%{
/*
 * Copyright 1993 OpenVision Technologies, Inc., All Rights Reserved.
 *
 * $Id$
 * $Source$
 * 
 * $Log$
 * Revision 1.3  1996/07/22 20:28:49  marc
 * this commit includes all the changes on the OV_9510_INTEGRATION and
 * OV_MERGE branches.  This includes, but is not limited to, the new openvision
 * admin system, and major changes to gssapi to add functionality, and bring
 * the implementation in line with rfc1964.  before committing, the
 * code was built and tested for netbsd and solaris.
 *
 * Revision 1.2.4.1  1996/07/18 03:03:31  marc
 * merged in changes from OV_9510_BP to OV_9510_FINAL1
 *
 * Revision 1.2.2.1  1996/06/20  21:56:31  marc
 * File added to the repository on a branch
 *
 * Revision 1.2  1993/11/05  07:47:46  bjaspan
 * add and use cmp_gss_names, fix regexp bug
 *
 * Revision 1.1  1993/11/05  07:08:48  bjaspan
 * Initial revision
 *
 */

#if !defined(lint) && !defined(__CODECENTER__)
static char *rcsid = "$Header$";
#endif

enum tokens {
     NEWLINE = 257,
     COMMA,
     SEMI,

     GET = 300,
     ADD,
     MODIFY,
     DELETE,

     ID = 350,
};

typedef union {
     char *s;
} toktype;

toktype tokval;
int acl_lineno = 0;

%}

%%

\n		acl_lineno++; 
[ \t]*		;
[ ]*#.*		;
","		return (COMMA);
";"		return (SEMI);
"get"		return (GET);
"add"		return (ADD);
"modify"	return (MODIFY);
"delete"	return (DELETE);
^[^ \t\n]+		{ tokval.s = yytext; return (ID); }

%%
     
#include <string.h>
#include <syslog.h>
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_krb5.h>
#include <ovsec_admin/admin.h>

typedef struct _entry {
     gss_name_t gss_name;
     char *name;
     u_int privs;
     struct _entry *next;
} acl_entry;

static acl_entry *acl_head = NULL;

static void error(char *msg);

int parse_aclfile(FILE *acl_file)
{
     OM_uint32 gssstat, minor_stat;
     gss_buffer_desc in_buf;
     acl_entry *entry;
     enum tokens tok;

     yyin = acl_file;

     acl_lineno = 1;
     while ((tok = yylex()) != 0) {
	  if (tok != ID) {
	       error("expected identifier");
	       goto error;
	  }

	  entry = (acl_entry *) malloc(sizeof(acl_entry));
	  if (entry == NULL) {
	       error("out of memory");
	       goto error;
	  }
	  entry->name = strdup(tokval.s);
	  entry->privs = 0;
	  while (1) {
	       switch (tok = yylex()) {
	       case GET:
		    entry->privs |= OVSEC_KADM_PRIV_GET;
		    break;
	       case ADD:
		    entry->privs |= OVSEC_KADM_PRIV_ADD;
		    break;
	       case MODIFY:
		    entry->privs |= OVSEC_KADM_PRIV_MODIFY;
		    break;
	       case DELETE:
		    entry->privs |= OVSEC_KADM_PRIV_DELETE;
		    break;
	       default:
		    error("expected privilege");
		    goto error;
	       }
	       tok = yylex();
	       if (tok == COMMA)
		    continue;
	       else if (tok == SEMI)
		    break;
	       else {
		    error("expected comma or semicolon");
		    goto error;
	       }
	  }

	  in_buf.value = entry->name;
	  in_buf.length = strlen(entry->name) + 1;
	  gssstat = gss_import_name(&minor_stat, &in_buf,
				    gss_nt_krb5_name, &entry->gss_name);
	  if (gssstat != GSS_S_COMPLETE) {
	       error("invalid name");
	       goto error;
	  }
	  
	  if (acl_head == NULL) {
	       entry->next = NULL;
	       acl_head = entry;
	  } else {
	       entry->next = acl_head;
	       acl_head = entry;
	  }
     }
     return 0;

error:
     return 1;
}

int acl_check(gss_name_t caller, int priv)
{
     acl_entry *entry;
     
     entry = acl_head;
     while (entry) {
	  if (cmp_gss_names(entry->gss_name, caller) && entry->privs & priv)
	       return 1;
	  entry = entry->next;
     }
     return 0;
}

int cmp_gss_names(gss_name_t name1, gss_name_t name2)
{
     OM_uint32 minor_stat;
     int eq;
     (void) gss_compare_name(&minor_stat, name1, name2, &eq);
     return eq;
}

static void error(char *msg)
{
     syslog(LOG_ERR, "Error while parsing acl file, line %d: %s\n",
	    acl_lineno, msg);
}

yywrap() { return(1); }