upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-06-10 17:20:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Initial Merge of REGEX/ACLGROUP code from Allan Stuart

Browse source
This commit is contained in:
Kurt Zeilenga 1998-08-21 02:51:54 +00:00
parent b7fb751822
commit e024cfd80f
16 changed files with 487 additions and 2510 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
Make-common
View file

@ -28,8 +28,9 @@
# man pages are put under MANDIR
# programs end-users will run are put in BINDIR
#
INSTROOT=/usr/local
ETCDIR= $(INSTROOT)/etc
PREFIX?=/usr/local
INSTROOT=${PREFIX}
ETCDIR= $(INSTROOT)/etc/ldap
INCLUDEDIR= $(INSTROOT)/include
LIBDIR= $(INSTROOT)/lib
MANDIR= $(INSTROOT)/man
@ -44,9 +45,12 @@ RUNTIMEETCDIR= $(ETCDIR)
## General compiler options ##
#############################################################################
# Passed to every compile (cc or gcc). This is where you put -O or -g, etc.
#EXTRACFLAGS=-g
# EXTRACFLAGS=-O -g # -DACLGROUP
# EXTRACFLAGS=-O
# Passed to every link (ld). Include -g here if you did in EXTRACFLAGS.
#EXTRALDFLAGS=-g
EXTRALDFLAGS=-g
REGEXLIB?=
#############################################################################
## If you are NOT using Kerberos authentication, you can skip this section.##
@ -120,10 +124,11 @@ SLAPD_BACKENDS= -DLDAP_LDBM -DLDAP_SHELL -DLDAP_PASSWD
# If you have included -DLDAP_LDBM in the SLAPD_BACKENDS line you need
# to specify which low-level database package to use. There are
# four choices: Berkeley db b-tree, Berkeley db hash, GNU dbm, or ndbm.
# You will also need to edit the include and lib strings appropriately.
#
# berkeley db btree package
#LDBMBACKEND=-DLDBM_USE_DBBTREE
#LDBMINCLUDE=-I/usr/local/db/include
LDBMBACKEND=-DLDBM_USE_DBBTREE
LDBMINCLUDE=-I/usr/include
#LDBMLIB=-ldb
# berkeley db hash package
#LDBMBACKEND=-DLDBM_USE_DBHASH
@ -134,11 +139,11 @@ SLAPD_BACKENDS= -DLDAP_LDBM -DLDAP_SHELL -DLDAP_PASSWD
#LDBMINCLUDE=-I/usr/local/gdbm/include
#LDBMLIB=-lgdbm
# standard unix ndbm
LDBMBACKEND=-DLDBM_USE_NDBM
#LDBMBACKEND=-DLDBM_USE_NDBM
#
# if you want to use a non-default threads package change these lines
#THREADS=-DNO_THREADS
#THREADSLIB=
#THREADS=-DPOSIX_THREADS
#THREADSLIB= -pthread
#############################################################################
## The following options are used by the xax500 client. If you haven't ##
@ -195,6 +200,15 @@ LDAP_DEBUG=-DLDAP_DEBUG
# uncomment this line to enable support for LDAP referrals in libldap
LDAP_REFERRALS=-DLDAP_REFERRALS
# uncomment these lines to enable support for CRYPT passwords in LDBM.
#LDAP_CRYPT=-DLDAP_CRYPT
#LDAP_CRYPT_LIB=-lcrypt
# uncomment these lines to enable support fro tcp_wrappers in servers.
# Requires tcp_wrappers.
#LDAP_TCP_WRAPPERS=-DTCP_WRAPPERS -I/usr/local/include
#LDAP_TCP_WRAPPERS_LIB=-L/usr/local/lib -lwrap
# uncomment this line to use soundex for approximate matches in slapd.
# the default is to use the metaphone algorithm.
#PHONETIC=-DSOUNDEX

1
build/platforms/freebsd-gcc/Make-platform
View file

@ -14,5 +14,4 @@
CC = cc
PLATFORMCFLAGS= -Dfreebsd
PLATFORMLIBS= -lcompat

81
libraries/libldap/Make-template
View file

@ -17,13 +17,13 @@ LDAPSRC = ../..
SRCS = bind.c open.c result.c error.c compare.c search.c \
modify.c add.c modrdn.c delete.c abandon.c ufn.c cache.c \
getfilter.c regex.c sbind.c kbind.c unbind.c friendly.c cldap.c \
getfilter.c sbind.c kbind.c unbind.c friendly.c cldap.c \
free.c disptmpl.c srchpref.c dsparse.c tmplout.c sort.c \
getdn.c getentry.c getattr.c getvalues.c addentry.c \
request.c getdxbyname.c os-ip.c url.c charset.c
OBJS = bind.o open.o result.o error.o compare.o search.o \
modify.o add.o modrdn.o delete.o abandon.o ufn.o cache.o \
getfilter.o regex.o sbind.o kbind.o unbind.o friendly.o cldap.o \
getfilter.o sbind.o kbind.o unbind.o friendly.o cldap.o \
free.o disptmpl.o srchpref.o dsparse.o tmplout.o sort.o \
getdn.o getentry.o getattr.o getvalues.o addentry.o \
request.o getdxbyname.o os-ip.o url.o charset.o
@ -96,48 +96,43 @@ links:
# DO NOT DELETE THIS LINE -- mkdep uses it.
# DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY.
bind.o: bind.c ../../include/lber.h ../../include/ldap.h
open.o: open.c ../../include/lber.h ../../include/ldap.h ldap-int.h
result.o: result.c ../../include/portable.h ../../include/lber.h
result.o: ../../include/ldap.h ldap-int.h
error.o: error.c ../../include/lber.h ../../include/ldap.h
compare.o: compare.c ../../include/lber.h ../../include/ldap.h ldap-int.h
search.o: search.c ../../include/lber.h ../../include/ldap.h ldap-int.h
modify.o: modify.c ../../include/lber.h ../../include/ldap.h ldap-int.h
add.o: add.c ../../include/lber.h ../../include/ldap.h ldap-int.h
modrdn.o: modrdn.c ../../include/lber.h ../../include/ldap.h ldap-int.h
delete.o: delete.c ../../include/lber.h ../../include/ldap.h ldap-int.h
abandon.o: abandon.c ../../include/lber.h ../../include/ldap.h ldap-int.h
ufn.o: ufn.c ../../include/lber.h ../../include/ldap.h
cache.o: cache.c ../../include/lber.h ../../include/ldap.h ldap-int.h
getfilter.o: getfilter.c ../../include/lber.h ../../include/ldap.h
getfilter.o: ../../include/regex.h
regex.o: regex.c ../../include/portable.h
sbind.o: sbind.c ../../include/lber.h ../../include/ldap.h ldap-int.h
kbind.o: kbind.c ../../include/lber.h ../../include/ldap.h ldap-int.h
unbind.o: unbind.c ../../include/lber.h ../../include/ldap.h ldap-int.h
friendly.o: friendly.c ../../include/lber.h ../../include/ldap.h
cldap.o: cldap.c ../../include/lber.h ../../include/ldap.h ldap-int.h
free.o: free.c ../../include/lber.h ../../include/ldap.h
disptmpl.o: disptmpl.c ../../include/lber.h ../../include/ldap.h
disptmpl.o: ../../include/disptmpl.h
srchpref.o: srchpref.c ../../include/lber.h ../../include/ldap.h
srchpref.o: ../../include/srchpref.h
dsparse.o: dsparse.c ../../include/lber.h ../../include/ldap.h
tmplout.o: tmplout.c ../../include/lber.h ../../include/ldap.h
tmplout.o: ../../include/disptmpl.h
sort.o: sort.c ../../include/lber.h ../../include/ldap.h
getdn.o: getdn.c ../../include/lber.h ../../include/ldap.h
getentry.o: getentry.c ../../include/lber.h ../../include/ldap.h
getattr.o: getattr.c ../../include/lber.h ../../include/ldap.h ldap-int.h
getvalues.o: getvalues.c ../../include/lber.h ../../include/ldap.h
addentry.o: addentry.c ../../include/lber.h ../../include/ldap.h
request.o: request.c ../../include/portable.h ../../include/lber.h
request.o: ../../include/ldap.h ldap-int.h
bind.o: bind.c ../../include/lber.h ../../include/proto-ldap.h
open.o: open.c ../../include/proto-lber.h ../../include/proto-ldap.h
result.o: result.c ../../include/portable.h ../../include/proto-lber.h
result.o: ../../include/proto-ldap.h
error.o: error.c ../../include/lber.h ../../include/proto-ldap.h
compare.o: compare.c ../../include/lber.h ../../include/proto-ldap.h
search.o: search.c ../../include/lber.h ../../include/proto-ldap.h
modify.o: modify.c ../../include/lber.h ../../include/proto-ldap.h
add.o: add.c ../../include/lber.h ../../include/proto-ldap.h
modrdn.o: modrdn.c ../../include/lber.h ../../include/proto-ldap.h
delete.o: delete.c ../../include/lber.h ../../include/proto-ldap.h
abandon.o: abandon.c ../../include/lber.h ../../include/proto-ldap.h
ufn.o: ufn.c ../../include/lber.h ../../include/proto-ldap.h
cache.o: cache.c ../../include/lber.h ../../include/proto-ldap.h
getfilter.o: getfilter.c ../../include/lber.h ../../include/proto-ldap.h
regex.o: regex.c
sbind.o: sbind.c ../../include/lber.h ../../include/proto-ldap.h
kbind.o: kbind.c
unbind.o: unbind.c ../../include/proto-lber.h ../../include/proto-ldap.h
friendly.o: friendly.c ../../include/lber.h ../../include/proto-ldap.h
cldap.o: cldap.c
free.o: free.c ../../include/ldap.h
disptmpl.o: disptmpl.c ../../include/proto-lber.h ../../include/disptmpl.h
srchpref.o: srchpref.c ../../include/proto-lber.h ../../include/srchpref.h
dsparse.o: dsparse.c ../../include/proto-lber.h
tmplout.o: tmplout.c ../../include/proto-lber.h ../../include/proto-ldap.h
sort.o: sort.c ../../include/proto-lber.h ../../include/proto-ldap.h
getdn.o: getdn.c ../../include/lber.h ../../include/proto-ldap.h
getentry.o: getentry.c ../../include/lber.h ../../include/proto-ldap.h
getattr.o: getattr.c ../../include/lber.h ../../include/proto-ldap.h
getvalues.o: getvalues.c ../../include/lber.h ../../include/proto-ldap.h
addentry.o: addentry.c ../../include/lber.h ../../include/proto-ldap.h
request.o: request.c ../../include/portable.h ../../include/proto-lber.h
request.o: ../../include/proto-ldap.h
getdxbyname.o: getdxbyname.c
os-ip.o: os-ip.c ../../include/portable.h ../../include/lber.h
os-ip.o: ../../include/ldap.h
url.o: url.c ../../include/lber.h ../../include/ldap.h ldap-int.h
os-ip.o: os-ip.c ../../include/proto-lber.h ../../include/proto-ldap.h
url.o: url.c ../../include/lber.h ../../include/proto-ldap.h
charset.o: charset.c
# IF YOU PUT ANYTHING HERE IT WILL GO AWAY

57
libraries/libldap/getfilter.c
View file

@ -10,13 +10,13 @@ static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#if defined(NeXT)
#include <sys/types.h>
#include <regex.h>
#endif
#ifdef MACOS
#include <stdlib.h>
#include "macos.h"
#else /* MACOS */
#ifdef DOS
@ -25,7 +25,6 @@ static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of
#else /* DOS */
#include <sys/types.h>
#include <sys/file.h>
#include <stdlib.h>
#include <sys/errno.h>
#ifndef VMS
#include <unistd.h>
@ -35,7 +34,6 @@ static char copyright[] = "@(#) Copyright (c) 1993 Regents of the University of
#include "lber.h"
#include "ldap.h"
#include "regex.h"
#ifdef NEEDPROTOS
static int break_into_words( char *str, char *delims, char ***wordsp );
@ -49,7 +47,6 @@ void free_strarray();
#if !defined( MACOS ) && !defined( DOS )
extern int errno;
extern char *re_comp();
#endif
#define FILT_MAX_LINE_LEN 1024
@ -107,8 +104,10 @@ ldap_init_getfilter_buf( char *buf, long buflen )
LDAPFiltDesc *lfdp;
LDAPFiltList *flp, *nextflp;
LDAPFiltInfo *fip, *nextfip;
char *tag, **tok;
int tokcnt, i;
char *tag, **tok;
int tokcnt, i;
int rc;
regex_t re;
if (( lfdp = (LDAPFiltDesc *)calloc( 1, sizeof( LDAPFiltDesc))) == NULL ) {
return( NULL );
@ -138,11 +137,13 @@ ldap_init_getfilter_buf( char *buf, long buflen )
}
nextflp->lfl_tag = strdup( tag );
nextflp->lfl_pattern = tok[ 0 ];
if ( re_comp( nextflp->lfl_pattern ) != NULL ) {
if ( (rc = regcomp( &re, nextflp->lfl_pattern, 0 )) != 0 ) {
#ifndef NO_USERINTERFACE
char error[512];
regerror(rc, &re, error, sizeof(error));
ldap_getfilter_free( lfdp );
fprintf( stderr, "bad regular expresssion %s\n",
nextflp->lfl_pattern );
fprintf( stderr, "bad regular expresssion %s, %s\n",
nextflp->lfl_pattern, error );
#if !defined( MACOS ) && !defined( DOS )
errno = EINVAL;
#endif
@ -150,6 +151,7 @@ ldap_init_getfilter_buf( char *buf, long buflen )
free_strarray( tok );
return( NULL );
}
regfree(&re);
nextflp->lfl_delims = tok[ 1 ];
nextflp->lfl_ilist = NULL;
@ -247,6 +249,8 @@ LDAPFiltInfo *
ldap_getfirstfilter( LDAPFiltDesc *lfdp, char *tagpat, char *value )
{
LDAPFiltList *flp;
int rc;
regex_t re;
if ( lfdp->lfd_curvalcopy != NULL ) {
free( lfdp->lfd_curvalcopy );
@ -256,13 +260,30 @@ ldap_getfirstfilter( LDAPFiltDesc *lfdp, char *tagpat, char *value )
lfdp->lfd_curval = value;
lfdp->lfd_curfip = NULL;
for ( flp = lfdp->lfd_filtlist; flp != NULL; flp = flp->lfl_next ) {
if ( re_comp( tagpat ) == NULL && re_exec( flp->lfl_tag ) == 1
&& re_comp( flp->lfl_pattern ) == NULL
&& re_exec( lfdp->lfd_curval ) == 1 ) {
lfdp->lfd_curfip = flp->lfl_ilist;
break;
}
for ( flp = lfdp->lfd_filtlist; flp != NULL; flp = flp->lfl_next ) {
/* compile tagpat, continue if we fail */
if (regcomp(&re, tagpat, 0) != 0)
continue;
/* match tagpatern and tag, continue if we fail */
rc = regexec(&re, flp->lfl_tag, 0, NULL, 0);
regfree(&re);
if (rc != 0)
continue;
/* compile flp->ifl_pattern, continue if we fail */
if (regcomp(&re, flp->lfl_pattern, 0) != 0)
continue;
/* match ifl_pattern and lfd_curval, continue if we fail */
rc = regexec(&re, lfdp->lfd_curval, 0, NULL, 0);
regfree(&re);
if (rc != 0)
continue;
/* we successfully compiled both patterns and matched both values */
lfdp->lfd_curfip = flp->lfl_ilist;
break;
}
if ( lfdp->lfd_curfip == NULL ) {

