[0001]
[0002]
[0003]
[0004]
[0005]
[0006]
[0007]
[0008]
[0009]
[0010]
[0011]
[0012]
[0013]
[0014]
[0015]
[0016]
[0017]
[0018]
[0019]
[0020]
[0021]
[0022]
[0023]
[0024]
[0025]
[0026]
[0027]
[0028]
[0029]
[0030]
[0031]
[0032]
[0033]
[0034]
[0035]
[0036]
[0037]
[0038]
[0039]
[0040]
[0041]
[0042]
[0043]
[0044]
[0045]
[0046]
[0047]
[0048]
[0049]
[0050]
[0051]
[0052]
[0053]
[0054]
[0055]
[0056]
[0057]
[0058]
[0059]
[0060]
[0061]
[0062]
[0063]
[0064]
[0065]
[0066]
[0067]
[0068]
[0069]
[0070]
[0071]
[0072]
[0073]
[0074]
[0075]
[0076]
[0077]
[0078]
[0079]
[0080]
[0081]
[0082]
[0083]
[0084]
[0085]
[0086]
[0087]
[0088]
[0089]
[0090]
[0091]
[0092]
[0093]
[0094]
[0095]
[0096]
[0097]
[0098]
[0099]
[0100]
[0101]
[0102]
[0103]
[0104]
[0105]
[0106]
[0107]
[0108]
[0109]
[0110]
[0111]
[0112]
[0113]
[0114]
[0115]
[0116]
[0117]
[0118]
[0119]
[0120]
[0121]
[0122]
[0123]
[0124]
[0125]
[0126]
[0127]
[0128]
[0129]
[0130]
[0131]
[0132]
[0133]
[0134]
[0135]
[0136]
[0137]
[0138]
[0139]
[0140]
[0141]
[0142]
[0143]
[0144]
[0145]
[0146]
[0147]
[0148]
[0149]
[0150]
[0151]
[0152]
[0153]
[0154]
[0155]
[0156]
[0157]
[0158]
[0159]
[0160]
[0161]
[0162]
[0163]
[0164]
[0165]
[0166]
[0167]
[0168]
[0169]
[0170]
[0171]
[0172]
[0173]
[0174]
[0175]
[0176]
[0177]
[0178]
[0179]
[0180]
[0181]
[0182]
[0183]
[0184]
[0185]
[0186]
[0187]
[0188]
[0189]
[0190]
[0191]
[0192]
[0193]
[0194]
[0195]
[0196]
[0197]
[0198]
[0199]
[0200]
[0201]
[0202]
[0203]
[0204]
[0205]
[0206]
[0207]
[0208]
[0209]
[0210]
[0211]
[0212]
[0213]
[0214]
[0215]
[0216]
[0217]
[0218]
[0219]
[0220]
[0221]
[0222]
[0223]
[0224]
[0225]
[0226]
[0227]
[0228]
[0229]
[0230]
[0231]
[0232]
[0233]
[0234]
[0235]
[0236]
[0237]
[0238]
[0239]
[0240]
[0241]
[0242]
[0243]
[0244]
[0245]
[0246]
[0247]
[0248]
[0249]
[0250]
[0251]
[0252]
[0253]
[0254]
[0255]
[0256]
[0257]
[0258]
[0259]
[0260]
[0261]
[0262]
[0263]
[0264]
[0265]
[0266]
[0267]
[0268]
[0269]
[0270]
[0271]
[0272]
[0273]
[0274]
[0275]
[0276]
[0277]
[0278]
[0279]
[0280]
[0281]
[0282]
[0283]
[0284]
[0285]
[0286]
[0287]
[0288]
[0289]
[0290]
[0291]
[0292]
[0293]
[0294]
[0295]
[0296]
[0297]
[0298]
[0299]
[0300]
[0301]
[0302]
[0303]
[0304]
[0305]
[0306]
[0307]
[0308]
[0309]
[0310]
[0311]
[0312]
[0313]
[0314]
[0315]
[0316]
[0317]
[0318]
[0319]
[0320]
[0321]
[0322]
[0323]
[0324]
[0325]
[0326]
[0327]
[0328]
[0329]
[0330]
[0331]
[0332]
[0333]
[0334]
[0335]
[0336]
[0337]
[0338]
[0339]
[0340]
[0341]
[0342]
[0343]
[0344]
[0345]
[0346]
[0347]
[0348]
[0349]
[0350]
[0351]
[0352]
[0353]
[0354]
[0355]
[0356]
[0357]
[0358]
[0359]
[0360]
[0361]
[0362]
[0363]
[0364]
[0365]
[0366]
[0367]
[0368]
[0369]
[0370]
[0371]
[0372]
[0373]
[0374]
[0375]
[0376]
[0377]
[0378]
[0379]
[0380]
[0381]
[0382]
[0383]
[0384]
[0385]
[0386]
[0387]
[0388]
[0389]
[0390]
[0391]
[0392]
[0393]
[0394]
[0395]
[0396]
[0397]
[0398]
[0399]
[0400]
[0401]
[0402]
[0403]
[0404]
[0405]
[0406]
[0407]
[0408]
[0409]
[0410]
[0411]
[0412]
[0413]
[0414]
[0415]
[0416]
[0417]
[0418]
[0419]
[0420]
[0421]
[0422]
[0423]
[0424]
[0425]
[0426]
[0427]
[0428]
[0429]
[0430]
[0431]
[0432]
[0433]
[0434]
[0435]
[0436]
[0437]
[0438]
[0439]
[0440]
[0441]
[0442]
[0443]
[0444]
[0445]
[0446]
[0447]
[0448]
[0449]
[0450]
[0451]
[0452]
[0453]
[0454]
[0455]
[0456]
[0457]
[0458]
[0459]
[0460]
[0461]
[0462]
[0463]
[0464]
[0465]
[0466]
[0467]
[0468]
[0469]
[0470]
[0471]
[0472]
[0473]
[0474]
[0475]
[0476]
[0477]
[0478]
[0479]
[0480]
[0481]
[0482]
[0483]
[0484]
[0485]
[0486]
[0487]
[0488]
[0489]
[0490]
[0491]
[0492]
[0493]
[0494]
[0495]
[0496]
[0497]
[0498]
[0499]
[0500]
[0501]
[0502]
[0503]
[0504]
[0505]
[0506]
[0507]
[0508]
[0509]
[0510]
[0511]
[0512]
[0513]
[0514]
[0515]
[0516]
[0517]
[0518]
[0519]
[0520]
[0521]
[0522]
[0523]
[0524]
[0525]
[0526]
[0527]
[0528]
[0529]
[0530]
[0531]
[0532]
[0533]
[0534]
[0535]
[0536]
[0537]
[0538]
[0539]
[0540]
[0541]
[0542]
[0543]
[0544]
[0545]
[0546]
[0547]
[0548]
[0549]
[0550]
[0551]
[0552]
[0553]
[0554]
[0555]
[0556]
[0557]
[0558]
[0559]
[0560]
[0561]
[0562]
[0563]
[0564]
[0565]
[0566]
[0567]
[0568]
[0569]
[0570]
[0571]
[0572]
[0573]
[0574]
[0575]
[0576]
[0577]
[0578]
[0579]
[0580]
[0581]
[0582]
[0583]
[0584]
[0585]
[0586]
[0587]
[0588]
[0589]
[0590]
[0591]
[0592]
[0593]
[0594]
[0595]
[0596]
[0597]
[0598]
[0599]
[0600]
[0601]
[0602]
[0603]
[0604]
[0605]
[0606]
[0607]
[0608]
[0609]
[0610]
[0611]
[0612]
[0613]
[0614]
[0615]
[0616]
[0617]
[0618]
[0619]
[0620]
[0621]
[0622]
[0623]
[0624]
[0625]
[0626]
[0627]
[0628]
[0629]
[0630]
[0631]
[0632]
[0633]
[0634]
[0635]
[0636]
[0637]
[0638]
[0639]
[0640]
[0641]
[0642]
[0643]
[0644]
[0645]
[0646]
[0647]
[0648]
[0649]
[0650]
[0651]
[0652]
[0653]
[0654]
[0655]
[0656]
[0657]
[0658]
[0659]
[0660]
[0661]
[0662]
[0663]
[0664]
[0665]
[0666]
[0667]
[0668]
[0669]
[0670]
[0671]
[0672]
[0673]
[0674]
[0675]
[0676]
[0677]
[0678]
[0679]
[0680]
[0681]
[0682]
[0683]
[0684]
[0685]
[0686]
[0687]
[0688]
[0689]
[0690]
[0691]
[0692]
[0693]
[0694]
[0695]
[0696]
[0697]
[0698]
[0699]
[0700]
[0701]
[0702]
[0703]
[0704]
[0705]
[0706]
[0707]
[0708]
[0709]
[0710]
[0711]
[0712]
[0713]
[0714]
[0715]
[0716]
[0717]
[0718]
[0719]
[0720]
[0721]
[0722]
[0723]
[0724]
[0725]
[0726]
[0727]
[0728]
[0729]
[0730]
[0731]
[0732]
[0733]
[0734]
[0735]
[0736]
[0737]
[0738]
[0739]
[0740]
[0741]
[0742]
[0743]
[0744]
[0745]
[0746]
[0747]
[0748]
[0749]
[0750]
[0751]
[0752]
[0753]
[0754]
[0755]
[0756]
[0757]
[0758]
[0759]
[0760]
[0761]
[0762]
[0763]
[0764]
[0765]
[0766]
[0767]
[0768]
[0769]
[0770]
[0771]
[0772]
[0773]
[0774]
[0775]
[0776]
[0777]
[0778]
[0779]
[0780]
[0781]
[0782]
[0783]
[0784]
[0785]
[0786]
[0787]
[0788]
[0789]
[0790]
[0791]
[0792]
[0793]
[0794]
[0795]
[0796]
[0797]
[0798]
[0799]
[0800]
[0801]
[0802]
[0803]
[0804]
[0805]
[0806]
[0807]
[0808]
[0809]
[0810]
[0811]
[0812]
[0813]
[0814]
[0815]
[0816]
[0817]
[0818]
[0819]
[0820]
[0821]
[0822]
[0823]
[0824]
[0825]
[0826]
[0827]
[0828]
[0829]
[0830]
[0831]
[0832]
[0833]
[0834]
[0835]
[0836]
[0837]
[0838]
[0839]
[0840]
[0841]
[0842]
[0843]
[0844]
[0845]
[0846]
[0847]
[0848]
[0849]
[0850]
[0851]
[0852]
[0853]
[0854]
[0855]
[0856]
[0857]
[0858]
[0859]
[0860]
[0861]
[0862]
[0863]
[0864]
[0865]
[0866]
[0867]
[0868]
[0869]
[0870]
[0871]
[0872]
[0873]
[0874]
[0875]
[0876]
[0877]
[0878]
[0879]
[0880]
[0881]
[0882]
[0883]
[0884]
[0885]
[0886]
[0887]
[0888]
[0889]
[0890]
[0891]
[0892]
[0893]
[0894]
[0895]
[0896]
[0897]
[0898]
[0899]
[0900]
[0901]
[0902]
[0903]
[0904]
[0905]
[0906]
[0907]
[0908]
[0909]
[0910]
[0911]
[0912]
[0913]
[0914]
[0915]
[0916]
[0917]
[0918]
[0919]
[0920]
[0921]
[0922]
[0923]
[0924]
[0925]
[0926]
[0927]
[0928]
[0929]
[0930]
[0931]
[0932]
[0933]
[0934]
[0935]
[0936]
[0937]
[0938]
[0939]
[0940]
[0941]
[0942]
[0943]
[0944]
[0945]
[0946]
[0947]
[0948]
[0949]
[0950]
[0951]
[0952]
[0953]
[0954]
[0955]
[0956]
[0957]
[0958]
[0959]
[0960]
[0961]
[0962]
[0963]
[0964]
[0965]
[0966]
[0967]
[0968]
[0969]
[0970]
[0971]
[0972]
[0973]
[0974]
[0975]
[0976]
[0977]
[0978]
[0979]
[0980]
[0981]
[0982]
[0983]
[0984]
[0985]
[0986]
[0987]
[0988]
[0989]
[0990]
[0991]
[0992]
[0993]
[0994]
[0995]
[0996]
[0997]
[0998]
[0999]
[1000]
[1001]
[1002]
[1003]
[1004]
[1005]
[1006]
[1007]
[1008]
[1009]
[1010]
[1011]
[1012]
[1013]
[1014]
[1015]
[1016]
[1017]
[1018]
[1019]
[1020]
[1021]
[1022]
[1023]
[1024]
[1025]
[1026]
[1027]
[1028]
[1029]
[1030]
[1031]
[1032]
[1033]
[1034]
[1035]
[1036]
[1037]
[1038]
[1039]
[1040]
[1041]
[1042]
[1043]
[1044]
[1045]
[1046]
[1047]
[1048]
[1049]
[1050]
[1051]
[1052]
[1053]
[1054]
[1055]
[1056]
[1057]
[1058]
[1059]
[1060]
[1061]
[1062]
[1063]
[1064]
[1065]
[1066]
[1067]
[1068]
[1069]
[1070]
[1071]
[1072]
[1073]
[1074]
[1075]
[1076]
[1077]
[1078]
[1079]
[1080]
[1081]
[1082]
[1083]
[1084]
[1085]
[1086]
[1087]
[1088]
[1089]
[1090]
[1091]
[1092]
[1093]
[1094]
[1095]
[1096]
[1097]
[1098]
[1099]
[1100]
[1101]
[1102]
[1103]
[1104]
[1105]
[1106]
[1107]
[1108]
[1109]
[1110]
[1111]
[1112]
[1113]
[1114]
[1115]
[1116]
[1117]
[1118]
[1119]
[1120]
[1121]
[1122]
[1123]
[1124]
[1125]
[1126]
[1127]
[1128]
[1129]
[1130]
[1131]
[1132]
[1133]
[1134]
[1135]
[1136]
[1137]
[1138]
[1139]
[1140]
[1141]
[1142]
[1143]
[1144]
[1145]
[1146]
[1147]
[1148]
[1149]
[1150]
[1151]
[1152]
[1153]
[1154]
[1155]
[1156]
[1157]
[1158]
[1159]
[1160]
[1161]
[1162]
[1163]
[1164]
[1165]
[1166]
[1167]
[1168]
[1169]
[1170]
[1171]
[1172]
[1173]
[1174]
[1175]
[1176]
[1177]
[1178]
[1179]
[1180]
[1181]
[1182]
[1183]
[1184]
[1185]
[1186]
[1187]
[1188]
[1189]
[1190]
[1191]
[1192]
[1193]
[1194]
[1195]
[1196]
[1197]
[1198]
[1199]
[1200]
[1201]
[1202]
[1203]
[1204]
[1205]
[1206]
[1207]
[1208]
[1209]
[1210]
[1211]
[1212]
[1213]
[1214]
[1215]
[1216]
[1217]
[1218]
[1219]
[1220]
[1221]
[1222]
[1223]
[1224]
[1225]
[1226]
[1227]
[1228]
[1229]
[1230]
[1231]
[1232]
[1233]
[1234]
[1235]
[1236]
[1237]
[1238]
[1239]
[1240]
[1241]
[1242]
[1243]
[1244]
[1245]
[1246]
[1247]
[1248]
[1249]
[1250]
[1251]
[1252]
[1253]
[1254]
[1255]
[1256]
[1257]
[1258]
[1259]
[1260]
[1261]
[1262]
[1263]
[1264]
[1265]
[1266]
[1267]
[1268]
[1269]
[1270]
[1271]
[1272]
[1273]
[1274]
[1275]
[1276]
[1277]
[1278]
[1279]
[1280]
[1281]
[1282]
[1283]
[1284]
[1285]
[1286]
[1287]
[1288]
[1289]
[1290]
[1291]
[1292]
[1293]
[1294]
[1295]
[1296]
[1297]
[1298]
[1299]
[1300]
[1301]
[1302]
[1303]
[1304]
[1305]
[1306]
[1307]
[1308]
[1309]
[1310]
[1311]
[1312]
[1313]
[1314]
[1315]
[1316]
[1317]
[1318]
[1319]
[1320]
[1321]
[1322]
[1323]
[1324]
[1325]
[1326]
[1327]
[1328]
[1329]
[1330]
[1331]
[1332]
[1333]
[1334]
[1335]
[1336]
[1337]
[1338]
[1339]
[1340]
[1341]
[1342]
[1343]
[1344]
[1345]
[1346]
[1347]
[1348]
[1349]
[1350]
[1351]
[1352]
[1353]
[1354]
[1355]
[1356]
[1357]
[1358]
[1359]
[1360]
[1361]
[1362]
[1363]
[1364]
[1365]
[1366]
[1367]
[1368]
[1369]
[1370]
[1371]
[1372]
[1373]
[1374]
[1375]
[1376]
[1377]
[1378]
[1379]
[1380]
[1381]
[1382]
[1383]
[1384]
[1385]
[1386]
[1387]
[1388]
[1389]
[1390]
[1391]
[1392]
[1393]
[1394]
[1395]
[1396]
[1397]
[1398]
[1399]
[1400]
[1401]
[1402]
[1403]
[1404]
[1405]
[1406]
[1407]
[1408]
[1409]
[1410]
[1411]
[1412]
[1413]
[1414]
[1415]
[1416]
[1417]
[1418]
[1419]
[1420]
[1421]
[1422]
[1423]
[1424]
[1425]
[1426]
[1427]
[1428]
[1429]
[1430]
[1431]
[1432]
[1433]
[1434]
[1435]
[1436]
[1437]
[1438]
[1439]
[1440]
[1441]
[1442]
[1443]
[1444]
[1445]
[1446]
[1447]
[1448]
[1449]
[1450]
[1451]
[1452]
[1453]
[1454]
[1455]
[1456]
[1457]
[1458]
[1459]
[1460]
[1461]
[1462]
[1463]
[1464]
[1465]
[1466]
[1467]
[1468]
[1469]
[1470]
[1471]
[1472]
[1473]
[1474]
[1475]
[1476]
[1477]
[1478]
[1479]
[1480]
[1481]
[1482]
[1483]
[1484]
[1485]
[1486]
[1487]
[1488]
[1489]
[1490]
[1491]
[1492]
[1493]
[1494]
[1495]
[1496]
[1497]
[1498]
[1499]
[1500]
[1501]
[1502]
[1503]
[1504]
[1505]
[1506]
[1507]
[1508]
[1509]
[1510]
[1511]
[1512]
[1513]
[1514]
[1515]
[1516]
[1517]
[1518]
[1519]
[1520]
[1521]
[1522]
[1523]
[1524]
[1525]
[1526]
[1527]
[1528]
[1529]
[1530]
[1531]
[1532]
[1533]
[1534]
[1535]
[1536]
[1537]
[1538]
[1539]
[1540]
[1541]
[1542]
[1543]
[1544]
[1545]
[1546]
[1547]
[1548]
[1549]
[1550]
[1551]
[1552]
[1553]
[1554]
[1555]
[1556]
[1557]
[1558]
[1559]
[1560]
[1561]
[1562]
[1563]
[1564]
[1565]
[1566]
[1567]
[1568]
[1569]
[1570]
[1571]
[1572]
[1573]
[1574]
[1575]
[1576]
[1577]
[1578]
[1579]
[1580]
[1581]
[1582]
[1583]
[1584]
[1585]
[1586]
[1587]
[1588]
[1589]
[1590]
[1591]
[1592]
[1593]
[1594]
[1595]
[1596]
[1597]
[1598]
[1599]
[1600]
[1601]
[1602]
[1603]
[1604]
[1605]
[1606]
[1607]
[1608]
[1609]
[1610]
[1611]
[1612]
[1613]
[1614]
[1615]
[1616]
[1617]
[1618]
[1619]
[1620]
[1621]
[1622]
[1623]
[1624]
[1625]
[1626]
[1627]
[1628]
[1629]
[1630]
[1631]
[1632]
[1633]
[1634]
[1635]
[1636]
[1637]
[1638]
[1639]
[1640]
[1641]
[1642]
[1643]
[1644]
[1645]
[1646]
[1647]
[1648]
[1649]
[1650]
[1651]
[1652]
[1653]
[1654]
[1655]
[1656]
[1657]
[1658]
[1659]
[1660]
[1661]
[1662]
[1663]
[1664]
[1665]
[1666]
[1667]
[1668]
[1669]
[1670]
[1671]
[1672]
[1673]
[1674]
[1675]
[1676]
[1677]
[1678]
[1679]
[1680]
[1681]
[1682]
[1683]
[1684]
[1685]
[1686]
[1687]
[1688]
[1689]
[1690]
[1691]
[1692]
[1693]
[1694]
[1695]
[1696]
[1697]
[1698]
[1699]
[1700]
[1701]
[1702]
[1703]
[1704]
[1705]
[1706]
[1707]
[1708]
[1709]
[1710]
[1711]
[1712]
[1713]
[1714]
[1715]
[1716]
[1717]
[1718]
[1719]
[1720]
[1721]
[1722]
[1723]
[1724]
[1725]
[1726]
[1727]
[1728]
[1729]
[1730]
[1731]
[1732]
[1733]
[1734]
[1735]
[1736]
[1737]
[1738]
[1739]
[1740]
[1741]
[1742]
[1743]
[1744]
[1745]
[1746]
[1747]
[1748]
[1749]
