Bug 630090 - (cov#11974) Remove unused ACL functions

Coverity flagged a memory corruption issue in an old unused
ACL function.  It is best to just remove these unused functions.
The functions removed are:

  ACL_ParseFile
  ACL_WriteFile
  ACL_WriteString
  ACL_Decompose
  acl_to_str_*
  acl_decompose_*

include/libaccess/aclproto.h

@@ -58,13 +58,7 @@ NSPR_BEGIN_EXTERN_C
 /*********************************************************************
  *  ACL language and file interfaces
  *********************************************************************/
-
-NSAPI_PUBLIC ACLListHandle_t * ACL_ParseFile(NSErr_t *errp, char *filename);
 NSAPI_PUBLIC ACLListHandle_t * ACL_ParseString(NSErr_t *errp, char *buffer);
-NSAPI_PUBLIC int ACL_Decompose(NSErr_t *errp, char **acl, ACLListHandle_t *acl_list);
-NSAPI_PUBLIC int ACL_WriteString(NSErr_t *errp, char **acl, ACLListHandle_t *acllist);
-NSAPI_PUBLIC int ACL_WriteFile(NSErr_t *errp, char *filename, ACLListHandle_t *acllist);
-
 
 /*********************************************************************
  *  ACL Expression construction interfaces

include/public/nsacl/aclapi.h

@@ -352,14 +352,7 @@ NSAPI_PUBLIC extern ACLDispatchVector_t *__nsacl_table;
 
     /*  ACL language and file interfaces */
 
-#define ACL_ParseFile (*__nsacl_table->f_ACL_ParseFile)
 #define ACL_ParseString (*__nsacl_table->f_ACL_ParseString)
-#define ACL_WriteString (*__nsacl_table->f_ACL_WriteString)
-#define ACL_WriteFile (*__nsacl_table->f_ACL_WriteFile)
-#define ACL_FileRenameAcl (*__nsacl_table->f_ACL_FileRenameAcl)
-#define ACL_FileDeleteAcl (*__nsacl_table->f_ACL_FileDeleteAcl)
-#define ACL_FileGetAcl (*__nsacl_table->f_ACL_FileGetAcl)
-#define ACL_FileSetAcl (*__nsacl_table->f_ACL_FileSetAcl)
 
     /*  ACL Expression construction interfaces  
      *  These are low-level interfaces that may be useful to those who are not

lib/libaccess/acltools.cpp

@@ -1360,74 +1360,6 @@ Symbol_t *sym;
     return( result );
 }
 
-/*  
- * Function parses an input ACL file and resturns an
- * ACLListHandle_t pointer that represents the entire
- * file without the comments.
- * 
- * Input:
- *	filename	the name of the target ACL text file
- *	errp		a pointer to an error stack
- *
- * Returns:
- * 	NULL 		parse failed
- *  
- */
-
-NSAPI_PUBLIC ACLListHandle_t *
-ACL_ParseFile( NSErr_t *errp, char *filename )
-{
-ACLListHandle_t 	*handle = NULL;
-int			eid = 0;
-int			rv = 0;
-char			*errmsg;
-
-    ACL_InitAttr2Index();
-
-    if ( acl_parse_crit == NULL )
-        acl_parse_crit = crit_init();
-
-    crit_enter( acl_parse_crit );
-
-    if ( acl_InitScanner( errp, filename, NULL ) < 0 ) {
-        rv = ACLERROPEN;
-	eid = ACLERR1900;
-        errmsg = system_errmsg();
-        nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg);
-    } else {
-    
-        handle = ACL_ListNew(errp);
-        if ( handle == NULL ) {
-            rv = ACLERRNOMEM;
-            eid = ACLERR1920;
-            nserrGenerate(errp, rv, eid, ACL_Program, 0);
-        } else if ( acl_PushListHandle( handle ) < 0 ) {
-            rv = ACLERRNOMEM;
-            eid = ACLERR1920;
-            nserrGenerate(errp, rv, eid, ACL_Program, 0);
-        } else if ( acl_Parse() ) {
-            rv = ACLERRPARSE;
-            eid = ACLERR1780;
-        }
-    
-        if ( acl_EndScanner() < 0 ) {
-            rv = ACLERROPEN;
-            eid = ACLERR1500;
-            errmsg = system_errmsg();
-            nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg);
-        }
-
-    }
-
-    if ( rv || eid ) {
-        ACL_ListDestroy(errp, handle);
-        handle = NULL;
-    }
-
-    crit_exit( acl_parse_crit );
-    return(handle);
-
-}
 
