Context Navigation

source: libabac/rt2.y @ 5110d42

mei_rt2mei_rt2_fix_1

Last change on this file since 5110d42 was 5110d42, checked in by Mei <mei@…>, 12 years ago

1) reorganized the test directory to include python tests
2) attribute via api and principal via api from python scripts is

working (although there is a annoying seg fault at the very end
that must be related to something not been dup()ed.. need to wait
for c example to debug it)

3) able to query via api
4) replicated access_rt2 example in python and the query result matches
5) expanded api to make it easier to generate rt2 structure

Property mode set to 100644

File size: 13.1 KB

Line
1
2	/* bison grammar rules for process new rt2 statements */
3
4	%{
5	// include the GNU extension of asprintf
6	#define _GNU_SOURCE
7
8	/* C declarations */
9	#include <stdio.h>
10	#include <string.h>
11
12	#include "abac_pl_yy.h"
13	#include "abac_list.h"
14
15	/* lex tie-ins flag */
16	int yyerror (char *s);
17	static int debug=0;
18
19	FILE *abac_yyout = NULL;
20	char *abac_yyfptr = NULL;
21	char *abac_yyfptr_encoded = NULL;
22
23	#define USE(evalue) ((getenv(evalue)!=NULL)?1:0)
24
25	void panic(char *msg);
26
27	%}
28	/* Bison declarations */
29	%union {
30	struct _abac_yy_principal_t *pstruct;
31	struct _abac_yy_term_principal_t *ppstruct;
32	struct _abac_yy_term_data_t *pdstruct;
33	struct _abac_yy_roleoset_t *rostruct;
34	struct _abac_yy_term_t *dstruct;
35	struct _abac_yy_expression_t *estruct;
36	struct _abac_list_t *lstruct;
37	char string; / For returning char strings */
38	int intval; /* for returning some value */
39	}
40
41	%start input
42
43	%type <lstruct> stmt
44	%type <rostruct> rolepart
45	%type <estruct> roleleft
46	%type <estruct> roleright
47	%type <estruct> roleterm
48	%type <rostruct> osetpart
49	%type <estruct> osetleft
50	%type <estruct> osetright
51	%type <estruct> osetterm
52	%type <pstruct> keypart
53	%type <dstruct> terms
54	%type <dstruct> term
55	%type <pdstruct> typedpart
56	%type <pdstruct> otypetail
57	%type <ppstruct> principalpart
58	%type <lstruct> rangetype
59	%type <lstruct> values
60
61	%token <string> IDEN /* keyname or rolename or osetname */
62	%token <string> CAPIDEN /* variable name */
63	%token <string> ROLE /* the word, role */
64	%token <string> OSET /* the word, oset */
65	%token <string> PRINCIPAL /* the word, principal */
66	%token <string> OTYPE /* integer,boolean,urn,time,string,float */
67	%token <string> OTYPE_CONSTANT
68	%token <string> VARIABLE_CONSTANT /* constant for ?AAA */
69	%token <string> KEYTYPE /* keyid \| or something else */
70	%token <string> KEYID_CONSTANT /* keyid \| or something else */
71	%token <string> VALUE /* range value in static constraint */
72
73	%token <operator> DERIVE "<-"
74	%token <operator> DOT "."
75	%token <operator> AND "&"
76	%token <operator> LPAREN "("
77	%token <operator> RPAREN ")"
78	%token <operator> LSQUARE "["
79	%token <operator> RSQUARE "]"
80	%token <operator> LANGLE "<"
