1
/* $Id: parser_policy.c 412 2007-02-27 02:29:16Z jrjohansen $ */
4
* Copyright (c) 1999, 2000, 2002, 2003, 2004, 2005 NOVELL (All rights reserved)
6
* This program is free software; you can redistribute it and/or
7
* modify it under the terms of version 2 of the GNU General Public
8
* License published by the Free Software Foundation.
10
* This program is distributed in the hope that it will be useful,
11
* but WITHOUT ANY WARRANTY; without even the implied warranty of
12
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
* GNU General Public License for more details.
15
* You should have received a copy of the GNU General Public License
16
* along with this program; if not, contact Novell, Inc.
19
#define _GNU_SOURCE /* for strndup */
26
#define _(s) gettext(s)
29
#include "parser_yacc.h"
33
#define PDEBUG(fmt, args...) printf("Lexer: " fmt, ## args)
35
#define PDEBUG(fmt, args...) /* Do nothing */
37
#define NPDEBUG(fmt, args...) /* Do nothing */
39
void *policy_list = NULL;
41
static int codomain_compare(const void *a, const void *b)
43
return strcmp(((struct codomain *) a)->name,
44
((struct codomain *) b)->name);
47
void add_to_list(struct codomain *codomain)
49
struct codomain **result;
51
result = (struct codomain **) tsearch(codomain, &policy_list, codomain_compare);
53
PERROR("Memory allocation error\n");
57
if (*result != codomain) {
58
PERROR("Multiple definitions for profile %s exist,"
59
"bailing out.\n", codomain->name);
64
void add_hat_to_policy(struct codomain *cod, struct codomain *hat)
66
struct codomain **result;
68
result = (struct codomain **) tsearch(hat, &(cod->hat_table), codomain_compare);
70
PERROR("Memory allocation error\n");
75
PERROR("Multiple definitions for hat %s in profile %s exist,"
76
"bailing out.\n", hat->name, cod->name);
81
void add_entry_to_policy(struct codomain *cod, struct cod_entry *entry)
83
entry->next = cod->entries;
87
void add_netrule_to_policy(struct codomain *cod, struct cod_net_entry *net_entry)
89
net_entry->next = cod->net_entries;
90
cod->net_entries = net_entry;
93
static void __merge_rules(const void *nodep, const VISIT value,
94
const int __unused depth)
96
struct codomain **t = (struct codomain **) nodep;
98
if (value == preorder || value == endorder)
101
if (!codomain_merge_rules(*t)) {
102
PERROR(_("ERROR merging rules for profile %s, failed to load\n"),
108
int post_merge_rules(void)
110
twalk(policy_list, __merge_rules);
114
int merge_hat_rules(struct codomain *cod)
116
twalk(cod->hat_table, __merge_rules);
120
int die_if_any_regex(void);
121
static int die_if_any_hat_regex(struct codomain *cod);
122
static int any_regex_entries(struct cod_entry *entry_list);
124
/* only call if regex is not allowed */
125
static void __any_regex(const void *nodep, const VISIT value,
126
const int __unused depth)
128
struct codomain **t = (struct codomain **) nodep;
130
if (value == preorder || value == endorder)
133
if (any_regex_entries((*t)->entries)) {
134
PERROR(_("ERROR profile %s contains policy elements not usable with this kernel:\n"
135
"\t'*', '?', character ranges, and alternations are not allowed.\n"
136
"\t'**' may only be used at the end of a rule.\n"),
141
die_if_any_hat_regex(*t);
144
/* only call if regex is not allowed */
145
int die_if_any_regex(void)
147
twalk(policy_list, __any_regex);
151
/* only call if regex is not allowed */
152
static int die_if_any_hat_regex(struct codomain *cod)
154
twalk(cod->hat_table, __any_regex);
158
static int any_regex_entries(struct cod_entry *entry_list)
160
struct cod_entry *entry;
162
list_for_each(entry_list, entry) {
163
if (entry->pattern_type == ePatternRegex)
170
static void __process_regex(const void *nodep, const VISIT value,
171
const int __unused depth)
173
struct codomain **t = (struct codomain **) nodep;
175
if (value == preorder || value == endorder)
178
if (process_regex(*t) != 0) {
179
PERROR(_("ERROR processing regexs for profile %s, failed to load\n"),
185
int post_process_regex(void)
187
twalk(policy_list, __process_regex);
191
int process_hat_regex(struct codomain *cod)
193
twalk(cod->hat_table, __process_regex);
197
static void __process_variables(const void *nodep, const VISIT value,
198
const int __unused depth)
200
struct codomain **t = (struct codomain **) nodep;
202
if (value == preorder || value == endorder)
205
if (process_variables(*t) != 0) {
206
PERROR(_("ERROR expanding variables for profile %s, failed to load\n"),
212
int post_process_variables(void)
214
