Context Navigation

source: libabac/rt2.y @ d0efdec

mei_rt2

Last change on this file since d0efdec was 7751094, checked in by Mei <mei@…>, 11 years ago
1) take out a include from rt2.y
Property mode set to `100644`
File size: 14.3 KB

Line
1
2	/* bison grammar rules for process new rt2 statements */
3
4	%{
5	// include the GNU extension of asprintf
6	#define _GNU_SOURCE
7
8	/* C declarations */
9	#include <stdio.h>
10	#include <string.h>
11
12	#include "abac_pl_yy.h"
13	#include "abac_verifier.h"
14
15	/* lex tie-ins flag */
16	int yyerror (char *s);
17	static int debug=0;
18
19	FILE *abac_yyout = NULL;
20	char *abac_yyfptr = NULL;
21	void *abac_yyctxt=NULL;
22
23	#define USE(evalue) ((getenv(evalue)!=NULL)?1:0)
24	#define OUT(msg) { if(debug) fprintf(abac_yyout,"\n===%s\n",msg); }
25
26	void panic(char *msg);
27
28	%}
29	/* Bison declarations */
30	%union {
31	struct _abac_yy_principal_t *pstruct;
32	struct _abac_yy_term_principal_t *ppstruct;
33	struct _abac_yy_term_data_t *pdstruct;
34	struct _abac_yy_roleoset_t *rostruct;
35	struct _abac_yy_term_t *dstruct;
36	struct _abac_yy_expression_t *estruct;
37	struct _abac_list_t *lstruct;
38	char string; / For returning char strings */
39	int intval; /* for returning some value */
40	}
41
42	%start input
43
44	%type <intval> stmt
45	%type <rostruct> rolepart
46	%type <estruct> roleleft
47	%type <estruct> roleright
48	%type <estruct> roleterm
49	%type <rostruct> osetpart
50	%type <estruct> osetleft
51	%type <estruct> osetright
52	%type <estruct> osetterm
53	%type <pstruct> keypart
54	%type <dstruct> terms
55	%type <dstruct> term
56	%type <pdstruct> typedpart
57	%type <pdstruct> otypetail
58	%type <ppstruct> principalpart
59	%type <lstruct> rangetype
60	%type <lstruct> values
61
62	%token <string> IDEN /* keyname or rolename or osetname */
63	%token <string> CAPIDEN /* variable name */
64	%token <string> ROLE /* the word, role */
65	%token <string> OSET /* the word, oset */
66	%token <string> PRINCIPAL /* the word, principal */
67	%token <string> THIS /* the word, this */
68	%token <string> OTYPE /* integer,boolean,urn,time,string,float */
69	%token <string> OTYPE_CONSTANT
70	%token <string> VARIABLE_CONSTANT /* constant for ?AAA */
71	%token <string> KEYTYPE /* keyid \| or something else */
72	%token <string> KEYID_CONSTANT /* keyid \| or something else */
73	%token <string> VALUE /* range value in static constraint */
74
75	%token <operator> DERIVE "<-"
76	%token <operator> DOT "."
77	%token <operator> AND "&"
78	%token <operator> LPAREN "("
79	%token <operator> RPAREN ")"
80	%token <operator> LSQUARE "["
81	%token <operator> RSQUARE "]"
82	%token <operator> LANGLE "<"
83	%token <operator> RANGLE ">"
84	%token <operator> COLON ":"
85	%token <operator> COMMA ","
86	%token <operator> QMARK "?"
87	%token <operator> DOTDOT ".."
