamically
- *	allocated UserObj_t structure.  The DB record is encoded as an
- *	attribute record as defined in attrec.h.
- *
- * Arguments:
- *
- *	name		- pointer to user account name string
- *	ureclen		- length of the user DB record, in octets
- *	urecptr		- pointer to user DB record
- *
- * Returns:
- *
- *	A pointer to the allocated UserObj_t structure is returned.
- */
-
-UserObj_t * userDecode(NTS_t name, int ureclen, ATR_t urecptr)
-{
-    ATR_t cp = urecptr;			/* current pointer into DB record */
-    USI_t tag;				/* attribute tag */
-    USI_t len;				/* attribute value encoding length */
-    USI_t gcnt;				/* number of group ids */
-    USI_t * gids;			/* pointer to array of group ids */
-    int i;				/* group id index */
-    UserObj_t * uoptr;			/* user object pointer */
-
-    /* Allocate a user object structure */
-    uoptr = (UserObj_t *)MALLOC(sizeof(UserObj_t));
-    if (uoptr) {
-
-	uoptr->uo_name = (unsigned char *) STRDUP((char *)name);
-	uoptr->uo_pwd = 0;
-	uoptr->uo_uid = 0;
-	uoptr->uo_flags = 0;
-	uoptr->uo_rname = 0;
-	UILINIT(&uoptr->uo_groups);
-
-	/* Parse user DB record */
-	while ((cp - urecptr) < ureclen) {
-
-	    /* Get the attribute tag */
-	    cp = USIDECODE(cp, &tag);
-
-	    /* Get the length of the encoding of the attribute value */
-	    cp = USIDECODE(cp, &len);
-
-	    /* Process this attribute */
-	    switch (tag) {
-
-	      case UAT_PASSWORD:	/* encrypted password */
-		cp = NTSDECODE(cp, &uoptr->uo_pwd);
-		break;
-
-	      case UAT_UID:		/* user id */
-		cp = USIDECODE(cp, &uoptr->uo_uid);
-		break;
-
-	      case UAT_ACCFLAGS:	/* account flags */
-		cp = USIDECODE(cp, &uoptr->uo_flags);
-		break;
-
-	      case UAT_REALNAME:	/* real name of user */
-		cp = NTSDECODE(cp, &uoptr->uo_rname);
-		break;
-
-	      case UAT_GROUPS:		/* groups which include user */
-
-		/* First get the number of group ids following */
-		cp = USIDECODE(cp, &gcnt);
-
-		if (gcnt > 0) {
-
-		    /* Allocate space for group ids */
-		    gids = usiAlloc(&uoptr->uo_groups, gcnt);
-		    if (gids) {
-			for (i = 0; i < gcnt; ++i) {
-			    cp = USIDECODE(cp, gids + i);
-			}
-		    }
-		}
-		break;
-
-	      default:			/* unrecognized attribute */
-		/* Just skip it */
-		cp += len;
-		break;
-	    }
-	}
-    }
-
-    return uoptr;
-}
-
-/*
- * Description (userEnumHelp)
- *
- *	This is a local function that is called by NSDB during user
- *	database enumeration.  It decodes user records into user
- *	objects, and presents them to the caller of userEnumerate().
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	parg			- pointer to UserEnumArgs_t structure
- *	namelen			- user record key length including null
- *				  terminator
- *	name			- user record key (user account name)
- *	reclen			- length of user record
- *	recptr			- pointer to user record contents
- *
- * Returns:
- *
- *	Returns whatever value is returned from the upcall to the caller
- *	of userEnumerate().
- */
-
-static int userEnumHelp(NSErr_t * errp, void * parg,
-			int namelen, char * name, int reclen, char * recptr)
-{
-    UserEnumArgs_t * ue = (UserEnumArgs_t *)parg;
-    UserObj_t * uoptr;			/* user object pointer */
-    int rv;
-
-    uoptr = userDecode((NTS_t)name, reclen, (ATR_t)recptr);
-
-    rv = (*ue->func)(errp, ue->user, uoptr);
-
-    if (!(ue->flags & UOF_ENUMKEEP)) {
-	userFree(uoptr);
-    }
-
-    return rv;
-}
-
-/*
- * Description (userEnumerate)
- *
- *	This function enumerates all of the users in a specified user
- *	database, calling a caller-specified function with a user object
- *	for each user in the database.  A 'flags' value of UOF_ENUMKEEP
- *	can be specified to keep the user objects around (not free them)
- *	after the caller's function returns.  Otherwise, each user
- *	object is freed after being presented to the caller's function.
- *	The 'argp' argument is an opaque pointer, which is passed to
- *	the caller's function as 'parg' on each call, along with a
- *	user object pointer.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	userdb			- handle for user DB access
- *	flags			- bit flags:
- *					UOF_ENUMKEEP - keep user objects
- *	argp			- passed to 'func' as 'parg'
- *	func			- pointer to caller's enumeration function
- *
- * Returns:
- *
- *	If successful, the return value is zero.  Otherwise it is a
- *	non-zero error code, and an error frame is generated if an error
- *	frame list was provided by the caller.
- */
-
-int userEnumerate(NSErr_t * errp, void * userdb, int flags, void * argp,
-		  int (*func)(NSErr_t * ferrp, void * parg, UserObj_t * uoptr))
-{
-    int rv;
-    UserEnumArgs_t args;
-
-    args.userdb = userdb;
-    args.flags = flags;
-    args.func = func;
-    args.user = argp;
-
-    rv = ndbEnumerate(errp,
-		      userdb, NDBF_ENUMNORM, (void *)&args, userEnumHelp);
-
-    return rv;
-}
-
-/*
- * Description (userFindByName)
- *
- *	This function looks up a user record for a specified user account
- *	name, converts the user record to the internal user object form,
- *	and returns a pointer to the user object.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	userdb			- handle for user DB access
- *	name			- user account name to find
- *
- * Returns:
- *
- *	If successful, the return value is a pointer to a user object
- *	for the specified user.  Otherwise it is 0, and an error frame
- *	is generated if an error frame list was provided by the caller.
- */
-
-UserObj_t * userFindByName(NSErr_t * errp, void * userdb, NTS_t name)
-{
-    UserObj_t * uoptr = 0;
-    ATR_t urecptr;
-    int ureclen;
-    int rv;
-
-    /* Look up the user name in the database */
-    rv = ndbFindName(errp, userdb, 0, (char *) name, &ureclen, (char **)&urecptr);
-    if (rv == 0) {
-
-	/* Got the user record.  Decode into a user object. */
-	uoptr = userDecode(name, ureclen, urecptr);
-    }
-
-    return uoptr;
-}
-
-/*
- * Description (userFindByUid)
- *
- *	This function looks up a user record for a specified user id,
- *	converts the user record to the internal user object form, and
- *	returns a pointer to the user object.
- *
- * Arguments:
- *
- *	errp			- error frame list pointer (may be null)
- *	userdb			- handle for user DB access
- *	uid			- user id to find
- *
- * Returns:
- *
- *	If successful, the return value is a pointer to a user object
- *	for the specified user.  Otherwise it is 0, and an error frame
- *	is generated if an error frame list was provided by the caller.
- */
-
-UserObj_t * userFindByUid(NSErr_t * errp, void * userdb, USI_t uid)
-{
-    UserObj_t * uoptr = 0;
-    NTS_t name;
-    ATR_t urecptr;
-    int ureclen;
-    int rv;
-
-    /* Get the user account name corresponding to the uid */
-    rv = ndbIdToName(errp, userdb, uid, 0, (char **)&name);
-    if (rv == 0) {
-
-	rv = ndbFindName(errp, userdb, 0, (char *)name, &ureclen, (char **)&urecptr);
-	if (rv == 0) {
-
-	    /* Got the user record.  Decode into a user object. */
-	    uoptr = userDecode(name, ureclen, urecptr);
-	}
-    }
-
-    return uoptr;
-}
-
-/*
- * Description (userFree)
- *
- *	This function is called to free a user object.  User objects
- *	are not automatically freed when a user database is closed.