[1750]
[1751]
[1752]
[1753]
[1754]
[1755]
[1756]
[1757]
[1758]
[1759]
[1760]
[1761]
[1762]
[1763]
[1764]
[1765]
[1766]
[1767]
[1768]
[1769]
[1770]
[1771]
[1772]
[1773]
[1774]
[1775]
[1776]
[1777]
[1778]
[1779]
[1780]
[1781]
[1782]
[1783]
[1784]
[1785]
[1786]
[1787]
[1788]
[1789]
[1790]
[1791]
[1792]
[1793]
[1794]
[1795]
[1796]
[1797]
[1798]
[1799]
[1800]
[1801]
[1802]
[1803]
[1804]
[1805]
[1806]
[1807]
[1808]
[1809]
[1810]
[1811]
[1812]
[1813]
[1814]
[1815]
[1816]
[1817]
[1818]
[1819]
[1820]
[1821]
[1822]
[1823]
[1824]
[1825]
[1826]
[1827]
[1828]
[1829]
[1830]
[1831]
[1832]
[1833]
[1834]
[1835]
[1836]
[1837]
[1838]
[1839]
[1840]
[1841]
[1842]
[1843]
[1844]
[1845]
[1846]
[1847]
[1848]
[1849]
[1850]
[1851]
[1852]
[1853]
[1854]
[1855]
[1856]
[1857]
[1858]
[1859]
[1860]
[1861]
[1862]
[1863]
[1864]
[1865]
[1866]
[1867]
[1868]
[1869]
[1870]
[1871]
[1872]
[1873]
[1874]
[1875]
[1876]
[1877]
[1878]
[1879]
[1880]
[1881]
[1882]
[1883]
[1884]
[1885]
[1886]
[1887]
[1888]
[1889]
[1890]
[1891]
[1892]
[1893]
[1894]
[1895]
[1896]
[1897]
[1898]
[1899]
[1900]
[1901]
[1902]
[1903]
[1904]
[1905]
[1906]
[1907]
[1908]
[1909]
[1910]
[1911]
[1912]
[1913]
[1914]
[1915]
[1916]
[1917]
[1918]
[1919]
[1920]
[1921]
[1922]
[1923]
[1924]
[1925]
[1926]
[1927]
[1928]
[1929]
[1930]
[1931]
[1932]
[1933]
[1934]
[1935]
[1936]
[1937]
[1938]
[1939]
[1940]
[1941]
[1942]
[1943]
[1944]
[1945]
[1946]
[1947]
[1948]
[1949]
[1950]
[1951]
[1952]
[1953]
[1954]
[1955]
[1956]
[1957]
[1958]
[1959]
[1960]
[1961]
[1962]
[1963]
[1964]
[1965]
[1966]
[1967]
[1968]
[1969]
[1970]
[1971]
[1972]
[1973]
[1974]
[1975]
[1976]
[1977]
[1978]
[1979]
[1980]
[1981]
[1982]
[1983]
[1984]
[1985]
[1986]
[1987]
[1988]
[1989]
[1990]
[1991]
[1992]
[1993]
[1994]
[1995]
[1996]
[1997]
[1998]
[1999]
[2000]
[2001]
[2002]
[2003]
[2004]
[2005]
[2006]
[2007]
[2008]
[2009]
[2010]
[2011]
[2012]
[2013]
[2014]
[2015]
[2016]
[2017]
[2018]
[2019]
[2020]
[2021]
[2022]
[2023]
[2024]
[2025]
[2026]
[2027]
[2028]
[2029]
[2030]
[2031]
[2032]
[2033]
[2034]
[2035]
[2036]
[2037]
[2038]
[2039]
[2040]
[2041]
[2042]
[2043]
[2044]
[2045]
[2046]
[2047]
[2048]
[2049]
[2050]
[2051]
[2052]
[2053]
[2054]
[2055]
[2056]
[2057]
[2058]
[2059]
[2060]
[2061]
[2062]
[2063]
[2064]
[2065]
[2066]
[2067]
[2068]
[2069]
[2070]
[2071]
[2072]
[2073]
[2074]
[2075]
[2076]
[2077]
[2078]
[2079]
[2080]
[2081]
[2082]
[2083]
[2084]
[2085]
[2086]
[2087]
[2088]
[2089]
[2090]
[2091]
[2092]
[2093]
[2094]
[2095]
[2096]
[2097]
[2098]
[2099]
[2100]
[2101]
[2102]
[2103]
[2104]
[2105]
[2106]
[2107]
[2108]
[2109]
[2110]
[2111]
[2112]
[2113]
[2114]
[2115]
[2116]
[2117]
[2118]
[2119]
[2120]
[2121]
[2122]
[2123]
[2124]
[2125]
[2126]
[2127]
[2128]
[2129]
[2130]
[2131]
[2132]
[2133]
[2134]
[2135]
[2136]
[2137]
[2138]
[2139]
[2140]
[2141]
[2142]
[2143]
[2144]
[2145]
[2146]
[2147]
[2148]
[2149]
[2150]
[2151]
[2152]
[2153]
[2154]
[2155]
[2156]
[2157]
[2158]
[2159]
[2160]
[2161]
[2162]
[2163]
[2164]
[2165]
[2166]
[2167]
[2168]
[2169]
[2170]
[2171]
[2172]
[2173]
[2174]
[2175]
[2176]
[2177]
[2178]
[2179]
[2180]
[2181]
[2182]
[2183]
[2184]
[2185]
[2186]
[2187]
[2188]
[2189]
[2190]
[2191]
[2192]
[2193]
[2194]
[2195]
[2196]
[2197]
[2198]
[2199]
[2200]
[2201]
[2202]
[2203]
[2204]
[2205]
[2206]
[2207]
[2208]
[2209]
[2210]
[2211]
[2212]
[2213]
[2214]
[2215]
[2216]
[2217]
[2218]
[2219]
[2220]
[2221]
[2222]
[2223]
[2224]
[2225]
[2226]
[2227]
[2228]
[2229]
[2230]
[2231]
[2232]
[2233]
[2234]
[2235]
[2236]
[2237]
[2238]
[2239]
[2240]
[2241]
[2242]
[2243]
[2244]
[2245]
[2246]
[2247]
[2248]
[2249]
[2250]
[2251]
[2252]
[2253]
[2254]
[2255]
[2256]
[2257]
[2258]
[2259]
[2260]
[2261]
[2262]
[2263]
[2264]
[2265]
[2266]
[2267]
[2268]
[2269]
[2270]
[2271]
[2272]
[2273]
[2274]
[2275]
[2276]
[2277]
[2278]
[2279]
[2280]
[2281]
[2282]
[2283]
[2284]
[2285]
[2286]
[2287]
[2288]
[2289]
[2290]
[2291]
[2292]
[2293]
[2294]
[2295]
[2296]
[2297]
[2298]
[2299]
[2300]
[2301]
[2302]
[2303]
[2304]
[2305]
[2306]
[2307]
[2308]
[2309]
[2310]
[2311]
[2312]
[2313]
[2314]
[2315]
[2316]
[2317]
[2318]
[2319]
[2320]
[2321]
[2322]
[2323]
[2324]
[2325]
[2326]
[2327]
[2328]
[2329]
[2330]
[2331]
[2332]
[2333]
[2334]
[2335]
[2336]
[2337]
[2338]
[2339]
[2340]
[2341]
[2342]
[2343]
[2344]
[2345]
[2346]
[2347]
[2348]
[2349]
[2350]
[2351]
[2352]
[2353]
[2354]
[2355]
[2356]
[2357]
[2358]
[2359]
[2360]
[2361]
[2362]
[2363]
[2364]
[2365]
[2366]
[2367]
[2368]
[2369]
[2370]
[2371]
[2372]
[2373]
[2374]
[2375]
[2376]
[2377]
[2378]
[2379]
[2380]
[2381]
[2382]
[2383]
[2384]
[2385]
[2386]
[2387]
[2388]
[2389]
[2390]
[2391]
[2392]
[2393]
[2394]
[2395]
[2396]
[2397]
[2398]
[2399]
[2400]
[2401]
[2402]
[2403]
[2404]
[2405]
[2406]
[2407]
[2408]
[2409]
[2410]
[2411]
[2412]
[2413]
[2414]
[2415]
[2416]
[2417]
[2418]
[2419]
[2420]
[2421]
[2422]
[2423]
[2424]
[2425]
[2426]
[2427]
[2428]
[2429]
[2430]
[2431]
[2432]
[2433]
[2434]
[2435]
[2436]
[2437]
[2438]
[2439]
[2440]
[2441]
[2442]
[2443]
[2444]
[2445]
[2446]
[2447]
[2448]
[2449]
[2450]
[2451]
[2452]
[2453]
[2454]
[2455]
[2456]
[2457]
[2458]
[2459]
[2460]
[2461]
[2462]
[2463]
[2464]
[2465]
[2466]
[2467]
[2468]
[2469]
[2470]
[2471]
[2472]
[2473]
[2474]
[2475]
[2476]
[2477]
[2478]
[2479]
[2480]
[2481]
[2482]
[2483]
[2484]
[2485]
[2486]
[2487]
[2488]
[2489]
[2490]
[2491]
[2492]
[2493]
[2494]
[2495]
[2496]
[2497]
[2498]
[2499]
[2500]
[2501]
[2502]
[2503]
[2504]
[2505]
[2506]
[2507]
[2508]
[2509]
[2510]
[2511]
[2512]
[2513]
[2514]
[2515]
[2516]
[2517]
[2518]
[2519]
[2520]
[2521]
[2522]
[2523]
[2524]
[2525]
[2526]
[2527]
[2528]
[2529]
[2530]
[2531]
[2532]
[2533]
[2534]
[2535]
[2536]
[2537]
[2538]
[2539]
[2540]
[2541]
[2542]
[2543]
[2544]
[2545]
[2546]
[2547]
[2548]
[2549]
[2550]
[2551]
[2552]
[2553]
[2554]
[2555]
[2556]
[2557]
[2558]
[2559]
[2560]
[2561]
[2562]
[2563]
[2564]
[2565]
[2566]
[2567]
[2568]
[2569]
[2570]
[2571]
[2572]
[2573]
[2574]
[2575]
[2576]
[2577]
[2578]
[2579]
[2580]
[2581]
[2582]
[2583]
[2584]
[2585]
[2586]
[2587]
[2588]
[2589]
[2590]
[2591]
[2592]
[2593]
[2594]
[2595]
[2596]
[2597]
[2598]
[2599]
[2600]
[2601]
[2602]
[2603]
[2604]
[2605]
[2606]
[2607]
[2608]
[2609]
[2610]
[2611]
[2612]
[2613]
[2614]
[2615]
[2616]
[2617]
[2618]
[2619]
[2620]
[2621]
[2622]
[2623]
[2624]
[2625]
[2626]
[2627]
[2628]
[2629]
[2630]
[2631]
[2632]
[2633]
[2634]
[2635]
[2636]
[2637]
[2638]
[2639]
[2640]
[2641]
[2642]
[2643]
[2644]
[2645]
[2646]
[2647]
[2648]
[2649]
[2650]
[2651]
[2652]
[2653]
[2654]
[2655]
[2656]
[2657]
[2658]
[2659]
[2660]
[2661]
[2662]
[2663]
[2664]
[2665]
[2666]
[2667]
[2668]
[2669]
[2670]
[2671]
[2672]
[2673]
[2674]
[2675]
[2676]
[2677]
[2678]
[2679]
[2680]
[2681]
[2682]
[2683]
[2684]
[2685]
[2686]
[2687]
[2688]
[2689]
[2690]
[2691]
[2692]
[2693]
[2694]
[2695]
[2696]
[2697]
[2698]
[2699]
[2700]
[2701]
[2702]
[2703]
[2704]
[2705]
[2706]
[2707]
[2708]
[2709]
[2710]
[2711]
[2712]
[2713]
[2714]
[2715]
[2716]
[2717]
[2718]
[2719]
[2720]
[2721]
[2722]
[2723]
[2724]
[2725]
[2726]
[2727]
[2728]
[2729]
[2730]
[2731]
[2732]
[2733]
[2734]
[2735]
[2736]
[2737]
[2738]
[2739]
[2740]
[2741]
[2742]
[2743]
[2744]
[2745]
[2746]
[2747]
[2748]
[2749]
[2750]
[2751]
[2752]
[2753]
[2754]
[2755]
[2756]
[2757]
[2758]
[2759]
[2760]
[2761]
[2762]
[2763]
[2764]
[2765]
[2766]
[2767]
[2768]
[2769]
[2770]
[2771]
[2772]
[2773]
[2774]
[2775]
[2776]
[2777]
[2778]
[2779]
[2780]
[2781]
[2782]
[2783]
[2784]
[2785]
[2786]
[2787]
[2788]
[2789]
[2790]
[2791]
[2792]
[2793]
[2794]
[2795]
[2796]
[2797]
[2798]
[2799]
[2800]
[2801]
[2802]
[2803]
[2804]
[2805]
[2806]
[2807]
[2808]
[2809]
[2810]
[2811]
[2812]
[2813]
[2814]
[2815]
[2816]
[2817]
[2818]
[2819]
[2820]
[2821]
[2822]
[2823]
[2824]
[2825]
[2826]
[2827]
[2828]
[2829]
[2830]
[2831]
[2832]
[2833]
[2834]
[2835]
[2836]
[2837]
[2838]
[2839]
[2840]
[2841]
[2842]
[2843]
[2844]
[2845]
[2846]
[2847]
[2848]
[2849]
[2850]
[2851]
[2852]
[2853]
[2854]
[2855]
[2856]
[2857]
[2858]
[2859]
[2860]
[2861]
[2862]
[2863]
[2864]
[2865]
[2866]
[2867]
[2868]
[2869]
[2870]
[2871]
[2872]
[2873]
[2874]
[2875]
[2876]
[2877]
[2878]
[2879]
[2880]
[2881]
[2882]
[2883]
[2884]
[2885]
[2886]
[2887]
[2888]
[2889]
[2890]
[2891]
[2892]
[2893]
[2894]
[2895]
[2896]
[2897]
[2898]
[2899]
[2900]
[2901]
[2902]
[2903]
[2904]
[2905]
[2906]
[2907]
[2908]
[2909]
[2910]
[2911]
[2912]
[2913]
[2914]
[2915]
[2916]
[2917]
[2918]
[2919]
[2920]
[2921]
[2922]
[2923]
[2924]
[2925]
[2926]
[2927]
[2928]
[2929]
[2930]
[2931]
[2932]
[2933]
[2934]
[2935]
[2936]
[2937]
[2938]
[2939]
[2940]
[2941]
[2942]
[2943]
[2944]
[2945]
[2946]
[2947]
[2948]
[2949]
[2950]
[2951]
[2952]
[2953]
[2954]
[2955]
[2956]
[2957]
[2958]
[2959]
[2960]
[2961]
[2962]
[2963]
[2964]
[2965]
[2966]
[2967]
[2968]
[2969]
[2970]
[2971]
[2972]
[2973]
[2974]
[2975]
[2976]
[2977]
[2978]
[2979]
[2980]
[2981]
[2982]
[2983]
[2984]
[2985]
[2986]
[2987]
[2988]
[2989]
[2990]
[2991]
[2992]
[2993]
[2994]
[2995]
[2996]
[2997]
[2998]
[2999]
[3000]
[3001]
[3002]
[3003]
[3004]
[3005]
[3006]
[3007]
[3008]
[3009]
[3010]
[3011]
[3012]
[3013]
[3014]
[3015]
[3016]
[3017]
[3018]
[3019]
[3020]
[3021]
[3022]
[3023]
[3024]
[3025]
[3026]
[3027]
[3028]
[3029]
[3030]
[3031]
[3032]
[3033]
[3034]
[3035]
[3036]
[3037]
[3038]
[3039]
[3040]
[3041]
[3042]
[3043]
[3044]
[3045]
[3046]
[3047]
[3048]
[3049]
[3050]
[3051]
[3052]
[3053]
[3054]
[3055]
[3056]
[3057]
[3058]
[3059]
[3060]
[3061]
[3062]
[3063]
[3064]
[3065]
[3066]
[3067]
[3068]
[3069]
[3070]
[3071]
[3072]
[3073]
[3074]
[3075]
[3076]
[3077]
[3078]
[3079]
[3080]
[3081]
[3082]
[3083]
[3084]
[3085]
[3086]
[3087]
[3088]
[3089]
[3090]
[3091]
[3092]
[3093]
[3094]
[3095]
[3096]
[3097]
[3098]
[3099]
[3100]
[3101]
[3102]
[3103]
[3104]
[3105]
[3106]
[3107]
[3108]
[3109]
[3110]
[3111]
[3112]
[3113]
[3114]
[3115]
[3116]
[3117]
[3118]
[3119]
[3120]
[3121]
[3122]
[3123]
[3124]
[3125]
[3126]
[3127]
[3128]
[3129]
[3130]
[3131]
[3132]
[3133]
[3134]
[3135]
[3136]
[3137]
[3138]
[3139]
[3140]
[3141]
[3142]
[3143]
[3144]
[3145]
[3146]
[3147]
[3148]
[3149]
[3150]
[3151]
[3152]
[3153]
[3154]
[3155]
[3156]
[3157]
[3158]
[3159]
[3160]
[3161]
[3162]
[3163]
[3164]
[3165]
[3166]
[3167]
[3168]
[3169]
[3170]
[3171]
[3172]
[3173]
[3174]
[3175]
[3176]
[3177]
[3178]
[3179]
[3180]
[3181]
[3182]
[3183]
[3184]
[3185]
[3186]
[3187]
[3188]
[3189]
[3190]
[3191]
[3192]
[3193]
[3194]
[3195]
[3196]
[3197]
[3198]
[3199]
[3200]
[3201]
[3202]
[3203]
[3204]
[3205]
[3206]
[3207]
[3208]
[3209]
[3210]
[3211]
[3212]
[3213]
[3214]
[3215]
[3216]
[3217]
[3218]
[3219]
[3220]
[3221]
[3222]
[3223]
[3224]
[3225]
[3226]
[3227]
[3228]
[3229]
[3230]
[3231]
[3232]
[3233]
[3234]
[3235]
[3236]
[3237]
[3238]
[3239]
[3240]
[3241]
[3242]
[3243]
[3244]
[3245]
[3246]
[3247]
[3248]
[3249]
[3250]
[3251]
[3252]
[3253]
[3254]
[3255]
[3256]
[3257]
[3258]
[3259]
[3260]
[3261]
[3262]
[3263]
[3264]
[3265]
[3266]
[3267]
[3268]
[3269]
[3270]
[3271]
[3272]
[3273]
[3274]
[3275]
[3276]
[3277]
[3278]
[3279]
[3280]
[3281]
[3282]
[3283]
[3284]
[3285]
[3286]
[3287]
[3288]
[3289]
[3290]
[3291]
[3292]
[3293]
[3294]
[3295]
[3296]
[3297]
[3298]
[3299]
[3300]
[3301]
[3302]
[3303]
[3304]
[3305]
[3306]
[3307]
[3308]
[3309]
[3310]
[3311]
[3312]
[3313]
[3314]
[3315]
[3316]
[3317]
[3318]
[3319]
[3320]
[3321]
[3322]
[3323]
[3324]
[3325]
[3326]
[3327]
[3328]
[3329]
[3330]
[3331]
[3332]
[3333]
[3334]
[3335]
[3336]
[3337]
[3338]
[3339]
[3340]
[3341]
[3342]
[3343]
[3344]
[3345]
[3346]
[3347]
[3348]
[3349]
[3350]
[3351]
[3352]
[3353]
[3354]
[3355]
[3356]
[3357]
[3358]
[3359]
[3360]
[3361]
[3362]
[3363]
[3364]
[3365]
[3366]
[3367]
[3368]
[3369]
[3370]
[3371]
[3372]
[3373]
[3374]
[3375]
[3376]
[3377]
[3378]
[3379]
[3380]
[3381]
[3382]
[3383]
[3384]
[3385]
[3386]
[3387]
[3388]
[3389]
[3390]
[3391]
[3392]
[3393]
[3394]
[3395]
[3396]
[3397]
[3398]
[3399]
[3400]
[3401]
[3402]
[3403]
[3404]
[3405]
[3406]
[3407]
[3408]
[3409]
[3410]
[3411]
[3412]
[3413]
[3414]
[3415]
[3416]
[3417]
[3418]
[3419]
[3420]
[3421]
[3422]
[3423]
[3424]
[3425]
[3426]
[3427]
[3428]
[3429]
[3430]
[3431]
[3432]
[3433]
[3434]
[3435]
[3436]
[3437]
[3438]
[3439]
[3440]
[3441]
[3442]
[3443]
[3444]
[3445]
[3446]
[3447]
[3448]
[3449]
[3450]
[3451]
[3452]
[3453]
[3454]
[3455]
[3456]
[3457]
[3458]
[3459]
[3460]
[3461]
[3462]
[3463]
[3464]
[3465]
[3466]
[3467]
[3468]
[3469]
/*****************************************************************************/
/*
AuthConfig.c
THE GNU GENERAL PUBLIC LICENSE APPLIES DOUBLY TO ANYTHING TO DO WITH
AUTHENTICATION AND AUTHORIZATION!