88
89	%%
90	/* Grammar rules */
91
92	input: /* empty */
93	{ }
94	\| stmt
95	{
96	/* SUCCESS */
97	}
98	;
99
100	/* generate/concate prolog credentials clauses */
101	stmt : roleleft DERIVE roleright
102	{
103	abac_yy_expression_t *headexpr=$1;
104	abac_yy_expression_t *tailexpr=$3;
105	int rc=make_role_statement(headexpr, tailexpr);
106	if(rc) {
107	panic("unable to parse the role rule statment");
108	YYERROR;
109	} else {
110	$$=rc;
111	}
112	}
113	\| osetleft DERIVE osetright
114	{
115	abac_yy_expression_t *headexpr=$1;
116	abac_yy_expression_t *tailexpr=$3;
117	int rc=make_oset_statement(headexpr, tailexpr);
118	if(rc) {
119	panic("unable to parse the oset rule statment");
120	YYERROR;
121	} else {
122	$$=rc;
123	}
124	}
125	;
126	/*
127	[keyid:isi].role:modifyBy([keyid:mike])
128	[keyid:acme].role:preferred
129	*/
130	roleleft : keypart DOT rolepart
131	{
132	abac_yy_principal_t *keypart=$1;
133	abac_yy_roleoset_t *rolepart=$3;
134	abac_yy_expression_t *expr=
135	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
136	$$=expr;
137	}
138	;
139
140	/* [keyid:mike] */
141	keypart : LSQUARE KEYTYPE COLON
142	{ abac_ll_push_keyid_yystate(); }
143	KEYID_CONSTANT
144	{ abac_ll_pop_yystate(); }
145	RSQUARE
146	{
147	int idtype=abac_verify_idtype_type($2);
148	char *tmp=NULL;
149	asprintf(&tmp,"%s",$5);
150	$$=make_yy_principal(tmp, tmp, idtype);
151	char *cn=abac_cn_with_sha(tmp);
152	if(cn && idtype) {
153	$$=make_yy_principal(tmp, cn, idtype);
154	} else {
155	if((USE("ABAC_CN")) && (cn==NULL)) {
156	if(debug)
157	asprintf(&tmp,"encountered an invalid SHA id(%s)",$5);
158	else asprintf(&tmp,"encountered an invalid SHA id");
159	panic(tmp);
160	free(tmp);
161	YYERROR;
162	}
163	$$=make_yy_principal(tmp, NULL, idtype);
164	}
165	}
166	;
167	/*
168	role:modifyBy([keyid:mike],[keyid:ted])
169	role:modifyBy([keyid:mike])
170	role:preferred
171	*/
172	rolepart : ROLE COLON IDEN LPAREN terms RPAREN
173	{
174	$$=make_yy_roleoset_role($3,$5);
175	}
176	\| ROLE COLON IDEN
177	{
178	$$=make_yy_roleoset_role($3,NULL);
179	}
180	;
181
182	/*
183	[keyid:mike],[keyid:ted]
184	[keyid:mike]
185	[principal:?Z]
186	[int:99]
187	[int:?Z]
188	[?this], this could be any of type...
189	[?]
190	*/
191	terms : term COMMA terms
192	{
193	abac_yy_term_t *nterm=$1;
194	abac_yy_term_t *terms=$3;
195	$$=add_yy_term(nterm, terms);
196	}
197	\| term
198	{
199	$$=$1;
200	}
201	;
202
203	term : LSQUARE QMARK THIS RSQUARE
204	{ $$= make_yy_term_dterm_this(); }
205	\| LSQUARE QMARK RSQUARE
206	{ $$= make_yy_term_dterm_anonymous(); }
207	\| keypart
208	{ $$= make_yy_term_dterm_named($1); }
209	\| principalpart
210	{ $$= make_yy_term_dterm_principal($1); }
211	\| typedpart
212	{ $$= make_yy_term_dterm_data($1); }
213	;
214
215	values : VALUE COMMA values
216	{ $$=add_yy_val_range($3, $1); }
217	\| VALUE
218	{ $$=make_yy_val_range($1); }
219	;
220
221
222	rangetype : LSQUARE VALUE DOTDOT VALUE RSQUARE
223	{ $$=make_yy_minmax_range($2,$4); }
224	\| LSQUARE DOTDOT VALUE RSQUARE
225	{ $$=make_yy_max_range($3); }
226	\| LSQUARE VALUE DOTDOT RSQUARE
227	{ $$=make_yy_min_range($2); }
228	\| LSQUARE values RSQUARE
229	{ $$=$2; }
230	;
231
232	/* [otype:?Z{oset-constraint}] */
233	/* [int:?I:[10 .. 20] */
234	/* [float:?F:[0.5 .. 2.5] */
235	/* [string:?S:["abc",'efg',"hij"] -only listed range */
236	/* urn same as string */
237	/* time like int but with quoted string values */
238	/* XXX would have to extend this if want the linked oset in the
239	constraints..
