1 /* MODULE							HTGroup.c
2  *		GROUP FILE ROUTINES
3  *
4  *	Contains group file parser and routines to match IP
5  *	address templates and to find out group membership.
6  *
7  *
8  * AUTHORS:
9  *	AL	Ari Luotonen	luotonen@dxcern.cern.ch
10  *
11  * HISTORY:
12  *
13  *
14  * BUGS:
15  *
16  *
17  *
18  * GROUP DEFINITION GRAMMAR:
19  *
20  *	string = "sequence of alphanumeric characters"
21  *	user_name ::= string
22  *	group_name ::= string
23  *	group_ref ::= group_name
24  *	user_def ::= user_name | group_ref
25  *	user_def_list ::= user_def { ',' user_def }
26  *	user_part = user_def | '(' user_def_list ')'
27  *
28  *	templ = "sequence of alphanumeric characters and '*'s"
29  *	ip_number_mask ::= templ '.' templ '.' templ '.' templ
30  *	domain_name_mask ::= templ { '.' templ }
31  *	address ::= ip_number_mask | domain_name_mask
32  *	address_def ::= address
33  *	address_def_list ::= address_def { ',' address_def }
34  *	address_part = address_def | '(' address_def_list ')'
35  *
36  *	item ::= [user_part] ['@' address_part]
37  *	item_list ::= item { ',' item }
38  *	group_def ::= item_list
39  *	group_decl ::= group_name ':' group_def
40  *
41  */
42 
43 #include <HTUtils.h>
44 
45 #include <HTAAUtil.h>
46 #include <HTLex.h>		/* Lexical analysor     */
47 #include <HTGroup.h>		/* Implemented here     */
48 
49 #include <LYUtils.h>
50 #include <LYLeaks.h>
51 
52 /*
53  * Group file parser
54  */
55 
56 typedef HTList UserDefList;
57 typedef HTList AddressDefList;
58 
59 typedef struct {
60     UserDefList *user_def_list;
61     AddressDefList *address_def_list;
62 } Item;
63 
64 typedef struct {
65     char *name;
66     GroupDef *translation;
67 } Ref;
68 
syntax_error(FILE * fp,const char * msg,LexItem lex_item)69 static void syntax_error(FILE *fp, const char *msg,
70 			 LexItem lex_item)
71 {
72     char buffer[41];
73     int cnt = 0;
74     int ch;
75 
76     while ((ch = getc(fp)) != EOF && ch != '\n')
77 	if (cnt < 40)
78 	    buffer[cnt++] = (char) ch;
79     buffer[cnt] = (char) 0;
80 
81     CTRACE((tfp, "%s %d before: '%s'\nHTGroup.c: %s (got %s)\n",
82 	    "HTGroup.c: Syntax error in rule file at line",
83 	    HTlex_line, buffer, msg, lex_verbose(lex_item)));
84     HTlex_line++;
85 }
86 
parse_address_part(FILE * fp)87 static AddressDefList *parse_address_part(FILE *fp)
88 {
89     AddressDefList *address_def_list = NULL;
90     LexItem lex_item;
91     BOOL only_one = NO;
92 
93     lex_item = lex(fp);
94     if (lex_item == LEX_ALPH_STR || lex_item == LEX_TMPL_STR)
95 	only_one = YES;
96     else if (lex_item != LEX_OPEN_PAREN ||
97 	     ((lex_item = lex(fp)) != LEX_ALPH_STR &&
98 	      lex_item != LEX_TMPL_STR)) {
99 	syntax_error(fp, "Expecting a single address or '(' beginning list",
100 		     lex_item);
101 	return NULL;
102     }
103     address_def_list = HTList_new();
104 
105     for (;;) {
106 	Ref *ref = typecalloc(Ref);
107 
108 	if (ref == NULL)
109 	    outofmem(__FILE__, "parse_address_part");
110 
111 	assert(ref != NULL);
112 
113 	ref->name = NULL;
114 	ref->translation = NULL;
115 	StrAllocCopy(ref->name, HTlex_buffer);
116 
117 	HTList_addObject(address_def_list, (void *) ref);
118 
119 	if (only_one || (lex_item = lex(fp)) != LEX_ITEM_SEP)
120 	    break;
121 	/*
122 	 * Here lex_item == LEX_ITEM_SEP; after item separator it
123 	 * is ok to have one or more newlines (LEX_REC_SEP) and
124 	 * they are ignored (continuation line).
