From b70cc2409550767bd6f19f31eee0639070e721fe Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Sun, 6 Nov 2016 23:44:05 +0100 Subject: [PATCH 01/92] Porting to OpenSSL 1.1 This commit ports VOMS to OpenSSL 1.1. More details in openssl11.md. --- configure.ac | 5 +- m4/acinclude.m4 | 11 + openssl11.md | 455 ++++++++++++++++++++++ spec/voms-all.spec | 5 +- src/ac/attributes.h | 21 +- src/ac/extensions.c | 353 ++--------------- src/ac/init.c | 10 +- src/ac/mystack.c | 26 +- src/ac/newformat.c | 614 +++++------------------------ src/ac/validate.cc | 85 ++-- src/ac/write.c | 200 ++++++++-- src/api/ccapi/api_util.cc | 12 +- src/api/ccapi/voms_api.cc | 2 +- src/api/ccapi/voms_api.h | 3 + src/client/vomsclient.cc | 11 +- src/common/normalize.c | 23 -- src/common/xmlcc.cc | 2 +- src/include/Makefile.am | 2 +- src/include/acstack.h | 54 ++- src/include/newformat.h | 106 ++--- src/include/proxycertinfo.h | 84 ++++ src/include/proxypolicy.h | 87 +++++ src/include/ssl_compat.h | 74 ++++ src/include/sslutils.h | 2 +- src/include/vomsxml.h | 2 +- src/log/fs.c | 3 +- src/server/Makefile.am | 4 +- src/server/vomsd.cc | 27 +- src/socklib/Client.cpp | 2 - src/socklib/Server.cpp | 81 +++- src/sslutils/Makefile.am | 5 +- src/sslutils/myproxycertinfo.c | 510 ++++++++++++++++++++++++ src/sslutils/namespaces.c | 13 - src/sslutils/proxy.c | 274 +++++++------ src/sslutils/proxycertinfo.c | 692 +++++++++++++-------------------- src/sslutils/proxypolicy.c | 88 +++++ src/sslutils/signing_policy.c | 11 - src/sslutils/ssl_compat.c | 363 +++++++++++++++++ src/sslutils/sslutils.c | 460 ++++++++++------------ src/sslutils/voms_cert_type.c | 3 +- src/utils/voms_proxy_info.cc | 6 +- src/utils/voms_verify.cc | 13 +- src/utils/vomsfake.cc | 2 +- 43 files changed, 2855 insertions(+), 1951 deletions(-) create mode 100644 openssl11.md create mode 100644 src/include/proxycertinfo.h create mode 100644 src/include/proxypolicy.h create mode 100644 src/include/ssl_compat.h create mode 100644 src/sslutils/myproxycertinfo.c create mode 100644 src/sslutils/proxypolicy.c create mode 100644 src/sslutils/ssl_compat.c diff --git a/configure.ac b/configure.ac index 7780c99f..4e3da01c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT([VOMS], [2.0.14]) +AC_INIT([VOMS], [2.1.0]) AC_PREREQ(2.57) AC_CONFIG_AUX_DIR([./aux]) AM_INIT_AUTOMAKE @@ -31,7 +31,8 @@ AC_PROG_YACC AC_PROG_LEX AC_COMPILER -PKG_CHECK_MODULES([OPENSSL], [openssl]) +#PKG_CHECK_MODULES([OPENSSL], [openssl]) +AC_OPENSSL PKG_CHECK_MODULES([GSOAP],[gsoap >= 2.7]) PKG_CHECK_MODULES([GSOAP_PP],[gsoap++ >= 2.7]) diff --git a/m4/acinclude.m4 b/m4/acinclude.m4 index 2dbc71ab..f78f2752 100644 --- a/m4/acinclude.m4 +++ b/m4/acinclude.m4 @@ -195,6 +195,17 @@ AC_DEFUN([AC_COMPILER], CXXFLAGS="-g -O0" fi + AC_ARG_WITH(profile, + [ --with-profile Compiles and links with collection of profile information activated], + [ac_with_profile="yes"], + [ac_with_profile="no"]) + + if test "x$ac_with_profile" = "xyes" ; then + CFLAGS="$CFLAGS -pg" + CXXFLAGS="$CXXFLAGS -pg" + LDFLAGS="$LDFLAGS -pg" + fi + AC_ARG_WITH(warnings, [ --with-warnings Compiles with maximum warnings], [ac_with_warnings="yes"], diff --git a/openssl11.md b/openssl11.md new file mode 100644 index 00000000..40b4b0fe --- /dev/null +++ b/openssl11.md @@ -0,0 +1,455 @@ +# Notes on the migration of the VOMS code base to OpenSSL 1.1 + +This document summarizes the changes needed to migrate the VOMS code base from +OpenSSL 1.0.x to OpenSSL 1.1.y. + +The changes are as focused as possible and address only the migration, with very +limited exceptions. + +## Opaque data structures + +One of the most important changes in the API introduced by OpenSSL 1.1 is the +introduction of opaque data types for many of the data structures. + + typedef struct x509_object_st X509_OBJECT; + typedef struct X509_name_st X509_NAME; + typedef struct X509_name_entry_st X509_NAME_ENTRY; + typedef struct asn1_string_st ASN1_STRING; + typedef struct evp_pkey_st EVP_PKEY; + typedef struct X509_st X509; + typedef struct X509_req_st X509_REQ; + +Opaque data structures are incomplete types, with two major consequences: + +1. they cannot be allocated on the stack +1. pointers to objects of those types cannot be dereferenced, e.g. to access +their fields + +For what concerns the first point, the solution is to always manage explicitly +their lifetime, allocating an object on the heap and later freeing it. + +For example code such as + + X509_OBJECT obj; + +has to be replaced with + + X509_OBJECT* obj = X509_OBJECT_new(); + ... + X509_OBJECT_free(obj); + +The second point -- accessing the fields of the data structure -- requires the +use of getter and setter functions. The actual transformation needed for the +VOMS code are presented in the following sections. + +### X509_OBJECT + +Given an `X509_OBJECT* obj` that stores a CRL, in order to access the +CRL, code such as + + X509_CRL* crl = obj->data.crl; + +has to be replaced with + + X509_CRL* crl = X509_OBJECT_get0_X509_CRL(obj); + +### X509_NAME, X509_NAME_ENTRY, ASN1_STRING + +Given `X509_NAME* name`, code such as + + int n = sk_X509_NAME_ENTRY_num(name->entries) + X509_NAME_ENTRY* entry = sk_X509_NAME_ENTRY_value(name->entries, i); + ASN1_STRING* str = entry->value; + unsigned char const* data = entry->value->data; + int l = entry->value->length; + ASN1_OBJECT* obj = entry->object; + +has to be replaced with + + int n = X509_NAME_entry_count(name); + X509_NAME_ENTRY* entry = X509_NAME_get_entry(name, i); + ASN1_STRING* str = X509_NAME_ENTRY_get_data(entry); + unsigned char const* data = ASN1_STRING_get0_data(str); + int l = ASN1_STRING_length(str); + ASN1_OBJECT* obj = X509_NAME_ENTRY_get_object(entry); + + +### EVP_PKEY + +Given `EVP_PKEY* key`, code such as + + RSA* rsa = key->pkey.rsa; + +has to be replaced with + + RSA* rsa = EVP_PKEY_get0_RSA(key) + +Code such as + + int type = key->type; + if (type == EVP_PKEY_RSA) { + +has to be replaced with + + RSA* rsa = EVP_PKEY_get0_RSA(key) + if (RSA) { + +### X509, X509_REQ + +Given `X509* cert`, to access the Message Digest + + EVP_MD const* md = EVP_get_digestbyobj(cert->sig_alg->algorithm); + +has to be replaced with + + EVP_MD const* md = EVP_get_digestbynid(X509_get_signature_nid(cert)); + +Similarly for an `X509_REQ* req`. + +Moreover there is no way to retrieve the internal X509_CINF, so code such as + + X509_CINF* cinf = cert->cert_info; + +has been removed and replaced with appropriate getters and setters for the +fields of an `X509_CINF`. + +Given `ASN1_INTEGER* num`, code such as + + ASN1_INTEGER_free(cert->cert_info->serialNumber); + cert->cert_info->serialNumber = num; + +has been replaced with + + X509_set_serialNumber(cert, num); + ASN1_INTEGER_free(num); + +Note how the responsibility to manage the object lifetime has +changed. `X509_set_serialNumber` in fact stores a _copy_ of `num` and +takes care of the deallocation of the previous `serialNumber`. + +When the serial number is obtained from the Message Digest, the code changes +from + + unsigned char md[SHA_DIGEST_LENGTH]; + unsigned int len; + ASN1_digest(..., md, &len); + cert->cert_info->serialNumber = ASN1_INTEGER_new(); + cert->cert_info->serialNumber = ASN1_INTEGER_new(); + cert->cert_info->serialNumber->length = len; + cert->cert_info->serialNumber->data = malloc(len); + memcpy(cert->cert_info->serialNumber->data, md, SHA_DIGEST_LENGTH); + +to + + unsigned char md[SHA_DIGEST_LENGTH + 1]; + unsigned int len; + ASN1_digest(..., md, &len); + md[len] = '\0'; + BIGNUM* bn = NULL; + if (BN_hex2bn(&bn, (char*)md) != 0) { + ASN1_INTEGER* num = BN_to_ASN1_INTEGER(bn, NULL); + BN_free(bn); + X509_set_serialNumber(cert, num); + ASN1_INTEGER_free(num); + } + +When the serial number is copied from another certificate, the code changes from + + ASN1_INTEGER* num = ASN1_INTEGER_dup(X509_get_serialNumber(other_cert)); + ASN1_INTEGER_free(cert->cert_info->serialNumber); + cert->cert_info->serialNumber = num; + +to + + ASN1_INTEGER* num = ASN1_INTEGER_dup(X509_get0_serialNumber(other_cert)); + X509_set_serialNumber(*new_cert, num); + ASN1_INTEGER_free(num); + +The call to ASN1\_INTEGER\_dup is needed because `X509_get0_serialNumber` +returns an `ASN1_INTEGER const*` but `X509_set_serialNumber` takes a (non-const) +`ASN1_INTEGER*`, although internally it doesn't modify +it. `X509_get_serialNumber`, which returns a non-const `ASN1_INTEGER*`, could be +used, but respecting const-correctness is preferable. + +To copy the _notAfter_ attribute of a certificate from another certificate, code +such as + + X509_set_notAfter(cert, other_cert->cert_info->validity->notAfter); + +has to be replaced with + + int ret = X509_set1_notAfter(cert, X509_get0_notAfter(other_cert)); + +`X509_set1_notAfter` doesn't take ownership of the argument; but +`X509_get0_notAfter` returns a non-mutable view of the internal field and +doesn't require a subsequent free. + +To transfer the public key from a request to a certificate, code such as + + X509_PUBKEY_free(cert_info->key); + cert_info->key = req->req_info->pubkey; + req->req_info->pubkey = NULL; + +has been replaced with + + EVP_PKEY* pub_key = X509_REQ_get_pubkey(req); + X509_set_pubkey(cert, pub_key); + EVP_PKEY_free(pub_key); + +The former code was a "move" of the public key from the request to the +certificate, without any decoding. Although a function still exists to retrieve +the key material (`X509_get_X509_PUBKEY`), there is no corresponding setter. + +OpenSSL 1.1 has introduced another function to retrieve the public key +from the request: `X509_REQ_get0_pubkey`. The difference between +`X509_REQ_get_pubkey` and `X509_REQ_get0_pubkey` is that the former +increments a reference count, requiring the returned `EVP_KEY` to be +subsequently freed, whereas the latter returns a "view" of the +internal public key and doesn't need to be freed. For compatibility +with OpenSSL < 1.1 however `X509_REQ_get_pubkey` is used. + +The code to extract the public key from a certificate + + X509_PUBKEY *key = X509_get_X509_PUBKEY(ucert); + EVP_PKEY* ucertpkey = X509_PUBKEY_get(key); + +has been replaced with + + EVP_PKEY* ucertpkey = X509_get_pubkey(ucert); + +Also in this case OpenSSL 1.1 has introduced another function to +extract the key without the need to later free it: `X509_get0_pubkey`, +but it has not been used for compatibility reasons with previous +versions of OpenSSL. + +To set various attributes of the certificate, code such as + + ASN1_INTEGER_set(cert->cert_info->version, 2); + cert->ex_flags |= EXFLAG_PROXY; + cert->ex_pcpathlen = 0; + +has to be replaced with + + X509_set_version(cert, 2L); + X509_set_proxy_flag(cert); + X509_set_proxy_pathlen(cert, 0); + +Given `STACK_OF(X509_EXTENSION)* extensions`, to add the extensions to a +certificate, code such as + + cert->cert_info->extensions = sk_X509_EXTENSION_new_null(); + for (i = 0; i < sk_X509_EXTENSION_num(extensions); ++i) { + X509_EXTENSION* extension = X509_EXTENSION_dup(sk_X509_EXTENSION_value(extensions, i)); + sk_X509_EXTENSION_push(cert->cert_info->extensions, extension); + } + +has to be replace with + + for (i = 0; i < sk_X509_EXTENSION_num(extensions); ++i) { + X509_EXTENSION* extension = X509_EXTENSION_dup(sk_X509_EXTENSION_value(extensions, i)); + X509_add_ext(cert, extension, -1); + } + +Given `X509_STORE* store`, `X509_STORE_CTX* ctx` and `int +proxy_check_issued(X509_STORE_CTX*, X509*, X509*)`, code such as + + X509_STORE_CTX_init(ctx, store, ...) + ctx->check_issued = proxy_check_issued; + +has to be replaced with + + X509_STORE_set_check_issued(store, proxy_check_issued); + X509_STORE_CTX_init(ctx, store, cert, cert_chain) + +i.e. `check_issued` has to be set for the `store`, whose contents are then used +for the initialization of `ctx`. + +Similarly for X505\_REQ\_INFO, code such as + + X509_REQ_INFO* req_info = req->req_info; + +has been removed. + +Code such as + + X509_ALGOR* alg1 = cert->cert_info->signature; + X509_ALGOR* alg2 = cert->sig_alg; + +has been replaced with + + X509_ALGOR const* alg1 = X509_get0_tbs_sigalg(cert) + X509_ALGOR const* alg2; + X509_get0_signature(NULL, &alg2, cert); + +Code such as + + ASN1_BIT_STRING* issuerUID = issuerc->cert_info->issuerUID + +has been replaced with + + ASN1_BIT_STRING const* issuerUID; + X509_get0_uids(issuerc, &issuerUID, NULL); + + + + + +### SSL_CTX + +Given `SSL_CTX* ctx`, code such as + + ctx->cert_store + +has to be replaced with + + SSL_CTX_get_cert_store(ctx) + +### BIO + +BIO has become an opaque data structure. The following lines are not +allowed any more. + + writeb = bio->method->bwrite; + readb = bio->method->bread; + bio->method->bwrite = globusf_write; + bio->method->bread = globusf_read; + +`writeb` and `readb` are global variables that are then used inside +`globus_write` and `globus_read` which wrap them in order to implement +the GSI protocol. + +`bio` is created with + + bio = BIO_new_socket(newsock, BIO_NOCLOSE); + (void)BIO_set_nbio(bio, 1); + +The above code is replaced with an explicit construction of a +BIO_METHOD object, which is then properly modified and used to +construct the final BIO. + + int const biom_type = BIO_get_new_index(); + static char const* const biom_name = "VOMS I/O"; + BIO_METHOD* voms_biom = BIO_meth_new(biom_type|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR, biom_name); + + BIO_METHOD const* sock_biom = BIO_s_socket(); + + writeb = BIO_meth_get_write(const_cast(sock_biom)); + ret = BIO_meth_set_write(voms_biom, globusf_write); + + readb = BIO_meth_get_read(const_cast(sock_biom)); + ret = BIO_meth_set_read(voms_biom, globusf_read); + + BIO_meth_set_puts(voms_biom, BIO_meth_get_puts(const_cast(sock_biom))); + // and so on for all the other fields + +The `const_cast` is needed because the BIO API (and not only that one, +in fact) is not consistently const-correct. + +## Stack management + +The way to declare/define a new stack of user-defined types and corresponding access functions has changed. + +With OpenSSL before v. 1.1 it is necessary to declare and then define +all the functions to access a stack of a user-defined type. In VOMS +there are a couple of macros to ease the job: `DECL_STACK` is used in +a single header file to produce the declarations, `IMPL_STACK` is used +in a single source file to produce the definitions. + +OpenSSL 1.1 instead offers the DEFINE_STACK_OF macro, that, given a type, +generates the data structure and all the access functions, implemented +`static inline`. This means that the macro can be used in a header +file, which can then be included whenever needed. + +In order to have a common code base, the DECL_STACK and IMPL_STACK macros are always used, but when OpenSSL 1.1 is used, they are implemented as: + + #define DECL_STACK(type) DEFINE_STACK_OF(type) + #define IMPL_STACK(type) + +## Removal of macros + +The macro + + #define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ + (const ASN1_STRING *)a,(const ASN1_STRING *)b) + +doesn't exist any more. Its use has been replaced with `ASN1_INTEGER_cmp`, not +with `ASN1_STRING_cmp`, because the name is more meaningful even if they are not +completely equivalent. For example + + if (M_ASN1_INTEGER_cmp((key->serial), + (X509_get0_serialNumber(iss)))) + +becomes + + if (ASN1_INTEGER_cmp((key->serial), + (X509_get0_serialNumber(iss)))) + + +The macro + + #define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ + (const ASN1_STRING *)a,(const ASN1_STRING *)b) + +doesn't exist any more. Its use has been replaced by `ASN1_STRING_cmp`. + +The macro + + /* + * This is the default callbacks, but we can have others as well: this is + * needed in Win32 where the application malloc and the library malloc may + * not be the same. + */ + #define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ + malloc, realloc, free) + +doesn't exist any more and it doesn't seem terribly useful. Removed. + +The macro + + #define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() + +doesn't exist any more. Its use has been replaced by the use of +`OpenSSL_add_all_algorithms`. + +The use of the macro + + # define X509_STORE_set_verify_cb_func(ctx,func) \ + X509_STORE_set_verify_cb((ctx),(func)) + +has been replaced by the direct call to `X509_STORE_set_verify_cb`. Moreover, +since the function returns `void`, checking the return value makes no sense. +Consequently code such as + + if (!X509_STORE_set_verify_cb_func(store, proxy_verify_callback)){ + internal_error("Error setting context store certificate verify callback"); + } + +becomes + + X509_STORE_set_verify_cb(store, proxy_verify_callback); + +## Encoding/decoding to/from ASN.1 + +The functions responsible for the encoding/decoding of user-defined +types, named `i2d_`, `d2i_`, `_new` and +`_free`, were implemented in terms of the macros `M_ASN1_I2D_*` +and `M_ASN1_D2I_*`, defined in ``. That header +doesn't exist any more, so those functions have been generated with +the macros `DECLARE_ASN1_FUNCTIONS`, `IMPLEMENT_ASN1_FUNCTIONS`, +`ASN1_SEQUENCE`, `ASN1_SIMPLE`, `ASN1_SEQUENCE_OF`, etc., defined in +``. + +The encoding/decoding of standard (RFC3820) Proxy Certificates is actually +available directly from OpenSSL. The encoding/decoding of pre-standard +(draft) Proxy Certificates has been adapted from the Globus code. + +The encoding/decoding of Attribute Certificates and the VOMS +extensions has been re-implemented from scratch. + +## Compatibility with OpenSSL 1.0.x + +Many of the changes listed above involve function calls that are not +available in previous versions of OpenSSL. In order to have the same +codebase, those functions have been copied (with some adaptation) into +the VOMS code base and are conditionally enabled (see files +`ssl-compat.h` and `ssl-compat.c`). diff --git a/spec/voms-all.spec b/spec/voms-all.spec index 44e9f9cb..ccb3e239 100644 --- a/spec/voms-all.spec +++ b/spec/voms-all.spec @@ -1,5 +1,5 @@ Name: voms -Version: 2.0.14 +Version: 2.1.0 Release: 1%{?dist} Summary: The Virtual Organisation Membership Service C++ APIs @@ -290,6 +290,9 @@ fi %{_mandir}/man8/voms.8* %changelog +* Tue Aug 23 2016 Andrea Ceccanti - 2.1.0-0 +- Packaging for 2.1.0 + * Tue Aug 23 2016 Andrea Ceccanti - 2.0.14-0 - Packaging for 2.0.14 diff --git a/src/ac/attributes.h b/src/ac/attributes.h index 5459b534..5ae9b93b 100644 --- a/src/ac/attributes.h +++ b/src/ac/attributes.h @@ -29,7 +29,6 @@ #include #include -#include #include #include #include @@ -50,8 +49,8 @@ typedef struct ACATTRIBUTE { ASN1_OCTET_STRING *name; - ASN1_OCTET_STRING *qualifier; ASN1_OCTET_STRING *value; + ASN1_OCTET_STRING *qualifier; } AC_ATTRIBUTE; typedef struct ACATTHOLDER { @@ -67,18 +66,6 @@ DECL_STACK(AC_ATTRIBUTE); DECL_STACK(AC_ATT_HOLDER); DECL_STACK(AC_FULL_ATTRIBUTES); -extern int i2d_AC_ATTRIBUTE(AC_ATTRIBUTE *, unsigned char **); -extern int i2d_AC_ATT_HOLDER(AC_ATT_HOLDER *, unsigned char **); -extern int i2d_AC_FULL_ATTRIBUTES(AC_FULL_ATTRIBUTES *, unsigned char **); - -extern AC_ATTRIBUTE *d2i_AC_ATTRIBUTE(AC_ATTRIBUTE **, VOMS_MAYBECONST unsigned char **, long); -extern AC_ATT_HOLDER *d2i_AC_ATT_HOLDER(AC_ATT_HOLDER **, VOMS_MAYBECONST unsigned char **, long); -extern AC_FULL_ATTRIBUTES *d2i_AC_FULL_ATTRIBUTES(AC_FULL_ATTRIBUTES **, VOMS_MAYBECONST unsigned char **, long); - -extern AC_ATTRIBUTE *AC_ATTRIBUTE_new(); -extern AC_ATT_HOLDER *AC_ATT_HOLDER_new(); -extern AC_FULL_ATTRIBUTES *AC_FULL_ATTRIBUTES_new(); - -extern void AC_ATTRIBUTE_free(AC_ATTRIBUTE *); -extern void AC_ATT_HOLDER_free(AC_ATT_HOLDER *); -extern void AC_FULL_ATTRIBUTES_free(AC_FULL_ATTRIBUTES *); +DECLARE_ASN1_FUNCTIONS(AC_ATTRIBUTE) +DECLARE_ASN1_FUNCTIONS(AC_ATT_HOLDER) +DECLARE_ASN1_FUNCTIONS(AC_FULL_ATTRIBUTES) diff --git a/src/ac/extensions.c b/src/ac/extensions.c index 73c892bc..d482293b 100644 --- a/src/ac/extensions.c +++ b/src/ac/extensions.c @@ -27,7 +27,6 @@ #include #include -#include #include #include #include @@ -41,6 +40,7 @@ #include "acerrors.h" #include "attributes.h" #include +#include #ifndef VOMS_MAYBECONST #if defined(D2I_OF) @@ -50,312 +50,6 @@ #endif #endif -int i2d_AC_SEQ(AC_SEQ *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); -#ifdef TYPEDEF_I2D_OF - M_ASN1_I2D_len_SEQUENCE(a->acs, (i2d_of_void*)i2d_AC); -#else - M_ASN1_I2D_len_SEQUENCE(a->acs, i2d_AC); -#endif - M_ASN1_I2D_seq_total(); -#ifdef TYPEDEF_I2D_OF - M_ASN1_I2D_put_SEQUENCE(a->acs, (i2d_of_void*)i2d_AC); -#else - M_ASN1_I2D_put_SEQUENCE(a->acs, i2d_AC); -#endif - M_ASN1_I2D_finish(); -} - -AC_SEQ *d2i_AC_SEQ(AC_SEQ **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_SEQ *, AC_SEQ_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_seq(ret->acs, d2i_AC, AC_free); - M_ASN1_D2I_Finish(a, AC_SEQ_free, ASN1_F_D2I_AC_SEQ); -} - -AC_SEQ *AC_SEQ_new() -{ - AC_SEQ *ret = NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC_SEQ); - M_ASN1_New(ret->acs, sk_AC_new_null); - return ret; - M_ASN1_New_Error(AC_F_AC_SEQ_new); -} - -void AC_SEQ_free(AC_SEQ *a) -{ - if (a==NULL) return; - - sk_AC_pop_free(a->acs, AC_free); - OPENSSL_free(a); -} - -int i2d_AC_TARGETS(AC_TARGETS *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - M_ASN1_I2D_len_SEQUENCE(a->targets, i2d_AC_TARGET); - M_ASN1_I2D_seq_total(); - M_ASN1_I2D_put_SEQUENCE(a->targets, i2d_AC_TARGET); - M_ASN1_I2D_finish(); -} -AC_TARGETS *d2i_AC_TARGETS(AC_TARGETS **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_TARGETS *, AC_TARGETS_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_seq(ret->targets, d2i_AC_TARGET, AC_TARGET_free); - M_ASN1_D2I_Finish(a, AC_TARGETS_free, ASN1_F_D2I_AC_TARGETS); -} -AC_TARGETS *AC_TARGETS_new() -{ - AC_TARGETS *ret=NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC_TARGETS); - M_ASN1_New(ret->targets, sk_AC_TARGET_new_null); - return ret; - M_ASN1_New_Error(AC_F_AC_TARGETS_New); -} - -void AC_TARGETS_free(AC_TARGETS *a) -{ - if (a==NULL) return; - - sk_AC_TARGET_pop_free(a->targets, AC_TARGET_free); - OPENSSL_free(a); -} - -int i2d_AC_TARGET(AC_TARGET *a, unsigned char **pp) -{ - int v1=0, v2=0, v3=0; - - M_ASN1_I2D_vars(a); - M_ASN1_I2D_len_EXP_opt(a->name, i2d_GENERAL_NAME, 0, v1); - M_ASN1_I2D_len_EXP_opt(a->group, i2d_GENERAL_NAME, 1, v2); - M_ASN1_I2D_len_EXP_opt(a->cert, i2d_AC_IS, 2, v3); - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put_EXP_opt(a->name, i2d_GENERAL_NAME, 0, v1); - M_ASN1_I2D_put_EXP_opt(a->group, i2d_GENERAL_NAME, 1, v2); - M_ASN1_I2D_put_EXP_opt(a->cert, i2d_AC_IS, 2, v3); - M_ASN1_I2D_finish(); -} - -AC_TARGET *d2i_AC_TARGET(AC_TARGET **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_TARGET *, AC_TARGET_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_EXP_opt(ret->name, d2i_GENERAL_NAME, 0); - M_ASN1_D2I_get_EXP_opt(ret->group, d2i_GENERAL_NAME, 1); - M_ASN1_D2I_get_EXP_opt(ret->cert, d2i_AC_IS, 2); - M_ASN1_D2I_Finish(a, AC_TARGET_free, ASN1_F_D2I_AC_TARGET); -} - -AC_TARGET *AC_TARGET_new(void) -{ - AC_TARGET *ret=NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC_TARGET); - ret->name = ret->group = NULL; - ret->cert = NULL; - return ret; - M_ASN1_New_Error(AC_F_AC_TARGET_New); -} - -void AC_TARGET_free(AC_TARGET *a) -{ - if (a==NULL) return; - GENERAL_NAME_free(a->name); - GENERAL_NAME_free(a->group); - AC_IS_free(a->cert); - OPENSSL_free(a); -} - -int i2d_AC_CERTS(AC_CERTS *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - M_ASN1_I2D_len_SEQUENCE(a->stackcert, i2d_X509); - M_ASN1_I2D_seq_total(); - M_ASN1_I2D_put_SEQUENCE(a->stackcert, i2d_X509); - M_ASN1_I2D_finish(); -} - -AC_CERTS *d2i_AC_CERTS(AC_CERTS **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_CERTS *, AC_CERTS_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_seq(ret->stackcert, d2i_X509, X509_free); - M_ASN1_D2I_Finish(a, AC_CERTS_free, ASN1_F_D2I_AC_CERTS); -} - -AC_CERTS *AC_CERTS_new() -{ - AC_CERTS *ret=NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC_CERTS); - M_ASN1_New(ret->stackcert, sk_X509_new_null); - return ret; - M_ASN1_New_Error(AC_F_X509_New); -} - -void AC_CERTS_free(AC_CERTS *a) -{ - if (a==NULL) return; - - sk_X509_pop_free(a->stackcert, X509_free); - OPENSSL_free(a); -} - -int i2d_AC_ATTRIBUTE(AC_ATTRIBUTE *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - M_ASN1_I2D_len(a->name, i2d_ASN1_OCTET_STRING); - M_ASN1_I2D_len(a->value, i2d_ASN1_OCTET_STRING); - M_ASN1_I2D_len(a->qualifier, i2d_ASN1_OCTET_STRING); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->name, i2d_ASN1_OCTET_STRING); - M_ASN1_I2D_put(a->value, i2d_ASN1_OCTET_STRING); - M_ASN1_I2D_put(a->qualifier, i2d_ASN1_OCTET_STRING); - - M_ASN1_I2D_finish(); -} - -AC_ATTRIBUTE *d2i_AC_ATTRIBUTE(AC_ATTRIBUTE **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_ATTRIBUTE *, AC_ATTRIBUTE_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->name, d2i_ASN1_OCTET_STRING); - M_ASN1_D2I_get(ret->value, d2i_ASN1_OCTET_STRING); - M_ASN1_D2I_get(ret->qualifier, d2i_ASN1_OCTET_STRING); - - M_ASN1_D2I_Finish(a, AC_ATTRIBUTE_free, AC_F_D2I_AC_ATTRIBUTE); -} - -AC_ATTRIBUTE *AC_ATTRIBUTE_new() -{ - AC_ATTRIBUTE *ret = NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, AC_ATTRIBUTE); - M_ASN1_New(ret->name, ASN1_OCTET_STRING_new); - M_ASN1_New(ret->value, ASN1_OCTET_STRING_new); - M_ASN1_New(ret->qualifier, ASN1_OCTET_STRING_new); - - return ret; - M_ASN1_New_Error(AC_F_ATTRIBUTE_New); -} - -void AC_ATTRIBUTE_free(AC_ATTRIBUTE *a) -{ - if (a == NULL) return; - - ASN1_OCTET_STRING_free(a->name); - ASN1_OCTET_STRING_free(a->value); - ASN1_OCTET_STRING_free(a->qualifier); - - OPENSSL_free(a); -} - -int i2d_AC_ATT_HOLDER(AC_ATT_HOLDER *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - M_ASN1_I2D_len(a->grantor, i2d_GENERAL_NAMES); - M_ASN1_I2D_len_SEQUENCE(a->attributes, i2d_AC_ATTRIBUTE); - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->grantor, i2d_GENERAL_NAMES); - M_ASN1_I2D_put_SEQUENCE(a->attributes, i2d_AC_ATTRIBUTE); - M_ASN1_I2D_finish(); -} - - -AC_ATT_HOLDER *d2i_AC_ATT_HOLDER(AC_ATT_HOLDER **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_ATT_HOLDER *, AC_ATT_HOLDER_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->grantor, d2i_GENERAL_NAMES); - M_ASN1_D2I_get_seq(ret->attributes, d2i_AC_ATTRIBUTE, AC_ATTRIBUTE_free); - M_ASN1_D2I_Finish(a, AC_ATT_HOLDER_free, ASN1_F_D2I_AC_ATT_HOLDER); -} - -AC_ATT_HOLDER *AC_ATT_HOLDER_new() -{ - AC_ATT_HOLDER *ret = NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC_ATT_HOLDER); - M_ASN1_New(ret->grantor, sk_GENERAL_NAME_new_null); - M_ASN1_New(ret->attributes, sk_AC_ATTRIBUTE_new_null); - return ret; - - M_ASN1_New_Error(AC_F_AC_ATT_HOLDER_New); -} - -void AC_ATT_HOLDER_free(AC_ATT_HOLDER *a) -{ - if (a == NULL) return; - - sk_GENERAL_NAME_pop_free(a->grantor, GENERAL_NAME_free); - sk_AC_ATTRIBUTE_pop_free(a->attributes, AC_ATTRIBUTE_free); - OPENSSL_free(a); -} - -int i2d_AC_FULL_ATTRIBUTES(AC_FULL_ATTRIBUTES *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - M_ASN1_I2D_len_SEQUENCE(a->providers, i2d_AC_ATT_HOLDER); - M_ASN1_I2D_seq_total(); - M_ASN1_I2D_put_SEQUENCE(a->providers, i2d_AC_ATT_HOLDER); - M_ASN1_I2D_finish(); -} - -AC_FULL_ATTRIBUTES *d2i_AC_FULL_ATTRIBUTES(AC_FULL_ATTRIBUTES **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_FULL_ATTRIBUTES *, AC_FULL_ATTRIBUTES_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_seq(ret->providers, d2i_AC_ATT_HOLDER, AC_ATT_HOLDER_free); - M_ASN1_D2I_Finish(a, AC_FULL_ATTRIBUTES_free, ASN1_F_D2I_AC_FULL_ATTRIBUTES); -} - -AC_FULL_ATTRIBUTES *AC_FULL_ATTRIBUTES_new() -{ - AC_FULL_ATTRIBUTES *ret = NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC_FULL_ATTRIBUTES); - M_ASN1_New(ret->providers, sk_AC_ATT_HOLDER_new_null); - return ret; - M_ASN1_New_Error(AC_F_AC_FULL_ATTRIBUTES_New); -} - -void AC_FULL_ATTRIBUTES_free(AC_FULL_ATTRIBUTES *a) -{ - if (a == NULL) return; - - sk_AC_ATT_HOLDER_pop_free(a->providers, AC_ATT_HOLDER_free); - OPENSSL_free(a); -} - static char *norep() { static char *buffer = 0; @@ -487,9 +181,9 @@ void *attributes_s2i(UNUSED(struct v3_ext_method *method), UNUSED(struct v3_ext_ /* a->providers = sk_AC_ATT_HOLDER_dup(stack); */ for (i = 0; i < sk_AC_ATT_HOLDER_num(stack); i++) sk_AC_ATT_HOLDER_push(a->providers, - (AC_ATT_HOLDER *)ASN1_dup((int (*)())i2d_AC_ATT_HOLDER, - (char * (*)())d2i_AC_ATT_HOLDER, - (char *)(sk_AC_ATT_HOLDER_value(stack, i)))); + (AC_ATT_HOLDER *)ASN1_dup((i2d_of_void*)i2d_AC_ATT_HOLDER, + (d2i_of_void*)d2i_AC_ATT_HOLDER, + sk_AC_ATT_HOLDER_value(stack, i))); return a; @@ -516,9 +210,13 @@ void *authkey_s2i(UNUSED(struct v3_ext_method *method), UNUSED(struct v3_ext_ctx AUTHORITY_KEYID *keyid = AUTHORITY_KEYID_new(); if (str && keyid) { - SHA1(cert->cert_info->key->public_key->data, - cert->cert_info->key->public_key->length, - digest); + X509_PUBKEY* pk = X509_get_X509_PUBKEY(cert); + assert(pk != NULL && "X509_get_X509_PUBKEY failed"); + unsigned char const* data; + int len; + int e = X509_PUBKEY_get0_param(NULL, &data, &len, NULL, pk); + assert(e == 1 && "X509_PUBKEY_get0_param failed"); + SHA1(data, len, digest); ASN1_OCTET_STRING_set(str, digest, 20); ASN1_OCTET_STRING_free(keyid->keyid); keyid->keyid = str; @@ -557,8 +255,11 @@ int initEx(void) return 0; } +#ifndef VOMS_USE_OPENSSL_EXT_CODE memset(auth, 0, sizeof(*auth)); - auth->ext_nid = OBJ_txt2nid("authKeyId"); + + auth->ext_nid = OBJ_txt2nid("authorityKeyIdentifier"); + auth->ext_flags = 0; auth->ext_new = (X509V3_EXT_NEW) AUTHORITY_KEYID_new; auth->ext_free = (X509V3_EXT_FREE)AUTHORITY_KEYID_free; @@ -571,22 +272,26 @@ int initEx(void) auth->i2v = (X509V3_EXT_I2V) NULL; auth->i2r = (X509V3_EXT_I2R) NULL; + X509V3_EXT_add(auth); + memset(avail, 0, sizeof(*avail)); - avail->ext_nid = OBJ_txt2nid("idcenoRevAvail"); + avail->ext_nid = OBJ_txt2nid("noRevAvail"); avail->ext_flags = 0; avail->ext_new = (X509V3_EXT_NEW) ASN1_NULL_new; avail->ext_free = (X509V3_EXT_FREE)ASN1_NULL_free; avail->d2i = (X509V3_EXT_D2I) d2i_ASN1_NULL; avail->i2d = (X509V3_EXT_I2D) i2d_ASN1_NULL; - avail->i2s = (X509V3_EXT_I2S) null_i2s; - avail->s2i = (X509V3_EXT_S2I) null_s2i; + avail->i2s = (X509V3_EXT_I2S) NULL; + avail->s2i = (X509V3_EXT_S2I) NULL; avail->v2i = (X509V3_EXT_V2I) NULL; avail->r2i = (X509V3_EXT_R2I) NULL; avail->i2v = (X509V3_EXT_I2V) NULL; avail->i2r = (X509V3_EXT_I2R) NULL; + X509V3_EXT_add(avail); + memset(targets, 0, sizeof(*targets)); - targets->ext_nid = OBJ_txt2nid("idceTargets"); + targets->ext_nid = OBJ_txt2nid("targetInformation"); targets->ext_flags = 0; targets->ext_new = (X509V3_EXT_NEW) AC_TARGETS_new; targets->ext_free = (X509V3_EXT_FREE)AC_TARGETS_free; @@ -598,6 +303,9 @@ int initEx(void) targets->v2i = (X509V3_EXT_V2I) NULL; targets->r2i = (X509V3_EXT_R2I) NULL; targets->i2r = (X509V3_EXT_I2R) NULL; +#endif + + X509V3_EXT_add(targets); memset(acseq, 0, sizeof(*acseq)); acseq->ext_nid = OBJ_txt2nid("acseq"); @@ -613,6 +321,8 @@ int initEx(void) acseq->r2i = (X509V3_EXT_R2I) NULL; acseq->i2r = (X509V3_EXT_I2R) NULL; + X509V3_EXT_add(acseq); + memset(certseq, 0, sizeof(*certseq)); certseq->ext_nid = OBJ_txt2nid("certseq"); certseq->ext_flags = 0; @@ -627,6 +337,8 @@ int initEx(void) certseq->r2i = (X509V3_EXT_R2I) NULL; certseq->i2r = (X509V3_EXT_I2R) NULL; + X509V3_EXT_add(certseq); + memset(attribs, 0, sizeof(*attribs)); attribs->ext_nid = OBJ_txt2nid("attributes"); attribs->ext_flags = 0; @@ -641,11 +353,6 @@ int initEx(void) attribs->r2i = (X509V3_EXT_R2I) NULL; attribs->i2r = (X509V3_EXT_I2R) NULL; - X509V3_EXT_add(avail); - X509V3_EXT_add(targets); - X509V3_EXT_add(auth); - X509V3_EXT_add(acseq); - X509V3_EXT_add(certseq); X509V3_EXT_add(attribs); return 1; diff --git a/src/ac/init.c b/src/ac/init.c index 8d0c2d6a..442184c3 100644 --- a/src/ac/init.c +++ b/src/ac/init.c @@ -66,12 +66,16 @@ void declareOIDs(void) return; done=1; + OBJC(idatcap,"idatcap"); - /* //// test */ + OBJC(attributes,"attributes"); + + /* OBJC(idcenoRevAvail, "noRevAvail"); - OBJC(idceauthKeyIdentifier, "authKeyId"); - OBJC(idceTargets, "idceTargets"); + OBJC(idceTargets, "targetInformation"); + */ + OBJC(acseq, "acseq"); OBJC(order, "order"); OBJC(voms, "voms"); diff --git a/src/ac/mystack.c b/src/ac/mystack.c index 8937c672..ee45116d 100644 --- a/src/ac/mystack.c +++ b/src/ac/mystack.c @@ -31,23 +31,17 @@ IMPL_STACK(AC_IETFATTR) IMPL_STACK(AC_IETFATTRVAL) IMPL_STACK(AC_ATTR) -IMPL_STACK(AC); -/* -IMPL_STACK(AC_INFO); -IMPL_STACK(AC_VAL); -IMPL_STACK(AC_HOLDER); -IMPL_STACK(AC_ACI); -IMPL_STACK(AC_FORM); -IMPL_STACK(AC_IS); -IMPL_STACK(AC_DIGEST); -IMPL_STACK(AC_TARGETS); -*/ -IMPL_STACK(AC_TARGET); -/* +IMPL_STACK(AC) +IMPL_STACK(AC_INFO) +IMPL_STACK(AC_VAL) +IMPL_STACK(AC_HOLDER) +IMPL_STACK(AC_ACI) +IMPL_STACK(AC_FORM) +IMPL_STACK(AC_IS) +IMPL_STACK(AC_DIGEST) +IMPL_STACK(AC_TARGETS) +IMPL_STACK(AC_TARGET) IMPL_STACK(AC_CERTS); -*/ IMPL_STACK(AC_ATTRIBUTE) IMPL_STACK(AC_ATT_HOLDER) -/* IMPL_STACK(AC_FULL_ATTRIBUTES) -*/ diff --git a/src/ac/newformat.c b/src/ac/newformat.c index 1085f082..078cbff1 100644 --- a/src/ac/newformat.c +++ b/src/ac/newformat.c @@ -28,11 +28,10 @@ #include #include -#include #include #include #include -#include +#include #include #include #include "newformat.h" @@ -47,552 +46,149 @@ #endif #endif -int i2d_AC_ATTR(AC_ATTR *a, unsigned char **pp) -{ - char text[1000]; - - M_ASN1_I2D_vars(a); - - if (!i2t_ASN1_OBJECT(text,999,a->type)) - return 0; - else if (!((strcmp(text, "idacagroup") == 0) || (strcmp(text,"idatcap") == 0))) - return 0; - - M_ASN1_I2D_len(a->type, i2d_ASN1_OBJECT); - M_ASN1_I2D_len_SET_type(AC_IETFATTR, a->ietfattr, i2d_AC_IETFATTR); - M_ASN1_I2D_seq_total(); - M_ASN1_I2D_put(a->type, i2d_ASN1_OBJECT); - M_ASN1_I2D_put_SET_type(AC_IETFATTR,a->ietfattr, i2d_AC_IETFATTR); - M_ASN1_I2D_finish(); -} - -AC_ATTR *d2i_AC_ATTR(AC_ATTR **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - char text[1000]; - - M_ASN1_D2I_vars(a, AC_ATTR *, AC_ATTR_new); - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->type, d2i_ASN1_OBJECT); - - if (!i2t_ASN1_OBJECT(text,999, ret->type)) { - c.error = ASN1_R_NOT_ENOUGH_DATA; - goto err; - } - - if (strcmp(text, "idatcap") == 0) - M_ASN1_D2I_get_set_type(AC_IETFATTR, ret->ietfattr, d2i_AC_IETFATTR, AC_IETFATTR_free); - M_ASN1_D2I_Finish(a, AC_ATTR_free, ASN1_F_D2I_AC_ATTR); -} - -AC_ATTR *AC_ATTR_new() -{ - AC_ATTR *ret = NULL; - ASN1_CTX c; - M_ASN1_New_Malloc(ret, AC_ATTR); - M_ASN1_New(ret->type, ASN1_OBJECT_new); - M_ASN1_New(ret->ietfattr, sk_AC_IETFATTR_new_null); - return ret; - M_ASN1_New_Error(AC_F_ATTR_New); -} - -void AC_ATTR_free(AC_ATTR *a) -{ - if (!a) - return; - - ASN1_OBJECT_free(a->type); - sk_AC_IETFATTR_pop_free(a->ietfattr, AC_IETFATTR_free); - OPENSSL_free(a); -} - -int i2d_AC_IETFATTR(AC_IETFATTR *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - M_ASN1_I2D_len_IMP_opt(a->names, i2d_GENERAL_NAMES); - M_ASN1_I2D_len_SEQUENCE(a->values, i2d_AC_IETFATTRVAL); - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put_IMP_opt(a->names, i2d_GENERAL_NAMES, 0); - M_ASN1_I2D_put_SEQUENCE(a->values, i2d_AC_IETFATTRVAL); - M_ASN1_I2D_finish(); -} - -AC_IETFATTR *d2i_AC_IETFATTR(AC_IETFATTR **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_IETFATTR *, AC_IETFATTR_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_IMP_opt(ret->names, d2i_GENERAL_NAMES, 0, V_ASN1_SEQUENCE); - M_ASN1_D2I_get_seq(ret->values, d2i_AC_IETFATTRVAL, AC_IETFATTRVAL_free); - M_ASN1_D2I_Finish(a, AC_IETFATTR_free, ASN1_F_D2I_AC_IETFATTR); -} - -AC_IETFATTR *AC_IETFATTR_new() -{ - AC_IETFATTR *ret = NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC_IETFATTR); - M_ASN1_New(ret->values, sk_AC_IETFATTRVAL_new_null); - M_ASN1_New(ret->names, sk_GENERAL_NAME_new_null); - return ret; - M_ASN1_New_Error(AC_F_IETFATTR_New); -} - -void AC_IETFATTR_free (AC_IETFATTR *a) -{ - if (a==NULL) return; - - sk_GENERAL_NAME_pop_free(a->names, GENERAL_NAME_free); - sk_AC_IETFATTRVAL_pop_free(a->values, AC_IETFATTRVAL_free); - OPENSSL_free(a); -} - - -int i2d_AC_IETFATTRVAL(AC_IETFATTRVAL *a, unsigned char **pp) -{ - if (a->type == V_ASN1_OCTET_STRING || a->type == V_ASN1_OBJECT || - a->type == V_ASN1_UTF8STRING) - return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, a->type, V_ASN1_UNIVERSAL)); - - ASN1err(ASN1_F_I2D_AC_IETFATTRVAL,ASN1_R_WRONG_TYPE); - return -1; -} - -AC_IETFATTRVAL *d2i_AC_IETFATTRVAL(AC_IETFATTRVAL **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - unsigned char tag; - tag = **pp & ~V_ASN1_CONSTRUCTED; - if (tag == (V_ASN1_OCTET_STRING|V_ASN1_UNIVERSAL)) - return d2i_ASN1_OCTET_STRING(a, pp, length); - if (tag == (V_ASN1_OBJECT|V_ASN1_UNIVERSAL)) - return (AC_IETFATTRVAL *)d2i_ASN1_OBJECT((ASN1_OBJECT **)a, pp, length); - if (tag == (V_ASN1_UTF8STRING|V_ASN1_UNIVERSAL)) - return d2i_ASN1_UTF8STRING(a, pp, length); - ASN1err(ASN1_F_D2I_AC_IETFATTRVAL, ASN1_R_WRONG_TYPE); - return (NULL); -} - -AC_IETFATTRVAL *AC_IETFATTRVAL_new() -{ - return ASN1_STRING_type_new(V_ASN1_UTF8STRING); -} - -void AC_IETFATTRVAL_free(AC_IETFATTRVAL *a) -{ - ASN1_STRING_free(a); -} - -int i2d_AC_DIGEST(AC_DIGEST *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - M_ASN1_I2D_len(a->type, i2d_ASN1_ENUMERATED); - M_ASN1_I2D_len(a->oid, i2d_ASN1_OBJECT); - M_ASN1_I2D_len(a->algor, i2d_X509_ALGOR); - M_ASN1_I2D_len(a->digest, i2d_ASN1_BIT_STRING); - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->type, i2d_ASN1_ENUMERATED); - M_ASN1_I2D_put(a->oid, i2d_ASN1_OBJECT); - M_ASN1_I2D_put(a->algor, i2d_X509_ALGOR); - M_ASN1_I2D_put(a->digest, i2d_ASN1_BIT_STRING); - M_ASN1_I2D_finish(); -} - -AC_DIGEST *d2i_AC_DIGEST(AC_DIGEST **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_DIGEST *, AC_DIGEST_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->type, d2i_ASN1_ENUMERATED); - M_ASN1_D2I_get(ret->oid, d2i_ASN1_OBJECT); - M_ASN1_D2I_get(ret->algor, d2i_X509_ALGOR); - M_ASN1_D2I_get(ret->digest, d2i_ASN1_BIT_STRING); - M_ASN1_D2I_Finish(a, AC_DIGEST_free, AC_F_D2I_AC_DIGEST); -} - -AC_DIGEST *AC_DIGEST_new(void) -{ - AC_DIGEST *ret = NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC_DIGEST); - M_ASN1_New(ret->type, M_ASN1_ENUMERATED_new); - ret->oid = NULL; - ret->algor = NULL; - M_ASN1_New(ret->algor, X509_ALGOR_new); - M_ASN1_New(ret->digest, M_ASN1_BIT_STRING_new); - return(ret); - M_ASN1_New_Error(AC_F_AC_DIGEST_New); -} - -void AC_DIGEST_free(AC_DIGEST *a) -{ - if (a==NULL) return; - - ASN1_ENUMERATED_free(a->type); - ASN1_OBJECT_free(a->oid); - X509_ALGOR_free(a->algor); - ASN1_BIT_STRING_free(a->digest); - OPENSSL_free(a); -} - -int i2d_AC_IS(AC_IS *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - M_ASN1_I2D_len(a->issuer, i2d_GENERAL_NAMES); - M_ASN1_I2D_len(a->serial, i2d_ASN1_INTEGER); - M_ASN1_I2D_len_IMP_opt(a->uid, i2d_ASN1_BIT_STRING); - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->issuer, i2d_GENERAL_NAMES); - M_ASN1_I2D_put(a->serial, i2d_ASN1_INTEGER); - M_ASN1_I2D_put_IMP_opt(a->uid, i2d_ASN1_BIT_STRING, V_ASN1_BIT_STRING); - M_ASN1_I2D_finish(); -} - -AC_IS *d2i_AC_IS(AC_IS **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_IS *, AC_IS_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->issuer, d2i_GENERAL_NAMES); - M_ASN1_D2I_get(ret->serial, d2i_ASN1_INTEGER); - M_ASN1_D2I_get_opt(ret->uid, d2i_ASN1_BIT_STRING, V_ASN1_BIT_STRING); - M_ASN1_D2I_Finish(a, AC_IS_free, AC_F_D2I_AC_IS); -} - -AC_IS *AC_IS_new(void) -{ - AC_IS *ret = NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC_IS); - M_ASN1_New(ret->issuer, GENERAL_NAMES_new); - M_ASN1_New(ret->serial, M_ASN1_INTEGER_new); - ret->uid = NULL; - return(ret); - M_ASN1_New_Error(AC_F_AC_IS_New); -} - -void AC_IS_free(AC_IS *a) -{ - if (a==NULL) return; - - GENERAL_NAMES_free(a->issuer); - M_ASN1_INTEGER_free(a->serial); - M_ASN1_BIT_STRING_free(a->uid); - OPENSSL_free(a); -} - -int i2d_AC_FORM(AC_FORM *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len(a->names, i2d_GENERAL_NAMES); - M_ASN1_I2D_len_IMP_opt(a->is, i2d_AC_IS); - M_ASN1_I2D_len_IMP_opt(a->digest, i2d_AC_DIGEST); - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->names, i2d_GENERAL_NAMES); - M_ASN1_I2D_put_IMP_opt(a->is, i2d_AC_IS, 0); - M_ASN1_I2D_put_IMP_opt(a->digest, i2d_AC_DIGEST, 1); - M_ASN1_I2D_finish(); -} - -AC_FORM *d2i_AC_FORM(AC_FORM **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_FORM *, AC_FORM_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->names, d2i_GENERAL_NAMES); - M_ASN1_D2I_get_IMP_opt(ret->is, d2i_AC_IS, 0, V_ASN1_SEQUENCE); - M_ASN1_D2I_get_IMP_opt(ret->digest, d2i_AC_DIGEST, 1, V_ASN1_SEQUENCE); - M_ASN1_D2I_Finish(a, AC_FORM_free, ASN1_F_D2I_AC_FORM); -} - -AC_FORM *AC_FORM_new(void) -{ - AC_FORM *ret = NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC_FORM); - ret->names = GENERAL_NAMES_new(); - ret->is = NULL; - ret->digest = NULL; - return(ret); - M_ASN1_New_Error(AC_F_AC_FORM_New); -} - -void AC_FORM_free(AC_FORM *a) -{ - if (a==NULL) return; - - GENERAL_NAMES_free(a->names); - AC_IS_free(a->is); - AC_DIGEST_free(a->digest); - OPENSSL_free(a); - -} - -int i2d_AC_HOLDER(AC_HOLDER *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len_IMP_opt(a->baseid, i2d_AC_IS); - M_ASN1_I2D_len_IMP_opt(a->name, i2d_GENERAL_NAMES); - M_ASN1_I2D_len_IMP_opt(a->digest, i2d_AC_DIGEST); - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put_IMP_opt(a->baseid, i2d_AC_IS, 0); - M_ASN1_I2D_put_IMP_opt(a->name, i2d_GENERAL_NAMES, 1); - M_ASN1_I2D_put_IMP_opt(a->digest, i2d_AC_DIGEST, 2); - M_ASN1_I2D_finish(); -} - -AC_HOLDER *d2i_AC_HOLDER(AC_HOLDER **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_HOLDER *, AC_HOLDER_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get_IMP_opt(ret->baseid, d2i_AC_IS, 0, V_ASN1_SEQUENCE); - M_ASN1_D2I_get_IMP_opt(ret->name, d2i_GENERAL_NAMES, 1, V_ASN1_SEQUENCE); - M_ASN1_D2I_get_IMP_opt(ret->digest, d2i_AC_DIGEST, 2, V_ASN1_SEQUENCE); - M_ASN1_D2I_Finish(a, AC_HOLDER_free, ASN1_F_D2I_AC_HOLDER); -} - -AC_HOLDER *AC_HOLDER_new(void) -{ - AC_HOLDER *ret = NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC_HOLDER); - M_ASN1_New(ret->baseid, AC_IS_new); - ret->name = NULL; - ret->digest = NULL; - return(ret); - M_ASN1_New_Error(ASN1_F_AC_HOLDER_New); -} +ASN1_SEQUENCE(AC_DIGEST) = { + ASN1_SIMPLE(AC_DIGEST, type, ASN1_ENUMERATED), + ASN1_OPT(AC_DIGEST, oid, ASN1_OBJECT), + ASN1_SIMPLE(AC_DIGEST, algor, X509_ALGOR), + ASN1_SIMPLE(AC_DIGEST, digest, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(AC_DIGEST) -void AC_HOLDER_free(AC_HOLDER *a) -{ - if (!a) return; +IMPLEMENT_ASN1_FUNCTIONS(AC_DIGEST) - AC_IS_free(a->baseid); - GENERAL_NAMES_free(a->name); - AC_DIGEST_free(a->digest); - OPENSSL_free(a); -} +ASN1_SEQUENCE(AC_IS) = { + ASN1_SIMPLE(AC_IS, issuer, GENERAL_NAMES), + ASN1_SIMPLE(AC_IS, serial, ASN1_INTEGER), + ASN1_OPT(AC_IS, uid, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(AC_IS) -/* new AC_VAL functions by valerio */ +IMPLEMENT_ASN1_FUNCTIONS(AC_IS) +ASN1_SEQUENCE(AC_FORM) = { + ASN1_OPT(AC_FORM, names, GENERAL_NAMES), + ASN1_IMP_OPT(AC_FORM, is, AC_IS, 0), + ASN1_IMP_OPT(AC_FORM, digest, AC_DIGEST, 1) +} ASN1_SEQUENCE_END(AC_FORM) -AC_VAL *AC_VAL_new(void) -{ - AC_VAL *ret = NULL; - ASN1_CTX c; +IMPLEMENT_ASN1_FUNCTIONS(AC_FORM) - M_ASN1_New_Malloc(ret, AC_VAL); +ASN1_SEQUENCE(AC_ACI) = { + ASN1_SEQUENCE_OF(AC_ACI, names, GENERAL_NAME), + ASN1_SIMPLE(AC_ACI, form, AC_FORM) +} ASN1_SEQUENCE_END(AC_ACI) - ret->notBefore = NULL; - ret->notAfter = NULL; - - return(ret); - M_ASN1_New_Error(ASN1_F_AC_VAL_New); -} +IMPLEMENT_ASN1_FUNCTIONS(AC_ACI) -int i2d_AC_VAL(AC_VAL *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); +ASN1_SEQUENCE(AC_HOLDER) = { + ASN1_IMP(AC_HOLDER, baseid, AC_IS, 0), + ASN1_IMP_OPT(AC_HOLDER, name, GENERAL_NAMES, 1), + ASN1_IMP_OPT(AC_HOLDER, digest, AC_DIGEST, 2) +} ASN1_SEQUENCE_END(AC_HOLDER) - M_ASN1_I2D_len(a->notBefore, i2d_ASN1_GENERALIZEDTIME); - M_ASN1_I2D_len(a->notAfter, i2d_ASN1_GENERALIZEDTIME); +IMPLEMENT_ASN1_FUNCTIONS(AC_HOLDER) - M_ASN1_I2D_seq_total(); +ASN1_SEQUENCE(AC_VAL) = { + ASN1_SIMPLE(AC_VAL, notBefore, ASN1_GENERALIZEDTIME), + ASN1_SIMPLE(AC_VAL, notAfter, ASN1_GENERALIZEDTIME), +} ASN1_SEQUENCE_END(AC_VAL) - M_ASN1_I2D_put(a->notBefore, i2d_ASN1_GENERALIZEDTIME); - M_ASN1_I2D_put(a->notAfter, i2d_ASN1_GENERALIZEDTIME); +IMPLEMENT_ASN1_FUNCTIONS(AC_VAL) - M_ASN1_I2D_finish(); -} +ASN1_SEQUENCE(AC_IETFATTR) = { + ASN1_IMP_SEQUENCE_OF_OPT(AC_IETFATTR, names, GENERAL_NAME, 0), + ASN1_SEQUENCE_OF(AC_IETFATTR, values, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(AC_IETFATTR) -AC_VAL *d2i_AC_VAL(AC_VAL **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_VAL *, AC_VAL_new); +IMPLEMENT_ASN1_FUNCTIONS(AC_IETFATTR) - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); +ASN1_SEQUENCE(AC_TARGET) = { + ASN1_EXP(AC_TARGET, name, GENERAL_NAME, 0), + ASN1_EXP(AC_TARGET, group, GENERAL_NAME, 1), + ASN1_EXP(AC_TARGET, cert, AC_IS, 2), +} ASN1_SEQUENCE_END(AC_TARGET) - M_ASN1_D2I_get(ret->notBefore, d2i_ASN1_GENERALIZEDTIME); - M_ASN1_D2I_get(ret->notAfter, d2i_ASN1_GENERALIZEDTIME); +IMPLEMENT_ASN1_FUNCTIONS(AC_TARGET) - M_ASN1_D2I_Finish(a, AC_VAL_free, AC_F_D2I_AC); -} +ASN1_SEQUENCE(AC_TARGETS) = { + ASN1_SEQUENCE_OF(AC_TARGETS, targets, AC_TARGET) +} ASN1_SEQUENCE_END(AC_TARGETS) -void AC_VAL_free(AC_VAL *a) -{ +IMPLEMENT_ASN1_FUNCTIONS(AC_TARGETS) - if (a==NULL) return; +ASN1_SEQUENCE(AC_ATTRIBUTE) = { + ASN1_SIMPLE(AC_ATTRIBUTE, name, ASN1_OCTET_STRING), + ASN1_SIMPLE(AC_ATTRIBUTE, value, ASN1_OCTET_STRING), + ASN1_SIMPLE(AC_ATTRIBUTE, qualifier, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(AC_ATTRIBUTE) - M_ASN1_GENERALIZEDTIME_free(a->notBefore); - M_ASN1_GENERALIZEDTIME_free(a->notAfter); +IMPLEMENT_ASN1_FUNCTIONS(AC_ATTRIBUTE) - OPENSSL_free(a); -} +ASN1_SEQUENCE(AC_ATT_HOLDER) = { + ASN1_SEQUENCE_OF(AC_ATT_HOLDER, grantor, GENERAL_NAME), + ASN1_SEQUENCE_OF(AC_ATT_HOLDER, attributes, AC_ATTRIBUTE) +} ASN1_SEQUENCE_END(AC_ATT_HOLDER) +IMPLEMENT_ASN1_FUNCTIONS(AC_ATT_HOLDER) -/* end of new code */ +ASN1_SEQUENCE(AC_FULL_ATTRIBUTES) = { + ASN1_SEQUENCE_OF(AC_FULL_ATTRIBUTES, providers, AC_ATT_HOLDER) +} ASN1_SEQUENCE_END(AC_FULL_ATTRIBUTES) +IMPLEMENT_ASN1_FUNCTIONS(AC_FULL_ATTRIBUTES) -int i2d_AC_INFO(AC_INFO *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len(a->version, i2d_ASN1_INTEGER); - M_ASN1_I2D_len(a->holder, i2d_AC_HOLDER); - M_ASN1_I2D_len_IMP_opt(a->form, i2d_AC_FORM); - M_ASN1_I2D_len(a->alg, i2d_X509_ALGOR); - M_ASN1_I2D_len(a->serial, i2d_ASN1_INTEGER); - M_ASN1_I2D_len(a->validity, i2d_AC_VAL); - M_ASN1_I2D_len_SEQUENCE(a->attrib, i2d_AC_ATTR); - M_ASN1_I2D_len_IMP_opt(a->id, i2d_ASN1_BIT_STRING); - M_ASN1_I2D_len_SEQUENCE_opt(a->exts, i2d_X509_EXTENSION); - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->version, i2d_ASN1_INTEGER); - M_ASN1_I2D_put(a->holder, i2d_AC_HOLDER); - M_ASN1_I2D_put_IMP_opt(a->form, i2d_AC_FORM, 0); - M_ASN1_I2D_put(a->alg, i2d_X509_ALGOR); - M_ASN1_I2D_put(a->serial, i2d_ASN1_INTEGER); - M_ASN1_I2D_put(a->validity, i2d_AC_VAL); - M_ASN1_I2D_put_SEQUENCE(a->attrib, i2d_AC_ATTR); - M_ASN1_I2D_put_IMP_opt(a->id, i2d_ASN1_BIT_STRING, V_ASN1_BIT_STRING); - M_ASN1_I2D_put_SEQUENCE_opt(a->exts, i2d_X509_EXTENSION); - M_ASN1_I2D_finish(); -} +ASN1_SEQUENCE(AC_ATTR) = { + ASN1_SIMPLE(AC_ATTR, type, ASN1_OBJECT), + ASN1_SET_OF(AC_ATTR, ietfattr, AC_IETFATTR), + ASN1_SEQUENCE_OF_OPT(AC_ATTR, fullattributes, AC_FULL_ATTRIBUTES) +} ASN1_SEQUENCE_END(AC_ATTR) -AC_INFO *d2i_AC_INFO(AC_INFO **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC_INFO *, AC_INFO_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->version, d2i_ASN1_INTEGER); - M_ASN1_D2I_get(ret->holder, d2i_AC_HOLDER); - M_ASN1_D2I_get_IMP_opt(ret->form, d2i_AC_FORM, 0, V_ASN1_SEQUENCE); - M_ASN1_D2I_get(ret->alg, d2i_X509_ALGOR); - M_ASN1_D2I_get(ret->serial, d2i_ASN1_INTEGER); - M_ASN1_D2I_get(ret->validity, d2i_AC_VAL); - M_ASN1_D2I_get_seq(ret->attrib, d2i_AC_ATTR, AC_ATTR_free); - M_ASN1_D2I_get_opt(ret->id, d2i_ASN1_BIT_STRING, V_ASN1_BIT_STRING); - M_ASN1_D2I_get_seq_opt(ret->exts, d2i_X509_EXTENSION, X509_EXTENSION_free); - M_ASN1_D2I_Finish(a, AC_INFO_free, AC_F_D2I_AC); -} +IMPLEMENT_ASN1_FUNCTIONS(AC_ATTR) -AC_INFO *AC_INFO_new(void) -{ - AC_INFO *ret = NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC_INFO); - M_ASN1_New(ret->version, ASN1_INTEGER_new); - M_ASN1_New(ret->holder, AC_HOLDER_new); - M_ASN1_New(ret->form, AC_FORM_new); - M_ASN1_New(ret->alg, X509_ALGOR_new); - M_ASN1_New(ret->serial, ASN1_INTEGER_new); - M_ASN1_New(ret->validity, AC_VAL_new); - M_ASN1_New(ret->attrib, sk_AC_ATTR_new_null); - ret->id = NULL; - M_ASN1_New(ret->exts, sk_X509_EXTENSION_new_null); -/* ret->exts=NULL; */ - return(ret); - M_ASN1_New_Error(AC_F_AC_INFO_NEW); -} +ASN1_ITEM_TEMPLATE(AC_ATTRS) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, AcAttrs, AC_ATTR) +ASN1_ITEM_TEMPLATE_END(AC_ATTRS) -void AC_INFO_free(AC_INFO *a) -{ - if (a==NULL) return; - ASN1_INTEGER_free(a->version); - AC_HOLDER_free(a->holder); - AC_FORM_free(a->form); - X509_ALGOR_free(a->alg); - ASN1_INTEGER_free(a->serial); - AC_VAL_free(a->validity); - sk_AC_ATTR_pop_free(a->attrib, AC_ATTR_free); - ASN1_BIT_STRING_free(a->id); - sk_X509_EXTENSION_pop_free(a->exts, X509_EXTENSION_free); - OPENSSL_free(a); -} +IMPLEMENT_ASN1_FUNCTIONS(AC_ATTRS) -int i2d_AC(AC *a, unsigned char **pp) -{ - M_ASN1_I2D_vars(a); +ASN1_SEQUENCE(AC_INFO) = { + ASN1_SIMPLE(AC_INFO, version, ASN1_INTEGER), /* must be v2(1) */ + ASN1_SIMPLE(AC_INFO, holder, AC_HOLDER), + ASN1_EXP(AC_INFO, form, GENERAL_NAMES, 0), /* in place of an implicitly-tagged + * AC_FORM */ + ASN1_SIMPLE(AC_INFO, alg, X509_ALGOR), + ASN1_SIMPLE(AC_INFO, serial, ASN1_INTEGER), + ASN1_SIMPLE(AC_INFO, validity, AC_VAL), + ASN1_SIMPLE(AC_INFO, attrib, AC_ATTRS), + ASN1_OPT(AC_INFO, id, ASN1_BIT_STRING), + ASN1_SIMPLE(AC_INFO, exts, X509_EXTENSIONS) +} ASN1_SEQUENCE_END(AC_INFO) - M_ASN1_I2D_len(a->acinfo, i2d_AC_INFO); - M_ASN1_I2D_len(a->sig_alg, i2d_X509_ALGOR); - M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING); +IMPLEMENT_ASN1_FUNCTIONS(AC_INFO) - M_ASN1_I2D_seq_total(); +ASN1_SEQUENCE(AC) = { + ASN1_SIMPLE(AC, acinfo, AC_INFO), + ASN1_SIMPLE(AC, sig_alg, X509_ALGOR), + ASN1_SIMPLE(AC, signature, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(AC) - M_ASN1_I2D_put(a->acinfo, i2d_AC_INFO); - M_ASN1_I2D_put(a->sig_alg, i2d_X509_ALGOR); - M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING); +IMPLEMENT_ASN1_FUNCTIONS(AC) - M_ASN1_I2D_finish(); -} +AC * AC_dup(AC *x) { return (AC*)ASN1_item_dup((&(AC_it)), x); } -AC *d2i_AC(AC **a, VOMS_MAYBECONST unsigned char **pp, long length) -{ - M_ASN1_D2I_vars(a, AC *, AC_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->acinfo, d2i_AC_INFO); - M_ASN1_D2I_get(ret->sig_alg, d2i_X509_ALGOR); - M_ASN1_D2I_get(ret->signature, d2i_ASN1_BIT_STRING); - M_ASN1_D2I_Finish(a, AC_free, AC_F_D2I_AC); -} +ASN1_SEQUENCE(AC_SEQ) = { + ASN1_SEQUENCE_OF(AC_SEQ, acs, AC) +} ASN1_SEQUENCE_END(AC_SEQ) -AC *AC_new(void) -{ - AC *ret = NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, AC); - M_ASN1_New(ret->acinfo, AC_INFO_new); - M_ASN1_New(ret->sig_alg, X509_ALGOR_new); - M_ASN1_New(ret->signature, M_ASN1_BIT_STRING_new); - return(ret); - M_ASN1_New_Error(AC_F_AC_New); -} +IMPLEMENT_ASN1_FUNCTIONS(AC_SEQ) -void AC_free(AC *a) -{ - if (a==NULL) return; +ASN1_SEQUENCE(AC_CERTS) = { + ASN1_SEQUENCE_OF(AC_CERTS, stackcert, X509) +} ASN1_SEQUENCE_END(AC_CERTS) - AC_INFO_free(a->acinfo); - X509_ALGOR_free(a->sig_alg); - M_ASN1_BIT_STRING_free(a->signature); - OPENSSL_free(a); -} - -/* Wrapping ASN1_dup with AC_dup for use in C++. - * Calling ASN1_dup with casting generates inconsistent behavior across C++ compilers - */ -AC *AC_dup(AC *ac) -{ - return (AC *)ASN1_dup((int (*)())i2d_AC, (char * (*) ())d2i_AC, (char *)ac); -} +IMPLEMENT_ASN1_FUNCTIONS(AC_CERTS) EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey) { - return (EVP_PKEY *)ASN1_dup((int (*)())i2d_PrivateKey, (char * (*) ())d2i_AutoPrivateKey, (char *)pkey); + return (EVP_PKEY *)ASN1_dup((i2d_of_void*)i2d_PrivateKey, (d2i_of_void*)d2i_AutoPrivateKey, pkey); } int AC_verify(X509_ALGOR *algor1, ASN1_BIT_STRING *signature,char *data, EVP_PKEY *pkey) diff --git a/src/ac/validate.cc b/src/ac/validate.cc index fb2aff3f..57248b51 100644 --- a/src/ac/validate.cc +++ b/src/ac/validate.cc @@ -37,7 +37,6 @@ extern "C" { #include #include #include -#include #include #include #include @@ -45,7 +44,6 @@ extern "C" { #include #include #include -#include #include "newformat.h" #include "acerrors.h" @@ -55,6 +53,7 @@ extern "C" { #include "acstack.h" #include "listfunc.h" #include "doio.h" +#include "ssl_compat.h" #include #include @@ -68,42 +67,6 @@ extern "C" { #include -extern "C" { -#if OPENSSL_VERSION_NUMBER <= 0x0090807fL - - /* The following have to be declared explicitly rather than relying - * on macros because openssl prototype unreliability makes the correct - * declaration impossible without requiring a rewrite of relying programs. - */ -DECLARE_STACK_OF(GENERAL_NAMES) - -STACK_OF(GENERAL_NAMES) *sk_GENERAL_NAMES_new (int (*cmp)(const GENERAL_NAMES * const *, const GENERAL_NAMES * const *)) -{ - return sk_new ( (int (*)(const char * const *, const char * const *))cmp); -} - -STACK_OF(GENERAL_NAMES) *sk_GENERAL_NAMES_new_null () -{ - return sk_new_null(); -} - -void sk_GENERAL_NAMES_free (STACK_OF(GENERAL_NAMES) *st) -{ - sk_free(st); -} - -int sk_GENERAL_NAMES_num (const STACK_OF(GENERAL_NAMES) *st) -{ - return sk_num(st); -} - -GENERAL_NAMES *sk_GENERAL_NAMES_value (const STACK_OF(GENERAL_NAMES) *st, int i) -{ - return (GENERAL_NAMES *)sk_value(st, i); -} -#endif -} - static std::string getfqdn(void); static int checkAttributes(STACK_OF(AC_ATTR) *, voms&); static int checkExtensions(STACK_OF(X509_EXTENSION) *,X509 *, int, realdata *); @@ -220,9 +183,6 @@ int validate(X509 *cert, X509 *issuer, AC *ac, voms &v, verify_type valids, time CHECK(ac->acinfo->holder); NCHECK(ac->acinfo->holder->digest); CHECK(ac->acinfo->form); - CHECK(ac->acinfo->form->names); - NCHECK(ac->acinfo->form->is); - NCHECK(ac->acinfo->form->digest); CHECK(ac->acinfo->serial); CHECK(ac->acinfo->validity); CHECK(ac->acinfo->alg); @@ -267,7 +227,7 @@ int validate(X509 *cert, X509 *issuer, AC *ac, voms &v, verify_type valids, time CTOCPPSTR(v.serverca, X509_NAME_oneline(X509_get_issuer_name(issuer), NULL, 0)); } else { - CTOCPPSTR(v.server, X509_NAME_oneline(sk_GENERAL_NAME_value(ac->acinfo->form->names, 0)->d.dirn,NULL, 0)); + CTOCPPSTR(v.server, X509_NAME_oneline(sk_GENERAL_NAME_value(ac->acinfo->form, 0)->d.dirn,NULL, 0)); v.serverca = "Unable to determine CA"; } @@ -279,7 +239,7 @@ int validate(X509 *cert, X509 *issuer, AC *ac, voms &v, verify_type valids, time CHECK(ac->acinfo->holder->baseid->issuer); if (ASN1_INTEGER_cmp(ac->acinfo->holder->baseid->serial, - cert->cert_info->serialNumber)) + X509_get_serialNumber(cert))) ERROR(AC_ERR_HOLDER_SERIAL); names = ac->acinfo->holder->baseid->issuer; @@ -289,16 +249,18 @@ int validate(X509 *cert, X509 *issuer, AC *ac, voms &v, verify_type valids, time ERROR(AC_ERR_HOLDER); if (name->type != GEN_DIRNAME) ERROR(AC_ERR_HOLDER); - if (X509_NAME_cmp(name->d.dirn, cert->cert_info->subject) && - X509_NAME_cmp(name->d.dirn, cert->cert_info->issuer)) + if (X509_NAME_cmp(name->d.dirn, X509_get_subject_name(cert)) && + X509_NAME_cmp(name->d.dirn, X509_get_issuer_name(cert))) ERROR(AC_ERR_HOLDER); - if ((!ac->acinfo->holder->baseid->uid && cert->cert_info->issuerUID) || - (!cert->cert_info->issuerUID && ac->acinfo->holder->baseid->uid)) + ASN1_BIT_STRING const* issuer_uid; + X509_get0_uids(cert, &issuer_uid, 0); + if ((!ac->acinfo->holder->baseid->uid && issuer_uid) || + (!issuer_uid && ac->acinfo->holder->baseid->uid)) ERROR(AC_ERR_UID_MISMATCH); if (ac->acinfo->holder->baseid->uid) { - if (M_ASN1_BIT_STRING_cmp(ac->acinfo->holder->baseid->uid, - cert->cert_info->issuerUID)) + if (ASN1_STRING_cmp(ac->acinfo->holder->baseid->uid, + issuer_uid)) ERROR(AC_ERR_UID_MISMATCH); } } @@ -310,7 +272,7 @@ int validate(X509 *cert, X509 *issuer, AC *ac, voms &v, verify_type valids, time if ((sk_GENERAL_NAME_num(gname) == 1) || ((name = sk_GENERAL_NAME_value(gname,0)) || (name->type != GEN_DIRNAME))) { - if (X509_NAME_cmp(name->d.dirn, cert->cert_info->issuer)) { + if (X509_NAME_cmp(name->d.dirn, X509_get_issuer_name(cert))) { /* CHECK ALT_NAMES */ /* in VOMS ACs, checking into alt names is assumed to always fail. */ ERROR(AC_ERR_UID_MISMATCH); @@ -320,7 +282,7 @@ int validate(X509 *cert, X509 *issuer, AC *ac, voms &v, verify_type valids, time } } - names = ac->acinfo->form->names; + names = ac->acinfo->form; if ((sk_GENERAL_NAME_num(names) != 1)) ERROR(AC_ERR_ISSUER_NAME); @@ -329,7 +291,7 @@ int validate(X509 *cert, X509 *issuer, AC *ac, voms &v, verify_type valids, time if (name->type != GEN_DIRNAME) ERROR(AC_ERR_ISSUER_NAME); if (valids & VERIFY_ID) - if (X509_NAME_cmp(name->d.dirn, issuer->cert_info->subject)) + if (X509_NAME_cmp(name->d.dirn, X509_get_subject_name(issuer))) ERROR(AC_ERR_ISSUER_NAME); if (ac->acinfo->serial->length>20) @@ -482,9 +444,9 @@ static int checkAttributes(STACK_OF(AC_ATTR) *atts, voms &v) static int checkExtensions(STACK_OF(X509_EXTENSION) *exts, X509 *iss, int valids, realdata *rd) { - int nid1 = OBJ_txt2nid("idcenoRevAvail"); - int nid2 = OBJ_txt2nid("authorityKeyIdentifier"); - int nid3 = OBJ_txt2nid("idceTargets"); + int nid1 = NID_no_rev_avail; + int nid2 = NID_authority_key_identifier; + int nid3 = NID_target_information; int nid5 = OBJ_txt2nid("attributes"); int pos1 = X509v3_get_ext_by_NID(exts, nid1, -1); @@ -578,10 +540,11 @@ static int checkExtensions(STACK_OF(X509_EXTENSION) *exts, X509 *iss, int valids if (iss) { if (key->keyid) { - unsigned char hashed[20]; + unsigned char hashed[SHA_DIGEST_LENGTH]; - if (!SHA1(iss->cert_info->key->public_key->data, - iss->cert_info->key->public_key->length, + ASN1_BIT_STRING* pubkey = X509_get0_pubkey_bitstr(iss); + if (!SHA1(pubkey->data, + pubkey->length, hashed)) ret = AC_ERR_EXT_KEY; @@ -593,15 +556,15 @@ static int checkExtensions(STACK_OF(X509_EXTENSION) *exts, X509 *iss, int valids if (!(key->issuer && key->serial)) ret = AC_ERR_EXT_KEY; - if (M_ASN1_INTEGER_cmp((key->serial), - (iss->cert_info->serialNumber))) + if (ASN1_INTEGER_cmp((key->serial), + (X509_get0_serialNumber(iss)))) ret = AC_ERR_EXT_KEY; if (key->serial->type != GEN_DIRNAME) ret = AC_ERR_EXT_KEY; if (X509_NAME_cmp(sk_GENERAL_NAME_value((key->issuer), 0)->d.dirn, - (iss->cert_info->subject))) + (X509_get_subject_name(iss)))) ret = AC_ERR_EXT_KEY; } } diff --git a/src/ac/write.c b/src/ac/write.c index 3832ffda..7050caed 100644 --- a/src/ac/write.c +++ b/src/ac/write.c @@ -27,32 +27,146 @@ #include "config.h" #include -#include +#include #include #include #include #include #include +#include #include "newformat.h" #include "acerrors.h" #include "attributes.h" #include "doio.h" +#include "ssl_compat.h" #define ERROR(e) do { err = (e); goto err; } while (0) +void add_no_rev_avail_ext(AC *ac) { + + X509_EXTENSION* ext = X509V3_EXT_i2d(NID_no_rev_avail,0, ASN1_NULL_new()); + + assert( ext != NULL); + + sk_X509_EXTENSION_push(ac->acinfo->exts, ext); + +} + +int add_authority_key_id_ext(AC *ac, X509* issuer_cert) { + + // Copy akid extension from issuer_cert + int ext_loc = X509_get_ext_by_NID(issuer_cert, NID_authority_key_identifier, -1); + + if (ext_loc == -1){ + return 1; + } + + X509_EXTENSION *akid = X509_get_ext(issuer_cert, ext_loc); + + assert( akid != NULL ); + + X509v3_add_ext(&ac->acinfo->exts, akid, -1); + + return 0; +} + +AC_TARGET* build_ac_target(char* t){ + + AC_TARGET *target = AC_TARGET_new(); + ASN1_IA5STRING *target_str = ASN1_IA5STRING_new(); + + if (! target || !target_str) { + AC_TARGET_free(target); + ASN1_IA5STRING_free(target_str); + return NULL; + } + + ASN1_STRING_set(target_str, t, strlen(t)); + + GENERAL_NAME *name = target->name; + + name->type = GEN_URI; + name->d.ia5 = target_str; + + return target; +} + +AC_TARGETS* build_ac_targets_ext(char* targets) { + + const char* DELIMITER = ","; + char *targets_copy = strdup(targets); + char *token; + + AC_TARGETS* result = AC_TARGETS_new(); + + if (! targets_copy || !result ){ + goto err; + } + + token = strtok(targets_copy, DELIMITER); + + while (token != NULL){ + + AC_TARGET *target = build_ac_target(token); + + if (! target ) { + goto err; + } + + sk_AC_TARGET_push(result->targets, target); + token = strtok(NULL, DELIMITER); + } + + free(targets_copy); + return result; + +err: + + if (result) { + AC_TARGETS_free(result); + } + + return NULL; +} + +int add_targets_ext(AC* ac, char* targets_str) { + + AC_TARGETS *targets = build_ac_targets_ext(targets_str); + + if (!targets) { + return AC_ERR_NO_EXTENSION; + } + + X509_EXTENSION* ext = X509V3_EXT_i2d(NID_target_information,1, targets); + + if (!ext) { + return AC_ERR_NO_EXTENSION; + } + + sk_X509_EXTENSION_push(ac->acinfo->exts, ext); + + return 0; +} + static int make_and_push_ext(AC *ac, char *name, char *data, int critical) { - X509_EXTENSION *ext = X509V3_EXT_conf_nid(NULL, NULL, OBJ_txt2nid(name), data); - if (ext) { - X509_EXTENSION_set_critical(ext, critical); - sk_X509_EXTENSION_push(ac->acinfo->exts, ext); - return 0; + int ext_NID = OBJ_txt2nid(name); + + if (ext_NID == NID_undef ){ + return AC_ERR_NO_EXTENSION; + } + + X509_EXTENSION *ext = X509V3_EXT_conf_nid(NULL, NULL, ext_NID, data); + + if (!ext) { + return AC_ERR_NO_EXTENSION; } - X509_EXTENSION_free(ext); - return AC_ERR_NO_EXTENSION; + X509_EXTENSION_set_critical(ext, critical); + sk_X509_EXTENSION_push(ac->acinfo->exts, ext); + return 0; } static void make_uri(const char *vo, const char *uri, STACK_OF(GENERAL_NAME) *names) @@ -145,9 +259,9 @@ int writeac(X509 *issuerc, STACK_OF(X509) *issuerstack, X509 *holder, EVP_PKEY * issdup = X509_NAME_dup(name1); dirn = GENERAL_NAME_new(); dirn2 = GENERAL_NAME_new(); - holdserial = M_ASN1_INTEGER_dup(holder->cert_info->serialNumber); + holdserial = ASN1_INTEGER_dup(X509_get_serialNumber(holder)); serial = BN_to_ASN1_INTEGER(s, NULL); - version = BN_to_ASN1_INTEGER((BIGNUM *)(BN_value_one()), NULL); + version = ASN1_INTEGER_new(); capabilities = AC_ATTR_new(); cobj = OBJ_txt2obj("idatcap",0); capnames = AC_IETFATTR_new(); @@ -155,36 +269,47 @@ int writeac(X509 *issuerc, STACK_OF(X509) *issuerstack, X509 *holder, EVP_PKEY * ac_full_attrs = AC_FULL_ATTRIBUTES_new(); ac_att_holder = AC_ATT_HOLDER_new(); - if (!subjdup || !issdup || !dirn || !dirn2 || !holdserial || !serial || + + if (!subjdup || !issdup || !dirn || !dirn2 || !holdserial || !serial || !version || !capabilities || !cobj || !capnames || !time1 || !time2 || !null || !ac_full_attrs || !ac_att_holder) ERROR(AC_ERR_MEMORY); + ASN1_INTEGER_set(version,1); + + if (capnames->names == NULL) { + capnames->names = GENERAL_NAMES_new(); + + if (capnames->names == NULL){ + ERROR(AC_ERR_MEMORY); + } + } + /* prepare AC_IETFATTR */ while(fqan[i]) { ASN1_OCTET_STRING *tmpc = ASN1_OCTET_STRING_new(); + if (!tmpc) { - ASN1_OCTET_STRING_free(tmpc); ERROR(AC_ERR_MEMORY); } + ASN1_OCTET_STRING_set(tmpc, (unsigned char*)fqan[i], strlen(fqan[i])); - sk_AC_IETFATTRVAL_push(capnames->values, (AC_IETFATTRVAL *)tmpc); + sk_AC_IETFATTRVAL_push(capnames->values, tmpc); i++; } if (vo || uri) { make_uri(vo, uri, capnames->names); - /* stuff the created AC_IETFATTR in ietfattr (values) and define its object */ sk_AC_IETFATTR_push(capabilities->ietfattr, capnames); capnames = NULL; } - capabilities->get_type = GET_TYPE_FQAN; ASN1_OBJECT_free(capabilities->type); capabilities->type = cobj; i = 0; + /* prepare AC_FULL_ATTRIBUTES */ if (attributes_strings) { while (attributes_strings[i]) { @@ -234,9 +359,10 @@ int writeac(X509 *issuerc, STACK_OF(X509) *issuerstack, X509 *holder, EVP_PKEY * } } - if (!i) + if (!i) { AC_ATT_HOLDER_free(ac_att_holder); - else { + ac_att_holder = NULL; + } else { make_uri(vo, uri, ac_att_holder->grantor); sk_AC_ATT_HOLDER_push(ac_full_attrs->providers, ac_att_holder); } @@ -253,9 +379,10 @@ int writeac(X509 *issuerc, STACK_OF(X509) *issuerstack, X509 *holder, EVP_PKEY * if (ret) ERROR(AC_ERR_NO_EXTENSION); - } - else + } else { AC_FULL_ATTRIBUTES_free(ac_full_attrs); + ac_full_attrs = NULL; + } stk = sk_X509_new_null(); @@ -275,18 +402,20 @@ int writeac(X509 *issuerc, STACK_OF(X509) *issuerstack, X509 *holder, EVP_PKEY * ret = make_and_push_ext(a, "certseq", (char*)stk, 0); sk_X509_pop_free(stk, X509_free); - if (ret) + if (ret) { ERROR(AC_ERR_NO_EXTENSION); + } /* Create several extensions */ - if (make_and_push_ext(a, "idcenoRevAvail", "loc", 0)) - ERROR(AC_ERR_NO_EXTENSION); + add_no_rev_avail_ext(a); - if (make_and_push_ext(a, "authKeyId", (char *)issuerc, 0)) + if (add_authority_key_id_ext(a,issuerc)){ ERROR(AC_ERR_NO_EXTENSION); + } - if (t && make_and_push_ext(a, "idceTargets", t, 1)) + if (t && add_targets_ext(a,t)){ ERROR(AC_ERR_NO_EXTENSION); + } if (extensions) { int proxyindex = 0; @@ -305,12 +434,20 @@ int writeac(X509 *issuerc, STACK_OF(X509) *issuerstack, X509 *holder, EVP_PKEY * } } - alg1 = X509_ALGOR_dup(issuerc->cert_info->signature); - alg2 = X509_ALGOR_dup(issuerc->sig_alg); + alg1 = X509_ALGOR_dup((X509_ALGOR*)X509_get0_tbs_sigalg(issuerc)); + { + X509_ALGOR /*const*/* sig_alg; + X509_get0_signature(NULL, &sig_alg, issuerc); + alg2 = X509_ALGOR_dup((X509_ALGOR*)sig_alg); + } - if (issuerc->cert_info->issuerUID) - if (!(uid = M_ASN1_BIT_STRING_dup(issuerc->cert_info->issuerUID))) - ERROR(AC_ERR_MEMORY); + { + ASN1_BIT_STRING const* issuerUID; + X509_get0_uids(issuerc, &issuerUID, NULL); + if (issuerUID) + if (!(uid = ASN1_STRING_dup(issuerUID))) + ERROR(AC_ERR_MEMORY); + } #define FREE_AND_SET(datum, value, type) type##_free((datum)); (datum) = (value) @@ -329,11 +466,11 @@ int writeac(X509 *issuerc, STACK_OF(X509) *issuerstack, X509 *holder, EVP_PKEY * sk_GENERAL_NAME_push(a->acinfo->holder->baseid->issuer, dirn); dirn2->d.dirn = issdup; dirn2->type = GEN_DIRNAME; - sk_GENERAL_NAME_push(a->acinfo->form->names, dirn2); + sk_GENERAL_NAME_push(a->acinfo->form, dirn2); a->acinfo->id = uid; /* Use same signature algorithm used to sign the certificate */ - EVP_MD *md = EVP_get_digestbyobj(a->sig_alg->algorithm); + EVP_MD const* md = EVP_get_digestbyobj(a->sig_alg->algorithm); if (md == NULL){ /* fall back to SHA1 */ @@ -344,6 +481,7 @@ int writeac(X509 *issuerc, STACK_OF(X509) *issuerstack, X509 *holder, EVP_PKEY * (char *)a->acinfo, pkey, md); *ac = a; + return 0; err: diff --git a/src/api/ccapi/api_util.cc b/src/api/ccapi/api_util.cc index 714b543c..373e3bfe 100644 --- a/src/api/ccapi/api_util.cc +++ b/src/api/ccapi/api_util.cc @@ -37,7 +37,7 @@ extern "C" { #include #include - +#include #include #include #include @@ -45,6 +45,7 @@ extern "C" { #include #include "credentials.h" #include "sslutils.h" +#include "newformat.h" } #include @@ -156,13 +157,17 @@ static bool findexts(X509 *cert , AC_SEQ **listnew, std::string &extra_data, std ext = get_ext(cert, "incfile"); if (ext) { - extra_data = std::string((char *)(ext->value->data),ext->value->length); + ASN1_OCTET_STRING* value = X509_EXTENSION_get_data(ext); + assert(value && "X509_EXTENSION_get_data failed"); + extra_data = std::string(reinterpret_cast(value->data), value->length); found = true; } ext = get_ext(cert, "vo"); if (ext) { - workvo = std::string((char *)(ext->value->data),ext->value->length); + ASN1_OCTET_STRING* value = X509_EXTENSION_get_data(ext); + assert(value && "X509_EXTENSION_get_data failed"); + workvo = std::string(reinterpret_cast(value->data), value->length); } return found; @@ -731,7 +736,6 @@ vomsdata::check_cert(STACK_OF(X509) *stack) void (*oldsignal)(int) = signal(SIGPIPE,SIG_IGN); #endif - CRYPTO_malloc_init(); if ((lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()))) { X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); diff --git a/src/api/ccapi/voms_api.cc b/src/api/ccapi/voms_api.cc index 6823531e..8e387ae0 100644 --- a/src/api/ccapi/voms_api.cc +++ b/src/api/ccapi/voms_api.cc @@ -122,7 +122,7 @@ vomsdata::vomsdata(std::string voms_dir, std::string cert_dir) : ca_cert_dir(ce initialized = true; #ifdef NOGLOBUS SSL_library_init(); - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); OpenSSL_add_all_ciphers(); diff --git a/src/api/ccapi/voms_api.h b/src/api/ccapi/voms_api.h index 4c93d7ce..9648de93 100644 --- a/src/api/ccapi/voms_api.h +++ b/src/api/ccapi/voms_api.h @@ -30,7 +30,10 @@ #include #include +#ifndef NOGLOBUS #define NOGLOBUS +#endif + extern "C" { #ifndef GSSAPI_H_ /* diff --git a/src/client/vomsclient.cc b/src/client/vomsclient.cc index 05d5398a..e28f4de2 100644 --- a/src/client/vomsclient.cc +++ b/src/client/vomsclient.cc @@ -39,7 +39,8 @@ extern "C" { #include #include #include - +#include + #include "listfunc.h" #include "credentials.h" #include "replace.h" @@ -66,7 +67,7 @@ extern "C" { extern "C" { -#include "myproxycertinfo.h" + //#include "myproxycertinfo.h" #include "vomsproxy.h" } @@ -610,10 +611,12 @@ void Client::CleanAll() free(outfile); listfree((char **)aclist, (freefn)AC_free); - if (v) - delete v; + delete v; OBJ_cleanup(); + +#warning if X509V3_EXT_cleanup is called valgrind moves some "still reachable" to "definitely lost"! + // X509V3_EXT_cleanup(); } Client::~Client() diff --git a/src/common/normalize.c b/src/common/normalize.c index ce445e53..8212a56b 100644 --- a/src/common/normalize.c +++ b/src/common/normalize.c @@ -64,26 +64,3 @@ char *normalize(const char *str) free(tmp2); return tmp; } - -#if 0 -int main(int argc, char *argv) -{ - char *str1="/prova/Email=frge/CN=op"; - char *str2="/prova/E=boh/emailAddress=mah/E=op/CN=fr"; - char *str3="/USERID=56/mah"; - - char *n1 = normalize(str1); - char *n2 = normalize(str2); - char *n3 = normalize(str3); - - printf("%s -> %s\n", str1, n1); - free(n1); - printf("%s -> %s\n", str2, n2); - free(n2); - printf("%s -> %s\n", str3, n3); - free(n3); - - exit(0); -} - -#endif diff --git a/src/common/xmlcc.cc b/src/common/xmlcc.cc index c67f4120..6f9fe372 100644 --- a/src/common/xmlcc.cc +++ b/src/common/xmlcc.cc @@ -298,7 +298,7 @@ std::string XML_Req_Encode(const std::string &command, const std::string &order, } -std::string Encode(std::string data, int base64) +std::string Encode(const std::string &data, int base64) { int j = 0; char *tmp = NULL; diff --git a/src/include/Makefile.am b/src/include/Makefile.am index 1cee02be..52de22e2 100644 --- a/src/include/Makefile.am +++ b/src/include/Makefile.am @@ -10,7 +10,7 @@ endif EXTRA_DIST = Client.h data.h gssapi_compat.h \ options.h pass.h Server.h fqan.h doio.h \ vomsxml.h errors.h log.h sslutils.h normalize.h \ -listfunc.h credentials.h newformat.h myproxycertinfo.h \ +listfunc.h credentials.h newformat.h proxycertinfo.h proxypolicy.h \ acstack.h validate.h ccac.h init.h ccwrite.h getopts.h replace.h dbwrap.h \ stamp-h.in stamp-h1.in diff --git a/src/include/acstack.h b/src/include/acstack.h index 7e222ba1..c0497f17 100644 --- a/src/include/acstack.h +++ b/src/include/acstack.h @@ -28,6 +28,7 @@ #include #include #include +#include #ifndef VOMS_MAYBECONST #if defined(D2I_OF) @@ -38,25 +39,36 @@ #endif #endif +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + +#define DECL_STACK(type) DEFINE_STACK_OF(type) +#define IMPL_STACK(type) + +#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + #define IMPL_STACK(type) \ DECLARE_STACK_OF(type) \ - STACK_OF(type) *sk_##type##_new (int (*cmp)(const type * const *, const type * const *)) \ - { return sk_new ( (int (*)(const char * const *, const char * const *))cmp);} \ - STACK_OF(type) *sk_##type##_new_null () { return sk_new_null(); } \ - void sk_##type##_free (STACK_OF(type) *st) { sk_free(st); } \ - int sk_##type##_num (const STACK_OF(type) *st) { return sk_num(st); } \ - type *sk_##type##_value (const STACK_OF(type) *st, int i) { return (type *)sk_value(st, i); } \ - int sk_##type##_push (STACK_OF(type) *st, type *val) { return sk_push(st, (char *)val); } \ - STACK_OF(type) *sk_##type##_dup (STACK_OF(type) *st) { return sk_dup(st); } \ - STACK_OF(type) *d2i_ASN1_SET_OF_##type (STACK_OF(type) **st, VOMS_MAYBECONST unsigned char **pp, long length, type *(*d2ifunc)(), void (*freefunc)(type *), int ex_tag, int ex_class) \ - { return d2i_ASN1_SET(st, pp, length, (char *(*)())d2ifunc, (void (*)(void *))freefunc, ex_tag, ex_class); } \ - int i2d_ASN1_SET_OF_##type (STACK_OF(type) *st, unsigned char **pp, int (*i2dfunc)(), int ex_tag, int ex_class, int is_set) \ - { return i2d_ASN1_SET(st, pp, i2dfunc, ex_tag, ex_class, is_set); } \ - void sk_##type##_pop_free (STACK_OF(type) *st, void (*func)(type *)) { sk_pop_free(st, (void (*)(void *))func); } + STACK_OF(type) *sk_##type##_new (int (*cmp)(const type *, const type *)) \ + { return (STACK_OF(type) *)sk_new ( (int (*)(const void *, const void *))cmp);} \ + STACK_OF(type) *sk_##type##_new_null () { return (STACK_OF(type) *)sk_new_null(); } \ + void sk_##type##_free (STACK_OF(type) *st) { sk_free((_STACK *)st); } \ + int sk_##type##_num (const STACK_OF(type) *st) { return sk_num((_STACK *)st); } \ + type *sk_##type##_value (const STACK_OF(type) *st, int i) { return (type *)sk_value((const _STACK *)st, i); } \ + int sk_##type##_push (STACK_OF(type) *st, type *val) { return sk_push((_STACK *)st, (char *)val); } \ + STACK_OF(type) *sk_##type##_dup (STACK_OF(type) *st) { return (STACK_OF(type) *)sk_dup((_STACK *)st); } \ + void sk_##type##_pop_free (STACK_OF(type) *st, void (*func)(type *)) { sk_pop_free((_STACK *)st, (void (*)(void *))func); } +/* the following are not part of the stack interface + * + * STACK_OF(type) *d2i_ASN1_SET_OF_##type (STACK_OF(type) **st, VOMS_MAYBECONST unsigned char **pp, long length, type *(*d2ifunc)(), void (*freefunc)(type *), int ex_tag, int ex_class) \ + * { return d2i_ASN1_SET(st, pp, length, (char *(*)())d2ifunc, (void (*)(void *))freefunc, ex_tag, ex_class); } \ + * int i2d_ASN1_SET_OF_##type (STACK_OF(type) *st, unsigned char **pp, int (*i2dfunc)(), int ex_tag, int ex_class, int is_set) \ + * { return i2d_ASN1_SET(st, pp, i2dfunc, ex_tag, ex_class, is_set); } \ + */ + #define DECL_STACK(type) \ PREDECLARE_STACK_OF(type) \ - extern STACK_OF(type) *sk_##type##_new (int (*)(const type * const *, const type * const *)); \ + extern STACK_OF(type) *sk_##type##_new (int (*)(const type *, const type *)); \ extern STACK_OF(type) *sk_##type##_new_null (); \ extern void sk_##type##_free (STACK_OF(type) *); \ extern int sk_##type##_num (const STACK_OF(type) *); \ @@ -74,12 +86,16 @@ extern void sk_##type##_pop_free (STACK_OF(type) *, void (*)(type *)); \ extern type *sk_##type##_shift (STACK_OF(type) *); \ extern type *sk_##type##_pop (STACK_OF(type) *); \ - extern void sk_##type##_sort (STACK_OF(type) *); \ - extern STACK_OF(type) *d2i_ASN1_SET_OF_##type (STACK_OF(type) **, VOMS_MAYBECONST unsigned char **, long, type *(*)(), void (*)(type *), int, int); \ - extern int i2d_ASN1_SET_OF_##type (STACK_OF(type) *, unsigned char **, int (*)(), int, int, int); \ - extern unsigned char *ASN1_seq_pack_##type (STACK_OF(type) *, int (*)(), unsigned char **, int *); \ - extern STACK_OF(type) *ASN1_seq_unpack_##type (unsigned char *, int, type *(*)(), void (*)(type *)) ; + extern void sk_##type##_sort (STACK_OF(type) *); +/* the following are not part of the stack interface + * + * extern STACK_OF(type) *d2i_ASN1_SET_OF_##type (STACK_OF(type) **, VOMS_MAYBECONST unsigned char **, long, type *(*)(), void (*)(type *), int, int); \ + * extern int i2d_ASN1_SET_OF_##type (STACK_OF(type) *, unsigned char **, int (*)(), int, int, int); \ + * extern unsigned char *ASN1_seq_pack_##type (STACK_OF(type) *, int (*)(), unsigned char **, int *); \ + * extern STACK_OF(type) *ASN1_seq_unpack_##type (unsigned char *, int, type *(*)(), void (*)(type *)) ; + */ +#endif #endif diff --git a/src/include/newformat.h b/src/include/newformat.h index 5092e3d9..886d8195 100644 --- a/src/include/newformat.h +++ b/src/include/newformat.h @@ -28,7 +28,6 @@ #include #include -#include #include #include #include @@ -52,19 +51,19 @@ typedef struct ACDIGEST { } AC_DIGEST; typedef struct ACIS { - STACK_OF(GENERAL_NAME) *issuer; + GENERAL_NAMES *issuer; ASN1_INTEGER *serial; ASN1_BIT_STRING *uid; } AC_IS; typedef struct ACFORM { - STACK_OF(GENERAL_NAME) *names; + GENERAL_NAMES *names; AC_IS *is; AC_DIGEST *digest; } AC_FORM; typedef struct ACACI { - STACK_OF(GENERAL_NAME) *names; + GENERAL_NAMES *names; AC_FORM *form; } AC_ACI; @@ -79,10 +78,10 @@ typedef struct ACVAL { ASN1_GENERALIZEDTIME *notAfter; } AC_VAL; -typedef struct asn1_string_st AC_IETFATTRVAL; +typedef ASN1_OCTET_STRING AC_IETFATTRVAL; typedef struct ACIETFATTR { - STACK_OF(GENERAL_NAME) *names; + GENERAL_NAMES *names; STACK_OF(AC_IETFATTRVAL) *values; } AC_IETFATTR; @@ -98,23 +97,22 @@ typedef struct ACTARGETS { typedef struct ACATTR { ASN1_OBJECT * type; - int get_type; STACK_OF(AC_IETFATTR) *ietfattr; STACK_OF(AC_FULL_ATTRIBUTES) *fullattributes; } AC_ATTR; -#define GET_TYPE_FQAN 1 -#define GET_TYPE_ATTRIBUTES 2 + +typedef STACK_OF(AC_ATTR) AC_ATTRS; typedef struct ACINFO { ASN1_INTEGER *version; AC_HOLDER *holder; - AC_FORM *form; + GENERAL_NAMES *form; X509_ALGOR *alg; ASN1_INTEGER *serial; AC_VAL *validity; - STACK_OF(AC_ATTR) *attrib; + AC_ATTRS *attrib; ASN1_BIT_STRING *id; - STACK_OF(X509_EXTENSION) *exts; + X509_EXTENSIONS *exts; } AC_INFO; typedef struct ACC { @@ -146,74 +144,26 @@ DECL_STACK(AC_IS) DECL_STACK(AC_DIGEST) DECL_STACK(AC_CERTS) -extern int i2d_AC_ATTR(AC_ATTR *a, unsigned char **pp); -extern AC_ATTR *d2i_AC_ATTR(AC_ATTR **a, VOMS_MAYBECONST unsigned char **p, long length); -extern AC_ATTR *AC_ATTR_new(); -extern void AC_ATTR_free(AC_ATTR *a); -extern int i2d_AC_IETFATTR(AC_IETFATTR *a, unsigned char **pp); -extern AC_IETFATTR *d2i_AC_IETFATTR(AC_IETFATTR **a, VOMS_MAYBECONST unsigned char **p, long length); -extern AC_IETFATTR *AC_IETFATTR_new(); -extern void AC_IETFATTR_free (AC_IETFATTR *a); -extern int i2d_AC_IETFATTRVAL(AC_IETFATTRVAL *a, unsigned char **pp); -extern AC_IETFATTRVAL *d2i_AC_IETFATTRVAL(AC_IETFATTRVAL **a, VOMS_MAYBECONST unsigned char **pp, long length); -extern AC_IETFATTRVAL *AC_IETFATTRVAL_new(); -extern void AC_IETFATTRVAL_free(AC_IETFATTRVAL *a); -extern int i2d_AC_DIGEST(AC_DIGEST *a, unsigned char **pp); -extern AC_DIGEST *d2i_AC_DIGEST(AC_DIGEST **a, VOMS_MAYBECONST unsigned char **pp, long length);; -extern AC_DIGEST *AC_DIGEST_new(void); -extern void AC_DIGEST_free(AC_DIGEST *a); -extern int i2d_AC_IS(AC_IS *a, unsigned char **pp); -extern AC_IS *d2i_AC_IS(AC_IS **a, VOMS_MAYBECONST unsigned char **pp, long length); -extern AC_IS *AC_IS_new(void); -extern void AC_IS_free(AC_IS *a); -extern int i2d_AC_FORM(AC_FORM *a, unsigned char **pp); -extern AC_FORM *d2i_AC_FORM(AC_FORM **a, VOMS_MAYBECONST unsigned char **pp, long length); -extern AC_FORM *AC_FORM_new(void); -extern void AC_FORM_free(AC_FORM *a); -extern int i2d_AC_ACI(AC_ACI *a, unsigned char **pp); -extern AC_ACI *d2i_AC_ACI(AC_ACI **a, VOMS_MAYBECONST unsigned char **pp, long length); -extern AC_ACI *AC_ACI_new(void); -extern void AC_ACI_free(AC_ACI *a); - -extern int i2d_AC_HOLDER(AC_HOLDER *a, unsigned char **pp); -extern AC_HOLDER *d2i_AC_HOLDER(AC_HOLDER **a, VOMS_MAYBECONST unsigned char **pp, long length); -extern AC_HOLDER *AC_HOLDER_new(void); -extern void AC_HOLDER_free(AC_HOLDER *a); - -/* new AC_VAL functions by Valerio */ -extern int i2d_AC_VAL(AC_VAL *a, unsigned char **pp); -extern AC_VAL *d2i_AC_VAL(AC_VAL **a, VOMS_MAYBECONST unsigned char **pp, long length); -extern AC_VAL *AC_VAL_new(void); -extern void AC_VAL_free(AC_VAL *a); -/* end*/ - -extern int i2d_AC_INFO(AC_INFO *a, unsigned char **pp); -extern AC_INFO *d2i_AC_INFO(AC_INFO **a, VOMS_MAYBECONST unsigned char **p, long length); -extern AC_INFO *AC_INFO_new(void); -extern void AC_INFO_free(AC_INFO *a); -extern int i2d_AC(AC *a, unsigned char **pp) ; -extern AC *d2i_AC(AC **a, VOMS_MAYBECONST unsigned char **pp, long length); -extern AC *AC_new(void); -extern void AC_free(AC *a); -extern int i2d_AC_TARGETS(AC_TARGETS *a, unsigned char **pp) ; -extern AC_TARGETS *d2i_AC_TARGETS(AC_TARGETS **a, VOMS_MAYBECONST unsigned char **pp, long length); -extern AC_TARGETS *AC_TARGETS_new(void); -extern void AC_TARGETS_free(AC_TARGETS *a); -extern int i2d_AC_TARGET(AC_TARGET *a, unsigned char **pp) ; -extern AC_TARGET *d2i_AC_TARGET(AC_TARGET **a, VOMS_MAYBECONST unsigned char **pp, long length); -extern AC_TARGET *AC_TARGET_new(void); -extern void AC_TARGET_free(AC_TARGET *a); -extern int i2d_AC_SEQ(AC_SEQ *a, unsigned char **pp) ; -extern AC_SEQ *d2i_AC_SEQ(AC_SEQ **a, VOMS_MAYBECONST unsigned char **pp, long length); -extern AC_SEQ *AC_SEQ_new(void); -extern void AC_SEQ_free(AC_SEQ *a); - -extern int i2d_AC_CERTS(AC_CERTS *a, unsigned char **pp) ; -extern AC_CERTS *d2i_AC_CERTS(AC_CERTS **a, VOMS_MAYBECONST unsigned char **pp, long length); -extern AC_CERTS *AC_CERTS_new(void); -extern void AC_CERTS_free(AC_CERTS *a); +DECLARE_ASN1_FUNCTIONS(AC_ATTRS) +DECLARE_ASN1_FUNCTIONS(AC_DIGEST) +DECLARE_ASN1_FUNCTIONS(AC_IS) +DECLARE_ASN1_FUNCTIONS(AC_FORM) +DECLARE_ASN1_FUNCTIONS(AC_ACI) +DECLARE_ASN1_FUNCTIONS(AC_HOLDER) +DECLARE_ASN1_FUNCTIONS(AC_VAL) +DECLARE_ASN1_FUNCTIONS(AC_IETFATTR) +DECLARE_ASN1_FUNCTIONS(AC_TARGET) +DECLARE_ASN1_FUNCTIONS(AC_TARGETS) +DECLARE_ASN1_FUNCTIONS(AC_ATTR) +DECLARE_ASN1_FUNCTIONS(AC_INFO) +DECLARE_ASN1_FUNCTIONS(AC) +DECLARE_ASN1_FUNCTIONS(AC_SEQ) +DECLARE_ASN1_FUNCTIONS(AC_CERTS) + +DECLARE_ASN1_PRINT_FUNCTION(AC) extern AC *AC_dup(AC *ac); + extern EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey); extern int AC_verify(X509_ALGOR *algor1, ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); diff --git a/src/include/proxycertinfo.h b/src/include/proxycertinfo.h new file mode 100644 index 00000000..0ab99c4c --- /dev/null +++ b/src/include/proxycertinfo.h @@ -0,0 +1,84 @@ +/* + * Copyright 1999-2006 University of Chicago + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef HEADER_PROXYCERTINFO_H +#define HEADER_PROXYCERTINFO_H + +/** + * @file proxycertinfo.h + * @brief Proxy Certificate Info + * @author Sam Meder + * @author Sam Lang + */ +#include "proxypolicy.h" +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * @defgroup proxycertinfo ProxyCertInfo + * @ingroup globus_gsi_proxy_ssl_api + * + * The proxycertinfo.h file defines a method of + * maintaining information about proxy certificates. + */ + +#define PROXYCERTINFO_OLD_OID "1.3.6.1.4.1.3536.1.222" +#define PROXYCERTINFO_OID "1.3.6.1.5.5.7.1.14" +#define PROXYCERTINFO_SN "PROXYCERTINFO" +#define PROXYCERTINFO_LN "Proxy Certificate Info Extension" +#define PROXYCERTINFO_OLD_SN "OLD_PROXYCERTINFO" +#define PROXYCERTINFO_OLD_LN "Proxy Certificate Info Extension (old OID)" + +/* + * Used for error checking + */ +#define ASN1_F_PROXYCERTINFO_NEW 430 +#define ASN1_F_D2I_PROXYCERTINFO 431 + + + X509V3_EXT_METHOD * PROXYCERTINFO_OLD_x509v3_ext_meth(); + + void InitProxyCertInfoExtension(int full); + + int + PROXY_CERT_INFO_EXTENSION_set_path_length( + PROXY_CERT_INFO_EXTENSION* pci + , long pl + ); + + PROXY_POLICY* + PROXY_CERT_INFO_EXTENSION_get_policy(PROXY_CERT_INFO_EXTENSION const* pci); + + int + PROXY_CERT_INFO_EXTENSION_set_policy( + PROXY_CERT_INFO_EXTENSION* pci + , PROXY_POLICY* policy + ); + + long + PROXY_CERT_INFO_EXTENSION_get_path_length(PROXY_CERT_INFO_EXTENSION const* pci); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_PROXYCERTINFO_H */ diff --git a/src/include/proxypolicy.h b/src/include/proxypolicy.h new file mode 100644 index 00000000..c5bec33e --- /dev/null +++ b/src/include/proxypolicy.h @@ -0,0 +1,87 @@ +/* + * Copyright 1999-2006 University of Chicago + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef HEADER_PROXYPOLICY_H +#define HEADER_PROXYPOLICY_H + +/** + * @file proxypolicy.h + * @brief Proxy Policy + * @author Sam Meder + * @author Sam Lang + */ +/** + * @defgroup proxypolicy ProxyPolicy + * @ingroup globus_gsi_proxy_ssl_api + * + * The proxypolicy set of data structures + * and functions provides an interface to generating + * a PROXYPOLICY structure which is maintained as + * a field in the PROXYCERTINFO structure, + * and ultimately gets written to a DER encoded string. + * + * Further Information about proxy policies + * is available in the X.509 Proxy Certificate Profile document. + */ + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define ANY_LANGUAGE_OID "1.3.6.1.5.5.7.21.0" +#define ANY_LANGUAGE_SN "ANY_LANGUAGE" +#define ANY_LANGUAGE_LN "Any Language" + +#define IMPERSONATION_PROXY_OID "1.3.6.1.5.5.7.21.1" +#define IMPERSONATION_PROXY_SN "IMPERSONATION_PROXY" +#define IMPERSONATION_PROXY_LN "GSI impersonation proxy" + +#define INDEPENDENT_PROXY_OID "1.3.6.1.5.5.7.21.2" +#define INDEPENDENT_PROXY_SN "INDEPENDENT_PROXY" +#define INDEPENDENT_PROXY_LN "GSI independent proxy" + + /* generic policy language */ +#define GLOBUS_GSI_PROXY_GENERIC_POLICY_OID "1.3.6.1.4.1.3536.1.1.1.8" + +#define LIMITED_PROXY_OID "1.3.6.1.4.1.3536.1.1.1.9" +#define LIMITED_PROXY_SN "LIMITED_PROXY" +#define LIMITED_PROXY_LN "GSI limited proxy" + +/* Used for error handling */ +#define ASN1_F_PROXYPOLICY_NEW 450 +#define ASN1_F_D2I_PROXYPOLICY 451 + + int PROXY_POLICY_set_policy_language( + PROXY_POLICY * policy + , ASN1_OBJECT * policy_language); + + int PROXY_POLICY_set_policy( + PROXY_POLICY * proxypolicy + , unsigned char * policy + , int length); + + PROXY_POLICY* PROXY_POLICY_dup(PROXY_POLICY* policy); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_PROXYPOLICY_H */ diff --git a/src/include/ssl_compat.h b/src/include/ssl_compat.h new file mode 100644 index 00000000..ffc69ec8 --- /dev/null +++ b/src/include/ssl_compat.h @@ -0,0 +1,74 @@ +#include + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); +struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +int X509_REQ_get_signature_nid(const X509_REQ *req); +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +const ASN1_TIME *X509_get0_notAfter(const X509 *x); +void X509_set_proxy_flag(X509 *x); +void X509_set_proxy_pathlen(X509 *x, long l); +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +X509_OBJECT *X509_OBJECT_new(void); +X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx); +long X509_get_proxy_pathlen(X509 *x); +uint32_t X509_get_extension_flags(X509 *x); +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); +void X509_OBJECT_free(X509_OBJECT *a); +typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, + X509 *x, X509 *issuer); +void X509_STORE_set_check_issued(X509_STORE *ctx, + X509_STORE_CTX_check_issued_fn check_issued); +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); +void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, + const ASN1_BIT_STRING **psuid); +int BIO_get_new_index(void); +BIO_METHOD *BIO_meth_new(int type, const char *name); +int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int); +int BIO_meth_set_write(BIO_METHOD *biom, int (*write) (BIO *, const char *, int)); +int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int); +int BIO_meth_set_read(BIO_METHOD *biom, int (*read) (BIO *, char *, int)); +int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *); +int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts) (BIO *, const char *)); +int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int); +int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets) (BIO *, char *, int)); +long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *); +int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); +int (*BIO_meth_get_create(BIO_METHOD *bion)) (BIO *); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)); +int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); +long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom))(BIO *, int, bio_info_cb *); +int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, bio_info_cb *)); + +#if OPENSSL_VERSION_NUMBER < 0x10002000L + +int X509_get_signature_nid(const X509 *x); +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); + +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/include/sslutils.h b/src/include/sslutils.h index 6aba7e75..594c14ff 100644 --- a/src/include/sslutils.h +++ b/src/include/sslutils.h @@ -328,7 +328,7 @@ struct proxy_verify_desc_struct { proxy_verify_ctx_desc * pvxd; int flags; X509_STORE_CTX * cert_store; - int recursive_depth; + int recursive_depth; /* unused */ int proxy_depth; int cert_depth; int limited_proxy; diff --git a/src/include/vomsxml.h b/src/include/vomsxml.h index 285037fa..2c3f17b7 100644 --- a/src/include/vomsxml.h +++ b/src/include/vomsxml.h @@ -52,6 +52,6 @@ extern std::string XML_Ans_Encode(const std::string&, const std::string&, const std::vector&, bool); extern bool XML_Req_Decode(const std::string&, request &); extern bool XML_Ans_Decode(const std::string&, answer &); -extern std::string Encode(std::string data, int base64); +extern std::string Encode(const std::string& data, int base64); extern std::string Decode(const std::string& data); #endif diff --git a/src/log/fs.c b/src/log/fs.c index 0dc34b2d..bd0df80d 100644 --- a/src/log/fs.c +++ b/src/log/fs.c @@ -212,7 +212,8 @@ void *FILEStreamerAdd(void *h) static int logfile_rotate(const char * name) { - char *pos, *dirname, *newname, *oldname, *basename; + char *pos, *dirname, *newname, *oldname; + char const* basename = NULL; DIR * dir = NULL; struct dirent * de = NULL; int result = 0; diff --git a/src/server/Makefile.am b/src/server/Makefile.am index ab36fe7d..725dcda9 100644 --- a/src/server/Makefile.am +++ b/src/server/Makefile.am @@ -23,8 +23,8 @@ soapH.h soapStub.h: soapC.cpp soapC.cpp: VOMSAC.h $(SOAPCPP2) VOMSAC.h -VOMSAC.h: VOMSAC.wsdl - $(WSDL2H) $(WSDL2H_FLAGS) -s VOMSAC.wsdl +VOMSAC.h: $(top_srcdir)/src/server/VOMSAC.wsdl + $(WSDL2H) $(WSDL2H_FLAGS) -s -o $@ $(top_srcdir)/src/server/VOMSAC.wsdl EXTRA_DIST= VOMSAC.wsdl CLEANFILES= soap* VOMSAC.h vomsSOAP* diff --git a/src/server/vomsd.cc b/src/server/vomsd.cc index 983e7df2..700c5f1d 100644 --- a/src/server/vomsd.cc +++ b/src/server/vomsd.cc @@ -51,7 +51,7 @@ extern "C" { static int reload = 0; void *logh = NULL; -#include "myproxycertinfo.h" +#include "proxycertinfo.h" } #include @@ -96,11 +96,15 @@ std::string vomsresult::makeRESTAnswer(int& code) std::string output = ""; code = SOAP_HTML; - if (ac != "A" && !ac.empty()) - output += ""+Encode(ac, true)+""; + if (ac != "A" && !ac.empty()){ + std::string encoded_ac = Encode(ac,true); + output += ""+encoded_ac+""; + } - if (!data.empty()) - output += ""+Encode(data, true)+""; + if (!data.empty()){ + std::string encoded_data = Encode(data,true); + output += ""+encoded_data+""; + } std::vector::const_iterator end = errs.end(); for (std::vector::const_iterator i = errs.begin(); i != end; ++i) { @@ -1219,16 +1223,15 @@ bool VOMSServer::makeAC(vomsresult& vr, EVP_PKEY *key, X509 *issuer, /* Encode AC */ if (!res) { - unsigned int len = i2d_AC(a, NULL); + unsigned char *buf = NULL; - unsigned char *tmp = (unsigned char *)OPENSSL_malloc(len); - unsigned char *ttmp = tmp; + int len = i2d_AC(a, &buf); - if (tmp) { - i2d_AC(a, &tmp); - codedac = std::string((char *)ttmp, len); + if (len > 0) { + codedac = std::string(reinterpret_cast(buf), len); } - free(ttmp); + + OPENSSL_free(buf); } else vr.setError(ERR_NOT_MEMBER, get_error(res)); diff --git a/src/socklib/Client.cpp b/src/socklib/Client.cpp index 80b3d397..5bcac54f 100644 --- a/src/socklib/Client.cpp +++ b/src/socklib/Client.cpp @@ -162,8 +162,6 @@ proxy_verify_desc *setup_initializers(char *cadir) pvd = (proxy_verify_desc*) malloc(sizeof(proxy_verify_desc)); pvxd = (proxy_verify_ctx_desc *)malloc(sizeof(proxy_verify_ctx_desc)); - pvd->cert_store = NULL; - if (!pvd || !pvxd) { free(pvd); diff --git a/src/socklib/Server.cpp b/src/socklib/Server.cpp index e8936120..10483f3b 100644 --- a/src/socklib/Server.cpp +++ b/src/socklib/Server.cpp @@ -46,6 +46,7 @@ extern "C" { #include #include #include +#include #include #include @@ -60,6 +61,7 @@ extern "C" { #include "log.h" #include "vomsssl.h" #include "sslutils.h" +#include "ssl_compat.h" } #include "ipv6sock.h" @@ -282,6 +284,72 @@ void GSISocketServer::CloseListened(void) newopened = false; } +static BIO* make_VOMS_BIO(int sock) +{ + int ret; + + int const biom_type = BIO_get_new_index(); + static char const* const biom_name = "VOMS I/O"; + BIO_METHOD* voms_biom = BIO_meth_new(biom_type|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR, biom_name); + assert(voms_biom && "BIO_meth_new failed"); + + BIO_METHOD const* sock_biom = BIO_s_socket(); + assert(sock_biom != NULL && "BIO_s_socket"); + + writeb = BIO_meth_get_write(const_cast(sock_biom)); + assert(writeb != NULL && "BIO_meth_get_write failed"); + ret = BIO_meth_set_write(voms_biom, globusf_write); + assert(ret == 1 && "BIO_meth_set_write failed"); + + readb = BIO_meth_get_read(const_cast(sock_biom)); + assert(readb != NULL && "BIO_meth_get_read failed"); + ret = BIO_meth_set_read(voms_biom, globusf_read); + assert(ret == 1 && "BIO_meth_set_read failed"); + + ret = BIO_meth_set_puts( + voms_biom + , BIO_meth_get_puts(const_cast(sock_biom)) + ); + assert(ret == 1 && "BIO_meth_get/set_puts failed"); + + ret = BIO_meth_set_gets( + voms_biom + , BIO_meth_get_gets(const_cast(sock_biom)) + ); + assert(ret == 1 && "BIO_meth_get/set_gets failed"); + + ret = BIO_meth_set_ctrl( + voms_biom + , BIO_meth_get_ctrl(const_cast(sock_biom)) + ); + assert(ret == 1 && "BIO_meth_get/set_ctrl failed"); + + ret = BIO_meth_set_create( + voms_biom + , BIO_meth_get_create(const_cast(sock_biom)) + ); + assert(ret == 1 && "BIO_meth_get/set_create failed"); + + ret = BIO_meth_set_destroy( + voms_biom + , BIO_meth_get_destroy(const_cast(sock_biom)) + ); + assert(ret == 1 && "BIO_meth_get/set_destroy failed"); + + ret = BIO_meth_set_callback_ctrl( + voms_biom + , BIO_meth_get_callback_ctrl(const_cast(sock_biom)) + ); + assert(ret == 1 && "BIO_meth_get/set_callback_ctrl failed"); + + BIO* voms_bio = BIO_new(voms_biom); + assert(voms_bio && "BIO_new failed"); + BIO_set_fd(voms_bio, sock, BIO_NOCLOSE); + (void)BIO_set_nbio(voms_bio, 1); + + return voms_bio; +} + /** * Accept the GSI Authentication. * @param sock the socket for communication. @@ -300,6 +368,7 @@ GSISocketServer::AcceptGSIAuthentication() bool accept_timed_out = false; int expected = 0; BIO *bio = NULL; + BIO_METHOD* bio_method = NULL; char *cert_file, *user_cert, *user_key, *user_proxy; char *serial=NULL; @@ -333,11 +402,11 @@ GSISocketServer::AcceptGSIAuthentication() * Certificate was a proxy with a cert. chain. * Add the certificates one by one to the chain. */ - X509_STORE_add_cert(ctx->cert_store, ucert); + X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx), ucert); for (int i = 0; i cert_store, cert)) { + if (!X509_STORE_add_cert(SSL_CTX_get_cert_store(ctx), cert)) { if (ERR_GET_REASON(ERR_peek_error()) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { ERR_clear_error(); continue; @@ -353,17 +422,11 @@ GSISocketServer::AcceptGSIAuthentication() flags = fcntl(newsock, F_GETFL, 0); (void)fcntl(newsock, F_SETFL, flags | O_NONBLOCK); - bio = BIO_new_socket(newsock, BIO_NOCLOSE); - (void)BIO_set_nbio(bio, 1); + bio = make_VOMS_BIO(newsock); ssl = SSL_new(ctx); setup_SSL_proxy_handler(ssl, cacertdir); - writeb = bio->method->bwrite; - readb = bio->method->bread; - bio->method->bwrite = globusf_write; - bio->method->bread = globusf_read; - SSL_set_bio(ssl, bio, bio); curtime = starttime = time(NULL); diff --git a/src/sslutils/Makefile.am b/src/sslutils/Makefile.am index 7a06cb4b..3899b891 100644 --- a/src/sslutils/Makefile.am +++ b/src/sslutils/Makefile.am @@ -7,9 +7,10 @@ endif noinst_LTLIBRARIES = libssl_utils_nog.la -SOURCES= scutils.c scutils.h sslutils.c proxycertinfo.c \ +SOURCES= scutils.c scutils.h sslutils.c proxycertinfo.c proxypolicy.c \ signing_policy.c lex.signing.c namespaces.c lex.namespaces.c \ - evaluate.c proxy.c vomsproxy.h voms_cert_type.h voms_cert_type.c + evaluate.c proxy.c vomsproxy.h voms_cert_type.h voms_cert_type.c \ + ssl_compat.c EXTRA_DIST = namespaces.l namespaces.y namespaces.h \ diff --git a/src/sslutils/myproxycertinfo.c b/src/sslutils/myproxycertinfo.c new file mode 100644 index 00000000..8f9f90de --- /dev/null +++ b/src/sslutils/myproxycertinfo.c @@ -0,0 +1,510 @@ +/********************************************************************* + * + * Authors: Valerio Venturi - Valerio.Venturi@cnaf.infn.it + * Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it + * + * Copyright (c) Members of the EGEE Collaboration. 2004-2010. + * See http://www.eu-egee.org/partners/ for details on the copyright holders. