Context Navigation

source: libabac/rt2.y @ 43ff309

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 43ff309 was 7727f26, checked in by Mei <mei@…>, 12 years ago

1) add environment variables DUMP_DB, ABAC_CN.

ABAC_CN will switch to using CNs for keyid insead of SHAs

2) add/modified couple of doc files.

Property mode set to 100644

File size: 12.8 KB

Line
1
2	/* bison grammar rules for process new rt2 statements */
3
4	%{
5	// include the GNU extension of asprintf
6	#define _GNU_SOURCE
7
8	/* C declarations */
9	#include <stdio.h>
10	#include <string.h>
11
12	#include "abac_pl_yy.h"
13	#include "abac_list.h"
14
15	/* lex tie-ins flag */
16	int yyerror (char *s);
17
18	FILE *abac_yyout = NULL;
19	char *abac_yyfptr = NULL;
20	char *abac_yyfptr_encoded = NULL;
21
22	#define USE(evalue) ((getenv(evalue)!=NULL)?1:0)
23
24	void panic(char *msg);
25
26	%}
27	/* Bison declarations */
28	%union {
29	struct _abac_yy_principal_t *pstruct;
30	struct _abac_yy_term_principal_t *ppstruct;
31	struct _abac_yy_term_data_t *pdstruct;
32	struct _abac_yy_role_t *rstruct;
33	struct _abac_yy_oset_t *ostruct;
34	struct _abac_yy_term_t *dstruct;
35	struct _abac_yy_expression_t *estruct;
36	struct _abac_list_t *lstruct;
37	char string; / For returning char strings */
38	int intval; /* for returning some value */
39	}
40
41	%start input
42
43	%type <lstruct> stmt
44	%type <rstruct> rolepart
45	%type <estruct> roleleft
46	%type <estruct> roleright
47	%type <estruct> roleterm
48	%type <ostruct> osetpart
49	%type <estruct> osetleft
50	%type <estruct> osetright
51	%type <estruct> osetterm
52	%type <pstruct> keypart
53	%type <dstruct> terms
54	%type <dstruct> term
55	%type <pdstruct> typedpart
56	%type <pdstruct> otypetail
57	%type <ppstruct> principalpart
58	%type <lstruct> rangetype
59	%type <lstruct> values
60
61	%token <string> IDEN /* keyname or rolename or osetname */
62	%token <string> CAPIDEN /* variable name */
63	%token <string> ROLE /* the word, role */
64	%token <string> OSET /* the word, oset */
65	%token <string> PRINCIPAL /* the word, principal */
66	%token <string> OTYPE /* integer,boolean,urn,time,string,float */
67	%token <string> OTYPE_CONSTANT
68	%token <string> VARIABLE_CONSTANT /* constant for ?AAA */
69	%token <string> KEYTYPE /* keyid \| or something else */
70	%token <string> KEYID_CONSTANT /* keyid \| or something else */
71	%token <string> VALUE /* range value in static constraint */
72
73	%token <operator> DERIVE "<-"
74	%token <operator> DOT "."
75	%token <operator> AND "&"
76	%token <operator> LPAREN "("
77	%token <operator> RPAREN ")"
78	%token <operator> LSQUARE "["
79	%token <operator> RSQUARE "]"
80	%token <operator> LANGLE "<"
81	%token <operator> RANGLE ">"
82	%token <operator> COLON ":"
83	%token <operator> COMMA ","
84	%token <operator> QMARK "?"
85	%token <operator> DOTDOT ".."
86
87	%%
88	/* Grammar rules */
89
90	input: /* empty */
91	{ }
92	\| stmt
93	{
94	abac_yy_set_rule_clauses($1);
95	}
96	;
97
98	/* generate/concate prolog credentials clauses */
99	stmt : roleleft DERIVE roleright
100	{
101	abac_yy_expression_t *headexpr=$1;
102	abac_yy_expression_t *tailexpr=$3;
103	abac_list_t *ret=make_role_statement(headexpr, tailexpr);
104	if(ret == NULL) {
105	panic("unable to parse the role rule statment");
106	YYERROR;
107	} else {
108	$$=ret;
109	}
110	}
111	\| osetleft DERIVE osetright
112	{
113	abac_yy_expression_t *headexpr=$1;
114	abac_yy_expression_t *tailexpr=$3;
115	abac_list_t *ret=make_oset_statement(headexpr, tailexpr);
116	if(ret == NULL) {
117	panic("unable to parse the oset rule statment");
118	YYERROR;
119	} else {
120	$$=ret;
121	}
122	}
123	;
124	/*
125	[keyid:isi].role:modifyBy([keyid:mike])
126	[keyid:acme].role:preferred
127	*/
128	roleleft : keypart DOT rolepart
129	{
