has the following lines:
* * @ADMIN * yes forever
- * * 0 * @:%c:%s:@ADMIN:%p forever
+ * * 0 * @:%c;%s;@ADMIN;%p forever
The first line defines a special user `@ADMIN` that always has the permission.
The special user can be seen as a group: the admin group. Remember that strings
So if no other rule was selected for the user `0` then cynagora find at least
the rule that requires to query the predefined agent `@` (AT) with the value
-`%c:%s:@ADMIN:%p`.
+`%c;%s;@ADMIN;%p`.
The agent is asked with the following values:
- - `%c:%s:@ADMIN:%p` the value
+ - `%c;%s;@ADMIN;%p` the value
- `CLIENT`, `SESSION`, `USER` and `PERMISSION`, the values of original request
-The AT-agent use the value `%c:%s:@ADMIN:%p` to compose a check query.
-it interpret the value as a colon separated rule query of cynagora, in the
+The AT-agent use the value `%c;%s;@ADMIN;%p` to compose a check query.
+it interpret the value as a semi-colon separated rule query of cynagora, in the
order: client, session, user, permission. Then it replaces any occurency of:
- `%c` with value of `CLIENT` of original request
- `%u` with value of `USER` of original request
- `%p` with value of `PERMISSION` of original request
- `%%` with `%`
- - `%:` with `:`
+ - `%;` with `;`
So for the given value, the result at the end is the result of querying
cynagora for the result of:
The query to cynagora with CLIENT SESSION @ADMIN PERMMISSION must be done using
sub-query of agents.
-
-
#--------------------------------------------------------------------
# User "0" and clients "System" is in the group "@ADMIN"
#--------------------------------------------------------------------
-* * 0 * @:%c:%s:@ADMIN:%p forever
-System * * * @:%c:%s:@ADMIN:%p forever
+* * 0 * @:%c;%s;@ADMIN;%p forever
+System * * * @:%c;%s;@ADMIN;%p forever
#include "data.h"
#include "cyn.h"
+static const char separator = ';';
+static const char escape = '%';
+
/**
* Parse the spec to extract the derived key to ask.
*
/* compute value of the derived field */
inf = iout;
while(*spec) {
- if (*spec == ':' && ikey < 3) {
+ if (*spec == separator && ikey < 3) {
/* : is the separator of key's items */
spec++;
break; /* next key */
}
- if (!(*spec == '%' && spec[1])) {
+ if (!(*spec == escape && spec[1])) {
/* not a % substitution mark */
if (iout < szbuf)
buffer[iout] = *spec;
}
if (!sub) {
/* no substitution */
- if (spec[1] != ':' && spec[1] != '%') {
+ if (spec[1] != separator && spec[1] != escape) {
/* only escape % and : */
if (iout < szbuf)
- buffer[iout] = '%';
+ buffer[iout] = escape;
iout++;
}
if (iout < szbuf)
Code Review / src / cynagora.git / commitdiff