Modules | |
| Rules Types | |
| RuleDB underpinning Access Control, Groups, ... | |
Detailed Description
Rules are a generic layer underpinning ARPA2 code for Rules Control, Groups and so on. Rules specify how to handle a certain user (found with iteration) for a given Rules Domain for an Rules Type ("service" or "application") and Rules Name ("identity" or "instance").
Rules are NUL-terminated UTF-8 strings consisting of space-separated words. Each word starts with a single character to select an abstract function:
=xvaluestoresvaluein variablexuntil the end of the RuleFLAGSsets flags and then calls rules_flags_upcall()^triggertriggers rules_trigger_upcall() with thetriggerstring~selselects an identity to apply in rules_selector_upcall()#labelis a marker comment for batch processing- the end of each Rule also triggers rules_endrule_upcall()
- the end of a Ruleset also triggers rules_endruleset_upcall()
Rules are concatenated to form Rulesets, and passed as a char * to the start and an unsigned total length. The terminating NUL for each Rule allows a reset of state between Rules, notably of the =xvalue and FLAGS that are retained between the words of a Rule.
There are 26 flags, named A through Z and passed in an integer as bits 0 through 25, respectively.
There are 26 variables, named a through z and passed in an array at indexes 0 through 25, respectively.
The form ~sel may occur in localised Rulesets (near a policy-ruled resource) but not in a database, because then it is part of the database lookup key.
The form #label is a one-word comment label, has no meaning but may be used to select individual Rules from a Ruleset during bulk traversal. It can be used to mark a Rule as having originated from a particular source.
