Context Navigation

source: libabac/rt2.y @ 8bd77b5

mei_rt2mei_rt2_fix_1

Last change on this file since 8bd77b5 was 8bd77b5, checked in by Mei <mei@…>, 12 years ago

1) convert parser and libabac to use id cred and attr cred like

creddy (move those 2 files to libabac).

2) fix up abac.hh to work with expanded libabac. can now build

structure from python script

3) redid the credential dump using the internal credential table

instead of depending on a search in db.

Property mode set to 100644

File size: 13.1 KB

Line
1
2	/* bison grammar rules for process new rt2 statements */
3
4	%{
5	// include the GNU extension of asprintf
6	#define _GNU_SOURCE
7
8	/* C declarations */
9	#include <stdio.h>
10	#include <string.h>
11
12	#include "abac_pl_yy.h"
13	#include "abac_list.h"
14
15	/* lex tie-ins flag */
16	int yyerror (char *s);
17	static int debug=0;
18
19	FILE *abac_yyout = NULL;
20	char *abac_yyfptr = NULL;
21	char *abac_yyfptr_encoded = NULL;
22
23	#define USE(evalue) ((getenv(evalue)!=NULL)?1:0)
24
25	void panic(char *msg);
26
27	%}
28	/* Bison declarations */
29	%union {
30	struct _abac_yy_principal_t *pstruct;
31	struct _abac_yy_term_principal_t *ppstruct;
32	struct _abac_yy_term_data_t *pdstruct;
33	struct _abac_yy_roleoset_t *rostruct;
34	struct _abac_yy_term_t *dstruct;
35	struct _abac_yy_expression_t *estruct;
36	struct _abac_list_t *lstruct;
37	char string; / For returning char strings */
38	int intval; /* for returning some value */
39	}
40
41	%start input
42
43	%type <lstruct> stmt
44	%type <rostruct> rolepart
45	%type <estruct> roleleft
46	%type <estruct> roleright
47	%type <estruct> roleterm
48	%type <rostruct> osetpart
49	%type <estruct> osetleft
50	%type <estruct> osetright
51	%type <estruct> osetterm
52	%type <pstruct> keypart
53	%type <dstruct> terms
54	%type <dstruct> term
55	%type <pdstruct> typedpart
56	%type <pdstruct> otypetail
57	%type <ppstruct> principalpart
58	%type <lstruct> rangetype
59	%type <lstruct> values
60
61	%token <string> IDEN /* keyname or rolename or osetname */
62	%token <string> CAPIDEN /* variable name */
63	%token <string> ROLE /* the word, role */
64	%token <string> OSET /* the word, oset */
65	%token <string> PRINCIPAL /* the word, principal */
66	%token <string> OTYPE /* integer,boolean,urn,time,string,float */
67	%token <string> OTYPE_CONSTANT
68	%token <string> VARIABLE_CONSTANT /* constant for ?AAA */
69	%token <string> KEYTYPE /* keyid \| or something else */
70	%token <string> KEYID_CONSTANT /* keyid \| or something else */
71	%token <string> VALUE /* range value in static constraint */
72
73	%token <operator> DERIVE "<-"
74	%token <operator> DOT "."
75	%token <operator> AND "&"
76	%token <operator> LPAREN "("
77	%token <operator> RPAREN ")"
78	%token <operator> LSQUARE "["
79	%token <operator> RSQUARE "]"
80	%token <operator> LANGLE "<"
81	%token <operator> RANGLE ">"
82	%token <operator> COLON ":"
83	%token <operator> COMMA ","