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Parts of this code may be based upon or even include verbatim pieces, + * originally written by other people, in which case the original header + * follows. + * + *********************************************************************/ +#include "config.h" + +#include + +#include +#include +#include + +#include "myproxycertinfo.h" +#include "doio.h" + +/* myPROXYPOLICY function */ + +myPROXYPOLICY * myPROXYPOLICY_new() +{ + myPROXYPOLICY* ret = (myPROXYPOLICY*)OPENSSL_malloc(sizeof(myPROXYPOLICY)); + + if (ret) + { + ret->policy_language = OBJ_nid2obj(OBJ_sn2nid(IMPERSONATION_PROXY_SN)); + ret->policy = NULL; + } + + return ret; +} + +void myPROXYPOLICY_free(myPROXYPOLICY * policy) +{ + if(policy == NULL) return; + + ASN1_OBJECT_free(policy->policy_language); + ASN1_OCTET_STRING_free(policy->policy); + OPENSSL_free(policy); +} + +/* duplicate */ +myPROXYPOLICY * myPROXYPOLICY_dup(myPROXYPOLICY * policy) +{ +#ifdef TYPEDEF_I2D_OF + return ((myPROXYPOLICY *) ASN1_dup((i2d_of_void *)i2d_myPROXYPOLICY, + (d2i_of_void *)d2i_myPROXYPOLICY, + (char *)policy)); +#else + return ((myPROXYPOLICY *) ASN1_dup((int (*)())i2d_myPROXYPOLICY, + (char *(*)())d2i_myPROXYPOLICY, + (char *)policy)); +#endif +} + +/* set policy language */ +int myPROXYPOLICY_set_policy_language(myPROXYPOLICY * policy, ASN1_OBJECT * policy_language) +{ + if(policy_language != NULL) { + ASN1_OBJECT_free(policy->policy_language); + policy->policy_language = OBJ_dup(policy_language); + return 1; + } + + return 0; +} + +/* get policy language */ +ASN1_OBJECT * myPROXYPOLICY_get_policy_language(myPROXYPOLICY * policy) +{ + return policy->policy_language; +} + +/* set policy */ +int myPROXYPOLICY_set_policy(myPROXYPOLICY * proxypolicy, unsigned char * policy, int length) +{ + if(policy != NULL) { + /* if member policy of proxypolicy non set */ + if(!proxypolicy->policy) + proxypolicy->policy = ASN1_OCTET_STRING_new(); + + /* set member policy of proxypolicy */ + ASN1_OCTET_STRING_set(proxypolicy->policy, policy, length); + } + else + ASN1_OCTET_STRING_free(proxypolicy->policy); + + return 1; +} + +/* get policy */ +unsigned char * myPROXYPOLICY_get_policy(myPROXYPOLICY * proxypolicy, int * length) +{ + /* assure field policy is set */ + + if(proxypolicy->policy) { + *length = proxypolicy->policy->length; + + /* assure ASN1_OCTET_STRING is full */ + if (*length>0 && proxypolicy->policy->data) { + unsigned char * copy = malloc(*length); + memcpy(copy, proxypolicy->policy->data, *length); + return copy; + } + } + return NULL; +} + +/* internal to der conversion */ +int i2d_myPROXYPOLICY(myPROXYPOLICY * policy, unsigned char ** pp) +{ + M_ASN1_I2D_vars(policy); + + M_ASN1_I2D_len(policy->policy_language, i2d_ASN1_OBJECT); + + if(policy->policy) { + M_ASN1_I2D_len(policy->policy, i2d_ASN1_OCTET_STRING); + } + + M_ASN1_I2D_seq_total(); + M_ASN1_I2D_put(policy->policy_language, i2d_ASN1_OBJECT); + + if(policy->policy) { + M_ASN1_I2D_put(policy->policy, i2d_ASN1_OCTET_STRING); + } + + M_ASN1_I2D_finish(); +} + +myPROXYPOLICY * d2i_myPROXYPOLICY(myPROXYPOLICY ** a, unsigned char ** pp, long length) +{ + M_ASN1_D2I_vars(a, myPROXYPOLICY *, myPROXYPOLICY_new); + + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get(ret->policy_language, d2i_ASN1_OBJECT); + + /* need to try getting the policy using + * a) a call expecting no tags + * b) a call expecting tags + * one of which should succeed + */ + + M_ASN1_D2I_get_opt(ret->policy, + d2i_ASN1_OCTET_STRING, + V_ASN1_OCTET_STRING); + M_ASN1_D2I_get_IMP_opt(ret->policy, + d2i_ASN1_OCTET_STRING, + 0, + V_ASN1_OCTET_STRING); + M_ASN1_D2I_Finish(a, + myPROXYPOLICY_free, + ASN1_F_D2I_PROXYPOLICY); +} + + + +/* myPROXYCERTINFO function */ + +myPROXYCERTINFO * myPROXYCERTINFO_new() +{ + myPROXYCERTINFO * ret = NULL; + ASN1_CTX c; + + M_ASN1_New_Malloc(ret, myPROXYCERTINFO); + memset(ret, 0, sizeof(myPROXYCERTINFO)); + ret->path_length = NULL; + ret->proxypolicy = myPROXYPOLICY_new(); + return (ret); + M_ASN1_New_Error(ASN1_F_PROXYCERTINFO_NEW); +} + +void myPROXYCERTINFO_free(myPROXYCERTINFO * proxycertinfo) +{ + /* assure proxycertinfo not empty */ + if(proxycertinfo == NULL) return; + + ASN1_INTEGER_free(proxycertinfo->path_length); + myPROXYPOLICY_free(proxycertinfo->proxypolicy); + OPENSSL_free(proxycertinfo); +} + +/* set path_length */ +int myPROXYCERTINFO_set_path_length(myPROXYCERTINFO * proxycertinfo, long path_length) +{ + /* assure proxycertinfo is not empty */ + if(proxycertinfo != NULL) { + + if(path_length != -1) { + /* if member path_length is empty allocate memory then set */ + if(proxycertinfo->path_length == NULL) + proxycertinfo->path_length = ASN1_INTEGER_new(); + return ASN1_INTEGER_set(proxycertinfo->path_length, path_length); + } + else { + ASN1_INTEGER_free(proxycertinfo->path_length); + proxycertinfo->path_length = NULL; + } + + return 1; + } + + return 0; +} + +int myPROXYCERTINFO_set_version(myPROXYCERTINFO * proxycertinfo, int version) +{ + if (proxycertinfo != NULL) { + proxycertinfo->version = version; + return 1; + } + + return 0; +} + +int myPROXYCERTINFO_get_version(myPROXYCERTINFO * proxycertinfo) +{ + if (proxycertinfo) + return proxycertinfo->version; + return -1; +} + + +/* get path length */ +long myPROXYCERTINFO_get_path_length(myPROXYCERTINFO * proxycertinfo) +{ + if(proxycertinfo && proxycertinfo->path_length) + return ASN1_INTEGER_get(proxycertinfo->path_length); + else + return -1; +} + +/* set policy */ +int myPROXYCERTINFO_set_proxypolicy(myPROXYCERTINFO * proxycertinfo, myPROXYPOLICY * proxypolicy) +{ + myPROXYPOLICY_free(proxycertinfo->proxypolicy); + + if(proxypolicy != NULL) + proxycertinfo->proxypolicy = myPROXYPOLICY_dup(proxypolicy); + else + proxycertinfo->proxypolicy = NULL; + + return 1; +} + +/* get policy */ +myPROXYPOLICY * myPROXYCERTINFO_get_proxypolicy(myPROXYCERTINFO * proxycertinfo) +{ + if(proxycertinfo) + return proxycertinfo->proxypolicy; + + return NULL; +} + +/* internal to der conversion */ +static int i2d_myPROXYCERTINFO_v3(myPROXYCERTINFO * proxycertinfo, unsigned char ** pp) +{ + int v1; + + M_ASN1_I2D_vars(proxycertinfo); + + v1 = 0; + + M_ASN1_I2D_len(proxycertinfo->proxypolicy, i2d_myPROXYPOLICY); + + M_ASN1_I2D_len_EXP_opt(proxycertinfo->path_length,i2d_ASN1_INTEGER, 1, v1); + M_ASN1_I2D_seq_total(); + M_ASN1_I2D_put(proxycertinfo->proxypolicy, i2d_myPROXYPOLICY); + M_ASN1_I2D_put_EXP_opt(proxycertinfo->path_length, i2d_ASN1_INTEGER, 1, v1); + M_ASN1_I2D_finish(); +} + +static int i2d_myPROXYCERTINFO_v4(myPROXYCERTINFO * proxycertinfo, unsigned char ** pp) +{ + M_ASN1_I2D_vars(proxycertinfo); + + if(proxycertinfo->path_length) + { + M_ASN1_I2D_len(proxycertinfo->path_length, i2d_ASN1_INTEGER); + } + + M_ASN1_I2D_len(proxycertinfo->proxypolicy, i2d_myPROXYPOLICY); + + M_ASN1_I2D_seq_total(); + if(proxycertinfo->path_length) + { + M_ASN1_I2D_put(proxycertinfo->path_length, i2d_ASN1_INTEGER); + } + M_ASN1_I2D_put(proxycertinfo->proxypolicy, i2d_myPROXYPOLICY); + M_ASN1_I2D_finish(); +} + +int i2d_myPROXYCERTINFO(myPROXYCERTINFO * proxycertinfo, unsigned char ** pp) +{ + switch(proxycertinfo->version) { + case 3: + return i2d_myPROXYCERTINFO_v3(proxycertinfo, pp); + break; + + case 4: + return i2d_myPROXYCERTINFO_v4(proxycertinfo, pp); + break; + + default: + return -1; + break; + } +} + +static myPROXYCERTINFO * d2i_myPROXYCERTINFO_v3(myPROXYCERTINFO ** cert_info, unsigned char ** pp, long length) +{ + M_ASN1_D2I_vars(cert_info, myPROXYCERTINFO *, myPROXYCERTINFO_new); + + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + + M_ASN1_D2I_get((ret->proxypolicy), d2i_myPROXYPOLICY); + + M_ASN1_D2I_get_EXP_opt(ret->path_length, d2i_ASN1_INTEGER, 1); + + ret->version = 3; + M_ASN1_D2I_Finish(cert_info, myPROXYCERTINFO_free, ASN1_F_D2I_PROXYCERTINFO); +} + +static myPROXYCERTINFO * d2i_myPROXYCERTINFO_v4(myPROXYCERTINFO ** cert_info, unsigned char ** pp, long length) +{ + M_ASN1_D2I_vars(cert_info, myPROXYCERTINFO *, myPROXYCERTINFO_new); + + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + + M_ASN1_D2I_get_EXP_opt(ret->path_length, d2i_ASN1_INTEGER, 1); + + M_ASN1_D2I_get_opt(ret->path_length, d2i_ASN1_INTEGER, V_ASN1_INTEGER); + + M_ASN1_D2I_get((ret->proxypolicy),d2i_myPROXYPOLICY); + + ret->version = 4; + M_ASN1_D2I_Finish(cert_info, myPROXYCERTINFO_free, ASN1_F_D2I_PROXYCERTINFO); +} + +myPROXYCERTINFO * d2i_myPROXYCERTINFO(myPROXYCERTINFO ** cert_info, unsigned char ** pp, long length) +{ + myPROXYCERTINFO *info = d2i_myPROXYCERTINFO_v3(cert_info, pp, length); + if (!info) + info = d2i_myPROXYCERTINFO_v4(cert_info, pp, length); + return info; +} + + +static int nativeopenssl = 0; + +static char *norep() +{ + static char *buffer=""; + return buffer; +} + +static void *myproxycertinfo_s2i(UNUSED(struct v3_ext_method *method), UNUSED(struct v3_ext_ctx *ctx), UNUSED(char *data)) +{ + return (myPROXYCERTINFO*)data; +} + +static char *myproxycertinfo_i2s(UNUSED(struct v3_ext_method *method), void *ext) +{ + myPROXYCERTINFO *pci = NULL; + char *encoding = NULL; + char *output = NULL; + myPROXYPOLICY *pp; + int dooid = 0; + char oid[256]; + + pci = (myPROXYCERTINFO *)ext; + + if (!pci) + return norep(); + + if (pci->path_length) { + int j = ASN1_INTEGER_get(pci->path_length); + + char *buffer = snprintf_wrap("%X", j); + output = snprintf_wrap("Path Length Constraint: %s%s\n\n", strlen(buffer)%2 ? "0" : "", buffer); + free(buffer); + } + else + output = strdup("Path Length Constraint: unlimited\n"); + + pp = pci->proxypolicy; + + if (pp && i2t_ASN1_OBJECT(oid, 256, pp->policy_language)) { + dooid = 1; + } + + encoding = snprintf_wrap("%sPolicy Language: %s%s%s%s\n", + output, + ( dooid ? oid : ""), + ( (pp && pp->policy) ? "\nPolicy Text: " : ""), + ( (pp && pp->policy) ? (char*)ASN1_STRING_data(pp->policy) : ""), + ( (pp && pp->policy) ? "\n" : "")); + + free(output); + return encoding; +} + +void InitProxyCertInfoExtension(int full) +{ +#define PROXYCERTINFO_V3 "1.3.6.1.4.1.3536.1.222" +#define PROXYCERTINFO_V4 "1.3.6.1.5.5.7.1.14" +#define OBJC(c,n) OBJ_create(c,n,n) + + X509V3_EXT_METHOD *pcert; + static int set = 0; + ASN1_OBJECT *objv3; + ASN1_OBJECT *objv4; + + if (set) + return; + + set = 1; + + + objv3 = OBJ_txt2obj(PROXYCERTINFO_V3,1); + objv4 = OBJ_txt2obj(PROXYCERTINFO_V4,1); + + /* Proxy Certificate Extension's related objects */ + if (OBJ_obj2nid(objv3) == 0) { + ERR_clear_error(); + OBJC(PROXYCERTINFO_V3, "Proxy Certificate Information"); + if (full) { + pcert = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); + + if (pcert) { + memset(pcert, 0, sizeof(*pcert)); + pcert->ext_nid = OBJ_txt2nid(PROXYCERTINFO_V3); + pcert->ext_flags = 0; + pcert->ext_new = (X509V3_EXT_NEW) myPROXYCERTINFO_new; + pcert->ext_free = (X509V3_EXT_FREE)myPROXYCERTINFO_free; + pcert->d2i = (X509V3_EXT_D2I) d2i_myPROXYCERTINFO; + pcert->i2d = (X509V3_EXT_I2D) i2d_myPROXYCERTINFO; + pcert->i2s = (X509V3_EXT_I2S) myproxycertinfo_i2s; + pcert->s2i = (X509V3_EXT_S2I) myproxycertinfo_s2i; + pcert->v2i = (X509V3_EXT_V2I) NULL; + pcert->r2i = (X509V3_EXT_R2I) NULL; + pcert->i2v = (X509V3_EXT_I2V) NULL; + pcert->i2r = (X509V3_EXT_I2R) NULL; + + X509V3_EXT_add(pcert); + } + } + } + + if (OBJ_obj2nid(objv4) == 0) { + ERR_clear_error(); + OBJC(PROXYCERTINFO_V4, "Proxy Certificate Information"); + if (full) { + pcert = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); + + if (pcert) { + memset(pcert, 0, sizeof(*pcert)); + pcert->ext_nid = OBJ_txt2nid(PROXYCERTINFO_V4); + pcert->ext_flags = 0; + pcert->ext_new = (X509V3_EXT_NEW) myPROXYCERTINFO_new; + pcert->ext_free = (X509V3_EXT_FREE)myPROXYCERTINFO_free; + pcert->d2i = (X509V3_EXT_D2I) d2i_myPROXYCERTINFO; + pcert->i2d = (X509V3_EXT_I2D) i2d_myPROXYCERTINFO; + pcert->i2s = (X509V3_EXT_I2S) myproxycertinfo_i2s; + pcert->s2i = (X509V3_EXT_S2I) myproxycertinfo_s2i; + pcert->v2i = (X509V3_EXT_V2I) NULL; + pcert->r2i = (X509V3_EXT_R2I) NULL; + pcert->i2v = (X509V3_EXT_I2V) NULL; + pcert->i2r = (X509V3_EXT_I2R) NULL; + + X509V3_EXT_add(pcert); + } + } + } + +#ifdef X509_V_FLAG_ALLOW_PROXY_CERTS + nativeopenssl = 1; +#endif + + ASN1_OBJECT_free(objv3); + ASN1_OBJECT_free(objv4); + + return; +} + +int proxynative(void) +{ + return nativeopenssl; +} diff --git a/src/sslutils/namespaces.c b/src/sslutils/namespaces.c index ec10f3b4..780845d7 100644 --- a/src/sslutils/namespaces.c +++ b/src/sslutils/namespaces.c @@ -1671,19 +1671,6 @@ YYSTYPE yylval; /* Line 1675 of yacc.c */ #line 110 "namespaces.y" - -#if 0 -int main() -{ - namespacesdebug = 1; - struct policy **arg = NULL; - void *scanner=NULL; - namespaceslex_init(&scanner); - namespacesset_debug(1, scanner); - return namespacesparse(&arg, scanner); -} -#endif - void namespaceserror(UNUSED(void *policies), UNUSED(void *scanner), UNUSED(char const *msg)) { } diff --git a/src/sslutils/proxy.c b/src/sslutils/proxy.c index 8bb1b6cb..dccb7275 100644 --- a/src/sslutils/proxy.c +++ b/src/sslutils/proxy.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #include @@ -40,7 +41,7 @@ #include #include "vomsproxy.h" -#include "myproxycertinfo.h" +#include "proxycertinfo.h" #include "sslutils.h" #include "doio.h" @@ -55,6 +56,19 @@ static int getBitValue(char *bitname); static int convertMethod(char *bits, int *warning, void **additional); static X509_EXTENSION *get_BasicConstraints(int ca); +AC_SEQ* create_ac_seq(AC** aclist) { + + if (!aclist) return NULL; + + AC_SEQ* seq = AC_SEQ_new(); + + while(*aclist) { + sk_AC_push(seq->acs, *aclist++); + } + + return seq; +} + struct VOMSProxyArguments *VOMS_MakeProxyArguments() { return (struct VOMSProxyArguments*)calloc(1, sizeof(struct VOMSProxyArguments)); @@ -132,7 +146,7 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, X509_REQ * req = NULL; STACK_OF(X509_EXTENSION) * extensions = NULL; int ku_flags = 0; - char *policy = NULL; + char* policy = NULL; X509_EXTENSION *ex1 = NULL, *ex2 = NULL, *ex3 = NULL, *ex4 = NULL, *ex5 = NULL, *ex6 = NULL, *ex7 = NULL, @@ -143,31 +157,27 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, struct VOMSProxy *proxy = NULL; - static int init = 0; - int (*cback)(); - if (!init) { - InitProxyCertInfoExtension(1); - init = 1; - } + InitProxyCertInfoExtension(1); setWarning(warning, PROXY_NO_ERROR); - if (args->callback) + if (args->callback) { cback = args->callback; - else + } else { cback = kpcallback; - + } if (args->proxyrequest == NULL) { if (proxy_genreq(args->cert, &req, &npkey, args->bits, args->newsubject ? args->newsubject : NULL, - (int (*)())cback)) + (int (*)())cback)) { goto err; - } - else + } + } else { req = args->proxyrequest; + } /* initialize extensions stack */ @@ -188,8 +198,7 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } - } - else { + } else { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } @@ -205,8 +214,9 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, goto err; } - if (!SET_EXT(ex1)) + if (!SET_EXT(ex1)) { goto err; + } } /* include extension */ @@ -224,10 +234,10 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, } free(filedata); - if (!SET_EXT(ex3)) + if (!SET_EXT(ex3)) { goto err; - } - else { + } + } else { setAdditional(additional, args->filename); goto err; } @@ -237,13 +247,24 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, if (args->aclist) { - if ((ex5 = X509V3_EXT_conf_nid(NULL, NULL, OBJ_txt2nid("acseq"), (char *)args->aclist)) == NULL) { + AC_SEQ* acseq = create_ac_seq(args->aclist); + + if (!acseq){ + // FIXME: set this error to out of memory + PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); + goto err; + } + + ex5 = X509V3_EXT_i2d(OBJ_txt2nid("acseq"),0, acseq); + + if ( ex5 == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } - if (!SET_EXT(ex5)) + if (!SET_EXT(ex5)) { goto err; + } } /* keyUsage extension */ @@ -254,12 +275,10 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } - } - else if (args->selfsigned) { + } else if (args->selfsigned) { ku_flags = X509v3_KU_DIGITAL_SIGNATURE | X509v3_KU_KEY_CERT_SIGN | X509v3_KU_CRL_SIGN; - } - else { + } else { ku_flags = get_KeyUsageFlags(args->cert); if (ku_flags != 0) { @@ -276,8 +295,9 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, X509_EXTENSION_set_critical(ex8, 1); - if (!SET_EXT(ex8)) + if (!SET_EXT(ex8)) { goto err; + } } /* netscapeCert extension */ @@ -288,8 +308,9 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, goto err; } - if (!SET_EXT(ex9)) + if (!SET_EXT(ex9)) { goto err; + } } /* extended key usage */ @@ -302,8 +323,9 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, goto err; } - if (!SET_EXT(ex10)) + if (!SET_EXT(ex10)) { goto err; + } } /* Basic Constraints */ @@ -315,8 +337,9 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, X509_EXTENSION_set_critical(ex12, 1); - if (!SET_EXT(ex12)) + if (!SET_EXT(ex12)) { goto err; + } /* vo extension */ @@ -326,8 +349,9 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, goto err; } - if (!SET_EXT(ex4)) + if (!SET_EXT(ex4)) { goto err; + } } /* authority key identifier and subject key identifier extension */ @@ -346,8 +370,9 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, goto err; } - if (!SET_EXT(ex13)) + if (!SET_EXT(ex13)) { goto err; + } tmpcert = X509_new(); if (tmpcert) { @@ -358,11 +383,10 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, ex11 = X509V3_EXT_conf_nid(NULL, &ctx, NID_authority_key_identifier, "keyid"); X509_free(tmpcert); EVP_PKEY_free(key); - } - else + } else { ex11 = NULL; - } - else { + } + } else { ex11 = X509V3_EXT_conf_nid(NULL, &ctx, NID_authority_key_identifier, "keyid"); } @@ -371,8 +395,9 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, goto err; } - if (!SET_EXT(ex11)) + if (!SET_EXT(ex11)) { goto err; + } } /* class_add extension */ @@ -394,9 +419,10 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, /* PCI extension */ if (args->proxyversion>=3) { - myPROXYPOLICY * proxypolicy; - myPROXYCERTINFO * proxycertinfo = NULL; - ASN1_OBJECT * policy_language; + PROXY_POLICY* proxypolicy; + PROXY_CERT_INFO_EXTENSION* proxycertinfo = NULL; + ASN1_OBJECT* policy_language; + /* char* policy = NULL; */ /* getting contents of policy file */ @@ -418,65 +444,65 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, if (!args->policyfile) { policylang = IMPERSONATION_PROXY_OID; setWarning(warning, PROXY_WARNING_GSI_ASSUMED); - } - else { + } else { policylang = GLOBUS_GSI_PROXY_GENERIC_POLICY_OID; setWarning(warning, PROXY_WARNING_GENERIC_LANGUAGE_ASSUMED); } - } /* predefined policy language can be specified with simple name string */ - else if (strcmp(policylang, IMPERSONATION_PROXY_SN) == 0) + } else if (strcmp(policylang, IMPERSONATION_PROXY_SN) == 0) { policylang = IMPERSONATION_PROXY_OID; - else if (strcmp(policylang, INDEPENDENT_PROXY_SN) == 0) + } else if (strcmp(policylang, INDEPENDENT_PROXY_SN) == 0) { policylang = INDEPENDENT_PROXY_OID; - - /* does limited prevail on others? don't know what does grid-proxy_init since if pl is given with - limited options it crash */ - if (args->limited) + } + + /* does limited prevail on others? don't know what does grid-proxy_init + since if pl is given with limited options it crash */ + if (args->limited) { policylang = LIMITED_PROXY_OID; + } - OBJ_create(policylang, policylang, policylang); - - if (!(policy_language = OBJ_nid2obj(OBJ_sn2nid(policylang)))) { + if (OBJ_txt2nid(policylang) == 0) { + OBJ_create(policylang, policylang, policylang); + } + + if (!(policy_language = OBJ_txt2obj(policylang, 1))) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_OID); goto err; } - int nativeopenssl = proxynative(); - - if (args->proxyversion == 3 || (args->proxyversion == 4 && !nativeopenssl)) { + if (args->proxyversion == 3) { /* proxypolicy */ - proxypolicy = myPROXYPOLICY_new(); + proxypolicy = PROXY_POLICY_new(); if (policy) { - myPROXYPOLICY_set_policy(proxypolicy, (unsigned char*)policy, policysize); + PROXY_POLICY_set_policy(proxypolicy, (unsigned char*)policy, policysize); free(policy); policy = NULL; - } - else if (args->policytext) - myPROXYPOLICY_set_policy(proxypolicy, + } else if (args->policytext) { + PROXY_POLICY_set_policy(proxypolicy, (unsigned char*)args->policytext, strlen(args->policytext)); + } - myPROXYPOLICY_set_policy_language(proxypolicy, policy_language); + PROXY_POLICY_set_policy_language(proxypolicy, policy_language); /* proxycertinfo */ - proxycertinfo = myPROXYCERTINFO_new(); - myPROXYCERTINFO_set_version(proxycertinfo, args->proxyversion); - myPROXYCERTINFO_set_proxypolicy(proxycertinfo, proxypolicy); + proxycertinfo = PROXY_CERT_INFO_EXTENSION_new(); +#warning is the call to PROXYCERTINFO_set_version needed/useful? + /* PROXYCERTINFO_set_version(proxycertinfo, args->proxyversion); */ + PROXY_CERT_INFO_EXTENSION_set_policy(proxycertinfo, proxypolicy); - myPROXYPOLICY_free(proxypolicy); + PROXY_POLICY_free(proxypolicy); if (args->pathlength>=0) - myPROXYCERTINFO_set_path_length(proxycertinfo, args->pathlength); + PROXY_CERT_INFO_EXTENSION_set_path_length(proxycertinfo, args->pathlength); value = (char *)proxycertinfo; - } - else { + } else { if (args->pathlength != -1) { char *buffer = snprintf_wrap("%d", args->pathlength); @@ -484,56 +510,69 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, value = snprintf_wrap("language:%s,pathlen:%s,policy:text:%s", policylang, buffer, policy); free(policy); policy = NULL; - } - else if (args->policytext) + } else if (args->policytext) { value = snprintf_wrap("language:%s,pathlen:%s,policy:text:%s", policylang, buffer, args->policytext); - else + } else { value = snprintf_wrap("language:%s,pathlen:%s", policylang, buffer); + } free(buffer); - } - else { - if (policy) + } else { + if (policy) { value = snprintf_wrap("language:%s,policy:text:%s", policylang, policy); - else if (args->policytext) + } else if (args->policytext) { value = snprintf_wrap("language:%s,policy:text:%s", policylang, args->policytext); - else + } else { value = snprintf_wrap("language:%s", policylang); + } } } if (args->proxyversion == 3) { - ex7 = X509V3_EXT_conf_nid(NULL, NULL, my_txt2nid(PROXYCERTINFO_V3), (char*)proxycertinfo); + /* Convert internal representation to DER */ + unsigned char* der = NULL; + int len; + ASN1_OCTET_STRING* oct = NULL; + int v3nid = my_txt2nid(PROXYCERTINFO_OLD_OID); + X509V3_EXT_METHOD const* method = X509V3_EXT_get_nid(v3nid); + + assert(method != NULL && "X509V3_EXT_get_nid failed"); + assert(method->it != NULL && "method->it cannot be null"); + + len = ASN1_item_i2d((void*)proxycertinfo, &der, ASN1_ITEM_ptr(method->it)); + oct = ASN1_OCTET_STRING_new(); + assert(oct != NULL && "ASN1_OCTET_STRING_new failed"); + + oct->data = der; + oct->length = len; + ex7 = X509_EXTENSION_create_by_NID(NULL, v3nid, 1 /*critical*/, oct); + + ASN1_OCTET_STRING_free(oct); + value = NULL; } else { - if (nativeopenssl) { - X509V3_CTX ctx; - X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0L); - ctx.db = (void*)&ctx; - X509V3_CONF_METHOD method = { NULL, NULL, NULL, NULL }; - ctx.db_meth = &method; - ex7 = X509V3_EXT_conf_nid(NULL, &ctx, my_txt2nid(PROXYCERTINFO_V4), (char*)value); - free(value); - value = NULL; - } - else - ex7 = X509V3_EXT_conf_nid(NULL, NULL, my_txt2nid(PROXYCERTINFO_V4), (char*)value); + assert(args->proxyversion == 4); + X509V3_CTX ctx; + X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0L); + ctx.db = (void*)&ctx; + X509V3_CONF_METHOD method = { NULL, NULL, NULL, NULL }; + ctx.db_meth = &method; + ex7 = X509V3_EXT_conf_nid(NULL, &ctx, my_txt2nid(PROXYCERTINFO_OID), (char*)value); + assert(ex7 != NULL && "X509V3_EXT_conf_nid failed"); + + free(value); + X509_EXTENSION_set_critical(ex7, 1); + value = NULL; } - if (policy) { - free(policy); - policy = NULL; - } + free(policy); + policy = NULL; if (ex7 == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN, PRXYERR_R_CLASS_ADD_EXT); goto err; } - if (args->proxyversion >= 3) { - X509_EXTENSION_set_critical(ex7, 1); - } - if (!SET_EXT(ex7)) goto err; } @@ -554,23 +593,20 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, args->selfsigned)) { goto err; } - } - else { - if (proxy_sign(NULL, - npkey, - req, - &ncert, - args->hours*60*60 + args->minutes*60, - extensions, - args->limited, - 0, - args->newsubject, - args->newsubject, - args->pastproxy, - NULL, - args->selfsigned)) { - goto err; - } + } else if (proxy_sign(NULL, + npkey, + req, + &ncert, + args->hours*60*60 + args->minutes*60, + extensions, + args->limited, + 0, + args->newsubject, + args->newsubject, + args->pastproxy, + NULL, + args->selfsigned)) { + goto err; } proxy = (struct VOMSProxy*)malloc(sizeof(struct VOMSProxy)); @@ -580,11 +616,13 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, proxy->key = npkey; proxy->chain = sk_X509_new_null(); - if (args->cert) + if (args->cert) { sk_X509_push(proxy->chain, X509_dup(args->cert)); + } - for (i = 0; i < sk_X509_num(args->chain); i++) + for (i = 0; i < sk_X509_num(args->chain); i++) { sk_X509_push(proxy->chain, X509_dup(sk_X509_value(args->chain, i))); + } } err: @@ -597,8 +635,10 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, if (extensions) { sk_X509_EXTENSION_pop_free(extensions, X509_EXTENSION_free); } - if (!args->proxyrequest) + + if (!args->proxyrequest) { X509_REQ_free(req); + } X509_EXTENSION_free(ex13); X509_EXTENSION_free(ex12); diff --git a/src/sslutils/proxycertinfo.c b/src/sslutils/proxycertinfo.c index a944ea17..41bc5139 100644 --- a/src/sslutils/proxycertinfo.c +++ b/src/sslutils/proxycertinfo.c @@ -1,511 +1,359 @@ -/********************************************************************* - * - * Authors: Valerio Venturi - Valerio.Venturi@cnaf.infn.it - * Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it - * - * Copyright (c) Members of the EGEE Collaboration. 2004-2010. - * See http://www.eu-egee.org/partners/ for details on the copyright holders. - * +/* + * Copyright 1999-2006 University of Chicago + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * + * http://www.apache.org/licenses/LICENSE-2.0 + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * - * Parts of this code may be based upon or even include verbatim pieces, - * originally written by other people, in which case the original header - * follows. - * - *********************************************************************/ -#include "config.h" + */ #include - #include -#include -#include +#include +#include +#include +#include -#include "myproxycertinfo.h" #include "doio.h" -/* myPROXYPOLICY function */ - -myPROXYPOLICY * myPROXYPOLICY_new() -{ - ASN1_CTX c; - myPROXYPOLICY * ret; - - ret = NULL; +#include "proxycertinfo.h" - M_ASN1_New_Malloc(ret, myPROXYPOLICY); - ret->policy_language = OBJ_nid2obj(OBJ_sn2nid(IMPERSONATION_PROXY_SN)); - ret->policy = NULL; - return (ret); - M_ASN1_New_Error(ASN1_F_PROXYPOLICY_NEW); -} +typedef PROXY_CERT_INFO_EXTENSION PROXYCERTINFO_OLD; -void myPROXYPOLICY_free(myPROXYPOLICY * policy) +ASN1_SEQUENCE(PROXYCERTINFO_OLD) = { - if(policy == NULL) return; - - ASN1_OBJECT_free(policy->policy_language); - M_ASN1_OCTET_STRING_free(policy->policy); - OPENSSL_free(policy); -} - -/* duplicate */ -myPROXYPOLICY * myPROXYPOLICY_dup(myPROXYPOLICY * policy) + ASN1_SIMPLE(PROXYCERTINFO_OLD, proxyPolicy, PROXY_POLICY), + ASN1_EXP_OPT(PROXYCERTINFO_OLD, pcPathLengthConstraint, ASN1_INTEGER, 1), +} ASN1_SEQUENCE_END(PROXYCERTINFO_OLD) + +IMPLEMENT_ASN1_FUNCTIONS(PROXYCERTINFO_OLD) +IMPLEMENT_ASN1_DUP_FUNCTION(PROXYCERTINFO_OLD) + +static +void* +PROXYCERTINFO_OLD_s2i( + struct v3_ext_method const* method + , struct v3_ext_ctx* ctx + , char const* data +) { -#ifdef TYPEDEF_I2D_OF - return ((myPROXYPOLICY *) ASN1_dup((i2d_of_void *)i2d_myPROXYPOLICY, - (d2i_of_void *)d2i_myPROXYPOLICY, - (char *)policy)); -#else - return ((myPROXYPOLICY *) ASN1_dup((int (*)())i2d_myPROXYPOLICY, - (char *(*)())d2i_myPROXYPOLICY, - (char *)policy)); -#endif + return (PROXY_CERT_INFO_EXTENSION*)data; } -/* set policy language */ -int myPROXYPOLICY_set_policy_language(myPROXYPOLICY * policy, ASN1_OBJECT * policy_language) +static +char* PROXYCERTINFO_OLD_i2s(struct v3_ext_method* method, void* ext) { - if(policy_language != NULL) { - ASN1_OBJECT_free(policy->policy_language); - policy->policy_language = OBJ_dup(policy_language); - return 1; - } - - return 0; -} - -/* get policy language */ -ASN1_OBJECT * myPROXYPOLICY_get_policy_language(myPROXYPOLICY * policy) -{ - return policy->policy_language; -} - -/* set policy */ -int myPROXYPOLICY_set_policy(myPROXYPOLICY * proxypolicy, unsigned char * policy, int length) -{ - if(policy != NULL) { - /* if member policy of proxypolicy non set */ - if(!proxypolicy->policy) - proxypolicy->policy = ASN1_OCTET_STRING_new(); - - /* set member policy of proxypolicy */ - ASN1_OCTET_STRING_set(proxypolicy->policy, policy, length); - } - else - ASN1_OCTET_STRING_free(proxypolicy->policy); - - return 1; -} + PROXY_CERT_INFO_EXTENSION* pci = NULL; + char *encoding = NULL; + char *output = NULL; + PROXY_POLICY *pp; + int dooid = 0; + char oid[256]; -/* get policy */ -unsigned char * myPROXYPOLICY_get_policy(myPROXYPOLICY * proxypolicy, int * length) -{ - /* assure field policy is set */ + pci = (PROXY_CERT_INFO_EXTENSION *)ext; + + if (!pci) + return ""; - if(proxypolicy->policy) { - *length = proxypolicy->policy->length; + if (pci->pcPathLengthConstraint) { + int j = ASN1_INTEGER_get(pci->pcPathLengthConstraint); - /* assure ASN1_OCTET_STRING is full */ - if (*length>0 && proxypolicy->policy->data) { - unsigned char * copy = malloc(*length); - memcpy(copy, proxypolicy->policy->data, *length); - return copy; - } + char *buffer = snprintf_wrap("%X", j); + output = snprintf_wrap("Path Length Constraint: %s%s\n\n", strlen(buffer)%2 ? "0" : "", buffer); + free(buffer); } - return NULL; -} - -/* internal to der conversion */ -int i2d_myPROXYPOLICY(myPROXYPOLICY * policy, unsigned char ** pp) -{ - M_ASN1_I2D_vars(policy); - - M_ASN1_I2D_len(policy->policy_language, i2d_ASN1_OBJECT); + else + output = strdup("Path Length Constraint: unlimited\n"); - if(policy->policy) { - M_ASN1_I2D_len(policy->policy, i2d_ASN1_OCTET_STRING); - } - - M_ASN1_I2D_seq_total(); - M_ASN1_I2D_put(policy->policy_language, i2d_ASN1_OBJECT); + pp = pci->proxyPolicy; - if(policy->policy) { - M_ASN1_I2D_put(policy->policy, i2d_ASN1_OCTET_STRING); + if (pp && i2t_ASN1_OBJECT(oid, 256, pp->policyLanguage)) { + dooid = 1; } - M_ASN1_I2D_finish(); -} - -myPROXYPOLICY * d2i_myPROXYPOLICY(myPROXYPOLICY ** a, unsigned char ** pp, long length) -{ - M_ASN1_D2I_vars(a, myPROXYPOLICY *, myPROXYPOLICY_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->policy_language, d2i_ASN1_OBJECT); - - /* need to try getting the policy using - * a) a call expecting no tags - * b) a call expecting tags - * one of which should succeed - */ - - M_ASN1_D2I_get_opt(ret->policy, - d2i_ASN1_OCTET_STRING, - V_ASN1_OCTET_STRING); - M_ASN1_D2I_get_IMP_opt(ret->policy, - d2i_ASN1_OCTET_STRING, - 0, - V_ASN1_OCTET_STRING); - M_ASN1_D2I_Finish(a, - myPROXYPOLICY_free, - ASN1_F_D2I_PROXYPOLICY); -} - - - -/* myPROXYCERTINFO function */ - -myPROXYCERTINFO * myPROXYCERTINFO_new() -{ - myPROXYCERTINFO * ret = NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, myPROXYCERTINFO); - memset(ret, 0, sizeof(myPROXYCERTINFO)); - ret->path_length = NULL; - ret->proxypolicy = myPROXYPOLICY_new(); - return (ret); - M_ASN1_New_Error(ASN1_F_PROXYCERTINFO_NEW); -} + encoding = snprintf_wrap("%sPolicy Language: %s%s%s%s\n", + output, + ( dooid ? oid : ""), + ( (pp && pp->policy) ? "\nPolicy Text: " : ""), + ( (pp && pp->policy) ? (char*)ASN1_STRING_data(pp->policy) : ""), + ( (pp && pp->policy) ? "\n" : "")); -void myPROXYCERTINFO_free(myPROXYCERTINFO * proxycertinfo) -{ - /* assure proxycertinfo not empty */ - if(proxycertinfo == NULL) return; - - ASN1_INTEGER_free(proxycertinfo->path_length); - myPROXYPOLICY_free(proxycertinfo->proxypolicy); - OPENSSL_free(proxycertinfo); + free(output); + return encoding; } -/* set path_length */ -int myPROXYCERTINFO_set_path_length(myPROXYCERTINFO * proxycertinfo, long path_length) -{ - /* assure proxycertinfo is not empty */ - if(proxycertinfo != NULL) { - - if(path_length != -1) { - /* if member path_length is empty allocate memory then set */ - if(proxycertinfo->path_length == NULL) - proxycertinfo->path_length = ASN1_INTEGER_new(); - return ASN1_INTEGER_set(proxycertinfo->path_length, path_length); - } - else { - ASN1_INTEGER_free(proxycertinfo->path_length); - proxycertinfo->path_length = NULL; - } - - return 1; - } +STACK_OF(CONF_VALUE) * i2v_PROXYCERTINFO_OLD( + struct v3_ext_method * method, + PROXY_CERT_INFO_EXTENSION * ext, + STACK_OF(CONF_VALUE) * extlist); - return 0; -} - -int myPROXYCERTINFO_set_version(myPROXYCERTINFO * proxycertinfo, int version) +static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, + BIO *out, int indent) { - if (proxycertinfo != NULL) { - proxycertinfo->version = version; + BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); + if (pci->pcPathLengthConstraint) + i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); + else + BIO_printf(out, "infinite"); + BIO_puts(out, "\n"); + BIO_printf(out, "%*sPolicy Language: ", indent, ""); + i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); + BIO_puts(out, "\n"); + if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) + BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", + pci->proxyPolicy->policy->data); return 1; - } - - return 0; } -int myPROXYCERTINFO_get_version(myPROXYCERTINFO * proxycertinfo) +X509V3_EXT_METHOD * PROXYCERTINFO_OLD_x509v3_ext_meth() { - if (proxycertinfo) - return proxycertinfo->version; - return -1; + static X509V3_EXT_METHOD proxycertinfo_x509v3_ext_meth = + { + -1, + X509V3_EXT_MULTILINE, + ASN1_ITEM_ref(PROXYCERTINFO_OLD), + 0, 0, 0, 0, + (X509V3_EXT_I2S) 0,//PROXYCERTINFO_OLD_i2s, + (X509V3_EXT_S2I) 0,//PROXYCERTINFO_OLD_s2i, + (X509V3_EXT_I2V) 0 /*i2v_PROXYCERTINFO_OLD*/, 0, + (X509V3_EXT_I2R) i2r_pci, 0, + NULL + }; + return (&proxycertinfo_x509v3_ext_meth); } - -/* get path length */ -long myPROXYCERTINFO_get_path_length(myPROXYCERTINFO * proxycertinfo) +ASN1_OBJECT * PROXY_POLICY_get_policy_language( + PROXY_POLICY * policy) { - if(proxycertinfo && proxycertinfo->path_length) - return ASN1_INTEGER_get(proxycertinfo->path_length); - else - return -1; + return policy->policyLanguage; } -/* set policy */ -int myPROXYCERTINFO_set_proxypolicy(myPROXYCERTINFO * proxycertinfo, myPROXYPOLICY * proxypolicy) +unsigned char * PROXY_POLICY_get_policy( + PROXY_POLICY * policy, + int * length) { - myPROXYPOLICY_free(proxycertinfo->proxypolicy); - - if(proxypolicy != NULL) - proxycertinfo->proxypolicy = myPROXYPOLICY_dup(proxypolicy); - else - proxycertinfo->proxypolicy = NULL; - - return 1; + if(policy->policy) + { + (*length) = policy->policy->length; + if(*length > 0 && policy->policy->data) + { + unsigned char * copy = malloc(*length); + memcpy(copy, policy->policy->data, *length); + return copy; + } + } + + return NULL; } -/* get policy */ -myPROXYPOLICY * myPROXYCERTINFO_get_proxypolicy(myPROXYCERTINFO * proxycertinfo) +STACK_OF(CONF_VALUE) * i2v_PROXYPOLICY( + struct v3_ext_method * method, + PROXY_POLICY * ext, + STACK_OF(CONF_VALUE) * extlist) { - if(proxycertinfo) - return proxycertinfo->proxypolicy; + unsigned char * policy = NULL; + char policy_lang[128]; + unsigned char * tmp_string = NULL; + unsigned char * index = NULL; + int nid; + int policy_length; - return NULL; -} + X509V3_add_value("Proxy Policy:", NULL, &extlist); -/* internal to der conversion */ -static int i2d_myPROXYCERTINFO_v3(myPROXYCERTINFO * proxycertinfo, unsigned char ** pp) -{ - int v1; + nid = OBJ_obj2nid(PROXY_POLICY_get_policy_language(ext)); - M_ASN1_I2D_vars(proxycertinfo); + if(nid != NID_undef) + { + BIO_snprintf(policy_lang, 128, " %s", OBJ_nid2ln(nid)); + } + else + { + policy_lang[0] = ' '; + i2t_ASN1_OBJECT(&policy_lang[1], + 127, + PROXY_POLICY_get_policy_language(ext)); + } - v1 = 0; - - M_ASN1_I2D_len(proxycertinfo->proxypolicy, i2d_myPROXYPOLICY); - - M_ASN1_I2D_len_EXP_opt(proxycertinfo->path_length,i2d_ASN1_INTEGER, 1, v1); - M_ASN1_I2D_seq_total(); - M_ASN1_I2D_put(proxycertinfo->proxypolicy, i2d_myPROXYPOLICY); - M_ASN1_I2D_put_EXP_opt(proxycertinfo->path_length, i2d_ASN1_INTEGER, 1, v1); - M_ASN1_I2D_finish(); + X509V3_add_value(" Policy Language", + policy_lang, + &extlist); + + policy = PROXY_POLICY_get_policy(ext, &policy_length); + + if(!policy) + { + X509V3_add_value(" Policy", " EMPTY", &extlist); + } + else + { + X509V3_add_value(" Policy:", NULL, &extlist); + + tmp_string = policy; + while (policy_length > 0) + { + int policy_line_length; + + index = memchr(tmp_string, '\n', (size_t) policy_length); + + /* Weird to indent the last line only... */ + if (!index) + { + char * last_string; + + policy_line_length = policy_length; + + last_string = malloc(policy_line_length + 9); + BIO_snprintf( + last_string, + (size_t) (policy_line_length +9), + "%8s%.*s", "", + policy_line_length, + (char *) tmp_string); + X509V3_add_value(NULL, last_string, &extlist); + free(last_string); + } + else + { + *(index++) = '\0'; + policy_line_length = index - tmp_string; + + X509V3_add_value(NULL, (char *) tmp_string, &extlist); + + tmp_string = index; + } + policy_length -= policy_line_length; + } + + free(policy); + } + + return extlist; } -static int i2d_myPROXYCERTINFO_v4(myPROXYCERTINFO * proxycertinfo, unsigned char ** pp) +STACK_OF(CONF_VALUE) * i2v_PROXYCERTINFO_OLD( + struct v3_ext_method * method, + PROXY_CERT_INFO_EXTENSION * ext, + STACK_OF(CONF_VALUE) * extlist) { - M_ASN1_I2D_vars(proxycertinfo); + int len = 128; + char tmp_string[128]; + + if (!ext) { + extlist = NULL; + return extlist; + } - if(proxycertinfo->path_length) - { - M_ASN1_I2D_len(proxycertinfo->path_length, i2d_ASN1_INTEGER); + if (extlist == NULL) + { + extlist = sk_CONF_VALUE_new_null(); + if(extlist == NULL) + { + return NULL; + } } - M_ASN1_I2D_len(proxycertinfo->proxypolicy, i2d_myPROXYPOLICY); - - M_ASN1_I2D_seq_total(); - if(proxycertinfo->path_length) - { - M_ASN1_I2D_put(proxycertinfo->path_length, i2d_ASN1_INTEGER); + if (PROXY_CERT_INFO_EXTENSION_get_path_length(ext) > -1) + { + memset(tmp_string, 0, len); + BIO_snprintf(tmp_string, len, " %lu (0x%lx)", + PROXY_CERT_INFO_EXTENSION_get_path_length(ext), + PROXY_CERT_INFO_EXTENSION_get_path_length(ext)); + X509V3_add_value("Path Length", tmp_string, &extlist); } - M_ASN1_I2D_put(proxycertinfo->proxypolicy, i2d_myPROXYPOLICY); - M_ASN1_I2D_finish(); -} -int i2d_myPROXYCERTINFO(myPROXYCERTINFO * proxycertinfo, unsigned char ** pp) -{ - switch(proxycertinfo->version) { - case 3: - return i2d_myPROXYCERTINFO_v3(proxycertinfo, pp); - break; + if(PROXY_CERT_INFO_EXTENSION_get_policy(ext)) + { + i2v_PROXYPOLICY(NULL, + PROXY_CERT_INFO_EXTENSION_get_policy(ext), + extlist); + } - case 4: - return i2d_myPROXYCERTINFO_v4(proxycertinfo, pp); - break; - default: - return -1; - break; - } + return extlist; } -static myPROXYCERTINFO * d2i_myPROXYCERTINFO_v3(myPROXYCERTINFO ** cert_info, unsigned char ** pp, long length) -{ - M_ASN1_D2I_vars(cert_info, myPROXYCERTINFO *, myPROXYCERTINFO_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); +int +PROXY_CERT_INFO_EXTENSION_set_path_length( + PROXY_CERT_INFO_EXTENSION* pci + , long pl +) +{ + if (pci != NULL) { - M_ASN1_D2I_get((ret->proxypolicy), d2i_myPROXYPOLICY); + if (pl != -1) { + if (pci->pcPathLengthConstraint == NULL) { + pci->pcPathLengthConstraint = ASN1_INTEGER_new(); + } + return ASN1_INTEGER_set(pci->pcPathLengthConstraint, pl); + } else { + ASN1_INTEGER_free(pci->pcPathLengthConstraint); + pci->pcPathLengthConstraint = NULL; + } - M_ASN1_D2I_get_EXP_opt(ret->path_length, d2i_ASN1_INTEGER, 1); + return 1; + } - ret->version = 3; - M_ASN1_D2I_Finish(cert_info, myPROXYCERTINFO_free, ASN1_F_D2I_PROXYCERTINFO); + return 0; } -static myPROXYCERTINFO * d2i_myPROXYCERTINFO_v4(myPROXYCERTINFO ** cert_info, unsigned char ** pp, long length) +long +PROXY_CERT_INFO_EXTENSION_get_path_length(PROXY_CERT_INFO_EXTENSION const* pci) { - M_ASN1_D2I_vars(cert_info, myPROXYCERTINFO *, myPROXYCERTINFO_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - - M_ASN1_D2I_get_EXP_opt(ret->path_length, d2i_ASN1_INTEGER, 1); - - M_ASN1_D2I_get_opt(ret->path_length, d2i_ASN1_INTEGER, V_ASN1_INTEGER); - - M_ASN1_D2I_get((ret->proxypolicy),d2i_myPROXYPOLICY); - - ret->version = 4; - M_ASN1_D2I_Finish(cert_info, myPROXYCERTINFO_free, ASN1_F_D2I_PROXYCERTINFO); + if (pci && pci->pcPathLengthConstraint) { + return ASN1_INTEGER_get(pci->pcPathLengthConstraint); + } else { + return -1; + } } -myPROXYCERTINFO * d2i_myPROXYCERTINFO(myPROXYCERTINFO ** cert_info, unsigned char ** pp, long length) +int +PROXY_CERT_INFO_EXTENSION_set_policy( + PROXY_CERT_INFO_EXTENSION* pci + , PROXY_POLICY* policy +) { - myPROXYCERTINFO *info = d2i_myPROXYCERTINFO_v3(cert_info, pp, length); - if (!info) - info = d2i_myPROXYCERTINFO_v4(cert_info, pp, length); - return info; -} - + PROXY_POLICY_free(pci->proxyPolicy); -static int nativeopenssl = 0; + pci->proxyPolicy = PROXY_POLICY_dup(policy); -static char *norep() -{ - static char *buffer=""; - return buffer; -} - -static void *myproxycertinfo_s2i(UNUSED(struct v3_ext_method *method), UNUSED(struct v3_ext_ctx *ctx), UNUSED(char *data)) -{ - return (myPROXYCERTINFO*)data; + return 1; } -static char *myproxycertinfo_i2s(UNUSED(struct v3_ext_method *method), void *ext) +PROXY_POLICY* +PROXY_CERT_INFO_EXTENSION_get_policy(PROXY_CERT_INFO_EXTENSION const* pci) { - myPROXYCERTINFO *pci = NULL; - char *encoding = NULL; - char *output = NULL; - myPROXYPOLICY *pp; - int dooid = 0; - char oid[256]; - - pci = (myPROXYCERTINFO *)ext; - - if (!pci) - return norep(); - - if (pci->path_length) { - int j = ASN1_INTEGER_get(pci->path_length); - - char *buffer = snprintf_wrap("%X", j); - output = snprintf_wrap("Path Length Constraint: %s%s\n\n", strlen(buffer)%2 ? "0" : "", buffer); - free(buffer); - } - else - output = strdup("Path Length Constraint: unlimited\n"); - - pp = pci->proxypolicy; - - if (pp && i2t_ASN1_OBJECT(oid, 256, pp->policy_language)) { - dooid = 1; + if (pci) { + return pci->proxyPolicy; + } else { + return NULL; } - - encoding = snprintf_wrap("%sPolicy Language: %s%s%s%s\n", - output, - ( dooid ? oid : ""), - ( (pp && pp->policy) ? "\nPolicy Text: " : ""), - ( (pp && pp->policy) ? (char*)ASN1_STRING_data(pp->policy) : ""), - ( (pp && pp->policy) ? "\n" : "")); - - free(output); - return encoding; } void InitProxyCertInfoExtension(int full) { -#define PROXYCERTINFO_V3 "1.3.6.1.4.1.3536.1.222" -#define PROXYCERTINFO_V4 "1.3.6.1.5.5.7.1.14" -#define OBJC(c,n) OBJ_create(c,n,n) - - X509V3_EXT_METHOD *pcert; - static int set = 0; - ASN1_OBJECT *objv3; - ASN1_OBJECT *objv4; + static int init_done = 0; - if (set) + if (init_done) { return; - - set = 1; - - - objv3 = OBJ_txt2obj(PROXYCERTINFO_V3,1); - objv4 = OBJ_txt2obj(PROXYCERTINFO_V4,1); - - /* Proxy Certificate Extension's related objects */ - if (OBJ_obj2nid(objv3) == 0) { - ERR_clear_error(); - OBJC(PROXYCERTINFO_V3, "Proxy Certificate Information"); - if (full) { - pcert = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); - - if (pcert) { - memset(pcert, 0, sizeof(*pcert)); - pcert->ext_nid = OBJ_txt2nid(PROXYCERTINFO_V3); - pcert->ext_flags = 0; - pcert->ext_new = (X509V3_EXT_NEW) myPROXYCERTINFO_new; - pcert->ext_free = (X509V3_EXT_FREE)myPROXYCERTINFO_free; - pcert->d2i = (X509V3_EXT_D2I) d2i_myPROXYCERTINFO; - pcert->i2d = (X509V3_EXT_I2D) i2d_myPROXYCERTINFO; - pcert->i2s = (X509V3_EXT_I2S) myproxycertinfo_i2s; - pcert->s2i = (X509V3_EXT_S2I) myproxycertinfo_s2i; - pcert->v2i = (X509V3_EXT_V2I) NULL; - pcert->r2i = (X509V3_EXT_R2I) NULL; - pcert->i2v = (X509V3_EXT_I2V) NULL; - pcert->i2r = (X509V3_EXT_I2R) NULL; - - X509V3_EXT_add(pcert); - } - } } - if (OBJ_obj2nid(objv4) == 0) { - ERR_clear_error(); - OBJC(PROXYCERTINFO_V4, "Proxy Certificate Information"); - if (full) { - pcert = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); - - if (pcert) { - memset(pcert, 0, sizeof(*pcert)); - pcert->ext_nid = OBJ_txt2nid(PROXYCERTINFO_V4); - pcert->ext_flags = 0; - pcert->ext_new = (X509V3_EXT_NEW) myPROXYCERTINFO_new; - pcert->ext_free = (X509V3_EXT_FREE)myPROXYCERTINFO_free; - pcert->d2i = (X509V3_EXT_D2I) d2i_myPROXYCERTINFO; - pcert->i2d = (X509V3_EXT_I2D) i2d_myPROXYCERTINFO; - pcert->i2s = (X509V3_EXT_I2S) myproxycertinfo_i2s; - pcert->s2i = (X509V3_EXT_S2I) myproxycertinfo_s2i; - pcert->v2i = (X509V3_EXT_V2I) NULL; - pcert->r2i = (X509V3_EXT_R2I) NULL; - pcert->i2v = (X509V3_EXT_I2V) NULL; - pcert->i2r = (X509V3_EXT_I2R) NULL; - - X509V3_EXT_add(pcert); - } - } - } + char const* pci_v3_sn = "proxyCertInfo_V3"; + char const* pci_v3_ln = "Proxy Certificate Information (V3)"; + int const v3nid = OBJ_create(PROXYCERTINFO_OLD_OID, pci_v3_sn, pci_v3_ln); + assert(v3nid != 0 && "OBJ_create failed"); -#ifdef X509_V_FLAG_ALLOW_PROXY_CERTS - nativeopenssl = 1; -#endif - - ASN1_OBJECT_free(objv3); - ASN1_OBJECT_free(objv4); - - return; -} + if (X509V3_EXT_get_nid(v3nid) == NULL) { + X509V3_EXT_METHOD* meth = PROXYCERTINFO_OLD_x509v3_ext_meth(); + meth->ext_nid = v3nid; + X509V3_EXT_add(meth); + } -int proxynative(void) -{ - return nativeopenssl; + init_done = 1; } diff --git a/src/sslutils/proxypolicy.c b/src/sslutils/proxypolicy.c new file mode 100644 index 00000000..bb998a3d --- /dev/null +++ b/src/sslutils/proxypolicy.c @@ -0,0 +1,88 @@ +/* + * Copyright 1999-2006 University of Chicago + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#include +#include +#include +#include +#include + +#include "proxypolicy.h" + +/** + * Sets the policy language of the PROXY_POLICY + * + * @param policy the PROXY_POLICY to set the policy language of + * @param policy_language the policy language to set it to + * + * @return 1 on success, 0 on error + */ +int PROXY_POLICY_set_policy_language( + PROXY_POLICY * policy, + ASN1_OBJECT * policy_language) +{ + if(policy_language != NULL) + { + ASN1_OBJECT_free(policy->policyLanguage); + policy->policyLanguage = OBJ_dup(policy_language); + return 1; + } + return 0; +} + +/** + * Sets the policy of the PROXY_POLICY + * + * @param proxypolicy the proxy policy to set the policy of + * @param policy the policy to set it to + * @param length the length of the policy + * + * @return 1 on success, 0 on error + */ +int PROXY_POLICY_set_policy( + PROXY_POLICY * proxypolicy, + unsigned char * policy, + int length) +{ + assert(length >= 0); + + if(policy != NULL) + { + unsigned char * copy = malloc(length); + assert(copy != NULL && "malloc failed"); + memcpy(copy, policy, length); + + if(!proxypolicy->policy) + { + proxypolicy->policy = ASN1_OCTET_STRING_new(); + } + + ASN1_OCTET_STRING_set(proxypolicy->policy, copy, length); + + } + else + { + if(proxypolicy->policy) + { + ASN1_OCTET_STRING_free(proxypolicy->policy); + } + } + + return 1; +} + +IMPLEMENT_ASN1_DUP_FUNCTION(PROXY_POLICY); diff --git a/src/sslutils/signing_policy.c b/src/sslutils/signing_policy.c index 77984519..03f13ab2 100644 --- a/src/sslutils/signing_policy.c +++ b/src/sslutils/signing_policy.c @@ -1779,17 +1779,6 @@ char **parse_subjects(char *string) return list; } -#if 0 -int main() -{ - signingdebug = 1; - void **arg = NULL; - void *scanner=NULL; - signinglex_init(&scanner); - signingset_debug(1, scanner); - return signingparse(arg, scanner); -} -#endif void signingerror(UNUSED(void *policies), UNUSED(void *scanner), UNUSED(char const *msg)) { } diff --git a/src/sslutils/ssl_compat.c b/src/sslutils/ssl_compat.c new file mode 100644 index 00000000..fd039e65 --- /dev/null +++ b/src/sslutils/ssl_compat.c @@ -0,0 +1,363 @@ +#include "ssl_compat.h" + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +#include +#include +#include +#include + +#define X509_F_X509_PUBKEY_GET0 119 +#define EVP_F_EVP_PKEY_GET0_RSA 121 +#define X509_F_X509_PUBKEY_DECODE 148 +#define X509_F_X509_OBJECT_NEW 150 + +static void *CRYPTO_zalloc(size_t num, const char *file, int line) +{ + void *ret = CRYPTO_malloc(num, file, line); + + if (ret != NULL) + memset(ret, 0, num); + return ret; +} + +#define OPENSSL_zalloc(num) CRYPTO_zalloc(num, __FILE__, __LINE__) + +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) +{ + return x->data; +} + +struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_RSA) { + EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY); + return NULL; + } + return pkey->pkey.rsa; +} + +int X509_REQ_get_signature_nid(const X509_REQ *req) +{ + return OBJ_obj2nid(req->sig_alg->algorithm); +} + +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x) +{ + return x->cert_info->serialNumber; +} + +static int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm) +{ + ASN1_TIME *in; + in = *ptm; + if (in != tm) { + in = ASN1_STRING_dup(tm); + if (in != NULL) { + ASN1_TIME_free(*ptm); + *ptm = in; + } + } + return (in != NULL); +} + +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) +{ + if (x == NULL) + return 0; + return x509_set1_time(&x->cert_info->validity->notAfter, tm); +} + +const ASN1_TIME *X509_get0_notAfter(const X509 *x) +{ + return x->cert_info->validity->notAfter; +} + +void X509_set_proxy_flag(X509 *x) +{ + x->ex_flags |= EXFLAG_PROXY; +} + +void X509_set_proxy_pathlen(X509 *x, long l) +{ + x->ex_pcpathlen = l; +} + +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) +{ + return ctx->cert; +} + +#define X509_LU_NONE 0 + +X509_OBJECT *X509_OBJECT_new(void) +{ + X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret)); + + if (ret == NULL) { + X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE); + return NULL; + } + ret->type = X509_LU_NONE; + return ret; +} + +X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a) +{ + if (a == NULL || a->type != X509_LU_CRL) + return NULL; + return a->data.crl; +} + +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl) +{ + return crl->crl->nextUpdate; +} + +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) +{ + return x->serialNumber; +} + +STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx) +{ + return ctx->chain; +} + +long X509_get_proxy_pathlen(X509 *x) +{ + /* Called for side effect of caching extensions */ + if (X509_check_purpose(x, -1, -1) != 1 + || (x->ex_flags & EXFLAG_PROXY) == 0) + return -1; + return x->ex_pcpathlen; +} + +uint32_t X509_get_extension_flags(X509 *x) +{ + /* Call for side-effect of computing hash and caching extensions */ + X509_check_purpose(x, -1, -1); + return x->ex_flags; +} + +void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x) +{ + ctx->current_cert = x; +} + +void X509_OBJECT_free(X509_OBJECT *a) +{ + if (a == NULL) + return; + switch (a->type) { + default: + break; + case X509_LU_X509: + X509_free(a->data.x509); + break; + case X509_LU_CRL: + X509_CRL_free(a->data.crl); + break; + } + OPENSSL_free(a); +} + +void X509_STORE_set_check_issued(X509_STORE *ctx, + X509_STORE_CTX_check_issued_fn check_issued) +{ + ctx->check_issued = check_issued; +} + +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) +{ + if (p != NULL) + *p = r->p; + if (q != NULL) + *q = r->q; +} + +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +{ + if (n != NULL) + *n = r->n; + if (e != NULL) + *e = r->e; + if (d != NULL) + *d = r->d; +} + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) +{ + /* If the fields n and e in r are NULL, the corresponding input + * parameters MUST be non-NULL for n and e. d may be + * left NULL (in case only the public key is used). + */ + if ((r->n == NULL && n == NULL) + || (r->e == NULL && e == NULL)) + return 0; + + if (n != NULL) { + BN_free(r->n); + r->n = n; + } + if (e != NULL) { + BN_free(r->e); + r->e = e; + } + if (d != NULL) { + BN_free(r->d); + r->d = d; + } + + return 1; +} + +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) +{ + return x->cert_info->extensions; +} + +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x) +{ + return x->cert_info->signature; +} + +void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid, + const ASN1_BIT_STRING **psuid) +{ + if (piuid != NULL) + *piuid = x->cert_info->issuerUID; + if (psuid != NULL) + *psuid = x->cert_info->subjectUID; +} + +#define BIO_TYPE_START 128 + +int BIO_get_new_index(void) +{ + static int bio_count = BIO_TYPE_START; + + /* not thread-safe */ + return ++bio_count; +} + +BIO_METHOD *BIO_meth_new(int type, const char *name) +{ + BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD)); + + if (biom != NULL) { + biom->type = type; + biom->name = name; + } + return biom; +} + +int (*BIO_meth_get_write(BIO_METHOD *biom)) (BIO *, const char *, int) +{ + return biom->bwrite; +} + +int BIO_meth_set_write(BIO_METHOD *biom, int (*bwrite) (BIO *, const char *, int)) +{ + biom->bwrite = bwrite; + return 1; +} + +int (*BIO_meth_get_read(BIO_METHOD *biom)) (BIO *, char *, int) +{ + return biom->bread; +} + +int BIO_meth_set_read(BIO_METHOD *biom, int (*bread) (BIO *, char *, int)) +{ + biom->bread = bread; + return 1; +} + +int (*BIO_meth_get_puts(BIO_METHOD *biom)) (BIO *, const char *) +{ + return biom->bputs; +} + +int BIO_meth_set_puts(BIO_METHOD *biom, + int (*bputs) (BIO *, const char *)) +{ + biom->bputs = bputs; + return 1; +} + +int (*BIO_meth_get_gets(BIO_METHOD *biom)) (BIO *, char *, int) +{ + return biom->bgets; +} + +int BIO_meth_set_gets(BIO_METHOD *biom, int (*bgets) (BIO *, char *, int)) +{ + biom->bgets = bgets; + return 1; +} + +long (*BIO_meth_get_ctrl(BIO_METHOD *biom)) (BIO *, int, long, void *) +{ + return biom->ctrl; +} + +int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)) +{ + biom->ctrl = ctrl; + return 1; +} + +int (*BIO_meth_get_create(BIO_METHOD *biom)) (BIO *) +{ + return biom->create; +} + +int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *)) +{ + biom->create = create; + return 1; +} + +int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *) +{ + return biom->destroy; +} + +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)) +{ + biom->destroy = destroy; + return 1; +} + +long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom)) (BIO *, int, bio_info_cb *) +{ + return biom->callback_ctrl; +} + +int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, bio_info_cb *)) +{ + biom->callback_ctrl = callback_ctrl; + return 1; +} + +#if OPENSSL_VERSION_NUMBER < 0x10002000L + +int X509_get_signature_nid(const X509 *x) +{ + return OBJ_obj2nid(x->sig_alg->algorithm); +} + +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x) +{ + if (psig) + *psig = x->signature; + if (palg) + *palg = x->sig_alg; +} + +#endif + +#endif diff --git a/src/sslutils/sslutils.c b/src/sslutils/sslutils.c index c8865711..5320d90d 100644 --- a/src/sslutils/sslutils.c +++ b/src/sslutils/sslutils.c @@ -33,12 +33,13 @@ sslutils.c #include "config.h" #include "replace.h" -#include "myproxycertinfo.h" +#include "proxycertinfo.h" #include "sslutils.h" #include "parsertypes.h" #include "doio.h" #include "data.h" #include "voms_cert_type.h" +#include "ssl_compat.h" #ifdef HAVE_UNISTD_H #include @@ -98,6 +99,8 @@ sslutils.c #include "scutils.h" #endif +#include + static int fix_add_entry_asn1_set_param = 0; @@ -260,27 +263,27 @@ X509_NAME_cmp_no_set( X509_NAME_ENTRY * na; X509_NAME_ENTRY * nb; - if (sk_X509_NAME_ENTRY_num(a->entries) != - sk_X509_NAME_ENTRY_num(b->entries)) + if (X509_NAME_entry_count(a) != X509_NAME_entry_count(b)) { - return(sk_X509_NAME_ENTRY_num(a->entries) - - sk_X509_NAME_ENTRY_num(b->entries)); + return(X509_NAME_entry_count(a) - X509_NAME_entry_count(b)); } - for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) + for (i=X509_NAME_entry_count(a)-1; i>=0; i--) { - na = sk_X509_NAME_ENTRY_value(a->entries,i); - nb = sk_X509_NAME_ENTRY_value(b->entries,i); - j = na->value->length-nb->value->length; + na = X509_NAME_get_entry(a,i); + nb = X509_NAME_get_entry(b,i); + ASN1_STRING* sa = X509_NAME_ENTRY_get_data(na); + ASN1_STRING* sb = X509_NAME_ENTRY_get_data(nb); + j = ASN1_STRING_length(sa) - ASN1_STRING_length(sb); if (j) { return(j); } - j = memcmp(na->value->data, - nb->value->data, - na->value->length); + j = memcmp(ASN1_STRING_get0_data(sa), + ASN1_STRING_get0_data(sb), + ASN1_STRING_length(sa)); if (j) { return(j); @@ -290,11 +293,11 @@ X509_NAME_cmp_no_set( /* We will check the object types after checking the values * since the values will more often be different than the object * types. */ - for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) + for (i=X509_NAME_entry_count(a)-1; i>=0; i--) { - na = sk_X509_NAME_ENTRY_value(a->entries,i); - nb = sk_X509_NAME_ENTRY_value(b->entries,i); - j = OBJ_cmp(na->object,nb->object); + na = X509_NAME_get_entry(a,i); + nb = X509_NAME_get_entry(b,i); + j = OBJ_cmp(X509_NAME_ENTRY_get_object(na),X509_NAME_ENTRY_get_object(nb)); if (j) { @@ -420,6 +423,8 @@ ERR_load_proxy_error_strings(){ ERR_load_strings(ERR_USER_LIB_PRXYERR_NUMBER,prxyerr_str_functs); ERR_load_strings(ERR_USER_LIB_PRXYERR_NUMBER,prxyerr_str_reasons); } + + return 0; } /********************************************************************** @@ -471,6 +476,7 @@ ERR_load_prxyerr_strings( OBJ_create("1.3.6.1.4.1.3536.1.1.1.2","DELEGATE","Delegate"); OBJ_create("1.3.6.1.4.1.3536.1.1.1.3","RESTRICTEDRIGHTS", "RestrictedRights"); + /* the following is already available in OpenSSL... */ OBJ_create("0.9.2342.19200300.100.1.1","USERID","userId"); ERR_load_strings(ERR_USER_LIB_PRXYERR_NUMBER,prxyerr_str_functs); @@ -504,7 +510,7 @@ ERR_load_prxyerr_strings( RAND_load_file(randfile,1024L*1024L); } -#if SSLEAY_VERSION_NUMBER >= 0x0090581fL +#if SSLEAY_VERSION_NUMBER >= 0x0090581fL && !defined(OPENSSL_NO_EGD) /* * Try to use the Entropy Garthering Deamon * See the OpenSSL crypto/rand/rand_egd.c @@ -628,7 +634,7 @@ proxy_load_user_proxy( x = PEM_read_bio_X509(in,NULL, OPENSSL_PEM_CB(NULL,NULL)); if (x == NULL) { - if ((ERR_GET_REASON(ERR_peek_error()) == + if ((ERR_GET_REASON(ERR_peek_last_error()) == PEM_R_NO_START_LINE) && (count > 0)) { ERR_clear_error(); @@ -642,31 +648,20 @@ proxy_load_user_proxy( } if (count) { - (void)sk_X509_insert(cert_chain,x,sk_X509_num(cert_chain)); - - x = NULL; + (void)sk_X509_push(cert_chain,x); + } else { + X509_free(x); } count++; - if (x) - { - X509_free(x); - x = NULL; - } } ret = count; err: - if (x != NULL) - { - X509_free(x); - } + X509_free(x); + BIO_free(in); - if (in != NULL) - { - BIO_free(in); - } return(ret); } @@ -715,7 +710,7 @@ proxy_genreq( goto err; } - if (upkey->type != EVP_PKEY_RSA) + if (!EVP_PKEY_get0_RSA(upkey)) { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); goto err; @@ -801,11 +796,11 @@ proxy_genreq( name = NULL; X509_REQ_set_pubkey(req,pkey); - EVP_MD* md = EVP_get_digestbyobj(req->sig_alg->algorithm); + EVP_MD const* md = EVP_get_digestbynid(X509_REQ_get_signature_nid(req)); if ( ucert ){ - md = EVP_get_digestbyobj(ucert->sig_alg->algorithm); + md = EVP_get_digestbynid(X509_get_signature_nid(ucert)); } @@ -914,14 +909,14 @@ proxy_sign( unsigned char md[SHA_DIGEST_LENGTH]; unsigned int len; - EVP_MD* sig_algo; + EVP_MD const* sig_algo; - sig_algo = EVP_get_digestbyobj(req->sig_alg->algorithm); + sig_algo = EVP_get_digestbynid(X509_REQ_get_signature_nid(req)); if (sig_algo == NULL) sig_algo = EVP_sha1(); if(proxyver>=3) { unsigned sub_hash; - EVP_MD* cn_sig_algo; + EVP_MD const* cn_sig_algo; EVP_PKEY* req_public_key; cn_sig_algo = EVP_sha1(); @@ -954,7 +949,7 @@ proxy_sign( PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_PROCESS_SIGN); if (proxyver >= 3) { free(newcn); - free(newserial); + free((void*)newserial); } return 1; } @@ -992,7 +987,7 @@ proxy_sign( if (proxyver >= 3) { free(newcn); - free(newserial); + free((void*)newserial); } return rc; @@ -1060,32 +1055,16 @@ proxy_sign_ext( { EVP_PKEY * new_public_key = NULL; EVP_PKEY * tmp_public_key = NULL; - X509_CINF * new_cert_info; - X509_CINF * user_cert_info; - X509_EXTENSION * extension = NULL; time_t time_diff, time_now, time_after; ASN1_UTCTIME * asn1_time = NULL; int i; - unsigned char md[SHA_DIGEST_LENGTH]; unsigned int len; - EVP_MD* sig_algo; + EVP_MD const* sig_algo; sig_algo = EVP_sha1(); - if (!selfsigned) - user_cert_info = user_cert->cert_info; - *new_cert = NULL; - if ((req->req_info == NULL) || - (req->req_info->pubkey == NULL) || - (req->req_info->pubkey->public_key == NULL) || - (req->req_info->pubkey->public_key->data == NULL)) - { - PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_MALFORM_REQ); - goto err; - } - if ((new_public_key=X509_REQ_get_pubkey(req)) == NULL) { PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_MALFORM_REQ); goto err; @@ -1115,8 +1094,6 @@ proxy_sign_ext( goto err; } - new_cert_info = (*new_cert)->cert_info; - /* set the subject name */ if(subject_name && !X509_set_subject_name(*new_cert,subject_name)) @@ -1133,14 +1110,15 @@ proxy_sign_ext( BIGNUM *bn = NULL; if (BN_hex2bn(&bn, newserial) != 0) { ASN1_INTEGER *a_int = BN_to_ASN1_INTEGER(bn, NULL); - ASN1_INTEGER_free((*new_cert)->cert_info->serialNumber); - - /* Note: The a_int == NULL case is handled below. */ - (*new_cert)->cert_info->serialNumber = a_int; BN_free(bn); + /* Note: The a_int == NULL case is handled below. */ + X509_set_serialNumber(*new_cert, a_int); + ASN1_INTEGER_free(a_int); } } else if (proxyver > 2) { + unsigned char md[SHA_DIGEST_LENGTH + 1]; + ASN1_INTEGER_free(X509_get_serialNumber(*new_cert)); new_public_key = X509_REQ_get_pubkey(req); @@ -1149,44 +1127,36 @@ proxy_sign_ext( #else ASN1_digest(i2d_PUBKEY, sig_algo, (char *) new_public_key, md, &len); #endif + md[len] = '\0'; + EVP_PKEY_free(new_public_key); new_public_key = NULL; - (*new_cert)->cert_info->serialNumber = ASN1_INTEGER_new(); - (*new_cert)->cert_info->serialNumber->length = len; - (*new_cert)->cert_info->serialNumber->data = malloc(len); - - if (!((*new_cert)->cert_info->serialNumber->data)) { - PRXYerr(PRXYERR_F_PROXY_SIGN_EXT, PRXYERR_R_PROCESS_PROXY); - goto err; + BIGNUM* bn = NULL; + if (BN_hex2bn(&bn, (char*)md) != 0) { + ASN1_INTEGER *a_int = BN_to_ASN1_INTEGER(bn, NULL); + BN_free(bn); + X509_set_serialNumber(*new_cert, a_int); + ASN1_INTEGER_free(a_int); } - memcpy((*new_cert)->cert_info->serialNumber->data, md, SHA_DIGEST_LENGTH); + } else if (selfsigned) { - ASN1_INTEGER *copy = ASN1_INTEGER_new(); - if (copy) { - ASN1_INTEGER_set(copy, 1); - ASN1_INTEGER_free((*new_cert)->cert_info->serialNumber); - - (*new_cert)->cert_info->serialNumber = copy; + ASN1_INTEGER *a_int = ASN1_INTEGER_new(); + if (a_int) { + ASN1_INTEGER_set(a_int, 1); + X509_set_serialNumber(*new_cert, a_int); + ASN1_INTEGER_free(a_int); } else goto err; } else { - ASN1_INTEGER *copy = ASN1_INTEGER_dup(X509_get_serialNumber(user_cert)); - ASN1_INTEGER_free((*new_cert)->cert_info->serialNumber); - - /* Note: The copy == NULL case is handled immediately below. */ - (*new_cert)->cert_info->serialNumber = copy; - } - - if (!(*new_cert)->cert_info->serialNumber) { - PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_PROCESS_PROXY); - goto err; + ASN1_INTEGER *a_int = ASN1_INTEGER_dup(X509_get0_serialNumber(user_cert)); + X509_set_serialNumber(*new_cert, a_int); + ASN1_INTEGER_free(a_int); } - /* set the issuer name */ if (issuer_name) @@ -1231,73 +1201,51 @@ proxy_sign_ext( X509_gmtime_adj(X509_get_notAfter(*new_cert),(long) seconds - pastproxy); } else { - X509_set_notAfter(*new_cert, user_cert_info->validity->notAfter); + int ret = X509_set1_notAfter(*new_cert, X509_get0_notAfter(user_cert)); + assert(ret == 1 && "X509_set1_notAfter failed"); } } /* transfer the public key from req to new cert */ - /* DEE? should this be a dup? */ - - X509_PUBKEY_free(new_cert_info->key); - new_cert_info->key = req->req_info->pubkey; - req->req_info->pubkey = NULL; + { + EVP_PKEY* const pub_key = X509_REQ_get_pubkey(req); + assert(pub_key && "X509_REQ_get0_pubkey failed"); + int const ret = X509_set_pubkey(*new_cert, pub_key); + assert(ret == 1 && "X509_set_pubkey failed"); + EVP_PKEY_free(pub_key); + } /* * We can now add additional extentions here * such as to control the usage of the cert */ - if (new_cert_info->version == NULL) { - if ((new_cert_info->version = ASN1_INTEGER_new()) == NULL) - { - PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_PROCESS_PROXY); - goto err; - } - } - - ASN1_INTEGER_set(new_cert_info->version,2); /* version 3 certificate */ - - /* Free the current entries if any, there should not - * be any I belive - */ - - if (new_cert_info->extensions != NULL) - { - sk_X509_EXTENSION_pop_free(new_cert_info->extensions, - X509_EXTENSION_free); + int const ret = X509_set_version(*new_cert, 2L); + assert(ret == 1 && "X509_set_version failed"); } /* Add extensions provided by the client */ + /* TODO: who frees extensions? */ if (extensions) { - if ((new_cert_info->extensions = - sk_X509_EXTENSION_new_null()) == NULL) - { - PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_DELEGATE_COPY); - } - - /* Lets 'copy' the client extensions to the new proxy */ - /* we should look at the type, and only copy some */ - for (i=0; iextensions, - extension)) - { - PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_DELEGATE_COPY); - goto err; - } + if (ret == 0) + { + PRXYerr(PRXYERR_F_PROXY_SIGN_EXT,PRXYERR_R_DELEGATE_COPY); + goto err; + } } } @@ -1452,7 +1400,7 @@ proxy_marshal_bp( } if (!PEM_write_bio_RSAPrivateKey(bp, - npkey->pkey.rsa, + EVP_PKEY_get0_RSA(npkey), NULL, NULL, 0, @@ -1524,6 +1472,8 @@ proxy_verify_init( pvd->cert_chain = NULL; pvd->limited_proxy = 0; pvd->multiple_limited_proxy_ok = 0; + pvd->cert_store = NULL; + pvd->recursive_depth = 0; } /********************************************************************** @@ -1658,12 +1608,12 @@ int proxy_verify_name(X509* cert){ // If we reach this point, name checks on the proxy have // succeeded, and this is actually a proxy, inform OpenSSL // (is this still needed?) - cert->ex_flags |= EXFLAG_PROXY; - cert->ex_pcpathlen = -1; + X509_set_proxy_flag(cert); + X509_set_proxy_pathlen(cert, -1L); if (VOMS_IS_LIMITED_PROXY(cert_type)) { - cert->ex_pcpathlen = 0; + X509_set_proxy_pathlen(cert, 0L); return 2; } @@ -1732,12 +1682,11 @@ proxy_verify_callback( int ok, X509_STORE_CTX * ctx) { - X509_OBJECT obj; + X509_OBJECT* obj = NULL; X509 * cert = NULL; X509 * prev_cert = NULL; X509_CRL * crl; - X509_CRL_INFO * crl_info; X509_REVOKED * revoked; SSL * ssl = NULL; @@ -1795,15 +1744,15 @@ proxy_verify_callback( X509_STORE_CTX_get_error_depth(ctx) -1); if (proxy_verify_name(prev_cert) > 0 && - proxy_check_issued(ctx, ctx->current_cert, prev_cert)){ + proxy_check_issued(ctx, X509_STORE_CTX_get_current_cert(ctx), prev_cert)){ ok = 1; } break; case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: - if (proxy_verify_name(ctx->cert) > 0) { - if (check_critical_extensions(ctx->cert, 1)) + if (proxy_verify_name(X509_STORE_CTX_get0_cert(ctx)) > 0) { + if (check_critical_extensions(X509_STORE_CTX_get0_cert(ctx), 1)) /* Allows proxy specific extensions on proxies. */ ok = 1; } @@ -1816,17 +1765,17 @@ proxy_verify_callback( /* if already failed, skip the rest, but add error messages */ if (!ok) { - if (ctx->error==X509_V_ERR_CERT_NOT_YET_VALID) + if (X509_STORE_CTX_get_error(ctx)==X509_V_ERR_CERT_NOT_YET_VALID) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CERT_NOT_YET_VALID); ERR_set_continue_needed(); } - else if (ctx->error==X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) + else if (X509_STORE_CTX_get_error(ctx)==X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_LOCAL_CA_UNKNOWN); ERR_set_continue_needed(); } - else if (ctx->error==X509_V_ERR_CERT_HAS_EXPIRED) + else if (X509_STORE_CTX_get_error(ctx)==X509_V_ERR_CERT_HAS_EXPIRED) { PRXYerr(PRXYERR_F_VERIFY_CB, PRXYERR_R_REMOTE_CRED_EXPIRED); ERR_set_continue_needed(); @@ -1848,12 +1797,12 @@ proxy_verify_callback( * and ca-signing-policy rules. We will also do a CRL check */ - ret = proxy_verify_name(ctx->current_cert); + ret = proxy_verify_name(X509_STORE_CTX_get_current_cert(ctx)); if (ret < 0) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_BAD_PROXY_ISSUER); ERR_set_continue_needed(); - ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_SIGNATURE_FAILURE); goto fail_verify; } else if (ret > 0) { /* Its a proxy */ @@ -1862,10 +1811,10 @@ proxy_verify_callback( pvd->limited_proxy = 1; /* its a limited proxy */ - if (ctx->error_depth && !pvd->multiple_limited_proxy_ok) { + if (X509_STORE_CTX_get_error_depth(ctx) && !pvd->multiple_limited_proxy_ok) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_LPROXY_MISSED_USED); ERR_set_continue_needed(); - ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE; + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_SIGNATURE_FAILURE); goto fail_verify; } } @@ -1876,36 +1825,38 @@ proxy_verify_callback( if (!itsaproxy) { - + obj = X509_OBJECT_new(); /** CRL checks **/ int n = 0; - if (X509_STORE_get_by_subject(ctx, - X509_LU_CRL, - X509_get_subject_name(ctx->current_issuer), - &obj)) + if (obj != NULL + && X509_STORE_get_by_subject(ctx, + X509_LU_CRL, + X509_get_subject_name(X509_STORE_CTX_get0_current_issuer(ctx)), + obj)) { objset = 1; - crl = obj.data.crl; - crl_info = crl->crl; + crl = X509_OBJECT_get0_X509_CRL(obj); + assert(crl != NULL && "X509_OBJECT_get0_X509_CRL failed"); + /* verify the signature on this CRL */ - key = X509_get_pubkey(ctx->current_issuer); + key = X509_get_pubkey(X509_STORE_CTX_get0_current_issuer(ctx)); if (X509_CRL_verify(crl, key) <= 0) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CRL_SIGNATURE_FAILURE); ERR_set_continue_needed(); - ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE); goto fail_verify; } /* Check date see if expired */ - i = X509_cmp_current_time(crl_info->nextUpdate); + i = X509_cmp_current_time(X509_CRL_get0_nextUpdate(crl)); if (i == 0) { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CRL_NEXT_UPDATE_FIELD); ERR_set_continue_needed(); - ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; + X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD); goto fail_verify; } @@ -1914,35 +1865,34 @@ proxy_verify_callback( { PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CRL_HAS_EXPIRED); ERR_set_continue_needed(); - ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED); goto fail_verify; } /* check if this cert is revoked */ - - n = sk_X509_REVOKED_num(crl_info->revoked); + n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl)); for (i=0; irevoked,i); + X509_CRL_get_REVOKED(crl),i); - if(!ASN1_INTEGER_cmp(revoked->serialNumber, - X509_get_serialNumber(ctx->current_cert))) + if(!ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked), + X509_get_serialNumber(X509_STORE_CTX_get_current_cert(ctx)))) { long serial; char buf[256]; char *s; PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CERT_REVOKED); - serial = ASN1_INTEGER_get(revoked->serialNumber); + serial = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(revoked)); sprintf(buf,"%ld (0x%lX)",serial,serial); s = X509_NAME_oneline(X509_get_subject_name( - ctx->current_cert),NULL,0); + X509_STORE_CTX_get_current_cert(ctx)),NULL,0); ERR_add_error_data(4,"Serial number = ",buf, " Subject=",s); - ctx->error = X509_V_ERR_CERT_REVOKED; + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED); ERR_set_continue_needed(); free(s); s = NULL; @@ -1951,8 +1901,8 @@ proxy_verify_callback( } } - if (X509_NAME_cmp(X509_get_subject_name(ctx->current_cert), - X509_get_issuer_name(ctx->current_cert))) + if (X509_NAME_cmp(X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), + X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)))) { cert_dir = pvd->pvxd->certdir ? pvd->pvxd->certdir : getenv(X509_CERT_DIR); @@ -1963,9 +1913,9 @@ proxy_verify_callback( struct policy **namespaces = NULL; int result = SUCCESS_UNDECIDED; - read_pathrestriction(ctx->chain, cert_dir, &namespaces, &signings); + read_pathrestriction(X509_STORE_CTX_get0_chain(ctx), cert_dir, &namespaces, &signings); - result = restriction_evaluate(ctx->chain, namespaces, signings); + result = restriction_evaluate(X509_STORE_CTX_get0_chain(ctx), namespaces, signings); voms_free_policies(namespaces); voms_free_policies(signings); @@ -1974,7 +1924,7 @@ proxy_verify_callback( { PRXYerr(PRXYERR_F_VERIFY_CB, PRXYERR_R_CA_POLICY_VIOLATION); - ctx->error = X509_V_ERR_INVALID_PURPOSE; + X509_STORE_CTX_set_error(ctx, X509_V_ERR_INVALID_PURPOSE); if (error_string != NULL) { @@ -2006,7 +1956,7 @@ proxy_verify_callback( * Will be used for lifetime calculations */ - goodtill = ASN1_UTCTIME_mktime(X509_get_notAfter(ctx->current_cert)); + goodtill = ASN1_UTCTIME_mktime(X509_get_notAfter(X509_STORE_CTX_get_current_cert(ctx))); if (pvd->pvxd->goodtill == 0 || goodtill < pvd->pvxd->goodtill) { pvd->pvxd->goodtill = goodtill; @@ -2024,9 +1974,9 @@ proxy_verify_callback( free(ca_policy_file_path); } - if (!check_critical_extensions(ctx->current_cert, itsaproxy)) { + if (!check_critical_extensions(X509_STORE_CTX_get_current_cert(ctx), itsaproxy)) { PRXYerr(PRXYERR_F_VERIFY_CB, PRXYERR_R_UNKNOWN_CRIT_EXT); - ctx->error = X509_V_ERR_CERT_REJECTED; + X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REJECTED); goto fail_verify; } @@ -2040,17 +1990,17 @@ proxy_verify_callback( * all we do is substract off the proxy_dpeth */ - if(ctx->current_cert == ctx->cert) + if(X509_STORE_CTX_get_current_cert(ctx) == X509_STORE_CTX_get0_cert(ctx)) { - for (i=0; i < sk_X509_num(ctx->chain); i++) + for (i=0; i < sk_X509_num(X509_STORE_CTX_get0_chain(ctx)); i++) { - cert = sk_X509_value(ctx->chain,i); - if (((i - pvd->proxy_depth) > 1) && (cert->ex_pathlen != -1) - && ((i - pvd->proxy_depth) > (cert->ex_pathlen + 1)) - && (cert->ex_flags & EXFLAG_BCONS)) + cert = sk_X509_value(X509_STORE_CTX_get0_chain(ctx),i); + if (((i - pvd->proxy_depth) > 1) && (X509_get_proxy_pathlen(cert) != -1) + && ((i - pvd->proxy_depth) > (X509_get_proxy_pathlen(cert) + 1)) + && (X509_get_extension_flags(cert) & EXFLAG_BCONS)) { - ctx->current_cert = cert; /* point at failing cert */ - ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; + X509_STORE_CTX_set_current_cert(ctx, cert); /* point at failing cert */ + X509_STORE_CTX_set_error(ctx, X509_V_ERR_PATH_LENGTH_EXCEEDED); goto fail_verify; } } @@ -2060,7 +2010,7 @@ proxy_verify_callback( if (objset) { - X509_OBJECT_free_contents(&obj); + X509_OBJECT_free(obj); } return(ok); @@ -2074,22 +2024,23 @@ proxy_verify_callback( if (objset) { - X509_OBJECT_free_contents(&obj); + X509_OBJECT_free(obj); } - if (ctx->current_cert) + if (X509_STORE_CTX_get_current_cert(ctx)) { char *subject_s = NULL; char *issuer_s = NULL; subject_s = X509_NAME_oneline( - X509_get_subject_name(ctx->current_cert),NULL,0); + X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),NULL,0); issuer_s = X509_NAME_oneline( - X509_get_issuer_name(ctx->current_cert),NULL,0); + X509_get_issuer_name(X509_STORE_CTX_get_current_cert(ctx)),NULL,0); - char *openssl_error_str = X509_verify_cert_error_string(ctx->error); + int const error = X509_STORE_CTX_get_error(ctx); + char const* const error_str = X509_verify_cert_error_string(error); - switch (ctx->error) + switch (error) { case X509_V_OK: case X509_V_ERR_INVALID_PURPOSE: @@ -2097,7 +2048,7 @@ proxy_verify_callback( ERR_add_error_data(9, ": ", - openssl_error_str ? openssl_error_str : "", + error_str ? error_str : "", " [file=", ca_policy_file_path ? ca_policy_file_path : "UNKNOWN", ",subject=", @@ -2108,11 +2059,10 @@ proxy_verify_callback( break; default: PRXYerr(PRXYERR_F_VERIFY_CB,PRXYERR_R_CB_CALLED_WITH_ERROR); - char *openssl_error_str = X509_verify_cert_error_string(ctx->error); ERR_add_error_data(7, ": ", - openssl_error_str ? openssl_error_str : "", + error_str ? error_str : "", " [subject=", subject_s ? subject_s : "UNKNOWN", ",issuer=", @@ -2151,14 +2101,18 @@ proxy_verify_cert_chain( int retval = 0; X509_STORE * cert_store = NULL; X509_LOOKUP * lookup = NULL; - X509_STORE_CTX csc; + X509_STORE_CTX* csc = NULL; X509 * xcert = NULL; X509 * scert = NULL; int cscinitialized = 0; scert = ucert; cert_store = X509_STORE_new(); - X509_STORE_set_verify_cb_func(cert_store, proxy_verify_callback); + X509_STORE_set_verify_cb(cert_store, proxy_verify_callback); +#if SSLEAY_VERSION_NUMBER >= 0x0090600fL + /* override the check_issued with our version */ + X509_STORE_set_check_issued(cert_store, proxy_check_issued); +#endif if (cert_chain != NULL) { int i =0; @@ -2193,18 +2147,15 @@ proxy_verify_cert_chain( X509_LOOKUP_hash_dir()))) { X509_LOOKUP_add_dir(lookup,pvd->pvxd->certdir,X509_FILETYPE_PEM); - X509_STORE_CTX_init(&csc,cert_store,scert,NULL); + csc = X509_STORE_CTX_new(); + X509_STORE_CTX_init(csc,cert_store,scert,NULL); cscinitialized = 1; -#if SSLEAY_VERSION_NUMBER >= 0x0090600fL - /* override the check_issued with our version */ - csc.check_issued = proxy_check_issued; -#endif - X509_STORE_CTX_set_ex_data(&csc, + X509_STORE_CTX_set_ex_data(csc, PVD_STORE_EX_DATA_IDX, (void *)pvd); #ifdef X509_V_FLAG_ALLOW_PROXY_CERTS - X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_ALLOW_PROXY_CERTS); + X509_STORE_CTX_set_flags(csc, X509_V_FLAG_ALLOW_PROXY_CERTS); #endif - if(!X509_verify_cert(&csc)) + if(!X509_verify_cert(csc)) { goto err; } @@ -2213,7 +2164,7 @@ proxy_verify_cert_chain( err: if (cscinitialized) - X509_STORE_CTX_cleanup(&csc); + X509_STORE_CTX_free(csc); if (cert_store) X509_STORE_free(cert_store); return retval; @@ -3151,52 +3102,59 @@ proxy_load_user_key( */ if (ucert) { - X509_PUBKEY *key = X509_get_X509_PUBKEY(ucert); - ucertpkey = X509_PUBKEY_get(key); + ucertpkey = X509_get_pubkey(ucert); int mismatch = 0; - if (ucertpkey!= NULL && ucertpkey->type == - (*private_key)->type) + if (ucertpkey != NULL + && EVP_PKEY_base_id(ucertpkey) == EVP_PKEY_base_id(*private_key)) { - if (ucertpkey->type == EVP_PKEY_RSA) + RSA* public_rsa = EVP_PKEY_get0_RSA(ucertpkey); + if (public_rsa) { - /* add in key as random data too */ - if (ucertpkey->pkey.rsa != NULL) + { /* add in key as random data too */ + BIGNUM const* p; + BIGNUM const* q; + RSA_get0_factors(public_rsa, &p, &q); + if(p != NULL) { - if(ucertpkey->pkey.rsa->p != NULL) - { - RAND_add((void*)ucertpkey->pkey.rsa->p->d, - BN_num_bytes(ucertpkey->pkey.rsa->p), - BN_num_bytes(ucertpkey->pkey.rsa->p)); - } - if(ucertpkey->pkey.rsa->q != NULL) - { - RAND_add((void*)ucertpkey->pkey.rsa->q->d, - BN_num_bytes(ucertpkey->pkey.rsa->q), - BN_num_bytes(ucertpkey->pkey.rsa->q)); - } + RAND_add(p, /* awful hack; d is the first field */ + BN_num_bytes(p), + BN_num_bytes(p)); } - if ((ucertpkey->pkey.rsa != NULL) && - (ucertpkey->pkey.rsa->n != NULL) && - ((*private_key)->pkey.rsa != NULL) ) + if (q != NULL) { - if ((*private_key)->pkey.rsa->n != NULL - && BN_num_bytes((*private_key)->pkey.rsa->n)) - { - if (BN_cmp(ucertpkey->pkey.rsa->n, - (*private_key)->pkey.rsa->n)) - { - mismatch=1; - } - } - else - { - (*private_key)->pkey.rsa->n = - BN_dup(ucertpkey->pkey.rsa->n); - (*private_key)->pkey.rsa->e = - BN_dup(ucertpkey->pkey.rsa->e); - } + RAND_add(q, BN_num_bytes(q), BN_num_bytes(q)); + } + } + { + BIGNUM const* public_n; + BIGNUM const* public_e; + RSA* private_rsa = EVP_PKEY_get0_RSA(*private_key); + RSA_get0_key(public_rsa, &public_n, &public_e, NULL); + if (public_n != NULL && private_rsa != NULL) + { + BIGNUM const* private_n; + BIGNUM const* private_e; + RSA_get0_key(private_rsa, &private_n, &private_e, NULL); + if (private_n != NULL && BN_num_bytes(private_n)) + { + if (BN_cmp(public_n, private_n)) + { + mismatch=1; + } + } + else + { + int ret; + BIGNUM* n = BN_dup(public_n); + assert(n != NULL && "BN_dup failed"); + BIGNUM* e = BN_dup(public_e); + assert(e != NULL && "BN_dup failed"); + ret = RSA_set0_key(private_rsa, n, e, NULL); + assert(ret == 1 && "RSA_set0_key failed"); + } } + } } } else @@ -3502,7 +3460,7 @@ int load_credentials(const char *certname, const char *keyname, err: if (chain) - sk_X509_free(chain); + sk_X509_pop_free(chain, X509_free); if (cert) { X509_free(*cert); *cert = NULL; @@ -3760,10 +3718,10 @@ static int check_critical_extensions(X509 *cert, int itsaproxy) int nid; X509_EXTENSION *ex; - int nid_pci3 = my_txt2nid(PROXYCERTINFO_V3); - int nid_pci4 = my_txt2nid(PROXYCERTINFO_V4); + int nid_pci3 = my_txt2nid(PROXYCERTINFO_OLD_OID); + int nid_pci4 = my_txt2nid(PROXYCERTINFO_OID); - STACK_OF(X509_EXTENSION) *extensions = cert->cert_info->extensions; + STACK_OF(X509_EXTENSION) const* extensions = X509_get0_extensions(cert); for (i=0; i < sk_X509_EXTENSION_num(extensions); i++) { ex = (X509_EXTENSION *) sk_X509_EXTENSION_value(extensions,i); diff --git a/src/sslutils/voms_cert_type.c b/src/sslutils/voms_cert_type.c index b1a5c703..b2639bed 100644 --- a/src/sslutils/voms_cert_type.c +++ b/src/sslutils/voms_cert_type.c @@ -9,6 +9,7 @@ #include #include +#include #define LIMITED_PROXY_OID "1.3.6.1.4.1.3536.1.1.1.9" #define PROXYCERTINFO_OLD_OID "1.3.6.1.4.1.3536.1.222" @@ -86,7 +87,7 @@ get_proxy_type(ASN1_OBJECT *policy_lang){ } - if (policy_nid = NID_Independent) + if (policy_nid == NID_Independent) { return VOMS_CERT_TYPE_INDEPENDENT_PROXY; diff --git a/src/utils/voms_proxy_info.cc b/src/utils/voms_proxy_info.cc index c598a058..2d0723b8 100644 --- a/src/utils/voms_proxy_info.cc +++ b/src/utils/voms_proxy_info.cc @@ -62,7 +62,7 @@ extern "C" { #include "sslutils.h" #include "newformat.h" #include "listfunc.h" -#include "myproxycertinfo.h" +#include "proxycertinfo.h" } extern int AC_Init(void); @@ -330,8 +330,8 @@ static const char *proxy_type(X509 *cert) if (point2 > point1) return "limited proxy"; - int nidv3 = OBJ_txt2nid(PROXYCERTINFO_V3); - int nidv4 = OBJ_txt2nid(PROXYCERTINFO_V4); + int nidv3 = OBJ_txt2nid(PROXYCERTINFO_OLD_OID); + int nidv4 = OBJ_txt2nid(PROXYCERTINFO_OID); int indexv3 = X509_get_ext_by_NID(cert, nidv3, -1); int indexv4 = X509_get_ext_by_NID(cert, nidv4, -1); diff --git a/src/utils/voms_verify.cc b/src/utils/voms_verify.cc index 1dc02c7e..491a4f27 100644 --- a/src/utils/voms_verify.cc +++ b/src/utils/voms_verify.cc @@ -1,6 +1,7 @@ #include "sslutils.h" -#include "openssl/x509_vfy.h" -#include "openssl/x509v3.h" +#include +#include +#include "ssl_compat.h" #include #include @@ -63,7 +64,6 @@ int load_user_proxy(STACK_OF(X509) *cert_chain, const char *file) { int verify_cert(X509_STORE_CTX *ctx) { - ctx->check_issued = proxy_check_issued; return X509_verify_cert(ctx); } @@ -74,8 +74,6 @@ proxy_verify_desc *setup_initializers(const char *cadir) pvd = (proxy_verify_desc*) malloc(sizeof(proxy_verify_desc)); pvxd = (proxy_verify_ctx_desc *) malloc(sizeof(proxy_verify_ctx_desc)); - pvd->cert_store = NULL; - if (!pvd || !pvxd) { free(pvd); @@ -183,9 +181,7 @@ int main(int argc, char* argv[]){ internal_error("Error creating X.509 store"); } - if (!X509_STORE_set_verify_cb_func(store, proxy_verify_callback)){ - internal_error("Error setting context store certificate verify callback"); - } + X509_STORE_set_verify_cb(store, proxy_verify_callback); if (!(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()))){ internal_error("Error creating store CA dir lookup"); @@ -203,6 +199,7 @@ int main(int argc, char* argv[]){ internal_error("Error creating X509_STORE_CTX object"); } + X509_STORE_set_check_issued(store, proxy_check_issued); if (X509_STORE_CTX_init(ctx, store, cert, cert_chain) != 1) { internal_error("Error initializing verification context"); } diff --git a/src/utils/vomsfake.cc b/src/utils/vomsfake.cc index b98f56b2..0aee29d6 100644 --- a/src/utils/vomsfake.cc +++ b/src/utils/vomsfake.cc @@ -78,7 +78,7 @@ extern FILE *yyin; extern "C" { -#include "myproxycertinfo.h" +#include "proxycertinfo.h" extern int writeac(const X509 *issuerc, const STACK_OF(X509) *certstack, const X509 *holder, const EVP_PKEY *pkey, BIGNUM *s, char **c, const char *t, char **attributes, AC **ac, const char *voname, From 16f971f6aa8083bbe7507b9aee20e5539d2f7caa Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Wed, 25 Jan 2017 19:48:50 +0100 Subject: [PATCH 02/92] Restore pkg-config check for OpenSSL --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 4e3da01c..d04cf232 100644 --- a/configure.ac +++ b/configure.ac @@ -31,8 +31,8 @@ AC_PROG_YACC AC_PROG_LEX AC_COMPILER -#PKG_CHECK_MODULES([OPENSSL], [openssl]) -AC_OPENSSL +PKG_CHECK_MODULES([OPENSSL], [openssl]) +# AC_OPENSSL PKG_CHECK_MODULES([GSOAP],[gsoap >= 2.7]) PKG_CHECK_MODULES([GSOAP_PP],[gsoap++ >= 2.7]) From 28e707020cd82a9b756efdc3b527113054169b97 Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Tue, 31 Jan 2017 14:18:53 +0100 Subject: [PATCH 03/92] Fix for GCC 7 --- src/server/vomsd.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/vomsd.cc b/src/server/vomsd.cc index 700c5f1d..4f4d1f74 100644 --- a/src/server/vomsd.cc +++ b/src/server/vomsd.cc @@ -1451,7 +1451,7 @@ static bool determine_group_and_role(std::string command, char *comm, char **gro case 'B': *role = strchr(string, ':'); if (*role) { - (*role) = '\0'; + (**role) = '\0'; (*role)++; } break; From 994d34f51f287d4ab2db74fa8c477bac5fe60acc Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Wed, 1 Feb 2017 08:53:32 +0100 Subject: [PATCH 04/92] Don't use macros in AC_CHECK_LIB --- m4/acinclude.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/acinclude.m4 b/m4/acinclude.m4 index f78f2752..b67ac1e8 100644 --- a/m4/acinclude.m4 +++ b/m4/acinclude.m4 @@ -117,7 +117,7 @@ AC_DEFUN([AC_OPENSSL], [with_openssl_prefix=/usr]) if test "x$with_openssl_prefix" = "x/usr" ; then - AC_CHECK_LIB(crypto, CRYPTO_num_locks, [found=yes], [found=no]) + AC_CHECK_LIB(crypto, ERR_print_errors_fp, [found=yes], [found=no]) if test "x$found" = "xyes" ; then OPENSSL_LIBS="-lcrypto -lssl" @@ -128,7 +128,7 @@ AC_DEFUN([AC_OPENSSL], LD_LIBRARY_PATH="$with_openssl_prefix/lib" AC_LANG_PUSH(C) - AC_CHECK_LIB(crypto, CRYPTO_num_locks, [found=yes], [found=no]) + AC_CHECK_LIB(crypto, ERR_print_errors_fp, [found=yes], [found=no]) AC_LANG_POP(C) NO_GLOBUS_FLAGS="-I$with_openssl_prefix/include" From 85264b26aeedf96a6c49611c5ab89767a610936c Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 3 Feb 2017 16:08:27 +0100 Subject: [PATCH 05/92] fix issue #54 --- src/ac/init.c | 15 ++++++++++++--- src/sslutils/proxy.c | 5 +++-- src/sslutils/proxycertinfo.c | 25 +++++++++++-------------- src/sslutils/sslutils.c | 26 ++++++++++++++++++++------ 4 files changed, 46 insertions(+), 25 deletions(-) diff --git a/src/ac/init.c b/src/ac/init.c index 442184c3..dda004de 100644 --- a/src/ac/init.c +++ b/src/ac/init.c @@ -26,8 +26,18 @@ #include #include +#include #include "extensions.h" +static void OBJC(char const* oid, char const* name) +{ + assert(oid != NULL && name != NULL); + if (OBJ_txt2nid(oid) == NID_undef) { + int nid = OBJ_create(oid, name, name); + assert(nid != NID_undef && "OBJ_create failed"); + } +} + void declareOIDs(void) { #define idpkix "1.3.6.1.5.5.7" @@ -59,11 +69,10 @@ void declareOIDs(void) #define certseq "1.3.6.1.4.1.8005.100.100.10" #define email idpkcs9 ".1" -#define OBJC(c,n) OBJ_create(c,n,#c) - static int done=0; - if (done) + if (done) { return; + } done=1; diff --git a/src/sslutils/proxy.c b/src/sslutils/proxy.c index dccb7275..31ccc646 100644 --- a/src/sslutils/proxy.c +++ b/src/sslutils/proxy.c @@ -463,8 +463,9 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, policylang = LIMITED_PROXY_OID; } - if (OBJ_txt2nid(policylang) == 0) { - OBJ_create(policylang, policylang, policylang); + if (OBJ_txt2nid(policylang) == NID_undef) { + int nid = OBJ_create(policylang, policylang, policylang); + assert(nid != NID_undef && "OBJ_create failed"); } if (!(policy_language = OBJ_txt2obj(policylang, 1))) { diff --git a/src/sslutils/proxycertinfo.c b/src/sslutils/proxycertinfo.c index 41bc5139..89fa222f 100644 --- a/src/sslutils/proxycertinfo.c +++ b/src/sslutils/proxycertinfo.c @@ -338,22 +338,19 @@ PROXY_CERT_INFO_EXTENSION_get_policy(PROXY_CERT_INFO_EXTENSION const* pci) void InitProxyCertInfoExtension(int full) { - static int init_done = 0; + if (OBJ_txt2nid(PROXYCERTINFO_OLD_OID) == NID_undef) { + int ret = 0; + X509V3_EXT_METHOD* meth = NULL; - if (init_done) { - return; - } - - char const* pci_v3_sn = "proxyCertInfo_V3"; - char const* pci_v3_ln = "Proxy Certificate Information (V3)"; - int const v3nid = OBJ_create(PROXYCERTINFO_OLD_OID, pci_v3_sn, pci_v3_ln); - assert(v3nid != 0 && "OBJ_create failed"); + char const* pci_v3_sn = "proxyCertInfo_V3"; + char const* pci_v3_ln = "Proxy Certificate Information (V3)"; + int const v3nid = OBJ_create(PROXYCERTINFO_OLD_OID, pci_v3_sn, pci_v3_ln); + assert(v3nid != NID_undef && "OBJ_create failed"); - if (X509V3_EXT_get_nid(v3nid) == NULL) { - X509V3_EXT_METHOD* meth = PROXYCERTINFO_OLD_x509v3_ext_meth(); + meth = PROXYCERTINFO_OLD_x509v3_ext_meth(); + assert(meth != NULL && "PROXYCERTINFO_OLD_x509v3_ext_meth failed"); meth->ext_nid = v3nid; - X509V3_EXT_add(meth); + ret = X509V3_EXT_add(meth); + assert(ret != 0 && "X509V3_EXT_add failed"); } - - init_done = 1; } diff --git a/src/sslutils/sslutils.c b/src/sslutils/sslutils.c index 5320d90d..ac8038fa 100644 --- a/src/sslutils/sslutils.c +++ b/src/sslutils/sslutils.c @@ -472,12 +472,26 @@ ERR_load_prxyerr_strings( SSL_load_error_strings(); } - OBJ_create("1.3.6.1.4.1.3536.1.1.1.1","CLASSADD","ClassAdd"); - OBJ_create("1.3.6.1.4.1.3536.1.1.1.2","DELEGATE","Delegate"); - OBJ_create("1.3.6.1.4.1.3536.1.1.1.3","RESTRICTEDRIGHTS", - "RestrictedRights"); - /* the following is already available in OpenSSL... */ - OBJ_create("0.9.2342.19200300.100.1.1","USERID","userId"); + if (OBJ_txt2nid("1.3.6.1.4.1.3536.1.1.1.1") == NID_undef) { + int nid = OBJ_create("1.3.6.1.4.1.3536.1.1.1.1","CLASSADD","ClassAdd"); + assert(nid != NID_undef && "OBJ_create failed"); + } + + if (OBJ_txt2nid("1.3.6.1.4.1.3536.1.1.1.2") == NID_undef) { + int nid = OBJ_create("1.3.6.1.4.1.3536.1.1.1.2","DELEGATE","Delegate"); + assert(nid != NID_undef && "OBJ_create failed"); + } + + if (OBJ_txt2nid("1.3.6.1.4.1.3536.1.1.1.3") == NID_undef) { + int nid = OBJ_create("1.3.6.1.4.1.3536.1.1.1.3","RESTRICTEDRIGHTS", + "RestrictedRights"); + assert(nid != NID_undef && "OBJ_create failed"); + } + + if (OBJ_txt2nid("0.9.2342.19200300.100.1.1") == NID_undef) { + int nid = OBJ_create("0.9.2342.19200300.100.1.1","USERID","userId"); + assert(nid != NID_undef && "OBJ_create failed"); + } ERR_load_strings(ERR_USER_LIB_PRXYERR_NUMBER,prxyerr_str_functs); ERR_load_strings(ERR_USER_LIB_PRXYERR_NUMBER,prxyerr_str_reasons); From bcdeef56e1d57ce3cfb44d3013056572ed674945 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 3 Feb 2017 16:30:33 +0100 Subject: [PATCH 06/92] it's actually a fix to issue #60 From 5de1cf463b52002cfa3f3821a59f95ada5feb686 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 3 Feb 2017 16:54:32 +0100 Subject: [PATCH 07/92] fix issue #54 --- src/api/ccapi/voms_apic.h | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/src/api/ccapi/voms_apic.h b/src/api/ccapi/voms_apic.h index e613d09b..88078034 100644 --- a/src/api/ccapi/voms_apic.h +++ b/src/api/ccapi/voms_apic.h @@ -31,18 +31,10 @@ extern "C" { #endif #define NOGLOBUS -#ifndef GSSAPI_H_ - -/* - * Also check against _GSSAPI_H_ as that is what the Kerberos 5 code defines and - * what header files on some systems look for. - */ - -#ifndef _GSSAPI_H +#if !(defined(GSSAPI_H_) || defined(_GSSAPI_H) || defined(_GSSAPI_H_)) typedef void * gss_cred_id_t; typedef void * gss_ctx_id_t; #endif -#endif #include #include From 9a9f8400c952bc29a1f8764e865bc60a1d416878 Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Tue, 6 Feb 2018 04:57:29 +0100 Subject: [PATCH 08/92] Assign default value before reading sysconfig --- src/install/voms.start.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/install/voms.start.in b/src/install/voms.start.in index e5ab08ff..e8c9e19c 100644 --- a/src/install/voms.start.in +++ b/src/install/voms.start.in @@ -44,6 +44,8 @@ # Description: Virtual Organization Membership Service ### END INIT INFO +RUN=yes + etcpath=@ETC_DIR@ # Source an auxiliary profile file if we have one and pick up VOMS_USER and RUN @@ -58,8 +60,6 @@ fi @LOCATION_ENV@=@LOCATION_DIR@ @VAR_LOCATION_ENV@=@VAR_DIR@ -RUN=yes - # check whether $@VAR_LOCATION_ENV@/lock/subsys exists if ! test -d $@VAR_LOCATION_ENV@/lock/subsys ; then mkdir -p $@VAR_LOCATION_ENV@/lock/subsys From 380171ef2eaeeacc923f8cbcac0e803137934881 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Thu, 3 May 2018 18:48:33 +0200 Subject: [PATCH 09/92] Added Jenkinsfile and minimal docker build image Based on italiangrid/pkg.base:centos6 --- Jenkinsfile | 55 +++++++++++++++++++++++++++++++++++++++ docker/Dockerfile.centos6 | 11 ++++++++ docker/build-image.sh | 3 +++ 3 files changed, 69 insertions(+) create mode 100644 Jenkinsfile create mode 100644 docker/Dockerfile.centos6 create mode 100644 docker/build-image.sh diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 00000000..4dca4c31 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,55 @@ +#!/usr/bin/env groovy + +pipeline { + + agent { + kubernetes { + cloud 'Kube mwdevel' + label 'build' + containerTemplate { + name 'builder' + image 'voms/voms-build:centos6' + ttyEnabled true + command 'cat' + } + } + + options { + timeout(time: 1, unit: 'HOURS') + buildDiscarder(logRotator(numToKeepStr: '5')) + } + + stages { + stage ('build') { + steps { + container('builder') { + sh "./autogen.sh" + sh "./configure && make" + } + } + } + + stage('result'){ + steps { + script { + currentBuild.result = 'SUCCESS' + } + } + } + } + + post { + failure { + slackSend color: 'danger', message: "${env.JOB_NAME} - #${env.BUILD_NUMBER} Failure (<${env.BUILD_URL}|Open>)" + } + + changed { + script{ + if('SUCCESS'.equals(currentBuild.result)) { + slackSend color: 'good', message: "${env.JOB_NAME} - #${env.BUILD_NUMBER} Back to normal (<${env.BUILD_URL}|Open>)" + } + } + } + } + } +} diff --git a/docker/Dockerfile.centos6 b/docker/Dockerfile.centos6 new file mode 100644 index 00000000..5234daa1 --- /dev/null +++ b/docker/Dockerfile.centos6 @@ -0,0 +1,11 @@ +FROM italiangrid/pkg.base:centos6 + +USER root + +RUN yum -y install expat-devel \ + pkgconfig openssl-devel \ + gsoap-devel mysql-devel \ + libxslt docbook-style-xsl \ + doxygen bison + +USER build diff --git a/docker/build-image.sh b/docker/build-image.sh new file mode 100644 index 00000000..14115f4d --- /dev/null +++ b/docker/build-image.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +docker build -t voms/voms-build:centos6 -f Dockerfile.centos6 . From 09f60e222b83d110325c5963bffc18b9e525e9f5 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Thu, 3 May 2018 18:55:26 +0200 Subject: [PATCH 10/92] Fixed typos in Jenkinsfile --- Jenkinsfile | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 4dca4c31..5170bd92 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -13,23 +13,24 @@ pipeline { command 'cat' } } + } - options { - timeout(time: 1, unit: 'HOURS') - buildDiscarder(logRotator(numToKeepStr: '5')) - } + options { + timeout(time: 1, unit: 'HOURS') + buildDiscarder(logRotator(numToKeepStr: '5')) + } - stages { - stage ('build') { - steps { - container('builder') { - sh "./autogen.sh" - sh "./configure && make" - } + stages { + stage ('build') { + steps { + container('builder') { + sh "./autogen.sh" + sh "./configure && make" } } + } - stage('result'){ + stage('result'){ steps { script { currentBuild.result = 'SUCCESS' @@ -39,6 +40,7 @@ pipeline { } post { + failure { slackSend color: 'danger', message: "${env.JOB_NAME} - #${env.BUILD_NUMBER} Failure (<${env.BUILD_URL}|Open>)" } @@ -50,6 +52,5 @@ pipeline { } } } - } } } From 53e7d0b7e5d3a6ae21414551a27ea1c6a753b433 Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Wed, 31 Oct 2018 14:50:21 +0100 Subject: [PATCH 11/92] Change default proxy cert key length to 2048 bits --- src/client/vomsclient.cc | 2 +- src/utils/vomsfake.cc | 4 ++-- testsuite/lib/vomslib.exp | 2 +- testsuite/voms/voms/voms007.exp | 2 +- testsuite/voms/voms/voms009.exp | 2 +- testsuite/voms/voms/voms010.exp | 2 +- testsuite/voms/voms/voms011.exp | 2 +- testsuite/voms/voms/voms014.exp | 2 +- testsuite/voms/voms/voms016.exp | 2 +- testsuite/voms/voms/voms020.exp | 2 +- testsuite/voms/voms/voms021.exp | 2 +- testsuite/voms/voms/voms025.exp | 4 ++-- testsuite/voms/voms/voms030.exp | 2 +- testsuite/voms/voms/voms041.exp | 2 +- testsuite/voms/voms/voms042.exp | 4 ++-- testsuite/voms/voms/voms043.exp | 2 +- testsuite/voms/voms/voms044.exp | 6 +++--- testsuite/voms/voms/voms059.exp | 2 +- testsuite/voms/voms/voms060.exp | 2 +- testsuite/voms/voms/voms061.exp | 6 +++--- testsuite/voms/voms/voms091.exp | 2 +- testsuite/voms/voms/voms092.exp | 2 +- testsuite/voms/voms/voms124.exp | 2 +- testsuite/voms/voms/voms142.exp | 2 +- testsuite/voms/voms/voms143.exp | 2 +- 25 files changed, 32 insertions(+), 32 deletions(-) diff --git a/src/client/vomsclient.cc b/src/client/vomsclient.cc index e28f4de2..9ec19c2b 100644 --- a/src/client/vomsclient.cc +++ b/src/client/vomsclient.cc @@ -483,7 +483,7 @@ Client::Client(int argc, char ** argv) : /* controls that number of bits for the key is appropiate */ if (bits == -1) - bits = 1024; + bits = 2048; if ((bits != 0) && (bits!=512) && (bits!=1024) && (bits!=2048) && (bits!=4096)) { Print(ERROR) << "Error: number of bits in key must be one of 512, 1024, 2048, 4096." << std::endl; diff --git a/src/utils/vomsfake.cc b/src/utils/vomsfake.cc index 0aee29d6..4604cd89 100644 --- a/src/utils/vomsfake.cc +++ b/src/utils/vomsfake.cc @@ -219,7 +219,7 @@ Fake::Fake(int argc, char ** argv) : confile(conf_file_name), " -pwstdin Allows passphrase from stdin\n" \ " -limited Creates a limited proxy\n" \ " -hours H Proxy is valid for H hours (default:12)\n" \ - " -bits Number of bits in key {512|1024|2048|4096} (default:1024)\n" \ + " -bits Number of bits in key {512|1024|2048|4096} (default:2048)\n" \ " -cert Non-standard location of user certificate\n" \ " -key Non-standard location of user key\n" \ " -certdir Non-standard location of trusted cert dir\n" \ @@ -1021,7 +1021,7 @@ bool Fake::VerifyOptions() /* controls that number of bits for the key is appropiate */ if (bits == -1) - bits = 1024; + bits = 2048; if ((bits!=512) && (bits!=1024) && (bits!=2048) && (bits!