- *
- * Arguments:
- *
- *	uoptr			- user object pointer
- *
- */
-
-NSAPI_PUBLIC void userFree(UserObj_t * uoptr)
-{
-    if (uoptr) {
-
-	if (uoptr->uo_name) FREE(uoptr->uo_name);
-	if (uoptr->uo_pwd) FREE(uoptr->uo_pwd);
-	if (uoptr->uo_rname) FREE(uoptr->uo_rname);
-	UILFREE(&uoptr->uo_groups);
-	FREE(uoptr);
-    }
-}

lib/libaccess/register.h

@@ -1,98 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-#ifndef ACL_REGISTER_HEADER
-#define ACL_REGISTER_HEADER
-
-#include <libaccess/nserror.h>
-#include <libaccess/acl.h>
-#include <libaccess/las.h>
-
-typedef	void * ACLMethod_t;
-#define	ACL_METHOD_ANY		(ACLMethod_t)-1
-#define	ACL_METHOD_INVALID	(ACLMethod_t)-2
-typedef	void * ACLDbType_t;
-#define	ACL_DBTYPE_ANY		(ACLDbType_t)-1
-#define	ACL_DBTYPE_INVALID	(ACLDbType_t)-2
-
-typedef struct ACLGetter_s {
-	ACLMethod_t	method;
-	ACLDbType_t	db;
-	AttrGetterFn	fn;
-} ACLGetter_t;
-typedef ACLGetter_s * ACLGetter_p;
-
-/*
- *	Command values for the "position" argument to ACL_RegisterGetter
- *	Any positive >0 value is the specific position in the list to insert
- *	the new function.
- */
-#define	ACL_AT_FRONT		0
-#define	ACL_AT_END		-1
-#define	ACL_REPLACE_ALL 	-2
-#define	ACL_REPLACE_MATCHING	-3
-
-#ifdef	ACL_LIB_INTERNAL
-#define	ACL_MAX_METHOD		32
-#define	ACL_MAX_DBTYPE		32
-#endif
-
-NSPR_BEGIN_EXTERN_C
-
-NSAPI_PUBLIC extern int
-	ACL_LasRegister( NSErr_t *errp, char *attr_name, LASEvalFunc_t
-	eval_func, LASFlushFunc_t flush_func );
-NSAPI_PUBLIC extern int
-	ACL_LasFindEval( NSErr_t *errp, char *attr_name, LASEvalFunc_t
-	*eval_funcp );
-NSAPI_PUBLIC extern int
-	ACL_LasFindFlush( NSErr_t *errp, char *attr_name, LASFlushFunc_t
-	*flush_funcp );
-extern void
-	ACL_LasHashInit( void );
-extern void
-	ACL_LasHashDestroy( void );
-
-/*
- *	Revised, normalized method/dbtype registration routines
- */
-NSAPI_PUBLIC extern int
-	ACL_MethodRegister(const char *name, ACLMethod_t *t);
-NSAPI_PUBLIC extern int
-	ACL_MethodIsEqual(ACLMethod_t t1, ACLMethod_t t2);
-NSAPI_PUBLIC extern int
-	ACL_MethodNameIsEqual(ACLMethod_t t, const char *name);
-NSAPI_PUBLIC extern int
-	ACL_MethodFind(const char *name, ACLMethod_t *t);
-NSAPI_PUBLIC extern ACLMethod_t
-	ACL_MethodGetDefault();
-NSAPI_PUBLIC extern void
-	ACL_MethodSetDefault();
-NSAPI_PUBLIC extern int
-	ACL_AuthInfoGetMethod(PList_t auth_info, ACLMethod_t *t);
-
-NSAPI_PUBLIC extern int
-	ACL_DbTypeRegister(const char *name, DbParseFn_t func, ACLDbType_t *t);
-NSAPI_PUBLIC extern int
-	ACL_DbTypeIsEqual(ACLDbType_t t1, ACLDbType_t t2);
-NSAPI_PUBLIC extern int
-	ACL_DbTypeNameIsEqual(ACLDbType_t t, const char *name);
-NSAPI_PUBLIC extern int
-	ACL_DbTypeFind(const char *name, ACLDbType_t *t);
-NSAPI_PUBLIC extern ACLDbType_t
-	ACL_DbTypeGetDefault();
-NSAPI_PUBLIC extern void
-	ACL_DbTypeSetDefault();
-NSAPI_PUBLIC extern int
-	ACL_AuthInfoGetDbType(PList_t auth_info, ACLDbType_t *t);
-
-NSAPI_PUBLIC extern int
-	ACL_RegisterGetter(AttrGetterFn fn, ACLMethod_t m, ACLDbType_t d, int
-	position, void *arg);
-
-NSPR_END_EXTERN_C
-
-#endif

lib/libaccess/userauth.cpp

@@ -1,12 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-/*	userauth.c
- *	This file contain code to authenticate user.
- */
-
-
-

lib/libaccess/utest.mk

@@ -1,61 +0,0 @@
-#
-# BEGIN COPYRIGHT BLOCK
-# Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
-# Copyright (C) 2005 Red Hat, Inc.
-# All rights reserved.
-# END COPYRIGHT BLOCK
-#
-
-#CFLAGS = -g -DDEBUG -I.
-CFLAGS = -g -I. -I../../../include $(TESTFLAGS)
-#LEX = flex
-CC=gcc
-
-HEAD = aclparse.h acltools.h lparse.h acl.h acleval.h lasdns.h lasip.h mthash.h stubs.h aclscan.h acl.tab.h
-XSRC = aclparse.y aclscan.l 
-CSRC = acleval.c aclutil.c lasdns.c lasip.c lastod.c mthash.c testmain.c acltools.c space.c acl.tab.c acl.yy.c
-SRC  = $(HEAD) $(XSRC) $(CSRC)
-
-XOBJ = acl.tab.o acl.yy.o testmain.o acltools.o 
-COBJ = $(CSRC:%.c=%.o)
-OBJ	 = $(XOBJ) $(COBJ)
-
-always: $(OBJ) 
-
-acleval.o:	stubs.h aclparse.h acl.h acleval.h mthash.h
-
-aclutil.o: 	acl.h aclparse.h
-
-lasdns.o:	acl.h aclparse.h lasdns.h mthash.h
-
-lasip.o:	acl.h aclparse.h lasip.h
-
-lastod.o:	acl.h aclparse.h
-
-acltools.o:	aclparse.h aclscan.h lparse.h aclparse.y
-
-testmain.o:	aclparse.h acltools.h
-
-acl.yy.o: acl.yy.c acl.tab.h
-
-acl.yy.o acl.tab.o acltools.o: aclparse.h acltools.h lparse.h
-
-yacc: aclparse.y
-	$(YACC) -dv aclparse.y
-	mv y.tab.h acl.tab.h
-	mv y.tab.c acl.tab.c
-#sed -f yy-sed y.tab.h > acl.tab.h
-#sed -f yy-sed y.tab.c > acl.tab.c
-
-# Should only run this on an SGI, where flex() is present
-flex: aclscan.l
-	$(LEX) aclscan.l
-	mv lex.yy.c acl.yy.c
-#sed -f yy-sed lex.yy.c > acl.yy.c
-
-clean:
-	rm -f aclparse aclparse.pure y.output acl.tab.c acl.tab.h acl.yy.c lex.yy.c y.tab.c y.tab.h aclparse.c $(OBJ) 
-
-#	Check it out from the RCS directory
-$(SRC): RCS/$$@,v
-	co $@

lib/libaccess/winnt.l

@@ -1,762 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-#include <stdio.h>
-# define U(x) x
-# define NLSTATE yyprevious=YYNEWLINE
-# define BEGIN yybgin = yysvec + 1 +
-# define INITIAL 0
-# define YYLERR yysvec
-# define YYSTATE (yyestate-yysvec-1)
-# define YYOPTIM 1
-# define YYLMAX BUFSIZ
-#ifndef __cplusplus
-# define output(c) (void)putc(c,yyout)
-#else
-# define lex_output(c) (void)putc(c,yyout)
-#endif
-
-#if defined(__cplusplus) || defined(__STDC__)
-
-#if defined(__cplusplus) && defined(__EXTERN_C__)
-extern "C" {
-#endif
-	int yyback(int *, int);
-	int yyinput(void);
-	int yylook(void);
-	void yyoutput(int);
-	int yyracc(int);
-	int yyreject(void);
-	void yyunput(int);
-	int yylex(void);
-#ifdef YYLEX_E
-	void yywoutput(wchar_t);
-	wchar_t yywinput(void);
-#endif
-#ifndef yyless
-	void yyless(int);
-#endif
-#ifndef yywrap
-	int yywrap(void);
-#endif
-#ifdef LEXDEBUG
-	void allprint(char);
-	void sprint(char *);
-#endif
-#if defined(__cplusplus) && defined(__EXTERN_C__)
-}
-#endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-	void exit(int);
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-# define unput(c) {yytchar= (c);if(yytchar=='\n')yylineno--;*yysptr++=yytchar;}
-# define yymore() (yymorfg=1)
-#ifndef __cplusplus
-# define input() (((yytchar=yysptr>yysbuf?U(*--yysptr):getc(yyin))==10?(yylineno++,yytchar):yytchar)==EOF?0:yytchar)
-#else
-# define lex_input() (((yytchar=yysptr>yysbuf?U(*--yysptr):getc(yyin))==10?(yylineno++,yytchar):yytchar)==EOF?0:yytchar)
-#endif
-#define ECHO fprintf(yyout, "%s",yytext)
-# define REJECT { nstr = yyreject(); goto yyfussy;}
-int yyleng; extern char yytext[];
-int yymorfg;
-extern char *yysptr, yysbuf[];
-int yytchar;
-FILE *yyin = NULL, *yyout = NULL;
-extern int yylineno;
-struct yysvf { 
-	struct yywork *yystoff;
-	struct yysvf *yyother;