84	%token <operator> QMARK "?"
85	%token <operator> DOTDOT ".."
86
87	%%
88	/* Grammar rules */
89
90	input: /* empty */
91	{ }
92	\| stmt
93	{
94	abac_yy_set_rule_clauses($1);
95	}
96	;
97
98	/* generate/concate prolog credentials clauses */
99	stmt : roleleft DERIVE roleright
100	{
101	abac_yy_expression_t *headexpr=$1;
102	abac_yy_expression_t *tailexpr=$3;
103	abac_list_t *ret=make_role_statement(headexpr, tailexpr);
104	if(ret == NULL) {
105	panic("unable to parse the role rule statment");
106	YYERROR;
107	} else {
108	$$=ret;
109	}
110	}
111	\| osetleft DERIVE osetright
112	{
113	abac_yy_expression_t *headexpr=$1;
114	abac_yy_expression_t *tailexpr=$3;
115	abac_list_t *ret=make_oset_statement(headexpr, tailexpr);
116	if(ret == NULL) {
117	panic("unable to parse the oset rule statment");
118	YYERROR;
119	} else {
120	$$=ret;
121	}
122	}
123	;
124	/*
125	[keyid:isi].role:modifyBy([keyid:mike])
126	[keyid:acme].role:preferred
127	*/
128	roleleft : keypart DOT rolepart
129	{
130	abac_yy_principal_t *keypart=$1;
131	abac_yy_roleoset_t *rolepart=$3;
132	abac_yy_expression_t *expr=
133	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
134	$$=expr;
135	}
136	;
137
138	/* [keyid:mike] */
139	keypart : LSQUARE KEYTYPE COLON
140	{ abac_push_keyid_yystate(); }
141	KEYID_CONSTANT
142	{ abac_pop_yystate(); }
143	RSQUARE
144	{
145	int idtype=abac_verify_idtype_type($2);
146	char *tmp=NULL;
147	asprintf(&tmp,"p%s",$5);
148	char *cn=abac_cn_with_sha(tmp);
149	if(cn && idtype) {
150	$$=make_yy_principal(tmp, cn, idtype);
151	} else {
152	if((USE("ABAC_CN")) && cn==NULL) {
153	asprintf(&tmp,"encountered an invalid SHA id");
154	panic(tmp);
155	free(tmp);
156	YYERROR;
157	}
158	$$=make_yy_principal(tmp, NULL, idtype);
159	}
160	}
161	;
162	/*
163	role:modifyBy([keyid:mike],[keyid:ted])
164	role:modifyBy([keyid:mike])
165	role:preferred
166	*/
167	rolepart : ROLE COLON IDEN LPAREN terms RPAREN
168	{
169	$$=make_yy_roleoset_role($3,$5);
170	}
171	\| ROLE COLON IDEN
172	{
173	$$=make_yy_roleoset_role($3,NULL);
174	}
175	;
176
177	/*
178	[keyid:mike],[keyid:ted]
179	[keyid:mike]
180	[principal:?Z]
181	[principal:?this]
182	[int:99]
183	[int:?Z]
184	[?]
185	*/
186	terms : term COMMA terms
187	{
188	abac_yy_term_t *nterm=$1;
189	abac_yy_term_t *terms=$3;
190	$$=add_yy_term(nterm, terms);
191	}
192	\| term
193	{
194	$$=$1;
195	}
196	;
197
198	term : LSQUARE QMARK RSQUARE
199	{ $$= make_yy_term_dterm_anonymous(); }
200	\| keypart
201	{ $$= make_yy_term_dterm_named($1); }
202	\| principalpart
203	{ $$= make_yy_term_dterm_principal($1); }
204	\| typedpart
205	{ $$= make_yy_term_dterm_data($1); }
206	;
207
208	values : VALUE COMMA values
209	{ $$=add_yy_val_range($3, $1); }
210	\| VALUE
211	{ $$=make_yy_val_range($1); }
212	;
213
214
215	rangetype : LSQUARE VALUE DOTDOT VALUE RSQUARE
216	{ $$=make_yy_minmax_range($2,$4); }
217	\| LSQUARE DOTDOT VALUE RSQUARE
218	{ $$=make_yy_max_range($3); }