905
libraries/libldap/regex.c
View file

@ -1,905 +0,0 @@
#include "portable.h"
#if defined( MACOS ) || defined( DOS ) || defined( _WIN32 ) || defined( NEED_BSDREGEX )
#include "compat_regex.h"
/*
* regex - Regular expression pattern matching and replacement
*
* By: Ozan S. Yigit (oz)
* Dept. of Computer Science
* York University
*
* These routines are the PUBLIC DOMAIN equivalents of regex
* routines as found in 4.nBSD UN*X, with minor extensions.
*
* These routines are derived from various implementations found
* in software tools books, and Conroy's grep. They are NOT derived
* from licensed/restricted software.
* For more interesting/academic/complicated implementations,
* see Henry Spencer's regexp routines, or GNU Emacs pattern
* matching module.
*
* Vendor Modification history:
*
* Revision 1.12 1996/04/25 16:20:59 mcs
* make re_exec() match "" with ".*" and similar patterns
* hopefully this change doesn't break anything else!
*
* Revision 1.11 1994/12/14 21:33:45 mcs
* use new NEED_BSDREGEX
* fix pmatch() prototype
*
* Revision 1.10 1994/12/12 18:16:39 mcs
* use on NetBSD
*
* Revision 1.9 1994/11/15 19:16:35 mcs
* add (CHAR) cast to make VisualC++ happy
*
* Revision 1.8 1994/11/08 21:14:32 mcs
* WIN32 changes
*
* Revision 1.7 1994/07/23 19:51:24 mcs
* use ANSI-style inline function parameters
*
* Revision 1.6 1993/10/18 01:52:32 tim
* include for VMS
*
* Revision 1.5 1993/09/28 21:37:54 mcs
* HP/UX needs the regex we include (not in its libc)
*
* Revision 1.4 1993/08/27 15:59:52 mcs
* use CHAR for deftab
*
* Revision 1.3 1993/08/27 15:49:47 mcs
* added missing 0 to octal constants
* use unsigned char for CHAR under DOS
*
* Revision 1.2 1993/08/27 14:57:48 mcs
* add proto. for pmatch
*
* Revision 1.1 1993/08/18 21:20:02 mcs
* Initial revision
*
* Revision 1.4 1991/10/17 03:56:42 oz
* miscellaneous changes, small cleanups etc.
*
* Revision 1.3 1989/04/01 14:18:09 oz
* Change all references to a dfa: this is actually an nfa.
*
* Revision 1.2 88/08/28 15:36:04 oz
* Use a complement bitmap to represent NCL.
* This removes the need to have seperate
* code in the pmatch case block - it is
* just CCL code now.
*
* Use the actual CCL code in the CLO
* section of pmatch. No need for a recursive
* pmatch call.
*
* Use a bitmap table to set char bits in an
* 8-bit chunk.
*
* Interfaces:
* re_comp: compile a regular expression into a NFA.
*
* char *re_comp(s)
* char *s;
*
* re_exec: execute the NFA to match a pattern.
*
* int re_exec(s)
* char *s;
*
* re_modw change re_exec's understanding of what a "word"
* looks like (for \< and \>) by adding into the
* hidden word-syntax table.
*
* void re_modw(s)
* char *s;
*
* re_subs: substitute the matched portions in a new string.
*
* int re_subs(src, dst)
* char *src;
* char *dst;
*
* re_fail: failure routine for re_exec.
*
* void re_fail(msg, op)
* char *msg;
* char op;
*
* Regular Expressions:
*
* [1] char matches itself, unless it is a special
* character (metachar): . \ [ ] * + ^ $
*
* [2] . matches any character.
*
* [3] \ matches the character following it, except
* when followed by a left or right round bracket,
* a digit 1 to 9 or a left or right angle bracket.
* (see [7], [8] and [9])
* It is used as an escape character for all
* other meta-characters, and itself. When used
* in a set ([4]), it is treated as an ordinary
* character.
*
* [4] [set] matches one of the characters in the set.
* If the first character in the set is "^",
* it matches a character NOT in the set, i.e.
* complements the set. A shorthand S-E is
* used to specify a set of characters S upto
* E, inclusive. The special characters "]" and
* "-" have no special meaning if they appear
* as the first chars in the set.
* examples: match:
*
* [a-z] any lowercase alpha
*
* [^]-] any char except ] and -
*
* [^A-Z] any char except uppercase
* alpha
*
* [a-zA-Z] any alpha
*
* [5] * any regular expression form [1] to [4], followed by
* closure char (*) matches zero or more matches of
* that form.
*
* [6] + same as [5], except it matches one or more.
*
* [7] a regular expression in the form [1] to [10], enclosed
* as \(form\) matches what form matches. The enclosure
* creates a set of tags, used for [8] and for
* pattern substution. The tagged forms are numbered
* starting from 1.
*
* [8] a \ followed by a digit 1 to 9 matches whatever a
* previously tagged regular expression ([7]) matched.
*
* [9] \< a regular expression starting with a \< construct
* \> and/or ending with a \> construct, restricts the
* pattern matching to the beginning of a word, and/or
* the end of a word. A word is defined to be a character
* string beginning and/or ending with the characters
* A-Z a-z 0-9 and _. It must also be preceded and/or
* followed by any character outside those mentioned.
*
* [10] a composite regular expression xy where x and y
* are in the form [1] to [10] matches the longest
* match of x followed by a match for y.
*
* [11] ^ a regular expression starting with a ^ character
* $ and/or ending with a $ character, restricts the
* pattern matching to the beginning of the line,
* or the end of line. [anchors] Elsewhere in the
* pattern, ^ and $ are treated as ordinary characters.
*
*
* Acknowledgements:
*
* HCR's Hugh Redelmeier has been most helpful in various
* stages of development. He convinced me to include BOW
* and EOW constructs, originally invented by Rob Pike at
* the University of Toronto.
*
* References:
* Software tools Kernighan & Plauger
* Software tools in Pascal Kernighan & Plauger
* Grep [rsx-11 C dist] David Conroy
* ed - text editor Un*x Programmer's Manual
* Advanced editing on Un*x B. W. Kernighan
* RegExp routines Henry Spencer
*
* Notes:
*
* This implementation uses a bit-set representation for character
* classes for speed and compactness. Each character is represented
* by one bit in a 128-bit block. Thus, CCL always takes a
* constant 16 bytes in the internal nfa, and re_exec does a single
* bit comparison to locate the character in the set.
*
* Examples:
*
* pattern: foo*.*
* compile: CHR f CHR o CLO CHR o END CLO ANY END END
* matches: fo foo fooo foobar fobar foxx ...
*
* pattern: fo[ob]a[rz]
* compile: CHR f CHR o CCL bitset CHR a CCL bitset END
* matches: fobar fooar fobaz fooaz
*
* pattern: foo\\+
* compile: CHR f CHR o CHR o CHR \ CLO CHR \ END END
* matches: foo\ foo\\ foo\\\ ...
*
* pattern: \(foo\)[1-3]\1 (same as foo[1-3]foo)
* compile: BOT 1 CHR f CHR o CHR o EOT 1 CCL bitset REF 1 END
* matches: foo1foo foo2foo foo3foo
*
* pattern: \(fo.*\)-\1
* compile: BOT 1 CHR f CHR o CLO ANY END EOT 1 CHR - REF 1 END
* matches: foo-foo fo-fo fob-fob foobar-foobar ...
*/
#define MAXNFA 1024
#define MAXTAG 10
#define OKP 1
#define NOP 0
#define CHR 1
#define ANY 2
#define CCL 3
#define BOL 4
#define EOL 5
#define BOT 6
#define EOT 7
#define BOW 8
#define EOW 9
#define REF 10
#define CLO 11
#define END 0
/*
* The following defines are not meant to be changeable.
* They are for readability only.
*/
#define MAXCHR 128
#define CHRBIT 8
#define BITBLK MAXCHR/CHRBIT
#define BLKIND 0170
#define BITIND 07
#define ASCIIB 0177
#if defined( DOS ) || defined( _WIN32 )
typedef unsigned char CHAR;
#else /* DOS */
typedef /*unsigned*/ char CHAR;
#endif /* DOS */
static int tagstk[MAXTAG]; /* subpat tag stack..*/
static CHAR nfa[MAXNFA]; /* automaton.. */
static int sta = NOP; /* status of lastpat */
static CHAR bittab[BITBLK]; /* bit table for CCL */
/* pre-set bits... */
static CHAR bitarr[] = {1,2,4,8,16,32,64,128};
static void
chset(CHAR c)
{
bittab[((c) & BLKIND) >> 3] |= bitarr[(c) & BITIND];
}
#define badpat(x) (*nfa = END, x)
#define store(x) *mp++ = x
char *
re_comp( char *pat )
{
register char *p; /* pattern pointer */
register CHAR *mp=nfa; /* nfa pointer */
register CHAR *lp; /* saved pointer.. */
register CHAR *sp=nfa; /* another one.. */
register int tagi = 0; /* tag stack index */
register int tagc = 1; /* actual tag count */
register int n;
register CHAR mask; /* xor mask -CCL/NCL */
int c1, c2;
if (!pat || !*pat)
if (sta)
return 0;
else
return badpat("No previous regular expression");
sta = NOP;
for (p = pat; *p; p++) {
lp = mp;
switch(*p) {
case '.': /* match any char.. */
store(ANY);
break;
case '^': /* match beginning.. */
if (p == pat)
store(BOL);
else {
store(CHR);
store(*p);
}
break;
case '$': /* match endofline.. */
if (!*(p+1))
store(EOL);
else {
store(CHR);
store(*p);
}
break;
case '[': /* match char class..*/
store(CCL);
if (*++p == '^') {
mask = 0377;
p++;
}
else
mask = 0;
if (*p == '-') /* real dash */
chset(*p++);
if (*p == ']') /* real brac */
chset(*p++);
while (*p && *p != ']') {
if (*p == '-' && *(p+1) && *(p+1) != ']') {
p++;
c1 = *(p-2) + 1;
c2 = *p++;
while (c1 <= c2)
chset((CHAR)c1++);
}
#ifdef EXTEND
else if (*p == '\\' && *(p+1)) {
p++;
chset(*p++);
}
#endif
else
chset(*p++);
}
if (!*p)
return badpat("Missing ]");
for (n = 0; n < BITBLK; bittab[n++] = (char) 0)
store(mask ^ bittab[n]);
break;
case '*': /* match 0 or more.. */
case '+': /* match 1 or more.. */
if (p == pat)
return badpat("Empty closure");
lp = sp; /* previous opcode */
if (*lp == CLO) /* equivalence.. */
break;
switch(*lp) {
case BOL:
case BOT:
case EOT:
case BOW:
case EOW:
case REF:
return badpat("Illegal closure");
default:
break;
}
if (*p == '+')
for (sp = mp; lp < sp; lp++)
store(*lp);
store(END);
store(END);
sp = mp;
while (--mp > lp)
*mp = mp[-1];
store(CLO);
mp = sp;
break;
case '\\': /* tags, backrefs .. */
switch(*++p) {
case '(':
if (tagc < MAXTAG) {
tagstk[++tagi] = tagc;
store(BOT);
store(tagc++);
}
else
return badpat("Too many \\(\\) pairs");
break;
case ')':
if (*sp == BOT)
return badpat("Null pattern inside \\(\\)");
if (tagi > 0) {
store(EOT);
store(tagstk[tagi--]);
}
else
return badpat("Unmatched \\)");
break;
case '<':
store(BOW);
break;
case '>':
if (*sp == BOW)
return badpat("Null pattern inside \\<\\>");
store(EOW);
break;
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
n = *p-'0';
if (tagi > 0 && tagstk[tagi] == n)
return badpat("Cyclical reference");
if (tagc > n) {
store(REF);
store(n);
}
else
return badpat("Undetermined reference");
break;
#ifdef EXTEND
case 'b':
store(CHR);
store('\b');
break;
case 'n':
store(CHR);
store('\n');
break;
case 'f':
store(CHR);
store('\f');
break;
case 'r':
store(CHR);
store('\r');
break;
case 't':
store(CHR);
store('\t');
break;
#endif
default:
store(CHR);
store(*p);
}
break;
default : /* an ordinary char */
store(CHR);
store(*p);
break;
}
sp = lp;
}
if (tagi > 0)
return badpat("Unmatched \\(");
store(END);
sta = OKP;
return 0;
}
static char *bol;
char *bopat[MAXTAG];
char *eopat[MAXTAG];
#ifdef NEEDPROTOS
static char *pmatch( char *lp, CHAR *ap );
#else /* NEEDPROTOS */
static char *pmatch();
#endif /* NEEDPROTOS */
/*
* re_exec:
* execute nfa to find a match.
*
* special cases: (nfa[0])
* BOL
* Match only once, starting from the
* beginning.
* CHR
* First locate the character without
* calling pmatch, and if found, call
* pmatch for the remaining string.
* END
* re_comp failed, poor luser did not
* check for it. Fail fast.
*
* If a match is found, bopat[0] and eopat[0] are set
* to the beginning and the end of the matched fragment,
* respectively.
*
*/
int
re_exec( char *lp )
{
register char c;
register char *ep = 0;
register CHAR *ap = nfa;
bol = lp;
bopat[0] = 0;
bopat[1] = 0;
bopat[2] = 0;
bopat[3] = 0;
bopat[4] = 0;
bopat[5] = 0;
bopat[6] = 0;
bopat[7] = 0;
bopat[8] = 0;
bopat[9] = 0;
switch(*ap) {
case BOL: /* anchored: match from BOL only */
ep = pmatch(lp,ap);
break;
case CHR: /* ordinary char: locate it fast */
c = *(ap+1);
while (*lp && *lp != c)
lp++;
if (!*lp) /* if EOS, fail, else fall thru. */
return 0;
default: /* regular matching all the way. */
do {
if ((ep = pmatch(lp,ap)))
break;
lp++;
} while (*lp);
break;
case END: /* munged automaton. fail always */
return 0;
}
if (!ep)
return 0;
bopat[0] = lp;
eopat[0] = ep;
return 1;
}
/*
* pmatch: internal routine for the hard part
*
* This code is partly snarfed from an early grep written by
* David Conroy. The backref and tag stuff, and various other
* innovations are by oz.
*
* special case optimizations: (nfa[n], nfa[n+1])
* CLO ANY
* We KNOW .* will match everything upto the
* end of line. Thus, directly go to the end of
* line, without recursive pmatch calls. As in
* the other closure cases, the remaining pattern
* must be matched by moving backwards on the
* string recursively, to find a match for xy
* (x is ".*" and y is the remaining pattern)
* where the match satisfies the LONGEST match for
* x followed by a match for y.
* CLO CHR
* We can again scan the string forward for the
* single char and at the point of failure, we
* execute the remaining nfa recursively, same as
* above.
*
* At the end of a successful match, bopat[n] and eopat[n]
* are set to the beginning and end of subpatterns matched
* by tagged expressions (n = 1 to 9).
*
*/
#ifndef re_fail
extern void re_fail();
#endif /* re_fail */
/*
* character classification table for word boundary operators BOW
* and EOW. the reason for not using ctype macros is that we can
* let the user add into our own table. see re_modw. This table
* is not in the bitset form, since we may wish to extend it in the
* future for other character classifications.
*
* TRUE for 0-9 A-Z a-z _
*/
static char chrtyp[MAXCHR] = {
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 0, 0,
0, 0, 0, 0, 0, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 0, 0, 0, 0, 1, 0, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 0, 0, 0, 0, 0
};
#define inascii(x) (0177&(x))
#define iswordc(x) chrtyp[inascii(x)]
#define isinset(x,y) ((x)[((y)&BLKIND)>>3] & bitarr[(y)&BITIND])
/*
* skip values for CLO XXX to skip past the closure
*/
#define ANYSKIP 2 /* [CLO] ANY END ... */
#define CHRSKIP 3 /* [CLO] CHR chr END ... */
#define CCLSKIP 18 /* [CLO] CCL 16bytes END ... */
static char *
pmatch( char *lp, CHAR *ap)
{
register int op, c, n;
register char *e; /* extra pointer for CLO */
register char *bp; /* beginning of subpat.. */
register char *ep; /* ending of subpat.. */
char *are; /* to save the line ptr. */
while ((op = *ap++) != END)
switch(op) {
case CHR:
if (*lp++ != *ap++)
return 0;
break;
case ANY:
if (!*lp++)
return 0;
break;
case CCL:
c = *lp++;
if (!isinset(ap,c))
return 0;
ap += BITBLK;
break;
case BOL:
if (lp != bol)
return 0;
break;
case EOL:
if (*lp)
return 0;
break;
case BOT:
bopat[*ap++] = lp;
break;
case EOT:
eopat[*ap++] = lp;
break;
case BOW:
if (lp!=bol && iswordc(lp[-1]) || !iswordc(*lp))
return 0;
break;
case EOW:
if (lp==bol || !iswordc(lp[-1]) || iswordc(*lp))
return 0;
break;
case REF:
n = *ap++;
bp = bopat[n];
ep = eopat[n];
while (bp < ep)
if (*bp++ != *lp++)
return 0;
break;
case CLO:
are = lp;
switch(*ap) {
case ANY:
while (*lp)
lp++;
n = ANYSKIP;
break;
case CHR:
c = *(ap+1);
while (*lp && c == *lp)
lp++;
n = CHRSKIP;
break;
case CCL:
while ((c = *lp) && isinset(ap+1,c))
lp++;
n = CCLSKIP;
break;
default:
re_fail("closure: bad nfa.", *ap);
return 0;
}
ap += n;
while (lp >= are) {
if (e = pmatch(lp, ap))
return e;
--lp;
}
return 0;
default:
re_fail("re_exec: bad nfa.", op);
return 0;
}
return lp;
}
/*
* re_modw:
* add new characters into the word table to change re_exec's
* understanding of what a word should look like. Note that we
* only accept additions into the word definition.
*
* If the string parameter is 0 or null string, the table is
* reset back to the default containing A-Z a-z 0-9 _. [We use
* the compact bitset representation for the default table]
*/
static CHAR deftab[16] = {
0, 0, 0, 0, 0, 0, 0377, 003, 0376, 0377, 0377, 0207,
0376, 0377, 0377, 007
};
void
re_modw( char *s )
{
register int i;
if (!s || !*s) {
for (i = 0; i < MAXCHR; i++)
if (!isinset(deftab,i))
iswordc(i) = 0;
}
else
while(*s)
iswordc(*s++) = 1;
}
/*
* re_subs:
* substitute the matched portions of the src in dst.
*
* & substitute the entire matched pattern.
*
* \digit substitute a subpattern, with the given tag number.
* Tags are numbered from 1 to 9. If the particular
* tagged subpattern does not exist, null is substituted.
*/
int
re_subs( char *src, char *dst)
{
register char c;
register int pin;
register char *bp;
register char *ep;
if (!*src || !bopat[0])
return 0;
while (c = *src++) {
switch(c) {
case '&':
pin = 0;
break;
case '\\':
c = *src++;
if (c >= '0' && c <= '9') {
pin = c - '0';
break;
}
default:
*dst++ = c;
continue;
}
if ((bp = bopat[pin]) && (ep = eopat[pin])) {
while (*bp && bp < ep)
*dst++ = *bp++;
if (bp < ep)
return 0;
}
}
*dst = (char) 0;
return 1;
}
#ifdef DEBUG
/*
* symbolic - produce a symbolic dump of the nfa
*/
symbolic( char *s )
{
printf("pattern: %s\n", s);
printf("nfacode:\n");
nfadump(nfa);
}
static
nfadump( CHAR *ap)
{
register int n;
while (*ap != END)
switch(*ap++) {
case CLO:
printf("CLOSURE");
nfadump(ap);
switch(*ap) {
case CHR:
n = CHRSKIP;
break;
case ANY:
n = ANYSKIP;
break;
case CCL:
n = CCLSKIP;
break;
}
ap += n;
break;
case CHR:
printf("\tCHR %c\n",*ap++);
break;
case ANY:
printf("\tANY .\n");
break;
case BOL:
printf("\tBOL -\n");
break;
case EOL:
printf("\tEOL -\n");
break;
case BOT:
printf("BOT: %d\n",*ap++);
break;
case EOT:
printf("EOT: %d\n",*ap++);
break;
case BOW:
printf("BOW\n");
break;
case EOW:
printf("EOW\n");
break;
case REF:
printf("REF: %d\n",*ap++);
break;
case CCL:
printf("\tCCL [");
for (n = 0; n < MAXCHR; n++)
if (isinset(ap,(CHAR)n)) {
if (n < ' ')
printf("^%c", n ^ 0x040);
else
printf("%c", n);
}
printf("]\n");
ap += BITBLK;
break;
default:
printf("bad nfa. opcode %o\n", ap[-1]);
exit(1);
break;
}
}
#endif
#endif /* MACOS or DOS or NEED_BSDREGEX */