125 	 */
126 	do {
127 	    lex_item = lex(fp);
128 	} while (lex_item == LEX_REC_SEP);
129 
130 	if (lex_item != LEX_ALPH_STR && lex_item != LEX_TMPL_STR) {
131 	    syntax_error(fp, "Expecting an address template", lex_item);
132 	    HTList_delete(address_def_list);
133 	    address_def_list = NULL;
134 	    return NULL;
135 	}
136     }
137 
138     if (!only_one && lex_item != LEX_CLOSE_PAREN) {
139 	HTList_delete(address_def_list);
140 	address_def_list = NULL;
141 	syntax_error(fp, "Expecting ')' closing address list", lex_item);
142 	return NULL;
143     }
144     return address_def_list;
145 }
146 
parse_user_part(FILE * fp)147 static UserDefList *parse_user_part(FILE *fp)
148 {
149     UserDefList *user_def_list = NULL;
150     LexItem lex_item;
151     BOOL only_one = NO;
152 
153     lex_item = lex(fp);
154     if (lex_item == LEX_ALPH_STR)
155 	only_one = YES;
156     else if (lex_item != LEX_OPEN_PAREN ||
157 	     (lex_item = lex(fp)) != LEX_ALPH_STR) {
158 	syntax_error(fp, "Expecting a single name or '(' beginning list",
159 		     lex_item);
160 	return NULL;
161     }
162     user_def_list = HTList_new();
163 
164     for (;;) {
165 	Ref *ref = typecalloc(Ref);
166 
167 	if (ref == NULL)
168 	    outofmem(__FILE__, "parse_user_part");
169 
170 	assert(ref != NULL);
171 
172 	ref->name = NULL;
173 	ref->translation = NULL;
174 	StrAllocCopy(ref->name, HTlex_buffer);
175 
176 	HTList_addObject(user_def_list, (void *) ref);
177 
178 	if (only_one || (lex_item = lex(fp)) != LEX_ITEM_SEP)
179 	    break;
180 	/*
181 	 * Here lex_item == LEX_ITEM_SEP; after item separator it
182 	 * is ok to have one or more newlines (LEX_REC_SEP) and
183 	 * they are ignored (continuation line).
184 	 */
185 	do {
186 	    lex_item = lex(fp);
187 	} while (lex_item == LEX_REC_SEP);
188 
189 	if (lex_item != LEX_ALPH_STR) {
190 	    syntax_error(fp, "Expecting user or group name", lex_item);
191 	    HTList_delete(user_def_list);
192 	    user_def_list = NULL;
193 	    return NULL;
194 	}
195     }
196 
197     if (!only_one && lex_item != LEX_CLOSE_PAREN) {
198 	HTList_delete(user_def_list);
199 	user_def_list = NULL;
200 	syntax_error(fp, "Expecting ')' closing user/group list", lex_item);
201 	return NULL;
202     }
203     return user_def_list;
204 }
205 
parse_item(FILE * fp)206 static Item *parse_item(FILE *fp)
207 {
208     Item *item = NULL;
209     UserDefList *user_def_list = NULL;
210     AddressDefList *address_def_list = NULL;
211     LexItem lex_item;
212 
213     lex_item = lex(fp);
214     if (lex_item == LEX_ALPH_STR || lex_item == LEX_OPEN_PAREN) {
215 	unlex(lex_item);
216 	user_def_list = parse_user_part(fp);
217 	lex_item = lex(fp);
218     }
219 
220     if (lex_item == LEX_AT_SIGN) {
221 	lex_item = lex(fp);
222 	if (lex_item == LEX_ALPH_STR || lex_item == LEX_TMPL_STR ||
223 	    lex_item == LEX_OPEN_PAREN) {
224 	    unlex(lex_item);
225 	    address_def_list = parse_address_part(fp);
226 	} else {
227 	    if (user_def_list) {
228 		HTList_delete(user_def_list);	/* @@@@ */
229 		user_def_list = NULL;
230 	    }
231 	    syntax_error(fp, "Expected address part (single address or list)",
232 			 lex_item);
233 	    return NULL;
234 	}
235     } else
236 	unlex(lex_item);
237 
238     if (!user_def_list && !address_def_list) {
239 	syntax_error(fp, "Empty item not allowed", lex_item);
240 	return NULL;
241     }
242     item = typecalloc(Item);
243     if (item == NULL)
244 	outofmem(__FILE__, "parse_item");
245 
246     assert(item != NULL);
247 
248     item->user_def_list = user_def_list;
249     item->address_def_list = address_def_list;
250     return item;
251 }
252 
parse_item_list(FILE * fp)253 static ItemList *parse_item_list(FILE *fp)
254 {
255     ItemList *item_list = HTList_new();
256     Item *item;
257     LexItem lex_item;
258 
259     for (;;) {
260 	if (!(item = parse_item(fp))) {
261 	    HTList_delete(item_list);	/* @@@@ */
262 	    item_list = NULL;
263 	    return NULL;
264 	}
265 	HTList_addObject(item_list, (void *) item);
266 	lex_item = lex(fp);
267 	if (lex_item != LEX_ITEM_SEP) {
268 	    unlex(lex_item);
269 	    return item_list;
270 	}
271 	/*
272 	 * Here lex_item == LEX_ITEM_SEP; after item separator it
273 	 * is ok to have one or more newlines (LEX_REC_SEP) and
274 	 * they are ignored (continuation line).
