make the use of flags= optional

parser/parser_lex.l

@@ -190,7 +190,7 @@ ADD_ASSIGN	\+=
 			return TOK_FLAG_CLOSEPAREN;
 			}
 
-	{WS}+	{ /* Eat whitespace */ }
+	{WS}+		{ /* Eat whitespace */ }
 
 	{FLAGSEP}	{
 			PDEBUG("Flag , \n");
@@ -201,26 +201,12 @@ ADD_ASSIGN	\+=
 			PDEBUG("Flag = \n");
 			return TOK_EQUALS;
 			}
-
 	{KEYWORD}	{
-			int token = get_keyword_token(yytext);
+			yylval = (YYSTYPE) strdup(yytext);
-
+			return TOK_FLAG_ID;
-			/* special cases */
-			switch (token) {
-			case TOK_FLAG_AUDIT:
-			case TOK_FLAG_COMPLAIN:
-			case TOK_FLAG_DEBUG:
-				/* legit */
-				break;
-			default:
-				/* bad keyword or no token found */
-				yyerror(_("Found unknown flag: '%s'"), yytext);
-				break;
 			}
-			return token;
-  			}
 
-	[^\n] 		{
+	[^\n]		{
 			/* Something we didn't expect */
 			yyerror(_("Found unexpected character: '%s'"), yytext);
 			}
@@ -352,6 +338,12 @@ ADD_ASSIGN	\+=
 			return TOK_COLON;
 			}
 
+{FLAGOPEN_PAREN}	{
+			PDEBUG("FLag (\n");
+			BEGIN(FLAGS_MODE);
+			return TOK_FLAG_OPENPAREN;
+			}
+
 {VARIABLE_NAME}		{
 			int token = get_keyword_token(yytext);
 

parser/parser_misc.c

@@ -82,9 +82,6 @@ static struct keyword_table keyword_table[] = {
 	{"audit_control",	TOK_CAP_AUDIT_CONTROL},
 	/* flags */
 	{"flags",		TOK_FLAGS},
-	{"debug",		TOK_FLAG_DEBUG},
-	{"complain",		TOK_FLAG_COMPLAIN},
-	{"audit",		TOK_FLAG_AUDIT},
 	/* network */
 	{"via",			TOK_VIA},
 	{"tcp_connect",		TOK_TCP_CONN},

parser/parser_yacc.y

@@ -150,12 +150,11 @@ struct cod_entry *do_file_rule(char *namespace, char *id, int mode);
 %token TOK_FLAG_OPENPAREN
 %token TOK_FLAG_CLOSEPAREN
 %token TOK_FLAG_SEP
-%token TOK_FLAG_DEBUG
+%token TOK_FLAG_ID
-%token TOK_FLAG_COMPLAIN
-%token TOK_FLAG_AUDIT
 
 %union {
 	char *id;
+	char *flag_id;
 	char *ip;
 	char *iface;
 	char *mode;
@@ -208,6 +207,7 @@ struct cod_entry *do_file_rule(char *namespace, char *id, int mode);
 %type <flags>	flags
 %type <flags>	flagvals
 %type <flags>	flagval
+%type <flag_id>	TOK_FLAG_ID
 %type <cap>	cap
 %type <cap>	capability
 %type <user_entry> change_profile
@@ -390,6 +390,11 @@ flags:	TOK_FLAGS TOK_EQUALS TOK_FLAG_OPENPAREN flagvals TOK_FLAG_CLOSEPAREN
 		$$ = $4;
 	};
 
+flags: TOK_FLAG_OPENPAREN flagvals TOK_FLAG_CLOSEPAREN
+	{
+		$$ = $2;
+	}
+
 flagvals:	flagvals TOK_FLAG_SEP flagval
 	{
 		$1.complain = $1.complain || $3.complain;
@@ -403,27 +408,19 @@ flagvals:	flagval
 		$$ = $1;
 	};
 