-	int *yystops;};
-struct yysvf *yyestate;
-extern struct yysvf yysvec[], *yybgin;
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include <stdlib.h>
-#include "y.tab.h"
-#include "libaccess/ava.h"
-/*#include "netsite.h" */
-
-int linenum = 1;
-int first_time = 1;
-int old_state;
-int num_nested_comments = 0;
-
-extern AVAEntry tempEntry;
-extern AVATable entryTable;
-
-void strip_quotes(void);
-
-# define COMMENT 2
-# define NORM 4
-# define DEFINES 6
-# define DEF_TYPE 8
-# define YYNEWLINE 10
-yylex(){
-int nstr; extern int yyprevious;
-
-	if (yyin == NULL) yyin = stdin;
-	if (yyout == NULL)  yyout = stdout;
-   if (first_time) {
-      BEGIN NORM;
-      first_time = tempEntry.numOrgs = 0;
-      old_state = NORM;
-      tempEntry.userid = 0;
-      tempEntry.country = 0;
-      tempEntry.CNEntry = 0;
-      tempEntry.email = 0;
-      tempEntry.locality = 0;
-      tempEntry.state = 0;
-      entryTable.numEntries = 0;
-   }
-#ifdef __cplusplus
-/* to avoid CC and lint complaining yyfussy not being used ...*/
-static int __lex_hack = 0;
-if (__lex_hack) goto yyfussy;
-#endif
-while((nstr = yylook()) >= 0)
-yyfussy: switch(nstr){
-case 0:
-if(yywrap()) return(0); break;
-case 1:
-
-# line 58 "avascan.l"
-                 {BEGIN COMMENT; num_nested_comments++;}
-break;
-case 2:
-
-# line 59 "avascan.l"
-        {num_nested_comments--; 
-                       if (!num_nested_comments) BEGIN old_state;}
-break;
-case 3:
-
-# line 61 "avascan.l"
-  {;}
-break;
-case 4:
-
-# line 63 "avascan.l"
- {yylval.string = system_strdup(yytext);
-			 return USER_ID;}
-break;
-case 5:
-
-# line 65 "avascan.l"
-{BEGIN DEF_TYPE;
-                          old_state = DEF_TYPE;}
-break;
-case 6:
-
-# line 68 "avascan.l"
-              {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_C; }
-break;
-case 7:
-
-# line 70 "avascan.l"
-              {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_CO;}
-break;
-case 8:
-
-# line 72 "avascan.l"
-             {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_OU;}
-break;
-case 9:
-
-# line 74 "avascan.l"
-             {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_CN;}
-break;
-case 10:
-
-# line 76 "avascan.l"
-              {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_L;}
-break;
-case 11:
-
-# line 78 "avascan.l"
-              {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_E;}
-break;
-case 12:
-
-# line 80 "avascan.l"
-             {BEGIN DEFINES; old_state = DEFINES;
-                             return DEF_ST;}
-break;
-case 13:
-
-# line 82 "avascan.l"
-              {BEGIN NORM;old_state = NORM;}
-break;
-case 14:
-
-# line 84 "avascan.l"
-                    {return EQ_SIGN;}
-break;
-case 15:
-
-# line 85 "avascan.l"
- {BEGIN DEF_TYPE; old_state = DEF_TYPE;
-                                strip_quotes();
-                                return DEF_ID;}
-break;
-case 16:
-
-# line 89 "avascan.l"
-  {;}
-break;
-case 17:
-
-# line 90 "avascan.l"
-             {linenum++;}
-break;
-case 18:
-
-# line 91 "avascan.l"
-              {yyerror("Bad input character");}
-break;
-case -1:
-break;
-default:
-(void)fprintf(yyout,"bad switch yylook %d",nstr);
-} return(0); }
-/* end of yylex */
-
-int yywrap () {
- return 1;
-}
-
-void strip_quotes(void) {
-  yytext[strlen(yytext)-1]= '\0';
-  yylval.string = system_strdup(&yytext[1]);
-}
-int yyvstop[] = {
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-16,
-0,
-
-18,
-0,
-
-16,
-18,
-0,
-
-17,
-0,
-
-18,
-0,
-
-3,
-18,
-0,
-
-3,
-16,
-18,
-0,
-
-3,
-18,
-0,
-
-3,
-18,
-0,
-
-4,
-18,
-0,
-
-18,
-0,
-
-18,
-0,
-
-14,
-18,
-0,
-
-6,
-18,
-0,
-
-11,
-18,
-0,
-
-10,
-18,
-0,
-
-7,
-18,
-0,
-
-18,
-0,
-
-13,
-18,
-0,
-
-16,
-0,
-
-1,
-0,
-
-2,
-0,
-
-4,
-0,
-
-5,
-0,
-
-15,
-0,
-
-9,
-0,
-
-8,
-0,
-
-12,
-0,
-0};
-# define YYTYPE unsigned char
-struct yywork { YYTYPE verify, advance; } yycrank[] = {
-0,0,	0,0,	1,11,	0,0,	
-0,0,	0,0,	0,0,	0,0,	
-0,0,	0,0,	1,12,	1,13,	
-0,0,	3,15,	12,29,	0,0,	
-20,33,	0,0,	0,0,	0,0,	
-0,0,	3,16,	3,13,	0,0,	
-0,0,	0,0,	0,0,	0,0,	
-0,0,	0,0,	0,0,	0,0,	
-0,0,	9,11,	0,0,	1,11,	
-0,0,	12,29,	7,21,	20,33,	
-8,21,	9,12,	9,13,	14,30,	
-0,0,	1,11,	3,15,	4,17,	
-1,14,	1,11,	2,14,	7,14,	
-4,18,	8,14,	3,17,	5,19,	
-3,15,	17,31,	5,14,	3,18,	
-3,15,	6,19,	10,14,	21,35,	
-6,14,	7,22,	9,11,	8,22,	
-0,0,	5,20,	0,0,	21,35,	
-21,35,	0,0,	0,0,	6,20,	
-9,11,	0,0,	0,0,	9,14,	
-9,11,	23,37,	10,23,	0,0,	
-10,24,	27,39,	26,38,	0,0,	
-0,0,	0,0,	0,0,	10,25,	
-0,0,	0,0,	10,26,	0,0,	
-21,36,	0,0,	10,27,	9,23,	
-0,0,	9,24,	0,0,	0,0,	
-0,0,	0,0,	21,35,	0,0,	
-9,25,	0,0,	21,35,	9,26,	
-0,0,	0,0,	0,0,	9,27,	
-0,0,	0,0,	0,0,	0,0,	
-0,0,	0,0,	0,0,	0,0,	
-0,0,	0,0,	0,0,	0,0,	
-0,0,	0,0,	20,34,	0,0,	
-0,0,	0,0,	0,0,	0,0,	
-0,0,	19,32,	0,0,	0,0,	
-10,28,	19,32,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-19,32,	19,32,	19,32,	0,0,	
-0,0,	0,0,	0,0,	0,0,	
-0,0,	9,28,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-0,0,	0,0,	0,0,	0,0,	
-19,32,	0,0,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-19,32,	19,32,	19,32,	19,32,	
-0,0};
-struct yysvf yysvec[] = {
-0,	0,	0,
-yycrank+-1,	0,		yyvstop+1,
-yycrank+-3,	yysvec+1,	yyvstop+3,
-yycrank+-12,	0,		yyvstop+5,
-yycrank+-5,	yysvec+3,	yyvstop+7,
-yycrank+-11,	yysvec+1,	yyvstop+9,
-yycrank+-17,	yysvec+1,	yyvstop+11,
-yycrank+-4,	yysvec+1,	yyvstop+13,
-yycrank+-6,	yysvec+1,	yyvstop+15,
-yycrank+-32,	0,		yyvstop+17,
-yycrank+-15,	yysvec+9,	yyvstop+19,
-yycrank+0,	0,		yyvstop+21,
-yycrank+5,	0,		yyvstop+23,
-yycrank+0,	0,		yyvstop+26,
-yycrank+1,	0,		yyvstop+28,
-yycrank+0,	0,		yyvstop+30,
-yycrank+0,	yysvec+12,	yyvstop+33,
-yycrank+10,	0,		yyvstop+37,
-yycrank+0,	yysvec+14,	yyvstop+40,
-yycrank+93,	0,		yyvstop+43,
-yycrank+7,	0,		yyvstop+46,
-yycrank+-62,	0,		yyvstop+48,
-yycrank+0,	0,		yyvstop+50,
-yycrank+3,	0,		yyvstop+53,
-yycrank+0,	0,		yyvstop+56,
-yycrank+0,	0,		yyvstop+59,
-yycrank+1,	0,		yyvstop+62,
-yycrank+1,	0,		yyvstop+65,
-yycrank+0,	0,		yyvstop+67,
-yycrank+0,	yysvec+12,	yyvstop+70,
-yycrank+0,	0,		yyvstop+72,
-yycrank+0,	0,		yyvstop+74,
-yycrank+0,	yysvec+19,	yyvstop+76,
-yycrank+0,	yysvec+20,	0,	
-yycrank+0,	0,		yyvstop+78,
-yycrank+0,	yysvec+21,	0,	
-yycrank+0,	0,		yyvstop+80,
-yycrank+0,	0,		yyvstop+82,
-yycrank+0,	0,		yyvstop+84,
-yycrank+0,	0,		yyvstop+86,
-0,	0,	0};
-struct yywork *yytop = yycrank+215;
-struct yysvf *yybgin = yysvec+1;
-char yymatch[] = {
-  0,   1,   1,   1,   1,   1,   1,   1, 
-  1,   9,  10,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  9,   1,  34,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,  44,   1,   1,   1, 
- 48,  48,  48,  48,  48,  48,  48,  48, 
- 48,  48,   1,   1,   1,   1,   1,   1, 