This package is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License, or any later
version.
> This package is distributed in the hope that it will be useful,
> but WITHOUT ANY WARRANTY; without even the implied warranty of
> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
This module handles authentication/authorization configuration. It reads
configuration files, creates the configuration database (linked list), checking
paths against that database, and reports surrounding it.
See AUTH.C for overall detail on the WASD authorization environment.
VERSION HISTORY
---------------
13-SEP-2013 MGD bugfix; AuthConfigLoadCallBack() additional [AuthProxy]
with intervening rules should reset proxies
05-MAY-2013 MGD read-only group can be specified as "*" for everyone else
09-SEP-2012 MGD TOKEN authentication
18-JUL-2010 MGD Uni Malaga pushes report items from !3ZL to !4ZL :-)
07-JUN-2009 MGD AuthConfigInit() move WASD_NO_ACME to LNM$FILE_DEV
19-APR-2008 MGD logical name WASD_NO_SYSUAF_ACME disables SYSUAF via ACME
logical name WASD_NO_ACME disables ACME altogether
24-NOV-2007 MGD add AGENT+OPAQUE
add 'PathLocationPtr' datum
force ACME on VMS V7.3 and later
AuthConfigLoadCallBack() do not lower-case path
12-JUL-2006 MGD increase AUTH_MAX_PATH_PARAM_LENGTH from 127 to 255
(initially prompted by development of AUTHAGENT_LDAP)
add '+=' to realm default syntax to cause realm default
to be concatenated to any path access directives
bugfix; propagate 'RealmCanString' by making it static
28-MAR-2006 MGD note in boolean 'AuthRealmX509' if X509 realm in use
08-OCT-2005 MGD bugfix; AuthConfigProxyMap() set cache record SYSUAF
authentication boolean in tandem with request boolean
18-MAR-2004 MGD ACME authentication
01-SEP-2003 MGD path 'final' keyword to conclude further rule mapping,
refine category WATCH rule reporting
26-AUG-2003 MGD service directory located databases
18-JUN-2003 MGD restore pre-v8.3 /SYSUAF behaviour
15-MAY-2003 MGD break-in parameters (default to LGI sysgen parameters)
05-MAY-2003 MGD regular expression support
03-MAY-2003 MGD /SYSUAF=(VMS,ID) allows both VMS and ID authorization
(rules with =VMS and =ID can be concurrently deployed)
26-MAR-2003 MGD refine rule failure handling and reporting
15-MAR-2003 MGD script as SYSUAF username can be requested with rule
30-JAN-2003 MGD authentication profile can be requested with rule
07-DEC-2002 MGD skeleton key for admin menu
12-OCT-2002 MGD refine metacon reporting
08-APR-2002 MGD bugfix; AuthConfigProxyMap() wildcard string results
02-MAR-2002 MGD bugfix; identify host group without "=host"
14-OCT-2001 MGD meta-config
04-AUG-2001 MGD support module WATCHing
28-APR-2001 MGD proxy syntax changed from LOCAL=REMOTE to REMOTE=LOCAL
25-APR-2001 MGD bugfix; proxy processing (bit brain-dead in spots!)
13-APR-2001 MGD bugfix; conditions for NetThisVirtualService() call
11-MAR-2001 MGD bugfix; add CONNECT method to access controls
28-FEB-2001 MGD OdsLoadTextFile(), OdsParseTextFile(), [IncludeFile]
13-FEB-2001 MGD authentication via "identification protocol" RFC1413,
proxy processing (as if authenticated via the SYSUAF)
10-DEC-2000 MGD X509 (Client Certificate) realm
02-OCT-2000 MGD flush the persona cache when (re)loading
01-SEP-2000 MGD AuthConfigSearch() passed the path as a parameter
13-AUG-2000 MGD bugfix; AuthConfigSearch() quick index
06-MAY-2000 MGD proxy authorization requires changes to path searching
18-MAR-2000 MGD bugfix; lexicographic cut-off point
16-MAR-2000 MGD bugfix; AuthSearchConfig() removed '.' (?!) from match code
04-MAR-2000 MGD use FaolToNet(), et.al.
02-JAN-2000 MGD config file opened via ODS module
20-NOV-1999 MGD add nil-access identifier to bypass hour restrictions
28-AUG-1999 MGD unbundled from AUTH.C for v6.1
*/
/*****************************************************************************/
#ifdef WASD_VMS_V7
#undef _VMS__V6__SOURCE
#define _VMS__V6__SOURCE
#undef __VMS_VER
#define __VMS_VER 70000000
#undef __CRTL_VER
#define __CRTL_VER 70000000
#endif
/* standard C header files */
#include <ctype.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <stdarg.h>
/* VMS related header files */
#include <descrip.h>
#include <ssdef.h>
#include <stsdef.h>
#include <syidef.h>
/* application related header files */
#include "wasd.h"
#define WASD_MODULE "AUTHCONFIG"
#if WATCH_MOD
#define FI_NOLI WASD_MODULE, __LINE__
#else
/* in production let's keep the exact line to ourselves! */
#define FI_NOLI WASD_MODULE, 0
#endif
/******************/
/* global storage */
/******************/
BOOL AuthorizationEnabled,
AuthConfigACME,
AuthConfigSysUafUseACME,
AuthFatalProblem,
AuthNilAccessExists,
AuthPolicyAuthorizedOnly,
AuthPolicySysUafRelaxed,
AuthPolicySslOnly,
AuthPolicySysUafIdentifiers,
AuthPolicySysUafProxy,
AuthPolicySysUafSslOnly,
AuthPolicySysUafVms,
AuthPolicySysUafWasdIdentifiers,
AuthPromiscuous,
AuthProtectRule,
AuthRealmToken,
AuthRealmX509,
AuthSysUafEnabled,
AuthSysUafPromiscuous,
AuthVmsUserProfileEnabled,
AuthVmsUserProfileNoRule;
int AuthFailureLimit,
AuthFailurePeriodSeconds,
AuthFailureTimeoutSeconds;
unsigned long AuthHttpsOnlyVmsIdentifier,
AuthNilAccessVmsIdentifier,
AuthPasswordChangeVmsIdentifier,
AuthProxyAccessVmsIdentifier,
AuthWasdPwdVmsIdentifier,
AuthWasdHttpsVmsIdentifier,
AuthWasdReadVmsIdentifier,
AuthWasdWriteVmsIdentifier;
char *AuthConfigHtaDirectory,
*AuthPromiscuousPwdPtr;
AUTH_CONFIG_META AuthMeta;
AUTH_CONFIG_META *AuthMetaPtr;
/********************/
/* external storage */
/********************/
extern BOOL AuthAcmeLinked;
extern int EfnWait,
ServerPort;
extern int ToLowerCase[],
ToUpperCase[];
extern char ErrorSanityCheck[],
SoftwareID[];
extern ACCOUNTING_STRUCT *AccountingPtr;
extern CONFIG_STRUCT Config;
extern HTTPD_GBLSEC *HttpdGblSecPtr;
extern META_CONFIG *MetaGlobalAuthPtr;
extern MSG_STRUCT Msgs;
extern SYS_INFO SysInfo;
extern WATCH_STRUCT Watch;
/*****************************************************************************/
/*
Initialize the authentication/authorization environment. Is used at server
startup and when the authorization configuration is reloaded.
*/
AuthConfigInit ()
{
static unsigned long LgiBrkTmo,
LgiBrkLim,
LgiHidTim;
static VMS_ITEM_LIST3 SyiItem [] =
{
{ sizeof(LgiBrkTmo), SYI$_LGI_BRK_TMO, &LgiBrkTmo, 0 },
{ sizeof(LgiBrkLim), SYI$_LGI_BRK_LIM, &LgiBrkLim, 0 },
{ sizeof(LgiHidTim), SYI$_LGI_HID_TIM, &LgiHidTim, 0 },
{ 0,0,0,0 }
};
int status;
IO_SB IOsb;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "AuthConfigInit()");
/* if ACME available and linked into this image */
if (SysInfo.VersionInteger >= 730 && AuthAcmeLinked)
{
/* provide ACME on capable systems unless development logical defined */
if (!SysTrnLnm (WASD_NO_ACME)) AuthConfigACME = true;
}
if (AuthConfigACME)
{
/* allow mandatory SYSUAF authentication using ACME to be disabled */
if (!SysTrnLnm (WASD_NO_SYSUAF_ACME)) AuthConfigSysUafUseACME = true;
}
MetaConUnload (&MetaGlobalAuthPtr, NULL);
AuthConfigLoad (&MetaGlobalAuthPtr);
AuthConfigHtaDirectory = v10orPrev10 (HTA_DIRECTORY,-1);
status = sys$getsyiw (EfnWait, 0, 0, &SyiItem, &IOsb, 0, 0);
if (VMSok (status)) status = IOsb.Status;
if (VMSnok (status)) ErrorExitVmsStatus (status, NULL, FI_LI);
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "LGI !UL !UL !UL",
LgiBrkTmo, LgiBrkLim, LgiHidTim);
if (Config.cfAuth.FailureLimit)
AuthFailureLimit = Config.cfAuth.FailureLimit;
else
AuthFailureLimit = LgiBrkLim;
if (Config.cfAuth.FailurePeriodSeconds)
AuthFailurePeriodSeconds = Config.cfAuth.FailurePeriodSeconds;
else
AuthFailurePeriodSeconds = LgiBrkTmo;
if (Config.cfAuth.FailureTimeoutSeconds)
AuthFailureTimeoutSeconds = Config.cfAuth.FailureTimeoutSeconds;
else
AuthFailureTimeoutSeconds = LgiHidTim;
}
/*****************************************************************************/
/*
Load authorization rules into meta-config structure.
*/
int AuthConfigLoad (META_CONFIG **MetaConPtrPtr)
{
int status;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "AuthConfigLoad()");
status = MetaConLoad (MetaConPtrPtr,
v10orPrev10(CONFIG_AUTH_FILE_NAME,
CONFIG_AUTH_FILE_NAME),
&AuthConfigLoadCallBack, true, true);
if (*MetaConPtrPtr == MetaGlobalAuthPtr)
{
/* server startup/reload */
MetaConStartupReport (MetaGlobalAuthPtr, "AUTH");
if (VMSnok (status)) exit (status);
}
return (status);
}
/*****************************************************************************/
/*
Called by MetaConUnload() to free resources allocated during authorization
configuration.
*/
AuthConfigUnload (META_CONFIG *mcptr)
{
int status;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "AuthConfigUnload()");
if (mcptr->AuthMetaPtr)
{
if (mcptr->AuthMetaPtr == AuthMetaPtr)
{
memset (AuthMetaPtr, 0, sizeof(AUTH_CONFIG_META));
AuthMetaPtr = NULL;
}
else
VmFree (mcptr->AuthMetaPtr, FI_LI);
mcptr->AuthMetaPtr = NULL;
}
}
/*****************************************************************************/
/*
Called by MetaConUnload() callback for each line's associated data, basically
to check for a regular expression structure and free it if present, then just
dispose of the line data itself.
*/
AuthConfigUnloadLineData (void *LineDataPtr)
{
int status;
AUTH_PATH *apptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH,
"AuthConfigUnloadLineData()");
apptr = (AUTH_PATH*)LineDataPtr;
if (apptr->RegexPregPath.buffer) regfree (&apptr->RegexPregPath);
VmFree (apptr, FI_LI);
}
/*****************************************************************************/
/*
For each non-meta-config directive line read by MetaConLoad() this function is
called to parse the line text's contents and to configure the private data
structure associated with each rule.
*/
BOOL AuthConfigLoadCallBack (META_CONFIG *mcptr)
{
static char ProblemOverflow [] = "Storage overflow",
ProblemProxyFile [] = "Error opening proxy file";
int status;
char *cptr, *sptr, *zptr;
char Scratch [256],
StringBuffer [1024];
AUTH_CONFIG_META *acptr;
METACON_LINE *mclptr;
ODS_STRUCT ProxyFileOds;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
{
WatchThis (WATCHALL, WATCH_MOD_AUTH,
"AuthConfigLoadCallBack() !&F !&X",
&AuthConfigLoadCallBack, mcptr);
if (WATCH_MODULE(WATCH_MOD__DETAIL))
{
mclptr = mcptr->ParsePtr;
WatchDataFormatted ("!&X !UL !UL !UL !UL !&X !&Z !&Z\n",
mclptr, mclptr->Size, mclptr->Token, mclptr->Number,
mclptr->Length, mclptr->LineDataPtr, mclptr->TextPtr,
mclptr->InlineTextPtr);
}
}
/* get a pointer to the current "line" */
mclptr = mcptr->ParsePtr;
/* if this is during server startup/reload set the global service pointer */
if (mcptr == MetaGlobalAuthPtr)
acptr = mcptr->AuthMetaPtr = AuthMetaPtr = &AuthMeta;
else
/* if a report then conjure one up by divine fiat */
if (!mcptr->AuthMetaPtr)
acptr = mcptr->AuthMetaPtr = VmGet (sizeof(AUTH_CONFIG_META));
else
/* not the first time through */
acptr = mcptr->AuthMetaPtr;
if (mclptr->Token == METACON_TOKEN_PRE)
{
/******************/
/* pre-initialize */
/******************/
AuthConfigProxy (NULL, NULL);
AuthConfigLine (NULL, NULL);
/* if global service pointer, during server startup or reload */
if (mcptr == MetaGlobalAuthPtr)
memset (acptr, 0, sizeof(AUTH_CONFIG_META));
return (true);
}
if (mclptr->Token == METACON_TOKEN_POST)
{
/****************/
/* post-process */
/****************/
AuthConfigOther (mcptr);
AuthConfigProxy (NULL, NULL);
AuthConfigLine (NULL, NULL);
return (true);
}
/***********/
/* process */
/***********/
/* if it's not text/inline then authorization is not interested in it */
if (mclptr->Token != METACON_TOKEN_TEXT && !mclptr->InlineTextPtr)
return (true);
/* buffer the text associated with the current "line" */
zptr = (sptr = StringBuffer) + sizeof(StringBuffer);
if (mclptr->InlineTextPtr)
cptr = mclptr->InlineTextPtr;
else
cptr = mclptr->TextPtr;
while (*cptr && sptr < zptr) *sptr++ = *cptr++;
if (sptr >= zptr)
{
MetaConReport (mcptr, METACON_REPORT_ERROR, ProblemOverflow);
return (false);
}
*sptr = '\0';
cptr = StringBuffer;
if (strsame (cptr, "[AuthProxy]", 11))
{
/* SYSUAF proxy mapping(s) */
if (acptr->ProxyRuleReset)
{
AuthConfigProxy (NULL, NULL);
acptr->ProxyRuleReset = false;
}
AuthConfigProxy (mcptr, cptr+11);
return (true);
}
if (strsame (cptr, "[AuthProxyFile]", 15))
{
/* file of SYSUAF proxy mappings */
if (acptr->ProxyRuleReset)
{
AuthConfigProxy (NULL, NULL);
acptr->ProxyRuleReset = false;
}
/* terminate the filename */
cptr += 15;
while (*cptr && ISLWS(*cptr)) cptr++;
for (sptr = cptr; *sptr && !ISLWS(*sptr); sptr++);
*sptr = '\0';
/* a proxy file specification */
status = OdsLoadTextFile (&ProxyFileOds, cptr);
if (VMSnok (status))
{
MetaConReport (mcptr, METACON_REPORT_ERROR, ProblemProxyFile);
FaoToBuffer (Scratch, sizeof(Scratch), NULL,
"ERROR=%X!XL@!AZ", status, cptr);
AuthConfigProxy (mcptr, Scratch);
return (true);
}
/* pass each line feeding to the proxy configurator */
for (;;)
{
cptr = OdsParseTextFile (&ProxyFileOds, '\\');
if (!cptr) break;
/* if a blank or comment line, then ignore */
while (ISLWS(*cptr)) cptr++;
if (!*cptr || *cptr == '!' || *cptr == '#') continue;
AuthConfigProxy (mcptr, cptr);
}
return (true);
}
acptr->ProxyRuleReset = true;
AuthConfigLine (mcptr, cptr);
return (true);
}
/*****************************************************************************/
/*
Other things that need initing after the rules have been loaded.
