/* _ _ ** _ __ ___ ___ __| | ___ ___| | mod_ssl ** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL ** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org ** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org ** |_____| ** ssl_expr_eval.c ** Expression Evaluation */ /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2003 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" must * not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact apache@apache.org. * * 5. Products derived from this software may not be called "Apache", * nor may "Apache" appear in their name, without prior written * permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== */ /* ``Make love, not software!'' -- Unknown */ #include "mod_ssl.h" /* _________________________________________________________________ ** ** Expression Evaluation ** _________________________________________________________________ */ static BOOL ssl_expr_eval_comp(request_rec *, ssl_expr *); static char *ssl_expr_eval_word(request_rec *, ssl_expr *); static char *ssl_expr_eval_func_file(request_rec *, char *); static int ssl_expr_eval_strcmplex(char *, char *); BOOL ssl_expr_eval(request_rec *r, ssl_expr *node) { switch (node->node_op) { case op_True: { return TRUE; } case op_False: { return FALSE; } case op_Not: { ssl_expr *e = (ssl_expr *)node->node_arg1; return (!ssl_expr_eval(r, e)); } case op_Or: { ssl_expr *e1 = (ssl_expr *)node->node_arg1; ssl_expr *e2 = (ssl_expr *)node->node_arg2; return (ssl_expr_eval(r, e1) || ssl_expr_eval(r, e2)); } case op_And: { ssl_expr *e1 = (ssl_expr *)node->node_arg1; ssl_expr *e2 = (ssl_expr *)node->node_arg2; return (ssl_expr_eval(r, e1) && ssl_expr_eval(r, e2)); } case op_Comp: { ssl_expr *e = (ssl_expr *)node->node_arg1; return ssl_expr_eval_comp(r, e); } default: { ssl_expr_error = "Internal evaluation error: Unknown expression node"; return FALSE; } } } static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node) { switch (node->node_op) { case op_EQ: { ssl_expr *e1 = (ssl_expr *)node->node_arg1; ssl_expr *e2 = (ssl_expr *)node->node_arg2; return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) == 0); } case op_NE: { ssl_expr *e1 = (ssl_expr *)node->node_arg1; ssl_expr *e2 = (ssl_expr *)node->node_arg2; return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) != 0); } case op_LT: { ssl_expr *e1 = (ssl_expr *)node->node_arg1; ssl_expr *e2 = (ssl_expr *)node->node_arg2; return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) < 0); } case op_LE: { ssl_expr *e1 = (ssl_expr *)node->node_arg1; ssl_expr *e2 = (ssl_expr *)node->node_arg2; return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <= 0); } case op_GT: { ssl_expr *e1 = (ssl_expr *)node->node_arg1; ssl_expr *e2 = (ssl_expr *)node->node_arg2; return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) > 0); } case op_GE: { ssl_expr *e1 = (ssl_expr *)node->node_arg1; ssl_expr *e2 = (ssl_expr *)node->node_arg2; return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >= 0); } case op_IN: { ssl_expr *e1 = (ssl_expr *)node->node_arg1; ssl_expr *e2 = (ssl_expr *)node->node_arg2; ssl_expr *e3; char *w1 = ssl_expr_eval_word(r, e1); BOOL found = FALSE; do { e3 = (ssl_expr *)e2->node_arg1; e2 = (ssl_expr *)e2->node_arg2; if (strcmp(w1, ssl_expr_eval_word(r, e3)) == 0) { found = TRUE; break; } } while (e2 != NULL); return found; } case op_REG: { ssl_expr *e1; ssl_expr *e2; char *word; regex_t *regex; e1 = (ssl_expr *)node->node_arg1; e2 = (ssl_expr *)node->node_arg2; word = ssl_expr_eval_word(r, e1); regex = (regex_t *)(e2->node_arg1); return (ap_regexec(regex, word, 0, NULL, 0) == 0); } case op_NRE: { ssl_expr *e1; ssl_expr *e2; char *word; regex_t *regex; e1 = (ssl_expr *)node->node_arg1; e2 = (ssl_expr *)node->node_arg2; word = ssl_expr_eval_word(r, e1); regex = (regex_t *)(e2->node_arg1); return !(ap_regexec(regex, word, 0, NULL, 0) == 0); } default: { ssl_expr_error = "Internal evaluation error: Unknown expression node"; return FALSE; } } } static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node) { switch (node->node_op) { case op_Digit: { char *string = (char *)node->node_arg1; return string; } case op_String: { char *string = (char *)node->node_arg1; return string; } case op_Var: { char *var = (char *)node->node_arg1; char *val = ssl_var_lookup(r->pool, r->server, r->connection, r, var); return (val == NULL ? "" : val); } case op_Func: { char *name = (char *)node->node_arg1; ssl_expr *args = (ssl_expr *)node->node_arg2; if (strEQ(name, "file")) return ssl_expr_eval_func_file(r, (char *)(args->node_arg1)); else { ssl_expr_error = "Internal evaluation error: Unknown function name"; return ""; } } default: { ssl_expr_error = "Internal evaluation error: Unknown expression node"; return FALSE; } } } static char *ssl_expr_eval_func_file(request_rec *r, char *filename) { apr_file_t *fp; char *buf; apr_off_t offset; apr_size_t len; apr_finfo_t finfo; if (apr_file_open(&fp, filename, APR_READ|APR_BUFFERED, APR_OS_DEFAULT, r->pool) != APR_SUCCESS) { ssl_expr_error = "Cannot open file"; return ""; } apr_file_info_get(&finfo, APR_FINFO_SIZE, fp); if ((finfo.size + 1) != ((apr_size_t)finfo.size + 1)) { ssl_expr_error = "Huge file cannot be read"; apr_file_close(fp); return ""; } len = (apr_size_t)finfo.size; if (len == 0) { buf = (char *)apr_palloc(r->pool, sizeof(char) * 1); *buf = NUL; } else { if ((buf = (char *)apr_palloc(r->pool, sizeof(char)*(len+1))) == NULL) { ssl_expr_error = "Cannot allocate memory"; apr_file_close(fp); return ""; } offset = 0; apr_file_seek(fp, APR_SET, &offset); if (apr_file_read(fp, buf, &len) != APR_SUCCESS) { ssl_expr_error = "Cannot read from file"; apr_file_close(fp); return ""; } buf[len] = NUL; } apr_file_close(fp); return buf; } /* a variant of strcmp(3) which works correctly also for number strings */ static int ssl_expr_eval_strcmplex(char *cpNum1, char *cpNum2) { int i, n1, n2; if (cpNum1 == NULL) return -1; if (cpNum2 == NULL) return +1; n1 = strlen(cpNum1); n2 = strlen(cpNum2); if (n1 > n2) return 1; if (n1 < n2) return -1; for (i = 0; i < n1; i++) { if (cpNum1[i] > cpNum2[i]) return 1; if (cpNum1[i] < cpNum2[i]) return -1; } return 0; }