-  1,  44,  44,  44,  44,  44,  44,  44, 
- 44,  44,  44,  44,  44,  44,  44,  44, 
- 44,  44,  44,  44,  44,  44,  44,  44, 
- 44,  44,  44,   1,   1,   1,   1,  44, 
-  1,  44,  44,  44,  44,  44,  44,  44, 
- 44,  44,  44,  44,  44,  44,  44,  44, 
- 44,  44,  44,  44,  44,  44,  44,  44, 
- 44,  44,  44,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-  1,   1,   1,   1,   1,   1,   1,   1, 
-0};
-char yyextra[] = {
-0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,
-0,0,0,0,0,0,0,0,
-0};
-/*	Copyright (c) 1989 AT&T	*/
-/*	  All Rights Reserved  	*/
-
-/*	THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T	*/
-/*	The copyright notice above does not evidence any   	*/
-/*	actual or intended publication of such source code.	*/
-
-#pragma ident	"@(#)ncform	6.7	93/06/07 SMI"
-
-int yylineno =1;
-# define YYU(x) x
-# define NLSTATE yyprevious=YYNEWLINE
-char yytext[YYLMAX];
-struct yysvf *yylstate [YYLMAX], **yylsp, **yyolsp;
-char yysbuf[YYLMAX];
-char *yysptr = yysbuf;
-int *yyfnd;
-extern struct yysvf *yyestate;
-int yyprevious = YYNEWLINE;
-#if defined(__cplusplus) || defined(__STDC__)
-int yylook(void)
-#else
-yylook()
-#endif
-{
-	register struct yysvf *yystate, **lsp;
-	register struct yywork *yyt;
-	struct yysvf *yyz;
-	int yych, yyfirst;
-	struct yywork *yyr;
-# ifdef LEXDEBUG
-	int debug;
-# endif
-	char *yylastch;
-	/* start off machines */
-# ifdef LEXDEBUG
-	debug = 0;
-# endif
-	yyfirst=1;
-	if (!yymorfg)
-		yylastch = yytext;
-	else {
-		yymorfg=0;
-		yylastch = yytext+yyleng;
-		}
-	for(;;){
-		lsp = yylstate;
-		yyestate = yystate = yybgin;
-		if (yyprevious==YYNEWLINE) yystate++;
-		for (;;){
-# ifdef LEXDEBUG
-			if(debug)fprintf(yyout,"state %d\n",yystate-yysvec-1);
-# endif
-			yyt = yystate->yystoff;
-			if(yyt == yycrank && !yyfirst){  /* may not be any transitions */
-				yyz = yystate->yyother;
-				if(yyz == 0)break;
-				if(yyz->yystoff == yycrank)break;
-				}
-#ifndef __cplusplus
-			*yylastch++ = yych = input();
-#else
-			*yylastch++ = yych = lex_input();
-#endif
-			if(yylastch > &yytext[YYLMAX]) {
-				fprintf(yyout,"Input string too long, limit %d\n",YYLMAX);
-				exit(1);
-			}
-			yyfirst=0;
-		tryagain:
-# ifdef LEXDEBUG
-			if(debug){
-				fprintf(yyout,"char ");
-				allprint(yych);
-				putchar('\n');
-				}
-# endif
-			yyr = yyt;
-			if ( (int)yyt > (int)yycrank){
-				yyt = yyr + yych;
-				if (yyt <= yytop && yyt->verify+yysvec == yystate){
-					if(yyt->advance+yysvec == YYLERR)	/* error transitions */
-						{unput(*--yylastch);break;}
-					*lsp++ = yystate = yyt->advance+yysvec;
-					if(lsp > &yylstate[YYLMAX]) {
-						fprintf(yyout,"Input string too long, limit %d\n",YYLMAX);
-						exit(1);
-					}
-					goto contin;
-					}
-				}
-# ifdef YYOPTIM
-			else if((int)yyt < (int)yycrank) {		/* r < yycrank */
-				yyt = yyr = yycrank+(yycrank-yyt);
-# ifdef LEXDEBUG
-				if(debug)fprintf(yyout,"compressed state\n");
-# endif
-				yyt = yyt + yych;
-				if(yyt <= yytop && yyt->verify+yysvec == yystate){
-					if(yyt->advance+yysvec == YYLERR)	/* error transitions */
-						{unput(*--yylastch);break;}
-					*lsp++ = yystate = yyt->advance+yysvec;
-					if(lsp > &yylstate[YYLMAX]) {
-						fprintf(yyout,"Input string too long, limit %d\n",YYLMAX);
-						exit(1);
-					}
-					goto contin;
-					}
-				yyt = yyr + YYU(yymatch[yych]);
-# ifdef LEXDEBUG
-				if(debug){
-					fprintf(yyout,"try fall back character ");
-					allprint(YYU(yymatch[yych]));
-					putchar('\n');
-					}
-# endif
-				if(yyt <= yytop && yyt->verify+yysvec == yystate){
-					if(yyt->advance+yysvec == YYLERR)	/* error transition */
-						{unput(*--yylastch);break;}
-					*lsp++ = yystate = yyt->advance+yysvec;
-					if(lsp > &yylstate[YYLMAX]) {
-						fprintf(yyout,"Input string too long, limit %d\n",YYLMAX);
-						exit(1);
-					}
-					goto contin;
-					}
-				}
-			if ((yystate = yystate->yyother) && (yyt= yystate->yystoff) != yycrank){
-# ifdef LEXDEBUG
-				if(debug)fprintf(yyout,"fall back to state %d\n",yystate-yysvec-1);
-# endif
-				goto tryagain;
-				}
-# endif
-			else
-				{unput(*--yylastch);break;}
-		contin:
-# ifdef LEXDEBUG
-			if(debug){
-				fprintf(yyout,"state %d char ",yystate-yysvec-1);
-				allprint(yych);
-				putchar('\n');
-				}
-# endif
-			;
-			}
-# ifdef LEXDEBUG
-		if(debug){
-			fprintf(yyout,"stopped at %d with ",*(lsp-1)-yysvec-1);
-			allprint(yych);
-			putchar('\n');
-			}
-# endif
-		while (lsp-- > yylstate){
-			*yylastch-- = 0;
-			if (*lsp != 0 && (yyfnd= (*lsp)->yystops) && *yyfnd > 0){
-				yyolsp = lsp;
-				if(yyextra[*yyfnd]){		/* must backup */
-					while(yyback((*lsp)->yystops,-*yyfnd) != 1 && lsp > yylstate){
-						lsp--;
-						unput(*yylastch--);
-						}
-					}
-				yyprevious = YYU(*yylastch);
-				yylsp = lsp;
-				yyleng = yylastch-yytext+1;
-				yytext[yyleng] = 0;
-# ifdef LEXDEBUG
-				if(debug){
-					fprintf(yyout,"\nmatch ");
-					sprint(yytext);
-					fprintf(yyout," action %d\n",*yyfnd);
-					}
-# endif
-				return(*yyfnd++);
-				}
-			unput(*yylastch);
-			}
-		if (yytext[0] == 0  /* && feof(yyin) */)
-			{
-			yysptr=yysbuf;
-			return(0);
-			}
-#ifndef __cplusplus
-		yyprevious = yytext[0] = input();
-		if (yyprevious>0)
-			output(yyprevious);
-#else
-		yyprevious = yytext[0] = lex_input();
-		if (yyprevious>0)
-			lex_output(yyprevious);
-#endif
-		yylastch=yytext;
-# ifdef LEXDEBUG
-		if(debug)putchar('\n');
-# endif
-		}
-	}
-#if defined(__cplusplus) || defined(__STDC__)
-int yyback(int *p, int m)
-#else
-yyback(p, m)
-	int *p;
-#endif
-{
-	if (p==0) return(0);
-	while (*p) {
-		if (*p++ == m)
-			return(1);
-	}
-	return(0);
-}
-	/* the following are only used in the lex library */
-#if defined(__cplusplus) || defined(__STDC__)
-int yyinput(void)
-#else
-yyinput()
-#endif
-{
-#ifndef __cplusplus
-	return(input());
-#else
-	return(lex_input());
-#endif
-	}
-#if defined(__cplusplus) || defined(__STDC__)
-void yyoutput(int c)
-#else
-yyoutput(c)
-  int c; 
-#endif
-{
-#ifndef __cplusplus
-	output(c);
-#else
-	lex_output(c);
-#endif
-	}
-#if defined(__cplusplus) || defined(__STDC__)
-void yyunput(int c)
-#else
-yyunput(c)
-   int c; 
-#endif
-{
-	unput(c);
-	}

lib/libaccess/winnt.v

@@ -1,156 +0,0 @@
-/*	Copyright (c) 1988 AT&T	*/
-/*	  All Rights Reserved  	*/
-
-/*	THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T	*/
-/*	The copyright notice above does not evidence any   	*/
-/*	actual or intended publication of such source code.	*/
-
-#ifndef	_VALUES_H
-#define	_VALUES_H
-
-
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-/*
- * These values work with any binary representation of integers
- * where the high-order bit contains the sign.