240	[otype:?Z{linked oset-constraint}]
241	*/
242	otypetail : VARIABLE_CONSTANT COLON
243	{
244	abac_ll_pop_yystate();
245	abac_ll_push_range_yystate();
246	}
247	rangetype
248	{
249	abac_ll_pop_yystate();
250	abac_yy_term_data_t *ptr=make_yy_term_data();
251	set_yy_term_data_name(ptr,$1);
252	set_yy_term_data_is_variable(ptr);
253	set_yy_term_data_cond_range(ptr,$4);
254	$$=ptr;
255	OUT("otypetail_1");
256	}
257	\| VARIABLE_CONSTANT
258	{ abac_ll_pop_yystate(); }
259	osetterm
260	{
261	abac_yy_term_data_t *ptr=make_yy_term_data();
262	set_yy_term_data_name(ptr,$1);
263	set_yy_term_data_is_variable(ptr);
264	set_yy_term_data_cond_head_expr(ptr,$3);
265	$$=ptr;
266	OUT("otypetail_2");
267	}
268	\| VARIABLE_CONSTANT
269	{
270	abac_ll_pop_yystate();
271	abac_yy_term_data_t *ptr=make_yy_term_data();
272	set_yy_term_data_name(ptr,$1);
273	set_yy_term_data_is_variable(ptr);
274	$$=ptr;
275	OUT("otypetail_3");
276	}
277	\| OTYPE_CONSTANT
278	{
279	abac_ll_pop_yystate();
280	abac_yy_term_data_t *ptr=make_yy_term_data();
281	set_yy_term_data_name(ptr,$1);
282	$$=ptr;
283	OUT("otypetail_4");
284	}
285	\| QMARK
286	{
287	abac_ll_pop_yystate();
288	abac_yy_term_data_t *ptr=make_yy_term_data();
289	set_yy_term_data_is_anonymous(ptr);
290	$$= ptr;
291	}
292	;
293
294	typedpart : LSQUARE OTYPE COLON
295	{ abac_ll_push_yystate($2); }
296	otypetail RSQUARE
297	{
298	abac_yy_term_data_t *ptr=$5;
299	set_yy_term_data_type(ptr,$2);
300	if(is_yy_term_data_has_constraint(ptr)) {
301	char *tail_string=get_yy_term_data_name(ptr);
302	make_yy_range_constraint(ptr);
303	make_yy_oset_constraint(ptr,tail_string);
304	}
305	$$=$5;
306	}
307	;
308
309
310
311	/* [principal:?] */
312	/* [principal:?Z] */
313	/* [principal:?This] */
314	/* [principal:?Z{role-constraint}] */
315	/* XXX if want to allow linked role constraint need to swap roleleft
316	into roleterm.. but make sure the tree is right
317	3/21/13, [principal:?Z[keyid:A].role:roleA.role:roleB([string:?P])]
318	*/
319	principalpart : LSQUARE PRINCIPAL COLON QMARK IDEN roleterm RSQUARE
320	{
321	abac_yy_expression_t *expr=$6;
322	char *tail_string=$5;
323	abac_yy_term_principal_t *ptr=make_yy_term_principal();
324	set_yy_term_principal_name(ptr,tail_string);
325	set_yy_term_principal_cond_head_expr(ptr,expr);
326	make_yy_role_constraint(ptr,tail_string);
327	$$=ptr;
328	OUT("principalpart_1");
329	}
330	\| LSQUARE PRINCIPAL COLON QMARK IDEN RSQUARE
331	{
332	abac_yy_term_principal_t *ptr=make_yy_term_principal();
333	set_yy_term_principal_name(ptr,$5);
334	$$ = ptr;
335	OUT("principalpart_2");
336	}
337	\| LSQUARE PRINCIPAL COLON QMARK RSQUARE
338	{
339	abac_yy_term_principal_t *ptr=make_yy_term_principal();
340	set_yy_term_principal_is_anonymous(ptr);
341	$$ = ptr;
342	OUT("principalpart_3");
343	}
344	;
345
346	roleright : roleterm AND roleright
347	{
348	abac_yy_expression_t *nexpr=$1;
349	abac_yy_expression_t *exprs=$3;
350	$$=add_yy_expression(nexpr,exprs);
351	}
352	\| roleterm
353	{ $$=$1; }
354	;
355
356	/* role at tail/right side
357	[keyid:usc].role:employee.role:friend