*/
AuthConfigOther (META_CONFIG *mcptr)
{
static $DESCRIPTOR (AuthHttpsOnlyVmsIdentifierDsc, AUTH_HTTPS_ONLY_VMS_ID);
static $DESCRIPTOR (AuthNilAccessVmsIdentifierDsc, AUTH_NIL_ACCESS_VMS_ID);
static $DESCRIPTOR (AuthPasswordChangeVmsIdentifierDsc,
AUTH_PASSWORD_CHANGE_VMS_ID);
static $DESCRIPTOR (AuthProxyAccessVmsIdentifierDsc,
AUTH_PROXY_ACCESS_VMS_ID);
static $DESCRIPTOR (AuthWasdHttpsVmsIdentifierDsc, AUTH_WASD_HTTPS_VMS_ID);
static $DESCRIPTOR (AuthWasdPwdVmsIdentifierDsc, AUTH_WASD_PWD_VMS_ID);
static $DESCRIPTOR (AuthWasdReadVmsIdentifierDsc, AUTH_WASD_READ_VMS_ID);
static $DESCRIPTOR (AuthWasdWriteVmsIdentifierDsc, AUTH_WASD_WRITE_VMS_ID);
int status;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "AuthConfigOther()");
/* but only if we're dealing with the global configuration */
if (mcptr != MetaGlobalAuthPtr) return;
AuthNilAccessExists = false;
/* it's implied! */
if (AuthPolicySysUafWasdIdentifiers) AuthPolicySysUafIdentifiers = true;
if (AuthPromiscuous)
MetaConReport (mcptr, METACON_REPORT_WARNING,
"!AZ authenticating any username with !&?specified\rany\r password!!",
AUTH_REALM_PROMISCUOUS, AuthPromiscuousPwdPtr);
if (AuthPolicyAuthorizedOnly)
MetaConReport (mcptr, METACON_REPORT_INFORM,
"All request paths must be authorized");
if (AuthPolicySslOnly)
MetaConReport (mcptr, METACON_REPORT_INFORM,
"Only SSL (https:) will be authorized");
if (AuthSysUafPromiscuous)
MetaConReport (mcptr, METACON_REPORT_WARNING,
"SYSUAF !AZ (testing only)\n",
AUTH_REALM_PROMISCUOUS);
if (AuthSysUafEnabled)
{
if (AuthPolicySysUafIdentifiers)
{
if (AuthPolicySysUafVms)
MetaConReport (mcptr, METACON_REPORT_INFORM,
"SYSUAF authentication enabled (rights identifier available)");
else
MetaConReport (mcptr, METACON_REPORT_INFORM,
"SYSUAF authentication enabled (only via rights identifier)");
}
else
if (AuthPolicySysUafWasdIdentifiers)
MetaConReport (mcptr, METACON_REPORT_INFORM,
"SYSUAF authentication enabled (via WASD identifier - deprecated)");
else
MetaConReport (mcptr, METACON_REPORT_INFORM,
"SYSUAF authentication enabled");
}
if (AuthVmsUserProfileEnabled)
{
if (AuthVmsUserProfileNoRule)
MetaConReport (mcptr, METACON_REPORT_INFORM,
"VMS security profile enabled (pre-8.2 behaviour)");
else
MetaConReport (mcptr, METACON_REPORT_INFORM,
"VMS security profile enabled (only by authorization rule)");
}
if (AuthPolicySysUafIdentifiers)
{
status = sys$asctoid (&AuthHttpsOnlyVmsIdentifierDsc,
&AuthHttpsOnlyVmsIdentifier, 0);
if (VMSnok (status))
MetaConReport (mcptr, METACON_REPORT_INFORM,
"Optional identifier !AZ\n%!&M",
AUTH_HTTPS_ONLY_VMS_ID, status);
status = sys$asctoid (&AuthNilAccessVmsIdentifierDsc,
&AuthNilAccessVmsIdentifier, 0);
if (VMSnok (status))
MetaConReport (mcptr, METACON_REPORT_INFORM,
"Optional identifier !AZ\n%!&M",
AUTH_NIL_ACCESS_VMS_ID, status);
else
AuthNilAccessExists = true;
status = sys$asctoid (&AuthPasswordChangeVmsIdentifierDsc,
&AuthPasswordChangeVmsIdentifier, 0);
if (VMSnok (status))
MetaConReport (mcptr, METACON_REPORT_INFORM,
"Optional identifier !AZ\n%!&M",
AUTH_PASSWORD_CHANGE_VMS_ID, status);
if (AuthPolicySysUafProxy &&
(AuthPolicySysUafIdentifiers || AuthPolicySysUafWasdIdentifiers))
{
status = sys$asctoid (&AuthProxyAccessVmsIdentifierDsc,
&AuthProxyAccessVmsIdentifier, 0);
if (VMSnok (status))
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Required identifier !AZ\n%!&M",
AUTH_PROXY_ACCESS_VMS_ID, status);
}
}
if (AuthPolicySysUafWasdIdentifiers)
{
status = sys$asctoid (&AuthWasdWriteVmsIdentifierDsc,
&AuthWasdWriteVmsIdentifier, 0);
if (VMSnok (status))
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Required identifier !AZ\n%!&M",
AUTH_WASD_WRITE_VMS_ID, status);
status = sys$asctoid (&AuthWasdReadVmsIdentifierDsc,
&AuthWasdReadVmsIdentifier, 0);
if (VMSnok (status))
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Required identifier !AZ\n%!&M",
AUTH_WASD_READ_VMS_ID, status);
status = sys$asctoid (&AuthWasdHttpsVmsIdentifierDsc,
&AuthWasdHttpsVmsIdentifier, 0);
if (VMSnok (status))
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Required identifier !AZ\n%!&M",
AUTH_WASD_HTTPS_VMS_ID, status);
status = sys$asctoid (&AuthWasdPwdVmsIdentifierDsc,
&AuthWasdPwdVmsIdentifier, 0);
if (VMSnok (status))
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Required identifier !AZ\n%!&M",
AUTH_WASD_PWD_VMS_ID, status);
}
if (!(Config.cfAuth.BasicEnabled || Config.cfAuth.DigestEnabled))
MetaConReport (mcptr, METACON_REPORT_WARNING,
"Neither BASIC or DIGEST authentication enabled");
if (!AuthorizationEnabled)
MetaConReport (mcptr, METACON_REPORT_WARNING, "AUTHORIZATION DISABLED");
/* initialize the authentication cache */
AuthCacheInit (mcptr);
AuthTokenInit ();
/* also flush the server persona cache */
PersonaCache (NULL, 0);
}
/*****************************************************************************/
/*
Process a line of authorization configuration.
*/
#define PATH_PARAMETER_SIZE AUTH_MAX_PATH_PARAM_LENGTH
#define ACCESS_RESTRICTION_LIST_SIZE PATH_PARAMETER_SIZE+255
AuthConfigLine
(
META_CONFIG *mcptr,
char *Line
)
{
static int CurrentSourceRealm;
static char RealmCanString [ACCESS_RESTRICTION_LIST_SIZE+1];
BOOL FinalRule,
NoCache,
PathProblem,
PathIsRegex,
RealmProblem,
VmsUserProfile,
VmsUserScriptAs;
int status;
int SourceGroupRead,
SourceGroupWrite,
SourceRealm;
unsigned long *CanFlagsPtr;
unsigned long GroupCanFlags,
GroupReadVmsIdentifier,
GroupWriteVmsIdentifier,
RealmCanFlags,
RealmVmsIdentifier,
WorldCanFlags;
char *cptr, *lptr, *sptr, *zptr,
*PathTemplatePtr,
*ProxyStringPtr,
*RestrictListPtr;
char CanScratch [ACCESS_RESTRICTION_LIST_SIZE*2+1],
GroupRead [AUTH_MAX_REALM_GROUP_LENGTH+1],
GroupRestrictList [ACCESS_RESTRICTION_LIST_SIZE+1],
GroupWrite [AUTH_MAX_REALM_GROUP_LENGTH+1],
PathParameter [PATH_PARAMETER_SIZE+1],
Realm [AUTH_MAX_REALM_GROUP_LENGTH+1],
RealmDescription [AUTH_MAX_REALM_DESCR_LENGTH+1],
RealmParameter [AUTH_MAX_REALM_PARAM_LENGTH+1],
WorldRestrictList [ACCESS_RESTRICTION_LIST_SIZE+1];
METACON_LINE *mclptr;
regex_t RegexPreg;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH, "AuthConfigLine() !&Z", Line);
if (!Line)
{
/* initialize */
CurrentSourceRealm = 0;
RealmCanString[0] = '\0';
return;
}
/* get a pointer to the current "line" */
mclptr = mcptr->ParsePtr;
FinalRule = NoCache = PathProblem = RealmProblem =
VmsUserProfile = VmsUserScriptAs = false;
GroupCanFlags = GroupReadVmsIdentifier = GroupWriteVmsIdentifier =
RealmVmsIdentifier = RealmCanFlags =
SourceGroupRead = SourceGroupWrite = WorldCanFlags = 0;
PathTemplatePtr = NULL;
ProxyStringPtr = "";
GroupRead[0] = GroupWrite[0] = GroupRestrictList[0] =
Realm[0] = RealmDescription[0] = RealmParameter[0] =
PathParameter[0] = WorldRestrictList[0] = '\0';
CanFlagsPtr = &GroupCanFlags;
RestrictListPtr = &GroupRestrictList;
lptr = Line;
if (*lptr == '[' || strsame (lptr, "REALM", 5))
{
/*********/
/* realm */
/*********/
if (*lptr == '[')
{
lptr++;
while (*lptr && ISLWS(*lptr)) lptr++;
}
else
{
/* skip over keyword and find start of realm name */
while (*lptr && !ISLWS(*lptr)) lptr++;
while (*lptr && ISLWS(*lptr)) lptr++;
}
/* new realm resets proxy mappings */
AuthConfigProxy (NULL, NULL);
/* by default (and historically) it's HTA */
SourceRealm = AUTH_SOURCE_HTA;
if (*lptr == '\"')
{
lptr++;
zptr = (sptr = RealmDescription) + sizeof(RealmDescription);
while (*lptr && *lptr != '\"')
{
if (sptr < zptr) *sptr++ = *lptr;
lptr++;
}
if (sptr >= zptr)
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Problem configuring realm description");
RealmProblem = true;
lptr = "]";
}
else
*sptr = '\0';
if (*lptr == '\"') lptr++;
if (*lptr == '=') lptr++;
}
zptr = (sptr = Realm) + sizeof(Realm);
while (*lptr &&
*lptr != ';' &&
*lptr != '=' &&
*lptr != '+' &&
*lptr != ']' &&
!ISLWS(*lptr))
{
if (sptr < zptr) *sptr++ = TOUP(*lptr);
lptr++;
}
if (sptr >= zptr || !Realm[0])
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Problem configuring realm");
RealmProblem = true;
lptr = "]";
}
*sptr = '\0';
if (*lptr == '=')
{
if (strsame (lptr, "=ACME", 5))
{
lptr += 5;
SourceRealm = AUTH_SOURCE_ACME;
}
else
if (strsame (lptr, "=AGENT+OPAQUE", 13))
{
lptr += 13;
SourceRealm = AUTH_SOURCE_AGENT_OPAQUE;
}
else
if (strsame (lptr, "=AGENT", 6))
{
lptr += 6;
SourceRealm = AUTH_SOURCE_AGENT;
}
else
if (strsame (lptr, "=HTA", 4))
{
lptr += 4;
SourceRealm = AUTH_SOURCE_HTA;
}
else
if (strsame (lptr, "=@HTA", 5))
{
lptr += 5;
SourceRealm = AUTH_SOURCE_DIR_HTA;
}
else
if (strsame (lptr, "=HOST", 5))
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Host group cannot be an authentication realm");
RealmProblem = true;
lptr = "]";
}
else
if (strsame (lptr, "=ID", 3))
{
lptr += 3;
SourceRealm = AUTH_SOURCE_ID;
if (VMSnok (status =
AuthConfigIdentifier (Realm, &RealmVmsIdentifier)))
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Realm !AZ identifier %!&M", Realm, status);
RealmProblem = true;
lptr = "]";
}
}
else
if (strsame (lptr, "=LIST", 5))
{
lptr += 5;
SourceRealm = AUTH_SOURCE_LIST;
}
else
if (strsame (lptr, "=@LIST", 6))
{
lptr += 6;
SourceRealm = AUTH_SOURCE_DIR_LIST;
}
else
if (strsame (lptr, "=TOKEN", 6))
{
lptr += 6;
SourceRealm = AUTH_SOURCE_TOKEN;
}
else
if (strsame (lptr, "=VMS", 4))
{
lptr += 4;
SourceRealm = AUTH_SOURCE_VMS;
}
else
if (strsame (lptr, "=X509", 5))
{
lptr += 5;
SourceRealm = AUTH_SOURCE_X509;
}
else
if (strsame (lptr, "=RFC1413", 8))
{
lptr += 8;
SourceRealm = AUTH_SOURCE_RFC1413;
}
else
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Problem configuring realm source");
RealmProblem = true;
lptr = "]";
}
}
else
{
/* does it look like a host group? */
for (sptr = Realm; *sptr && isdigit(*sptr); sptr++);
if (*sptr == '.')
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Host group cannot be an authentication realm");
RealmProblem = true;
lptr = "]";
}
}
/* 'VMS' is a required ACME agent */
if (SourceRealm == AUTH_SOURCE_ACME)
SourceRealm = AUTH_SOURCE_ACME;
else
/* if was "VMS" then it's SYSUAF no matter what was made equal to!! */
if (strsame (Realm, AUTH_REALM_VMS, -1))
SourceRealm = AUTH_SOURCE_VMS;
else
/* same for "WORLD" */
if (strsame (Realm, AUTH_REALM_WORLD, -1))
SourceRealm = AUTH_SOURCE_WORLD;
else
/* same for "OPAQUE" */
if (strsame (Realm, AUTH_REALM_OPAQUE, -1))
SourceRealm = AUTH_SOURCE_OPAQUE;
else
/* and "X509" */
if (strsame (Realm, AUTH_REALM_X509, -1))
SourceRealm = AUTH_SOURCE_X509;
else
/* and "RFC1413" */
if (strsame (Realm, AUTH_REALM_RFC1413, -1))
SourceRealm = AUTH_SOURCE_RFC1413;
else
/* and "SKELKEY" */
if (strsame (Realm, AUTH_REALM_SKELKEY, -1))
SourceRealm = AUTH_SOURCE_SKELKEY;
else
/* and "TOKEN" */
if (strsame (Realm, AUTH_REALM_TOKEN, -1))
SourceRealm = AUTH_SOURCE_TOKEN;
else
/* and for "EXTERNAL" */
if (strsame (Realm, AUTH_REALM_EXTERNAL, -1))
SourceRealm = AUTH_SOURCE_EXTERNAL;
else
/* and "NONE" */
if (strsame (Realm, AUTH_REALM_NONE, -1))
SourceRealm = AUTH_SOURCE_NONE;
else
/* and last but by no means least "PROMISCUOUS" */
if (strsame (Realm, AUTH_REALM_PROMISCUOUS, -1))
SourceRealm = AUTH_SOURCE_PROMISCUOUS;
if (AuthPolicySysUafWasdIdentifiers)
{
/*
If this is the VMS realm and identifiers are mandatory for
SYSUAF authentication but the realm is not a specific identifier
then it must be through the "hard-wired" WASD identifiers.