twalk(policy_list, __process_variables);
218
int process_hat_variables(struct codomain *cod)
220
twalk(cod->hat_table, __process_variables);
224
/* Yuck, is their no other way to pass arguments to a twalk action */
225
static int __load_option;
227
static void __load_policy(const void *nodep, const VISIT value,
228
const int __unused depth)
230
struct codomain **t = (struct codomain **) nodep;
232
if (value == preorder || value == endorder)
235
if (load_codomain(__load_option, *t) != 0) {
240
int load_policy(int option)
242
__load_option = option;
243
twalk(policy_list, __load_policy);
247
/* Yuck, is their no other way to pass arguments to a twalk action */
248
static sd_serialize *__p;
250
static void __load_hat(const void *nodep, const VISIT value,
251
const int __unused depth)
253
struct codomain **t = (struct codomain **) nodep;
255
if (value == preorder || value == endorder)
258
if (!sd_serialize_profile(__p, *t)) {
259
PERROR(_("ERROR in profile %s, failed to load\n"),
265
int load_hats(sd_serialize *p, struct codomain *cod)
268
twalk(cod->hat_table, __load_hat);
272
static void __dump_policy(const void *nodep, const VISIT value,
273
const int __unused depth)
275
struct codomain **t = (struct codomain **) nodep;
277
if (value == preorder || value == endorder)
283
void dump_policy(void)
285
twalk(policy_list, __dump_policy);
288
void dump_policy_hats(struct codomain *cod)
290
twalk(cod->hat_table, __dump_policy);
294
static struct codomain *__dump_policy_name;
296
static void __dump_policy_hatnames(const void *nodep, const VISIT value,
297
const int __unused depth)
299
struct codomain **t = (struct codomain **) nodep;
301
if (value == preorder || value == endorder)
304
printf("%s^%s\n", __dump_policy_name->name, (*t)->sub_name);
307
void dump_policy_hatnames(struct codomain *cod)
309
__dump_policy_name = cod;
310
twalk(cod->hat_table, __dump_policy_hatnames);
313
static void __dump_policy_names(const void *nodep, const VISIT value,
314
const int __unused depth)
316
struct codomain **t = (struct codomain **) nodep;
318
if (value == preorder || value == endorder)
321
printf("%s\n", (*t)->name);
322
dump_policy_hatnames(*t);
325
void dump_policy_names(void)
327
twalk(policy_list, __dump_policy_names);
330
/* gar, more global arguments */
331
struct codomain *__hat_merge_policy;
333
static void __merge_hat(const void *nodep, const VISIT value,
334
const int __unused depth)
336
struct codomain **t = (struct codomain **) nodep;
338
if (value == preorder || value == endorder)
340
add_hat_to_policy(__hat_merge_policy, (*t));
343
/* merge_hats: merges hat_table into hat_table owned by cod */
344
static void merge_hats(struct codomain *cod, void *hats)
346
__hat_merge_policy = cod;
347
twalk(hats, __merge_hat);
350
/* don't want to free the hat entries in the table, as they were pushed
351
* onto the other table. */
352
static void empty_destroy(void __unused *nodep)
357
struct codomain *merge_policy(struct codomain *a, struct codomain *b)
359
struct codomain *ret = a;
360
struct cod_entry *last;
361
struct cod_net_entry *lastnet;
369
if (a->name || b->name) {
370
PERROR("ASSERT: policy merges shouldn't have names %s %s\n",
371
a->name ? a->name : "",
372
b->name ? b->name : "");
377
list_last_entry(a->entries, last);
378
last->next = b->entries;
380
a->entries = b->entries;
384
if (a->net_entries) {
385
list_last_entry(a->net_entries, lastnet);
386
lastnet->next = b->net_entries;
388
a->net_entries = b->net_entries;
390
b->net_entries = NULL;
392
a->flags.complain = a->flags.complain || b->flags.complain;
393
a->flags.audit = a->flags.audit || b->flags.audit;
395
a->capabilities = a->capabilities | b->capabilities;
396
merge_hats(a, b->hat_table);
397
tdestroy(b->hat_table, &empty_destroy);
405
int post_process_policy(void)
409
retval = post_merge_rules();
411
PERROR(_("%s: Errors found in combining rules postprocessing. Aborting.\n"),
416
retval = post_process_variables();
418
PERROR(_("%s: Errors found during regex postprocess. Aborting.\n"),
423
retval = post_process_regex();
425
PERROR(_("%s: Errors found during regex postprocess. Aborting.\n"),
433
void free_hat_entry(void *nodep)
435
struct codomain *t = (struct codomain *)nodep;
439
void free_hat_table(void *hat_table)
442
tdestroy(hat_table, &free_hat_entry);
445
void free_policy(struct codomain *cod)
449
free_hat_table(cod->hat_table);
450
free_cod_entries(cod->entries);
451
free_net_entries(cod->net_entries);
453
aare_delete_ruleset(cod->dfarules);