=4096) && (bits != 0)) diff --git a/testsuite/lib/vomslib.exp b/testsuite/lib/vomslib.exp index 9ef3f5fb..ae8b25ea 100644 --- a/testsuite/lib/vomslib.exp +++ b/testsuite/lib/vomslib.exp @@ -308,7 +308,7 @@ commonName = supplied emailAddress = optional \[req\] -default_bits = 1024 +default_bits = 2048 default_keyfile = privkey.pem distinguished_name=req_distinguished_name #attributes = req_attributes diff --git a/testsuite/voms/voms/voms007.exp b/testsuite/voms/voms/voms007.exp index 6f716b7e..ae5ec477 100644 --- a/testsuite/voms/voms/voms007.exp +++ b/testsuite/voms/voms/voms007.exp @@ -26,7 +26,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment diff --git a/testsuite/voms/voms/voms009.exp b/testsuite/voms/voms/voms009.exp index f25c9cc1..0853cbf9 100644 --- a/testsuite/voms/voms/voms009.exp +++ b/testsuite/voms/voms/voms009.exp @@ -26,7 +26,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment diff --git a/testsuite/voms/voms/voms010.exp b/testsuite/voms/voms/voms010.exp index 58863581..acd4d68a 100644 --- a/testsuite/voms/voms/voms010.exp +++ b/testsuite/voms/voms/voms010.exp @@ -26,7 +26,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment diff --git a/testsuite/voms/voms/voms011.exp b/testsuite/voms/voms/voms011.exp index 4cf4978b..b85aa89c 100644 --- a/testsuite/voms/voms/voms011.exp +++ b/testsuite/voms/voms/voms011.exp @@ -26,7 +26,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment diff --git a/testsuite/voms/voms/voms014.exp b/testsuite/voms/voms/voms014.exp index 8206187a..34a2d0bc 100644 --- a/testsuite/voms/voms/voms014.exp +++ b/testsuite/voms/voms/voms014.exp @@ -26,7 +26,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \(\[0-9\]*\):\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment diff --git a/testsuite/voms/voms/voms016.exp b/testsuite/voms/voms/voms016.exp index 7f3b1cec..5dd6f037 100644 --- a/testsuite/voms/voms/voms016.exp +++ b/testsuite/voms/voms/voms016.exp @@ -26,7 +26,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \(\[0-9\]*\):\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment diff --git a/testsuite/voms/voms/voms020.exp b/testsuite/voms/voms/voms020.exp index 822056ff..79586011 100644 --- a/testsuite/voms/voms/voms020.exp +++ b/testsuite/voms/voms/voms020.exp @@ -29,7 +29,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment diff --git a/testsuite/voms/voms/voms021.exp b/testsuite/voms/voms/voms021.exp index a1dead67..f424a6a8 100644 --- a/testsuite/voms/voms/voms021.exp +++ b/testsuite/voms/voms/voms021.exp @@ -26,7 +26,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment diff --git a/testsuite/voms/voms/voms025.exp b/testsuite/voms/voms/voms025.exp index 5cde6237..a10d5a95 100644 --- a/testsuite/voms/voms/voms025.exp +++ b/testsuite/voms/voms/voms025.exp @@ -23,7 +23,7 @@ proc mytest {} { set correct "=== Proxy Chain Information === subject : /C=IT/CN=001 issuer : /C=IT/O=INFN/CN=CAFromthisCN -strength : 1024 bits +strength : 2048 bits timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* === Proxy Information === @@ -31,7 +31,7 @@ subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" diff --git a/testsuite/voms/voms/voms030.exp b/testsuite/voms/voms/voms030.exp index b4f4ed79..c71ed38d 100644 --- a/testsuite/voms/voms/voms030.exp +++ b/testsuite/voms/voms/voms030.exp @@ -20,7 +20,7 @@ proc mytest {} { return $::FAILTEST } else { #match against known (correct) output - set correct "1024" + set correct "2048" loadvar out2 $outname if [regexp $correct $out2] then { diff --git a/testsuite/voms/voms/voms041.exp b/testsuite/voms/voms/voms041.exp index ea406806..83c4c0cb 100644 --- a/testsuite/voms/voms/voms041.exp +++ b/testsuite/voms/voms/voms041.exp @@ -24,7 +24,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \(\[0-9\]*\):\[0-9\]*:\[0-9\]*" diff --git a/testsuite/voms/voms/voms042.exp b/testsuite/voms/voms/voms042.exp index 3f722375..1e0c31a1 100644 --- a/testsuite/voms/voms/voms042.exp +++ b/testsuite/voms/voms/voms042.exp @@ -5,7 +5,7 @@ proc mytest {} { _activateCert mycert2 _vomsStart voms1 - set res [log_exec outname {voms-proxy-init --voms voms1 --bits 2048}] + set res [log_exec outname {voms-proxy-init --voms voms1 --bits 4096}] _vomsStop voms1 if $res then { @@ -24,7 +24,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 2048 bits +strength : 4096 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" diff --git a/testsuite/voms/voms/voms043.exp b/testsuite/voms/voms/voms043.exp index bfa5bbe4..a4f85bb8 100644 --- a/testsuite/voms/voms/voms043.exp +++ b/testsuite/voms/voms/voms043.exp @@ -30,7 +30,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* included : testo di prova" diff --git a/testsuite/voms/voms/voms044.exp b/testsuite/voms/voms/voms044.exp index 58c0ad54..899fd48b 100644 --- a/testsuite/voms/voms/voms044.exp +++ b/testsuite/voms/voms/voms044.exp @@ -24,13 +24,13 @@ proc mytest {} { set correct "=== Proxy Chain Information === subject : /C=IT/CN=001 issuer : /C=IT/O=INFN/CN=CAFromthisCN -strength : 1024 bits +strength : 2048 bits timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* === Proxy Information === @@ -38,7 +38,7 @@ subject : /C=IT/CN=001/CN=proxy/CN=proxy issuer : /C=IT/CN=001/CN=proxy identity : /C=IT/CN=001/CN=proxy type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" diff --git a/testsuite/voms/voms/voms059.exp b/testsuite/voms/voms/voms059.exp index 973bc164..115c4bc4 100644 --- a/testsuite/voms/voms/voms059.exp +++ b/testsuite/voms/voms/voms059.exp @@ -24,7 +24,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment diff --git a/testsuite/voms/voms/voms060.exp b/testsuite/voms/voms/voms060.exp index c806f013..b0f44fc7 100644 --- a/testsuite/voms/voms/voms060.exp +++ b/testsuite/voms/voms/voms060.exp @@ -24,7 +24,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment diff --git a/testsuite/voms/voms/voms061.exp b/testsuite/voms/voms/voms061.exp index 66ff04ca..4c9a13df 100644 --- a/testsuite/voms/voms/voms061.exp +++ b/testsuite/voms/voms/voms061.exp @@ -24,13 +24,13 @@ proc mytest {} { set correct "=== Proxy Chain Information === subject : /C=IT/CN=001 issuer : /C=IT/O=INFN/CN=CAFromthisCN -strength : 1024 bits +strength : 2048 bits timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* subject : /C=IT/CN=001/CN=proxy issuer : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* === Proxy Information === @@ -38,7 +38,7 @@ subject : /C=IT/CN=001/CN=proxy/CN=proxy issuer : /C=IT/CN=001/CN=proxy identity : /C=IT/CN=001/CN=proxy type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" diff --git a/testsuite/voms/voms/voms091.exp b/testsuite/voms/voms/voms091.exp index fcced39e..fbd3260f 100644 --- a/testsuite/voms/voms/voms091.exp +++ b/testsuite/voms/voms/voms091.exp @@ -43,7 +43,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment diff --git a/testsuite/voms/voms/voms092.exp b/testsuite/voms/voms/voms092.exp index ee656924..2cee5db7 100644 --- a/testsuite/voms/voms/voms092.exp +++ b/testsuite/voms/voms/voms092.exp @@ -31,7 +31,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]* key usage : Digital Signature, Key Encipherment diff --git a/testsuite/voms/voms/voms124.exp b/testsuite/voms/voms/voms124.exp index 8a54782a..a004c2f8 100644 --- a/testsuite/voms/voms/voms124.exp +++ b/testsuite/voms/voms/voms124.exp @@ -18,7 +18,7 @@ proc mytest {} { set correct "Detected Globus version: 2.2 Unspecified proxy version, settling on Globus version: 2 -Number of bits in key :1024 +Number of bits in key :2048 Files being used: CA certificate file: none Trusted certificates directory : $::ETC_DIR/grid-security/certificates diff --git a/testsuite/voms/voms/voms142.exp b/testsuite/voms/voms/voms142.exp index fc023842..7444c5cf 100644 --- a/testsuite/voms/voms/voms142.exp +++ b/testsuite/voms/voms/voms142.exp @@ -24,7 +24,7 @@ proc mytest {} { issuer : /C=IT/CN=001 identity : /C=IT/CN=001 type : proxy -strength : 1024 bits +strength : 2048 bits path : /tmp/x509up_u\[0-9\]* timeleft : \[0-9\]*:\[0-9\]*:\[0-9\]*" diff --git a/testsuite/voms/voms/voms143.exp b/testsuite/voms/voms/voms143.exp index ef6edfe2..bc40c9d9 100644 --- a/testsuite/voms/voms/voms143.exp +++ b/testsuite/voms/voms/voms143.exp @@ -21,7 +21,7 @@ proc mytest {} { return $::FAILTEST } - set correct "Key: \\(1024 bit\\)" + set correct "Key: \\(2048 bit\\)" loadvar out2 $outname if [regexp $correct $out2] then { From 3bae0a7f7fea557421068662c0904e9a8d0ead85 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Fri, 21 Jun 2019 16:01:36 +0200 Subject: [PATCH 12/92] Migrate to new CI configuration --- Jenkinsfile | 26 +++++++++++++++----------- configure.ac | 2 +- docker/Dockerfile.centos6 | 1 - 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 5170bd92..b814becc 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -3,16 +3,18 @@ pipeline { agent { - kubernetes { - cloud 'Kube mwdevel' - label 'build' - containerTemplate { - name 'builder' - image 'voms/voms-build:centos6' - ttyEnabled true - command 'cat' - } - } + kubernetes { + label "voms-${env.JOB_BASE_NAME}-${env.BUILD_NUMBER}" + cloud 'Kube mwdevel' + defaultContainer 'jnlp' + inheritFrom 'ci-template' + containerTemplate { + name 'runner' + image 'voms/voms-build:centos6' + ttyEnabled true + command 'cat' + } + } } options { @@ -20,10 +22,12 @@ pipeline { buildDiscarder(logRotator(numToKeepStr: '5')) } + triggers { cron('@daily') } + stages { stage ('build') { steps { - container('builder') { + container('runner') { sh "./autogen.sh" sh "./configure && make" } diff --git a/configure.ac b/configure.ac index d04cf232..e42e8b94 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT([VOMS], [2.1.0]) +AC_INIT([VOMS], [2.1.1]) AC_PREREQ(2.57) AC_CONFIG_AUX_DIR([./aux]) AM_INIT_AUTOMAKE diff --git a/docker/Dockerfile.centos6 b/docker/Dockerfile.centos6 index 5234daa1..af2416ff 100644 --- a/docker/Dockerfile.centos6 +++ b/docker/Dockerfile.centos6 @@ -8,4 +8,3 @@ RUN yum -y install expat-devel \ libxslt docbook-style-xsl \ doxygen bison -USER build From dba113478f485dfa06635eea2e5c09c7f3fe7dd8 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Mon, 18 May 2020 10:45:00 +0200 Subject: [PATCH 13/92] First incarnation of a systemd unit --- systemd/voms.service | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 systemd/voms.service diff --git a/systemd/voms.service b/systemd/voms.service new file mode 100644 index 00000000..22a286cf --- /dev/null +++ b/systemd/voms.service @@ -0,0 +1,14 @@ +[Unit] +Description=VOMS service + +[Service] +WorkingDirectory=/var/lib/voms-admin +EnvironmentFile=-/etc/sysconfig/voms +User=voms +Type=simple +ExecStart= +ExecStop=/bin/kill -TERM $MAINPID +KillMode=process + +[Install] +WantedBy=multi-user.target From 1414455cae346f5cdf98461bbf00e7d8c32098f3 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Thu, 28 May 2020 19:18:48 +0200 Subject: [PATCH 14/92] Instantiated service support for systemd unit --- systemd/voms.service | 14 -------------- systemd/voms@.service | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 14 deletions(-) delete mode 100644 systemd/voms.service create mode 100644 systemd/voms@.service diff --git a/systemd/voms.service b/systemd/voms.service deleted file mode 100644 index 22a286cf..00000000 --- a/systemd/voms.service +++ /dev/null @@ -1,14 +0,0 @@ -[Unit] -Description=VOMS service - -[Service] -WorkingDirectory=/var/lib/voms-admin -EnvironmentFile=-/etc/sysconfig/voms -User=voms -Type=simple -ExecStart= -ExecStop=/bin/kill -TERM $MAINPID -KillMode=process - -[Install] -WantedBy=multi-user.target diff --git a/systemd/voms@.service b/systemd/voms@.service new file mode 100644 index 00000000..e735e5e2 --- /dev/null +++ b/systemd/voms@.service @@ -0,0 +1,14 @@ +[Unit] +Description=VOMS service for VO %I + +[Service] +WorkingDirectory=/ +EnvironmentFile=/etc/sysconfig/voms +User=voms +Type=forking +ExecStart=/usr/sbin/voms --conf /etc/voms/%I/voms.conf +KillMode=process +SuccessExitStatus=1 + +[Install] +WantedBy=multi-user.target From e825be8611fab5a5ec87e9caf0c821bba328f863 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Thu, 28 May 2020 19:42:25 +0200 Subject: [PATCH 15/92] Stop building clients --- Makefile.am | 2 +- src/Makefile.am | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 4c520626..de892c20 100644 --- a/Makefile.am +++ b/Makefile.am @@ -10,7 +10,7 @@ APIDOC_FILES = $(top_srcdir)/AUTHORS $(top_srcdir)/INSTALL $(top_srcdir)/LICENSE USERDOC_FILES = $(APIDOC_FILES) spec=spec/voms-all.spec -deb_comp="libvomsapi1 voms-dev voms-clients voms-server" +deb_comp="libvomsapi1 voms-dev voms-server" rpmbuild_dir=@WORKDIR@/rpmbuild debbuild_dir=@WORKDIR@/debbuild diff --git a/src/Makefile.am b/src/Makefile.am index 08c878ae..03da5812 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -9,7 +9,6 @@ SUBDIRS = \ ac \ api \ utils \ - client \ server \ install \ replica From bbe4e61788a900614aa7803ef8c4413c3a29496d Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Tue, 29 Sep 2020 07:26:34 +0000 Subject: [PATCH 16/92] Some .gitignore hygiene --- .gitignore | 20 +++++++++++++++++++- src/.gitignore | 23 +++++++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index acc01d52..fa51e160 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,27 @@ /aclocal.m4 /configure /autom4te.cache -/Makefile.in +/config.log +/config.status /.project /.cproject /.settings /.test +/.vscode /INSTALL +Makefile.in +Makefile +/aux +/m4/* +!/m4/glite.m4 +!/m4/voms.m4 +!/m4/wsdl2h.m4 +!/m4/acinclude.m4 +!/m4/Makefile.am +/libtool +.libs +.deps +*.la +*.lo +*.o +/testsuite/SuiteConfig diff --git a/src/.gitignore b/src/.gitignore index 9dec7808..072186b5 100644 --- a/src/.gitignore +++ b/src/.gitignore @@ -1 +1,24 @@ /autogen +/api/ccapi/voms-2.0.pc +/replica/voms_install_replica +/server/VOMSAC.h +/server/soapC.cpp +/server/soapClient.cpp +/server/soapClientLib.cpp +/server/soapServer.cpp +/server/soapServerLib.cpp +/server/soapStub.h +/server/soapH.h +/server/voms +/server/vomsSOAP.nsmap +/server/vomsSOAP.GetAttributeCertificate.req.xml +/server/vomsSOAP.GetAttributeCertificate.res.xml +/install/mysql2oracle +/install/sysconfig-voms +/install/upgrade1to2 +/install/voms.start +/install/voms_install_db +/utils/voms-proxy-destroy +/utils/voms-proxy-fake +/utils/voms-proxy-info +/utils/voms-verify From 25fe8ece573f45bf8ec167d10194c12003941499 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Tue, 29 Sep 2020 07:37:39 +0000 Subject: [PATCH 17/92] INSTALL is generated --- INSTALL | 365 -------------------------------------------------------- 1 file changed, 365 deletions(-) delete mode 100644 INSTALL diff --git a/INSTALL b/INSTALL deleted file mode 100644 index 7d1c323b..00000000 --- a/INSTALL +++ /dev/null @@ -1,365 +0,0 @@ -Installation Instructions -************************* - -Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, -2006, 2007, 2008, 2009 Free Software Foundation, Inc. - - Copying and distribution of this file, with or without modification, -are permitted in any medium without royalty provided the copyright -notice and this notice are preserved. This file is offered as-is, -without warranty of any kind. - -Basic Installation -================== - - Briefly, the shell commands `./configure; make; make install' should -configure, build, and install this package. The following -more-detailed instructions are generic; see the `README' file for -instructions specific to this package. Some packages provide this -`INSTALL' file but do not implement all of the features documented -below. The lack of an optional feature in a given package is not -necessarily a bug. More recommendations for GNU packages can be found -in *note Makefile Conventions: (standards)Makefile Conventions. - - The `configure' shell script attempts to guess correct values for -various system-dependent variables used during compilation. It uses -those values to create a `Makefile' in each directory of the package. -It may also create one or more `.h' files containing system-dependent -definitions. Finally, it creates a shell script `config.status' that -you can run in the future to recreate the current configuration, and a -file `config.log' containing compiler output (useful mainly for -debugging `configure'). - - It can also use an optional file (typically called `config.cache' -and enabled with `--cache-file=config.cache' or simply `-C') that saves -the results of its tests to speed up reconfiguring. Caching is -disabled by default to prevent problems with accidental use of stale -cache files. - - If you need to do unusual things to compile the package, please try -to figure out how `configure' could check whether to do them, and mail -diffs or instructions to the address given in the `README' so they can -be considered for the next release. If you are using the cache, and at -some point `config.cache' contains results you don't want to keep, you -may remove or edit it. - - The file `configure.ac' (or `configure.in') is used to create -`configure' by a program called `autoconf'. You need `configure.ac' if -you want to change it or regenerate `configure' using a newer version -of `autoconf'. - - The simplest way to compile this package is: - - 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. - - Running `configure' might take a while. While running, it prints - some messages telling which features it is checking for. - - 2. Type `make' to compile the package. - - 3. Optionally, type `make check' to run any self-tests that come with - the package, generally using the just-built uninstalled binaries. - - 4. Type `make install' to install the programs and any data files and - documentation. When installing into a prefix owned by root, it is - recommended that the package be configured and built as a regular - user, and only the `make install' phase executed with root - privileges. - - 5. Optionally, type `make installcheck' to repeat any self-tests, but - this time using the binaries in their final installed location. - This target does not install anything. Running this target as a - regular user, particularly if the prior `make install' required - root privileges, verifies that the installation completed - correctly. - - 6. You can remove the program binaries and object files from the - source code directory by typing `make clean'. To also remove the - files that `configure' created (so you can compile the package for - a different kind of computer), type `make distclean'. There is - also a `make maintainer-clean' target, but that is intended mainly - for the package's developers. If you use it, you may have to get - all sorts of other programs in order to regenerate files that came - with the distribution. - - 7. Often, you can also type `make uninstall' to remove the installed - files again. In practice, not all packages have tested that - uninstallation works correctly, even though it is required by the - GNU Coding Standards. - - 8. Some packages, particularly those that use Automake, provide `make - distcheck', which can by used by developers to test that all other - targets like `make install' and `make uninstall' work correctly. - This target is generally not run by end users. - -Compilers and Options -===================== - - Some systems require unusual options for compilation or linking that -the `configure' script does not know about. Run `./configure --help' -for details on some of the pertinent environment variables. - - You can give `configure' initial values for configuration parameters -by setting variables in the command line or in the environment. Here -is an example: - - ./configure CC=c99 CFLAGS=-g LIBS=-lposix - - *Note Defining Variables::, for more details. - -Compiling For Multiple Architectures -==================================== - - You can compile the package for more than one kind of computer at the -same time, by placing the object files for each architecture in their -own directory. To do this, you can use GNU `make'. `cd' to the -directory where you want the object files and executables to go and run -the `configure' script. `configure' automatically checks for the -source code in the directory that `configure' is in and in `..'. This -is known as a "VPATH" build. - - With a non-GNU `make', it is safer to compile the package for one -architecture at a time in the source code directory. After you have -installed the package for one architecture, use `make distclean' before -reconfiguring for another architecture. - - On MacOS X 10.5 and later systems, you can create libraries and -executables that work on multiple system types--known as "fat" or -"universal" binaries--by specifying multiple `-arch' options to the -compiler but only a single `-arch' option to the preprocessor. Like -this: - - ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ - CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ - CPP="gcc -E" CXXCPP="g++ -E" - - This is not guaranteed to produce working output in all cases, you -may have to build one architecture at a time and combine the results -using the `lipo' tool if you have problems. - -Installation Names -================== - - By default, `make install' installs the package's commands under -`/usr/local/bin', include files under `/usr/local/include', etc. You -can specify an installation prefix other than `/usr/local' by giving -`configure' the option `--prefix=PREFIX', where PREFIX must be an -absolute file name. - - You can specify separate installation prefixes for -architecture-specific files and architecture-independent files. If you -pass the option `--exec-prefix=PREFIX' to `configure', the package uses -PREFIX as the prefix for installing programs and libraries. -Documentation and other data files still use the regular prefix. - - In addition, if you use an unusual directory layout you can give -options like `--bindir=DIR' to specify different values for particular -kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. In general, the -default for these options is expressed in terms of `${prefix}', so that -specifying just `--prefix' will affect all of the other directory -specifications that were not explicitly provided. - - The most portable way to affect installation locations is to pass the -correct locations to `configure'; however, many packages provide one or -both of the following shortcuts of passing variable assignments to the -`make install' command line to change installation locations without -having to reconfigure or recompile. - - The first method involves providing an override variable for each -affected directory. For example, `make install -prefix=/alternate/directory' will choose an alternate location for all -directory configuration variables that were expressed in terms of -`${prefix}'. Any directories that were specified during `configure', -but not in terms of `${prefix}', must each be overridden at install -time for the entire installation to be relocated. The approach of -makefile variable overrides for each directory variable is required by -the GNU Coding Standards, and ideally causes no recompilation. -However, some platforms have known limitations with the semantics of -shared libraries that end up requiring recompilation when using this -method, particularly noticeable in packages that use GNU Libtool. - - The second method involves providing the `DESTDIR' variable. For -example, `make install DESTDIR=/alternate/directory' will prepend -`/alternate/directory' before all installation names. The approach of -`DESTDIR' overrides is not required by the GNU Coding Standards, and -does not work on platforms that have drive letters. On the other hand, -it does better at avoiding recompilation issues, and works well even -when some directory options were not specified in terms of `${prefix}' -at `configure' time. - -Optional Features -================= - - If the package supports it, you can cause programs to be installed -with an extra prefix or suffix on their names by giving `configure' the -option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. - - Some packages pay attention to `--enable-FEATURE' options to -`configure', where FEATURE indicates an optional part of the package. -They may also pay attention to `--with-PACKAGE' options, where PACKAGE -is something like `gnu-as' or `x' (for the X Window System). The -`README' should mention any `--enable-' and `--with-' options that the -package recognizes. - - For packages that use the X Window System, `configure' can usually -find the X include and library files automatically, but if it doesn't, -you can use the `configure' options `--x-includes=DIR' and -`--x-libraries=DIR' to specify their locations. - - Some packages offer the ability to configure how verbose the -execution of `make' will be. For these packages, running `./configure ---enable-silent-rules' sets the default to minimal output, which can be -overridden with `make V=1'; while running `./configure ---disable-silent-rules' sets the default to verbose, which can be -overridden with `make V=0'. - -Particular systems -================== - - On HP-UX, the default C compiler is not ANSI C compatible. If GNU -CC is not installed, it is recommended to use the following options in -order to use an ANSI C compiler: - - ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" - -and if that doesn't work, install pre-built binaries of GCC for HP-UX. - - On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot -parse its `' header file. The option `-nodtk' can be used as -a workaround. If GNU CC is not installed, it is therefore recommended -to try - - ./configure CC="cc" - -and if that doesn't work, try - - ./configure CC="cc -nodtk" - - On Solaris, don't put `/usr/ucb' early in your `PATH'. This -directory contains several dysfunctional programs; working variants of -these programs are available in `/usr/bin'. So, if you need `/usr/ucb' -in your `PATH', put it _after_ `/usr/bin'. - - On Haiku, software installed for all users goes in `/boot/common', -not `/usr/local'. It is recommended to use the following options: - - ./configure --prefix=/boot/common - -Specifying the System Type -========================== - - There may be some features `configure' cannot figure out -automatically, but needs to determine by the type of machine the package -will run on. Usually, assuming the package is built to be run on the -_same_ architectures, `configure' can figure that out, but if it prints -a message saying it cannot guess the machine type, give it the -`--build=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name which has the form: - - CPU-COMPANY-SYSTEM - -where SYSTEM can have one of these forms: - - OS - KERNEL-OS - - See the file `config.sub' for the possible values of each field. If -`config.sub' isn't included in this package, then this package doesn't -need to know the machine type. - - If you are _building_ compiler tools for cross-compiling, you should -use the option `--target=TYPE' to select the type of system they will -produce code for. - - If you want to _use_ a cross compiler, that generates code for a -platform different from the build platform, you should specify the -"host" platform (i.e., that on which the generated programs will -eventually be run) with `--host=TYPE'. - -Sharing Defaults -================ - - If you want to set default values for `configure' scripts to share, -you can create a site shell script called `config.site' that gives -default values for variables like `CC', `cache_file', and `prefix'. -`configure' looks for `PREFIX/share/config.site' if it exists, then -`PREFIX/etc/config.site' if it exists. Or, you can set the -`CONFIG_SITE' environment variable to the location of the site script. -A warning: not all `configure' scripts look for a site script. - -Defining Variables -================== - - Variables not defined in a site shell script can be set in the -environment passed to `configure'. However, some packages may run -configure again during the build, and the customized values of these -variables may be lost. In order to avoid this problem, you should set -them in the `configure' command line, using `VAR=value'. For example: - - ./configure CC=/usr/local2/bin/gcc - -causes the specified `gcc' to be used as the C compiler (unless it is -overridden in the site shell script). - -Unfortunately, this technique does not work for `CONFIG_SHELL' due to -an Autoconf bug. Until the bug is fixed you can use this workaround: - - CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash - -`configure' Invocation -====================== - - `configure' recognizes the following options to control how it -operates. - -`--help' -`-h' - Print a summary of all of the options to `configure', and exit. - -`--help=short' -`--help=recursive' - Print a summary of the options unique to this package's - `configure', and exit. The `short' variant lists options used - only in the top level, while the `recursive' variant lists options - also present in any nested packages. - -`--version' -`-V' - Print the version of Autoconf used to generate the `configure' - script, and exit. - -`--cache-file=FILE' - Enable the cache: use and save the results of the tests in FILE, - traditionally `config.cache'. FILE defaults to `/dev/null' to - disable caching. - -`--config-cache' -`-C' - Alias for `--cache-file=config.cache'. - -`--quiet' -`--silent' -`-q' - Do not print messages saying which checks are being made. To - suppress all normal output, redirect it to `/dev/null' (any error - messages will still be shown). - -`--srcdir=DIR' - Look for the package's source code in directory DIR. Usually - `configure' can determine that directory automatically. - -`--prefix=DIR' - Use DIR as the installation prefix. *note Installation Names:: - for more details, including other options available for fine-tuning - the installation locations. - -`--no-create' -`-n' - Run the configure checks, but stop before creating any output - files. - -`configure' also accepts some other, not widely useful, options. Run -`configure --help' for more details. - From 4984d10f269c1c41030bb39df971541e61a05985 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Tue, 29 Sep 2020 12:32:13 +0200 Subject: [PATCH 18/92] Ignore LaTeX artifacts --- doc/.gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/.gitignore b/doc/.gitignore index acc81528..0429c875 100644 --- a/doc/.gitignore +++ b/doc/.gitignore @@ -1 +1,3 @@ /apidoc +/AC-RFC.* +!/AC-RFC.tex \ No newline at end of file From 4c56c6f2a6936e12b38aed0f4d1be9438f750c5d Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Tue, 6 Oct 2020 13:54:04 +0000 Subject: [PATCH 19/92] Ignore shell wrapper of voms-proxy-init --- src/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/src/.gitignore b/src/.gitignore index 072186b5..404285eb 100644 --- a/src/.gitignore +++ b/src/.gitignore @@ -22,3 +22,4 @@ /utils/voms-proxy-fake /utils/voms-proxy-info /utils/voms-verify +/client/voms-proxy-init From 7d327086f48563318d158c4c94c59437bf97b540 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Tue, 6 Oct 2020 14:04:01 +0000 Subject: [PATCH 20/92] Use native openssl for authorityKeyIdentifier Fix https://issues.infn.it/jira/browse/VOMS-875 (for the part about incompatible AC) --- src/ac/extensions.c | 25 +------------------------ src/ac/write.c | 18 ++++++------------ 2 files changed, 7 insertions(+), 36 deletions(-) diff --git a/src/ac/extensions.c b/src/ac/extensions.c index d482293b..6eac744b 100644 --- a/src/ac/extensions.c +++ b/src/ac/extensions.c @@ -233,47 +233,25 @@ int initEx(void) { X509V3_EXT_METHOD *targets; X509V3_EXT_METHOD *avail; - X509V3_EXT_METHOD *auth; X509V3_EXT_METHOD *acseq; X509V3_EXT_METHOD *certseq; X509V3_EXT_METHOD *attribs; avail = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); targets = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); - auth = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); acseq = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); certseq = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); attribs = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); - if (!avail || !targets || !auth || !acseq || !certseq || !attribs) { + if (!avail || !targets || !acseq || !certseq || !attribs) { OPENSSL_free(avail); OPENSSL_free(targets); - OPENSSL_free(auth); OPENSSL_free(acseq); OPENSSL_free(certseq); OPENSSL_free(attribs); return 0; } -#ifndef VOMS_USE_OPENSSL_EXT_CODE - memset(auth, 0, sizeof(*auth)); - - auth->ext_nid = OBJ_txt2nid("authorityKeyIdentifier"); - - auth->ext_flags = 0; - auth->ext_new = (X509V3_EXT_NEW) AUTHORITY_KEYID_new; - auth->ext_free = (X509V3_EXT_FREE)AUTHORITY_KEYID_free; - auth->d2i = (X509V3_EXT_D2I) d2i_AUTHORITY_KEYID; - auth->i2d = (X509V3_EXT_I2D) i2d_AUTHORITY_KEYID; - auth->i2s = (X509V3_EXT_I2S) authkey_i2s; - auth->s2i = (X509V3_EXT_S2I) authkey_s2i; - auth->v2i = (X509V3_EXT_V2I) NULL; - auth->r2i = (X509V3_EXT_R2I) NULL; - auth->i2v = (X509V3_EXT_I2V) NULL; - auth->i2r = (X509V3_EXT_I2R) NULL; - - X509V3_EXT_add(auth); - memset(avail, 0, sizeof(*avail)); avail->ext_nid = OBJ_txt2nid("noRevAvail"); avail->ext_flags = 0; @@ -303,7 +281,6 @@ int initEx(void) targets->v2i = (X509V3_EXT_V2I) NULL; targets->r2i = (X509V3_EXT_R2I) NULL; targets->i2r = (X509V3_EXT_I2R) NULL; -#endif X509V3_EXT_add(targets); diff --git a/src/ac/write.c b/src/ac/write.c index 7050caed..8575e951 100644 --- a/src/ac/write.c +++ b/src/ac/write.c @@ -55,19 +55,13 @@ void add_no_rev_avail_ext(AC *ac) { int add_authority_key_id_ext(AC *ac, X509* issuer_cert) { - // Copy akid extension from issuer_cert - int ext_loc = X509_get_ext_by_NID(issuer_cert, NID_authority_key_identifier, -1); - - if (ext_loc == -1){ - return 1; + X509V3_CTX ctx; + X509V3_set_ctx(&ctx, issuer_cert, NULL, NULL, NULL, 0); + X509_EXTENSION* ext = X509V3_EXT_conf(NULL, &ctx, "authorityKeyIdentifier", "keyid:always"); + if (!ext) { + return AC_ERR_NO_EXTENSION; } - - X509_EXTENSION *akid = X509_get_ext(issuer_cert, ext_loc); - - assert( akid != NULL ); - - X509v3_add_ext(&ac->acinfo->exts, akid, -1); - + sk_X509_EXTENSION_push(ac->acinfo->exts, ext); return 0; } From 7c60bd7eba01983b1ce7f36dd6b39b5a65bbf6b0 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Mon, 12 Apr 2021 15:31:14 +0200 Subject: [PATCH 21/92] Allow to skip OpenSSL initialization Add a class static function to allow clients to skip OpenSSL initialization. This makes sense only for versions up to 1.0.2; above that the initialization is done automatically. There is no check on this though, to minimize changes. Moreover OpenSSL (if not skipped) and AC- and Proxy-related functionality are initialized atomically. The flag that tells if OpenSSL needs to be initialized is not atomic because it is checked inside the critical section of pthread_once. Fixes: #89 --- src/api/ccapi/voms_api.cc | 36 +++++++++++++++++++++--------------- src/api/ccapi/voms_api.h | 2 ++ 2 files changed, 23 insertions(+), 15 deletions(-) diff --git a/src/api/ccapi/voms_api.cc b/src/api/ccapi/voms_api.cc index 6823531e..fd3e4400 100644 --- a/src/api/ccapi/voms_api.cc +++ b/src/api/ccapi/voms_api.cc @@ -93,8 +93,6 @@ extern int AC_Init(void); std::map privatedata; pthread_mutex_t privatelock = PTHREAD_MUTEX_INITIALIZER; -static bool initialized = false; - void vomsdata::seterror(verror_type err, std::string message) { error = err; @@ -106,6 +104,26 @@ std::string vomsdata::ErrorMessage(void) return errmessage; } +static pthread_once_t initialized = PTHREAD_ONCE_INIT; +static bool ssl_is_initialized = false; + +static void initialize() +{ + if (!ssl_is_initialized) { + SSL_library_init(); + SSLeay_add_all_algorithms(); + ERR_load_crypto_strings(); + OpenSSL_add_all_ciphers(); + } + AC_Init(); + InitProxyCertInfoExtension(1); +} + +void vomsdata::DontInitializeSsl() +{ + ssl_is_initialized = true; +} + vomsdata::vomsdata(std::string voms_dir, std::string cert_dir) : ca_cert_dir(cert_dir), voms_cert_dir(voms_dir), duration(0), @@ -118,19 +136,7 @@ vomsdata::vomsdata(std::string voms_dir, std::string cert_dir) : ca_cert_dir(ce verificationtime(0), vdp(NULL) { - if (!initialized) { - initialized = true; -#ifdef NOGLOBUS - SSL_library_init(); - SSLeay_add_all_algorithms(); - ERR_load_crypto_strings(); - OpenSSL_add_all_ciphers(); - - (void)AC_Init(); - InitProxyCertInfoExtension(1); -#endif - PKCS12_PBE_add(); - } + pthread_once(&initialized, initialize); if (voms_cert_dir.empty()) { char *v; diff --git a/src/api/ccapi/voms_api.h b/src/api/ccapi/voms_api.h index 4c93d7ce..5a912450 100644 --- a/src/api/ccapi/voms_api.h +++ b/src/api/ccapi/voms_api.h @@ -212,6 +212,8 @@ struct vomsdata { public: verror_type error; /*!< Error code */ + static void DontInitializeSsl(); + vomsdata(std::string voms_dir = "", std::string cert_dir = ""); /*!< \param voms_dir The directory which contains the certificate of the VOMS server From 224a504f1f96a12f9847ada8877dc3a5ce205bd6 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Tue, 13 Apr 2021 12:44:35 +0200 Subject: [PATCH 22/92] Change function name; add clarification comment --- src/api/ccapi/voms_api.cc | 13 ++++++++----- src/api/ccapi/voms_api.h | 2 +- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/api/ccapi/voms_api.cc b/src/api/ccapi/voms_api.cc index fd3e4400..a6807f78 100644 --- a/src/api/ccapi/voms_api.cc +++ b/src/api/ccapi/voms_api.cc @@ -110,16 +110,19 @@ static bool ssl_is_initialized = false; static void initialize() { if (!ssl_is_initialized) { - SSL_library_init(); - SSLeay_add_all_algorithms(); - ERR_load_crypto_strings(); - OpenSSL_add_all_ciphers(); + // not strictly necessary, since initialize is called only once + ssl_is_initialized = true; + + SSL_library_init(); + SSLeay_add_all_algorithms(); + ERR_load_crypto_strings(); + OpenSSL_add_all_ciphers(); } AC_Init(); InitProxyCertInfoExtension(1); } -void vomsdata::DontInitializeSsl() +void vomsdata::SkipSslInitialization() { ssl_is_initialized = true; } diff --git a/src/api/ccapi/voms_api.h b/src/api/ccapi/voms_api.h index 5a912450..b38e4dc3 100644 --- a/src/api/ccapi/voms_api.h +++ b/src/api/ccapi/voms_api.h @@ -212,7 +212,7 @@ struct vomsdata { public: verror_type error; /*!< Error code */ - static void DontInitializeSsl(); + static void SkipSslInitialization(); vomsdata(std::string voms_dir = "", std::string cert_dir = ""); /*!< \param voms_dir The directory which contains the certificate From fdc82d930e541972f51fe92bbf3c3d3e8cf5a400 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Tue, 20 Apr 2021 08:44:04 +0200 Subject: [PATCH 23/92] Restore clients build --- Makefile.am | 2 +- src/Makefile.am | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index de892c20..4c520626 100644 --- a/Makefile.am +++ b/Makefile.am @@ -10,7 +10,7 @@ APIDOC_FILES = $(top_srcdir)/AUTHORS $(top_srcdir)/INSTALL $(top_srcdir)/LICENSE USERDOC_FILES = $(APIDOC_FILES) spec=spec/voms-all.spec -deb_comp="libvomsapi1 voms-dev voms-server" +deb_comp="libvomsapi1 voms-dev voms-clients voms-server" rpmbuild_dir=@WORKDIR@/rpmbuild debbuild_dir=@WORKDIR@/debbuild diff --git a/src/Makefile.am b/src/Makefile.am index 03da5812..08c878ae 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -9,6 +9,7 @@ SUBDIRS = \ ac \ api \ utils \ + client \ server \ install \ replica From e84b0ffbac783de544ea83d700ccd1a8ad4f410a Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Mon, 26 Apr 2021 15:31:46 +0200 Subject: [PATCH 24/92] Fix merge resolution During the merge of branch issue-89 into develop, a previous change introduced by the merge of develop-2.1.x into develop was undone. This commit reintroduces that change: the call to SSLeay_add_all_algorithms is replaced by a call to OpenSSL_add_all_algorithms. --- src/api/ccapi/voms_api.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/ccapi/voms_api.cc b/src/api/ccapi/voms_api.cc index a6807f78..0c4d48a0 100644 --- a/src/api/ccapi/voms_api.cc +++ b/src/api/ccapi/voms_api.cc @@ -114,7 +114,7 @@ static void initialize() ssl_is_initialized = true; SSL_library_init(); - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); OpenSSL_add_all_ciphers(); } From 28771a6ccff27ba14e647c3a4df15ee6bc65d14e Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Mon, 26 Apr 2021 17:11:45 +0000 Subject: [PATCH 25/92] Initialize OpenSSL only below version 1.1 Fixes: issue https://issues.infn.it/jira/browse/VOMS-915 --- src/api/ccapi/voms_api.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/api/ccapi/voms_api.cc b/src/api/ccapi/voms_api.cc index 0c4d48a0..b617732a 100644 --- a/src/api/ccapi/voms_api.cc +++ b/src/api/ccapi/voms_api.cc @@ -109,6 +109,7 @@ static bool ssl_is_initialized = false; static void initialize() { +#if OPENSSL_VERSION_NUMBER < 0x10100000L if (!ssl_is_initialized) { // not strictly necessary, since initialize is called only once ssl_is_initialized = true; @@ -118,6 +119,7 @@ static void initialize() ERR_load_crypto_strings(); OpenSSL_add_all_ciphers(); } +#endif AC_Init(); InitProxyCertInfoExtension(1); } From 76b0410b00156ecb1bd9c9b91553a89792fb99ef Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Mon, 3 May 2021 22:17:01 +0200 Subject: [PATCH 26/92] Ignore -globus option in voms-proxy-fake and default to RFC proxies. voms-proxy-init was already changed to work this way. Remove obsolete (and buggy) globus() function that detemines the globus version. No longer used to define the default proxy version. --- src/client/vomsclient.cc | 5 ----- src/common/credentials.c | 23 ----------------------- src/include/credentials.h | 1 - src/utils/vomsfake.cc | 22 ++-------------------- 4 files changed, 2 insertions(+), 49 deletions(-) diff --git a/src/client/vomsclient.cc b/src/client/vomsclient.cc index 56664f4d..8bafcf43 100644 --- a/src/client/vomsclient.cc +++ b/src/client/vomsclient.cc @@ -422,11 +422,6 @@ Client::Client(int argc, char ** argv) : dontverifyac = true; } - /* set globus version */ - - version = globus(version); - Print(DEBUG) << "Detected Globus version: " << version/10 << "." << version % 10 << std::endl; - /* set proxy version */ if (rfc) proxyver = 4; diff --git a/src/common/credentials.c b/src/common/credentials.c index f834dcad..5fb3b02d 100644 --- a/src/common/credentials.c +++ b/src/common/credentials.c @@ -40,29 +40,6 @@ #include "sslutils.h" #include "voms_cert_type.h" -int -globus(int version) -{ - if (version == 0) { - char *gver = getenv("GLOBUS_VERSION"); - - if (gver) { - char *tmp; - - version = strtol(gver, &tmp, 10); - if (!(*tmp)) - return 22; - } - } - - if (version >= 42 || version == 0) - version = 22; - - return version; -} - - - X509 * get_real_cert(X509 *base, STACK_OF(X509) *stk) { diff --git a/src/include/credentials.h b/src/include/credentials.h index b825d39b..9ffbb836 100644 --- a/src/include/credentials.h +++ b/src/include/credentials.h @@ -29,7 +29,6 @@ #include #include -extern int globus(int); extern X509 *get_real_cert(X509 *base, STACK_OF(X509) *stk); extern char *get_peer_serial(X509 *); diff --git a/src/utils/vomsfake.cc b/src/utils/vomsfake.cc index 4604cd89..2cf1b23a 100644 --- a/src/utils/vomsfake.cc +++ b/src/utils/vomsfake.cc @@ -943,16 +943,6 @@ bool Fake::VerifyOptions() exitError("Error: You must specify an host key!"); } - /* set globus version */ - - version = globus(version); - if (version == 0) { - version = 22; - Print(DEBUG) << "Unable to discover Globus version: trying for 2.2" << std::endl; - } - else - Print(DEBUG) << "Detected Globus version: " << version << std::endl; - if (!selfsigned) { /* proxyversion is only significant if this is not a selfsigned certificate */ if (rfc && proxyver != 0) @@ -966,16 +956,8 @@ bool Fake::VerifyOptions() if (proxyver!=2 && proxyver!=3 && proxyver!=4 && proxyver!=0) exitError("Error: proxyver must be 2 or 3 or 4"); else if (proxyver==0) { - Print(DEBUG) << "Unspecified proxy version, settling on version: "; - - if (version<30) - proxyver = 2; - else if (version<40) - proxyver = 3; - else - proxyver = 4; - - Print(DEBUG) << proxyver << std::endl; + Print(DEBUG) << "Unspecified proxy version, settling on version 4 (RFC)" << std::endl; + proxyver = 4; } /* PCI extension option */ From b45d3bb5cbd2f05b878ce43e7738f77453148508 Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Mon, 3 May 2021 22:23:43 +0200 Subject: [PATCH 27/92] Update man page sources --- doc/voms-proxy-fake.xml | 3 ++- doc/voms-proxy-init.xml | 4 ++-- doc/voms-proxy-list.xml | 3 ++- doc/voms.xml | 6 +++--- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/doc/voms-proxy-fake.xml b/doc/voms-proxy-fake.xml index d6e51a32..c04932f2 100644 --- a/doc/voms-proxy-fake.xml +++ b/doc/voms-proxy-fake.xml @@ -104,7 +104,8 @@ The language in which the policy is expressed. Default is IMPERSONATION_PROXY. version -Underlying Globus version. +This option is obsolete and only present for backwards compatibility + with old installations. Currently, its value is ignored. Version of the proxy certificate to create. May be 2 or 3. diff --git a/doc/voms-proxy-init.xml b/doc/voms-proxy-init.xml index f2bdb94e..7eaa65f6 100644 --- a/doc/voms-proxy-init.xml +++ b/doc/voms-proxy-init.xml @@ -150,8 +150,8 @@ The language in which the policy is expressed. Default is IMPERSONATION_PROXY. version -Underlying Globus version. This will influence the default value of - the . +This option is obsolete and only present for backwards compatibility + with old installations. Currently, its value is ignored. Version of the proxy certificate to create. May be 2, 3 or 4. diff --git a/doc/voms-proxy-list.xml b/doc/voms-proxy-list.xml index 48a4c494..7f9bc51e 100644 --- a/doc/voms-proxy-list.xml +++ b/doc/voms-proxy-list.xml @@ -99,7 +99,8 @@ and 755 if a directory is specified should be used instead. version -Underlying Globus version. +This option is obsolete and only present for backwards compatibility + with old installations. Currently, its value is ignored. Use existing proxy to contact the server and to sing the new proxy. diff --git a/doc/voms.xml b/doc/voms.xml index 37557103..0dc176b4 100644 --- a/doc/voms.xml +++ b/doc/voms.xml @@ -99,7 +99,7 @@ meaning is the following. id file -This options are supported for backwards compatibility only. +These options are supported for backwards compatibility only. They have no effect, and indeed do not get listed by the -help option. file @@ -143,8 +143,8 @@ pseudo certificate. The default value is hostname:port c version -These option are obsolete and only present for backwards - compatibility with old installation. Currently, their values are +These options are obsolete and only present for backwards + compatibility with old installations. Currently, their values are ignored. Do not specify them in new installations. type From 251603f3571a2c4079e9348958e3d6708bcfb5cf Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Mon, 3 May 2021 22:24:02 +0200 Subject: [PATCH 28/92] Regenerate man pages --- doc/voms-install-replica.8 | 168 ++++++++------ doc/voms-proxy-destroy.1 | 150 ++++++------ doc/voms-proxy-fake.1 | 456 ++++++++++++++++++++++--------------- doc/voms-proxy-info.1 | 242 +++++++++++--------- doc/voms-proxy-init.1 | 356 +++++++++++++++++------------ doc/voms-proxy-list.1 | 218 ++++++++++-------- doc/voms.8 | 31 ++- 7 files changed, 924 insertions(+), 697 deletions(-) diff --git a/doc/voms-install-replica.8 b/doc/voms-install-replica.8 index c5ce099a..ecd590e0 100644 --- a/doc/voms-install-replica.8 +++ b/doc/voms-install-replica.8 @@ -1,108 +1,132 @@ -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "VOMS-INSTALL-REPLI" 8 "" "" "" -.SH NAME +'\" t +.\" Title: voms-install-replica +.\" Author: [see the "Authors" section] +.\" Generator: DocBook XSL Stylesheets vsnapshot +.\" Date: 05/03/2021 +.\" Manual: VOMS Server Slave setup +.\" Source: VOMS Server Slave setup +.\" Language: English +.\" +.TH "VOMS\-INSTALL\-REPLI" "8" "05/03/2021" "VOMS Server Slave setup" "VOMS Server Slave setup" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" voms-install-replica \- Setup the voms server as a slave of a master server .SH "SYNOPSIS" -.ad l -.hy 0 -.HP 21 +.HP \w'\fBvoms_install_replica\fR\ 'u \fBvoms_install_replica\fR [\fIoptions\fR] -.ad -.hy - .SH "DESCRIPTION" - .PP The voms_install_replica script initializes a VOMS server as a slave of a master server\&. It only works if both servers have MySQL as the underlying DB\&. - .SH "OPTIONS" - .PP -\fB\-\-mysql\-home\fR \fIpath\fR Default home of MySQL\&. The default is '/usr'\&. - +\fB\-\-mysql\-home\fR +\fIpath\fR +Default home of MySQL\&. The default is \*(Aq/usr\*(Aq\&. .PP -\fB\-\-db\fR \fIname\fR Name of the db to create\&. It must be the same name used in the \-\-master\-db option\&. - +\fB\-\-db\fR +\fIname\fR +Name of the db to create\&. It must be the same name used in the \-\-master\-db option\&. .PP -\fB\-\-mysql\-admin\fR \fIname\fR The name of the MySQL admin user\&. The default is 'root'\&. - +\fB\-\-mysql\-admin\fR +\fIname\fR +The name of the MySQL admin user\&. The default is \*(Aqroot\*(Aq\&. .PP -\fB\-\-mysql\-pwd\fR \fIvalue\fR The password of the MySQL admin user, The default is to not use a password\&. - +\fB\-\-mysql\-pwd\fR +\fIvalue\fR +The password of the MySQL admin user, The default is to not use a password\&. .PP -\fB\-\-master\-host\fR \fIvalue\fR This is the fully qualified hostname of the master server\&. - +\fB\-\-master\-host\fR +\fIvalue\fR +This is the fully qualified hostname of the master server\&. .PP -\fB\-\-master\-mysql\-user\fR \fIvalue\fR This is the username that the master has made available for the slave to use\&. - +\fB\-\-master\-mysql\-user\fR +\fIvalue\fR +This is the username that the master has made available for the slave to use\&. .PP -\fB\-\-master\-mysql\-pwd\fR \fIvalue\fR This is the password associated to the \-\-master\-mysql\-user account\&. - +\fB\-\-master\-mysql\-pwd\fR +\fIvalue\fR +This is the password associated to the \-\-master\-mysql\-user account\&. .PP -\fB\-\-master\-db\fR \fIvalue\fR This is the name of the DB on the master\&. It must be the same as the one specified in the \-\-db option\&. - +\fB\-\-master\-db\fR +\fIvalue\fR +This is the name of the DB on the master\&. It must be the same as the one specified in the \-\-db option\&. .PP -\fB\-\-master\-log\-file\fR \fIvalue\fR This is the name of the file where a copy of the master log file will be placed\&. - +\fB\-\-master\-log\-file\fR +\fIvalue\fR +This is the name of the file where a copy of the master log file will be placed\&. .PP -\fB\-\-master\-log\-pos\fR \fIvalue\fR This is the location where a copy of the master log file will be placed\&. - +\fB\-\-master\-log\-pos\fR +\fIvalue\fR +This is the location where a copy of the master log file will be placed\&. .SH "BUGS" - .PP -EGEE Bug Tracking Tool: \fIhttps://savannah.cern.ch/projects/jra1mdw/\fR - +\m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" - .PP voms(8) - .PP -EDT Auth Home page: \fIhttp://grid-auth.infn.it\fR - +\m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP -CVSweb: \fIhttp://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms\fR - +\m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP -RPM repository: \fIhttp://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3\fR - +\m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" - .PP -Vincenzo Ciaschini \&. - +Vincenzo Ciaschini +\&. .PP -Valerio Venturi \&. - +Valerio Venturi +\&. .SH "COPYRIGHT" - .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. - .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at - .PP -www\&.apache\&.org/licenses/LICENSE\-2\&.0: \fIhttp://www.apache.org/licenses/LICENSE-2.0\fR - +\m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. - +.SH "NOTES" +.IP " 1." 4 +EGEE Bug Tracking Tool +.RS 4 +\%https://savannah.cern.ch/projects/jra1mdw/ +.RE +.IP " 2." 4 +EDT Auth Home page +.RS 4 +\%http://grid-auth.infn.it +.RE +.IP " 3." 4 +CVSweb +.RS 4 +\%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms +.RE +.IP " 4." 4 +RPM repository +.RS 4 +\%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 +.RE +.IP " 5." 4 +www.apache.org/licenses/LICENSE-2.0 +.RS 4 +\%http://www.apache.org/licenses/LICENSE-2.0 +.RE diff --git a/doc/voms-proxy-destroy.1 b/doc/voms-proxy-destroy.1 index 9ffa7cc6..c2505a60 100644 --- a/doc/voms-proxy-destroy.1 +++ b/doc/voms-proxy-destroy.1 @@ -1,102 +1,118 @@ -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "VOMS-PROXY-DESTROY" 1 "" "" "" -.SH NAME +'\" t +.\" Title: voms-proxy-destroy +.\" Author: [see the "Authors" section] +.\" Generator: DocBook XSL Stylesheets vsnapshot +.\" Date: 05/03/2021 +.\" Manual: VOMS Proxy Destroyer +.\" Source: VOMS Proxy Destroyer +.\" Language: English +.\" +.TH "VOMS\-PROXY\-DESTROY" "1" "05/03/2021" "VOMS Proxy Destroyer" "VOMS Proxy Destroyer" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" voms-proxy-destroy \- destroys a VOMS proxy .SH "SYNOPSIS" -.ad l -.hy 0 -.HP 19 +.HP \w'\fBvoms\-proxy\-destroy\fR\ 'u \fBvoms\-proxy\-destroy\fR [options] -.ad -.hy - .SH "DESCRIPTION" - .PP The voms\-proxy\-destroy is intended to be used after a proxy is no longer useful, to destroy it - .SH "OPTIONS" - .PP Options may be specified indifferently with either a "\-" or "\-\-" prefix\&. The options from \-help to \-out are present for compatibility with grid\-proxy\-init, and have the exact same meaning\&. The meaning of the other ones is the following\&. - .PP -\fB\-help\fR Displays usage - +\fB\-help\fR +Displays usage .PP -\fB\-version\fR Displays version - +\fB\-version\fR +Displays version .PP -\fB\-debug\fR Enables extra debug output - +\fB\-debug\fR +Enables extra debug output .PP -\fB\-q\fR Quiet mode, minimal output - +\fB\-q\fR +Quiet mode, minimal output .PP -\fB\-file\fR \fIproxyfile\fR The name of the file containing the proxy, in case it is in a non\-standard place\&. - +\fB\-file\fR +\fIproxyfile\fR +The name of the file containing the proxy, in case it is in a non\-standard place\&. .PP -\fB\-dry\fR Doesn't actually destroy the proxy\&. - +\fB\-dry\fR +Doesn\*(Aqt actually destroy the proxy\&. .PP -\fB\-conf\fR \fIfile\fR Read options from file\&. - +\fB\-conf\fR +\fIfile\fR +Read options from +\fIfile\fR\&. .SH "BUGS" - .PP -EGEE Bug Tracking Tool: \fIhttps://savannah.cern.ch/projects/jra1mdw/\fR - +\m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" - .PP voms\-proxy\-init(1), voms\-proxy\-info(1) - .PP -EDT Auth Home page: \fIhttp://grid-auth.infn.it\fR - +\m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP -CVSweb: \fIhttp://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms\fR - +\m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP -RPM repository: \fIhttp://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3\fR - +\m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" - .PP -Vincenzo Ciaschini \&. - +Vincenzo Ciaschini +\&. .PP -Valerio Venturi \&. - +Valerio Venturi +\&. .SH "COPYRIGHT" - .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. - .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at - .PP -www\&.apache\&.org/licenses/LICENSE\-2\&.0: \fIhttp://www.apache.org/licenses/LICENSE-2.0\fR - +\m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. - +.SH "NOTES" +.IP " 1." 4 +EGEE Bug Tracking Tool +.RS 4 +\%https://savannah.cern.ch/projects/jra1mdw/ +.RE +.IP " 2." 4 +EDT Auth Home page +.RS 4 +\%http://grid-auth.infn.it +.RE +.IP " 3." 4 +CVSweb +.RS 4 +\%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms +.RE +.IP " 4." 4 +RPM repository +.RS 4 +\%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 +.RE +.IP " 5." 4 +www.apache.org/licenses/LICENSE-2.0 +.RS 4 +\%http://www.apache.org/licenses/LICENSE-2.0 +.RE diff --git a/doc/voms-proxy-fake.1 b/doc/voms-proxy-fake.1 index 76cb8978..1941b8f5 100644 --- a/doc/voms-proxy-fake.1 +++ b/doc/voms-proxy-fake.1 @@ -1,282 +1,360 @@ -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "VOMS-PROXY-FAKE" 1 "" "" "" -.SH NAME +'\" t +.\" Title: voms-proxy-fake +.\" Author: [see the "Authors" section] +.\" Generator: DocBook XSL Stylesheets vsnapshot +.\" Date: 05/03/2021 +.\" Manual: VOMS Client +.\" Source: VOMS Client +.\" Language: English +.\" +.TH "VOMS\-PROXY\-FAKE" "1" "05/03/2021" "VOMS Client" "VOMS Client" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" voms-proxy-fake \- create a proxy with VOMS extensions .SH "SYNOPSIS" -.ad l -.hy 0 -.HP 16 +.HP \w'\fBvoms\-proxy\-fake\fR\ 'u \fBvoms\-proxy\-fake\fR [options] -.ad -.hy - .SH "DESCRIPTION" - .PP The voms\-proxy\-fake generates a proxy containing arbitrary attributes without contacting the VOMS server\&. - .SH "OPTIONS" - .PP Options may be specified indifferently with either a "\-" or "\-\-" prefix\&. - .PP -\fB\-help\fR Displays usage\&. - +\fB\-help\fR +Displays usage\&. .PP -\fB\-version\fR Displays version\&. - +\fB\-version\fR +Displays version\&. .PP -\fB\-debug\fR Enables extra debug output\&. - +\fB\-debug\fR +Enables extra debug output\&. .PP -\fB\-q\fR Quiet mode, minimal output\&. - +\fB\-q\fR +Quiet mode, minimal output\&. .PP -\fB\-verify\fR Verifies certificate to make proxy for\&. - +\fB\-verify\fR +Verifies certificate to make proxy for\&. .PP -\fB\-pwstdin\fR Allows passphrase from stdin\&. - +\fB\-pwstdin\fR +Allows passphrase from stdin\&. .PP -\fB\-limited\fR Creates a limited proxy\&. - +\fB\-limited\fR +Creates a limited proxy\&. .PP -\fB\-hours\fR \fIH\fR Proxy is valid for H hours (default:12)\&. - +\fB\-hours\fR +\fIH\fR +Proxy is valid for +\fIH\fR +hours (default:12)\&. .PP -\fB\-vomslife\fR \fIH\fR Tries to get an AC with information valid for H hours\&. The default is "as long as the proxy certificate"\&. The special value 0 means as long as the server will allow\&. - +\fB\-vomslife\fR +\fIH\fR +Tries to get an AC with information valid for +\fIH\fR +hours\&. The default is "as long as the proxy certificate"\&. The special value +0 +means as long as the server will allow\&. .PP -\fB\-bits\fR \fIB\fR Number of bits in key {0|512|1024|2048|4096}\&. 0 is a special value which means: same number of bits as in the issuing certificate\&. - +\fB\-bits\fR +\fIB\fR +Number of bits in key {0|512|1024|2048|4096}\&. 0 is a special value which means: same number of bits as in the issuing certificate\&. .PP -\fB\-cert\fR \fIcertfile\fR Non\-standard location of user certificate - +\fB\-cert\fR +\fIcertfile\fR +Non\-standard location of user certificate .PP -\fB\-key\fR \fIkeyfile\fR Non\-standard location of user key - +\fB\-key\fR +\fIkeyfile\fR +Non\-standard location of user key .PP -\fB\-certdir\fR \fIcertdir\fR Location of trusted certificates dir - +\fB\-certdir\fR +\fIcertdir\fR +Location of trusted certificates dir .PP -\fB\-out\fR \fIproxyfile\fR Location of new proxy cert - +\fB\-out\fR +\fIproxyfile\fR +Location of new proxy cert .PP -\fB\-voms\fR \fIvoms[:command]\fR Specifies the fake VOMS server that will appear in the attribute certificate\&. command is ignored and is present for compatibility with voms\-proxy\-init\&. - +\fB\-voms\fR +\fIvoms[:command]\fR +Specifies the fake VOMS server that will appear in the attribute certificate\&. command is ignored and is present for compatibility with voms\-proxy\-init\&. .PP -\fB\-include\fR \fIfile\fR Includes file in the certificate (in a non critical extension) - +\fB\-include\fR +\fIfile\fR +Includes +\fIfile\fR +in the certificate (in a non critical extension) .PP -\fB\-conf\fR \fIfile\fR Read options from file\&. - +\fB\-conf\fR +\fIfile\fR +Read options from +\fIfile\fR\&. .PP -\fB\-policy\fR The file containing the policy expression\&. - +\fB\-policy\fR +The file containing the policy expression\&. .PP -\fB\-policy\-language\fR\fI pl\fR The language in which the policy is expressed\&. Default is IMPERSONATION_PROXY\&. - +\fB\-policy\-language\fR\fI pl\fR +The language in which the policy is expressed\&. Default is IMPERSONATION_PROXY\&. .PP -\fB\-path\-length\fR Maximum depth of proxy certfificate that can be signed from this\&. - +\fB\-path\-length\fR +Maximum depth of proxy certfificate that can be signed from this\&. .PP -\fB\-globus\fR \fIversion\fR Underlying Globus version\&. - +\fB\-globus\fR +\fIversion\fR +This option is obsolete and only present for backwards compatibility with old installations\&. Currently, its value is ignored\&. .PP -\fB\-proxyver\fR Version of the proxy certificate to create\&. May be 2 or 3\&. Default value is decided upon underlying globus version\&. - +\fB\-proxyver\fR +Version of the proxy certificate to create\&. May be 2 or 3\&. Default value is decided upon underlying globus version\&. .PP -\fB\-separate\fR \fIfile\fR Saves the voms credential on file file\&. - +\fB\-separate\fR +\fIfile\fR +Saves the voms credential on file +\fIfile\fR\&. .PP -\fB\-hostcert\fR \fIfile\fR The cert that will be used to sign the AC\&. - +\fB\-hostcert\fR +\fIfile\fR +The cert that will be used to sign the AC\&. .PP -\fB\-hostkey\fR \fIfile\fR The key thet will be used to sign the AC\&. - +\fB\-hostkey\fR +\fIfile\fR +The key thet will be used to sign the AC\&. .PP -\fB\-fqan\fR \fIfile\fR The string that will be included in the AC as the granted FQAN\&. - +\fB\-fqan\fR +\fIfile\fR +The string that will be included in the AC as the granted FQAN\&. .PP \fB\-newformat\fR - .PP This forces the server to generate ACs in the new (correct) format\&. This is meant as a compatibility feature to ease migration while the servers upgrade to the new version\&. - .PP -\fB\-newsubject\fR \fInewdn\fR - +\fB\-newsubject\fR +\fInewdn\fR .PP -The created proxy will have newdn as subject rather than what is would normally have depending on the specific version of proxy created\&. Non\-printable characters may be specified via the '\\XX' encoding, where XX are two hexadecimal characters\&. - +The created proxy will have +\fInewdn\fR +as subject rather than what is would normally have depending on the specific version of proxy created\&. Non\-printable characters may be specified via the \*(Aq\eXX\*(Aq encoding, where XX are two hexadecimal characters\&. .PP -\fB\-newissuer\fR \fInewdn\fR - +\fB\-newissuer\fR +\fInewdn\fR .PP -The created proxy will have newdn as issuer rather than what is would normally have depending on the specific version of proxy created\&. Non\-printable characters may be specified via the '\\XX' encoding, where XX are two hexadecimal characters\&. - +The created proxy will have +\fInewdn\fR +as issuer rather than what is would normally have depending on the specific version of proxy created\&. Non\-printable characters may be specified via the \*(Aq\eXX\*(Aq encoding, where XX are two hexadecimal characters\&. .PP -\fB\-newserial\fR \fInewserial\fR - +\fB\-newserial\fR +\fInewserial\fR .PP -The created proxy will have the newserial as its serial number\&. The new serial number will have to be specified as an hex representation\&. Any length is possible\&. If this option is not specified, voms\-proxy\-fake will choose the serial number\&. - +The created proxy will have the +\fInewserial\fR +as its serial number\&. The new serial number will have to be specified as an hex representation\&. Any length is possible\&. If this option is not specified, voms\-proxy\-fake will choose the serial number\&. .PP -\fB\-pastac\fR \fItimespec\fR - +\fB\-pastac\fR +\fItimespec\fR .PP -The created AC will have its validity start in the past, as specified by timespec\&. - +The created AC will have its validity start in the past, as specified by +\fItimespec\fR\&. .PP -The format of timespec is one of: seconds, hours:minutes, hours:minutes:seconds - +The format of +\fItimespec\fR +is one of: +\fIseconds\fR, +\fIhours:minutes\fR, +\fIhours:minutes:seconds\fR .PP -\fB\-pastproxy\fR \fItimespec\fR - +\fB\-pastproxy\fR +\fItimespec\fR .PP -The created proxy will have its validity start in the past as specified by timespec - +The created proxy will have its validity start in the past as specified by +\fItimespec\fR .PP -The format of timespec is one of: seconds, hours:minutes, hours:minutes:seconds - +The format of +\fItimespec\fR +is one of: +\fIseconds\fR, +\fIhours:minutes\fR, +\fIhours:minutes:seconds\fR .PP -\fB\-nscert\fR \fIbit,\&.\&.\&.,bit\fR - +\fB\-nscert\fR +\fIbit,\&.\&.\&.,bit\fR .PP -The created proxy will have the specified bits in the Netscape Certificate Extension\&. Acceptable values for bit are: client, server, email, objsign, sslCA, emailCA, objCA\&. The default value is not to have this extension\&. - +The created proxy will have the specified bits in the Netscape Certificate Extension\&. Acceptable values for +\fIbit\fR +are: client, server, email, objsign, sslCA, emailCA, objCA\&. The default value is not to have this extension\&. .PP -\fB\-extkeyusage\fR \fIbit,\&.\&.\&.,bit\fR - +\fB\-extkeyusage\fR +\fIbit,\&.\&.\&.,bit\fR .PP -The created proxy will have the specified bits in the Extended Key Usage Extension\&. Acceptable values for bit are: serverAuth, clientAuth, codeSigning, emailProtection, timeStamping, msCodeInd, msCodeCom, msCTLSign, msSGC, msEFS, nsSGC, deltaCRL\&. The default value is not to have this extensions\&. - +The created proxy will have the specified bits in the Extended Key Usage Extension\&. Acceptable values for +\fIbit\fR +are: serverAuth, clientAuth, codeSigning, emailProtection, timeStamping, msCodeInd, msCodeCom, msCTLSign, msSGC, msEFS, nsSGC, deltaCRL\&. The default value is not to have this extensions\&. .PP -\fB\-keyusage\fR \fIbit,\&.\&.\&.,bit\fR - +\fB\-keyusage\fR +\fIbit,\&.\&.\&.,bit\fR .PP -The created proxy will have the specified bits in the Key Usage Extensions\&. Acceptable values for bit are: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly\&. The default value is to copy this extensions from the issuer certificate while removing the keyCertSign and nonRepudiation bits if present\&. - +The created proxy will have the specified bits in the Key Usage Extensions\&. Acceptable values for +\fIbit\fR +are: digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, encipherOnly, decipherOnly\&. The default value is to copy this extensions from the issuer certificate while removing the keyCertSign and nonRepudiation bits if present\&. .PP \fB\-selfsigned\fR - .PP The created certificate will be a self\-signed certificate and have a CA=true bit in the Basic constraints Exception\&. - .PP -\fB\-extension\fR \fIoid[/criticality]value\fR - +\fB\-extension\fR +\fIoid[/criticality]value\fR .PP This option allows to specified additional extensions to be put in the created certificate\&. - -.PP -oid is the Object Identifier of the extensions\&. Any OID may be used even if it is not already known in advance\&. This must always be specified\&. There is no default\&. - .PP -criticality specifies whether the extensions is critical or not, and it must be either true or false\&. If absent, it defaults to false\&. - -.PP -value is the value of the extensions\&. It is composed by two subfields, type and content\&. type is a single charater, and specifies how the content is interpreted\&. ':' means that content is a text string to be included as is\&. '~' means that content is an hex representation of the string\&. '+' means that content is the name of a file which will contain the actual data\&. - -.PP -\fB\-acextension\fR \fIoid[/criticality]value\fR - +\fIoid\fR +is the Object Identifier of the extensions\&. Any OID may be used even if it is not already known in advance\&. This must always be specified\&. There is no default\&. +.PP +\fIcriticality\fR +specifies whether the extensions is critical or not, and it must be either +\fItrue\fR +or +\fIfalse\fR\&. If absent, it defaults to +\fIfalse\fR\&. +.PP +\fIvalue\fR +is the value of the extensions\&. It is composed by two subfields, +\fItype\fR +and +\fIcontent\fR\&. +\fItype\fR +is a single charater, and specifies how the +\fIcontent\fR +is interpreted\&. \*(Aq:\*(Aq means that +\fIcontent\fR +is a text string to be included as is\&. \*(Aq~\*(Aq means that +\fIcontent\fR +is an hex representation of the string\&. \*(Aq+\*(Aq means that +\fIcontent\fR +is the name of a file which will contain the actual data\&. +.PP +\fB\-acextension\fR +\fIoid[/criticality]value\fR .PP This option allows to specified additional extensions to be put in the created attribute certificate\&. - -.PP -oid is the Object Identifier of the extensions\&. Any OID may be used even if it is not already known in advance\&. This must always be specified\&. There is no default\&. - -.PP -criticality specifies whether the extensions is critical or not, and it must be either true or false\&. If absent, it defaults to false\&. - -.PP -value is the value of the extensions\&. It is composed by two subfields, type and content\&. type is a single charater, and specifies how the content is interpreted\&. ':' means that content is a text string to be included as is\&. '~' means that content is an hex representation of the string\&. '+' means that content is the name of a file which will contain the actual data\&. - -.PP -\fB\-ga\fR \fIid\fR = \fIvalue\fR \fI[(qualifier)]\fR - -.PP -This option adds the generic attribute specified to the AC generated\&. Please note that spaces before and after the '=' char are swallowed in the command line\&. - -.PP -\fB\-voinfo\fR \fIfile\fR - .PP -The file file contains informations for additional ACs that should be included in the created proxy\&. ACs specified via the \-voinfo option shall be added before ACs specified via the command line options\&. - +\fIoid\fR +is the Object Identifier of the extensions\&. Any OID may be used even if it is not already known in advance\&. This must always be specified\&. There is no default\&. +.PP +\fIcriticality\fR +specifies whether the extensions is critical or not, and it must be either +\fItrue\fR +or +\fIfalse\fR\&. If absent, it defaults to +\fIfalse\fR\&. +.PP +\fIvalue\fR +is the value of the extensions\&. It is composed by two subfields, +\fItype\fR +and +\fIcontent\fR\&. +\fItype\fR +is a single charater, and specifies how the +\fIcontent\fR +is interpreted\&. \*(Aq:\*(Aq means that +\fIcontent\fR +is a text string to be included as is\&. \*(Aq~\*(Aq means that +\fIcontent\fR +is an hex representation of the string\&. \*(Aq+\*(Aq means that +\fIcontent\fR +is the name of a file which will contain the actual data\&. +.PP +\fB\-ga\fR +\fIid\fR += +\fIvalue\fR +\fI[(qualifier)]\fR +.PP +This option adds the generic attribute specified to the AC generated\&. Please note that spaces before and after the \*(Aq=\*(Aq char are swallowed in the command line\&. +.PP +\fB\-voinfo\fR +\fIfile\fR +.PP +The file +\fIfile\fR +contains informations for additional ACs that should be included in the created proxy\&. ACs specified via the \-voinfo option shall be added before ACs specified via the command line options\&. .PP The format of the file is the following: - .PP -[voname] - +[\fIvoname\fR] .PP -parameter=value - +\fIparameter\fR=\fIvalue\fR .PP -parameter=value - +\fIparameter\fR=\fIvalue\fR .PP -\&.\&.\&. - +\fI\&.\&.\&.\fR .SH "BUGS" - .PP -EGEE Bug Tracking Tool: \fIhttps://savannah.cern.ch/projects/jra1mdw/\fR - +\m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" - .PP voms\-proxy\-fake(1), voms\-proxy\-init(1), voms\-proxy\-info(1), voms\-proxy\-destroy(1) - .PP -EDT Auth Home page: \fIhttp://grid-auth.infn.it\fR - +\m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP -CVSweb: \fIhttp://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms\fR - +\m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP -RPM repository: \fIhttp://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3\fR - +\m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" - .PP -Vincenzo Ciaschini \&. - +Vincenzo Ciaschini +\&. .PP -Valerio Venturi \&. - +Valerio Venturi +\&. .SH "COPYRIGHT" - .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. - .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at - .PP -www\&.apache\&.org/licenses/LICENSE\-2\&.0: \fIhttp://www.apache.org/licenses/LICENSE-2.0\fR - +\m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. - +.SH "NOTES" +.IP " 1." 4 +EGEE Bug Tracking Tool +.RS 4 +\%https://savannah.cern.ch/projects/jra1mdw/ +.RE +.IP " 2." 4 +EDT Auth Home page +.RS 4 +\%http://grid-auth.infn.it +.RE +.IP " 3." 4 +CVSweb +.RS 4 +\%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms +.RE +.IP " 4." 4 +RPM repository +.RS 4 +\%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 +.RE +.IP " 5." 4 +www.apache.org/licenses/LICENSE-2.0 +.RS 4 +\%http://www.apache.org/licenses/LICENSE-2.0 +.RE diff --git a/doc/voms-proxy-info.1 b/doc/voms-proxy-info.1 index 523f1ccd..467f5ad0 100644 --- a/doc/voms-proxy-info.1 +++ b/doc/voms-proxy-info.1 @@ -1,171 +1,189 @@ -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "VOMS-PROXY-INFO" 1 "" "" "" -.SH NAME +'\" t +.\" Title: voms-proxy-info +.\" Author: [see the "Authors" section] +.\" Generator: DocBook XSL Stylesheets vsnapshot +.\" Date: 05/03/2021 +.\" Manual: VOMS Client +.\" Source: VOMS Client +.\" Language: English +.\" +.TH "VOMS\-PROXY\-INFO" "1" "05/03/2021" "VOMS Client" "VOMS Client" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" voms-proxy-info \- prints informations about a proxy with VOMS extensions .SH "SYNOPSIS" -.ad l -.hy 0 -.HP 16 +.HP \w'\fBvoms\-proxy\-info\fR\ 'u \fBvoms\-proxy\-info\fR [options] -.ad -.hy - .SH "DESCRIPTION" - .PP The voms\-proxy\-info command pritns information about a proxy, including information about the VOMS extension\&. - .SH "OPTIONS" - .PP Options may be specified indifferently with either a "\-" or "\-\-" prefix\&. The options from \-help to \-out are present for compatibility with grid\-proxy\-init, and have the exact same meaning\&. The meaning of the other ones is the following\&. - .PP \fB\-help\fR - .PP -\fB\-usage\fR Displays usage\&. - +\fB\-usage\fR +Displays usage\&. .PP -\fB\-version\fR Displays version\&. - +\fB\-version\fR +Displays version\&. .PP -\fB\-debug\fR Enables extra debug output\&. This is for bug reports only\&. Users must not rely on the extra output printed by this option\&. - +\fB\-debug\fR +Enables extra debug output\&. This is for bug reports only\&. Users must not rely on the extra output printed by this option\&. .PP -\fB\-file\fR \fIproxyfile\fR The name of the file containing the proxy, in case it is in a non\-standard place\&. - +\fB\-file\fR +\fIproxyfile\fR +The name of the file containing the proxy, in case it is in a non\-standard place\&. .PP -\fB\-chain\fR Prints informations about the proxy's certificate chain\&. - +\fB\-chain\fR +Prints informations about the proxy\*(Aqs certificate chain\&. .PP -\fB\-subject\fR Prints the DN of the proxy's subject\&. - +\fB\-subject\fR +Prints the DN of the proxy\*(Aqs subject\&. .PP -\fB\-issuer\fR Prints the DN of the proxy's issuer\&. - +\fB\-issuer\fR +Prints the DN of the proxy\*(Aqs issuer\&. .PP -\fB\-identity\fR Prints the DN of the iodentity represented by the proxy\&. This is synonimous - +\fB\-identity\fR +Prints the DN of the iodentity represented by the proxy\&. This is synonimous .PP -\fB\-type\fR Print the proxy's type (limited or not) - +\fB\-type\fR +Print the proxy\*(Aqs type (limited or not) .PP -\fB\-strength\fR Prints the proxy's strength\&. I\&.e\&. the number of bits in the key\&. - +\fB\-strength\fR +Prints the proxy\*(Aqs strength\&. I\&.e\&. the number of bits in the key\&. .PP -\fB\-valid\fR Print validity times\&. - +\fB\-valid\fR +Print validity times\&. .PP -\fB\-timeleft\fR Prints how much time is left (in seconds) instead of the end time of the proxy\&. This option implies \-valid - +\fB\-timeleft\fR +Prints how much time is left (in seconds) instead of the end time of the proxy\&. This option implies \-valid .PP -\fB\-all\fR Prints everything\&. - +\fB\-all\fR +Prints everything\&. .PP -\fB\-fqan\fR Prints the VOMS attributes in the FQAN format\&. Default - +\fB\-fqan\fR +Prints the VOMS attributes in the FQAN format\&. Default .PP - \fB\-exists\fR \fI\-bits N\fR \fI\-hours H\fR Verifies if the proxy is valid for at least other H hours and has a key of at least N bits\&. - +\fB\-exists\fR +\fI\-bits N\fR +\fI\-hours H\fR +Verifies if the proxy is valid for at least other H hours and has a key of at least N bits\&. .PP - \fB\-acexists\fR \fIvoname\fR Verifies if an AC for the VO specified is present in the proxy\&. - +\fB\-acexists\fR +\fIvoname\fR +Verifies if an AC for the VO specified is present in the proxy\&. .PP -\fB\-conf\fR \fIfile\fR Read options from file\&. - +\fB\-conf\fR +\fIfile\fR +Read options from +\fIfile\fR\&. .PP -\fB\-text\fR Prints the certificate to standard output\&. - +\fB\-text\fR +Prints the certificate to standard output\&. .PP -\fB\-path\fR Prints the full path name of the proxy file\&. - +\fB\-path\fR +Prints the full path name of the proxy file\&. .PP -\fB\-vo\fR Prints the names of the VOs whose AC are present in the proxy - +\fB\-vo\fR +Prints the names of the VOs whose AC are present in the proxy .PP -\fB\-acsubject\fR Prints the subject of the owners of the ACs in the proxy\&. - +\fB\-acsubject\fR +Prints the subject of the owners of the ACs in the proxy\&. .PP -\fB\-acissuer\fR Prints the issuer of the owners of the ACs in the proxy\&. - +\fB\-acissuer\fR +Prints the issuer of the owners of the ACs in the proxy\&. .PP -\fB\-actimeleft\fR Prints how much time is left (in seconds) instead of the end time of the AC\&. - +\fB\-actimeleft\fR +Prints how much time is left (in seconds) instead of the end time of the AC\&. .PP -\fB\-serial\fR Prints the serial number of each AC present in the proxy\&. - +\fB\-serial\fR +Prints the serial number of each AC present in the proxy\&. .PP -\fB\-dont\-verify\-ac\fR Skips the AC verification step\&. Warning! Data printed when this option is specified may not be reliable\&. - +\fB\-dont\-verify\-ac\fR +Skips the AC verification step\&. Warning! Data printed when this option is specified may not be reliable\&. .PP -\fB\-targets\fR Prints the list of hosts to which the AC has been targeted\&. - +\fB\-targets\fR +Prints the list of hosts to which the AC has been targeted\&. .PP -\fB\-included\-file\fR In case the proxy included a user\-specified file, this option prints it to screen\&. - +\fB\-included\-file\fR +In case the proxy included a user\-specified file, this option prints it to screen\&. .PP -\fB\-uri\fR Prints the URI of the serve which issued this AC\&. - +\fB\-uri\fR +Prints the URI of the serve which issued this AC\&. .PP -\fB\-keyusage\fR Print the content of the KeyUsage extension of the certificate\&. - +\fB\-keyusage\fR +Print the content of the KeyUsage extension of the certificate\&. .SH "BUGS" - .PP -EGEE Bug Tracking Tool: \fIhttps://savannah.cern.ch/projects/jra1mdw/\fR - +\m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" - .PP voms\-proxy\-init(1), voms\-proxy\-destroy(1) - .PP -EDT Auth Home page: \fIhttp://grid-auth.infn.it\fR - +\m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP -CVSweb: \fIhttp://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms\fR - +\m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP -RPM repository: \fIhttp://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3\fR - +\m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" - .PP -Vincenzo Ciaschini \&. - +Vincenzo Ciaschini +\&. .PP -Valerio Venturi \&. - +Valerio Venturi +\&. .SH "COPYRIGHT" - .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. - .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at - .PP -www\&.apache\&.org/licenses/LICENSE\-2\&.0: \fIhttp://www.apache.org/licenses/LICENSE-2.0\fR - +\m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. - +.SH "NOTES" +.IP " 1." 4 +EGEE Bug Tracking Tool +.RS 4 +\%https://savannah.cern.ch/projects/jra1mdw/ +.RE +.IP " 2." 4 +EDT Auth Home page +.RS 4 +\%http://grid-auth.infn.it +.RE +.IP " 3." 4 +CVSweb +.RS 4 +\%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms +.RE +.IP " 4." 4 +RPM repository +.RS 4 +\%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 +.RE +.IP " 5." 4 +www.apache.org/licenses/LICENSE-2.0 +.RS 4 +\%http://www.apache.org/licenses/LICENSE-2.0 +.RE diff --git a/doc/voms-proxy-init.1 b/doc/voms-proxy-init.1 index f95b9da9..5d9bd9ae 100644 --- a/doc/voms-proxy-init.1 +++ b/doc/voms-proxy-init.1 @@ -1,213 +1,269 @@ -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "VOMS-PROXY-INIT" 1 "" "" "" -.SH NAME +'\" t +.\" Title: voms-proxy-init +.\" Author: [see the "Authors" section] +.\" Generator: DocBook XSL Stylesheets vsnapshot +.\" Date: 05/03/2021 +.\" Manual: VOMS Client +.\" Source: VOMS Client +.\" Language: English +.\" +.TH "VOMS\-PROXY\-INIT" "1" "05/03/2021" "VOMS Client" "VOMS Client" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" voms-proxy-init \- create a proxy with VOMS extensions .SH "SYNOPSIS" -.ad l -.hy 0 -.HP 16 +.HP \w'\fBvoms\-proxy\-init\fR\ 'u \fBvoms\-proxy\-init\fR [options] -.ad -.hy - .SH "DESCRIPTION" - .PP The voms\-proxy\-init generates a proxy with the VOMS information included in a non critical extension\&. - .SH "OPTIONS" - .PP Options may be specified indifferently with either a "\-" or "\-\-" prefix\&. The options from \-help to \-out are present for compatibility with grid\-proxy\-init, and have the exact same meaning\&. The meaning of the other ones is the following\&. - .PP \fB\-help\fR - .PP -\fB\-usage\fR Displays usage - +\fB\-usage\fR +Displays usage .PP \fB\-version\fR - .PP Displays version - .PP -\fB\-debug\fR Enables extra debug output - +\fB\-debug\fR +Enables extra debug output .PP \fB\-quiet\fR - -.PP -\fB\-q\fR Quiet mode, minimal output - -.PP -\fB\-verify\fR Verifies proxy - -.PP -\fB\-pwstdin\fR Allows passphrase from stdin - -.PP -\fB\-limited\fR Creates a limited proxy - -.PP -\fB\-hours\fR \fIH\fR Proxy is valid for H hours (default:12) This option is deprecated and is only present for compatibility with grid\-proxy\-init, since this option does not set the validity of the credentials returned by VOMS\&. Use \-valid instead\&. - -.PP -\fB\-vomslife\fR \fIH\fR Tries to get a pseudo cert with information valid for H hours\&. The default is "as long as the proxy certificate"\&. The special value 0 means as long as the server will allow\&. This option is deprecated, since it does not set the validity of the generated proxy\&. Use \-valid instead\&. - -.PP -\fB\-valid\fR \fIHH:MM\fR This option attempts to set the validity for both the proxy and the credentials returned by the VOMS server\&. The latter validity may however be shortened due to server policy\&. This option obsoletes both \-hours and \-vomslife, and should be used in preference to both - -.PP -\fB\-bits\fR \fIB\fR Number of bits in key {0|512|1024|2048|4096}\&. 0 is a special value which means: same number of bits as in the issuing certificate\&. - .PP -\fB\-cert\fR \fIcertfile\fR Non\-standard location of user certificate - -.PP -\fB\-key\fR \fIkeyfile\fR Non\-standard location of user key - -.PP -\fB\-certdir\fR \fIcertdir\fR Non standard location where the trusted CAs certificates are kept\&. - -.PP -\fB\-out\fR \fIproxyfile\fR Location of new proxy cert - -.PP -\fB\-voms\fR \fIvoms[:command]\fR Specifies the VOMS server to contact using the nickname voms\&. It also allows to send a specific command to the server\&. The default command is :all, and it gets all group membership information\&. Other commands are :/Role=rolename which grants the rolename VO\-wide role if the server allows it, and :/group/Role=rolename which grants the role rolename only in the group /group, again only if the server allows it\&. - +\fB\-q\fR +Quiet mode, minimal output +.PP +\fB\-verify\fR +Verifies proxy +.PP +\fB\-pwstdin\fR +Allows passphrase from stdin +.PP +\fB\-limited\fR +Creates a limited proxy +.PP +\fB\-hours\fR +\fIH\fR +Proxy is valid for +\fIH\fR +hours (default:12) This option is deprecated and is only present for compatibility with grid\-proxy\-init, since this option does not set the validity of the credentials returned by VOMS\&. Use \-valid instead\&. +.PP +\fB\-vomslife\fR +\fIH\fR +Tries to get a pseudo cert with information valid for +\fIH\fR +hours\&. The default is "as long as the proxy certificate"\&. The special value +0 +means as long as the server will allow\&. This option is deprecated, since it does not set the validity of the generated proxy\&. Use \-valid instead\&. +.PP +\fB\-valid\fR +\fIHH:MM\fR +This option attempts to set the validity for both the proxy and the credentials returned by the VOMS server\&. The latter validity may however be shortened due to server policy\&. This option obsoletes both \-hours and \-vomslife, and should be used in preference to both +.PP +\fB\-bits\fR +\fIB\fR +Number of bits in key {0|512|1024|2048|4096}\&. 0 is a special value which means: same number of bits as in the issuing certificate\&. +.PP +\fB\-cert\fR +\fIcertfile\fR +Non\-standard location of user certificate +.PP +\fB\-key\fR +\fIkeyfile\fR +Non\-standard location of user key +.PP +\fB\-certdir\fR +\fIcertdir\fR +Non standard location where the trusted CAs certificates are kept\&. +.PP +\fB\-out\fR +\fIproxyfile\fR +Location of new proxy cert +.PP +\fB\-voms\fR +\fIvoms[:command]\fR +Specifies the VOMS server to contact using the nickname +\fIvoms\fR\&. It also allows to send a specific command to the server\&. The default command is +\fB:all\fR, and it gets all group membership information\&. Other commands are +\fB:/Role=rolename\fR +which grants the +\fBrolename\fR +VO\-wide role if the server allows it, and +\fB:/group/Role=rolename\fR +which grants the role +\fBrolename\fR +only in the group +\fB/group\fR, again only if the server allows it\&. .PP Example : voms\-proxy\-init \-\-voms myVO:/myVO/Role=VO\-Admin - -.PP -\fB\-order\fR \fIfqan\fR Specified fqans, if present, are put on top of the list of attributes returned by the server in the order in which they are passed (using more \-order call)\&. The order of the others is not specified\&. If some of the fqans are not returned no warning is given\&. Capability selection is not supported\&. - -.PP -\fB\-include\fR \fIfile\fR Includes file in the certificate (in a non critical extension) - -.PP -\fB\-conf\fR \fIfile\fR Read options from file\&. - -.PP -\fB\-confile\fR \fIfile\fR - -.PP -\fB\-userconf\fR \fIfile\fR - .PP -\fB\-vomses\fR \fIfile\fR Specifies the name of a configuration file from which a list of nicknames is read\&. The format of the file is the following: nick host port subject vo where nick is the nickname, host and port are the hostname and port of the server to contact, subject is the subject of the server's certificate, while vo is the name of the VO that owns the server\&. The default filenames are $PREFIX/etc/vomses and $HOME/\&.voms/vomses\&. - +\fB\-order\fR +\fIfqan\fR +Specified fqans, if present, are put on top of the list of attributes returned by the server in the order in which they are passed (using more \-order call)\&. The order of the others is not specified\&. If some of the fqans are not returned no warning is given\&. Capability selection is not supported\&. +.PP +\fB\-include\fR +\fIfile\fR +Includes +\fIfile\fR +in the certificate (in a non critical extension) +.PP +\fB\-conf\fR +\fIfile\fR +Read options from +\fIfile\fR\&. +.PP +\fB\-confile\fR +\fIfile\fR +.PP +\fB\-userconf\fR +\fIfile\fR +.PP +\fB\-vomses\fR +\fIfile\fR +Specifies the name of a configuration file from which a list of nicknames is read\&. The format of the file is the following: +\fInick\fR +\fIhost\fR +\fIport\fR +\fIsubject\fR +\fIvo\fR +where nick is the nickname, host and port are the hostname and port of the server to contact, subject is the subject of the server\*(Aqs certificate, while vo is the name of the VO that owns the server\&. The default filenames are $PREFIX/etc/vomses and $HOME/\&.voms/vomses\&. .PP Moreover, permissions must be 644 if a file is specified, and 755 if a directory is specified - .PP The three options are synonyms\&. \-confile and \-userconf are deprecated\&. \-vomses should be used instead\&. - .PP -\fB\-policy\fR The file containing the policy expression\&. - +\fB\-policy\fR +The file containing the policy expression\&. .PP \fB\-policy\-language\fR\fI pl\fR - .PP -\fB\-pl\fR\fI pl\fR The language in which the policy is expressed\&. Default is IMPERSONATION_PROXY\&. - +\fB\-pl\fR\fI pl\fR +The language in which the policy is expressed\&. Default is IMPERSONATION_PROXY\&. .PP -\fB\-path\-length\fR Maximum depth of proxy certfificate that can be signed from this\&. - +\fB\-path\-length\fR +Maximum depth of proxy certfificate that can be signed from this\&. .PP -\fB\-globus\fR \fIversion\fR Underlying Globus version\&. This will influence the default value of the \fB\-proxyver\fR\&. - +\fB\-globus\fR +\fIversion\fR +This option is obsolete and only present for backwards compatibility with old installations\&. Currently, its value is ignored\&. .PP -\fB\-proxyver\fR Version of the proxy certificate to create\&. May be 2, 3 or 4\&. Default value is decided upon underlying globus version\&. - +\fB\-proxyver\fR +Version of the proxy certificate to create\&. May be 2, 3 or 4\&. Default value is decided upon underlying globus version\&. .PP -\fB\-rfc\fR This option is a synonym of \fB\-proxyver 4\fR and it generates a RFC\-compliant proxy\&. - +\fB\-rfc\fR +This option is a synonym of +\fB\-proxyver 4\fR +and it generates a RFC\-compliant proxy\&. .PP -\fB\-old\fR This option is a synonym of \fB\-proxyver 2\fR and it generates a legacy proxy\&. - +\fB\-old\fR +This option is a synonym of +\fB\-proxyver 2\fR +and it generates a legacy proxy\&. .PP -\fB\-target\fR \fIhostname\fR This option targets the generated AC to a specific host\&. This option may be specified multiple times to allow for multiple hosts\&. - +\fB\-target\fR +\fIhostname\fR +This option targets the generated AC to a specific host\&. This option may be specified multiple times to allow for multiple hosts\&. .PP -\fB\-timeout\fR \fIseconds\fR This option allows to specify the maximum number of seconds that voms\-proxy\-init will wait while trying to establish a connection with the server\&. Its default value is \-1 (unlimited)\&. - +\fB\-timeout\fR +\fIseconds\fR +This option allows to specify the maximum number of seconds that voms\-proxy\-init will wait while trying to establish a connection with the server\&. Its default value is \-1 (unlimited)\&. .PP -\fB\-noregen\fR Use existing proxy to contact the server and to sing the new proxy\&. - +\fB\-noregen\fR +Use existing proxy to contact the server and to sing the new proxy\&. .PP -\fB\-separate\fR \fIfile\fR Saves the voms credential on file file\&. - +\fB\-separate\fR +\fIfile\fR +Saves the voms credential on file +\fIfile\fR\&. .PP -\fB\-ignorewarn\fR Ignore all warnings\&. They are not shown to the user\&. - +\fB\-ignorewarn\fR +Ignore all warnings\&. They are not shown to the user\&. .PP -\fB\-failonwarn\fR Warnings become failures\&. The program will translates all warnings into errors and will react accordingly, by returning a failure itself\&. - +\fB\-failonwarn\fR +Warnings become failures\&. The program will translates all warnings into errors and will react accordingly, by returning a failure itself\&. .PP -\fB\-list\fR Instead of producing an attribute certificate, this optin will print on screen a list of all attributes available to the user\&. - +\fB\-list\fR +Instead of producing an attribute certificate, this optin will print on screen a list of all attributes available to the user\&. .PP -\fB\-includeac\fR \fIfile\fR Adds the VOMS AC in file to the proxy\&. - +\fB\-includeac\fR +\fIfile\fR +Adds the VOMS AC in +\fIfile\fR +to the proxy\&. .SH "BUGS" - .PP -EGEE Bug Tracking Tool: \fIhttps://savannah.cern.ch/projects/jra1mdw/\fR - +\m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" - .PP voms\-proxy\-info(1), voms\-proxy\-destroy(1) - .PP -EDT Auth Home page: \fIhttp://grid-auth.infn.it\fR - +\m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP -CVSweb: \fIhttp://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms\fR - +\m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP -RPM repository: \fIhttp://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3\fR - +\m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" - .PP -Vincenzo Ciaschini \&. - +Vincenzo Ciaschini +\&. .PP -Valerio Venturi \&. - +Valerio Venturi +\&. .SH "COPYRIGHT" - .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. - .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at - .PP -www\&.apache\&.org/licenses/LICENSE\-2\&.0: \fIhttp://www.apache.org/licenses/LICENSE-2.0\fR - +\m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. - +.SH "NOTES" +.IP " 1." 4 +EGEE Bug Tracking Tool +.RS 4 +\%https://savannah.cern.ch/projects/jra1mdw/ +.RE +.IP " 2." 4 +EDT Auth Home page +.RS 4 +\%http://grid-auth.infn.it +.RE +.IP " 3." 4 +CVSweb +.RS 4 +\%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms +.RE +.IP " 4." 4 +RPM repository +.RS 4 +\%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 +.RE +.IP " 5." 4 +www.apache.org/licenses/LICENSE-2.0 +.RS 4 +\%http://www.apache.org/licenses/LICENSE-2.0 +.RE diff --git a/doc/voms-proxy-list.1 b/doc/voms-proxy-list.1 index 915bbce0..5133bae5 100644 --- a/doc/voms-proxy-list.1 +++ b/doc/voms-proxy-list.1 @@ -1,150 +1,176 @@ -.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "VOMS-PROXY-LIST" 1 "" "" "" -.SH NAME +'\" t +.\" Title: voms-proxy-list +.\" Author: [see the "Authors" section] +.\" Generator: DocBook XSL Stylesheets vsnapshot +.\" Date: 05/03/2021 +.\" Manual: VOMS Client +.\" Source: VOMS Client +.\" Language: English +.\" +.TH "VOMS\-PROXY\-LIST" "1" "05/03/2021" "VOMS Client" "VOMS Client" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" voms-proxy-list \- Shows a list of all availabel attributes from a specified server .SH "SYNOPSIS" -.ad l -.hy 0 -.HP 16 +.HP \w'\fBvoms\-proxy\-list\fR\ 'u \fBvoms\-proxy\-list\fR [options] -.ad -.hy - .SH "DESCRIPTION" - .PP The voms\-proxy\-list prints on screen a list of all available attributes from a specified proxy server\&. - .SH "OPTIONS" - .PP Options may be specified indifferently with either a "\-" or "\-\-" prefix\&. The options from \-help to \-out are present for compatibility with grid\-proxy\-init, and have the exact same meaning\&. The meaning of the other ones is the following\&. - .PP -\fB\-help\fR Displays usage - +\fB\-help\fR +Displays usage .PP -\fB\-version\fR Displays version - +\fB\-version\fR +Displays version .PP -\fB\-debug\fR Enables extra debug output - +\fB\-debug\fR +Enables extra debug output .PP -\fB\-q\fR Quiet mode, minimal output - +\fB\-q\fR +Quiet mode, minimal output .PP -\fB\-verify\fR Verifies certificate to make proxy for - +\fB\-verify\fR +Verifies certificate to make proxy for .PP -\fB\-pwstdin\fR Allows passphrase from stdin - +\fB\-pwstdin\fR +Allows passphrase from stdin .PP -\fB\-cert\fR \fIcertfile\fR Non\-standard location of user certificate - +\fB\-cert\fR +\fIcertfile\fR +Non\-standard location of user certificate .PP -\fB\-key\fR \fIkeyfile\fR Non\-standard location of user key - +\fB\-key\fR +\fIkeyfile\fR +Non\-standard location of user key .PP -\fB\-certdir\fR \fIcertdir\fR Non standard location where the trusted CAs certificates are kept\&. - +\fB\-certdir\fR +\fIcertdir\fR +Non standard location where the trusted CAs certificates are kept\&. .PP -\fB\-out\fR \fIproxyfile\fR Location of new proxy cert - +\fB\-out\fR +\fIproxyfile\fR +Location of new proxy cert .PP -\fB\-voms\fR \fIvoms\fR Specifies the VOMS server to contact using the nickname voms\&. - +\fB\-voms\fR +\fIvoms\fR +Specifies the VOMS server to contact using the nickname +\fIvoms\fR\&. .PP Example : voms\-proxy\-list \-\-voms myVO - .PP -\fB\-conf\fR \fIfile\fR Read options from file\&. - +\fB\-conf\fR +\fIfile\fR +Read options from +\fIfile\fR\&. .PP -\fB\-confile\fR \fIfile\fR - +\fB\-confile\fR +\fIfile\fR .PP -\fB\-userconf\fR \fIfile\fR - +\fB\-userconf\fR +\fIfile\fR .PP -\fB\-vomses\fR \fIfile\fR Specifies the name of a configuration file from which a list of nicknames is read\&. The format of the file is the following: nick host port subject vo Where nick is the nickname, host and port are the hostname and port of the server to contact, subject is the subject of the server's certificate, while vo is the name of the VO that owns the server\&. The default filenames are $PREFIX/etc/vomses and $HOME/\&.glite/vomses\&. - +\fB\-vomses\fR +\fIfile\fR +Specifies the name of a configuration file from which a list of nicknames is read\&. The format of the file is the following: +\fInick\fR +\fIhost\fR +\fIport\fR +\fIsubject\fR +\fIvo\fR +Where nick is the nickname, host and port are the hostname and port of the server to contact, subject is the subject of the server\*(Aqs certificate, while vo is the name of the VO that owns the server\&. The default filenames are $PREFIX/etc/vomses and $HOME/\&.glite/vomses\&. .PP Moreover, permissions must be 644 if a file is specified, and 755 if a directory is specified - .PP The three options are synonyms\&. \-confile and \-userconf are deprecated\&. \-vomses should be used instead\&. - .PP -\fB\-globus\fR \fIversion\fR Underlying Globus version\&. - +\fB\-globus\fR +\fIversion\fR +This option is obsolete and only present for backwards compatibility with old installations\&. Currently, its value is ignored\&. .PP -\fB\-noregen\fR Use existing proxy to contact the server and to sing the new proxy\&. - +\fB\-noregen\fR +Use existing proxy to contact the server and to sing the new proxy\&. .PP -\fB\-ignorewarn\fR Ignore all warnings\&. They are not shown to the user\&. - +\fB\-ignorewarn\fR +Ignore all warnings\&. They are not shown to the user\&. .PP -\fB\-failonwarn\fR Warnings become failures\&. The program will translates all warnings into errors and will react accordingly, by returning a failure itself\&. - +\fB\-failonwarn\fR +Warnings become failures\&. The program will translates all warnings into errors and will react accordingly, by returning a failure itself\&. .PP -\fB\-list\fR Instead of producing an attribute certificate, this optin will print on screen a list of all attributes available to the user\&. This is a no\-op - +\fB\-list\fR +Instead of producing an attribute certificate, this optin will print on screen a list of all attributes available to the user\&. This is a no\-op .SH "BUGS" - .PP -EGEE Bug Tracking Tool: \fIhttps://savannah.cern.ch/projects/jra1mdw/\fR - +\m[blue]\fBEGEE Bug Tracking Tool\fR\m[]\&\s-2\u[1]\d\s+2 .SH "SEE ALSO" - .PP voms\-proxy\-list(1), voms\-proxy\-init(1), voms\-proxy\-info(1), voms\-proxy\-destroy(1) - .PP -EDT Auth Home page: \fIhttp://grid-auth.infn.it\fR - +\m[blue]\fBEDT Auth Home page\fR\m[]\&\s-2\u[2]\d\s+2 .PP -CVSweb: \fIhttp://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms\fR - +\m[blue]\fBCVSweb\fR\m[]\&\s-2\u[3]\d\s+2 .PP -RPM repository: \fIhttp://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3\fR - +\m[blue]\fBRPM repository\fR\m[]\&\s-2\u[4]\d\s+2 .SH "AUTHORS" - .PP -Vincenzo Ciaschini \&. - +Vincenzo Ciaschini +\&. .PP -Valerio Venturi \&. - +Valerio Venturi +\&. .SH "COPYRIGHT" - .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. - .PP Licensed under the Apache License, Version 2\&.0 (the "License"); you may not use this file except in compliance with the License\&. You may obtain a copy of the License at - .PP -www\&.apache\&.org/licenses/LICENSE\-2\&.0: \fIhttp://www.apache.org/licenses/LICENSE-2.0\fR - +\m[blue]\fBwww\&.apache\&.org/licenses/LICENSE\-2\&.0\fR\m[]\&\s-2\u[5]\d\s+2 .PP Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied\&. See the License for the specific language governing permissions and limitations under the License\&. - +.SH "NOTES" +.IP " 1." 4 +EGEE Bug Tracking Tool +.RS 4 +\%https://savannah.cern.ch/projects/jra1mdw/ +.RE +.IP " 2." 4 +EDT Auth Home page +.RS 4 +\%http://grid-auth.infn.it +.RE +.IP " 3." 4 +CVSweb +.RS 4 +\%http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms +.RE +.IP " 4." 4 +RPM repository +.RS 4 +\%http://datagrid.in2p3.fr/distribution/autobuild/i386-rh7.3 +.RE +.IP " 5." 4 +www.apache.org/licenses/LICENSE-2.0 +.RS 4 +\%http://www.apache.org/licenses/LICENSE-2.0 +.RE diff --git a/doc/voms.8 b/doc/voms.8 index 13eff217..5583a27e 100644 --- a/doc/voms.8 +++ b/doc/voms.8 @@ -1,13 +1,22 @@ '\" t .\" Title: voms .\" Author: [see the "Authors" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 -.\" Date: 12/14/2011 +.\" Generator: DocBook XSL Stylesheets vsnapshot +.\" Date: 05/03/2021 .\" Manual: VOMS Server .\" Source: VOMS Server .\" Language: English .\" -.TH "VOMS" "8" "12/14/2011" "VOMS Server" "VOMS Server" +.TH "VOMS" "8" "05/03/2021" "VOMS Server" "VOMS Server" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -64,13 +73,13 @@ Selects the file for logging\&. The default is /ver/log/voms\&. \fB\-globuspwd\fR \fIfile\fR .PP -This options are supported for backwards compatibility only\&. They have no effect, and indeed do not get listed by the \-help option\&. +These options are supported for backwards compatibility only\&. They have no effect, and indeed do not get listed by the \-help option\&. .PP \fB\-passfile\fR \fIfile\fR .PP Reads the password to access the DB from -\fIfile\fR\&. The default is to read it from the console during server\'s startup\&. +\fIfile\fR\&. The default is to read it from the console during server\*(Aqs startup\&. .PP \fB\-x509_cert_dir\fR \fIpath\fR @@ -139,7 +148,7 @@ Prints information about the server and then exits\&. \fB\-globus\fR \fIversion\fR .PP -These option are obsolete and only present for backwards compatibility with old installation\&. Currently, their values are ignored\&. Do not specify them in new installations\&. +These options are obsolete and only present for backwards compatibility with old installations\&. Currently, their values are ignored\&. Do not specify them in new installations\&. .PP \fB\-logtype\fR \fItype\fR @@ -262,7 +271,7 @@ selects the type of substitution done\&. Possible values are the following: .sp -1 .IP \(bu 2.3 .\} -% \- Substitutes a plain \'%\'\&. +% \- Substitutes a plain \*(Aq%\*(Aq\&. .RE .sp .RS 4 @@ -341,7 +350,7 @@ m \- Substitutes the message proper\&. .sp -1 .IP \(bu 2.3 .\} -p \- Substitutes the process\' pid\&. +p \- Substitutes the process\*(Aq pid\&. .RE .sp .RS 4 @@ -445,7 +454,7 @@ This option, if specified, forces voms to drop some of the checks done as the au \fB\-contactstring\fR \fIcontact\fR .PP -This string specifies information on how to contact the DB server\&. Its exact meaning depends on the DB backend used\&. For MySQL it is the hostname of the MySQL server, and it defaults to \'localhost\'\&. For Oracle it is the contactstring of the DB\&. However, for oracle it is better to put what whould be the argument of this string into the \'tnsnames\&.ora\' file and ignore this option, +This string specifies information on how to contact the DB server\&. Its exact meaning depends on the DB backend used\&. For MySQL it is the hostname of the MySQL server, and it defaults to \*(Aqlocalhost\*(Aq\&. For Oracle it is the contactstring of the DB\&. However, for oracle it is better to put what whould be the argument of this string into the \*(Aqtnsnames\&.ora\*(Aq file and ignore this option, .PP \fB\-mysql\-port \fR \fIport\fR @@ -493,10 +502,10 @@ voms\-proxy\-init(1), voms\-proxy\-info(1), voms\-proxy\-destroy(1) .SH "AUTHORS" .PP Vincenzo Ciaschini -Vincenzo\&.Ciaschini@cnaf\&.infn\&.it\&. +\&. .PP Valerio Venturi -Valerio\&.Venturi@cnaf\&.infn\&.it\&. +\&. .SH "COPYRIGHT" .PP Copyright (c) Members of the EGEE Collaboration\&. 