130	abac_yy_principal_t *keypart=$1;
131	abac_yy_role_t *rolepart=$3;
132	abac_yy_expression_t *expr=
133	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
134	$$=expr;
135	}
136	;
137
138	/* [keyid:mike] */
139	keypart : LSQUARE KEYTYPE COLON
140	{ abac_push_keyid_yystate(); }
141	KEYID_CONSTANT
142	{ abac_pop_yystate(); }
143	RSQUARE
144	{
145	int idtype=abac_verify_keyid_type($2);
146	char *tmp=NULL;
147	asprintf(&tmp,"p%s",$5);
148	char *cn=abac_cn_with_sha(tmp);
149	if(cn && idtype) {
150	$$=make_yy_principal(tmp, cn, idtype);
151	} else {
152	if((USE("ABAC_CN"))) {
153	panic("encountered an invalid SHA id");
154	YYERROR;
155	}
156	$$=make_yy_principal(tmp, NULL, idtype);
157	}
158	}
159	;
160	/*
161	role:modifyBy([keyid:mike],[keyid:ted])
162	role:modifyBy([keyid:mike])
163	role:preferred
164	*/
165	rolepart : ROLE COLON IDEN LPAREN terms RPAREN
166	{
167	$$=make_yy_role($3,$5);
168	}
169	\| ROLE COLON IDEN
170	{
171	$$=make_yy_role($3,NULL);
172	}
173	;
174
175	/*
176	[keyid:mike],[keyid:ted]
177	[keyid:mike]
178	[principal:?Z]
179	?? [principal:?this]
180	[int:99]
181	[int:?Z]
182	[?]
183	*/
184	terms : term COMMA terms
185	{
186	abac_yy_term_t *nterm=$1;
187	abac_yy_term_t *terms=$3;
188	$$=add_yy_term(nterm, terms);
189	}
190	\| term
191	{
192	$$=$1;
193	}
194	;
195
196	term : LSQUARE QMARK RSQUARE
197	{ $$= make_yy_term_dterm_anonymous(); }
198	\| keypart
199	{ $$= make_yy_term_dterm_named($1); }
200	\| principalpart
201	{ $$= make_yy_term_dterm_principal($1); }
202	\| typedpart
203	{ $$= make_yy_term_dterm_data($1); }
204	;
205
206	values : VALUE COMMA values
207	{ $$=add_yy_val_range($3, $1); }
208	\| VALUE
209	{ $$=make_yy_val_range($1); }
210	;
211
212
213	rangetype : LSQUARE VALUE DOTDOT VALUE RSQUARE
214	{ $$=make_yy_minmax_range($2,$4); }
215	\| LSQUARE DOTDOT VALUE RSQUARE
216	{ $$=make_yy_max_range($3); }
217	\| LSQUARE VALUE DOTDOT RSQUARE
218	{ $$=make_yy_min_range($2); }
219	\| LSQUARE values RSQUARE
220	{ $$=$2; }
221	;
222
223	/* [otype:?Z:{oset-constraint}] */
224	/* [int:?I:[10 .. 20] */
225	/* [float:?F:[0.5 .. 2.5] */
226	/* [string:?S:["abc",'efg',"hij"] -only listed range */
227	/* urn same as string */
228	/* time like int but with quoted string values */
229	otypetail : VARIABLE_CONSTANT COLON
230	{
231	abac_pop_yystate();
232	abac_push_range_yystate();
233	}
234	rangetype
235	{
236	abac_pop_yystate();
237	abac_yy_term_data_t *ptr=make_yy_term_data();
238	set_yy_term_data_name(ptr,$1);
239	set_yy_term_data_is_variable(ptr);
240	set_yy_term_data_cond_range(ptr,$4);
241	$$=ptr;
242	}
243	\| VARIABLE_CONSTANT
244	{ abac_pop_yystate(); }
245	osetleft
246	{
247	abac_yy_term_data_t *ptr=make_yy_term_data();
248	set_yy_term_data_name(ptr,$1);
249	set_yy_term_data_is_variable(ptr);
250	set_yy_term_data_cond_head_expr(ptr,$3);
251	$$=ptr;
252	}
253	\| VARIABLE_CONSTANT
254	{
255	abac_pop_yystate();
256	abac_yy_term_data_t *ptr=make_yy_term_data();
257	set_yy_term_data_name(ptr,$1);
258	set_yy_term_data_is_variable(ptr);
259	$$=ptr;
260	}
261	\| OTYPE_CONSTANT
262	{
263	abac_pop_yystate();
264	abac_yy_term_data_t *ptr=make_yy_term_data();
265	set_yy_term_data_name(ptr,$1);
266	$$=ptr;
267	}
268	\| QMARK
269	{
270	abac_pop_yystate();
271	abac_yy_term_data_t *ptr=make_yy_term_data();
272	set_yy_term_data_is_anonymous(ptr);
273	$$= ptr;
274	}
275	;
276
277	typedpart : LSQUARE OTYPE COLON
278	{ abac_push_yystate($2); }
279	otypetail RSQUARE
280	{
281	abac_yy_term_data_t *ptr=$5;
282	set_yy_term_data_type(ptr,$2);
283	if(is_yy_term_data_has_constraint(ptr)) {
284	char *tail_string=get_yy_term_data_name(ptr);
285	make_yy_range_constraint(ptr,tail_string);
286	make_yy_oset_constraint(ptr,tail_string);
287	}
288	$$=$5;
289	}
290	;
291
292
293	/* [principal:?] */
294	/* [principal:?Z] */
295	/* [principal:?Z{role-constraint}] */
