/** BEGIN COPYRIGHT BLOCK * This Program is free software; you can redistribute it and/or modify it under * the terms of the GNU General Public License as published by the Free Software * Foundation; version 2 of the License. * * This Program is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. * * You should have received a copy of the GNU General Public License along with * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple * Place, Suite 330, Boston, MA 02111-1307 USA. * * In addition, as a special exception, Red Hat, Inc. gives You the additional * right to link the code of this Program with code not covered under the GNU * General Public License ("Non-GPL Code") and to distribute linked combinations * including the two, subject to the limitations in this paragraph. Non-GPL Code * permitted under this exception must only link to the code of this Program * through those well defined interfaces identified in the file named EXCEPTION * found in the source code files (the "Approved Interfaces"). The files of * Non-GPL Code may instantiate templates or use macros or inline functions from * the Approved Interfaces without causing the resulting work to be covered by * the GNU General Public License. Only Red Hat, Inc. may make changes or * additions to the list of Approved Interfaces. You must obey the GNU General * Public License in all respects for all of the Program code and other code used * in conjunction with the Program except the Non-GPL Code covered by this * exception. If you modify this file, you may extend this exception to your * version of the file, but you are not obligated to do so. If you do not wish to * provide this exception without modification, you must delete this exception * statement from your version and license this file solely under the GPL without * exception. * * * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission. * Copyright (C) 2005 Red Hat, Inc. * All rights reserved. * END COPYRIGHT BLOCK **/ #ifdef HAVE_CONFIG_H # include #endif # line 8 "acltext.y" #include #include #include #include #include #include "aclpriv.h" #include #include #include "parse.h" #include "aclscan.h" #define MAX_LIST_SIZE 255 static ACLListHandle_t *curr_acl_list; /* current acl list */ static ACLHandle_t *curr_acl; /* current acl */ static ACLExprHandle_t *curr_expr; /* current expression */ static PFlags_t pflags; /* current authorization flags */ static char *curr_args_list[MAX_LIST_SIZE]; /* current args */ static char *curr_user_list[MAX_LIST_SIZE]; /* current users v2 */ static char *curr_ip_dns_list[MAX_LIST_SIZE]; /* current ip/dns v2 */ static PList_t curr_auth_info; /* current authorization method */ static int use_generic_rights; /* use generic rights for conversion */ int acl_PushListHandle(ACLListHandle_t *handle) { curr_acl_list = handle; return(0); } static void acl_string_lower(char *s) { int ii; int len; len = strlen(s); for (ii = 0; ii < len; ii++) s[ii] = tolower(s[ii]); return; } static void acl_clear_args(char **args_list) { args_list[0] = NULL; } static void acl_add_arg(char **args_list, char *arg) { static int args_index; if ( args_list[0] == NULL ) { args_index = 0; } args_list[args_index] = arg; args_index++; args_list[args_index] = NULL; } static void acl_free_args(char **args_list) { int ii; for (ii = 0; ii < MAX_LIST_SIZE; ii++) { if ( args_list[ii] ) PERM_FREE(args_list[ii]); else break; } } static int acl_set_args(ACLExprHandle_t *expr, char **args_list) { int ii; if (expr == NULL) return(-1); for (ii = 0; ii < MAX_LIST_SIZE; ii++) { if ( args_list[ii] ) { if ( ACL_ExprAddArg(NULL, expr, args_list[ii]) < 0 ) { aclerror("ACL_ExprAddArg() failed"); return(-1); } } else break; } return(0); } static int acl_set_users_or_groups(ACLExprHandle_t *expr, char **user_list) { int ii; int jj; if (expr == NULL) return(-1); for (ii = 0; ii < MAX_LIST_SIZE; ii++) { if ( user_list[ii] ) { if ( ACL_ExprTerm(NULL, expr, "user", CMP_OP_EQ, user_list[ii]) < 0 ) { aclerror("ACL_ExprTerm() failed"); acl_free_args(user_list); return(-1); } if ( ACL_ExprTerm(NULL, expr, "group", CMP_OP_EQ, user_list[ii]) < 0 ) { aclerror("ACL_ExprTerm() failed"); acl_free_args(user_list); return(-1); } } else break; } acl_free_args(user_list); for (jj = 0; jj < (ii * 2) - 1; jj++) { if ( ACL_ExprOr(NULL, expr) < 0 ) { aclerror("ACL_ExprOr() failed"); return(-1); } } return(0); } static int acl_set_ip_dns(ACLExprHandle_t *expr, char **ip_dns) { int ii; int jj; int len; char *attr; char *val; if (expr == NULL) return(-1); for (ii = 0; ii < MAX_LIST_SIZE; ii++) { if ( ip_dns[ii] ) { attr = "ip"; val = ip_dns[ii]; len = strlen(val); for (jj = 0; jj < len; jj++) { if ( strchr("0123456789.