2004\&. See the beneficiaries list for details on the copyright holders\&. From d806cbf64c0af4e105430c4b5a531b7ef15d7c56 Mon Sep 17 00:00:00 2001 From: Mischa Salle Date: Thu, 3 May 2018 12:38:54 +0200 Subject: [PATCH 29/92] GSOAP checks are only needed for server. Only test for gSOAP and WSDL2H when building server. This allows building the non-server components on platforms without gSOAP. --- configure.ac | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index e42e8b94..8f9f4e1b 100644 --- a/configure.ac +++ b/configure.ac @@ -34,10 +34,6 @@ AC_COMPILER PKG_CHECK_MODULES([OPENSSL], [openssl]) # AC_OPENSSL -PKG_CHECK_MODULES([GSOAP],[gsoap >= 2.7]) -PKG_CHECK_MODULES([GSOAP_PP],[gsoap++ >= 2.7]) -PKG_CHECK_MODULES([GSOAP_SSL],[gsoapssl >= 2.7]) -PKG_CHECK_MODULES([GSOAP_SSL_PP],[gsoapssl++ >= 2.7]) AC_CHECK_HEADER([expat.h], [], @@ -52,7 +48,6 @@ AC_CHECK_LIB([expat], AC_SUBST(EXPAT_LIBS) -AC_WSDL2H AC_ENABLE_DOCS # Checks for header files. @@ -101,6 +96,16 @@ AC_VOMS_STRNDUP AC_BUILD_API_ONLY AC_BUILD_PARTS + +# Check for gSOAP only when building server which is checked in BUILD_PARTS +if test "x$build_server" = "xyes" ; then +PKG_CHECK_MODULES([GSOAP],[gsoap >= 2.7]) +PKG_CHECK_MODULES([GSOAP_PP],[gsoap++ >= 2.7]) +PKG_CHECK_MODULES([GSOAP_SSL],[gsoapssl >= 2.7]) +PKG_CHECK_MODULES([GSOAP_SSL_PP],[gsoapssl++ >= 2.7]) +AC_WSDL2H +fi + GLITE_DOCBOOK_MAN AC_LINUX From 7c50964e6851452177e1335386812014ee945987 Mon Sep 17 00:00:00 2001 From: Mischa Salle Date: Mon, 28 Jun 2021 21:24:01 +0200 Subject: [PATCH 30/92] Fixes for OpenSSL-3.0.0-beta1 - several functions now have 'constified' their parameters - defining AC_dup using &(AC_it) causes a SEGV in OpenSSL 3.0. The proper way seems to always have been to use ASN1_ITEM_rptr(), see for example https://github.com/openssl/openssl/blob/OpenSSL_1_1_1/crypto/rsa/rsa_asn1.c#L113_L116 --- src/ac/newformat.c | 6 +++++- src/include/newformat.h | 4 ++++ src/include/proxypolicy.h | 4 ++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/ac/newformat.c b/src/ac/newformat.c index 078cbff1..7c593085 100644 --- a/src/ac/newformat.c +++ b/src/ac/newformat.c @@ -172,7 +172,11 @@ ASN1_SEQUENCE(AC) = { IMPLEMENT_ASN1_FUNCTIONS(AC) -AC * AC_dup(AC *x) { return (AC*)ASN1_item_dup((&(AC_it)), x); } +#if OPENSSL_VERSION_NUMBER < 0x30000000L +AC * AC_dup(AC *x) { return ASN1_item_dup(ASN1_ITEM_rptr(AC), x); } +#else +AC * AC_dup(const AC *x) { return ASN1_item_dup(ASN1_ITEM_rptr(AC), x); } +#endif ASN1_SEQUENCE(AC_SEQ) = { ASN1_SEQUENCE_OF(AC_SEQ, acs, AC) diff --git a/src/include/newformat.h b/src/include/newformat.h index 886d8195..cc8d69fd 100644 --- a/src/include/newformat.h +++ b/src/include/newformat.h @@ -162,7 +162,11 @@ DECLARE_ASN1_FUNCTIONS(AC_CERTS) DECLARE_ASN1_PRINT_FUNCTION(AC) +#if OPENSSL_VERSION_NUMBER < 0x30000000L extern AC *AC_dup(AC *ac); +#else +extern AC *AC_dup(const AC *ac); +#endif extern EVP_PKEY *EVP_PKEY_dup(EVP_PKEY *pkey); diff --git a/src/include/proxypolicy.h b/src/include/proxypolicy.h index c5bec33e..56a006a1 100644 --- a/src/include/proxypolicy.h +++ b/src/include/proxypolicy.h @@ -78,7 +78,11 @@ extern "C" { , unsigned char * policy , int length); +#if OPENSSL_VERSION_NUMBER < 0x30000000L PROXY_POLICY* PROXY_POLICY_dup(PROXY_POLICY* policy); +#else + PROXY_POLICY* PROXY_POLICY_dup(const PROXY_POLICY* policy); +#endif #ifdef __cplusplus } From a4f4ff8bd7cf123f8007fd0d5fa4021c36ed6498 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Sun, 19 Jun 2022 15:26:59 +0200 Subject: [PATCH 31/92] Remove useless configure checks The checks define preprocessor macros causing many compilation warnings. Moreover the autoconf macros seem incorrect, for they swap the two branches of an if; the result was sort-of-ok by chance. --- configure.ac | 4 --- m4/acinclude.m4 | 89 ------------------------------------------------- 2 files changed, 93 deletions(-) diff --git a/configure.ac b/configure.ac index 8f9f4e1b..77c73b9c 100644 --- a/configure.ac +++ b/configure.ac @@ -81,12 +81,8 @@ AC_CHECK_FUNCS([alarm atexit dup2 gethostbyaddr gethostname gethostbyname gethos AC_CHECK_DECLS(getopt_data) AC_REPLACE_FUNCS(getopt_long getopt_long_only daemon setenv memset) -TEST_USE_BSD -TEST_USE_POSIX - # NEW_ISSUES -AC_DEFINE(_SVID_SOURCE, 1, [Get SVID extensions]) AC_VOMS_TIME_T_TIMEZONE AM_WITH_DMALLOC diff --git a/m4/acinclude.m4 b/m4/acinclude.m4 index b67ac1e8..3c349883 100644 --- a/m4/acinclude.m4 +++ b/m4/acinclude.m4 @@ -436,95 +436,6 @@ AC_DEFUN([PUT_PRIVATES], #define PUBLIC #endif])]) - -AC_DEFUN([TEST_USE_BSD], -[ - AC_MSG_CHECKING([whether _BSD_SOURCE must be defined]) - - AC_LANG_PUSH(C) - - cat >conftest.c < -char *f(void) -{ - return strdup("try"); -} -int main(int argc, char **argv) { - (void)f(); - return 0; -} -HERE - - if ( ($CC -c -o conftest.o -Wall -ansi -pedantic-errors -Werror conftest.c >/dev/null 2>&1) ); then - AC_MSG_RESULT([no]) -else - cat >conftest.c < - char *f(void) - { - return strdup("try"); - } - int main(int argc, char **argv) { - (void)f(); - return 0; - } -HERE - if ( ($CC -c -o conftest.o -Wall -ansi -pedantic-errors -Werror conftest.c >/dev/null 2>&1) ); then - AC_MSG_RESULT([Needs something else. Let's try and hope]) - else - AC_MSG_RESULT([yes]) - AC_DEFINE(_BSD_SOURCE, 1, [needed to get ansi functions definitions]) - fi -fi -rm -rf conftest* -AC_LANG_POP(C) -]) - -AC_DEFUN([TEST_USE_POSIX], -[ - AC_MSG_CHECKING([wether _POSIX_SOURCE must be defined]) - - AC_LANG_PUSH(C) - -cat >conftest.c < -int f(void) -{ - return fileno(stderr); -} -int main(int argc, char **argv) { - (void)f(); - return 0; -} -HERE -if ( ($CC -c -o conftest.o -Wall -ansi -pedantic-errors -Werror conftest.c >/dev/null 2>&1) ); then -AC_MSG_RESULT([no]) -else - cat >conftest.c < - int f(void) - { - return fileno(stderr); - } - int main(int argc, char **argv) { - (void)f(); - return 0; - } -HERE - if ( ($CC -c -o conftest.o -Wall -ansi -pedantic-errors -Werror conftest.c >/dev/null 2>&1) ); then - AC_MSG_RESULT([Needs something else. Let's try and hope]) - else - AC_MSG_RESULT([yes]) - AC_DEFINE(_POSIX_SOURCE, 1, [needed to get ansi functions definitions]) - fi -fi -rm -rf conftest* -AC_LANG_POP(C) - -]) - AC_DEFUN([AC_TESTSUITE], [ AC_ARG_WITH(report-dir, From 164ccda5481c68f7b30724815e50df3ab650e649 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Sun, 19 Jun 2022 15:32:02 +0200 Subject: [PATCH 32/92] Fix compilation warning A literal string cannot be bound to a non-const char pointer. Minimally adjust the const-ness of parameters passed to the parse_ga_value function. --- src/utils/vomsfake.cc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/utils/vomsfake.cc b/src/utils/vomsfake.cc index 2cf1b23a..f477f1bc 100644 --- a/src/utils/vomsfake.cc +++ b/src/utils/vomsfake.cc @@ -89,7 +89,7 @@ extern int writeac(const X509 *issuerc, const STACK_OF(X509) *certstack, const X static int time_to_sec(std::string timestring); static long mystrtol(char *number, long int limit); static std::string hextostring(const std::string &data); -static int parse_ga_value(char *ga, char **id, char **value, char **qual); +static int parse_ga_value(char *ga, char **id, char **value, const char **qual); extern int AC_Init(); @@ -398,7 +398,8 @@ Fake::Fake(int argc, char ** argv) : confile(conf_file_name), int down = 0; for (unsigned int i = 0; i < galist.size(); i++) { char *temp = strdup(galist[i].c_str()); - char *id, *value, *qual; + char *id, *value; + const char *qual; if (parse_ga_value(temp, &id, &value, &qual)) { std::string realga = std::string(qual) + "::" + id + "=" + value; voelem->gas[i] = (char*)strdup((realga.c_str())); @@ -541,9 +542,9 @@ bool Fake::Run() } -static int parse_ga_value(char *ga, char **id, char **value, char **qual) +static int parse_ga_value(char *ga, char **id, char **value, const char **qual) { - static char *empty=""; + static const char *empty=""; char *eqpoint = strchr(ga, '='); char *qualpoint = strchr(ga, '('); char *qualend = strchr(ga, ')'); From c64f0fbfa5937952604110c63eb32b409dda0495 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Sun, 19 Jun 2022 18:19:44 +0200 Subject: [PATCH 33/92] Replace RSA_generate_key with RSA_generate_key_ex RSA_generate_key was deprecated a long time ago. Unfortunately RSA_generate_key_ex is also deprecated by OpenSSL 3, but we'll manage it together with the other OpenSSL 3 deprecations. In the process, clean up the callbacks, to make them respect the required signature. --- src/client/vomsclient.cc | 8 +++----- src/include/sslutils.h | 2 +- src/sslutils/proxy.c | 7 +++---- src/sslutils/sslutils.c | 44 +++++++++++++++++++++++++++++++--------- src/sslutils/vomsproxy.h | 2 +- src/utils/vomsfake.cc | 8 +++----- 6 files changed, 45 insertions(+), 26 deletions(-) diff --git a/src/client/vomsclient.cc b/src/client/vomsclient.cc index 8bafcf43..3a8aafef 100644 --- a/src/client/vomsclient.cc +++ b/src/client/vomsclient.cc @@ -121,11 +121,11 @@ static int pwstdin_callback(char * buf, int num, UNUSED(int w)) return i; } -static int kpcallback(int p, UNUSED(int n)) +static void kpcallback(int p, UNUSED(int n), void*) { char c='B'; - if (quiet) return 0; + if (quiet) return; if (p == 0) c='.'; if (p == 1) c='+'; @@ -133,8 +133,6 @@ static int kpcallback(int p, UNUSED(int n)) if (p == 3) c='\n'; if (!debug) c = '.'; fputc(c,stderr); - - return 0; } extern int proxy_verify_cert_chain(X509 * ucert, STACK_OF(X509) * cert_chain, proxy_verify_desc * pvd); @@ -870,7 +868,7 @@ bool Client::CreateProxy(std::string data, AC ** aclist, int version) args->limited = limit_proxy; args->voID = strdup(voID.c_str()); - args->callback = (int (*)())kpcallback; + args->callback = kpcallback; int warn = 0; void *additional = NULL; diff --git a/src/include/sslutils.h b/src/include/sslutils.h index 594c14ff..7c155a32 100644 --- a/src/include/sslutils.h +++ b/src/include/sslutils.h @@ -423,7 +423,7 @@ proxy_genreq( EVP_PKEY ** pkeyp, int bits, const char * newdn, - int (*callback)()); + void (*callback)(int, int, void*)); int proxy_sign( diff --git a/src/sslutils/proxy.c b/src/sslutils/proxy.c index 31ccc646..5c2d3200 100644 --- a/src/sslutils/proxy.c +++ b/src/sslutils/proxy.c @@ -128,9 +128,8 @@ int VOMS_WriteProxy(const char *filename, struct VOMSProxy *proxy) } -static int kpcallback(int UNUSED(p), int UNUSED(n)) +static void kpcallback(int UNUSED(p), int UNUSED(n), void*) { - return 0; } #define SET_EXT(ex) (!sk_X509_EXTENSION_push(extensions, (ex)) ? \ @@ -157,7 +156,7 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, struct VOMSProxy *proxy = NULL; - int (*cback)(); + void (*cback)(int, int, void*); InitProxyCertInfoExtension(1); @@ -172,7 +171,7 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, if (args->proxyrequest == NULL) { if (proxy_genreq(args->cert, &req, &npkey, args->bits, args->newsubject ? args->newsubject : NULL, - (int (*)())cback)) { + cback)) { goto err; } } else { diff --git a/src/sslutils/sslutils.c b/src/sslutils/sslutils.c index ac8038fa..6bac77ea 100644 --- a/src/sslutils/sslutils.c +++ b/src/sslutils/sslutils.c @@ -701,7 +701,7 @@ proxy_genreq( EVP_PKEY ** pkeyp, int bits, const char * newdn, - int (*callback)()) + void (*callback)(int, int, void*)) { RSA * rsa = NULL; @@ -711,6 +711,8 @@ proxy_genreq( X509_REQ * req = NULL; X509_NAME_ENTRY * ne = NULL; int rbits; + BIGNUM * rsa_exp = NULL; + BN_GENCB * cb = NULL; if (bits) { @@ -744,15 +746,29 @@ proxy_genreq( goto err; } - /* - * Note: The cast of the callback function is consistent with - * the declaration of RSA_generate_key() in OpenSSL. It may - * trigger a warning if you compile with SSLeay. - */ - if ((rsa = RSA_generate_key(rbits, - RSA_F4, - (void (*)(int,int,void *))callback - ,NULL)) == NULL) + if ((rsa_exp = BN_new()) == NULL || ! BN_set_word(rsa_exp, RSA_F4)) + { + PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); + goto err; + } + + if ((cb = BN_GENCB_new()) == NULL) + { + PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); + goto err; + } + BN_GENCB_set_old(cb, callback, NULL); + + if ((rsa = RSA_new()) == NULL) { + PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); + goto err; + } + + if (RSA_generate_key_ex(rsa, rbits, rsa_exp, cb)) + { + BN_free(rsa_exp); + } + else { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); goto err; @@ -840,6 +856,14 @@ proxy_genreq( if (upkey) EVP_PKEY_free(upkey); + if (rsa_exp) + { + BN_free(rsa_exp); + } + if (cb) + { + BN_GENCB_free(cb); + } if(rsa) { RSA_free(rsa); diff --git a/src/sslutils/vomsproxy.h b/src/sslutils/vomsproxy.h index 5284d183..1980eba4 100644 --- a/src/sslutils/vomsproxy.h +++ b/src/sslutils/vomsproxy.h @@ -57,7 +57,7 @@ struct VOMSProxyArguments { int minutes; int limited; char *voID; - int (*callback)(); + void (*callback)(int, int, void*); STACK_OF(X509_EXTENSION) *extensions; STACK_OF(X509) *chain; int pastproxy; diff --git a/src/utils/vomsfake.cc b/src/utils/vomsfake.cc index f477f1bc..9059245e 100644 --- a/src/utils/vomsfake.cc +++ b/src/utils/vomsfake.cc @@ -128,11 +128,11 @@ static int pwstdin_callback(char * buf, int num, UNUSED(int w)) return i; } -static int kpcallback(int p, int UNUSED(n)) +static void kpcallback(int p, int UNUSED(n), void*) { char c='B'; - if (quiet) return 0; + if (quiet) return; if (p == 0) c='.'; if (p == 1) c='+'; @@ -140,8 +140,6 @@ static int kpcallback(int p, int UNUSED(n)) if (p == 3) c='\n'; if (!debug) c = '.'; fputc(c,stderr); - - return 0; } extern int proxy_verify_cert_chain(X509 * ucert, STACK_OF(X509) * cert_chain, proxy_verify_desc * pvd); @@ -618,7 +616,7 @@ bool Fake::CreateProxy(std::string data, AC ** aclist, int version) args->minutes = 0; args->limited = limit_proxy; args->voID = strdup(voID.c_str()); - args->callback = (int (*)())kpcallback; + args->callback = kpcallback; args->pastproxy = time_to_sec(pastproxy); if (!keyusage.empty()) From e713b207ab3199b7cff9e2c7c56734559ef207f1 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Sun, 19 Jun 2022 18:37:53 +0200 Subject: [PATCH 34/92] Name all function parameters in C code C did not allow unnamed function parameters. For uniformity, do the same in similar contexts in C++ code (where it would be allowed). Note that recent versions of gcc allow unnamed parameters. This is probably due to an upgrade of the C standard (to be checked). --- src/client/vomsclient.cc | 2 +- src/sslutils/proxy.c | 2 +- src/utils/vomsfake.cc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/client/vomsclient.cc b/src/client/vomsclient.cc index 3a8aafef..6e5d74f2 100644 --- a/src/client/vomsclient.cc +++ b/src/client/vomsclient.cc @@ -121,7 +121,7 @@ static int pwstdin_callback(char * buf, int num, UNUSED(int w)) return i; } -static void kpcallback(int p, UNUSED(int n), void*) +static void kpcallback(int p, UNUSED(int n), UNUSED(void* v)) { char c='B'; diff --git a/src/sslutils/proxy.c b/src/sslutils/proxy.c index 5c2d3200..8a1e2098 100644 --- a/src/sslutils/proxy.c +++ b/src/sslutils/proxy.c @@ -128,7 +128,7 @@ int VOMS_WriteProxy(const char *filename, struct VOMSProxy *proxy) } -static void kpcallback(int UNUSED(p), int UNUSED(n), void*) +static void kpcallback(int UNUSED(p), int UNUSED(n), UNUSED(void* v)) { } diff --git a/src/utils/vomsfake.cc b/src/utils/vomsfake.cc index 9059245e..3817bdfe 100644 --- a/src/utils/vomsfake.cc +++ b/src/utils/vomsfake.cc @@ -128,7 +128,7 @@ static int pwstdin_callback(char * buf, int num, UNUSED(int w)) return i; } -static void kpcallback(int p, int UNUSED(n), void*) +static void kpcallback(int p, int UNUSED(n), UNUSED(void* v)) { char c='B'; From b01c8e7d826bd8cfff47e42bb0f6fb8cf0014025 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Mon, 20 Jun 2022 10:48:58 +0200 Subject: [PATCH 35/92] Add BN_GENCB_new/free to the SSL compat layer The two functions have been introduced only in OpenSSL 1.1. Add include guard to the header file. --- src/include/ssl_compat.h | 7 +++++++ src/sslutils/ssl_compat.c | 10 ++++++++++ 2 files changed, 17 insertions(+) diff --git a/src/include/ssl_compat.h b/src/include/ssl_compat.h index ffc69ec8..e1bbaf68 100644 --- a/src/include/ssl_compat.h +++ b/src/include/ssl_compat.h @@ -1,3 +1,6 @@ +#ifndef VOMS_SSL_COMPAT_H +#define VOMS_SSL_COMPAT_H + #include #if OPENSSL_VERSION_NUMBER < 0x10100000L @@ -58,6 +61,8 @@ int (*BIO_meth_get_destroy(BIO_METHOD *biom)) (BIO *); int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *)); long (*BIO_meth_get_callback_ctrl(BIO_METHOD *biom))(BIO *, int, bio_info_cb *); int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, int, bio_info_cb *)); +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); #if OPENSSL_VERSION_NUMBER < 0x10002000L @@ -72,3 +77,5 @@ void X509_get0_signature(const ASN1_BIT_STRING **psig, #endif #endif + +#endif diff --git a/src/sslutils/ssl_compat.c b/src/sslutils/ssl_compat.c index fd039e65..576cb9aa 100644 --- a/src/sslutils/ssl_compat.c +++ b/src/sslutils/ssl_compat.c @@ -342,6 +342,16 @@ int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, i return 1; } +BN_GENCB *BN_GENCB_new(void) +{ + return OPENSSL_malloc(sizeof(BN_GENCB)); +} + +void BN_GENCB_free(BN_GENCB *cb) +{ + OPENSSL_free(cb); +} + #if OPENSSL_VERSION_NUMBER < 0x10002000L int X509_get_signature_nid(const X509 *x) From 7e293ba76063563b72099677594767213f37a93b Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Mon, 20 Jun 2022 11:23:03 +0200 Subject: [PATCH 36/92] Build against the OpenSSL 1.1 API --- configure.ac | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 77c73b9c..0b75342e 100644 --- a/configure.ac +++ b/configure.ac @@ -31,9 +31,7 @@ AC_PROG_YACC AC_PROG_LEX AC_COMPILER -PKG_CHECK_MODULES([OPENSSL], [openssl]) -# AC_OPENSSL - +PKG_CHECK_MODULES([OPENSSL], [openssl], [AC_DEFINE([OPENSSL_API_COMPAT], [10100], [Build against OpenSSL 1.1 API])]) AC_CHECK_HEADER([expat.h], [], From 4695c25e5f3565cd8d1a8eb988cab9615594abb2 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Mon, 20 Jun 2022 16:22:36 +0200 Subject: [PATCH 37/92] Remove support for OpenSSL < 1.0.2 in SSL compat layer --- src/include/ssl_compat.h | 8 -------- src/sslutils/ssl_compat.c | 18 ------------------ 2 files changed, 26 deletions(-) diff --git a/src/include/ssl_compat.h b/src/include/ssl_compat.h index e1bbaf68..b8bcb3ab 100644 --- a/src/include/ssl_compat.h +++ b/src/include/ssl_compat.h @@ -64,14 +64,6 @@ int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, long (*callback_ctrl) (BIO *, i BN_GENCB *BN_GENCB_new(void); void BN_GENCB_free(BN_GENCB *cb); -#if OPENSSL_VERSION_NUMBER < 0x10002000L - -int X509_get_signature_nid(const X509 *x); -void X509_get0_signature(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x); - -#endif - #ifdef __cplusplus } #endif diff --git a/src/sslutils/ssl_compat.c b/src/sslutils/ssl_compat.c index 576cb9aa..041ea859 100644 --- a/src/sslutils/ssl_compat.c +++ b/src/sslutils/ssl_compat.c @@ -352,22 +352,4 @@ void BN_GENCB_free(BN_GENCB *cb) OPENSSL_free(cb); } -#if OPENSSL_VERSION_NUMBER < 0x10002000L - -int X509_get_signature_nid(const X509 *x) -{ - return OBJ_obj2nid(x->sig_alg->algorithm); -} - -void X509_get0_signature(const ASN1_BIT_STRING **psig, - const X509_ALGOR **palg, const X509 *x) -{ - if (psig) - *psig = x->signature; - if (palg) - *palg = x->sig_alg; -} - -#endif - #endif From 82bc76ee3ebe88db82d7e60ee91c40955d7850ea Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Mon, 20 Jun 2022 16:28:10 +0200 Subject: [PATCH 38/92] Manage signature algos more uniformly --- src/ac/write.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/ac/write.c b/src/ac/write.c index 8575e951..783118b7 100644 --- a/src/ac/write.c +++ b/src/ac/write.c @@ -428,11 +428,17 @@ int writeac(X509 *issuerc, STACK_OF(X509) *issuerstack, X509 *holder, EVP_PKEY * } } - alg1 = X509_ALGOR_dup((X509_ALGOR*)X509_get0_tbs_sigalg(issuerc)); { - X509_ALGOR /*const*/* sig_alg; + const X509_ALGOR *sig_alg = X509_get0_tbs_sigalg(issuerc); + alg1 = X509_ALGOR_dup((X509_ALGOR*)sig_alg); // const_cast + } + { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + const +#endif + X509_ALGOR *sig_alg; X509_get0_signature(NULL, &sig_alg, issuerc); - alg2 = X509_ALGOR_dup((X509_ALGOR*)sig_alg); + alg2 = X509_ALGOR_dup((X509_ALGOR*)sig_alg); // possibly const_cast } { From 8dea18f460ee16d20f87a4bc16cd1805540f35c9 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Mon, 20 Jun 2022 16:29:23 +0200 Subject: [PATCH 39/92] Replace deprecated function call --- src/sslutils/proxycertinfo.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/sslutils/proxycertinfo.c b/src/sslutils/proxycertinfo.c index 89fa222f..7dd26a2f 100644 --- a/src/sslutils/proxycertinfo.c +++ b/src/sslutils/proxycertinfo.c @@ -24,6 +24,7 @@ #include "doio.h" #include "proxycertinfo.h" +#include "ssl_compat.h" typedef PROXY_CERT_INFO_EXTENSION PROXYCERTINFO_OLD; @@ -82,7 +83,7 @@ char* PROXYCERTINFO_OLD_i2s(struct v3_ext_method* method, void* ext) output, ( dooid ? oid : ""), ( (pp && pp->policy) ? "\nPolicy Text: " : ""), - ( (pp && pp->policy) ? (char*)ASN1_STRING_data(pp->policy) : ""), + ( (pp && pp->policy) ? (const char*)ASN1_STRING_get0_data(pp->policy) : ""), ( (pp && pp->policy) ? "\n" : "")); free(output); From e8e0875195fb874a69a015130aa04cbf50f030e8 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Mon, 20 Jun 2022 16:29:43 +0200 Subject: [PATCH 40/92] Review flags for compilation with warnings Do not use -ansi, which can be too strict. --- m4/acinclude.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/acinclude.m4 b/m4/acinclude.m4 index 3c349883..001ff33f 100644 --- a/m4/acinclude.m4 +++ b/m4/acinclude.m4 @@ -212,8 +212,8 @@ AC_DEFUN([AC_COMPILER], [ac_with_warnings="no"]) if test "x$ac_with_warnings" = "xyes" ; then - CFLAGS="-g -O0 -Wall -ansi -W $CFLAGS" - CXXFLAGS="-g -O0 -Wall -ansi -W $CXXFLAGS" + CFLAGS="$CFLAGS -Wall -Wextra" + CXXFLAGS="$CXXFLAGS -Wall -Wextra" fi ]) From d055619767191f836cca8b7642771498a2f4d1b3 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 25 Nov 2022 17:08:07 +0100 Subject: [PATCH 41/92] Add support for centos7 and centos9 devcontainers --- .devcontainer/Dockerfile-centos7 | 7 + .devcontainer/Dockerfile-centos9 | 7 + .devcontainer/devcontainer.json | 40 ++ .devcontainer/docker-compose.yml | 38 ++ .../library-scripts/add-deps-redhat.sh | 43 +++ .../library-scripts/add-repos-redhat.sh | 18 + .../library-scripts/common-redhat.sh | 355 ++++++++++++++++++ docker-compose.yml | 1 + 8 files changed, 509 insertions(+) create mode 100644 .devcontainer/Dockerfile-centos7 create mode 100644 .devcontainer/Dockerfile-centos9 create mode 100644 .devcontainer/devcontainer.json create mode 100644 .devcontainer/docker-compose.yml create mode 100644 .devcontainer/library-scripts/add-deps-redhat.sh create mode 100644 .devcontainer/library-scripts/add-repos-redhat.sh create mode 100644 .devcontainer/library-scripts/common-redhat.sh create mode 100644 docker-compose.yml diff --git a/.devcontainer/Dockerfile-centos7 b/.devcontainer/Dockerfile-centos7 new file mode 100644 index 00000000..b581b913 --- /dev/null +++ b/.devcontainer/Dockerfile-centos7 @@ -0,0 +1,7 @@ +FROM centos:7 + +COPY library-scripts/*.sh /tmp/library-scripts/ +RUN \ + bash /tmp/library-scripts/add-repos-redhat.sh && \ + bash /tmp/library-scripts/common-redhat.sh false automatic automatic automatic true false && \ + bash /tmp/library-scripts/add-deps-redhat.sh diff --git a/.devcontainer/Dockerfile-centos9 b/.devcontainer/Dockerfile-centos9 new file mode 100644 index 00000000..f799654e --- /dev/null +++ b/.devcontainer/Dockerfile-centos9 @@ -0,0 +1,7 @@ +FROM quay.io/centos/centos:stream9 + +COPY library-scripts/*.sh /tmp/library-scripts/ +RUN \ + bash /tmp/library-scripts/add-repos-redhat.sh && \ + bash /tmp/library-scripts/common-redhat.sh false automatic automatic automatic true false && \ + bash /tmp/library-scripts/add-deps-redhat.sh diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 00000000..5c15e705 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,40 @@ +// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at: +// https://github.com/microsoft/vscode-dev-containers/tree/v0.245.2/containers/docker-existing-docker-compose +// If you want to run as a non-root user in the container, see .devcontainer/docker-compose.yml. +{ + "name": "VOMS Devel", + + // Update the 'dockerComposeFile' list if you have more compose files or use different names. + // The .devcontainer/docker-compose.yml file contains any overrides you need/want to make. + "dockerComposeFile": [ + "../docker-compose.yml", + "docker-compose.yml" + ], + + // The 'service' property is the name of the service for the container that VS Code should + // use. Update this value and .devcontainer/docker-compose.yml to the real service name. + "service": "container-centos7", + + // Uncomment the next line if you want start specific services in your Docker Compose config. + "runServices": ["container-centos7"], + + // The optional 'workspaceFolder' property is the path VS Code should open by default when + // connected. This is typically a file mount in .devcontainer/docker-compose.yml + "workspaceFolder": "/workspace", + + "extensions": [ + "ms-vscode.cpptools", "eamodio.gitlens" + ], + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + + // Uncomment the next line if you want to keep your containers running after VS Code shuts down. + // "shutdownAction": "none", + + // Uncomment the next line to run commands after the container is created - for example installing curl. + // "postCreateCommand": "apt-get update && apt-get install -y curl", + + // Uncomment to connect as a non-root user if you've added one. See https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode" +} diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml new file mode 100644 index 00000000..06be90fa --- /dev/null +++ b/.devcontainer/docker-compose.yml @@ -0,0 +1,38 @@ + +services: + + container-centos9: + + build: + context: .devcontainer + dockerfile: Dockerfile-centos9 + + volumes: + - .:/workspace:cached + + cap_add: + - SYS_PTRACE + security_opt: + - seccomp:unconfined + + command: sleep infinity + + init: true + + container-centos7: + + build: + context: .devcontainer + dockerfile: Dockerfile-centos7 + + volumes: + - .:/workspace:cached + + cap_add: + - SYS_PTRACE + security_opt: + - seccomp:unconfined + + command: sleep infinity + + init: true diff --git a/.devcontainer/library-scripts/add-deps-redhat.sh b/.devcontainer/library-scripts/add-deps-redhat.sh new file mode 100644 index 00000000..8a594de5 --- /dev/null +++ b/.devcontainer/library-scripts/add-deps-redhat.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +# +# Copyright (c) Istituto Nazionale di Fisica Nucleare +# Licensed under the EUPL +# +# Syntax: ./add-deps-redhat.sh [install doc tools] + +set -e + +. /etc/os-release + +INSTALL_DOC_TOOLS=${1:-"false"} + +package_list="\ + file \ + gdb \ + expat-devel \ + autoconf \ + automake \ + make \ + libtool \ + openssl-devel \ + gsoap-devel \ + bison \ + gcc-c++" + +if ! type git > /dev/null 2>&1; then + if [ "${ID}" = "centos" ] && [ "${VERSION_ID}" = "7" ]; then + package_list="${package_list} git236" + else + package_list="${package_list} git" + fi +fi + + +if [ ${INSTALL_DOC_TOOLS} = "true" ]; then + package_list="${package_list} \ + libxslt \ + docbook-style-xsl \ + doxygen" +fi + +yum install -y ${package_list} diff --git a/.devcontainer/library-scripts/add-repos-redhat.sh b/.devcontainer/library-scripts/add-repos-redhat.sh new file mode 100644 index 00000000..68b78163 --- /dev/null +++ b/.devcontainer/library-scripts/add-repos-redhat.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +# +# Copyright (c) Istituto Nazionale di Fisica Nucleare +# Licensed under the EUPL +# +# Syntax: ./add-repos-redhat.sh + +set -e + +. /etc/os-release + +repo_list="epel-release" + +if [ "${ID}" = "centos" ] && [ "${VERSION_ID}" = "7" ]; then + repo_list="${repo_list} https://repo.ius.io/ius-release-el7.rpm" +fi + +yum install -y ${repo_list} diff --git a/.devcontainer/library-scripts/common-redhat.sh b/.devcontainer/library-scripts/common-redhat.sh new file mode 100644 index 00000000..3f9150da --- /dev/null +++ b/.devcontainer/library-scripts/common-redhat.sh @@ -0,0 +1,355 @@ +#!/usr/bin/env bash +#------------------------------------------------------------------------------------------------------------- +# Copyright (c) Microsoft Corporation. All rights reserved. +# Licensed under the MIT License. See https://go.microsoft.com/fwlink/?linkid=2090316 for license information. +#------------------------------------------------------------------------------------------------------------- +# +# ** This script is community supported ** +# Docs: https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/common.md +# Maintainer: The VS Code and Codespaces Teams +# +# Syntax: ./common-redhat.sh [install zsh flag] [username] [user UID] [user GID] [upgrade packages flag] [install Oh My Zsh! flag] + +set -e + +INSTALL_ZSH=${1:-"true"} +USERNAME=${2:-"automatic"} +USER_UID=${3:-"automatic"} +USER_GID=${4:-"automatic"} +UPGRADE_PACKAGES=${5:-"true"} +INSTALL_OH_MYS=${6:-"true"} +SCRIPT_DIR="$(cd $(dirname "${BASH_SOURCE[0]}") && pwd)" +MARKER_FILE="/usr/local/etc/vscode-dev-containers/common" + +if [ "$(id -u)" -ne 0 ]; then + echo -e 'Script must be run as root. Use sudo, su, or add "USER root" to your Dockerfile before running this script.' + exit 1 +fi + +# Ensure that login shells get the correct path if the user updated the PATH using ENV. +rm -f /etc/profile.d/00-restore-env.sh +echo "export PATH=${PATH//$(sh -lc 'echo $PATH')/\$PATH}" > /etc/profile.d/00-restore-env.sh +chmod +x /etc/profile.d/00-restore-env.sh + +# If in automatic mode, determine if a user already exists, if not use vscode +if [ "${USERNAME}" = "auto" ] || [ "${USERNAME}" = "automatic" ]; then + USERNAME="" + POSSIBLE_USERS=("vscode" "node" "codespace" "$(awk -v val=1000 -F ":" '$3==val{print $1}' /etc/passwd)") + for CURRENT_USER in ${POSSIBLE_USERS[@]}; do + if id -u ${CURRENT_USER} > /dev/null 2>&1; then + USERNAME=${CURRENT_USER} + break + fi + done + if [ "${USERNAME}" = "" ]; then + USERNAME=vscode + fi +elif [ "${USERNAME}" = "none" ]; then + USERNAME=root + USER_UID=0 + USER_GID=0 +fi + +# Load markers to see which steps have already run +if [ -f "${MARKER_FILE}" ]; then + echo "Marker file found:" + cat "${MARKER_FILE}" + source "${MARKER_FILE}" +fi + +# Install common dependencies +if [ "${PACKAGES_ALREADY_INSTALLED}" != "true" ]; then + + package_list="\ + openssh-clients \ + gnupg2 \ + iproute \ + procps \ + lsof \ + net-tools \ + psmisc \ + wget \ + ca-certificates \ + rsync \ + unzip \ + zip \ + nano \ + vim-minimal \ + less \ + jq \ + openssl-libs \ + krb5-libs \ + libicu \ + zlib \ + sudo \ + sed \ + grep \ + which \ + man-db \ + strace" + + # Install OpenSSL 1.0 compat if needed + if yum -q list compat-openssl10 >/dev/null 2>&1; then + package_list="${package_list} compat-openssl10" + fi + + yum -y install ${package_list} + + if ! type curl > /dev/null 2>&1; then + yum -y install curl + fi + + PACKAGES_ALREADY_INSTALLED="true" +fi + +# Update to latest versions of packages +if [ "${UPGRADE_PACKAGES}" = "true" ]; then + yum upgrade -y +fi + +# Create or update a non-root user to match UID/GID. +group_name="${USERNAME}" +if id -u ${USERNAME} > /dev/null 2>&1; then + # User exists, update if needed + if [ "${USER_GID}" != "automatic" ] && [ "$USER_GID" != "$(id -g $USERNAME)" ]; then + group_name="$(id -gn $USERNAME)" + groupmod --gid $USER_GID ${group_name} + usermod --gid $USER_GID $USERNAME + fi + if [ "${USER_UID}" != "automatic" ] && [ "$USER_UID" != "$(id -u $USERNAME)" ]; then + usermod --uid $USER_UID $USERNAME + fi +else + # Create user + if [ "${USER_GID}" = "automatic" ]; then + groupadd $USERNAME + else + groupadd --gid $USER_GID $USERNAME + fi + if [ "${USER_UID}" = "automatic" ]; then + useradd -s /bin/bash --gid $USERNAME -m $USERNAME + else + useradd -s /bin/bash --uid $USER_UID --gid $USERNAME -m $USERNAME + fi +fi + +# Add sudo support for non-root user +if [ "${USERNAME}" != "root" ] && [ "${EXISTING_NON_ROOT_USER}" != "${USERNAME}" ]; then + echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME + chmod 0440 /etc/sudoers.d/$USERNAME + EXISTING_NON_ROOT_USER="${USERNAME}" +fi + +# ** Shell customization section ** +if [ "${USERNAME}" = "root" ]; then + user_rc_path="/root" +else + user_rc_path="/home/${USERNAME}" +fi + +# .bashrc/.zshrc snippet +rc_snippet="$(cat << 'EOF' + +if [ -z "${USER}" ]; then export USER=$(whoami); fi +if [[ "${PATH}" != *"$HOME/.local/bin"* ]]; then export PATH="${PATH}:$HOME/.local/bin"; fi + +# Display optional first run image specific notice if configured and terminal is interactive +if [ -t 1 ] && [[ "${TERM_PROGRAM}" = "vscode" || "${TERM_PROGRAM}" = "codespaces" ]] && [ ! -f "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed" ]; then + if [ -f "/usr/local/etc/vscode-dev-containers/first-run-notice.txt" ]; then + cat "/usr/local/etc/vscode-dev-containers/first-run-notice.txt" + elif [ -f "/workspaces/.codespaces/shared/first-run-notice.txt" ]; then + cat "/workspaces/.codespaces/shared/first-run-notice.txt" + fi + mkdir -p $HOME/.config/vscode-dev-containers + # Mark first run notice as displayed after 10s to avoid problems with fast terminal refreshes hiding it + ((sleep 10s; touch "$HOME/.config/vscode-dev-containers/first-run-notice-already-displayed") &) +fi + +# Set the default git editor if not already set +if [ -z "$(git config --get core.editor)" ] && [ -z "${GIT_EDITOR}" ]; then + if [ "${TERM_PROGRAM}" = "vscode" ]; then + if [[ -n $(command -v code-insiders) && -z $(command -v code) ]]; then + export GIT_EDITOR="code-insiders --wait" + else + export GIT_EDITOR="code --wait" + fi + fi +fi + +EOF +)" + +# code shim, it fallbacks to code-insiders if code is not available +cat << 'EOF' > /usr/local/bin/code +#!/bin/sh + +get_in_path_except_current() { + which -a "$1" | grep -A1 "$0" | grep -v "$0" +} + +code="$(get_in_path_except_current code)" + +if [ -n "$code" ]; then + exec "$code" "$@" +elif [ "$(command -v code-insiders)" ]; then + exec code-insiders "$@" +else + echo "code or code-insiders is not installed" >&2 + exit 127 +fi +EOF +chmod +x /usr/local/bin/code + +# Codespaces bash and OMZ themes - partly inspired by https://github.com/ohmyzsh/ohmyzsh/blob/master/themes/robbyrussell.zsh-theme +codespaces_bash="$(cat \ +<<'EOF' + +# Codespaces bash prompt theme +__bash_prompt() { + local userpart='`export XIT=$? \ + && [ ! -z "${GITHUB_USER}" ] && echo -n "\[\033[0;32m\]@${GITHUB_USER} " || echo -n "\[\033[0;32m\]\u " \ + && [ "$XIT" -ne "0" ] && echo -n "\[\033[1;31m\]➜" || echo -n "\[\033[0m\]➜"`' + local gitbranch='`\ + if [ "$(git config --get codespaces-theme.hide-status 2>/dev/null)" != 1 ]; then \ + export BRANCH=$(git symbolic-ref --short HEAD 2>/dev/null || git rev-parse --short HEAD 2>/dev/null); \ + if [ "${BRANCH}" != "" ]; then \ + echo -n "\[\033[0;36m\](\[\033[1;31m\]${BRANCH}" \ + && if git ls-files --error-unmatch -m --directory --no-empty-directory -o --exclude-standard ":/*" > /dev/null 2>&1; then \ + echo -n " \[\033[1;33m\]✗"; \ + fi \ + && echo -n "\[\033[0;36m\]) "; \ + fi; \ + fi`' + local lightblue='\[\033[1;34m\]' + local removecolor='\[\033[0m\]' + PS1="${userpart} ${lightblue}\w ${gitbranch}${removecolor}\$ " + unset -f __bash_prompt +} +__bash_prompt + +EOF +)" + +codespaces_zsh="$(cat \ +<<'EOF' +# Codespaces zsh prompt theme +__zsh_prompt() { + local prompt_username + if [ ! -z "${GITHUB_USER}" ]; then + prompt_username="@${GITHUB_USER}" + else + prompt_username="%n" + fi + PROMPT="%{$fg[green]%}${prompt_username} %(?:%{$reset_color%}➜ :%{$fg_bold[red]%}➜ )" # User/exit code arrow + PROMPT+='%{$fg_bold[blue]%}%(5~|%-1~/…/%3~|%4~)%{$reset_color%} ' # cwd + PROMPT+='$([ "$(git config --get codespaces-theme.hide-status 2>/dev/null)" != 1 ] && git_prompt_info)' # Git status + PROMPT+='%{$fg[white]%}$ %{$reset_color%}' + unset -f __zsh_prompt +} +ZSH_THEME_GIT_PROMPT_PREFIX="%{$fg_bold[cyan]%}(%{$fg_bold[red]%}" +ZSH_THEME_GIT_PROMPT_SUFFIX="%{$reset_color%} " +ZSH_THEME_GIT_PROMPT_DIRTY=" %{$fg_bold[yellow]%}✗%{$fg_bold[cyan]%})" +ZSH_THEME_GIT_PROMPT_CLEAN="%{$fg_bold[cyan]%})" +__zsh_prompt + +EOF +)" + +# Add RC snippet and custom bash prompt +if [ "${RC_SNIPPET_ALREADY_ADDED}" != "true" ]; then + echo "${rc_snippet}" >> /etc/bashrc + echo "${codespaces_bash}" >> "${user_rc_path}/.bashrc" + if [ "${USERNAME}" != "root" ]; then + echo "${codespaces_bash}" >> "/root/.bashrc" + fi + chown ${USERNAME}:${group_name} "${user_rc_path}/.bashrc" + RC_SNIPPET_ALREADY_ADDED="true" +fi + +# Optionally install and configure zsh and Oh My Zsh! +if [ "${INSTALL_ZSH}" = "true" ]; then + if ! type zsh > /dev/null 2>&1; then + yum install -y zsh + fi + if [ "${ZSH_ALREADY_INSTALLED}" != "true" ]; then + echo "${rc_snippet}" >> /etc/zshrc + ZSH_ALREADY_INSTALLED="true" + fi + + # Adapted, simplified inline Oh My Zsh! install steps that adds, defaults to a codespaces theme. + # See https://github.com/ohmyzsh/ohmyzsh/blob/master/tools/install.sh for official script. + oh_my_install_dir="${user_rc_path}/.oh-my-zsh" + if [ ! -d "${oh_my_install_dir}" ] && [ "${INSTALL_OH_MYS}" = "true" ]; then + template_path="${oh_my_install_dir}/templates/zshrc.zsh-template" + user_rc_file="${user_rc_path}/.zshrc" + umask g-w,o-w + mkdir -p ${oh_my_install_dir} + git clone --depth=1 \ + -c core.eol=lf \ + -c core.autocrlf=false \ + -c fsck.zeroPaddedFilemode=ignore \ + -c fetch.fsck.zeroPaddedFilemode=ignore \ + -c receive.fsck.zeroPaddedFilemode=ignore \ + "https://github.com/ohmyzsh/ohmyzsh" "${oh_my_install_dir}" 2>&1 + echo -e "$(cat "${template_path}")\nDISABLE_AUTO_UPDATE=true\nDISABLE_UPDATE_PROMPT=true" > ${user_rc_file} + sed -i -e 's/ZSH_THEME=.*/ZSH_THEME="codespaces"/g' ${user_rc_file} + mkdir -p ${oh_my_install_dir}/custom/themes + echo "${codespaces_zsh}" > "${oh_my_install_dir}/custom/themes/codespaces.zsh-theme" + # Shrink git while still enabling updates + cd "${oh_my_install_dir}" + git repack -a -d -f --depth=1 --window=1 + # Copy to non-root user if one is specified + if [ "${USERNAME}" != "root" ]; then + cp -rf "${user_rc_file}" "${oh_my_install_dir}" /root + chown -R ${USERNAME}:${group_name} "${user_rc_path}" + fi + fi +fi + +# Persist image metadata info, script if meta.env found in same directory +meta_info_script="$(cat << 'EOF' +#!/bin/sh +. /usr/local/etc/vscode-dev-containers/meta.env + +# Minimal output +if [ "$1" = "version" ] || [ "$1" = "image-version" ]; then + echo "${VERSION}" + exit 0 +elif [ "$1" = "release" ]; then + echo "${GIT_REPOSITORY_RELEASE}" + exit 0 +elif [ "$1" = "content" ] || [ "$1" = "content-url" ] || [ "$1" = "contents" ] || [ "$1" = "contents-url" ]; then + echo "${CONTENTS_URL}" + exit 0 +fi + +#Full output +echo +echo "Development container image information" +echo +if [ ! -z "${VERSION}" ]; then echo "- Image version: ${VERSION}"; fi +if [ ! -z "${DEFINITION_ID}" ]; then echo "- Definition ID: ${DEFINITION_ID}"; fi +if [ ! -z "${VARIANT}" ]; then echo "- Variant: ${VARIANT}"; fi +if [ ! -z "${GIT_REPOSITORY}" ]; then echo "- Source code repository: ${GIT_REPOSITORY}"; fi +if [ ! -z "${GIT_REPOSITORY_RELEASE}" ]; then echo "- Source code release/branch: ${GIT_REPOSITORY_RELEASE}"; fi +if [ ! -z "${BUILD_TIMESTAMP}" ]; then echo "- Timestamp: ${BUILD_TIMESTAMP}"; fi +if [ ! -z "${CONTENTS_URL}" ]; then echo && echo "More info: ${CONTENTS_URL}"; fi +echo +EOF +)" +if [ -f "${SCRIPT_DIR}/meta.env" ]; then + mkdir -p /usr/local/etc/vscode-dev-containers/ + cp -f "${SCRIPT_DIR}/meta.env" /usr/local/etc/vscode-dev-containers/meta.env + echo "${meta_info_script}" > /usr/local/bin/devcontainer-info + chmod +x /usr/local/bin/devcontainer-info +fi + +# Write marker file +mkdir -p "$(dirname "${MARKER_FILE}")" +echo -e "\ + PACKAGES_ALREADY_INSTALLED=${PACKAGES_ALREADY_INSTALLED}\n\ + EXISTING_NON_ROOT_USER=${EXISTING_NON_ROOT_USER}\n\ + RC_SNIPPET_ALREADY_ADDED=${RC_SNIPPET_ALREADY_ADDED}\n\ + ZSH_ALREADY_INSTALLED=${ZSH_ALREADY_INSTALLED}" > "${MARKER_FILE}" + +echo "Done!" diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 00000000..6bdf591f --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1 @@ +version: '3' From 08e8041c0b62cc878fff0635dc0efbab65290fbb Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Thu, 1 Dec 2022 16:34:52 +0100 Subject: [PATCH 42/92] Declare fields of AC_TARGET as optional Only one of name, group and cert is allowed. According to RFC 3281, the AC target should be a choice between the three fields, but apparently VOMS traditionally implements it as three optional fields. The change fixes the parsing on the client side. How the server behaves needs to be checked. Fix #102 --- src/ac/newformat.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/ac/newformat.c b/src/ac/newformat.c index 7c593085..6b7dd8e9 100644 --- a/src/ac/newformat.c +++ b/src/ac/newformat.c @@ -101,9 +101,9 @@ ASN1_SEQUENCE(AC_IETFATTR) = { IMPLEMENT_ASN1_FUNCTIONS(AC_IETFATTR) ASN1_SEQUENCE(AC_TARGET) = { - ASN1_EXP(AC_TARGET, name, GENERAL_NAME, 0), - ASN1_EXP(AC_TARGET, group, GENERAL_NAME, 1), - ASN1_EXP(AC_TARGET, cert, AC_IS, 2), + ASN1_EXP_OPT(AC_TARGET, name, GENERAL_NAME, 0), + ASN1_EXP_OPT(AC_TARGET, group, GENERAL_NAME, 1), + ASN1_EXP_OPT(AC_TARGET, cert, AC_IS, 2), } ASN1_SEQUENCE_END(AC_TARGET) IMPLEMENT_ASN1_FUNCTIONS(AC_TARGET) From 27a2ef75bcf3ae967fc69aac8f48ac348424673f Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Thu, 1 Dec 2022 18:33:06 +0100 Subject: [PATCH 43/92] Add trustanchors to docker compose --- .devcontainer/docker-compose.yml | 2 ++ docker-compose.yml | 17 ++++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml index 06be90fa..58ff8854 100644 --- a/.devcontainer/docker-compose.yml +++ b/.devcontainer/docker-compose.yml @@ -8,6 +8,7 @@ services: dockerfile: Dockerfile-centos9 volumes: + - trustanchors:/etc/grid-security/certificates - .:/workspace:cached cap_add: @@ -26,6 +27,7 @@ services: dockerfile: Dockerfile-centos7 volumes: + - trustanchors:/etc/grid-security/certificates - .:/workspace:cached cap_add: diff --git a/docker-compose.yml b/docker-compose.yml index 6bdf591f..057c7daf 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1 +1,16 @@ -version: '3' +volumes: + trustanchors: + cabundle: + +services: + trust: + image: indigoiam/egi-trustanchors + + volumes: + - trustanchors:/tmp/certificates + - cabundle:/tmp/pki + + environment: + FORCE_TRUST_ANCHORS_UPDATE: 1 + TRUST_ANCHORS_TARGET: /tmp/certificates + CA_BUNDLE_TARGET: /tmp/pki From 5c022c1d5fecd1a844b55f11acd4b410170acdd3 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 30 Dec 2022 12:26:05 +0100 Subject: [PATCH 44/92] Include config.h early in the build Otherwise OPENSSL_COMPAT_API is defined by OpenSSL before we have the chance to do it. --- src/api/ccapi/voms_api.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/api/ccapi/voms_api.h b/src/api/ccapi/voms_api.h index 7a272cd4..0cb4e15b 100644 --- a/src/api/ccapi/voms_api.h +++ b/src/api/ccapi/voms_api.h @@ -26,6 +26,8 @@ #ifndef VOMS_API_H #define VOMS_API_H +#include "config.h" + #include #include #include From dc62d0d8c539c64988355cfe11639b91d220298a Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 30 Dec 2022 12:28:00 +0100 Subject: [PATCH 45/92] Add an action to build on multiple plaforms (wip) Corresponding to the various supported OpenSSL versions: 1.0, 1.1, 3.0. --- .github/workflows/ci.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..87e9afdf --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,22 @@ +name: CI + +on: + pull_request: + push: + +jobs: + + centos7: + runs-on: ubuntu-latest + container: centos/centos:7 + steps: + - uses: actions/checkout@v3 + + - name: Install packages + run: yum install -y make automake libtool gcc-c++ openssl-devel gsoap-devel bison + + - name: Build + run: | + ./autogen + ./configure + make From 9debd9ab33bf6eeb5926f7fb478b11bef4208b46 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 30 Dec 2022 12:41:14 +0100 Subject: [PATCH 46/92] Remove previous CI workflow --- .github/workflows/centos7-build.yml | 33 ----------------------------- 1 file changed, 33 deletions(-) delete mode 100644 .github/workflows/centos7-build.yml diff --git a/.github/workflows/centos7-build.yml b/.github/workflows/centos7-build.yml deleted file mode 100644 index 213ec7bf..00000000 --- a/.github/workflows/centos7-build.yml +++ /dev/null @@ -1,33 +0,0 @@ -# -# Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2020 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -name: CENTOS 7 build - -on: - push: - branches: '*' - pull_request: - branches: [ master ] - -jobs: - build: - runs-on: ubuntu-latest - container: italiangrid/voms-build-centos7 - - steps: - - uses: actions/checkout@v2 - - name: Build - run: ./autogen.sh && ./configure && make && make install From bd895f0e6efdaf225c125f8247f29a30476bb0de Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 30 Dec 2022 12:41:30 +0100 Subject: [PATCH 47/92] Fix centos7 image name --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 87e9afdf..0c3c9a29 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,7 +8,7 @@ jobs: centos7: runs-on: ubuntu-latest - container: centos/centos:7 + container: centos/centos7 steps: - uses: actions/checkout@v3 From 6b34d2fcc8a9caf40395c29dd8f227ec71311133 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 30 Dec 2022 12:43:40 +0100 Subject: [PATCH 48/92] Fix centos7 image name --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0c3c9a29..6572590a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,7 +8,7 @@ jobs: centos7: runs-on: ubuntu-latest - container: centos/centos7 + container: centos:centos7 steps: - uses: actions/checkout@v3 From a5229275dc7f227e87df2ff923dee2041c0e3849 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 30 Dec 2022 12:45:24 +0100 Subject: [PATCH 49/92] Fix build instructions --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6572590a..f47c25fc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,6 +17,6 @@ jobs: - name: Build run: | - ./autogen + ./autogen.sh ./configure make From 41b00f43ca332739a3b314b8a1cf58491db8fb2e Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 30 Dec 2022 12:50:38 +0100 Subject: [PATCH 50/92] Fix depedencies --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f47c25fc..42aa8139 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v3 - name: Install packages - run: yum install -y make automake libtool gcc-c++ openssl-devel gsoap-devel bison + run: yum install -y make automake libtool gcc-c++ openssl-devel gsoap-devel expat-devel bison - name: Build run: | From d4748a599ec90142aa32f05ff1bf20c690de02ac Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 30 Dec 2022 13:07:15 +0100 Subject: [PATCH 51/92] Fix depedencies --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 42aa8139..5950a88b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,7 +13,9 @@ jobs: - uses: actions/checkout@v3 - name: Install packages - run: yum install -y make automake libtool gcc-c++ openssl-devel gsoap-devel expat-devel bison + run: | + yum install epel-release + yum install -y make file automake libtool gcc-c++ openssl-devel gsoap-devel gsoap expat-devel bison - name: Build run: | From 5e3bdc78eae096c336e42d66a5dcc67f822b266d Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 30 Dec 2022 13:09:05 +0100 Subject: [PATCH 52/92] Fix depedencies --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5950a88b..f8a7bfc8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ jobs: - name: Install packages run: | - yum install epel-release + yum install -y epel-release yum install -y make file automake libtool gcc-c++ openssl-devel gsoap-devel gsoap expat-devel bison - name: Build From 845260c1df62fb8304bbe8195e04cbc91a012f2f Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 30 Dec 2022 13:20:09 +0100 Subject: [PATCH 53/92] Add CI for CentOS 9 Stream --- .github/workflows/ci.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f8a7bfc8..ee365686 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,3 +22,20 @@ jobs: ./autogen.sh ./configure make + + centos9: + runs-on: ubuntu-latest + container: quay.io/centos/centos:stream9 + steps: + - uses: actions/checkout@v3 + + - name: Install packages + run: | + yum install -y epel-release + yum install -y make file automake libtool gcc-c++ openssl-devel gsoap-devel gsoap expat-devel bison + + - name: Build + run: | + ./autogen.sh + ./configure + make From 000a51b9375bb711e559fab636fdef5e72d596ba Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 30 Dec 2022 13:33:40 +0100 Subject: [PATCH 54/92] Add CI for Ubuntu 20.04 (OpenSSL 1.1) --- .github/workflows/ci.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ee365686..98d92894 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -39,3 +39,19 @@ jobs: ./autogen.sh ./configure make + + ubuntu2004: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + + - name: Install packages + run: | + apt update + apt install make automake libtool pkg-config g++ libssl-dev libgsoap-dev gsoap libexpat-dev + + - name: Build + run: | + ./autogen.sh + ./configure + make From 7006cdccb46d22402b8a0d2807a4e4bb0d471f7d Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 30 Dec 2022 13:35:37 +0100 Subject: [PATCH 55/92] Run apt as sudo --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 98d92894..82d89e5a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -47,8 +47,8 @@ jobs: - name: Install packages run: | - apt update - apt install make automake libtool pkg-config g++ libssl-dev libgsoap-dev gsoap libexpat-dev + sudo apt update + sudo apt install make automake libtool pkg-config g++ libssl-dev libgsoap-dev gsoap libexpat-dev - name: Build run: | From a54a62a4e1a4e6bd34284a5de44550979f3155ec Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Mon, 2 Jan 2023 07:46:32 +0100 Subject: [PATCH 56/92] Catch exception by reference --- src/common/options.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/options.cc b/src/common/options.cc index 027644a0..d700950f 100644 --- a/src/common/options.cc +++ b/src/common/options.cc @@ -198,7 +198,7 @@ getopts(int argc, char * const argv[], struct option *longopts) try { opts = new struct option[num+1]; - } catch ( std::bad_alloc) { + } catch (std::bad_alloc &e) { return false; } From b3cc395eddfc0583bba0e2d302230ebe8770599d Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Mon, 2 Jan 2023 12:51:26 +0100 Subject: [PATCH 57/92] Fix warning about possible use after free Fix also a warning about an unused variable. This piece of code can probably go away, but let's just fix the warning for the time being. --- src/sslutils/sslutils.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/sslutils/sslutils.c b/src/sslutils/sslutils.c index 6bac77ea..8b0f4c46 100644 --- a/src/sslutils/sslutils.c +++ b/src/sslutils/sslutils.c @@ -455,7 +455,7 @@ ERR_load_prxyerr_strings( #else char * randfile; #endif -#if SSLEAY_VERSION_NUMBER >= 0x0090581fL +#if SSLEAY_VERSION_NUMBER >= 0x0090581fL && !defined(OPENSSL_NO_EGD) char * egd_path; #endif char buffer[200]; @@ -2703,8 +2703,14 @@ proxy_get_filenames( } } - else - strcpy(default_user_cert, certname); + else { + default_user_cert = strndup(certname, strlen(certname)); + + if (!default_user_cert) { + PRXYerr(PRXYERR_F_INIT_CRED, PRXYERR_R_OUT_OF_MEMORY); + goto err; + } + } default_user_key = strndup(default_user_cert, strlen(default_user_cert)); From 77020a5574bfdbdcdebe03a3ee5d3d3f99563c03 Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Mon, 2 Jan 2023 12:53:26 +0100 Subject: [PATCH 58/92] Fix doxygen warning About a documented return type for a function that does not return anything. --- src/api/ccapi/voms_apic.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/api/ccapi/voms_apic.h b/src/api/ccapi/voms_apic.h index 88078034..a3551f48 100644 --- a/src/api/ccapi/voms_apic.h +++ b/src/api/ccapi/voms_apic.h @@ -205,8 +205,7 @@ extern struct contactdata **VOMS_FindByVO(struct vomsdata *vd, char *vo, extern void VOMS_DeleteContacts(struct contactdata **list); /*!< Frees a contactdata vector. - \param list The vector to free. - \return NONE */ + \param list The vector to free.*/ extern struct vomsdata *VOMS_Init(char *voms, char *cert); /*!< Initializes a vomsdata structure for use by the other functions. N.B: This is the ONLY way to correctly initialize a vomsdata structure. It From bda11dca2561d937f0452d710a0c6755e9b92c6d Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Mon, 2 Jan 2023 13:08:28 +0100 Subject: [PATCH 59/92] Fix warning about possible string truncation This is a false positive, since the source is an 8-byte hash and is copied into an 8-byte substring. memcpy is a better fit anyway. --- src/sslutils/evaluate.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/sslutils/evaluate.c b/src/sslutils/evaluate.c index 09b8ba47..9c03fdc7 100644 --- a/src/sslutils/evaluate.c +++ b/src/sslutils/evaluate.c @@ -353,8 +353,8 @@ void PRIVATE read_pathrestriction(STACK_OF(X509) *chain, char *path, hash = gethash(cert, hashed); /* Determine file names */ - strncpy(signing + 1, hash, 8); - strncpy(namespace + 1, hash, 8); + memcpy(signing + 1, hash, 8); + memcpy(namespace + 1, hash, 8); file = open_from_dir(path, signing); if (file) { From 25dfdfc41b9dafdbe3b140d7b9f4ef61c7cd57ac Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Mon, 2 Jan 2023 13:41:19 +0100 Subject: [PATCH 60/92] config.h must not be included in public header file This reverts 5c022c1 --- src/api/ccapi/voms_api.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/api/ccapi/voms_api.h b/src/api/ccapi/voms_api.h index 0cb4e15b..7a272cd4 100644 --- a/src/api/ccapi/voms_api.h +++ b/src/api/ccapi/voms_api.h @@ -26,8 +26,6 @@ #ifndef VOMS_API_H #define VOMS_API_H -#include "config.h" - #include #include #include From b7a926e38db6b883f012c39ebcb10b4ee20912cc Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Mon, 2 Jan 2023 13:42:26 +0100 Subject: [PATCH 61/92] Include config.h before other header files This is an alternative (and not wrong) solution to commit 5c022c1 to define the macro OPENSSL_COMPAT_API before OpenSSL does it. --- src/api/ccapi/api_util.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/api/ccapi/api_util.cc b/src/api/ccapi/api_util.cc index e023cfc0..848bfbdc 100644 --- a/src/api/ccapi/api_util.cc +++ b/src/api/ccapi/api_util.cc @@ -23,10 +23,10 @@ * *********************************************************************/ +#include "config.h" #include "api_util.h" extern "C" { -#include "config.h" #include "replace.h" #include From 0d6d98cf444ba12418a03419852edf4560988c58 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Sun, 8 Jan 2023 20:07:36 +0100 Subject: [PATCH 62/92] Compile and link libvomsapi with proper thread flags --- .gitignore | 1 + configure.ac | 2 + m4/ax_pthread.m4 | 522 ++++++++++++++++++++++++++++++++++++++ src/api/ccapi/Makefile.am | 2 + 4 files changed, 527 insertions(+) create mode 100644 m4/ax_pthread.m4 diff --git a/.gitignore b/.gitignore index fa51e160..a033402a 100644 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,7 @@ Makefile.in Makefile /aux /m4/* +!/m4/ax_pthread.m4 !/m4/glite.m4 !/m4/voms.m4 !/m4/wsdl2h.m4 diff --git a/configure.ac b/configure.ac index 0b75342e..2899f717 100644 --- a/configure.ac +++ b/configure.ac @@ -31,6 +31,8 @@ AC_PROG_YACC AC_PROG_LEX AC_COMPILER +AX_PTHREAD + PKG_CHECK_MODULES([OPENSSL], [openssl], [AC_DEFINE([OPENSSL_API_COMPAT], [10100], [Build against OpenSSL 1.1 API])]) AC_CHECK_HEADER([expat.h], diff --git a/m4/ax_pthread.m4 b/m4/ax_pthread.m4 new file mode 100644 index 00000000..9f35d139 --- /dev/null +++ b/m4/ax_pthread.m4 @@ -0,0 +1,522 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_pthread.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) +# +# DESCRIPTION +# +# This macro figures out how to build C programs using POSIX threads. It +# sets the PTHREAD_LIBS output variable to the threads library and linker +# flags, and the PTHREAD_CFLAGS output variable to any special C compiler +# flags that are needed. (The user can also force certain compiler +# flags/libs to be tested by setting these environment variables.) +# +# Also sets PTHREAD_CC and PTHREAD_CXX to any special C compiler that is +# needed for multi-threaded programs (defaults to the value of CC +# respectively CXX otherwise). (This is necessary on e.g. AIX to use the +# special cc_r/CC_r compiler alias.) +# +# NOTE: You are assumed to not only compile your program with these flags, +# but also to link with them as well. For example, you might link with +# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS +# $PTHREAD_CXX $CXXFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS +# +# If you are only building threaded programs, you may wish to use these +# variables in your default LIBS, CFLAGS, and CC: +# +# LIBS="$PTHREAD_LIBS $LIBS" +# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" +# CXXFLAGS="$CXXFLAGS $PTHREAD_CFLAGS" +# CC="$PTHREAD_CC" +# CXX="$PTHREAD_CXX" +# +# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant +# has a nonstandard name, this macro defines PTHREAD_CREATE_JOINABLE to +# that name (e.g. PTHREAD_CREATE_UNDETACHED on AIX). +# +# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the +# PTHREAD_PRIO_INHERIT symbol is defined when compiling with +# PTHREAD_CFLAGS. +# +# ACTION-IF-FOUND is a list of shell commands to run if a threads library +# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it +# is not found. If ACTION-IF-FOUND is not specified, the default action +# will define HAVE_PTHREAD. +# +# Please let the authors know if this macro fails on any platform, or if +# you have any other suggestions or comments. This macro was based on work +# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help +# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by +# Alejandro Forero Cuervo to the autoconf macro repository. We are also +# grateful for the helpful feedback of numerous users. +# +# Updated for Autoconf 2.68 by Daniel Richard G. +# +# LICENSE +# +# Copyright (c) 2008 Steven G. Johnson +# Copyright (c) 2011 Daniel Richard G. +# Copyright (c) 2019 Marc Stevens +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 31 + +AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) +AC_DEFUN([AX_PTHREAD], [ +AC_REQUIRE([AC_CANONICAL_HOST]) +AC_REQUIRE([AC_PROG_CC]) +AC_REQUIRE([AC_PROG_SED]) +AC_LANG_PUSH([C]) +ax_pthread_ok=no + +# We used to check for pthread.h first, but this fails if pthread.h +# requires special compiler flags (e.g. on Tru64 or Sequent). +# It gets checked for in the link test anyway. + +# First of all, check if the user has set any of the PTHREAD_LIBS, +# etcetera environment variables, and if threads linking works using +# them: +if test "x$PTHREAD_CFLAGS$PTHREAD_LIBS" != "x"; then + ax_pthread_save_CC="$CC" + ax_pthread_save_CFLAGS="$CFLAGS" + ax_pthread_save_LIBS="$LIBS" + AS_IF([test "x$PTHREAD_CC" != "x"], [CC="$PTHREAD_CC"]) + AS_IF([test "x$PTHREAD_CXX" != "x"], [CXX="$PTHREAD_CXX"]) + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" + AC_MSG_CHECKING([for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS]) + AC_LINK_IFELSE([AC_LANG_CALL([], [pthread_join])], [ax_pthread_ok=yes]) + AC_MSG_RESULT([$ax_pthread_ok]) + if test "x$ax_pthread_ok" = "xno"; then + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" + fi + CC="$ax_pthread_save_CC" + CFLAGS="$ax_pthread_save_CFLAGS" + LIBS="$ax_pthread_save_LIBS" +fi + +# We must check for the threads library under a number of different +# names; the ordering is very important because some systems +# (e.g. DEC) have both -lpthread and -lpthreads, where one of the +# libraries is broken (non-POSIX). + +# Create a list of thread flags to try. Items with a "," contain both +# C compiler flags (before ",") and linker flags (after ","). Other items +# starting with a "-" are C compiler flags, and remaining items are +# library names, except for "none" which indicates that we try without +# any flags at all, and "pthread-config" which is a program returning +# the flags for the Pth emulation library. + +ax_pthread_flags="pthreads none -Kthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" + +# The ordering *is* (sometimes) important. Some notes on the +# individual items follow: + +# pthreads: AIX (must check this before -lpthread) +# none: in case threads are in libc; should be tried before -Kthread and +# other compiler flags to prevent continual compiler warnings +# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) +# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads), Tru64 +# (Note: HP C rejects this with "bad form for `-t' option") +# -pthreads: Solaris/gcc (Note: HP C also rejects) +# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it +# doesn't hurt to check since this sometimes defines pthreads and +# -D_REENTRANT too), HP C (must be checked before -lpthread, which +# is present but should not be used directly; and before -mthreads, +# because the compiler interprets this as "-mt" + "-hreads") +# -mthreads: Mingw32/gcc, Lynx/gcc +# pthread: Linux, etcetera +# --thread-safe: KAI C++ +# pthread-config: use pthread-config program (for GNU Pth library) + +case $host_os in + + freebsd*) + + # -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) + # lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) + + ax_pthread_flags="-kthread lthread $ax_pthread_flags" + ;; + + hpux*) + + # From the cc(1) man page: "[-mt] Sets various -D flags to enable + # multi-threading and also sets -lpthread." + + ax_pthread_flags="-mt -pthread pthread $ax_pthread_flags" + ;; + + openedition*) + + # IBM z/OS requires a feature-test macro to be defined in order to + # enable POSIX threads at all, so give the user a hint if this is + # not set. (We don't define these ourselves, as they can affect + # other portions of the system API in unpredictable ways.) + + AC_EGREP_CPP([AX_PTHREAD_ZOS_MISSING], + [ +# if !defined(_OPEN_THREADS) && !defined(_UNIX03_THREADS) + AX_PTHREAD_ZOS_MISSING +# endif + ], + [AC_MSG_WARN([IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support.])]) + ;; + + solaris*) + + # On Solaris (at least, for some versions), libc contains stubbed + # (non-functional) versions of the pthreads routines, so link-based + # tests will erroneously succeed. (N.B.: The stubs are missing + # pthread_cleanup_push, or rather a function called by this macro, + # so we could check for that, but who knows whether they'll stub + # that too in a future libc.) So we'll check first for the + # standard Solaris way of linking pthreads (-mt -lpthread). + + ax_pthread_flags="-mt,-lpthread pthread $ax_pthread_flags" + ;; +esac + +# Are we compiling with Clang? + +AC_CACHE_CHECK([whether $CC is Clang], + [ax_cv_PTHREAD_CLANG], + [ax_cv_PTHREAD_CLANG=no + # Note that Autoconf sets GCC=yes for Clang as well as GCC + if test "x$GCC" = "xyes"; then + AC_EGREP_CPP([AX_PTHREAD_CC_IS_CLANG], + [/* Note: Clang 2.7 lacks __clang_[a-z]+__ */ +# if defined(__clang__) && defined(__llvm__) + AX_PTHREAD_CC_IS_CLANG +# endif + ], + [ax_cv_PTHREAD_CLANG=yes]) + fi + ]) +ax_pthread_clang="$ax_cv_PTHREAD_CLANG" + + +# GCC generally uses -pthread, or -pthreads on some platforms (e.g. SPARC) + +# Note that for GCC and Clang -pthread generally implies -lpthread, +# except when -nostdlib is passed. +# This is problematic using libtool to build C++ shared libraries with pthread: +# [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=25460 +# [2] https://bugzilla.redhat.com/show_bug.cgi?id=661333 +# [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468555 +# To solve this, first try -pthread together with -lpthread for GCC + +AS_IF([test "x$GCC" = "xyes"], + [ax_pthread_flags="-pthread,-lpthread -pthread -pthreads $ax_pthread_flags"]) + +# Clang takes -pthread (never supported any other flag), but we'll try with -lpthread first + +AS_IF([test "x$ax_pthread_clang" = "xyes"], + [ax_pthread_flags="-pthread,-lpthread -pthread"]) + + +# The presence of a feature test macro requesting re-entrant function +# definitions is, on some systems, a strong hint that pthreads support is +# correctly enabled + +case $host_os in + darwin* | hpux* | linux* | osf* | solaris*) + ax_pthread_check_macro="_REENTRANT" + ;; + + aix*) + ax_pthread_check_macro="_THREAD_SAFE" + ;; + + *) + ax_pthread_check_macro="--" + ;; +esac +AS_IF([test "x$ax_pthread_check_macro" = "x--"], + [ax_pthread_check_cond=0], + [ax_pthread_check_cond="!defined($ax_pthread_check_macro)"]) + + +if test "x$ax_pthread_ok" = "xno"; then +for ax_pthread_try_flag in $ax_pthread_flags; do + + case $ax_pthread_try_flag in + none) + AC_MSG_CHECKING([whether pthreads work without any flags]) + ;; + + *,*) + PTHREAD_CFLAGS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\1/"` + PTHREAD_LIBS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\2/"` + AC_MSG_CHECKING([whether pthreads work with "$PTHREAD_CFLAGS" and "$PTHREAD_LIBS"]) + ;; + + -*) + AC_MSG_CHECKING([whether pthreads work with $ax_pthread_try_flag]) + PTHREAD_CFLAGS="$ax_pthread_try_flag" + ;; + + pthread-config) + AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no]) + AS_IF([test "x$ax_pthread_config" = "xno"], [continue]) + PTHREAD_CFLAGS="`pthread-config --cflags`" + PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" + ;; + + *) + AC_MSG_CHECKING([for the pthreads library -l$ax_pthread_try_flag]) + PTHREAD_LIBS="-l$ax_pthread_try_flag" + ;; + esac + + ax_pthread_save_CFLAGS="$CFLAGS" + ax_pthread_save_LIBS="$LIBS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" + + # Check for various functions. We must include pthread.h, + # since some functions may be macros. (On the Sequent, we + # need a special flag -Kthread to make this header compile.) + # We check for pthread_join because it is in -lpthread on IRIX + # while pthread_create is in libc. We check for pthread_attr_init + # due to DEC craziness with -lpthreads. We check for + # pthread_cleanup_push because it is one of the few pthread + # functions on Solaris that doesn't have a non-functional libc stub. + # We try pthread_create on general principles. + + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include +# if $ax_pthread_check_cond +# error "$ax_pthread_check_macro must be defined" +# endif + static void *some_global = NULL; + static void routine(void *a) + { + /* To avoid any unused-parameter or + unused-but-set-parameter warning. */ + some_global = a; + } + static void *start_routine(void *a) { return a; }], + [pthread_t th; pthread_attr_t attr; + pthread_create(&th, 0, start_routine, 0); + pthread_join(th, 0); + pthread_attr_init(&attr); + pthread_cleanup_push(routine, 0); + pthread_cleanup_pop(0) /* ; */])], + [ax_pthread_ok=yes], + []) + + CFLAGS="$ax_pthread_save_CFLAGS" + LIBS="$ax_pthread_save_LIBS" + + AC_MSG_RESULT([$ax_pthread_ok]) + AS_IF([test "x$ax_pthread_ok" = "xyes"], [break]) + + PTHREAD_LIBS="" + PTHREAD_CFLAGS="" +done +fi + + +# Clang needs special handling, because older versions handle the -pthread +# option in a rather... idiosyncratic way + +if test "x$ax_pthread_clang" = "xyes"; then + + # Clang takes -pthread; it has never supported any other flag + + # (Note 1: This will need to be revisited if a system that Clang + # supports has POSIX threads in a separate library. This tends not + # to be the way of modern systems, but it's conceivable.) + + # (Note 2: On some systems, notably Darwin, -pthread is not needed + # to get POSIX threads support; the API is always present and + # active. We could reasonably leave PTHREAD_CFLAGS empty. But + # -pthread does define _REENTRANT, and while the Darwin headers + # ignore this macro, third-party headers might not.) + + # However, older versions of Clang make a point of warning the user + # that, in an invocation where only linking and no compilation is + # taking place, the -pthread option has no effect ("argument unused + # during compilation"). They expect -pthread to be passed in only + # when source code is being compiled. + # + # Problem is, this is at odds with the way Automake and most other + # C build frameworks function, which is that the same flags used in + # compilation (CFLAGS) are also used in linking. Many systems + # supported by AX_PTHREAD require exactly this for POSIX threads + # support, and in fact it is often not straightforward to specify a + # flag that is used only in the compilation phase and not in + # linking. Such a scenario is extremely rare in practice. + # + # Even though use of the -pthread flag in linking would only print + # a warning, this can be a nuisance for well-run software projects + # that build with -Werror. So if the active version of Clang has + # this misfeature, we search for an option to squash it. + + AC_CACHE_CHECK([whether Clang needs flag to prevent "argument unused" warning when linking with -pthread], + [ax_cv_PTHREAD_CLANG_NO_WARN_FLAG], + [ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown + # Create an alternate version of $ac_link that compiles and + # links in two steps (.c -> .o, .o -> exe) instead of one + # (.c -> exe), because the warning occurs only in the second + # step + ax_pthread_save_ac_link="$ac_link" + ax_pthread_sed='s/conftest\.\$ac_ext/conftest.$ac_objext/g' + ax_pthread_link_step=`AS_ECHO(["$ac_link"]) | sed "$ax_pthread_sed"` + ax_pthread_2step_ac_link="($ac_compile) && (echo ==== >&5) && ($ax_pthread_link_step)" + ax_pthread_save_CFLAGS="$CFLAGS" + for ax_pthread_try in '' -Qunused-arguments -Wno-unused-command-line-argument unknown; do + AS_IF([test "x$ax_pthread_try" = "xunknown"], [break]) + CFLAGS="-Werror -Wunknown-warning-option $ax_pthread_try -pthread $ax_pthread_save_CFLAGS" + ac_link="$ax_pthread_save_ac_link" + AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])], + [ac_link="$ax_pthread_2step_ac_link" + AC_LINK_IFELSE([AC_LANG_SOURCE([[int main(void){return 0;}]])], + [break]) + ]) + done + ac_link="$ax_pthread_save_ac_link" + CFLAGS="$ax_pthread_save_CFLAGS" + AS_IF([test "x$ax_pthread_try" = "x"], [ax_pthread_try=no]) + ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try" + ]) + + case "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" in + no | unknown) ;; + *) PTHREAD_CFLAGS="$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG $PTHREAD_CFLAGS" ;; + esac + +fi # $ax_pthread_clang = yes + + + +# Various other checks: +if test "x$ax_pthread_ok" = "xyes"; then + ax_pthread_save_CFLAGS="$CFLAGS" + ax_pthread_save_LIBS="$LIBS" + CFLAGS="$CFLAGS $PTHREAD_CFLAGS" + LIBS="$PTHREAD_LIBS $LIBS" + + # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. + AC_CACHE_CHECK([for joinable pthread attribute], + [ax_cv_PTHREAD_JOINABLE_ATTR], + [ax_cv_PTHREAD_JOINABLE_ATTR=unknown + for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], + [int attr = $ax_pthread_attr; return attr /* ; */])], + [ax_cv_PTHREAD_JOINABLE_ATTR=$ax_pthread_attr; break], + []) + done + ]) + AS_IF([test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xunknown" && \ + test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xPTHREAD_CREATE_JOINABLE" && \ + test "x$ax_pthread_joinable_attr_defined" != "xyes"], + [AC_DEFINE_UNQUOTED([PTHREAD_CREATE_JOINABLE], + [$ax_cv_PTHREAD_JOINABLE_ATTR], + [Define to necessary symbol if this constant + uses a non-standard name on your system.]) + ax_pthread_joinable_attr_defined=yes + ]) + + AC_CACHE_CHECK([whether more special flags are required for pthreads], + [ax_cv_PTHREAD_SPECIAL_FLAGS], + [ax_cv_PTHREAD_SPECIAL_FLAGS=no + case $host_os in + solaris*) + ax_cv_PTHREAD_SPECIAL_FLAGS="-D_POSIX_PTHREAD_SEMANTICS" + ;; + esac + ]) + AS_IF([test "x$ax_cv_PTHREAD_SPECIAL_FLAGS" != "xno" && \ + test "x$ax_pthread_special_flags_added" != "xyes"], + [PTHREAD_CFLAGS="$ax_cv_PTHREAD_SPECIAL_FLAGS $PTHREAD_CFLAGS" + ax_pthread_special_flags_added=yes]) + + AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], + [ax_cv_PTHREAD_PRIO_INHERIT], + [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], + [[int i = PTHREAD_PRIO_INHERIT; + return i;]])], + [ax_cv_PTHREAD_PRIO_INHERIT=yes], + [ax_cv_PTHREAD_PRIO_INHERIT=no]) + ]) + AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes" && \ + test "x$ax_pthread_prio_inherit_defined" != "xyes"], + [AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], [1], [Have PTHREAD_PRIO_INHERIT.]) + ax_pthread_prio_inherit_defined=yes + ]) + + CFLAGS="$ax_pthread_save_CFLAGS" + LIBS="$ax_pthread_save_LIBS" + + # More AIX lossage: compile with *_r variant + if test "x$GCC" != "xyes"; then + case $host_os in + aix*) + AS_CASE(["x/$CC"], + [x*/c89|x*/c89_128|x*/c99|x*/c99_128|x*/cc|x*/cc128|x*/xlc|x*/xlc_v6|x*/xlc128|x*/xlc128_v6], + [#handle absolute path differently from PATH based program lookup + AS_CASE(["x$CC"], + [x/*], + [ + AS_IF([AS_EXECUTABLE_P([${CC}_r])],[PTHREAD_CC="${CC}_r"]) + AS_IF([test "x${CXX}" != "x"], [AS_IF([AS_EXECUTABLE_P([${CXX}_r])],[PTHREAD_CXX="${CXX}_r"])]) + ], + [ + AC_CHECK_PROGS([PTHREAD_CC],[${CC}_r],[$CC]) + AS_IF([test "x${CXX}" != "x"], [AC_CHECK_PROGS([PTHREAD_CXX],[${CXX}_r],[$CXX])]) + ] + ) + ]) + ;; + esac + fi +fi + +test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" +test -n "$PTHREAD_CXX" || PTHREAD_CXX="$CXX" + +AC_SUBST([PTHREAD_LIBS]) +AC_SUBST([PTHREAD_CFLAGS]) +AC_SUBST([PTHREAD_CC]) +AC_SUBST([PTHREAD_CXX]) + +# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: +if test "x$ax_pthread_ok" = "xyes"; then + ifelse([$1],,[AC_DEFINE([HAVE_PTHREAD],[1],[Define if you have POSIX threads libraries and header files.])],[$1]) + : +else + ax_pthread_ok=no + $2 +fi +AC_LANG_POP +])dnl AX_PTHREAD diff --git a/src/api/ccapi/Makefile.am b/src/api/ccapi/Makefile.am index 099b86f3..1a1af798 100644 --- a/src/api/ccapi/Makefile.am +++ b/src/api/ccapi/Makefile.am @@ -16,6 +16,7 @@ libvomsapi_la_SOURCES = \ libvomsapi_la_CXXFLAGS = \ + $(PTHREAD_CFLAGS) \ $(NO_GLOBUS_FLAGS) \ -DNOGLOBUS \ -I$(top_srcdir)/src/include @@ -27,6 +28,7 @@ libvomsapi_la_LDFLAGS = \ libvomsapi_la_LIBADD = \ $(EXPAT_LIBS) \ $(OPENSSL_LIBS) \ + $(PTHREAD_LIBS) \ $(top_builddir)/src/replib/librep.la \ $(top_builddir)/src/common/libutilities_nog.la \ $(top_builddir)/src/common/libutilc_nog.la \ From 25b39ed6ca70d28ec65dacb897a16688db527768 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Wed, 8 Mar 2023 10:22:48 +0100 Subject: [PATCH 63/92] Fix memory leaks and double deletes They are reported from the runtime checks on EL9 --- src/sslutils/sslutils.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/sslutils/sslutils.c b/src/sslutils/sslutils.c index 8b0f4c46..4fead093 100644 --- a/src/sslutils/sslutils.c +++ b/src/sslutils/sslutils.c @@ -767,6 +767,9 @@ proxy_genreq( if (RSA_generate_key_ex(rsa, rbits, rsa_exp, cb)) { BN_free(rsa_exp); + rsa_exp = NULL; + BN_GENCB_free(cb); + cb = NULL; } else { @@ -774,7 +777,11 @@ proxy_genreq( goto err; } - if (!EVP_PKEY_assign_RSA(pkey,rsa)) + if (EVP_PKEY_assign_RSA(pkey,rsa)) + { + rsa = NULL; + } + else { PRXYerr(PRXYERR_F_PROXY_GENREQ,PRXYERR_R_PROCESS_PROXY_KEY); goto err; From 564dd86719e15f9e796cbbf27439b07f693e36b6 Mon Sep 17 00:00:00 2001 From: Brian P Bockelman Date: Wed, 26 Apr 2023 15:03:13 -0500 Subject: [PATCH 64/92] If a detailed error message is available, do not overwrite (#116) When verification of ACs fails, the prior behavior is to always have this message: ``` Cannot verify AC signature! ``` This can be difficult to debug as there's no indication of whether its a problem with the proxy itself or with the host configuration. This patch appends the underlying error message if one was provided. For example, ``` Cannot verify AC signature! Underlying error: Certificate verification \ failed for certificate '/CN=voms.example.com': certificate has expired. ``` (newlines added for readability) --- src/api/ccapi/api_util.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/api/ccapi/api_util.cc b/src/api/ccapi/api_util.cc index 848bfbdc..dcbcafbe 100644 --- a/src/api/ccapi/api_util.cc +++ b/src/api/ccapi/api_util.cc @@ -332,7 +332,12 @@ vomsdata::verifydata(AC *ac, UNUSED(const std::string& subject), issuer = check((void *)ac); if (!issuer) { - seterror(VERR_SIGN, "Cannot verify AC signature!"); + std::string oldmessage = ErrorMessage(); + if (oldmessage.empty()) { + seterror(VERR_SIGN, "Cannot verify AC signature!"); + } else { + seterror(VERR_SIGN, "Cannot verify AC signature! Underlying error: " + oldmessage); + } return false; } } From 9a99f205870ec2481ddeb0020e37f54fdbf09abd Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Sun, 2 Jul 2023 16:25:21 +0200 Subject: [PATCH 65/92] Add "lexparse.h" headers for lexer/parser integration (#112) And include them in a few strategic places. This avoids build failures with future compilers that do not support implicit function declarations by default. (NB: This commit does not regenerate the lexers/parsers, so the line numbers are slightly off.) --- src/sslutils/lex.namespaces.c | 1 + src/sslutils/lex.signing.c | 1 + src/sslutils/lexparse.h | 4 ++++ src/sslutils/namespaces.c | 1 + src/sslutils/namespaces.l | 1 + src/sslutils/namespaces.y | 1 + src/sslutils/signing_policy.c | 1 + src/sslutils/signing_policy.l | 1 + src/sslutils/signing_policy.y | 1 + src/utils/lex.yy.c | 1 + src/utils/lexparse.h | 4 ++++ src/utils/vomsfake.y | 1 + src/utils/vomsparser.c | 1 + src/utils/vomsparser.l | 1 + 14 files changed, 20 insertions(+) create mode 100644 src/sslutils/lexparse.h create mode 100644 src/utils/lexparse.h diff --git a/src/sslutils/lex.namespaces.c b/src/sslutils/lex.namespaces.c index af359bf9..646156af 100644 --- a/src/sslutils/lex.namespaces.c +++ b/src/sslutils/lex.namespaces.c @@ -1410,6 +1410,7 @@ static yyconst flex_int16_t yy_rule_linenum[15] = #include #include "parsertypes.h" +#include "lexparse.h" #include "namespaces.h" #ifndef strndup extern char *strndup(const char*, size_t); diff --git a/src/sslutils/lex.signing.c b/src/sslutils/lex.signing.c index 6906a5ad..e32364d7 100644 --- a/src/sslutils/lex.signing.c +++ b/src/sslutils/lex.signing.c @@ -2356,6 +2356,7 @@ static yyconst flex_int16_t yy_rule_linenum[17] = #include "parsertypes.h" #include "signing_policy.h" +#include "lexparse.h" #ifndef strndup extern char *strndup(const char*, size_t); #endif diff --git a/src/sslutils/lexparse.h b/src/sslutils/lexparse.h new file mode 100644 index 00000000..675a10fb --- /dev/null +++ b/src/sslutils/lexparse.h @@ -0,0 +1,4 @@ +/* Declarations for lexer/parser integration. */ +union YYSTYPE; +int signinglex (union YYSTYPE *, void *); +int namespaceslex (union YYSTYPE *, void *); diff --git a/src/sslutils/namespaces.c b/src/sslutils/namespaces.c index 780845d7..a0064994 100644 --- a/src/sslutils/namespaces.c +++ b/src/sslutils/namespaces.c @@ -108,6 +108,7 @@ #include #include "parsertypes.h" +#include "lexparse.h" #include "listfunc.h" char **parse_subjects(char *string); diff --git a/src/sslutils/namespaces.l b/src/sslutils/namespaces.l index c3e6b04a..cdd10df3 100644 --- a/src/sslutils/namespaces.l +++ b/src/sslutils/namespaces.l @@ -30,6 +30,7 @@ #include #include "parsertypes.h" +#include "lexparse.h" #include "namespaces.h" #ifndef strndup extern char *strndup(const char*, size_t); diff --git a/src/sslutils/namespaces.y b/src/sslutils/namespaces.y index 23e51933..9be4271c 100644 --- a/src/sslutils/namespaces.y +++ b/src/sslutils/namespaces.y @@ -29,6 +29,7 @@ #include #include "parsertypes.h" +#include "lexparse.h" #include "listfunc.h" char **parse_subjects(char *string); diff --git a/src/sslutils/signing_policy.c b/src/sslutils/signing_policy.c index 03f13ab2..f36374b7 100644 --- a/src/sslutils/signing_policy.c +++ b/src/sslutils/signing_policy.c @@ -110,6 +110,7 @@ #include #include "parsertypes.h" +#include "lexparse.h" #include "listfunc.h" char **parse_subjects(char *string); diff --git a/src/sslutils/signing_policy.l b/src/sslutils/signing_policy.l index c5115a19..c521dd5d 100644 --- a/src/sslutils/signing_policy.l +++ b/src/sslutils/signing_policy.l @@ -31,6 +31,7 @@ #include "parsertypes.h" #include "signing_policy.h" +#include "lexparse.h" #ifndef strndup extern char *strndup(const char*, size_t); #endif diff --git a/src/sslutils/signing_policy.y b/src/sslutils/signing_policy.y index 93fab4fb..a56ac37d 100644 --- a/src/sslutils/signing_policy.y +++ b/src/sslutils/signing_policy.y @@ -31,6 +31,7 @@ #include #include "parsertypes.h" +#include "lexparse.h" #include "listfunc.h" char **parse_subjects(char *string); diff --git a/src/utils/lex.yy.c b/src/utils/lex.yy.c index afa13ea1..ac1768b0 100644 --- a/src/utils/lex.yy.c +++ b/src/utils/lex.yy.c @@ -486,6 +486,7 @@ char *yytext; #include "fakeparsertypes.h" #include "vomsparser.h" +#include "lexparse.h" #line 491 "lex.yy.c" diff --git a/src/utils/lexparse.h b/src/utils/lexparse.h new file mode 100644 index 00000000..9937dfa8 --- /dev/null +++ b/src/utils/lexparse.h @@ -0,0 +1,4 @@ +/* Declarations for lexer/parser integration. */ +union YYSTYPE; +int yylex(); +void yyerror(const char *); diff --git a/src/utils/vomsfake.y b/src/utils/vomsfake.y index 7d47bf8d..afc32f61 100644 --- a/src/utils/vomsfake.y +++ b/src/utils/vomsfake.y @@ -19,6 +19,7 @@ #include #include "fakeparsertypes.h" +#include "lexparse.h" #define MAX_SIZE 200 diff --git a/src/utils/vomsparser.c b/src/utils/vomsparser.c index ad61f133..8312571a 100644 --- a/src/utils/vomsparser.c +++ b/src/utils/vomsparser.c @@ -90,6 +90,7 @@ #include #include "fakeparsertypes.h" +#include "lexparse.h" #define MAX_SIZE 200 diff --git a/src/utils/vomsparser.l b/src/utils/vomsparser.l index 649bea73..1bf72cd9 100644 --- a/src/utils/vomsparser.l +++ b/src/utils/vomsparser.l @@ -31,6 +31,7 @@ #include "fakeparsertypes.h" #include "vomsparser.h" +#include "lexparse.h" %} %x STR From 16294121bcc68d312feabc26b172eefaaf1566f9 Mon Sep 17 00:00:00 2001 From: DrDaveD <2129743+DrDaveD@users.noreply.github.com> Date: Thu, 7 Sep 2023 15:50:15 -0500 Subject: [PATCH 66/92] Only process authority and subject key identifiers in certificates (#121) --- src/sslutils/proxy.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/sslutils/proxy.c b/src/sslutils/proxy.c index 8a1e2098..da4d7823 100644 --- a/src/sslutils/proxy.c +++ b/src/sslutils/proxy.c @@ -353,9 +353,10 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, } } - /* authority key identifier and subject key identifier extension */ + /* authority key identifier and subject key identifier extension + (certificates only, not proxies) */ - { + if (args->proxyversion == 0) { X509V3_CTX ctx; X509V3_set_ctx(&ctx, (args->selfsigned ? NULL : args->cert), NULL, req, NULL, 0); From 6a083788991f0667a4bf0cc2d6f3085e08df39bc Mon Sep 17 00:00:00 2001 From: Chris Burr Date: Thu, 7 Sep 2023 23:16:44 +0200 Subject: [PATCH 67/92] Consider the Authority Key Id extension only if it's available (#113) --- src/sslutils/proxy.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/sslutils/proxy.c b/src/sslutils/proxy.c index da4d7823..78a40f63 100644 --- a/src/sslutils/proxy.c +++ b/src/sslutils/proxy.c @@ -390,14 +390,14 @@ struct VOMSProxy *VOMS_MakeProxy(struct VOMSProxyArguments *args, int *warning, ex11 = X509V3_EXT_conf_nid(NULL, &ctx, NID_authority_key_identifier, "keyid"); } - if (!ex11) { + if (ex11) { + if (!SET_EXT(ex11)) { + goto err; + } + } else if (args->selfsigned) { PRXYerr(PRXYERR_F_PROXY_SIGN,PRXYERR_R_CLASS_ADD_EXT); goto err; } - - if (!SET_EXT(ex11)) { - goto err; - } } /* class_add extension */ From 425a99b89d66f9452e63c8ed586b393aa9938423 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Tue, 2 Apr 2024 12:24:23 +0200 Subject: [PATCH 68/92] Open the randfile only if it exists --- src/sslutils/sslutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sslutils/sslutils.c b/src/sslutils/sslutils.c index 4fead093..54e0f43a 100644 --- a/src/sslutils/sslutils.c +++ b/src/sslutils/sslutils.c @@ -519,7 +519,7 @@ ERR_load_prxyerr_strings( randfile = RAND_file_name(buffer,200); - if (randfile) + if (randfile && access(randfile, "r") == 0) { RAND_load_file(randfile,1024L*1024L); } From 2d20ec4782ae384df4bdef0cb58293d96174b376 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Tue, 2 Apr 2024 12:26:35 +0200 Subject: [PATCH 69/92] Fix the parsing of the REST API XML response The depth of some fields was not correct for the response obtained through the REST API, which is the first one tried and the only one that will survive in the future with VOMS-AA. In addition, VOMS-AA returns a numeric code for an error condition, not a string like VOMS server. --- src/common/xmlcc.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/common/xmlcc.cc b/src/common/xmlcc.cc index 6f9fe372..bd43f3f1 100644 --- a/src/common/xmlcc.cc +++ b/src/common/xmlcc.cc @@ -491,7 +491,7 @@ static void endans(void *userdata, const char *name) a->num = atoi(a->value.c_str()); } else if ((!strcmp(name, "message")) && - (a->depth == 3)) { + (a->depth == 3 || a->depth == 2)) { a->message = a->value; } else if (!strcmp(name, "warning")) { @@ -501,10 +501,10 @@ static void endans(void *userdata, const char *name) a->a->errs.push_back(e); } else if ((!strcmp(name, "code")) && - (a->depth == 3)) { + (a->depth == 2)) { const char *msg = a->value.c_str(); - if (!strcmp(msg, "NoSuchUser")) + if (!strcmp(msg, "NoSuchUser") || atoi(msg) == ERR_NOT_MEMBER) a->num = ERR_NOT_MEMBER; else if (!strcmp(msg, "SuspendedUser")) a->num = ERR_SUSPENDED; From 4c487ab852155d90a7ce97792a804b513ceadcfa Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Tue, 2 Apr 2024 12:31:03 +0200 Subject: [PATCH 70/92] Review the management of errors from the REST API * Always process the errors, not only in case an AC has been returned * For certain errors (user doesn't exist, is suspended, is inactive) do not try the legacy endpoint, which doesn't even exist for VOMS AA * Leave some commented-out debug messages, to be possibly included in the output in debug mode (requires some work to propagate the debug flag) --- src/api/ccapi/voms_api.cc | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/src/api/ccapi/voms_api.cc b/src/api/ccapi/voms_api.cc index b617732a..bb84199b 100644 --- a/src/api/ccapi/voms_api.cc +++ b/src/api/ccapi/voms_api.cc @@ -247,21 +247,18 @@ bool vomsdata::InterpretOutput(const std::string &message, std::string& output) if (!a.ac.empty()) { output = a.ac; - if (a.errs.size() != 0) { - std::vector::const_iterator end = a.errs.end(); - for (std::vector::const_iterator i = a.errs.begin(); - i != end; ++i) { - serverrors += i->message; - if (i->num > ERROR_OFFSET) - result = false; - if (i->num == WARN_NO_FIRST_SELECT) - seterror(VERR_ORDER, "Cannot put requested attributes in the specified order."); - } - } } else if (!a.data.empty()) { output = a.data; } + for (std::vector::const_iterator i = a.errs.begin(), end = a.errs.end(); + i != end; ++i) { + serverrors += i->message; + if (i->num > ERROR_OFFSET) + result = false; + if (i->num == WARN_NO_FIRST_SELECT) + seterror(VERR_ORDER, "Cannot put requested attributes in the specified order."); + } if (!result && ver_type) { seterror(VERR_SERVERCODE, "The server returned an error."); return false; @@ -289,9 +286,15 @@ bool vomsdata::ContactRaw(std::string hostname, int port, std::string servsubjec /* Try REST connection first */ bool ret = ContactRESTRaw(hostname, port, command, raw, version, timeout); - if (ret) + if (ret + || serverrors.find("User unknown to this VO") != std::string::npos + || serverrors.find("suspended") != std::string::npos + || serverrors.find("not active") != std::string::npos) return ret; + // reset the errors + serverrors.clear(); + std::vector::const_iterator end = targets.end(); std::vector::const_iterator begin = targets.begin(); for (std::vector::const_iterator i = begin; i != end; ++i) { @@ -303,8 +306,12 @@ bool vomsdata::ContactRaw(std::string hostname, int port, std::string servsubjec comm = XML_Req_Encode(command, ordering, targs, duration); - if (!contact(hostname, port, servsubject, comm, buffer, subject, ca, timeout)) + ret = contact(hostname, port, servsubject, comm, buffer, subject, ca, timeout); + // std::cerr << '\n' << comm << '\n' << buffer << '\n'; + + if (!ret) { return false; + } version = 1; return InterpretOutput(buffer, raw); @@ -359,6 +366,8 @@ bool vomsdata::ContactRESTRaw(const std::string& hostname, int port, const std:: std::string user, userca, output; bool res = contact(hostname, port, "", realCommand, output, user, userca, timeout); + // std::cerr << '\n' << realCommand << '\n' << output << '\n'; + bool ret = false; if (res) { From 7ecb06e05c752be45f537b354c63a8940ccbed6f Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Mon, 29 Apr 2024 15:30:02 +0200 Subject: [PATCH 71/92] Allocate a GENERAL_NAME before using it for a target --- src/ac/write.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/ac/write.c b/src/ac/write.c index 783118b7..3a8ef27a 100644 --- a/src/ac/write.c +++ b/src/ac/write.c @@ -75,13 +75,18 @@ AC_TARGET* build_ac_target(char* t){ ASN1_IA5STRING_free(target_str); return NULL; } + GENERAL_NAME *name = GENERAL_NAME_new(); + if (! name) { + AC_TARGET_free(target); + ASN1_IA5STRING_free(target_str); + return NULL; + } ASN1_STRING_set(target_str, t, strlen(t)); - GENERAL_NAME *name = target->name; - name->type = GEN_URI; name->d.ia5 = target_str; + target->name = name; return target; } From 410be297820b08b2654ee05aedd0d7a3acfce784 Mon Sep 17 00:00:00 2001 From: Oliver Freyermuth Date: Mon, 29 Apr 2024 18:14:35 +0200 Subject: [PATCH 72/92] Makefile: don't reference deleted INSTALL file in apidoc target (#117) Fixes build error if all targets are made. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 4c520626..1199168c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,7 +6,7 @@ EXTRA_DIST = autogen.sh LICENSE APIDOC_DIR = $(top_builddir)/doc/apidoc USERDOC_DIR = $(top_builddir)/doc/userdoc -APIDOC_FILES = $(top_srcdir)/AUTHORS $(top_srcdir)/INSTALL $(top_srcdir)/LICENSE $(top_srcdir)/README +APIDOC_FILES = $(top_srcdir)/AUTHORS $(top_srcdir)/LICENSE $(top_srcdir)/README USERDOC_FILES = $(APIDOC_FILES) spec=spec/voms-all.spec From 15c26077a3e8833a7de9d0ab9da42bfd477554fe Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Tue, 30 Apr 2024 10:26:53 +0200 Subject: [PATCH 73/92] Fix spelling errors reported by lintian (#122) --- doc/AC-RFC.tex | 10 +++++----- doc/c++api.tex | 12 ++++++------ doc/capi.tex | 12 ++++++------ doc/software.tex | 20 ++++++++++---------- doc/voms-proxy-fake.1 | 10 +++++----- doc/voms-proxy-fake.xml | 10 +++++----- doc/voms-proxy-info.1 | 4 ++-- doc/voms-proxy-info.xml | 4 ++-- doc/voms-proxy-init.1 | 4 ++-- doc/voms-proxy-init.xml | 4 ++-- doc/voms-proxy-list.1 | 2 +- doc/voms-proxy-list.xml | 2 +- doc/voms.8 | 4 ++-- doc/voms.xml | 4 ++-- src/client/vomsclient.cc | 2 +- src/common/failure.c | 2 +- src/replica/voms_replica_master_setup.sh | 2 +- src/server/vomsd.cc | 4 ++-- src/utils/voms_verify.cc | 2 +- src/utils/vomsfake.cc | 2 +- testsuite/voms/voms/voms088.exp | 2 +- 21 files changed, 59 insertions(+), 59 deletions(-) diff --git a/doc/AC-RFC.tex b/doc/AC-RFC.tex index 35fa6077..97ecdb7c 100644 --- a/doc/AC-RFC.tex +++ b/doc/AC-RFC.tex @@ -9,8 +9,8 @@ \section{Introduction} X.509 Attribute Certificates (ACs) \cite{rfc3281} are used to bind a set of attributes, like group membership, role, security clearance, etc\ldots\ with an AC holder. Their well-defined, standardized format -and easy extensibility make them a premium way to distribute those -informations in large system, and in particular in environments where +and easy extensibility make them a premium way to distribute that +information in large system, and in particular in environments where authentication is done via X.509 Certificates \cite{rfc3280}. This is the reason why ACs are the format chosen by the VOMS server \cite{voms} to encode authorization data. @@ -52,7 +52,7 @@ \section{FQAN} \end{enumerate} For these reasons, a new format has been devised, as documented in -\cite{fqan}. However, here follows a copy of the relevant informations. +\cite{fqan}. However, here follows a copy of the relevant information. Group membership, Role holding and Capabilities may be expressed in a format that bounds them together in the following way: @@ -175,7 +175,7 @@ \subsection{V2Form} particular means that this subject MUST NOT be empty. \section{Attributes} -The attributes field contains informations about the AC holder. At +The attributes field contains information about the AC holder. At least one attribute MUST always be present. Attributes types use the format defined in \cite{rfc3281}, repeated here @@ -194,7 +194,7 @@ \section{Attributes} The attributes Group and Role, defined in \cite{rfc3281} are not used by VOMS AC, and SHOULD NOT be present in conforming ACs. Instead, it -defines a new attribute, FQAN, which holds informations about both, +defines a new attribute, FQAN, which holds information about both, and in fact also binds them together. \begin{verbatim} diff --git a/doc/c++api.tex b/doc/c++api.tex index 38378a40..d3d3b7bc 100644 --- a/doc/c++api.tex +++ b/doc/c++api.tex @@ -29,7 +29,7 @@ \chapter{Introduction} \begin{compatibility} Some information \end{compatibility} -These section contain informations regarding both back and forward +These sections contain information regarding both back and forward compatibility between different versions of the API. \begin{compatibility} @@ -92,7 +92,7 @@ \subsection{cap} \section{The voms structure} The second one, \texttt{voms} is used to group together all the -informations that can be gleaned from a single AC, and is defined as +information that can be gleaned from a single AC, and is defined as follows: \begin{lstlisting}{} @@ -195,7 +195,7 @@ \subsection{uri} \subsection{date1, date2} These are the dates of start and end of validity of the rest of the -informations. They are in a string representation readable to humans, +information. They are in a string representation readable to humans, but they may be easily converted back to their original format, with a little twist: dates coming from an AC are in GeneralizedTime format, while dates coming from the old version data are in UtcTime format. @@ -266,7 +266,7 @@ \subsection{fqan} \section{vomsdata} The purpose of this object is to collect in a single place all -informations present in a VOMS extension. It is defined so. +information present in a VOMS extension. It is defined so. \begin{lstlisting}{} struct vomsdata { @@ -375,7 +375,7 @@ \subsection{error} \subsection{data} This field contains a vector of \texttt{voms} structures, in the exact same order as the corresponding ACs appeared in the proxy certificate, -and containing the informations present in that AC. +and containing the information present in that AC. \section{Methods} \subsection {voms} @@ -624,7 +624,7 @@ \subsection{bool vomsdata::Retrieve(X509 *cert, STACK\_OF(X509) *chain, recurse\ certificate, executes the verifications requested by the SetVerificationType() function and interprets the data. \parameter{cert}{This is the X509 proxy certificate from which we want to -retrieve the informations.} +retrieve the information.} \parameter{chain}{This is the certificate chain associated to the proxy certificate. This parameter is only significant if the value of the next parameter is \texttt{RECURSE\_CHAIN}.} diff --git a/doc/capi.tex b/doc/capi.tex index 33e52cec..8e29d48e 100644 --- a/doc/capi.tex +++ b/doc/capi.tex @@ -32,7 +32,7 @@ \chapter{Introduction} \begin{compatibility} Some information \end{compatibility} -These section contain informations regarding both back and forward +These sections contain information regarding both back and forward compatibility between different versions of the API. \begin{compatibility} @@ -95,7 +95,7 @@ \subsection{cap} \section{The voms structure} The second one, \verb|voms| is used to group together all the -informations that can be gleaned from a single AC, and is defined as +information that can be gleaned from a single AC, and is defined as follows: {\begin{lstlisting}{} @@ -185,7 +185,7 @@ \subsection{uri} \subsection{date1, date2} These are the dates of start and end of validity of the rest of the -informations. They are in a string representation readable to humans, +information. They are in a string representation readable to humans, but they may be easily converted back to their original format, with a little twist: dates coming from an AC are in GeneralizedTime format, while dates coming from the old version data are in UtcTime format. @@ -261,7 +261,7 @@ \subsection{fqan} \section{vomsdata} The purpose of this object is to collect in a single place all -informations present in a VOMS extension. All the fields should be +information present in a VOMS extension. All the fields should be considered read-only. Changing them has indefinite results. {\begin{lstlisting}{} @@ -282,7 +282,7 @@ \section{vomsdata} \subsection{data} This field contains a vector of \verb|voms| structures, in the exact same order as the corresponding ACs appeared in the proxy certificate, -and containing the informations present in that AC. +and containing the information present in that AC. \subsection{workvo, volen} \begin{compatibility} @@ -694,7 +694,7 @@ \subsection{int VOMS\_Contact(char *hostname, int port, char *servsubject, char *command, struct vomsdata *vd, int *error)} This function is used to contact a VOMS server to receive an AC -containing the calling user's authorization informations. A +containing the calling user's authorization information. A prerequisite to calling this function is the existance of a valid proxy for the user himself. This function does not create such a proxy, which then must already exist. Also, the parameters needed to diff --git a/doc/software.tex b/doc/software.tex index 84b2a6de..d2a70005 100644 --- a/doc/software.tex +++ b/doc/software.tex @@ -393,7 +393,7 @@ \section{Invocation} order in which these options are specified in the command line.\\ \textbf{--version} & Prints version information and exits.\\ -\textbf{--quiet} & Prints only minimal informations. +\textbf{--quiet} & Prints only minimal information. \emph{WARNING}: some vital warnings may get overlooked by this option.\\ \textbf{--verify} & Verifies the certificate from which to create the @@ -518,11 +518,11 @@ \section{Invocation} should be specified in the format ``option=value''.\\ \textbf{--debug} & This option prints a series of additional debug - informations on stdout. The additional output + information on stdout. The additional output returned by this option should \emph{always} be included into bug reports for the voms-proxy-init command. User should not, - however, ever rely on informations printed by + however, ever rely on information printed by this options. Both content and format are guaranteed to change between software releases.\\ @@ -532,7 +532,7 @@ \section{Invocation} \chapter{voms-proxy-info} \section{Introduction} -This command is used to print to the screen the informations included +This command is used to print to the screen the information included in an already generated VOMS proxy. \section{Configuration} @@ -541,11 +541,11 @@ \section{Configuration} \section{Invocation} \begin{longtable}{lp{3in}} \textbf{--debug} & This option prints a series of additional debug - informations on stdout. The additional output + information on stdout. The additional output returned by this option should \emph{always} be included into bug reports for the voms-proxy-info command. User should not, - however, ever rely on informations printed by + however, ever rely on information printed by this options. Both content and format are guaranteed to change between software releases.\\ @@ -571,7 +571,7 @@ \section{Invocation} \textbf{--info} & Lets ``--subject'', ``--issuer'', ``--valid'' and ``--time'' also apply to ACs, and prints attributes values.\\ -\textbf{--extra} & Prints extra informations that were included in +\textbf{--extra} & Prints extra information that were included in the proxy.\\ \textbf{--all} & Prints everything. (Implies all other options.)\\ @@ -601,11 +601,11 @@ \section{Invocation} \begin{longtable}{lp{3in}} \textbf{--debug} & This option prints a series of additional debug - informations on stdout. The additional output + information on stdout. The additional output returned by this option should \emph{always} be included into bug reports for the voms-proxy-info command. User should not, - however, ever rely on informations printed by + however, ever rely on information printed by this options. Both content and format are guaranteed to change between software releases.\\ @@ -615,7 +615,7 @@ \section{Invocation} option per line, and option that do have values should be specified in the format ``option=value''.\\ -\textbf{--quiet} & Prints only minimal informations. +\textbf{--quiet} & Prints only minimal information. \emph{WARNING}: some vital warnings may get overlooked by this option.