Context Navigation

source: libabac/rt2.y @ 2e9455f

mei_rt2

Last change on this file since 2e9455f was 2e9455f, checked in by Mei <mei@…>, 11 years ago
1) added namespace 2) tweak ?This, 3) allowing linking role/oset as constraining conditions 4) adding access_tests regression testing that uses GENI's access policy 5) added couple multi contexts regression tests 6) add compression/uncompression calls to abac_encode_string/abac_decode_string (libstrongwan only allows 512 char for attribute rule storage) 7) add attribute_now option to creddy that takes a whole char string for attribute rule
Property mode set to `100644`
File size: 14.3 KB

Rev	Line
[718ad924]	1
[b5a3da4]	2	/* bison grammar rules for process new rt2 statements */
[718ad924]	3
	4	%{
	5	// include the GNU extension of asprintf
	6	#define _GNU_SOURCE
	7
	8	/* C declarations */
	9	#include <stdio.h>
	10	#include <string.h>
	11
	12	#include "abac_pl_yy.h"
[2e9455f]	13	#include "abac_verifier.h"
	14	#include "rt2.h"
[718ad924]	15
[da5afdf]	16	/* lex tie-ins flag */
[718ad924]	17	int yyerror (char *s);
[9335cfa]	18	static int debug=0;
[718ad924]	19
	20	FILE *abac_yyout = NULL;
	21	char *abac_yyfptr = NULL;
[2e9455f]	22	void *abac_yyctxt=NULL;
[718ad924]	23
[7727f26]	24	#define USE(evalue) ((getenv(evalue)!=NULL)?1:0)
[2e9455f]	25	#define OUT(msg) { if(debug) fprintf(abac_yyout,"\n===%s\n",msg); }
[7727f26]	26
[718ad924]	27	void panic(char *msg);
	28
	29	%}
	30	/* Bison declarations */
	31	%union {
	32	struct _abac_yy_principal_t *pstruct;
[da5afdf]	33	struct _abac_yy_term_principal_t *ppstruct;
	34	struct _abac_yy_term_data_t *pdstruct;
[8bd77b5]	35	struct _abac_yy_roleoset_t *rostruct;
[da5afdf]	36	struct _abac_yy_term_t *dstruct;
	37	struct _abac_yy_expression_t *estruct;
[0d0c3a9]	38	struct _abac_list_t *lstruct;
[718ad924]	39	char string; / For returning char strings */
[da5afdf]	40	int intval; /* for returning some value */
[718ad924]	41	}
[da5afdf]	42
	43	%start input
	44
[2e9455f]	45	%type <intval> stmt
[8bd77b5]	46	%type <rostruct> rolepart
[da5afdf]	47	%type <estruct> roleleft
	48	%type <estruct> roleright
[718ad924]	49	%type <estruct> roleterm
[8bd77b5]	50	%type <rostruct> osetpart
[da5afdf]	51	%type <estruct> osetleft
	52	%type <estruct> osetright
	53	%type <estruct> osetterm
[718ad924]	54	%type <pstruct> keypart
[da5afdf]	55	%type <dstruct> terms
	56	%type <dstruct> term
[718ad924]	57	%type <pdstruct> typedpart
[da5afdf]	58	%type <pdstruct> otypetail
[718ad924]	59	%type <ppstruct> principalpart
[da5afdf]	60	%type <lstruct> rangetype
	61	%type <lstruct> values
[718ad924]	62
[36b100a]	63	%token <string> IDEN /* keyname or rolename or osetname */
[da5afdf]	64	%token <string> CAPIDEN /* variable name */
	65	%token <string> ROLE /* the word, role */
	66	%token <string> OSET /* the word, oset */
	67	%token <string> PRINCIPAL /* the word, principal */
[2e9455f]	68	%token <string> THIS /* the word, this */
[da5afdf]	69	%token <string> OTYPE /* integer,boolean,urn,time,string,float */
	70	%token <string> OTYPE_CONSTANT
	71	%token <string> VARIABLE_CONSTANT /* constant for ?AAA */
	72	%token <string> KEYTYPE /* keyid \| or something else */
	73	%token <string> KEYID_CONSTANT /* keyid \| or something else */
	74	%token <string> VALUE /* range value in static constraint */
[718ad924]	75
	76	%token <operator> DERIVE "<-"
	77	%token <operator> DOT "."