171
servers/slapd/Make-template
View file

@ -21,23 +21,24 @@ SRCS = main.c daemon.c connection.c search.c filter.c add.c charray.c \
attr.c entry.c config.c backend.c result.c operation.c \
dn.c compare.c modify.c delete.c modrdn.c ch_malloc.c \
value.c ava.c bind.c unbind.c abandon.c filterentry.c \
phonetic.c regex.c acl.c str2filter.c aclparse.c init.c \
phonetic.c acl.c str2filter.c aclparse.c init.c \
detach.c strdup.c tempnam.c repl.c lock.c \
schema.c schemaparse.c monitor.c configinfo.c
OBJS = main.o daemon.o connection.o search.o filter.o add.o charray.o \
attr.o entry.o config.o backend.o result.o operation.o \
dn.o compare.o modify.o delete.o modrdn.o ch_malloc.o \
value.o ava.o bind.o unbind.o abandon.o filterentry.o \
phonetic.o regex.o acl.o str2filter.o aclparse.o init.o \
phonetic.o acl.o str2filter.o aclparse.o init.o \
detach.o strdup.o tempnam.o repl.o lock.o \
schema.o schemaparse.o monitor.o configinfo.o
INCLUDES= -I. -I$(HDIR) $(KRBINCLUDEFLAG)
DEFINES = $(DEFS) $(SERVERDEFS)
DEFINES = $(DEFS) $(LDAP_CRYPT) $(LDAP_TCP_WRAPPERS) $(SERVERDEFS)
CFLAGS = $(INCLUDES) $(THREADSINCLUDE) $(DEFINES) $(ACFLAGS) $(THREADS)
LDFLAGS = -L$(LDIR) $(KRBLIBFLAG)
LIBS = $(KRBLIBS) -llber -lldbm -lavl -llthread -lldif $(THREADSLIB) \
$(LDBMLIB) $(ALIBS)
LIBS = $(KRBLIBS) -llber -lldbm -lavl -llthread -lldif \
$(REGEXLIB) $(THREADSLIB) \
$(LDBMLIB) $(LDAP_CRYPT_LIB) $(LDAP_TCP_WRAPPERS_LIB) $(ALIBS)
all: FORCE
@if [ -z "$(MAKESLAPD)" ]; then \
@ -168,99 +169,79 @@ links:
# DO NOT DELETE THIS LINE -- mkdep uses it.
# DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY.
main.o: main.c ../../include/portable.h slap.h ../../include/avl.h
main.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
main.o: ../../include/ldif.h ../../include/ldapconfig.h
daemon.o: daemon.c slap.h ../../include/avl.h ../../include/lber.h
daemon.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
daemon.o: ../../include/portable.h ../../include/ldapconfig.h
connection.o: connection.c ../../include/portable.h slap.h ../../include/avl.h
connection.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
connection.o: ../../include/ldif.h
search.o: search.c slap.h ../../include/avl.h ../../include/lber.h
search.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
search.o: ../../include/ldapconfig.h
filter.o: filter.c slap.h ../../include/avl.h ../../include/lber.h
filter.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
add.o: add.c slap.h ../../include/avl.h ../../include/lber.h
add.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
charray.o: charray.c slap.h ../../include/avl.h ../../include/lber.h
charray.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
attr.o: attr.c ../../include/portable.h slap.h ../../include/avl.h
attr.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
main.o: main.c ../../include/portable.h ../../include/avl.h
main.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldapconfig.h
daemon.o: daemon.c ../../include/avl.h ../../include/ldap.h
daemon.o: ../../include/lthread.h ../../include/portable.h
connection.o: connection.c ../../include/portable.h ../../include/avl.h
connection.o: ../../include/ldap.h ../../include/lthread.h
search.o: search.c ../../include/proto-lber.h ../../include/proto-ldap.h
search.o: ../../include/ldif.h
filter.o: filter.c ../../include/proto-lber.h ../../include/proto-ldap.h
filter.o: ../../include/ldif.h
add.o: add.c ../../include/avl.h ../../include/ldap.h
add.o: ../../include/proto-ldap.h ../../include/ldif.h
charray.o: charray.c ../../include/proto-lber.h ../../include/proto-ldap.h
charray.o: ../../include/ldif.h
attr.o: attr.c ../../include/proto-lber.h ../../include/proto-ldap.h
attr.o: ../../include/ldif.h
entry.o: entry.c slap.h ../../include/avl.h ../../include/lber.h
entry.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
config.o: config.c slap.h ../../include/avl.h ../../include/lber.h
config.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
config.o: ../../include/ldapconfig.h
backend.o: backend.c slap.h ../../include/avl.h ../../include/lber.h
backend.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
result.o: result.c ../../include/portable.h slap.h ../../include/avl.h
result.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
result.o: ../../include/ldif.h
operation.o: operation.c slap.h ../../include/avl.h ../../include/lber.h
operation.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
dn.o: dn.c ../../include/portable.h slap.h ../../include/avl.h
dn.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
dn.o: ../../include/ldif.h
compare.o: compare.c slap.h ../../include/avl.h ../../include/lber.h
compare.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
modify.o: modify.c slap.h ../../include/avl.h ../../include/lber.h
modify.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
delete.o: delete.c slap.h ../../include/avl.h ../../include/lber.h
delete.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
modrdn.o: modrdn.c slap.h ../../include/avl.h ../../include/lber.h
modrdn.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
ch_malloc.o: ch_malloc.c slap.h ../../include/avl.h ../../include/lber.h
ch_malloc.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
value.o: value.c ../../include/portable.h slap.h ../../include/avl.h
value.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
value.o: ../../include/ldif.h
ava.o: ava.c slap.h ../../include/avl.h ../../include/lber.h
ava.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
bind.o: bind.c slap.h ../../include/avl.h ../../include/lber.h
bind.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
unbind.o: unbind.c slap.h ../../include/avl.h ../../include/lber.h
unbind.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
abandon.o: abandon.c slap.h ../../include/avl.h ../../include/lber.h
abandon.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
filterentry.o: filterentry.c ../../include/regex.h slap.h ../../include/avl.h
filterentry.o: ../../include/lber.h ../../include/ldap.h
filterentry.o: ../../include/lthread.h ../../include/ldif.h
phonetic.o: phonetic.c ../../include/portable.h slap.h ../../include/avl.h
phonetic.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
phonetic.o: ../../include/ldif.h
regex.o: regex.c ../../include/portable.h
acl.o: acl.c ../../include/regex.h slap.h ../../include/avl.h
acl.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
entry.o: entry.c ../../include/avl.h ../../include/ldap.h
entry.o: ../../include/lthread.h
config.o: config.c ../../include/proto-lber.h ../../include/proto-ldap.h
config.o: ../../include/ldif.h
backend.o: backend.c ../../include/avl.h ../../include/ldap.h
backend.o: ../../include/lthread.h
result.o: result.c ../../include/portable.h ../../include/avl.h
result.o: ../../include/ldap.h ../../include/lthread.h
operation.o: operation.c ../../include/proto-lber.h ../../include/proto-ldap.h
operation.o: ../../include/ldif.h
dn.o: dn.c ../../include/portable.h ../../include/avl.h ../../include/ldap.h
dn.o: ../../include/lthread.h
compare.o: compare.c ../../include/avl.h ../../include/ldap.h
compare.o: ../../include/lthread.h
modify.o: modify.c ../../include/avl.h ../../include/ldap.h
modify.o: ../../include/proto-ldap.h ../../include/ldif.h
delete.o: delete.c ../../include/proto-lber.h ../../include/proto-ldap.h
delete.o: ../../include/ldif.h
modrdn.o: modrdn.c ../../include/proto-lber.h ../../include/proto-ldap.h
modrdn.o: ../../include/ldif.h
ch_malloc.o: ch_malloc.c ../../include/avl.h ../../include/ldap.h
ch_malloc.o: ../../include/lthread.h
value.o: value.c ../../include/portable.h ../../include/avl.h
value.o: ../../include/ldap.h ../../include/lthread.h
ava.o: ava.c ../../include/proto-lber.h ../../include/proto-ldap.h
ava.o: ../../include/ldif.h
bind.o: bind.c ../../include/proto-lber.h ../../include/proto-ldap.h
bind.o: ../../include/ldif.h
unbind.o: unbind.c ../../include/avl.h ../../include/ldap.h
unbind.o: ../../include/lthread.h
abandon.o: abandon.c ../../include/avl.h ../../include/ldap.h
abandon.o: ../../include/lthread.h
filterentry.o: filterentry.c ../../include/proto-lber.h
filterentry.o: ../../include/proto-ldap.h ../../include/ldif.h
phonetic.o: phonetic.c ../../include/portable.h ../../include/avl.h
phonetic.o: ../../include/ldap.h ../../include/lthread.h
regex.o: regex.c
acl.o: acl.c slap.h ../../include/proto-lber.h ../../include/proto-ldap.h
acl.o: ../../include/ldif.h
str2filter.o: str2filter.c slap.h ../../include/avl.h ../../include/lber.h
str2filter.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
aclparse.o: aclparse.c ../../include/regex.h slap.h ../../include/avl.h
aclparse.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
aclparse.o: ../../include/ldif.h ../../include/portable.h
init.o: init.c ../../include/portable.h slap.h ../../include/avl.h
init.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
init.o: ../../include/ldif.h
detach.o: detach.c ../../include/portable.h
str2filter.o: str2filter.c ../../include/avl.h ../../include/ldap.h
str2filter.o: ../../include/lthread.h
aclparse.o: aclparse.c slap.h ../../include/proto-lber.h
aclparse.o: ../../include/proto-ldap.h ../../include/ldif.h
init.o: init.c ../../include/portable.h ../../include/avl.h
init.o: ../../include/ldap.h ../../include/lthread.h
detach.o: detach.c
strdup.o: strdup.c
tempnam.o: tempnam.c
repl.o: repl.c slap.h ../../include/avl.h ../../include/lber.h
repl.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
lock.o: lock.c ../../include/portable.h slap.h ../../include/avl.h
lock.o: ../../include/lber.h ../../include/ldap.h ../../include/lthread.h
lock.o: ../../include/ldif.h
schema.o: schema.c slap.h ../../include/avl.h ../../include/lber.h
schema.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
schemaparse.o: schemaparse.c slap.h ../../include/avl.h ../../include/lber.h
schemaparse.o: ../../include/ldap.h ../../include/lthread.h
schemaparse.o: ../../include/ldif.h
monitor.o: monitor.c slap.h ../../include/avl.h ../../include/lber.h
monitor.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
monitor.o: ../../include/ldapconfig.h
configinfo.o: configinfo.c slap.h ../../include/avl.h ../../include/lber.h
configinfo.o: ../../include/ldap.h ../../include/lthread.h ../../include/ldif.h
configinfo.o: ../../include/ldapconfig.h
repl.o: repl.c ../../include/proto-lber.h ../../include/lthread.h
lock.o: lock.c ../../include/avl.h ../../include/ldap.h ../../include/lthread.h
schema.o: schema.c ../../include/proto-lber.h ../../include/proto-ldap.h
schema.o: ../../include/ldif.h
schemaparse.o: schemaparse.c ../../include/avl.h ../../include/ldap.h
schemaparse.o: ../../include/lthread.h
monitor.o: monitor.c ../../include/avl.h ../../include/ldap.h
monitor.o: ../../include/proto-ldap.h ../../include/ldif.h
configinfo.o: configinfo.c ../../include/avl.h ../../include/ldap.h
configinfo.o: ../../include/lthread.h ../../include/ldapconfig.h
# IF YOU PUT ANYTHING HERE IT WILL GO AWAY