\\ \textbf{--file} & This option lets you specify a non-standard diff --git a/doc/voms-proxy-fake.1 b/doc/voms-proxy-fake.1 index 1941b8f5..926bcd41 100644 --- a/doc/voms-proxy-fake.1 +++ b/doc/voms-proxy-fake.1 @@ -221,7 +221,7 @@ The created certificate will be a self\-signed certificate and have a CA=true bi \fB\-extension\fR \fIoid[/criticality]value\fR .PP -This option allows to specified additional extensions to be put in the created certificate\&. +This option allows one to specify additional extensions to be put in the created certificate\&. .PP \fIoid\fR is the Object Identifier of the extensions\&. Any OID may be used even if it is not already known in advance\&. This must always be specified\&. There is no default\&. @@ -239,7 +239,7 @@ is the value of the extensions\&. It is composed by two subfields, and \fIcontent\fR\&. \fItype\fR -is a single charater, and specifies how the +is a single character, and specifies how the \fIcontent\fR is interpreted\&. \*(Aq:\*(Aq means that \fIcontent\fR @@ -252,7 +252,7 @@ is the name of a file which will contain the actual data\&. \fB\-acextension\fR \fIoid[/criticality]value\fR .PP -This option allows to specified additional extensions to be put in the created attribute certificate\&. +This option allows one to specify additional extensions to be put in the created attribute certificate\&. .PP \fIoid\fR is the Object Identifier of the extensions\&. Any OID may be used even if it is not already known in advance\&. This must always be specified\&. There is no default\&. @@ -270,7 +270,7 @@ is the value of the extensions\&. It is composed by two subfields, and \fIcontent\fR\&. \fItype\fR -is a single charater, and specifies how the +is a single character, and specifies how the \fIcontent\fR is interpreted\&. \*(Aq:\*(Aq means that \fIcontent\fR @@ -293,7 +293,7 @@ This option adds the generic attribute specified to the AC generated\&. Please n .PP The file \fIfile\fR -contains informations for additional ACs that should be included in the created proxy\&. ACs specified via the \-voinfo option shall be added before ACs specified via the command line options\&. +contains information for additional ACs that should be included in the created proxy\&. ACs specified via the \-voinfo option shall be added before ACs specified via the command line options\&. .PP The format of the file is the following: .PP diff --git a/doc/voms-proxy-fake.xml b/doc/voms-proxy-fake.xml index c04932f2..d514bde4 100644 --- a/doc/voms-proxy-fake.xml +++ b/doc/voms-proxy-fake.xml @@ -194,7 +194,7 @@ of: seconds, hours:minutes oid[/criticality]value -This option allows to specified additional extensions to be put +This option allows one to specify additional extensions to be put in the created certificate. oid is the Object Identifier of the extensions. Any OID may be used even if it is not already known @@ -209,7 +209,7 @@ of: seconds, hours:minutestype and content. type - is a single charater, and specifies how + is a single character, and specifies how the content is interpreted. ':' means that content is a text string to be included as is. '~' means @@ -219,7 +219,7 @@ of: seconds, hours:minutes oid[/criticality]value -This option allows to specified additional extensions to be put +This option allows one to specify additional extensions to be put in the created attribute certificate. oid is the Object Identifier of the extensions. Any OID may be used even if it is not already known @@ -234,7 +234,7 @@ of: seconds, hours:minutestype and content. type - is a single charater, and specifies how + is a single character, and specifies how the content is interpreted. ':' means that content is a text string to be included as is. '~' means @@ -249,7 +249,7 @@ of: seconds, hours:minutes file -The file file contains informations for +The file file contains information for additional ACs that should be included in the created proxy. ACs specified via the -voinfo option shall be added before ACs specified via the command line options. diff --git a/doc/voms-proxy-info.1 b/doc/voms-proxy-info.1 index 467f5ad0..10b3b852 100644 --- a/doc/voms-proxy-info.1 +++ b/doc/voms-proxy-info.1 @@ -28,7 +28,7 @@ .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" -voms-proxy-info \- prints informations about a proxy with VOMS extensions +voms-proxy-info \- prints information about a proxy with VOMS extensions .SH "SYNOPSIS" .HP \w'\fBvoms\-proxy\-info\fR\ 'u \fBvoms\-proxy\-info\fR [options] @@ -55,7 +55,7 @@ Enables extra debug output\&. This is for bug reports only\&. Users must not rel The name of the file containing the proxy, in case it is in a non\-standard place\&. .PP \fB\-chain\fR -Prints informations about the proxy\*(Aqs certificate chain\&. +Prints information about the proxy\*(Aqs certificate chain\&. .PP \fB\-subject\fR Prints the DN of the proxy\*(Aqs subject\&. diff --git a/doc/voms-proxy-info.xml b/doc/voms-proxy-info.xml index 339da721..0f4e7992 100644 --- a/doc/voms-proxy-info.xml +++ b/doc/voms-proxy-info.xml @@ -16,7 +16,7 @@ voms-proxy-info -prints informations about a proxy with VOMS extensions +prints information about a proxy with VOMS extensions @@ -56,7 +56,7 @@ The name of the file containing the proxy, in case it is in a non-standard place. -Prints informations about the proxy's certificate chain. +Prints information about the proxy's certificate chain. Prints the DN of the proxy's subject. diff --git a/doc/voms-proxy-init.1 b/doc/voms-proxy-init.1 index 5d9bd9ae..758ba597 100644 --- a/doc/voms-proxy-init.1 +++ b/doc/voms-proxy-init.1 @@ -106,7 +106,7 @@ Location of new proxy cert \fB\-voms\fR \fIvoms[:command]\fR Specifies the VOMS server to contact using the nickname -\fIvoms\fR\&. It also allows to send a specific command to the server\&. The default command is +\fIvoms\fR\&. It also allows one to send a specific command to the server\&. The default command is \fB:all\fR, and it gets all group membership information\&. Other commands are \fB:/Role=rolename\fR which grants the @@ -189,7 +189,7 @@ This option targets the generated AC to a specific host\&. This option may be sp .PP \fB\-timeout\fR \fIseconds\fR -This option allows to specify the maximum number of seconds that voms\-proxy\-init will wait while trying to establish a connection with the server\&. Its default value is \-1 (unlimited)\&. +This option allows one to specify the maximum number of seconds that voms\-proxy\-init will wait while trying to establish a connection with the server\&. Its default value is \-1 (unlimited)\&. .PP \fB\-noregen\fR Use existing proxy to contact the server and to sing the new proxy\&. diff --git a/doc/voms-proxy-init.xml b/doc/voms-proxy-init.xml index 7eaa65f6..3ca94dcb 100644 --- a/doc/voms-proxy-init.xml +++ b/doc/voms-proxy-init.xml @@ -96,7 +96,7 @@ Location of new proxy cert voms[:command] Specifies the VOMS server to contact using the nickname voms. It also allows to send a specific command +remap='I'>voms. It also allows one to send a specific command to the server. The default command is :all, and it gets all group membership information. @@ -171,7 +171,7 @@ This option targets the generated AC to a specific host. This hosts. seconds -This option allows to specify the maximum number of seconds that +This option allows one to specify the maximum number of seconds that voms-proxy-init will wait while trying to establish a connection with the server. Its default value is -1 (unlimited). diff --git a/doc/voms-proxy-list.1 b/doc/voms-proxy-list.1 index 5133bae5..32b7150c 100644 --- a/doc/voms-proxy-list.1 +++ b/doc/voms-proxy-list.1 @@ -28,7 +28,7 @@ .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" -voms-proxy-list \- Shows a list of all availabel attributes from a specified server +voms-proxy-list \- Shows a list of all available attributes from a specified server .SH "SYNOPSIS" .HP \w'\fBvoms\-proxy\-list\fR\ 'u \fBvoms\-proxy\-list\fR [options] diff --git a/doc/voms-proxy-list.xml b/doc/voms-proxy-list.xml index 7f9bc51e..41fa6153 100644 --- a/doc/voms-proxy-list.xml +++ b/doc/voms-proxy-list.xml @@ -16,7 +16,7 @@ voms-proxy-list -Shows a list of all availabel attributes from a specified server +Shows a list of all available attributes from a specified server diff --git a/doc/voms.8 b/doc/voms.8 index 5583a27e..64a5cfec 100644 --- a/doc/voms.8 +++ b/doc/voms.8 @@ -257,7 +257,7 @@ Higher values include all messages printed by lower ones, and values not documen \fB\-logformat\fR \fIstr\fR .PP -Sets the format used by the loggin system according toa printf\-like format string with the following directives format: +Sets the format used by the logging system according to a printf\-like format string with the following directives format: \fI\e%[size][char]\fR where size, if present, sets the maximum length of the field and \fIchar\fR @@ -464,7 +464,7 @@ This option specified the port on which the MySQL server is listening if it is d \fB\-mysql\-socket\fR \fIsocket\fR .PP -MySQL servers may be configured to allow access through a unix\-level socket\&. This option allows to specify this method of contact\&. However, it is almost always better to contact the server through the port\&. This option is ignored for Oracle backends\&. +MySQL servers may be configured to allow access through a unix\-level socket\&. This option allows one to specify this method of contact\&. However, it is almost always better to contact the server through the port\&. This option is ignored for Oracle backends\&. .PP \fB\-shortfqans\fR .PP diff --git a/doc/voms.xml b/doc/voms.xml index 0dc176b4..2ea6953e 100644 --- a/doc/voms.xml +++ b/doc/voms.xml @@ -187,7 +187,7 @@ overwrites the value of the option to 255. not documented here are translated as the highest level possible, LEV_DEBUG str -Sets the format used by the loggin system according toa printf-like +Sets the format used by the logging system according to a printf-like format string with the following directives format: \%[size][char] where size, if present, sets the maximum length of the field and char selects the type of substitution done. Possible values are the following: @@ -289,7 +289,7 @@ better to put what whould be the argument of this string into the socket MySQL servers may be configured to allow access through a - unix-level socket. This option allows to specify this method of + unix-level socket. This option allows one to specify this method of contact. However, it is almost always better to contact the server through the port. This option is ignored for Oracle backends. diff --git a/src/client/vomsclient.cc b/src/client/vomsclient.cc index 6e5d74f2..3c6221ab 100644 --- a/src/client/vomsclient.cc +++ b/src/client/vomsclient.cc @@ -262,7 +262,7 @@ Client::Client(int argc, char ** argv) : " -globus Globus version. (MajorMinor)\n" \ " -proxyver Version of proxy certificate.\n" \ " -noregen Use existing proxy certificate to connect to server and sign the new proxy.\n" \ - " -separate Saves the informations returned by the server on file .\n" \ + " -separate Saves the information returned by the server on file .\n" \ " -ignorewarn Ignore warnings.\n" \ " -failonwarn Treat warnings as errors.\n" \ " -list Show all available attributes.\n" \ diff --git a/src/common/failure.c b/src/common/failure.c index a245e05c..5ca51b05 100644 --- a/src/common/failure.c +++ b/src/common/failure.c @@ -150,7 +150,7 @@ void signal_segv(int signum, siginfo_t* info, void*ptr) fclose(outfile); - fprintf(stderr, "Segmentation Fault!\nThe program had a serious failure.\nIf you wish to help the developers fix it,\nplease send the /tmp/sigsegv_report file\n to a@cnaf.infn.it.\nThe file contains no personally identifying informations.\nThanks for your help!\n"); + fprintf(stderr, "Segmentation Fault!\nThe program had a serious failure.\nIf you wish to help the developers fix it,\nplease send the /tmp/sigsegv_report file\n to a@cnaf.infn.it.\nThe file contains no personally identifying information.\nThanks for your help!\n"); _exit (-1); } diff --git a/src/replica/voms_replica_master_setup.sh b/src/replica/voms_replica_master_setup.sh index aad5379e..54d7cd1d 100755 --- a/src/replica/voms_replica_master_setup.sh +++ b/src/replica/voms_replica_master_setup.sh @@ -223,7 +223,7 @@ fi fi -echo "Send these informations to the administrator of the slave server:" +echo "Send this information to the administrator of the slave server:" echo "Log File : $master_log_file" echo "Log Position: $master_log_pos" echo "Account name: $mysql_replica_user" diff --git a/src/server/vomsd.cc b/src/server/vomsd.cc index 4f4d1f74..09ea7fa6 100644 --- a/src/server/vomsd.cc +++ b/src/server/vomsd.cc @@ -805,7 +805,7 @@ void VOMSServer::Run() return; } - LOGM(VARP, logh, LEV_INFO, T_PRE, "SSL handshake completed succesfully."); + LOGM(VARP, logh, LEV_INFO, T_PRE, "SSL handshake completed successfully."); std::string user = sock.peer_subject; std::string userca = sock.peer_ca; @@ -874,7 +874,7 @@ bool VOMSServer::makeAC(vomsresult& vr, EVP_PKEY *key, X509 *issuer, if (!XML_Req_Decode(message, r)) { LOGM(VARP, logh, LEV_ERROR, T_PRE, "Unable to interpret command: %s",message.c_str()); - vr.setError(ERR_NO_COMMAND, "Unable to intepret command: " + message); + vr.setError(ERR_NO_COMMAND, "Unable to interpret command: " + message); return false; } diff --git a/src/utils/voms_verify.cc b/src/utils/voms_verify.cc index 491a4f27..19924dd8 100644 --- a/src/utils/voms_verify.cc +++ b/src/utils/voms_verify.cc @@ -215,7 +215,7 @@ int main(int argc, char* argv[]){ exit(-1); } - printf("Certificate chain verified succesfully\n"); + printf("Certificate chain verified successfully\n"); return 0; } diff --git a/src/utils/vomsfake.cc b/src/utils/vomsfake.cc index 3817bdfe..31e70855 100644 --- a/src/utils/vomsfake.cc +++ b/src/utils/vomsfake.cc @@ -236,7 +236,7 @@ Fake::Fake(int argc, char ** argv) : confile(conf_file_name), " -proxyver Version of proxy certificate.\n" \ " -rfc Create RFC-conforming proxies (synonim of --proxyver 4)\n" " -noregen Doesn't regenerate a new proxy for the connection.\n" \ - " -separate Saves the informations returned by the server on file .\n" \ + " -separate Saves the information returned by the server on file .\n" \ " -hostcert Fake host certificate.\n" \ " -hostkey Fake host private key.\n" \ " -fqan String to include in the AC as the granted FQAN.\n" \ diff --git a/testsuite/voms/voms/voms088.exp b/testsuite/voms/voms/voms088.exp index ac865fde..8ae9b4c9 100644 --- a/testsuite/voms/voms/voms088.exp +++ b/testsuite/voms/voms/voms088.exp @@ -50,7 +50,7 @@ proc mytest {} { -globus Globus version. \(MajorMinor\) -proxyver Version of proxy certificate. -noregen Use existing proxy certificate to connect to server and sign the new proxy. - -separate Saves the informations returned by the server on file . + -separate Saves the information returned by the server on file . -ignorewarn Ignore warnings. -failonwarn Treat warnings as errors. -list Show all available attributes. From 910a8b6642a186db6a2dcecd39d51bdae5c74f64 Mon Sep 17 00:00:00 2001 From: Mattias Ellert Date: Tue, 30 Apr 2024 12:45:47 +0200 Subject: [PATCH 74/92] Fix lintian warning (#126) voms-server: chown-with-dot root.voms [usr/share/voms/voms_install_db:276] chown-with-dot The named script uses a dot to separate owner and group in a call like chown user.group but that usage is deprecated. Please use a colon instead, as in: chown user:group. --- src/install/voms_install_db.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/install/voms_install_db.in b/src/install/voms_install_db.in index 8ca0fe44..d1f22b4b 100644 --- a/src/install/voms_install_db.in +++ b/src/install/voms_install_db.in @@ -273,7 +273,7 @@ $ECHO $voms_password_query > $datapath/voms/$voms_vo/voms.pass uid=`/usr/bin/id -u` -[ $uid = "0" ] && chown root.voms $datapath/voms/$voms_vo/voms.pass +[ $uid = "0" ] && chown root:voms $datapath/voms/$voms_vo/voms.pass chmod 640 $datapath/voms/$voms_vo/voms.pass if test -z $voms_vo ; then From 41267aa66b269f062f18541732506b7c55dc5841 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 3 May 2024 11:28:55 +0200 Subject: [PATCH 75/92] Regenerate lexers/parsers (#119) * Regenerate lexers/parsers Regenerate lexers/parsers after PR #112, which has changed the *.y and *.l files. The regeneration is done on CentOS 9 Stream, with bison 3.7.4-5 and flex 2.6.4-9. Resolves issue #118 * Prepend srcdir path for out-of-source builds --- src/sslutils/Makefile.am | 8 +- src/sslutils/lex.namespaces.c | 919 +++++++++++------ src/sslutils/lex.signing.c | 922 +++++++++++------ src/sslutils/namespaces.c | 1763 +++++++++++++++---------------- src/sslutils/namespaces.h | 91 +- src/sslutils/signing_policy.c | 1836 +++++++++++++++++---------------- src/sslutils/signing_policy.h | 100 +- src/utils/lex.yy.c | 462 +++++---- src/utils/vomsparser.c | 1819 ++++++++++++++++---------------- src/utils/vomsparser.h | 77 +- 10 files changed, 4289 insertions(+), 3708 deletions(-) diff --git a/src/sslutils/Makefile.am b/src/sslutils/Makefile.am index 3899b891..cc2393c8 100644 --- a/src/sslutils/Makefile.am +++ b/src/sslutils/Makefile.am @@ -24,11 +24,11 @@ signing_policy.$(OBJEXT): signing_policy.h if REGENERATE_PARSERS signing_policy.h signing_policy.c: signing_policy.y - $(YACC) -t -d -o signing_policy.c signing_policy.y + $(YACC) -t -d -o signing_policy.c $(srcdir)/signing_policy.y lex.signing.c: signing_policy.l signing_policy.h signing_policy.c - $(LEX) -b -f -d signing_policy.l + $(LEX) -b -f -d $(srcdir)/signing_policy.l endif namespaces.$(OBJEXT): namespaces.h @@ -36,10 +36,10 @@ namespaces.$(OBJEXT): namespaces.h if REGENERATE_PARSERS namespaces.h namespaces.c: namespaces.y - $(YACC) -t -d -o namespaces.c namespaces.y + $(YACC) -t -d -o namespaces.c $(srcdir)/namespaces.y lex.namespaces.c: namespaces.l namespaces.h namespaces.c - $(LEX) -b -f -d namespaces.l + $(LEX) -b -f -d $(srcdir)/namespaces.l endif libssl_utils_nog_la_SOURCES= $(SOURCES) diff --git a/src/sslutils/lex.namespaces.c b/src/sslutils/lex.namespaces.c index 646156af..ffd9e7b9 100644 --- a/src/sslutils/lex.namespaces.c +++ b/src/sslutils/lex.namespaces.c @@ -1,12 +1,11 @@ -#line 3 "lex.namespaces.c" +#line 2 "lex.namespaces.c" #define YY_INT_ALIGNED short int /* A lexical scanner generated by flex */ /* %not-for-header */ - /* %if-c-only */ /* %if-not-reentrant */ /* %endif */ @@ -15,8 +14,8 @@ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 35 +#define YY_FLEX_MINOR_VERSION 6 +#define YY_FLEX_SUBMINOR_VERSION 4 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif @@ -25,9 +24,230 @@ /* %endif */ /* %if-c-only */ - +#ifdef yy_create_buffer +#define namespaces_create_buffer_ALREADY_DEFINED +#else +#define yy_create_buffer namespaces_create_buffer +#endif + +#ifdef yy_delete_buffer +#define namespaces_delete_buffer_ALREADY_DEFINED +#else +#define yy_delete_buffer namespaces_delete_buffer +#endif + +#ifdef yy_scan_buffer +#define namespaces_scan_buffer_ALREADY_DEFINED +#else +#define yy_scan_buffer namespaces_scan_buffer +#endif + +#ifdef yy_scan_string +#define namespaces_scan_string_ALREADY_DEFINED +#else +#define yy_scan_string namespaces_scan_string +#endif + +#ifdef yy_scan_bytes +#define namespaces_scan_bytes_ALREADY_DEFINED +#else +#define yy_scan_bytes namespaces_scan_bytes +#endif + +#ifdef yy_init_buffer +#define namespaces_init_buffer_ALREADY_DEFINED +#else +#define yy_init_buffer namespaces_init_buffer +#endif + +#ifdef yy_flush_buffer +#define namespaces_flush_buffer_ALREADY_DEFINED +#else +#define yy_flush_buffer namespaces_flush_buffer +#endif + +#ifdef yy_load_buffer_state +#define namespaces_load_buffer_state_ALREADY_DEFINED +#else +#define yy_load_buffer_state namespaces_load_buffer_state +#endif + +#ifdef yy_switch_to_buffer +#define namespaces_switch_to_buffer_ALREADY_DEFINED +#else +#define yy_switch_to_buffer namespaces_switch_to_buffer +#endif + +#ifdef yypush_buffer_state +#define namespacespush_buffer_state_ALREADY_DEFINED +#else +#define yypush_buffer_state namespacespush_buffer_state +#endif + +#ifdef yypop_buffer_state +#define namespacespop_buffer_state_ALREADY_DEFINED +#else +#define yypop_buffer_state namespacespop_buffer_state +#endif + +#ifdef yyensure_buffer_stack +#define namespacesensure_buffer_stack_ALREADY_DEFINED +#else +#define yyensure_buffer_stack namespacesensure_buffer_stack +#endif + +#ifdef yylex +#define namespaceslex_ALREADY_DEFINED +#else +#define yylex namespaceslex +#endif + +#ifdef yyrestart +#define namespacesrestart_ALREADY_DEFINED +#else +#define yyrestart namespacesrestart +#endif + +#ifdef yylex_init +#define namespaceslex_init_ALREADY_DEFINED +#else +#define yylex_init namespaceslex_init +#endif + +#ifdef yylex_init_extra +#define namespaceslex_init_extra_ALREADY_DEFINED +#else +#define yylex_init_extra namespaceslex_init_extra +#endif + +#ifdef yylex_destroy +#define namespaceslex_destroy_ALREADY_DEFINED +#else +#define yylex_destroy namespaceslex_destroy +#endif + +#ifdef yyget_debug +#define namespacesget_debug_ALREADY_DEFINED +#else +#define yyget_debug namespacesget_debug +#endif + +#ifdef yyset_debug +#define namespacesset_debug_ALREADY_DEFINED +#else +#define yyset_debug namespacesset_debug +#endif + +#ifdef yyget_extra +#define namespacesget_extra_ALREADY_DEFINED +#else +#define yyget_extra namespacesget_extra +#endif + +#ifdef yyset_extra +#define namespacesset_extra_ALREADY_DEFINED +#else +#define yyset_extra namespacesset_extra +#endif + +#ifdef yyget_in +#define namespacesget_in_ALREADY_DEFINED +#else +#define yyget_in namespacesget_in +#endif + +#ifdef yyset_in +#define namespacesset_in_ALREADY_DEFINED +#else +#define yyset_in namespacesset_in +#endif + +#ifdef yyget_out +#define namespacesget_out_ALREADY_DEFINED +#else +#define yyget_out namespacesget_out +#endif + +#ifdef yyset_out +#define namespacesset_out_ALREADY_DEFINED +#else +#define yyset_out namespacesset_out +#endif + +#ifdef yyget_leng +#define namespacesget_leng_ALREADY_DEFINED +#else +#define yyget_leng namespacesget_leng +#endif + +#ifdef yyget_text +#define namespacesget_text_ALREADY_DEFINED +#else +#define yyget_text namespacesget_text +#endif + +#ifdef yyget_lineno +#define namespacesget_lineno_ALREADY_DEFINED +#else +#define yyget_lineno namespacesget_lineno +#endif + +#ifdef yyset_lineno +#define namespacesset_lineno_ALREADY_DEFINED +#else +#define yyset_lineno namespacesset_lineno +#endif + +#ifdef yyget_column +#define namespacesget_column_ALREADY_DEFINED +#else +#define yyget_column namespacesget_column +#endif + +#ifdef yyset_column +#define namespacesset_column_ALREADY_DEFINED +#else +#define yyset_column namespacesset_column +#endif + +#ifdef yywrap +#define namespaceswrap_ALREADY_DEFINED +#else +#define yywrap namespaceswrap +#endif + /* %endif */ +#ifdef yyget_lval +#define namespacesget_lval_ALREADY_DEFINED +#else +#define yyget_lval namespacesget_lval +#endif + +#ifdef yyset_lval +#define namespacesset_lval_ALREADY_DEFINED +#else +#define yyset_lval namespacesset_lval +#endif + +#ifdef yyalloc +#define namespacesalloc_ALREADY_DEFINED +#else +#define yyalloc namespacesalloc +#endif + +#ifdef yyrealloc +#define namespacesrealloc_ALREADY_DEFINED +#else +#define yyrealloc namespacesrealloc +#endif + +#ifdef yyfree +#define namespacesfree_ALREADY_DEFINED +#else +#define yyfree namespacesfree +#endif + /* %if-c-only */ /* %endif */ @@ -77,7 +297,6 @@ typedef int flex_int32_t; typedef unsigned char flex_uint8_t; typedef unsigned short int flex_uint16_t; typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ /* Limits of integral types. */ #ifndef INT8_MIN @@ -108,48 +327,39 @@ typedef unsigned int flex_uint32_t; #define UINT32_MAX (4294967295U) #endif +#ifndef SIZE_MAX +#define SIZE_MAX (~(size_t)0) +#endif + +#endif /* ! C99 */ + #endif /* ! FLEXINT_H */ /* %endif */ +/* begin standard C++ headers. */ /* %if-c++-only */ /* %endif */ -#ifdef __cplusplus - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -/* C99 requires __STDC__ to be defined as 1. */ -#if defined (__STDC__) - -#define YY_USE_CONST - -#endif /* defined (__STDC__) */ -#endif /* ! __cplusplus */ - -#ifdef YY_USE_CONST +/* TODO: this is always defined, so inline it */ #define yyconst const + +#if defined(__GNUC__) && __GNUC__ >= 3 +#define yynoreturn __attribute__((__noreturn__)) #else -#define yyconst +#define yynoreturn #endif /* %not-for-header */ - /* Returned upon end-of-file. */ #define YY_NULL 0 /* %ok-for-header */ /* %not-for-header */ - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. +/* Promotes a possibly negative, possibly signed char to an + * integer in range [0..255] for use as an array index. */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) +#define YY_SC_TO_UI(c) ((YY_CHAR) (c)) /* %ok-for-header */ /* %if-reentrant */ @@ -181,25 +391,29 @@ typedef void* yyscan_t; * definition of BEGIN. */ #define BEGIN yyg->yy_start = 1 + 2 * - /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ #define YY_START ((yyg->yy_start - 1) / 2) #define YYSTATE YY_START - /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE namespacesrestart(yyin ,yyscanner ) - +#define YY_NEW_FILE yyrestart( yyin , yyscanner ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ #ifndef YY_BUF_SIZE +#ifdef __ia64__ +/* On IA-64, the buffer size is 16k, not 8k. + * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. + * Ditto for the __ia64__ case accordingly. + */ +#define YY_BUF_SIZE 32768 +#else #define YY_BUF_SIZE 16384 +#endif /* __ia64__ */ #endif /* The state buf must be large enough to hold one state per character in the main buffer. @@ -211,6 +425,11 @@ typedef void* yyscan_t; typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif + /* %if-not-reentrant */ /* %endif */ @@ -222,8 +441,9 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 - + #define YY_LESS_LINENO(n) + #define YY_LINENO_REWIND_TO(ptr) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ @@ -238,14 +458,8 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE; YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) - #define unput(c) yyunput( c, yyg->yytext_ptr , yyscanner ) -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef size_t yy_size_t; -#endif - #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state @@ -263,7 +477,7 @@ struct yy_buffer_state /* Size of input buffer in bytes, not including room for EOB * characters. */ - yy_size_t yy_buf_size; + int yy_buf_size; /* Number of characters read into yy_ch_buf, not including EOB * characters. @@ -291,7 +505,7 @@ struct yy_buffer_state int yy_bs_lineno; /**< The line count. */ int yy_bs_column; /**< The column count. */ - + /* Whether to try to fill the input buffer when we reach the * end of it. */ @@ -308,7 +522,7 @@ struct yy_buffer_state * possible backing-up. * * When we actually see the EOF, we change the status to "new" - * (via namespacesrestart()), so that the user can continue scanning by + * (via yyrestart()), so that the user can continue scanning by * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 @@ -318,7 +532,6 @@ struct yy_buffer_state /* %if-c-only Standard (non-C++) definition */ /* %not-for-header */ - /* %if-not-reentrant */ /* %endif */ /* %ok-for-header */ @@ -334,7 +547,6 @@ struct yy_buffer_state #define YY_CURRENT_BUFFER ( yyg->yy_buffer_stack \ ? yyg->yy_buffer_stack[yyg->yy_buffer_stack_top] \ : NULL) - /* Same as previous macro, but useful when we know that the buffer stack is not * NULL or when we need an lvalue. For internal use only. */ @@ -344,73 +556,69 @@ struct yy_buffer_state /* %if-not-reentrant */ /* %not-for-header */ - /* %ok-for-header */ /* %endif */ -void namespacesrestart (FILE *input_file ,yyscan_t yyscanner ); -void namespaces_switch_to_buffer (YY_BUFFER_STATE new_buffer ,yyscan_t yyscanner ); -YY_BUFFER_STATE namespaces_create_buffer (FILE *file,int size ,yyscan_t yyscanner ); -void namespaces_delete_buffer (YY_BUFFER_STATE b ,yyscan_t yyscanner ); -void namespaces_flush_buffer (YY_BUFFER_STATE b ,yyscan_t yyscanner ); -void namespacespush_buffer_state (YY_BUFFER_STATE new_buffer ,yyscan_t yyscanner ); -void namespacespop_buffer_state (yyscan_t yyscanner ); - -static void namespacesensure_buffer_stack (yyscan_t yyscanner ); -static void namespaces_load_buffer_state (yyscan_t yyscanner ); -static void namespaces_init_buffer (YY_BUFFER_STATE b,FILE *file ,yyscan_t yyscanner ); +void yyrestart ( FILE *input_file , yyscan_t yyscanner ); +void yy_switch_to_buffer ( YY_BUFFER_STATE new_buffer , yyscan_t yyscanner ); +YY_BUFFER_STATE yy_create_buffer ( FILE *file, int size , yyscan_t yyscanner ); +void yy_delete_buffer ( YY_BUFFER_STATE b , yyscan_t yyscanner ); +void yy_flush_buffer ( YY_BUFFER_STATE b , yyscan_t yyscanner ); +void yypush_buffer_state ( YY_BUFFER_STATE new_buffer , yyscan_t yyscanner ); +void yypop_buffer_state ( yyscan_t yyscanner ); -#define YY_FLUSH_BUFFER namespaces_flush_buffer(YY_CURRENT_BUFFER ,yyscanner) +static void yyensure_buffer_stack ( yyscan_t yyscanner ); +static void yy_load_buffer_state ( yyscan_t yyscanner ); +static void yy_init_buffer ( YY_BUFFER_STATE b, FILE *file , yyscan_t yyscanner ); +#define YY_FLUSH_BUFFER yy_flush_buffer( YY_CURRENT_BUFFER , yyscanner) -YY_BUFFER_STATE namespaces_scan_buffer (char *base,yy_size_t size ,yyscan_t yyscanner ); -YY_BUFFER_STATE namespaces_scan_string (yyconst char *yy_str ,yyscan_t yyscanner ); -YY_BUFFER_STATE namespaces_scan_bytes (yyconst char *bytes,int len ,yyscan_t yyscanner ); +YY_BUFFER_STATE yy_scan_buffer ( char *base, yy_size_t size , yyscan_t yyscanner ); +YY_BUFFER_STATE yy_scan_string ( const char *yy_str , yyscan_t yyscanner ); +YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, int len , yyscan_t yyscanner ); /* %endif */ -void *namespacesalloc (yy_size_t ,yyscan_t yyscanner ); -void *namespacesrealloc (void *,yy_size_t ,yyscan_t yyscanner ); -void namespacesfree (void * ,yyscan_t yyscanner ); - -#define yy_new_buffer namespaces_create_buffer +void *yyalloc ( yy_size_t , yyscan_t yyscanner ); +void *yyrealloc ( void *, yy_size_t , yyscan_t yyscanner ); +void yyfree ( void * , yyscan_t yyscanner ); +#define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ if ( ! YY_CURRENT_BUFFER ){ \ - namespacesensure_buffer_stack (yyscanner); \ + yyensure_buffer_stack (yyscanner); \ YY_CURRENT_BUFFER_LVALUE = \ - namespaces_create_buffer(yyin,YY_BUF_SIZE ,yyscanner); \ + yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } - #define yy_set_bol(at_bol) \ { \ if ( ! YY_CURRENT_BUFFER ){\ - namespacesensure_buffer_stack (yyscanner); \ + yyensure_buffer_stack (yyscanner); \ YY_CURRENT_BUFFER_LVALUE = \ - namespaces_create_buffer(yyin,YY_BUF_SIZE ,yyscanner); \ + yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } - #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) /* %% [1.0] yytext/yyin/yyout/yy_state_type/yylineno etc. def's & init go here */ /* Begin user sect3 */ -#define namespaceswrap(n) 1 +#define namespaceswrap(yyscanner) (/*CONSTCOND*/1) #define YY_SKIP_YYWRAP #define FLEX_DEBUG - -typedef char YY_CHAR; +typedef flex_uint8_t YY_CHAR; typedef int yy_state_type; #define yytext_ptr yytext_r -static yyconst flex_int16_t yy_nxt[][128] = + +/* %% [1.5] DFA */ +static const flex_int16_t yy_nxt[][128] = { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -1315,10 +1523,10 @@ static yyconst flex_int16_t yy_nxt[][128] = /* %if-c-only Standard (non-C++) definition */ -static yy_state_type yy_get_previous_state (yyscan_t yyscanner ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ,yyscan_t yyscanner); -static int yy_get_next_buffer (yyscan_t yyscanner ); -static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner ); +static yy_state_type yy_get_previous_state ( yyscan_t yyscanner ); +static yy_state_type yy_try_NUL_trans ( yy_state_type current_state , yyscan_t yyscanner); +static int yy_get_next_buffer ( yyscan_t yyscanner ); +static void yynoreturn yy_fatal_error ( const char* msg , yyscan_t yyscanner ); /* %endif */ @@ -1328,12 +1536,11 @@ static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner ); #define YY_DO_BEFORE_ACTION \ yyg->yytext_ptr = yy_bp; \ /* %% [2.0] code to fiddle yytext and yyleng for yymore() goes here \ */\ - yyleng = (size_t) (yy_cp - yy_bp); \ + yyleng = (int) (yy_cp - yy_bp); \ yyg->yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ /* %% [3.0] code to copy yytext_ptr to yytext[] goes here, if %array \ */\ yyg->yy_c_buf_p = yy_cp; - /* %% [4.0] data tables for the DFA and the user's section 1 definitions go here */ #define YY_NUM_RULES 15 #define YY_END_OF_BUFFER 16 @@ -1344,7 +1551,7 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static yyconst flex_int16_t yy_accept[52] = +static const flex_int16_t yy_accept[52] = { 0, 0, 0, 0, 0, 0, 0, 16, 14, 13, 4, 1, 2, 14, 14, 14, 14, 14, 14, 15, 3, @@ -1354,7 +1561,7 @@ static yyconst flex_int16_t yy_accept[52] = 11 } ; -static yyconst yy_state_type yy_NUL_trans[52] = +static const yy_state_type yy_NUL_trans[52] = { 0, 8, 8, 19, 19, 21, 21, 0, 0, 0, 0, 23, 0, 0, 0, 0, 0, 0, 0, 31, 0, @@ -1364,10 +1571,10 @@ static yyconst yy_state_type yy_NUL_trans[52] = 0 } ; -static yyconst flex_int16_t yy_rule_linenum[15] = +static const flex_int16_t yy_rule_linenum[15] = { 0, - 47, 49, 51, 53, 54, 57, 58, 59, 60, 61, - 62, 63, 64, 65 + 50, 52, 54, 56, 57, 60, 61, 62, 63, 64, + 65, 66, 67, 68 } ; /* The intent behind this definition is that it'll catch @@ -1415,9 +1622,9 @@ static yyconst flex_int16_t yy_rule_linenum[15] = #ifndef strndup extern char *strndup(const char*, size_t); #endif +#line 1625 "lex.namespaces.c" - -#line 1418 "lex.namespaces.c" +#line 1627 "lex.namespaces.c" #define INITIAL 0 #define SINGLE_QUOTED 1 @@ -1480,7 +1687,7 @@ struct yyguts_t /* %if-c-only */ -static int yy_init_globals (yyscan_t yyscanner ); +static int yy_init_globals ( yyscan_t yyscanner ); /* %endif */ @@ -1490,9 +1697,9 @@ static int yy_init_globals (yyscan_t yyscanner ); * from bison output in section 1.*/ # define yylval yyg->yylval_r -int namespaceslex_init (yyscan_t* scanner); +int yylex_init (yyscan_t* scanner); -int namespaceslex_init_extra (YY_EXTRA_TYPE user_defined,yyscan_t* scanner); +int yylex_init_extra ( YY_EXTRA_TYPE user_defined, yyscan_t* scanner); /* %endif */ @@ -1501,37 +1708,41 @@ int namespaceslex_init_extra (YY_EXTRA_TYPE user_defined,yyscan_t* scanner); /* Accessor methods to globals. These are made visible to non-reentrant scanners for convenience. */ -int namespaceslex_destroy (yyscan_t yyscanner ); +int yylex_destroy ( yyscan_t yyscanner ); + +int yyget_debug ( yyscan_t yyscanner ); -int namespacesget_debug (yyscan_t yyscanner ); +void yyset_debug ( int debug_flag , yyscan_t yyscanner ); -void namespacesset_debug (int debug_flag ,yyscan_t yyscanner ); +YY_EXTRA_TYPE yyget_extra ( yyscan_t yyscanner ); -YY_EXTRA_TYPE namespacesget_extra (yyscan_t yyscanner ); +void yyset_extra ( YY_EXTRA_TYPE user_defined , yyscan_t yyscanner ); -void namespacesset_extra (YY_EXTRA_TYPE user_defined ,yyscan_t yyscanner ); +FILE *yyget_in ( yyscan_t yyscanner ); -FILE *namespacesget_in (yyscan_t yyscanner ); +void yyset_in ( FILE * _in_str , yyscan_t yyscanner ); -void namespacesset_in (FILE * in_str ,yyscan_t yyscanner ); +FILE *yyget_out ( yyscan_t yyscanner ); -FILE *namespacesget_out (yyscan_t yyscanner ); +void yyset_out ( FILE * _out_str , yyscan_t yyscanner ); -void namespacesset_out (FILE * out_str ,yyscan_t yyscanner ); + int yyget_leng ( yyscan_t yyscanner ); -int namespacesget_leng (yyscan_t yyscanner ); +char *yyget_text ( yyscan_t yyscanner ); -char *namespacesget_text (yyscan_t yyscanner ); +int yyget_lineno ( yyscan_t yyscanner ); -int namespacesget_lineno (yyscan_t yyscanner ); +void yyset_lineno ( int _line_number , yyscan_t yyscanner ); -void namespacesset_lineno (int line_number ,yyscan_t yyscanner ); +int yyget_column ( yyscan_t yyscanner ); + +void yyset_column ( int _column_no , yyscan_t yyscanner ); /* %if-bison-bridge */ -YYSTYPE * namespacesget_lval (yyscan_t yyscanner ); +YYSTYPE * yyget_lval ( yyscan_t yyscanner ); -void namespacesset_lval (YYSTYPE * yylval_param ,yyscan_t yyscanner ); +void yyset_lval ( YYSTYPE * yylval_param , yyscan_t yyscanner ); /* %endif */ @@ -1541,36 +1752,37 @@ void namespacesset_lval (YYSTYPE * yylval_param ,yyscan_t yyscanner ); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int namespaceswrap (yyscan_t yyscanner ); +extern "C" int yywrap ( yyscan_t yyscanner ); #else -extern int namespaceswrap (yyscan_t yyscanner ); +extern int yywrap ( yyscan_t yyscanner ); #endif #endif /* %not-for-header */ - - static void yyunput (int c,char *buf_ptr ,yyscan_t yyscanner); +#ifndef YY_NO_UNPUT + static void yyunput ( int c, char *buf_ptr , yyscan_t yyscanner); + +#endif /* %ok-for-header */ /* %endif */ #ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ,yyscan_t yyscanner); +static void yy_flex_strncpy ( char *, const char *, int , yyscan_t yyscanner); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ,yyscan_t yyscanner); +static int yy_flex_strlen ( const char * , yyscan_t yyscanner); #endif #ifndef YY_NO_INPUT /* %if-c-only Standard (non-C++) definition */ /* %not-for-header */ - #ifdef __cplusplus -static int yyinput (yyscan_t yyscanner ); +static int yyinput ( yyscan_t yyscanner ); #else -static int input (yyscan_t yyscanner ); +static int input ( yyscan_t yyscanner ); #endif /* %ok-for-header */ @@ -1583,7 +1795,12 @@ static int input (yyscan_t yyscanner ); /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE +#ifdef __ia64__ +/* On IA-64, the buffer size is 16k, not 8k */ +#define YY_READ_BUF_SIZE 16384 +#else #define YY_READ_BUF_SIZE 8192 +#endif /* __ia64__ */ #endif /* Copy whatever the last rule matched to the standard output. */ @@ -1592,7 +1809,7 @@ static int input (yyscan_t yyscanner ); /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ -#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) +#define ECHO do { if (fwrite( yytext, (size_t) yyleng, 1, yyout )) {} } while (0) /* %endif */ /* %if-c++-only C++ definition */ /* %endif */ @@ -1605,7 +1822,7 @@ static int input (yyscan_t yyscanner ); #define YY_INPUT(buf,result,max_size) \ /* %% [5.0] fread()/read() definition of YY_INPUT goes here unless we're doing C++ \ */\ errno=0; \ - while ( (result = read( fileno(yyin), (char *) buf, max_size )) < 0 ) \ + while ( (result = (int) read( fileno(yyin), buf, (yy_size_t) max_size )) < 0 ) \ { \ if( errno != EINTR) \ { \ @@ -1645,11 +1862,9 @@ static int input (yyscan_t yyscanner ); /* %if-tables-serialization structures and prototypes */ /* %not-for-header */ - /* %ok-for-header */ /* %not-for-header */ - /* %tables-yydmap generated elements */ /* %endif */ /* end tables serialization structures and prototypes */ @@ -1663,10 +1878,10 @@ static int input (yyscan_t yyscanner ); #define YY_DECL_IS_OURS 1 /* %if-c-only Standard (non-C++) definition */ -extern int namespaceslex \ - (YYSTYPE * yylval_param ,yyscan_t yyscanner); +extern int yylex \ + (YYSTYPE * yylval_param , yyscan_t yyscanner); -#define YY_DECL int namespaceslex \ +#define YY_DECL int yylex \ (YYSTYPE * yylval_param , yyscan_t yyscanner) /* %endif */ /* %if-c++-only C++ definition */ @@ -1682,7 +1897,7 @@ extern int namespaceslex \ /* Code executed at the end of each rule. */ #ifndef YY_BREAK -#define YY_BREAK break; +#define YY_BREAK /*LINTED*/break; #endif /* %% [6.0] YY_RULE_SETUP definition goes here */ @@ -1690,22 +1905,15 @@ extern int namespaceslex \ YY_USER_ACTION /* %not-for-header */ - /** The main scanner function which does all the work. */ YY_DECL { - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; + yy_state_type yy_current_state; + char *yy_cp, *yy_bp; + int yy_act; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; -/* %% [7.0] user's declarations go here */ -#line 45 "namespaces.l" - - -#line 1705 "lex.namespaces.c" - yylval = yylval_param; if ( !yyg->yy_init ) @@ -1734,15 +1942,22 @@ YY_DECL /* %endif */ if ( ! YY_CURRENT_BUFFER ) { - namespacesensure_buffer_stack (yyscanner); + yyensure_buffer_stack (yyscanner); YY_CURRENT_BUFFER_LVALUE = - namespaces_create_buffer(yyin,YY_BUF_SIZE ,yyscanner); + yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); } - namespaces_load_buffer_state(yyscanner ); + yy_load_buffer_state( yyscanner ); } - while ( 1 ) /* loops until end-of-file is reached */ + { +/* %% [7.0] user's declarations go here */ +#line 48 "namespaces.l" + + +#line 1958 "lex.namespaces.c" + + while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { /* %% [8.0] yymore()-related code goes here */ yy_cp = yyg->yy_c_buf_p; @@ -1810,59 +2025,59 @@ YY_DECL case 1: YY_RULE_SETUP -#line 47 "namespaces.l" +#line 50 "namespaces.l" /* comment. Ignore */ YY_BREAK case 2: YY_RULE_SETUP -#line 49 "namespaces.l" +#line 52 "namespaces.l" BEGIN(SINGLE_QUOTED); YY_BREAK case 3: /* rule 3 can match eol */ YY_RULE_SETUP -#line 51 "namespaces.l" +#line 54 "namespaces.l" yytext[strlen(yytext)-1]='\0'; yylval_param->string = yytext; BEGIN(INITIAL); return SUBJECT; YY_BREAK case 4: YY_RULE_SETUP -#line 53 "namespaces.l" +#line 56 "namespaces.l" BEGIN(DOUBLE_QUOTED); YY_BREAK case 5: /* rule 5 can match eol */ YY_RULE_SETUP -#line 54 "namespaces.l" +#line 57 "namespaces.l" yytext[strlen(yytext)-1]='\0'; yylval_param->string = yytext; BEGIN(INITIAL); return SUBJECT; YY_BREAK case 6: YY_RULE_SETUP -#line 57 "namespaces.l" +#line 60 "namespaces.l" return TO; YY_BREAK case 7: YY_RULE_SETUP -#line 58 "namespaces.l" +#line 61 "namespaces.l" return ISSUER; YY_BREAK case 8: YY_RULE_SETUP -#line 59 "namespaces.l" +#line 62 "namespaces.l" return PERMIT; YY_BREAK case 9: YY_RULE_SETUP -#line 60 "namespaces.l" +#line 63 "namespaces.l" return DENY; YY_BREAK case 10: YY_RULE_SETUP -#line 61 "namespaces.l" +#line 64 "namespaces.l" return SELF; YY_BREAK case 11: YY_RULE_SETUP -#line 62 "namespaces.l" +#line 65 "namespaces.l" return SUBJECT_WORD; YY_BREAK case 12: @@ -1870,26 +2085,26 @@ case 12: yyg->yy_c_buf_p = yy_cp -= 1; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP -#line 63 "namespaces.l" +#line 66 "namespaces.l" YY_BREAK case 13: /* rule 13 can match eol */ YY_RULE_SETUP -#line 64 "namespaces.l" +#line 67 "namespaces.l" YY_BREAK case 14: YY_RULE_SETUP -#line 65 "namespaces.l" +#line 68 "namespaces.l" YY_BREAK case 15: YY_RULE_SETUP -#line 67 "namespaces.l" +#line 70 "namespaces.l" ECHO; YY_BREAK -#line 1890 "lex.namespaces.c" +#line 2107 "lex.namespaces.c" case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(SINGLE_QUOTED): case YY_STATE_EOF(DOUBLE_QUOTED): @@ -1909,14 +2124,18 @@ case YY_STATE_EOF(DOUBLE_QUOTED): /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called - * namespaceslex(). If so, then we have to assure + * yylex(). If so, then we have to assure * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; +/* %if-c-only */ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; +/* %endif */ +/* %if-c++-only */ +/* %endif */ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } @@ -1970,7 +2189,7 @@ case YY_STATE_EOF(DOUBLE_QUOTED): { yyg->yy_did_buffer_switch_on_eof = 0; - if ( namespaceswrap(yyscanner ) ) + if ( yywrap( yyscanner ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -2023,12 +2242,12 @@ case YY_STATE_EOF(DOUBLE_QUOTED): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ -} /* end of namespaceslex */ + } /* end of user's declarations */ +} /* end of yylex */ /* %ok-for-header */ /* %if-c++-only */ /* %not-for-header */ - /* %ok-for-header */ /* %endif */ @@ -2047,9 +2266,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = yyg->yytext_ptr; - register int number_to_move, i; + char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + char *source = yyg->yytext_ptr; + int number_to_move, i; int ret_val; if ( yyg->yy_c_buf_p > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] ) @@ -2078,7 +2297,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1; + number_to_move = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr - 1); for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); @@ -2098,7 +2317,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; int yy_c_buf_p_offset = (int) (yyg->yy_c_buf_p - b->yy_ch_buf); @@ -2114,11 +2333,12 @@ static int yy_get_next_buffer (yyscan_t yyscanner) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - namespacesrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ,yyscanner ); + yyrealloc( (void *) b->yy_ch_buf, + (yy_size_t) (b->yy_buf_size + 2) , yyscanner ); } else /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; + b->yy_ch_buf = NULL; if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( @@ -2136,7 +2356,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - yyg->yy_n_chars, (size_t) num_to_read ); + yyg->yy_n_chars, num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars; } @@ -2146,7 +2366,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - namespacesrestart(yyin ,yyscanner); + yyrestart( yyin , yyscanner); } else @@ -2160,12 +2380,15 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else ret_val = EOB_ACT_CONTINUE_SCAN; - if ((yy_size_t) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + if ((yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ - yy_size_t new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) namespacesrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ,yyscanner ); + int new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc( + (void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf, (yy_size_t) new_size , yyscanner ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); + /* "- 2" to take care of EOB's */ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size = (int) (new_size - 2); } yyg->yy_n_chars += number_to_move; @@ -2181,14 +2404,13 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c-only */ /* %not-for-header */ - static yy_state_type yy_get_previous_state (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { - register yy_state_type yy_current_state; - register char *yy_cp; + yy_state_type yy_current_state; + char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* %% [15.0] code to get the start state into yy_current_state goes here */ @@ -2224,10 +2446,10 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - register int yy_is_jam; + int yy_is_jam; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */ /* %% [17.0] code to find the next state, and perhaps do backing up, goes here */ - register char *yy_cp = yyg->yy_c_buf_p; + char *yy_cp = yyg->yy_c_buf_p; yy_current_state = yy_NUL_trans[yy_current_state]; yy_is_jam = (yy_current_state == 0); @@ -2241,17 +2463,19 @@ static int yy_get_next_buffer (yyscan_t yyscanner) } } + (void)yyg; return yy_is_jam ? 0 : yy_current_state; } +#ifndef YY_NO_UNPUT /* %if-c-only */ - static void yyunput (int c, register char * yy_bp , yyscan_t yyscanner) + static void yyunput (int c, char * yy_bp , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { - register char *yy_cp; + char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yy_cp = yyg->yy_c_buf_p; @@ -2262,10 +2486,10 @@ static int yy_get_next_buffer (yyscan_t yyscanner) if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = yyg->yy_n_chars + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + int number_to_move = yyg->yy_n_chars + 2; + char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = + char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) @@ -2274,7 +2498,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + yyg->yy_n_chars = (int) YY_CURRENT_BUFFER_LVALUE->yy_buf_size; if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); @@ -2291,6 +2515,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c-only */ /* %endif */ +#endif /* %if-c-only */ #ifndef YY_NO_INPUT @@ -2321,7 +2546,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else { /* need more input */ - int offset = yyg->yy_c_buf_p - yyg->yytext_ptr; + int offset = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr); ++yyg->yy_c_buf_p; switch ( yy_get_next_buffer( yyscanner ) ) @@ -2338,14 +2563,14 @@ static int yy_get_next_buffer (yyscan_t yyscanner) */ /* Reset buffer status. */ - namespacesrestart(yyin ,yyscanner); + yyrestart( yyin , yyscanner); /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { - if ( namespaceswrap(yyscanner ) ) - return EOF; + if ( yywrap( yyscanner ) ) + return 0; if ( ! yyg->yy_did_buffer_switch_on_eof ) YY_NEW_FILE; @@ -2381,7 +2606,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) * @note This function does not reset the start condition to @c INITIAL . */ /* %if-c-only */ - void namespacesrestart (FILE * input_file , yyscan_t yyscanner) + void yyrestart (FILE * input_file , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -2389,21 +2614,24 @@ static int yy_get_next_buffer (yyscan_t yyscanner) struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if ( ! YY_CURRENT_BUFFER ){ - namespacesensure_buffer_stack (yyscanner); + yyensure_buffer_stack (yyscanner); YY_CURRENT_BUFFER_LVALUE = - namespaces_create_buffer(yyin,YY_BUF_SIZE ,yyscanner); + yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); } - namespaces_init_buffer(YY_CURRENT_BUFFER,input_file ,yyscanner); - namespaces_load_buffer_state(yyscanner ); + yy_init_buffer( YY_CURRENT_BUFFER, input_file , yyscanner); + yy_load_buffer_state( yyscanner ); } +/* %if-c++-only */ +/* %endif */ + /** Switch to a different input buffer. * @param new_buffer The new input buffer. * @param yyscanner The scanner object. */ /* %if-c-only */ - void namespaces_switch_to_buffer (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -2412,10 +2640,10 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* TODO. We should be able to replace this entire function body * with - * namespacespop_buffer_state(); - * namespacespush_buffer_state(new_buffer); + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); */ - namespacesensure_buffer_stack (yyscanner); + yyensure_buffer_stack (yyscanner); if ( YY_CURRENT_BUFFER == new_buffer ) return; @@ -2428,18 +2656,18 @@ static int yy_get_next_buffer (yyscan_t yyscanner) } YY_CURRENT_BUFFER_LVALUE = new_buffer; - namespaces_load_buffer_state(yyscanner ); + yy_load_buffer_state( yyscanner ); /* We don't actually know whether we did this switch during - * EOF (namespaceswrap()) processing, but the only time this flag - * is looked at is after namespaceswrap() is called, so it's safe + * EOF (yywrap()) processing, but the only time this flag + * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ yyg->yy_did_buffer_switch_on_eof = 1; } /* %if-c-only */ -static void namespaces_load_buffer_state (yyscan_t yyscanner) +static void yy_load_buffer_state (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -2447,7 +2675,11 @@ static void namespaces_load_buffer_state (yyscan_t yyscanner) struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; yyg->yytext_ptr = yyg->yy_c_buf_p = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; +/* %if-c-only */ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; +/* %endif */ +/* %if-c++-only */ +/* %endif */ yyg->yy_hold_char = *yyg->yy_c_buf_p; } @@ -2458,39 +2690,42 @@ static void namespaces_load_buffer_state (yyscan_t yyscanner) * @return the allocated buffer state. */ /* %if-c-only */ - YY_BUFFER_STATE namespaces_create_buffer (FILE * file, int size , yyscan_t yyscanner) + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { YY_BUFFER_STATE b; - b = (YY_BUFFER_STATE) namespacesalloc(sizeof( struct yy_buffer_state ) ,yyscanner ); + b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) , yyscanner ); if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in namespaces_create_buffer()" ); + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_buf_size = size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) namespacesalloc(b->yy_buf_size + 2 ,yyscanner ); + b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) , yyscanner ); if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in namespaces_create_buffer()" ); + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - namespaces_init_buffer(b,file ,yyscanner); + yy_init_buffer( b, file , yyscanner); return b; } +/* %if-c++-only */ +/* %endif */ + /** Destroy the buffer. - * @param b a buffer created with namespaces_create_buffer() + * @param b a buffer created with yy_create_buffer() * @param yyscanner The scanner object. */ /* %if-c-only */ - void namespaces_delete_buffer (YY_BUFFER_STATE b , yyscan_t yyscanner) + void yy_delete_buffer (YY_BUFFER_STATE b , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -2504,28 +2739,17 @@ static void namespaces_load_buffer_state (yyscan_t yyscanner) YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - namespacesfree((void *) b->yy_ch_buf ,yyscanner ); + yyfree( (void *) b->yy_ch_buf , yyscanner ); - namespacesfree((void *) b ,yyscanner ); + yyfree( (void *) b , yyscanner ); } -/* %if-c-only */ - -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* %endif */ - -/* %if-c++-only */ -/* %endif */ - /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, - * such as during a namespacesrestart() or at EOF. + * such as during a yyrestart() or at EOF. */ /* %if-c-only */ - static void namespaces_init_buffer (YY_BUFFER_STATE b, FILE * file , yyscan_t yyscanner) + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -2534,13 +2758,17 @@ extern int isatty (int ); int oerrno = errno; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - namespaces_flush_buffer(b ,yyscanner); + yy_flush_buffer( b , yyscanner); +/* %if-c-only */ b->yy_input_file = file; +/* %endif */ +/* %if-c++-only */ +/* %endif */ b->yy_fill_buffer = 1; - /* If b is the current buffer, then namespaces_init_buffer was _probably_ - * called from namespacesrestart() or through yy_get_next_buffer. + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. * In that case, we don't want to reset the lineno or column. */ if (b != YY_CURRENT_BUFFER){ @@ -2563,7 +2791,7 @@ extern int isatty (int ); * @param yyscanner The scanner object. */ /* %if-c-only */ - void namespaces_flush_buffer (YY_BUFFER_STATE b , yyscan_t yyscanner) + void yy_flush_buffer (YY_BUFFER_STATE b , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -2587,7 +2815,7 @@ extern int isatty (int ); b->yy_buffer_status = YY_BUFFER_NEW; if ( b == YY_CURRENT_BUFFER ) - namespaces_load_buffer_state(yyscanner ); + yy_load_buffer_state( yyscanner ); } /* %if-c-or-c++ */ @@ -2598,7 +2826,7 @@ extern int isatty (int ); * @param yyscanner The scanner object. */ /* %if-c-only */ -void namespacespush_buffer_state (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) +void yypush_buffer_state (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -2607,9 +2835,9 @@ void namespacespush_buffer_state (YY_BUFFER_STATE new_buffer , yyscan_t yyscanne if (new_buffer == NULL) return; - namespacesensure_buffer_stack(yyscanner); + yyensure_buffer_stack(yyscanner); - /* This block is copied from namespaces_switch_to_buffer. */ + /* This block is copied from yy_switch_to_buffer. */ if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ @@ -2623,8 +2851,8 @@ void namespacespush_buffer_state (YY_BUFFER_STATE new_buffer , yyscan_t yyscanne yyg->yy_buffer_stack_top++; YY_CURRENT_BUFFER_LVALUE = new_buffer; - /* copied from namespaces_switch_to_buffer. */ - namespaces_load_buffer_state(yyscanner ); + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( yyscanner ); yyg->yy_did_buffer_switch_on_eof = 1; } /* %endif */ @@ -2635,7 +2863,7 @@ void namespacespush_buffer_state (YY_BUFFER_STATE new_buffer , yyscan_t yyscanne * @param yyscanner The scanner object. */ /* %if-c-only */ -void namespacespop_buffer_state (yyscan_t yyscanner) +void yypop_buffer_state (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -2644,13 +2872,13 @@ void namespacespop_buffer_state (yyscan_t yyscanner) if (!YY_CURRENT_BUFFER) return; - namespaces_delete_buffer(YY_CURRENT_BUFFER ,yyscanner); + yy_delete_buffer(YY_CURRENT_BUFFER , yyscanner); YY_CURRENT_BUFFER_LVALUE = NULL; if (yyg->yy_buffer_stack_top > 0) --yyg->yy_buffer_stack_top; if (YY_CURRENT_BUFFER) { - namespaces_load_buffer_state(yyscanner ); + yy_load_buffer_state( yyscanner ); yyg->yy_did_buffer_switch_on_eof = 1; } } @@ -2661,12 +2889,12 @@ void namespacespop_buffer_state (yyscan_t yyscanner) * Guarantees space for at least one push. */ /* %if-c-only */ -static void namespacesensure_buffer_stack (yyscan_t yyscanner) +static void yyensure_buffer_stack (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { - int num_to_alloc; + yy_size_t num_to_alloc; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (!yyg->yy_buffer_stack) { @@ -2675,15 +2903,15 @@ static void namespacesensure_buffer_stack (yyscan_t yyscanner) * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ - num_to_alloc = 1; - yyg->yy_buffer_stack = (struct yy_buffer_state**)namespacesalloc + num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ + yyg->yy_buffer_stack = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); if ( ! yyg->yy_buffer_stack ) - YY_FATAL_ERROR( "out of dynamic memory in namespacesensure_buffer_stack()" ); - + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); + memset(yyg->yy_buffer_stack, 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - + yyg->yy_buffer_stack_max = num_to_alloc; yyg->yy_buffer_stack_top = 0; return; @@ -2692,15 +2920,15 @@ static void namespacesensure_buffer_stack (yyscan_t yyscanner) if (yyg->yy_buffer_stack_top >= (yyg->yy_buffer_stack_max) - 1){ /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; + yy_size_t grow_size = 8 /* arbitrary grow size */; num_to_alloc = yyg->yy_buffer_stack_max + grow_size; - yyg->yy_buffer_stack = (struct yy_buffer_state**)namespacesrealloc + yyg->yy_buffer_stack = (struct yy_buffer_state**)yyrealloc (yyg->yy_buffer_stack, num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); if ( ! yyg->yy_buffer_stack ) - YY_FATAL_ERROR( "out of dynamic memory in namespacesensure_buffer_stack()" ); + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset(yyg->yy_buffer_stack + yyg->yy_buffer_stack_max, 0, grow_size * sizeof(struct yy_buffer_state*)); @@ -2714,9 +2942,9 @@ static void namespacesensure_buffer_stack (yyscan_t yyscanner) * @param base the character buffer * @param size the size in bytes of the character buffer * @param yyscanner The scanner object. - * @return the newly allocated buffer state object. + * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE namespaces_scan_buffer (char * base, yy_size_t size , yyscan_t yyscanner) +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size , yyscan_t yyscanner) { YY_BUFFER_STATE b; @@ -2724,53 +2952,53 @@ YY_BUFFER_STATE namespaces_scan_buffer (char * base, yy_size_t size , yyscan_t base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ - return 0; + return NULL; - b = (YY_BUFFER_STATE) namespacesalloc(sizeof( struct yy_buffer_state ) ,yyscanner ); + b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) , yyscanner ); if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in namespaces_scan_buffer()" ); + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ + b->yy_buf_size = (int) (size - 2); /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; b->yy_is_our_buffer = 0; - b->yy_input_file = 0; + b->yy_input_file = NULL; b->yy_n_chars = b->yy_buf_size; b->yy_is_interactive = 0; b->yy_at_bol = 1; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - namespaces_switch_to_buffer(b ,yyscanner ); + yy_switch_to_buffer( b , yyscanner ); return b; } /* %endif */ /* %if-c-only */ -/** Setup the input buffer state to scan a string. The next call to namespaceslex() will +/** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. * @param yystr a NUL-terminated string to scan * @param yyscanner The scanner object. * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use - * namespaces_scan_bytes() instead. + * yy_scan_bytes() instead. */ -YY_BUFFER_STATE namespaces_scan_string (yyconst char * yystr , yyscan_t yyscanner) +YY_BUFFER_STATE yy_scan_string (const char * yystr , yyscan_t yyscanner) { - return namespaces_scan_bytes(yystr,strlen(yystr) ,yyscanner); + return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner); } /* %endif */ /* %if-c-only */ -/** Setup the input buffer state to scan the given bytes. The next call to namespaceslex() will +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. + * @param yybytes the byte buffer to scan + * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. * @param yyscanner The scanner object. * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE namespaces_scan_bytes (yyconst char * yybytes, int _yybytes_len , yyscan_t yyscanner) +YY_BUFFER_STATE yy_scan_bytes (const char * yybytes, int _yybytes_len , yyscan_t yyscanner) { YY_BUFFER_STATE b; char *buf; @@ -2778,19 +3006,19 @@ YY_BUFFER_STATE namespaces_scan_bytes (yyconst char * yybytes, int _yybytes_le int i; /* Get memory for full buffer, including space for trailing EOB's. */ - n = _yybytes_len + 2; - buf = (char *) namespacesalloc(n ,yyscanner ); + n = (yy_size_t) (_yybytes_len + 2); + buf = (char *) yyalloc( n , yyscanner ); if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in namespaces_scan_bytes()" ); + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); for ( i = 0; i < _yybytes_len; ++i ) buf[i] = yybytes[i]; buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - b = namespaces_scan_buffer(buf,n ,yyscanner); + b = yy_scan_buffer( buf, n , yyscanner); if ( ! b ) - YY_FATAL_ERROR( "bad buffer in namespaces_scan_bytes()" ); + YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); /* It's okay to grow etc. this buffer, and we should throw it * away when we're done. @@ -2806,9 +3034,11 @@ YY_BUFFER_STATE namespaces_scan_bytes (yyconst char * yybytes, int _yybytes_le #endif /* %if-c-only */ -static void yy_fatal_error (yyconst char* msg , yyscan_t yyscanner) +static void yynoreturn yy_fatal_error (const char* msg , yyscan_t yyscanner) { - (void) fprintf( stderr, "%s\n", msg ); + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* %endif */ @@ -2840,7 +3070,7 @@ static void yy_fatal_error (yyconst char* msg , yyscan_t yyscanner) /** Get the user-defined data for this scanner. * @param yyscanner The scanner object. */ -YY_EXTRA_TYPE namespacesget_extra (yyscan_t yyscanner) +YY_EXTRA_TYPE yyget_extra (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyextra; @@ -2851,10 +3081,10 @@ YY_EXTRA_TYPE namespacesget_extra (yyscan_t yyscanner) /** Get the current line number. * @param yyscanner The scanner object. */ -int namespacesget_lineno (yyscan_t yyscanner) +int yyget_lineno (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - + if (! YY_CURRENT_BUFFER) return 0; @@ -2864,10 +3094,10 @@ int namespacesget_lineno (yyscan_t yyscanner) /** Get the current column number. * @param yyscanner The scanner object. */ -int namespacesget_column (yyscan_t yyscanner) +int yyget_column (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - + if (! YY_CURRENT_BUFFER) return 0; @@ -2877,7 +3107,7 @@ int namespacesget_column (yyscan_t yyscanner) /** Get the input stream. * @param yyscanner The scanner object. */ -FILE *namespacesget_in (yyscan_t yyscanner) +FILE *yyget_in (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyin; @@ -2886,7 +3116,7 @@ FILE *namespacesget_in (yyscan_t yyscanner) /** Get the output stream. * @param yyscanner The scanner object. */ -FILE *namespacesget_out (yyscan_t yyscanner) +FILE *yyget_out (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyout; @@ -2895,7 +3125,7 @@ FILE *namespacesget_out (yyscan_t yyscanner) /** Get the length of the current token. * @param yyscanner The scanner object. */ -int namespacesget_leng (yyscan_t yyscanner) +int yyget_leng (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyleng; @@ -2905,7 +3135,7 @@ int namespacesget_leng (yyscan_t yyscanner) * @param yyscanner The scanner object. */ -char *namespacesget_text (yyscan_t yyscanner) +char *yyget_text (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yytext; @@ -2917,7 +3147,7 @@ char *namespacesget_text (yyscan_t yyscanner) * @param user_defined The data to be associated with this scanner. * @param yyscanner The scanner object. */ -void namespacesset_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner) +void yyset_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyextra = user_defined ; @@ -2926,63 +3156,63 @@ void namespacesset_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner) /* %endif */ /** Set the current line number. - * @param line_number + * @param _line_number line number * @param yyscanner The scanner object. */ -void namespacesset_lineno (int line_number , yyscan_t yyscanner) +void yyset_lineno (int _line_number , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* lineno is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) - yy_fatal_error( "namespacesset_lineno called with no buffer" , yyscanner); + YY_FATAL_ERROR( "yyset_lineno called with no buffer" ); - yylineno = line_number; + yylineno = _line_number; } /** Set the current column. - * @param line_number + * @param _column_no column number * @param yyscanner The scanner object. */ -void namespacesset_column (int column_no , yyscan_t yyscanner) +void yyset_column (int _column_no , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* column is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) - yy_fatal_error( "namespacesset_column called with no buffer" , yyscanner); + YY_FATAL_ERROR( "yyset_column called with no buffer" ); - yycolumn = column_no; + yycolumn = _column_no; } /** Set the input stream. This does not discard the current * input buffer. - * @param in_str A readable stream. + * @param _in_str A readable stream. * @param yyscanner The scanner object. - * @see namespaces_switch_to_buffer + * @see yy_switch_to_buffer */ -void namespacesset_in (FILE * in_str , yyscan_t yyscanner) +void yyset_in (FILE * _in_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yyin = in_str ; + yyin = _in_str ; } -void namespacesset_out (FILE * out_str , yyscan_t yyscanner) +void yyset_out (FILE * _out_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yyout = out_str ; + yyout = _out_str ; } -int namespacesget_debug (yyscan_t yyscanner) +int yyget_debug (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yy_flex_debug; } -void namespacesset_debug (int bdebug , yyscan_t yyscanner) +void yyset_debug (int _bdebug , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yy_flex_debug = bdebug ; + yy_flex_debug = _bdebug ; } /* %endif */ @@ -2992,13 +3222,13 @@ void namespacesset_debug (int bdebug , yyscan_t yyscanner) /* %if-bison-bridge */ -YYSTYPE * namespacesget_lval (yyscan_t yyscanner) +YYSTYPE * yyget_lval (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yylval; } -void namespacesset_lval (YYSTYPE * yylval_param , yyscan_t yyscanner) +void yyset_lval (YYSTYPE * yylval_param , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yylval = yylval_param; @@ -3008,20 +3238,18 @@ void namespacesset_lval (YYSTYPE * yylval_param , yyscan_t yyscanner) /* User-visible API */ -/* namespaceslex_init is special because it creates the scanner itself, so it is +/* yylex_init is special because it creates the scanner itself, so it is * the ONLY reentrant function that doesn't take the scanner as the last argument. * That's why we explicitly handle the declaration, instead of using our macros. */ - -int namespaceslex_init(yyscan_t* ptr_yy_globals) - +int yylex_init(yyscan_t* ptr_yy_globals) { if (ptr_yy_globals == NULL){ errno = EINVAL; return 1; } - *ptr_yy_globals = (yyscan_t) namespacesalloc ( sizeof( struct yyguts_t ), NULL ); + *ptr_yy_globals = (yyscan_t) yyalloc ( sizeof( struct yyguts_t ), NULL ); if (*ptr_yy_globals == NULL){ errno = ENOMEM; @@ -3034,39 +3262,37 @@ int namespaceslex_init(yyscan_t* ptr_yy_globals) return yy_init_globals ( *ptr_yy_globals ); } -/* namespaceslex_init_extra has the same functionality as namespaceslex_init, but follows the +/* yylex_init_extra has the same functionality as yylex_init, but follows the * convention of taking the scanner as the last argument. Note however, that * this is a *pointer* to a scanner, as it will be allocated by this call (and * is the reason, too, why this function also must handle its own declaration). - * The user defined value in the first argument will be available to namespacesalloc in + * The user defined value in the first argument will be available to yyalloc in * the yyextra field. */ - -int namespaceslex_init_extra(YY_EXTRA_TYPE yy_user_defined,yyscan_t* ptr_yy_globals ) - +int yylex_init_extra( YY_EXTRA_TYPE yy_user_defined, yyscan_t* ptr_yy_globals ) { struct yyguts_t dummy_yyguts; - namespacesset_extra (yy_user_defined, &dummy_yyguts); + yyset_extra (yy_user_defined, &dummy_yyguts); if (ptr_yy_globals == NULL){ errno = EINVAL; return 1; } - - *ptr_yy_globals = (yyscan_t) namespacesalloc ( sizeof( struct yyguts_t ), &dummy_yyguts ); - + + *ptr_yy_globals = (yyscan_t) yyalloc ( sizeof( struct yyguts_t ), &dummy_yyguts ); + if (*ptr_yy_globals == NULL){ errno = ENOMEM; return 1; } - + /* By setting to 0xAA, we expose bugs in yy_init_globals. Leave at 0x00 for releases. */ memset(*ptr_yy_globals,0x00,sizeof(struct yyguts_t)); - - namespacesset_extra (yy_user_defined, *ptr_yy_globals); - + + yyset_extra (yy_user_defined, *ptr_yy_globals); + return yy_init_globals ( *ptr_yy_globals ); } @@ -3077,13 +3303,13 @@ static int yy_init_globals (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* Initialization is the same as for the non-reentrant scanner. - * This function is called from namespaceslex_destroy(), so don't allocate here. + * This function is called from yylex_destroy(), so don't allocate here. */ - yyg->yy_buffer_stack = 0; + yyg->yy_buffer_stack = NULL; yyg->yy_buffer_stack_top = 0; yyg->yy_buffer_stack_max = 0; - yyg->yy_c_buf_p = (char *) 0; + yyg->yy_c_buf_p = NULL; yyg->yy_init = 0; yyg->yy_start = 0; @@ -3096,45 +3322,45 @@ static int yy_init_globals (yyscan_t yyscanner) yyin = stdin; yyout = stdout; #else - yyin = (FILE *) 0; - yyout = (FILE *) 0; + yyin = NULL; + yyout = NULL; #endif /* For future reference: Set errno on error, since we are called by - * namespaceslex_init() + * yylex_init() */ return 0; } /* %endif */ /* %if-c-only SNIP! this currently causes conflicts with the c++ scanner */ -/* namespaceslex_destroy is for both reentrant and non-reentrant scanners. */ -int namespaceslex_destroy (yyscan_t yyscanner) +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* Pop the buffer stack, destroying each element. */ while(YY_CURRENT_BUFFER){ - namespaces_delete_buffer(YY_CURRENT_BUFFER ,yyscanner ); + yy_delete_buffer( YY_CURRENT_BUFFER , yyscanner ); YY_CURRENT_BUFFER_LVALUE = NULL; - namespacespop_buffer_state(yyscanner); + yypop_buffer_state(yyscanner); } /* Destroy the stack itself. */ - namespacesfree(yyg->yy_buffer_stack ,yyscanner); + yyfree(yyg->yy_buffer_stack , yyscanner); yyg->yy_buffer_stack = NULL; /* Destroy the start condition stack. */ - namespacesfree(yyg->yy_start_stack ,yyscanner ); + yyfree( yyg->yy_start_stack , yyscanner ); yyg->yy_start_stack = NULL; /* Reset the globals. This is important in a non-reentrant scanner so the next time - * namespaceslex() is called, initialization will occur. */ + * yylex() is called, initialization will occur. */ yy_init_globals( yyscanner); /* %if-reentrant */ /* Destroy the main struct (reentrant only). */ - namespacesfree ( yyscanner , yyscanner ); + yyfree ( yyscanner , yyscanner ); yyscanner = NULL; /* %endif */ return 0; @@ -3146,18 +3372,21 @@ int namespaceslex_destroy (yyscan_t yyscanner) */ #ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yyscanner) +static void yy_flex_strncpy (char* s1, const char * s2, int n , yyscan_t yyscanner) { - register int i; + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + + int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner) +static int yy_flex_strlen (const char * s , yyscan_t yyscanner) { - register int n; + int n; for ( n = 0; s[n]; ++n ) ; @@ -3165,13 +3394,18 @@ static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner) } #endif -void *namespacesalloc (yy_size_t size , yyscan_t yyscanner) +void *yyalloc (yy_size_t size , yyscan_t yyscanner) { - return (void *) malloc( size ); + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + return malloc(size); } -void *namespacesrealloc (void * ptr, yy_size_t size , yyscan_t yyscanner) +void *yyrealloc (void * ptr, yy_size_t size , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -3179,12 +3413,14 @@ void *namespacesrealloc (void * ptr, yy_size_t size , yyscan_t yyscanner) * any pointer type to void*, and deal with argument conversions * as though doing an assignment. */ - return (void *) realloc( (char *) ptr, size ); + return realloc(ptr, size); } -void namespacesfree (void * ptr , yyscan_t yyscanner) +void yyfree (void * ptr , yyscan_t yyscanner) { - free( (char *) ptr ); /* see namespacesrealloc() for (char *) cast */ + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ } /* %if-tables-serialization definitions */ @@ -3194,7 +3430,6 @@ void namespacesfree (void * ptr , yyscan_t yyscanner) /* %ok-for-header */ -#line 67 "namespaces.l" - +#line 70 "namespaces.l" diff --git a/src/sslutils/lex.signing.c b/src/sslutils/lex.signing.c index e32364d7..3ac72130 100644 --- a/src/sslutils/lex.signing.c +++ b/src/sslutils/lex.signing.c @@ -1,12 +1,11 @@ -#line 3 "lex.signing.c" +#line 2 "lex.signing.c" #define YY_INT_ALIGNED short int /* A lexical scanner generated by flex */ /* %not-for-header */ - /* %if-c-only */ /* %if-not-reentrant */ /* %endif */ @@ -15,8 +14,8 @@ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 35 +#define YY_FLEX_MINOR_VERSION 6 +#define YY_FLEX_SUBMINOR_VERSION 4 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif @@ -25,9 +24,230 @@ /* %endif */ /* %if-c-only */ - +#ifdef yy_create_buffer +#define signing_create_buffer_ALREADY_DEFINED +#else +#define yy_create_buffer signing_create_buffer +#endif + +#ifdef yy_delete_buffer +#define signing_delete_buffer_ALREADY_DEFINED +#else +#define yy_delete_buffer signing_delete_buffer +#endif + +#ifdef yy_scan_buffer +#define signing_scan_buffer_ALREADY_DEFINED +#else +#define yy_scan_buffer signing_scan_buffer +#endif + +#ifdef yy_scan_string +#define signing_scan_string_ALREADY_DEFINED +#else +#define yy_scan_string signing_scan_string +#endif + +#ifdef yy_scan_bytes +#define signing_scan_bytes_ALREADY_DEFINED +#else +#define yy_scan_bytes signing_scan_bytes +#endif + +#ifdef yy_init_buffer +#define signing_init_buffer_ALREADY_DEFINED +#else +#define yy_init_buffer signing_init_buffer +#endif + +#ifdef yy_flush_buffer +#define signing_flush_buffer_ALREADY_DEFINED +#else +#define yy_flush_buffer signing_flush_buffer +#endif + +#ifdef yy_load_buffer_state +#define signing_load_buffer_state_ALREADY_DEFINED +#else +#define yy_load_buffer_state signing_load_buffer_state +#endif + +#ifdef yy_switch_to_buffer +#define signing_switch_to_buffer_ALREADY_DEFINED +#else +#define yy_switch_to_buffer signing_switch_to_buffer +#endif + +#ifdef yypush_buffer_state +#define signingpush_buffer_state_ALREADY_DEFINED +#else +#define yypush_buffer_state signingpush_buffer_state +#endif + +#ifdef yypop_buffer_state +#define signingpop_buffer_state_ALREADY_DEFINED +#else +#define yypop_buffer_state signingpop_buffer_state +#endif + +#ifdef yyensure_buffer_stack +#define signingensure_buffer_stack_ALREADY_DEFINED +#else +#define yyensure_buffer_stack signingensure_buffer_stack +#endif + +#ifdef yylex +#define signinglex_ALREADY_DEFINED +#else +#define yylex signinglex +#endif + +#ifdef yyrestart +#define signingrestart_ALREADY_DEFINED +#else +#define yyrestart signingrestart +#endif + +#ifdef yylex_init +#define signinglex_init_ALREADY_DEFINED +#else +#define yylex_init signinglex_init +#endif + +#ifdef yylex_init_extra +#define signinglex_init_extra_ALREADY_DEFINED +#else +#define yylex_init_extra signinglex_init_extra +#endif + +#ifdef yylex_destroy +#define signinglex_destroy_ALREADY_DEFINED +#else +#define yylex_destroy signinglex_destroy +#endif + +#ifdef yyget_debug +#define signingget_debug_ALREADY_DEFINED +#else +#define yyget_debug signingget_debug +#endif + +#ifdef yyset_debug +#define signingset_debug_ALREADY_DEFINED +#else +#define yyset_debug signingset_debug +#endif + +#ifdef yyget_extra +#define signingget_extra_ALREADY_DEFINED +#else +#define yyget_extra signingget_extra +#endif + +#ifdef yyset_extra +#define signingset_extra_ALREADY_DEFINED +#else +#define yyset_extra signingset_extra +#endif + +#ifdef yyget_in +#define signingget_in_ALREADY_DEFINED +#else +#define yyget_in signingget_in +#endif + +#ifdef yyset_in +#define signingset_in_ALREADY_DEFINED +#else +#define yyset_in signingset_in +#endif + +#ifdef yyget_out +#define signingget_out_ALREADY_DEFINED +#else +#define yyget_out signingget_out +#endif + +#ifdef yyset_out +#define signingset_out_ALREADY_DEFINED +#else +#define yyset_out signingset_out +#endif + +#ifdef yyget_leng +#define signingget_leng_ALREADY_DEFINED +#else +#define yyget_leng signingget_leng +#endif + +#ifdef yyget_text +#define signingget_text_ALREADY_DEFINED +#else +#define yyget_text signingget_text +#endif + +#ifdef yyget_lineno +#define signingget_lineno_ALREADY_DEFINED +#else +#define yyget_lineno signingget_lineno +#endif + +#ifdef yyset_lineno +#define signingset_lineno_ALREADY_DEFINED +#else +#define yyset_lineno signingset_lineno +#endif + +#ifdef yyget_column +#define signingget_column_ALREADY_DEFINED +#else +#define yyget_column signingget_column +#endif + +#ifdef yyset_column +#define signingset_column_ALREADY_DEFINED +#else +#define yyset_column signingset_column +#endif + +#ifdef yywrap +#define signingwrap_ALREADY_DEFINED +#else +#define yywrap signingwrap +#endif + /* %endif */ +#ifdef yyget_lval +#define signingget_lval_ALREADY_DEFINED +#else +#define yyget_lval signingget_lval +#endif + +#ifdef yyset_lval +#define signingset_lval_ALREADY_DEFINED +#else +#define yyset_lval signingset_lval +#endif + +#ifdef yyalloc +#define signingalloc_ALREADY_DEFINED +#else +#define yyalloc signingalloc +#endif + +#ifdef yyrealloc +#define signingrealloc_ALREADY_DEFINED +#else +#define yyrealloc signingrealloc +#endif + +#ifdef yyfree +#define signingfree_ALREADY_DEFINED +#else +#define yyfree signingfree +#endif + /* %if-c-only */ /* %endif */ @@ -77,7 +297,6 @@ typedef int flex_int32_t; typedef unsigned char flex_uint8_t; typedef unsigned short int flex_uint16_t; typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ /* Limits of integral types. */ #ifndef INT8_MIN @@ -108,48 +327,39 @@ typedef unsigned int flex_uint32_t; #define UINT32_MAX (4294967295U) #endif +#ifndef SIZE_MAX +#define SIZE_MAX (~(size_t)0) +#endif + +#endif /* ! C99 */ + #endif /* ! FLEXINT_H */ /* %endif */ +/* begin standard C++ headers. */ /* %if-c++-only */ /* %endif */ -#ifdef __cplusplus - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ - -/* C99 requires __STDC__ to be defined as 1. */ -#if defined (__STDC__) - -#define YY_USE_CONST - -#endif /* defined (__STDC__) */ -#endif /* ! __cplusplus */ - -#ifdef YY_USE_CONST +/* TODO: this is always defined, so inline it */ #define yyconst const + +#if defined(__GNUC__) && __GNUC__ >= 3 +#define yynoreturn __attribute__((__noreturn__)) #else -#define yyconst +#define yynoreturn #endif /* %not-for-header */ - /* Returned upon end-of-file. */ #define YY_NULL 0 /* %ok-for-header */ /* %not-for-header */ - -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. +/* Promotes a possibly negative, possibly signed char to an + * integer in range [0..255] for use as an array index. */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) +#define YY_SC_TO_UI(c) ((YY_CHAR) (c)) /* %ok-for-header */ /* %if-reentrant */ @@ -181,25 +391,29 @@ typedef void* yyscan_t; * definition of BEGIN. */ #define BEGIN yyg->yy_start = 1 + 2 * - /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ #define YY_START ((yyg->yy_start - 1) / 2) #define YYSTATE YY_START - /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE signingrestart(yyin ,yyscanner ) - +#define YY_NEW_FILE yyrestart( yyin , yyscanner ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ #ifndef YY_BUF_SIZE +#ifdef __ia64__ +/* On IA-64, the buffer size is 16k, not 8k. + * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. + * Ditto for the __ia64__ case accordingly. + */ +#define YY_BUF_SIZE 32768 +#else #define YY_BUF_SIZE 16384 +#endif /* __ia64__ */ #endif /* The state buf must be large enough to hold one state per character in the main buffer. @@ -211,6 +425,11 @@ typedef void* yyscan_t; typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif + /* %if-not-reentrant */ /* %endif */ @@ -222,8 +441,9 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 - + #define YY_LESS_LINENO(n) + #define YY_LINENO_REWIND_TO(ptr) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ @@ -238,14 +458,8 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE; YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) - #define unput(c) yyunput( c, yyg->yytext_ptr , yyscanner ) -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef size_t yy_size_t; -#endif - #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state @@ -263,7 +477,7 @@ struct yy_buffer_state /* Size of input buffer in bytes, not including room for EOB * characters. */ - yy_size_t yy_buf_size; + int yy_buf_size; /* Number of characters read into yy_ch_buf, not including EOB * characters. @@ -291,7 +505,7 @@ struct yy_buffer_state int yy_bs_lineno; /**< The line count. */ int yy_bs_column; /**< The column count. */ - + /* Whether to try to fill the input buffer when we reach the * end of it. */ @@ -308,7 +522,7 @@ struct yy_buffer_state * possible backing-up. * * When we actually see the EOF, we change the status to "new" - * (via signingrestart()), so that the user can continue scanning by + * (via yyrestart()), so that the user can continue scanning by * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 @@ -318,7 +532,6 @@ struct yy_buffer_state /* %if-c-only Standard (non-C++) definition */ /* %not-for-header */ - /* %if-not-reentrant */ /* %endif */ /* %ok-for-header */ @@ -334,7 +547,6 @@ struct yy_buffer_state #define YY_CURRENT_BUFFER ( yyg->yy_buffer_stack \ ? yyg->yy_buffer_stack[yyg->yy_buffer_stack_top] \ : NULL) - /* Same as previous macro, but useful when we know that the buffer stack is not * NULL or when we need an lvalue. For internal use only. */ @@ -344,72 +556,68 @@ struct yy_buffer_state /* %if-not-reentrant */ /* %not-for-header */ - /* %ok-for-header */ /* %endif */ -void signingrestart (FILE *input_file ,yyscan_t yyscanner ); -void signing_switch_to_buffer (YY_BUFFER_STATE new_buffer ,yyscan_t yyscanner ); -YY_BUFFER_STATE signing_create_buffer (FILE *file,int size ,yyscan_t yyscanner ); -void signing_delete_buffer (YY_BUFFER_STATE b ,yyscan_t yyscanner ); -void signing_flush_buffer (YY_BUFFER_STATE b ,yyscan_t yyscanner ); -void signingpush_buffer_state (YY_BUFFER_STATE new_buffer ,yyscan_t yyscanner ); -void signingpop_buffer_state (yyscan_t yyscanner ); - -static void signingensure_buffer_stack (yyscan_t yyscanner ); -static void signing_load_buffer_state (yyscan_t yyscanner ); -static void signing_init_buffer (YY_BUFFER_STATE b,FILE *file ,yyscan_t yyscanner ); +void yyrestart ( FILE *input_file , yyscan_t yyscanner ); +void yy_switch_to_buffer ( YY_BUFFER_STATE new_buffer , yyscan_t yyscanner ); +YY_BUFFER_STATE yy_create_buffer ( FILE *file, int size , yyscan_t yyscanner ); +void yy_delete_buffer ( YY_BUFFER_STATE b , yyscan_t yyscanner ); +void yy_flush_buffer ( YY_BUFFER_STATE b , yyscan_t yyscanner ); +void yypush_buffer_state ( YY_BUFFER_STATE new_buffer , yyscan_t yyscanner ); +void yypop_buffer_state ( yyscan_t yyscanner ); -#define YY_FLUSH_BUFFER signing_flush_buffer(YY_CURRENT_BUFFER ,yyscanner) +static void yyensure_buffer_stack ( yyscan_t yyscanner ); +static void yy_load_buffer_state ( yyscan_t yyscanner ); +static void yy_init_buffer ( YY_BUFFER_STATE b, FILE *file , yyscan_t yyscanner ); +#define YY_FLUSH_BUFFER yy_flush_buffer( YY_CURRENT_BUFFER , yyscanner) -YY_BUFFER_STATE signing_scan_buffer (char *base,yy_size_t size ,yyscan_t yyscanner ); -YY_BUFFER_STATE signing_scan_string (yyconst char *yy_str ,yyscan_t yyscanner ); -YY_BUFFER_STATE signing_scan_bytes (yyconst char *bytes,int len ,yyscan_t yyscanner ); +YY_BUFFER_STATE yy_scan_buffer ( char *base, yy_size_t size , yyscan_t yyscanner ); +YY_BUFFER_STATE yy_scan_string ( const char *yy_str , yyscan_t yyscanner ); +YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, int len , yyscan_t yyscanner ); /* %endif */ -void *signingalloc (yy_size_t ,yyscan_t yyscanner ); -void *signingrealloc (void *,yy_size_t ,yyscan_t yyscanner ); -void signingfree (void * ,yyscan_t yyscanner ); - -#define yy_new_buffer signing_create_buffer +void *yyalloc ( yy_size_t , yyscan_t yyscanner ); +void *yyrealloc ( void *, yy_size_t , yyscan_t yyscanner ); +void yyfree ( void * , yyscan_t yyscanner ); +#define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ if ( ! YY_CURRENT_BUFFER ){ \ - signingensure_buffer_stack (yyscanner); \ + yyensure_buffer_stack (yyscanner); \ YY_CURRENT_BUFFER_LVALUE = \ - signing_create_buffer(yyin,YY_BUF_SIZE ,yyscanner); \ + yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } - #define yy_set_bol(at_bol) \ { \ if ( ! YY_CURRENT_BUFFER ){\ - signingensure_buffer_stack (yyscanner); \ + yyensure_buffer_stack (yyscanner); \ YY_CURRENT_BUFFER_LVALUE = \ - signing_create_buffer(yyin,YY_BUF_SIZE ,yyscanner); \ + yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } - #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) /* %% [1.0] yytext/yyin/yyout/yy_state_type/yylineno etc. def's & init go here */ -#define signingwrap(n) 1 +#define signingwrap(yyscanner) (/*CONSTCOND*/1) #define YY_SKIP_YYWRAP #define FLEX_DEBUG - -typedef char YY_CHAR; +typedef flex_uint8_t YY_CHAR; typedef int yy_state_type; #define yytext_ptr yytext_r -static yyconst flex_int16_t yy_nxt[][128] = + +/* %% [1.5] DFA */ +static const flex_int16_t yy_nxt[][128] = { { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -2248,10 +2456,10 @@ static yyconst flex_int16_t yy_nxt[][128] = /* %if-c-only Standard (non-C++) definition */ -static yy_state_type yy_get_previous_state (yyscan_t yyscanner ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ,yyscan_t yyscanner); -static int yy_get_next_buffer (yyscan_t yyscanner ); -static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner ); +static yy_state_type yy_get_previous_state ( yyscan_t yyscanner ); +static yy_state_type yy_try_NUL_trans ( yy_state_type current_state , yyscan_t yyscanner); +static int yy_get_next_buffer ( yyscan_t yyscanner ); +static void yynoreturn yy_fatal_error ( const char* msg , yyscan_t yyscanner ); /* %endif */ @@ -2261,12 +2469,11 @@ static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner ); #define YY_DO_BEFORE_ACTION \ yyg->yytext_ptr = yy_bp; \ /* %% [2.0] code to fiddle yytext and yyleng for yymore() goes here \ */\ - yyleng = (size_t) (yy_cp - yy_bp); \ + yyleng = (int) (yy_cp - yy_bp); \ yyg->yy_hold_char = *yy_cp; \ *yy_cp = '\0'; \ /* %% [3.0] code to copy yytext_ptr to yytext[] goes here, if %array \ */\ yyg->yy_c_buf_p = yy_cp; - /* %% [4.0] data tables for the DFA and the user's section 1 definitions go here */ #define YY_NUM_RULES 17 #define YY_END_OF_BUFFER 18 @@ -2277,7 +2484,7 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static yyconst flex_int16_t yy_accept[106] = +static const flex_int16_t yy_accept[106] = { 0, 0, 0, 0, 0, 0, 0, 18, 16, 15, 4, 1, 2, 16, 16, 16, 16, 16, 16, 16, 17, @@ -2293,7 +2500,7 @@ static yyconst flex_int16_t yy_accept[106] = 13, 0, 0, 0, 7 } ; -static yyconst yy_state_type yy_NUL_trans[106] = +static const yy_state_type yy_NUL_trans[106] = { 0, 8, 8, 20, 20, 22, 22, 0, 0, 0, 0, 24, 0, 0, 0, 0, 0, 0, 0, 0, 32, @@ -2309,10 +2516,10 @@ static yyconst yy_state_type yy_NUL_trans[106] = 0, 0, 0, 0, 0 } ; -static yyconst flex_int16_t yy_rule_linenum[17] = +static const flex_int16_t yy_rule_linenum[17] = { 0, - 47, 48, 50, 52, 53, 56, 57, 58, 59, 60, - 61, 62, 63, 64, 66, 67 + 50, 51, 53, 55, 56, 59, 60, 61, 62, 63, + 64, 65, 66, 67, 69, 70 } ; /* The intent behind this definition is that it'll catch @@ -2360,9 +2567,9 @@ static yyconst flex_int16_t yy_rule_linenum[17] = #ifndef strndup extern char *strndup(const char*, size_t); #endif +#line 2570 "lex.signing.c" - -#line 2363 "lex.signing.c" +#line 2572 "lex.signing.c" #define INITIAL 0 #define SINGLE_QUOTED 1 @@ -2425,7 +2632,7 @@ struct yyguts_t /* %if-c-only */ -static int yy_init_globals (yyscan_t yyscanner ); +static int yy_init_globals ( yyscan_t yyscanner ); /* %endif */ @@ -2435,9 +2642,9 @@ static int yy_init_globals (yyscan_t yyscanner ); * from bison output in section 1.*/ # define yylval yyg->yylval_r -int signinglex_init (yyscan_t* scanner); +int yylex_init (yyscan_t* scanner); -int signinglex_init_extra (YY_EXTRA_TYPE user_defined,yyscan_t* scanner); +int yylex_init_extra ( YY_EXTRA_TYPE user_defined, yyscan_t* scanner); /* %endif */ @@ -2446,37 +2653,41 @@ int signinglex_init_extra (YY_EXTRA_TYPE user_defined,yyscan_t* scanner); /* Accessor methods to globals. These are made visible to non-reentrant scanners for convenience. */ -int signinglex_destroy (yyscan_t yyscanner ); +int yylex_destroy ( yyscan_t yyscanner ); + +int yyget_debug ( yyscan_t yyscanner ); -int signingget_debug (yyscan_t yyscanner ); +void yyset_debug ( int debug_flag , yyscan_t yyscanner ); -void signingset_debug (int debug_flag ,yyscan_t yyscanner ); +YY_EXTRA_TYPE yyget_extra ( yyscan_t yyscanner ); -YY_EXTRA_TYPE signingget_extra (yyscan_t yyscanner ); +void yyset_extra ( YY_EXTRA_TYPE user_defined , yyscan_t yyscanner ); -void signingset_extra (YY_EXTRA_TYPE user_defined ,yyscan_t yyscanner ); +FILE *yyget_in ( yyscan_t yyscanner ); -FILE *signingget_in (yyscan_t yyscanner ); +void yyset_in ( FILE * _in_str , yyscan_t yyscanner ); -void signingset_in (FILE * in_str ,yyscan_t yyscanner ); +FILE *yyget_out ( yyscan_t yyscanner ); -FILE *signingget_out (yyscan_t yyscanner ); +void yyset_out ( FILE * _out_str , yyscan_t yyscanner ); -void signingset_out (FILE * out_str ,yyscan_t yyscanner ); + int yyget_leng ( yyscan_t yyscanner ); -int signingget_leng (yyscan_t yyscanner ); +char *yyget_text ( yyscan_t yyscanner ); -char *signingget_text (yyscan_t yyscanner ); +int yyget_lineno ( yyscan_t yyscanner ); -int signingget_lineno (yyscan_t yyscanner ); +void yyset_lineno ( int _line_number , yyscan_t yyscanner ); -void signingset_lineno (int line_number ,yyscan_t yyscanner ); +int yyget_column ( yyscan_t yyscanner ); + +void yyset_column ( int _column_no , yyscan_t yyscanner ); /* %if-bison-bridge */ -YYSTYPE * signingget_lval (yyscan_t yyscanner ); +YYSTYPE * yyget_lval ( yyscan_t yyscanner ); -void signingset_lval (YYSTYPE * yylval_param ,yyscan_t yyscanner ); +void yyset_lval ( YYSTYPE * yylval_param , yyscan_t yyscanner ); /* %endif */ @@ -2486,36 +2697,37 @@ void signingset_lval (YYSTYPE * yylval_param ,yyscan_t yyscanner ); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int signingwrap (yyscan_t yyscanner ); +extern "C" int yywrap ( yyscan_t yyscanner ); #else -extern int signingwrap (yyscan_t yyscanner ); +extern int yywrap ( yyscan_t yyscanner ); #endif #endif /* %not-for-header */ - - static void yyunput (int c,char *buf_ptr ,yyscan_t yyscanner); +#ifndef YY_NO_UNPUT + static void yyunput ( int c, char *buf_ptr , yyscan_t yyscanner); + +#endif /* %ok-for-header */ /* %endif */ #ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ,yyscan_t yyscanner); +static void yy_flex_strncpy ( char *, const char *, int , yyscan_t yyscanner); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ,yyscan_t yyscanner); +static int yy_flex_strlen ( const char * , yyscan_t yyscanner); #endif #ifndef YY_NO_INPUT /* %if-c-only Standard (non-C++) definition */ /* %not-for-header */ - #ifdef __cplusplus -static int yyinput (yyscan_t yyscanner ); +static int yyinput ( yyscan_t yyscanner ); #else -static int input (yyscan_t yyscanner ); +static int input ( yyscan_t yyscanner ); #endif /* %ok-for-header */ @@ -2528,7 +2740,12 @@ static int input (yyscan_t yyscanner ); /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE +#ifdef __ia64__ +/* On IA-64, the buffer size is 16k, not 8k */ +#define YY_READ_BUF_SIZE 16384 +#else #define YY_READ_BUF_SIZE 8192 +#endif /* __ia64__ */ #endif /* Copy whatever the last rule matched to the standard output. */ @@ -2537,7 +2754,7 @@ static int input (yyscan_t yyscanner ); /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ -#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) +#define ECHO do { if (fwrite( yytext, (size_t) yyleng, 1, yyout )) {} } while (0) /* %endif */ /* %if-c++-only C++ definition */ /* %endif */ @@ -2550,7 +2767,7 @@ static int input (yyscan_t yyscanner ); #define YY_INPUT(buf,result,max_size) \ /* %% [5.0] fread()/read() definition of YY_INPUT goes here unless we're doing C++ \ */\ errno=0; \ - while ( (result = read( fileno(yyin), (char *) buf, max_size )) < 0 ) \ + while ( (result = (int) read( fileno(yyin), buf, (yy_size_t) max_size )) < 0 ) \ { \ if( errno != EINTR) \ { \ @@ -2590,11 +2807,9 @@ static int input (yyscan_t yyscanner ); /* %if-tables-serialization structures and prototypes */ /* %not-for-header */ - /* %ok-for-header */ /* %not-for-header */ - /* %tables-yydmap generated elements */ /* %endif */ /* end tables serialization structures and prototypes */ @@ -2608,10 +2823,10 @@ static int input (yyscan_t yyscanner ); #define YY_DECL_IS_OURS 1 /* %if-c-only Standard (non-C++) definition */ -extern int signinglex \ - (YYSTYPE * yylval_param ,yyscan_t yyscanner); +extern int yylex \ + (YYSTYPE * yylval_param , yyscan_t yyscanner); -#define YY_DECL int signinglex \ +#define YY_DECL int yylex \ (YYSTYPE * yylval_param , yyscan_t yyscanner) /* %endif */ /* %if-c++-only C++ definition */ @@ -2627,7 +2842,7 @@ extern int signinglex \ /* Code executed at the end of each rule. */ #ifndef YY_BREAK -#define YY_BREAK break; +#define YY_BREAK /*LINTED*/break; #endif /* %% [6.0] YY_RULE_SETUP definition goes here */ @@ -2635,22 +2850,15 @@ extern int signinglex \ YY_USER_ACTION /* %not-for-header */ - /** The main scanner function which does all the work. */ YY_DECL { - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; + yy_state_type yy_current_state; + char *yy_cp, *yy_bp; + int yy_act; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; -/* %% [7.0] user's declarations go here */ -#line 45 "signing_policy.l" - - -#line 2650 "lex.signing.c" - yylval = yylval_param; if ( !yyg->yy_init ) @@ -2679,15 +2887,22 @@ YY_DECL /* %endif */ if ( ! YY_CURRENT_BUFFER ) { - signingensure_buffer_stack (yyscanner); + yyensure_buffer_stack (yyscanner); YY_CURRENT_BUFFER_LVALUE = - signing_create_buffer(yyin,YY_BUF_SIZE ,yyscanner); + yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); } - signing_load_buffer_state(yyscanner ); + yy_load_buffer_state( yyscanner ); } - while ( 1 ) /* loops until end-of-file is reached */ + { +/* %% [7.0] user's declarations go here */ +#line 48 "signing_policy.l" + + +#line 2903 "lex.signing.c" + + while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { /* %% [8.0] yymore()-related code goes here */ yy_cp = yyg->yy_c_buf_p; @@ -2755,93 +2970,93 @@ YY_DECL case 1: YY_RULE_SETUP -#line 47 "signing_policy.l" +#line 50 "signing_policy.l" /* ignore comments */ YY_BREAK case 2: YY_RULE_SETUP -#line 48 "signing_policy.l" +#line 51 "signing_policy.l" BEGIN(SINGLE_QUOTED); YY_BREAK case 3: /* rule 3 can match eol */ YY_RULE_SETUP -#line 50 "signing_policy.l" +#line 53 "signing_policy.l" yytext[strlen(yytext)-1]='\0'; yylval_param->string = yytext; BEGIN(INITIAL); return SUBJECTS; YY_BREAK case 4: YY_RULE_SETUP -#line 52 "signing_policy.l" +#line 55 "signing_policy.l" BEGIN(DOUBLE_QUOTED); YY_BREAK case 5: /* rule 5 can match eol */ YY_RULE_SETUP -#line 53 "signing_policy.l" +#line 56 "signing_policy.l" yytext[strlen(yytext)-1]='\0'; yylval_param->string = yytext; BEGIN(INITIAL); return SUBJECTS; YY_BREAK case 6: YY_RULE_SETUP -#line 56 "signing_policy.l" +#line 59 "signing_policy.l" return COND_SUBJECTS; YY_BREAK case 7: YY_RULE_SETUP -#line 57 "signing_policy.l" +#line 60 "signing_policy.l" return COND_BANNED; YY_BREAK case 8: YY_RULE_SETUP -#line 58 "signing_policy.l" +#line 61 "signing_policy.l" return GLOBUS; YY_BREAK case 9: YY_RULE_SETUP -#line 59 "signing_policy.l" +#line 62 "signing_policy.l" return POS_RIGHTS; YY_BREAK case 10: YY_RULE_SETUP -#line 60 "signing_policy.l" +#line 63 "signing_policy.l" return NEG_RIGHTS; YY_BREAK case 11: YY_RULE_SETUP -#line 61 "signing_policy.l" +#line 64 "signing_policy.l" return CA_SIGN; YY_BREAK case 12: YY_RULE_SETUP -#line 62 "signing_policy.l" +#line 65 "signing_policy.l" return ACCESS_ID_CA; YY_BREAK case 13: YY_RULE_SETUP -#line 63 "signing_policy.l" +#line 66 "signing_policy.l" return ACCESS_ID_ANYBODY; YY_BREAK case 14: YY_RULE_SETUP -#line 64 "signing_policy.l" +#line 67 "signing_policy.l" return X509; YY_BREAK case 15: /* rule 15 can match eol */ YY_RULE_SETUP -#line 66 "signing_policy.l" +#line 69 "signing_policy.l" YY_BREAK case 16: YY_RULE_SETUP -#line 67 "signing_policy.l" +#line 70 "signing_policy.l" YY_BREAK case 17: YY_RULE_SETUP -#line 69 "signing_policy.l" +#line 72 "signing_policy.l" ECHO; YY_BREAK -#line 2842 "lex.signing.c" +#line 3059 "lex.signing.c" case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(SINGLE_QUOTED): case YY_STATE_EOF(DOUBLE_QUOTED): @@ -2861,14 +3076,18 @@ case YY_STATE_EOF(DOUBLE_QUOTED): /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called - * signinglex(). If so, then we have to assure + * yylex(). If so, then we have to assure * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; +/* %if-c-only */ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; +/* %endif */ +/* %if-c++-only */ +/* %endif */ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } @@ -2922,7 +3141,7 @@ case YY_STATE_EOF(DOUBLE_QUOTED): { yyg->yy_did_buffer_switch_on_eof = 0; - if ( signingwrap(yyscanner ) ) + if ( yywrap( yyscanner ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -2975,12 +3194,12 @@ case YY_STATE_EOF(DOUBLE_QUOTED): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ -} /* end of signinglex */ + } /* end of user's declarations */ +} /* end of yylex */ /* %ok-for-header */ /* %if-c++-only */ /* %not-for-header */ - /* %ok-for-header */ /* %endif */ @@ -2999,9 +3218,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = yyg->yytext_ptr; - register int number_to_move, i; + char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + char *source = yyg->yytext_ptr; + int number_to_move, i; int ret_val; if ( yyg->yy_c_buf_p > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] ) @@ -3030,7 +3249,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1; + number_to_move = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr - 1); for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); @@ -3050,7 +3269,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; int yy_c_buf_p_offset = (int) (yyg->yy_c_buf_p - b->yy_ch_buf); @@ -3066,11 +3285,12 @@ static int yy_get_next_buffer (yyscan_t yyscanner) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - signingrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ,yyscanner ); + yyrealloc( (void *) b->yy_ch_buf, + (yy_size_t) (b->yy_buf_size + 2) , yyscanner ); } else /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; + b->yy_ch_buf = NULL; if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( @@ -3088,7 +3308,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - yyg->yy_n_chars, (size_t) num_to_read ); + yyg->yy_n_chars, num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars; } @@ -3098,7 +3318,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - signingrestart(yyin ,yyscanner); + yyrestart( yyin , yyscanner); } else @@ -3112,12 +3332,15 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else ret_val = EOB_ACT_CONTINUE_SCAN; - if ((yy_size_t) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + if ((yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ - yy_size_t new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) signingrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ,yyscanner ); + int new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc( + (void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf, (yy_size_t) new_size , yyscanner ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); + /* "- 2" to take care of EOB's */ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size = (int) (new_size - 2); } yyg->yy_n_chars += number_to_move; @@ -3133,14 +3356,13 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c-only */ /* %not-for-header */ - static yy_state_type yy_get_previous_state (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { - register yy_state_type yy_current_state; - register char *yy_cp; + yy_state_type yy_current_state; + char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* %% [15.0] code to get the start state into yy_current_state goes here */ @@ -3176,10 +3398,10 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - register int yy_is_jam; + int yy_is_jam; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */ /* %% [17.0] code to find the next state, and perhaps do backing up, goes here */ - register char *yy_cp = yyg->yy_c_buf_p; + char *yy_cp = yyg->yy_c_buf_p; yy_current_state = yy_NUL_trans[yy_current_state]; yy_is_jam = (yy_current_state == 0); @@ -3193,17 +3415,19 @@ static int yy_get_next_buffer (yyscan_t yyscanner) } } + (void)yyg; return yy_is_jam ? 