	78	%token <operator> AND "&"
	79	%token <operator> LPAREN "("
	80	%token <operator> RPAREN ")"
	81	%token <operator> LSQUARE "["
	82	%token <operator> RSQUARE "]"
	83	%token <operator> LANGLE "<"
	84	%token <operator> RANGLE ">"
	85	%token <operator> COLON ":"
	86	%token <operator> COMMA ","
	87	%token <operator> QMARK "?"
[da5afdf]	88	%token <operator> DOTDOT ".."
[718ad924]	89
	90	%%
	91	/* Grammar rules */
	92
	93	input: /* empty */
	94	{ }
[da5afdf]	95	\| stmt
[718ad924]	96	{
[2e9455f]	97	/* SUCCESS */
[718ad924]	98	}
[da5afdf]	99	;
[718ad924]	100
	101	/* generate/concate prolog credentials clauses */
[da5afdf]	102	stmt : roleleft DERIVE roleright
	103	{
	104	abac_yy_expression_t *headexpr=$1;
	105	abac_yy_expression_t *tailexpr=$3;
[2e9455f]	106	int rc=make_role_statement(headexpr, tailexpr);
	107	if(rc) {
[da5afdf]	108	panic("unable to parse the role rule statment");
	109	YYERROR;
	110	} else {
[2e9455f]	111	$$=rc;
[da5afdf]	112	}
	113	}
	114	\| osetleft DERIVE osetright
[718ad924]	115	{
[da5afdf]	116	abac_yy_expression_t *headexpr=$1;
	117	abac_yy_expression_t *tailexpr=$3;
[2e9455f]	118	int rc=make_oset_statement(headexpr, tailexpr);
	119	if(rc) {
[da5afdf]	120	panic("unable to parse the oset rule statment");
[718ad924]	121	YYERROR;
	122	} else {
[2e9455f]	123	$$=rc;
[718ad924]	124	}
	125	}
[da5afdf]	126	;
[718ad924]	127	/*
	128	[keyid:isi].role:modifyBy([keyid:mike])
	129	[keyid:acme].role:preferred
	130	*/
[da5afdf]	131	roleleft : keypart DOT rolepart
[718ad924]	132	{
	133	abac_yy_principal_t *keypart=$1;
[8bd77b5]	134	abac_yy_roleoset_t *rolepart=$3;
[da5afdf]	135	abac_yy_expression_t *expr=
	136	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
[718ad924]	137	$$=expr;
	138	}
[da5afdf]	139	;
[718ad924]	140
	141	/* [keyid:mike] */
[da5afdf]	142	keypart : LSQUARE KEYTYPE COLON
[2e9455f]	143	{ abac_ll_push_keyid_yystate(); }
[da5afdf]	144	KEYID_CONSTANT
[2e9455f]	145	{ abac_ll_pop_yystate(); }
[da5afdf]	146	RSQUARE
[718ad924]	147	{
[8bd77b5]	148	int idtype=abac_verify_idtype_type($2);
[7727f26]	149	char *tmp=NULL;
[d037f54]	150	asprintf(&tmp,"%s",$5);
[2e9455f]	151	$$=make_yy_principal(tmp, tmp, idtype);
[7727f26]	152	char *cn=abac_cn_with_sha(tmp);
[718ad924]	153	if(cn && idtype) {
[7727f26]	154	$$=make_yy_principal(tmp, cn, idtype);
[718ad924]	155	} else {
[2e9455f]	156	if((USE("ABAC_CN")) && (cn==NULL)) {
[d9c3886]	157	if(debug)
	158	asprintf(&tmp,"encountered an invalid SHA id(%s)",$5);
	159	else asprintf(&tmp,"encountered an invalid SHA id");
[9335cfa]	160	panic(tmp);
	161	free(tmp);
[7727f26]	162	YYERROR;
	163	}
	164	$$=make_yy_principal(tmp, NULL, idtype);
[718ad924]	165	}
	166	}
[da5afdf]	167	;
[718ad924]	168	/*
	169	role:modifyBy([keyid:mike],[keyid:ted])
	170	role:modifyBy([keyid:mike])
	171	role:preferred
	172	*/
[da5afdf]	173	rolepart : ROLE COLON IDEN LPAREN terms RPAREN
[718ad924]	174	{
[8bd77b5]	175	$$=make_yy_roleoset_role($3,$5);
[718ad924]	176	}
[da5afdf]	177	\| ROLE COLON IDEN
[718ad924]	178	{
[8bd77b5]	179	$$=make_yy_roleoset_role($3,NULL);
[718ad924]	180	}
[da5afdf]	181	;
[718ad924]	182
	183	/*
	184	[keyid:mike],[keyid:ted]
	185	[keyid:mike]
	186	[principal:?Z]
	187	[int:99]
	188	[int:?Z]
[2e9455f]	189	[?this], this could be any of type...