*", val[jj]) == 0 ) { attr = "dns"; break; } } if ( ACL_ExprTerm(NULL, expr, attr, CMP_OP_EQ, val) < 0 ) { aclerror("ACL_ExprTerm() failed"); acl_free_args(ip_dns); return(-1); } } else break; } acl_free_args(ip_dns); for (jj = 0; jj < ii - 1; jj++) { if ( ACL_ExprOr(NULL, expr) < 0 ) { aclerror("ACL_ExprOr() failed"); return(-1); } } return(0); } # line 223 "acltext.y" typedef union #ifdef __cplusplus ACLSTYPE #endif { char *string; int ival; } ACLSTYPE; # define ACL_ABSOLUTE_TOK 257 # define ACL_ACL_TOK 258 # define ACL_ALLOW_TOK 259 # define ACL_ALWAYS_TOK 260 # define ACL_AND_TOK 261 # define ACL_AT_TOK 262 # define ACL_AUTHENTICATE_TOK 263 # define ACL_CONTENT_TOK 264 # define ACL_DEFAULT_TOK 265 # define ACL_DENY_TOK 266 # define ACL_GROUP_TOK 267 # define ACL_IN_TOK 268 # define ACL_INHERIT_TOK 269 # define ACL_NOT_TOK 270 # define ACL_NULL_TOK 271 # define ACL_OR_TOK 272 # define ACL_QSTRING_TOK 273 # define ACL_READ_TOK 274 # define ACL_TERMINAL_TOK 275 # define ACL_VARIABLE_TOK 276 # define ACL_VERSION_TOK 277 # define ACL_WRITE_TOK 278 # define ACL_WITH_TOK 279 # define ACL_EQ_TOK 280 # define ACL_GE_TOK 281 # define ACL_GT_TOK 282 # define ACL_LE_TOK 283 # define ACL_LT_TOK 284 # define ACL_NE_TOK 285 #ifdef __STDC__ #include #include #else #include #include #endif #ifdef __cplusplus #ifndef aclerror void aclerror(const char *); #endif #ifndef acllex #ifdef __EXTERN_C__ extern "C" { int acllex(void); } #else int acllex(void); #endif #endif int acl_Parse(void); #endif #define aclclearin aclchar = -1 #define aclerrok aclerrflag = 0 extern int aclchar; extern int aclerrflag; ACLSTYPE acllval; ACLSTYPE aclval; typedef int acltabelem; #ifndef ACLMAXDEPTH #define ACLMAXDEPTH 150 #endif #if ACLMAXDEPTH > 0 int acl_acls[ACLMAXDEPTH], *acls = acl_acls; ACLSTYPE acl_aclv[ACLMAXDEPTH], *aclv = acl_aclv; #else /* user does initial allocation */ int *acls; ACLSTYPE *aclv; #endif static int aclmaxdepth = ACLMAXDEPTH; # define ACLERRCODE 256 # line 952 "acltext.y" acltabelem aclexca[] ={ -1, 1, 0, -1, -2, 0, }; # define ACLNPROD 120 # define ACLLAST 251 acltabelem aclact[]={ 176, 177, 178, 180, 179, 181, 156, 109, 69, 53, 160, 116, 76, 6, 185, 169, 118, 186, 170, 117, 150, 78, 85, 149, 77, 18, 144, 29, 17, 86, 28, 11, 3, 126, 10, 136, 140, 82, 89, 104, 87, 101, 7, 129, 127, 171, 133, 79, 72, 40, 132, 38, 102, 55, 108, 37, 172, 105, 39, 60, 60, 107, 128, 63, 59, 45, 61, 61, 93, 23, 46, 6, 131, 130, 158, 142, 137, 157, 125, 134, 154, 147, 56, 122, 112, 30, 75, 94, 81, 111, 139, 138, 88, 73, 165, 164, 155, 57, 50, 49, 48, 27, 14, 41, 65, 58, 145, 97, 153, 146, 98, 152, 120, 25, 184, 151, 119, 24, 99, 64, 13, 32, 15, 21, 5, 175, 159, 106, 103, 8, 100, 124, 84, 83, 66, 54, 52, 143, 80, 51, 67, 90, 36, 35, 26, 34, 33, 22, 31, 20, 135, 113, 62, 74, 96, 47, 92, 71, 44, 68, 43, 70, 42, 95, 16, 91, 9, 4, 19, 12, 2, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 110, 115, 114, 121, 123, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 95, 141, 0, 0, 0, 0, 0, 0, 148, 0, 0, 0, 0, 0, 0, 0, 0, 0, 163, 0, 0, 0, 166, 167, 168, 0, 0, 0, 0, 174, 0, 173, 0, 161, 0, 0, 0, 118, 78, 162, 117, 77, 182, 183 }; acltabelem aclpact[]={ -245,-10000000,-10000000, -234, -187,-10000000, -242,-10000000,-10000000, 80, -10000000,-10000000, 43, -248, -189, 76, 69,-10000000,-10000000,-10000000, -189,-10000000, 42, -246, -38, -248,-10000000, -208,-10000000,-10000000, -195,-10000000,-10000000, -208, 41, 40, 39,-10000000,-10000000, -270, -213, -43, 38,-10000000,-10000000, -199, -200,-10000000,-10000000,-10000000, -10000000, 79,-10000000,-10000000,-10000000, -271,-10000000, -195,-10000000, -220, -10000000,-10000000, -28, -221, -239,-10000000, -235, -238,-10000000,-10000000, -10000000, -28,-10000000,-10000000, -194,-10000000, -252,-10000000,-10000000,-10000000, 66,-10000000,-10000000,-10000000, 78, -223, -218, -203,-10000000, -273, -238,-10000000, -39, -29, 75, 68, -39, -40, -239, -243, -10000000, -231, -202,-10000000, -232, -184,-10000000, -185, -214, -227, -10000000,-10000000, -241,-10000000,-10000000,-10000000, -257, -240,-10000000,-10000000, -252,-10000000, -250,-10000000, 65,-10000000,-10000000,-10000000,-10000000,-10000000, -10000000,-10000000,-10000000,-10000000, -44, -241, -253, 74, 67, 64, -10000000,-10000000, -45, 37, -274, -30, -243,-10000000,-10000000, 36, 35,-10000000, -257, -257,-10000000, -250, -258,-10000000, -216,-10000000, -30, -30, -280,-10000000,-10000000,-10000000,-10000000,-10000000,-10000000,-10000000, -10000000, -30, -30, 73,-10000000, -259,-10000000,-10000000,-10000000,-10000000, -10000000,-10000000,-10000000,-10000000,-10000000,-10000000,-10000000 }; acltabelem aclpgo[]={ 0, 171, 170, 169, 168, 167, 124, 166, 122, 103, 164, 162, 160, 158, 105, 157, 93, 156, 89, 154, 153, 151, 86, 87, 91, 90, 76, 79, 150, 149, 123, 147, 121, 146, 145, 143, 142, 141, 92, 140, 139, 138, 75, 88, 137, 136, 104, 135, 134, 133, 132, 131, 77, 130, 128, 127, 78, 74, 126, 125 }; acltabelem aclr1[]={ 0, 1, 1, 3, 1, 2, 5, 5, 6, 7, 7, 8, 8, 10, 10, 9, 9, 11, 11, 15, 13, 13, 14, 14, 17, 12, 19, 12, 16, 16, 20, 20, 23, 23, 22, 22, 21, 21, 21, 24, 24, 25, 26, 