*/
if (SourceRealm == AUTH_SOURCE_VMS && AuthPolicySysUafIdentifiers)
SourceRealm = AUTH_SOURCE_WASD_ID;
}
if (SourceRealm == AUTH_SOURCE_ACME && !AuthConfigACME)
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"ACME authentication is not available");
RealmProblem = true;
lptr = "]";
}
while (*lptr && ISLWS(*lptr)) lptr++;
if (*lptr == '+')
{
/****************************/
/* optional realm parameter */
/****************************/
lptr++;
while (*lptr && ISLWS(*lptr)) lptr++;
zptr = (sptr = RealmParameter) + sizeof(RealmParameter)-1;
if (*lptr == '\"')
{
lptr++;
while (*lptr && *lptr != '\"' && sptr < zptr) *sptr++ = *lptr++;
if (*lptr == '\"') lptr++;
}
else
while (*lptr && *lptr != ';' && *lptr != ']' &&
!ISLWS(*lptr) && sptr < zptr) *sptr++ = *lptr++;
if (sptr >= zptr || !RealmParameter[0])
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Problem configuring realm parameter");
RealmProblem = true;
lptr = "]";
}
*sptr = '\0';
}
while (*lptr && ISLWS(*lptr)) lptr++;
/* semicolon separating realm from optional full-access (write) group */
if (*lptr == ';')
{
/*****************************/
/* optional read+write group */
/*****************************/
SourceGroupWrite = AUTH_SOURCE_HTA;
lptr++;
while (*lptr && ISLWS(*lptr)) lptr++;
zptr = (sptr = GroupWrite) + sizeof(GroupWrite)-1;
while (*lptr &&
*lptr != ';' &&
*lptr != '=' &&
*lptr != ']' &&
!ISLWS(*lptr) &&
sptr < zptr) *sptr++ = TOUP(*lptr++);
if (sptr >= zptr || !GroupWrite[0])
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Problem configuring (first) group");
RealmProblem = true;
lptr = "]";
}
*sptr = '\0';
if (*lptr == '=')
{
if (strsame (lptr, "=AGENT+OPAQUE", 13))
{
lptr += 13;
SourceGroupWrite = AUTH_SOURCE_AGENT_OPAQUE;
}
else
if (strsame (lptr, "=AGENT", 6))
{
lptr += 6;
SourceGroupWrite = AUTH_SOURCE_AGENT;
}
else
if (strsame (lptr, "=HTA", 4))
{
lptr += 4;
SourceGroupWrite = AUTH_SOURCE_HTA;
}
else
if (strsame (lptr, "=@HTA", 5))
{
lptr += 5;
SourceGroupWrite = AUTH_SOURCE_DIR_HTA;
}
else
if (strsame (lptr, "=HOST", 5))
{
lptr += 5;
SourceGroupWrite = AUTH_SOURCE_HOST;
}
else
if (strsame (lptr, "=ID", 3))
{
lptr += 3;
SourceGroupWrite = AUTH_SOURCE_ID;
if (VMSnok (status =
AuthConfigIdentifier (GroupWrite, &GroupWriteVmsIdentifier)))
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Group !AZ identifier\n%!&M",
GroupWrite, status);
RealmProblem = true;
lptr = "]";
}
}
else
if (strsame (lptr, "=LIST", 5))
{
lptr += 5;
SourceGroupWrite = AUTH_SOURCE_LIST;
}
else
if (strsame (lptr, "=@LIST", 6))
{
lptr += 6;
SourceGroupWrite = AUTH_SOURCE_DIR_LIST;
}
else
if (strsame (lptr, "=X509", 5))
{
lptr += 5;
SourceGroupWrite = AUTH_SOURCE_X509;
}
else
if (strsame (lptr, "=RFC1413", 8))
{
lptr += 8;
SourceGroupWrite = AUTH_SOURCE_RFC1413;
}
else
if (strsame (lptr, "=TOKEN", 6))
{
lptr += 6;
SourceGroupWrite = AUTH_SOURCE_TOKEN;
}
else
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Problem configuring (first) group source");
RealmProblem = true;
lptr = "]";
}
}
else
{
/* does it look like a host group? */
for (sptr = GroupWrite; *sptr && isdigit(*sptr); sptr++);
if (*sptr == '.') SourceGroupWrite = AUTH_SOURCE_HOST;
}
}
/* semicolon separating realm from optional read-only-access group */
if (*lptr == ';')
{
/****************************/
/* optional read-only group */
/****************************/
SourceGroupRead = AUTH_SOURCE_HTA;
lptr++;
while (*lptr && ISLWS(*lptr)) lptr++;
zptr = (sptr = GroupRead) + sizeof(GroupRead)-1;
while (*lptr &&
*lptr != '=' &&
*lptr != ']' &&
!ISLWS(*lptr) &&
sptr < zptr) *sptr++ = TOUP(*lptr++);
if (sptr >= zptr || !GroupRead[0])
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Problem configuring second group");
RealmProblem = true;
lptr = "]";
}
*sptr = '\0';
if (*lptr == '=')
{
if (strsame (lptr, "=AGENT+OPAQUE", 13))
{
lptr += 6;
SourceGroupRead = AUTH_SOURCE_AGENT_OPAQUE;
}
else
if (strsame (lptr, "=AGENT", 6))
{
lptr += 6;
SourceGroupRead = AUTH_SOURCE_AGENT;
}
else
if (strsame (lptr, "=HTA", 4))
{
lptr += 4;
SourceGroupRead = AUTH_SOURCE_HTA;
}
else
if (strsame (lptr, "=@HTA", 5))
{
lptr += 5;
SourceGroupRead = AUTH_SOURCE_DIR_HTA;
}
else
if (strsame (lptr, "=HOST", 5))
{
lptr += 5;
SourceGroupRead = AUTH_SOURCE_HOST;
}
else
if (strsame (lptr, "=ID", 3))
{
lptr += 3;
SourceGroupRead = AUTH_SOURCE_ID;
if (VMSnok (status =
AuthConfigIdentifier (GroupRead, &GroupReadVmsIdentifier)))
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Group !AZ identifier\n%!&M",
GroupWrite, status);
RealmProblem = true;
lptr = "]";
}
}
else
if (strsame (lptr, "=LIST", 5))
{
lptr += 5;
SourceGroupRead = AUTH_SOURCE_LIST;
}
else
if (strsame (lptr, "=@LIST", 6))
{
lptr += 6;
SourceGroupRead = AUTH_SOURCE_DIR_LIST;
}
else
if (strsame (lptr, "=X509", 5))
{
lptr += 5;
SourceGroupRead = AUTH_SOURCE_X509;
}
else
if (strsame (lptr, "=RFC1413", 8))
{
lptr += 8;
SourceGroupRead = AUTH_SOURCE_RFC1413;
}
else
if (strsame (lptr, "=TOKEN", 6))
{
lptr += 6;
SourceGroupRead = AUTH_SOURCE_TOKEN;
}
else
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Problem configuring second group source");
RealmProblem = true;
lptr = "]";
}
}
else
if (GroupRead[0] == '*')
SourceGroupRead = AUTH_SOURCE_THEREST;
else
{
/* does it look like a host group? */
for (sptr = GroupRead; *sptr && isdigit(*sptr); sptr++);
if (*sptr == '.') SourceGroupWrite = AUTH_SOURCE_HOST;
}
}
while (*lptr && ISLWS(*lptr)) lptr++;
if (*lptr == ']')
lptr++;
else
{
lptr = "";
MetaConReport (mcptr, METACON_REPORT_ERROR, "Generally confused\n");
RealmProblem = true;
}
/* find start of any realm-context access directives */
while (*lptr && ISLWS(*lptr)) lptr++;
if (*lptr)
{
zptr = (sptr = RealmCanString) + sizeof(RealmCanString)-1;
while (*lptr && sptr < zptr) *sptr++ = *lptr++;
*sptr = '\0';
}
else
RealmCanString[0] = '\0';
/***************************/
/* bit more usage checking */
/***************************/
if ((SourceRealm == AUTH_SOURCE_VMS ||
SourceRealm == AUTH_SOURCE_ID) &&
!AuthSysUafEnabled)
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"/SYSUAF not enabled at command line");
RealmProblem = true;
}
if (SourceRealm == AUTH_SOURCE_VMS &&
!AuthPolicySysUafVms &&
AuthPolicySysUafIdentifiers)
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Realm indicates VMS but /SYSUAF=VMS not enabled at command line");
RealmProblem = true;
}
if (SourceRealm == AUTH_SOURCE_ID &&
AuthPolicySysUafVms &&
!AuthPolicySysUafIdentifiers)
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Realm indicates ID but /SYSUAF=ID not enabled at command line");
RealmProblem = true;
}
if ((SourceGroupWrite == AUTH_SOURCE_ID ||
SourceGroupRead == AUTH_SOURCE_ID) &&
SourceRealm != AUTH_SOURCE_VMS &&
SourceRealm != AUTH_SOURCE_ID)
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"ID used without SYSUAF authentication");
RealmProblem = true;
}
if (SourceRealm == AUTH_SOURCE_WASD_ID &&
SourceGroupWrite != AUTH_SOURCE_WASD_ID &&
AuthPolicySysUafWasdIdentifiers &&
(GroupWrite[0] || GroupRead[0]))
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"\"Hard-wired\" WASD identifier usage problem");
RealmProblem = true;
}
if (SourceRealm == AUTH_SOURCE_TOKEN)
{
int IPport = atoi(Realm);
if (Realm[0] && IPport < 0 || IPport > 65535)
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"TOKEN port misconfigured");
RealmProblem = true;
}
}
/*************************/
/* close enough for jazz */
/*************************/
AuthConfigAddRealm (mcptr,
RealmProblem, Realm, RealmDescription,
RealmParameter, SourceRealm, RealmVmsIdentifier,
GroupWrite, SourceGroupWrite,
GroupWriteVmsIdentifier, GroupRead, SourceGroupRead,
GroupReadVmsIdentifier, GroupCanFlags, WorldCanFlags);
CurrentSourceRealm = SourceRealm;
return;
}
if (*lptr != '[' && !strsame (lptr, "REALM", 5))
{
/********/
/* path */
/********/
if (!CurrentSourceRealm)
MetaConReport (mcptr, METACON_REPORT_ERROR, "No realm to apply");
/* if not already retrieved (try to) get (any) proxy mappings */
if (!ProxyStringPtr[0]) ProxyStringPtr = AuthConfigProxy (mcptr, NULL);
/* a single dollar effectively indicates 'cancel all proxies' */
if (SAME2(ProxyStringPtr,'$\0')) ProxyStringPtr = "";
/* note start of path template */
PathTemplatePtr = lptr;
while (*lptr && !ISLWS(*lptr)) lptr++;
/* terminate at the end of the path template */
if (*lptr) *lptr++ = '\0';
PathIsRegex = false;
if (Config.cfMisc.RegexSyntax && *PathTemplatePtr == REGEX_CHAR)
{
cptr = StringRegexCompile (PathTemplatePtr+1, &RegexPreg);
if (cptr)
{
MetaConReport (mcptr, METACON_REPORT_ERROR, "Regex: !AZ", cptr);
PathProblem = true;
}
else
{
regfree (&RegexPreg);
PathIsRegex = true;
}
}
/* find start of access flags */
while (*lptr && ISLWS(*lptr)) lptr++;
if (*lptr)
{
if (CurrentSourceRealm == AUTH_SOURCE_OPAQUE)
{
/* should be nothing more on the line but there is */
MetaConReport (mcptr, METACON_REPORT_WARNING,
"Paths in opaque realms require no parameters - ignored");
lptr = "";
}
else
if (SAME2(RealmCanString,'+='))
{
/* concatenate realm defaults to path access directives */
zptr = (sptr = CanScratch) + sizeof(CanScratch)-1;
while (*lptr && sptr < zptr) *sptr++ = *lptr++;
for (lptr = RealmCanString+2;
*lptr && sptr < zptr;
*sptr++ = *lptr++);
*sptr = '\0';
lptr = CanScratch;
}
}
else
{
if (CurrentSourceRealm != AUTH_SOURCE_OPAQUE)
{
/* nothing more on the line! */
if (RealmCanString[0])
lptr = RealmCanString;
else
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"No access specified and no realm defaults");
lptr = "";
PathProblem = true;
}
}
}
while (*lptr)
{
/********************************/
/* set flags controlling access */
/********************************/
/* find the start of the next element */
while (*lptr && (ISLWS(*lptr) || *lptr == ',' || *lptr == ';'))
{
if (*lptr++ != ';') continue;
/* semicolon separates realm/group and optional world access */
CanFlagsPtr = &WorldCanFlags;
RestrictListPtr = &WorldRestrictList;
}
if (!*lptr) break;
if (*lptr == '*' ||
*lptr == '#' ||
isdigit(*lptr) ||
*lptr == '~' ||
strsame (lptr, "http:", 5) ||
strsame (lptr, "https:", 6) ||
strsame (lptr, "localhost", 9))
{
/* access restriction list */
for (sptr = RestrictListPtr; *sptr; sptr++);
zptr = RestrictListPtr + ACCESS_RESTRICTION_LIST_SIZE;
if (sptr > RestrictListPtr && sptr < zptr) *sptr++ = ',';
while (*lptr && !ISLWS(*lptr) &&
*lptr != ',' && *lptr != ';' &&
sptr < zptr)
*sptr++ = *lptr++;
if (sptr >= zptr)
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Restriction list too long");
PathProblem = true;
break;
}
else
*sptr = '\0';
}
else
if (strsame (lptr, "final", 5) && !isalpha(lptr[5]))
FinalRule = true;
else
if (strsame (lptr, "param=", 6))
{
/* agent parameter */
zptr = (sptr = PathParameter) + PATH_PARAMETER_SIZE;
lptr += 6;
if (*lptr == '\"')
{
/* delimitted by double quotes */
lptr++;
while (*lptr && *lptr != '\"' && sptr < zptr) *sptr++ = *lptr++;
if (*lptr) lptr++;
}
else
if (*lptr == '\'')
{
/* delimitted by single quotes */
lptr++;
while (*lptr && *lptr != '\'' && sptr < zptr) *sptr++ = *lptr++;
if (*lptr) lptr++;
}
else
{
/* delimited by restriction list syntax */
while (*lptr && !ISLWS(*lptr) &&
*lptr != ',' && *lptr != ';' &&
sptr < zptr)
*sptr++ = *lptr++;
}
if (sptr >= zptr)
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Agent parameter too long");
PathProblem = true;
break;
}
else
*sptr = '\0';
}
else
if (strsame (lptr, "nocache", 7) && !isalpha(lptr[7]))
NoCache = true;
else
if (strsame (lptr, "profile", 7) && !isalpha(lptr[7]))
{
VmsUserProfile = true;
if (!AuthVmsUserProfileEnabled)
MetaConReport (mcptr, METACON_REPORT_ERROR,
"/PROFILE not enabled at command line");
}
else
if (strsame (lptr, "scriptas", 8) && !isalpha(lptr[8]))
VmsUserScriptAs = true;
else
if (strsame (lptr, "none", 4) && !isalpha(lptr[4]))
*CanFlagsPtr = 0;
else
/* must come before "read" for obvious reasons! */
if ((strsame (lptr, "READ+WRITE", 10) && !isalpha(lptr[10])) ||
(strsame (lptr, "R+W", 3) && !isalpha(lptr[3])))
*CanFlagsPtr |= HTTP_READ_METHODS |
HTTP_WRITE_METHODS |
HTTP_WEBDAV_READ_METHODS |
HTTP_WEBDAV_WRITE_METHODS;
else
if ((strsame (lptr, "READ", 4) && !isalpha(lptr[4])) ||
(strsame (lptr, "R", 1) && !isalpha(lptr[1])))
*CanFlagsPtr |= HTTP_READ_METHODS |
HTTP_WEBDAV_READ_METHODS;
else
if ((strsame (lptr, "WRITE", 5) && !isalpha(lptr[5])) ||
(strsame (lptr, "W", 1) && !isalpha(lptr[1])))
*CanFlagsPtr |= HTTP_WRITE_METHODS;
else
if (strsame (lptr, "CONNECT", 7) && !isalpha(lptr[7]))
*CanFlagsPtr |= HTTP_METHOD_CONNECT;
else
if (strsame (lptr, "DELETE", 6) && !isalpha(lptr[6]))
*CanFlagsPtr |= HTTP_METHOD_DELETE;
else
if (strsame (lptr, "GET", 3) && !isalpha(lptr[3]))
*CanFlagsPtr |= HTTP_METHOD_GET |
HTTP_METHOD_HEAD;
else
if (strsame (lptr, "HEAD", 4) && !isalpha(lptr[4]))
*CanFlagsPtr |= HTTP_METHOD_HEAD;
else
if (strsame (lptr, "OPTIONS", 7) && !isalpha(lptr[7]))
*CanFlagsPtr |= HTTP_METHOD_OPTIONS;
else
if (strsame (lptr, "POST", 4) && !isalpha(lptr[4]))
*CanFlagsPtr |= HTTP_METHOD_POST;
else
if (strsame (lptr, "PUT", 3) && !isalpha(lptr[3]))
*CanFlagsPtr |= HTTP_METHOD_PUT;
else
if (strsame (lptr, "TRACE", 5) && !isalpha(lptr[5]))
*CanFlagsPtr |= HTTP_METHOD_TRACE;
else
if (strsame (lptr, "COPY", 4) && !isalpha(lptr[4]))
*CanFlagsPtr |= HTTP_METHOD_WEBDAV_COPY;
else
if (strsame (lptr, "LOCK", 4) && !isalpha(lptr[4]))
*CanFlagsPtr |= HTTP_METHOD_WEBDAV_LOCK;
else
if (strsame (lptr, "MOVE", 4) && !isalpha(lptr[4]))
*CanFlagsPtr |= HTTP_METHOD_WEBDAV_MOVE;
else
if (strsame (lptr, "MKCOL", 5) && !isalpha(lptr[5]))
*CanFlagsPtr |= HTTP_METHOD_WEBDAV_MKCOL;
else
if (strsame (lptr, "PROPFIND", 8) && !isalpha(lptr[8]))
*CanFlagsPtr |= HTTP_METHOD_WEBDAV_PROPFIND;
else
if (strsame (lptr, "PROPPATCH", 9) && !isalpha(lptr[9]))
*CanFlagsPtr |= HTTP_METHOD_WEBDAV_PROPPATCH;
else
if (strsame (lptr, "UNLOCK", 6) && !isalpha(lptr[6]))
*CanFlagsPtr |= HTTP_METHOD_WEBDAV_UNLOCK;
else
{
/* otherwise assume it's an alpha-numeric host name */
for (sptr = RestrictListPtr; *sptr; sptr++);
zptr = RestrictListPtr + ACCESS_RESTRICTION_LIST_SIZE;
if (sptr > RestrictListPtr && sptr < zptr) *sptr++ = ',';
while (*lptr && !ISLWS(*lptr) &&
*lptr != ',' && *lptr != ';' &&
sptr < zptr)
*sptr++ = *lptr++;
if (sptr >= zptr)
{
MetaConReport (mcptr, METACON_REPORT_ERROR,
"Restriction list too long");
PathProblem = true;
break;
}
else
*sptr = '\0';
}
while (*lptr && !ISLWS(*lptr) && *lptr != ',' && *lptr != ';') lptr++;
}
AuthConfigAddPath (mcptr, PathProblem,
PathTemplatePtr, PathIsRegex, FinalRule,
GroupRestrictList, WorldRestrictList,
ProxyStringPtr, PathParameter, CurrentSourceRealm,
GroupCanFlags, WorldCanFlags, NoCache,
VmsUserProfile, VmsUserScriptAs);
AuthorizationEnabled++;
return;
}
MetaConReport (mcptr, METACON_REPORT_ERROR, "Generally confused\n");
}
/*****************************************************************************/
/*
*/
AuthConfigAddRealm
(
META_CONFIG *mcptr,
BOOL RealmProblem,
char *Realm,
char *RealmDescription,
char *RealmParameter,
unsigned long SourceRealm,
unsigned long RealmVmsIdentifier,
char *GroupWrite,
unsigned long SourceGroupWrite,
unsigned long GroupWriteVmsIdentifier,
char *GroupRead,
unsigned long SourceGroupRead,
unsigned long GroupReadVmsIdentifier,
unsigned long GroupCanFlags,
unsigned long WorldCanFlags
)
{
int status,
RealmDescriptionLength,
GroupReadLength,
GroupWriteLength,
RealmLength,
RealmParamLength,
StringSpace,
WorldRestrictListLength;
char *cptr, *pptr, *sptr, *tptr,
*OffsetPtr;
AUTH_REALM *arptr;
METACON_LINE *mclptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
{
WatchThis (WATCHALL, WATCH_MOD_AUTH, "AuthConfigAddRealm()");
WatchDataFormatted (
"!&B !&Z !&Z !&Z !UL !&X\n\
!&Z !UL !&X\n\
!&Z !UL !&X\n\
!&X !&X\n",
RealmProblem,
Realm, RealmDescription, RealmParameter,
SourceRealm, RealmVmsIdentifier,
GroupWrite, SourceGroupWrite, GroupWriteVmsIdentifier,
GroupRead, SourceGroupRead, GroupReadVmsIdentifier,
GroupCanFlags, WorldCanFlags);
}
/* get a pointer to the current "line" */
mclptr = mcptr->ParsePtr;
GroupReadLength = strlen(GroupRead);
GroupWriteLength = strlen(GroupWrite);
RealmLength = strlen(Realm);
RealmDescriptionLength = strlen(RealmDescription);
RealmParamLength = strlen(RealmParameter);
StringSpace = 5 + /* number of terminating nulls! */
GroupReadLength +
GroupWriteLength +
RealmLength +
RealmDescriptionLength +
RealmParamLength;
arptr = VmGet (sizeof(AUTH_REALM) + StringSpace);