 /*  
  * Function parses an input ACL string and returns an
@@ -1628,374 +1560,6 @@ char		*tmp;
     return(0);
 }
 
-/*
- * LOCAL FUNCTION
- *
- * Appends str2 to str1.
- *
- * Input:
- *	str1	an existing dynamically allocated string
- * 	str2	a text string
- * Returns:
- *	0	success
- *	< 0	failure
- */
-
-static int
-acl_to_str_append(acl_string_t * p_aclstr, const char *str2)
-{
-	int str2len, newlen;
-
-	if (p_aclstr == NULL || str2 == NULL) 
-		return (ACLERRINTERNAL);
-	if (p_aclstr->str == NULL) {
-		p_aclstr->str = (char *) PERM_MALLOC(4096);
-		if (p_aclstr->str == NULL)
-			return (ACLERRNOMEM);
-		p_aclstr->str_size = 4096;
-		p_aclstr->str_len  = 0;
-	}
-	
-	str2len = strlen(str2);
-	newlen = p_aclstr->str_len + str2len;
-	if (newlen >= p_aclstr->str_size) {
-		p_aclstr->str_size = str2len > 4095 ? str2len+p_aclstr->str_size+1 : 4096+p_aclstr->str_size ; 
-		p_aclstr->str = (char *) PERM_REALLOC(p_aclstr->str, p_aclstr->str_size);
-		if (p_aclstr->str == NULL)
-			return (ACLERRNOMEM);
-	}
-	memcpy((void *)&(p_aclstr->str[p_aclstr->str_len]), (void *) str2, str2len+1);
-	p_aclstr->str_len += str2len;
-	return 0;
-}
-
-/*
- * LOCAL FUNCTION
- *
- * Output Authorization Expression type either "Allow" or "Deny"
- */
-
-static int
-acl_to_str_expr_type( acl_string_t *str_t, ACLExprHandle_t *expr )
-{
-    switch (expr->expr_type) {
-    case ACL_EXPR_TYPE_ALLOW:
-        acl_to_str_append(str_t, "allow ");
-        if ( IS_ABSOLUTE(expr->expr_flags) )
-            acl_to_str_append(str_t, "absolute ");
-        return(0);
-    case ACL_EXPR_TYPE_DENY:
-        acl_to_str_append(str_t, "deny ");
-        if ( IS_ABSOLUTE(expr->expr_flags) )
-            acl_to_str_append(str_t, "absolute ");
-        return(0);
-    case ACL_EXPR_TYPE_AUTH:
-        acl_to_str_append(str_t, "authenticate ");
-        if ( IS_ABSOLUTE(expr->expr_flags) )
-            acl_to_str_append(str_t, "absolute ");
-        return(0);
-    case ACL_EXPR_TYPE_RESPONSE:
-        acl_to_str_append(str_t, "deny with ");
-        return(0);
-    default:
-        return(ACLERRINTERNAL);
-    }
-}
-
-/*
- * LOCAL FUNCTION
- *
- * Output Authorization Expression Rights "(right, right)" 
- */
-
-static int
-acl_to_str_expr_arg( acl_string_t *str_t, ACLExprHandle_t *expr )
-{
-int 		ii;
-
-    if ( expr->expr_argc <= 0 ) {
-        return(ACLERRINTERNAL);
-    }
-
-    if ( expr->expr_type == ACL_EXPR_TYPE_RESPONSE ) {
-	acl_to_str_append(str_t, expr->expr_argv[0]);
-	acl_to_str_append(str_t, "=\"");
-	acl_to_str_append(str_t, expr->expr_argv[1]);
-        acl_to_str_append(str_t, "\";\n");
-        return(0);
-    }
-   
-    acl_to_str_append(str_t, "(");
-    for (ii = 0; ii < expr->expr_argc; ii++) {
-        acl_to_str_append(str_t, expr->expr_argv[ii]);
-        if ( ii < expr->expr_argc - 1 ) {
-            acl_to_str_append(str_t, ",");
-        }
-    }
-    acl_to_str_append(str_t, ") ");
-
-    return(0);
-}
-
-/*
- * LOCAL FUNCTION
- *
- * Walks through the authentication statement PList_t and
- * prints the structure to a string.
- */
-
-static void 