81	%token <operator> RANGLE ">"
82	%token <operator> COLON ":"
83	%token <operator> COMMA ","
84	%token <operator> QMARK "?"
85	%token <operator> DOTDOT ".."
86
87	%%
88	/* Grammar rules */
89
90	input: /* empty */
91	{ }
92	\| stmt
93	{
94	abac_yy_set_rule_clauses($1);
95	}
96	;
97
98	/* generate/concate prolog credentials clauses */
99	stmt : roleleft DERIVE roleright
100	{
101	abac_yy_expression_t *headexpr=$1;
102	abac_yy_expression_t *tailexpr=$3;
103	abac_list_t *ret=make_role_statement(headexpr, tailexpr);
104	if(ret == NULL) {
105	panic("unable to parse the role rule statment");
106	YYERROR;
107	} else {
108	$$=ret;
109	}
110	}
111	\| osetleft DERIVE osetright
112	{
113	abac_yy_expression_t *headexpr=$1;
114	abac_yy_expression_t *tailexpr=$3;
115	abac_list_t *ret=make_oset_statement(headexpr, tailexpr);
116	if(ret == NULL) {
117	panic("unable to parse the oset rule statment");
118	YYERROR;
119	} else {
120	$$=ret;
121	}
122	}
123	;
124	/*
125	[keyid:isi].role:modifyBy([keyid:mike])
126	[keyid:acme].role:preferred
127	*/
128	roleleft : keypart DOT rolepart
129	{
130	abac_yy_principal_t *keypart=$1;
131	abac_yy_roleoset_t *rolepart=$3;
132	abac_yy_expression_t *expr=
133	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
134	$$=expr;
135	}
136	;
137
138	/* [keyid:mike] */
139	keypart : LSQUARE KEYTYPE COLON
140	{ abac_push_keyid_yystate(); }
141	KEYID_CONSTANT
142	{ abac_pop_yystate(); }
143	RSQUARE
144	{
145	int idtype=abac_verify_idtype_type($2);
146	char *tmp=NULL;
147	asprintf(&tmp,"%s",$5);
148	char *cn=abac_cn_with_sha(tmp);
149	if(cn && idtype) {
150	$$=make_yy_principal(tmp, cn, idtype);
151	} else {
152	if((USE("ABAC_CN")) && cn==NULL) {
153	asprintf(&tmp,"encountered an invalid SHA id(%s)",$5);
154	panic(tmp);
155	free(tmp);
156	YYERROR;
157	}
158	$$=make_yy_principal(tmp, NULL, idtype);
159	}
160	}
161	;
162	/*
163	role:modifyBy([keyid:mike],[keyid:ted])
164	role:modifyBy([keyid:mike])
165	role:preferred
166	*/
167	rolepart : ROLE COLON IDEN LPAREN terms RPAREN
168	{
169	$$=make_yy_roleoset_role($3,$5);
170	}
171	\| ROLE COLON IDEN
172	{
173	$$=make_yy_roleoset_role($3,NULL);
174	}
175	;
176
177	/*
178	[keyid:mike],[keyid:ted]
179	[keyid:mike]
180	[principal:?Z]
181	[principal:?this]
182	[int:99]
183	[int:?Z]
184	[?]
185	*/
186	terms : term COMMA terms
187	{
188	abac_yy_term_t *nterm=$1;
189	abac_yy_term_t *terms=$3;
190	$$=add_yy_term(nterm, terms);
191	}
192	\| term
193	{
194	$$=$1;
195	}
196	;
197
198	term : LSQUARE QMARK RSQUARE
199	{ $$= make_yy_term_dterm_anonymous(); }
200	\| keypart
201	{ $$= make_yy_term_dterm_named($1); }
202	\| principalpart
203	{ $$= make_yy_term_dterm_principal($1); }
204	\| typedpart
205	{ $$= make_yy_term_dterm_data($1); }
206	;
207
208	values : VALUE COMMA values
209	{ $$=add_yy_val_range($3, $1); }
210	\| VALUE
211	{ $$=make_yy_val_range($1); }
212	;
213
214
215	rangetype : LSQUARE VALUE DOTDOT VALUE RSQUARE
216	{ $$=make_yy_minmax_range($2,$4); }