358	[keyid:usc].role:worker
359	[keyid:mike]
360	*/
361	roleterm : keypart DOT rolepart DOT rolepart
362	{
363	abac_yy_principal_t *keypart=$1;
364	abac_yy_roleoset_t *linked_rolepart=$3;
365	abac_yy_roleoset_t *rolepart=$5;
366	abac_yy_expression_t *expr=
367	make_yy_expression(e_yy_EXPR_LINKED,keypart,rolepart,linked_rolepart);
368	$$=expr;
369	OUT("roleterm_1");
370	}
371	\| keypart DOT rolepart
372	{
373	abac_yy_principal_t *keypart=$1;
374	abac_yy_roleoset_t *rolepart=$3;
375	abac_yy_expression_t *expr=
376	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
377	$$=expr;
378	OUT("roleterm_2");
379	}
380	\| keypart
381	{
382	abac_yy_principal_t *keypart=$1;
383	abac_yy_expression_t *expr=
384	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
385	$$=expr;
386	OUT("roleterm_3");
387	}
388	;
389
390	osetterm : keypart DOT rolepart DOT osetpart
391	{
392	abac_yy_principal_t *keypart=$1;
393	abac_yy_roleoset_t *linked_rolepart=$3;
394	abac_yy_roleoset_t *osetpart=$5;
395	abac_yy_expression_t *expr=
396	make_yy_expression(e_yy_EXPR_LINKED,keypart,osetpart,linked_rolepart);
397	$$=expr;
398	OUT("osetterm_1");
399	}
400	\| keypart DOT osetpart
401	{
402	abac_yy_principal_t *keypart=$1;
403	abac_yy_roleoset_t *osetpart=$3;
404	abac_yy_expression_t *expr=
405	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
406	$$=expr;
407	OUT("osetterm_2");
408	}
409	\| keypart
410	{
411	abac_yy_principal_t *keypart=$1;
412	abac_yy_expression_t *expr=
413	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
414	$$=expr;
415	OUT("osetterm_3");
416	}
417	\| typedpart
418	{
419	abac_yy_term_data_t *objpart=$1;
420	abac_yy_expression_t *expr=
421	make_yy_expression(e_yy_EXPR_OBJECT,objpart,NULL,NULL);
422	$$=expr;
423	OUT("osetterm_4");
424	}
425	;
426
427	/*
428	oset:access([urn:'fileA'])
429	*/
430	osetpart : OSET COLON IDEN LPAREN terms RPAREN
431	{
432	$$=make_yy_roleoset_oset($3,$5);
433	}
434	\| OSET COLON IDEN
435	{
436	$$=make_yy_roleoset_oset($3,NULL);
437	}
438	;
439
440
441	osetleft : keypart DOT osetpart
442	{
443	abac_yy_principal_t *keypart=$1;
444	abac_yy_roleoset_t *osetpart=$3;
445	abac_yy_expression_t *expr=
446	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
447	$$=expr;
448	OUT("osetleft");
449	}
450	;
451
452	osetright : osetterm AND osetright
453	{
454	abac_yy_expression_t *nexpr=$1;
455	abac_yy_expression_t *exprs=$3;
456	$$=add_yy_expression(nexpr,exprs);
457	OUT("osetright_1");
458	}
459	\| osetterm
460	{
461	$$=$1;
462	OUT("osetright_2");
463	}
464	;
465	%%
466
467
468	/* Additional C code */
469	int yywrap()
470	{
471	/* exit when done lexing the current input */
472	return 1;
473	}
474
475	int yyerror (char *s)
476	{
477	fprintf (abac_yyout,"yyerror: %s\n", s);
478	}
479
480	/* setting defaults */
481	void abac_yyinit()
482	{
483	abac_yyout=abac_ll_get_yyout();
484	abac_yyfptr = abac_ll_get_yyfptr();
485	OUT("======================================");
486	}
487
488	void panic(char *msg)
489	{
490	OUT("panic, EEEEKKKKKK...");
491	yyerror(msg);
492	}
493

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format