[718ad924]	190	[?]
	191	*/
[da5afdf]	192	terms : term COMMA terms
[718ad924]	193	{
[da5afdf]	194	abac_yy_term_t *nterm=$1;
	195	abac_yy_term_t *terms=$3;
	196	$$=add_yy_term(nterm, terms);
[718ad924]	197	}
[da5afdf]	198	\| term
[718ad924]	199	{
	200	$$=$1;
	201	}
[da5afdf]	202	;
[718ad924]	203
[2e9455f]	204	term : LSQUARE QMARK THIS RSQUARE
	205	{ $$= make_yy_term_dterm_this(); }
	206	\| LSQUARE QMARK RSQUARE
[da5afdf]	207	{ $$= make_yy_term_dterm_anonymous(); }
	208	\| keypart
	209	{ $$= make_yy_term_dterm_named($1); }
	210	\| principalpart
	211	{ $$= make_yy_term_dterm_principal($1); }
	212	\| typedpart
	213	{ $$= make_yy_term_dterm_data($1); }
	214	;
	215
	216	values : VALUE COMMA values
[b5a3da4]	217	{ $$=add_yy_val_range($3, $1); }
[da5afdf]	218	\| VALUE
	219	{ $$=make_yy_val_range($1); }
	220	;
	221
	222
	223	rangetype : LSQUARE VALUE DOTDOT VALUE RSQUARE
	224	{ $$=make_yy_minmax_range($2,$4); }
	225	\| LSQUARE DOTDOT VALUE RSQUARE
	226	{ $$=make_yy_max_range($3); }
	227	\| LSQUARE VALUE DOTDOT RSQUARE
	228	{ $$=make_yy_min_range($2); }
	229	\| LSQUARE values RSQUARE
	230	{ $$=$2; }
	231	;
	232
[7211a95]	233	/* [otype:?Z{oset-constraint}] */
[da5afdf]	234	/* [int:?I:[10 .. 20] */
[c586a3c]	235	/* [float:?F:[0.5 .. 2.5] */
	236	/* [string:?S:["abc",'efg',"hij"] -only listed range */
	237	/* urn same as string */
	238	/* time like int but with quoted string values */
[2e9455f]	239	/* XXX would have to extend this if want the linked oset in the
	240	constraints..
	241	[otype:?Z{linked oset-constraint}]
	242	*/
[0d0c3a9]	243	otypetail : VARIABLE_CONSTANT COLON
[da5afdf]	244	{
[2e9455f]	245	abac_ll_pop_yystate();
	246	abac_ll_push_range_yystate();
[718ad924]	247	}
[da5afdf]	248	rangetype
	249	{
[2e9455f]	250	abac_ll_pop_yystate();
[9806e76]	251	abac_yy_term_data_t *ptr=make_yy_term_data();
	252	set_yy_term_data_name(ptr,$1);
[da5afdf]	253	set_yy_term_data_is_variable(ptr);
	254	set_yy_term_data_cond_range(ptr,$4);
	255	$$=ptr;
[2e9455f]	256	OUT("otypetail_1");
[da5afdf]	257	}
	258	\| VARIABLE_CONSTANT
[2e9455f]	259	{ abac_ll_pop_yystate(); }
	260	osetterm
[da5afdf]	261	{
[9806e76]	262	abac_yy_term_data_t *ptr=make_yy_term_data();
	263	set_yy_term_data_name(ptr,$1);
[da5afdf]	264	set_yy_term_data_is_variable(ptr);
[d845403]	265	set_yy_term_data_cond_head_expr(ptr,$3);
[da5afdf]	266	$$=ptr;
[2e9455f]	267	OUT("otypetail_2");
[da5afdf]	268	}
	269	\| VARIABLE_CONSTANT
	270	{
[2e9455f]	271	abac_ll_pop_yystate();
[9806e76]	272	abac_yy_term_data_t *ptr=make_yy_term_data();
	273	set_yy_term_data_name(ptr,$1);
[da5afdf]	274	set_yy_term_data_is_variable(ptr);
	275	$$=ptr;
[2e9455f]	276	OUT("otypetail_3");
[da5afdf]	277	}
	278	\| OTYPE_CONSTANT
	279	{
[2e9455f]	280	abac_ll_pop_yystate();
[9806e76]	281	abac_yy_term_data_t *ptr=make_yy_term_data();
	282	set_yy_term_data_name(ptr,$1);
[da5afdf]	283	$$=ptr;
[2e9455f]	284	OUT("otypetail_4");
[da5afdf]	285	}
[9806e76]	286	\| QMARK
	287	{
[2e9455f]	288	abac_ll_pop_yystate();
[9806e76]	289	abac_yy_term_data_t *ptr=make_yy_term_data();