26, 26, 26, 18, 28, 28, 27, 27, 4, 29, 29, 30, 30, 31, 31, 32, 32, 33, 33, 33, 37, 36, 39, 36, 38, 40, 34, 41, 41, 43, 42, 42, 44, 44, 45, 35, 47, 35, 48, 46, 49, 50, 50, 50, 50, 50, 50, 50, 55, 55, 55, 55, 53, 53, 53, 53, 54, 54, 54, 54, 51, 51, 56, 52, 52, 52, 57, 57, 57, 58, 58, 59, 59, 59, 59, 59, 59 }; acltabelem aclr2[]={ 0, 0, 2, 1, 10, 2, 2, 4, 17, 3, 3, 2, 6, 3, 3, 4, 6, 2, 2, 1, 8, 6, 3, 3, 1, 10, 1, 10, 7, 3, 2, 6, 2, 6, 3, 3, 2, 2, 6, 3, 3, 5, 2, 2, 6, 6, 7, 7, 7, 2, 4, 2, 2, 4, 6, 4, 5, 5, 2, 4, 4, 4, 4, 1, 10, 1, 8, 7, 1, 17, 2, 6, 3, 4, 6, 7, 7, 1, 6, 1, 6, 1, 5, 10, 0, 3, 5, 3, 5, 3, 5, 3, 3, 5, 5, 3, 3, 5, 5, 3, 3, 5, 5, 2, 6, 3, 2, 7, 7, 2, 6, 5, 7, 7, 2, 2, 2, 2, 2, 2 }; acltabelem aclchk[]={ -10000000, -1, -2, 277, -5, -6, 258, 276, -6, -7, 276, 273, -3, 40, 59, -8, -10, 276, 273, -4, -29, -30, -31, 258, 41, 44, -30, 59, 276, 273, 123, -8, -32, -33, -34, -35, -36, 263, 259, 266, 257, -9, -11, -12, -13, 260, 265, -32, 59, 59, 59, -40, -45, 279, -47, 266, 125, 59, -14, 263, 259, 266, -14, 263, 40, -46, -48, -39, -46, 279, -9, -15, 268, -16, -20, -22, 40, 276, 273, 268, -41, -43, 276, -49, -50, 257, 264, 275, -38, 276, -37, -16, -17, 262, -23, -22, -19, 41, 44, 40, -53, 264, 275, -54, 257, 275, -55, 264, 257, 280, -38, -18, 123, -21, -24, -25, 40, 276, 273, 41, 44, -18, 123, -43, -51, -56, 276, 275, 264, 275, 257, 257, 264, 273, -27, -28, 276, -26, -24, -25, 276, -23, -42, -44, 276, 41, 44, 125, -27, 276, 273, 41, 44, 44, 125, 59, 280, -52, -57, -58, 40, 270, 276, -56, 59, 59, -26, -26, -42, 273, 276, 261, 272, -52, -57, -59, 280, 281, 282, 284, 283, 285, -52, -52, 41, 273, 276 }; acltabelem acldef[]={ 1, -2, 2, 0, 5, 6, 0, 3, 7, 0, 9, 10, 0, 0, 0, 0, 11, 13, 14, 4, 51, 52, 0, 0, 0, 0, 53, 55, 56, 57, 0, 12, 54, 58, 0, 0, 0, 68, 77, 79, 0, 0, 0, 17, 18, 0, 0, 59, 60, 61, 62, 0, 81, 65, 81, 0, 8, 15, 19, 0, 22, 23, 0, 0, 0, 78, 84, 0, 80, 63, 16, 0, 24, 21, 29, 30, 0, 34, 35, 26, 0, 70, 72, 82, 0, 85, 87, 89, 66, 0, 0, 20, 0, 0, 0, 32, 0, 0, 0, 0, 86, 95, 96, 88, 99, 100, 90, 91, 92, 0, 64, 25, 0, 28, 36, 37, 0, 39, 40, 31, 0, 27, 0, 71, 0, 103, 105, 97, 98, 101, 102, 93, 94, 67, 0, 49, 0, 0, 42, 43, 41, 33, 0, 0, 0, 0, 0, 46, 50, 0, 0, 38, 0, 0, 69, 73, 0, 83, 106, 109, 0, 0, 0, 104, 47, 48, 44, 45, 74, 75, 76, 0, 0, 0, 111, 0, 114, 115, 116, 117, 118, 119, 107, 108, 110, 112, 113 }; typedef struct #ifdef __cplusplus acltoktype #endif { char *t_name; int t_val; } acltoktype; #ifndef ACLDEBUG # define ACLDEBUG 0 /* don't allow debugging */ #endif #if ACLDEBUG acltoktype acltoks[] = { "ACL_ABSOLUTE_TOK", 257, "ACL_ACL_TOK", 258, "ACL_ALLOW_TOK", 259, "ACL_ALWAYS_TOK", 260, "ACL_AND_TOK", 261, "ACL_AT_TOK", 262, "ACL_AUTHENTICATE_TOK", 263, "ACL_CONTENT_TOK", 264, "ACL_DEFAULT_TOK", 265, "ACL_DENY_TOK", 266, "ACL_GROUP_TOK", 267, "ACL_IN_TOK", 268, "ACL_INHERIT_TOK", 269, "ACL_NOT_TOK", 270, "ACL_NULL_TOK", 271, "ACL_OR_TOK", 272, "ACL_QSTRING_TOK", 273, "ACL_READ_TOK", 274, "ACL_TERMINAL_TOK", 275, "ACL_VARIABLE_TOK", 276, "ACL_VERSION_TOK", 277, "ACL_WRITE_TOK", 278, "ACL_WITH_TOK", 279, "ACL_EQ_TOK", 280, "ACL_GE_TOK", 281, "ACL_GT_TOK", 282, "ACL_LE_TOK", 283, "ACL_LT_TOK", 284, "ACL_NE_TOK", 285, "-unknown-", -1 /* ends search */ }; char * aclreds[] = { "-no such reduction-", "start : /* empty */", "start : start_acl_v2", "start : ACL_VERSION_TOK ACL_VARIABLE_TOK", "start : ACL_VERSION_TOK ACL_VARIABLE_TOK ';' start_acl_v3", "start_acl_v2 : acl_list_v2", "acl_list_v2 : acl_v2", "acl_list_v2 : acl_list_v2 acl_v2", "acl_v2 : ACL_ACL_TOK acl_name_v2 '(' arg_list_v2 ')' '{' directive_list_v2 '}'", "acl_name_v2 : ACL_VARIABLE_TOK", "acl_name_v2 : ACL_QSTRING_TOK", "arg_list_v2 : arg_v2", "arg_list_v2 : arg_v2 ',' arg_list_v2", "arg_v2 : ACL_VARIABLE_TOK", "arg_v2 : ACL_QSTRING_TOK", "directive_list_v2 : directive_v2 ';'", "directive_list_v2 : directive_v2 ';' directive_list_v2", "directive_v2 : auth_method_v2", "directive_v2 : auth_statement_v2", "auth_statement_v2 : ACL_ALWAYS_TOK auth_type_v2", "auth_statement_v2 : ACL_ALWAYS_TOK auth_type_v2 host_spec_list_action_v2", "auth_statement_v2 : ACL_DEFAULT_TOK auth_type_v2 host_spec_list_action_v2", "auth_type_v2 : ACL_ALLOW_TOK", "auth_type_v2 : ACL_DENY_TOK", "auth_method_v2 : ACL_ALWAYS_TOK ACL_AUTHENTICATE_TOK ACL_IN_TOK", "auth_method_v2 : ACL_ALWAYS_TOK ACL_AUTHENTICATE_TOK ACL_IN_TOK realm_definition_v2", "auth_method_v2 : ACL_DEFAULT_TOK ACL_AUTHENTICATE_TOK ACL_IN_TOK", "auth_method_v2 : ACL_DEFAULT_TOK ACL_AUTHENTICATE_TOK ACL_IN_TOK realm_definition_v2", "host_spec_list_action_v2 : user_expr_v2 ACL_AT_TOK host_spec_list_v2", "host_spec_list_action_v2 : user_expr_v2", "user_expr_v2 : user_v2", "user_expr_v2 : '(' user_list_v2 ')'", "user_list_v2 : user_v2", "user_list_v2 : user_v2 ',' user_list_v2", "user_v2 : ACL_VARIABLE_TOK", "user_v2 : ACL_QSTRING_TOK", "host_spec_list_v2 : dns_spec_v2", "host_spec_list_v2 : ip_spec_v2", "host_spec_list_v2 : '(' dns_ip_spec_list_v2 ')'", "dns_spec_v2 : ACL_VARIABLE_TOK", "dns_spec_v2 : ACL_QSTRING_TOK", "ip_spec_v2 : ACL_VARIABLE_TOK ACL_VARIABLE_TOK", "dns_ip_spec_list_v2 : dns_spec_v2", "dns_ip_spec_list_v2 : ip_spec_v2", "dns_ip_spec_list_v2 : dns_spec_v2 ',' dns_ip_spec_list_v2", "dns_ip_spec_list_v2 : ip_spec_v2 ',' dns_ip_spec_list_v2", "realm_definition_v2 : '{' methods_list_v2 '}'", "method_v2 : ACL_VARIABLE_TOK ACL_VARIABLE_TOK ';'", "method_v2 : ACL_VARIABLE_TOK ACL_QSTRING_TOK ';'", "methods_list_v2 : method_v2", "methods_list_v2 : method_v2 methods_list_v2", "start_acl_v3 : acl_list", "acl_list : acl", "acl_list : acl_list acl", "acl : named_acl ';' body_list", "acl : named_acl ';'", "named_acl : ACL_ACL_TOK ACL_VARIABLE_TOK", "named_acl : ACL_ACL_TOK ACL_QSTRING_TOK", "body_list : body", "body_list : body body_list", "body : authenticate_statement ';'", "body : authorization_statement ';'", "body : deny_statement ';'", "deny_statement : ACL_ABSOLUTE_TOK ACL_DENY_TOK ACL_WITH_TOK", "deny_statement : ACL_ABSOLUTE_TOK ACL_DENY_TOK ACL_WITH_TOK deny_common", "deny_statement : ACL_DENY_TOK ACL_WITH_TOK", "deny_statement : ACL_DENY_TOK ACL_WITH_TOK deny_common", "deny_common : ACL_VARIABLE_TOK ACL_EQ_TOK ACL_QSTRING_TOK", "authenticate_statement : ACL_AUTHENTICATE_TOK", "authenticate_statement : ACL_AUTHENTICATE_TOK '(' attribute_list ')' '{' parameter_list '}'", "attribute_list : attribute", "attribute_list : attribute_list ',' attribute", "attribute : ACL_VARIABLE_TOK", "parameter_list : parameter ';'", "parameter_list : parameter ';' parameter_list", "parameter : ACL_VARIABLE_TOK ACL_EQ_TOK ACL_QSTRING_TOK", "parameter : ACL_VARIABLE_TOK ACL_EQ_TOK ACL_VARIABLE_TOK", "authorization_statement : ACL_ALLOW_TOK", "authorization_statement : ACL_ALLOW_TOK auth_common_action", "authorization_statement : ACL_DENY_TOK", "authorization_statement : ACL_DENY_TOK auth_common_action", "auth_common_action : /* empty */", "auth_common_action : auth_common", "auth_common : flag_list '(' args_list ')' expression", "flag_list : /* empty */", "flag_list : ACL_ABSOLUTE_TOK", "flag_list : ACL_ABSOLUTE_TOK content_static", "flag_list : ACL_CONTENT_TOK", "flag_list : ACL_CONTENT_TOK absolute_static", "flag_list : ACL_TERMINAL_TOK", "flag_list : ACL_TERMINAL_TOK content_absolute", "content_absolute : ACL_CONTENT_TOK", "content_absolute : ACL_ABSOLUTE_TOK", "content_absolute : ACL_CONTENT_TOK ACL_ABSOLUTE_TOK", "content_absolute : ACL_ABSOLUTE_TOK ACL_CONTENT_TOK", "content_static : ACL_CONTENT_TOK", "content_static : ACL_TERMINAL_TOK", "content_static : ACL_CONTENT_TOK ACL_TERMINAL_TOK", "content_static : ACL_TERMINAL_TOK ACL_CONTENT_TOK", "absolute_static : ACL_ABSOLUTE_TOK", "absolute_static : ACL_TERMINAL_TOK", "absolute_static : ACL_ABSOLUTE_TOK ACL_TERMINAL_TOK", "absolute_static : ACL_TERMINAL_TOK ACL_ABSOLUTE_TOK", "args_list : arg", "args_list : args_list ',' arg", "arg : ACL_VARIABLE_TOK", "expression : factor", "expression : factor ACL_AND_TOK expression", "expression : factor ACL_OR_TOK expression", "factor : base_expr", "factor : '(' expression ')'", "factor : ACL_NOT_TOK factor", "base_expr : ACL_VARIABLE_TOK relop ACL_QSTRING_TOK", "base_expr : ACL_VARIABLE_TOK relop ACL_VARIABLE_TOK", "relop : ACL_EQ_TOK", "relop : ACL_GE_TOK", "relop : ACL_GT_TOK", "relop : ACL_LT_TOK", "relop : ACL_LE_TOK", "relop : ACL_NE_TOK", }; #endif /* ACLDEBUG */ /* ** Skeleton parser driver for yacc output */ /* ** yacc user known macros and defines */ #define ACLERROR goto aclerrlab #define ACLACCEPT return(0) #define ACLABORT return(1) #define ACLBACKUP( newtoken, newvalue )\ {\ if ( aclchar >= 0 || ( aclr2[ acltmp ] >> 1 ) != 1 )\ {\ aclerror( "syntax error - cannot backup" );\ goto aclerrlab;\ }\ aclchar = newtoken;\ aclstate = *aclps;\ acllval = newvalue;\ goto aclnewstate;\ } #define ACLRECOVERING() (!!aclerrflag) #define ACLNEW(type) PERM_MALLOC(sizeof(type) * aclnewmax) #define ACLCOPY(to, from, type) \ (type *) memcpy(to, (char *) from, aclnewmax * sizeof(type)) #define ACLENLARGE( from, type) \ (type *) PERM_REALLOC((char *) from, aclnewmax * sizeof(type)) #ifndef ACLDEBUG # define ACLDEBUG 1 /* make debugging available */ #endif /* ** user known globals */ int acldebug; /* set to 1 to get debugging */ /* ** driver internal defines */ #define ACLFLAG (-10000000) /* ** global variables used by the parser */ ACLSTYPE *aclpv; /* top of value stack */ int *aclps; /* top of state stack */ int aclstate; /* current state */ int acltmp; /* extra var (lasts between blocks) */ int aclnerrs; /* number of errors */ int aclerrflag; /* error recovery flag */ int aclchar; /* current input token number */ #ifdef ACLNMBCHARS #define ACLLEX() aclcvtok(acllex()) /* ** aclcvtok - return a token if i is a wchar_t value that exceeds 255. ** If i<255, i itself is the token. If i>255 but the neither ** of the 30th or 31st bit is on, i is