219	\| LSQUARE VALUE DOTDOT RSQUARE
220	{ $$=make_yy_min_range($2); }
221	\| LSQUARE values RSQUARE
222	{ $$=$2; }
223	;
224
225	/* [otype:?Z:{oset-constraint}] */
226	/* [int:?I:[10 .. 20] */
227	/* [float:?F:[0.5 .. 2.5] */
228	/* [string:?S:["abc",'efg',"hij"] -only listed range */
229	/* urn same as string */
230	/* time like int but with quoted string values */
231	otypetail : VARIABLE_CONSTANT COLON
232	{
233	abac_pop_yystate();
234	abac_push_range_yystate();
235	}
236	rangetype
237	{
238	abac_pop_yystate();
239	abac_yy_term_data_t *ptr=make_yy_term_data();
240	set_yy_term_data_name(ptr,$1);
241	set_yy_term_data_is_variable(ptr);
242	set_yy_term_data_cond_range(ptr,$4);
243	$$=ptr;
244	}
245	\| VARIABLE_CONSTANT
246	{ abac_pop_yystate(); }
247	osetleft
248	{
249	abac_yy_term_data_t *ptr=make_yy_term_data();
250	set_yy_term_data_name(ptr,$1);
251	set_yy_term_data_is_variable(ptr);
252	set_yy_term_data_cond_head_expr(ptr,$3);
253	$$=ptr;
254	}
255	\| VARIABLE_CONSTANT
256	{
257	abac_pop_yystate();
258	abac_yy_term_data_t *ptr=make_yy_term_data();
259	set_yy_term_data_name(ptr,$1);
260	set_yy_term_data_is_variable(ptr);
261	$$=ptr;
262	}
263	\| OTYPE_CONSTANT
264	{
265	abac_pop_yystate();
266	abac_yy_term_data_t *ptr=make_yy_term_data();
267	set_yy_term_data_name(ptr,$1);
268	$$=ptr;
269	}
270	\| QMARK
271	{
272	abac_pop_yystate();
273	abac_yy_term_data_t *ptr=make_yy_term_data();
274	set_yy_term_data_is_anonymous(ptr);
275	$$= ptr;
276	}
277	;
278
279	typedpart : LSQUARE OTYPE COLON
280	{ abac_push_yystate($2); }
281	otypetail RSQUARE
282	{
283	abac_yy_term_data_t *ptr=$5;
284	set_yy_term_data_type(ptr,$2);
285	if(is_yy_term_data_has_constraint(ptr)) {
286	char *tail_string=get_yy_term_data_name(ptr);
287	make_yy_range_constraint(ptr,tail_string);
288	make_yy_oset_constraint(ptr,tail_string);
289	}
290	$$=$5;
291	}
292	;
293
294
295	/* [principal:?] */
296	/* [principal:?Z] */
297	/* [principal:?This] */
298	/* [principal:?Z{role-constraint}] */
299	principalpart : LSQUARE PRINCIPAL COLON QMARK IDEN roleleft RSQUARE
300	{
301	abac_yy_expression_t *expr=$6;
302	char *tail_string=$5;
303	abac_yy_term_principal_t *ptr=make_yy_term_principal();
304	set_yy_term_principal_name(ptr,tail_string);
305	set_yy_term_principal_cond_head_expr(ptr,expr);
306	char *string=make_yy_role_constraint(ptr,tail_string);
307	$$=ptr;
308	}
309	\| LSQUARE PRINCIPAL COLON QMARK IDEN RSQUARE
310	{
311	abac_yy_term_principal_t *ptr=make_yy_term_principal();
312	set_yy_term_principal_name(ptr,$5);
313	$$ = ptr;
314	}
315	\| LSQUARE PRINCIPAL COLON QMARK RSQUARE
316	{
317	abac_yy_term_principal_t *ptr=make_yy_term_principal();
318	set_yy_term_principal_is_anonymous(ptr);
319	$$ = ptr;
320	}
321	;
322
323	roleright : roleterm AND roleright
324	{
325	abac_yy_expression_t *nexpr=$1;
326	abac_yy_expression_t *exprs=$3;
327	$$=add_yy_expression(nexpr,exprs);
328	}
329	\| roleterm
330	{ $$=$1; }
331	;
332
333	/* role at tail/right side
