DACS.EXPRS(5) DACS Formats Manual DACS.EXPRS(5)
NAME
dacs.exprs - DACS expression language
DESCRIPTION
These files are part of the DACS suite.
DPL (the DACS programming language) is used in access control rules, its revocation list, and in configuration files. This programmability
gives DACS maximum run-time configurability and flexibility. A DPL expression - or even a small program - may appear within predicate,
allow, and deny elements of an access control rule, for example. DPL is also accessible using the dacsexpr(1)[1] command, which can be
used for writing scripts even for non-DACS applications.
DPL, which is gradually evolving in mostly backward-compatible ways, is similar in many ways to Perl[2], PHP[3], Tcl[4] and its expressions
look and behave much like C/C++ expressions. The calling signatures for functions are reminiscent of those of Tcl, with literal or string
arguments used to select a particular mode of operation or specify options. The syntaxes used for strings and variables have been
influenced by various Unix shells. Our intent is for the language to feel familiar and be easy to use for the typical tasks at hand. We
have tried not to be gratuitously different.
Note
The philosophy guiding the design of the DACS expression language is that its power should be limited to basic operations on elementary
data types that can be expressed simply and evaluated efficiently, along with a collection of utility and higher-level functions,
targeted for the tasks at hand, that hide complexity. This is why the language does not include much in the way of control flow
statements - our feeling is that complicated expressions are more likely to introduce mistakes, which can easily result in access
control rules not working as intended.
While fleshing out the language is not a priority, expression syntax and the set of functions are being extended as necessary. An
extensibility mechanism is planned that would let user-defined functions be loaded at run-time.
While there are no immediate plans to do so, replacing the DACS expression language with a general-purpose extension language may
eventually make sense. Tcl and Perl would be leading contenders.
Tip
The dacsexpr(1)[1] utility can be useful for learning, testing, and debugging DPL.
Expression Syntax
Expression evaluation consists of a lexical analysis stage, in which the expression is broken into a sequence of tokens, followed by
evaluation of the tokens.
Expression syntax is checked before an expression is evaluated. Any syntactic or run-time evaluation error immediately terminates
evaluation of the top-level expression and returns a False result.
Note
Because files containing expressions are local to the DACS site on which they appear (i.e., DACS does not copy them), they need not be
portable across sites. This means that any DACS jurisdiction is free to customize or extend these expressions at will since they do not
have to be understood or executed by any other jurisdiction.
Comments
Three comment styles are recognized:
o The /* ... */ C style comment syntax, which does not nest;
o The // syntax of C++, where the remainder of the line following the token is ignored; and
o The # syntax of shells and many scripting languages, provided the # is either at the beginning of a line or appears after
whitespace, where the remainder of the line following the token is ignored. Note that escaping the # by preceding it with a
backslash prevents the text that follows from being interpreted as a comment. For example, this will result in a syntax error if
the backslash is omitted:
> ${foo:? #xxx}
" #xxx"
Here are examples of all three styles:
/*
* This is a comment
*/
// This is another comment
${x} = 17; # And one last comment
Additionally, when expressions are parsed in the context of an XML document (such as in an access control rule), the XML comment syntax
can be used (<!-- A comment -->). Such comments can span multiple lines.
<!--
Comment out this clause for now...
<Auth id="authx">
STYLE "expr"
CONTROL "sufficient"
</Auth>
-->
Basic Data Types
The following basic data types are supported:
integer
int
, Integers are represented internally as a C/C++ long int. Maximum and minimum values are platform dependent. Integers are written in
the C-style syntax; for example, -1958, 0377 (octal), and 0xABC (hexadecimal, upper or lower case).
real
double
, Reals are represented internally as a C/C++ double. Maximum and minimum values are platform dependent. A real constant is an optional
sequence of decimal digits (possibly signed) followed by a period and 1) at least one digit or 2) an 'e' or 'E' followed by at least
one digit.
string
A string is a sequence of characters enclosed between matching single or double quotes (e.g., 'Hello world'). Interpolation of
variables occurs within double quotes but not single quotes. C-style character escape codes and octal numeric escape codes are
understood (e.g., " ", "