561
servers/slapd/acl.c
View file

@ -6,16 +6,11 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#ifdef sunos5
#include "regexpr.h"
#else
#include "regex.h"
#endif
#include <regex.h>
#include "slap.h"
extern Attribute *attr_find();
extern char *re_comp();
extern struct acl *global_acl;
extern int global_default_access;
extern char *access2str();
@ -26,11 +21,10 @@ int access_allowed();
struct acl *acl_get_applicable();
static int regex_matches();
#ifdef USEREGEX
static string_expand(char *newbuf, int bufsiz, char *pattern, char *match, regmatch_t *matches);
#endif
extern pthread_mutex_t regex_mutex;
static string_expand(char *newbuf, int bufsiz, char *pattern,
char *match, regmatch_t *matches);
extern Entry * be_dn2entry(Backend *be, char *bdn, char **matched);
/*
@ -44,7 +38,6 @@ extern Entry * be_dn2entry(Backend *be, char *bdn, char **matched);
* 1 access allowed
*/
int
access_allowed(
Backend *be,
@ -57,49 +50,53 @@ access_allowed(
int access
)
{
int rc;
struct acl *a;
char *edn;
int rc;
struct acl *a;
char *edn;
#ifdef USEREGEX
regmatch_t matches[MAXREMATCHES];
int i;
int n;
#endif
regmatch_t matches[MAXREMATCHES];
int i;
int n;
if ( be == NULL ) {
return( 0 );
}
edn = dn_normalize_case( strdup( e->e_dn ) );
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: entry (%s) attr (%s)\n", e->e_dn, attr, 0 );
/* the lastmod attributes are ignored by ACL checking */
if ( strcasecmp( attr, "modifiersname" ) == 0 ||
strcasecmp( attr, "modifytimestamp" ) == 0 ||
strcasecmp( attr, "creatorsname" ) == 0 ||
strcasecmp( attr, "createtimestamp" ) == 0
) {
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n", attr, 0, 0 );
return(1);
}
#ifdef USEREGEX
edn = dn_normalize_case( strdup( e->e_dn ) );
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
/* the lastmod attributes are ignored by ACL checking */
if ( strcasecmp( attr, "modifiersname" ) == 0 ||
strcasecmp( attr, "modifytimestamp" ) == 0 ||
strcasecmp( attr, "creatorsname" ) == 0 ||
strcasecmp( attr, "createtimestamp" ) == 0 )
{
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
attr, 0, 0 );
free( edn );
return(1);
}
a = acl_get_applicable( be, op, e, attr, edn, MAXREMATCHES, matches );
if (a) {
for (i = 0; i < MAXREMATCHES && matches[i].rm_so>-1; i++) {
Debug( LDAP_DEBUG_ARGS, "=> match[%d]: %d %d ", i, matches[i].rm_so, matches[i].rm_eo );
for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++)
Debug( LDAP_DEBUG_ARGS, "%c", edn[n], 0, 0 );
Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
}
}
if (a) {
for (i = 0; i < MAXREMATCHES && matches[i].rm_so>0; i++) {
Debug( LDAP_DEBUG_ARGS, "=> match[%d]: %d %d ",
i, matches[i].rm_so, matches[i].rm_eo );
for ( n = matches[i].rm_so; n < matches[i].rm_eo; n++) {
Debug( LDAP_DEBUG_ARGS, "%c", edn[n], 0, 0 );
}
Debug( LDAP_DEBUG_ARGS, "\n", 0, 0, 0 );
}
}
rc = acl_access_allowed( a, be, conn, e, val, op, access, edn, matches );
#else
a = acl_get_applicable( be, op, e, attr, edn );
rc = acl_access_allowed( a, be, conn, e, val, op, access, edn );
#endif
free(edn);
free( edn );
Debug( LDAP_DEBUG_ACL, "\n=> access_allowed: exit (%s) attr (%s)\n",
e->e_dn, attr, 0);
return( rc );
}
@ -110,7 +107,6 @@ access_allowed(
* acl_access_allowed().
*/
#ifdef USEREGEX
struct acl *
acl_get_applicable(
Backend *be,
@ -118,24 +114,15 @@ acl_get_applicable(
Entry *e,
char *attr,
char *edn,
int nmatch,
regmatch_t matches[]
int nmatch,
regmatch_t matches[]
)
#else
struct acl *
acl_get_applicable(
Backend *be,
Operation *op,
Entry *e,
char *attr,
char *edn
)
#endif
{
int i;
int i, j;
struct acl *a;
Debug( LDAP_DEBUG_ACL, "\n=> acl_get: entry (%s) attr (%s)\n", e->e_dn, attr, 0 );
Debug( LDAP_DEBUG_ACL, "\n=> acl_get: entry (%s) attr (%s)\n",
e->e_dn, attr, 0 );
if ( be_isroot( be, op->o_dn ) ) {
Debug( LDAP_DEBUG_ACL,
@ -148,74 +135,71 @@ acl_get_applicable(
/* check for a backend-specific acl that matches the entry */
for ( i = 1, a = be->be_acl; a != NULL; a = a->acl_next, i++ ) {
#ifdef USEREGEX
if (a->acl_dnpat != NULL) {
Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n",
i, a->acl_dnpat, a->acl_dnre.re_nsub);
if (regexec(&a->acl_dnre, edn, nmatch, matches, 0))
continue;
else
Debug( LDAP_DEBUG_TRACE, "=> acl_get:[%d] backend ACL match\n", i, 0, 0);
}
#else
if ( a->acl_dnpat != NULL ) {
if ( ! regex_matches( a->acl_dnpat, edn ) )
if (a->acl_dnpat != NULL) {
Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n",
i, a->acl_dnpat, a->acl_dnre.re_nsub);
if (regexec(&a->acl_dnre, edn, nmatch, matches, 0))
continue;
else
Debug( LDAP_DEBUG_TRACE, "=> acl_get:[%d] backend ACL match\n",
i, 0, 0);
}
#endif
if ( a->acl_filter != NULL ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) {
continue;
}
}
Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr %s\n", i, attr, 0);
if ( attr == NULL || a->acl_attrs == NULL || charray_inlist( a->acl_attrs, attr ) ) {
Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] backend acl %s attr: %s\n", i, e->e_dn, attr );
Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr %s\n", i, attr, 0);
if ( attr == NULL || a->acl_attrs == NULL ||
charray_inlist( a->acl_attrs, attr ) )
{
Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] backend acl %s attr: %s\n",
i, e->e_dn, attr );
return( a );
}
#ifdef USEREGEX
matches[0].rm_so = matches[0].rm_eo = -1;
#endif
matches[0].rm_so = matches[0].rm_eo = -1;
}
/* check for a global acl that matches the entry */
for ( i = 1, a = global_acl; a != NULL; a = a->acl_next, i++ ) {
#ifdef USEREGEX
if (a->acl_dnpat != NULL) {
Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n",
i, a->acl_dnpat, a->acl_dnre.re_nsub);
if (regexec(&a->acl_dnre, edn, nmatch, matches, 0))
continue;
else
Debug( LDAP_DEBUG_TRACE, "=> acl_get: [%d] global ACL match\n", i, 0, 0);
}
#else
if ( a->acl_dnpat != NULL ) {
if ( ! regex_matches( a->acl_dnpat, edn ) )
if (a->acl_dnpat != NULL) {
Debug( LDAP_DEBUG_TRACE, "=> dnpat: [%d] %s nsub: %d\n",
i, a->acl_dnpat, a->acl_dnre.re_nsub);
if (regexec(&a->acl_dnre, edn, nmatch, matches, 0))
continue;
else
Debug( LDAP_DEBUG_TRACE, "=> acl_get: [%d] global ACL match\n",
i, 0, 0);
}
#endif
if ( a->acl_filter != NULL ) {
if ( test_filter( NULL, NULL, NULL, e, a->acl_filter ) != 0 ) {
continue;
}
}
Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr\n", i, 0, 0);
if ( attr == NULL || a->acl_attrs == NULL || charray_inlist( a->acl_attrs, attr ) ) {
Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] global acl %s attr: %s\n", i, e->e_dn, attr );
free( edn );
Debug( LDAP_DEBUG_ARGS, "=> acl_get: [%d] check attr\n", i, 0, 0);
if ( attr == NULL || a->acl_attrs == NULL ||
charray_inlist( a->acl_attrs, attr ) )
{
Debug( LDAP_DEBUG_ACL, "<= acl_get: [%d] global acl %s attr: %s\n",
i, e->e_dn, attr );
return( a );
}
#ifdef USEREGEX
matches[0].rm_so = matches[0].rm_eo = -1;
#endif
}
Debug( LDAP_DEBUG_ACL, "<= acl_get: no match\n", 0, 0, 0 );
matches[0].rm_so = matches[0].rm_eo = -1;
}
Debug( LDAP_DEBUG_ACL, "<= acl_get: no match\n", 0, 0, 0 );
return( NULL );
}
/*
* acl_access_allowed - check whether the given acl allows dn the
* requested access to entry e, attribute attr, value val. if val
@ -225,7 +209,6 @@ acl_get_applicable(
* 1 access allowed
*/
#ifdef USEREGEX
int
acl_access_allowed(
struct acl *a,
@ -235,22 +218,9 @@ acl_access_allowed(
struct berval *val,
Operation *op,
int access,
char *edn,
regmatch_t matches[]
char *edn,
regmatch_t matches[]
)
#else
int
acl_access_allowed(
struct acl *a,
Backend *be,
Connection *conn,
Entry *e,
struct berval *val,
Operation *op,
int access,
char *edn
)
#endif
{
int i;
char *odn;
@ -259,14 +229,19 @@ acl_access_allowed(
struct berval bv;
int default_access;
Debug( LDAP_DEBUG_ACL, "\n=> acl: %s access to entry \"%s\" attr: \"%s\"\n",
access2str( access ), e->e_dn, e->e_attrs);
Debug( LDAP_DEBUG_ACL,
"\n=> acl_access_allowed: %s access to entry \"%s\"\n",
access2str( access ), e->e_dn, 0 );
Debug( LDAP_DEBUG_ACL, "\n=> acl: %s access to value \"%s\" by \"%s\"\n",
access2str( access ), val ? val->bv_val : "any", op->o_dn ? op->o_dn : "" );
Debug( LDAP_DEBUG_ACL,
"\n=> acl_access_allowed: %s access to value \"%s\" by \"%s\"\n",
access2str( access ),
val ? val->bv_val : "any",
op->o_dn ? op->o_dn : "" );
if ( be_isroot( be, op->o_dn ) ) {
Debug( LDAP_DEBUG_ACL, "<= acl: granted to database root\n",
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: granted to database root\n",
0, 0, 0 );
return( 1 );
}
@ -275,7 +250,7 @@ acl_access_allowed(
if ( a == NULL ) {
Debug( LDAP_DEBUG_ACL,
"<= acl: %s by default (no matching to)\n",
"<= acl_access_allowed: %s by default (no matching to)\n",
default_access >= access ? "granted" : "denied", 0, 0 );
return( default_access >= access );
}
@ -288,18 +263,19 @@ acl_access_allowed(
}
for ( i = 1, b = a->acl_access; b != NULL; b = b->a_next, i++ ) {
if ( b->a_dnpat != NULL ) {
Debug( LDAP_DEBUG_TRACE, "<= check a_dnpat: %s\n", b->a_dnpat, 0, 0);
Debug( LDAP_DEBUG_TRACE, "<= check a_dnpat: %s\n",
b->a_dnpat, 0, 0);
/*
* if access applies to the entry itself, and the
* user is bound as somebody in the same namespace as
* the entry, OR the given dn matches the dn pattern
*/
if ( strcasecmp( b->a_dnpat, "self" ) == 0 &&
op->o_dn != NULL && *(op->o_dn) && e->e_dn != NULL )
{
op->o_dn != NULL && *(op->o_dn) && e->e_dn != NULL )
{
if ( strcasecmp( edn, op->o_dn ) == 0 ) {
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >=
access ? "granted" : "denied", 0 );
@ -307,14 +283,9 @@ acl_access_allowed(
return( (b->a_access & ~ACL_SELF) >= access );
}
} else {
#ifdef USEREGEX
if ( regex_matches( b->a_dnpat, odn, edn, matches ) )
#else
if ( regex_matches( b->a_dnpat, odn ) )
#endif
{
if ( regex_matches( b->a_dnpat, odn, edn, matches ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
@ -324,15 +295,9 @@ acl_access_allowed(
}
}
if ( b->a_addrpat != NULL ) {
Debug( LDAP_DEBUG_ARGS, "<= check a_addrpat: %s\n", b->a_addrpat, 0, 0);