- */
-
-/* a number used normally for size of a shift */
-#define	BITSPERBYTE	8
-
-#define	BITS(type)	(BITSPERBYTE * (int)sizeof (type))
-
-/* short, regular and long ints with only the high-order bit turned on */
-#define	HIBITS	((short)(1 << BITS(short) - 1))
-
-#if defined(__STDC__)
-
-#define	HIBITI	(1U << BITS(int) - 1)
-#define	HIBITL	(1UL << BITS(long) - 1)
-
-#else
-
-#define	HIBITI	((unsigned)1 << BITS(int) - 1)
-#define	HIBITL	(1L << BITS(long) - 1)
-
-#endif
-
-/* largest short, regular and long int */
-#define	MAXSHORT	((short)~HIBITS)
-#define	MAXINT	((int)(~HIBITI))
-#define	MAXLONG	((long)(~HIBITL))
-
-/*
- * various values that describe the binary floating-point representation
- * _EXPBASE	- the exponent base
- * DMAXEXP	- the maximum exponent of a double (as returned by frexp())
- * FMAXEXP	- the maximum exponent of a float  (as returned by frexp())
- * DMINEXP	- the minimum exponent of a double (as returned by frexp())
- * FMINEXP	- the minimum exponent of a float  (as returned by frexp())
- * MAXDOUBLE	- the largest double
- *			((_EXPBASE ** DMAXEXP) * (1 - (_EXPBASE ** -DSIGNIF)))
- * MAXFLOAT	- the largest float
- *			((_EXPBASE ** FMAXEXP) * (1 - (_EXPBASE ** -FSIGNIF)))
- * MINDOUBLE	- the smallest double (_EXPBASE ** (DMINEXP - 1))
- * MINFLOAT	- the smallest float (_EXPBASE ** (FMINEXP - 1))
- * DSIGNIF	- the number of significant bits in a double
- * FSIGNIF	- the number of significant bits in a float
- * DMAXPOWTWO	- the largest power of two exactly representable as a double
- * FMAXPOWTWO	- the largest power of two exactly representable as a float
- * _IEEE	- 1 if IEEE standard representation is used
- * _DEXPLEN	- the number of bits for the exponent of a double
- * _FEXPLEN	- the number of bits for the exponent of a float
- * _HIDDENBIT	- 1 if high-significance bit of mantissa is implicit
- * LN_MAXDOUBLE	- the natural log of the largest double  -- log(MAXDOUBLE)
- * LN_MINDOUBLE	- the natural log of the smallest double -- log(MINDOUBLE)
- * LN_MAXFLOAT	- the natural log of the largest float  -- log(MAXFLOAT)
- * LN_MINFLOAT	- the natural log of the smallest float -- log(MINFLOAT)
- */
-
-#if defined(__STDC__)
-
-/*
- * Note that the following construct, "!#machine(name)", is a non-standard
- * extension to ANSI-C.  It is maintained here to provide compatibility
- * for existing compilations systems, but should be viewed as transitional
- * and may be removed in a future release.  If it is required that this
- * file not contain this extension, edit this file to remove the offending
- * condition.
- *
- * These machines are all IEEE-754:
- */
-#if #machine(i386) || defined(__i386) || #machine(sparc) || defined(__sparc)
-#define	MAXDOUBLE	1.79769313486231570e+308
-#define	MAXFLOAT	((float)3.40282346638528860e+38)
-#define	MINDOUBLE	4.94065645841246544e-324
-#define	MINFLOAT	((float)1.40129846432481707e-45)
-#define	_IEEE		1
-#define	_DEXPLEN	11
-#define	_HIDDENBIT	1
-#define	_LENBASE	1
-#define	DMINEXP	(-(DMAXEXP + DSIGNIF - _HIDDENBIT - 3))
-#define	FMINEXP	(-(FMAXEXP + FSIGNIF - _HIDDENBIT - 3))
-#else
-#error ISA not supported
-#endif
-
-#else
-
-/*
- * These machines are all IEEE-754:
- */
-#if defined(i386) || defined(__i386) || defined(sparc) || defined(__sparc)
-#define	MAXDOUBLE	1.79769313486231570e+308
-#define	MAXFLOAT	((float)3.40282346638528860e+38)
-#define	MINDOUBLE	4.94065645841246544e-324
-#define	MINFLOAT	((float)1.40129846432481707e-45)
-#define	_IEEE		1
-#define	_DEXPLEN	11
-#define	_HIDDENBIT	1
-#define	_LENBASE	1
-#define	DMINEXP	(-(DMAXEXP + DSIGNIF - _HIDDENBIT - 3))
-#define	FMINEXP	(-(FMAXEXP + FSIGNIF - _HIDDENBIT - 3))
-#else
-/* #error is strictly ansi-C, but works as well as anything for K&R systems. */
-/*#error ISA not supported */
-#endif
-
-#endif	/* __STDC__ */
-
-#define	_EXPBASE	(1 << _LENBASE)
-#define	_FEXPLEN	8
-#define	DSIGNIF	(BITS(double) - _DEXPLEN + _HIDDENBIT - 1)
-#define	FSIGNIF	(BITS(float)  - _FEXPLEN + _HIDDENBIT - 1)
-#define	DMAXPOWTWO	((double)(1L << BITS(long) - 2) * \
-				(1L << DSIGNIF - BITS(long) + 1))
-#define	FMAXPOWTWO	((float)(1L << FSIGNIF - 1))
-#define	DMAXEXP	((1 << _DEXPLEN - 1) - 1 + _IEEE)
-#define	FMAXEXP	((1 << _FEXPLEN - 1) - 1 + _IEEE)
-#define	LN_MAXDOUBLE	(M_LN2 * DMAXEXP)
-#define	LN_MAXFLOAT	(float)(M_LN2 * FMAXEXP)
-#define	LN_MINDOUBLE	(M_LN2 * (DMINEXP - 1))
-#define	LN_MINFLOAT	(float)(M_LN2 * (FMINEXP - 1))
-#define	H_PREC	(DSIGNIF % 2 ? (1L << DSIGNIF/2) * M_SQRT2 : 1L << DSIGNIF/2)
-#define	FH_PREC \
-	(float)(FSIGNIF % 2 ? (1L << FSIGNIF/2) * M_SQRT2 : 1L << FSIGNIF/2)
-#define	X_EPS	(1.0/H_PREC)
-#define	FX_EPS	(float)((float)1.0/FH_PREC)
-#define	X_PLOSS	((double)(long)(M_PI * H_PREC))
-#define	FX_PLOSS ((float)(long)(M_PI * FH_PREC))
-#define	X_TLOSS	(M_PI * DMAXPOWTWO)
-#define	FX_TLOSS (float)(M_PI * FMAXPOWTWO)
-#define	M_LN2	0.69314718055994530942
-#define	M_PI	3.14159265358979323846
-#define	M_SQRT2	1.41421356237309504880
-#define	MAXBEXP	DMAXEXP /* for backward compatibility */
-#define	MINBEXP	DMINEXP /* for backward compatibility */
-#define	MAXPOWTWO	DMAXPOWTWO /* for backward compatibility */
-
-#ifdef	__cplusplus
-}
-#endif
-
-#endif	/* _VALUES_H */

lib/libaccess/winnt.y

@@ -1,793 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-
-#include <stdio.h>
-#include <ctype.h>
-#include <string.h>
-#include "libaccess/ava.h"
-/*#include "libaccess/avapfile.h" */
-/* #include "netsite.h" */
-
-extern char *currFile;
-
-extern int linenum;
-extern char yytext[];
-
-static void AddDefType (int defType, char *defId);
-static void AddAVA (char* userID);
-
-void yyerror(const char* string);
-extern void logerror(const char* string,int num, char *file);
-
-AVAEntry tempEntry;
-AVATable entryTable;
-
-
-typedef union
-#ifdef __cplusplus
-	YYSTYPE
-#endif
- {
-  char *string;
-  int  num;
-} YYSTYPE;
-# define DEF_C 257
-# define DEF_CO 258
-# define DEF_OU 259
-# define DEF_CN 260
-# define EQ_SIGN 261
-# define DEF_START 262
-# define DEF_L 263
-# define DEF_E 264
-# define DEF_ST 265
-# define USER_ID 266
-# define DEF_ID 267
-
-#ifdef __STDC__