217	\| LSQUARE DOTDOT VALUE RSQUARE
218	{ $$=make_yy_max_range($3); }
219	\| LSQUARE VALUE DOTDOT RSQUARE
220	{ $$=make_yy_min_range($2); }
221	\| LSQUARE values RSQUARE
222	{ $$=$2; }
223	;
224
225	/* [otype:?Z:{oset-constraint}] */
226	/* [int:?I:[10 .. 20] */
227	/* [float:?F:[0.5 .. 2.5] */
228	/* [string:?S:["abc",'efg',"hij"] -only listed range */
229	/* urn same as string */
230	/* time like int but with quoted string values */
231	otypetail : VARIABLE_CONSTANT COLON
232	{
233	abac_pop_yystate();
234	abac_push_range_yystate();
235	}
236	rangetype
237	{
238	abac_pop_yystate();
239	abac_yy_term_data_t *ptr=make_yy_term_data();
240	set_yy_term_data_name(ptr,$1);
241	set_yy_term_data_is_variable(ptr);
242	set_yy_term_data_cond_range(ptr,$4);
243	$$=ptr;
244	}
245	\| VARIABLE_CONSTANT
246	{ abac_pop_yystate(); }
247	osetleft
248	{
249	abac_yy_term_data_t *ptr=make_yy_term_data();
250	set_yy_term_data_name(ptr,$1);
251	set_yy_term_data_is_variable(ptr);
252	set_yy_term_data_cond_head_expr(ptr,$3);
253	$$=ptr;
254	}
255	\| VARIABLE_CONSTANT
256	{
257	abac_pop_yystate();
258	abac_yy_term_data_t *ptr=make_yy_term_data();
259	set_yy_term_data_name(ptr,$1);
260	set_yy_term_data_is_variable(ptr);
261	$$=ptr;
262	}
263	\| OTYPE_CONSTANT
264	{
265	abac_pop_yystate();
266	abac_yy_term_data_t *ptr=make_yy_term_data();
267	set_yy_term_data_name(ptr,$1);
268	$$=ptr;
269	}
270	\| QMARK
271	{
272	abac_pop_yystate();
273	abac_yy_term_data_t *ptr=make_yy_term_data();
274	set_yy_term_data_is_anonymous(ptr);
275	$$= ptr;
276	}
277	;
278
279	typedpart : LSQUARE OTYPE COLON
280	{ abac_push_yystate($2); }
281	otypetail RSQUARE
282	{
283	abac_yy_term_data_t *ptr=$5;
284	set_yy_term_data_type(ptr,$2);
285	if(is_yy_term_data_has_constraint(ptr)) {
286	char *tail_string=get_yy_term_data_name(ptr);
287	make_yy_range_constraint(ptr);
288	make_yy_oset_constraint(ptr,tail_string);
289	}
290	$$=$5;
291	}
292	;
293
294
295	/* [principal:?] */
296	/* [principal:?Z] */
297	/* [principal:?This] */
298	/* [principal:?Z{role-constraint}] */
299	principalpart : LSQUARE PRINCIPAL COLON QMARK IDEN roleleft RSQUARE
300	{
301	abac_yy_expression_t *expr=$6;
302	char *tail_string=$5;
303	abac_yy_term_principal_t *ptr=make_yy_term_principal();
304	set_yy_term_principal_name(ptr,tail_string);
305	set_yy_term_principal_cond_head_expr(ptr,expr);
306	make_yy_role_constraint(ptr,tail_string);
307	$$=ptr;
308	}
309	\| LSQUARE PRINCIPAL COLON QMARK IDEN RSQUARE
310	{
311	abac_yy_term_principal_t *ptr=make_yy_term_principal();
312	set_yy_term_principal_name(ptr,$5);
313	$$ = ptr;
314	}
315	\| LSQUARE PRINCIPAL COLON QMARK RSQUARE
316	{
317	abac_yy_term_principal_t *ptr=make_yy_term_principal();
318	set_yy_term_principal_is_anonymous(ptr);
319	$$ = ptr;
320	}
321	;
322
323	roleright : roleterm AND roleright
324	{
325	abac_yy_expression_t *nexpr=$1;
326	abac_yy_expression_t *exprs=$3;
327	$$=add_yy_expression(nexpr,exprs);
328	}
329	\| roleterm
330	{ $$=$1; }
331	;
332