-acl_to_str_auth_expr(char *lval, const void *rval, void *user_data)
-{
-    // ###### char **str = (char **) user_data;
-    acl_string_t * p_aclstr = (acl_string_t *) user_data;
-
-    acl_to_str_append(p_aclstr, "\t");
-    acl_to_str_append(p_aclstr, lval);
-    acl_to_str_append(p_aclstr, " = \"");
-    acl_to_str_append(p_aclstr, (char *) rval);
-    acl_to_str_append(p_aclstr, "\";\n");
-
-    return;
-}
-
-/*
- * LOCAL FUNCTION
- *
- * Output the logic part of the authencation statement to a string. 
- */
-
-static int
-acl_to_str_auth_logic( acl_string_t *str_t, ACLExprHandle_t *expr)
-{
-
-    if ( expr->expr_auth == NULL ) {
-        acl_to_str_append(str_t, "{\n");
-        acl_to_str_append(str_t, "# Authenticate statement with no body?\n");
-        acl_to_str_append(str_t, "\tnull=null;\n");
-        acl_to_str_append(str_t, "};\n");
-        return(0);
-    }
-
-    acl_to_str_append(str_t, "{\n");
-    PListEnumerate(expr->expr_auth, acl_to_str_auth_expr, (void *) str_t);
-    acl_to_str_append(str_t, "};\n");
-
-    return(0);
-}
-
-
-/*
- * LOCAL FUNCTION
- *
- * Output the logic part of the authorization statement to a string. 
- */
-
-static int
-acl_to_str_expr_logic( acl_string_t *str_t, ACLExprHandle_t *expr, ACLExprStack_t *expr_stack)
-{
-int 		rv = 0;
-int 		ii;
-
-    expr_stack->stack_index = 0;
-    expr_stack->found_subexpression = 0;
-    expr_stack->last_subexpression = -1;
-
-    for (ii = 0; ii < expr->expr_raw_index; ii++) {
-        rv = acl_reduce_expr_logic(expr_stack, &expr->expr_raw[ii]);
-        if (rv) break;
-    }
-
-    if (!rv && expr_stack->expr_text[0]) {
-        acl_to_str_append(str_t, "\n    ");
-        acl_to_str_append(str_t, expr_stack->expr_text[0]);
-        acl_to_str_append(str_t, ";\n");
-        PERM_FREE(expr_stack->expr_text[0]);
-    }
-
-    return(rv);
-}
-
-/*
- * LOCAL FUNCTION
- *
- * Output an ACL list to a string. 
- */
-
-static int
-acl_to_str_create( acl_string_t *str_t, ACLListHandle_t *acl_list )
-{
-ACLWrapper_t 	*wrap;
-ACLHandle_t 	*acl;
-ACLExprHandle_t *expr;
-int 		rv = 0;
-ACLExprStack_t 	*expr_stack;
-
-    expr_stack = (ACLExprStack_t *) PERM_MALLOC(sizeof(ACLExprStack_t));
-    if ( expr_stack == NULL )
-        return(ACLERRNOMEM);
-
-    acl_to_str_append(str_t, "# File automatically written\n");
-    acl_to_str_append(str_t, "#\n");
-    acl_to_str_append(str_t, "# You may edit this file by hand\n");
-    acl_to_str_append(str_t, "#\n\n");
-    if ( acl_list->acl_list_head == NULL ) {
-        PERM_FREE(expr_stack);
-        return(0);
-    }
-
-    acl_to_str_append(str_t, "version 3.0;\n");
-    for (wrap = acl_list->acl_list_head; wrap && !rv; 
-         wrap = wrap->wrap_next ) {
-        acl = wrap->acl;
-        if ( acl->tag ) {
-            acl_to_str_append(str_t,  "\nacl \"");
-            acl_to_str_append(str_t, acl->tag);
-            acl_to_str_append(str_t, "\";\n");
-        } else {
-            acl_to_str_append(str_t, "\nacl;\n");
-        }
-            
-        for (expr = acl->expr_list_head; expr && rv == 0; 
-             expr = expr->expr_next ) {
-