0 : yy_current_state; } +#ifndef YY_NO_UNPUT /* %if-c-only */ - static void yyunput (int c, register char * yy_bp , yyscan_t yyscanner) + static void yyunput (int c, char * yy_bp , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { - register char *yy_cp; + char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yy_cp = yyg->yy_c_buf_p; @@ -3214,10 +3438,10 @@ static int yy_get_next_buffer (yyscan_t yyscanner) if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = yyg->yy_n_chars + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + int number_to_move = yyg->yy_n_chars + 2; + char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = + char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) @@ -3226,7 +3450,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + yyg->yy_n_chars = (int) YY_CURRENT_BUFFER_LVALUE->yy_buf_size; if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); @@ -3243,6 +3467,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c-only */ /* %endif */ +#endif /* %if-c-only */ #ifndef YY_NO_INPUT @@ -3273,7 +3498,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else { /* need more input */ - int offset = yyg->yy_c_buf_p - yyg->yytext_ptr; + int offset = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr); ++yyg->yy_c_buf_p; switch ( yy_get_next_buffer( yyscanner ) ) @@ -3290,14 +3515,14 @@ static int yy_get_next_buffer (yyscan_t yyscanner) */ /* Reset buffer status. */ - signingrestart(yyin ,yyscanner); + yyrestart( yyin , yyscanner); /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { - if ( signingwrap(yyscanner ) ) - return EOF; + if ( yywrap( yyscanner ) ) + return 0; if ( ! yyg->yy_did_buffer_switch_on_eof ) YY_NEW_FILE; @@ -3333,7 +3558,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) * @note This function does not reset the start condition to @c INITIAL . */ /* %if-c-only */ - void signingrestart (FILE * input_file , yyscan_t yyscanner) + void yyrestart (FILE * input_file , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -3341,21 +3566,24 @@ static int yy_get_next_buffer (yyscan_t yyscanner) struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if ( ! YY_CURRENT_BUFFER ){ - signingensure_buffer_stack (yyscanner); + yyensure_buffer_stack (yyscanner); YY_CURRENT_BUFFER_LVALUE = - signing_create_buffer(yyin,YY_BUF_SIZE ,yyscanner); + yy_create_buffer( yyin, YY_BUF_SIZE , yyscanner); } - signing_init_buffer(YY_CURRENT_BUFFER,input_file ,yyscanner); - signing_load_buffer_state(yyscanner ); + yy_init_buffer( YY_CURRENT_BUFFER, input_file , yyscanner); + yy_load_buffer_state( yyscanner ); } +/* %if-c++-only */ +/* %endif */ + /** Switch to a different input buffer. * @param new_buffer The new input buffer. * @param yyscanner The scanner object. */ /* %if-c-only */ - void signing_switch_to_buffer (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) + void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -3364,10 +3592,10 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* TODO. We should be able to replace this entire function body * with - * signingpop_buffer_state(); - * signingpush_buffer_state(new_buffer); + * yypop_buffer_state(); + * yypush_buffer_state(new_buffer); */ - signingensure_buffer_stack (yyscanner); + yyensure_buffer_stack (yyscanner); if ( YY_CURRENT_BUFFER == new_buffer ) return; @@ -3380,18 +3608,18 @@ static int yy_get_next_buffer (yyscan_t yyscanner) } YY_CURRENT_BUFFER_LVALUE = new_buffer; - signing_load_buffer_state(yyscanner ); + yy_load_buffer_state( yyscanner ); /* We don't actually know whether we did this switch during - * EOF (signingwrap()) processing, but the only time this flag - * is looked at is after signingwrap() is called, so it's safe + * EOF (yywrap()) processing, but the only time this flag + * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ yyg->yy_did_buffer_switch_on_eof = 1; } /* %if-c-only */ -static void signing_load_buffer_state (yyscan_t yyscanner) +static void yy_load_buffer_state (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -3399,7 +3627,11 @@ static void signing_load_buffer_state (yyscan_t yyscanner) struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; yyg->yytext_ptr = yyg->yy_c_buf_p = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; +/* %if-c-only */ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; +/* %endif */ +/* %if-c++-only */ +/* %endif */ yyg->yy_hold_char = *yyg->yy_c_buf_p; } @@ -3410,39 +3642,42 @@ static void signing_load_buffer_state (yyscan_t yyscanner) * @return the allocated buffer state. */ /* %if-c-only */ - YY_BUFFER_STATE signing_create_buffer (FILE * file, int size , yyscan_t yyscanner) + YY_BUFFER_STATE yy_create_buffer (FILE * file, int size , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { YY_BUFFER_STATE b; - b = (YY_BUFFER_STATE) signingalloc(sizeof( struct yy_buffer_state ) ,yyscanner ); + b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) , yyscanner ); if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in signing_create_buffer()" ); + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_buf_size = size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) signingalloc(b->yy_buf_size + 2 ,yyscanner ); + b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) , yyscanner ); if ( ! b->yy_ch_buf ) - YY_FATAL_ERROR( "out of dynamic memory in signing_create_buffer()" ); + YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - signing_init_buffer(b,file ,yyscanner); + yy_init_buffer( b, file , yyscanner); return b; } +/* %if-c++-only */ +/* %endif */ + /** Destroy the buffer. - * @param b a buffer created with signing_create_buffer() + * @param b a buffer created with yy_create_buffer() * @param yyscanner The scanner object. */ /* %if-c-only */ - void signing_delete_buffer (YY_BUFFER_STATE b , yyscan_t yyscanner) + void yy_delete_buffer (YY_BUFFER_STATE b , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -3456,28 +3691,17 @@ static void signing_load_buffer_state (yyscan_t yyscanner) YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - signingfree((void *) b->yy_ch_buf ,yyscanner ); + yyfree( (void *) b->yy_ch_buf , yyscanner ); - signingfree((void *) b ,yyscanner ); + yyfree( (void *) b , yyscanner ); } -/* %if-c-only */ - -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* %endif */ - -/* %if-c++-only */ -/* %endif */ - /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, - * such as during a signingrestart() or at EOF. + * such as during a yyrestart() or at EOF. */ /* %if-c-only */ - static void signing_init_buffer (YY_BUFFER_STATE b, FILE * file , yyscan_t yyscanner) + static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -3486,13 +3710,17 @@ extern int isatty (int ); int oerrno = errno; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - signing_flush_buffer(b ,yyscanner); + yy_flush_buffer( b , yyscanner); +/* %if-c-only */ b->yy_input_file = file; +/* %endif */ +/* %if-c++-only */ +/* %endif */ b->yy_fill_buffer = 1; - /* If b is the current buffer, then signing_init_buffer was _probably_ - * called from signingrestart() or through yy_get_next_buffer. + /* If b is the current buffer, then yy_init_buffer was _probably_ + * called from yyrestart() or through yy_get_next_buffer. * In that case, we don't want to reset the lineno or column. */ if (b != YY_CURRENT_BUFFER){ @@ -3515,7 +3743,7 @@ extern int isatty (int ); * @param yyscanner The scanner object. */ /* %if-c-only */ - void signing_flush_buffer (YY_BUFFER_STATE b , yyscan_t yyscanner) + void yy_flush_buffer (YY_BUFFER_STATE b , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -3539,7 +3767,7 @@ extern int isatty (int ); b->yy_buffer_status = YY_BUFFER_NEW; if ( b == YY_CURRENT_BUFFER ) - signing_load_buffer_state(yyscanner ); + yy_load_buffer_state( yyscanner ); } /* %if-c-or-c++ */ @@ -3550,7 +3778,7 @@ extern int isatty (int ); * @param yyscanner The scanner object. */ /* %if-c-only */ -void signingpush_buffer_state (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) +void yypush_buffer_state (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -3559,9 +3787,9 @@ void signingpush_buffer_state (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) if (new_buffer == NULL) return; - signingensure_buffer_stack(yyscanner); + yyensure_buffer_stack(yyscanner); - /* This block is copied from signing_switch_to_buffer. */ + /* This block is copied from yy_switch_to_buffer. */ if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ @@ -3575,8 +3803,8 @@ void signingpush_buffer_state (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) yyg->yy_buffer_stack_top++; YY_CURRENT_BUFFER_LVALUE = new_buffer; - /* copied from signing_switch_to_buffer. */ - signing_load_buffer_state(yyscanner ); + /* copied from yy_switch_to_buffer. */ + yy_load_buffer_state( yyscanner ); yyg->yy_did_buffer_switch_on_eof = 1; } /* %endif */ @@ -3587,7 +3815,7 @@ void signingpush_buffer_state (YY_BUFFER_STATE new_buffer , yyscan_t yyscanner) * @param yyscanner The scanner object. */ /* %if-c-only */ -void signingpop_buffer_state (yyscan_t yyscanner) +void yypop_buffer_state (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -3596,13 +3824,13 @@ void signingpop_buffer_state (yyscan_t yyscanner) if (!YY_CURRENT_BUFFER) return; - signing_delete_buffer(YY_CURRENT_BUFFER ,yyscanner); + yy_delete_buffer(YY_CURRENT_BUFFER , yyscanner); YY_CURRENT_BUFFER_LVALUE = NULL; if (yyg->yy_buffer_stack_top > 0) --yyg->yy_buffer_stack_top; if (YY_CURRENT_BUFFER) { - signing_load_buffer_state(yyscanner ); + yy_load_buffer_state( yyscanner ); yyg->yy_did_buffer_switch_on_eof = 1; } } @@ -3613,12 +3841,12 @@ void signingpop_buffer_state (yyscan_t yyscanner) * Guarantees space for at least one push. */ /* %if-c-only */ -static void signingensure_buffer_stack (yyscan_t yyscanner) +static void yyensure_buffer_stack (yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { - int num_to_alloc; + yy_size_t num_to_alloc; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (!yyg->yy_buffer_stack) { @@ -3627,15 +3855,15 @@ static void signingensure_buffer_stack (yyscan_t yyscanner) * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ - num_to_alloc = 1; - yyg->yy_buffer_stack = (struct yy_buffer_state**)signingalloc + num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ + yyg->yy_buffer_stack = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); if ( ! yyg->yy_buffer_stack ) - YY_FATAL_ERROR( "out of dynamic memory in signingensure_buffer_stack()" ); - + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); + memset(yyg->yy_buffer_stack, 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - + yyg->yy_buffer_stack_max = num_to_alloc; yyg->yy_buffer_stack_top = 0; return; @@ -3644,15 +3872,15 @@ static void signingensure_buffer_stack (yyscan_t yyscanner) if (yyg->yy_buffer_stack_top >= (yyg->yy_buffer_stack_max) - 1){ /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; + yy_size_t grow_size = 8 /* arbitrary grow size */; num_to_alloc = yyg->yy_buffer_stack_max + grow_size; - yyg->yy_buffer_stack = (struct yy_buffer_state**)signingrealloc + yyg->yy_buffer_stack = (struct yy_buffer_state**)yyrealloc (yyg->yy_buffer_stack, num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); if ( ! yyg->yy_buffer_stack ) - YY_FATAL_ERROR( "out of dynamic memory in signingensure_buffer_stack()" ); + YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset(yyg->yy_buffer_stack + yyg->yy_buffer_stack_max, 0, grow_size * sizeof(struct yy_buffer_state*)); @@ -3666,9 +3894,9 @@ static void signingensure_buffer_stack (yyscan_t yyscanner) * @param base the character buffer * @param size the size in bytes of the character buffer * @param yyscanner The scanner object. - * @return the newly allocated buffer state object. + * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE signing_scan_buffer (char * base, yy_size_t size , yyscan_t yyscanner) +YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size , yyscan_t yyscanner) { YY_BUFFER_STATE b; @@ -3676,53 +3904,53 @@ YY_BUFFER_STATE signing_scan_buffer (char * base, yy_size_t size , yyscan_t yy base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ - return 0; + return NULL; - b = (YY_BUFFER_STATE) signingalloc(sizeof( struct yy_buffer_state ) ,yyscanner ); + b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) , yyscanner ); if ( ! b ) - YY_FATAL_ERROR( "out of dynamic memory in signing_scan_buffer()" ); + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ + b->yy_buf_size = (int) (size - 2); /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; b->yy_is_our_buffer = 0; - b->yy_input_file = 0; + b->yy_input_file = NULL; b->yy_n_chars = b->yy_buf_size; b->yy_is_interactive = 0; b->yy_at_bol = 1; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - signing_switch_to_buffer(b ,yyscanner ); + yy_switch_to_buffer( b , yyscanner ); return b; } /* %endif */ /* %if-c-only */ -/** Setup the input buffer state to scan a string. The next call to signinglex() will +/** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. * @param yystr a NUL-terminated string to scan * @param yyscanner The scanner object. * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use - * signing_scan_bytes() instead. + * yy_scan_bytes() instead. */ -YY_BUFFER_STATE signing_scan_string (yyconst char * yystr , yyscan_t yyscanner) +YY_BUFFER_STATE yy_scan_string (const char * yystr , yyscan_t yyscanner) { - return signing_scan_bytes(yystr,strlen(yystr) ,yyscanner); + return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner); } /* %endif */ /* %if-c-only */ -/** Setup the input buffer state to scan the given bytes. The next call to signinglex() will +/** Setup the input buffer state to scan the given bytes. The next call to yylex() will * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. + * @param yybytes the byte buffer to scan + * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. * @param yyscanner The scanner object. * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE signing_scan_bytes (yyconst char * yybytes, int _yybytes_len , yyscan_t yyscanner) +YY_BUFFER_STATE yy_scan_bytes (const char * yybytes, int _yybytes_len , yyscan_t yyscanner) { YY_BUFFER_STATE b; char *buf; @@ -3730,19 +3958,19 @@ YY_BUFFER_STATE signing_scan_bytes (yyconst char * yybytes, int _yybytes_len , int i; /* Get memory for full buffer, including space for trailing EOB's. */ - n = _yybytes_len + 2; - buf = (char *) signingalloc(n ,yyscanner ); + n = (yy_size_t) (_yybytes_len + 2); + buf = (char *) yyalloc( n , yyscanner ); if ( ! buf ) - YY_FATAL_ERROR( "out of dynamic memory in signing_scan_bytes()" ); + YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); for ( i = 0; i < _yybytes_len; ++i ) buf[i] = yybytes[i]; buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - b = signing_scan_buffer(buf,n ,yyscanner); + b = yy_scan_buffer( buf, n , yyscanner); if ( ! b ) - YY_FATAL_ERROR( "bad buffer in signing_scan_bytes()" ); + YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); /* It's okay to grow etc. this buffer, and we should throw it * away when we're done. @@ -3758,9 +3986,11 @@ YY_BUFFER_STATE signing_scan_bytes (yyconst char * yybytes, int _yybytes_len , #endif /* %if-c-only */ -static void yy_fatal_error (yyconst char* msg , yyscan_t yyscanner) +static void yynoreturn yy_fatal_error (const char* msg , yyscan_t yyscanner) { - (void) fprintf( stderr, "%s\n", msg ); + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* %endif */ @@ -3792,7 +4022,7 @@ static void yy_fatal_error (yyconst char* msg , yyscan_t yyscanner) /** Get the user-defined data for this scanner. * @param yyscanner The scanner object. */ -YY_EXTRA_TYPE signingget_extra (yyscan_t yyscanner) +YY_EXTRA_TYPE yyget_extra (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyextra; @@ -3803,10 +4033,10 @@ YY_EXTRA_TYPE signingget_extra (yyscan_t yyscanner) /** Get the current line number. * @param yyscanner The scanner object. */ -int signingget_lineno (yyscan_t yyscanner) +int yyget_lineno (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - + if (! YY_CURRENT_BUFFER) return 0; @@ -3816,10 +4046,10 @@ int signingget_lineno (yyscan_t yyscanner) /** Get the current column number. * @param yyscanner The scanner object. */ -int signingget_column (yyscan_t yyscanner) +int yyget_column (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - + if (! YY_CURRENT_BUFFER) return 0; @@ -3829,7 +4059,7 @@ int signingget_column (yyscan_t yyscanner) /** Get the input stream. * @param yyscanner The scanner object. */ -FILE *signingget_in (yyscan_t yyscanner) +FILE *yyget_in (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyin; @@ -3838,7 +4068,7 @@ FILE *signingget_in (yyscan_t yyscanner) /** Get the output stream. * @param yyscanner The scanner object. */ -FILE *signingget_out (yyscan_t yyscanner) +FILE *yyget_out (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyout; @@ -3847,7 +4077,7 @@ FILE *signingget_out (yyscan_t yyscanner) /** Get the length of the current token. * @param yyscanner The scanner object. */ -int signingget_leng (yyscan_t yyscanner) +int yyget_leng (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyleng; @@ -3857,7 +4087,7 @@ int signingget_leng (yyscan_t yyscanner) * @param yyscanner The scanner object. */ -char *signingget_text (yyscan_t yyscanner) +char *yyget_text (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yytext; @@ -3869,7 +4099,7 @@ char *signingget_text (yyscan_t yyscanner) * @param user_defined The data to be associated with this scanner. * @param yyscanner The scanner object. */ -void signingset_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner) +void yyset_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyextra = user_defined ; @@ -3878,63 +4108,63 @@ void signingset_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner) /* %endif */ /** Set the current line number. - * @param line_number + * @param _line_number line number * @param yyscanner The scanner object. */ -void signingset_lineno (int line_number , yyscan_t yyscanner) +void yyset_lineno (int _line_number , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* lineno is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) - yy_fatal_error( "signingset_lineno called with no buffer" , yyscanner); + YY_FATAL_ERROR( "yyset_lineno called with no buffer" ); - yylineno = line_number; + yylineno = _line_number; } /** Set the current column. - * @param line_number + * @param _column_no column number * @param yyscanner The scanner object. */ -void signingset_column (int column_no , yyscan_t yyscanner) +void yyset_column (int _column_no , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* column is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) - yy_fatal_error( "signingset_column called with no buffer" , yyscanner); + YY_FATAL_ERROR( "yyset_column called with no buffer" ); - yycolumn = column_no; + yycolumn = _column_no; } /** Set the input stream. This does not discard the current * input buffer. - * @param in_str A readable stream. + * @param _in_str A readable stream. * @param yyscanner The scanner object. - * @see signing_switch_to_buffer + * @see yy_switch_to_buffer */ -void signingset_in (FILE * in_str , yyscan_t yyscanner) +void yyset_in (FILE * _in_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yyin = in_str ; + yyin = _in_str ; } -void signingset_out (FILE * out_str , yyscan_t yyscanner) +void yyset_out (FILE * _out_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yyout = out_str ; + yyout = _out_str ; } -int signingget_debug (yyscan_t yyscanner) +int yyget_debug (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yy_flex_debug; } -void signingset_debug (int bdebug , yyscan_t yyscanner) +void yyset_debug (int _bdebug , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yy_flex_debug = bdebug ; + yy_flex_debug = _bdebug ; } /* %endif */ @@ -3944,13 +4174,13 @@ void signingset_debug (int bdebug , yyscan_t yyscanner) /* %if-bison-bridge */ -YYSTYPE * signingget_lval (yyscan_t yyscanner) +YYSTYPE * yyget_lval (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yylval; } -void signingset_lval (YYSTYPE * yylval_param , yyscan_t yyscanner) +void yyset_lval (YYSTYPE * yylval_param , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yylval = yylval_param; @@ -3960,20 +4190,18 @@ void signingset_lval (YYSTYPE * yylval_param , yyscan_t yyscanner) /* User-visible API */ -/* signinglex_init is special because it creates the scanner itself, so it is +/* yylex_init is special because it creates the scanner itself, so it is * the ONLY reentrant function that doesn't take the scanner as the last argument. * That's why we explicitly handle the declaration, instead of using our macros. */ - -int signinglex_init(yyscan_t* ptr_yy_globals) - +int yylex_init(yyscan_t* ptr_yy_globals) { if (ptr_yy_globals == NULL){ errno = EINVAL; return 1; } - *ptr_yy_globals = (yyscan_t) signingalloc ( sizeof( struct yyguts_t ), NULL ); + *ptr_yy_globals = (yyscan_t) yyalloc ( sizeof( struct yyguts_t ), NULL ); if (*ptr_yy_globals == NULL){ errno = ENOMEM; @@ -3986,39 +4214,37 @@ int signinglex_init(yyscan_t* ptr_yy_globals) return yy_init_globals ( *ptr_yy_globals ); } -/* signinglex_init_extra has the same functionality as signinglex_init, but follows the +/* yylex_init_extra has the same functionality as yylex_init, but follows the * convention of taking the scanner as the last argument. Note however, that * this is a *pointer* to a scanner, as it will be allocated by this call (and * is the reason, too, why this function also must handle its own declaration). - * The user defined value in the first argument will be available to signingalloc in + * The user defined value in the first argument will be available to yyalloc in * the yyextra field. */ - -int signinglex_init_extra(YY_EXTRA_TYPE yy_user_defined,yyscan_t* ptr_yy_globals ) - +int yylex_init_extra( YY_EXTRA_TYPE yy_user_defined, yyscan_t* ptr_yy_globals ) { struct yyguts_t dummy_yyguts; - signingset_extra (yy_user_defined, &dummy_yyguts); + yyset_extra (yy_user_defined, &dummy_yyguts); if (ptr_yy_globals == NULL){ errno = EINVAL; return 1; } - - *ptr_yy_globals = (yyscan_t) signingalloc ( sizeof( struct yyguts_t ), &dummy_yyguts ); - + + *ptr_yy_globals = (yyscan_t) yyalloc ( sizeof( struct yyguts_t ), &dummy_yyguts ); + if (*ptr_yy_globals == NULL){ errno = ENOMEM; return 1; } - + /* By setting to 0xAA, we expose bugs in yy_init_globals. Leave at 0x00 for releases. */ memset(*ptr_yy_globals,0x00,sizeof(struct yyguts_t)); - - signingset_extra (yy_user_defined, *ptr_yy_globals); - + + yyset_extra (yy_user_defined, *ptr_yy_globals); + return yy_init_globals ( *ptr_yy_globals ); } @@ -4029,13 +4255,13 @@ static int yy_init_globals (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* Initialization is the same as for the non-reentrant scanner. - * This function is called from signinglex_destroy(), so don't allocate here. + * This function is called from yylex_destroy(), so don't allocate here. */ - yyg->yy_buffer_stack = 0; + yyg->yy_buffer_stack = NULL; yyg->yy_buffer_stack_top = 0; yyg->yy_buffer_stack_max = 0; - yyg->yy_c_buf_p = (char *) 0; + yyg->yy_c_buf_p = NULL; yyg->yy_init = 0; yyg->yy_start = 0; @@ -4048,45 +4274,45 @@ static int yy_init_globals (yyscan_t yyscanner) yyin = stdin; yyout = stdout; #else - yyin = (FILE *) 0; - yyout = (FILE *) 0; + yyin = NULL; + yyout = NULL; #endif /* For future reference: Set errno on error, since we are called by - * signinglex_init() + * yylex_init() */ return 0; } /* %endif */ /* %if-c-only SNIP! this currently causes conflicts with the c++ scanner */ -/* signinglex_destroy is for both reentrant and non-reentrant scanners. */ -int signinglex_destroy (yyscan_t yyscanner) +/* yylex_destroy is for both reentrant and non-reentrant scanners. */ +int yylex_destroy (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* Pop the buffer stack, destroying each element. */ while(YY_CURRENT_BUFFER){ - signing_delete_buffer(YY_CURRENT_BUFFER ,yyscanner ); + yy_delete_buffer( YY_CURRENT_BUFFER , yyscanner ); YY_CURRENT_BUFFER_LVALUE = NULL; - signingpop_buffer_state(yyscanner); + yypop_buffer_state(yyscanner); } /* Destroy the stack itself. */ - signingfree(yyg->yy_buffer_stack ,yyscanner); + yyfree(yyg->yy_buffer_stack , yyscanner); yyg->yy_buffer_stack = NULL; /* Destroy the start condition stack. */ - signingfree(yyg->yy_start_stack ,yyscanner ); + yyfree( yyg->yy_start_stack , yyscanner ); yyg->yy_start_stack = NULL; /* Reset the globals. This is important in a non-reentrant scanner so the next time - * signinglex() is called, initialization will occur. */ + * yylex() is called, initialization will occur. */ yy_init_globals( yyscanner); /* %if-reentrant */ /* Destroy the main struct (reentrant only). */ - signingfree ( yyscanner , yyscanner ); + yyfree ( yyscanner , yyscanner ); yyscanner = NULL; /* %endif */ return 0; @@ -4098,18 +4324,21 @@ int signinglex_destroy (yyscan_t yyscanner) */ #ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yyscanner) +static void yy_flex_strncpy (char* s1, const char * s2, int n , yyscan_t yyscanner) { - register int i; + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + + int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner) +static int yy_flex_strlen (const char * s , yyscan_t yyscanner) { - register int n; + int n; for ( n = 0; s[n]; ++n ) ; @@ -4117,13 +4346,18 @@ static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner) } #endif -void *signingalloc (yy_size_t size , yyscan_t yyscanner) +void *yyalloc (yy_size_t size , yyscan_t yyscanner) { - return (void *) malloc( size ); + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + return malloc(size); } -void *signingrealloc (void * ptr, yy_size_t size , yyscan_t yyscanner) +void *yyrealloc (void * ptr, yy_size_t size , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -4131,12 +4365,14 @@ void *signingrealloc (void * ptr, yy_size_t size , yyscan_t yyscanner) * any pointer type to void*, and deal with argument conversions * as though doing an assignment. */ - return (void *) realloc( (char *) ptr, size ); + return realloc(ptr, size); } -void signingfree (void * ptr , yyscan_t yyscanner) +void yyfree (void * ptr , yyscan_t yyscanner) { - free( (char *) ptr ); /* see signingrealloc() for (char *) cast */ + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ } /* %if-tables-serialization definitions */ @@ -4146,4 +4382,4 @@ void signingfree (void * ptr , yyscan_t yyscanner) /* %ok-for-header */ -#line 69 "signing_policy.l" +#line 72 "signing_policy.l" diff --git a/src/sslutils/namespaces.c b/src/sslutils/namespaces.c index a0064994..e228f7ef 100644 --- a/src/sslutils/namespaces.c +++ b/src/sslutils/namespaces.c @@ -1,21 +1,20 @@ +/* A Bison parser, made by GNU Bison 3.7.4. */ -/* A Bison parser, made by GNU Bison 2.4. */ +/* Bison implementation for Yacc-like parsers in C + + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, + Inc. -/* Skeleton implementation for Bison's Yacc-like parsers in C - - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 - Free Software Foundation, Inc. - This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -28,13 +27,17 @@ special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. - + This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* C LALR(1) parser skeleton written by Richard Stallman, by simplifying the original so-called "semantic" parser. */ +/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, + especially those whose name start with YY_ or yy_. They are + private implementation details that can be changed or removed. */ + /* All symbols defined below should begin with yy or YY, to avoid infringing on user name space. This should be done even for local variables, as they might otherwise be expanded by user macros. @@ -42,11 +45,11 @@ define necessary library symbols; they are noted "INFRINGES ON USER NAME SPACE" below. */ -/* Identify Bison output. */ -#define YYBISON 1 +/* Identify Bison output, and Bison version. */ +#define YYBISON 30704 -/* Bison version. */ -#define YYBISON_VERSION "2.4" +/* Bison version string. */ +#define YYBISON_VERSION "3.7.4" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -60,22 +63,15 @@ /* Pull parsers. */ #define YYPULL 1 -/* Using locations. */ -#define YYLSP_NEEDED 0 /* Substitute the variable and function names. */ #define yyparse namespacesparse #define yylex namespaceslex #define yyerror namespaceserror -#define yylval namespaceslval -#define yychar namespaceschar #define yydebug namespacesdebug #define yynerrs namespacesnerrs - -/* Copy the first part of user declarations. */ - -/* Line 189 of yacc.c */ +/* First part of user prologue. */ #line 1 "namespaces.y" /********************************************************************* @@ -114,105 +110,128 @@ char **parse_subjects(char *string); void namespaceserror(void *policies, void *scanner, char const *msg); +#line 114 "namespaces.c" -/* Line 189 of yacc.c */ -#line 119 "namespaces.c" - -/* Enabling traces. */ -#ifndef YYDEBUG -# define YYDEBUG 1 -#endif - -/* Enabling verbose error messages. */ -#ifdef YYERROR_VERBOSE -# undef YYERROR_VERBOSE -# define YYERROR_VERBOSE 1 -#else -# define YYERROR_VERBOSE 1 -#endif - -/* Enabling the token table. */ -#ifndef YYTOKEN_TABLE -# define YYTOKEN_TABLE 0 -#endif - - -/* Tokens. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - SUBJECT = 258, - TO = 259, - SELF = 260, - PERMIT = 261, - DENY = 262, - SUBJECT_WORD = 263, - ISSUER = 264 - }; -#endif - - +# ifndef YY_CAST +# ifdef __cplusplus +# define YY_CAST(Type, Val) static_cast (Val) +# define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast (Val) +# else +# define YY_CAST(Type, Val) ((Type) (Val)) +# define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val)) +# endif +# endif +# ifndef YY_NULLPTR +# if defined __cplusplus +# if 201103L <= __cplusplus +# define YY_NULLPTR nullptr +# else +# define YY_NULLPTR 0 +# endif +# else +# define YY_NULLPTR ((void*)0) +# endif +# endif -#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE +#include "namespaces.h" +/* Symbol kind. */ +enum yysymbol_kind_t { + YYSYMBOL_YYEMPTY = -2, + YYSYMBOL_YYEOF = 0, /* "end of file" */ + YYSYMBOL_YYerror = 1, /* error */ + YYSYMBOL_YYUNDEF = 2, /* "invalid token" */ + YYSYMBOL_SUBJECT = 3, /* SUBJECT */ + YYSYMBOL_TO = 4, /* TO */ + YYSYMBOL_SELF = 5, /* SELF */ + YYSYMBOL_PERMIT = 6, /* PERMIT */ + YYSYMBOL_DENY = 7, /* DENY */ + YYSYMBOL_SUBJECT_WORD = 8, /* SUBJECT_WORD */ + YYSYMBOL_ISSUER = 9, /* ISSUER */ + YYSYMBOL_YYACCEPT = 10, /* $accept */ + YYSYMBOL_eacl = 11, /* eacl */ + YYSYMBOL_rule = 12, /* rule */ + YYSYMBOL_condition = 13, /* condition */ + YYSYMBOL_permit_or_deny = 14 /* permit_or_deny */ +}; +typedef enum yysymbol_kind_t yysymbol_kind_t; -/* Line 214 of yacc.c */ -#line 45 "namespaces.y" - - char *string; - struct condition *cond; - struct policy *policy; - int integer; -/* Line 214 of yacc.c */ -#line 173 "namespaces.c" -} YYSTYPE; -# define YYSTYPE_IS_TRIVIAL 1 -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ -# define YYSTYPE_IS_DECLARED 1 +#ifdef short +# undef short #endif +/* On compilers that do not define __PTRDIFF_MAX__ etc., make sure + and (if available) are included + so that the code can choose integer types of a good width. */ -/* Copy the second part of user declarations. */ - +#ifndef __PTRDIFF_MAX__ +# include /* INFRINGES ON USER NAME SPACE */ +# if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ +# include /* INFRINGES ON USER NAME SPACE */ +# define YY_STDINT_H +# endif +#endif -/* Line 264 of yacc.c */ -#line 185 "namespaces.c" +/* Narrow types that promote to a signed type and that can represent a + signed or unsigned integer of at least N bits. In tables they can + save space and decrease cache pressure. Promoting to a signed type + helps avoid bugs in integer arithmetic. */ -#ifdef short -# undef short +#ifdef __INT_LEAST8_MAX__ +typedef __INT_LEAST8_TYPE__ yytype_int8; +#elif defined YY_STDINT_H +typedef int_least8_t yytype_int8; +#else +typedef signed char yytype_int8; #endif -#ifdef YYTYPE_UINT8 -typedef YYTYPE_UINT8 yytype_uint8; +#ifdef __INT_LEAST16_MAX__ +typedef __INT_LEAST16_TYPE__ yytype_int16; +#elif defined YY_STDINT_H +typedef int_least16_t yytype_int16; #else -typedef unsigned char yytype_uint8; +typedef short yytype_int16; #endif -#ifdef YYTYPE_INT8 -typedef YYTYPE_INT8 yytype_int8; -#elif (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -typedef signed char yytype_int8; +#if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__ +typedef __UINT_LEAST8_TYPE__ yytype_uint8; +#elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \ + && UINT_LEAST8_MAX <= INT_MAX) +typedef uint_least8_t yytype_uint8; +#elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX +typedef unsigned char yytype_uint8; #else -typedef short int yytype_int8; +typedef short yytype_uint8; #endif -#ifdef YYTYPE_UINT16 -typedef YYTYPE_UINT16 yytype_uint16; +#if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__ +typedef __UINT_LEAST16_TYPE__ yytype_uint16; +#elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \ + && UINT_LEAST16_MAX <= INT_MAX) +typedef uint_least16_t yytype_uint16; +#elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX +typedef unsigned short yytype_uint16; #else -typedef unsigned short int yytype_uint16; +typedef int yytype_uint16; #endif -#ifdef YYTYPE_INT16 -typedef YYTYPE_INT16 yytype_int16; -#else -typedef short int yytype_int16; +#ifndef YYPTRDIFF_T +# if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__ +# define YYPTRDIFF_T __PTRDIFF_TYPE__ +# define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__ +# elif defined PTRDIFF_MAX +# ifndef ptrdiff_t +# include /* INFRINGES ON USER NAME SPACE */ +# endif +# define YYPTRDIFF_T ptrdiff_t +# define YYPTRDIFF_MAXIMUM PTRDIFF_MAX +# else +# define YYPTRDIFF_T long +# define YYPTRDIFF_MAXIMUM LONG_MAX +# endif #endif #ifndef YYSIZE_T @@ -220,55 +239,100 @@ typedef short int yytype_int16; # define YYSIZE_T __SIZE_TYPE__ # elif defined size_t # define YYSIZE_T size_t -# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +# elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ # include /* INFRINGES ON USER NAME SPACE */ # define YYSIZE_T size_t # else -# define YYSIZE_T unsigned int +# define YYSIZE_T unsigned # endif #endif -#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) +#define YYSIZE_MAXIMUM \ + YY_CAST (YYPTRDIFF_T, \ + (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1) \ + ? YYPTRDIFF_MAXIMUM \ + : YY_CAST (YYSIZE_T, -1))) + +#define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X)) + + +/* Stored state numbers (used for stacks). */ +typedef yytype_int8 yy_state_t; + +/* State numbers in computations. */ +typedef int yy_state_fast_t; #ifndef YY_ -# if YYENABLE_NLS +# if defined YYENABLE_NLS && YYENABLE_NLS # if ENABLE_NLS # include /* INFRINGES ON USER NAME SPACE */ -# define YY_(msgid) dgettext ("bison-runtime", msgid) +# define YY_(Msgid) dgettext ("bison-runtime", Msgid) # endif # endif # ifndef YY_ -# define YY_(msgid) msgid +# define YY_(Msgid) Msgid +# endif +#endif + + +#ifndef YY_ATTRIBUTE_PURE +# if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__) +# define YY_ATTRIBUTE_PURE __attribute__ ((__pure__)) +# else +# define YY_ATTRIBUTE_PURE +# endif +#endif + +#ifndef YY_ATTRIBUTE_UNUSED +# if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__) +# define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) +# else +# define YY_ATTRIBUTE_UNUSED # endif #endif /* Suppress unused-variable warnings by "using" E. */ #if ! defined lint || defined __GNUC__ -# define YYUSE(e) ((void) (e)) +# define YYUSE(E) ((void) (E)) #else -# define YYUSE(e) /* empty */ +# define YYUSE(E) /* empty */ #endif -/* Identity function, used to suppress warnings about constant conditions. */ -#ifndef lint -# define YYID(n) (n) -#else -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static int -YYID (int yyi) +#if defined __GNUC__ && ! defined __ICC && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ +/* Suppress an incorrect diagnostic about yylval being uninitialized. */ +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ + _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") +# define YY_IGNORE_MAYBE_UNINITIALIZED_END \ + _Pragma ("GCC diagnostic pop") #else -static int -YYID (yyi) - int yyi; +# define YY_INITIAL_VALUE(Value) Value #endif -{ - return yyi; -} +#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN +# define YY_IGNORE_MAYBE_UNINITIALIZED_END +#endif +#ifndef YY_INITIAL_VALUE +# define YY_INITIAL_VALUE(Value) /* Nothing. */ #endif -#if ! defined yyoverflow || YYERROR_VERBOSE +#if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__ +# define YY_IGNORE_USELESS_CAST_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"") +# define YY_IGNORE_USELESS_CAST_END \ + _Pragma ("GCC diagnostic pop") +#endif +#ifndef YY_IGNORE_USELESS_CAST_BEGIN +# define YY_IGNORE_USELESS_CAST_BEGIN +# define YY_IGNORE_USELESS_CAST_END +#endif + + +#define YY_ASSERT(E) ((void) (0 && (E))) + +#if 1 /* The parser invokes alloca or malloc; define the necessary symbols. */ @@ -285,11 +349,11 @@ YYID (yyi) # define alloca _alloca # else # define YYSTACK_ALLOC alloca -# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS # include /* INFRINGES ON USER NAME SPACE */ -# ifndef _STDLIB_H -# define _STDLIB_H 1 + /* Use EXIT_SUCCESS as a witness for stdlib.h. */ +# ifndef EXIT_SUCCESS +# define EXIT_SUCCESS 0 # endif # endif # endif @@ -297,8 +361,8 @@ YYID (yyi) # endif # ifdef YYSTACK_ALLOC - /* Pacify GCC's `empty if-body' warning. */ -# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) + /* Pacify GCC's 'empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) # ifndef YYSTACK_ALLOC_MAXIMUM /* The OS might guarantee only one guard page at the bottom of the stack, and a page size can be as small as 4096 bytes. So we cannot safely @@ -312,88 +376,89 @@ YYID (yyi) # ifndef YYSTACK_ALLOC_MAXIMUM # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM # endif -# if (defined __cplusplus && ! defined _STDLIB_H \ +# if (defined __cplusplus && ! defined EXIT_SUCCESS \ && ! ((defined YYMALLOC || defined malloc) \ - && (defined YYFREE || defined free))) + && (defined YYFREE || defined free))) # include /* INFRINGES ON USER NAME SPACE */ -# ifndef _STDLIB_H -# define _STDLIB_H 1 +# ifndef EXIT_SUCCESS +# define EXIT_SUCCESS 0 # endif # endif # ifndef YYMALLOC # define YYMALLOC malloc -# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +# if ! defined malloc && ! defined EXIT_SUCCESS void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ # endif # endif # ifndef YYFREE # define YYFREE free -# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +# if ! defined free && ! defined EXIT_SUCCESS void free (void *); /* INFRINGES ON USER NAME SPACE */ # endif # endif # endif -#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ - +#endif /* 1 */ #if (! defined yyoverflow \ && (! defined __cplusplus \ - || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) + || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) /* A type that is properly aligned for any stack member. */ union yyalloc { - yytype_int16 yyss_alloc; + yy_state_t yyss_alloc; YYSTYPE yyvs_alloc; }; /* The size of the maximum gap between one aligned stack and the next. */ -# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) +# define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1) /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ - ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) -/* Copy COUNT objects from FROM to TO. The source and destination do - not overlap. */ -# ifndef YYCOPY -# if defined __GNUC__ && 1 < __GNUC__ -# define YYCOPY(To, From, Count) \ - __builtin_memcpy (To, From, (Count) * sizeof (*(From))) -# else -# define YYCOPY(To, From, Count) \ - do \ - { \ - YYSIZE_T yyi; \ - for (yyi = 0; yyi < (Count); yyi++) \ - (To)[yyi] = (From)[yyi]; \ - } \ - while (YYID (0)) -# endif -# endif +# define YYCOPY_NEEDED 1 /* Relocate STACK from its old location to the new one. The local variables YYSIZE and YYSTACKSIZE give the old and new number of elements in the stack, and YYPTR gives the new location of the stack. Advance YYPTR to a properly aligned location for the next stack. */ -# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ - do \ - { \ - YYSIZE_T yynewbytes; \ - YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ - Stack = &yyptr->Stack_alloc; \ - yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ - yyptr += yynewbytes / sizeof (*yyptr); \ - } \ - while (YYID (0)) +# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ + do \ + { \ + YYPTRDIFF_T yynewbytes; \ + YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ + Stack = &yyptr->Stack_alloc; \ + yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / YYSIZEOF (*yyptr); \ + } \ + while (0) #endif +#if defined YYCOPY_NEEDED && YYCOPY_NEEDED +/* Copy COUNT objects from SRC to DST. The source and destination do + not overlap. */ +# ifndef YYCOPY +# if defined __GNUC__ && 1 < __GNUC__ +# define YYCOPY(Dst, Src, Count) \ + __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src))) +# else +# define YYCOPY(Dst, Src, Count) \ + do \ + { \ + YYPTRDIFF_T yyi; \ + for (yyi = 0; yyi < (Count); yyi++) \ + (Dst)[yyi] = (Src)[yyi]; \ + } \ + while (0) +# endif +# endif +#endif /* !YYCOPY_NEEDED */ + /* YYFINAL -- State number of the termination state. */ #define YYFINAL 5 /* YYLAST -- Last index in YYTABLE. */ @@ -405,18 +470,23 @@ union yyalloc #define YYNNTS 5 /* YYNRULES -- Number of rules. */ #define YYNRULES 8 -/* YYNRULES -- Number of states. */ +/* YYNSTATES -- Number of states. */ #define YYNSTATES 16 -/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ -#define YYUNDEFTOK 2 +/* YYMAXUTOK -- Last valid token kind. */ #define YYMAXUTOK 264 -#define YYTRANSLATE(YYX) \ - ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) -/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ -static const yytype_uint8 yytranslate[] = +/* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM + as returned by yylex, with out-of-bounds checking. */ +#define YYTRANSLATE(YYX) \ + (0 <= (YYX) && (YYX) <= YYMAXUTOK \ + ? YY_CAST (yysymbol_kind_t, yytranslate[YYX]) \ + : YYSYMBOL_YYUNDEF) + +/* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM + as returned by yylex. */ +static const yytype_int8 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -448,96 +518,89 @@ static const yytype_uint8 yytranslate[] = }; #if YYDEBUG -/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in - YYRHS. */ -static const yytype_uint8 yyprhs[] = + /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ +static const yytype_int8 yyrline[] = { - 0, 0, 3, 5, 8, 13, 18, 22, 24 + 0, 67, 67, 68, 71, 81, 92, 107, 108 }; +#endif -/* YYRHS -- A `-1'-separated list of the rules' RHS. */ -static const yytype_int8 yyrhs[] = -{ - 11, 0, -1, 12, -1, 11, 12, -1, 4, 9, - 3, 13, -1, 4, 9, 5, 13, -1, 14, 8, - 3, -1, 6, -1, 7, -1 -}; +/** Accessing symbol of state STATE. */ +#define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State]) -/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ -static const yytype_uint8 yyrline[] = -{ - 0, 66, 66, 67, 70, 80, 91, 106, 107 -}; -#endif +#if 1 +/* The user-facing name of the symbol whose (internal) number is + YYSYMBOL. No bounds checking. */ +static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED; -#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { - "$end", "error", "$undefined", "SUBJECT", "TO", "SELF", "PERMIT", - "DENY", "SUBJECT_WORD", "ISSUER", "$accept", "eacl", "rule", "condition", - "permit_or_deny", 0 + "\"end of file\"", "error", "\"invalid token\"", "SUBJECT", "TO", + "SELF", "PERMIT", "DENY", "SUBJECT_WORD", "ISSUER", "$accept", "eacl", + "rule", "condition", "permit_or_deny", YY_NULLPTR }; + +static const char * +yysymbol_name (yysymbol_kind_t yysymbol) +{ + return yytname[yysymbol]; +} #endif -# ifdef YYPRINT -/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to - token YYLEX-NUM. */ -static const yytype_uint16 yytoknum[] = +#ifdef YYPRINT +/* YYTOKNUM[NUM] -- (External) token number corresponding to the + (internal) symbol number NUM (which must be that of a token). */ +static const yytype_int16 yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264 }; -# endif +#endif -/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ -static const yytype_uint8 yyr1[] = -{ - 0, 10, 11, 11, 12, 12, 13, 14, 14 -}; +#define YYPACT_NINF (-8) -/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ -static const yytype_uint8 yyr2[] = -{ - 0, 2, 1, 2, 4, 4, 3, 1, 1 -}; +#define yypact_value_is_default(Yyn) \ + ((Yyn) == YYPACT_NINF) -/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state - STATE-NUM when YYTABLE doesn't specify something else to do. Zero - means the default is an error. */ -static const yytype_uint8 yydefact[] = -{ - 0, 0, 0, 2, 0, 1, 3, 0, 0, 7, - 8, 4, 0, 5, 0, 6 -}; +#define YYTABLE_NINF (-1) -/* YYDEFGOTO[NTERM-NUM]. */ -static const yytype_int8 yydefgoto[] = -{ - -1, 2, 3, 11, 12 -}; +#define yytable_value_is_error(Yyn) \ + 0 -/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing - STATE-NUM. */ -#define YYPACT_NINF -8 + /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing + STATE-NUM. */ static const yytype_int8 yypact[] = { 3, -7, 0, -8, -2, -8, -8, -1, -1, -8, -8, -8, 1, -8, 5, -8 }; -/* YYPGOTO[NTERM-NUM]. */ + /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. + Performed when YYTABLE does not specify something else to do. Zero + means the default is an error. */ +static const yytype_int8 yydefact[] = +{ + 0, 0, 0, 2, 0, 1, 3, 0, 0, 7, + 8, 4, 0, 5, 0, 6 +}; + + /* YYPGOTO[NTERM-NUM]. */ static const yytype_int8 yypgoto[] = { -8, -8, 8, 4, -8 }; -/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule which - number is the opposite. If zero, do what YYDEFACT says. - If YYTABLE_NINF, syntax error. */ -#define YYTABLE_NINF -1 -static const yytype_uint8 yytable[] = + /* YYDEFGOTO[NTERM-NUM]. */ +static const yytype_int8 yydefgoto[] = +{ + -1, 2, 3, 11, 12 +}; + + /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule whose + number is the opposite. If YYTABLE_NINF, syntax error. */ +static const yytype_int8 yytable[] = { 5, 7, 4, 8, 1, 9, 10, 1, 15, 14, 6, 0, 13 @@ -549,103 +612,60 @@ static const yytype_int8 yycheck[] = 2, -1, 8 }; -/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing - symbol of state STATE-NUM. */ -static const yytype_uint8 yystos[] = + /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing + symbol of state STATE-NUM. */ +static const yytype_int8 yystos[] = { 0, 4, 11, 12, 9, 0, 12, 3, 5, 6, 7, 13, 14, 13, 8, 3 }; -#define yyerrok (yyerrstatus = 0) -#define yyclearin (yychar = YYEMPTY) -#define YYEMPTY (-2) -#define YYEOF 0 - -#define YYACCEPT goto yyacceptlab -#define YYABORT goto yyabortlab -#define YYERROR goto yyerrorlab - - -/* Like YYERROR except do call yyerror. This remains here temporarily - to ease the transition to the new meaning of YYERROR, for GCC. - Once GCC version 2 has supplanted version 1, this can go. */ + /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +static const yytype_int8 yyr1[] = +{ + 0, 10, 11, 11, 12, 12, 13, 14, 14 +}; -#define YYFAIL goto yyerrlab + /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ +static const yytype_int8 yyr2[] = +{ + 0, 2, 1, 2, 4, 4, 3, 1, 1 +}; -#define YYRECOVERING() (!!yyerrstatus) -#define YYBACKUP(Token, Value) \ -do \ - if (yychar == YYEMPTY && yylen == 1) \ - { \ - yychar = (Token); \ - yylval = (Value); \ - yytoken = YYTRANSLATE (yychar); \ - YYPOPSTACK (1); \ - goto yybackup; \ - } \ - else \ - { \ - yyerror (policies, scanner, YY_("syntax error: cannot back up")); \ - YYERROR; \ - } \ -while (YYID (0)) - - -#define YYTERROR 1 -#define YYERRCODE 256 - - -/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. - If N is 0, then set CURRENT to the empty location which ends - the previous symbol: RHS[0] (always defined). */ - -#define YYRHSLOC(Rhs, K) ((Rhs)[K]) -#ifndef YYLLOC_DEFAULT -# define YYLLOC_DEFAULT(Current, Rhs, N) \ - do \ - if (YYID (N)) \ - { \ - (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ - (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ - (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ - (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ - } \ - else \ - { \ - (Current).first_line = (Current).last_line = \ - YYRHSLOC (Rhs, 0).last_line; \ - (Current).first_column = (Current).last_column = \ - YYRHSLOC (Rhs, 0).last_column; \ - } \ - while (YYID (0)) -#endif +enum { YYENOMEM = -2 }; +#define yyerrok (yyerrstatus = 0) +#define yyclearin (yychar = YYEMPTY) -/* YY_LOCATION_PRINT -- Print the location on the stream. - This macro was not mandated originally: define only if we know - we won't break user code: when these are the locations we know. */ +#define YYACCEPT goto yyacceptlab +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrorlab -#ifndef YY_LOCATION_PRINT -# if YYLTYPE_IS_TRIVIAL -# define YY_LOCATION_PRINT(File, Loc) \ - fprintf (File, "%d.%d-%d.%d", \ - (Loc).first_line, (Loc).first_column, \ - (Loc).last_line, (Loc).last_column) -# else -# define YY_LOCATION_PRINT(File, Loc) ((void) 0) -# endif -#endif +#define YYRECOVERING() (!!yyerrstatus) -/* YYLEX -- calling `yylex' with the right arguments. */ +#define YYBACKUP(Token, Value) \ + do \ + if (yychar == YYEMPTY) \ + { \ + yychar = (Token); \ + yylval = (Value); \ + YYPOPSTACK (yylen); \ + yystate = *yyssp; \ + goto yybackup; \ + } \ + else \ + { \ + yyerror (policies, scanner, YY_("syntax error: cannot back up")); \ + YYERROR; \ + } \ + while (0) + +/* Backward compatibility with an undocumented macro. + Use YYerror or YYUNDEF. */ +#define YYERRCODE YYUNDEF -#ifdef YYLEX_PARAM -# define YYLEX yylex (&yylval, YYLEX_PARAM) -#else -# define YYLEX yylex (&yylval, scanner) -#endif /* Enable debugging if requested. */ #if YYDEBUG @@ -655,86 +675,67 @@ while (YYID (0)) # define YYFPRINTF fprintf # endif -# define YYDPRINTF(Args) \ -do { \ - if (yydebug) \ - YYFPRINTF Args; \ -} while (YYID (0)) - -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ -do { \ - if (yydebug) \ - { \ - YYFPRINTF (stderr, "%s ", Title); \ - yy_symbol_print (stderr, \ - Type, Value, policies, scanner); \ - YYFPRINTF (stderr, "\n"); \ - } \ -} while (YYID (0)) - - -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ - -/*ARGSUSED*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep, struct policy ***policies, void *scanner) -#else +# define YYDPRINTF(Args) \ +do { \ + if (yydebug) \ + YYFPRINTF Args; \ +} while (0) + +/* This macro is provided for backward compatibility. */ +# ifndef YY_LOCATION_PRINT +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +# endif + + +# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ +do { \ + if (yydebug) \ + { \ + YYFPRINTF (stderr, "%s ", Title); \ + yy_symbol_print (stderr, \ + Kind, Value, policies, scanner); \ + YYFPRINTF (stderr, "\n"); \ + } \ +} while (0) + + +/*-----------------------------------. +| Print this symbol's value on YYO. | +`-----------------------------------*/ + static void -yy_symbol_value_print (yyoutput, yytype, yyvaluep, policies, scanner) - FILE *yyoutput; - int yytype; - YYSTYPE const * const yyvaluep; - struct policy ***policies; - void *scanner; -#endif +yy_symbol_value_print (FILE *yyo, + yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep, struct policy ***policies, void *scanner) { - if (!yyvaluep) - return; + FILE *yyoutput = yyo; + YYUSE (yyoutput); YYUSE (policies); YYUSE (scanner); + if (!yyvaluep) + return; # ifdef YYPRINT - if (yytype < YYNTOKENS) - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# else - YYUSE (yyoutput); + if (yykind < YYNTOKENS) + YYPRINT (yyo, yytoknum[yykind], *yyvaluep); # endif - switch (yytype) - { - default: - break; - } + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + YYUSE (yykind); + YY_IGNORE_MAYBE_UNINITIALIZED_END } -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ +/*---------------------------. +| Print this symbol on YYO. | +`---------------------------*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep, struct policy ***policies, void *scanner) -#else static void -yy_symbol_print (yyoutput, yytype, yyvaluep, policies, scanner) - FILE *yyoutput; - int yytype; - YYSTYPE const * const yyvaluep; - struct policy ***policies; - void *scanner; -#endif +yy_symbol_print (FILE *yyo, + yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep, struct policy ***policies, void *scanner) { - if (yytype < YYNTOKENS) - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); - else - YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + YYFPRINTF (yyo, "%s %s (", + yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind)); - yy_symbol_value_print (yyoutput, yytype, yyvaluep, policies, scanner); - YYFPRINTF (yyoutput, ")"); + yy_symbol_value_print (yyo, yykind, yyvaluep, policies, scanner); + YYFPRINTF (yyo, ")"); } /*------------------------------------------------------------------. @@ -742,16 +743,8 @@ yy_symbol_print (yyoutput, yytype, yyvaluep, policies, scanner) | TOP (included). | `------------------------------------------------------------------*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) static void -yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) -#else -static void -yy_stack_print (yybottom, yytop) - yytype_int16 *yybottom; - yytype_int16 *yytop; -#endif +yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop) { YYFPRINTF (stderr, "Stack now"); for (; yybottom <= yytop; yybottom++) @@ -762,65 +755,56 @@ yy_stack_print (yybottom, yytop) YYFPRINTF (stderr, "\n"); } -# define YY_STACK_PRINT(Bottom, Top) \ -do { \ - if (yydebug) \ - yy_stack_print ((Bottom), (Top)); \ -} while (YYID (0)) +# define YY_STACK_PRINT(Bottom, Top) \ +do { \ + if (yydebug) \ + yy_stack_print ((Bottom), (Top)); \ +} while (0) /*------------------------------------------------. | Report that the YYRULE is going to be reduced. | `------------------------------------------------*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) static void -yy_reduce_print (YYSTYPE *yyvsp, int yyrule, struct policy ***policies, void *scanner) -#else -static void -yy_reduce_print (yyvsp, yyrule, policies, scanner) - YYSTYPE *yyvsp; - int yyrule; - struct policy ***policies; - void *scanner; -#endif +yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp, + int yyrule, struct policy ***policies, void *scanner) { + int yylno = yyrline[yyrule]; int yynrhs = yyr2[yyrule]; int yyi; - unsigned long int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", - yyrule - 1, yylno); + YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n", + yyrule - 1, yylno); /* The symbols being reduced. */ for (yyi = 0; yyi < yynrhs; yyi++) { YYFPRINTF (stderr, " $%d = ", yyi + 1); - yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], - &(yyvsp[(yyi + 1) - (yynrhs)]) - , policies, scanner); + yy_symbol_print (stderr, + YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]), + &yyvsp[(yyi + 1) - (yynrhs)], policies, scanner); YYFPRINTF (stderr, "\n"); } } -# define YY_REDUCE_PRINT(Rule) \ -do { \ - if (yydebug) \ - yy_reduce_print (yyvsp, Rule, policies, scanner); \ -} while (YYID (0)) +# define YY_REDUCE_PRINT(Rule) \ +do { \ + if (yydebug) \ + yy_reduce_print (yyssp, yyvsp, Rule, policies, scanner); \ +} while (0) /* Nonzero means print parse trace. It is left uninitialized so that multiple parsers can coexist. */ int yydebug; #else /* !YYDEBUG */ -# define YYDPRINTF(Args) -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) +# define YYDPRINTF(Args) ((void) 0) +# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ /* YYINITDEPTH -- initial size of the parser's stacks. */ -#ifndef YYINITDEPTH +#ifndef YYINITDEPTH # define YYINITDEPTH 200 #endif @@ -835,49 +819,81 @@ int yydebug; # define YYMAXDEPTH 10000 #endif - -#if YYERROR_VERBOSE +/* Context of a parse error. */ +typedef struct +{ + yy_state_t *yyssp; + yysymbol_kind_t yytoken; +} yypcontext_t; + +/* Put in YYARG at most YYARGN of the expected tokens given the + current YYCTX, and return the number of tokens stored in YYARG. If + YYARG is null, return the number of expected tokens (guaranteed to + be less than YYNTOKENS). Return YYENOMEM on memory exhaustion. + Return 0 if there are more than YYARGN expected tokens, yet fill + YYARG up to YYARGN. */ +static int +yypcontext_expected_tokens (const yypcontext_t *yyctx, + yysymbol_kind_t yyarg[], int yyargn) +{ + /* Actual size of YYARG. */ + int yycount = 0; + int yyn = yypact[+*yyctx->yyssp]; + if (!yypact_value_is_default (yyn)) + { + /* Start YYX at -YYN if negative to avoid negative indexes in + YYCHECK. In other words, skip the first -YYN actions for + this state because they are default actions. */ + int yyxbegin = yyn < 0 ? -yyn : 0; + /* Stay within bounds of both yycheck and yytname. */ + int yychecklim = YYLAST - yyn + 1; + int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; + int yyx; + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYSYMBOL_YYerror + && !yytable_value_is_error (yytable[yyx + yyn])) + { + if (!yyarg) + ++yycount; + else if (yycount == yyargn) + return 0; + else + yyarg[yycount++] = YY_CAST (yysymbol_kind_t, yyx); + } + } + if (yyarg && yycount == 0 && 0 < yyargn) + yyarg[0] = YYSYMBOL_YYEMPTY; + return yycount; +} + + -# ifndef yystrlen -# if defined __GLIBC__ && defined _STRING_H -# define yystrlen strlen -# else + +#ifndef yystrlen +# if defined __GLIBC__ && defined _STRING_H +# define yystrlen(S) (YY_CAST (YYPTRDIFF_T, strlen (S))) +# else /* Return the length of YYSTR. */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static YYSIZE_T +static YYPTRDIFF_T yystrlen (const char *yystr) -#else -static YYSIZE_T -yystrlen (yystr) - const char *yystr; -#endif { - YYSIZE_T yylen; + YYPTRDIFF_T yylen; for (yylen = 0; yystr[yylen]; yylen++) continue; return yylen; } -# endif # endif +#endif -# ifndef yystpcpy -# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE -# define yystpcpy stpcpy -# else +#ifndef yystpcpy +# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE +# define yystpcpy stpcpy +# else /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in YYDEST. */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) static char * yystpcpy (char *yydest, const char *yysrc) -#else -static char * -yystpcpy (yydest, yysrc) - char *yydest; - const char *yysrc; -#endif { char *yyd = yydest; const char *yys = yysrc; @@ -887,10 +903,10 @@ yystpcpy (yydest, yysrc) return yyd - 1; } -# endif # endif +#endif -# ifndef yytnamerr +#ifndef yytnamerr /* Copy to YYRES the contents of YYSTR after stripping away unnecessary quotes and backslashes, so that it's suitable for yyerror. The heuristic is that double-quoting is unnecessary unless the string @@ -898,283 +914,261 @@ yystpcpy (yydest, yysrc) backslash-backslash). YYSTR is taken from yytname. If YYRES is null, do not copy; instead, return the length of what the result would have been. */ -static YYSIZE_T +static YYPTRDIFF_T yytnamerr (char *yyres, const char *yystr) { if (*yystr == '"') { - YYSIZE_T yyn = 0; + YYPTRDIFF_T yyn = 0; char const *yyp = yystr; - for (;;) - switch (*++yyp) - { - case '\'': - case ',': - goto do_not_strip_quotes; - - case '\\': - if (*++yyp != '\\') - goto do_not_strip_quotes; - /* Fall through. */ - default: - if (yyres) - yyres[yyn] = *yyp; - yyn++; - break; - - case '"': - if (yyres) - yyres[yyn] = '\0'; - return yyn; - } + switch (*++yyp) + { + case '\'': + case ',': + goto do_not_strip_quotes; + + case '\\': + if (*++yyp != '\\') + goto do_not_strip_quotes; + else + goto append; + + append: + default: + if (yyres) + yyres[yyn] = *yyp; + yyn++; + break; + + case '"': + if (yyres) + yyres[yyn] = '\0'; + return yyn; + } do_not_strip_quotes: ; } - if (! yyres) + if (yyres) + return yystpcpy (yyres, yystr) - yyres; + else return yystrlen (yystr); - - return yystpcpy (yyres, yystr) - yyres; } -# endif +#endif -/* Copy into YYRESULT an error message about the unexpected token - YYCHAR while in state YYSTATE. Return the number of bytes copied, - including the terminating null byte. If YYRESULT is null, do not - copy anything; just return the number of bytes that would be - copied. As a special case, return 0 if an ordinary "syntax error" - message will do. Return YYSIZE_MAXIMUM if overflow occurs during - size calculation. */ -static YYSIZE_T -yysyntax_error (char *yyresult, int yystate, int yychar) -{ - int yyn = yypact[yystate]; - if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) - return 0; - else +static int +yy_syntax_error_arguments (const yypcontext_t *yyctx, + yysymbol_kind_t yyarg[], int yyargn) +{ + /* Actual size of YYARG. */ + int yycount = 0; + /* There are many possibilities here to consider: + - If this state is a consistent state with a default action, then + the only way this function was invoked is if the default action + is an error action. In that case, don't check for expected + tokens because there are none. + - The only way there can be no lookahead present (in yychar) is if + this state is a consistent state with a default action. Thus, + detecting the absence of a lookahead is sufficient to determine + that there is no unexpected or expected token to report. In that + case, just report a simple "syntax error". + - Don't assume there isn't a lookahead just because this state is a + consistent state with a default action. There might have been a + previous inconsistent state, consistent state with a non-default + action, or user semantic action that manipulated yychar. + - Of course, the expected token list depends on states to have + correct lookahead information, and it depends on the parser not + to perform extra reductions after fetching a lookahead from the + scanner and before detecting a syntax error. Thus, state merging + (from LALR or IELR) and default reductions corrupt the expected + token list. However, the list is correct for canonical LR with + one exception: it will still contain any token that will not be + accepted due to an error action in a later state. + */ + if (yyctx->yytoken != YYSYMBOL_YYEMPTY) { - int yytype = YYTRANSLATE (yychar); - YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); - YYSIZE_T yysize = yysize0; - YYSIZE_T yysize1; - int yysize_overflow = 0; - enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; - char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; - int yyx; - -# if 0 - /* This is so xgettext sees the translatable formats that are - constructed on the fly. */ - YY_("syntax error, unexpected %s"); - YY_("syntax error, unexpected %s, expecting %s"); - YY_("syntax error, unexpected %s, expecting %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); -# endif - char *yyfmt; - char const *yyf; - static char const yyunexpected[] = "syntax error, unexpected %s"; - static char const yyexpecting[] = ", expecting %s"; - static char const yyor[] = " or %s"; - char yyformat[sizeof yyunexpected - + sizeof yyexpecting - 1 - + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) - * (sizeof yyor - 1))]; - char const *yyprefix = yyexpecting; + int yyn; + if (yyarg) + yyarg[yycount] = yyctx->yytoken; + ++yycount; + yyn = yypcontext_expected_tokens (yyctx, + yyarg ? yyarg + 1 : yyarg, yyargn - 1); + if (yyn == YYENOMEM) + return YYENOMEM; + else + yycount += yyn; + } + return yycount; +} - /* Start YYX at -YYN if negative to avoid negative indexes in - YYCHECK. */ - int yyxbegin = yyn < 0 ? -yyn : 0; +/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message + about the unexpected token YYTOKEN for the state stack whose top is + YYSSP. - /* Stay within bounds of both yycheck and yytname. */ - int yychecklim = YYLAST - yyn + 1; - int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yycount = 1; + Return 0 if *YYMSG was successfully written. Return -1 if *YYMSG is + not large enough to hold the message. In that case, also set + *YYMSG_ALLOC to the required number of bytes. Return YYENOMEM if the + required number of bytes is too large to store. */ +static int +yysyntax_error (YYPTRDIFF_T *yymsg_alloc, char **yymsg, + const yypcontext_t *yyctx) +{ + enum { YYARGS_MAX = 5 }; + /* Internationalized format string. */ + const char *yyformat = YY_NULLPTR; + /* Arguments of yyformat: reported tokens (one for the "unexpected", + one per "expected"). */ + yysymbol_kind_t yyarg[YYARGS_MAX]; + /* Cumulated lengths of YYARG. */ + YYPTRDIFF_T yysize = 0; + + /* Actual size of YYARG. */ + int yycount = yy_syntax_error_arguments (yyctx, yyarg, YYARGS_MAX); + if (yycount == YYENOMEM) + return YYENOMEM; + + switch (yycount) + { +#define YYCASE_(N, S) \ + case N: \ + yyformat = S; \ + break + default: /* Avoid compiler warnings. */ + YYCASE_(0, YY_("syntax error")); + YYCASE_(1, YY_("syntax error, unexpected %s")); + YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); + YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); + YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); + YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); +#undef YYCASE_ + } - yyarg[0] = yytname[yytype]; - yyfmt = yystpcpy (yyformat, yyunexpected); + /* Compute error message size. Don't count the "%s"s, but reserve + room for the terminator. */ + yysize = yystrlen (yyformat) - 2 * yycount + 1; + { + int yyi; + for (yyi = 0; yyi < yycount; ++yyi) + { + YYPTRDIFF_T yysize1 + = yysize + yytnamerr (YY_NULLPTR, yytname[yyarg[yyi]]); + if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) + yysize = yysize1; + else + return YYENOMEM; + } + } - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) - { - if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) - { - yycount = 1; - yysize = yysize0; - yyformat[sizeof yyunexpected - 1] = '\0'; - break; - } - yyarg[yycount++] = yytname[yyx]; - yysize1 = yysize + yytnamerr (0, yytname[yyx]); - yysize_overflow |= (yysize1 < yysize); - yysize = yysize1; - yyfmt = yystpcpy (yyfmt, yyprefix); - yyprefix = yyor; - } - - yyf = YY_(yyformat); - yysize1 = yysize + yystrlen (yyf); - yysize_overflow |= (yysize1 < yysize); - yysize = yysize1; - - if (yysize_overflow) - return YYSIZE_MAXIMUM; - - if (yyresult) - { - /* Avoid sprintf, as that infringes on the user's name space. - Don't have undefined behavior even if the translation - produced a string with the wrong number of "%s"s. */ - char *yyp = yyresult; - int yyi = 0; - while ((*yyp = *yyf) != '\0') - { - if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) - { - yyp += yytnamerr (yyp, yyarg[yyi++]); - yyf += 2; - } - else - { - yyp++; - yyf++; - } - } - } - return yysize; + if (*yymsg_alloc < yysize) + { + *yymsg_alloc = 2 * yysize; + if (! (yysize <= *yymsg_alloc + && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) + *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; + return -1; } + + /* Avoid sprintf, as that infringes on the user's name space. + Don't have undefined behavior even if the translation + produced a string with the wrong number of "%s"s. */ + { + char *yyp = *yymsg; + int yyi = 0; + while ((*yyp = *yyformat) != '\0') + if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) + { + yyp += yytnamerr (yyp, yytname[yyarg[yyi++]]); + yyformat += 2; + } + else + { + ++yyp; + ++yyformat; + } + } + return 0; } -#endif /* YYERROR_VERBOSE */ - + /*-----------------------------------------------. | Release the memory associated to this symbol. | `-----------------------------------------------*/ -/*ARGSUSED*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, struct policy ***policies, void *scanner) -#else static void -yydestruct (yymsg, yytype, yyvaluep, policies, scanner) - const char *yymsg; - int yytype; - YYSTYPE *yyvaluep; - struct policy ***policies; - void *scanner; -#endif +yydestruct (const char *yymsg, + yysymbol_kind_t yykind, YYSTYPE *yyvaluep, struct policy ***policies, void *scanner) { YYUSE (yyvaluep); YYUSE (policies); YYUSE (scanner); - if (!yymsg) yymsg = "Deleting"; - YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); - - switch (yytype) - { + YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp); - default: - break; - } + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + YYUSE (yykind); + YY_IGNORE_MAYBE_UNINITIALIZED_END } -/* Prevent warnings from -Wmissing-prototypes. */ -#ifdef YYPARSE_PARAM -#if defined __STDC__ || defined __cplusplus -int yyparse (void *YYPARSE_PARAM); -#else -int yyparse (); -#endif -#else /* ! YYPARSE_PARAM */ -#if defined __STDC__ || defined __cplusplus -int yyparse (struct policy ***policies, void *scanner); -#else -int yyparse (); -#endif -#endif /* ! YYPARSE_PARAM */ -/*-------------------------. -| yyparse or yypush_parse. | -`-------------------------*/ +/*----------. +| yyparse. | +`----------*/ -#ifdef YYPARSE_PARAM -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -int -yyparse (void *YYPARSE_PARAM) -#else -int -yyparse (YYPARSE_PARAM) - void *YYPARSE_PARAM; -#endif -#else /* ! YYPARSE_PARAM */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) int yyparse (struct policy ***policies, void *scanner) -#else -int -yyparse (policies, scanner) - struct policy ***policies; - void *scanner; -#endif -#endif { -/* The lookahead symbol. */ +/* Lookahead token kind. */ int yychar; + /* The semantic value of the lookahead symbol. */ -YYSTYPE yylval; +/* Default value used for initialization, for pacifying older GCCs + or non-GCC compilers. */ +YY_INITIAL_VALUE (static YYSTYPE yyval_default;) +YYSTYPE yylval YY_INITIAL_VALUE (= yyval_default); /* Number of syntax errors so far. */ - int yynerrs; + int yynerrs = 0; - int yystate; + yy_state_fast_t yystate = 0; /* Number of tokens to shift before error messages enabled. */ - int yyerrstatus; - - /* The stacks and their tools: - `yyss': related to states. - `yyvs': related to semantic values. + int yyerrstatus = 0; - Refer to the stacks thru separate pointers, to allow yyoverflow + /* Refer to the stacks through separate pointers, to allow yyoverflow to reallocate them elsewhere. */ - /* The state stack. */ - yytype_int16 yyssa[YYINITDEPTH]; - yytype_int16 *yyss; - yytype_int16 *yyssp; + /* Their size. */ + YYPTRDIFF_T yystacksize = YYINITDEPTH; - /* The semantic value stack. */ - YYSTYPE yyvsa[YYINITDEPTH]; - YYSTYPE *yyvs; - YYSTYPE *yyvsp; + /* The state stack: array, bottom, top. */ + yy_state_t yyssa[YYINITDEPTH]; + yy_state_t *yyss = yyssa; + yy_state_t *yyssp = yyss; - YYSIZE_T yystacksize; + /* The semantic value stack: array, bottom, top. */ + YYSTYPE yyvsa[YYINITDEPTH]; + YYSTYPE *yyvs = yyvsa; + YYSTYPE *yyvsp = yyvs; int yyn; + /* The return value of yyparse. */ int yyresult; - /* Lookahead token as an internal (translated) token number. */ - int yytoken; + /* Lookahead symbol kind. */ + yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY; /* The variables used to return semantic value and location from the action routines. */ YYSTYPE yyval; -#if YYERROR_VERBOSE /* Buffer for error messages, and its allocated size. */ char yymsgbuf[128]; char *yymsg = yymsgbuf; - YYSIZE_T yymsg_alloc = sizeof yymsgbuf; -#endif + YYPTRDIFF_T yymsg_alloc = sizeof yymsgbuf; #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) @@ -1182,133 +1176,138 @@ YYSTYPE yylval; Keep to zero when no symbol should be popped. */ int yylen = 0; - yytoken = 0; - yyss = yyssa; - yyvs = yyvsa; - yystacksize = YYINITDEPTH; - YYDPRINTF ((stderr, "Starting parse\n")); - yystate = 0; - yyerrstatus = 0; - yynerrs = 0; yychar = YYEMPTY; /* Cause a token to be read. */ - - /* Initialize stack pointers. - Waste one element of value and location stack - so that they stay on the same level as the state stack. - The wasted elements are never initialized. */ - yyssp = yyss; - yyvsp = yyvs; - goto yysetstate; + /*------------------------------------------------------------. -| yynewstate -- Push a new state, which is found in yystate. | +| yynewstate -- push a new state, which is found in yystate. | `------------------------------------------------------------*/ - yynewstate: +yynewstate: /* In all cases, when you get here, the value and location stacks have just been pushed. So pushing a state here evens the stacks. */ yyssp++; - yysetstate: - *yyssp = yystate; + +/*--------------------------------------------------------------------. +| yysetstate -- set current state (the top of the stack) to yystate. | +`--------------------------------------------------------------------*/ +yysetstate: + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + YY_ASSERT (0 <= yystate && yystate < YYNSTATES); + YY_IGNORE_USELESS_CAST_BEGIN + *yyssp = YY_CAST (yy_state_t, yystate); + YY_IGNORE_USELESS_CAST_END + YY_STACK_PRINT (yyss, yyssp); if (yyss + yystacksize - 1 <= yyssp) +#if !defined yyoverflow && !defined YYSTACK_RELOCATE + goto yyexhaustedlab; +#else { /* Get the current used size of the three stacks, in elements. */ - YYSIZE_T yysize = yyssp - yyss + 1; + YYPTRDIFF_T yysize = yyssp - yyss + 1; -#ifdef yyoverflow +# if defined yyoverflow { - /* Give user a chance to reallocate the stack. Use copies of - these so that the &'s don't force the real ones into - memory. */ - YYSTYPE *yyvs1 = yyvs; - yytype_int16 *yyss1 = yyss; - - /* Each stack pointer address is followed by the size of the - data in use in that stack, in bytes. This used to be a - conditional around just the two extra args, but that might - be undefined if yyoverflow is a macro. */ - yyoverflow (YY_("memory exhausted"), - &yyss1, yysize * sizeof (*yyssp), - &yyvs1, yysize * sizeof (*yyvsp), - &yystacksize); - - yyss = yyss1; - yyvs = yyvs1; + /* Give user a chance to reallocate the stack. Use copies of + these so that the &'s don't force the real ones into + memory. */ + yy_state_t *yyss1 = yyss; + YYSTYPE *yyvs1 = yyvs; + + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. This used to be a + conditional around just the two extra args, but that might + be undefined if yyoverflow is a macro. */ + yyoverflow (YY_("memory exhausted"), + &yyss1, yysize * YYSIZEOF (*yyssp), + &yyvs1, yysize * YYSIZEOF (*yyvsp), + &yystacksize); + yyss = yyss1; + yyvs = yyvs1; } -#else /* no yyoverflow */ -# ifndef YYSTACK_RELOCATE - goto yyexhaustedlab; -# else +# else /* defined YYSTACK_RELOCATE */ /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) - goto yyexhaustedlab; + goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) - yystacksize = YYMAXDEPTH; + yystacksize = YYMAXDEPTH; { - yytype_int16 *yyss1 = yyss; - union yyalloc *yyptr = - (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); - if (! yyptr) - goto yyexhaustedlab; - YYSTACK_RELOCATE (yyss_alloc, yyss); - YYSTACK_RELOCATE (yyvs_alloc, yyvs); + yy_state_t *yyss1 = yyss; + union yyalloc *yyptr = + YY_CAST (union yyalloc *, + YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); + if (! yyptr) + goto yyexhaustedlab; + YYSTACK_RELOCATE (yyss_alloc, yyss); + YYSTACK_RELOCATE (yyvs_alloc, yyvs); # undef YYSTACK_RELOCATE - if (yyss1 != yyssa) - YYSTACK_FREE (yyss1); + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); } # endif -#endif /* no yyoverflow */ yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; - YYDPRINTF ((stderr, "Stack size increased to %lu\n", - (unsigned long int) yystacksize)); + YY_IGNORE_USELESS_CAST_BEGIN + YYDPRINTF ((stderr, "Stack size increased to %ld\n", + YY_CAST (long, yystacksize))); + YY_IGNORE_USELESS_CAST_END if (yyss + yystacksize - 1 <= yyssp) - YYABORT; + YYABORT; } - - YYDPRINTF ((stderr, "Entering state %d\n", yystate)); +#endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ if (yystate == YYFINAL) YYACCEPT; goto yybackup; + /*-----------. | yybackup. | `-----------*/ yybackup: - /* Do appropriate processing given the current state. Read a lookahead token if we need one and don't already have one. */ /* First try to decide what to do without reference to lookahead token. */ yyn = yypact[yystate]; - if (yyn == YYPACT_NINF) + if (yypact_value_is_default (yyn)) goto yydefault; /* Not known => get a lookahead token if don't already have one. */ - /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + /* YYCHAR is either empty, or end-of-input, or a valid lookahead. */ if (yychar == YYEMPTY) { - YYDPRINTF ((stderr, "Reading a token: ")); - yychar = YYLEX; + YYDPRINTF ((stderr, "Reading a token\n")); + yychar = yylex (&yylval, scanner); } if (yychar <= YYEOF) { - yychar = yytoken = YYEOF; + yychar = YYEOF; + yytoken = YYSYMBOL_YYEOF; YYDPRINTF ((stderr, "Now at end of input.\n")); } + else if (yychar == YYerror) + { + /* The scanner already issued an error message, process directly + to error recovery. But do not keep the error token as + lookahead, it is too special and may lead us to an endless + loop in error recovery. */ + yychar = YYUNDEF; + yytoken = YYSYMBOL_YYerror; + goto yyerrlab1; + } else { yytoken = YYTRANSLATE (yychar); @@ -1323,8 +1322,8 @@ YYSTYPE yylval; yyn = yytable[yyn]; if (yyn <= 0) { - if (yyn == 0 || yyn == YYTABLE_NINF) - goto yyerrlab; + if (yytable_value_is_error (yyn)) + goto yyerrlab; yyn = -yyn; goto yyreduce; } @@ -1336,13 +1335,13 @@ YYSTYPE yylval; /* Shift the lookahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - - /* Discard the shifted token. */ - yychar = YYEMPTY; - yystate = yyn; + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; + YY_IGNORE_MAYBE_UNINITIALIZED_END + /* Discard the shifted token. */ + yychar = YYEMPTY; goto yynewstate; @@ -1357,14 +1356,14 @@ YYSTYPE yylval; /*-----------------------------. -| yyreduce -- Do a reduction. | +| yyreduce -- do a reduction. | `-----------------------------*/ yyreduce: /* yyn is the number of a rule to reduce with. */ yylen = yyr2[yyn]; /* If YYLEN is nonzero, implement the default value of the action: - `$$ = $1'. + '$$ = $1'. Otherwise, the following line sets YYVAL to garbage. This behavior is undocumented and Bison @@ -1377,60 +1376,54 @@ YYSTYPE yylval; YY_REDUCE_PRINT (yyn); switch (yyn) { - case 2: - -/* Line 1455 of yacc.c */ -#line 66 "namespaces.y" - { *policies = (struct policy**)listadd((char**)*policies, (char*)((yyvsp[(1) - (1)].policy))); } - break; - - case 3: - -/* Line 1455 of yacc.c */ + case 2: /* eacl: rule */ #line 67 "namespaces.y" - { *policies = (struct policy**)listadd((char**)*policies, (char*)((yyvsp[(2) - (2)].policy))); } + { *policies = (struct policy**)listadd((char**)*policies, (char*)((yyvsp[0].policy))); } +#line 1383 "namespaces.c" break; - case 4: + case 3: /* eacl: eacl rule */ +#line 68 "namespaces.y" + { *policies = (struct policy**)listadd((char**)*policies, (char*)((yyvsp[0].policy))); } +#line 1389 "namespaces.c" + break; -/* Line 1455 of yacc.c */ -#line 70 "namespaces.y" - { + case 4: /* rule: TO ISSUER SUBJECT condition */ +#line 71 "namespaces.y" + { (yyval.policy) = (struct policy *)calloc(1, sizeof(struct policy)); if ((yyval.policy)) { (yyval.policy)->self = 0; - (yyval.policy)->caname = strdup((yyvsp[(3) - (4)].string)); - (yyval.policy)->conds = (struct condition**)listadd(NULL, (char*)((yyvsp[(4) - (4)].cond))); + (yyval.policy)->caname = strdup((yyvsp[-1].string)); + (yyval.policy)->conds = (struct condition**)listadd(NULL, (char*)((yyvsp[0].cond))); (yyval.policy)->type = TYPE_NAMESPACE; } } +#line 1404 "namespaces.c" break; - case 5: - -/* Line 1455 of yacc.c */ -#line 80 "namespaces.y" - { + case 5: /* rule: TO ISSUER SELF condition */ +#line 81 "namespaces.y" + { (yyval.policy) = (struct policy *)calloc(1, sizeof(struct policy)); if ((yyval.policy)) { (yyval.policy)->self = 1; (yyval.policy)->caname = NULL; - (yyval.policy)->conds = (struct condition**)listadd(NULL, (char*)((yyvsp[(4) - (4)].cond))); + (yyval.policy)->conds = (struct condition**)listadd(NULL, (char*)((yyvsp[0].cond))); (yyval.policy)->type = TYPE_NAMESPACE; } } +#line 1418 "namespaces.c" break; - case 6: - -/* Line 1455 of yacc.c */ -#line 91 "namespaces.y" - { + case 6: /* condition: permit_or_deny SUBJECT_WORD SUBJECT */ +#line 92 "namespaces.y" + { (yyval.cond) = (struct condition *)calloc(1, sizeof(struct condition)); if ((yyval.cond)) { - (yyval.cond)->positive = (yyvsp[(1) - (3)].integer); - (yyval.cond)->original = strdup((yyvsp[(3) - (3)].string)); + (yyval.cond)->positive = (yyvsp[-2].integer); + (yyval.cond)->original = strdup((yyvsp[0].string)); (yyval.cond)->subjects = listadd(NULL, (yyval.cond)->original); if (!(yyval.cond)->subjects) { free((yyval.cond)->original); @@ -1439,115 +1432,119 @@ YYSTYPE yylval; } } } +#line 1436 "namespaces.c" break; - case 7: - -/* Line 1455 of yacc.c */ -#line 106 "namespaces.y" - { (yyval.integer) = 1; } + case 7: /* permit_or_deny: PERMIT */ +#line 107 "namespaces.y" + { (yyval.integer) = 1; } +#line 1442 "namespaces.c" break; - case 8: - -/* Line 1455 of yacc.c */ -#line 107 "namespaces.y" - { (yyval.integer) = 0; } + case 8: /* permit_or_deny: DENY */ +#line 108 "namespaces.y" + { (yyval.integer) = 0; } +#line 1448 "namespaces.c" break; +#line 1452 "namespaces.c" -/* Line 1455 of yacc.c */ -#line 1461 "namespaces.c" default: break; } - YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); + /* User semantic actions sometimes alter yychar, and that requires + that yytoken be updated with the new translation. We take the + approach of translating immediately before every use of yytoken. + One alternative is translating here after every semantic action, + but that translation would be missed if the semantic action invokes + YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or + if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an + incorrect destructor might then be invoked immediately. In the + case of YYERROR or YYBACKUP, subsequent parser actions might lead + to an incorrect destructor call or verbose syntax error message + before the lookahead is translated. */ + YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc); YYPOPSTACK (yylen); yylen = 0; - YY_STACK_PRINT (yyss, yyssp); *++yyvsp = yyval; - /* Now `shift' the result of the reduction. Determine what state + /* Now 'shift' the result of the reduction. Determine what state that goes to, based on the state we popped back to and the rule number reduced by. */ - - yyn = yyr1[yyn]; - - yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; - if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) - yystate = yytable[yystate]; - else - yystate = yydefgoto[yyn - YYNTOKENS]; + { + const int yylhs = yyr1[yyn] - YYNTOKENS; + const int yyi = yypgoto[yylhs] + *yyssp; + yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp + ? yytable[yyi] + : yydefgoto[yylhs]); + } goto yynewstate; -/*------------------------------------. -| yyerrlab -- here on detecting error | -`------------------------------------*/ +/*--------------------------------------. +| yyerrlab -- here on detecting error. | +`--------------------------------------*/ yyerrlab: + /* Make sure we have latest lookahead translation. See comments at + user semantic actions for why this is necessary. */ + yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar); /* If not already recovering from an error, report this error. */ if (!yyerrstatus) { ++yynerrs; -#if ! YYERROR_VERBOSE - yyerror (policies, scanner, YY_("syntax error")); -#else { - YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); - if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) - { - YYSIZE_T yyalloc = 2 * yysize; - if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) - yyalloc = YYSTACK_ALLOC_MAXIMUM; - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); - yymsg = (char *) YYSTACK_ALLOC (yyalloc); - if (yymsg) - yymsg_alloc = yyalloc; - else - { - yymsg = yymsgbuf; - yymsg_alloc = sizeof yymsgbuf; - } - } - - if (0 < yysize && yysize <= yymsg_alloc) - { - (void) yysyntax_error (yymsg, yystate, yychar); - yyerror (policies, scanner, yymsg); - } - else - { - yyerror (policies, scanner, YY_("syntax error")); - if (yysize != 0) - goto yyexhaustedlab; - } + yypcontext_t yyctx + = {yyssp, yytoken}; + char const *yymsgp = YY_("syntax error"); + int yysyntax_error_status; + yysyntax_error_status = yysyntax_error (&yymsg_alloc, &yymsg, &yyctx); + if (yysyntax_error_status == 0) + yymsgp = yymsg; + else if (yysyntax_error_status == -1) + { + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); + yymsg = YY_CAST (char *, + YYSTACK_ALLOC (YY_CAST (YYSIZE_T, yymsg_alloc))); + if (yymsg) + { + yysyntax_error_status + = yysyntax_error (&yymsg_alloc, &yymsg, &yyctx); + yymsgp = yymsg; + } + else + { + yymsg = yymsgbuf; + yymsg_alloc = sizeof yymsgbuf; + yysyntax_error_status = YYENOMEM; + } + } + yyerror (policies, scanner, yymsgp); + if (yysyntax_error_status == YYENOMEM) + goto yyexhaustedlab; } -#endif } - - if (yyerrstatus == 3) { /* If just tried and failed to reuse lookahead token after an - error, discard it. */ + error, discard it. */ if (yychar <= YYEOF) - { - /* Return failure if at end of input. */ - if (yychar == YYEOF) - YYABORT; - } + { + /* Return failure if at end of input. */ + if (yychar == YYEOF) + YYABORT; + } else - { - yydestruct ("Error: discarding", - yytoken, &yylval, policies, scanner); - yychar = YYEMPTY; - } + { + yydestruct ("Error: discarding", + yytoken, &yylval, policies, scanner); + yychar = YYEMPTY; + } } /* Else will try to reuse lookahead token after shifting the error @@ -1559,14 +1556,12 @@ YYSTYPE yylval; | yyerrorlab -- error raised explicitly by YYERROR. | `---------------------------------------------------*/ yyerrorlab: + /* Pacify compilers when the user code never invokes YYERROR and the + label yyerrorlab therefore never appears in user code. */ + if (0) + YYERROR; - /* Pacify compilers like GCC when the user code never invokes - YYERROR and the label yyerrorlab therefore never appears in user - code. */ - if (/*CONSTCOND*/ 0) - goto yyerrorlab; - - /* Do not reclaim the symbols of the rule which action triggered + /* Do not reclaim the symbols of the rule whose action triggered this YYERROR. */ YYPOPSTACK (yylen); yylen = 0; @@ -1579,39 +1574,42 @@ YYSTYPE yylval; | yyerrlab1 -- common code for both syntax error and YYERROR. | `-------------------------------------------------------------*/ yyerrlab1: - yyerrstatus = 3; /* Each real token shifted decrements this. */ + yyerrstatus = 3; /* Each real token shifted decrements this. */ + /* Pop stack until we find a state that shifts the error token. */ for (;;) { yyn = yypact[yystate]; - if (yyn != YYPACT_NINF) - { - yyn += YYTERROR; - if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) - { - yyn = yytable[yyn]; - if (0 < yyn) - break; - } - } + if (!yypact_value_is_default (yyn)) + { + yyn += YYSYMBOL_YYerror; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror) + { + yyn = yytable[yyn]; + if (0 < yyn) + break; + } + } /* Pop the current state because it cannot handle the error token. */ if (yyssp == yyss) - YYABORT; + YYABORT; yydestruct ("Error: popping", - yystos[yystate], yyvsp, policies, scanner); + YY_ACCESSING_SYMBOL (yystate), yyvsp, policies, scanner); YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; + YY_IGNORE_MAYBE_UNINITIALIZED_END /* Shift the error token. */ - YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); + YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp); yystate = yyn; goto yynewstate; @@ -1624,6 +1622,7 @@ YYSTYPE yylval; yyresult = 0; goto yyreturn; + /*-----------------------------------. | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ @@ -1631,48 +1630,64 @@ YYSTYPE yylval; yyresult = 1; goto yyreturn; -#if !defined(yyoverflow) || YYERROR_VERBOSE + +#if 1 /*-------------------------------------------------. | yyexhaustedlab -- memory exhaustion comes here. | `-------------------------------------------------*/ yyexhaustedlab: yyerror (policies, scanner, YY_("memory exhausted")); yyresult = 2; - /* Fall through. */ + goto yyreturn; #endif + +/*-------------------------------------------------------. +| yyreturn -- parsing is finished, clean up and return. | +`-------------------------------------------------------*/ yyreturn: if (yychar != YYEMPTY) - yydestruct ("Cleanup: discarding lookahead", - yytoken, &yylval, policies, scanner); - /* Do not reclaim the symbols of the rule which action triggered + { + /* Make sure we have latest lookahead translation. See comments at + user semantic actions for why this is necessary. */ + yytoken = YYTRANSLATE (yychar); + yydestruct ("Cleanup: discarding lookahead", + yytoken, &yylval, policies, scanner); + } + /* Do not reclaim the symbols of the rule whose action triggered this YYABORT or YYACCEPT. */ YYPOPSTACK (yylen); YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct ("Cleanup: popping", - yystos[*yyssp], yyvsp, policies, scanner); + YY_ACCESSING_SYMBOL (+*yyssp), yyvsp, policies, scanner); YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif -#if YYERROR_VERBOSE if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); -#endif - /* Make sure YYID is used. */ - return YYID (yyresult); + return yyresult; } +#line 111 "namespaces.y" -/* Line 1675 of yacc.c */ -#line 110 "namespaces.y" +#if 0 +int main() +{ + namespacesdebug = 1; + struct policy **arg = NULL; + void *scanner=NULL; + namespaceslex_init(&scanner); + namespacesset_debug(1, scanner); + return namespacesparse(&arg, scanner); +} +#endif void namespaceserror(UNUSED(void *policies), UNUSED(void *scanner), UNUSED(char const *msg)) { } - diff --git a/src/sslutils/namespaces.h b/src/sslutils/namespaces.h index 97950b83..634d0a02 100644 --- a/src/sslutils/namespaces.h +++ b/src/sslutils/namespaces.h @@ -1,21 +1,20 @@ +/* A Bison parser, made by GNU Bison 3.7.4. */ -/* A Bison parser, made by GNU Bison 2.4. */ +/* Bison interface for Yacc-like parsers in C + + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, + Inc. -/* Skeleton interface for Bison's Yacc-like parsers in C - - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 - Free Software Foundation, Inc. - This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -28,51 +27,77 @@ special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. - + This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ +/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, + especially those whose name start with YY_ or yy_. They are + private implementation details that can be changed or removed. */ + +#ifndef YY_NAMESPACES_NAMESPACES_H_INCLUDED +# define YY_NAMESPACES_NAMESPACES_H_INCLUDED +/* Debug traces. */ +#ifndef YYDEBUG +# define YYDEBUG 1 +#endif +#if YYDEBUG +extern int namespacesdebug; +#endif -/* Tokens. */ +/* Token kinds. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - SUBJECT = 258, - TO = 259, - SELF = 260, - PERMIT = 261, - DENY = 262, - SUBJECT_WORD = 263, - ISSUER = 264 - }; + enum yytokentype + { + YYEMPTY = -2, + YYEOF = 0, /* "end of file" */ + YYerror = 256, /* error */ + YYUNDEF = 257, /* "invalid token" */ + SUBJECT = 258, /* SUBJECT */ + TO = 259, /* TO */ + SELF = 260, /* SELF */ + PERMIT = 261, /* PERMIT */ + DENY = 262, /* DENY */ + SUBJECT_WORD = 263, /* SUBJECT_WORD */ + ISSUER = 264 /* ISSUER */ + }; + typedef enum yytokentype yytoken_kind_t; #endif - - - +/* Token kinds. */ +#define YYEMPTY -2 +#define YYEOF 0 +#define YYerror 256 +#define YYUNDEF 257 +#define SUBJECT 258 +#define TO 259 +#define SELF 260 +#define PERMIT 261 +#define DENY 262 +#define SUBJECT_WORD 263 +#define ISSUER 264 + +/* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE +union YYSTYPE { - -/* Line 1676 of yacc.c */ -#line 45 "namespaces.y" +#line 46 "namespaces.y" char *string; struct condition *cond; struct policy *policy; int integer; +#line 92 "namespaces.h" - -/* Line 1676 of yacc.c */ -#line 70 "namespaces.h" -} YYSTYPE; +}; +typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 #endif +int namespacesparse (struct policy ***policies, void *scanner); +#endif /* !YY_NAMESPACES_NAMESPACES_H_INCLUDED */ diff --git a/src/sslutils/signing_policy.c b/src/sslutils/signing_policy.c index f36374b7..4e376e55 100644 --- a/src/sslutils/signing_policy.c +++ b/src/sslutils/signing_policy.c @@ -1,21 +1,20 @@ +/* A Bison parser, made by GNU Bison 3.7.4. */ -/* A Bison parser, made by GNU Bison 2.4. */ +/* Bison implementation for Yacc-like parsers in C + + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, + Inc. -/* Skeleton implementation for Bison's Yacc-like parsers in C - - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 - Free Software Foundation, Inc. - This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -28,13 +27,17 @@ special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. - + This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* C LALR(1) parser skeleton written by Richard Stallman, by simplifying the original so-called "semantic" parser. */ +/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, + especially those whose name start with YY_ or yy_. They are + private implementation details that can be changed or removed. */ + /* All symbols defined below should begin with yy or YY, to avoid infringing on user name space. This should be done even for local variables, as they might otherwise be expanded by user macros. @@ -42,11 +45,11 @@ define necessary library symbols; they are noted "INFRINGES ON USER NAME SPACE" below. */ -/* Identify Bison output. */ -#define YYBISON 1 +/* Identify Bison output, and Bison version. */ +#define YYBISON 30704 -/* Bison version. */ -#define YYBISON_VERSION "2.4" +/* Bison version string. */ +#define YYBISON_VERSION "3.7.4" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -60,22 +63,15 @@ /* Pull parsers. */ #define YYPULL 1 -/* Using locations. */ -#define YYLSP_NEEDED 0 /* Substitute the variable and function names. */ #define yyparse signingparse #define yylex signinglex #define yyerror signingerror -#define yylval signinglval -#define yychar signingchar #define yydebug signingdebug #define yynerrs signingnerrs - -/* Copy the first part of user declarations. */ - -/* Line 189 of yacc.c */ +/* First part of user prologue. */ #line 1 "signing_policy.y" /********************************************************************* @@ -116,108 +112,133 @@ char **parse_subjects(char *string); void signingerror(void *policies, void *scanner, char const *msg); +#line 116 "signing_policy.c" -/* Line 189 of yacc.c */ -#line 121 "signing_policy.c" - -/* Enabling traces. */ -#ifndef YYDEBUG -# define YYDEBUG 1 -#endif - -/* Enabling verbose error messages. */ -#ifdef YYERROR_VERBOSE -# undef YYERROR_VERBOSE -# define YYERROR_VERBOSE 1 -#else -# define YYERROR_VERBOSE 1 -#endif - -/* Enabling the token table. */ -#ifndef YYTOKEN_TABLE -# define YYTOKEN_TABLE 0 -#endif - - -/* Tokens. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - SUBJECTS = 258, - COND_SUBJECTS = 259, - COND_BANNED = 260, - GLOBUS = 261, - POS_RIGHTS = 262, - NEG_RIGHTS = 263, - CA_SIGN = 264, - ACCESS_ID_CA = 265, - ACCESS_ID_ANYBODY = 266, - X509 = 267 - }; -#endif - - +# ifndef YY_CAST +# ifdef __cplusplus +# define YY_CAST(Type, Val) static_cast (Val) +# define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast (Val) +# else +# define YY_CAST(Type, Val) ((Type) (Val)) +# define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val)) +# endif +# endif +# ifndef YY_NULLPTR +# if defined __cplusplus +# if 201103L <= __cplusplus +# define YY_NULLPTR nullptr +# else +# define YY_NULLPTR 0 +# endif +# else +# define YY_NULLPTR ((void*)0) +# endif +# endif -#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE +#include "signing_policy.h" +/* Symbol kind. */ +enum yysymbol_kind_t { + YYSYMBOL_YYEMPTY = -2, + YYSYMBOL_YYEOF = 0, /* "end of file" */ + YYSYMBOL_YYerror = 1, /* error */ + YYSYMBOL_YYUNDEF = 2, /* "invalid token" */ + YYSYMBOL_SUBJECTS = 3, /* SUBJECTS */ + YYSYMBOL_COND_SUBJECTS = 4, /* COND_SUBJECTS */ + YYSYMBOL_COND_BANNED = 5, /* COND_BANNED */ + YYSYMBOL_GLOBUS = 6, /* GLOBUS */ + YYSYMBOL_POS_RIGHTS = 7, /* POS_RIGHTS */ + YYSYMBOL_NEG_RIGHTS = 8, /* NEG_RIGHTS */ + YYSYMBOL_CA_SIGN = 9, /* CA_SIGN */ + YYSYMBOL_ACCESS_ID_CA = 10, /* ACCESS_ID_CA */ + YYSYMBOL_ACCESS_ID_ANYBODY = 11, /* ACCESS_ID_ANYBODY */ + YYSYMBOL_X509 = 12, /* X509 */ + YYSYMBOL_YYACCEPT = 13, /* $accept */ + YYSYMBOL_eacl = 14, /* eacl */ + YYSYMBOL_eacl_entry = 15, /* eacl_entry */ + YYSYMBOL_access_identities = 16, /* access_identities */ + YYSYMBOL_restrictions = 17, /* restrictions */ + YYSYMBOL_access_identity = 18, /* access_identity */ + YYSYMBOL_realcondition = 19 /* realcondition */ +}; +typedef enum yysymbol_kind_t yysymbol_kind_t; -/* Line 214 of yacc.c */ -#line 47 "signing_policy.y" - - char *string; - struct condition *cond; - struct policy *policy; - void *array; -/* Line 214 of yacc.c */ -#line 178 "signing_policy.c" -} YYSTYPE; -# define YYSTYPE_IS_TRIVIAL 1 -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ -# define YYSTYPE_IS_DECLARED 1 +#ifdef short +# undef short #endif +/* On compilers that do not define __PTRDIFF_MAX__ etc., make sure + and (if available) are included + so that the code can choose integer types of a good width. */ -/* Copy the second part of user declarations. */ - +#ifndef __PTRDIFF_MAX__ +# include /* INFRINGES ON USER NAME SPACE */ +# if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ +# include /* INFRINGES ON USER NAME SPACE */ +# define YY_STDINT_H +# endif +#endif -/* Line 264 of yacc.c */ -#line 190 "signing_policy.c" +/* Narrow types that promote to a signed type and that can represent a + signed or unsigned integer of at least N bits. In tables they can + save space and decrease cache pressure. Promoting to a signed type + helps avoid bugs in integer arithmetic. */ -#ifdef short -# undef short +#ifdef __INT_LEAST8_MAX__ +typedef __INT_LEAST8_TYPE__ yytype_int8; +#elif defined YY_STDINT_H +typedef int_least8_t yytype_int8; +#else +typedef signed char yytype_int8; #endif -#ifdef YYTYPE_UINT8 -typedef YYTYPE_UINT8 yytype_uint8; +#ifdef __INT_LEAST16_MAX__ +typedef __INT_LEAST16_TYPE__ yytype_int16; +#elif defined YY_STDINT_H +typedef int_least16_t yytype_int16; #else -typedef unsigned char yytype_uint8; +typedef short yytype_int16; #endif -#ifdef YYTYPE_INT8 -typedef YYTYPE_INT8 yytype_int8; -#elif (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -typedef signed char yytype_int8; +#if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__ +typedef __UINT_LEAST8_TYPE__ yytype_uint8; +#elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \ + && UINT_LEAST8_MAX <= INT_MAX) +typedef uint_least8_t yytype_uint8; +#elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX +typedef unsigned char yytype_uint8; #else -typedef short int yytype_int8; +typedef short yytype_uint8; #endif -#ifdef YYTYPE_UINT16 -typedef YYTYPE_UINT16 yytype_uint16; +#if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__ +typedef __UINT_LEAST16_TYPE__ yytype_uint16; +#elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \ + && UINT_LEAST16_MAX <= INT_MAX) +typedef uint_least16_t yytype_uint16; +#elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX +typedef unsigned short yytype_uint16; #else -typedef unsigned short int yytype_uint16; +typedef int yytype_uint16; #endif -#ifdef YYTYPE_INT16 -typedef YYTYPE_INT16 yytype_int16; -#else -typedef short int yytype_int16; +#ifndef YYPTRDIFF_T +# if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__ +# define YYPTRDIFF_T __PTRDIFF_TYPE__ +# define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__ +# elif defined PTRDIFF_MAX +# ifndef ptrdiff_t +# include /* INFRINGES ON USER NAME SPACE */ +# endif +# define YYPTRDIFF_T ptrdiff_t +# define YYPTRDIFF_MAXIMUM PTRDIFF_MAX +# else +# define YYPTRDIFF_T long +# define YYPTRDIFF_MAXIMUM LONG_MAX +# endif #endif #ifndef YYSIZE_T @@ -225,55 +246,100 @@ typedef short int yytype_int16; # define YYSIZE_T __SIZE_TYPE__ # elif defined size_t # define YYSIZE_T size_t -# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +# elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ # include /* INFRINGES ON USER NAME SPACE */ # define YYSIZE_T size_t # else -# define YYSIZE_T unsigned int +# define YYSIZE_T unsigned # endif #endif -#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) +#define YYSIZE_MAXIMUM \ + YY_CAST (YYPTRDIFF_T, \ + (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1) \ + ? YYPTRDIFF_MAXIMUM \ + : YY_CAST (YYSIZE_T, -1))) + +#define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X)) + + +/* Stored state numbers (used for stacks). */ +typedef yytype_int8 yy_state_t; + +/* State numbers in computations. */ +typedef int yy_state_fast_t; #ifndef YY_ -# if YYENABLE_NLS +# if defined YYENABLE_NLS && YYENABLE_NLS # if ENABLE_NLS # include /* INFRINGES ON USER NAME SPACE */ -# define YY_(msgid) dgettext ("bison-runtime", msgid) +# define YY_(Msgid) dgettext ("bison-runtime", Msgid) # endif # endif # ifndef YY_ -# define YY_(msgid) msgid +# define YY_(Msgid) Msgid +# endif +#endif + + +#ifndef YY_ATTRIBUTE_PURE +# if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__) +# define YY_ATTRIBUTE_PURE __attribute__ ((__pure__)) +# else +# define YY_ATTRIBUTE_PURE +# endif +#endif + +#ifndef YY_ATTRIBUTE_UNUSED +# if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__) +# define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) +# else +# define YY_ATTRIBUTE_UNUSED # endif #endif /* Suppress unused-variable warnings by "using" E. */ #if ! defined lint || defined __GNUC__ -# define YYUSE(e) ((void) (e)) +# define YYUSE(E) ((void) (E)) #else -# define YYUSE(e) /* empty */ +# define YYUSE(E) /* empty */ #endif -/* Identity function, used to suppress warnings about constant conditions. */ -#ifndef lint -# define YYID(n) (n) +#if defined __GNUC__ && ! defined __ICC && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ +/* Suppress an incorrect diagnostic about yylval being uninitialized. */ +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ + _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") +# define YY_IGNORE_MAYBE_UNINITIALIZED_END \ + _Pragma ("GCC diagnostic pop") #else -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static int -YYID (int yyi) -#else -static int -YYID (yyi) - int yyi; +# define YY_INITIAL_VALUE(Value) Value #endif -{ - return yyi; -} +#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN +# define YY_IGNORE_MAYBE_UNINITIALIZED_END +#endif +#ifndef YY_INITIAL_VALUE +# define YY_INITIAL_VALUE(Value) /* Nothing. */ +#endif + +#if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__ +# define YY_IGNORE_USELESS_CAST_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"") +# define YY_IGNORE_USELESS_CAST_END \ + _Pragma ("GCC diagnostic pop") +#endif +#ifndef YY_IGNORE_USELESS_CAST_BEGIN +# define YY_IGNORE_USELESS_CAST_BEGIN +# define YY_IGNORE_USELESS_CAST_END #endif -#if ! defined yyoverflow || YYERROR_VERBOSE + +#define YY_ASSERT(E) ((void) (0 && (E))) + +#if 1 /* The parser invokes alloca or malloc; define the necessary symbols. */ @@ -290,11 +356,11 @@ YYID (yyi) # define alloca _alloca # else # define YYSTACK_ALLOC alloca -# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS # include /* INFRINGES ON USER NAME SPACE */ -# ifndef _STDLIB_H -# define _STDLIB_H 1 + /* Use EXIT_SUCCESS as a witness for stdlib.h. */ +# ifndef EXIT_SUCCESS +# define EXIT_SUCCESS 0 # endif # endif # endif @@ -302,8 +368,8 @@ YYID (yyi) # endif # ifdef YYSTACK_ALLOC - /* Pacify GCC's `empty if-body' warning. */ -# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) + /* Pacify GCC's 'empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) # ifndef YYSTACK_ALLOC_MAXIMUM /* The OS might guarantee only one guard page at the bottom of the stack, and a page size can be as small as 4096 bytes. So we cannot safely @@ -317,88 +383,89 @@ YYID (yyi) # ifndef YYSTACK_ALLOC_MAXIMUM # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM # endif -# if (defined __cplusplus && ! defined _STDLIB_H \ +# if (defined __cplusplus && ! defined EXIT_SUCCESS \ && ! ((defined YYMALLOC || defined malloc) \ - && (defined YYFREE || defined free))) + && (defined YYFREE || defined free))) # include /* INFRINGES ON USER NAME SPACE */ -# ifndef _STDLIB_H -# define _STDLIB_H 1 +# ifndef EXIT_SUCCESS +# define EXIT_SUCCESS 0 # endif # endif # ifndef YYMALLOC # define YYMALLOC malloc -# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +# if ! defined malloc && ! defined EXIT_SUCCESS void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ # endif # endif # ifndef YYFREE # define YYFREE free -# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +# if ! defined free && ! defined EXIT_SUCCESS void free (void *); /* INFRINGES ON USER NAME SPACE */ # endif # endif # endif -#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ - +#endif /* 1 */ #if (! defined yyoverflow \ && (! defined __cplusplus \ - || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) + || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) /* A type that is properly aligned for any stack member. */ union yyalloc { - yytype_int16 yyss_alloc; + yy_state_t yyss_alloc; YYSTYPE yyvs_alloc; }; /* The size of the maximum gap between one aligned stack and the next. */ -# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) +# define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1) /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ - ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) -/* Copy COUNT objects from FROM to TO. The source and destination do - not overlap. */ -# ifndef YYCOPY -# if defined __GNUC__ && 1 < __GNUC__ -# define YYCOPY(To, From, Count) \ - __builtin_memcpy (To, From, (Count) * sizeof (*(From))) -# else -# define YYCOPY(To, From, Count) \ - do \ - { \ - YYSIZE_T yyi; \ - for (yyi = 0; yyi < (Count); yyi++) \ - (To)[yyi] = (From)[yyi]; \ - } \ - while (YYID (0)) -# endif -# endif +# define YYCOPY_NEEDED 1 /* Relocate STACK from its old location to the new one. The local variables YYSIZE and YYSTACKSIZE give the old and new number of elements in the stack, and YYPTR gives the new location of the stack. Advance YYPTR to a properly aligned location for the next stack. */ -# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ - do \ - { \ - YYSIZE_T yynewbytes; \ - YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ - Stack = &yyptr->Stack_alloc; \ - yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ - yyptr += yynewbytes / sizeof (*yyptr); \ - } \ - while (YYID (0)) +# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ + do \ + { \ + YYPTRDIFF_T yynewbytes; \ + YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ + Stack = &yyptr->Stack_alloc; \ + yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / YYSIZEOF (*yyptr); \ + } \ + while (0) #endif +#if defined YYCOPY_NEEDED && YYCOPY_NEEDED +/* Copy COUNT objects from SRC to DST. The source and destination do + not overlap. */ +# ifndef YYCOPY +# if defined __GNUC__ && 1 < __GNUC__ +# define YYCOPY(Dst, Src, Count) \ + __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src))) +# else +# define YYCOPY(Dst, Src, Count) \ + do \ + { \ + YYPTRDIFF_T yyi; \ + for (yyi = 0; yyi < (Count); yyi++) \ + (Dst)[yyi] = (Src)[yyi]; \ + } \ + while (0) +# endif +# endif +#endif /* !YYCOPY_NEEDED */ + /* YYFINAL -- State number of the termination state. */ #define YYFINAL 8 /* YYLAST -- Last index in YYTABLE. */ @@ -410,18 +477,23 @@ union yyalloc #define YYNNTS 7 /* YYNRULES -- Number of rules. */ #define YYNRULES 12 -/* YYNRULES -- Number of states. */ +/* YYNSTATES -- Number of states. */ #define YYNSTATES 27 -/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ -#define YYUNDEFTOK 2 +/* YYMAXUTOK -- Last valid token kind. */ #define YYMAXUTOK 267 -#define YYTRANSLATE(YYX) \ - ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) -/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ -static const yytype_uint8 yytranslate[] = +/* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM + as returned by yylex, with out-of-bounds checking. */ +#define YYTRANSLATE(YYX) \ + (0 <= (YYX) && (YYX) <= YYMAXUTOK \ + ? YY_CAST (yysymbol_kind_t, yytranslate[YYX]) \ + : YYSYMBOL_YYUNDEF) + +/* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM + as returned by yylex. */ +static const yytype_int8 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -453,88 +525,62 @@ static const yytype_uint8 yytranslate[] = }; #if YYDEBUG -/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in - YYRHS. */ -static const yytype_uint8 yyprhs[] = -{ - 0, 0, 3, 5, 8, 14, 20, 22, 24, 27, - 31, 33, 37 -}; - -/* YYRHS -- A `-1'-separated list of the rules' RHS. */ -static const yytype_int8 yyrhs[] = -{ - 14, 0, -1, 15, -1, 14, 15, -1, 16, 7, - 6, 9, 17, -1, 16, 8, 6, 9, 17, -1, - 18, -1, 19, -1, 19, 17, -1, 10, 12, 3, - -1, 11, -1, 4, 6, 3, -1, 5, 6, 3, - -1 -}; - -/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ + /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_uint8 yyrline[] = { - 0, 72, 72, 73, 75, 81, 87, 91, 94, 99, - 114, 118, 131 + 0, 73, 73, 74, 76, 82, 88, 92, 95, 100, + 115, 119, 132 }; #endif -#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE +/** Accessing symbol of state STATE. */ +#define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State]) + +#if 1 +/* The user-facing name of the symbol whose (internal) number is + YYSYMBOL. No bounds checking. */ +static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED; + /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { - "$end", "error", "$undefined", "SUBJECTS", "COND_SUBJECTS", - "COND_BANNED", "GLOBUS", "POS_RIGHTS", "NEG_RIGHTS", "CA_SIGN", - "ACCESS_ID_CA", "ACCESS_ID_ANYBODY", "X509", "$accept", "eacl", - "eacl_entry", "access_identities", "restrictions", "access_identity", - "realcondition", 0 + "\"end of file\"", "error", "\"invalid token\"", "SUBJECTS", + "COND_SUBJECTS", "COND_BANNED", "GLOBUS", "POS_RIGHTS", "NEG_RIGHTS", + "CA_SIGN", "ACCESS_ID_CA", "ACCESS_ID_ANYBODY", "X509", "$accept", + "eacl", "eacl_entry", "access_identities", "restrictions", + "access_identity", "realcondition", YY_NULLPTR }; + +static const char * +yysymbol_name (yysymbol_kind_t yysymbol) +{ + return yytname[yysymbol]; +} #endif -# ifdef YYPRINT -/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to - token YYLEX-NUM. */ -static const yytype_uint16 yytoknum[] = +#ifdef YYPRINT +/* YYTOKNUM[NUM] -- (External) token number corresponding to the + (internal) symbol number NUM (which must be that of a token). */ +static const yytype_int16 yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267 }; -# endif +#endif -/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ -static const yytype_uint8 yyr1[] = -{ - 0, 13, 14, 14, 15, 15, 16, 17, 17, 18, - 18, 19, 19 -}; +#define YYPACT_NINF (-16) -/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ -static const yytype_uint8 yyr2[] = -{ - 0, 2, 1, 2, 5, 5, 1, 1, 2, 3, - 1, 3, 3 -}; +#define yypact_value_is_default(Yyn) \ + ((Yyn) == YYPACT_NINF) -/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state - STATE-NUM when YYTABLE doesn't specify something else to do. Zero - means the default is an error. */ -static const yytype_uint8 yydefact[] = -{ - 0, 0, 10, 0, 2, 0, 6, 0, 1, 3, - 0, 0, 9, 0, 0, 0, 0, 0, 0, 4, - 7, 5, 0, 0, 8, 11, 12 -}; +#define YYTABLE_NINF (-1) -/* YYDEFGOTO[NTERM-NUM]. */ -static const yytype_int8 yydefgoto[] = -{ - -1, 3, 4, 5, 19, 6, 20 -}; +#define yytable_value_is_error(Yyn) \ + 0 -/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing - STATE-NUM. */ -#define YYPACT_NINF -16 + /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing + STATE-NUM. */ static const yytype_int8 yypact[] = { -8, 1, -16, 0, -16, -1, -16, 9, -16, -16, @@ -542,129 +588,102 @@ static const yytype_int8 yypact[] = 4, -16, 16, 17, -16, -16, -16 }; -/* YYPGOTO[NTERM-NUM]. */ + /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. + Performed when YYTABLE does not specify something else to do. Zero + means the default is an error. */ +static const yytype_int8 yydefact[] = +{ + 0, 0, 10, 0, 2, 0, 6, 0, 1, 3, + 0, 0, 9, 0, 0, 0, 0, 0, 0, 4, + 7, 5, 0, 0, 8, 11, 12 +}; + + /* YYPGOTO[NTERM-NUM]. */ static const yytype_int8 yypgoto[] = { -16, -16, 18, -16, -15, -16, -16 }; -/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule which - number is the opposite. If zero, do what YYDEFACT says. - If YYTABLE_NINF, syntax error. */ -#define YYTABLE_NINF -1 -static const yytype_uint8 yytable[] = + /* YYDEFGOTO[NTERM-NUM]. */ +static const yytype_int8 yydefgoto[] = +{ + -1, 3, 4, 5, 19, 6, 20 +}; + + /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule whose + number is the opposite. If YYTABLE_NINF, syntax error. */ +static const yytype_int8 yytable[] = { 8, 21, 1, 2, 13, 24, 10, 11, 17, 18, 1, 2, 12, 7, 14, 15, 16, 22, 23, 25, 26, 9 }; -static const yytype_uint8 yycheck[] = +static const yytype_int8 yycheck[] = { 0, 16, 10, 11, 6, 20, 7, 8, 4, 5, 10, 11, 3, 12, 6, 9, 9, 6, 6, 3, 3, 3 }; -/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing - symbol of state STATE-NUM. */ -static const yytype_uint8 yystos[] = + /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing + symbol of state STATE-NUM. */ +static const yytype_int8 yystos[] = { 0, 10, 11, 14, 15, 16, 18, 12, 0, 15, 7, 8, 3, 6, 6, 9, 9, 4, 5, 17, 19, 17, 6, 6, 17, 3, 3 }; -#define yyerrok (yyerrstatus = 0) -#define yyclearin (yychar = YYEMPTY) -#define YYEMPTY (-2) -#define YYEOF 0 - -#define YYACCEPT goto yyacceptlab -#define YYABORT goto yyabortlab -#define YYERROR goto yyerrorlab - + /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +static const yytype_int8 yyr1[] = +{ + 0, 13, 14, 14, 15, 15, 16, 17, 17, 18, + 18, 19, 19 +}; -/* Like YYERROR except do call yyerror. This remains here temporarily - to ease the transition to the new meaning of YYERROR, for GCC. - Once GCC version 2 has supplanted version 1, this can go. */ + /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ +static const yytype_int8 yyr2[] = +{ + 0, 2, 1, 2, 5, 5, 1, 1, 2, 3, + 1, 3, 3 +}; -#define YYFAIL goto yyerrlab -#define YYRECOVERING() (!!yyerrstatus) +enum { YYENOMEM = -2 }; -#define YYBACKUP(Token, Value) \ -do \ - if (yychar == YYEMPTY && yylen == 1) \ - { \ - yychar = (Token); \ - yylval = (Value); \ - yytoken = YYTRANSLATE (yychar); \ - YYPOPSTACK (1); \ - goto yybackup; \ - } \ - else \ - { \ - yyerror (policies, scanner, YY_("syntax error: cannot back up")); \ - YYERROR; \ - } \ -while (YYID (0)) - - -#define YYTERROR 1 -#define YYERRCODE 256 - - -/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. - If N is 0, then set CURRENT to the empty location which ends - the previous symbol: RHS[0] (always defined). */ - -#define YYRHSLOC(Rhs, K) ((Rhs)[K]) -#ifndef YYLLOC_DEFAULT -# define YYLLOC_DEFAULT(Current, Rhs, N) \ - do \ - if (YYID (N)) \ - { \ - (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ - (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ - (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ - (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ - } \ - else \ - { \ - (Current).first_line = (Current).last_line = \ - YYRHSLOC (Rhs, 0).last_line; \ - (Current).first_column = (Current).last_column = \ - YYRHSLOC (Rhs, 0).last_column; \ - } \ - while (YYID (0)) -#endif +#define yyerrok (yyerrstatus = 0) +#define yyclearin (yychar = YYEMPTY) +#define YYACCEPT goto yyacceptlab +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrorlab -/* YY_LOCATION_PRINT -- Print the location on the stream. - This macro was not mandated originally: define only if we know - we won't break user code: when these are the locations we know. */ -#ifndef YY_LOCATION_PRINT -# if YYLTYPE_IS_TRIVIAL -# define YY_LOCATION_PRINT(File, Loc) \ - fprintf (File, "%d.%d-%d.%d", \ - (Loc).first_line, (Loc).first_column, \ - (Loc).last_line, (Loc).last_column) -# else -# define YY_LOCATION_PRINT(File, Loc) ((void) 0) -# endif -#endif +#define YYRECOVERING() (!!yyerrstatus) +#define YYBACKUP(Token, Value) \ + do \ + if (yychar == YYEMPTY) \ + { \ + yychar = (Token); \ + yylval = (Value); \ + YYPOPSTACK (yylen); \ + yystate = *yyssp; \ + goto yybackup; \ + } \ + else \ + { \ + yyerror (policies, scanner, YY_("syntax error: cannot back up")); \ + YYERROR; \ + } \ + while (0) + +/* Backward compatibility with an undocumented macro. + Use YYerror or YYUNDEF. */ +#define YYERRCODE YYUNDEF -/* YYLEX -- calling `yylex' with the right arguments. */ - -#ifdef YYLEX_PARAM -# define YYLEX yylex (&yylval, YYLEX_PARAM) -#else -# define YYLEX yylex (&yylval, scanner) -#endif /* Enable debugging if requested. */ #if YYDEBUG @@ -674,86 +693,67 @@ while (YYID (0)) # define YYFPRINTF fprintf # endif -# define YYDPRINTF(Args) \ -do { \ - if (yydebug) \ - YYFPRINTF Args; \ -} while (YYID (0)) - -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ -do { \ - if (yydebug) \ - { \ - YYFPRINTF (stderr, "%s ", Title); \ - yy_symbol_print (stderr, \ - Type, Value, policies, scanner); \ - YYFPRINTF (stderr, "\n"); \ - } \ -} while (YYID (0)) - - -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ - -/*ARGSUSED*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep, struct policy ***policies, void *scanner) -#else +# define YYDPRINTF(Args) \ +do { \ + if (yydebug) \ + YYFPRINTF Args; \ +} while (0) + +/* This macro is provided for backward compatibility. */ +# ifndef YY_LOCATION_PRINT +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +# endif + + +# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ +do { \ + if (yydebug) \ + { \ + YYFPRINTF (stderr, "%s ", Title); \ + yy_symbol_print (stderr, \ + Kind, Value, policies, scanner); \ + YYFPRINTF (stderr, "\n"); \ + } \ +} while (0) + + +/*-----------------------------------. +| Print this symbol's value on YYO. | +`-----------------------------------*/ + static void -yy_symbol_value_print (yyoutput, yytype, yyvaluep, policies, scanner) - FILE *yyoutput; - int yytype; - YYSTYPE const * const yyvaluep; - struct policy ***policies; - void *scanner; -#endif +yy_symbol_value_print (FILE *yyo, + yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep, struct policy ***policies, void *scanner) { - if (!yyvaluep) - return; + FILE *yyoutput = yyo; + YYUSE (yyoutput); YYUSE (policies); YYUSE (scanner); + if (!yyvaluep) + return; # ifdef YYPRINT - if (yytype < YYNTOKENS) - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# else - YYUSE (yyoutput); + if (yykind < YYNTOKENS) + YYPRINT (yyo, yytoknum[yykind], *yyvaluep); # endif - switch (yytype) - { - default: - break; - } + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + YYUSE (yykind); + YY_IGNORE_MAYBE_UNINITIALIZED_END } -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ +/*---------------------------. +| Print this symbol on YYO. | +`---------------------------*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) static void -yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep, struct policy ***policies, void *scanner) -#else -static void -yy_symbol_print (yyoutput, yytype, yyvaluep, policies, scanner) - FILE *yyoutput; - int yytype; - YYSTYPE const * const yyvaluep; - struct policy ***policies; - void *scanner; -#endif +yy_symbol_print (FILE *yyo, + yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep, struct policy ***policies, void *scanner) { - if (yytype < YYNTOKENS) - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); - else - YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + YYFPRINTF (yyo, "%s %s (", + yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind)); - yy_symbol_value_print (yyoutput, yytype, yyvaluep, policies, scanner); - YYFPRINTF (yyoutput, ")"); + yy_symbol_value_print (yyo, yykind, yyvaluep, policies, scanner); + YYFPRINTF (yyo, ")"); } /*------------------------------------------------------------------. @@ -761,16 +761,8 @@ yy_symbol_print (yyoutput, yytype, yyvaluep, policies, scanner) | TOP (included). | `------------------------------------------------------------------*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) -#else static void -yy_stack_print (yybottom, yytop) - yytype_int16 *yybottom; - yytype_int16 *yytop; -#endif +yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop) { YYFPRINTF (stderr, "Stack now"); for (; yybottom <= yytop; yybottom++) @@ -781,65 +773,56 @@ yy_stack_print (yybottom, yytop) YYFPRINTF (stderr, "\n"); } -# define YY_STACK_PRINT(Bottom, Top) \ -do { \ - if (yydebug) \ - yy_stack_print ((Bottom), (Top)); \ -} while (YYID (0)) +# define YY_STACK_PRINT(Bottom, Top) \ +do { \ + if (yydebug) \ + yy_stack_print ((Bottom), (Top)); \ +} while (0) /*------------------------------------------------. | Report that the YYRULE is going to be reduced. | `------------------------------------------------*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) static void -yy_reduce_print (YYSTYPE *yyvsp, int yyrule, struct policy ***policies, void *scanner) -#else -static void -yy_reduce_print (yyvsp, yyrule, policies, scanner) - YYSTYPE *yyvsp; - int yyrule; - struct policy ***policies; - void *scanner; -#endif +yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp, + int yyrule, struct policy ***policies, void *scanner) { + int yylno = yyrline[yyrule]; int yynrhs = yyr2[yyrule]; int yyi; - unsigned long int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", - yyrule - 1, yylno); + YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n", + yyrule - 1, yylno); /* The symbols being reduced. */ for (yyi = 0; yyi < yynrhs; yyi++) { YYFPRINTF (stderr, " $%d = ", yyi + 1); - yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], - &(yyvsp[(yyi + 1) - (yynrhs)]) - , policies, scanner); + yy_symbol_print (stderr, + YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]), + &yyvsp[(yyi + 1) - (yynrhs)], policies, scanner); YYFPRINTF (stderr, "\n"); } } -# define YY_REDUCE_PRINT(Rule) \ -do { \ - if (yydebug) \ - yy_reduce_print (yyvsp, Rule, policies, scanner); \ -} while (YYID (0)) +# define YY_REDUCE_PRINT(Rule) \ +do { \ + if (yydebug) \ + yy_reduce_print (yyssp, yyvsp, Rule, policies, scanner); \ +} while (0) /* Nonzero means print parse trace. It is left uninitialized so that multiple parsers can coexist. */ int yydebug; #else /* !YYDEBUG */ -# define YYDPRINTF(Args) -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) +# define YYDPRINTF(Args) ((void) 0) +# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ /* YYINITDEPTH -- initial size of the parser's stacks. */ -#ifndef YYINITDEPTH +#ifndef YYINITDEPTH # define YYINITDEPTH 200 #endif @@ -854,49 +837,81 @@ int yydebug; # define YYMAXDEPTH 10000 #endif - -#if YYERROR_VERBOSE +/* Context of a parse error. */ +typedef struct +{ + yy_state_t *yyssp; + yysymbol_kind_t yytoken; +} yypcontext_t; + +/* Put in YYARG at most YYARGN of the expected tokens given the + current YYCTX, and return the number of tokens stored in YYARG. If + YYARG is null, return the number of expected tokens (guaranteed to + be less than YYNTOKENS). Return YYENOMEM on memory exhaustion. + Return 0 if there are more than YYARGN expected tokens, yet fill + YYARG up to YYARGN. */ +static int +yypcontext_expected_tokens (const yypcontext_t *yyctx, + yysymbol_kind_t yyarg[], int yyargn) +{ + /* Actual size of YYARG. */ + int yycount = 0; + int yyn = yypact[+*yyctx->yyssp]; + if (!yypact_value_is_default (yyn)) + { + /* Start YYX at -YYN if negative to avoid negative indexes in + YYCHECK. In other words, skip the first -YYN actions for + this state because they are default actions. */ + int yyxbegin = yyn < 0 ? -yyn : 0; + /* Stay within bounds of both yycheck and yytname. */ + int yychecklim = YYLAST - yyn + 1; + int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; + int yyx; + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYSYMBOL_YYerror + && !yytable_value_is_error (yytable[yyx + yyn])) + { + if (!yyarg) + ++yycount; + else if (yycount == yyargn) + return 0; + else + yyarg[yycount++] = YY_CAST (yysymbol_kind_t, yyx); + } + } + if (yyarg && yycount == 0 && 0 < yyargn) + yyarg[0] = YYSYMBOL_YYEMPTY; + return yycount; +} + + -# ifndef yystrlen -# if defined __GLIBC__ && defined _STRING_H -# define yystrlen strlen -# else + +#ifndef yystrlen +# if defined __GLIBC__ && defined _STRING_H +# define yystrlen(S) (YY_CAST (YYPTRDIFF_T, strlen (S))) +# else /* Return the length of YYSTR. */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static YYSIZE_T +static YYPTRDIFF_T yystrlen (const char *yystr) -#else -static YYSIZE_T -yystrlen (yystr) - const char *yystr; -#endif { - YYSIZE_T yylen; + YYPTRDIFF_T yylen; for (yylen = 0; yystr[yylen]; yylen++) continue; return yylen; } -# endif # endif +#endif -# ifndef yystpcpy -# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE -# define yystpcpy stpcpy -# else +#ifndef yystpcpy +# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE +# define yystpcpy stpcpy +# else /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in YYDEST. */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) static char * yystpcpy (char *yydest, const char *yysrc) -#else -static char * -yystpcpy (yydest, yysrc) - char *yydest; - const char *yysrc; -#endif { char *yyd = yydest; const char *yys = yysrc; @@ -906,10 +921,10 @@ yystpcpy (yydest, yysrc) return yyd - 1; } -# endif # endif +#endif -# ifndef yytnamerr +#ifndef yytnamerr /* Copy to YYRES the contents of YYSTR after stripping away unnecessary quotes and backslashes, so that it's suitable for yyerror. The heuristic is that double-quoting is unnecessary unless the string @@ -917,283 +932,261 @@ yystpcpy (yydest, yysrc) backslash-backslash). YYSTR is taken from yytname. If YYRES is null, do not copy; instead, return the length of what the result would have been. */ -static YYSIZE_T +static YYPTRDIFF_T yytnamerr (char *yyres, const char *yystr) { if (*yystr == '"') { - YYSIZE_T yyn = 0; + YYPTRDIFF_T yyn = 0; char const *yyp = yystr; - for (;;) - switch (*++yyp) - { - case '\'': - case ',': - goto do_not_strip_quotes; - - case '\\': - if (*++yyp != '\\') - goto do_not_strip_quotes; - /* Fall through. */ - default: - if (yyres) - yyres[yyn] = *yyp; - yyn++; - break; - - case '"': - if (yyres) - yyres[yyn] = '\0'; - return yyn; - } + switch (*++yyp) + { + case '\'': + case ',': + goto do_not_strip_quotes; + + case '\\': + if (*++yyp != '\\') + goto do_not_strip_quotes; + else + goto append; + + append: + default: + if (yyres) + yyres[yyn] = *yyp; + yyn++; + break; + + case '"': + if (yyres) + yyres[yyn] = '\0'; + return yyn; + } do_not_strip_quotes: ; } - if (! yyres) + if (yyres) + return yystpcpy (yyres, yystr) - yyres; + else return yystrlen (yystr); - - return yystpcpy (yyres, yystr) - yyres; } -# endif +#endif -/* Copy into YYRESULT an error message about the unexpected token - YYCHAR while in state YYSTATE. Return the number of bytes copied, - including the terminating null byte. If YYRESULT is null, do not - copy anything; just return the number of bytes that would be - copied. As a special case, return 0 if an ordinary "syntax error" - message will do. Return YYSIZE_MAXIMUM if overflow occurs during - size calculation. */ -static YYSIZE_T -yysyntax_error (char *yyresult, int yystate, int yychar) -{ - int yyn = yypact[yystate]; - if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) - return 0; - else +static int +yy_syntax_error_arguments (const yypcontext_t *yyctx, + yysymbol_kind_t yyarg[], int yyargn) +{ + /* Actual size of YYARG. */ + int yycount = 0; + /* There are many possibilities here to consider: + - If this state is a consistent state with a default action, then + the only way this function was invoked is if the default action + is an error action. In that case, don't check for expected + tokens because there are none. + - The only way there can be no lookahead present (in yychar) is if + this state is a consistent state with a default action. Thus, + detecting the absence of a lookahead is sufficient to determine + that there is no unexpected or expected token to report. In that + case, just report a simple "syntax error". + - Don't assume there isn't a lookahead just because this state is a + consistent state with a default action. There might have been a + previous inconsistent state, consistent state with a non-default + action, or user semantic action that manipulated yychar. + - Of course, the expected token list depends on states to have + correct lookahead information, and it depends on the parser not + to perform extra reductions after fetching a lookahead from the + scanner and before detecting a syntax error. Thus, state merging + (from LALR or IELR) and default reductions corrupt the expected + token list. However, the list is correct for canonical LR with + one exception: it will still contain any token that will not be + accepted due to an error action in a later state. + */ + if (yyctx->yytoken != YYSYMBOL_YYEMPTY) { - int yytype = YYTRANSLATE (yychar); - YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); - YYSIZE_T yysize = yysize0; - YYSIZE_T yysize1; - int yysize_overflow = 0; - enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; - char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; - int yyx; - -# if 0 - /* This is so xgettext sees the translatable formats that are - constructed on the fly. */ - YY_("syntax error, unexpected %s"); - YY_("syntax error, unexpected %s, expecting %s"); - YY_("syntax error, unexpected %s, expecting %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); -# endif - char *yyfmt; - char const *yyf; - static char const yyunexpected[] = "syntax error, unexpected %s"; - static char const yyexpecting[] = ", expecting %s"; - static char const yyor[] = " or %s"; - char yyformat[sizeof yyunexpected - + sizeof yyexpecting - 1 - + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) - * (sizeof yyor - 1))]; - char const *yyprefix = yyexpecting; + int yyn; + if (yyarg) + yyarg[yycount] = yyctx->yytoken; + ++yycount; + yyn = yypcontext_expected_tokens (yyctx, + yyarg ? yyarg + 1 : yyarg, yyargn - 1); + if (yyn == YYENOMEM) + return YYENOMEM; + else + yycount += yyn; + } + return yycount; +} - /* Start YYX at -YYN if negative to avoid negative indexes in - YYCHECK. */ - int yyxbegin = yyn < 0 ? -yyn : 0; +/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message + about the unexpected token YYTOKEN for the state stack whose top is + YYSSP. - /* Stay within bounds of both yycheck and yytname. */ - int yychecklim = YYLAST - yyn + 1; - int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yycount = 1; + Return 0 if *YYMSG was successfully written. Return -1 if *YYMSG is + not large enough to hold the message. In that case, also set + *YYMSG_ALLOC to the required number of bytes. Return YYENOMEM if the + required number of bytes is too large to store. */ +static int +yysyntax_error (YYPTRDIFF_T *yymsg_alloc, char **yymsg, + const yypcontext_t *yyctx) +{ + enum { YYARGS_MAX = 5 }; + /* Internationalized format string. */ + const char *yyformat = YY_NULLPTR; + /* Arguments of yyformat: reported tokens (one for the "unexpected", + one per "expected"). */ + yysymbol_kind_t yyarg[YYARGS_MAX]; + /* Cumulated lengths of YYARG. */ + YYPTRDIFF_T yysize = 0; + + /* Actual size of YYARG. */ + int yycount = yy_syntax_error_arguments (yyctx, yyarg, YYARGS_MAX); + if (yycount == YYENOMEM) + return YYENOMEM; + + switch (yycount) + { +#define YYCASE_(N, S) \ + case N: \ + yyformat = S; \ + break + default: /* Avoid compiler warnings. */ + YYCASE_(0, YY_("syntax error")); + YYCASE_(1, YY_("syntax error, unexpected %s")); + YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); + YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); + YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); + YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); +#undef YYCASE_ + } - yyarg[0] = yytname[yytype]; - yyfmt = yystpcpy (yyformat, yyunexpected); + /* Compute error message size. Don't count the "%s"s, but reserve + room for the terminator. */ + yysize = yystrlen (yyformat) - 2 * yycount + 1; + { + int yyi; + for (yyi = 0; yyi < yycount; ++yyi) + { + YYPTRDIFF_T yysize1 + = yysize + yytnamerr (YY_NULLPTR, yytname[yyarg[yyi]]); + if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) + yysize = yysize1; + else + return YYENOMEM; + } + } - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) - { - if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) - { - yycount = 1; - yysize = yysize0; - yyformat[sizeof yyunexpected - 1] = '\0'; - break; - } - yyarg[yycount++] = yytname[yyx]; - yysize1 = yysize + yytnamerr (0, yytname[yyx]); - yysize_overflow |= (yysize1 < yysize); - yysize = yysize1; - yyfmt = yystpcpy (yyfmt, yyprefix); - yyprefix = yyor; - } - - yyf = YY_(yyformat); - yysize1 = yysize + yystrlen (yyf); - yysize_overflow |= (yysize1 < yysize); - yysize = yysize1; - - if (yysize_overflow) - return YYSIZE_MAXIMUM; - - if (yyresult) - { - /* Avoid sprintf, as that infringes on the user's name space. - Don't have undefined behavior even if the translation - produced a string with the wrong number of "%s"s. */ - char *yyp = yyresult; - int yyi = 0; - while ((*yyp = *yyf) != '\0') - { - if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) - { - yyp += yytnamerr (yyp, yyarg[yyi++]); - yyf += 2; - } - else - { - yyp++; - yyf++; - } - } - } - return yysize; + if (*yymsg_alloc < yysize) + { + *yymsg_alloc = 2 * yysize; + if (! (yysize <= *yymsg_alloc + && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) + *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; + return -1; } + + /* Avoid sprintf, as that infringes on the user's name space. + Don't have undefined behavior even if the translation + produced a string with the wrong number of "%s"s. */ + { + char *yyp = *yymsg; + int yyi = 0; + while ((*yyp = *yyformat) != '\0') + if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) + { + yyp += yytnamerr (yyp, yytname[yyarg[yyi++]]); + yyformat += 2; + } + else + { + ++yyp; + ++yyformat; + } + } + return 0; } -#endif /* YYERROR_VERBOSE */ - + /*-----------------------------------------------. | Release the memory associated to this symbol. | `-----------------------------------------------*/ -/*ARGSUSED*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, struct policy ***policies, void *scanner) -#else static void -yydestruct (yymsg, yytype, yyvaluep, policies, scanner) - const char *yymsg; - int yytype; - YYSTYPE *yyvaluep; - struct policy ***policies; - void *scanner; -#endif +yydestruct (const char *yymsg, + yysymbol_kind_t yykind, YYSTYPE *yyvaluep, struct policy ***policies, void *scanner) { YYUSE (yyvaluep); YYUSE (policies); YYUSE (scanner); - if (!yymsg) yymsg = "Deleting"; - YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); + YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp); - switch (yytype) - { - - default: - break; - } + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + YYUSE (yykind); + YY_IGNORE_MAYBE_UNINITIALIZED_END } -/* Prevent warnings from -Wmissing-prototypes. */ -#ifdef YYPARSE_PARAM -#if defined __STDC__ || defined __cplusplus -int yyparse (void *YYPARSE_PARAM); -#else -int yyparse (); -#endif -#else /* ! YYPARSE_PARAM */ -#if defined __STDC__ || defined __cplusplus -int yyparse (struct policy ***policies, void *scanner); -#else -int yyparse (); -#endif -#endif /* ! YYPARSE_PARAM */ -/*-------------------------. -| yyparse or yypush_parse. | -`-------------------------*/ +/*----------. +| yyparse. | +`----------*/ -#ifdef YYPARSE_PARAM -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -int -yyparse (void *YYPARSE_PARAM) -#else -int -yyparse (YYPARSE_PARAM) - void *YYPARSE_PARAM; -#endif -#else /* ! YYPARSE_PARAM */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) int yyparse (struct policy ***policies, void *scanner) -#else -int -yyparse (policies, scanner) - struct policy ***policies; - void *scanner; -#endif -#endif { -/* The lookahead symbol. */ +/* Lookahead token kind. */ int yychar; + /* The semantic value of the lookahead symbol. */ -YYSTYPE yylval; +/* Default value used for initialization, for pacifying older GCCs + or non-GCC compilers. */ +YY_INITIAL_VALUE (static YYSTYPE yyval_default;) +YYSTYPE yylval YY_INITIAL_VALUE (= yyval_default); /* Number of syntax errors so far. */ - int yynerrs; + int yynerrs = 0; - int yystate; + yy_state_fast_t yystate = 0; /* Number of tokens to shift before error messages enabled. */ - int yyerrstatus; - - /* The stacks and their tools: - `yyss': related to states. - `yyvs': related to semantic values. + int yyerrstatus = 0; - Refer to the stacks thru separate pointers, to allow yyoverflow + /* Refer to the stacks through separate pointers, to allow yyoverflow to reallocate them elsewhere. */ - /* The state stack. */ - yytype_int16 yyssa[YYINITDEPTH]; - yytype_int16 *yyss; - yytype_int16 *yyssp; + /* Their size. */ + YYPTRDIFF_T yystacksize = YYINITDEPTH; - /* The semantic value stack. */ - YYSTYPE yyvsa[YYINITDEPTH]; - YYSTYPE *yyvs; - YYSTYPE *yyvsp; + /* The state stack: array, bottom, top. */ + yy_state_t yyssa[YYINITDEPTH]; + yy_state_t *yyss = yyssa; + yy_state_t *yyssp = yyss; - YYSIZE_T yystacksize; + /* The semantic value stack: array, bottom, top. */ + YYSTYPE yyvsa[YYINITDEPTH]; + YYSTYPE *yyvs = yyvsa; + YYSTYPE *yyvsp = yyvs; int yyn; + /* The return value of yyparse. */ int yyresult; - /* Lookahead token as an internal (translated) token number. */ - int yytoken; + /* Lookahead symbol kind. */ + yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY; /* The variables used to return semantic value and location from the action routines. */ YYSTYPE yyval; -#if YYERROR_VERBOSE /* Buffer for error messages, and its allocated size. */ char yymsgbuf[128]; char *yymsg = yymsgbuf; - YYSIZE_T yymsg_alloc = sizeof yymsgbuf; -#endif + YYPTRDIFF_T yymsg_alloc = sizeof yymsgbuf; #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) @@ -1201,133 +1194,138 @@ YYSTYPE yylval; Keep to zero when no symbol should be popped. */ int yylen = 0; - yytoken = 0; - yyss = yyssa; - yyvs = yyvsa; - yystacksize = YYINITDEPTH; - YYDPRINTF ((stderr, "Starting parse\n")); - yystate = 0; - yyerrstatus = 0; - yynerrs = 0; yychar = YYEMPTY; /* Cause a token to be read. */ - - /* Initialize stack pointers. - Waste one element of value and location stack - so that they stay on the same level as the state stack. - The wasted elements are never initialized. */ - yyssp = yyss; - yyvsp = yyvs; - goto yysetstate; + /*------------------------------------------------------------. -| yynewstate -- Push a new state, which is found in yystate. | +| yynewstate -- push a new state, which is found in yystate. | `------------------------------------------------------------*/ - yynewstate: +yynewstate: /* In all cases, when you get here, the value and location stacks have just been pushed. So pushing a state here evens the stacks. */ yyssp++; - yysetstate: - *yyssp = yystate; + +/*--------------------------------------------------------------------. +| yysetstate -- set current state (the top of the stack) to yystate. | +`--------------------------------------------------------------------*/ +yysetstate: + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + YY_ASSERT (0 <= yystate && yystate < YYNSTATES); + YY_IGNORE_USELESS_CAST_BEGIN + *yyssp = YY_CAST (yy_state_t, yystate); + YY_IGNORE_USELESS_CAST_END + YY_STACK_PRINT (yyss, yyssp); if (yyss + yystacksize - 1 <= yyssp) +#if !defined yyoverflow && !defined YYSTACK_RELOCATE + goto yyexhaustedlab; +#else { /* Get the current used size of the three stacks, in elements. */ - YYSIZE_T yysize = yyssp - yyss + 1; + YYPTRDIFF_T yysize = yyssp - yyss + 1; -#ifdef yyoverflow +# if defined yyoverflow { - /* Give user a chance to reallocate the stack. Use copies of - these so that the &'s don't force the real ones into - memory. */ - YYSTYPE *yyvs1 = yyvs; - yytype_int16 *yyss1 = yyss; - - /* Each stack pointer address is followed by the size of the - data in use in that stack, in bytes. This used to be a - conditional around just the two extra args, but that might - be undefined if yyoverflow is a macro. */ - yyoverflow (YY_("memory exhausted"), - &yyss1, yysize * sizeof (*yyssp), - &yyvs1, yysize * sizeof (*yyvsp), - &yystacksize); - - yyss = yyss1; - yyvs = yyvs1; + /* Give user a chance to reallocate the stack. Use copies of + these so that the &'s don't force the real ones into + memory. */ + yy_state_t *yyss1 = yyss; + YYSTYPE *yyvs1 = yyvs; + + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. This used to be a + conditional around just the two extra args, but that might + be undefined if yyoverflow is a macro. */ + yyoverflow (YY_("memory exhausted"), + &yyss1, yysize * YYSIZEOF (*yyssp), + &yyvs1, yysize * YYSIZEOF (*yyvsp), + &yystacksize); + yyss = yyss1; + yyvs = yyvs1; } -#else /* no yyoverflow */ -# ifndef YYSTACK_RELOCATE - goto yyexhaustedlab; -# else +# else /* defined YYSTACK_RELOCATE */ /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) - goto yyexhaustedlab; + goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) - yystacksize = YYMAXDEPTH; + yystacksize = YYMAXDEPTH; { - yytype_int16 *yyss1 = yyss; - union yyalloc *yyptr = - (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); - if (! yyptr) - goto yyexhaustedlab; - YYSTACK_RELOCATE (yyss_alloc, yyss); - YYSTACK_RELOCATE (yyvs_alloc, yyvs); + yy_state_t *yyss1 = yyss; + union yyalloc *yyptr = + YY_CAST (union yyalloc *, + YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); + if (! yyptr) + goto yyexhaustedlab; + YYSTACK_RELOCATE (yyss_alloc, yyss); + YYSTACK_RELOCATE (yyvs_alloc, yyvs); # undef YYSTACK_RELOCATE - if (yyss1 != yyssa) - YYSTACK_FREE (yyss1); + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); } # endif -#endif /* no yyoverflow */ yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; - YYDPRINTF ((stderr, "Stack size increased to %lu\n", - (unsigned long int) yystacksize)); + YY_IGNORE_USELESS_CAST_BEGIN + YYDPRINTF ((stderr, "Stack size increased to %ld\n", + YY_CAST (long, yystacksize))); + YY_IGNORE_USELESS_CAST_END if (yyss + yystacksize - 1 <= yyssp) - YYABORT; + YYABORT; } - - YYDPRINTF ((stderr, "Entering state %d\n", yystate)); +#endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ if (yystate == YYFINAL) YYACCEPT; goto yybackup; + /*-----------. | yybackup. | `-----------*/ yybackup: - /* Do appropriate processing given the current state. Read a lookahead token if we need one and don't already have one. */ /* First try to decide what to do without reference to lookahead token. */ yyn = yypact[yystate]; - if (yyn == YYPACT_NINF) + if (yypact_value_is_default (yyn)) goto yydefault; /* Not known => get a lookahead token if don't already have one. */ - /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + /* YYCHAR is either empty, or end-of-input, or a valid lookahead. */ if (yychar == YYEMPTY) { - YYDPRINTF ((stderr, "Reading a token: ")); - yychar = YYLEX; + YYDPRINTF ((stderr, "Reading a token\n")); + yychar = yylex (&yylval, scanner); } if (yychar <= YYEOF) { - yychar = yytoken = YYEOF; + yychar = YYEOF; + yytoken = YYSYMBOL_YYEOF; YYDPRINTF ((stderr, "Now at end of input.\n")); } + else if (yychar == YYerror) + { + /* The scanner already issued an error message, process directly + to error recovery. But do not keep the error token as + lookahead, it is too special and may lead us to an endless + loop in error recovery. */ + yychar = YYUNDEF; + yytoken = YYSYMBOL_YYerror; + goto yyerrlab1; + } else { yytoken = YYTRANSLATE (yychar); @@ -1342,8 +1340,8 @@ YYSTYPE yylval; yyn = yytable[yyn]; if (yyn <= 0) { - if (yyn == 0 || yyn == YYTABLE_NINF) - goto yyerrlab; + if (yytable_value_is_error (yyn)) + goto yyerrlab; yyn = -yyn; goto yyreduce; } @@ -1355,13 +1353,13 @@ YYSTYPE yylval; /* Shift the lookahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - - /* Discard the shifted token. */ - yychar = YYEMPTY; - yystate = yyn; + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; + YY_IGNORE_MAYBE_UNINITIALIZED_END + /* Discard the shifted token. */ + yychar = YYEMPTY; goto yynewstate; @@ -1376,14 +1374,14 @@ YYSTYPE yylval; /*-----------------------------. -| yyreduce -- Do a reduction. | +| yyreduce -- do a reduction. | `-----------------------------*/ yyreduce: /* yyn is the number of a rule to reduce with. */ yylen = yyr2[yyn]; /* If YYLEN is nonzero, implement the default value of the action: - `$$ = $1'. + '$$ = $1'. Otherwise, the following line sets YYVAL to garbage. This behavior is undocumented and Bison @@ -1396,79 +1394,70 @@ YYSTYPE yylval; YY_REDUCE_PRINT (yyn); switch (yyn) { - case 2: - -/* Line 1455 of yacc.c */ -#line 72 "signing_policy.y" - { *policies = (struct policy **)listadd((char**)(*policies), (char*)((yyvsp[(1) - (1)].policy))); } - break; - - case 3: - -/* Line 1455 of yacc.c */ + case 2: /* eacl: eacl_entry */ #line 73 "signing_policy.y" - { *policies = (struct policy **)listadd((char**)(*policies), (char*)((yyvsp[(2) - (2)].policy))); } + { *policies = (struct policy **)listadd((char**)(*policies), (char*)((yyvsp[0].policy))); } +#line 1401 "signing_policy.c" break; - case 4: + case 3: /* eacl: eacl eacl_entry */ +#line 74 "signing_policy.y" + { *policies = (struct policy **)listadd((char**)(*policies), (char*)((yyvsp[0].policy))); } +#line 1407 "signing_policy.c" + break; -/* Line 1455 of yacc.c */ -#line 75 "signing_policy.y" - { - if ((yyvsp[(1) - (5)].policy)) { - (yyval.policy)->conds = (struct condition**)((yyvsp[(5) - (5)].array)); + case 4: /* eacl_entry: access_identities POS_RIGHTS GLOBUS CA_SIGN restrictions */ +#line 76 "signing_policy.y" + { + if ((yyvsp[-4].policy)) { + (yyval.policy)->conds = (struct condition**)((yyvsp[0].array)); } - (yyval.policy) = (yyvsp[(1) - (5)].policy); + (yyval.policy) = (yyvsp[-4].policy); } +#line 1418 "signing_policy.c" break; - case 5: - -/* Line 1455 of yacc.c */ -#line 81 "signing_policy.y" - { + case 5: /* eacl_entry: access_identities NEG_RIGHTS GLOBUS CA_SIGN restrictions */ +#line 82 "signing_policy.y" + { /* Ignore this. Globus does. */ - free((yyvsp[(1) - (5)].policy)); + free((yyvsp[-4].policy)); (yyval.policy) = NULL; } +#line 1428 "signing_policy.c" break; - case 6: - -/* Line 1455 of yacc.c */ -#line 87 "signing_policy.y" - { - (yyval.policy) = (yyvsp[(1) - (1)].policy); + case 6: /* access_identities: access_identity */ +#line 88 "signing_policy.y" + { + (yyval.policy) = (yyvsp[0].policy); } +#line 1436 "signing_policy.c" break; - case 7: - -/* Line 1455 of yacc.c */ -#line 91 "signing_policy.y" - { - (yyval.array) = listadd(NULL, (char*)((yyvsp[(1) - (1)].cond))); + case 7: /* restrictions: realcondition */ +#line 92 "signing_policy.y" + { + (yyval.array) = listadd(NULL, (char*)((yyvsp[0].cond))); } +#line 1444 "signing_policy.c" break; - case 8: - -/* Line 1455 of yacc.c */ -#line 94 "signing_policy.y" - { - (yyval.array) = listadd((yyvsp[(2) - (2)].array), (char*)((yyvsp[(1) - (2)].cond))); + case 8: /* restrictions: realcondition restrictions */ +#line 95 "signing_policy.y" + { + (yyval.array) = listadd((yyvsp[0].array), (char*)((yyvsp[-1].cond))); } +#line 1452 "signing_policy.c" break; - case 9: - -/* Line 1455 of yacc.c */ -#line 99 "signing_policy.y" - { + case 9: /* access_identity: ACCESS_ID_CA X509 SUBJECTS */ +#line 100 "signing_policy.y" + { (yyval.policy) = (struct policy *)calloc(1, sizeof(struct policy)); if ((yyval.policy)) { - char **subjects = parse_subjects((yyvsp[(3) - (3)].string)); + char **subjects = parse_subjects((yyvsp[0].string)); (yyval.policy)->caname = strdup(subjects[0]); free(subjects); (yyval.policy)->type = TYPE_SIGNING; @@ -1479,26 +1468,24 @@ YYSTYPE yylval; (yyval.policy) = NULL; } } +#line 1472 "signing_policy.c" break; - case 10: - -/* Line 1455 of yacc.c */ -#line 114 "signing_policy.y" - { + case 10: /* access_identity: ACCESS_ID_ANYBODY */ +#line 115 "signing_policy.y" + { (yyval.policy) = (struct policy *)calloc(1, sizeof(struct policy)); } +#line 1480 "signing_policy.c" break; - case 11: - -/* Line 1455 of yacc.c */ -#line 118 "signing_policy.y" - { + case 11: /* realcondition: COND_SUBJECTS GLOBUS SUBJECTS */ +#line 119 "signing_policy.y" + { (yyval.cond) = (struct condition*)malloc(sizeof(struct condition)); if ((yyval.cond)) { (yyval.cond)->positive = 1; - (yyval.cond)->original = strdup((yyvsp[(3) - (3)].string)); + (yyval.cond)->original = strdup((yyvsp[0].string)); (yyval.cond)->subjects = parse_subjects((yyval.cond)->original); if (!(yyval.cond)->subjects) { free((yyval.cond)->original); @@ -1507,18 +1494,17 @@ YYSTYPE yylval; } } } +#line 1498 "signing_policy.c" break; - case 12: - -/* Line 1455 of yacc.c */ -#line 131 "signing_policy.y" - { + case 12: /* realcondition: COND_BANNED GLOBUS SUBJECTS */ +#line 132 "signing_policy.y" + { (yyval.cond) = (struct condition*)malloc(sizeof(struct condition)); if ((yyval.cond)) { (yyval.cond)->positive = 0; - (yyval.cond)->original = strdup((yyvsp[(3) - (3)].string)); + (yyval.cond)->original = strdup((yyvsp[0].string)); (yyval.cond)->subjects = parse_subjects((yyval.cond)->original); if (!(yyval.cond)->subjects) { free((yyval.cond)->original); @@ -1527,101 +1513,107 @@ YYSTYPE yylval; } } } +#line 1517 "signing_policy.c" break; +#line 1521 "signing_policy.c" -/* Line 1455 of yacc.c */ -#line 1535 "signing_policy.c" default: break; } - YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); + /* User semantic actions sometimes alter yychar, and that requires + that yytoken be updated with the new translation. We take the + approach of translating immediately before every use of yytoken. + One alternative is translating here after every semantic action, + but that translation would be missed if the semantic action invokes + YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or + if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an + incorrect destructor might then be invoked immediately. In the + case of YYERROR or YYBACKUP, subsequent parser actions might lead + to an incorrect destructor call or verbose syntax error message + before the lookahead is translated. */ + YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc); YYPOPSTACK (yylen); yylen = 0; - YY_STACK_PRINT (yyss, yyssp); *++yyvsp = yyval; - /* Now `shift' the result of the reduction. Determine what state + /* Now 'shift' the result of the reduction. Determine what state that goes to, based on the state we popped back to and the rule number reduced by. */ - - yyn = yyr1[yyn]; - - yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; - if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) - yystate = yytable[yystate]; - else - yystate = yydefgoto[yyn - YYNTOKENS]; + { + const int yylhs = yyr1[yyn] - YYNTOKENS; + const int yyi = yypgoto[yylhs] + *yyssp; + yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp + ? yytable[yyi] + : yydefgoto[yylhs]); + } goto yynewstate; -/*------------------------------------. -| yyerrlab -- here on detecting error | -`------------------------------------*/ +/*--------------------------------------. +| yyerrlab -- here on detecting error. | +`--------------------------------------*/ yyerrlab: + /* Make sure we have latest lookahead translation. See comments at + user semantic actions for why this is necessary. */ + yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar); /* If not already recovering from an error, report this error. */ if (!yyerrstatus) { ++yynerrs; -#if ! YYERROR_VERBOSE - yyerror (policies, scanner, YY_("syntax error")); -#else { - YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); - if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) - { - YYSIZE_T yyalloc = 2 * yysize; - if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) - yyalloc = YYSTACK_ALLOC_MAXIMUM; - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); - yymsg = (char *) YYSTACK_ALLOC (yyalloc); - if (yymsg) - yymsg_alloc = yyalloc; - else - { - yymsg = yymsgbuf; - yymsg_alloc = sizeof yymsgbuf; - } - } - - if (0 < yysize && yysize <= yymsg_alloc) - { - (void) yysyntax_error (yymsg, yystate, yychar); - yyerror (policies, scanner, yymsg); - } - else - { - yyerror (policies, scanner, YY_("syntax error")); - if (yysize != 0) - goto yyexhaustedlab; - } + yypcontext_t yyctx + = {yyssp, yytoken}; + char const *yymsgp = YY_("syntax error"); + int yysyntax_error_status; + yysyntax_error_status = yysyntax_error (&yymsg_alloc, &yymsg, &yyctx); + if (yysyntax_error_status == 0) + yymsgp = yymsg; + else if (yysyntax_error_status == -1) + { + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); + yymsg = YY_CAST (char *, + YYSTACK_ALLOC (YY_CAST (YYSIZE_T, yymsg_alloc))); + if (yymsg) + { + yysyntax_error_status + = yysyntax_error (&yymsg_alloc, &yymsg, &yyctx); + yymsgp = yymsg; + } + else + { + yymsg = yymsgbuf; + yymsg_alloc = sizeof yymsgbuf; + yysyntax_error_status = YYENOMEM; + } + } + yyerror (policies, scanner, yymsgp); + if (yysyntax_error_status == YYENOMEM) + goto yyexhaustedlab; } -#endif } - - if (yyerrstatus == 3) { /* If just tried and failed to reuse lookahead token after an - error, discard it. */ + error, discard it. */ if (yychar <= YYEOF) - { - /* Return failure if at end of input. */ - if (yychar == YYEOF) - YYABORT; - } + { + /* Return failure if at end of input. */ + if (yychar == YYEOF) + YYABORT; + } else - { - yydestruct ("Error: discarding", - yytoken, &yylval, policies, scanner); - yychar = YYEMPTY; - } + { + yydestruct ("Error: discarding", + yytoken, &yylval, policies, scanner); + yychar = YYEMPTY; + } } /* Else will try to reuse lookahead token after shifting the error @@ -1633,14 +1625,12 @@ YYSTYPE yylval; | yyerrorlab -- error raised explicitly by YYERROR. | `---------------------------------------------------*/ yyerrorlab: + /* Pacify compilers when the user code never invokes YYERROR and the + label yyerrorlab therefore never appears in user code. */ + if (0) + YYERROR; - /* Pacify compilers like GCC when the user code never invokes - YYERROR and the label yyerrorlab therefore never appears in user - code. */ - if (/*CONSTCOND*/ 0) - goto yyerrorlab; - - /* Do not reclaim the symbols of the rule which action triggered + /* Do not reclaim the symbols of the rule whose action triggered this YYERROR. */ YYPOPSTACK (yylen); yylen = 0; @@ -1653,39 +1643,42 @@ YYSTYPE yylval; | yyerrlab1 -- common code for both syntax error and YYERROR. | `-------------------------------------------------------------*/ yyerrlab1: - yyerrstatus = 3; /* Each real token shifted decrements this. */ + yyerrstatus = 3; /* Each real token shifted decrements this. */ + /* Pop stack until we find a state that shifts the error token. */ for (;;) { yyn = yypact[yystate]; - if (yyn != YYPACT_NINF) - { - yyn += YYTERROR; - if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) - { - yyn = yytable[yyn]; - if (0 < yyn) - break; - } - } + if (!yypact_value_is_default (yyn)) + { + yyn += YYSYMBOL_YYerror; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror) + { + yyn = yytable[yyn]; + if (0 < yyn) + break; + } + } /* Pop the current state because it cannot handle the error token. */ if (yyssp == yyss) - YYABORT; + YYABORT; yydestruct ("Error: popping", - yystos[yystate], yyvsp, policies, scanner); + YY_ACCESSING_SYMBOL (yystate), yyvsp, policies, scanner); YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; + YY_IGNORE_MAYBE_UNINITIALIZED_END /* Shift the error token. */ - YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); + YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp); yystate = yyn; goto yynewstate; @@ -1698,6 +1691,7 @@ YYSTYPE yylval; yyresult = 0; goto yyreturn; + /*-----------------------------------. | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ @@ -1705,46 +1699,50 @@ YYSTYPE yylval; yyresult = 1; goto yyreturn; -#if !defined(yyoverflow) || YYERROR_VERBOSE + +#if 1 /*-------------------------------------------------. | yyexhaustedlab -- memory exhaustion comes here. | `-------------------------------------------------*/ yyexhaustedlab: yyerror (policies, scanner, YY_("memory exhausted")); yyresult = 2; - /* Fall through. */ + goto yyreturn; #endif + +/*-------------------------------------------------------. +| yyreturn -- parsing is finished, clean up and return. | +`-------------------------------------------------------*/ yyreturn: if (yychar != YYEMPTY) - yydestruct ("Cleanup: discarding lookahead", - yytoken, &yylval, policies, scanner); - /* Do not reclaim the symbols of the rule which action triggered + { + /* Make sure we have latest lookahead translation. See comments at + user semantic actions for why this is necessary. */ + yytoken = YYTRANSLATE (yychar); + yydestruct ("Cleanup: discarding lookahead", + yytoken, &yylval, policies, scanner); + } + /* Do not reclaim the symbols of the rule whose action triggered this YYABORT or YYACCEPT. */ YYPOPSTACK (yylen); YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct ("Cleanup: popping", - yystos[*yyssp], yyvsp, policies, scanner); + YY_ACCESSING_SYMBOL (+*yyssp), yyvsp, policies, scanner); YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif -#if YYERROR_VERBOSE if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); -#endif - /* Make sure YYID is used. */ - return YYID (yyresult); + return yyresult; } - - -/* Line 1675 of yacc.c */ -#line 147 "signing_policy.y" +#line 148 "signing_policy.y" char **parse_subjects(char *string) @@ -1780,7 +1778,17 @@ char **parse_subjects(char *string) return list; } +#if 0 +int main() +{ + signingdebug = 1; + void **arg = NULL; + void *scanner=NULL; + signinglex_init(&scanner); + signingset_debug(1, scanner); + return signingparse(arg, scanner); +} +#endif void signingerror(UNUSED(void *policies), UNUSED(void *scanner), UNUSED(char const *msg)) { } - diff --git a/src/sslutils/signing_policy.h b/src/sslutils/signing_policy.h index df8861e2..29f8fae4 100644 --- a/src/sslutils/signing_policy.h +++ b/src/sslutils/signing_policy.h @@ -1,21 +1,20 @@ +/* A Bison parser, made by GNU Bison 3.7.4. */ -/* A Bison parser, made by GNU Bison 2.4. */ +/* Bison interface for Yacc-like parsers in C + + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, + Inc. -/* Skeleton interface for Bison's Yacc-like parsers in C - - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 - Free Software Foundation, Inc. - This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -28,54 +27,83 @@ special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. - + This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ +/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, + especially those whose name start with YY_ or yy_. They are + private implementation details that can be changed or removed. */ + +#ifndef YY_SIGNING_SIGNING_POLICY_H_INCLUDED +# define YY_SIGNING_SIGNING_POLICY_H_INCLUDED +/* Debug traces. */ +#ifndef YYDEBUG +# define YYDEBUG 1 +#endif +#if YYDEBUG +extern int signingdebug; +#endif -/* Tokens. */ +/* Token kinds. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - SUBJECTS = 258, - COND_SUBJECTS = 259, - COND_BANNED = 260, - GLOBUS = 261, - POS_RIGHTS = 262, - NEG_RIGHTS = 263, - CA_SIGN = 264, - ACCESS_ID_CA = 265, - ACCESS_ID_ANYBODY = 266, - X509 = 267 - }; + enum yytokentype + { + YYEMPTY = -2, + YYEOF = 0, /* "end of file" */ + YYerror = 256, /* error */ + YYUNDEF = 257, /* "invalid token" */ + SUBJECTS = 258, /* SUBJECTS */ + COND_SUBJECTS = 259, /* COND_SUBJECTS */ + COND_BANNED = 260, /* COND_BANNED */ + GLOBUS = 261, /* GLOBUS */ + POS_RIGHTS = 262, /* POS_RIGHTS */ + NEG_RIGHTS = 263, /* NEG_RIGHTS */ + CA_SIGN = 264, /* CA_SIGN */ + ACCESS_ID_CA = 265, /* ACCESS_ID_CA */ + ACCESS_ID_ANYBODY = 266, /* ACCESS_ID_ANYBODY */ + X509 = 267 /* X509 */ + }; + typedef enum yytokentype yytoken_kind_t; #endif - - - +/* Token kinds. */ +#define YYEMPTY -2 +#define YYEOF 0 +#define YYerror 256 +#define YYUNDEF 257 +#define SUBJECTS 258 +#define COND_SUBJECTS 259 +#define COND_BANNED 260 +#define GLOBUS 261 +#define POS_RIGHTS 262 +#define NEG_RIGHTS 263 +#define CA_SIGN 264 +#define ACCESS_ID_CA 265 +#define ACCESS_ID_ANYBODY 266 +#define X509 267 + +/* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE +union YYSTYPE { - -/* Line 1676 of yacc.c */ -#line 47 "signing_policy.y" +#line 48 "signing_policy.y" char *string; struct condition *cond; struct policy *policy; void *array; +#line 98 "signing_policy.h" - -/* Line 1676 of yacc.c */ -#line 73 "signing_policy.h" -} YYSTYPE; +}; +typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 #endif +int signingparse (struct policy ***policies, void *scanner); +#endif /* !YY_SIGNING_SIGNING_POLICY_H_INCLUDED */ diff --git a/src/utils/lex.yy.c b/src/utils/lex.yy.c index ac1768b0..6cf82820 100644 --- a/src/utils/lex.yy.c +++ b/src/utils/lex.yy.c @@ -1,5 +1,5 @@ -#line 3 "lex.yy.c" +#line 2 "lex.yy.c" #define YY_INT_ALIGNED short int @@ -7,8 +7,8 @@ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 35 +#define YY_FLEX_MINOR_VERSION 6 +#define YY_FLEX_SUBMINOR_VERSION 4 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif @@ -53,7 +53,6 @@ typedef int flex_int32_t; typedef unsigned char flex_uint8_t; typedef unsigned short int flex_uint16_t; typedef unsigned int flex_uint32_t; -#endif /* ! C99 */ /* Limits of integral types. */ #ifndef INT8_MIN @@ -84,63 +83,61 @@ typedef unsigned int flex_uint32_t; #define UINT32_MAX (4294967295U) #endif -#endif /* ! FLEXINT_H */ - -#ifdef __cplusplus - -/* The "const" storage-class-modifier is valid. */ -#define YY_USE_CONST - -#else /* ! __cplusplus */ +#ifndef SIZE_MAX +#define SIZE_MAX (~(size_t)0) +#endif -/* C99 requires __STDC__ to be defined as 1. */ -#if defined (__STDC__) +#endif /* ! C99 */ -#define YY_USE_CONST +#endif /* ! FLEXINT_H */ -#endif /* defined (__STDC__) */ -#endif /* ! __cplusplus */ +/* begin standard C++ headers. */ -#ifdef YY_USE_CONST +/* TODO: this is always defined, so inline it */ #define yyconst const + +#if defined(__GNUC__) && __GNUC__ >= 3 +#define yynoreturn __attribute__((__noreturn__)) #else -#define yyconst +#define yynoreturn #endif /* Returned upon end-of-file. */ #define YY_NULL 0 -/* Promotes a possibly negative, possibly signed char to an unsigned - * integer for use as an array index. If the signed char is negative, - * we want to instead treat it as an 8-bit unsigned char, hence the - * double cast. +/* Promotes a possibly negative, possibly signed char to an + * integer in range [0..255] for use as an array index. */ -#define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) +#define YY_SC_TO_UI(c) ((YY_CHAR) (c)) /* Enter a start condition. This macro really ought to take a parameter, * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ #define BEGIN (yy_start) = 1 + 2 * - /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ #define YY_START (((yy_start) - 1) / 2) #define YYSTATE YY_START - /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) - /* Special action meaning "start processing a new file". */ -#define YY_NEW_FILE yyrestart(yyin ) - +#define YY_NEW_FILE yyrestart( yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ #ifndef YY_BUF_SIZE +#ifdef __ia64__ +/* On IA-64, the buffer size is 16k, not 8k. + * Moreover, YY_BUF_SIZE is 2*YY_READ_BUF_SIZE in the general case. + * Ditto for the __ia64__ case accordingly. + */ +#define YY_BUF_SIZE 32768 +#else #define YY_BUF_SIZE 16384 +#endif /* __ia64__ */ #endif /* The state buf must be large enough to hold one state per character in the main buffer. @@ -152,6 +149,11 @@ typedef unsigned int flex_uint32_t; typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif + extern int yyleng; extern FILE *yyin, *yyout; @@ -159,8 +161,9 @@ extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 - + #define YY_LESS_LINENO(n) + #define YY_LINENO_REWIND_TO(ptr) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ @@ -175,14 +178,8 @@ extern FILE *yyin, *yyout; YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) - #define unput(c) yyunput( c, (yytext_ptr) ) -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef size_t yy_size_t; -#endif - #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state @@ -195,7 +192,7 @@ struct yy_buffer_state /* Size of input buffer in bytes, not including room for EOB * characters. */ - yy_size_t yy_buf_size; + int yy_buf_size; /* Number of characters read into yy_ch_buf, not including EOB * characters. @@ -223,7 +220,7 @@ struct yy_buffer_state int yy_bs_lineno; /**< The line count. */ int yy_bs_column; /**< The column count. */ - + /* Whether to try to fill the input buffer when we reach the * end of it. */ @@ -251,7 +248,7 @@ struct yy_buffer_state /* Stack of input buffers. */ static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ -static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ +static YY_BUFFER_STATE * yy_buffer_stack = NULL; /**< Stack as an array. */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general @@ -262,7 +259,6 @@ static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ : NULL) - /* Same as previous macro, but useful when we know that the buffer stack is not * NULL or when we need an lvalue. For internal use only. */ @@ -274,7 +270,7 @@ static int yy_n_chars; /* number of characters read into yy_ch_buf */ int yyleng; /* Points to current character in buffer. */ -static char *yy_c_buf_p = (char *) 0; +static char *yy_c_buf_p = NULL; static int yy_init = 0; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ @@ -283,85 +279,81 @@ static int yy_start = 0; /* start state number */ */ static int yy_did_buffer_switch_on_eof; -void yyrestart (FILE *input_file ); -void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); -YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); -void yy_delete_buffer (YY_BUFFER_STATE b ); -void yy_flush_buffer (YY_BUFFER_STATE b ); -void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); -void yypop_buffer_state (void ); - -static void yyensure_buffer_stack (void ); -static void yy_load_buffer_state (void ); -static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); +void yyrestart ( FILE *input_file ); +void yy_switch_to_buffer ( YY_BUFFER_STATE new_buffer ); +YY_BUFFER_STATE yy_create_buffer ( FILE *file, int size ); +void yy_delete_buffer ( YY_BUFFER_STATE b ); +void yy_flush_buffer ( YY_BUFFER_STATE b ); +void yypush_buffer_state ( YY_BUFFER_STATE new_buffer ); +void yypop_buffer_state ( void ); -#define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) +static void yyensure_buffer_stack ( void ); +static void yy_load_buffer_state ( void ); +static void yy_init_buffer ( YY_BUFFER_STATE b, FILE *file ); +#define YY_FLUSH_BUFFER yy_flush_buffer( YY_CURRENT_BUFFER ) -YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); -YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); -YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); +YY_BUFFER_STATE yy_scan_buffer ( char *base, yy_size_t size ); +YY_BUFFER_STATE yy_scan_string ( const char *yy_str ); +YY_BUFFER_STATE yy_scan_bytes ( const char *bytes, int len ); -void *yyalloc (yy_size_t ); -void *yyrealloc (void *,yy_size_t ); -void yyfree (void * ); +void *yyalloc ( yy_size_t ); +void *yyrealloc ( void *, yy_size_t ); +void yyfree ( void * ); #define yy_new_buffer yy_create_buffer - #define yy_set_interactive(is_interactive) \ { \ if ( ! YY_CURRENT_BUFFER ){ \ yyensure_buffer_stack (); \ YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ + yy_create_buffer( yyin, YY_BUF_SIZE ); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } - #define yy_set_bol(at_bol) \ { \ if ( ! YY_CURRENT_BUFFER ){\ yyensure_buffer_stack (); \ YY_CURRENT_BUFFER_LVALUE = \ - yy_create_buffer(yyin,YY_BUF_SIZE ); \ + yy_create_buffer( yyin, YY_BUF_SIZE ); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } - #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) /* Begin user sect3 */ -#define yywrap(n) 1 +#define yywrap() (/*CONSTCOND*/1) #define YY_SKIP_YYWRAP +typedef flex_uint8_t YY_CHAR; -typedef unsigned char YY_CHAR; - -FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; +FILE *yyin = NULL, *yyout = NULL; typedef int yy_state_type; extern int yylineno; - int yylineno = 1; extern char *yytext; +#ifdef yytext_ptr +#undef yytext_ptr +#endif #define yytext_ptr yytext -static yy_state_type yy_get_previous_state (void ); -static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); -static int yy_get_next_buffer (void ); -static void yy_fatal_error (yyconst char msg[] ); +static yy_state_type yy_get_previous_state ( void ); +static yy_state_type yy_try_NUL_trans ( yy_state_type current_state ); +static int yy_get_next_buffer ( void ); +static void yynoreturn yy_fatal_error ( const char* msg ); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ (yytext_ptr) = yy_bp; \ - yyleng = (size_t) (yy_cp - yy_bp); \ + yyleng = (int) (yy_cp - yy_bp); \ (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; - #define YY_NUM_RULES 8 #define YY_END_OF_BUFFER 9 /* This struct is not used in this scanner, @@ -371,13 +363,13 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static yyconst flex_int16_t yy_accept[16] = +static const flex_int16_t yy_accept[16] = { 0, 4, 4, 2, 2, 9, 5, 7, 6, 1, 4, 2, 3, 4, 2, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static const YY_CHAR yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -409,30 +401,30 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[6] = +static const YY_CHAR yy_meta[6] = { 0, 1, 1, 1, 2, 3 } ; -static yyconst flex_int16_t yy_base[19] = +static const flex_int16_t yy_base[19] = { 0, 0, 0, 10, 9, 12, 15, 15, 15, 15, 0, 0, 15, 0, 0, 15, 5, 7, 8 } ; -static yyconst flex_int16_t yy_def[19] = +static const flex_int16_t yy_def[19] = { 0, 15, 1, 16, 16, 15, 15, 15, 15, 15, 17, 18, 15, 17, 18, 0, 15, 15, 15 } ; -static yyconst flex_int16_t yy_nxt[21] = +static const flex_int16_t yy_nxt[21] = { 0, 6, 7, 8, 9, 10, 11, 11, 11, 14, 13, 14, 15, 12, 12, 5, 15, 15, 15, 15, 15 } ; -static yyconst flex_int16_t yy_chk[21] = +static const flex_int16_t yy_chk[21] = { 0, 1, 1, 1, 1, 1, 16, 16, 16, 18, 17, 18, 5, 4, 3, 15, 15, 15, 15, 15, 15 @@ -487,8 +479,9 @@ char *yytext; #include "fakeparsertypes.h" #include "vomsparser.h" #include "lexparse.h" +#line 482 "lex.yy.c" -#line 491 "lex.yy.c" +#line 484 "lex.yy.c" #define INITIAL 0 #define STR 1 @@ -505,36 +498,36 @@ char *yytext; #define YY_EXTRA_TYPE void * #endif -static int yy_init_globals (void ); +static int yy_init_globals ( void ); /* Accessor methods to globals. These are made visible to non-reentrant scanners for convenience. */ -int yylex_destroy (void ); +int yylex_destroy ( void ); -int yyget_debug (void ); +int yyget_debug ( void ); -void yyset_debug (int debug_flag ); +void yyset_debug ( int debug_flag ); -YY_EXTRA_TYPE yyget_extra (void ); +YY_EXTRA_TYPE yyget_extra ( void ); -void yyset_extra (YY_EXTRA_TYPE user_defined ); +void yyset_extra ( YY_EXTRA_TYPE user_defined ); -FILE *yyget_in (void ); +FILE *yyget_in ( void ); -void yyset_in (FILE * in_str ); +void yyset_in ( FILE * _in_str ); -FILE *yyget_out (void ); +FILE *yyget_out ( void ); -void yyset_out (FILE * out_str ); +void yyset_out ( FILE * _out_str ); -int yyget_leng (void ); + int yyget_leng ( void ); -char *yyget_text (void ); +char *yyget_text ( void ); -int yyget_lineno (void ); +int yyget_lineno ( void ); -void yyset_lineno (int line_number ); +void yyset_lineno ( int _line_number ); /* Macros after this point can all be overridden by user definitions in * section 1. @@ -542,35 +535,43 @@ void yyset_lineno (int line_number ); #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus -extern "C" int yywrap (void ); +extern "C" int yywrap ( void ); #else -extern int yywrap (void ); +extern int yywrap ( void ); #endif #endif - static void yyunput (int c,char *buf_ptr ); +#ifndef YY_NO_UNPUT + static void yyunput ( int c, char *buf_ptr ); + +#endif + #ifndef yytext_ptr -static void yy_flex_strncpy (char *,yyconst char *,int ); +static void yy_flex_strncpy ( char *, const char *, int ); #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * ); +static int yy_flex_strlen ( const char * ); #endif #ifndef YY_NO_INPUT - #ifdef __cplusplus -static int yyinput (void ); +static int yyinput ( void ); #else -static int input (void ); +static int input ( void ); #endif #endif /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE +#ifdef __ia64__ +/* On IA-64, the buffer size is 16k, not 8k */ +#define YY_READ_BUF_SIZE 16384 +#else #define YY_READ_BUF_SIZE 8192 +#endif /* __ia64__ */ #endif /* Copy whatever the last rule matched to the standard output. */ @@ -578,7 +579,7 @@ static int input (void ); /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ -#define ECHO fwrite( yytext, yyleng, 1, yyout ) +#define ECHO do { if (fwrite( yytext, (size_t) yyleng, 1, yyout )) {} } while (0) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, @@ -602,7 +603,7 @@ static int input (void ); else \ { \ errno=0; \ - while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ + while ( (result = (int) fread(buf, 1, (yy_size_t) max_size, yyin)) == 0 && ferror(yyin)) \ { \ if( errno != EINTR) \ { \ @@ -657,7 +658,7 @@ extern int yylex (void); /* Code executed at the end of each rule. */ #ifndef YY_BREAK -#define YY_BREAK break; +#define YY_BREAK /*LINTED*/break; #endif #define YY_RULE_SETUP \ @@ -667,14 +668,10 @@ extern int yylex (void); */ YY_DECL { - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; + yy_state_type yy_current_state; + char *yy_cp, *yy_bp; + int yy_act; -#line 39 "vomsparser.l" - -#line 676 "lex.yy.c" - if ( !(yy_init) ) { (yy_init) = 1; @@ -695,13 +692,18 @@ YY_DECL if ( ! YY_CURRENT_BUFFER ) { yyensure_buffer_stack (); YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); + yy_create_buffer( yyin, YY_BUF_SIZE ); } - yy_load_buffer_state( ); + yy_load_buffer_state( ); } - while ( 1 ) /* loops until end-of-file is reached */ + { +#line 40 "vomsparser.l" + +#line 704 "lex.yy.c" + + while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { yy_cp = (yy_c_buf_p); @@ -717,7 +719,7 @@ YY_DECL yy_match: do { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; @@ -727,9 +729,9 @@ YY_DECL { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 16 ) - yy_c = yy_meta[(unsigned int) yy_c]; + yy_c = yy_meta[yy_c]; } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; ++yy_cp; } while ( yy_base[yy_current_state] != 15 ); @@ -758,47 +760,47 @@ YY_DECL case 1: YY_RULE_SETUP -#line 40 "vomsparser.l" +#line 41 "vomsparser.l" BEGIN(STR); YY_BREAK case 2: /* rule 2 can match eol */ YY_RULE_SETUP -#line 42 "vomsparser.l" +#line 43 "vomsparser.l" yylval.string = strdup(yytext); return STRING; YY_BREAK case 3: YY_RULE_SETUP -#line 43 "vomsparser.l" +#line 44 "vomsparser.l" BEGIN(INITIAL); YY_BREAK case 4: YY_RULE_SETUP -#line 45 "vomsparser.l" +#line 46 "vomsparser.l" yylval.string = strdup(yytext); return ID; YY_BREAK case 5: YY_RULE_SETUP -#line 47 "vomsparser.l" +#line 48 "vomsparser.l" return yytext[0]; YY_BREAK case 6: /* rule 6 can match eol */ YY_RULE_SETUP -#line 49 "vomsparser.l" +#line 50 "vomsparser.l" YY_BREAK case 7: YY_RULE_SETUP -#line 50 "vomsparser.l" +#line 51 "vomsparser.l" YY_BREAK case 8: YY_RULE_SETUP -#line 52 "vomsparser.l" +#line 53 "vomsparser.l" ECHO; YY_BREAK -#line 801 "lex.yy.c" +#line 803 "lex.yy.c" case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(STR): yyterminate(); @@ -877,7 +879,7 @@ case YY_STATE_EOF(STR): { (yy_did_buffer_switch_on_eof) = 0; - if ( yywrap( ) ) + if ( yywrap( ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up @@ -930,6 +932,7 @@ case YY_STATE_EOF(STR): "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ + } /* end of user's declarations */ } /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer @@ -941,9 +944,9 @@ case YY_STATE_EOF(STR): */ static int yy_get_next_buffer (void) { - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = (yytext_ptr); - register int number_to_move, i; + char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + char *source = (yytext_ptr); + int number_to_move, i; int ret_val; if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) @@ -972,7 +975,7 @@ static int yy_get_next_buffer (void) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; + number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr) - 1); for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); @@ -992,7 +995,7 @@ static int yy_get_next_buffer (void) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; int yy_c_buf_p_offset = (int) ((yy_c_buf_p) - b->yy_ch_buf); @@ -1008,11 +1011,12 @@ static int yy_get_next_buffer (void) b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ - yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); + yyrealloc( (void *) b->yy_ch_buf, + (yy_size_t) (b->yy_buf_size + 2) ); } else /* Can't grow it, we don't own it. */ - b->yy_ch_buf = 0; + b->yy_ch_buf = NULL; if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( @@ -1030,7 +1034,7 @@ static int yy_get_next_buffer (void) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - (yy_n_chars), (size_t) num_to_read ); + (yy_n_chars), num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } @@ -1040,7 +1044,7 @@ static int yy_get_next_buffer (void) if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; - yyrestart(yyin ); + yyrestart( yyin ); } else @@ -1054,12 +1058,15 @@ static int yy_get_next_buffer (void) else ret_val = EOB_ACT_CONTINUE_SCAN; - if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + if (((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ - yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); - YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); + int new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); + YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc( + (void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf, (yy_size_t) new_size ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); + /* "- 2" to take care of EOB's */ + YY_CURRENT_BUFFER_LVALUE->yy_buf_size = (int) (new_size - 2); } (yy_n_chars) += number_to_move; @@ -1075,14 +1082,14 @@ static int yy_get_next_buffer (void) static yy_state_type yy_get_previous_state (void) { - register yy_state_type yy_current_state; - register char *yy_cp; + yy_state_type yy_current_state; + char *yy_cp; yy_current_state = (yy_start); for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; @@ -1092,9 +1099,9 @@ static int yy_get_next_buffer (void) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 16 ) - yy_c = yy_meta[(unsigned int) yy_c]; + yy_c = yy_meta[yy_c]; } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; } return yy_current_state; @@ -1107,10 +1114,10 @@ static int yy_get_next_buffer (void) */ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) { - register int yy_is_jam; - register char *yy_cp = (yy_c_buf_p); + int yy_is_jam; + char *yy_cp = (yy_c_buf_p); - register YY_CHAR yy_c = 1; + YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; @@ -1120,17 +1127,19 @@ static int yy_get_next_buffer (void) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 16 ) - yy_c = yy_meta[(unsigned int) yy_c]; + yy_c = yy_meta[yy_c]; } - yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; + yy_current_state = yy_nxt[yy_base[yy_current_state] + yy_c]; yy_is_jam = (yy_current_state == 15); - return yy_is_jam ? 0 : yy_current_state; + return yy_is_jam ? 0 : yy_current_state; } - static void yyunput (int c, register char * yy_bp ) +#ifndef YY_NO_UNPUT + + static void yyunput (int c, char * yy_bp ) { - register char *yy_cp; + char *yy_cp; yy_cp = (yy_c_buf_p); @@ -1140,10 +1149,10 @@ static int yy_get_next_buffer (void) if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = (yy_n_chars) + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + int number_to_move = (yy_n_chars) + 2; + char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = + char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) @@ -1152,7 +1161,7 @@ static int yy_get_next_buffer (void) yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = - (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; + (yy_n_chars) = (int) YY_CURRENT_BUFFER_LVALUE->yy_buf_size; if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); @@ -1165,6 +1174,8 @@ static int yy_get_next_buffer (void) (yy_c_buf_p) = yy_cp; } +#endif + #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void) @@ -1189,7 +1200,7 @@ static int yy_get_next_buffer (void) else { /* need more input */ - int offset = (yy_c_buf_p) - (yytext_ptr); + int offset = (int) ((yy_c_buf_p) - (yytext_ptr)); ++(yy_c_buf_p); switch ( yy_get_next_buffer( ) ) @@ -1206,14 +1217,14 @@ static int yy_get_next_buffer (void) */ /* Reset buffer status. */ - yyrestart(yyin ); + yyrestart( yyin ); /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { - if ( yywrap( ) ) - return EOF; + if ( yywrap( ) ) + return 0; if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; @@ -1250,11 +1261,11 @@ static int yy_get_next_buffer (void) if ( ! YY_CURRENT_BUFFER ){ yyensure_buffer_stack (); YY_CURRENT_BUFFER_LVALUE = - yy_create_buffer(yyin,YY_BUF_SIZE ); + yy_create_buffer( yyin, YY_BUF_SIZE ); } - yy_init_buffer(YY_CURRENT_BUFFER,input_file ); - yy_load_buffer_state( ); + yy_init_buffer( YY_CURRENT_BUFFER, input_file ); + yy_load_buffer_state( ); } /** Switch to a different input buffer. @@ -1282,7 +1293,7 @@ static int yy_get_next_buffer (void) } YY_CURRENT_BUFFER_LVALUE = new_buffer; - yy_load_buffer_state( ); + yy_load_buffer_state( ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag @@ -1310,7 +1321,7 @@ static void yy_load_buffer_state (void) { YY_BUFFER_STATE b; - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); @@ -1319,13 +1330,13 @@ static void yy_load_buffer_state (void) /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ - b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); + b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; - yy_init_buffer(b,file ); + yy_init_buffer( b, file ); return b; } @@ -1344,15 +1355,11 @@ static void yy_load_buffer_state (void) YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) - yyfree((void *) b->yy_ch_buf ); + yyfree( (void *) b->yy_ch_buf ); - yyfree((void *) b ); + yyfree( (void *) b ); } -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, * such as during a yyrestart() or at EOF. @@ -1362,7 +1369,7 @@ extern int isatty (int ); { int oerrno = errno; - yy_flush_buffer(b ); + yy_flush_buffer( b ); b->yy_input_file = file; b->yy_fill_buffer = 1; @@ -1405,7 +1412,7 @@ extern int isatty (int ); b->yy_buffer_status = YY_BUFFER_NEW; if ( b == YY_CURRENT_BUFFER ) - yy_load_buffer_state( ); + yy_load_buffer_state( ); } /** Pushes the new state onto the stack. The new state becomes @@ -1436,7 +1443,7 @@ void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) YY_CURRENT_BUFFER_LVALUE = new_buffer; /* copied from yy_switch_to_buffer. */ - yy_load_buffer_state( ); + yy_load_buffer_state( ); (yy_did_buffer_switch_on_eof) = 1; } @@ -1455,7 +1462,7 @@ void yypop_buffer_state (void) --(yy_buffer_stack_top); if (YY_CURRENT_BUFFER) { - yy_load_buffer_state( ); + yy_load_buffer_state( ); (yy_did_buffer_switch_on_eof) = 1; } } @@ -1465,7 +1472,7 @@ void yypop_buffer_state (void) */ static void yyensure_buffer_stack (void) { - int num_to_alloc; + yy_size_t num_to_alloc; if (!