| /* _ _ |
| ** _ __ ___ ___ __| | ___ ___| | mod_ssl |
| ** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL |
| ** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org |
| ** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org |
| ** |_____| |
| ** ssl_expr_eval.c |
| ** Expression Evaluation |
| */ |
| |
| /* ==================================================================== |
| * The Apache Software License, Version 1.1 |
| * |
| * Copyright (c) 2000-2002 The Apache Software Foundation. All rights |
| * reserved. |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * |
| * 1. Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * |
| * 2. Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following disclaimer in |
| * the documentation and/or other materials provided with the |
| * distribution. |
| * |
| * 3. The end-user documentation included with the redistribution, |
| * if any, must include the following acknowledgment: |
| * "This product includes software developed by the |
| * Apache Software Foundation (http://www.apache.org/)." |
| * Alternately, this acknowledgment may appear in the software itself, |
| * if and wherever such third-party acknowledgments normally appear. |
| * |
| * 4. The names "Apache" and "Apache Software Foundation" must |
| * not be used to endorse or promote products derived from this |
| * software without prior written permission. For written |
| * permission, please contact apache@apache.org. |
| * |
| * 5. Products derived from this software may not be called "Apache", |
| * nor may "Apache" appear in their name, without prior written |
| * permission of the Apache Software Foundation. |
| * |
| * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED |
| * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
| * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR |
| * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
| * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
| * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
| * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
| * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| * SUCH DAMAGE. |
| * ==================================================================== |
| */ |
| /* ``Make love, |
| not software!'' |
| -- Unknown */ |
| #include "mod_ssl.h" |
| |
| /* _________________________________________________________________ |
| ** |
| ** Expression Evaluation |
| ** _________________________________________________________________ |
| */ |
| |
| static BOOL ssl_expr_eval_comp(request_rec *, ssl_expr *); |
| static char *ssl_expr_eval_word(request_rec *, ssl_expr *); |
| static char *ssl_expr_eval_func_file(request_rec *, char *); |
| static int ssl_expr_eval_strcmplex(char *, char *); |
| |
| BOOL ssl_expr_eval(request_rec *r, ssl_expr *node) |
| { |
| switch (node->node_op) { |
| case op_True: { |
| return TRUE; |
| } |
| case op_False: { |
| return FALSE; |
| } |
| case op_Not: { |
| ssl_expr *e = (ssl_expr *)node->node_arg1; |
| return (!ssl_expr_eval(r, e)); |
| } |
| case op_Or: { |
| ssl_expr *e1 = (ssl_expr *)node->node_arg1; |
| ssl_expr *e2 = (ssl_expr *)node->node_arg2; |
| return (ssl_expr_eval(r, e1) || ssl_expr_eval(r, e2)); |
| } |
| case op_And: { |
| ssl_expr *e1 = (ssl_expr *)node->node_arg1; |
| ssl_expr *e2 = (ssl_expr *)node->node_arg2; |
| return (ssl_expr_eval(r, e1) && ssl_expr_eval(r, e2)); |
| } |
| case op_Comp: { |
| ssl_expr *e = (ssl_expr *)node->node_arg1; |
| return ssl_expr_eval_comp(r, e); |
| } |
| default: { |
| ssl_expr_error = "Internal evaluation error: Unknown expression node"; |
| return FALSE; |
| } |
| } |
| } |
| |
| static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node) |
| { |
| switch (node->node_op) { |
| case op_EQ: { |
| ssl_expr *e1 = (ssl_expr *)node->node_arg1; |
| ssl_expr *e2 = (ssl_expr *)node->node_arg2; |
| return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) == 0); |
| } |
| case op_NE: { |
| ssl_expr *e1 = (ssl_expr *)node->node_arg1; |
| ssl_expr *e2 = (ssl_expr *)node->node_arg2; |
| return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) != 0); |
| } |
| case op_LT: { |
| ssl_expr *e1 = (ssl_expr *)node->node_arg1; |
| ssl_expr *e2 = (ssl_expr *)node->node_arg2; |
| return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) < 0); |