275 	 */
276 	do {
277 	    lex_item = lex(fp);
278 	} while (lex_item == LEX_REC_SEP);
279 	unlex(lex_item);
280     }
281 }
282 
HTAA_parseGroupDef(FILE * fp)283 GroupDef *HTAA_parseGroupDef(FILE *fp)
284 {
285     ItemList *item_list = NULL;
286     GroupDef *group_def = NULL;
287     LexItem lex_item;
288 
289     if (!(item_list = parse_item_list(fp))) {
290 	return NULL;
291     }
292     group_def = typecalloc(GroupDef);
293     if (group_def == NULL)
294 	outofmem(__FILE__, "HTAA_parseGroupDef");
295 
296     assert(group_def != NULL);
297 
298     group_def->group_name = NULL;
299     group_def->item_list = item_list;
300 
301     if ((lex_item = lex(fp)) != LEX_REC_SEP) {
302 	syntax_error(fp, "Garbage after group definition", lex_item);
303     }
304 
305     return group_def;
306 }
307 
308 #if 0
309 static GroupDef *parse_group_decl(FILE *fp)
310 {
311     char *group_name = NULL;
312     GroupDef *group_def = NULL;
313     LexItem lex_item;
314 
315     do {
316 	lex_item = lex(fp);
317     } while (lex_item == LEX_REC_SEP);	/* Ignore empty lines */
318 
319     if (lex_item != LEX_ALPH_STR) {
320 	if (lex_item != LEX_EOF)
321 	    syntax_error(fp, "Expecting group name", lex_item);
322 	return NULL;
323     }
324     StrAllocCopy(group_name, HTlex_buffer);
325 
326     if (LEX_FIELD_SEP != (lex_item = lex(fp))) {
327 	syntax_error(fp, "Expecting field separator", lex_item);
328 	FREE(group_name);
329 	return NULL;
330     }
331 
332     if (!(group_def = HTAA_parseGroupDef(fp))) {
333 	FREE(group_name);
334 	return NULL;
335     }
336     group_def->group_name = group_name;
337 
338     return group_def;
339 }
340 
341 /*
342  * Group manipulation routines
343  */
344 
345 static GroupDef *find_group_def(GroupDefList *group_list,
346 				const char *group_name)
347 {
348     if (group_list && group_name) {
349 	GroupDefList *cur = group_list;
350 	GroupDef *group_def;
351 
352 	while (NULL != (group_def = (GroupDef *) HTList_nextObject(cur))) {
353 	    if (!strcmp(group_name, group_def->group_name)) {
354 		return group_def;
355 	    }
356 	}
357     }
358     return NULL;
359 }
360 
361 void HTAA_resolveGroupReferences(GroupDef *group_def,
362 				 GroupDefList *group_def_list)
363 {
364     if (group_def && group_def->item_list && group_def_list) {
365 	ItemList *cur1 = group_def->item_list;
366 	Item *item;
367 
368 	while (NULL != (item = (Item *) HTList_nextObject(cur1))) {
369 	    UserDefList *cur2 = item->user_def_list;
370 	    Ref *ref;
371 
372 	    while (NULL != (ref = (Ref *) HTList_nextObject(cur2)))
373 		ref->translation = find_group_def(group_def_list, ref->name);
374 
375 	    /* Does NOT translate address_def_list */
376 	}
377     }
378 }
379 
380 static void add_group_def(GroupDefList *group_def_list,
381 			  GroupDef *group_def)
382 {
383     HTAA_resolveGroupReferences(group_def, group_def_list);
384     HTList_addObject(group_def_list, (void *) group_def);
385 }
386 
387 static GroupDefList *parse_group_file(FILE *fp)
388 {
389     GroupDefList *group_def_list = HTList_new();