/* set the meta-config data pointer to this structure, tag it! */
mclptr->LineDataPtr = arptr;
arptr->RecordType = AUTH_REALM_RECORD_TYPE;
arptr->MetaConNumber = mclptr->Number;
arptr->RealmProblem = RealmProblem;
/* find the start of the string storage space */
OffsetPtr = (char*)arptr + sizeof(AUTH_REALM);
arptr->GroupReadPtr = OffsetPtr;
memcpy (arptr->GroupReadPtr, GroupRead, GroupReadLength+1);
OffsetPtr += (arptr->GroupReadLength = GroupReadLength) + 1;
arptr->SourceGroupRead = SourceGroupRead;
arptr->GroupReadVmsIdentifier = GroupReadVmsIdentifier;
arptr->GroupWritePtr = OffsetPtr;
memcpy (arptr->GroupWritePtr, GroupWrite, GroupWriteLength+1);
OffsetPtr += (arptr->GroupWriteLength = GroupWriteLength) + 1;
arptr->SourceGroupWrite = SourceGroupWrite;
arptr->GroupWriteVmsIdentifier = GroupWriteVmsIdentifier;
arptr->RealmPtr = OffsetPtr;
memcpy (arptr->RealmPtr, Realm, RealmLength+1);
OffsetPtr += (arptr->RealmLength = RealmLength) + 1;
arptr->SourceRealm = SourceRealm;
arptr->RealmVmsIdentifier = RealmVmsIdentifier;
arptr->RealmDescrPtr = OffsetPtr;
memcpy (arptr->RealmDescrPtr,
RealmDescription,
RealmDescriptionLength+1);
OffsetPtr += (arptr->RealmDescriptionLength = RealmDescriptionLength) + 1;
arptr->RealmParamPtr = OffsetPtr;
memcpy (arptr->RealmParamPtr, RealmParameter, RealmParamLength+1);
OffsetPtr += (arptr->RealmParamLength = RealmParamLength) + 1;
arptr->AuthGroupCan = GroupCanFlags;
arptr->AuthWorldCan = WorldCanFlags;
if (SourceRealm == AUTH_SOURCE_TOKEN)
{
/* note that TOKEN authorization is in use */
AuthRealmToken = true;
}
if (SourceRealm == AUTH_SOURCE_X509)
{
/* note that X509 client certification is in use */
AuthRealmX509 = true;
}
}
/*****************************************************************************/
/*
*/
AuthConfigAddPath
(
META_CONFIG *mcptr,
BOOL PathProblem,
char *Path,
BOOL PathIsRegex,
BOOL FinalRule,
char *GroupRestrictList,
char *WorldRestrictList,
char *ProxyStringPtr,
char *PathParameter,
unsigned long SourceRealm,
unsigned long GroupCanFlags,
unsigned long WorldCanFlags,
BOOL NoCache,
BOOL VmsUserProfile,
BOOL VmsUserScriptAs
)
{
int status,
GroupRestrictListLength,
PathLength,
ProxyStringLength,
PathParameterLength,
StringSpace,
WorldRestrictListLength;
char *cptr, *pptr, *sptr, *tptr,
*OffsetPtr;
AUTH_PATH *apptr;
METACON_LINE *mclptr;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
{
WatchThis (WATCHALL, WATCH_MOD_AUTH, "AuthConfigAddPath()");
WatchDataFormatted (
"!&B !&Z !&B !&B\n!&Z\n!&Z\n!&Z\n!&Z\n!UL !&X !&X !&B !&B !&B\n",
PathProblem, Path, FinalRule, PathIsRegex,
GroupRestrictList, WorldRestrictList,
ProxyStringPtr, PathParameter, SourceRealm,
GroupCanFlags, WorldCanFlags, NoCache,
VmsUserProfile, VmsUserScriptAs);
}
/* get a pointer to the current "line" */
mclptr = mcptr->ParsePtr;
GroupRestrictListLength = strlen(GroupRestrictList);
PathLength = strlen(Path);
ProxyStringLength = strlen(ProxyStringPtr);
PathParameterLength = strlen(PathParameter);
WorldRestrictListLength = strlen(WorldRestrictList);
StringSpace = 5 + /* number of terminating nulls! */
GroupRestrictListLength +
PathLength +
ProxyStringLength +
PathParameterLength +
WorldRestrictListLength;
apptr = VmGet (sizeof(AUTH_PATH) + StringSpace);
/* set the meta-config data pointer to this structure, tag it! */
mclptr->LineDataPtr = apptr;
apptr->RecordType = AUTH_PATH_RECORD_TYPE;
apptr->MetaConNumber = mclptr->Number;
apptr->PathProblem = PathProblem;
apptr->SourceRealm = SourceRealm;
/* set the meta-config data pointer to this structure */
mclptr->LineDataPtr = apptr;
/* find the start of the string storage space */
OffsetPtr = (char*)apptr + sizeof(AUTH_PATH);
apptr->GroupRestrictListPtr = sptr = OffsetPtr;
cptr = GroupRestrictList;
while (*cptr) *sptr++ = *cptr++;
*sptr = '\0';
OffsetPtr += (apptr->GroupRestrictListLength =
GroupRestrictListLength) + 1;
apptr->PathPtr = sptr = OffsetPtr;
cptr = Path;
while (*cptr) *sptr++ = *cptr++;
*sptr = '\0';
OffsetPtr += (apptr->PathLength = PathLength) + 1;
if (PathIsRegex)
{
/* the template was a regular expression, create a compiled version */
StringRegexCompile (apptr->PathPtr, &apptr->RegexPregPath);
}
apptr->FinalRule = FinalRule;
apptr->ProxyStringPtr = sptr = OffsetPtr;
cptr = ProxyStringPtr;
while (*cptr) *sptr++ = *cptr++;
*sptr = '\0';
OffsetPtr += (apptr->ProxyStringLength = ProxyStringLength) + 1;
cptr = WorldRestrictList;
apptr->WorldRestrictListPtr = sptr = OffsetPtr;
while (*cptr) *sptr++ = *cptr++;
*sptr = '\0';
OffsetPtr += (apptr->WorldRestrictListLength =
WorldRestrictListLength) + 1;
apptr->PathParameterPtr = OffsetPtr;
memcpy (apptr->PathParameterPtr, PathParameter, PathParameterLength+1);
*sptr = '\0';
apptr->PathParameterLength = PathParameterLength;
apptr->AuthGroupCan = GroupCanFlags;
apptr->AuthWorldCan = WorldCanFlags;
apptr->NoCache = NoCache;
apptr->VmsUserProfile = VmsUserProfile;
apptr->VmsUserScriptAs = VmsUserScriptAs;
}
/****************************************************************************/
/*
When 'StringPtr' is non-NULL the string is parsed looking for something like
'vms-username=remote-username[@host.name]' where the square brackets indicate
an optional host host name. Essentially this is any string delimited by
white-space. Multiple proxy entries can be placed in a single string (line)
separated by white-space. The newly parsed position in the string is returned.
This can be done one or many times with the string being dynamically allocated
and built up into a series of white-space delimited proxy mappings.
If 'StringPtr' is passed as NULL a pointer to the stored string is returned and
the internal pointers reset to empty. It is up to the calling routine to then
use/dispose of the string as appropriate.
*/
char* AuthConfigProxy
(
META_CONFIG *mcptr,
char *StringPtr
)
{
#define AUTH_CONFIG_META_PROXY_STRING_ALLOC 256
static int ProxyCurrentLength,
ProxyLineLength,
ProxyStringLength;
static char *ProxyStringPtr;
char *cptr, *sptr;
int Length;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH,
"AuthConfigProxy() !&X !&Z", mcptr, StringPtr);
if (!StringPtr)
{
if (!ProxyCurrentLength) return ("");
if (mcptr) return (ProxyStringPtr);
VmFree (ProxyStringPtr, FI_LI);
ProxyStringPtr = NULL;
ProxyCurrentLength = ProxyLineLength = ProxyStringLength = 0;
return ("");
}
if (!AuthPolicySysUafProxy)
{
/* prevent disabled proxies from inadvertantly allowing access */
if (ProxyCurrentLength) return (ProxyStringPtr);
MetaConReport (mcptr, METACON_REPORT_ERROR,
"/SYSUAF=PROXY not enabled at command line");
/* override the supplied proxy with this bogus one */
StringPtr = "proxy@command.line=NOT-ENABLED";
}
for (;;)
{
for (sptr = StringPtr; *sptr && ISLWS(*sptr); sptr++);
if (!*sptr) break;
cptr = sptr;
while (*sptr && !ISLWS(*sptr)) sptr++;
StringPtr = sptr;
if ((Length = (sptr - cptr)) > ProxyStringLength - ProxyCurrentLength)
{
if (Length < AUTH_CONFIG_META_PROXY_STRING_ALLOC+1)
Length = AUTH_CONFIG_META_PROXY_STRING_ALLOC+1;
ProxyStringLength += Length;
ProxyStringPtr = VmRealloc (ProxyStringPtr, ProxyStringLength+1, FI_LI);
}
sptr = ProxyStringPtr + ProxyCurrentLength;
if (ProxyLineLength > 80)
{
*sptr++ = '\n';
ProxyLineLength = 0;
}
else
if (ProxyLineLength)
*sptr++ = ' ';
while (*cptr && !ISLWS(*cptr))
{
*sptr++ = *cptr++;
ProxyLineLength++;
}
*sptr = '\0';
ProxyCurrentLength = sptr - ProxyStringPtr;
if (WATCH_MODULE(WATCH_MOD_AUTH) && WATCH_MODULE(WATCH_MOD__DETAIL))
WatchDataFormatted ("!UL !UL !&Z\n", ProxyStringLength,
ProxyCurrentLength, ProxyStringPtr);
}
return (NULL);
}
/****************************************************************************/
/*
Searches for a matching proxy entry in the string passed as the
'ProxyStringPtr' field of the authorisation record. Searches against the
username in the request's remote user and client host name (which with WASD
usually contains the client's IP address). See description in the prologue to
AUTH.C for information on what this function provides in proxy mappings.
[*|REMOTE][@host-name|@IP-address|VLSM-address]=[*|LOCAL]
*@host.name=* (many-to-many, host match)
@host-name= (the same, different syntax)
remote-name@host.name=* (many-to-the-same, host match)
remote-name@host.name=local-name (one-to-one, host match)
*@host.name=local-name (many-to-one, host match)
*=local-name (many-to-one, all hosts)
remote-name=local-name (one-to-one, all hosts)
Note that remote an local usernames may be wilcarded only using a single
wildcard (i.e. complete match) but host names and addresses may be matched
on a partial string using a wildcard. The use of isspace() rather than ISLWS()
allows embedded newlines to break very long lines of proxy mappings when
outputing them as reports.
*/
int AuthConfigProxyMap
(
REQUEST_STRUCT *rqptr,
AUTH_CREC *acrptr
)
{
BOOL IsDottedDecimal,
IsNetMask,
SoFarSoGood;
int status,
ProxyUserNameLength,
RemoteUserLength;
char *cptr, *dptr, *sptr, *zptr,
*ErrorMsgPtr;
char RuleHost [128],
RemoteUser [AUTH_MAX_USERNAME_LENGTH+1],
RuleUserName [AUTH_MAX_USERNAME_LENGTH+1],
ProxyUserName [AUTH_MAX_USERNAME_LENGTH+1];
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_MOD_AUTH, "AuthConfigProxyMap()");
/* get name-only portion of any name@host remote username (RFC1413) */
cptr = rqptr->RemoteUser;
zptr = (sptr = RemoteUser) + sizeof(RemoteUser);
while (*cptr && *cptr != '@' && sptr < zptr) *sptr++ = TOUP(*cptr++);
if (sptr >= zptr)
{
ErrorGeneralOverflow (rqptr, FI_LI);
return (AUTH_DENIED_BY_OTHER);
}
*sptr = '\0';
RemoteUserLength = sptr - RemoteUser;
if (WATCHING (rqptr, WATCH_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_AUTH, "PROXY map !AZ@!AZ",
RemoteUser, rqptr->ClientPtr->Lookup.HostName);
ProxyUserName[0] = '\0';
cptr = rqptr->rqAuth.ProxyStringPtr;
while (*cptr)
{
while (*cptr && isspace (*cptr)) cptr++;
if (*cptr == '#')
{
/* commented-out rule */
if (SAME2(cptr,'#!'))
{
/* comment spans all characters until next '!' */
while (*cptr && *cptr != '!') cptr++;
if (*cptr) cptr++;
}
else
while (*cptr && !isspace (*cptr)) cptr++;
continue;
}
dptr = cptr;
IsNetMask = false;
SoFarSoGood = true;
ErrorMsgPtr = NULL;
ProxyUserName[0] = '\0';
if (*cptr == '*' || *cptr == '@')
{
/********************/
/* wildcard mapping */
/********************/
SET2(RuleUserName,'*\0');
if (*cptr == '*') cptr++;
}
else
{
/*************************/
/* get the rule username */
/*************************/
zptr = (sptr = RuleUserName) + sizeof(RuleUserName);
while (*cptr && *cptr != '@' && !isspace(*cptr) && sptr < zptr)
*sptr++ = *cptr++;
if (sptr >= zptr)
{
ErrorGeneralOverflow (rqptr, FI_LI);
return (AUTH_DENIED_BY_OTHER);
}
*sptr = '\0';
}
if (*cptr == '@')
{
/********************/
/* a host component */
/********************/
IsDottedDecimal = true;
cptr++;
zptr = (sptr = RuleHost) + sizeof(RuleHost);
while (*cptr && *cptr != '=' && !isspace(*cptr) && sptr < zptr)
{
if (*cptr == '/') IsNetMask = true;
if (isalpha(*cptr)) IsDottedDecimal = false;
*sptr++ = *cptr++;
}
if (sptr >= zptr)
{
ErrorGeneralOverflow (rqptr, FI_LI);
return (AUTH_DENIED_BY_OTHER);
}
*sptr = '\0';
if (IsNetMask)
{
char *tptr = RuleHost; /* preserve string address using pointer */
status = TcpIpNetMask (rqptr, WATCH_AUTH, &tptr,
&rqptr->ClientPtr->IpAddress);
if (status == SS$_UNREACHABLE)
{
/* if the masked IP addresses do not match */
SoFarSoGood = false;
}
else
if (VMSnok(status))
{
/* net mask problem */
ErrorMsgPtr = "network mask";
SoFarSoGood = false;
}
}
else
if (IsDottedDecimal)
{
/* if wildcard string compare fails the no match */
if (!StringMatch (rqptr, &rqptr->ClientPtr->IpAddressString, RuleHost))
SoFarSoGood = false;
}
else
{
/* if wildcard string compare fails the no match */
if (!StringMatch (rqptr, rqptr->ClientPtr->Lookup.HostName, RuleHost))
SoFarSoGood = false;
}
}
if (*cptr != '=')
{
ErrorMsgPtr = "rule syntax";
SoFarSoGood = false;
}
else
if (SoFarSoGood)
{
/***************************/
/* get the SYSUAF username */
/***************************/
cptr++;
if (*cptr == '*' || isspace(*cptr))
{
/* wildcard mapping */
if (*cptr == '*') cptr++;
strcpy (ProxyUserName, RemoteUser);
ProxyUserNameLength = RemoteUserLength;
}
else
{
zptr = (sptr = ProxyUserName) + sizeof(ProxyUserName);
while (*cptr && !isspace(*cptr) && sptr < zptr)
*sptr++ = TOUP(*cptr++);
if (sptr >= zptr)
{
ErrorGeneralOverflow (rqptr, FI_LI);
return (AUTH_DENIED_BY_OTHER);
}
*sptr = '\0';
ProxyUserNameLength = sptr - ProxyUserName;
}
}
while (*cptr && !isspace (*cptr)) cptr++;
/****************/
/* end of parse */
/****************/
if (WATCHING (rqptr, WATCH_AUTH))
{
WatchDataFormatted ("!#AZ", cptr-dptr, dptr);
if (!ErrorMsgPtr)
WatchDataFormatted ("\n");
else
WatchDataFormatted (" <ERROR: !AZ\n", ErrorMsgPtr);
}
if (SoFarSoGood && !SAME2(RuleUserName,'*\0'))
{
/* it's not a username wildcard rule */
if (strsame (RuleUserName, RemoteUser, -1))
{
/* the remote (client) and rule usernames are the same */
if (SAME2(ProxyUserName,'-\0'))
{
/* it's a forbidden match */
if (WATCHING (rqptr, WATCH_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_AUTH, "PROXY forbidden");
return (AUTH_DENIED_BY_LOGIN);
}
}
else
SoFarSoGood = false;
}
/* if there's been a successful mapping */
if (SoFarSoGood) break;
/* reset any proxy username parsed during matching */
ProxyUserName[0] = '\0';
}
if (!ProxyUserName[0])
{
/**************/
/* no mapping */
/**************/
if (WATCHING (rqptr, WATCH_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_AUTH, "PROXY none");
return (AUTH_DENIED_BY_LOGIN);
}
/*****************/
/* found mapping */
/*****************/
if (WATCHING (rqptr, WATCH_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_AUTH, "PROXY result \"!AZ\"",
ProxyUserName);
/* buffer the original remote user (the browser-supplied user id) */
strcpy (rqptr->rqAuth.RemoteUser, rqptr->RemoteUser);
rqptr->rqAuth.RemoteUserLength = rqptr->RemoteUserLength;
/* now replace the original remote user with the potential SYSUAF one */
strcpy (rqptr->RemoteUser, ProxyUserName);
rqptr->RemoteUserLength = ProxyUserNameLength;
if (strsame (acrptr->ProxyUserName, ProxyUserName, -1))
{
/************************/
/* use previous details */
/************************/
if (rqptr->rqAuth.UserDetailsLength = acrptr->UserDetailsLength)
{
rqptr->rqAuth.UserDetailsPtr =
VmGetHeap (rqptr, rqptr->rqAuth.UserDetailsLength+1);
strcpy (rqptr->rqAuth.UserDetailsPtr, acrptr->UserDetails);
}
else
rqptr->rqAuth.UserDetailsPtr = NULL;
if (rqptr->rqAuth.VmsUserProfileLength =
acrptr->VmsUserProfileLength)
{
rqptr->rqAuth.VmsUserProfilePtr =
VmGetHeap (rqptr, acrptr->VmsUserProfileLength);
memcpy (rqptr->rqAuth.VmsUserProfilePtr,
acrptr->VmsUserProfilePtr,
acrptr->VmsUserProfileLength);
}
else
rqptr->rqAuth.VmsUserProfilePtr = NULL;
rqptr->rqAuth.VmsUserScriptAs = acrptr->VmsUserScriptAs;
rqptr->rqAuth.SysUafAuthenticated = acrptr->SysUafAuthenticated = true;
return (SS$_NORMAL);
}
else
{
/*************************/
/* proxy username verify */
/*************************/
if (VMSok (status = AuthVmsGetUai (rqptr, rqptr->RemoteUser)))
status = AuthVmsVerifyUser (rqptr);
if (VMSok (status) &&
(AuthPolicySysUafIdentifiers || AuthPolicySysUafWasdIdentifiers))
{
status = AuthVmsHoldsIdentifier (rqptr, AUTH_PROXY_ACCESS_VMS_ID,
AuthProxyAccessVmsIdentifier);
/* if requires proxy identifier ... and doesn't have it */
if (VMSnok (status))
{
if (WATCHING (rqptr, WATCH_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_AUTH,
"FAIL SYSUAF proxy identifier");
status = AUTH_DENIED_BY_OTHER;
}
}
if (VMSok (status))
if (AuthVmsUserProfileEnabled)
status = AuthVmsCreateUserProfile (rqptr);
if (VMSok (status))
{
rqptr->rqAuth.SysUafAuthenticated =
acrptr->SysUafAuthenticated = true;
strcpy (acrptr->ProxyUserName, ProxyUserName);
acrptr->ProxyUserNameLength = ProxyUserNameLength;
}
else
{
/* the verification has failed for some reason */
rqptr->rqAuth.SysUafAuthenticated =
acrptr->SysUafAuthenticated = false;
/* restore the original details */
strcpy (rqptr->RemoteUser, rqptr->rqAuth.RemoteUser);
rqptr->RemoteUserLength = rqptr->rqAuth.RemoteUserLength;
rqptr->rqAuth.RemoteUser[0] = acrptr->ProxyUserName[0] = '\0';
rqptr->rqAuth.RemoteUserLength = acrptr->ProxyUserNameLength = 0;
}
return (status);
}
}
/****************************************************************************/
/*
Get the identifier value from the supplied name.
