htgroup.c

用于linux和其他unix下面的

    GroupDefList *group_def_list = HTList_new();
    GroupDef *group_def;

    while (NULL != (group_def = parse_group_decl(fp)))
	add_group_def(group_def_list, group_def);

    return group_def_list;
}


/*
** Trace functions
*/

PRIVATE void print_item ARGS1(Item *, item)
{
    if (!item)
	fprintf(tfp, "\tNULL-ITEM\n");
    else {
	UserDefList *cur1 = item->user_def_list;
	AddressDefList *cur2 = item->address_def_list;
	Ref *user_ref = (Ref*)HTList_nextObject(cur1);
	Ref *addr_ref = (Ref*)HTList_nextObject(cur2);

	if (user_ref) {
	    fprintf(tfp, "\t[%s%s", user_ref->name,
		    (user_ref->translation ? "*REF*" : ""));
	    while (NULL != (user_ref = (Ref*)HTList_nextObject(cur1)))
		fprintf(tfp, "; %s%s", user_ref->name,
			(user_ref->translation ? "*REF*" : ""));
	    fprintf(tfp, "] ");
	} else fprintf(tfp, "\tANYBODY ");

	if (addr_ref) {
	    fprintf(tfp, "@ [%s", addr_ref->name);
	    while (NULL != (addr_ref = (Ref*)HTList_nextObject(cur2)))
		fprintf(tfp, "; %s", addr_ref->name);
	    fprintf(tfp, "]\n");
	} else fprintf(tfp, "@ ANYADDRESS\n");
    }
}


PRIVATE void print_item_list ARGS1(ItemList *, item_list)
{
    ItemList *cur = item_list;
    Item *item;

    if (!item_list)
	fprintf(tfp, "EMPTY");
    else while (NULL != (item = (Item*)HTList_nextObject(cur)))
	print_item(item);
}


PUBLIC void HTAA_printGroupDef ARGS1(GroupDef *, group_def)
{
    if (!group_def) {
	fprintf(tfp, "\nNULL RECORD\n");
	return;
    }

    fprintf(tfp, "\nGroup %s:\n",
	    (group_def->group_name ? group_def->group_name : "NULL"));

    print_item_list(group_def->item_list);
    fprintf(tfp, "\n");
}


PRIVATE void print_group_def_list ARGS1(GroupDefList *, group_list)
{
    GroupDefList *cur = group_list;
    GroupDef *group_def;

    while (NULL != (group_def = (GroupDef*)HTList_nextObject(cur)))
	HTAA_printGroupDef(group_def);
}



/*
** IP address template matching
*/

/* PRIVATE						part_match()
**		MATCH ONE PART OF INET ADDRESS AGAIST
**		A PART OF MASK (inet address has 4 parts)
** ON ENTRY:
**	tcur	pointer to the beginning of template part.
**	icur	pointer to the beginning of actual inet
**		number part.
**
** ON EXIT:
**	returns	YES, if match.
*/
PRIVATE BOOL part_match ARGS2(CONST char *, tcur,
			      CONST char *, icur)
{
    char required[4];
    char actual[4];
    CONST char *cur;
    int cnt;
    BOOL status;

    if (!tcur || !icur) return NO;

    cur=tcur;
    cnt=0;
    while (cnt < 3  &&  *cur && *cur != '.')
	required[cnt++] = *(cur++);
    required[cnt] = (char)0;

    cur=icur;
    cnt=0;
    while (cnt < 3  &&  *cur && *cur != '.')
	actual[cnt++] = *(cur++);
    actual[cnt] = (char)0;

    status = HTAA_templateMatch(required, actual);
    CTRACE((tfp, "part_match: req: '%s' act: '%s' match: %s\n",
		required, actual, (status ? "yes" : "no")));