390     GroupDef *group_def;
391 
392     while (NULL != (group_def = parse_group_decl(fp)))
393 	add_group_def(group_def_list, group_def);
394 
395     return group_def_list;
396 }
397 #endif
398 
399 /*
400  * Trace functions
401  */
402 
print_item(Item * item)403 static void print_item(Item *item)
404 {
405     if (!item)
406 	fprintf(tfp, "\tNULL-ITEM\n");
407     else {
408 	UserDefList *cur1 = item->user_def_list;
409 	AddressDefList *cur2 = item->address_def_list;
410 	Ref *user_ref = (Ref *) HTList_nextObject(cur1);
411 	Ref *addr_ref = (Ref *) HTList_nextObject(cur2);
412 
413 	if (user_ref) {
414 	    fprintf(tfp, "\t[%s%s", user_ref->name,
415 		    (user_ref->translation ? "*REF*" : ""));
416 	    while (NULL != (user_ref = (Ref *) HTList_nextObject(cur1)))
417 		fprintf(tfp, "; %s%s", user_ref->name,
418 			(user_ref->translation ? "*REF*" : ""));
419 	    fprintf(tfp, "] ");
420 	} else
421 	    fprintf(tfp, "\tANYBODY ");
422 
423 	if (addr_ref) {
424 	    fprintf(tfp, "@ [%s", addr_ref->name);
425 	    while (NULL != (addr_ref = (Ref *) HTList_nextObject(cur2)))
426 		fprintf(tfp, "; %s", addr_ref->name);
427 	    fprintf(tfp, "]\n");
428 	} else
429 	    fprintf(tfp, "@ ANYADDRESS\n");
430     }
431 }
432 
print_item_list(ItemList * item_list)433 static void print_item_list(ItemList *item_list)
434 {
435     ItemList *cur = item_list;
436     Item *item;
437 
438     if (!item_list)
439 	fprintf(tfp, "EMPTY");
440     else
441 	while (NULL != (item = (Item *) HTList_nextObject(cur)))
442 	    print_item(item);
443 }
444 
HTAA_printGroupDef(GroupDef * group_def)445 void HTAA_printGroupDef(GroupDef *group_def)
446 {
447     if (!group_def) {
448 	fprintf(tfp, "\nNULL RECORD\n");
449 	return;
450     }
451 
452     fprintf(tfp, "\nGroup %s:\n",
453 	    (group_def->group_name ? group_def->group_name : "NULL"));
454 
455     print_item_list(group_def->item_list);
456     fprintf(tfp, "\n");
457 }
458 
459 #if 0
460 static void print_group_def_list(GroupDefList *group_list)
461 {
462     GroupDefList *cur = group_list;
463     GroupDef *group_def;
464 
465     while (NULL != (group_def = (GroupDef *) HTList_nextObject(cur)))
466 	HTAA_printGroupDef(group_def);
467 }
468 
469 /*
470  * IP address template matching
471  */
472 
473 /* static						part_match()
474  *		MATCH ONE PART OF INET ADDRESS AGAIST
475  *		A PART OF MASK (inet address has 4 parts)
476  * ON ENTRY:
477  *	tcur	pointer to the beginning of template part.
478  *	icur	pointer to the beginning of actual inet
479  *		number part.
480  *
481  * ON EXIT:
482  *	returns	YES, if match.
483  */
484 static BOOL part_match(const char *tcur,
485 		       const char *icur)
486 {
487     char required[4];
488     char actual[4];
489     const char *cur;
490     int cnt;
491     BOOL status;
492 
493     if (!tcur || !icur)
494 	return NO;
495 
496     cur = tcur;
497     cnt = 0;
498     while (cnt < 3 && *cur && *cur != '.')
499 	required[cnt++] = *(cur++);
500     required[cnt] = (char) 0;
501 
502     cur = icur;
503     cnt = 0;
504     while (cnt < 3 && *cur && *cur != '.')
