|
|
DACS.EXPRS(5) DACS Formats Manual DACS.EXPRS(5) NAME
dacs.exprs - DACS expression language DESCRIPTION
These files are part of the DACS suite. DPL (the DACS programming language) is used in access control rules, its revocation list, and in configuration files. This programmability gives DACS maximum run-time configurability and flexibility. A DPL expression - or even a small program - may appear within predicate, allow, and deny elements of an access control rule, for example. DPL is also accessible using the dacsexpr(1)[1] command, which can be used for writing scripts even for non-DACS applications. DPL, which is gradually evolving in mostly backward-compatible ways, is similar in many ways to Perl[2], PHP[3], Tcl[4] and its expressions look and behave much like C/C++ expressions. The calling signatures for functions are reminiscent of those of Tcl, with literal or string arguments used to select a particular mode of operation or specify options. The syntaxes used for strings and variables have been influenced by various Unix shells. Our intent is for the language to feel familiar and be easy to use for the typical tasks at hand. We have tried not to be gratuitously different. Note The philosophy guiding the design of the DACS expression language is that its power should be limited to basic operations on elementary data types that can be expressed simply and evaluated efficiently, along with a collection of utility and higher-level functions, targeted for the tasks at hand, that hide complexity. This is why the language does not include much in the way of control flow statements - our feeling is that complicated expressions are more likely to introduce mistakes, which can easily result in access control rules not working as intended. While fleshing out the language is not a priority, expression syntax and the set of functions are being extended as necessary. An extensibility mechanism is planned that would let user-defined functions be loaded at run-time. While there are no immediate plans to do so, replacing the DACS expression language with a general-purpose extension language may eventually make sense. Tcl and Perl would be leading contenders. Tip The dacsexpr(1)[1] utility can be useful for learning, testing, and debugging DPL. Expression Syntax Expression evaluation consists of a lexical analysis stage, in which the expression is broken into a sequence of tokens, followed by evaluation of the tokens. Expression syntax is checked before an expression is evaluated. Any syntactic or run-time evaluation error immediately terminates evaluation of the top-level expression and returns a False result. Note Because files containing expressions are local to the DACS site on which they appear (i.e., DACS does not copy them), they need not be portable across sites. This means that any DACS jurisdiction is free to customize or extend these expressions at will since they do not have to be understood or executed by any other jurisdiction. Comments Three comment styles are recognized: o The /* ... */ C style comment syntax, which does not nest; o The // syntax of C++, where the remainder of the line following the token is ignored; and o The # syntax of shells and many scripting languages, provided the # is either at the beginning of a line or appears after whitespace, where the remainder of the line following the token is ignored. Note that escaping the # by preceding it with a backslash prevents the text that follows from being interpreted as a comment. For example, this will result in a syntax error if the backslash is omitted: > ${foo:? #xxx} " #xxx" Here are examples of all three styles: /* * This is a comment */ // This is another comment ${x} = 17; # And one last comment Additionally, when expressions are parsed in the context of an XML document (such as in an access control rule), the XML comment syntax can be used (<!-- A comment -->). Such comments can span multiple lines. <!-- Comment out this clause for now... <Auth id="authx"> STYLE "expr" CONTROL "sufficient" </Auth> --> Basic Data Types The following basic data types are supported: integer int , Integers are represented internally as a C/C++ long int. Maximum and minimum values are platform dependent. Integers are written in the C-style syntax; for example, -1958, 0377 (octal), and 0xABC (hexadecimal, upper or lower case). real double , Reals are represented internally as a C/C++ double. Maximum and minimum values are platform dependent. A real constant is an optional sequence of decimal digits (possibly signed) followed by a period and 1) at least one digit or 2) an 'e' or 'E' followed by at least one digit. string A string is a sequence of characters enclosed between matching single or double quotes (e.g., 'Hello world'). Interpolation of variables occurs within double quotes but not single quotes. C-style character escape codes and octal numeric escape codes are understood (e.g., " ", "