-#include <stdlib.h>
-#include <string.h>
-#else
-#include <malloc.h>
-#include <memory.h>
-#endif
-
-#include <values.h>
-
-#ifdef __cplusplus
-
-#ifndef yyerror
-	void yyerror(const char *);
-#endif
-
-#ifndef yylex
-#ifdef __EXTERN_C__
-	extern "C" { int yylex(void); }
-#else
-	int yylex(void);
-#endif
-#endif
-	int yyparse(void);
-
-#endif
-#define yyclearin yychar = -1
-#define yyerrok yyerrflag = 0
-extern int yychar;
-extern int yyerrflag;
-YYSTYPE yylval;
-YYSTYPE yyval;
-typedef int yytabelem;
-#ifndef YYMAXDEPTH
-#define YYMAXDEPTH 150
-#endif
-#if YYMAXDEPTH > 0
-int yy_yys[YYMAXDEPTH], *yys = yy_yys;
-YYSTYPE yy_yyv[YYMAXDEPTH], *yyv = yy_yyv;
-#else	/* user does initial allocation */
-int *yys;
-YYSTYPE *yyv;
-#endif
-static int yymaxdepth = YYMAXDEPTH;
-# define YYERRCODE 256
-
-
-
-void yyerror(const char* string) {
- logerror(string,linenum,currFile);
-}
-
-
-void AddDefType (int defType, char *defId) {
-  switch (defType) {
-    case DEF_C:
-      tempEntry.country = defId;
-      break;
-    case DEF_CO:
-      tempEntry.company = defId;
-      break;
-    case DEF_OU:
-      if (tempEntry.numOrgs % ORGS_ALLOCSIZE == 0) {
-	if (tempEntry.numOrgs == 0) {
-	  tempEntry.organizations =
-	    system_malloc_perm  (sizeof (char*) * ORGS_ALLOCSIZE);
-	} else {
-	  char **temp;
-	  temp = 
-	    system_malloc_perm(sizeof(char*) * (tempEntry.numOrgs + ORGS_ALLOCSIZE));
-	  memcpy (temp, tempEntry.organizations, 
-		  sizeof(char*)*tempEntry.numOrgs);
-	  system_free_perm(tempEntry.organizations);
-	  tempEntry.organizations = temp;
-	}
-      }
-      tempEntry.organizations[tempEntry.numOrgs++] = defId;
-      break;
-    case DEF_CN:
-      tempEntry.CNEntry = defId;
-      break; 
-    case DEF_E:
-      tempEntry.email = defId;
-      break;
-    case DEF_L:
-      tempEntry.locality = defId;
-      break;
-    case DEF_ST:
-      tempEntry.state = defId;
-      break;
-    default:
-      break;
-  }
-}
-
-void AddAVA (char* userID) {
-  AVAEntry *newAVA;
-
-  newAVA = (AVAEntry*)system_malloc_perm(sizeof(AVAEntry));
-  if (!newAVA) {
-    yyerror ("Out of Memory in AddAVA");
-    return;
-  }
-  *newAVA = tempEntry;
-  newAVA->userid = userID;
-
-  _addAVAtoTable (newAVA, &entryTable);
-
-  tempEntry.CNEntry = tempEntry.userid = tempEntry.country = tempEntry.company = 0;
-  tempEntry.email = tempEntry.locality = tempEntry.state = NULL;
-  tempEntry.numOrgs = 0;
-}
-yytabelem yyexca[] ={
--1, 1,
-	0, -1,
-	-2, 0,
-	};
-# define YYNPROD 18
-# define YYLAST 19
-yytabelem yyact[]={
-
-    10,    11,    12,    13,    19,     4,    14,    15,    16,    18,
-     8,     3,     7,     6,     5,     2,     1,     9,    17 };
-yytabelem yypact[]={
-
-  -261,-10000000,  -261,-10000000,  -257,-10000000,-10000000,  -257,-10000000,  -252,
--10000000,-10000000,-10000000,-10000000,-10000000,-10000000,-10000000,-10000000,  -263,-10000000 };
-yytabelem yypgo[]={
-
-     0,    17,    16,    15,    11,    13,    12,    10 };
-yytabelem yyr1[]={
-
-     0,     2,     2,     3,     3,     4,     5,     5,     6,     6,
-     7,     1,     1,     1,     1,     1,     1,     1 };
-yytabelem yyr2[]={
-
-     0,     2,     0,     4,     2,     5,     2,     0,     4,     2,
-     7,     3,     3,     3,     3,     3,     3,     3 };
-yytabelem yychk[]={
-
--10000000,    -2,    -3,    -4,   266,    -4,    -5,    -6,    -7,    -1,
-   257,   258,   259,   260,   263,   264,   265,    -7,   261,   267 };
-yytabelem yydef[]={
-
-     2,    -2,     1,     4,     7,     3,     5,     6,     9,     0,
-    11,    12,    13,    14,    15,    16,    17,     8,     0,    10 };
-typedef struct
-#ifdef __cplusplus
-	yytoktype
-#endif
-{ char *t_name; int t_val; } yytoktype;
-#ifndef YYDEBUG
-#	define YYDEBUG	0	/* don't allow debugging */
-#endif
-
-#if YYDEBUG
-
-yytoktype yytoks[] =
-{
-	"DEF_C",	257,
-	"DEF_CO",	258,
-	"DEF_OU",	259,
-	"DEF_CN",	260,
-	"EQ_SIGN",	261,
-	"DEF_START",	262,
-	"DEF_L",	263,
-	"DEF_E",	264,
-	"DEF_ST",	265,
-	"USER_ID",	266,
-	"DEF_ID",	267,
-	"-unknown-",	-1	/* ends search */
-};
-
-char * yyreds[] =
-{
-	"-no such reduction-",
-	"source : ava.database",
-	"source : /* empty */",
-	"ava.database : ava.database ava",
-	"ava.database : ava",
-	"ava : USER_ID definitions",
-	"definitions : definition.list",
-	"definitions : /* empty */",
-	"definition.list : definition.list definition",
-	"definition.list : definition",
-	"definition : def.type EQ_SIGN DEF_ID",
-	"def.type : DEF_C",
-	"def.type : DEF_CO",
-	"def.type : DEF_OU",
-	"def.type : DEF_CN",
-	"def.type : DEF_L",
-	"def.type : DEF_E",
-	"def.type : DEF_ST",
-};
-#endif /* YYDEBUG */
-
-
-/*
-** Skeleton parser driver for yacc output
-*/
-
-/*
-** yacc user known macros and defines
-*/
-#define YYERROR		goto yyerrlab
-#define YYACCEPT	return(0)
-#define YYABORT		return(1)
-#define YYBACKUP( newtoken, newvalue )\
-{\
-	if ( yychar >= 0 || ( yyr2[ yytmp ] >> 1 ) != 1 )\
-	{\
-		yyerror( "syntax error - cannot backup" );\
-		goto yyerrlab;\
-	}\
-	yychar = newtoken;\
-	yystate = *yyps;\
-	yylval = newvalue;\
-	goto yynewstate;\
-}
-#define YYRECOVERING()	(!!yyerrflag)
-#define YYNEW(type)	system_malloc(sizeof(type) * yynewmax)
-#define YYCOPY(to, from, type) \
-	(type *) memcpy(to, (char *) from, yynewmax * sizeof(type))
-#define YYENLARGE( from, type) \
-	(type *) system_realloc((char *) from, yynewmax * sizeof(type))
-#ifndef YYDEBUG
-#	define YYDEBUG	1	/* make debugging available */
-#endif
-
-/*
-** user known globals
-*/
-int yydebug;			/* set to 1 to get debugging */
-
-/*
-** driver internal defines
-*/
-#define YYFLAG		(-10000000)
-
-/*
-** global variables used by the parser
-*/
-YYSTYPE *yypv;			/* top of value stack */
-int *yyps;			/* top of state stack */
-
-int yystate;			/* current state */
-int yytmp;			/* extra var (lasts between blocks) */
-
-int yynerrs;			/* number of errors */
-int yyerrflag;			/* error recovery flag */
-int yychar;			/* current input token number */
-
-
-
-#ifdef YYNMBCHARS
-#define YYLEX()		yycvtok(yylex())
-/*
-** yycvtok - return a token if i is a wchar_t value that exceeds 255.