-flagval:	TOK_FLAG_DEBUG 
+flagval:	TOK_FLAG_ID
 	{
-		PDEBUG("Matched: flag debug\n");
+		struct flagval fv = {0, 0, 0};
-		yyerror(_("flags=(debug) is no longer supported, sorry."));
+		if (strcmp($1, "debug") == 0) {
-	};
+			yyerror(_("Profile flag 'debug' is no longer valid."));
-
+		} else if (strcmp($1, "complain") == 0) {
-flagval:	TOK_FLAG_COMPLAIN
+			fv.complain = 1;
-	{
+		} else if (strcmp($1, "audit") == 0) {
-		struct flagval fv = { 0, 1, 0 };
+			fv.audit = 1;
-
+		} else {
-		PDEBUG("Matched: flag complain\n");
+			yyerror(_("Invalid profile flag: %s."), $1);
-
+		}
-		$$ = fv;
+		free($1);
-	};
-
-flagval:	TOK_FLAG_AUDIT
-	{
-		struct flagval fv = { 0, 0, 1 };
-
-		PDEBUG("Matched: flag audit\n");
-
 		$$ = fv;
 	};
 

parser/tst/simple_tests/flags_bad5.sd

@@ -0,0 +1,39 @@
+#
+# $Id: flags_bad.sd 66 2006-06-01 18:02:28Z steve-beattie $
+#=DESCRIPTION Ensure debug flag is no longer accepted
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist (debug) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist r,
+}
+
+/does/not/exist2 (audit,debug) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist2 r,
+}
+
+/does/not/exist3 (debug,complain) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist5 r,
+}
+
+/does/not/exist4 (audit,complain) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist7 r,
+
+  ^debug (debug) {
+    /var/log/debug rwl,
+  }
+}
+

parser/tst/simple_tests/flags_bad6.sd

@@ -0,0 +1,13 @@
+#
+# $Id: flags_bad2.sd 66 2006-06-01 18:02:28Z steve-beattie $
+#=DESCRIPTION Don't accept other keyword as a flag
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist (capability) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist r,
+}

parser/tst/simple_tests/flags_bad7.sd

@@ -0,0 +1,19 @@
+#
+# $Id: flags_bad3.sd 66 2006-06-01 18:02:28Z steve-beattie $
+#=DESCRIPTION Ensure really bad parsing fails
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist (blahblab {
+
+  /usr/X11R6/lib/lib*so* r
+  /does/not/exist r
+}
+
+audit) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist2 r,
+}

parser/tst/simple_tests/flags_bad8.sd

@@ -0,0 +1,14 @@
+#
+# $Id: flags_bad4.sd 66 2006-06-01 18:02:28Z steve-beattie $
+#=DESCRIPTION Bad flags parsing should fail
+#=EXRESULT FAIL
+# vim:syntax=subdomain
+# Last Modified: Sun Apr 17 19:44:44 2005
+#
+/does/not/exist ({{{ }} { } { } audit
+{{}}}{{{} {}{}{} / ^ ) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist r,
+}

parser/tst/simple_tests/flags_hats_ok.sd

@@ -25,6 +25,10 @@
   ^FOO flags=(complain) {
     #include <includes/base>
   }
+
+  ^FOO2 (complain) {
+    #include <includes/base>
+  }
 }
 
 /does/not/exist3 flags=(complain) {
@@ -36,6 +40,9 @@
   ^FOO flags=(audit) {
     #include <includes/base>
   }
+  ^FOO2 (audit) {
+    #include <includes/base>
+  }
 }
 
 /does/not/exist4 {
@@ -47,6 +54,9 @@
   ^FOO flags=(complain) {
     #include <includes/base>
   }
+  ^FOO2 (complain) {
+    #include <includes/base>
+  }
 }
 
 /does/not/exist5 flags=(audit) {
@@ -69,6 +79,9 @@
   ^FOO flags=(audit) {
     #include <includes/base>
   }
+  ^FOO2 (audit) {
+    #include <includes/base>
+  }
 }
 
 /does/not/exist7 flags=(audit) {
@@ -80,6 +93,9 @@
   ^FOO flags=(complain) {
     #include <includes/base>
   }
+  ^FOO2 (complain) {
+    #include <includes/base>
+  }
 }
 
