From 23bc1035a51fe54600db691981f8ed1537cbe125 Mon Sep 17 00:00:00 2001 From: Jose Bollo Date: Fri, 6 Dec 2019 15:12:36 +0100 Subject: agent-at: Move field separator from : to ; Because Smack labels and permissions of AGL all contain the character colon (:), it is better have a distinct field separator for agent-at. Bug-AGL: SPEC-2968 Change-Id: I378eefcd7b29e424acccced62abe48b35ad8736e Signed-off-by: Jose Bollo --- agent.md | 14 ++++++-------- cynagora.initial | 4 ++-- src/agent-at.c | 11 +++++++---- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/agent.md b/agent.md index 4e19d45..0f3e07f 100644 --- a/agent.md +++ b/agent.md @@ -32,7 +32,7 @@ The file `cynagora.initial` that provides a default initialisation file has the following lines: * * @ADMIN * yes forever - * * 0 * @:%c:%s:@ADMIN:%p forever + * * 0 * @:%c;%s;@ADMIN;%p forever The first line defines a special user `@ADMIN` that always has the permission. The special user can be seen as a group: the admin group. Remember that strings @@ -44,15 +44,15 @@ admin. To achieve that it uses the agent-AT mecanism. So if no other rule was selected for the user `0` then cynagora find at least the rule that requires to query the predefined agent `@` (AT) with the value -`%c:%s:@ADMIN:%p`. +`%c;%s;@ADMIN;%p`. The agent is asked with the following values: - - `%c:%s:@ADMIN:%p` the value + - `%c;%s;@ADMIN;%p` the value - `CLIENT`, `SESSION`, `USER` and `PERMISSION`, the values of original request -The AT-agent use the value `%c:%s:@ADMIN:%p` to compose a check query. -it interpret the value as a colon separated rule query of cynagora, in the +The AT-agent use the value `%c;%s;@ADMIN;%p` to compose a check query. +it interpret the value as a semi-colon separated rule query of cynagora, in the order: client, session, user, permission. Then it replaces any occurency of: - `%c` with value of `CLIENT` of original request @@ -60,7 +60,7 @@ order: client, session, user, permission. Then it replaces any occurency of: - `%u` with value of `USER` of original request - `%p` with value of `PERMISSION` of original request - `%%` with `%` - - `%:` with `:` + - `%;` with `;` So for the given value, the result at the end is the result of querying cynagora for the result of: @@ -73,5 +73,3 @@ cynagora for the result of: The query to cynagora with CLIENT SESSION @ADMIN PERMMISSION must be done using sub-query of agents. - - diff --git a/cynagora.initial b/cynagora.initial index c0430cd..a8a4a2e 100644 --- a/cynagora.initial +++ b/cynagora.initial @@ -10,6 +10,6 @@ #-------------------------------------------------------------------- # User "0" and clients "System" is in the group "@ADMIN" #-------------------------------------------------------------------- -* * 0 * @:%c:%s:@ADMIN:%p forever -System * * * @:%c:%s:@ADMIN:%p forever +* * 0 * @:%c;%s;@ADMIN;%p forever +System * * * @:%c;%s;@ADMIN;%p forever diff --git a/src/agent-at.c b/src/agent-at.c index 89e78d3..f0731f3 100644 --- a/src/agent-at.c +++ b/src/agent-at.c @@ -29,6 +29,9 @@ #include "data.h" #include "cyn.h" +static const char separator = ';'; +static const char escape = '%'; + /** * Parse the spec to extract the derived key to ask. * @@ -58,12 +61,12 @@ parse( /* compute value of the derived field */ inf = iout; while(*spec) { - if (*spec == ':' && ikey < 3) { + if (*spec == separator && ikey < 3) { /* : is the separator of key's items */ spec++; break; /* next key */ } - if (!(*spec == '%' && spec[1])) { + if (!(*spec == escape && spec[1])) { /* not a % substitution mark */ if (iout < szbuf) buffer[iout] = *spec; @@ -95,10 +98,10 @@ parse( } if (!sub) { /* no substitution */ - if (spec[1] != ':' && spec[1] != '%') { + if (spec[1] != separator && spec[1] != escape) { /* only escape % and : */ if (iout < szbuf) - buffer[iout] = '%'; + buffer[iout] = escape; iout++; } if (iout < szbuf) -- cgit 1.2.3-korg