-            if ( (rv = acl_to_str_expr_type(str_t, expr)) < 0 ) 
-                break;
-
-            if ( (rv = acl_to_str_expr_arg(str_t, expr)) < 0) 
-                break;
-
-            switch (expr->expr_type) {
-            case ACL_EXPR_TYPE_DENY:
-            case ACL_EXPR_TYPE_ALLOW:
-                rv = acl_to_str_expr_logic(str_t, expr, expr_stack);
-                break;
-            case ACL_EXPR_TYPE_AUTH:
-                rv = acl_to_str_auth_logic(str_t, expr);
-                break;
-            case ACL_EXPR_TYPE_RESPONSE:
-                break;
-	    }
-
-        }
-    }
-
-    PERM_FREE(expr_stack);
-    return(rv);
-}
-
-
-/*
- * Creates an ACL text string from an ACL handle
- *
- * Input:
- *	errp		error stack	
- *	acl		target text string pointer 
- *	acl_list	Source ACL list handle
- * Ouput:
- *	acl		a chunk of dynamic memory pointing to ACL text
- * Returns:
- *    0			success
- *    < 0		failure
- */
-
-NSAPI_PUBLIC int
-ACL_WriteString(NSErr_t *errp, char **acl, ACLListHandle_t *acl_list)
-{
-    int rv;
-    acl_string_t str_t = {NULL,0,0};
-
-    if ( acl_list == NULL || acl == NULL )
-        return(ACLERRUNDEF);
-
-    rv = acl_to_str_create(&str_t, acl_list);
-    *acl = str_t.str;
-
-    return ( rv );
-}
-
-/*
- * Write an ACL text file from an input ACL list structure.
- *
- * Input:
- *	filename 	name for the output text file
- *	acl_list 	a list of ACLs to convert to text
- * Output:
- *	errp 		an error stack, set if there are errors 
- *			to report
- * Returns:
- * 	0		success
- *	ACLERROPEN, 
- *	ACLERRNOMEM 	on failure
- */
-
-NSAPI_PUBLIC int
-ACL_WriteFile( NSErr_t *errp, char *filename, ACLListHandle_t *acl_list )
-{
-int		rv;
-int		eid;
-char		*errmsg;
-#ifdef UTEST
-FILE		*ofp;
-#else
-SYS_FILE	ofp;
-#endif
-acl_string_t    aclstr = {NULL,0,0};
-char		*acl_text = NULL;
-
-    if ( filename == NULL || acl_list == NULL ) {
-        rv = ACLERROPEN;
-	eid = ACLERR1900;
-        errmsg = system_errmsg();
-        nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg);
-	return(ACLERROPEN);
-    }
-
-#ifdef UTEST
-    ofp = fopen(filename, "w");
-    if ( ofp == NULL ) {
-#else
-    ofp = system_fopenWT(filename);
-    if ( ofp == SYS_ERROR_FD ) {
-#endif
-        rv = ACLERROPEN;
-	eid = ACLERR1900;
-        errmsg = system_errmsg();
-        nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg);
-	return(ACLERROPEN);
-    }
-
-    rv = acl_to_str_create(&aclstr, acl_list); 
-    acl_text = aclstr.str;
-
-    if ( rv ) {
-        eid = ACLERR3000;
-        rv = ACLERRNOMEM;
-        nserrGenerate(errp, rv, eid, ACL_Program, 0);
-    } else {
-#ifdef UTEST
-	if (fputs(acl_text, ofp) == 0) {
-#else
-        if (system_fwrite_atomic(ofp, acl_text, strlen(acl_text))==IO_ERROR) {
-#endif
-             eid = ACLERR3200;
-             rv = ACLERRIO;
-             errmsg = system_errmsg();
-             nserrGenerate(errp, rv, eid, ACL_Program, 2, filename, errmsg);
-        }
-    }
-
-    if ( acl_text ) 
-        PERM_FREE(acl_text);
-
-#ifdef UTEST
-    fclose(ofp);
-#else
-    system_fclose(ofp);
-#endif
-
-    return(rv);
-}
 