    return status;
}



/* PRIVATE						ip_number_match()
**		MATCH INET NUMBER AGAINST AN INET NUMBER MASK
** ON ENTRY:
**	template	mask to match agaist, e.g., 128.141.*.*
**	the_inet_addr	actual inet address, e.g., 128.141.201.74
**
** ON EXIT:
**	returns		YES, if match;  NO, if not.
*/
PRIVATE BOOL ip_number_match ARGS2(CONST char *,	template,
				   CONST char *,	the_inet_addr)
{
    CONST char *tcur = template;
    CONST char *icur = the_inet_addr;
    int cnt;

    for (cnt=0; cnt<4; cnt++) {
	if (!tcur || !icur || !part_match(tcur, icur))
	    return NO;
	if (NULL != (tcur = strchr(tcur, '.'))) tcur++;
	if (NULL != (icur = strchr(icur, '.'))) icur++;
    }
    return YES;
}



/* PRIVATE						is_domain_mask()
**		DETERMINE IF A GIVEN MASK IS A
**		DOMAIN NAME MASK OR AN INET NUMBER MASK
** ON ENTRY:
**	mask	either a domain name mask,
**		e.g.
**			*.cern.ch
**
**		or an inet number mask,
**		e.g.
**			128.141.*.*
**
** ON EXIT:
**	returns	YES, if mask is a domain name mask.
**		NO, if it is an inet number mask.
*/
PRIVATE BOOL is_domain_mask ARGS1(CONST char *,	mask)
{
    CONST char *cur = mask;

    if (!mask) return NO;

    while (*cur) {
	if (*cur != '.'  &&  *cur != '*'  &&  (*cur < '0' || *cur > '9'))
	    return YES;	/* Even one non-digit makes it a domain name mask */
	cur++;
    }
    return NO;	/* All digits and dots, so it is an inet number mask */
}



/* PRIVATE							ip_mask_match()
**		MATCH AN IP NUMBER MASK OR IP NAME MASK
**		AGAINST ACTUAL IP NUMBER OR IP NAME
**
** ON ENTRY:
**	mask		mask.  Mask may be either an inet number
**			mask or a domain name mask,
**			e.g.
**				128.141.*.*
**			or
**				*.cern.ch
**
**	ip_number	IP number of connecting host.
**	ip_name		IP name of the connecting host.
**
** ON EXIT:
**	returns		YES, if hostname/internet number
**			matches the mask.
**			NO, if no match (no fire).
*/
PRIVATE BOOL ip_mask_match ARGS3(CONST char *,	mask,
				 CONST char *,	ip_number,
				 CONST char *,	ip_name)
{
    if (mask && (ip_number || ip_name)) {
	if (is_domain_mask(mask)) {
	    if (HTAA_templateMatch(mask, ip_name))
		return YES;
	}
	else {
	    if (ip_number_match(mask, ip_number))
		return YES;
	}
    }
    return NO;
}




PRIVATE BOOL ip_in_def_list ARGS3(AddressDefList *,	address_def_list,
				  char *,		ip_number,
				  char *,		ip_name)
{
    if (address_def_list && (ip_number || ip_name)) {
	AddressDefList *cur = address_def_list;
	Ref *ref;

	while (NULL != (ref = (Ref*)HTList_nextObject(cur))) {
	    /* Value of ref->translation is ignored, i.e., */
	    /* no recursion for ip address tamplates.	  */
	    if (ip_mask_match(ref->name, ip_number, ip_name))
		return YES;
	}
    }
    return NO;
}


/*
** Group file cached reading
*/

typedef struct {
    char *	   group_filename;
    GroupDefList * group_list;
} GroupCache;

typedef HTList GroupCacheList;

PRIVATE GroupCacheList *group_cache_list = NULL;