*/
AuthConfigIdentifier
(
char *NamePtr,
unsigned long *ValuePtr
)
{
static $DESCRIPTOR (NameDsc, "");
int status;
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH,
"AuthConfigIdentifier() !&Z", NamePtr);
*ValuePtr = 0;
NameDsc.dsc$a_pointer = NamePtr;
NameDsc.dsc$w_length = strlen(NamePtr);
status = sys$asctoid (&NameDsc, ValuePtr, 0);
return (status);
}
/*****************************************************************************/
/*
Look for a path template matching the request path in the path authorization
meta-config.
*/
int AuthConfigSearch
(
REQUEST_STRUCT *rqptr,
char *PathBeingAuthorized
)
{
BOOL WatchThisMatch;
int status,
TotalLength;
char *cptr, *pptr, *sptr, *tptr, *zptr;
AUTH_PATH *apptr;
AUTH_REALM *arptr,
*RealmDataPtr;
METACON_LINE *mclptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_MOD_AUTH,
"AuthConfigSearch() !&Z", PathBeingAuthorized);
if (WATCHING (rqptr, WATCH_MATCH))
WatchThisMatch = true;
else
WatchThisMatch = false;
RealmDataPtr = NULL;
MetaConParseReset (MetaGlobalAuthPtr, true);
for (;;)
{
mclptr = MetaGlobalAuthPtr->ParsePtr = MetaGlobalAuthPtr->ParseNextPtr;
if (WATCHPNT(rqptr) &&
WATCH_MODULE(WATCH_MOD_METACON) && WATCH_MODULE(WATCH_MOD__DETAIL))
WatchDataFormatted ("!&X !UL !UL !UL !UL !&X !&Z\n",
mclptr, mclptr->Size, mclptr->Token, mclptr->Number,
mclptr->Length, mclptr->LineDataPtr, mclptr->TextPtr);
/* if terminating empty "line" */
if (!mclptr->Size)
{
status = STS$K_ERROR;
break;
}
if (mclptr->Token == METACON_TOKEN_TEXT)
{
/* get required data, adjust the parse context to the next "line" */
cptr = (char*)mclptr->LineDataPtr;
MetaGlobalAuthPtr->ParseNextPtr =
(METACON_LINE*)((char*)mclptr + mclptr->Size);
}
else
if (mclptr->Token != METACON_TOKEN_DIRECTORY)
{
/* not a simple text line, have meta-config parse this one for us */
if (WATCHING (rqptr, WATCH_AUTH))
cptr = MetaConParse (rqptr, MetaGlobalAuthPtr, &mclptr, WATCH_AUTH);
else
cptr = MetaConParse (rqptr, MetaGlobalAuthPtr, &mclptr, 0);
/* if end of rules */
if (!cptr)
{
status = STS$K_ERROR;
break;
}
/* if error string */
if (!*cptr && *(cptr+1))
{
status = SS$_ABORT;
break;
}
/* if inline rule and expression was false */
if (SAME4 (cptr, '\0\0\0\1')) continue;
cptr = (char*)mclptr->LineDataPtr;
}
if (mclptr->Token == METACON_TOKEN_DIRECTORY)
{
/* get required data, adjust the parse context to the next "line" */
cptr = mclptr->TextPtr + sizeof("[ConfigDirectory]");
while (*cptr && ISLWS(*cptr)) cptr++;
zptr = (sptr = rqptr->ConfigDirectory) +
sizeof(rqptr->ConfigDirectory)-1;
while (*cptr && sptr < zptr) *sptr++ = *cptr++;
*sptr = '\0';
rqptr->ConfigDirectoryLength = sptr - rqptr->ConfigDirectory;
MetaGlobalAuthPtr->ParseNextPtr =
(METACON_LINE*)((char*)mclptr + mclptr->Size);
continue;
}
/* if there is no associated authorization data then ignore line */
if (!cptr) continue;
/* check the record type integer of this record */
if (*(int*)cptr == AUTH_REALM_RECORD_TYPE)
{
/* just note the last realm record encountered */
RealmDataPtr = (AUTH_REALM*)cptr;
continue;
}
if (*(int*)cptr == AUTH_PATH_RECORD_TYPE)
{
apptr = (AUTH_PATH*)cptr;
/* the 'arptr' here points to the last realm record encountered */
if (!(arptr = RealmDataPtr))
{
if (WATCHMOD (rqptr, WATCH_MOD_AUTH))
{
WatchDataFormatted (
"!&Z final:!&B regex:!&B\n\
!&Z !&Z\n\
!&X !&X !&B !&B !&B\n\
NO REALM TO APPLY!!\n",
apptr->PathPtr, apptr->FinalRule,
apptr->RegexPregPath.buffer,
apptr->GroupRestrictListPtr,
apptr->WorldRestrictListPtr,
apptr->AuthGroupCan, apptr->AuthWorldCan,
apptr->NoCache,
apptr->VmsUserProfile, apptr->VmsUserScriptAs);
}
status = STS$K_ERROR;
break;
}
}
else
ErrorExitVmsStatus (SS$_BUGCHECK, ErrorSanityCheck, FI_LI);
if (WATCHMOD (rqptr, WATCH_MOD_AUTH))
{
WatchDataFormatted (
"!&Z\n\
!&B !&Z !&Z !UL !&X\n\
!&Z !UL !&X\n\
!&Z !UL !&X\n\
!&Z !&Z\n\
!&Z\n\
!&X !&X\n\
!&X !&X !&B !&B !&B\n",
apptr->PathPtr,
apptr->FinalRule,
arptr->RealmPtr, arptr->RealmDescrPtr,
arptr->SourceRealm, arptr->RealmVmsIdentifier,
arptr->GroupWritePtr, arptr->SourceGroupWrite,
arptr->GroupWriteVmsIdentifier,
arptr->GroupReadPtr, arptr->SourceGroupRead,
arptr->GroupReadVmsIdentifier,
apptr->GroupRestrictListPtr,
apptr->WorldRestrictListPtr,
apptr->PathParameterPtr,
arptr->AuthGroupCan, arptr->AuthWorldCan,
apptr->AuthGroupCan, apptr->AuthWorldCan,
apptr->NoCache,
apptr->VmsUserProfile, apptr->VmsUserScriptAs);
}
if (WATCHING (rqptr, WATCH_AUTH))
{
int BufferCount;
char Buffer [2048];
BufferCount = AuthConfigReportRule (rqptr, mclptr, true,
Buffer, sizeof(Buffer));
WatchData (Buffer, BufferCount);
}
/* quick check obvious non-/match before using expensive functions */
tptr = apptr->PathPtr;
pptr = PathBeingAuthorized;
if (Config.cfMisc.RegexSyntax && *tptr == REGEX_CHAR) tptr++;
/* while matching vanilla characters */
while ((isalnum(*tptr) || *tptr == '/' ||
*tptr == '-' || *tptr == '_') &&
TOLO(*pptr) == TOLO(*tptr))
{
pptr++;
tptr++;
}
/* if non-matching vanilla character */
if (isalnum(*tptr) || *tptr == '/' || *tptr == '-' || *tptr == '_')
{
if (!WatchThisMatch) continue;
WatchThis (WATCHITM(rqptr), WATCH_MATCH, "NO !&Z", tptr);
continue;
}
/* if a trailing wildcard then it's a match already! */
if (SAME2(tptr,'*\0'))
{
status = SS$_NORMAL;
if (!WatchThisMatch) break;
WatchThis (WATCHITM(rqptr), WATCH_MATCH, "YES");
break;
}
/* expensive comparison of path and template, break if matched */
if (StringMatchAndRegex (rqptr, PathBeingAuthorized, apptr->PathPtr,
SMATCH_STRING_REGEX, &apptr->RegexPregPath,
NULL))
{
status = SS$_NORMAL;
break;
}
}
/*************************************/
/* if path not found, or other error */
/*************************************/
if (VMSnok (status)) return (status);
/* a final rule is effectively 'path not found' */
if (apptr->FinalRule) return (STS$K_ERROR);
/**************/
/* path found */
/**************/
/*
As the path authorization information is potentially volatile
(i.e. can be reloaded) we need request-local copies of these fields.
*/
TotalLength = 10 + /* number of terminating nulls */
/* these five are from the realm record */
arptr->GroupWriteLength +
arptr->GroupReadLength +
arptr->RealmLength +
arptr->RealmDescriptionLength +
arptr->RealmParamLength +
/* these five are from the path record */
apptr->PathLength +
apptr->GroupRestrictListLength +
apptr->ProxyStringLength +
apptr->PathParameterLength +
apptr->WorldRestrictListLength;
cptr = VmGetHeap (rqptr, TotalLength);
/******************************/
/* data from the realm record */
/******************************/
rqptr->rqAuth.RealmProblem = arptr->RealmProblem;
memcpy (rqptr->rqAuth.RealmPtr = cptr,
arptr->RealmPtr, arptr->RealmLength+1);
cptr += arptr->RealmLength+1;
rqptr->rqAuth.RealmLength = arptr->RealmLength;
rqptr->rqAuth.SourceRealm = arptr->SourceRealm;
rqptr->rqAuth.RealmVmsIdentifier = arptr->RealmVmsIdentifier;
if (arptr->RealmDescrPtr[0])
{
memcpy (rqptr->rqAuth.RealmDescrPtr = cptr,
arptr->RealmDescrPtr, arptr->RealmDescriptionLength+1);
cptr += arptr->RealmDescriptionLength+1;
}
else
rqptr->rqAuth.RealmDescrPtr = rqptr->rqAuth.RealmPtr;
if (arptr->RealmParamPtr[0])
{
memcpy (rqptr->rqAuth.RealmParamPtr = cptr,
arptr->RealmParamPtr, arptr->RealmParamLength+1);
cptr += arptr->RealmParamLength+1;
}
memcpy (rqptr->rqAuth.ProxyStringPtr = cptr,
apptr->ProxyStringPtr, apptr->ProxyStringLength+1);
cptr += apptr->ProxyStringLength+1;
rqptr->rqAuth.ProxyStringLength = apptr->ProxyStringLength;
memcpy (rqptr->rqAuth.GroupWritePtr = cptr,
arptr->GroupWritePtr, arptr->GroupWriteLength+1);
cptr += arptr->GroupWriteLength+1;
rqptr->rqAuth.GroupWriteLength = arptr->GroupWriteLength;
rqptr->rqAuth.SourceGroupWrite = arptr->SourceGroupWrite;
rqptr->rqAuth.GroupWriteVmsIdentifier = arptr->GroupWriteVmsIdentifier;
memcpy (rqptr->rqAuth.GroupReadPtr = cptr,
arptr->GroupReadPtr, arptr->GroupReadLength+1);
cptr += arptr->GroupReadLength+1;
rqptr->rqAuth.GroupReadLength = arptr->GroupReadLength;
rqptr->rqAuth.SourceGroupRead = arptr->SourceGroupRead;
rqptr->rqAuth.GroupReadVmsIdentifier = arptr->GroupReadVmsIdentifier;
/*****************************/
/* data from the path record */
/*****************************/
rqptr->rqAuth.PathProblem = apptr->PathProblem;
memcpy (rqptr->rqAuth.PathLocationPtr = cptr,
apptr->PathPtr, apptr->PathLength+1);
cptr += apptr->PathLength+1;
rqptr->rqAuth.PathLocationLength = apptr->PathLength;
memcpy (rqptr->rqAuth.GroupRestrictListPtr = cptr,
apptr->GroupRestrictListPtr, apptr->GroupRestrictListLength+1);
cptr += apptr->GroupRestrictListLength+1;
memcpy (rqptr->rqAuth.WorldRestrictListPtr = cptr,
apptr->WorldRestrictListPtr, apptr->WorldRestrictListLength+1);
rqptr->rqAuth.WorldRestrictListPtr = apptr->WorldRestrictListPtr;
memcpy (rqptr->rqAuth.PathParameterPtr = cptr,
apptr->PathParameterPtr, apptr->PathParameterLength+1);
cptr += apptr->PathParameterLength + 1;
rqptr->rqAuth.PathParameterLength = apptr->PathParameterLength;
rqptr->rqAuth.GroupCan = apptr->AuthGroupCan;
rqptr->rqAuth.WorldCan = apptr->AuthWorldCan;
rqptr->rqAuth.NoCache = apptr->NoCache;
rqptr->rqAuth.VmsUserProfile = apptr->VmsUserProfile;
rqptr->rqAuth.VmsUserScriptAs = apptr->VmsUserScriptAs;
return (SS$_NORMAL);
}
/****************************************************************************/
/*
"Realm Description"=<realm>=<type>:<access>:<restriction>
Returns a NULL is successfully parses, a pointer to an explanatory string if
not successful.
*/
char* AuthConfigParseProtectRule
(
REQUEST_STRUCT *rqptr,
char *RulePtr,
int RuleLength
)
{
static unsigned long RealmVmsIdentifier;
static char PrevRealm [AUTH_MAX_REALM_GROUP_LENGTH+1];
int status,
AccessLength,
GroupCan,
RealmLength,
RealmDescrLength,
RealmSourceLength,
RestrictLength,
SourceRealm,
StringLength,
WorldCan;
char *bptr, *cptr, *sptr, *zptr,
*AccessPtr,
*BufferPtr,
*RealmPtr,
*RealmDescrPtr,
*RealmSourcePtr,
*RestrictPtr;
char Buffer [1024];
/*********/
/* begin */
/*********/
if (WATCH_MODULE(WATCH_MOD_AUTH))
WatchThis (WATCHALL, WATCH_MOD_AUTH,
"AuthConfigParseProtectRule() !&Z", RulePtr);
if (RuleLength <= 0) RuleLength = strlen(RulePtr);
if (rqptr)
{
BufferPtr = VmGetHeap (rqptr, RuleLength+1);
memcpy (BufferPtr, RulePtr, RuleLength+1);
/* preemptively set this true, then reset once it's parsed ok */
rqptr->rqAuth.RealmProblem = true;
}
else
{
if (RuleLength+1 > sizeof(Buffer)) return ("Buffer overflow");
memcpy (BufferPtr = Buffer, RulePtr, RuleLength+1);
}
zptr = (sptr = bptr = BufferPtr) + RuleLength+1;
cptr = RulePtr;
RealmDescrPtr = NULL;
if (*cptr == '\"')
{
/* optional realm description */
cptr++;
RealmDescrPtr = bptr;
while (*cptr && *cptr != '\"')
{
if (cptr[0] == '\\' && cptr[1]) cptr++;
if (sptr < zptr) *sptr++ = *cptr++;
}
*sptr = '\0';
RealmDescrLength = sptr - RealmDescrPtr;
sptr++;
if (!RealmDescrLength) return ("Realm description not specified");
if (!*cptr) return ("Mandatory parameter(s) missing");
cptr++;
if (*cptr != '=') return ("Mandatory parameter(s) missing");
cptr++;
}
else
{
RealmDescrPtr = bptr;
*sptr++ = '\0';
RealmDescrLength = 0;
}
bptr += RealmDescrLength + 1;
/* mandatory authentication realm */
RealmPtr = sptr = bptr;
while (*cptr && *cptr != '=' && sptr < zptr) *sptr++ = *cptr++;
*sptr = '\0';
RealmLength = sptr - bptr;
sptr++;
if (!RealmLength) return ("Realm not specified");
if (!*cptr) return ("Mandatory parameter(s) missing");
cptr++;
bptr += RealmLength + 1;
if (!RealmDescrLength)
{
/* must have a realm description of some sort - use the realm name */
RealmDescrPtr = RealmPtr;
RealmDescrLength = RealmLength;
}
/* mandatory authentication source */
RealmSourcePtr = sptr = bptr;
while (*cptr && *cptr != ':' && sptr < zptr) *sptr++ = *cptr++;
*sptr = '\0';
RealmSourceLength = sptr - bptr;
sptr++;
if (!RealmSourceLength) return ("Realm type not specified");
if (!*cptr) return ("Mandatory parameter(s) missing");
cptr++;
bptr += RealmSourceLength + 1;
switch (TOLO(RealmSourcePtr[0]))
{
case '@' :
switch (TOLO(RealmSourcePtr[1]))
{
case 'l' : SourceRealm = AUTH_SOURCE_DIR_LIST; break;
case 'h' : SourceRealm = AUTH_SOURCE_DIR_HTA; break;
default : return ("Realm source incorrect");
}
break;
case 'a' :
if (strsame (RealmSourcePtr, "agent+opaque", 12))
SourceRealm = AUTH_SOURCE_AGENT_OPAQUE;
else
SourceRealm = AUTH_SOURCE_AGENT;
break;
case 'e' : SourceRealm = AUTH_SOURCE_EXTERNAL; break;
case 'h' :
switch (TOLO(RealmSourcePtr[1]))
{
case 't' : SourceRealm = AUTH_SOURCE_HTA; break;
case 'o' : SourceRealm = AUTH_SOURCE_HOST; break;
default : return ("Realm source incorrect");
}
break;
case 'i' : SourceRealm = AUTH_SOURCE_ID; break;
case 'l' : SourceRealm = AUTH_SOURCE_LIST; break;
case 'o' : SourceRealm = AUTH_SOURCE_OPAQUE; break;
case 'r' : SourceRealm = AUTH_SOURCE_RFC1413; break;
case 'v' : SourceRealm = AUTH_SOURCE_VMS; break;
case 'w' :
switch (TOLO(RealmSourcePtr[1]))
{
/** case 'a' : SourceRealm = AUTH_SOURCE_WASD_ID; break; **/
case 'o' : SourceRealm = AUTH_SOURCE_WORLD; break;
default : return ("Realm source incorrect");
}
break;
case 'x' : SourceRealm = AUTH_SOURCE_X509; break;
default : return ("Realm source incorrect");
}
/* opaque authorization doesn't need an access string */
if (SourceRealm == AUTH_SOURCE_OPAQUE) return (NULL);
/* mandatory access string */
AccessPtr = sptr = bptr;
while (*cptr && *cptr != ':' && sptr < zptr) *sptr++ = *cptr++;
*sptr = '\0';
AccessLength = sptr - bptr;
sptr++;
if (!AccessLength) return ("Access not specified");
if (*cptr) cptr++;
bptr += AccessLength + 1;
/* possibilities: "r", "r+w", "r,r", "r+w,r", "r+w,r+w", */
cptr = AccessPtr;
if (cptr[0] == 'r' && cptr[1] == '+' && cptr[2] == 'w')
{
GroupCan = AUTH_READWRITE_ACCESS;
cptr += 3;
}
else
if (cptr[0] == 'r' && (!cptr[1] || cptr[1] == ','))
{
GroupCan = AUTH_READONLY_ACCESS;
cptr++;
}
else
return ("Group access incorrect");
if (cptr[0] == ',')
{
cptr++;
if (cptr[0] == 'r' && cptr[1] == '+' && cptr[2] == 'w')
{
WorldCan = AUTH_READWRITE_ACCESS;
cptr += 3;
}
else
if (cptr[0] == 'r' && !cptr[1])
{
WorldCan = AUTH_READONLY_ACCESS;
cptr++;
}
else
return ("World access incorrect");
}
else
if (cptr[0])
return ("Access incorrect");
else
WorldCan = 0;
/* access restriction string */
RestrictPtr = sptr = bptr;
while (*cptr && sptr < zptr) *sptr++ = *cptr++;
*sptr = '\0';
RestrictLength = sptr - bptr;
sptr++;
bptr += RestrictLength + 1;
if (SourceRealm == AUTH_SOURCE_ID)
{
/* previous identifier value is buffered for a minor efficiency */
if (!strsame (RealmPtr, PrevRealm, -1))
{
status = AuthConfigIdentifier (RealmPtr, &RealmVmsIdentifier);
if (VMSnok (status))
{
if (WATCHING (rqptr, WATCH_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_AUTH,
"Realm !AZ identifier %!&M", RealmPtr, status);
if (status == SS$_NOSUCHID) return ("Unknown rights identifier");
return ("Rights identifier problem");
}
zptr = (sptr = PrevRealm) + sizeof(PrevRealm)-1;
for (cptr = RealmPtr; *cptr && sptr < zptr; *sptr++ = *cptr++);
*sptr = '\0';
}
}
/* if just validating rather than applying the rule */
if (!rqptr) return (NULL);
/********************/
/* apply to request */
/********************/
rqptr->rqAuth.RealmProblem = false;
if (RealmDescrPtr)
rqptr->rqAuth.RealmDescrPtr = RealmDescrPtr;
else
rqptr->rqAuth.RealmDescrPtr = RealmPtr;
rqptr->rqAuth.RealmPtr = RealmPtr;
rqptr->rqAuth.RealmLength = RealmLength;
rqptr->rqAuth.SourceRealm = SourceRealm;
if (SourceRealm == AUTH_SOURCE_ID)
rqptr->rqAuth.RealmVmsIdentifier = RealmVmsIdentifier;
else
rqptr->rqAuth.RealmVmsIdentifier = 0;
rqptr->rqAuth.GroupCan = GroupCan;
rqptr->rqAuth.WorldCan = WorldCan;
rqptr->rqAuth.GroupWritePtr = "";
rqptr->rqAuth.GroupWriteLength =
rqptr->rqAuth.SourceGroupWrite =
rqptr->rqAuth.GroupWriteVmsIdentifier = 0;
rqptr->rqAuth.GroupReadPtr = "";
rqptr->rqAuth.GroupReadLength =
rqptr->rqAuth.SourceGroupRead =
rqptr->rqAuth.GroupReadVmsIdentifier = 0;
rqptr->rqAuth.GroupRestrictListPtr = RestrictPtr;
rqptr->rqAuth.WorldRestrictListPtr = "";
rqptr->rqAuth.ProxyStringPtr = "";
rqptr->rqAuth.ProxyStringLength = 0;
rqptr->rqAuth.PathParameterPtr = "";
rqptr->rqAuth.PathParameterLength = 0;
rqptr->rqAuth.VmsUserProfile = 0;
rqptr->rqAuth.VmsUserScriptAs = NULL;
rqptr->rqAuth.NoCache = false;
return (NULL);
}
/*****************************************************************************/
/*
This function just wraps the reporting function, loading a temporary database
if necessary for reporting from the configuration file.