#ifdef USEREGEX
if ( regex_matches( b->a_addrpat, conn->c_addr, edn, matches ) )
#else
if ( regex_matches( b->a_addrpat, conn->c_addr ) )
#endif
{
if ( regex_matches( b->a_addrpat, conn->c_addr, edn, matches ) ) {
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
@ -341,15 +306,12 @@ acl_access_allowed(
}
}
if ( b->a_domainpat != NULL ) {
Debug( LDAP_DEBUG_ARGS, "<= check a_domainpat: %s\n", b->a_domainpat, 0, 0);
#ifdef USEREGEX
Debug( LDAP_DEBUG_ARGS, "<= check a_domainpath: %s\n",
b->a_domainpat, 0, 0 );
if ( regex_matches( b->a_domainpat, conn->c_domain, edn, matches ) )
#else
if ( regex_matches( b->a_domainpat, conn->c_domain ) )
#endif
{
{
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_access_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
@ -358,21 +320,21 @@ acl_access_allowed(
}
}
if ( b->a_dnattr != NULL && op->o_dn != NULL ) {
Debug( LDAP_DEBUG_ARGS, "<= check a_dnattr: %s\n", b->a_dnattr, 0, 0);
Debug( LDAP_DEBUG_ARGS, "<= check a_dnattr: %s\n",
b->a_dnattr, 0, 0);
/* see if asker is listed in dnattr */
if ( (at = attr_find( e->e_attrs, b->a_dnattr )) != NULL &&
value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0 )
value_find( at->a_vals, &bv, at->a_syntax, 3 ) == 0 )
{
if ( (b->a_access & ACL_SELF) &&
(val == NULL || value_cmp( &bv, val, at->a_syntax,
2 )) ) {
(val == NULL || value_cmp( &bv, val, at->a_syntax, 2 )) )
{
continue;
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d access %s\n",
"<= acl_acces_allowed: matched by clause #%d access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ?
"granted" : "denied", 0 );
@ -380,13 +342,15 @@ acl_access_allowed(
}
/* asker not listed in dnattr - check for self access */
if ( ! (b->a_access & ACL_SELF) || val == NULL || value_cmp( &bv, val, at->a_syntax, 2 ) != 0 ) {
if ( ! (b->a_access & ACL_SELF) || val == NULL ||
value_cmp( &bv, val, at->a_syntax, 2 ) != 0 )
{
continue;
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d (self) access %s\n",
"<= acl_access_allowed: matched by clause #%d (self) access %s\n",
i, (b->a_access & ~ACL_SELF) >= access ? "granted"
: "denied", 0 );
@ -394,32 +358,34 @@ acl_access_allowed(
}
#ifdef ACLGROUP
if ( b->a_group != NULL && op->o_dn != NULL ) {
char buf[512];
char buf[512];
/* b->a_group is an unexpanded entry name, expanded it should be an
* entry with objectclass group* and we test to see if odn is one of
* the values in the attribute uniquegroup
*/
Debug( LDAP_DEBUG_ARGS, "<= check a_group: %s\n",
b->a_group, 0, 0);
Debug( LDAP_DEBUG_ARGS, "<= check a_group: odn: %s\n",
odn, 0, 0);
/* b->a_group is an unexpanded entry name, expanded it should be an
* entry with objectclass group* and we test to see if odn is one of
* the values in the attribute uniquegroup
* */
Debug( LDAP_DEBUG_ARGS, "<= check a_group: %s\n", b->a_group, 0, 0);
Debug( LDAP_DEBUG_ARGS, "<= check a_group: odn: %s\n", odn, 0, 0);
/* see if asker is listed in dnattr */
string_expand(buf, 512, b->a_group, edn, matches);
string_expand(buf, 512, b->a_group, edn, matches);
if (be_group(be, buf, odn) == 0) {
Debug( LDAP_DEBUG_ACL,
"<= acl: matched by clause #%d (group) access granted\n",i, 0, 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
if (be_group(be, buf, odn) == 0) {
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: matched by clause #%d (group) access granted\n",
i, 0, 0 );
if ( odn ) free( odn );
return( (b->a_access & ~ACL_SELF) >= access );
}
}
#endif
#endif /* ACLGROUP */
}
if ( odn ) free( odn );
Debug( LDAP_DEBUG_ACL, "<= acl: %s by default (no matching by)\n",
Debug( LDAP_DEBUG_ACL,
"<= acl_access_allowed: %s by default (no matching by)\n",
default_access >= access ? "granted" : "denied", 0, 0 );
return( default_access >= access );
@ -444,32 +410,26 @@ acl_check_mods(
{
int i;
struct acl *a;
char *edn;
char *edn;
edn = dn_normalize_case( strdup( e->e_dn ) );
edn = dn_normalize_case( strdup( e->e_dn ) );
for ( ; mods != NULL; mods = mods->mod_next ) {
regmatch_t matches[MAXREMATCHES];
#ifdef USEREGEX
regmatch_t matches[MAXREMATCHES];
#endif
/* the lastmod attributes are ignored by ACL checking */
/* the lastmod attributes are ignored by ACL checking */
if ( strcasecmp( mods->mod_type, "modifiersname" ) == 0 ||
strcasecmp( mods->mod_type, "modifytimestamp" ) == 0 ||
strcasecmp( mods->mod_type, "creatorsname" ) == 0 ||
strcasecmp( mods->mod_type, "createtimestamp" ) == 0
)
{
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n", mods->mod_type, 0, 0 );
continue;
strcasecmp( mods->mod_type, "modifytimestamp" ) == 0 ||
strcasecmp( mods->mod_type, "creatorsname" ) == 0 ||
strcasecmp( mods->mod_type, "createtimestamp" ) == 0 )
{
Debug( LDAP_DEBUG_ACL, "LASTMOD attribute: %s access allowed\n",
mods->mod_type, 0, 0 );
continue;
}
#ifdef USEREGEX
a = acl_get_applicable( be, op, e, mods->mod_type, edn, MAXREMATCHES, matches );
#else
a = acl_get_applicable( be, op, e, mods->mod_type, edn );
#endif
a = acl_get_applicable( be, op, e, mods->mod_type, edn,
MAXREMATCHES, matches );
switch ( mods->mod_op & ~LDAP_MOD_BVALUES ) {
case LDAP_MOD_REPLACE:
@ -478,15 +438,10 @@ acl_check_mods(
break;
}
for ( i = 0; mods->mod_bvalues[i] != NULL; i++ ) {
#ifdef USEREGEX
if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
op, ACL_WRITE, edn, matches) )
#else
if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
op, ACL_WRITE, edn ) )
#endif
{
free(edn);
op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@ -494,29 +449,19 @@ acl_check_mods(
case LDAP_MOD_DELETE:
if ( mods->mod_bvalues == NULL ) {
#ifdef USEREGEX
if ( ! acl_access_allowed( a, be, conn, e,
NULL, op, ACL_WRITE, edn, matches) )
#else
if ( ! acl_access_allowed( a, be, conn, e,
NULL, op, ACL_WRITE, edn ) )
#endif
{
free(edn);
NULL, op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
break;
}
for ( i = 0; mods->mod_bvalues[i] != NULL; i++ ) {
#ifdef USEREGEX
if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
op, ACL_WRITE, edn, matches) )
#else
if ( ! acl_access_allowed( a, be, conn, e, mods->mod_bvalues[i],
op, ACL_WRITE, edn ) )
#endif
{
free(edn);
op, ACL_WRITE, edn, matches) )
{
free(edn);
return( LDAP_INSUFFICIENT_ACCESS );
}
}
@ -524,135 +469,95 @@ acl_check_mods(
}
}
free(edn);
free(edn);
return( LDAP_SUCCESS );
}
#ifdef USEREGEX
static string_expand(char *newbuf, int bufsiz, char *pat, char *match, regmatch_t *matches)
static string_expand(
char *newbuf,
int bufsiz,
char *pat,
char *match,
regmatch_t *matches)
{
int size;
char *sp;
char *dp;
int flag;
int size;
char *sp;
char *dp;
int flag;
size = 0;
newbuf[0] = '\0';
size = 0;
newbuf[0] = '\0';
flag = 0;
for ( dp = newbuf, sp = pat; size < 512 && *sp ; sp++) {
/* did we previously see a $ */
if (flag) {
if (*sp == '$') {
*dp++ = '$';
size++;
} else if (*sp >= '0' && *sp <= '9' ) {
int n;
int i;
char *ep;
int l;
n = *sp - '0';
*dp = '\0';
i = matches[n].rm_so;
l = matches[n].rm_eo;
for ( ; size < 512 && i < l; size++, i++ ) {
*dp++ = match[i];
size++;
}
*dp = '\0';
}
flag = 0;
} else {
if (*sp == '$') {
flag = 1;
} else {
*dp++ = *sp;
size++;
}
}
}
*dp = '\0';
flag = 0;
for ( dp = newbuf, sp = pat; size < 512 && *sp ; sp++) {
/* did we previously see a $ */
if (flag) {
if (*sp == '$') {
*dp++ = '$';
size++;
}
else if (*sp >= '0' && *sp <= '9' ) {
int n;
int i;
char *ep;
int l;
n = *sp - '0';
*dp = '\0';
i = matches[n].rm_so;
l = matches[n].rm_eo;
for ( ; size < 512 && i < l; size++, i++ ) {
*dp++ = match[i];
size++;
}
*dp = '\0';
}
flag = 0;
}
else {
if (*sp == '$')
flag = 1;
else {
*dp++ = *sp;
size++;
}
}
}
*dp = '\0';
Debug( LDAP_DEBUG_TRACE, "=> string_expand: pattern: %s\n", pat, 0, 0 );
Debug( LDAP_DEBUG_TRACE, "=> string_expand: expanded: %s\n", newbuf, 0, 0 );
}
static int
regex_matches(
char *pat, /* pattern to expand and match against */
char *str, /* string to match against pattern */
char *buf, /* buffer with $N expansion variables */
regmatch_t matches[] /* offsets in buffer for $N expansion variables */
)
regex_matches(
char *pat, /* pattern to expand and match against */
char *str, /* string to match against pattern */
char *buf, /* buffer with $N expansion variables */
regmatch_t matches[] /* offsets in buffer for $N expansion variables */
)
{
regex_t re;
char newbuf[512];
regex_t re;
char newbuf[512];
int rc;
string_expand(newbuf, 512, pat, buf, matches);
if (( rc = regcomp(&re, newbuf, REG_EXTENDED|REG_ICASE))) {
char error[512];
regerror(rc, &re, error, sizeof(error));
string_expand(newbuf, sizeof(newbuf), pat, buf, matches);
if (( rc = regcomp(&re, newbuf, REG_EXTENDED|REG_ICASE))) {
char error[512];
regerror(rc, &re, error, sizeof(error));
Debug( LDAP_DEBUG_ANY,
"compile( \"%s\", \"%s\") failed %s\n", pat, str, error );
"compile( \"%s\", \"%s\") failed %s\n",
pat, str, error );
return( 0 );
}
rc = regexec(&re, str, 0, NULL, 0);
rc = regexec(&re, str, 0, NULL, 0);
regfree( &re );
Debug( LDAP_DEBUG_ARGS, "=> regex_matches: string: %s\n", str, 0, 0 );
Debug( LDAP_DEBUG_ARGS, "=> regex_matches: rc: %d %s\n", rc, !rc?"matched":"no match", 0 );
Debug( LDAP_DEBUG_ANY,
"=> regex_matches: string: %s\n", str, 0, 0 );
Debug( LDAP_DEBUG_ANY,
"=> regex_matches: rc: %d %s\n",
rc, !rc ? "matches" : "no matches", 0 );
return( !rc );
}
#else
#ifdef sunos5
static int
regex_matches( char *pat, char *str )
{
char *e;
int rc;
if ( (e = compile( pat, NULL, NULL )) == NULL ) {
Debug( LDAP_DEBUG_ANY,
"compile( \"%s\", \"%s\") failed\n", pat, str, 0 );
return( 0 );
}
rc = step( str ? str : "", e );
free( e );
return( rc );
}
#else /* sunos5 */
static int
regex_matches( char *pat, char *str )
{
char *e;
int rc;
pthread_mutex_lock( &regex_mutex );
if ( (e = re_comp( pat )) != NULL ) {
Debug( LDAP_DEBUG_ANY,
"re_comp( \"%s\", \"%s\") failed because (%s)\n", pat, str,
e );
pthread_mutex_unlock( &regex_mutex );
return( 0 );
}
rc = re_exec( str ? str : "" );
pthread_mutex_unlock( &regex_mutex );
return( rc == 1 );
}
#endif /* sunos5 */
#endif