334	[keyid:usc].role:employee.role:friend
335	[keyid:usc].role:worker
336	[keyid:mike]
337	*/
338	roleterm : keypart DOT rolepart DOT rolepart
339	{
340	abac_yy_principal_t *keypart=$1;
341	abac_yy_roleoset_t *linked_rolepart=$3;
342	abac_yy_roleoset_t *rolepart=$5;
343	abac_yy_expression_t *expr=
344	make_yy_expression(e_yy_EXPR_LINKED,keypart,rolepart,linked_rolepart);
345	$$=expr;
346	}
347	\| keypart DOT rolepart
348	{
349	abac_yy_principal_t *keypart=$1;
350	abac_yy_roleoset_t *rolepart=$3;
351	abac_yy_expression_t *expr=
352	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
353	$$=expr;
354	}
355	\| keypart
356	{
357	abac_yy_principal_t *keypart=$1;
358	abac_yy_expression_t *expr=
359	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
360	$$=expr;
361	}
362	;
363
364	osetterm : keypart DOT rolepart DOT osetpart
365	{
366	abac_yy_principal_t *keypart=$1;
367	abac_yy_roleoset_t *linked_rolepart=$3;
368	abac_yy_roleoset_t *osetpart=$5;
369	abac_yy_expression_t *expr=
370	make_yy_expression(e_yy_EXPR_LINKED,keypart,osetpart,linked_rolepart);
371	$$=expr;
372	}
373	\| keypart DOT osetpart
374	{
375	abac_yy_principal_t *keypart=$1;
376	abac_yy_roleoset_t *osetpart=$3;
377	abac_yy_expression_t *expr=
378	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
379	$$=expr;
380	}
381	\| keypart
382	{
383	abac_yy_principal_t *keypart=$1;
384	abac_yy_expression_t *expr=
385	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
386	$$=expr;
387	}
388	\| typedpart
389	{
390	abac_yy_term_data_t *objpart=$1;
391	abac_yy_expression_t *expr=
392	make_yy_expression(e_yy_EXPR_OBJECT,objpart,NULL,NULL);
393	$$=expr;
394	}
395	;
396
397	/*
398	oset:access([urn:'fileA'])
399	*/
400	osetpart : OSET COLON IDEN LPAREN terms RPAREN
401	{
402	$$=make_yy_roleoset_oset($3,$5);
403	}
404	\| OSET COLON IDEN
405	{
406	$$=make_yy_roleoset_oset($3,NULL);
407	}
408	;
409
410
411	osetleft : keypart DOT osetpart
412	{
413	abac_yy_principal_t *keypart=$1;
414	abac_yy_roleoset_t *osetpart=$3;
415	abac_yy_expression_t *expr=
416	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
417	$$=expr;
418	}
419	;
420
421	osetright : osetterm AND osetright
422	{
423	abac_yy_expression_t *nexpr=$1;
424	abac_yy_expression_t *exprs=$3;
425	$$=add_yy_expression(nexpr,exprs);
426	}
427	\| osetterm
428	{ $$=$1; }
429	;
430	%%
431
432
433	/* Additional C code */
434	int yywrap()
435	{
436	/* exit when done lexing the current input */
437	return 1;
438	}
439
440	int yyerror (char *s)
441	{
442	fprintf (abac_yyout,"yyerror: %s\n", s);
443	}
444
445	/* setting defaults */
446	void abac_yyinit()
447	{
448	abac_yyout=abac_get_yyout();
449	abac_yyfptr = abac_get_yyfptr();
450	abac_yyfptr_encoded = abac_get_yyfptr_encoded();
451	if(debug)
452	fprintf (abac_yyout,"\n=======================================\n");
453	}
454
455	void panic(char *msg)
456	{
457	yyerror(msg);
458	}
459

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format