-**	If i<255, i itself is the token.  If i>255 but the neither 
-**	of the 30th or 31st bit is on, i is already a token.
-*/
-#if defined(__STDC__) || defined(__cplusplus)
-int yycvtok(int i)
-#else
-int yycvtok(i) int i;
-#endif
-{
-	int first = 0;
-	int last = YYNMBCHARS - 1;
-	int mid;
-	wchar_t j;
-
-	if(i&0x60000000){/*Must convert to a token. */
-		if( yymbchars[last].character < i ){
-			return i;/*Giving up*/
-		}
-		while ((last>=first)&&(first>=0)) {/*Binary search loop*/
-			mid = (first+last)/2;
-			j = yymbchars[mid].character;
-			if( j==i ){/*Found*/ 
-				return yymbchars[mid].tvalue;
-			}else if( j<i ){
-				first = mid + 1;
-			}else{
-				last = mid -1;
-			}
-		}
-		/*No entry in the table.*/
-		return i;/* Giving up.*/
-	}else{/* i is already a token. */
-		return i;
-	}
-}
-#else/*!YYNMBCHARS*/
-#define YYLEX()		yylex()
-#endif/*!YYNMBCHARS*/
-
-/*
-** yyparse - return 0 if worked, 1 if syntax error not recovered from
-*/
-#if defined(__STDC__) || defined(__cplusplus)
-int yyparse(void)
-#else
-int yyparse()
-#endif
-{
-	register YYSTYPE *yypvt;	/* top of value stack for $vars */
-
-#if defined(__cplusplus) || defined(lint)
-/*
-	hacks to please C++ and lint - goto's inside switch should never be
-	executed; yypvt is set to 0 to avoid "used before set" warning.
-*/
-	static int __yaccpar_lint_hack__ = 0;
-	switch (__yaccpar_lint_hack__)
-	{
-		case 1: goto yyerrlab;
-		case 2: goto yynewstate;
-	}
-	yypvt = 0;
-#endif
-
-	/*
-	** Initialize externals - yyparse may be called more than once
-	*/
-	yypv = &yyv[-1];
-	yyps = &yys[-1];
-	yystate = 0;
-	yytmp = 0;
-	yynerrs = 0;
-	yyerrflag = 0;
-	yychar = -1;
-
-#if YYMAXDEPTH <= 0
-	if (yymaxdepth <= 0)
-	{
-		if ((yymaxdepth = YYEXPAND(0)) <= 0)
-		{
-			yyerror("yacc initialization error");
-			YYABORT;
-		}
-	}
-#endif
-
-	{
-		register YYSTYPE *yy_pv;	/* top of value stack */
-		register int *yy_ps;		/* top of state stack */
-		register int yy_state;		/* current state */
-		register int  yy_n;		/* internal state number info */
-	goto yystack;	/* moved from 6 lines above to here to please C++ */
-
-		/*
-		** get globals into registers.
-		** branch to here only if YYBACKUP was called.
-		*/
-	yynewstate:
-		yy_pv = yypv;
-		yy_ps = yyps;
-		yy_state = yystate;
-		goto yy_newstate;
-
-		/*
-		** get globals into registers.
-		** either we just started, or we just finished a reduction
-		*/
-	yystack:
-		yy_pv = yypv;
-		yy_ps = yyps;
-		yy_state = yystate;
-
-		/*
-		** top of for (;;) loop while no reductions done
-		*/
-	yy_stack:
-		/*
-		** put a state and value onto the stacks
-		*/
-#if YYDEBUG
-		/*
-		** if debugging, look up token value in list of value vs.
-		** name pairs.  0 and negative (-1) are special values.
-		** Note: linear search is used since time is not a real
-		** consideration while debugging.
-		*/
-		if ( yydebug )
-		{
-			register int yy_i;
-
-			printf( "State %d, token ", yy_state );
-			if ( yychar == 0 )
-				printf( "end-of-file\n" );
-			else if ( yychar < 0 )
-				printf( "-none-\n" );
-			else
-			{
-				for ( yy_i = 0; yytoks[yy_i].t_val >= 0;
-					yy_i++ )
-				{
-					if ( yytoks[yy_i].t_val == yychar )
-						break;
-				}
-				printf( "%s\n", yytoks[yy_i].t_name );
-			}
-		}
-#endif /* YYDEBUG */
-		if ( ++yy_ps >= &yys[ yymaxdepth ] )	/* room on stack? */
-		{
-			/*
-			** reallocate and recover.  Note that pointers
-			** have to be reset, or bad things will happen
-			*/
-			int yyps_index = (yy_ps - yys);
-			int yypv_index = (yy_pv - yyv);
-			int yypvt_index = (yypvt - yyv);
-			int yynewmax;
-#ifdef YYEXPAND
-			yynewmax = YYEXPAND(yymaxdepth);
-#else
-			yynewmax = 2 * yymaxdepth;	/* double table size */
-			if (yymaxdepth == YYMAXDEPTH)	/* first time growth */
-			{
-				char *newyys = (char *)YYNEW(int);
-				char *newyyv = (char *)YYNEW(YYSTYPE);
-				if (newyys != 0 && newyyv != 0)
-				{
-					yys = YYCOPY(newyys, yys, int);
-					yyv = YYCOPY(newyyv, yyv, YYSTYPE);
-				}
-				else
-					yynewmax = 0;	/* failed */
-			}
-			else				/* not first time */
-			{
-				yys = YYENLARGE(yys, int);
-				yyv = YYENLARGE(yyv, YYSTYPE);
-				if (yys == 0 || yyv == 0)
-					yynewmax = 0;	/* failed */
-			}
-#endif
-			if (yynewmax <= yymaxdepth)	/* tables not expanded */
-			{
-				yyerror( "yacc stack overflow" );
-				YYABORT;
-			}
-			yymaxdepth = yynewmax;
-
-			yy_ps = yys + yyps_index;
-			yy_pv = yyv + yypv_index;
-			yypvt = yyv + yypvt_index;
-		}
-		*yy_ps = yy_state;
-		*++yy_pv = yyval;
-
-		/*
-		** we have a new state - find out what to do
-		*/
-	yy_newstate:
-		if ( ( yy_n = yypact[ yy_state ] ) <= YYFLAG )
-			goto yydefault;		/* simple state */
-#if YYDEBUG
-		/*
-		** if debugging, need to mark whether new token grabbed
-		*/
-		yytmp = yychar < 0;
-#endif
-		if ( ( yychar < 0 ) && ( ( yychar = YYLEX() ) < 0 ) )
-			yychar = 0;		/* reached EOF */
-#if YYDEBUG
-		if ( yydebug && yytmp )
-		{
-			register int yy_i;
-
-			printf( "Received token " );
-			if ( yychar == 0 )
-				printf( "end-of-file\n" );
-			else if ( yychar < 0 )
-				printf( "-none-\n" );
-			else
-			{
-				for ( yy_i = 0; yytoks[yy_i].t_val >= 0;
-					yy_i++ )
-				{
-					if ( yytoks[yy_i].t_val == yychar )
-						break;
-				}
-				printf( "%s\n", yytoks[yy_i].t_name );
-			}
-		}
-#endif /* YYDEBUG */
-		if ( ( ( yy_n += yychar ) < 0 ) || ( yy_n >= YYLAST ) )
-			goto yydefault;
-		if ( yychk[ yy_n = yyact[ yy_n ] ] == yychar )	/*valid shift*/
-		{
-			yychar = -1;
-			yyval = yylval;
-			yy_state = yy_n;
-			if ( yyerrflag > 0 )
-				yyerrflag--;
-			goto yy_stack;
-		}
-
-	yydefault:
-		if ( ( yy_n = yydef[ yy_state ] ) == -2 )
-		{
-#if YYDEBUG
-			yytmp = yychar < 0;
-#endif
-			if ( ( yychar < 0 ) && ( ( yychar = YYLEX() ) < 0 ) )
-				yychar = 0;		/* reached EOF */
-#if YYDEBUG
-			if ( yydebug && yytmp )
-			{
-				register int yy_i;
-
-				printf( "Received token " );
-				if ( yychar == 0 )
-					printf( "end-of-file\n" );
-				else if ( yychar < 0 )
-					printf( "-none-\n" );
-				else
-				{
-					for ( yy_i = 0;
-						yytoks[yy_i].t_val >= 0;
-						yy_i++ )
-					{
-						if ( yytoks[yy_i].t_val
-							== yychar )
-						{
-							break;
-						}
-					}
-					printf( "%s\n", yytoks[yy_i].t_name );
-				}
-			}
-#endif /* YYDEBUG */
-			/*
-			** look through exception table
-			*/
-			{
-				register int *yyxi = yyexca;
-
-				while ( ( *yyxi != -1 ) ||
-					( yyxi[1] != yy_state ) )
-				{
-					yyxi += 2;
-				}
-				while ( ( *(yyxi += 2) >= 0 ) &&
-					( *yyxi != yychar ) )
-					;
-				if ( ( yy_n = yyxi[1] ) < 0 )
-					YYACCEPT;
-			}
-		}
-
-		/*
-		** check for syntax error
-		*/
-		if ( yy_n == 0 )	/* have an error */
-		{
-			/* no worry about speed here! */
-			switch ( yyerrflag )
-			{
-			case 0:		/* new error */
-				yyerror( "syntax error" );
-				goto skip_init;
-			yyerrlab:
-				/*
-				** get globals into registers.