505 	actual[cnt++] = *(cur++);
506     actual[cnt] = (char) 0;
507 
508     status = HTAA_templateMatch(required, actual);
509     CTRACE((tfp, "part_match: req: '%s' act: '%s' match: %s\n",
510 	    required, actual, (status ? "yes" : "no")));
511 
512     return status;
513 }
514 
515 /* static						ip_number_match()
516  *		MATCH INET NUMBER AGAINST AN INET NUMBER MASK
517  * ON ENTRY:
518  *	template	mask to match agaist, e.g., 128.141.*.*
519  *	the_inet_addr	actual inet address, e.g., 128.141.201.74
520  *
521  * ON EXIT:
522  *	returns		YES, if match;  NO, if not.
523  */
524 static BOOL ip_number_match(const char *ctemplate,
525 			    const char *the_inet_addr)
526 {
527     const char *tcur = ctemplate;
528     const char *icur = the_inet_addr;
529     int cnt;
530 
531     for (cnt = 0; cnt < 4; cnt++) {
532 	if (!tcur || !icur || !part_match(tcur, icur))
533 	    return NO;
534 	if (NULL != (tcur = strchr(tcur, '.')))
535 	    tcur++;
536 	if (NULL != (icur = strchr(icur, '.')))
537 	    icur++;
538     }
539     return YES;
540 }
541 
542 /* static						is_domain_mask()
543  *		DETERMINE IF A GIVEN MASK IS A
544  *		DOMAIN NAME MASK OR AN INET NUMBER MASK
545  * ON ENTRY:
546  *	mask	either a domain name mask,
547  *		e.g.
548  *			*.cern.ch
549  *
550  *		or an inet number mask,
551  *		e.g.
552  *			128.141.*.*
553  *
554  * ON EXIT:
555  *	returns	YES, if mask is a domain name mask.
556  *		NO, if it is an inet number mask.
557  */
558 static BOOL is_domain_mask(const char *mask)
559 {
560     const char *cur = mask;
561 
562     if (!mask)
563 	return NO;
564 
565     while (*cur) {
566 	if (*cur != '.' && *cur != '*' && (*cur < '0' || *cur > '9'))
567 	    return YES;		/* Even one non-digit makes it a domain name mask */
568 	cur++;
569     }
570     return NO;			/* All digits and dots, so it is an inet number mask */
571 }
572 
573 /* static							ip_mask_match()
574  *		MATCH AN IP NUMBER MASK OR IP NAME MASK
575  *		AGAINST ACTUAL IP NUMBER OR IP NAME
576  *
577  * ON ENTRY:
578  *	mask		mask.  Mask may be either an inet number
579  *			mask or a domain name mask,
580  *			e.g.
581  *				128.141.*.*
582  *			or
583  *				*.cern.ch
584  *
585  *	ip_number	IP number of connecting host.
586  *	ip_name		IP name of the connecting host.
587  *
588  * ON EXIT:
589  *	returns		YES, if hostname/internet number
590  *			matches the mask.
591  *			NO, if no match (no fire).
592  */
593 static BOOL ip_mask_match(const char *mask,
594 			  const char *ip_number,
595 			  const char *ip_name)
596 {
597     if (mask && (ip_number || ip_name)) {
598 	if (is_domain_mask(mask)) {
599 	    if (HTAA_templateMatch(mask, ip_name))
600 		return YES;
601 	} else {
602 	    if (ip_number_match(mask, ip_number))
603 		return YES;
604 	}
605     }
606     return NO;
607 }
608 
609 static BOOL ip_in_def_list(AddressDefList *address_def_list,
610 			   char *ip_number,
611 			   char *ip_name)
612 {
613     if (address_def_list && (ip_number || ip_name)) {
614 	AddressDefList *cur = address_def_list;
615 	Ref *ref;
616 
617 	while (NULL != (ref = (Ref *) HTList_nextObject(cur))) {
618 	    /* Value of ref->translation is ignored, i.e., */
619 	    /* no recursion for ip address tamplates.     */
620 	    if (ip_mask_match(ref->name, ip_number, ip_name))
621 		return YES;
622 	}
623     }
624     return NO;
625 }
626 
627 /*
628  * Group file cached reading
629  */
630 
631 typedef struct {
632     char *group_filename;
633     GroupDefList *group_list;
634 } GroupCache;
635 
636 typedef HTList GroupCacheList;
637 
638 static GroupCacheList *group_cache_list = NULL;
639 
640 GroupDefList *HTAA_readGroupFile(const char *filename)
641 {
642     FILE *fp;
643     GroupCache *group_cache;
644 
645     if (isEmpty(filename))
646 	return NULL;
647 
648     if (!group_cache_list)
