%{ #include #include #include using namespace std; // int error; // Security::SecAttribute attr; // string iface_name; // string opt; // SecurityDomain::DomainAuthorityAdmin_var admt; // SecurityAdmin::AuditPolicy_var cpol; // client policy // SecurityAdmin::AuditPolicy_var spol; // server policy // Security::AuditCombinator at_comb; // Security::AuditEventTypeList eventtypelst; // Security::SelectorValueList selectorlst; // // MICOSDM::NameExt_impl namext; // SecurityDomain::Name * nm; // SecurityDomain::PolicyCombinator pol_comb; // MICOSDM::DomainManagerFactory_impl * dm_factory; %} %option noyywrap %option yyclass="AuditConfig" %x comment evt atcomb iface option vle rec combp recom optcom %% [[:blank:]\n]+ "#" {// comment BEGIN(comment); } .*/\n { // comment here, nothing to do BEGIN(INITIAL); } <> {// End of file if (error) *yyout << "\n** syntax error(s)!\n"; return 0; } "/"[[:alnum:]\/\:\.]+/[[:blank:]\n]+ {// domain name here nm = namext.to_name(YYText()); for (CORBA::ULong i = 0; i < nm->length(); i++) { (*nm)[i].kind = CORBA::string_dup((*nm)[0].id); } dm_factory->add_root_domain_manager((*nm)[0].id); SecurityDomain::DomainManagerAdmin_var dmroot = dm_factory->get_root_domain_manager((*nm)[0].id); SecurityDomain::Name tempname; tempname.length(1); SecurityDomain::DomainManagerAdmin_var dmt = SecurityDomain::DomainManagerAdmin::_duplicate(dmroot); CORBA::ULong i; for (i = 1; i < nm->length(); i++) { // check full name and create if necessary SecurityDomain::DomainAuthorityAdmin_var adm = SecurityDomain::DomainAuthorityAdmin::_narrow(dmt); tempname[0] = (*nm)[i]; SecurityDomain::DomainManagerAdmin_var dm = adm->get_domain_manager(tempname); if (CORBA::is_nil(dm)) { // no such name SecurityDomain::DomainManagerAdmin_var ndm = dm_factory->create_domain_manager(); adm->add_domain_manager(ndm, tempname); dmt = SecurityDomain::DomainManagerAdmin::_duplicate(ndm); } else { dmt = SecurityDomain::DomainManagerAdmin::_duplicate(dm); } } // tempname.length(nm->length() - 1); for (i = 1; i < nm->length(); i++) tempname[i -1] = (*nm)[i]; SecurityDomain::DomainAuthorityAdmin_var admroot = SecurityDomain::DomainAuthorityAdmin::_narrow(dmroot); dmt = admroot->get_domain_manager(tempname); // our target domain manager, not nil ! admt = SecurityDomain::DomainAuthorityAdmin::_narrow(dmt); CORBA::Policy_ptr po = admt->get_domain_policy(Security::SecTargetInvocationAudit); spol = SecurityAdmin::AuditPolicy::_narrow(po); delete nm; BEGIN(rec); } [[:blank:]]+ "Combinator"[[:blank:]]*"="[[:blank:]]*/[[:alpha:]]+ [[:alpha:]]+/[[:blank:]\n]+"{" {// Policy combinator string str(YYText()); if (str == "Union") pol_comb = SecurityDomain::Union; else if (str == "Intersection") pol_comb = SecurityDomain::Intersection; else if (str == "Negation") pol_comb = SecurityDomain::Negation; else { *yyout << "** Unknown Policy Combinator type - " << str << endl; error = 1; return 0; } BEGIN(rec); } .*/\n { BEGIN(rec); } [[:blank:]\n]+ "#" { BEGIN(recom); } "{" [[:blank:]\n]* "}" { // end of policy fulfilment admt->set_domain_policy(spol); admt->set_policy_combinator(Security::SecTargetInvocationAudit, SecurityDomain::Union); BEGIN(INITIAL); } "("[[:blank:]\n]* ("server"|"client")/[[:blank:]]*":" { // server/client, not used in this mapping (object->domain) string str(YYText()); BEGIN(atcomb); } [[:blank:]]*":" [[:blank:]]* ("All"|"Any")/[[:blank:]]+ { // audit combinator string str(YYText()); if (str == "Any") at_comb = Security::SecAnySelector; else if (str == "All") at_comb = Security::SecAllSelectors; else { *yyout << "** Unknown Audit Combinator type - " << str << endl; error = 1; return 0; } BEGIN(iface); } [[:blank:]]+ ([[:alnum:]\/\:\.]+|"*")/[[:blank:]]+"[" { // interface name iface_name = YYText(); if (iface_name == "*") iface_name = ""; eventtypelst.length(0); BEGIN(evt); } [[:blank:]]+"[" [[:alpha:][:blank:]\,]+/"]" { // event types list, remove blanks first string tmp(YYText()); string list(""); CORBA::ULong i, j; for (i = 0; i < tmp.length(); i++) { if (tmp[i] == ' ') continue; list += tmp[i]; } list += ','; i = 0; int len = 0; string part; Security::AuditEventType evtype; evtype.event_family.family_definer = 0; // OMG evtype.event_family.family = 12; // Audit event family for (; (j = list.find(',', i)) >= 0; j++, i += j - i) { part = list.substr(i, j - i); if (part == "All") { evtype.event_type = Security::AuditAll; } else if (part == "PrincipalAuth") { evtype.event_type = Security::AuditPrincipalAuth; } else if (part == "SessionAuth") { evtype.event_type = Security::AuditSessionAuth; } else if (part == "Authorization") { evtype.event_type = Security::AuditAuthorization; } else if (part == "Invocation") { evtype.event_type = Security::AuditInvocation; } // else if (part == "FailedAuthorization") // evtype.event_type = Security::AuditFailedAuthorization; else { *yyout << "** Unknown Audit Event type - " << part << endl; error = 1; return 0; } eventtypelst.length(len + 1); eventtypelst[len] = evtype; len++; } // selectorlst->length(7); selectorlst[0].selector = Security::InterfaceName; selectorlst[0].value <<= ""; selectorlst[1].selector = Security::ObjectRef; selectorlst[1].value <<= ""; selectorlst[2].selector = Security::Operation; selectorlst[2].value <<= ""; selectorlst[3].selector = Security::Initiator; selectorlst[3].value <<= ""; selectorlst[4].selector = Security::SuccessFailure; selectorlst[4].value <<= (short)(-1); selectorlst[5].selector = Security::Time; SecurityAdmin::AuditTimeInterval time_interval; time_interval.begin = 1; time_interval.end = 1; selectorlst[5].value <<= time_interval; //any time interval; selectorlst[6].selector = Security::DayOfWeek; selectorlst[6].value <<= (short)(-1); //any day of week BEGIN(option); } .*/\n { BEGIN(option); }