already a token. */ #if defined(__STDC__) || defined(__cplusplus) int aclcvtok(int i) #else int aclcvtok(i) int i; #endif { int first = 0; int last = ACLNMBCHARS - 1; int mid; wchar_t j; if(i&0x60000000){/*Must convert to a token. */ if( aclmbchars[last].character < i ){ return i;/*Giving up*/ } while ((last>=first)&&(first>=0)) {/*Binary search loop*/ mid = (first+last)/2; j = aclmbchars[mid].character; if( j==i ){/*Found*/ return aclmbchars[mid].tvalue; }else if( j= 0; acl_i++ ) { if ( acltoks[acl_i].t_val == aclchar ) break; } printf( "%s\n", acltoks[acl_i].t_name ); } } #endif /* ACLDEBUG */ if ( ++acl_ps >= &acls[ aclmaxdepth ] ) /* room on stack? */ { /* ** reallocate and recover. Note that pointers ** have to be reset, or bad things will happen */ int aclps_index = (acl_ps - acls); int aclpv_index = (acl_pv - aclv); int aclpvt_index = (aclpvt - aclv); int aclnewmax; #ifdef ACLEXPAND aclnewmax = ACLEXPAND(aclmaxdepth); #else aclnewmax = 2 * aclmaxdepth; /* double table size */ if (aclmaxdepth == ACLMAXDEPTH) /* first time growth */ { char *newacls = (char *)ACLNEW(int); char *newaclv = (char *)ACLNEW(ACLSTYPE); if (newacls != 0 && newaclv != 0) { acls = ACLCOPY(newacls, acls, int); aclv = ACLCOPY(newaclv, aclv, ACLSTYPE); } else aclnewmax = 0; /* failed */ } else /* not first time */ { acls = ACLENLARGE(acls, int); aclv = ACLENLARGE(aclv, ACLSTYPE); if (acls == 0 || aclv == 0) aclnewmax = 0; /* failed */ } #endif if (aclnewmax <= aclmaxdepth) /* tables not expanded */ { aclerror( "yacc stack overflow" ); ACLABORT; } aclmaxdepth = aclnewmax; acl_ps = acls + aclps_index; acl_pv = aclv + aclpv_index; aclpvt = aclv + aclpvt_index; } *acl_ps = acl_state; *++acl_pv = aclval; /* ** we have a new state - find out what to do */ acl_newstate: if ( ( acl_n = aclpact[ acl_state ] ) <= ACLFLAG ) goto acldefault; /* simple state */ #if ACLDEBUG /* ** if debugging, need to mark whether new token grabbed */ acltmp = aclchar < 0; #endif if ( ( aclchar < 0 ) && ( ( aclchar = ACLLEX() ) < 0 ) ) aclchar = 0; /* reached EOF */ #if ACLDEBUG if ( acldebug && acltmp ) { register int acl_i; printf( "Received token " ); if ( aclchar == 0 ) printf( "end-of-file\n" ); else if ( aclchar < 0 ) printf( "-none-\n" ); else { for ( acl_i = 0; acltoks[acl_i].t_val >= 0; acl_i++ ) { if ( acltoks[acl_i].t_val == aclchar ) break; } printf( "%s\n", acltoks[acl_i].t_name ); } } #endif /* ACLDEBUG */ if ( ( ( acl_n += aclchar ) < 0 ) || ( acl_n >= ACLLAST ) ) goto acldefault; if ( aclchk[ acl_n = aclact[ acl_n ] ] == aclchar ) /*valid shift*/ { aclchar = -1; aclval = acllval; acl_state = acl_n; if ( aclerrflag > 0 ) aclerrflag--; goto acl_stack; } acldefault: if ( ( acl_n = acldef[ acl_state ] ) == -2 ) { #if ACLDEBUG acltmp = aclchar < 0; #endif if ( ( aclchar < 0 ) && ( ( aclchar = ACLLEX() ) < 0 ) ) aclchar = 0; /* reached EOF */ #if ACLDEBUG if ( acldebug && acltmp ) { register int acl_i; printf( "Received token " ); if ( aclchar == 0 ) printf( "end-of-file\n" ); else if ( aclchar < 0 ) printf( "-none-\n" ); else { for ( acl_i = 0; acltoks[acl_i].t_val >= 0; acl_i++ ) { if ( acltoks[acl_i].t_val == aclchar ) { break; } } printf( "%s\n", acltoks[acl_i].t_name ); } } #endif /* ACLDEBUG */ /* ** look through exception table */ { register int *aclxi = aclexca; while ( ( *aclxi != -1 ) || ( aclxi[1] != acl_state ) ) { aclxi += 2; } while ( ( *(aclxi += 2) >= 0 ) && ( *aclxi != aclchar ) ) ; if ( ( acl_n = aclxi[1] ) < 0 ) ACLACCEPT; } } /* ** check for syntax error */ if ( acl_n == 0 ) /* have an error */ { /* no worry about speed here! */ switch ( aclerrflag ) { case 0: /* new error */ aclerror( "syntax error" ); goto skip_init; aclerrlab: /* ** get globals into registers. ** we have a user generated syntax type error */ acl_pv = aclpv; acl_ps = aclps; acl_state = aclstate; skip_init: aclnerrs++; /* FALLTHRU */ case 1: case 2: /* incompletely recovered error */ /* try again... */ aclerrflag = 3; /* ** find state where "error" is a legal ** shift action */ while ( acl_ps >= acls ) { acl_n = aclpact[ *acl_ps ] + ACLERRCODE; if ( acl_n >= 0 && acl_n < ACLLAST && aclchk[aclact[acl_n]] == ACLERRCODE) { /* ** simulate shift of "error" */ acl_state = aclact[ acl_n ]; goto acl_stack; } /* ** current state has no shift on ** "error", pop stack */ #if ACLDEBUG # define _POP_ "Error recovery pops state %d, uncovers state %d\n" if ( acldebug ) printf( _POP_, *acl_ps, acl_ps[-1] ); # undef _POP_ #endif acl_ps--; acl_pv--; } /* ** there is no state on stack with "error" as ** a valid shift. give up. */ ACLABORT; case 3: /* no shift yet; eat a token */ #if ACLDEBUG /* ** if debugging, look up token in list of ** pairs. 