92
servers/slapd/aclparse.c
View file

@ -7,14 +7,8 @@
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <unistd.h>
#ifdef sunos5
#include "regexpr.h"
#else
#include "regex.h"
#endif
#include <regex.h>
#include "slap.h"
#include "portable.h"
@ -33,7 +27,6 @@ static void print_acl();
static void print_access();
#endif
#ifdef USEREGEX
int
regtest(char *fname, int lineno, char *pat) {
int e;
@ -51,7 +44,7 @@ regtest(char *fname, int lineno, char *pat) {
size = 0;
buf[0] = '\0';
for (size = 0, flag = 0; (size < 512) && *sp; sp++) {
for (size = 0, flag = 0; (size < sizeof(buf)) && *sp; sp++) {
if (flag) {
if (*sp == '$'|| (*sp >= '0' && *sp <= '9')) {
*dp++ = *sp;
@ -70,7 +63,7 @@ regtest(char *fname, int lineno, char *pat) {
}
*dp = '\0';
if (size >= 511) {
if ( size >= (sizeof(buf)-1) ) {
fprintf( stderr,
"%s: line %d: regular expression \"%s\" too large\n",
fname, lineno, pat, 0 );
@ -78,18 +71,17 @@ regtest(char *fname, int lineno, char *pat) {
}
if ((e = regcomp(&re, buf, REG_EXTENDED|REG_ICASE))) {
char buf[512];
regerror(e, &re, buf, 512);
char error[512];
regerror(e, &re, error, sizeof(error));
fprintf( stderr,
"%s: line %d: regular expression \"%s\" bad because of %s\n",
fname, lineno, pat, buf );
fname, lineno, pat, error );
acl_usage();
return(0);
}
regfree(&re);
return(1);
}
#endif
void
parse_acl(
@ -123,19 +115,17 @@ parse_acl(
}
if ( strcasecmp( argv[i], "*" ) == 0 ) {
#ifdef USEREGEX
int e;
if ((e = regcomp( &a->acl_dnre, ".*",
REG_EXTENDED|REG_ICASE)))
{
char buf[512];
regerror(e, &a->acl_dnre, buf, 512);
regerror(e, &a->acl_dnre, buf, sizeof(buf));
fprintf( stderr,
"%s: line %d: regular expression \"%s\" bad because of %s\n",
fname, lineno, right, buf );
acl_usage();
}
#endif
a->acl_dnpat = strdup( ".*" );
continue;
}
@ -157,31 +147,19 @@ parse_acl(
acl_usage();
}
} else if ( strcasecmp( left, "dn" ) == 0 ) {
#ifdef USEREGEX
int e;
if ((e = regcomp(&a->acl_dnre, right,
REG_EXTENDED|REG_ICASE))) {
char buf[512];
regerror(e, &a->acl_dnre, buf, 512);
regerror(e, &a->acl_dnre, buf, sizeof(buf));
fprintf( stderr,
"%s: line %d: regular expression \"%s\" bad because of %s\n",
"%s: line %d: regular expression \"%s\" bad because of %s\n",
fname, lineno, right, buf );
acl_usage();
} else {
a->acl_dnpat = dn_upcase(strdup( right ));
}
#else
if ( (e = re_comp( right )) != NULL ) {
fprintf( stderr,
"%s: line %d: regular expression \"%s\" bad because of %s\n",
fname, lineno, right, e );
acl_usage();
} else {
a->acl_dnpat = dn_upcase( strdup( right ) );
}
#endif
} else if ( strncasecmp( left, "attr", 4 )
== 0 ) {
char **alist;
@ -191,7 +169,7 @@ parse_acl(
free( alist );
} else {
fprintf( stderr,
"%s: line %d: expecting <what> got \"%s\"\n",
"%s: line %d: expecting <what> got \"%s\"\n",
fname, lineno, left );
acl_usage();
}
@ -201,7 +179,7 @@ parse_acl(
} else if ( strcasecmp( argv[i], "by" ) == 0 ) {
if ( a == NULL ) {
fprintf( stderr,
"%s: line %d: to clause required before by clause in access line\n",
"%s: line %d: to clause required before by clause in access line\n",
fname, lineno );
acl_usage();
}
@ -226,48 +204,19 @@ parse_acl(
} else if ( strcasecmp( argv[i], "self" ) == 0 ) {
b->a_dnpat = strdup( "self" );
} else if ( strcasecmp( left, "dn" ) == 0 ) {
#ifdef USEREGEX
regtest(fname, lineno, right);
#else
if ( (e = re_comp( right )) != NULL ) {
fprintf( stderr, "%s: line %d: regular expression \"%s\" bad: %s\n",
fname, lineno, right, e );
acl_usage();
}
#endif
b->a_dnpat = dn_upcase( strdup( right ) );
} else if ( strcasecmp( left, "dnattr" )
== 0 ) {
} else if ( strcasecmp( left, "dnattr" ) == 0 ) {
b->a_dnattr = strdup( right );
#ifdef ACLGROUP
} else if ( strcasecmp( left, "group" )
== 0 ) {
char *s;
#ifdef USEREGEX
} else if ( strcasecmp( left, "group" ) == 0 ) {
regtest(fname, lineno, right);
#else
if ( (e = re_comp( right )) != NULL ) {
fprintf( stderr, "%s: line %d: regular expression \"%s\" bad: %s\n",
fname, lineno, right, e );
acl_usage();
}
#endif
b->a_group = dn_upcase(strdup( right ));
#endif
} else if ( strcasecmp( left, "domain" )
== 0 ) {
#endif /* ACLGROUP */
} else if ( strcasecmp( left, "domain" ) == 0 ) {
char *s;
#ifdef USEREGEX
regtest(fname, lineno, right);
#else
if ( (e = re_comp( right )) != NULL ) {
fprintf( stderr,
"%s: line %d: regular expression \"%s\" bad: %s\n",
fname, lineno, right, e );
acl_usage();
}
#endif
b->a_domainpat = strdup( right );
/* normalize the domain */
@ -275,16 +224,7 @@ parse_acl(
*s = TOLOWER( *s );
}
} else if ( strcasecmp( left, "addr" ) == 0 ) {
#ifdef USEREGEX
regtest(fname, lineno, right);
#else
if ( (e = re_comp( right )) != NULL ) {
fprintf( stderr,
"%s: line %d: regular expression \"%s\" bad: %s\n",
fname, lineno, right, e );
acl_usage();
}
#endif
b->a_addrpat = strdup( right );
} else {
fprintf( stderr,
@ -494,4 +434,4 @@ print_acl( struct acl *a )
}
}
#endif
#endif /* LDAP_DEBUG */

53
servers/slapd/filterentry.c
View file

@ -4,22 +4,13 @@
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#ifdef sunos5
#include "regexpr.h"
#else
#include "regex.h"
#endif
#include <regex.h>
#include "slap.h"
extern Attribute *attr_find();
extern char *first_word();
extern char *next_word();
extern char *phonetic();
extern char *re_comp();
#ifndef sunos5
extern pthread_mutex_t regex_mutex;
#endif
static int test_filter_list();
static int test_substring_filter();
@ -223,11 +214,12 @@ test_approx_filter(
w2 = next_word( w2 ) ) {
c2 = phonetic( w2 );
if ( strcmp( c1, c2 ) == 0 ) {
free( c2 );
break;
}
free( c2 );
}
free( c1 );
free( c2 );
/*
* if we stopped because we ran out of words
@ -322,6 +314,7 @@ test_substring_filter(
char pat[BUFSIZ];
char buf[BUFSIZ];
struct berval *val;
regex_t re;
Debug( LDAP_DEBUG_FILTER, "begin test_substring_filter\n", 0, 0, 0 );
@ -389,19 +382,16 @@ test_substring_filter(
}
/* compile the regex */
#ifdef sunos5
if ( (p = compile( pat, NULL, NULL )) == NULL ) {
Debug( LDAP_DEBUG_ANY, "compile failed (%s)\n", p, 0, 0 );
Debug( LDAP_DEBUG_FILTER, "test_substring_filter: regcomp pat: %s\n",
pat, 0, 0 );
if ((rc = regcomp(&re, pat, 0))) {
char error[512];
regerror(rc, &re, error, sizeof(error));
Debug( LDAP_DEBUG_ANY, "regcomp failed (%s) %s\n",
p, error, 0 );
return( -1 );
}
#else /* sunos5 */
pthread_mutex_lock( &regex_mutex );
if ( (p = re_comp( pat )) != 0 ) {
Debug( LDAP_DEBUG_ANY, "re_comp failed (%s)\n", p, 0, 0 );
pthread_mutex_unlock( &regex_mutex );
return( -1 );
}
#endif /* sunos5 */
/* for each value in the attribute see if regex matches */
for ( i = 0; a->a_vals[i] != NULL; i++ ) {
@ -417,29 +407,18 @@ test_substring_filter(
}
value_normalize( realval, a->a_syntax );
#ifdef sunos5
rc = step( realval, p );
#else /* sunos5 */
rc = re_exec( realval );
#endif /* sunos5 */
rc = !regexec(&re, realval, 0, NULL, 0);
if ( tmp != NULL ) {
free( tmp );
}
if ( rc == 1 ) {
#ifdef sunos5
free( p );
#else /* sunos5 */
pthread_mutex_unlock( &regex_mutex );
#endif /* sunos5 */
regfree(&re);
return( 0 );
}
}
#ifdef sunos5
free( p );
#else /* sunos5 */
pthread_mutex_unlock( &regex_mutex );
#endif /* sunos5 */
regfree(&re);
Debug( LDAP_DEBUG_FILTER, "end test_substring_filter 1\n", 0, 0, 0 );
return( 1 );

6
servers/slapd/init.c
View file

@ -18,9 +18,6 @@ extern pthread_mutex_t entry2str_mutex;
extern pthread_mutex_t replog_mutex;
extern pthread_mutex_t ops_mutex;
extern pthread_mutex_t num_sent_mutex;
#ifndef sunos5
extern pthread_mutex_t regex_mutex;
#endif
init()
{
@ -31,7 +28,4 @@ init()
pthread_mutex_init( &replog_mutex, pthread_mutexattr_default );
pthread_mutex_init( &ops_mutex, pthread_mutexattr_default );
pthread_mutex_init( &num_sent_mutex, pthread_mutexattr_default );
#ifndef sunos5
pthread_mutex_init( &regex_mutex, pthread_mutexattr_default );
#endif
}

3
servers/slapd/main.c
View file

@ -55,9 +55,6 @@ pthread_mutex_t num_sent_mutex;
*/
pthread_mutex_t entry2str_mutex;
pthread_mutex_t replog_mutex;
#ifndef sunos5
pthread_mutex_t regex_mutex;
#endif
static
usage( name )

10
servers/slapd/proto-slap.h
View file

@ -8,17 +8,11 @@
int access_allowed( Backend *be, Connection *conn, Operation *op, Entry *e,
char *attr, struct berval *val, char *dn, int access );
#ifdef USEREGEX
struct acl * acl_get_applicable( Backend *be, Operation *op, Entry *e,
char *attr, char *edn, int nmatches, regmatch_t matches[] );
int acl_access_allowed( struct acl *a, Backend *be, Connection *conn, Entry *e,
struct berval *val, Operation *op, int access, char *edn, regmatch_t matches[] );
#else
struct acl * acl_get_applicable( Backend *be, Operation *op, Entry *e,
char *attr, char *edn );
int acl_access_allowed( struct acl *a, Backend *be, Connection *conn, Entry *e,
struct berval *val, Operation *op, int access, char *edn );
#endif
struct berval *val, Operation *op, int access, char *edn,
regmatch_t matches[] );
int acl_check_mods( Backend *be, Connection *conn, Operation *op, Entry *e,
LDAPMod *mods );