 /*
  * Delete a named ACL from an ACL list
@@ -2456,211 +2020,6 @@ ACL_ListPostParseForAuth(NSErr_t *errp, ACLListHandle_t *acl_list )
 
 }
 
-/*
- * LOCAL FUNCTION
- *
- * Output Authorization Expression Rights "right, right" 
- */
-
-static int
-acl_decompose_expr_arg( acl_string_t *str_t, ACLExprHandle_t *expr )
-{
-int 		ii;
-
-    if ( expr->expr_argc <= 0 ) {
-        return(ACLERRINTERNAL);
-    }
-
-    if ( expr->expr_type == ACL_EXPR_TYPE_RESPONSE ) {
-        acl_to_str_append(str_t, expr->expr_argv[0]);
-        acl_to_str_append(str_t, " \"");
-        acl_to_str_append(str_t, expr->expr_argv[1]);
-        acl_to_str_append(str_t, "\";\n");
-        return(0);
-    }
-   
-    for (ii = 0; ii < expr->expr_argc; ii++) {
-        acl_to_str_append(str_t, expr->expr_argv[ii]);
-        if ( ii < expr->expr_argc - 1 ) {
-            acl_to_str_append(str_t, ",");
-        }
-    }
-    acl_to_str_append(str_t, ";\n");
-
-    return(0);
-}
-
-/*
- * LOCAL FUNCTION
- *
- * Walks through the authentication statement PList_t and
- * prints the structure to a string.
- */
-
-static void 
-acl_decompose_auth_expr(char *lval, const void *rval, void *user_data)
-{
-    acl_string_t * p_aclstr = (acl_string_t *) user_data;
-    // ####
-
-    acl_to_str_append(p_aclstr, " ");
-    acl_to_str_append(p_aclstr, lval);
-    acl_to_str_append(p_aclstr, "=\"");
-    acl_to_str_append(p_aclstr, (char *) rval);
-    acl_to_str_append(p_aclstr, "\"");
-
-    return;
-}
-
-/*
- * LOCAL FUNCTION
- *
- * Output the logic part of the authencation statement to a string. 
- */
-
-static int
-acl_decompose_auth_logic( acl_string_t * str_t, ACLExprHandle_t *expr)
-{
-
-    if ( expr->expr_auth == NULL ) 
-        return(0);
-
-    acl_to_str_append(str_t, "exprs");
-    PListEnumerate(expr->expr_auth, acl_decompose_auth_expr, (void *) str_t);
-    acl_to_str_append(str_t, ";\n");
-
-    return(0);
-}
-
-/*
- * LOCAL FUNCTION
- *
- * Output the logic part of the authorization statement to a string. 
- */
-
-static int
-acl_decompose_expr_logic( acl_string_t *str_t, ACLExprHandle_t *expr, ACLExprStack_t *expr_stack)
-{
-int 		rv = 0;
-int 		ii;
-
-    expr_stack->stack_index = 0;
-    expr_stack->found_subexpression = 0;
-    expr_stack->last_subexpression = -1;
-
-    for (ii = 0; ii < expr->expr_raw_index; ii++) {
-        rv = acl_reduce_expr_logic(expr_stack, &expr->expr_raw[ii]);
-        if (rv) break;
-    }
-
-    if (!rv && expr_stack->expr_text[0]) {
-        acl_to_str_append(str_t, "exprs ");
-        acl_to_str_append(str_t, expr_stack->expr_text[0]);
-        acl_to_str_append(str_t, ";\n");
-        PERM_FREE(expr_stack->expr_text[0]);
-    }
-
-    return(rv);
-}
-
-static int
-acl_decompose(acl_string_t *str_t, ACLListHandle_t *acl_list)
-{
-ACLWrapper_t 	*wrap;
-ACLHandle_t 	*acl;
-ACLExprHandle_t *expr;
-int 		rv = 0;
-ACLExprStack_t 	*expr_stack;
-
-    expr_stack = (ACLExprStack_t *) PERM_MALLOC(sizeof(ACLExprStack_t));
-    if ( expr_stack == NULL )
-        return(ACLERRNOMEM);
-
-    if ( acl_list->acl_list_head == NULL ) {
-        PERM_FREE(expr_stack);
-        return(0);
-    }
-
-    acl_to_str_append(str_t, "version 3.0;");