	290	set_yy_term_data_is_anonymous(ptr);
	291	$$= ptr;
	292	}
[da5afdf]	293	;
	294
	295	typedpart : LSQUARE OTYPE COLON
[2e9455f]	296	{ abac_ll_push_yystate($2); }
[da5afdf]	297	otypetail RSQUARE
	298	{
	299	abac_yy_term_data_t *ptr=$5;
	300	set_yy_term_data_type(ptr,$2);
	301	if(is_yy_term_data_has_constraint(ptr)) {
[9806e76]	302	char *tail_string=get_yy_term_data_name(ptr);
[440ba20]	303	make_yy_range_constraint(ptr);
[e88c95b]	304	make_yy_oset_constraint(ptr,tail_string);
[718ad924]	305	}
[da5afdf]	306	$$=$5;
[718ad924]	307	}
[da5afdf]	308	;
	309
[718ad924]	310
[2e9455f]	311
[9806e76]	312	/* [principal:?] */
[718ad924]	313	/* [principal:?Z] */
[9335cfa]	314	/* [principal:?This] */
[2e9455f]	315	/* [principal:?Z{role-constraint}] */
	316	/* XXX if want to allow linked role constraint need to swap roleleft
	317	into roleterm.. but make sure the tree is right
	318	3/21/13, [principal:?Z[keyid:A].role:roleA.role:roleB([string:?P])]
	319	*/
	320	principalpart : LSQUARE PRINCIPAL COLON QMARK IDEN roleterm RSQUARE
[da5afdf]	321	{
	322	abac_yy_expression_t *expr=$6;
	323	char *tail_string=$5;
[9806e76]	324	abac_yy_term_principal_t *ptr=make_yy_term_principal();
	325	set_yy_term_principal_name(ptr,tail_string);
[da5afdf]	326	set_yy_term_principal_cond_head_expr(ptr,expr);
[440ba20]	327	make_yy_role_constraint(ptr,tail_string);
[da5afdf]	328	$$=ptr;
[2e9455f]	329	OUT("principalpart_1");
[da5afdf]	330	}
	331	\| LSQUARE PRINCIPAL COLON QMARK IDEN RSQUARE
[9806e76]	332	{
	333	abac_yy_term_principal_t *ptr=make_yy_term_principal();
	334	set_yy_term_principal_name(ptr,$5);
	335	$$ = ptr;
[2e9455f]	336	OUT("principalpart_2");
[9806e76]	337	}
	338	\| LSQUARE PRINCIPAL COLON QMARK RSQUARE
	339	{
	340	abac_yy_term_principal_t *ptr=make_yy_term_principal();
	341	set_yy_term_principal_is_anonymous(ptr);
	342	$$ = ptr;
[2e9455f]	343	OUT("principalpart_3");
[9806e76]	344	}
[da5afdf]	345	;
[718ad924]	346
[da5afdf]	347	roleright : roleterm AND roleright
[718ad924]	348	{
[da5afdf]	349	abac_yy_expression_t *nexpr=$1;
	350	abac_yy_expression_t *exprs=$3;
	351	$$=add_yy_expression(nexpr,exprs);
[718ad924]	352	}
[da5afdf]	353	\| roleterm
[718ad924]	354	{ $$=$1; }
[da5afdf]	355	;
[718ad924]	356
	357	/* role at tail/right side
	358	[keyid:usc].role:employee.role:friend
	359	[keyid:usc].role:worker
	360	[keyid:mike]
	361	*/
	362	roleterm : keypart DOT rolepart DOT rolepart
	363	{
	364	abac_yy_principal_t *keypart=$1;
[8bd77b5]	365	abac_yy_roleoset_t *linked_rolepart=$3;
	366	abac_yy_roleoset_t *rolepart=$5;
[da5afdf]	367	abac_yy_expression_t *expr=
	368	make_yy_expression(e_yy_EXPR_LINKED,keypart,rolepart,linked_rolepart);
[718ad924]	369	$$=expr;
[2e9455f]	370	OUT("roleterm_1");
[718ad924]	371	}
[da5afdf]	372	\| keypart DOT rolepart
[718ad924]	373	{
	374	abac_yy_principal_t *keypart=$1;
[8bd77b5]	375	abac_yy_roleoset_t *rolepart=$3;
[da5afdf]	376	abac_yy_expression_t *expr=
	377	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
[718ad924]	378	$$=expr;