-				** we have a user generated syntax type error
-				*/
-				yy_pv = yypv;
-				yy_ps = yyps;
-				yy_state = yystate;
-			skip_init:
-				yynerrs++;
-				/* FALLTHRU */
-			case 1:
-			case 2:		/* incompletely recovered error */
-					/* try again... */
-				yyerrflag = 3;
-				/*
-				** find state where "error" is a legal
-				** shift action
-				*/
-				while ( yy_ps >= yys )
-				{
-					yy_n = yypact[ *yy_ps ] + YYERRCODE;
-					if ( yy_n >= 0 && yy_n < YYLAST &&
-						yychk[yyact[yy_n]] == YYERRCODE)					{
-						/*
-						** simulate shift of "error"
-						*/
-						yy_state = yyact[ yy_n ];
-						goto yy_stack;
-					}
-					/*
-					** current state has no shift on
-					** "error", pop stack
-					*/
-#if YYDEBUG
-#	define _POP_ "Error recovery pops state %d, uncovers state %d\n"
-					if ( yydebug )
-						printf( _POP_, *yy_ps,
-							yy_ps[-1] );
-#	undef _POP_
-#endif
-					yy_ps--;
-					yy_pv--;
-				}
-				/*
-				** there is no state on stack with "error" as
-				** a valid shift.  give up.
-				*/
-				YYABORT;
-			case 3:		/* no shift yet; eat a token */
-#if YYDEBUG
-				/*
-				** if debugging, look up token in list of
-				** pairs.  0 and negative shouldn't occur,
-				** but since timing doesn't matter when
-				** debugging, it doesn't hurt to leave the
-				** tests here.
-				*/
-				if ( yydebug )
-				{
-					register int yy_i;
-
-					printf( "Error recovery discards " );
-					if ( yychar == 0 )
-						printf( "token end-of-file\n" );
-					else if ( yychar < 0 )
-						printf( "token -none-\n" );
-					else
-					{
-						for ( yy_i = 0;
-							yytoks[yy_i].t_val >= 0;
-							yy_i++ )
-						{
-							if ( yytoks[yy_i].t_val
-								== yychar )
-							{
-								break;
-							}
-						}
-						printf( "token %s\n",
-							yytoks[yy_i].t_name );
-					}
-				}
-#endif /* YYDEBUG */
-				if ( yychar == 0 )	/* reached EOF. quit */
-					YYABORT;
-				yychar = -1;
-				goto yy_newstate;
-			}
-		}/* end if ( yy_n == 0 ) */
-		/*
-		** reduction by production yy_n
-		** put stack tops, etc. so things right after switch
-		*/
-#if YYDEBUG
-		/*
-		** if debugging, print the string that is the user's
-		** specification of the reduction which is just about
-		** to be done.
-		*/
-		if ( yydebug )
-			printf( "Reduce by (%d) \"%s\"\n",
-				yy_n, yyreds[ yy_n ] );
-#endif
-		yytmp = yy_n;			/* value to switch over */
-		yypvt = yy_pv;			/* $vars top of value stack */
-		/*
-		** Look in goto table for next state
-		** Sorry about using yy_state here as temporary
-		** register variable, but why not, if it works...
-		** If yyr2[ yy_n ] doesn't have the low order bit
-		** set, then there is no action to be done for
-		** this reduction.  So, no saving & unsaving of
-		** registers done.  The only difference between the
-		** code just after the if and the body of the if is
-		** the goto yy_stack in the body.  This way the test
-		** can be made before the choice of what to do is needed.
-		*/
-		{
-			/* length of production doubled with extra bit */
-			register int yy_len = yyr2[ yy_n ];
-
-			if ( !( yy_len & 01 ) )
-			{
-				yy_len >>= 1;
-				yyval = ( yy_pv -= yy_len )[1];	/* $$ = $1 */
-				yy_state = yypgo[ yy_n = yyr1[ yy_n ] ] +
-					*( yy_ps -= yy_len ) + 1;
-				if ( yy_state >= YYLAST ||
-					yychk[ yy_state =
-					yyact[ yy_state ] ] != -yy_n )
-				{
-					yy_state = yyact[ yypgo[ yy_n ] ];
-				}
-				goto yy_stack;
-			}
-			yy_len >>= 1;
-			yyval = ( yy_pv -= yy_len )[1];	/* $$ = $1 */
-			yy_state = yypgo[ yy_n = yyr1[ yy_n ] ] +
-				*( yy_ps -= yy_len ) + 1;
-			if ( yy_state >= YYLAST ||
-				yychk[ yy_state = yyact[ yy_state ] ] != -yy_n )
-			{
-				yy_state = yyact[ yypgo[ yy_n ] ];
-			}
-		}
-					/* save until reenter driver code */
-		yystate = yy_state;
-		yyps = yy_ps;
-		yypv = yy_pv;
-	}
-	/*
-	** code supplied by user is placed in this switch
-	*/
-	switch( yytmp )
-	{
-		
-case 5:
-{AddAVA(yypvt[-1].string);} break;
-case 10:
-{AddDefType(yypvt[-2].num, yypvt[-0].string);} break;
-case 11:
-{yyval.num = DEF_C; } break;
-case 12:
-{yyval.num = DEF_CO;} break;
-case 13:
-{yyval.num = DEF_OU;} break;
-case 14:
-{yyval.num = DEF_CN;} break;
-case 15:
-{yyval.num = DEF_L; } break;
-case 16:
-{yyval.num = DEF_E; } break;
-case 17:
-{yyval.num = DEF_ST;} break;
-	}
-	goto yystack;		/* reset registers in driver code */
-}
-

lib/libaccess/wintab.h

@@ -1,26 +0,0 @@
-/** BEGIN COPYRIGHT BLOCK
- * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
- * Copyright (C) 2005 Red Hat, Inc.
- * All rights reserved.
- * END COPYRIGHT BLOCK **/
-
-typedef union
-#ifdef __cplusplus
-	YYSTYPE
-#endif
- {
-  char *string;
-  int  num;
-} YYSTYPE;
-extern YYSTYPE yylval;
-# define DEF_C 257
-# define DEF_CO 258
-# define DEF_OU 259
-# define DEF_CN 260
-# define EQ_SIGN 261
-# define DEF_START 262
-# define DEF_L 263
-# define DEF_E 264
-# define DEF_ST 265
-# define USER_ID 266
-# define DEF_ID 267