*/
AuthConfigReport
(
REQUEST_STRUCT *rqptr,
BOOL UseServerDatabase,
char *VirtualService
)
{
int status;
META_CONFIG *mcptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_MOD_AUTH,
"AuthConfigReport() !UL !&Z",
UseServerDatabase, VirtualService);
if (UseServerDatabase)
{
/* use mapping rules already loaded into the server */
AuthConfigReportNow (rqptr, MetaGlobalAuthPtr, true, VirtualService);
}
else
{
/* load temporary set of rules from mapping file */
status = AuthConfigLoad (&mcptr);
if (VMSnok (status))
{
/* severe error reported */
rqptr->rqResponse.HttpStatus = 403;
ErrorGeneral (rqptr, mcptr->LoadReport.TextPtr, FI_LI);
}
else
AuthConfigReportNow (rqptr, mcptr, false, VirtualService);
MetaConUnload (&mcptr, NULL);
}
AdminEnd (rqptr);
}
/*****************************************************************************/
/*
Display all records in the authorization path meta-config.
*/
AuthConfigReportNow
(
REQUEST_STRUCT *rqptr,
META_CONFIG *mcptr,
BOOL UseServerDatabase,
char *VirtualService
)
{
static char BeginRules [] =
"<p><h3><u>Authorization Rules</u></h3>\n";
static char BeginTable [] =
"<p><table class=\"lftlft\">\n\
<tr><td><pre>";
static char EndPageFao [] =
"<b>----</b>\
</pre>\n\
</td></tr>\n\
</table>\n\
</div>\n\
</body>\n\
</html>\n";
BOOL ThisVirtualService;
int status,
BufferCount;
char *cptr;
char Buffer [2048];
AUTH_PATH *apptr;
METACON_LINE *mclptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_MOD_AUTH,
"AuthConfigReportNow() !&B !&Z",
UseServerDatabase, VirtualService);
AdminPageTitle (rqptr, "Path Authorization");
AdminMetaConReport (rqptr, mcptr, MetaGlobalAuthPtr);
AdminMetaConSource (rqptr, mcptr, MetaGlobalAuthPtr);
status = FaolToNet (rqptr, BeginRules, NULL);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
AdminVirtualServiceForm (rqptr, ADMIN_REPORT_AUTH_PATHS,
VirtualService, UseServerDatabase);
status = FaolToNet (rqptr, BeginTable, NULL);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
ThisVirtualService = true;
MetaConParseReset (mcptr, true);
while (mclptr = MetaConParseRaw (mcptr))
{
if (mclptr->Token == METACON_TOKEN_SERVICE)
{
/* if filtering on a virtual service */
if (VirtualService[0] &&
!StringMatch (rqptr, VirtualService, mclptr->TextPtr))
ThisVirtualService = false;
else
ThisVirtualService = true;
}
else
if (!ThisVirtualService)
continue;
BufferCount = AuthConfigReportRule (rqptr, mclptr, false,
Buffer, sizeof(Buffer));
NetWriteBuffered (rqptr, NULL, Buffer, BufferCount);
/* break if it's a final record of a specific virtual service */
if (!VirtualService[0]) continue;
if (!(cptr = mclptr->LineDataPtr)) continue;
if (*(int*)cptr == AUTH_PATH_RECORD_TYPE)
{
apptr = (AUTH_PATH*)cptr;
if (apptr->FinalRule) break;
}
}
status = FaolToNet (rqptr, EndPageFao, NULL);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
rqptr->rqResponse.PreExpired = PRE_EXPIRE_ADMIN;
ResponseHeader200 (rqptr, "text/html", &rqptr->NetWriteBufferDsc);
}
/*****************************************************************************/
/*
Display all single records from the authorization path meta-config.
*/
int AuthConfigReportRule
(
REQUEST_STRUCT *rqptr,
METACON_LINE *mclptr,
BOOL WatchRule,
char *Buffer,
int SizeOfBuffer
)
{
static char PathFao [] =
"<b>!4ZL</b> !#* !&?<strike>\r\r!AZ G:!AZ W:!AZ\
!&? FINAL\r\r!&? PROFILE\r\r!&? SCRIPTAS\r\r!&? NOCACHE\r\r\n\
!&@!&@!&@!&@!&?</strike>\r\r";
static char WatchPathFao [] =
"!4ZL !#* !&?\r\r!AZ G:!AZ W:!AZ\
!&? FINAL\r\r!&? PROFILE\r\r!&? SCRIPTAS\r\r!&? NOCACHE\r\r\n\
!&@!&@!&@!&@!&? <--ERROR\r\r";
static char PathOpaqueFao [] = "<b>!4ZL</b> !#* !AZ\n";
static char WatchPathOpaqueFao [] = "!4ZL !#* !AZ\n";
static char RealmFao [] =
"<b>!4ZL</b> !#* !&?<strike>\r\r<b>\
[!&@!&;AZ!AZ!&@;!&;AZ!AZ;!&;AZ!AZ]</b>!&?</strike>\r\r\n";
static char WatchRealmFao [] =
"!4ZL !#* !&?\r\r<b>\
[!&@!&;AZ!AZ!&@;!&;AZ!AZ;!&;AZ!AZ]!&? <--ERROR\r\r\n";
static char CommentFao [] = "<b>!4ZL</b> !#* !AZ\n";
static char NonRuleFao [] =
"<b>!4ZL</b> !#* !&?<strike>\r\r<b>!#AZ</b> !&;AZ!&?</strike>\r\r\n";
static char WatchNonRuleFao [] =
"!4ZL !#* !&?\r\r!#AZ !&;AZ!&? <--ERROR\r\r\n";
static char RuleVirtualFao [] =
"<b>!4ZL</b> !#* !&?<strike>\r\r<b>[[!&;AZ]]</b>!&?</strike>\r\r\n";
static char RuleImplicitVirtualFao [] =
"<b>0000</b> <b>[[*:*]]</b>\n";
static char VersionFao [] = "<b>!4ZL [[!AZ]]</b>\n";
static char WatchRuleVirtualFao [] =
"!4ZL !#* !&?\r\r<b>[[!&;AZ]]!&? <--ERROR\r\r\n";
int status;
unsigned short Length;
unsigned long FaoVector [64];
unsigned long *vecptr;
char *cptr;
char GroupCanString [128],
WorldCanString [128];
AUTH_PATH *apptr;
AUTH_REALM *arptr;
/*********/
/* begin */
/*********/
if (WATCHMOD (rqptr, WATCH_MOD_AUTH))
WatchThis (WATCHITM(rqptr), WATCH_MOD_AUTH, "AuthConfigReportRule()");
Buffer[0] = '\0';
if (mclptr->WatchInactive) return (0);
if (mclptr->Token == METACON_TOKEN_SERVICE)
{
vecptr = FaoVector;
*vecptr++ = mclptr->Number;
*vecptr++ = (mclptr->MetaFileLevel+mclptr->FlowControlLevel) * 3;
*vecptr++ = mclptr->ConfigProblem;
*vecptr++ = mclptr->TextPtr;
*vecptr++ = mclptr->ConfigProblem;
status = FaolToBuffer (Buffer, SizeOfBuffer, &Length,
WatchRule ? WatchRuleVirtualFao : RuleVirtualFao,
&FaoVector);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
return ((int)Length);
}
else
if (mclptr->Number == 1)
{
status = FaolToNet (rqptr, RuleImplicitVirtualFao, NULL);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
}
if (mclptr->Token != METACON_TOKEN_TEXT)
{
vecptr = FaoVector;
*vecptr++ = mclptr->Number;
if (mclptr->Token == METACON_TOKEN_COMMENT)
{
*vecptr++ = (mclptr->MetaFileLevel+
mclptr->FlowControlLevel+1) * 3;
*vecptr++ = mclptr->TextPtr;
status = FaolToBuffer (Buffer, SizeOfBuffer, &Length,
CommentFao, &FaoVector);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
return ((int)Length);
}
if (mclptr->Token == METACON_TOKEN_VERSION)
{
*vecptr++ = mclptr->TextPtr;
status = FaolToBuffer (Buffer, SizeOfBuffer, &Length,
VersionFao, &FaoVector);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
return ((int)Length);
}
switch (mclptr->Token)
{
case METACON_TOKEN_ELIF :
case METACON_TOKEN_ELSE :
case METACON_TOKEN_UNIF :
case METACON_TOKEN_IFIF :
if (mclptr->FlowControlLevel)
*vecptr++ = (mclptr->MetaFileLevel+
mclptr->FlowControlLevel) * 3;
else
*vecptr++ = (mclptr->MetaFileLevel+
mclptr->FlowControlLevel+1) * 3;
break;
default:
*vecptr++ = (mclptr->MetaFileLevel+
mclptr->FlowControlLevel+1) * 3;
}
for (cptr = mclptr->TextPtr; *cptr && !ISLWS(*cptr); cptr++);
*vecptr++ = mclptr->ConfigProblem;
*vecptr++ = cptr - mclptr->TextPtr;
*vecptr++ = mclptr->TextPtr;
while (*cptr && ISLWS(*cptr)) cptr++;
*vecptr++ = cptr;
*vecptr++ = mclptr->ConfigProblem;
status = FaolToBuffer (Buffer, SizeOfBuffer, &Length,
WatchRule ? WatchNonRuleFao : NonRuleFao,
&FaoVector);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
return ((int)Length);
}
/* for example, proxy configuration */
if (!(cptr = mclptr->LineDataPtr)) return (0);
/* check the record type integer of this record */
apptr = arptr = NULL;
if (*(int*)cptr == AUTH_REALM_RECORD_TYPE)
arptr = (AUTH_REALM*)cptr;
else
if (*(int*)cptr == AUTH_PATH_RECORD_TYPE)
apptr = (AUTH_PATH*)cptr;
else
ErrorExitVmsStatus (SS$_BUGCHECK, ErrorSanityCheck, FI_LI);
if (apptr)
{
/**********/
/* a path */
/**********/
if (apptr->SourceRealm == AUTH_SOURCE_OPAQUE)
{
vecptr = FaoVector;
*vecptr++ = mclptr->Number;
*vecptr++ = (mclptr->MetaFileLevel+mclptr->FlowControlLevel) * 3 + 3;
*vecptr++ = apptr->PathPtr;
status = FaolToBuffer (Buffer, SizeOfBuffer, &Length,
WatchRule ? WatchPathOpaqueFao : PathOpaqueFao,
&FaoVector);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
return ((int)Length);
}
cptr = AuthCanString (apptr->AuthGroupCan, AUTH_CAN_FORMAT_SHORT);
if (!cptr) cptr = "*ERROR*";
strcpy (GroupCanString, cptr);
cptr = AuthCanString (apptr->AuthWorldCan, AUTH_CAN_FORMAT_SHORT);
if (!cptr) cptr = "*ERROR*";
strcpy (WorldCanString, cptr);
vecptr = FaoVector;
*vecptr++ = mclptr->Number;
*vecptr++ = (mclptr->MetaFileLevel + mclptr->FlowControlLevel) * 3 + 3;
*vecptr++ = apptr->PathProblem;
*vecptr++ = apptr->PathPtr;
*vecptr++ = GroupCanString;
*vecptr++ = WorldCanString;
*vecptr++ = apptr->FinalRule;
*vecptr++ = apptr->VmsUserProfile;
*vecptr++ = apptr->VmsUserScriptAs;
*vecptr++ = apptr->NoCache;
if (apptr->GroupRestrictListPtr[0])
{
*vecptr++ = "!#* G:!&;AZ\n";
*vecptr++ = (mclptr->MetaFileLevel+
mclptr->FlowControlLevel) * 3 + 8;
*vecptr++ = apptr->GroupRestrictListPtr;
}
else
*vecptr++ = "";
if (apptr->WorldRestrictListPtr[0])
{
*vecptr++ = "!#* W:!&;AZ\n";
*vecptr++ = (mclptr->MetaFileLevel+
mclptr->FlowControlLevel) * 3 + 8;
*vecptr++ = apptr->WorldRestrictListPtr;
}
else
*vecptr++ = "";
if (apptr->ProxyStringPtr[0])
{
*vecptr++ = "!#* !&;AZ\n";
*vecptr++ = (mclptr->MetaFileLevel+
mclptr->FlowControlLevel) * 3 + 8;
*vecptr++ = apptr->ProxyStringPtr;
}
else
*vecptr++ = "";
if (apptr->PathParameterPtr[0])
{
*vecptr++ = WatchRule ? "!#* PARAM=\'!AZ\'\n" :
"!#* PARAM=\'!&;AZ\'\n";
*vecptr++ = (mclptr->MetaFileLevel+
mclptr->FlowControlLevel) * 3 + 8;
*vecptr++ = apptr->PathParameterPtr;
}
else
*vecptr++ = "";
*vecptr++ = apptr->PathProblem;
status = FaolToBuffer (Buffer, SizeOfBuffer, &Length,
WatchRule ? WatchPathFao : PathFao, &FaoVector);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
return ((int)Length);
}
if (arptr)
{
/***********/
/* a realm */
/***********/
vecptr = FaoVector;
*vecptr++ = mclptr->Number;
*vecptr++ = (mclptr->MetaFileLevel+mclptr->FlowControlLevel) * 3;
*vecptr++ = arptr->RealmProblem;
if (arptr->RealmDescrPtr && arptr->RealmDescrPtr[0])
{
*vecptr++ = ""!&;AZ"=";
*vecptr++ = arptr->RealmDescrPtr;
}
else
*vecptr++ = "";
*vecptr++ = arptr->RealmPtr;
*vecptr++ = AuthSourceString (arptr->RealmPtr, arptr->SourceRealm);
if (arptr->RealmParamPtr && arptr->RealmParamPtr[0])
{
*vecptr++ = "+"!&;AZ"";
*vecptr++ = arptr->RealmParamPtr;
}
else
*vecptr++ = "";
*vecptr++ = arptr->GroupWritePtr;
*vecptr++ = AuthSourceString (arptr->GroupWritePtr,
arptr->SourceGroupWrite);
*vecptr++ = arptr->GroupReadPtr;
*vecptr++ = AuthSourceString (arptr->GroupReadPtr,
arptr->SourceGroupRead);
*vecptr++ = arptr->RealmProblem;
status = FaolToBuffer (Buffer, SizeOfBuffer, &Length,
WatchRule ? WatchRealmFao : RealmFao, &FaoVector);
if (VMSnok (status)) ErrorNoticed (rqptr, status, NULL, FI_LI);
return ((int)Length);
}
return (0);
}
/*****************************************************************************/