909
servers/slapd/regex.c
View file

@ -1,909 +0,0 @@
#include "portable.h"
#if defined( MACOS ) || defined( DOS ) || defined( _WIN32 ) || defined( NEED_BSDREGEX )
#include "regex.h"
/*
* regex - Regular expression pattern matching and replacement
*
* By: Ozan S. Yigit (oz)
* Dept. of Computer Science
* York University
*
* These routines are the PUBLIC DOMAIN equivalents of regex
* routines as found in 4.nBSD UN*X, with minor extensions.
*
* These routines are derived from various implementations found
* in software tools books, and Conroy's grep. They are NOT derived
* from licensed/restricted software.
* For more interesting/academic/complicated implementations,
* see Henry Spencer's regexp routines, or GNU Emacs pattern
* matching module.
*
* Modification history:
*
* $Log: regex.c,v $
* Revision 1.2 1996/04/25 16:24:11 mcs
* make re_exec() match "" with ".*" and similar patterns
* hopefully this change doesn't break anything else!
*
* Revision 1.1 1995/02/03 15:56:52 tim
* Initial revision
*
* Revision 1.11 1994/12/14 21:33:45 mcs
* use new NEED_BSDREGEX
* fix pmatch() prototype
*
* Revision 1.10 1994/12/12 18:16:39 mcs
* use on NetBSD
*
* Revision 1.9 1994/11/15 19:16:35 mcs
* add (CHAR) cast to make VisualC++ happy
*
* Revision 1.8 1994/11/08 21:14:32 mcs
* WIN32 changes
*
* Revision 1.7 1994/07/23 19:51:24 mcs
* use ANSI-style inline function parameters
*
* Revision 1.6 1993/10/18 01:52:32 tim
* include for VMS
*
* Revision 1.5 1993/09/28 21:37:54 mcs
* HP/UX needs the regex we include (not in its libc)
*
* Revision 1.4 1993/08/27 15:59:52 mcs
* use CHAR for deftab
*
* Revision 1.3 1993/08/27 15:49:47 mcs
* added missing 0 to octal constants
* use unsigned char for CHAR under DOS
*
* Revision 1.2 1993/08/27 14:57:48 mcs
* add proto. for pmatch
*
* Revision 1.1 1993/08/18 21:20:02 mcs
* Initial revision
*
* Revision 1.4 1991/10/17 03:56:42 oz
* miscellaneous changes, small cleanups etc.
*
* Revision 1.3 1989/04/01 14:18:09 oz
* Change all references to a dfa: this is actually an nfa.
*
* Revision 1.2 88/08/28 15:36:04 oz
* Use a complement bitmap to represent NCL.
* This removes the need to have seperate
* code in the pmatch case block - it is
* just CCL code now.
*
* Use the actual CCL code in the CLO
* section of pmatch. No need for a recursive
* pmatch call.
*
* Use a bitmap table to set char bits in an
* 8-bit chunk.
*
* Interfaces:
* re_comp: compile a regular expression into a NFA.
*
* char *re_comp(s)
* char *s;
*
* re_exec: execute the NFA to match a pattern.
*
* int re_exec(s)
* char *s;
*
* re_modw change re_exec's understanding of what a "word"
* looks like (for \< and \>) by adding into the
* hidden word-syntax table.
*
* void re_modw(s)
* char *s;
*
* re_subs: substitute the matched portions in a new string.
*
* int re_subs(src, dst)
* char *src;
* char *dst;
*
* re_fail: failure routine for re_exec.
*
* void re_fail(msg, op)
* char *msg;
* char op;
*
* Regular Expressions:
*
* [1] char matches itself, unless it is a special
* character (metachar): . \ [ ] * + ^ $
*
* [2] . matches any character.
*
* [3] \ matches the character following it, except
* when followed by a left or right round bracket,
* a digit 1 to 9 or a left or right angle bracket.
* (see [7], [8] and [9])
* It is used as an escape character for all
* other meta-characters, and itself. When used
* in a set ([4]), it is treated as an ordinary
* character.
*
* [4] [set] matches one of the characters in the set.
* If the first character in the set is "^",
* it matches a character NOT in the set, i.e.
* complements the set. A shorthand S-E is
* used to specify a set of characters S upto
* E, inclusive. The special characters "]" and
* "-" have no special meaning if they appear
* as the first chars in the set.
* examples: match:
*
* [a-z] any lowercase alpha
*
* [^]-] any char except ] and -
*
* [^A-Z] any char except uppercase
* alpha
*
* [a-zA-Z] any alpha
*
* [5] * any regular expression form [1] to [4], followed by
* closure char (*) matches zero or more matches of
* that form.
*
* [6] + same as [5], except it matches one or more.
*
* [7] a regular expression in the form [1] to [10], enclosed
* as \(form\) matches what form matches. The enclosure
* creates a set of tags, used for [8] and for
* pattern substution. The tagged forms are numbered
* starting from 1.
*
* [8] a \ followed by a digit 1 to 9 matches whatever a
* previously tagged regular expression ([7]) matched.
*
* [9] \< a regular expression starting with a \< construct
* \> and/or ending with a \> construct, restricts the
* pattern matching to the beginning of a word, and/or
* the end of a word. A word is defined to be a character
* string beginning and/or ending with the characters
* A-Z a-z 0-9 and _. It must also be preceded and/or
* followed by any character outside those mentioned.
*
* [10] a composite regular expression xy where x and y
* are in the form [1] to [10] matches the longest
* match of x followed by a match for y.
*
* [11] ^ a regular expression starting with a ^ character
* $ and/or ending with a $ character, restricts the
* pattern matching to the beginning of the line,
* or the end of line. [anchors] Elsewhere in the
* pattern, ^ and $ are treated as ordinary characters.
*
*
* Acknowledgements:
*
* HCR's Hugh Redelmeier has been most helpful in various
* stages of development. He convinced me to include BOW
* and EOW constructs, originally invented by Rob Pike at
* the University of Toronto.
*
* References:
* Software tools Kernighan & Plauger
* Software tools in Pascal Kernighan & Plauger
* Grep [rsx-11 C dist] David Conroy
* ed - text editor Un*x Programmer's Manual
* Advanced editing on Un*x B. W. Kernighan
* RegExp routines Henry Spencer
*
* Notes:
*
* This implementation uses a bit-set representation for character
* classes for speed and compactness. Each character is represented
* by one bit in a 128-bit block. Thus, CCL always takes a
* constant 16 bytes in the internal nfa, and re_exec does a single
* bit comparison to locate the character in the set.
*
* Examples:
*
* pattern: foo*.*
* compile: CHR f CHR o CLO CHR o END CLO ANY END END
* matches: fo foo fooo foobar fobar foxx ...
*
* pattern: fo[ob]a[rz]
* compile: CHR f CHR o CCL bitset CHR a CCL bitset END
* matches: fobar fooar fobaz fooaz
*
* pattern: foo\\+
* compile: CHR f CHR o CHR o CHR \ CLO CHR \ END END
* matches: foo\ foo\\ foo\\\ ...
*
* pattern: \(foo\)[1-3]\1 (same as foo[1-3]foo)
* compile: BOT 1 CHR f CHR o CHR o EOT 1 CCL bitset REF 1 END
* matches: foo1foo foo2foo foo3foo
*
* pattern: \(fo.*\)-\1
* compile: BOT 1 CHR f CHR o CLO ANY END EOT 1 CHR - REF 1 END
* matches: foo-foo fo-fo fob-fob foobar-foobar ...
*/
#define MAXNFA 1024
#define MAXTAG 10
#define OKP 1
#define NOP 0
#define CHR 1
#define ANY 2
#define CCL 3
#define BOL 4
#define EOL 5
#define BOT 6
#define EOT 7
#define BOW 8
#define EOW 9
#define REF 10
#define CLO 11
#define END 0
/*
* The following defines are not meant to be changeable.
* They are for readability only.
*/
#define MAXCHR 128
#define CHRBIT 8
#define BITBLK MAXCHR/CHRBIT
#define BLKIND 0170
#define BITIND 07
#define ASCIIB 0177
#if defined( DOS ) || defined( _WIN32 )
typedef unsigned char CHAR;
#else /* DOS */
typedef /*unsigned*/ char CHAR;
#endif /* DOS */
static int tagstk[MAXTAG]; /* subpat tag stack..*/
static CHAR nfa[MAXNFA]; /* automaton.. */
static int sta = NOP; /* status of lastpat */
static CHAR bittab[BITBLK]; /* bit table for CCL */
/* pre-set bits... */
static CHAR bitarr[] = {1,2,4,8,16,32,64,128};
static void
chset(CHAR c)
{
bittab[((c) & BLKIND) >> 3] |= bitarr[(c) & BITIND];
}
#define badpat(x) (*nfa = END, x)
#define store(x) *mp++ = x
char *
re_comp( char *pat )
{
register char *p; /* pattern pointer */
register CHAR *mp=nfa; /* nfa pointer */
register CHAR *lp; /* saved pointer.. */
register CHAR *sp=nfa; /* another one.. */
register int tagi = 0; /* tag stack index */
register int tagc = 1; /* actual tag count */
register int n;
register CHAR mask; /* xor mask -CCL/NCL */
int c1, c2;
if (!pat || !*pat)
if (sta)
return 0;
else
return badpat("No previous regular expression");
sta = NOP;
for (p = pat; *p; p++) {
lp = mp;
switch(*p) {
case '.': /* match any char.. */
store(ANY);
break;
case '^': /* match beginning.. */
if (p == pat)
store(BOL);
else {
store(CHR);
store(*p);
}
break;
case '$': /* match endofline.. */
if (!*(p+1))
store(EOL);
else {
store(CHR);
store(*p);
}
break;
case '[': /* match char class..*/
store(CCL);
if (*++p == '^') {
mask = 0377;
p++;
}
else
mask = 0;
if (*p == '-') /* real dash */
chset(*p++);
if (*p == ']') /* real brac */
chset(*p++);
while (*p && *p != ']') {
if (*p == '-' && *(p+1) && *(p+1) != ']') {
p++;
c1 = *(p-2) + 1;
c2 = *p++;
while (c1 <= c2)
chset((CHAR)c1++);
}
#ifdef EXTEND
else if (*p == '\\' && *(p+1)) {
p++;
chset(*p++);
}
#endif
else
chset(*p++);
}
if (!*p)
return badpat("Missing ]");
for (n = 0; n < BITBLK; bittab[n++] = (char) 0)
store(mask ^ bittab[n]);
break;
case '*': /* match 0 or more.. */
case '+': /* match 1 or more.. */
if (p == pat)
return badpat("Empty closure");
lp = sp; /* previous opcode */
if (*lp == CLO) /* equivalence.. */
break;
switch(*lp) {
case BOL:
case BOT:
case EOT:
case BOW:
case EOW:
case REF:
return badpat("Illegal closure");
default:
break;
}
if (*p == '+')
for (sp = mp; lp < sp; lp++)
store(*lp);
store(END);
store(END);
sp = mp;
while (--mp > lp)
*mp = mp[-1];
store(CLO);
mp = sp;
break;
case '\\': /* tags, backrefs .. */
switch(*++p) {
case '(':
if (tagc < MAXTAG) {
tagstk[++tagi] = tagc;
store(BOT);
store(tagc++);
}
else
return badpat("Too many \\(\\) pairs");
break;
case ')':
if (*sp == BOT)
return badpat("Null pattern inside \\(\\)");
if (tagi > 0) {
store(EOT);
store(tagstk[tagi--]);
}
else
return badpat("Unmatched \\)");
break;
case '<':
store(BOW);
break;
case '>':
if (*sp == BOW)
return badpat("Null pattern inside \\<\\>");
store(EOW);
break;
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
n = *p-'0';
if (tagi > 0 && tagstk[tagi] == n)
return badpat("Cyclical reference");
if (tagc > n) {
store(REF);
store(n);
}
else
return badpat("Undetermined reference");
break;
#ifdef EXTEND
case 'b':
store(CHR);
store('\b');
break;
case 'n':
store(CHR);
store('\n');
break;
case 'f':
store(CHR);
store('\f');
break;
case 'r':
store(CHR);
store('\r');
break;
case 't':
store(CHR);
store('\t');
break;
#endif
default:
store(CHR);
store(*p);
}
break;
default : /* an ordinary char */
store(CHR);
store(*p);
break;
}
sp = lp;
}
if (tagi > 0)
return badpat("Unmatched \\(");
store(END);
sta = OKP;
return 0;
}
static char *bol;
char *bopat[MAXTAG];
char *eopat[MAXTAG];
#ifdef NEEDPROTOS
static char *pmatch( char *lp, CHAR *ap );
#else /* NEEDPROTOS */
static char *pmatch();
#endif /* NEEDPROTOS */
/*
* re_exec:
* execute nfa to find a match.
*
* special cases: (nfa[0])
* BOL
* Match only once, starting from the
* beginning.
* CHR
* First locate the character without
* calling pmatch, and if found, call
* pmatch for the remaining string.
* END
* re_comp failed, poor luser did not
* check for it. Fail fast.
*
* If a match is found, bopat[0] and eopat[0] are set
* to the beginning and the end of the matched fragment,
* respectively.
*
*/
int
re_exec( char *lp )
{
register char c;
register char *ep = 0;
register CHAR *ap = nfa;
bol = lp;
bopat[0] = 0;
bopat[1] = 0;
bopat[2] = 0;
bopat[3] = 0;
bopat[4] = 0;
bopat[5] = 0;
bopat[6] = 0;
bopat[7] = 0;
bopat[8] = 0;
bopat[9] = 0;
switch(*ap) {
case BOL: /* anchored: match from BOL only */
ep = pmatch(lp,ap);
break;
case CHR: /* ordinary char: locate it fast */
c = *(ap+1);
while (*lp && *lp != c)
lp++;
if (!*lp) /* if EOS, fail, else fall thru. */
return 0;
default: /* regular matching all the way. */
do {
if ((ep = pmatch(lp,ap)))
break;
lp++;
} while (*lp);
break;
case END: /* munged automaton. fail always */
return 0;
}
if (!ep)
return 0;
bopat[0] = lp;
eopat[0] = ep;
return 1;
}
/*
* pmatch: internal routine for the hard part
*
* This code is partly snarfed from an early grep written by
* David Conroy. The backref and tag stuff, and various other
* innovations are by oz.
*
* special case optimizations: (nfa[n], nfa[n+1])
* CLO ANY
* We KNOW .* will match everything upto the
* end of line. Thus, directly go to the end of
* line, without recursive pmatch calls. As in
* the other closure cases, the remaining pattern
* must be matched by moving backwards on the
* string recursively, to find a match for xy
* (x is ".*" and y is the remaining pattern)
* where the match satisfies the LONGEST match for
* x followed by a match for y.
* CLO CHR
* We can again scan the string forward for the
* single char and at the point of failure, we
* execute the remaining nfa recursively, same as
* above.
*
* At the end of a successful match, bopat[n] and eopat[n]
* are set to the beginning and end of subpatterns matched
* by tagged expressions (n = 1 to 9).
*
*/
#ifndef re_fail
extern void re_fail();
#endif /* re_fail */
/*
* character classification table for word boundary operators BOW
* and EOW. the reason for not using ctype macros is that we can
* let the user add into our own table. see re_modw. This table
* is not in the bitset form, since we may wish to extend it in the
* future for other character classifications.
*
* TRUE for 0-9 A-Z a-z _
*/
static char chrtyp[MAXCHR] = {
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 0, 0,
0, 0, 0, 0, 0, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 0, 0, 0, 0, 1, 0, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 0, 0, 0, 0, 0
};
#define inascii(x) (0177&(x))
#define iswordc(x) chrtyp[inascii(x)]
#define isinset(x,y) ((x)[((y)&BLKIND)>>3] & bitarr[(y)&BITIND])
/*
* skip values for CLO XXX to skip past the closure
*/
#define ANYSKIP 2 /* [CLO] ANY END ... */
#define CHRSKIP 3 /* [CLO] CHR chr END ... */
#define CCLSKIP 18 /* [CLO] CCL 16bytes END ... */
static char *
pmatch( char *lp, CHAR *ap)
{
register int op, c, n;
register char *e; /* extra pointer for CLO */
register char *bp; /* beginning of subpat.. */
register char *ep; /* ending of subpat.. */
char *are; /* to save the line ptr. */
while ((op = *ap++) != END)
switch(op) {
case CHR:
if (*lp++ != *ap++)
return 0;
break;
case ANY:
if (!*lp++)
return 0;
break;
case CCL:
c = *lp++;
if (!isinset(ap,c))
return 0;
ap += BITBLK;
break;
case BOL:
if (lp != bol)
return 0;
break;
case EOL:
if (*lp)
return 0;
break;
case BOT:
bopat[*ap++] = lp;
break;
case EOT:
eopat[*ap++] = lp;
break;
case BOW:
if (lp!=bol && iswordc(lp[-1]) || !iswordc(*lp))
return 0;
break;
case EOW:
if (lp==bol || !iswordc(lp[-1]) || iswordc(*lp))
return 0;
break;
case REF:
n = *ap++;
bp = bopat[n];
ep = eopat[n];
while (bp < ep)
if (*bp++ != *lp++)
return 0;
break;
case CLO:
are = lp;
switch(*ap) {
case ANY:
while (*lp)
lp++;
n = ANYSKIP;
break;
case CHR:
c = *(ap+1);
while (*lp && c == *lp)
lp++;
n = CHRSKIP;
break;
case CCL:
while ((c = *lp) && isinset(ap+1,c))
lp++;
n = CCLSKIP;
break;
default:
re_fail("closure: bad nfa.", *ap);
return 0;
}
ap += n;
while (lp >= are) {
if (e = pmatch(lp, ap))
return e;
--lp;
}
return 0;
default:
re_fail("re_exec: bad nfa.", op);
return 0;
}
return lp;
}
/*
* re_modw:
* add new characters into the word table to change re_exec's
* understanding of what a word should look like. Note that we
* only accept additions into the word definition.
*
* If the string parameter is 0 or null string, the table is
* reset back to the default containing A-Z a-z 0-9 _. [We use
* the compact bitset representation for the default table]
*/
static CHAR deftab[16] = {
0, 0, 0, 0, 0, 0, 0377, 003, 0376, 0377, 0377, 0207,
0376, 0377, 0377, 007
};
void
re_modw( char *s )
{
register int i;
if (!s || !*s) {
for (i = 0; i < MAXCHR; i++)
if (!isinset(deftab,i))
iswordc(i) = 0;
}
else
while(*s)
iswordc(*s++) = 1;
}
/*
* re_subs:
* substitute the matched portions of the src in dst.
*
* & substitute the entire matched pattern.
*
* \digit substitute a subpattern, with the given tag number.
* Tags are numbered from 1 to 9. If the particular
* tagged subpattern does not exist, null is substituted.
*/
int
re_subs( char *src, char *dst)
{
register char c;
register int pin;
register char *bp;
register char *ep;
if (!*src || !bopat[0])
return 0;
while (c = *src++) {
switch(c) {
case '&':
pin = 0;
break;
case '\\':
c = *src++;
if (c >= '0' && c <= '9') {
pin = c - '0';
break;
}
default:
*dst++ = c;
continue;
}
if ((bp = bopat[pin]) && (ep = eopat[pin])) {
while (*bp && bp < ep)
*dst++ = *bp++;
if (bp < ep)
return 0;
}
}
*dst = (char) 0;
return 1;
}
#ifdef DEBUG
/*
* symbolic - produce a symbolic dump of the nfa
*/
symbolic( char *s )
{
printf("pattern: %s\n", s);
printf("nfacode:\n");
nfadump(nfa);
}
static
nfadump( CHAR *ap)
{
register int n;
while (*ap != END)
switch(*ap++) {
case CLO:
printf("CLOSURE");
nfadump(ap);
switch(*ap) {
case CHR:
n = CHRSKIP;
break;
case ANY:
n = ANYSKIP;
break;
case CCL:
n = CCLSKIP;
break;
}
ap += n;
break;
case CHR:
printf("\tCHR %c\n",*ap++);
break;
case ANY:
printf("\tANY .\n");
break;
case BOL:
printf("\tBOL -\n");
break;
case EOL:
printf("\tEOL -\n");
break;
case BOT:
printf("BOT: %d\n",*ap++);
break;
case EOT:
printf("EOT: %d\n",*ap++);
break;
case BOW:
printf("BOW\n");
break;
case EOW:
printf("EOW\n");
break;
case REF:
printf("REF: %d\n",*ap++);
break;
case CCL:
printf("\tCCL [");
for (n = 0; n < MAXCHR; n++)
if (isinset(ap,(CHAR)n)) {
if (n < ' ')
printf("^%c", n ^ 0x040);
else
printf("%c", n);
}
printf("]\n");
ap += BITBLK;
break;
default:
printf("bad nfa. opcode %o\n", ap[-1]);
exit(1);
break;
}
}
#endif
#endif /* MACOS or DOS or NEED_BSDREGEX */