-    for (wrap = acl_list->acl_list_head; wrap && !rv; 
-         wrap = wrap->wrap_next ) {
-        acl = wrap->acl;
-        if ( acl->tag ) {
-            acl_to_str_append(str_t, "\nname \"");
-            acl_to_str_append(str_t, acl->tag);
-            acl_to_str_append(str_t, "\";\n");
-        } else {
-            acl_to_str_append(str_t, "\nname;\n");
-        }
-            
-        for (expr = acl->expr_list_head; expr && rv == 0; 
-             expr = expr->expr_next ) {
-
-            switch (expr->expr_type) {
-            case ACL_EXPR_TYPE_DENY:
-                acl_to_str_append(str_t, "type deny;\nrights ");
-                if ( (rv = acl_decompose_expr_arg(str_t, expr)) < 0 )
-                    break;
-                if ( IS_ABSOLUTE(expr->expr_flags) )
-                    acl_to_str_append(str_t, "absolute true;\n");
-                rv = acl_decompose_expr_logic(str_t, expr, expr_stack);
-                break;
-            case ACL_EXPR_TYPE_ALLOW:
-                acl_to_str_append(str_t, "type allow;\nrights ");
-                if ( (rv = acl_decompose_expr_arg(str_t, expr)) < 0 )
-                    break;
-                if ( IS_ABSOLUTE(expr->expr_flags) )
-                    acl_to_str_append(str_t, "absolute true;\n");
-                rv = acl_decompose_expr_logic(str_t, expr, expr_stack);
-                break;
-            case ACL_EXPR_TYPE_AUTH:
-                acl_to_str_append(str_t, "type authenticate;\nattrs ");
-                if ( (rv = acl_decompose_expr_arg(str_t, expr)) < 0 )
-                    break;
-                if ( IS_ABSOLUTE(expr->expr_flags) )
-                    acl_to_str_append(str_t, "absolute true;\n");
-                rv = acl_decompose_auth_logic(str_t, expr);
-                break;
-            case ACL_EXPR_TYPE_RESPONSE:
-                acl_to_str_append(str_t, "type response;\nattrs ");
-                rv = acl_decompose_expr_arg(str_t, expr);
-                break;
-	    }
-        }
-    }
-
-    PERM_FREE(expr_stack);
-    return(rv);
-}
-
-/*
- * Converts an ACLListHandle_t to a parameter list suitable for passing
- * to the ACL UI.  
- *
- * Input:
- *	errp		error stack	
- *	acl		a pointer to a string, holds the result of the
- *			decomposition.
- *	acl_list	Target ACL list handle
- * Returns:
- *    0			success
- *    < 0		failure
- */
-
-NSAPI_PUBLIC int
-ACL_Decompose(NSErr_t *errp, char **acl, ACLListHandle_t *acl_list)
-{
-    int rv ;
-    acl_string_t aclstr={NULL,0,0};
-
-    if ( acl_list == NULL || acl == NULL )
-        return(ACLERRUNDEF);
-   
-    rv = acl_decompose(&aclstr, acl_list);
-    *acl = aclstr.str;
-
-    return ( rv );
-}
 
 /*
  * The following routines are used to validate input parameters.  They always

lib/libaccess/oneeval.cpp

@@ -137,10 +137,10 @@ static ACLDispatchVector_t __nsacl_vector = {
 
     /*  ACL language and file interfaces */
 
-    ACL_ParseFile,
+    NULL /* ex ACL_ParseFile*/,
     ACL_ParseString,
-    ACL_WriteString,
-    ACL_WriteFile,
+    NULL /* ex ACL_WriteString*/,
+    NULL /* ex ACL_WriteFile */,
     NULL /* ex ACL_FileRenameAcl */,
     NULL /* ex ACL_FileDeleteAcl */,
     NULL /* ex ACL_FileGetAcl */,