0 and negative shouldn't occur, ** but since timing doesn't matter when ** debugging, it doesn't hurt to leave the ** tests here. */ if ( acldebug ) { register int acl_i; printf( "Error recovery discards " ); if ( aclchar == 0 ) printf( "token end-of-file\n" ); else if ( aclchar < 0 ) printf( "token -none-\n" ); else { for ( acl_i = 0; acltoks[acl_i].t_val >= 0; acl_i++ ) { if ( acltoks[acl_i].t_val == aclchar ) { break; } } printf( "token %s\n", acltoks[acl_i].t_name ); } } #endif /* ACLDEBUG */ if ( aclchar == 0 ) /* reached EOF. quit */ ACLABORT; aclchar = -1; goto acl_newstate; } }/* end if ( acl_n == 0 ) */ /* ** reduction by production acl_n ** put stack tops, etc. so things right after switch */ #if ACLDEBUG /* ** if debugging, print the string that is the user's ** specification of the reduction which is just about ** to be done. */ if ( acldebug ) printf( "Reduce by (%d) \"%s\"\n", acl_n, aclreds[ acl_n ] ); #endif acltmp = acl_n; /* value to switch over */ aclpvt = acl_pv; /* $vars top of value stack */ /* ** Look in goto table for next state ** Sorry about using acl_state here as temporary ** register variable, but why not, if it works... ** If aclr2[ acl_n ] doesn't have the low order bit ** set, then there is no action to be done for ** this reduction. So, no saving & unsaving of ** registers done. The only difference between the ** code just after the if and the body of the if is ** the goto acl_stack in the body. This way the test ** can be made before the choice of what to do is needed. */ { /* length of production doubled with extra bit */ register int acl_len = aclr2[ acl_n ]; if ( !( acl_len & 01 ) ) { acl_len >>= 1; aclval = ( acl_pv -= acl_len )[1]; /* $$ = $1 */ acl_state = aclpgo[ acl_n = aclr1[ acl_n ] ] + *( acl_ps -= acl_len ) + 1; if ( acl_state >= ACLLAST || aclchk[ acl_state = aclact[ acl_state ] ] != -acl_n ) { acl_state = aclact[ aclpgo[ acl_n ] ]; } goto acl_stack; } acl_len >>= 1; aclval = ( acl_pv -= acl_len )[1]; /* $$ = $1 */ acl_state = aclpgo[ acl_n = aclr1[ acl_n ] ] + *( acl_ps -= acl_len ) + 1; if ( acl_state >= ACLLAST || aclchk[ acl_state = aclact[ acl_state ] ] != -acl_n ) { acl_state = aclact[ aclpgo[ acl_n ] ]; } } /* save until reenter driver code */ aclstate = acl_state; aclps = acl_ps; aclpv = acl_pv; } /* ** code supplied by user is placed in this switch */ switch( acltmp ) { case 3: # line 266 "acltext.y" { PERM_FREE(aclpvt[-0].string); } break; case 8: # line 286 "acltext.y" { acl_free_args(curr_args_list); } break; case 9: # line 292 "acltext.y" { curr_acl = ACL_AclNew(NULL, aclpvt[-0].string); PERM_FREE(aclpvt[-0].string); if ( ACL_ListAppend(NULL, curr_acl_list, curr_acl, 0) < 0 ) { aclerror("Couldn't add ACL to list."); return(-1); } acl_clear_args(curr_args_list); use_generic_rights = 0; if (strstr(curr_acl->tag, "READ")) { use_generic_rights++; acl_add_arg(curr_args_list, PERM_STRDUP("read")); acl_add_arg(curr_args_list, PERM_STRDUP("execute")); acl_add_arg(curr_args_list, PERM_STRDUP("list")); acl_add_arg(curr_args_list, PERM_STRDUP("info")); } if (strstr(curr_acl->tag, "WRITE")) { use_generic_rights++; acl_add_arg(curr_args_list, PERM_STRDUP("write")); acl_add_arg(curr_args_list, PERM_STRDUP("delete")); } } break; case 10: # line 314 "acltext.y" { curr_acl = ACL_AclNew(NULL, aclpvt[-0].string); PERM_FREE(aclpvt[-0].string); if ( ACL_ListAppend(NULL, curr_acl_list, curr_acl, 0) < 0 ) { aclerror("Couldn't add ACL to list."); return(-1); } acl_clear_args(curr_args_list); use_generic_rights = 0; if (strstr(curr_acl->tag, "READ")) { use_generic_rights++; acl_add_arg(curr_args_list, PERM_STRDUP("read")); acl_add_arg(curr_args_list, PERM_STRDUP("execute")); acl_add_arg(curr_args_list, PERM_STRDUP("list")); acl_add_arg(curr_args_list, PERM_STRDUP("info")); } if (strstr(curr_acl->tag, "WRITE")) { use_generic_rights++; acl_add_arg(curr_args_list, PERM_STRDUP("write")); acl_add_arg(curr_args_list, PERM_STRDUP("delete")); } } break; case 13: # line 342 "acltext.y" { char acl_tmp_arg[255]; char *acl_new_arg; if (!use_generic_rights) { acl_string_lower(aclpvt[-0].string); strcpy(acl_tmp_arg, "http_"); strcat(acl_tmp_arg, aclpvt[-0].string); PERM_FREE(aclpvt[-0].string); acl_new_arg = PERM_STRDUP(acl_tmp_arg); acl_add_arg(curr_args_list, acl_new_arg); } else { PERM_FREE(aclpvt[-0].string); } } break; case 14: # line 358 "acltext.y" { if (!use_generic_rights) { acl_add_arg(curr_args_list, aclpvt[-0].string); } else { PERM_FREE(aclpvt[-0].string); } } break; case 19: # line 376 "acltext.y" { if ( ACL_ExprSetPFlags(NULL, curr_expr, ACL_PFLAG_ABSOLUTE) < 0 ) { aclerror("Could not set authorization processing flags"); return(-1); } } break; case 22: # line 388 "acltext.y" { curr_expr = ACL_ExprNew(ACL_EXPR_TYPE_ALLOW) ; if ( curr_expr == NULL ) { aclerror("ACL_ExprNew(allow) failed"); return(-1); } acl_clear_args(curr_user_list); acl_clear_args(curr_ip_dns_list); } break; case 23: # line 398 "acltext.y" { curr_expr = ACL_ExprNew(ACL_EXPR_TYPE_DENY) ; if ( curr_expr == NULL ) { aclerror("ACL_ExprNew(allow) failed"); return(-1); } acl_clear_args(curr_user_list); acl_clear_args(curr_ip_dns_list); } break; case 