 /does/not/exist8 {
@@ -91,6 +107,9 @@
   ^FOO flags=(audit) {
     #include <includes/base>
   }
+  ^FOO2 (audit) {
+    #include <includes/base>
+  }
 }
 
 /does/not/exist9 {
@@ -103,6 +122,10 @@
     #include <includes/base>
   }
 
+  ^FOO2 (audit) {
+    #include <includes/base>
+  }
+
   ^BAR {
     #include <includes/fonts>
   }
@@ -111,11 +134,173 @@
     #include <includes/fonts>
   }
 
+  ^BAZ2 (audit) {
+    #include <includes/fonts>
+  }
+
   ^BIF flags=(complain) {
     #include <includes/base>
   }
 
+  ^BIF2 (complain) {
+    #include <includes/base>
+  }
+
   ^BUZ flags=(complain,audit) {
     /var/log/messages r,
   }
+
+  ^BUZ2 (complain,audit) {
+    /var/log/messages r,
+  }
+}
+
+/does/not/exist11 flags=(complain) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist r,
+
+  ^FOO {
+    #include <includes/base>
+  }
+}
+
+/does/not/exist12 flags=(complain) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist2 r,
+
+  ^FOO flags=(complain) {
+    #include <includes/base>
+  }
+
+  ^FOO2 (complain) {
+    #include <includes/base>
+  }
+}
+
+/does/not/exist13 flags=(complain) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist3 r,
+
+  ^FOO flags=(audit) {
+    #include <includes/base>
+  }
+  ^FOO2 (audit) {
+    #include <includes/base>
+  }
+}
+
+/does/not/exist14 {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist4 r,
+
+  ^FOO flags=(complain) {
+    #include <includes/base>
+  }
+  ^FOO2 (complain) {
+    #include <includes/base>
+  }
+}
+
+/does/not/exist15 flags=(audit) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist5 r,
+
+  ^FOO {
+    #include <includes/base>
+  }
+}
+
+/does/not/exist16 flags=(audit) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist6 r,
+
+  ^FOO flags=(audit) {
+    #include <includes/base>
+  }
+  ^FOO2 (audit) {
+    #include <includes/base>
+  }
+}
+
+/does/not/exist17 flags=(audit) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist7 r,
+
+  ^FOO flags=(complain) {
+    #include <includes/base>
+  }
+  ^FOO2 (complain) {
+    #include <includes/base>
+  }
+}
+
+/does/not/exist18 {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist8 r,
+
+  ^FOO flags=(audit) {
+    #include <includes/base>
+  }
+  ^FOO2 (audit) {
+    #include <includes/base>
+  }
+}
+
+/does/not/exist19 {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist9 r,
+
+  ^FOO flags=(audit) {
+    #include <includes/base>
+  }
+
+  ^FOO2 (audit) {
+    #include <includes/base>
+  }
+
+  ^BAR {
+    #include <includes/fonts>
+  }
+
+  ^BAZ flags=(audit) {
+    #include <includes/fonts>
+  }
+
+  ^BAZ2 (audit) {
+    #include <includes/fonts>
+  }
+
+  ^BIF flags=(complain) {
+    #include <includes/base>
+  }
+
+  ^BIF2 (complain) {
+    #include <includes/base>
+  }
+
+  ^BUZ flags=(complain,audit) {
+    /var/log/messages r,
+  }
+
+  ^BUZ2 (complain,audit) {
+    /var/log/messages r,
+  }
 }

parser/tst/simple_tests/flags_ok.sd

@@ -39,3 +39,38 @@
   /usr/X11R6/lib/lib*so* r,
   /does/not/exist8 r,
 }
+
+/does/not/exist6 (complain) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist r,
+}
+
+/does/not/exist7 (audit) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist2 r,
+}
+
+/does/not/exist8 (complain,audit) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist5 r,
+}
+
+/does/not/exist9 (audit,complain) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist7 r,
+}
+
+/does/not/exist10 (audit,complain,audit) {
+  #include <includes/base>
+
+  /usr/X11R6/lib/lib*so* r,
+  /does/not/exist8 r,
+}