649 	group_cache_list = HTList_new();
650     else {
651 	GroupCacheList *cur = group_cache_list;
652 
653 	while (NULL != (group_cache = (GroupCache *) HTList_nextObject(cur))) {
654 	    if (!strcmp(filename, group_cache->group_filename)) {
655 		CTRACE((tfp, "%s '%s' %s\n",
656 			"HTAA_readGroupFile: group file",
657 			filename, "already found in cache"));
658 		return group_cache->group_list;
659 	    }			/* if cache match */
660 	}			/* while cached files remain */
661     }				/* cache exists */
662 
663     CTRACE((tfp, "HTAA_readGroupFile: reading group file `%s'\n",
664 	    filename));
665 
666     if (!(fp = fopen(filename, TXT_R))) {
667 	CTRACE((tfp, "%s '%s'\n",
668 		"HTAA_readGroupFile: unable to open group file",
669 		filename));
670 	return NULL;
671     }
672 
673     if ((group_cache = typecalloc(GroupCache)) == 0)
674 	outofmem(__FILE__, "HTAA_readGroupFile");
675 
676     group_cache->group_filename = NULL;
677     StrAllocCopy(group_cache->group_filename, filename);
678     group_cache->group_list = parse_group_file(fp);
679     HTList_addObject(group_cache_list, (void *) group_cache);
680     fclose(fp);
681 
682     CTRACE((tfp, "Read group file '%s', results follow:\n", filename));
683     if (TRACE)
684 	print_group_def_list(group_cache->group_list);
685 
686     return group_cache->group_list;
687 }
688 
689 /* PUBLIC					HTAA_userAndInetInGroup()
690  *		CHECK IF USER BELONGS TO TO A GIVEN GROUP
691  *		AND THAT THE CONNECTION COMES FROM AN
692  *		ADDRESS THAT IS ALLOWED BY THAT GROUP
693  * ON ENTRY:
694  *	group		the group definition structure.
695  *	username	connecting user.
696  *	ip_number	browser host IP number, optional.
697  *	ip_name		browser host IP name, optional.
698  *			However, one of ip_number or ip_name
699  *			must be given.
700  * ON EXIT:
701  *	returns		HTAA_IP_MASK, if IP address mask was
702  *			reason for failing.
703  *			HTAA_NOT_MEMBER, if user does not belong
704  *			to the group.
705  *			HTAA_OK if both IP address and user are ok.
706  */
707 HTAAFailReasonType HTAA_userAndInetInGroup(GroupDef *group,
708 					   char *username,
709 					   char *ip_number,
710 					   char *ip_name)
711 {
712     HTAAFailReasonType reason = HTAA_NOT_MEMBER;
713 
714     if (group && username) {
715 	ItemList *cur1 = group->item_list;
716 	Item *item;
717 
718 	while (NULL != (item = (Item *) HTList_nextObject(cur1))) {
719 	    if (!item->address_def_list ||	/* Any address allowed */
720 		ip_in_def_list(item->address_def_list, ip_number, ip_name)) {
721 
722 		if (!item->user_def_list)	/* Any user allowed */
723 		    return HTAA_OK;
724 		else {
725 		    UserDefList *cur2 = item->user_def_list;
726 		    Ref *ref;
727 
728 		    while (NULL != (ref = (Ref *) HTList_nextObject(cur2))) {
729 
730 			if (ref->translation) {		/* Group, check recursively */
731 			    reason = HTAA_userAndInetInGroup(ref->translation,
732 							     username,
733 							     ip_number, ip_name);
734 			    if (reason == HTAA_OK)
735 				return HTAA_OK;
736 			} else {	/* Username, check directly */
737 			    if (username && *username &&
738 				0 == strcmp(ref->name, username))
739 				return HTAA_OK;
740 			}
741 			/* Every user/group name in this group */
742 		    }
743 		    /* search for username */
744 		}
745 		/* IP address ok */
746 	    } else {
747 		reason = HTAA_IP_MASK;
748 	    }
749 	}			/* while items in group */
750     }
751     /* valid parameters */
752     return reason;		/* No match, or invalid parameters */
753 }
754 
755 void GroupDef_delete(GroupDef *group_def)
756 {
757     if (group_def) {
758 	FREE(group_def->group_name);
759 	if (group_def->item_list) {
760 	    HTList_delete(group_def->item_list);	/* @@@@ */
761 	    group_def->item_list = NULL;
762 	}
763 	FREE(group_def);
764     }
765 }
766 #endif
767