24: # line 411 "acltext.y" { curr_expr = ACL_ExprNew(ACL_EXPR_TYPE_AUTH) ; if ( curr_expr == NULL ) { aclerror("ACL_ExprNew(auth) failed"); return(-1); } if ( ACL_ExprSetPFlags(NULL, curr_expr, ACL_PFLAG_ABSOLUTE) < 0 ) { aclerror("Could not set authorization processing flags"); return(-1); } curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0); if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) { aclerror("Could not set authorization info"); return(-1); } } break; case 26: # line 430 "acltext.y" { curr_expr = ACL_ExprNew(ACL_EXPR_TYPE_AUTH) ; if ( curr_expr == NULL ) { aclerror("ACL_ExprNew(auth) failed"); return(-1); } curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0); if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) { aclerror("Could not set authorization info"); return(-1); } } break; case 28: # line 446 "acltext.y" { if ( acl_set_users_or_groups(curr_expr, curr_user_list) < 0 ) { aclerror("acl_set_users_or_groups() failed"); return(-1); } if ( acl_set_ip_dns(curr_expr, curr_ip_dns_list) < 0 ) { aclerror("acl_set_ip_dns() failed"); return(-1); } if ( ACL_ExprAnd(NULL, curr_expr) < 0 ) { aclerror("ACL_ExprAnd() failed"); return(-1); } if ( acl_set_args(curr_expr, curr_args_list) < 0 ) { aclerror("acl_set_args() failed"); return(-1); } if ( ACL_ExprAppend(NULL, curr_acl, curr_expr) < 0 ) { aclerror("Could not add authorization"); return(-1); } } break; case 29: # line 473 "acltext.y" { if ( acl_set_users_or_groups(curr_expr, curr_user_list) < 0 ) { aclerror("acl_set_users_or_groups() failed"); return(-1); } if ( acl_set_args(curr_expr, curr_args_list) < 0 ) { aclerror("acl_set_args() failed"); return(-1); } if ( ACL_ExprAppend(NULL, curr_acl, curr_expr) < 0 ) { aclerror("Could not add authorization"); return(-1); } } break; case 34: # line 500 "acltext.y" { acl_add_arg(curr_user_list, aclpvt[-0].string); } break; case 35: # line 504 "acltext.y" { acl_add_arg(curr_user_list, aclpvt[-0].string); } break; case 39: # line 516 "acltext.y" { acl_add_arg(curr_ip_dns_list, aclpvt[-0].string); } break; case 40: # line 520 "acltext.y" { acl_add_arg(curr_ip_dns_list, aclpvt[-0].string); } break; case 41: # line 526 "acltext.y" { char tmp_str[255]; util_sprintf(tmp_str, "%s+%s", aclpvt[-1].string, aclpvt[-0].string); PERM_FREE(aclpvt[-1].string); PERM_FREE(aclpvt[-0].string); acl_add_arg(curr_ip_dns_list, PERM_STRDUP(tmp_str)); } break; case 46: # line 543 "acltext.y" { if ( ACL_ExprAddArg(NULL, curr_expr, "user") < 0 ) { aclerror("ACL_ExprAddArg() failed"); return(-1); } if ( ACL_ExprAddArg(NULL, curr_expr, "group") < 0 ) { aclerror("ACL_ExprAddArg() failed"); return(-1); } if ( ACL_ExprAppend(NULL, curr_acl, curr_expr) < 0 ) { aclerror("Could not add authorization"); return(-1); } } break; case 47: # line 562 "acltext.y" { acl_string_lower(aclpvt[-2].string); if (strcmp(aclpvt[-2].string, "database") == 0) { PERM_FREE(aclpvt[-2].string); PERM_FREE(aclpvt[-1].string); } else { if ( PListInitProp(curr_auth_info, ACL_Attr2Index(aclpvt[-2].string), aclpvt[-2].string, aclpvt[-1].string, NULL) < 0 ) { } PERM_FREE(aclpvt[-2].string); } } break; case 48: # line 575 "acltext.y" { acl_string_lower(aclpvt[-2].string); if (strcmp(aclpvt[-2].string, "database") == 0) { PERM_FREE(aclpvt[-2].string); PERM_FREE(aclpvt[-1].string); } else { if ( PListInitProp(curr_auth_info, ACL_Attr2Index(aclpvt[-2].string), aclpvt[-2].string, aclpvt[-1].string, NULL) < 0 ) { } PERM_FREE(aclpvt[-2].string); } } break; case 56: # line 611 "acltext.y" { curr_acl = ACL_AclNew(NULL, aclpvt[-0].string); PERM_FREE(aclpvt[-0].string); if ( ACL_ListAppend(NULL, curr_acl_list, curr_acl, 0) < 0 ) { aclerror("Couldn't add ACL to list."); return(-1); } } break; case 57: # line 620 "acltext.y" { curr_acl = ACL_AclNew(NULL, aclpvt[-0].string); PERM_FREE(aclpvt[-0].string); if ( ACL_ListAppend(NULL, curr_acl_list, curr_acl, 0) < 0 ) { aclerror("Couldn't add ACL to list."); return(-1); } } break; case 63: # line 641 "acltext.y" { curr_expr = ACL_ExprNew(ACL_EXPR_TYPE_RESPONSE) ; if ( curr_expr == NULL ) { aclerror("ACL_ExprNew(deny) failed"); return(-1); } if ( ACL_ExprAppend(NULL, curr_acl, curr_expr) < 0 ) { aclerror("Could not add authorization"); return(-1); } if ( ACL_ExprSetPFlags(NULL, curr_expr, ACL_PFLAG_ABSOLUTE) < 0 ) { aclerror("Could not set deny processing flags"); return(-1); } } break; case 65: # line 659 "acltext.y" { curr_expr = ACL_ExprNew(ACL_EXPR_TYPE_RESPONSE) ; if ( curr_expr == NULL ) { aclerror("ACL_ExprNew(deny) failed"); return(-1); } if ( ACL_ExprAppend(NULL, curr_acl, curr_expr) < 0 ) { aclerror("Could not add authorization"); return(-1); } } break; case 67: # line 674 "acltext.y" { acl_string_lower(aclpvt[-2].string); if ( ACL_ExprSetDenyWith(NULL, curr_expr, aclpvt[-2].string, aclpvt[-0].string) < 0 ) { aclerror("ACL_ExprSetDenyWith() failed"); return(-1); } PERM_FREE(aclpvt[-2].string); PERM_FREE(aclpvt[-0].string); } break; case 