| } |
| case op_LE: { |
| ssl_expr *e1 = (ssl_expr *)node->node_arg1; |
| ssl_expr *e2 = (ssl_expr *)node->node_arg2; |
| return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <= 0); |
| } |
| case op_GT: { |
| ssl_expr *e1 = (ssl_expr *)node->node_arg1; |
| ssl_expr *e2 = (ssl_expr *)node->node_arg2; |
| return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) > 0); |
| } |
| case op_GE: { |
| ssl_expr *e1 = (ssl_expr *)node->node_arg1; |
| ssl_expr *e2 = (ssl_expr *)node->node_arg2; |
| return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >= 0); |
| } |
| case op_IN: { |
| ssl_expr *e1 = (ssl_expr *)node->node_arg1; |
| ssl_expr *e2 = (ssl_expr *)node->node_arg2; |
| ssl_expr *e3; |
| char *w1 = ssl_expr_eval_word(r, e1); |
| BOOL found = FALSE; |
| do { |
| e3 = (ssl_expr *)e2->node_arg1; |
| e2 = (ssl_expr *)e2->node_arg2; |
| if (strcmp(w1, ssl_expr_eval_word(r, e3)) == 0) { |
| found = TRUE; |
| break; |
| } |
| } while (e2 != NULL); |
| return found; |
| } |
| case op_REG: { |
| ssl_expr *e1; |
| ssl_expr *e2; |
| char *word; |
| regex_t *regex; |
| |
| e1 = (ssl_expr *)node->node_arg1; |
| e2 = (ssl_expr *)node->node_arg2; |
| word = ssl_expr_eval_word(r, e1); |
| regex = (regex_t *)(e2->node_arg1); |
| return (ap_regexec(regex, word, 0, NULL, 0) == 0); |
| } |
| case op_NRE: { |
| ssl_expr *e1; |
| ssl_expr *e2; |
| char *word; |
| regex_t *regex; |
| |
| e1 = (ssl_expr *)node->node_arg1; |
| e2 = (ssl_expr *)node->node_arg2; |
| word = ssl_expr_eval_word(r, e1); |
| regex = (regex_t *)(e2->node_arg1); |
| return !(ap_regexec(regex, word, 0, NULL, 0) == 0); |
| } |
| default: { |
| ssl_expr_error = "Internal evaluation error: Unknown expression node"; |
| return FALSE; |
| } |
| } |
| } |
| |
| static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node) |
| { |
| switch (node->node_op) { |
| case op_Digit: { |
| char *string = (char *)node->node_arg1; |
| return string; |
| } |
| case op_String: { |
| char *string = (char *)node->node_arg1; |
| return string; |
| } |
| case op_Var: { |
| char *var = (char *)node->node_arg1; |
| char *val = ssl_var_lookup(r->pool, r->server, r->connection, r, var); |
| return (val == NULL ? "" : val); |
| } |
| case op_Func: { |
| char *name = (char *)node->node_arg1; |
| ssl_expr *args = (ssl_expr *)node->node_arg2; |
| if (strEQ(name, "file")) |
| return ssl_expr_eval_func_file(r, (char *)(args->node_arg1)); |
| else { |
| ssl_expr_error = "Internal evaluation error: Unknown function name"; |
| return ""; |
| } |
| } |
| default: { |
| ssl_expr_error = "Internal evaluation error: Unknown expression node"; |
| return FALSE; |
| } |
| } |
| } |
| |
| static char *ssl_expr_eval_func_file(request_rec *r, char *filename) |
| { |
| apr_file_t *fp; |
| char *buf; |
| apr_off_t offset; |
| apr_size_t len; |
| apr_finfo_t finfo; |
| |
| if (apr_file_open(&fp, filename, APR_READ|APR_BUFFERED, |
| APR_OS_DEFAULT, r->pool) != APR_SUCCESS) { |
| ssl_expr_error = "Cannot open file"; |
| return ""; |
| } |
| apr_file_info_get(&finfo, APR_FINFO_SIZE, fp); |
| if ((finfo.size + 1) != ((apr_size_t)finfo.size + 1)) { |
| ssl_expr_error = "Huge file cannot be read"; |
| apr_file_close(fp); |
| return ""; |
| } |
| len = (apr_size_t)finfo.size; |
| if (len == 0) { |
| buf = (char *)apr_palloc(r->pool, sizeof(char) * 1); |
| *buf = NUL; |
| } |
| else { |
| if ((buf = (char *)apr_palloc(r->pool, sizeof(char)*(len+1))) == NULL) { |
| ssl_expr_error = "Cannot allocate memory"; |
| apr_file_close(fp); |
| return ""; |
| } |
| offset = 0; |
| apr_file_seek(fp, APR_SET, &offset); |
| if (apr_file_read(fp, buf, &len) != APR_SUCCESS) { |
| ssl_expr_error = "Cannot read from file"; |
| apr_file_close(fp); |
| return ""; |
| } |
| buf[len] = NUL; |
| } |
| apr_file_close(fp); |
| return buf; |
| } |
| |
| /* a variant of strcmp(3) which works correctly also for number strings */ |
| static int ssl_expr_eval_strcmplex(char *cpNum1, char *cpNum2) |
| { |
| int i, n1, n2; |
| |
| if (cpNum1 == NULL) |
| return -1; |
| if (cpNum2 == NULL) |
| return +1; |
| n1 = strlen(cpNum1); |
| n2 = strlen(cpNum2); |
| if (n1 > n2) |
| return 1; |
| if (n1 < n2) |
| return -1; |
| for (i = 0; i < n1; i++) { |
| if (cpNum1[i] > cpNum2[i]) |
| return 1; |
| if (cpNum1[i] < cpNum2[i]) |
| return -1; |
| } |
| return 0; |
| } |