296	principalpart : LSQUARE PRINCIPAL COLON QMARK IDEN roleleft RSQUARE
297	{
298	abac_yy_expression_t *expr=$6;
299	char *tail_string=$5;
300	abac_yy_term_principal_t *ptr=make_yy_term_principal();
301	set_yy_term_principal_name(ptr,tail_string);
302	set_yy_term_principal_cond_head_expr(ptr,expr);
303	char *string=make_yy_role_constraint(ptr,tail_string);
304	$$=ptr;
305	}
306	\| LSQUARE PRINCIPAL COLON QMARK IDEN RSQUARE
307	{
308	abac_yy_term_principal_t *ptr=make_yy_term_principal();
309	set_yy_term_principal_name(ptr,$5);
310	$$ = ptr;
311	}
312	\| LSQUARE PRINCIPAL COLON QMARK RSQUARE
313	{
314	abac_yy_term_principal_t *ptr=make_yy_term_principal();
315	set_yy_term_principal_is_anonymous(ptr);
316	$$ = ptr;
317	}
318	;
319
320	roleright : roleterm AND roleright
321	{
322	abac_yy_expression_t *nexpr=$1;
323	abac_yy_expression_t *exprs=$3;
324	$$=add_yy_expression(nexpr,exprs);
325	}
326	\| roleterm
327	{ $$=$1; }
328	;
329
330	/* role at tail/right side
331	[keyid:usc].role:employee.role:friend
332	[keyid:usc].role:worker
333	[keyid:mike]
334	*/
335	roleterm : keypart DOT rolepart DOT rolepart
336	{
337	abac_yy_principal_t *keypart=$1;
338	abac_yy_role_t *linked_rolepart=$3;
339	abac_yy_role_t *rolepart=$5;
340	abac_yy_expression_t *expr=
341	make_yy_expression(e_yy_EXPR_LINKED,keypart,rolepart,linked_rolepart);
342	$$=expr;
343	}
344	\| keypart DOT rolepart
345	{
346	abac_yy_principal_t *keypart=$1;
347	abac_yy_role_t *rolepart=$3;
348	abac_yy_expression_t *expr=
349	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
350	$$=expr;
351	}
352	\| keypart
353	{
354	abac_yy_principal_t *keypart=$1;
355	abac_yy_expression_t *expr=
356	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
357	$$=expr;
358	}
359	;
360
361	osetterm : keypart DOT rolepart DOT osetpart
362	{
363	abac_yy_principal_t *keypart=$1;
364	abac_yy_role_t *linked_rolepart=$3;
365	abac_yy_oset_t *osetpart=$5;
366	abac_yy_expression_t *expr=
367	make_yy_expression(e_yy_EXPR_LINKED,keypart,osetpart,linked_rolepart);
368	$$=expr;
369	}
370	\| keypart DOT osetpart
371	{
372	abac_yy_principal_t *keypart=$1;
373	abac_yy_oset_t *osetpart=$3;
374	abac_yy_expression_t *expr=
375	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
376	$$=expr;
377	}
378	\| keypart
379	{
380	abac_yy_principal_t *keypart=$1;
381	abac_yy_expression_t *expr=
382	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
383	$$=expr;
384	}
385	\| typedpart
386	{
387	abac_yy_term_data_t *objpart=$1;
388	abac_yy_expression_t *expr=
389	make_yy_expression(e_yy_EXPR_OBJECT,objpart,NULL,NULL);
390	$$=expr;
391	}
392	;
393
394	/*
395	oset:access([urn:'fileA'])
396	*/
397	osetpart : OSET COLON IDEN LPAREN terms RPAREN
398	{
399	$$=make_yy_oset($3,$5);
400	}
401	\| OSET COLON IDEN
402	{
403	$$=make_yy_oset($3,NULL);
404	}
405	;
406
407
408	osetleft : keypart DOT osetpart
409	{
410	abac_yy_principal_t *keypart=$1;
411	abac_yy_oset_t *osetpart=$3;
412	abac_yy_expression_t *expr=
413	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
414	$$=expr;
415	}
416	;
417
418	osetright : osetterm AND osetright
419	{
420	abac_yy_expression_t *nexpr=$1;
421	abac_yy_expression_t *exprs=$3;
422	$$=add_yy_expression(nexpr,exprs);
423	}
424	\| osetterm
425	{ $$=$1; }
426	;
427	%%
428
429
430	/* Additional C code */
431	int yywrap()
432	{
433	/* exit when done lexing the current input */
434	return 1;
435	}
436
437	int yyerror (char *s)
438	{
439	fprintf (abac_yyout,"yyerror: %s\n", s);
440	}
441
442	/* setting defaults */
443	void abac_yyinit()
444	{
445	abac_yyout=abac_get_yyout();
446	abac_yyfptr = abac_get_yyfptr();
447	abac_yyfptr_encoded = abac_get_yyfptr_encoded();
448	}
449
450	void panic(char *msg)
451	{
452	yyerror(msg);
453	}
454

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format