(yy_buffer_stack)) { @@ -1473,15 +1480,15 @@ static void yyensure_buffer_stack (void) * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ - num_to_alloc = 1; + num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) ); if ( ! (yy_buffer_stack) ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); - + memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); - + (yy_buffer_stack_max) = num_to_alloc; (yy_buffer_stack_top) = 0; return; @@ -1490,7 +1497,7 @@ static void yyensure_buffer_stack (void) if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; + yy_size_t grow_size = 8 /* arbitrary grow size */; num_to_alloc = (yy_buffer_stack_max) + grow_size; (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc @@ -1510,7 +1517,7 @@ static void yyensure_buffer_stack (void) * @param base the character buffer * @param size the size in bytes of the character buffer * - * @return the newly allocated buffer state object. + * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) { @@ -1520,23 +1527,23 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ - return 0; + return NULL; - b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); + b = (YY_BUFFER_STATE) yyalloc( sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); - b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ + b->yy_buf_size = (int) (size - 2); /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; b->yy_is_our_buffer = 0; - b->yy_input_file = 0; + b->yy_input_file = NULL; b->yy_n_chars = b->yy_buf_size; b->yy_is_interactive = 0; b->yy_at_bol = 1; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; - yy_switch_to_buffer(b ); + yy_switch_to_buffer( b ); return b; } @@ -1549,20 +1556,20 @@ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) * @note If you want to scan bytes that may contain NUL values, then use * yy_scan_bytes() instead. */ -YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) +YY_BUFFER_STATE yy_scan_string (const char * yystr ) { - return yy_scan_bytes(yystr,strlen(yystr) ); + return yy_scan_bytes( yystr, (int) strlen(yystr) ); } /** Setup the input buffer state to scan the given bytes. The next call to yylex() will * scan from a @e copy of @a bytes. - * @param bytes the byte buffer to scan - * @param len the number of bytes in the buffer pointed to by @a bytes. + * @param yybytes the byte buffer to scan + * @param _yybytes_len the number of bytes in the buffer pointed to by @a bytes. * * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) +YY_BUFFER_STATE yy_scan_bytes (const char * yybytes, int _yybytes_len ) { YY_BUFFER_STATE b; char *buf; @@ -1570,8 +1577,8 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) int i; /* Get memory for full buffer, including space for trailing EOB's. */ - n = _yybytes_len + 2; - buf = (char *) yyalloc(n ); + n = (yy_size_t) (_yybytes_len + 2); + buf = (char *) yyalloc( n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); @@ -1580,7 +1587,7 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; - b = yy_scan_buffer(buf,n ); + b = yy_scan_buffer( buf, n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); @@ -1596,9 +1603,9 @@ YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) #define YY_EXIT_FAILURE 2 #endif -static void yy_fatal_error (yyconst char* msg ) +static void yynoreturn yy_fatal_error (const char* msg ) { - (void) fprintf( stderr, "%s\n", msg ); + fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } @@ -1626,7 +1633,7 @@ static void yy_fatal_error (yyconst char* msg ) */ int yyget_lineno (void) { - + return yylineno; } @@ -1664,29 +1671,29 @@ char *yyget_text (void) } /** Set the current line number. - * @param line_number + * @param _line_number line number * */ -void yyset_lineno (int line_number ) +void yyset_lineno (int _line_number ) { - yylineno = line_number; + yylineno = _line_number; } /** Set the input stream. This does not discard the current * input buffer. - * @param in_str A readable stream. + * @param _in_str A readable stream. * * @see yy_switch_to_buffer */ -void yyset_in (FILE * in_str ) +void yyset_in (FILE * _in_str ) { - yyin = in_str ; + yyin = _in_str ; } -void yyset_out (FILE * out_str ) +void yyset_out (FILE * _out_str ) { - yyout = out_str ; + yyout = _out_str ; } int yyget_debug (void) @@ -1694,9 +1701,9 @@ int yyget_debug (void) return yy_flex_debug; } -void yyset_debug (int bdebug ) +void yyset_debug (int _bdebug ) { - yy_flex_debug = bdebug ; + yy_flex_debug = _bdebug ; } static int yy_init_globals (void) @@ -1705,10 +1712,10 @@ static int yy_init_globals (void) * This function is called from yylex_destroy(), so don't allocate here. */ - (yy_buffer_stack) = 0; + (yy_buffer_stack) = NULL; (yy_buffer_stack_top) = 0; (yy_buffer_stack_max) = 0; - (yy_c_buf_p) = (char *) 0; + (yy_c_buf_p) = NULL; (yy_init) = 0; (yy_start) = 0; @@ -1717,8 +1724,8 @@ static int yy_init_globals (void) yyin = stdin; yyout = stdout; #else - yyin = (FILE *) 0; - yyout = (FILE *) 0; + yyin = NULL; + yyout = NULL; #endif /* For future reference: Set errno on error, since we are called by @@ -1733,7 +1740,7 @@ int yylex_destroy (void) /* Pop the buffer stack, destroying each element. */ while(YY_CURRENT_BUFFER){ - yy_delete_buffer(YY_CURRENT_BUFFER ); + yy_delete_buffer( YY_CURRENT_BUFFER ); YY_CURRENT_BUFFER_LVALUE = NULL; yypop_buffer_state(); } @@ -1754,18 +1761,19 @@ int yylex_destroy (void) */ #ifndef yytext_ptr -static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) +static void yy_flex_strncpy (char* s1, const char * s2, int n ) { - register int i; + + int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } #endif #ifdef YY_NEED_STRLEN -static int yy_flex_strlen (yyconst char * s ) +static int yy_flex_strlen (const char * s ) { - register int n; + int n; for ( n = 0; s[n]; ++n ) ; @@ -1775,11 +1783,12 @@ static int yy_flex_strlen (yyconst char * s ) void *yyalloc (yy_size_t size ) { - return (void *) malloc( size ); + return malloc(size); } void *yyrealloc (void * ptr, yy_size_t size ) { + /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -1787,18 +1796,17 @@ void *yyrealloc (void * ptr, yy_size_t size ) * any pointer type to void*, and deal with argument conversions * as though doing an assignment. */ - return (void *) realloc( (char *) ptr, size ); + return realloc(ptr, size); } void yyfree (void * ptr ) { - free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ + free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ } #define YYTABLES_NAME "yytables" -#line 52 "vomsparser.l" - +#line 53 "vomsparser.l" void yyerror(char const *s) diff --git a/src/utils/vomsparser.c b/src/utils/vomsparser.c index 8312571a..c47851a7 100644 --- a/src/utils/vomsparser.c +++ b/src/utils/vomsparser.c @@ -1,21 +1,20 @@ +/* A Bison parser, made by GNU Bison 3.7.4. */ -/* A Bison parser, made by GNU Bison 2.4. */ +/* Bison implementation for Yacc-like parsers in C + + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, + Inc. -/* Skeleton implementation for Bison's Yacc-like parsers in C - - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 - Free Software Foundation, Inc. - This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -28,13 +27,17 @@ special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. - + This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* C LALR(1) parser skeleton written by Richard Stallman, by simplifying the original so-called "semantic" parser. */ +/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, + especially those whose name start with YY_ or yy_. They are + private implementation details that can be changed or removed. */ + /* All symbols defined below should begin with yy or YY, to avoid infringing on user name space. This should be done even for local variables, as they might otherwise be expanded by user macros. @@ -42,11 +45,11 @@ define necessary library symbols; they are noted "INFRINGES ON USER NAME SPACE" below. */ -/* Identify Bison output. */ -#define YYBISON 1 +/* Identify Bison output, and Bison version. */ +#define YYBISON 30704 -/* Bison version. */ -#define YYBISON_VERSION "2.4" +/* Bison version string. */ +#define YYBISON_VERSION "3.7.4" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -60,14 +63,10 @@ /* Pull parsers. */ #define YYPULL 1 -/* Using locations. */ -#define YYLSP_NEEDED 0 - -/* Copy the first part of user declarations. */ -/* Line 189 of yacc.c */ +/* First part of user prologue. */ #line 1 "vomsfake.y" /* @@ -97,102 +96,129 @@ extern VOLIST* volist; static void convertparam(VO *vo, PARAM* param); +#line 100 "vomsparser.c" -/* Line 189 of yacc.c */ -#line 102 "vomsparser.c" - -/* Enabling traces. */ -#ifndef YYDEBUG -# define YYDEBUG 1 -#endif - -/* Enabling verbose error messages. */ -#ifdef YYERROR_VERBOSE -# undef YYERROR_VERBOSE -# define YYERROR_VERBOSE 1 -#else -# define YYERROR_VERBOSE 1 -#endif - -/* Enabling the token table. */ -#ifndef YYTOKEN_TABLE -# define YYTOKEN_TABLE 0 -#endif - - -/* Tokens. */ -#ifndef YYTOKENTYPE -# define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - STRING = 258, - ID = 259 - }; -#endif - - +# ifndef YY_CAST +# ifdef __cplusplus +# define YY_CAST(Type, Val) static_cast (Val) +# define YY_REINTERPRET_CAST(Type, Val) reinterpret_cast (Val) +# else +# define YY_CAST(Type, Val) ((Type) (Val)) +# define YY_REINTERPRET_CAST(Type, Val) ((Type) (Val)) +# endif +# endif +# ifndef YY_NULLPTR +# if defined __cplusplus +# if 201103L <= __cplusplus +# define YY_NULLPTR nullptr +# else +# define YY_NULLPTR 0 +# endif +# else +# define YY_NULLPTR ((void*)0) +# endif +# endif -#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE +#include "vomsparser.h" +/* Symbol kind. */ +enum yysymbol_kind_t { + YYSYMBOL_YYEMPTY = -2, + YYSYMBOL_YYEOF = 0, /* "end of file" */ + YYSYMBOL_YYerror = 1, /* error */ + YYSYMBOL_YYUNDEF = 2, /* "invalid token" */ + YYSYMBOL_STRING = 3, /* STRING */ + YYSYMBOL_ID = 4, /* ID */ + YYSYMBOL_5_ = 5, /* '[' */ + YYSYMBOL_6_ = 6, /* ']' */ + YYSYMBOL_7_ = 7, /* '=' */ + YYSYMBOL_8_ = 8, /* '(' */ + YYSYMBOL_9_ = 9, /* ')' */ + YYSYMBOL_YYACCEPT = 10, /* $accept */ + YYSYMBOL_text = 11, /* text */ + YYSYMBOL_vo = 12, /* vo */ + YYSYMBOL_voparams = 13, /* voparams */ + YYSYMBOL_voparam = 14, /* voparam */ + YYSYMBOL_value = 15 /* value */ +}; +typedef enum yysymbol_kind_t yysymbol_kind_t; -/* Line 214 of yacc.c */ -#line 31 "vomsfake.y" - - char *string; - char *input; - PARAM *param; - PARAMLIST *params; - VO *vo; - VOLIST *vos; -/* Line 214 of yacc.c */ -#line 153 "vomsparser.c" -} YYSTYPE; -# define YYSTYPE_IS_TRIVIAL 1 -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ -# define YYSTYPE_IS_DECLARED 1 +#ifdef short +# undef short #endif +/* On compilers that do not define __PTRDIFF_MAX__ etc., make sure + and (if available) are included + so that the code can choose integer types of a good width. */ -/* Copy the second part of user declarations. */ - +#ifndef __PTRDIFF_MAX__ +# include /* INFRINGES ON USER NAME SPACE */ +# if defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ +# include /* INFRINGES ON USER NAME SPACE */ +# define YY_STDINT_H +# endif +#endif -/* Line 264 of yacc.c */ -#line 165 "vomsparser.c" +/* Narrow types that promote to a signed type and that can represent a + signed or unsigned integer of at least N bits. In tables they can + save space and decrease cache pressure. Promoting to a signed type + helps avoid bugs in integer arithmetic. */ -#ifdef short -# undef short +#ifdef __INT_LEAST8_MAX__ +typedef __INT_LEAST8_TYPE__ yytype_int8; +#elif defined YY_STDINT_H +typedef int_least8_t yytype_int8; +#else +typedef signed char yytype_int8; #endif -#ifdef YYTYPE_UINT8 -typedef YYTYPE_UINT8 yytype_uint8; +#ifdef __INT_LEAST16_MAX__ +typedef __INT_LEAST16_TYPE__ yytype_int16; +#elif defined YY_STDINT_H +typedef int_least16_t yytype_int16; #else -typedef unsigned char yytype_uint8; +typedef short yytype_int16; #endif -#ifdef YYTYPE_INT8 -typedef YYTYPE_INT8 yytype_int8; -#elif (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -typedef signed char yytype_int8; +#if defined __UINT_LEAST8_MAX__ && __UINT_LEAST8_MAX__ <= __INT_MAX__ +typedef __UINT_LEAST8_TYPE__ yytype_uint8; +#elif (!defined __UINT_LEAST8_MAX__ && defined YY_STDINT_H \ + && UINT_LEAST8_MAX <= INT_MAX) +typedef uint_least8_t yytype_uint8; +#elif !defined __UINT_LEAST8_MAX__ && UCHAR_MAX <= INT_MAX +typedef unsigned char yytype_uint8; #else -typedef short int yytype_int8; +typedef short yytype_uint8; #endif -#ifdef YYTYPE_UINT16 -typedef YYTYPE_UINT16 yytype_uint16; +#if defined __UINT_LEAST16_MAX__ && __UINT_LEAST16_MAX__ <= __INT_MAX__ +typedef __UINT_LEAST16_TYPE__ yytype_uint16; +#elif (!defined __UINT_LEAST16_MAX__ && defined YY_STDINT_H \ + && UINT_LEAST16_MAX <= INT_MAX) +typedef uint_least16_t yytype_uint16; +#elif !defined __UINT_LEAST16_MAX__ && USHRT_MAX <= INT_MAX +typedef unsigned short yytype_uint16; #else -typedef unsigned short int yytype_uint16; +typedef int yytype_uint16; #endif -#ifdef YYTYPE_INT16 -typedef YYTYPE_INT16 yytype_int16; -#else -typedef short int yytype_int16; +#ifndef YYPTRDIFF_T +# if defined __PTRDIFF_TYPE__ && defined __PTRDIFF_MAX__ +# define YYPTRDIFF_T __PTRDIFF_TYPE__ +# define YYPTRDIFF_MAXIMUM __PTRDIFF_MAX__ +# elif defined PTRDIFF_MAX +# ifndef ptrdiff_t +# include /* INFRINGES ON USER NAME SPACE */ +# endif +# define YYPTRDIFF_T ptrdiff_t +# define YYPTRDIFF_MAXIMUM PTRDIFF_MAX +# else +# define YYPTRDIFF_T long +# define YYPTRDIFF_MAXIMUM LONG_MAX +# endif #endif #ifndef YYSIZE_T @@ -200,55 +226,100 @@ typedef short int yytype_int16; # define YYSIZE_T __SIZE_TYPE__ # elif defined size_t # define YYSIZE_T size_t -# elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +# elif defined __STDC_VERSION__ && 199901 <= __STDC_VERSION__ # include /* INFRINGES ON USER NAME SPACE */ # define YYSIZE_T size_t # else -# define YYSIZE_T unsigned int +# define YYSIZE_T unsigned # endif #endif -#define YYSIZE_MAXIMUM ((YYSIZE_T) -1) +#define YYSIZE_MAXIMUM \ + YY_CAST (YYPTRDIFF_T, \ + (YYPTRDIFF_MAXIMUM < YY_CAST (YYSIZE_T, -1) \ + ? YYPTRDIFF_MAXIMUM \ + : YY_CAST (YYSIZE_T, -1))) + +#define YYSIZEOF(X) YY_CAST (YYPTRDIFF_T, sizeof (X)) + + +/* Stored state numbers (used for stacks). */ +typedef yytype_int8 yy_state_t; + +/* State numbers in computations. */ +typedef int yy_state_fast_t; #ifndef YY_ -# if YYENABLE_NLS +# if defined YYENABLE_NLS && YYENABLE_NLS # if ENABLE_NLS # include /* INFRINGES ON USER NAME SPACE */ -# define YY_(msgid) dgettext ("bison-runtime", msgid) +# define YY_(Msgid) dgettext ("bison-runtime", Msgid) # endif # endif # ifndef YY_ -# define YY_(msgid) msgid +# define YY_(Msgid) Msgid +# endif +#endif + + +#ifndef YY_ATTRIBUTE_PURE +# if defined __GNUC__ && 2 < __GNUC__ + (96 <= __GNUC_MINOR__) +# define YY_ATTRIBUTE_PURE __attribute__ ((__pure__)) +# else +# define YY_ATTRIBUTE_PURE +# endif +#endif + +#ifndef YY_ATTRIBUTE_UNUSED +# if defined __GNUC__ && 2 < __GNUC__ + (7 <= __GNUC_MINOR__) +# define YY_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) +# else +# define YY_ATTRIBUTE_UNUSED # endif #endif /* Suppress unused-variable warnings by "using" E. */ #if ! defined lint || defined __GNUC__ -# define YYUSE(e) ((void) (e)) +# define YYUSE(E) ((void) (E)) #else -# define YYUSE(e) /* empty */ +# define YYUSE(E) /* empty */ #endif -/* Identity function, used to suppress warnings about constant conditions. */ -#ifndef lint -# define YYID(n) (n) -#else -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static int -YYID (int yyi) +#if defined __GNUC__ && ! defined __ICC && 407 <= __GNUC__ * 100 + __GNUC_MINOR__ +/* Suppress an incorrect diagnostic about yylval being uninitialized. */ +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wuninitialized\"") \ + _Pragma ("GCC diagnostic ignored \"-Wmaybe-uninitialized\"") +# define YY_IGNORE_MAYBE_UNINITIALIZED_END \ + _Pragma ("GCC diagnostic pop") #else -static int -YYID (yyi) - int yyi; +# define YY_INITIAL_VALUE(Value) Value #endif -{ - return yyi; -} +#ifndef YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN +# define YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN +# define YY_IGNORE_MAYBE_UNINITIALIZED_END #endif +#ifndef YY_INITIAL_VALUE +# define YY_INITIAL_VALUE(Value) /* Nothing. */ +#endif + +#if defined __cplusplus && defined __GNUC__ && ! defined __ICC && 6 <= __GNUC__ +# define YY_IGNORE_USELESS_CAST_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wuseless-cast\"") +# define YY_IGNORE_USELESS_CAST_END \ + _Pragma ("GCC diagnostic pop") +#endif +#ifndef YY_IGNORE_USELESS_CAST_BEGIN +# define YY_IGNORE_USELESS_CAST_BEGIN +# define YY_IGNORE_USELESS_CAST_END +#endif + + +#define YY_ASSERT(E) ((void) (0 && (E))) -#if ! defined yyoverflow || YYERROR_VERBOSE +#if 1 /* The parser invokes alloca or malloc; define the necessary symbols. */ @@ -265,11 +336,11 @@ YYID (yyi) # define alloca _alloca # else # define YYSTACK_ALLOC alloca -# if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +# if ! defined _ALLOCA_H && ! defined EXIT_SUCCESS # include /* INFRINGES ON USER NAME SPACE */ -# ifndef _STDLIB_H -# define _STDLIB_H 1 + /* Use EXIT_SUCCESS as a witness for stdlib.h. */ +# ifndef EXIT_SUCCESS +# define EXIT_SUCCESS 0 # endif # endif # endif @@ -277,8 +348,8 @@ YYID (yyi) # endif # ifdef YYSTACK_ALLOC - /* Pacify GCC's `empty if-body' warning. */ -# define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) + /* Pacify GCC's 'empty if-body' warning. */ +# define YYSTACK_FREE(Ptr) do { /* empty */; } while (0) # ifndef YYSTACK_ALLOC_MAXIMUM /* The OS might guarantee only one guard page at the bottom of the stack, and a page size can be as small as 4096 bytes. So we cannot safely @@ -292,88 +363,89 @@ YYID (yyi) # ifndef YYSTACK_ALLOC_MAXIMUM # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM # endif -# if (defined __cplusplus && ! defined _STDLIB_H \ +# if (defined __cplusplus && ! defined EXIT_SUCCESS \ && ! ((defined YYMALLOC || defined malloc) \ - && (defined YYFREE || defined free))) + && (defined YYFREE || defined free))) # include /* INFRINGES ON USER NAME SPACE */ -# ifndef _STDLIB_H -# define _STDLIB_H 1 +# ifndef EXIT_SUCCESS +# define EXIT_SUCCESS 0 # endif # endif # ifndef YYMALLOC # define YYMALLOC malloc -# if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +# if ! defined malloc && ! defined EXIT_SUCCESS void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ # endif # endif # ifndef YYFREE # define YYFREE free -# if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +# if ! defined free && ! defined EXIT_SUCCESS void free (void *); /* INFRINGES ON USER NAME SPACE */ # endif # endif # endif -#endif /* ! defined yyoverflow || YYERROR_VERBOSE */ - +#endif /* 1 */ #if (! defined yyoverflow \ && (! defined __cplusplus \ - || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) + || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) /* A type that is properly aligned for any stack member. */ union yyalloc { - yytype_int16 yyss_alloc; + yy_state_t yyss_alloc; YYSTYPE yyvs_alloc; }; /* The size of the maximum gap between one aligned stack and the next. */ -# define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) +# define YYSTACK_GAP_MAXIMUM (YYSIZEOF (union yyalloc) - 1) /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ - ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + ((N) * (YYSIZEOF (yy_state_t) + YYSIZEOF (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) -/* Copy COUNT objects from FROM to TO. The source and destination do - not overlap. */ -# ifndef YYCOPY -# if defined __GNUC__ && 1 < __GNUC__ -# define YYCOPY(To, From, Count) \ - __builtin_memcpy (To, From, (Count) * sizeof (*(From))) -# else -# define YYCOPY(To, From, Count) \ - do \ - { \ - YYSIZE_T yyi; \ - for (yyi = 0; yyi < (Count); yyi++) \ - (To)[yyi] = (From)[yyi]; \ - } \ - while (YYID (0)) -# endif -# endif +# define YYCOPY_NEEDED 1 /* Relocate STACK from its old location to the new one. The local variables YYSIZE and YYSTACKSIZE give the old and new number of elements in the stack, and YYPTR gives the new location of the stack. Advance YYPTR to a properly aligned location for the next stack. */ -# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ - do \ - { \ - YYSIZE_T yynewbytes; \ - YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ - Stack = &yyptr->Stack_alloc; \ - yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ - yyptr += yynewbytes / sizeof (*yyptr); \ - } \ - while (YYID (0)) +# define YYSTACK_RELOCATE(Stack_alloc, Stack) \ + do \ + { \ + YYPTRDIFF_T yynewbytes; \ + YYCOPY (&yyptr->Stack_alloc, Stack, yysize); \ + Stack = &yyptr->Stack_alloc; \ + yynewbytes = yystacksize * YYSIZEOF (*Stack) + YYSTACK_GAP_MAXIMUM; \ + yyptr += yynewbytes / YYSIZEOF (*yyptr); \ + } \ + while (0) #endif +#if defined YYCOPY_NEEDED && YYCOPY_NEEDED +/* Copy COUNT objects from SRC to DST. The source and destination do + not overlap. */ +# ifndef YYCOPY +# if defined __GNUC__ && 1 < __GNUC__ +# define YYCOPY(Dst, Src, Count) \ + __builtin_memcpy (Dst, Src, YY_CAST (YYSIZE_T, (Count)) * sizeof (*(Src))) +# else +# define YYCOPY(Dst, Src, Count) \ + do \ + { \ + YYPTRDIFF_T yyi; \ + for (yyi = 0; yyi < (Count); yyi++) \ + (Dst)[yyi] = (Src)[yyi]; \ + } \ + while (0) +# endif +# endif +#endif /* !YYCOPY_NEEDED */ + /* YYFINAL -- State number of the termination state. */ #define YYFINAL 5 /* YYLAST -- Last index in YYTABLE. */ @@ -385,18 +457,23 @@ union yyalloc #define YYNNTS 6 /* YYNRULES -- Number of rules. */ #define YYNRULES 12 -/* YYNRULES -- Number of states. */ +/* YYNSTATES -- Number of states. */ #define YYNSTATES 21 -/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ -#define YYUNDEFTOK 2 +/* YYMAXUTOK -- Last valid token kind. */ #define YYMAXUTOK 259 -#define YYTRANSLATE(YYX) \ - ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) -/* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ -static const yytype_uint8 yytranslate[] = +/* YYTRANSLATE(TOKEN-NUM) -- Symbol number corresponding to TOKEN-NUM + as returned by yylex, with out-of-bounds checking. */ +#define YYTRANSLATE(YYX) \ + (0 <= (YYX) && (YYX) <= YYMAXUTOK \ + ? YY_CAST (yysymbol_kind_t, yytranslate[YYX]) \ + : YYSYMBOL_YYUNDEF) + +/* YYTRANSLATE[TOKEN-NUM] -- Symbol number corresponding to TOKEN-NUM + as returned by yylex. */ +static const yytype_int8 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -427,84 +504,59 @@ static const yytype_uint8 yytranslate[] = }; #if YYDEBUG -/* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in - YYRHS. */ -static const yytype_uint8 yyprhs[] = -{ - 0, 0, 3, 5, 8, 13, 17, 19, 22, 26, - 32, 41, 43 -}; - -/* YYRHS -- A `-1'-separated list of the rules' RHS. */ -static const yytype_int8 yyrhs[] = -{ - 11, 0, -1, 12, -1, 11, 12, -1, 5, 4, - 6, 13, -1, 5, 4, 6, -1, 14, -1, 13, - 14, -1, 4, 7, 15, -1, 4, 7, 15, 7, - 15, -1, 4, 7, 15, 7, 15, 8, 15, 9, - -1, 4, -1, 3, -1 -}; - -/* YYRLINE[YYN] -- source line where rule number YYN was defined. */ + /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_uint8 yyrline[] = { - 0, 51, 51, 58, 65, 82, 97, 103, 109, 114, - 125, 140, 141 + 0, 52, 52, 59, 66, 83, 98, 104, 110, 115, + 126, 141, 142 }; #endif -#if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE +/** Accessing symbol of state STATE. */ +#define YY_ACCESSING_SYMBOL(State) YY_CAST (yysymbol_kind_t, yystos[State]) + +#if 1 +/* The user-facing name of the symbol whose (internal) number is + YYSYMBOL. No bounds checking. */ +static const char *yysymbol_name (yysymbol_kind_t yysymbol) YY_ATTRIBUTE_UNUSED; + /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { - "$end", "error", "$undefined", "STRING", "ID", "'['", "']'", "'='", - "'('", "')'", "$accept", "text", "vo", "voparams", "voparam", "value", 0 + "\"end of file\"", "error", "\"invalid token\"", "STRING", "ID", "'['", + "']'", "'='", "'('", "')'", "$accept", "text", "vo", "voparams", + "voparam", "value", YY_NULLPTR }; + +static const char * +yysymbol_name (yysymbol_kind_t yysymbol) +{ + return yytname[yysymbol]; +} #endif -# ifdef YYPRINT -/* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to - token YYLEX-NUM. */ -static const yytype_uint16 yytoknum[] = +#ifdef YYPRINT +/* YYTOKNUM[NUM] -- (External) token number corresponding to the + (internal) symbol number NUM (which must be that of a token). */ +static const yytype_int16 yytoknum[] = { 0, 256, 257, 258, 259, 91, 93, 61, 40, 41 }; -# endif +#endif -/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ -static const yytype_uint8 yyr1[] = -{ - 0, 10, 11, 11, 12, 12, 13, 13, 14, 14, - 14, 15, 15 -}; +#define YYPACT_NINF (-16) -/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ -static const yytype_uint8 yyr2[] = -{ - 0, 2, 1, 2, 4, 3, 1, 2, 3, 5, - 8, 1, 1 -}; +#define yypact_value_is_default(Yyn) \ + ((Yyn) == YYPACT_NINF) -/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state - STATE-NUM when YYTABLE doesn't specify something else to do. Zero - means the default is an error. */ -static const yytype_uint8 yydefact[] = -{ - 0, 0, 0, 2, 0, 1, 3, 5, 0, 4, - 6, 0, 7, 12, 11, 8, 0, 9, 0, 0, - 10 -}; +#define YYTABLE_NINF (-1) -/* YYDEFGOTO[NTERM-NUM]. */ -static const yytype_int8 yydefgoto[] = -{ - -1, 2, 3, 9, 10, 15 -}; +#define yytable_value_is_error(Yyn) \ + 0 -/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing - STATE-NUM. */ -#define YYPACT_NINF -16 + /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing + STATE-NUM. */ static const yytype_int8 yypact[] = { -3, 4, 0, -16, -2, -16, -16, 5, 6, 5, @@ -512,18 +564,32 @@ static const yytype_int8 yypact[] = -16 }; -/* YYPGOTO[NTERM-NUM]. */ + /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. + Performed when YYTABLE does not specify something else to do. Zero + means the default is an error. */ +static const yytype_int8 yydefact[] = +{ + 0, 0, 0, 2, 0, 1, 3, 5, 0, 4, + 6, 0, 7, 12, 11, 8, 0, 9, 0, 0, + 10 +}; + + /* YYPGOTO[NTERM-NUM]. */ static const yytype_int8 yypgoto[] = { -16, -16, 9, -16, 10, -15 }; -/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If - positive, shift that token. If negative, reduce the rule which - number is the opposite. If zero, do what YYDEFACT says. - If YYTABLE_NINF, syntax error. */ -#define YYTABLE_NINF -1 -static const yytype_uint8 yytable[] = + /* YYDEFGOTO[NTERM-NUM]. */ +static const yytype_int8 yydefgoto[] = +{ + -1, 2, 3, 9, 10, 15 +}; + + /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If + positive, shift that token. If negative, reduce the rule whose + number is the opposite. If YYTABLE_NINF, syntax error. */ +static const yytype_int8 yytable[] = { 5, 17, 1, 19, 7, 1, 13, 14, 4, 8, 18, 6, 0, 11, 16, 0, 0, 20, 0, 12 @@ -535,104 +601,63 @@ static const yytype_int8 yycheck[] = 8, 2, -1, 7, 7, -1, -1, 9, -1, 9 }; -/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing - symbol of state STATE-NUM. */ -static const yytype_uint8 yystos[] = + /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing + symbol of state STATE-NUM. */ +static const yytype_int8 yystos[] = { 0, 5, 11, 12, 4, 0, 12, 6, 4, 13, 14, 7, 14, 3, 4, 15, 7, 15, 8, 15, 9 }; -#define yyerrok (yyerrstatus = 0) -#define yyclearin (yychar = YYEMPTY) -#define YYEMPTY (-2) -#define YYEOF 0 - -#define YYACCEPT goto yyacceptlab -#define YYABORT goto yyabortlab -#define YYERROR goto yyerrorlab + /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ +static const yytype_int8 yyr1[] = +{ + 0, 10, 11, 11, 12, 12, 13, 13, 14, 14, + 14, 15, 15 +}; + /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ +static const yytype_int8 yyr2[] = +{ + 0, 2, 1, 2, 4, 3, 1, 2, 3, 5, + 8, 1, 1 +}; -/* Like YYERROR except do call yyerror. This remains here temporarily - to ease the transition to the new meaning of YYERROR, for GCC. - Once GCC version 2 has supplanted version 1, this can go. */ -#define YYFAIL goto yyerrlab +enum { YYENOMEM = -2 }; -#define YYRECOVERING() (!!yyerrstatus) +#define yyerrok (yyerrstatus = 0) +#define yyclearin (yychar = YYEMPTY) -#define YYBACKUP(Token, Value) \ -do \ - if (yychar == YYEMPTY && yylen == 1) \ - { \ - yychar = (Token); \ - yylval = (Value); \ - yytoken = YYTRANSLATE (yychar); \ - YYPOPSTACK (1); \ - goto yybackup; \ - } \ - else \ - { \ - yyerror (YY_("syntax error: cannot back up")); \ - YYERROR; \ - } \ -while (YYID (0)) - - -#define YYTERROR 1 -#define YYERRCODE 256 - - -/* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. - If N is 0, then set CURRENT to the empty location which ends - the previous symbol: RHS[0] (always defined). */ - -#define YYRHSLOC(Rhs, K) ((Rhs)[K]) -#ifndef YYLLOC_DEFAULT -# define YYLLOC_DEFAULT(Current, Rhs, N) \ - do \ - if (YYID (N)) \ - { \ - (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ - (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ - (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ - (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ - } \ - else \ - { \ - (Current).first_line = (Current).last_line = \ - YYRHSLOC (Rhs, 0).last_line; \ - (Current).first_column = (Current).last_column = \ - YYRHSLOC (Rhs, 0).last_column; \ - } \ - while (YYID (0)) -#endif +#define YYACCEPT goto yyacceptlab +#define YYABORT goto yyabortlab +#define YYERROR goto yyerrorlab -/* YY_LOCATION_PRINT -- Print the location on the stream. - This macro was not mandated originally: define only if we know - we won't break user code: when these are the locations we know. */ - -#ifndef YY_LOCATION_PRINT -# if YYLTYPE_IS_TRIVIAL -# define YY_LOCATION_PRINT(File, Loc) \ - fprintf (File, "%d.%d-%d.%d", \ - (Loc).first_line, (Loc).first_column, \ - (Loc).last_line, (Loc).last_column) -# else -# define YY_LOCATION_PRINT(File, Loc) ((void) 0) -# endif -#endif +#define YYRECOVERING() (!!yyerrstatus) +#define YYBACKUP(Token, Value) \ + do \ + if (yychar == YYEMPTY) \ + { \ + yychar = (Token); \ + yylval = (Value); \ + YYPOPSTACK (yylen); \ + yystate = *yyssp; \ + goto yybackup; \ + } \ + else \ + { \ + yyerror (YY_("syntax error: cannot back up")); \ + YYERROR; \ + } \ + while (0) + +/* Backward compatibility with an undocumented macro. + Use YYerror or YYUNDEF. */ +#define YYERRCODE YYUNDEF -/* YYLEX -- calling `yylex' with the right arguments. */ - -#ifdef YYLEX_PARAM -# define YYLEX yylex (YYLEX_PARAM) -#else -# define YYLEX yylex () -#endif /* Enable debugging if requested. */ #if YYDEBUG @@ -642,80 +667,65 @@ while (YYID (0)) # define YYFPRINTF fprintf # endif -# define YYDPRINTF(Args) \ -do { \ - if (yydebug) \ - YYFPRINTF Args; \ -} while (YYID (0)) - -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ -do { \ - if (yydebug) \ - { \ - YYFPRINTF (stderr, "%s ", Title); \ - yy_symbol_print (stderr, \ - Type, Value); \ - YYFPRINTF (stderr, "\n"); \ - } \ -} while (YYID (0)) - - -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ - -/*ARGSUSED*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) -#else +# define YYDPRINTF(Args) \ +do { \ + if (yydebug) \ + YYFPRINTF Args; \ +} while (0) + +/* This macro is provided for backward compatibility. */ +# ifndef YY_LOCATION_PRINT +# define YY_LOCATION_PRINT(File, Loc) ((void) 0) +# endif + + +# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) \ +do { \ + if (yydebug) \ + { \ + YYFPRINTF (stderr, "%s ", Title); \ + yy_symbol_print (stderr, \ + Kind, Value); \ + YYFPRINTF (stderr, "\n"); \ + } \ +} while (0) + + +/*-----------------------------------. +| Print this symbol's value on YYO. | +`-----------------------------------*/ + static void -yy_symbol_value_print (yyoutput, yytype, yyvaluep) - FILE *yyoutput; - int yytype; - YYSTYPE const * const yyvaluep; -#endif +yy_symbol_value_print (FILE *yyo, + yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) { + FILE *yyoutput = yyo; + YYUSE (yyoutput); if (!yyvaluep) return; # ifdef YYPRINT - if (yytype < YYNTOKENS) - YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); -# else - YYUSE (yyoutput); + if (yykind < YYNTOKENS) + YYPRINT (yyo, yytoknum[yykind], *yyvaluep); # endif - switch (yytype) - { - default: - break; - } + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + YYUSE (yykind); + YY_IGNORE_MAYBE_UNINITIALIZED_END } -/*--------------------------------. -| Print this symbol on YYOUTPUT. | -`--------------------------------*/ +/*---------------------------. +| Print this symbol on YYO. | +`---------------------------*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) static void -yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) -#else -static void -yy_symbol_print (yyoutput, yytype, yyvaluep) - FILE *yyoutput; - int yytype; - YYSTYPE const * const yyvaluep; -#endif +yy_symbol_print (FILE *yyo, + yysymbol_kind_t yykind, YYSTYPE const * const yyvaluep) { - if (yytype < YYNTOKENS) - YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); - else - YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); + YYFPRINTF (yyo, "%s %s (", + yykind < YYNTOKENS ? "token" : "nterm", yysymbol_name (yykind)); - yy_symbol_value_print (yyoutput, yytype, yyvaluep); - YYFPRINTF (yyoutput, ")"); + yy_symbol_value_print (yyo, yykind, yyvaluep); + YYFPRINTF (yyo, ")"); } /*------------------------------------------------------------------. @@ -723,16 +733,8 @@ yy_symbol_print (yyoutput, yytype, yyvaluep) | TOP (included). | `------------------------------------------------------------------*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_stack_print (yytype_int16 *yybottom, yytype_int16 *yytop) -#else static void -yy_stack_print (yybottom, yytop) - yytype_int16 *yybottom; - yytype_int16 *yytop; -#endif +yy_stack_print (yy_state_t *yybottom, yy_state_t *yytop) { YYFPRINTF (stderr, "Stack now"); for (; yybottom <= yytop; yybottom++) @@ -743,63 +745,56 @@ yy_stack_print (yybottom, yytop) YYFPRINTF (stderr, "\n"); } -# define YY_STACK_PRINT(Bottom, Top) \ -do { \ - if (yydebug) \ - yy_stack_print ((Bottom), (Top)); \ -} while (YYID (0)) +# define YY_STACK_PRINT(Bottom, Top) \ +do { \ + if (yydebug) \ + yy_stack_print ((Bottom), (Top)); \ +} while (0) /*------------------------------------------------. | Report that the YYRULE is going to be reduced. | `------------------------------------------------*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yy_reduce_print (YYSTYPE *yyvsp, int yyrule) -#else static void -yy_reduce_print (yyvsp, yyrule) - YYSTYPE *yyvsp; - int yyrule; -#endif +yy_reduce_print (yy_state_t *yyssp, YYSTYPE *yyvsp, + int yyrule) { + int yylno = yyrline[yyrule]; int yynrhs = yyr2[yyrule]; int yyi; - unsigned long int yylno = yyrline[yyrule]; - YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", - yyrule - 1, yylno); + YYFPRINTF (stderr, "Reducing stack by rule %d (line %d):\n", + yyrule - 1, yylno); /* The symbols being reduced. */ for (yyi = 0; yyi < yynrhs; yyi++) { YYFPRINTF (stderr, " $%d = ", yyi + 1); - yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], - &(yyvsp[(yyi + 1) - (yynrhs)]) - ); + yy_symbol_print (stderr, + YY_ACCESSING_SYMBOL (+yyssp[yyi + 1 - yynrhs]), + &yyvsp[(yyi + 1) - (yynrhs)]); YYFPRINTF (stderr, "\n"); } } -# define YY_REDUCE_PRINT(Rule) \ -do { \ - if (yydebug) \ - yy_reduce_print (yyvsp, Rule); \ -} while (YYID (0)) +# define YY_REDUCE_PRINT(Rule) \ +do { \ + if (yydebug) \ + yy_reduce_print (yyssp, yyvsp, Rule); \ +} while (0) /* Nonzero means print parse trace. It is left uninitialized so that multiple parsers can coexist. */ int yydebug; #else /* !YYDEBUG */ -# define YYDPRINTF(Args) -# define YY_SYMBOL_PRINT(Title, Type, Value, Location) +# define YYDPRINTF(Args) ((void) 0) +# define YY_SYMBOL_PRINT(Title, Kind, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ /* YYINITDEPTH -- initial size of the parser's stacks. */ -#ifndef YYINITDEPTH +#ifndef YYINITDEPTH # define YYINITDEPTH 200 #endif @@ -814,49 +809,81 @@ int yydebug; # define YYMAXDEPTH 10000 #endif - -#if YYERROR_VERBOSE +/* Context of a parse error. */ +typedef struct +{ + yy_state_t *yyssp; + yysymbol_kind_t yytoken; +} yypcontext_t; + +/* Put in YYARG at most YYARGN of the expected tokens given the + current YYCTX, and return the number of tokens stored in YYARG. If + YYARG is null, return the number of expected tokens (guaranteed to + be less than YYNTOKENS). Return YYENOMEM on memory exhaustion. + Return 0 if there are more than YYARGN expected tokens, yet fill + YYARG up to YYARGN. */ +static int +yypcontext_expected_tokens (const yypcontext_t *yyctx, + yysymbol_kind_t yyarg[], int yyargn) +{ + /* Actual size of YYARG. */ + int yycount = 0; + int yyn = yypact[+*yyctx->yyssp]; + if (!yypact_value_is_default (yyn)) + { + /* Start YYX at -YYN if negative to avoid negative indexes in + YYCHECK. In other words, skip the first -YYN actions for + this state because they are default actions. */ + int yyxbegin = yyn < 0 ? -yyn : 0; + /* Stay within bounds of both yycheck and yytname. */ + int yychecklim = YYLAST - yyn + 1; + int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; + int yyx; + for (yyx = yyxbegin; yyx < yyxend; ++yyx) + if (yycheck[yyx + yyn] == yyx && yyx != YYSYMBOL_YYerror + && !yytable_value_is_error (yytable[yyx + yyn])) + { + if (!yyarg) + ++yycount; + else if (yycount == yyargn) + return 0; + else + yyarg[yycount++] = YY_CAST (yysymbol_kind_t, yyx); + } + } + if (yyarg && yycount == 0 && 0 < yyargn) + yyarg[0] = YYSYMBOL_YYEMPTY; + return yycount; +} -# ifndef yystrlen -# if defined __GLIBC__ && defined _STRING_H -# define yystrlen strlen -# else + + + +#ifndef yystrlen +# if defined __GLIBC__ && defined _STRING_H +# define yystrlen(S) (YY_CAST (YYPTRDIFF_T, strlen (S))) +# else /* Return the length of YYSTR. */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static YYSIZE_T +static YYPTRDIFF_T yystrlen (const char *yystr) -#else -static YYSIZE_T -yystrlen (yystr) - const char *yystr; -#endif { - YYSIZE_T yylen; + YYPTRDIFF_T yylen; for (yylen = 0; yystr[yylen]; yylen++) continue; return yylen; } -# endif # endif +#endif -# ifndef yystpcpy -# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE -# define yystpcpy stpcpy -# else +#ifndef yystpcpy +# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE +# define yystpcpy stpcpy +# else /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in YYDEST. */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) static char * yystpcpy (char *yydest, const char *yysrc) -#else -static char * -yystpcpy (yydest, yysrc) - char *yydest; - const char *yysrc; -#endif { char *yyd = yydest; const char *yys = yysrc; @@ -866,10 +893,10 @@ yystpcpy (yydest, yysrc) return yyd - 1; } -# endif # endif +#endif -# ifndef yytnamerr +#ifndef yytnamerr /* Copy to YYRES the contents of YYSTR after stripping away unnecessary quotes and backslashes, so that it's suitable for yyerror. The heuristic is that double-quoting is unnecessary unless the string @@ -877,279 +904,253 @@ yystpcpy (yydest, yysrc) backslash-backslash). YYSTR is taken from yytname. If YYRES is null, do not copy; instead, return the length of what the result would have been. */ -static YYSIZE_T +static YYPTRDIFF_T yytnamerr (char *yyres, const char *yystr) { if (*yystr == '"') { - YYSIZE_T yyn = 0; + YYPTRDIFF_T yyn = 0; char const *yyp = yystr; - for (;;) - switch (*++yyp) - { - case '\'': - case ',': - goto do_not_strip_quotes; - - case '\\': - if (*++yyp != '\\') - goto do_not_strip_quotes; - /* Fall through. */ - default: - if (yyres) - yyres[yyn] = *yyp; - yyn++; - break; - - case '"': - if (yyres) - yyres[yyn] = '\0'; - return yyn; - } + switch (*++yyp) + { + case '\'': + case ',': + goto do_not_strip_quotes; + + case '\\': + if (*++yyp != '\\') + goto do_not_strip_quotes; + else + goto append; + + append: + default: + if (yyres) + yyres[yyn] = *yyp; + yyn++; + break; + + case '"': + if (yyres) + yyres[yyn] = '\0'; + return yyn; + } do_not_strip_quotes: ; } - if (! yyres) + if (yyres) + return yystpcpy (yyres, yystr) - yyres; + else return yystrlen (yystr); - - return yystpcpy (yyres, yystr) - yyres; } -# endif +#endif -/* Copy into YYRESULT an error message about the unexpected token - YYCHAR while in state YYSTATE. Return the number of bytes copied, - including the terminating null byte. If YYRESULT is null, do not - copy anything; just return the number of bytes that would be - copied. As a special case, return 0 if an ordinary "syntax error" - message will do. Return YYSIZE_MAXIMUM if overflow occurs during - size calculation. */ -static YYSIZE_T -yysyntax_error (char *yyresult, int yystate, int yychar) -{ - int yyn = yypact[yystate]; - if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) - return 0; - else +static int +yy_syntax_error_arguments (const yypcontext_t *yyctx, + yysymbol_kind_t yyarg[], int yyargn) +{ + /* Actual size of YYARG. */ + int yycount = 0; + /* There are many possibilities here to consider: + - If this state is a consistent state with a default action, then + the only way this function was invoked is if the default action + is an error action. In that case, don't check for expected + tokens because there are none. + - The only way there can be no lookahead present (in yychar) is if + this state is a consistent state with a default action. Thus, + detecting the absence of a lookahead is sufficient to determine + that there is no unexpected or expected token to report. In that + case, just report a simple "syntax error". + - Don't assume there isn't a lookahead just because this state is a + consistent state with a default action. There might have been a + previous inconsistent state, consistent state with a non-default + action, or user semantic action that manipulated yychar. + - Of course, the expected token list depends on states to have + correct lookahead information, and it depends on the parser not + to perform extra reductions after fetching a lookahead from the + scanner and before detecting a syntax error. Thus, state merging + (from LALR or IELR) and default reductions corrupt the expected + token list. However, the list is correct for canonical LR with + one exception: it will still contain any token that will not be + accepted due to an error action in a later state. + */ + if (yyctx->yytoken != YYSYMBOL_YYEMPTY) { - int yytype = YYTRANSLATE (yychar); - YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); - YYSIZE_T yysize = yysize0; - YYSIZE_T yysize1; - int yysize_overflow = 0; - enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; - char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; - int yyx; - -# if 0 - /* This is so xgettext sees the translatable formats that are - constructed on the fly. */ - YY_("syntax error, unexpected %s"); - YY_("syntax error, unexpected %s, expecting %s"); - YY_("syntax error, unexpected %s, expecting %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s"); - YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); -# endif - char *yyfmt; - char const *yyf; - static char const yyunexpected[] = "syntax error, unexpected %s"; - static char const yyexpecting[] = ", expecting %s"; - static char const yyor[] = " or %s"; - char yyformat[sizeof yyunexpected - + sizeof yyexpecting - 1 - + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) - * (sizeof yyor - 1))]; - char const *yyprefix = yyexpecting; + int yyn; + if (yyarg) + yyarg[yycount] = yyctx->yytoken; + ++yycount; + yyn = yypcontext_expected_tokens (yyctx, + yyarg ? yyarg + 1 : yyarg, yyargn - 1); + if (yyn == YYENOMEM) + return YYENOMEM; + else + yycount += yyn; + } + return yycount; +} - /* Start YYX at -YYN if negative to avoid negative indexes in - YYCHECK. */ - int yyxbegin = yyn < 0 ? -yyn : 0; +/* Copy into *YYMSG, which is of size *YYMSG_ALLOC, an error message + about the unexpected token YYTOKEN for the state stack whose top is + YYSSP. - /* Stay within bounds of both yycheck and yytname. */ - int yychecklim = YYLAST - yyn + 1; - int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; - int yycount = 1; + Return 0 if *YYMSG was successfully written. Return -1 if *YYMSG is + not large enough to hold the message. In that case, also set + *YYMSG_ALLOC to the required number of bytes. Return YYENOMEM if the + required number of bytes is too large to store. */ +static int +yysyntax_error (YYPTRDIFF_T *yymsg_alloc, char **yymsg, + const yypcontext_t *yyctx) +{ + enum { YYARGS_MAX = 5 }; + /* Internationalized format string. */ + const char *yyformat = YY_NULLPTR; + /* Arguments of yyformat: reported tokens (one for the "unexpected", + one per "expected"). */ + yysymbol_kind_t yyarg[YYARGS_MAX]; + /* Cumulated lengths of YYARG. */ + YYPTRDIFF_T yysize = 0; + + /* Actual size of YYARG. */ + int yycount = yy_syntax_error_arguments (yyctx, yyarg, YYARGS_MAX); + if (yycount == YYENOMEM) + return YYENOMEM; + + switch (yycount) + { +#define YYCASE_(N, S) \ + case N: \ + yyformat = S; \ + break + default: /* Avoid compiler warnings. */ + YYCASE_(0, YY_("syntax error")); + YYCASE_(1, YY_("syntax error, unexpected %s")); + YYCASE_(2, YY_("syntax error, unexpected %s, expecting %s")); + YYCASE_(3, YY_("syntax error, unexpected %s, expecting %s or %s")); + YYCASE_(4, YY_("syntax error, unexpected %s, expecting %s or %s or %s")); + YYCASE_(5, YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s")); +#undef YYCASE_ + } - yyarg[0] = yytname[yytype]; - yyfmt = yystpcpy (yyformat, yyunexpected); + /* Compute error message size. Don't count the "%s"s, but reserve + room for the terminator. */ + yysize = yystrlen (yyformat) - 2 * yycount + 1; + { + int yyi; + for (yyi = 0; yyi < yycount; ++yyi) + { + YYPTRDIFF_T yysize1 + = yysize + yytnamerr (YY_NULLPTR, yytname[yyarg[yyi]]); + if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) + yysize = yysize1; + else + return YYENOMEM; + } + } - for (yyx = yyxbegin; yyx < yyxend; ++yyx) - if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) - { - if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) - { - yycount = 1; - yysize = yysize0; - yyformat[sizeof yyunexpected - 1] = '\0'; - break; - } - yyarg[yycount++] = yytname[yyx]; - yysize1 = yysize + yytnamerr (0, yytname[yyx]); - yysize_overflow |= (yysize1 < yysize); - yysize = yysize1; - yyfmt = yystpcpy (yyfmt, yyprefix); - yyprefix = yyor; - } - - yyf = YY_(yyformat); - yysize1 = yysize + yystrlen (yyf); - yysize_overflow |= (yysize1 < yysize); - yysize = yysize1; - - if (yysize_overflow) - return YYSIZE_MAXIMUM; - - if (yyresult) - { - /* Avoid sprintf, as that infringes on the user's name space. - Don't have undefined behavior even if the translation - produced a string with the wrong number of "%s"s. */ - char *yyp = yyresult; - int yyi = 0; - while ((*yyp = *yyf) != '\0') - { - if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) - { - yyp += yytnamerr (yyp, yyarg[yyi++]); - yyf += 2; - } - else - { - yyp++; - yyf++; - } - } - } - return yysize; + if (*yymsg_alloc < yysize) + { + *yymsg_alloc = 2 * yysize; + if (! (yysize <= *yymsg_alloc + && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) + *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; + return -1; } + + /* Avoid sprintf, as that infringes on the user's name space. + Don't have undefined behavior even if the translation + produced a string with the wrong number of "%s"s. */ + { + char *yyp = *yymsg; + int yyi = 0; + while ((*yyp = *yyformat) != '\0') + if (*yyp == '%' && yyformat[1] == 's' && yyi < yycount) + { + yyp += yytnamerr (yyp, yytname[yyarg[yyi++]]); + yyformat += 2; + } + else + { + ++yyp; + ++yyformat; + } + } + return 0; } -#endif /* YYERROR_VERBOSE */ - + /*-----------------------------------------------. | Release the memory associated to this symbol. | `-----------------------------------------------*/ -/*ARGSUSED*/ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -static void -yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) -#else static void -yydestruct (yymsg, yytype, yyvaluep) - const char *yymsg; - int yytype; - YYSTYPE *yyvaluep; -#endif +yydestruct (const char *yymsg, + yysymbol_kind_t yykind, YYSTYPE *yyvaluep) { YYUSE (yyvaluep); - if (!yymsg) yymsg = "Deleting"; - YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); - - switch (yytype) - { + YY_SYMBOL_PRINT (yymsg, yykind, yyvaluep, yylocationp); - default: - break; - } + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN + YYUSE (yykind); + YY_IGNORE_MAYBE_UNINITIALIZED_END } -/* Prevent warnings from -Wmissing-prototypes. */ -#ifdef YYPARSE_PARAM -#if defined __STDC__ || defined __cplusplus -int yyparse (void *YYPARSE_PARAM); -#else -int yyparse (); -#endif -#else /* ! YYPARSE_PARAM */ -#if defined __STDC__ || defined __cplusplus -int yyparse (void); -#else -int yyparse (); -#endif -#endif /* ! YYPARSE_PARAM */ - -/* The lookahead symbol. */ +/* Lookahead token kind. */ int yychar; /* The semantic value of the lookahead symbol. */ YYSTYPE yylval; - /* Number of syntax errors so far. */ int yynerrs; -/*-------------------------. -| yyparse or yypush_parse. | -`-------------------------*/ -#ifdef YYPARSE_PARAM -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) -int -yyparse (void *YYPARSE_PARAM) -#else -int -yyparse (YYPARSE_PARAM) - void *YYPARSE_PARAM; -#endif -#else /* ! YYPARSE_PARAM */ -#if (defined __STDC__ || defined __C99__FUNC__ \ - || defined __cplusplus || defined _MSC_VER) +/*----------. +| yyparse. | +`----------*/ + int yyparse (void) -#else -int -yyparse () - -#endif -#endif { - - - int yystate; + yy_state_fast_t yystate = 0; /* Number of tokens to shift before error messages enabled. */ - int yyerrstatus; + int yyerrstatus = 0; - /* The stacks and their tools: - `yyss': related to states. - `yyvs': related to semantic values. - - Refer to the stacks thru separate pointers, to allow yyoverflow + /* Refer to the stacks through separate pointers, to allow yyoverflow to reallocate them elsewhere. */ - /* The state stack. */ - yytype_int16 yyssa[YYINITDEPTH]; - yytype_int16 *yyss; - yytype_int16 *yyssp; + /* Their size. */ + YYPTRDIFF_T yystacksize = YYINITDEPTH; - /* The semantic value stack. */ - YYSTYPE yyvsa[YYINITDEPTH]; - YYSTYPE *yyvs; - YYSTYPE *yyvsp; + /* The state stack: array, bottom, top. */ + yy_state_t yyssa[YYINITDEPTH]; + yy_state_t *yyss = yyssa; + yy_state_t *yyssp = yyss; - YYSIZE_T yystacksize; + /* The semantic value stack: array, bottom, top. */ + YYSTYPE yyvsa[YYINITDEPTH]; + YYSTYPE *yyvs = yyvsa; + YYSTYPE *yyvsp = yyvs; int yyn; + /* The return value of yyparse. */ int yyresult; - /* Lookahead token as an internal (translated) token number. */ - int yytoken; + /* Lookahead symbol kind. */ + yysymbol_kind_t yytoken = YYSYMBOL_YYEMPTY; /* The variables used to return semantic value and location from the action routines. */ YYSTYPE yyval; -#if YYERROR_VERBOSE /* Buffer for error messages, and its allocated size. */ char yymsgbuf[128]; char *yymsg = yymsgbuf; - YYSIZE_T yymsg_alloc = sizeof yymsgbuf; -#endif + YYPTRDIFF_T yymsg_alloc = sizeof yymsgbuf; #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) @@ -1157,133 +1158,138 @@ yyparse () Keep to zero when no symbol should be popped. */ int yylen = 0; - yytoken = 0; - yyss = yyssa; - yyvs = yyvsa; - yystacksize = YYINITDEPTH; - YYDPRINTF ((stderr, "Starting parse\n")); - yystate = 0; - yyerrstatus = 0; - yynerrs = 0; yychar = YYEMPTY; /* Cause a token to be read. */ - - /* Initialize stack pointers. - Waste one element of value and location stack - so that they stay on the same level as the state stack. - The wasted elements are never initialized. */ - yyssp = yyss; - yyvsp = yyvs; - goto yysetstate; + /*------------------------------------------------------------. -| yynewstate -- Push a new state, which is found in yystate. | +| yynewstate -- push a new state, which is found in yystate. | `------------------------------------------------------------*/ - yynewstate: +yynewstate: /* In all cases, when you get here, the value and location stacks have just been pushed. So pushing a state here evens the stacks. */ yyssp++; - yysetstate: - *yyssp = yystate; + +/*--------------------------------------------------------------------. +| yysetstate -- set current state (the top of the stack) to yystate. | +`--------------------------------------------------------------------*/ +yysetstate: + YYDPRINTF ((stderr, "Entering state %d\n", yystate)); + YY_ASSERT (0 <= yystate && yystate < YYNSTATES); + YY_IGNORE_USELESS_CAST_BEGIN + *yyssp = YY_CAST (yy_state_t, yystate); + YY_IGNORE_USELESS_CAST_END + YY_STACK_PRINT (yyss, yyssp); if (yyss + yystacksize - 1 <= yyssp) +#if !defined yyoverflow && !defined YYSTACK_RELOCATE + goto yyexhaustedlab; +#else { /* Get the current used size of the three stacks, in elements. */ - YYSIZE_T yysize = yyssp - yyss + 1; + YYPTRDIFF_T yysize = yyssp - yyss + 1; -#ifdef yyoverflow +# if defined yyoverflow { - /* Give user a chance to reallocate the stack. Use copies of - these so that the &'s don't force the real ones into - memory. */ - YYSTYPE *yyvs1 = yyvs; - yytype_int16 *yyss1 = yyss; - - /* Each stack pointer address is followed by the size of the - data in use in that stack, in bytes. This used to be a - conditional around just the two extra args, but that might - be undefined if yyoverflow is a macro. */ - yyoverflow (YY_("memory exhausted"), - &yyss1, yysize * sizeof (*yyssp), - &yyvs1, yysize * sizeof (*yyvsp), - &yystacksize); - - yyss = yyss1; - yyvs = yyvs1; + /* Give user a chance to reallocate the stack. Use copies of + these so that the &'s don't force the real ones into + memory. */ + yy_state_t *yyss1 = yyss; + YYSTYPE *yyvs1 = yyvs; + + /* Each stack pointer address is followed by the size of the + data in use in that stack, in bytes. This used to be a + conditional around just the two extra args, but that might + be undefined if yyoverflow is a macro. */ + yyoverflow (YY_("memory exhausted"), + &yyss1, yysize * YYSIZEOF (*yyssp), + &yyvs1, yysize * YYSIZEOF (*yyvsp), + &yystacksize); + yyss = yyss1; + yyvs = yyvs1; } -#else /* no yyoverflow */ -# ifndef YYSTACK_RELOCATE - goto yyexhaustedlab; -# else +# else /* defined YYSTACK_RELOCATE */ /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) - goto yyexhaustedlab; + goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) - yystacksize = YYMAXDEPTH; + yystacksize = YYMAXDEPTH; { - yytype_int16 *yyss1 = yyss; - union yyalloc *yyptr = - (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); - if (! yyptr) - goto yyexhaustedlab; - YYSTACK_RELOCATE (yyss_alloc, yyss); - YYSTACK_RELOCATE (yyvs_alloc, yyvs); + yy_state_t *yyss1 = yyss; + union yyalloc *yyptr = + YY_CAST (union yyalloc *, + YYSTACK_ALLOC (YY_CAST (YYSIZE_T, YYSTACK_BYTES (yystacksize)))); + if (! yyptr) + goto yyexhaustedlab; + YYSTACK_RELOCATE (yyss_alloc, yyss); + YYSTACK_RELOCATE (yyvs_alloc, yyvs); # undef YYSTACK_RELOCATE - if (yyss1 != yyssa) - YYSTACK_FREE (yyss1); + if (yyss1 != yyssa) + YYSTACK_FREE (yyss1); } # endif -#endif /* no yyoverflow */ yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; - YYDPRINTF ((stderr, "Stack size increased to %lu\n", - (unsigned long int) yystacksize)); + YY_IGNORE_USELESS_CAST_BEGIN + YYDPRINTF ((stderr, "Stack size increased to %ld\n", + YY_CAST (long, yystacksize))); + YY_IGNORE_USELESS_CAST_END if (yyss + yystacksize - 1 <= yyssp) - YYABORT; + YYABORT; } - - YYDPRINTF ((stderr, "Entering state %d\n", yystate)); +#endif /* !defined yyoverflow && !defined YYSTACK_RELOCATE */ if (yystate == YYFINAL) YYACCEPT; goto yybackup; + /*-----------. | yybackup. | `-----------*/ yybackup: - /* Do appropriate processing given the current state. Read a lookahead token if we need one and don't already have one. */ /* First try to decide what to do without reference to lookahead token. */ yyn = yypact[yystate]; - if (yyn == YYPACT_NINF) + if (yypact_value_is_default (yyn)) goto yydefault; /* Not known => get a lookahead token if don't already have one. */ - /* YYCHAR is either YYEMPTY or YYEOF or a valid lookahead symbol. */ + /* YYCHAR is either empty, or end-of-input, or a valid lookahead. */ if (yychar == YYEMPTY) { - YYDPRINTF ((stderr, "Reading a token: ")); - yychar = YYLEX; + YYDPRINTF ((stderr, "Reading a token\n")); + yychar = yylex (); } if (yychar <= YYEOF) { - yychar = yytoken = YYEOF; + yychar = YYEOF; + yytoken = YYSYMBOL_YYEOF; YYDPRINTF ((stderr, "Now at end of input.\n")); } + else if (yychar == YYerror) + { + /* The scanner already issued an error message, process directly + to error recovery. But do not keep the error token as + lookahead, it is too special and may lead us to an endless + loop in error recovery. */ + yychar = YYUNDEF; + yytoken = YYSYMBOL_YYerror; + goto yyerrlab1; + } else { yytoken = YYTRANSLATE (yychar); @@ -1298,8 +1304,8 @@ yyparse () yyn = yytable[yyn]; if (yyn <= 0) { - if (yyn == 0 || yyn == YYTABLE_NINF) - goto yyerrlab; + if (yytable_value_is_error (yyn)) + goto yyerrlab; yyn = -yyn; goto yyreduce; } @@ -1311,13 +1317,13 @@ yyparse () /* Shift the lookahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); - - /* Discard the shifted token. */ - yychar = YYEMPTY; - yystate = yyn; + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; + YY_IGNORE_MAYBE_UNINITIALIZED_END + /* Discard the shifted token. */ + yychar = YYEMPTY; goto yynewstate; @@ -1332,14 +1338,14 @@ yyparse () /*-----------------------------. -| yyreduce -- Do a reduction. | +| yyreduce -- do a reduction. | `-----------------------------*/ yyreduce: /* yyn is the number of a rule to reduce with. */ yylen = yyr2[yyn]; /* If YYLEN is nonzero, implement the default value of the action: - `$$ = $1'. + '$$ = $1'. Otherwise, the following line sets YYVAL to garbage. This behavior is undocumented and Bison @@ -1352,248 +1358,242 @@ yyparse () YY_REDUCE_PRINT (yyn); switch (yyn) { - case 2: - -/* Line 1455 of yacc.c */ -#line 51 "vomsfake.y" - { + case 2: /* text: vo */ +#line 52 "vomsfake.y" + { (yyval.vos) = (VOLIST*)malloc(sizeof(VOLIST)); (yyval.vos)->vos= (VO**)malloc(sizeof(VO*)*MAX_SIZE); (yyval.vos)->current=0; - (yyval.vos)->vos[(yyval.vos)->current++] = (yyvsp[(1) - (1)].vo); + (yyval.vos)->vos[(yyval.vos)->current++] = (yyvsp[0].vo); volist = (yyval.vos); } +#line 1371 "vomsparser.c" break; - case 3: - -/* Line 1455 of yacc.c */ -#line 58 "vomsfake.y" - { - (yyval.vos) = (yyvsp[(1) - (2)].vos); - (yyval.vos)->vos[(yyval.vos)->current++] = (yyvsp[(2) - (2)].vo); + case 3: /* text: text vo */ +#line 59 "vomsfake.y" + { + (yyval.vos) = (yyvsp[-1].vos); + (yyval.vos)->vos[(yyval.vos)->current++] = (yyvsp[0].vo); volist = (yyval.vos); } +#line 1381 "vomsparser.c" break; - case 4: - -/* Line 1455 of yacc.c */ -#line 65 "vomsfake.y" - { + case 4: /* vo: '[' ID ']' voparams */ +#line 66 "vomsfake.y" + { (yyval.vo) = (VO *)calloc(1,sizeof(VO)); (yyval.vo)->fqans = (char**)malloc(sizeof(char*)*MAX_SIZE); (yyval.vo)->fqansize = 0; (yyval.vo)->gas = (char**)malloc(sizeof(char*)*MAX_SIZE); (yyval.vo)->gasize = 0; (yyval.vo)->targets = NULL; - (yyval.vo)->voname = (yyvsp[(2) - (4)].string); + (yyval.vo)->voname = (yyvsp[-2].string); (yyval.vo)->extensions = (char**)malloc(sizeof(char*)*MAX_SIZE); (yyval.vo)->extsize = 0; - (yyval.vo)->params = (yyvsp[(4) - (4)].params); + (yyval.vo)->params = (yyvsp[0].params); { int i =0; for (i = 0 ; i < (yyval.vo)->params->current; i++) convertparam((yyval.vo), (yyval.vo)->params->params[i]); } } +#line 1403 "vomsparser.c" break; - case 5: - -/* Line 1455 of yacc.c */ -#line 82 "vomsfake.y" - { + case 5: /* vo: '[' ID ']' */ +#line 83 "vomsfake.y" + { (yyval.vo) = (VO *)calloc(1,sizeof(VO)); (yyval.vo)->fqans = NULL; (yyval.vo)->fqansize = 0; (yyval.vo)->gas = NULL; (yyval.vo)->gasize = 0; (yyval.vo)->targets = NULL; - (yyval.vo)->voname = (yyvsp[(2) - (3)].string); + (yyval.vo)->voname = (yyvsp[-1].string); (yyval.vo)->extensions = NULL; (yyval.vo)->extsize = 0; (yyval.vo)->params = NULL; } +#line 1421 "vomsparser.c" break; - case 6: - -/* Line 1455 of yacc.c */ -#line 97 "vomsfake.y" - { + case 6: /* voparams: voparam */ +#line 98 "vomsfake.y" + { (yyval.params) = (PARAMLIST *)malloc(sizeof(PARAMLIST)); (yyval.params)->params = (PARAM**)malloc(sizeof(PARAM*)*MAX_SIZE); (yyval.params)->current=0; - (yyval.params)->params[(yyval.params)->current++] = (yyvsp[(1) - (1)].param); + (yyval.params)->params[(yyval.params)->current++] = (yyvsp[0].param); } +#line 1432 "vomsparser.c" break; - case 7: - -/* Line 1455 of yacc.c */ -#line 103 "vomsfake.y" - { - (yyval.params) = (yyvsp[(1) - (2)].params); - (yyval.params)->params[(yyval.params)->current++] = (yyvsp[(2) - (2)].param); + case 7: /* voparams: voparams voparam */ +#line 104 "vomsfake.y" + { + (yyval.params) = (yyvsp[-1].params); + (yyval.params)->params[(yyval.params)->current++] = (yyvsp[0].param); } +#line 1441 "vomsparser.c" break; - case 8: - -/* Line 1455 of yacc.c */ -#line 109 "vomsfake.y" - { + case 8: /* voparam: ID '=' value */ +#line 110 "vomsfake.y" + { (yyval.param) = (PARAM *)calloc(1,sizeof(PARAM)); - (yyval.param)->name = (yyvsp[(1) - (3)].string); - (yyval.param)->value = (yyvsp[(3) - (3)].input); + (yyval.param)->name = (yyvsp[-2].string); + (yyval.param)->value = (yyvsp[0].input); } +#line 1451 "vomsparser.c" break; - case 9: - -/* Line 1455 of yacc.c */ -#line 114 "vomsfake.y" - { + case 9: /* voparam: ID '=' value '=' value */ +#line 115 "vomsfake.y" + { (yyval.param) = (PARAM *)calloc(1,sizeof(PARAM)); - (yyval.param)->name = (yyvsp[(1) - (5)].string); - (yyval.param)->value = malloc(strlen((yyvsp[(3) - (5)].input))+strlen((yyvsp[(5) - (5)].input))+4); + (yyval.param)->name = (yyvsp[-4].string); + (yyval.param)->value = malloc(strlen((yyvsp[-2].input))+strlen((yyvsp[0].input))+4); strcpy((yyval.param)->value, "::"); - strcat((yyval.param)->value, (yyvsp[(3) - (5)].input)); + strcat((yyval.param)->value, (yyvsp[-2].input)); strcat((yyval.param)->value,"="); - strcat((yyval.param)->value, (yyvsp[(5) - (5)].input)); - free((yyvsp[(3) - (5)].input)); - free((yyvsp[(5) - (5)].input)); + strcat((yyval.param)->value, (yyvsp[0].input)); + free((yyvsp[-2].input)); + free((yyvsp[0].input)); } +#line 1467 "vomsparser.c" break; - case 10: - -/* Line 1455 of yacc.c */ -#line 125 "vomsfake.y" - { + case 10: /* voparam: ID '=' value '=' value '(' value ')' */ +#line 126 "vomsfake.y" + { (yyval.param) = (PARAM *)calloc(1,sizeof(PARAM)); - (yyval.param)->name = (yyvsp[(1) - (8)].string); - (yyval.param)->value = malloc(strlen((yyvsp[(3) - (8)].input))+strlen((yyvsp[(5) - (8)].input))+strlen((yyvsp[(7) - (8)].input))+4); - strcpy((yyval.param)->value, (yyvsp[(7) - (8)].input)); + (yyval.param)->name = (yyvsp[-7].string); + (yyval.param)->value = malloc(strlen((yyvsp[-5].input))+strlen((yyvsp[-3].input))+strlen((yyvsp[-1].input))+4); + strcpy((yyval.param)->value, (yyvsp[-1].input)); strcat((yyval.param)->value, "::"); - strcat((yyval.param)->value, (yyvsp[(3) - (8)].input)); + strcat((yyval.param)->value, (yyvsp[-5].input)); strcat((yyval.param)->value,"="); - strcat((yyval.param)->value, (yyvsp[(5) - (8)].input)); - free((yyvsp[(3) - (8)].input)); - free((yyvsp[(5) - (8)].input)); - free((yyvsp[(7) - (8)].input)); + strcat((yyval.param)->value, (yyvsp[-3].input)); + free((yyvsp[-5].input)); + free((yyvsp[-3].input)); + free((yyvsp[-1].input)); } +#line 1485 "vomsparser.c" break; - case 11: - -/* Line 1455 of yacc.c */ -#line 140 "vomsfake.y" - { (yyval.input) = (yyvsp[(1) - (1)].string); } + case 11: /* value: ID */ +#line 141 "vomsfake.y" + { (yyval.input) = (yyvsp[0].string); } +#line 1491 "vomsparser.c" break; - case 12: - -/* Line 1455 of yacc.c */ -#line 141 "vomsfake.y" - { (yyval.input) = (yyvsp[(1) - (1)].string); } + case 12: /* value: STRING */ +#line 142 "vomsfake.y" + { (yyval.input) = (yyvsp[0].string); } +#line 1497 "vomsparser.c" break; +#line 1501 "vomsparser.c" -/* Line 1455 of yacc.c */ -#line 1507 "vomsparser.c" default: break; } - YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); + /* User semantic actions sometimes alter yychar, and that requires + that yytoken be updated with the new translation. We take the + approach of translating immediately before every use of yytoken. + One alternative is translating here after every semantic action, + but that translation would be missed if the semantic action invokes + YYABORT, YYACCEPT, or YYERROR immediately after altering yychar or + if it invokes YYBACKUP. In the case of YYABORT or YYACCEPT, an + incorrect destructor might then be invoked immediately. In the + case of YYERROR or YYBACKUP, subsequent parser actions might lead + to an incorrect destructor call or verbose syntax error message + before the lookahead is translated. */ + YY_SYMBOL_PRINT ("-> $$ =", YY_CAST (yysymbol_kind_t, yyr1[yyn]), &yyval, &yyloc); YYPOPSTACK (yylen); yylen = 0; - YY_STACK_PRINT (yyss, yyssp); *++yyvsp = yyval; - /* Now `shift' the result of the reduction. Determine what state + /* Now 'shift' the result of the reduction. Determine what state that goes to, based on the state we popped back to and the rule number reduced by. */ - - yyn = yyr1[yyn]; - - yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; - if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) - yystate = yytable[yystate]; - else - yystate = yydefgoto[yyn - YYNTOKENS]; + { + const int yylhs = yyr1[yyn] - YYNTOKENS; + const int yyi = yypgoto[yylhs] + *yyssp; + yystate = (0 <= yyi && yyi <= YYLAST && yycheck[yyi] == *yyssp + ? yytable[yyi] + : yydefgoto[yylhs]); + } goto yynewstate; -/*------------------------------------. -| yyerrlab -- here on detecting error | -`------------------------------------*/ +/*--------------------------------------. +| yyerrlab -- here on detecting error. | +`--------------------------------------*/ yyerrlab: + /* Make sure we have latest lookahead translation. See comments at + user semantic actions for why this is necessary. */ + yytoken = yychar == YYEMPTY ? YYSYMBOL_YYEMPTY : YYTRANSLATE (yychar); /* If not already recovering from an error, report this error. */ if (!yyerrstatus) { ++yynerrs; -#if ! YYERROR_VERBOSE - yyerror (YY_("syntax error")); -#else { - YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); - if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) - { - YYSIZE_T yyalloc = 2 * yysize; - if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) - yyalloc = YYSTACK_ALLOC_MAXIMUM; - if (yymsg != yymsgbuf) - YYSTACK_FREE (yymsg); - yymsg = (char *) YYSTACK_ALLOC (yyalloc); - if (yymsg) - yymsg_alloc = yyalloc; - else - { - yymsg = yymsgbuf; - yymsg_alloc = sizeof yymsgbuf; - } - } - - if (0 < yysize && yysize <= yymsg_alloc) - { - (void) yysyntax_error (yymsg, yystate, yychar); - yyerror (yymsg); - } - else - { - yyerror (YY_("syntax error")); - if (yysize != 0) - goto yyexhaustedlab; - } + yypcontext_t yyctx + = {yyssp, yytoken}; + char const *yymsgp = YY_("syntax error"); + int yysyntax_error_status; + yysyntax_error_status = yysyntax_error (&yymsg_alloc, &yymsg, &yyctx); + if (yysyntax_error_status == 0) + yymsgp = yymsg; + else if (yysyntax_error_status == -1) + { + if (yymsg != yymsgbuf) + YYSTACK_FREE (yymsg); + yymsg = YY_CAST (char *, + YYSTACK_ALLOC (YY_CAST (YYSIZE_T, yymsg_alloc))); + if (yymsg) + { + yysyntax_error_status + = yysyntax_error (&yymsg_alloc, &yymsg, &yyctx); + yymsgp = yymsg; + } + else + { + yymsg = yymsgbuf; + yymsg_alloc = sizeof yymsgbuf; + yysyntax_error_status = YYENOMEM; + } + } + yyerror (yymsgp); + if (yysyntax_error_status == YYENOMEM) + goto yyexhaustedlab; } -#endif } - - if (yyerrstatus == 3) { /* If just tried and failed to reuse lookahead token after an - error, discard it. */ + error, discard it. */ if (yychar <= YYEOF) - { - /* Return failure if at end of input. */ - if (yychar == YYEOF) - YYABORT; - } + { + /* Return failure if at end of input. */ + if (yychar == YYEOF) + YYABORT; + } else - { - yydestruct ("Error: discarding", - yytoken, &yylval); - yychar = YYEMPTY; - } + { + yydestruct ("Error: discarding", + yytoken, &yylval); + yychar = YYEMPTY; + } } /* Else will try to reuse lookahead token after shifting the error @@ -1605,14 +1605,12 @@ yyparse () | yyerrorlab -- error raised explicitly by YYERROR. | `---------------------------------------------------*/ yyerrorlab: + /* Pacify compilers when the user code never invokes YYERROR and the + label yyerrorlab therefore never appears in user code. */ + if (0) + YYERROR; - /* Pacify compilers like GCC when the user code never invokes - YYERROR and the label yyerrorlab therefore never appears in user - code. */ - if (/*CONSTCOND*/ 0) - goto yyerrorlab; - - /* Do not reclaim the symbols of the rule which action triggered + /* Do not reclaim the symbols of the rule whose action triggered this YYERROR. */ YYPOPSTACK (yylen); yylen = 0; @@ -1625,39 +1623,42 @@ yyparse () | yyerrlab1 -- common code for both syntax error and YYERROR. | `-------------------------------------------------------------*/ yyerrlab1: - yyerrstatus = 3; /* Each real token shifted decrements this. */ + yyerrstatus = 3; /* Each real token shifted decrements this. */ + /* Pop stack until we find a state that shifts the error token. */ for (;;) { yyn = yypact[yystate]; - if (yyn != YYPACT_NINF) - { - yyn += YYTERROR; - if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) - { - yyn = yytable[yyn]; - if (0 < yyn) - break; - } - } + if (!yypact_value_is_default (yyn)) + { + yyn += YYSYMBOL_YYerror; + if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYSYMBOL_YYerror) + { + yyn = yytable[yyn]; + if (0 < yyn) + break; + } + } /* Pop the current state because it cannot handle the error token. */ if (yyssp == yyss) - YYABORT; + YYABORT; yydestruct ("Error: popping", - yystos[yystate], yyvsp); + YY_ACCESSING_SYMBOL (yystate), yyvsp); YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } + YY_IGNORE_MAYBE_UNINITIALIZED_BEGIN *++yyvsp = yylval; + YY_IGNORE_MAYBE_UNINITIALIZED_END /* Shift the error token. */ - YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); + YY_SYMBOL_PRINT ("Shifting", YY_ACCESSING_SYMBOL (yyn), yyvsp, yylsp); yystate = yyn; goto yynewstate; @@ -1670,6 +1671,7 @@ yyparse () yyresult = 0; goto yyreturn; + /*-----------------------------------. | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ @@ -1677,46 +1679,50 @@ yyparse () yyresult = 1; goto yyreturn; -#if !defined(yyoverflow) || YYERROR_VERBOSE + +#if 1 /*-------------------------------------------------. | yyexhaustedlab -- memory exhaustion comes here. | `-------------------------------------------------*/ yyexhaustedlab: yyerror (YY_("memory exhausted")); yyresult = 2; - /* Fall through. */ + goto yyreturn; #endif + +/*-------------------------------------------------------. +| yyreturn -- parsing is finished, clean up and return. | +`-------------------------------------------------------*/ yyreturn: if (yychar != YYEMPTY) - yydestruct ("Cleanup: discarding lookahead", - yytoken, &yylval); - /* Do not reclaim the symbols of the rule which action triggered + { + /* Make sure we have latest lookahead translation. See comments at + user semantic actions for why this is necessary. */ + yytoken = YYTRANSLATE (yychar); + yydestruct ("Cleanup: discarding lookahead", + yytoken, &yylval); + } + /* Do not reclaim the symbols of the rule whose action triggered this YYABORT or YYACCEPT. */ YYPOPSTACK (yylen); YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct ("Cleanup: popping", - yystos[*yyssp], yyvsp); + YY_ACCESSING_SYMBOL (+*yyssp), yyvsp); YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif -#if YYERROR_VERBOSE if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); -#endif - /* Make sure YYID is used. */ - return YYID (yyresult); + return yyresult; } - - -/* Line 1675 of yacc.c */ -#line 144 "vomsfake.y" +#line 145 "vomsfake.y" static void convertparam(VO *vo, PARAM* param) @@ -1763,4 +1769,3 @@ static void convertparam(VO *vo, PARAM* param) free(param->value); free(param->name); } - diff --git a/src/utils/vomsparser.h b/src/utils/vomsparser.h index d48f8a68..a5995a18 100644 --- a/src/utils/vomsparser.h +++ b/src/utils/vomsparser.h @@ -1,21 +1,20 @@ +/* A Bison parser, made by GNU Bison 3.7.4. */ -/* A Bison parser, made by GNU Bison 2.4. */ +/* Bison interface for Yacc-like parsers in C + + Copyright (C) 1984, 1989-1990, 2000-2015, 2018-2020 Free Software Foundation, + Inc. -/* Skeleton interface for Bison's Yacc-like parsers in C - - Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 - Free Software Foundation, Inc. - This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -28,30 +27,51 @@ special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. - + This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ +/* DO NOT RELY ON FEATURES THAT ARE NOT DOCUMENTED in the manual, + especially those whose name start with YY_ or yy_. They are + private implementation details that can be changed or removed. */ + +#ifndef YY_YY_VOMSPARSER_H_INCLUDED +# define YY_YY_VOMSPARSER_H_INCLUDED +/* Debug traces. */ +#ifndef YYDEBUG +# define YYDEBUG 1 +#endif +#if YYDEBUG +extern int yydebug; +#endif -/* Tokens. */ +/* Token kinds. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE - /* Put the tokens into the symbol table, so that GDB and other debuggers - know about them. */ - enum yytokentype { - STRING = 258, - ID = 259 - }; + enum yytokentype + { + YYEMPTY = -2, + YYEOF = 0, /* "end of file" */ + YYerror = 256, /* error */ + YYUNDEF = 257, /* "invalid token" */ + STRING = 258, /* STRING */ + ID = 259 /* ID */ + }; + typedef enum yytokentype yytoken_kind_t; #endif - - - +/* Token kinds. */ +#define YYEMPTY -2 +#define YYEOF 0 +#define YYerror 256 +#define YYUNDEF 257 +#define STRING 258 +#define ID 259 + +/* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE +union YYSTYPE { - -/* Line 1676 of yacc.c */ -#line 31 "vomsfake.y" +#line 32 "vomsfake.y" char *string; char *input; @@ -60,16 +80,17 @@ typedef union YYSTYPE VO *vo; VOLIST *vos; +#line 84 "vomsparser.h" - -/* Line 1676 of yacc.c */ -#line 67 "vomsparser.h" -} YYSTYPE; +}; +typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 -# define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 #endif + extern YYSTYPE yylval; +int yyparse (void); +#endif /* !YY_YY_VOMSPARSER_H_INCLUDED */ From 15654d2cd0cfd81ad41e42a0cb17c03d633a2083 Mon Sep 17 00:00:00 2001 From: rwf14f Date: Fri, 3 May 2024 12:04:16 +0100 Subject: [PATCH 76/92] Fix problem with newer gsoap versions. (#125) --- src/server/vomsd.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/server/vomsd.cc b/src/server/vomsd.cc index 09ea7fa6..a25d5ae7 100644 --- a/src/server/vomsd.cc +++ b/src/server/vomsd.cc @@ -841,7 +841,12 @@ void VOMSServer::Run() sop->ssl = sock.ssl; // GSOAP will handle this - sop->fparse(sop); + // newer versions of gsoap don't call the http handlers (eg fget) in fparse + // fparse returns SOAP_STOP if any of the handlers were called instead of SOAP_OK (older versions) + // if the return value is SOAP_OK then no hander has been called (newer versions) and we call + // fget manually if it's a get request (SOAP_GET) + if(sop->fparse(sop) == SOAP_OK && sop->status == SOAP_GET) + sop->fget(sop); sock.Close(); } else { From dfc9b7664fe75af428b3ffd46212311ae1814678 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 3 May 2024 14:56:53 +0200 Subject: [PATCH 77/92] Adjust docker compose infrastructure --- .devcontainer/devcontainer.json | 16 ++++++++++------ .devcontainer/docker-compose.yml | 16 ++++++++++++++-- docker-compose.yml | 2 +- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 5c15e705..5f41104f 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -13,19 +13,23 @@ // The 'service' property is the name of the service for the container that VS Code should // use. Update this value and .devcontainer/docker-compose.yml to the real service name. - "service": "container-centos7", + "service": "container-centos9", // Uncomment the next line if you want start specific services in your Docker Compose config. - "runServices": ["container-centos7"], + "runServices": ["container-centos9"], // The optional 'workspaceFolder' property is the path VS Code should open by default when // connected. This is typically a file mount in .devcontainer/docker-compose.yml "workspaceFolder": "/workspace", - "extensions": [ - "ms-vscode.cpptools", "eamodio.gitlens" - ], - + "customizations": { + "vscode": { + "extensions": [ + "ms-vscode.cpptools", + "eamodio.gitlens" + ] + } + }, // Use 'forwardPorts' to make a list of ports inside the container available locally. // "forwardPorts": [], diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml index 58ff8854..9786200b 100644 --- a/.devcontainer/docker-compose.yml +++ b/.devcontainer/docker-compose.yml @@ -3,13 +3,19 @@ services: container-centos9: + environment: + - TZ=Europe/Rome + + depends_on: + - trust + build: context: .devcontainer dockerfile: Dockerfile-centos9 volumes: - trustanchors:/etc/grid-security/certificates - - .:/workspace:cached + - .:/workspace cap_add: - SYS_PTRACE @@ -22,13 +28,19 @@ services: container-centos7: + environment: + - TZ=Europe/Rome + + depends_on: + - trust + build: context: .devcontainer dockerfile: Dockerfile-centos7 volumes: - trustanchors:/etc/grid-security/certificates - - .:/workspace:cached + - .:/workspace cap_add: - SYS_PTRACE diff --git a/docker-compose.yml b/docker-compose.yml index 057c7daf..2bc6a4cb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,7 @@ volumes: services: trust: - image: indigoiam/egi-trustanchors + image: indigoiam/egi-trustanchors:igi-test-ca volumes: - trustanchors:/tmp/certificates From c78c527f08b47b988022e41b7538456779fc2d0c Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Mon, 20 May 2024 16:57:58 +0200 Subject: [PATCH 78/92] Use almalinux:9 instead of centos(stream)9 --- .devcontainer/{Dockerfile-centos9 => Dockerfile-el9} | 2 +- .devcontainer/devcontainer.json | 4 ++-- .devcontainer/docker-compose.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) rename .devcontainer/{Dockerfile-centos9 => Dockerfile-el9} (87%) diff --git a/.devcontainer/Dockerfile-centos9 b/.devcontainer/Dockerfile-el9 similarity index 87% rename from .devcontainer/Dockerfile-centos9 rename to .devcontainer/Dockerfile-el9 index f799654e..c2791497 100644 --- a/.devcontainer/Dockerfile-centos9 +++ b/.devcontainer/Dockerfile-el9 @@ -1,4 +1,4 @@ -FROM quay.io/centos/centos:stream9 +FROM almalinux:9 COPY library-scripts/*.sh /tmp/library-scripts/ RUN \ diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 5f41104f..a8cc5cba 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -13,10 +13,10 @@ // The 'service' property is the name of the service for the container that VS Code should // use. Update this value and .devcontainer/docker-compose.yml to the real service name. - "service": "container-centos9", + "service": "container-el9", // Uncomment the next line if you want start specific services in your Docker Compose config. - "runServices": ["container-centos9"], + "runServices": ["container-el9"], // The optional 'workspaceFolder' property is the path VS Code should open by default when // connected. This is typically a file mount in .devcontainer/docker-compose.yml diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml index 9786200b..69965bcf 100644 --- a/.devcontainer/docker-compose.yml +++ b/.devcontainer/docker-compose.yml @@ -1,7 +1,7 @@ services: - container-centos9: + container-el9: environment: - TZ=Europe/Rome @@ -11,7 +11,7 @@ services: build: context: .devcontainer - dockerfile: Dockerfile-centos9 + dockerfile: Dockerfile-el9 volumes: - trustanchors:/etc/grid-security/certificates From 1947b5fb8daee6fa3eda9bedf6204bf58063eea6 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Thu, 23 May 2024 11:47:15 +0200 Subject: [PATCH 79/92] Merge the possible order arguments into the fqans Contrary to the VOMS server, VOMS-AA expects that the fqans query parameter includes also the FQANs specified with the --order command line argument of voms-proxy-init. We keep the order query parameter, which is instead expected by the VOMS server. --- src/api/ccapi/voms_api.cc | 92 ++++++++++++++++++++++++++++++++++----- 1 file changed, 80 insertions(+), 12 deletions(-) diff --git a/src/api/ccapi/voms_api.cc b/src/api/ccapi/voms_api.cc index bb84199b..c70e967d 100644 --- a/src/api/ccapi/voms_api.cc +++ b/src/api/ccapi/voms_api.cc @@ -73,6 +73,8 @@ extern int InitProxyCertInfoExtension(int); #include #include #include +#include +#include #include #include "data.h" @@ -331,12 +333,89 @@ static X509 *get_own_cert() return NULL; } +static void change(std::string &name, const std::string& from, const std::string& to) +{ + std::string::size_type pos = name.find(from); + + while (pos != std::string::npos) { + name = name.substr(0, pos) + to + name.substr(pos+from.length()); + pos = name.find(from, pos+1); + } +} + +static std::vector split(std::string const& source, char delim) +{ + std::vector result; + std::istringstream is(source); + std::string token; + + while (std::getline(is, token, delim)) { + if (!token.empty()) { + result.push_back(token); + } + } + return result; +} + +static std::string join(std::vector const& v, char delim) +{ + std::string result; + + if (!v.empty()) { + result = v.front(); + } + + for (std::vector::const_iterator it = std::next(v.begin()), end = v.end(); + it != end; ++it) + { + result += delim; + result += *it; + } + + return result; +} + +static bool is_role(std::string const& s) +{ + return s.find("/Role=") != std::string::npos; +} + +static std::string merge_order_and_fqans(std::string const& fqans, std::string const& ordering) +{ + std::vector ordering_v = split(ordering, ','); + std::vector fqans_v = split(fqans, ','); + std::vector merged_v; + + for (std::vector::iterator it = ordering_v.begin(), end = ordering_v.end(); + it != end; ++it) + { + std::vector::iterator fqans_it = std::find(fqans_v.begin(), fqans_v.end(), *it); + if (fqans_it != fqans_v.end()) + { + merged_v.push_back(*it); + fqans_v.erase(fqans_it); + } else if (!is_role(*it)) { + merged_v.push_back(*it); + } + } + + merged_v.insert(merged_v.end(), fqans_v.begin(), fqans_v.end()); + + return join(merged_v, ','); +} bool vomsdata::ContactRESTRaw(const std::string& hostname, int port, const std::string& command, std::string& raw, UNUSED(int version), int timeout) { std::string temp; - std::string realCommand = "GET /generate-ac?fqans="+ parse_commands(command); + std::string fqans = parse_commands(command); + + if (fqans != "all" && !ordering.empty()) { + change(ordering, ":", "/Role="); + fqans = merge_order_and_fqans(fqans, ordering); + } + + std::string realCommand = "GET /generate-ac?fqans=" + fqans; realCommand += "&lifetime="+ stringify(duration, temp); @@ -1055,17 +1134,6 @@ bool vomsdata::LoadCredentials(X509 *cert, EVP_PKEY *pkey, STACK_OF(X509) *chain return true; } - -static void change(std::string &name, const std::string& from, const std::string& to) -{ - std::string::size_type pos = name.find(from); - - while (pos != std::string::npos) { - name = name.substr(0, pos) + to + name.substr(pos+from.length()); - pos = name.find(from, pos+1); - } -} - static std::string parse_commands(const std::string& commands) { if (commands[0] == '/') From a6ab24a43ab25b3c510416c63054c4a8808431be Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Thu, 23 May 2024 12:30:19 +0200 Subject: [PATCH 80/92] Fix implementation of join And avoid the use of std::next, which is C++11 --- src/api/ccapi/voms_api.cc | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/api/ccapi/voms_api.cc b/src/api/ccapi/voms_api.cc index c70e967d..cc22181f 100644 --- a/src/api/ccapi/voms_api.cc +++ b/src/api/ccapi/voms_api.cc @@ -359,14 +359,17 @@ static std::vector split(std::string const& source, char delim) static std::string join(std::vector const& v, char delim) { + std::vector::const_iterator it = v.begin(); + std::vector::const_iterator const end = v.end(); + std::string result; - if (!v.empty()) { - result = v.front(); + if (it != end) { + result += *it; + ++it; } - for (std::vector::const_iterator it = std::next(v.begin()), end = v.end(); - it != end; ++it) + for (; it != end; ++it) { result += delim; result += *it; From 6580b4cf87ebe727114df1f58e470df9b477b70c Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Thu, 23 May 2024 13:04:12 +0200 Subject: [PATCH 81/92] Update gh action and use almalinux:9 --- .github/workflows/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 82d89e5a..2d73ea8d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest container: centos:centos7 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install packages run: | @@ -23,11 +23,11 @@ jobs: ./configure make - centos9: + el9: runs-on: ubuntu-latest - container: quay.io/centos/centos:stream9 + container: almalinux:9 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install packages run: | @@ -43,7 +43,7 @@ jobs: ubuntu2004: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install packages run: | From 27551b414b4a7be4f9c6f8bdd193fadb7697a603 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Thu, 23 May 2024 13:07:37 +0200 Subject: [PATCH 82/92] Downgrade gh action for centos7 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2d73ea8d..63767272 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest container: centos:centos7 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v3 - name: Install packages run: | From 511937df59abb8ae8eb95a0bd5305de2d7160ddd Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Thu, 23 May 2024 15:00:26 +0200 Subject: [PATCH 83/92] Add missing files in the tarball distribution --- src/include/Makefile.am | 2 +- src/sslutils/Makefile.am | 2 +- src/utils/Makefile.am | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/include/Makefile.am b/src/include/Makefile.am index 52de22e2..8bd8f862 100644 --- a/src/include/Makefile.am +++ b/src/include/Makefile.am @@ -12,6 +12,6 @@ options.h pass.h Server.h fqan.h doio.h \ vomsxml.h errors.h log.h sslutils.h normalize.h \ listfunc.h credentials.h newformat.h proxycertinfo.h proxypolicy.h \ acstack.h validate.h ccac.h init.h ccwrite.h getopts.h replace.h dbwrap.h \ -stamp-h.in stamp-h1.in +stamp-h.in stamp-h1.in ssl_compat.h MAINTAINERCLEANFILES = Makefile.in diff --git a/src/sslutils/Makefile.am b/src/sslutils/Makefile.am index cc2393c8..f3af1a22 100644 --- a/src/sslutils/Makefile.am +++ b/src/sslutils/Makefile.am @@ -15,7 +15,7 @@ SOURCES= scutils.c scutils.h sslutils.c proxycertinfo.c proxypolicy.c \ EXTRA_DIST = namespaces.l namespaces.y namespaces.h \ signing_policy.y signing_policy.l signing_policy.h \ - parsertypes.h + parsertypes.h lexparse.h evaluate.$(OBJEXT): signing_policy.h namespaces.h parsertypes.h evaluate.c diff --git a/src/utils/Makefile.am b/src/utils/Makefile.am index 5c6ff510..eaa5692a 100644 --- a/src/utils/Makefile.am +++ b/src/utils/Makefile.am @@ -41,7 +41,7 @@ voms_proxy_fake_SOURCES = \ vomsparser.c \ lex.yy.c -EXTRA_DIST = vomsfake.y vomsparser.l vomsparser.h fakeparsertypes.h +EXTRA_DIST = vomsfake.y vomsparser.l vomsparser.h fakeparsertypes.h lexparse.h vomsfake.$(OBJEXT): vomsparser.h From f64356f20fe89dbd5055ab1ca7d25aeeb820d09e Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 24 May 2024 09:45:17 +0200 Subject: [PATCH 84/92] Remove unused myproxycertinfo source files They were replaced by those coming from globus during the migration to OpenSSL 1.1. --- src/client/vomsclient.cc | 1 - src/include/myproxycertinfo.h | 131 --------- src/sslutils/myproxycertinfo.c | 510 --------------------------------- 3 files changed, 642 deletions(-) delete mode 100644 src/include/myproxycertinfo.h delete mode 100644 src/sslutils/myproxycertinfo.c diff --git a/src/client/vomsclient.cc b/src/client/vomsclient.cc index 3c6221ab..893988f0 100644 --- a/src/client/vomsclient.cc +++ b/src/client/vomsclient.cc @@ -67,7 +67,6 @@ extern "C" { extern "C" { - //#include "myproxycertinfo.h" #include "vomsproxy.h" } diff --git a/src/include/myproxycertinfo.h b/src/include/myproxycertinfo.h deleted file mode 100644 index 2840971b..00000000 --- a/src/include/myproxycertinfo.h +++ /dev/null @@ -1,131 +0,0 @@ -/********************************************************************* - * - * Authors: Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it - * Valerio Venturi - valerio.venturi@cnaf.infn.it - * - * Copyright (c) Members of the EGEE Collaboration. 2004-2010. - * See http://www.eu-egee.org/partners/ for details on the copyright holders. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Parts of this code may be based upon or even include verbatim pieces, - * originally written by other people, in which case the original header - * follows. - * - *********************************************************************/ -#ifndef VOMS_PROXYCERTINFO_H -#define VOMS_PROXYCERTINFO_H - -#include -#include -#include - -/* predefined policy language */ -#define IMPERSONATION_PROXY_OID "1.3.6.1.5.5.7.21.1" -#define IMPERSONATION_PROXY_SN "IMPERSONATION_PROXY" -#define IMPERSONATION_PROXY_LN "GSI impersonation proxy" - -#define INDEPENDENT_PROXY_OID "1.3.6.1.5.5.7.21.2" -#define INDEPENDENT_PROXY_SN "INDEPENDENT_PROXY" -#define INDEPENDENT_PROXY_LN "GSI independent proxy" - -/* generic policy language */ -#define GLOBUS_GSI_PROXY_GENERIC_POLICY_OID "1.3.6.1.4.1.3536.1.1.1.8" - -#define LIMITED_PROXY_OID "1.3.6.1.4.1.3536.1.1.1.9" -#define LIMITED_PROXY_SN "LIMITED_PROXY" -#define LIMITED_PROXY_LN "GSI limited proxy" - -#define PROXYCERTINFO_V3 "1.3.6.1.4.1.3536.1.222" -#define PROXYCERTINFO_V4 "1.3.6.1.5.5.7.1.14" - -/* error handling */ -#define ASN1_F_PROXYPOLICY_NEW 450 -#define ASN1_F_D2I_PROXYPOLICY 451 -#define ASN1_F_PROXYCERTINFO_NEW 430 -#define ASN1_F_D2I_PROXYCERTINFO 431 - -/* data structure */ - -typedef struct myPROXYPOLICY_st { - - ASN1_OBJECT * policy_language; - ASN1_OCTET_STRING * policy; - -} myPROXYPOLICY; - -typedef struct myPROXYCERTINFO_st { - - ASN1_INTEGER * path_length; - myPROXYPOLICY * proxypolicy; - int version; -} myPROXYCERTINFO; - - -/* myPROXYPOLICY function */ - -/* allocating and free memory */ -extern myPROXYPOLICY * myPROXYPOLICY_new(); -extern void myPROXYPOLICY_free(myPROXYPOLICY * proxypolicy); - -/* duplicate */ -extern myPROXYPOLICY * myPROXYPOLICY_dup(myPROXYPOLICY * policy); - -/* set policy language */ -extern int myPROXYPOLICY_set_policy_language(myPROXYPOLICY * policy, ASN1_OBJECT * policy_language); - -/* get policy language */ -extern ASN1_OBJECT * myPROXYPOLICY_get_policy_language(myPROXYPOLICY * policy); - -/* set policy contents */ -extern int myPROXYPOLICY_set_policy(myPROXYPOLICY * proxypolicy, unsigned char * policy, int length); - -/* get policy contents */ -extern unsigned char * myPROXYPOLICY_get_policy(myPROXYPOLICY * policy, int * length); - -/* internal to der conversion */ -extern int i2d_myPROXYPOLICY(myPROXYPOLICY * policy, unsigned char ** pp); - -/* der to internal conversion */ -extern myPROXYPOLICY * d2i_myPROXYPOLICY(myPROXYPOLICY ** policy, unsigned char ** pp, long length); - -/*myPROXYCERTINFO function */ - -/* allocating and free memory */ -extern myPROXYCERTINFO * myPROXYCERTINFO_new(); -extern void myPROXYCERTINFO_free(myPROXYCERTINFO * proxycertinfo); - -/* set path_length */ -extern int myPROXYCERTINFO_set_path_length(myPROXYCERTINFO * proxycertinfo, long path_length); - -/* get ptah length */ -extern long myPROXYCERTINFO_get_path_length(myPROXYCERTINFO * proxycertinfo); - -/* set proxypolicy */ -extern int myPROXYCERTINFO_set_proxypolicy(myPROXYCERTINFO * proxycertinfo, myPROXYPOLICY * proxypolicy); - -/* get proxypolicy */ -extern myPROXYPOLICY * myPROXYCERTINFO_get_proxypolicy(myPROXYCERTINFO * proxycertinfo); - -/* internal to der conversion */ -extern int i2d_myPROXYCERTINFO(myPROXYCERTINFO * proxycertinfo, unsigned char ** pp); - -/* der to internal conversion */ -extern myPROXYCERTINFO * d2i_myPROXYCERTINFO(myPROXYCERTINFO ** cert_info, unsigned char ** a, long length); - -extern int myPROXYCERTINFO_set_version(myPROXYCERTINFO *cert_info, int version); - -extern int proxynative(void); -extern void InitProxyCertInfoExtension(int full); - -#endif diff --git a/src/sslutils/myproxycertinfo.c b/src/sslutils/myproxycertinfo.c deleted file mode 100644 index 8f9f90de..00000000 --- a/src/sslutils/myproxycertinfo.c +++ /dev/null @@ -1,510 +0,0 @@ -/********************************************************************* - * - * Authors: Valerio Venturi - Valerio.Venturi@cnaf.infn.it - * Vincenzo Ciaschini - Vincenzo.Ciaschini@cnaf.infn.it - * - * Copyright (c) Members of the EGEE Collaboration. 2004-2010. - * See http://www.eu-egee.org/partners/ for details on the copyright holders. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * Parts of this code may be based upon or even include verbatim pieces, - * originally written by other people, in which case the original header - * follows. - * - *********************************************************************/ -#include "config.h" - -#include - -#include -#include -#include - -#include "myproxycertinfo.h" -#include "doio.h" - -/* myPROXYPOLICY function */ - -myPROXYPOLICY * myPROXYPOLICY_new() -{ - myPROXYPOLICY* ret = (myPROXYPOLICY*)OPENSSL_malloc(sizeof(myPROXYPOLICY)); - - if (ret) - { - ret->policy_language = OBJ_nid2obj(OBJ_sn2nid(IMPERSONATION_PROXY_SN)); - ret->policy = NULL; - } - - return ret; -} - -void myPROXYPOLICY_free(myPROXYPOLICY * policy) -{ - if(policy == NULL) return; - - ASN1_OBJECT_free(policy->policy_language); - ASN1_OCTET_STRING_free(policy->policy); - OPENSSL_free(policy); -} - -/* duplicate */ -myPROXYPOLICY * myPROXYPOLICY_dup(myPROXYPOLICY * policy) -{ -#ifdef TYPEDEF_I2D_OF - return ((myPROXYPOLICY *) ASN1_dup((i2d_of_void *)i2d_myPROXYPOLICY, - (d2i_of_void *)d2i_myPROXYPOLICY, - (char *)policy)); -#else - return ((myPROXYPOLICY *) ASN1_dup((int (*)())i2d_myPROXYPOLICY, - (char *(*)())d2i_myPROXYPOLICY, - (char *)policy)); -#endif -} - -/* set policy language */ -int myPROXYPOLICY_set_policy_language(myPROXYPOLICY * policy, ASN1_OBJECT * policy_language) -{ - if(policy_language != NULL) { - ASN1_OBJECT_free(policy->policy_language); - policy->policy_language = OBJ_dup(policy_language); - return 1; - } - - return 0; -} - -/* get policy language */ -ASN1_OBJECT * myPROXYPOLICY_get_policy_language(myPROXYPOLICY * policy) -{ - return policy->policy_language; -} - -/* set policy */ -int myPROXYPOLICY_set_policy(myPROXYPOLICY * proxypolicy, unsigned char * policy, int length) -{ - if(policy != NULL) { - /* if member policy of proxypolicy non set */ - if(!proxypolicy->policy) - proxypolicy->policy = ASN1_OCTET_STRING_new(); - - /* set member policy of proxypolicy */ - ASN1_OCTET_STRING_set(proxypolicy->policy, policy, length); - } - else - ASN1_OCTET_STRING_free(proxypolicy->policy); - - return 1; -} - -/* get policy */ -unsigned char * myPROXYPOLICY_get_policy(myPROXYPOLICY * proxypolicy, int * length) -{ - /* assure field policy is set */ - - if(proxypolicy->policy) { - *length = proxypolicy->policy->length; - - /* assure ASN1_OCTET_STRING is full */ - if (*length>0 && proxypolicy->policy->data) { - unsigned char * copy = malloc(*length); - memcpy(copy, proxypolicy->policy->data, *length); - return copy; - } - } - return NULL; -} - -/* internal to der conversion */ -int i2d_myPROXYPOLICY(myPROXYPOLICY * policy, unsigned char ** pp) -{ - M_ASN1_I2D_vars(policy); - - M_ASN1_I2D_len(policy->policy_language, i2d_ASN1_OBJECT); - - if(policy->policy) { - M_ASN1_I2D_len(policy->policy, i2d_ASN1_OCTET_STRING); - } - - M_ASN1_I2D_seq_total(); - M_ASN1_I2D_put(policy->policy_language, i2d_ASN1_OBJECT); - - if(policy->policy) { - M_ASN1_I2D_put(policy->policy, i2d_ASN1_OCTET_STRING); - } - - M_ASN1_I2D_finish(); -} - -myPROXYPOLICY * d2i_myPROXYPOLICY(myPROXYPOLICY ** a, unsigned char ** pp, long length) -{ - M_ASN1_D2I_vars(a, myPROXYPOLICY *, myPROXYPOLICY_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->policy_language, d2i_ASN1_OBJECT); - - /* need to try getting the policy using - * a) a call expecting no tags - * b) a call expecting tags - * one of which should succeed - */ - - M_ASN1_D2I_get_opt(ret->policy, - d2i_ASN1_OCTET_STRING, - V_ASN1_OCTET_STRING); - M_ASN1_D2I_get_IMP_opt(ret->policy, - d2i_ASN1_OCTET_STRING, - 0, - V_ASN1_OCTET_STRING); - M_ASN1_D2I_Finish(a, - myPROXYPOLICY_free, - ASN1_F_D2I_PROXYPOLICY); -} - - - -/* myPROXYCERTINFO function */ - -myPROXYCERTINFO * myPROXYCERTINFO_new() -{ - myPROXYCERTINFO * ret = NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret, myPROXYCERTINFO); - memset(ret, 0, sizeof(myPROXYCERTINFO)); - ret->path_length = NULL; - ret->proxypolicy = myPROXYPOLICY_new(); - return (ret); - M_ASN1_New_Error(ASN1_F_PROXYCERTINFO_NEW); -} - -void myPROXYCERTINFO_free(myPROXYCERTINFO * proxycertinfo) -{ - /* assure proxycertinfo not empty */ - if(proxycertinfo == NULL) return; - - ASN1_INTEGER_free(proxycertinfo->path_length); - myPROXYPOLICY_free(proxycertinfo->proxypolicy); - OPENSSL_free(proxycertinfo); -} - -/* set path_length */ -int myPROXYCERTINFO_set_path_length(myPROXYCERTINFO * proxycertinfo, long path_length) -{ - /* assure proxycertinfo is not empty */ - if(proxycertinfo != NULL) { - - if(path_length != -1) { - /* if member path_length is empty allocate memory then set */ - if(proxycertinfo->path_length == NULL) - proxycertinfo->path_length = ASN1_INTEGER_new(); - return ASN1_INTEGER_set(proxycertinfo->path_length, path_length); - } - else { - ASN1_INTEGER_free(proxycertinfo->path_length); - proxycertinfo->path_length = NULL; - } - - return 1; - } - - return 0; -} - -int myPROXYCERTINFO_set_version(myPROXYCERTINFO * proxycertinfo, int version) -{ - if (proxycertinfo != NULL) { - proxycertinfo->version = version; - return 1; - } - - return 0; -} - -int myPROXYCERTINFO_get_version(myPROXYCERTINFO * proxycertinfo) -{ - if (proxycertinfo) - return proxycertinfo->version; - return -1; -} - - -/* get path length */ -long myPROXYCERTINFO_get_path_length(myPROXYCERTINFO * proxycertinfo) -{ - if(proxycertinfo && proxycertinfo->path_length) - return ASN1_INTEGER_get(proxycertinfo->path_length); - else - return -1; -} - -/* set policy */ -int myPROXYCERTINFO_set_proxypolicy(myPROXYCERTINFO * proxycertinfo, myPROXYPOLICY * proxypolicy) -{ - myPROXYPOLICY_free(proxycertinfo->proxypolicy); - - if(proxypolicy != NULL) - proxycertinfo->proxypolicy = myPROXYPOLICY_dup(proxypolicy); - else - proxycertinfo->proxypolicy = NULL; - - return 1; -} - -/* get policy */ -myPROXYPOLICY * myPROXYCERTINFO_get_proxypolicy(myPROXYCERTINFO * proxycertinfo) -{ - if(proxycertinfo) - return proxycertinfo->proxypolicy; - - return NULL; -} - -/* internal to der conversion */ -static int i2d_myPROXYCERTINFO_v3(myPROXYCERTINFO * proxycertinfo, unsigned char ** pp) -{ - int v1; - - M_ASN1_I2D_vars(proxycertinfo); - - v1 = 0; - - M_ASN1_I2D_len(proxycertinfo->proxypolicy, i2d_myPROXYPOLICY); - - M_ASN1_I2D_len_EXP_opt(proxycertinfo->path_length,i2d_ASN1_INTEGER, 1, v1); - M_ASN1_I2D_seq_total(); - M_ASN1_I2D_put(proxycertinfo->proxypolicy, i2d_myPROXYPOLICY); - M_ASN1_I2D_put_EXP_opt(proxycertinfo->path_length, i2d_ASN1_INTEGER, 1, v1); - M_ASN1_I2D_finish(); -} - -static int i2d_myPROXYCERTINFO_v4(myPROXYCERTINFO * proxycertinfo, unsigned char ** pp) -{ - M_ASN1_I2D_vars(proxycertinfo); - - if(proxycertinfo->path_length) - { - M_ASN1_I2D_len(proxycertinfo->path_length, i2d_ASN1_INTEGER); - } - - M_ASN1_I2D_len(proxycertinfo->proxypolicy, i2d_myPROXYPOLICY); - - M_ASN1_I2D_seq_total(); - if(proxycertinfo->path_length) - { - M_ASN1_I2D_put(proxycertinfo->path_length, i2d_ASN1_INTEGER); - } - M_ASN1_I2D_put(proxycertinfo->proxypolicy, i2d_myPROXYPOLICY); - M_ASN1_I2D_finish(); -} - -int i2d_myPROXYCERTINFO(myPROXYCERTINFO * proxycertinfo, unsigned char ** pp) -{ - switch(proxycertinfo->version) { - case 3: - return i2d_myPROXYCERTINFO_v3(proxycertinfo, pp); - break; - - case 4: - return i2d_myPROXYCERTINFO_v4(proxycertinfo, pp); - break; - - default: - return -1; - break; - } -} - -static myPROXYCERTINFO * d2i_myPROXYCERTINFO_v3(myPROXYCERTINFO ** cert_info, unsigned char ** pp, long length) -{ - M_ASN1_D2I_vars(cert_info, myPROXYCERTINFO *, myPROXYCERTINFO_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - - M_ASN1_D2I_get((ret->proxypolicy), d2i_myPROXYPOLICY); - - M_ASN1_D2I_get_EXP_opt(ret->path_length, d2i_ASN1_INTEGER, 1); - - ret->version = 3; - M_ASN1_D2I_Finish(cert_info, myPROXYCERTINFO_free, ASN1_F_D2I_PROXYCERTINFO); -} - -static myPROXYCERTINFO * d2i_myPROXYCERTINFO_v4(myPROXYCERTINFO ** cert_info, unsigned char ** pp, long length) -{ - M_ASN1_D2I_vars(cert_info, myPROXYCERTINFO *, myPROXYCERTINFO_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - - M_ASN1_D2I_get_EXP_opt(ret->path_length, d2i_ASN1_INTEGER, 1); - - M_ASN1_D2I_get_opt(ret->path_length, d2i_ASN1_INTEGER, V_ASN1_INTEGER); - - M_ASN1_D2I_get((ret->proxypolicy),d2i_myPROXYPOLICY); - - ret->version = 4; - M_ASN1_D2I_Finish(cert_info, myPROXYCERTINFO_free, ASN1_F_D2I_PROXYCERTINFO); -} - -myPROXYCERTINFO * d2i_myPROXYCERTINFO(myPROXYCERTINFO ** cert_info, unsigned char ** pp, long length) -{ - myPROXYCERTINFO *info = d2i_myPROXYCERTINFO_v3(cert_info, pp, length); - if (!info) - info = d2i_myPROXYCERTINFO_v4(cert_info, pp, length); - return info; -} - - -static int nativeopenssl = 0; - -static char *norep() -{ - static char *buffer=""; - return buffer; -} - -static void *myproxycertinfo_s2i(UNUSED(struct v3_ext_method *method), UNUSED(struct v3_ext_ctx *ctx), UNUSED(char *data)) -{ - return (myPROXYCERTINFO*)data; -} - -static char *myproxycertinfo_i2s(UNUSED(struct v3_ext_method *method), void *ext) -{ - myPROXYCERTINFO *pci = NULL; - char *encoding = NULL; - char *output = NULL; - myPROXYPOLICY *pp; - int dooid = 0; - char oid[256]; - - pci = (myPROXYCERTINFO *)ext; - - if (!pci) - return norep(); - - if (pci->path_length) { - int j = ASN1_INTEGER_get(pci->path_length); - - char *buffer = snprintf_wrap("%X", j); - output = snprintf_wrap("Path Length Constraint: %s%s\n\n", strlen(buffer)%2 ? "0" : "", buffer); - free(buffer); - } - else - output = strdup("Path Length Constraint: unlimited\n"); - - pp = pci->proxypolicy; - - if (pp && i2t_ASN1_OBJECT(oid, 256, pp->policy_language)) { - dooid = 1; - } - - encoding = snprintf_wrap("%sPolicy Language: %s%s%s%s\n", - output, - ( dooid ? oid : ""), - ( (pp && pp->policy) ? "\nPolicy Text: " : ""), - ( (pp && pp->policy) ? (char*)ASN1_STRING_data(pp->policy) : ""), - ( (pp && pp->policy) ? "\n" : "")); - - free(output); - return encoding; -} - -void InitProxyCertInfoExtension(int full) -{ -#define PROXYCERTINFO_V3 "1.3.6.1.4.1.3536.1.222" -#define PROXYCERTINFO_V4 "1.3.6.1.5.5.7.1.14" -#define OBJC(c,n) OBJ_create(c,n,n) - - X509V3_EXT_METHOD *pcert; - static int set = 0; - ASN1_OBJECT *objv3; - ASN1_OBJECT *objv4; - - if (set) - return; - - set = 1; - - - objv3 = OBJ_txt2obj(PROXYCERTINFO_V3,1); - objv4 = OBJ_txt2obj(PROXYCERTINFO_V4,1); - - /* Proxy Certificate Extension's related objects */ - if (OBJ_obj2nid(objv3) == 0) { - ERR_clear_error(); - OBJC(PROXYCERTINFO_V3, "Proxy Certificate Information"); - if (full) { - pcert = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); - - if (pcert) { - memset(pcert, 0, sizeof(*pcert)); - pcert->ext_nid = OBJ_txt2nid(PROXYCERTINFO_V3); - pcert->ext_flags = 0; - pcert->ext_new = (X509V3_EXT_NEW) myPROXYCERTINFO_new; - pcert->ext_free = (X509V3_EXT_FREE)myPROXYCERTINFO_free; - pcert->d2i = (X509V3_EXT_D2I) d2i_myPROXYCERTINFO; - pcert->i2d = (X509V3_EXT_I2D) i2d_myPROXYCERTINFO; - pcert->i2s = (X509V3_EXT_I2S) myproxycertinfo_i2s; - pcert->s2i = (X509V3_EXT_S2I) myproxycertinfo_s2i; - pcert->v2i = (X509V3_EXT_V2I) NULL; - pcert->r2i = (X509V3_EXT_R2I) NULL; - pcert->i2v = (X509V3_EXT_I2V) NULL; - pcert->i2r = (X509V3_EXT_I2R) NULL; - - X509V3_EXT_add(pcert); - } - } - } - - if (OBJ_obj2nid(objv4) == 0) { - ERR_clear_error(); - OBJC(PROXYCERTINFO_V4, "Proxy Certificate Information"); - if (full) { - pcert = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)); - - if (pcert) { - memset(pcert, 0, sizeof(*pcert)); - pcert->ext_nid = OBJ_txt2nid(PROXYCERTINFO_V4); - pcert->ext_flags = 0; - pcert->ext_new = (X509V3_EXT_NEW) myPROXYCERTINFO_new; - pcert->ext_free = (X509V3_EXT_FREE)myPROXYCERTINFO_free; - pcert->d2i = (X509V3_EXT_D2I) d2i_myPROXYCERTINFO; - pcert->i2d = (X509V3_EXT_I2D) i2d_myPROXYCERTINFO; - pcert->i2s = (X509V3_EXT_I2S) myproxycertinfo_i2s; - pcert->s2i = (X509V3_EXT_S2I) myproxycertinfo_s2i; - pcert->v2i = (X509V3_EXT_V2I) NULL; - pcert->r2i = (X509V3_EXT_R2I) NULL; - pcert->i2v = (X509V3_EXT_I2V) NULL; - pcert->i2r = (X509V3_EXT_I2R) NULL; - - X509V3_EXT_add(pcert); - } - } - } - -#ifdef X509_V_FLAG_ALLOW_PROXY_CERTS - nativeopenssl = 1; -#endif - - ASN1_OBJECT_free(objv3); - ASN1_OBJECT_free(objv4); - - return; -} - -int proxynative(void) -{ - return nativeopenssl; -} From 5dbe645787c46773502ec11422f2442f1cf4d38d Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 24 May 2024 11:54:07 +0200 Subject: [PATCH 85/92] Fix typo in an error message --- m4/acinclude.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/m4/acinclude.m4 b/m4/acinclude.m4 index 001ff33f..dc18d215 100644 --- a/m4/acinclude.m4 +++ b/m4/acinclude.m4 @@ -40,7 +40,7 @@ AC_DEFUN([AC_BUILD_PARTS], case "$withval" in yes) build_clients="yes" ;; no) build_clients="no" ;; - *) AC_MSG_ERROR([bad value $withval for --with-client]) ;; + *) AC_MSG_ERROR([bad value $withval for --with-clients]) ;; esac ], [ build_clients="$build_all" ]) From 19a84d836bbbdc56c1d276e95a3d2d813663bc02 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 31 May 2024 12:18:57 +0200 Subject: [PATCH 86/92] Make EnvironmentFile optional in the systemd unit --- systemd/voms@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systemd/voms@.service b/systemd/voms@.service index e1383cbf..6e57a21a 100644 --- a/systemd/voms@.service +++ b/systemd/voms@.service @@ -3,7 +3,7 @@ Description=VOMS service for VO %i [Service] WorkingDirectory=/ -EnvironmentFile=/etc/sysconfig/voms +EnvironmentFile=-/etc/sysconfig/voms User=voms Type=forking ExecStart=/usr/sbin/voms --conf /etc/voms/%i/voms.conf From 30d6817e297f13c9a0014a32076425d814324865 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Thu, 13 Jun 2024 17:52:30 +0200 Subject: [PATCH 87/92] Return true/false from a function returning bool Return false in case the certificate is about to expire, causing the (only) caller to subsequently verify the proxy. --- src/client/vomsclient.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/client/vomsclient.cc b/src/client/vomsclient.cc index 893988f0..4c89017a 100644 --- a/src/client/vomsclient.cc +++ b/src/client/vomsclient.cc @@ -1049,7 +1049,7 @@ bool Client::Test() Print(WARN) << std::endl << "ERROR: Your certificate expired " << asctime(localtime(&time_after)) << std::endl; - return 2; + return true; } if (hours && time_diff < length) { @@ -1057,7 +1057,7 @@ bool Client::Test() << asctime(localtime(&time_after)) << "which is within the requested lifetime of the proxy" << std::endl; - return 1; + return false; } if (!quiet) { @@ -1068,7 +1068,7 @@ bool Client::Test() << asctime(localtime(&time_after_proxy)) << std::flush; } - return 0; + return false; } bool Client::AddToList(AC *ac) From a3eaa5cd020e87cc3d2179ae90187a84ee972cd3 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Thu, 13 Jun 2024 17:57:51 +0200 Subject: [PATCH 88/92] Fix how the read mode is specified to access The mode passed to access is an int and not a string, like in fopen. --- src/sslutils/sslutils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sslutils/sslutils.c b/src/sslutils/sslutils.c index 54e0f43a..931d1a38 100644 --- a/src/sslutils/sslutils.c +++ b/src/sslutils/sslutils.c @@ -519,7 +519,7 @@ ERR_load_prxyerr_strings( randfile = RAND_file_name(buffer,200); - if (randfile && access(randfile, "r") == 0) + if (randfile && access(randfile, R_OK) == 0) { RAND_load_file(randfile,1024L*1024L); } From 1f25a6d67b5aa29edabf3c55b2f375b1ec941ae7 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Thu, 13 Jun 2024 18:01:27 +0200 Subject: [PATCH 89/92] Simplify the production of the SSL error message Just rely on the canonical loop over the error stack, without special treatment for an expired certificate, which is caught somewhere else in any case. Be sure that the data added to an error is a text string before printing it. --- src/common/data.cc | 78 ++++++++++------------------------------------ 1 file changed, 16 insertions(+), 62 deletions(-) diff --git a/src/common/data.cc b/src/common/data.cc index 2b5cf1f4..494cc381 100644 --- a/src/common/data.cc +++ b/src/common/data.cc @@ -44,6 +44,7 @@ extern "C" { #include #include +#include /* * Function: @@ -144,71 +145,24 @@ stringify(int i, std::string &s) std::string OpenSSLError(bool debug) { - unsigned long l; - char buf[256]; -#if SSLEAY_VERSION_NUMBER >= 0x00904100L - const char *file; -#else - char *file; -#endif - char *dat; - int line; - - std::string outstring; - char *msgstring = NULL; - char *errstring = NULL; - - /* WIN32 does not have the ERR_get_error_line_data */ - /* exported, so simulate it till it is fixed */ - /* in SSLeay-0.9.0 */ - - while ( ERR_peek_error() != 0 ) { - - int i; - ERR_STATE *es; - - es = ERR_get_state(); - i = (es->bottom+1)%ERR_NUM_ERRORS; - - if (es->err_data[i] == NULL) - dat = strdup(""); - else - dat = strdup(es->err_data[i]); - - - if (dat) { - int code = 0; - - l = ERR_get_error_line(&file, &line); - code = ERR_GET_REASON(l); - - switch (code) { - case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED: - outstring += "Either proxy or user certificate are expired."; - break; - - default: - if (debug) { - std::string temp; - - outstring += std::string(ERR_error_string(l,buf)) + ":" + - file + ":" + stringify(line, temp) + dat + "\n"; - } - - msgstring = (char*)ERR_reason_error_string(l); - errstring = (char*)ERR_func_error_string(l); + std::ostringstream os; - if (msgstring) - outstring += std::string(msgstring) + std::string(dat ? dat : "") + - "\nFunction: " + std::string(errstring ? errstring : "") + "\n"; - break; - } - } - - free(dat); + char const *file; + int line; + char const *data; + int flags; + unsigned long code = ERR_get_error_line_data(&file, &line, &data, &flags); + while (code) + { + std::size_t const buf_size = 256; + char buf[buf_size]; + ERR_error_string_n(code, buf, buf_size); + os << buf << ':' << file << ':' + << line << ':' << (data && (flags & ERR_TXT_STRING) ? data : "") << '\n'; + code = ERR_get_error_line_data(&file, &line, &data, &flags); } - return outstring; + return os.str(); } static char *readfile(const char *file, int *size) From cd5c735199535b14a67f6c3ed365b2de9d227a59 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 14 Jun 2024 09:26:59 +0200 Subject: [PATCH 90/92] Remove commented out code The code mentions OpenSSL functions related to error management, which has changed in OpenSSL 3, deprecating old practices. --- testsuite/voms/voms/server.c | 3 --- testsuite/voms/voms/server2.c | 3 --- 2 files changed, 6 deletions(-) diff --git a/testsuite/voms/voms/server.c b/testsuite/voms/voms/server.c index 9281df28..928cb55c 100644 --- a/testsuite/voms/voms/server.c +++ b/testsuite/voms/voms/server.c @@ -164,11 +164,8 @@ int main(int argc, char *argv[]) // if (debug) fprintf(stdout, "%s:%s,%d,%s\n", ERR_error_string(l, buf), file, line, dat); - // error += std::string(ERR_reason_error_string(l)) + ":" + std::string(ERR_func_error_string(l)) + "\n"; } } -/* fprintf(stdout, "%s\n", */ -/* ERR_reason_error_string( ERR_get_error() )); */ fprintf(stdout, "ERROR\n"); exit(1); } diff --git a/testsuite/voms/voms/server2.c b/testsuite/voms/voms/server2.c index c80e3fdc..56ae592b 100644 --- a/testsuite/voms/voms/server2.c +++ b/testsuite/voms/voms/server2.c @@ -161,11 +161,8 @@ int main(int argc, char *argv[]) // if (debug) fprintf(stdout, "%s:%s,%d,%s\n", ERR_error_string(l, buf), file, line, dat); - // error += std::string(ERR_reason_error_string(l)) + ":" + std::string(ERR_func_error_string(l)) + "\n"; } } -/* fprintf(stdout, "%s\n", */ -/* ERR_reason_error_string( ERR_get_error() )); */ fprintf(stdout, "ERROR\n"); exit(1); } From 8866b953bd725adf7d5f55a4b9eaa765ff58e202 Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 14 Jun 2024 09:40:39 +0200 Subject: [PATCH 91/92] Ignore the function name in OpenSSL errors The use of the function name in errors has been abandoned in OpenSSL 3. Profit to replace the use of sprintf with snprintf. --- src/socklib/Server.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/socklib/Server.cpp b/src/socklib/Server.cpp index 0eb27ba6..21144776 100644 --- a/src/socklib/Server.cpp +++ b/src/socklib/Server.cpp @@ -719,7 +719,8 @@ void GSISocketServer::SetErrorOpenSSL(const std::string &err) while( ERR_peek_error() ){ - char error_msg_buf[512]; + std::size_t const error_msg_buf_size = 512; + char error_msg_buf[error_msg_buf_size]; const char *filename; int lineno; @@ -729,7 +730,6 @@ void GSISocketServer::SetErrorOpenSSL(const std::string &err) long error_code = ERR_get_error_line_data(&filename, &lineno, &data, &flags); const char *lib = ERR_lib_error_string(error_code); - const char *func = ERR_func_error_string(error_code); const char *error_reason = ERR_reason_error_string(error_code); if (lib == NULL) { @@ -741,11 +741,11 @@ void GSISocketServer::SetErrorOpenSSL(const std::string &err) } } - sprintf(error_msg_buf, - "%s %s [err:%lu,lib:%s,func:%s(file: %s+%d)]", + snprintf(error_msg_buf, error_msg_buf_size, + "%s %s [err:%lu,lib:%s,file:%s+%d]", (error_reason) ? error_reason : "", - (data) ? data : "", - error_code,lib,func,filename,lineno); + (data && (flags & ERR_TXT_STRING)) ? data : "", + error_code,lib,filename,lineno); openssl_errors.push_back(error_msg_buf); } From ac778b8bac75bca172d9e927f696998c4b9e004e Mon Sep 17 00:00:00 2001 From: Francesco Giacomini Date: Fri, 14 Jun 2024 15:18:19 +0200 Subject: [PATCH 92/92] Re-format the output of an SSL error message To be more compatible with how it was done before. --- src/common/data.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/common/data.cc b/src/common/data.cc index 494cc381..9941ff69 100644 --- a/src/common/data.cc +++ b/src/common/data.cc @@ -157,8 +157,8 @@ std::string OpenSSLError(bool debug) std::size_t const buf_size = 256; char buf[buf_size]; ERR_error_string_n(code, buf, buf_size); - os << buf << ':' << file << ':' - << line << ':' << (data && (flags & ERR_TXT_STRING) ? data : "") << '\n'; + os << file << ':' << line << ':' + << buf << (data && (flags & ERR_TXT_STRING) ? data : "") << '\n'; code = ERR_get_error_line_data(&file, &line, &data, &flags); }