333	/* role at tail/right side
334	[keyid:usc].role:employee.role:friend
335	[keyid:usc].role:worker
336	[keyid:mike]
337	*/
338	roleterm : keypart DOT rolepart DOT rolepart
339	{
340	abac_yy_principal_t *keypart=$1;
341	abac_yy_roleoset_t *linked_rolepart=$3;
342	abac_yy_roleoset_t *rolepart=$5;
343	abac_yy_expression_t *expr=
344	make_yy_expression(e_yy_EXPR_LINKED,keypart,rolepart,linked_rolepart);
345	$$=expr;
346	}
347	\| keypart DOT rolepart
348	{
349	abac_yy_principal_t *keypart=$1;
350	abac_yy_roleoset_t *rolepart=$3;
351	abac_yy_expression_t *expr=
352	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
353	$$=expr;
354	}
355	\| keypart
356	{
357	abac_yy_principal_t *keypart=$1;
358	abac_yy_expression_t *expr=
359	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
360	$$=expr;
361	}
362	;
363
364	osetterm : keypart DOT rolepart DOT osetpart
365	{
366	abac_yy_principal_t *keypart=$1;
367	abac_yy_roleoset_t *linked_rolepart=$3;
368	abac_yy_roleoset_t *osetpart=$5;
369	abac_yy_expression_t *expr=
370	make_yy_expression(e_yy_EXPR_LINKED,keypart,osetpart,linked_rolepart);
371	$$=expr;
372	}
373	\| keypart DOT osetpart
374	{
375	abac_yy_principal_t *keypart=$1;
376	abac_yy_roleoset_t *osetpart=$3;
377	abac_yy_expression_t *expr=
378	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
379	$$=expr;
380	}
381	\| keypart
382	{
383	abac_yy_principal_t *keypart=$1;
384	abac_yy_expression_t *expr=
385	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
386	$$=expr;
387	}
388	\| typedpart
389	{
390	abac_yy_term_data_t *objpart=$1;
391	abac_yy_expression_t *expr=
392	make_yy_expression(e_yy_EXPR_OBJECT,objpart,NULL,NULL);
393	$$=expr;
394	}
395	;
396
397	/*
398	oset:access([urn:'fileA'])
399	*/
400	osetpart : OSET COLON IDEN LPAREN terms RPAREN
401	{
402	$$=make_yy_roleoset_oset($3,$5);
403	}
404	\| OSET COLON IDEN
405	{
406	$$=make_yy_roleoset_oset($3,NULL);
407	}
408	;
409
410
411	osetleft : keypart DOT osetpart
412	{
413	abac_yy_principal_t *keypart=$1;
414	abac_yy_roleoset_t *osetpart=$3;
415	abac_yy_expression_t *expr=
416	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
417	$$=expr;
418	}
419	;
420
421	osetright : osetterm AND osetright
422	{
423	abac_yy_expression_t *nexpr=$1;
424	abac_yy_expression_t *exprs=$3;
425	$$=add_yy_expression(nexpr,exprs);
426	}
427	\| osetterm
428	{ $$=$1; }
429	;
430	%%
431
432
433	/* Additional C code */
434	int yywrap()
435	{
436	/* exit when done lexing the current input */
437	return 1;
438	}
439
440	int yyerror (char *s)
441	{
442	fprintf (abac_yyout,"yyerror: %s\n", s);
443	}
444
445	/* setting defaults */
446	void abac_yyinit()
447	{
448	abac_yyout=abac_get_yyout();
449	abac_yyfptr = abac_get_yyfptr();
450	abac_yyfptr_encoded = abac_get_yyfptr_encoded();
451	if(debug)
452	fprintf (abac_yyout,"\n=======================================\n");
453	}
454
455	void panic(char *msg)
456	{
457	yyerror(msg);
458	}
459

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format