68: # line 687 "acltext.y" { pflags = 0; curr_expr = ACL_ExprNew(ACL_EXPR_TYPE_AUTH) ; if ( curr_expr == NULL ) { aclerror("ACL_ExprNew(allow) failed"); return(-1); } curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0); if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) { aclerror("Could not set authorization info"); return(-1); } } break; case 69: # line 701 "acltext.y" { if ( ACL_ExprAppend(NULL, curr_acl, curr_expr) < 0 ) { aclerror("Could not add authorization"); return(-1); } } break; case 72: # line 713 "acltext.y" { acl_string_lower(aclpvt[-0].string); if ( ACL_ExprAddArg(NULL, curr_expr, aclpvt[-0].string) < 0 ) { aclerror("ACL_ExprAddArg() failed"); return(-1); } PERM_FREE(aclpvt[-0].string); } break; case 75: # line 728 "acltext.y" { acl_string_lower(aclpvt[-2].string); if ( PListInitProp(curr_auth_info, ACL_Attr2Index(aclpvt[-2].string), aclpvt[-2].string, aclpvt[-0].string, NULL) < 0 ) { } PERM_FREE(aclpvt[-2].string); } break; case 76: # line 736 "acltext.y" { acl_string_lower(aclpvt[-2].string); if ( PListInitProp(curr_auth_info, ACL_Attr2Index(aclpvt[-2].string), aclpvt[-2].string, aclpvt[-0].string, NULL) < 0 ) { } PERM_FREE(aclpvt[-2].string); } break; case 77: # line 746 "acltext.y" { pflags = 0; curr_expr = ACL_ExprNew(ACL_EXPR_TYPE_ALLOW) ; if ( curr_expr == NULL ) { aclerror("ACL_ExprNew(allow) failed"); return(-1); } } break; case 79: # line 756 "acltext.y" { pflags = 0; curr_expr = ACL_ExprNew(ACL_EXPR_TYPE_DENY) ; if ( curr_expr == NULL ) { aclerror("ACL_ExprNew(deny) failed"); return(-1); } } break; case 81: # line 768 "acltext.y" { if ( ACL_ExprAppend(NULL, curr_acl, curr_expr) < 0 ) { aclerror("Could not add authorization"); return(-1); } } break; case 82: # line 775 "acltext.y" { if ( ACL_ExprSetPFlags (NULL, curr_expr, pflags) < 0 ) { aclerror("Could not set authorization processing flags"); return(-1); } #ifdef DEBUG if ( ACL_ExprDisplay(curr_expr) < 0 ) { aclerror("ACL_ExprDisplay() failed"); return(-1); } printf("Parsed authorization.\n"); #endif } break; case 85: # line 795 "acltext.y" { pflags = ACL_PFLAG_ABSOLUTE; } break; case 86: # line 799 "acltext.y" { pflags = ACL_PFLAG_ABSOLUTE; } break; case 87: # line 803 "acltext.y" { pflags = ACL_PFLAG_CONTENT; } break; case 88: # line 807 "acltext.y" { pflags = ACL_PFLAG_CONTENT; } break; case 89: # line 811 "acltext.y" { pflags = ACL_PFLAG_TERMINAL; } break; case 90: # line 815 "acltext.y" { pflags = ACL_PFLAG_TERMINAL; } break; case 91: # line 821 "acltext.y" { pflags |= ACL_PFLAG_CONTENT; } break; case 92: # line 825 "acltext.y" { pflags |= ACL_PFLAG_ABSOLUTE; } break; case 93: # line 829 "acltext.y" { pflags |= ACL_PFLAG_ABSOLUTE | ACL_PFLAG_CONTENT; } break; case 94: # line 833 "acltext.y" { pflags |= ACL_PFLAG_ABSOLUTE | ACL_PFLAG_CONTENT; } break; case 95: # line 839 "acltext.y" { pflags |= ACL_PFLAG_CONTENT; } break; case 96: # line 843 "acltext.y" { pflags |= ACL_PFLAG_TERMINAL; } break; case 97: # line 847 "acltext.y" { pflags |= ACL_PFLAG_TERMINAL | ACL_PFLAG_CONTENT; } break; case 98: # line 851 "acltext.y" { pflags |= ACL_PFLAG_TERMINAL | ACL_PFLAG_CONTENT; } break; case 99: # line 857 "acltext.y" { pflags |= ACL_PFLAG_ABSOLUTE; } break; case 100: # line 861 "acltext.y" { pflags |= ACL_PFLAG_TERMINAL; } break; case 101: # line 865 "acltext.y" { pflags |= ACL_PFLAG_TERMINAL | ACL_PFLAG_ABSOLUTE; } break; case 102: # line 869 "acltext.y" { pflags |= ACL_PFLAG_TERMINAL | ACL_PFLAG_ABSOLUTE; } break; case 105: # line 879 "acltext.y" { acl_string_lower(aclpvt[-0].string); if ( ACL_ExprAddArg(NULL, curr_expr, aclpvt[-0].string) < 0 ) { aclerror("ACL_ExprAddArg() failed"); return(-1); } PERM_FREE( aclpvt[-0].string ); } break; case 107: # line 891 "acltext.y" { if ( ACL_ExprAnd(NULL, curr_expr) < 0 ) { aclerror("ACL_ExprAnd() failed"); return(-1); } } break; case 108: # line 898 "acltext.y" { if ( ACL_ExprOr(NULL, curr_expr) < 0 ) { aclerror("ACL_ExprOr() failed"); return(-1); } } break; case 111: # line 909 "acltext.y" { if ( ACL_ExprNot(NULL, curr_expr) < 0 ) { aclerror("ACL_ExprNot() failed"); return(-1); } } break; case 112: # line 918 "acltext.y" { acl_string_lower(aclpvt[-2].string); if ( ACL_ExprTerm(NULL, curr_expr, aclpvt[-2].string, (CmpOp_t) aclpvt[-1].ival, aclpvt[-0].string) < 0 ) { aclerror("ACL_ExprTerm() failed"); PERM_FREE(aclpvt[-2].string); PERM_FREE(aclpvt[-0].string); return(-1); } PERM_FREE(aclpvt[-2].string); PERM_FREE(aclpvt[-0].string); } break; case 113: # line 931 "acltext.y" { acl_string_lower(aclpvt[-2].string); if ( ACL_ExprTerm(NULL, curr_expr, aclpvt[-2].string, (CmpOp_t) aclpvt[-1].ival, aclpvt[-0].string) < 0 ) { aclerror("ACL_ExprTerm() failed"); PERM_FREE(aclpvt[-2].string); PERM_FREE(aclpvt[-0].string); return(-1); } PERM_FREE(aclpvt[-2].string); PERM_FREE(aclpvt[-0].string); } break; } goto aclstack; /* reset registers in driver code */ }