From 12f3472c093bd7cf67b7380b987acb780c099b4d Mon Sep 17 00:00:00 2001 From: John Johansen Date: Tue, 26 Jun 2007 21:10:28 +0000 Subject: [PATCH] basic change_profile support --- parser/immunix.h | 2 ++ parser/parser.h | 2 +- parser/parser_misc.c | 8 ++++++-- parser/parser_yacc.y | 30 ++++++++++++++++++++++++++++-- 4 files changed, 37 insertions(+), 5 deletions(-) diff --git a/parser/immunix.h b/parser/immunix.h index 07498cab1..a85be77b5 100644 --- a/parser/immunix.h +++ b/parser/immunix.h @@ -39,6 +39,8 @@ AA_EXEC_UNCONSTRAINED | \ AA_EXEC_PROFILE) +#define AA_CHANGE_PROFILE (1 << 31) + /* Network subdomain extensions. */ #define AA_TCP_CONNECT (1 << 16) #define AA_TCP_ACCEPT (1 << 17) diff --git a/parser/parser.h b/parser/parser.h index 3519dba48..e26a27c6a 100644 --- a/parser/parser.h +++ b/parser/parser.h @@ -186,7 +186,7 @@ extern char *processunquoted(char *string, int len); extern int get_keyword_token(const char *keyword); extern char *process_var(const char *var); extern int parse_mode(const char *mode); -extern struct cod_entry *new_entry(char *id, char *mode); +extern struct cod_entry *new_entry(char *id, int mode); extern struct cod_net_entry *new_network_entry(int action, struct ipv4_endpoints *addrs, char *interface); diff --git a/parser/parser_misc.c b/parser/parser_misc.c index 568eda0e1..3fbe5c253 100644 --- a/parser/parser_misc.c +++ b/parser/parser_misc.c @@ -100,6 +100,7 @@ static struct keyword_table keyword_table[] = { {"else", TOK_ELSE}, {"not", TOK_NOT}, {"defined", TOK_DEFINED}, + {"change_profile", TOK_CHANGE_PROFILE}, /* terminate */ {NULL, 0} }; @@ -287,6 +288,9 @@ int parse_mode(const char *str_mode) PDEBUG("Parsing mode: %s\n", str_mode); + if (!str_mode) + return 0; + p = str_mode; while (*p) { char this = *p; @@ -463,7 +467,7 @@ struct cod_net_entry *new_network_entry(int action, return entry; } -struct cod_entry *new_entry(char *id, char *mode) +struct cod_entry *new_entry(char *id, int mode) { struct cod_entry *entry = NULL; @@ -472,7 +476,7 @@ struct cod_entry *new_entry(char *id, char *mode) return NULL; entry->name = id ? id : NULL; - entry->mode = mode ? parse_mode(mode) : 0; + entry->mode = mode; entry->deny = FALSE; entry->pattern_type = ePatternInvalid; diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y index db64a8d36..38d75acfc 100644 --- a/parser/parser_yacc.y +++ b/parser/parser_yacc.y @@ -85,6 +85,7 @@ void free_value_list(struct value_list *list); %token TOK_ELSE %token TOK_NOT %token TOK_DEFINED +%token TOK_CHANGE_PROFILE /* network tokens */ %token TOK_IP @@ -200,6 +201,7 @@ void free_value_list(struct value_list *list); %type flagval %type cap %type capability +%type change_profile %type TOK_SET_VAR %type TOK_BOOL_VAR %type TOK_VALUE @@ -417,6 +419,17 @@ rules: rules netrule $$ = $1; }; +rules: rules change_profile + { + PDEBUG("matched: rules change_profile\n"); + PDEBUG("rules change_profile: (%s)\n", $2->name); + if (!$2) + yyerror(_("Assert: `change_profile' returned NULL.")); + fprintf(stderr, "Hello adding change_profile\n"); + add_entry_to_policy($1, $2); + $$ = $1; + }; + rules: rules capability { $1->capabilities = $1->capabilities | CAP_TO_MASK($2); @@ -522,7 +535,7 @@ rule: TOK_ID TOK_MODE TOK_END_OF_RULE { struct cod_entry *entry; PDEBUG("Matched: tok_id (%s) tok_mode (%s)\n", $1, $2); - entry = new_entry($1, $2); + entry = new_entry($1, parse_mode($2)); if (!entry) yyerror(_("Memory allocation error.")); PDEBUG("rule.entry: (%s)\n", entry->name); @@ -534,7 +547,7 @@ rule: TOK_SET_VAR TOK_MODE TOK_END_OF_RULE { struct cod_entry *entry; PDEBUG("Matched: tok_id (%s) tok_mode (%s)\n", $1, $2); - entry = new_entry($1, $2); + entry = new_entry($1, parse_mode($2)); if (!entry) yyerror(_("Memory allocation error.")); PDEBUG("rule.entry: (%s)\n", entry->name); @@ -830,6 +843,19 @@ ports: TOK_COLON TOK_NUM TOK_RANGE TOK_NUM $$ = ports; }; +change_profile: TOK_CHANGE_PROFILE TOK_ID TOK_END_OF_RULE + { + struct cod_entry *entry; + PDEBUG("Matched change_profile: tok_id (%s)\n", $2); + fprintf(stderr, "change_profile\n"); + entry = new_entry($2, AA_CHANGE_PROFILE); + if (!entry) + yyerror(_("Memory allocation error.")); + PDEBUG("change_profile.entry: (%s)\n", entry->name); + $$ = entry; + fprintf(stderr, "change_prifle got entry\n"); + }; + capability: TOK_CAPABILITY cap TOK_END_OF_RULE { $$ = $2;