PUBLIC GroupDefList *HTAA_readGroupFile ARGS1(CONST char *, filename)
{
    FILE *fp;
    GroupCache *group_cache;

    if (!filename || !*filename) return NULL;

    if (!group_cache_list)
	group_cache_list = HTList_new();
    else {
	GroupCacheList *cur = group_cache_list;

	while (NULL != (group_cache = (GroupCache*)HTList_nextObject(cur))) {
	    if (!strcmp(filename, group_cache->group_filename)) {
		CTRACE((tfp, "%s '%s' %s\n",
			    "HTAA_readGroupFile: group file",
			    filename, "already found in cache"));
		return group_cache->group_list;
	    } /* if cache match */
	} /* while cached files remain */
    } /* cache exists */

    CTRACE((tfp, "HTAA_readGroupFile: reading group file `%s'\n",
		filename));

    if (!(fp = fopen(filename, TXT_R))) {
	CTRACE((tfp, "%s '%s'\n",
		    "HTAA_readGroupFile: unable to open group file",
		    filename));
	return NULL;
    }

    if ((group_cache = typecalloc(GroupCache)) == 0)
	outofmem(__FILE__, "HTAA_readGroupFile");

    group_cache->group_filename = NULL;
    StrAllocCopy(group_cache->group_filename, filename);
    group_cache->group_list = parse_group_file(fp);
    HTList_addObject(group_cache_list, (void*)group_cache);
    fclose(fp);

    CTRACE((tfp, "Read group file '%s', results follow:\n", filename));
    if (TRACE)
	print_group_def_list(group_cache->group_list);

    return group_cache->group_list;
}


/* PUBLIC					HTAA_userAndInetInGroup()
**		CHECK IF USER BELONGS TO TO A GIVEN GROUP
**		AND THAT THE CONNECTION COMES FROM AN
**		ADDRESS THAT IS ALLOWED BY THAT GROUP
** ON ENTRY:
**	group		the group definition structure.
**	username	connecting user.
**	ip_number	browser host IP number, optional.
**	ip_name		browser host IP name, optional.
**			However, one of ip_number or ip_name
**			must be given.
** ON EXIT:
**	returns		HTAA_IP_MASK, if IP address mask was
**			reason for failing.
**			HTAA_NOT_MEMBER, if user does not belong
**			to the group.
**			HTAA_OK if both IP address and user are ok.
*/
PUBLIC HTAAFailReasonType HTAA_userAndInetInGroup ARGS4(GroupDef *, group,
							char *,	    username,
							char *,	    ip_number,
							char *,	    ip_name)
{
    HTAAFailReasonType reason = HTAA_NOT_MEMBER;

    if (group && username) {
	ItemList *cur1 = group->item_list;
	Item *item;

	while (NULL != (item = (Item*)HTList_nextObject(cur1))) {
	    if (!item->address_def_list ||	/* Any address allowed */
		ip_in_def_list(item->address_def_list, ip_number, ip_name)) {

		if (!item->user_def_list)	/* Any user allowed */
		    return HTAA_OK;
		else {
		    UserDefList *cur2 = item->user_def_list;
		    Ref *ref;

		    while (NULL != (ref = (Ref*)HTList_nextObject(cur2))) {

			if (ref->translation) {	/* Group, check recursively */
			    reason = HTAA_userAndInetInGroup(ref->translation,
							     username,
							     ip_number,ip_name);
			    if (reason == HTAA_OK)
				return HTAA_OK;
			}
			else {	/* Username, check directly */
			    if (username && *username &&
				0==strcmp(ref->name, username))
				return HTAA_OK;
			}
		    } /* Every user/group name in this group */
		} /* search for username */
	    } /* IP address ok */
	    else {
		reason = HTAA_IP_MASK;
	    }
	} /* while items in group */
    } /* valid parameters */

    return reason;		/* No match, or invalid parameters */
}


PUBLIC void GroupDef_delete ARGS1(GroupDef *, group_def)
{
    if (group_def) {
	FREE(group_def->group_name);
	if (group_def->item_list) {
	    HTList_delete(group_def->item_list);	/* @@@@ */
	    group_def->item_list = NULL;
	}
	FREE(group_def);
    }
}