[2e9455f]	379	OUT("roleterm_2");
[718ad924]	380	}
[da5afdf]	381	\| keypart
[718ad924]	382	{
	383	abac_yy_principal_t *keypart=$1;
[da5afdf]	384	abac_yy_expression_t *expr=
	385	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
[718ad924]	386	$$=expr;
[2e9455f]	387	OUT("roleterm_3");
[718ad924]	388	}
[da5afdf]	389	;
	390
	391	osetterm : keypart DOT rolepart DOT osetpart
	392	{
	393	abac_yy_principal_t *keypart=$1;
[8bd77b5]	394	abac_yy_roleoset_t *linked_rolepart=$3;
	395	abac_yy_roleoset_t *osetpart=$5;
[da5afdf]	396	abac_yy_expression_t *expr=
	397	make_yy_expression(e_yy_EXPR_LINKED,keypart,osetpart,linked_rolepart);
	398	$$=expr;
[2e9455f]	399	OUT("osetterm_1");
[da5afdf]	400	}
	401	\| keypart DOT osetpart
	402	{
	403	abac_yy_principal_t *keypart=$1;
[8bd77b5]	404	abac_yy_roleoset_t *osetpart=$3;
[da5afdf]	405	abac_yy_expression_t *expr=
	406	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
	407	$$=expr;
[2e9455f]	408	OUT("osetterm_2");
[da5afdf]	409	}
	410	\| keypart
	411	{
	412	abac_yy_principal_t *keypart=$1;
	413	abac_yy_expression_t *expr=
	414	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
	415	$$=expr;
[2e9455f]	416	OUT("osetterm_3");
[da5afdf]	417	}
	418	\| typedpart
	419	{
	420	abac_yy_term_data_t *objpart=$1;
	421	abac_yy_expression_t *expr=
	422	make_yy_expression(e_yy_EXPR_OBJECT,objpart,NULL,NULL);
	423	$$=expr;
[2e9455f]	424	OUT("osetterm_4");
[da5afdf]	425	}
	426	;
	427
	428	/*
	429	oset:access([urn:'fileA'])
	430	*/
	431	osetpart : OSET COLON IDEN LPAREN terms RPAREN
	432	{
[8bd77b5]	433	$$=make_yy_roleoset_oset($3,$5);
[da5afdf]	434	}
	435	\| OSET COLON IDEN
	436	{
[8bd77b5]	437	$$=make_yy_roleoset_oset($3,NULL);
[da5afdf]	438	}
	439	;
	440
	441
	442	osetleft : keypart DOT osetpart
	443	{
	444	abac_yy_principal_t *keypart=$1;
[8bd77b5]	445	abac_yy_roleoset_t *osetpart=$3;
[da5afdf]	446	abac_yy_expression_t *expr=
	447	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
	448	$$=expr;
[2e9455f]	449	OUT("osetleft");
[da5afdf]	450	}
	451	;
	452
	453	osetright : osetterm AND osetright
	454	{
	455	abac_yy_expression_t *nexpr=$1;
	456	abac_yy_expression_t *exprs=$3;
	457	$$=add_yy_expression(nexpr,exprs);
[2e9455f]	458	OUT("osetright_1");
[da5afdf]	459	}
	460	\| osetterm
[2e9455f]	461	{
	462	$$=$1;
	463	OUT("osetright_2");
	464	}
[da5afdf]	465	;
[718ad924]	466	%%
	467
[da5afdf]	468
[718ad924]	469	/* Additional C code */
	470	int yywrap()
	471	{
	472	/* exit when done lexing the current input */
	473	return 1;
	474	}
	475
	476	int yyerror (char *s)
	477	{
	478	fprintf (abac_yyout,"yyerror: %s\n", s);
	479	}
	480
	481	/* setting defaults */
	482	void abac_yyinit()
	483	{
[2e9455f]	484	abac_yyout=abac_ll_get_yyout();
	485	abac_yyfptr = abac_ll_get_yyfptr();
	486	OUT("======================================");
[b5a3da4]	487	}
[718ad924]	488
	489	void panic(char *msg)
	490	{
[2e9455f]	491	OUT("panic, EEEEKKKKKK...");
[718ad924]	492	yyerror(msg);
	493	}
	494

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format