32
servers/slapd/result.c
View file

@ -198,9 +198,7 @@ send_search_entry(
Attribute *a;
int i, rc, bytes, sd;
struct acl *acl;
char *edn;
char *edn;
Debug( LDAP_DEBUG_TRACE, "=> send_search_entry (%s)\n", e->e_dn, 0, 0 );
@ -215,10 +213,11 @@ send_search_entry(
#ifdef COMPAT30
if ( (ber = ber_alloc_t( conn->c_version == 30 ? 0 : LBER_USE_DER ))
== NULLBER ) {
== NULLBER )
#else
if ( (ber = der_alloc()) == NULLBER ) {
if ( (ber = der_alloc()) == NULLBER )
#endif
{
Debug( LDAP_DEBUG_ANY, "ber_alloc failed\n", 0, 0, 0 );
send_ldap_result( conn, op, LDAP_OPERATIONS_ERROR, NULL,
"ber_alloc" );
@ -232,8 +231,10 @@ send_search_entry(
LDAP_RES_SEARCH_ENTRY, e->e_dn );
} else
#endif
rc = ber_printf( ber, "{it{s{", op->o_msgid,
LDAP_RES_SEARCH_ENTRY, e->e_dn );
{
rc = ber_printf( ber, "{it{s{", op->o_msgid,
LDAP_RES_SEARCH_ENTRY, e->e_dn );
}
if ( rc == -1 ) {
Debug( LDAP_DEBUG_ANY, "ber_printf failed\n", 0, 0, 0 );
@ -245,15 +246,12 @@ send_search_entry(
}
for ( a = e->e_attrs; a != NULL; a = a->a_next ) {
#ifdef USEREGEX
regmatch_t matches[MAXREMATCHES];
#endif
if ( attrs != NULL && ! charray_inlist( attrs, a->a_type ) ) {
continue;
}
#ifdef USEREGEX
/* the lastmod attributes are ignored by ACL checking */
if ( strcasecmp( a->a_type, "modifiersname" ) == 0 ||
strcasecmp( a->a_type, "modifytimestamp" ) == 0 ||
@ -267,17 +265,9 @@ send_search_entry(
acl = acl_get_applicable( be, op, e, a->a_type, edn,
MAXREMATCHES, matches );
}
#else
acl= acl_get_applicable( be, op, e, a->a_type, edn );
#endif
#ifdef USEREGEX
if ( ! acl_access_allowed( acl, be, conn, e, NULL, op, ACL_READ,
edn, matches ) )
#else
if ( ! acl_access_allowed( acl, be, conn, e, NULL, op, ACL_READ,
edn ) )
#endif
{
continue;
}
@ -293,15 +283,9 @@ send_search_entry(
if ( ! attrsonly ) {
for ( i = 0; a->a_vals[i] != NULL; i++ ) {
#ifdef USEREGEX
if ( a->a_syntax & SYNTAX_DN &&
! acl_access_allowed( acl, be, conn, e, a->a_vals[i], op,
ACL_READ, edn, matches) )
#else
if ( a->a_syntax & SYNTAX_DN &&
! acl_access_allowed( acl, be, conn, e, a->a_vals[i], op,
ACL_READ, edn ) )
#endif
{
continue;
}

16
servers/slapd/slap.h
View file

@ -6,10 +6,8 @@
#define LDAP_SYSLOG
#include <syslog.h>
#ifdef USEREGEX
#include <sys/types.h>
#include <regex.h>
#endif
#include "avl.h"
#include "lber.h"
@ -24,6 +22,8 @@
#define OFF (-1)
#define UNDEFINED 0
#define MAXREMATCHES 10
/*
* represents an attribute value assertion (i.e., attr=value)
*/
@ -127,9 +127,11 @@ struct access {
char *a_domainpat;
char *a_dnattr;
long a_access;
#ifdef USEREGEX
char *a_group;
#ifdef ACLGROUP
char *a_group;
#endif
#define ACL_NONE 0x01
#define ACL_COMPARE 0x02
#define ACL_SEARCH 0x04
@ -143,9 +145,7 @@ struct access {
struct acl {
/* "to" part: the entries this acl applies to */
Filter *acl_filter;
#ifdef USEREGEX
regex_t acl_dnre;
#endif
regex_t acl_dnre;
char *acl_dnpat;
char **acl_attrs;

68
servers/slapd/tools/Make-template
View file

@ -24,15 +24,15 @@ OBJS2 = ../config.o ../ch_malloc.o ../backend.o ../charray.o \
../aclparse.o ../schema.o ../result.o ../filterentry.o \
../acl.o ../phonetic.o ../attr.o ../value.o ../entry.o \
../dn.o ../filter.o ../str2filter.o ../ava.o ../init.o \
../schemaparse.o ../regex.o ../strdup.o
../schemaparse.o ../strdup.o
INCLUDES= -I. -I$(HDIR) $(EXINCLUDES)
DEFINES = $(DEFS) $(SERVERDEFS) $(THREADS)
DEFINES = $(DEFS) $(LDAP_CRYPT) $(SERVERDEFS) $(THREADS)
CFLAGS = $(INCLUDES) $(DEFINES) $(ACFLAGS)
LDFLAGS = -L$(LDIR) $(EXLDFLAGS)
LIBS = -lldif -lldap -llber -lldbm -lavl $(LDBMLIB) $(EXLIBS) $(ALIBS)
LIBS2 = -lldif -lldbm -lavl $(LDBMLIB) -llber $(KRBLIBFLAG) $(KRBLIBS) \
-llthread $(THREADSLIB) $(ALIBS)
-llthread $(THREADSLIB) $(ALIBS) $(LDAP_CRYPT_LIB)
all: build-edb2ldif ldif2index ldif2ldbm ldbmcat ldif2id2entry \
ldif2id2children centipede ldbmtest ldif
@ -178,42 +178,30 @@ links:
# DO NOT DELETE THIS LINE -- mkdep uses it.
# DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY.
chlog2replog.o: chlog2replog.c ../../../include/ldif.h
edb2ldif.o: edb2ldif.c
ldapsyntax.o: ldapsyntax.c ../../../include/lber.h ../../../include/ldap.h
ldapsyntax.o: ../../../include/ldif.h ldapsyntax.h
ldif2index.o: ldif2index.c ../slap.h ../../../include/avl.h
ldif2index.o: ../../../include/lber.h ../../../include/ldap.h
ldif2index.o: ../../../include/lthread.h ../../../include/ldif.h
ldif2ldbm.o: ldif2ldbm.c ../slap.h ../../../include/avl.h
ldif2ldbm.o: ../../../include/lber.h ../../../include/ldap.h
ldif2ldbm.o: ../../../include/lthread.h ../../../include/ldif.h
ldif2ldbm.o: ../back-ldbm/back-ldbm.h ../../../include/ldbm.h
ldif2id2entry.o: ldif2id2entry.c ../slap.h ../../../include/avl.h
ldif2id2entry.o: ../../../include/lber.h ../../../include/ldap.h
ldif2id2entry.o: ../../../include/lthread.h ../../../include/ldif.h
ldif2id2entry.o: ../back-ldbm/back-ldbm.h ../../../include/ldbm.h
ldif2id2children.o: ldif2id2children.c ../slap.h ../../../include/avl.h
ldif2id2children.o: ../../../include/lber.h ../../../include/ldap.h
ldif2id2children.o: ../../../include/lthread.h ../../../include/ldif.h
ldif2id2children.o: ../back-ldbm/back-ldbm.h ../../../include/ldbm.h
ldbmcat.o: ldbmcat.c ../../../include/ldbm.h ../slap.h ../../../include/avl.h
ldbmcat.o: ../../../include/lber.h ../../../include/ldap.h
ldbmcat.o: ../../../include/lthread.h ../../../include/ldif.h
centipede.o: centipede.c ../../../include/lber.h ../../../include/ldap.h
centipede.o: ../../../include/ldapconfig.h ../../../include/ldbm.h
sizecount.o: sizecount.c ../../../include/ldbm.h ../../../include/lber.h
sizecount.o: ../../../include/ldap.h ../../../include/portable.h
ldif2ldbm.sed.o: ldif2ldbm.sed.c ../slap.h ../../../include/avl.h
ldif2ldbm.sed.o: ../../../include/lber.h ../../../include/ldap.h
ldif2ldbm.sed.o: ../../../include/lthread.h ../../../include/ldif.h
ldif2ldbm.sed.o: ../back-ldbm/back-ldbm.h ../../../include/ldbm.h
ldbmtest.o: ldbmtest.c ../../../include/portable.h
ldbmtest.o: ../../../include/ldapconfig.h ../slap.h ../../../include/avl.h
ldbmtest.o: ../../../include/lber.h ../../../include/ldap.h
ldbmtest.o: ../../../include/lthread.h ../../../include/ldif.h
ldbmtest.o: ../back-ldbm/back-ldbm.h ../../../include/ldbm.h
ldif.o: ldif.c ../../../include/lber.h ../../../include/ldap.h
ldif.o: ../../../include/ldif.h
ldif2index.o: ldif2index.c ../../../include/avl.h ../../../include/proto-lber.h
ldif2index.o: ../../../include/proto-ldap.h ../../../include/ldif.h
ldif2ldbm.o: ldif2ldbm.c ../../../include/proto-lber.h
ldif2ldbm.o: ../../../include/proto-ldap.h ../../../include/ldif.h
ldif2ldbm.o: ../../../include/ldbm.h
ldif2id2entry.o: ldif2id2entry.c ../../../include/avl.h
ldif2id2entry.o: ../../../include/proto-lber.h ../../../include/proto-ldap.h
ldif2id2entry.o: ../../../include/ldif.h ../../../include/ldbm.h
ldif2id2children.o: ldif2id2children.c ../../../include/avl.h
ldif2id2children.o: ../../../include/proto-lber.h ../../../include/proto-ldap.h
ldif2id2children.o: ../../../include/ldif.h ../../../include/ldbm.h
ldbmcat.o: ldbmcat.c ../../../include/proto-lber.h
ldbmcat.o: ../../../include/proto-ldap.h ../../../include/ldif.h
centipede.o: centipede.c ../../../include/proto-lber.h
centipede.o: ../../../include/proto-ldap.h ../../../include/ldbm.h
sizecount.o: sizecount.c ../../../include/lber.h ../../../include/ldap.h
sizecount.o: ../../../include/proto-ldap.h
ldif2ldbm.sed.o: ldif2ldbm.sed.c ../../../include/avl.h
ldif2ldbm.sed.o: ../../../include/proto-lber.h ../../../include/proto-ldap.h
ldif2ldbm.sed.o: ../../../include/ldif.h ../../../include/ldbm.h
ldbmtest.o: ldbmtest.c ../../../include/ldapconfig.h ../../../include/avl.h
ldbmtest.o: ../../../include/proto-lber.h ../../../include/proto-ldap.h
ldbmtest.o: ../../../include/ldif.h ../../../include/ldbm.h
ldbmtest.o: ../back-ldbm/proto-back-ldbm.h
ldif.o: ldif.c ../../../include/proto-lber.h ../../../include/proto-ldap.h
# IF YOU PUT ANYTHING HERE IT WILL GO AWAY