Context Navigation

source: libabac/rt2.y @ 9335cfa

mei_rt2mei_rt2_fix_1

Last change on this file since 9335cfa was 9335cfa, checked in by Mei <mei@…>, 12 years ago
1) add handling of 'this' data term for the principal type 2) add payraise_rt1_typed example 3) expand more test cases for python/swig/libabac
Property mode set to `100644`
File size: 13.1 KB

Line
1
2	/* bison grammar rules for process new rt2 statements */
3
4	%{
5	// include the GNU extension of asprintf
6	#define _GNU_SOURCE
7
8	/* C declarations */
9	#include <stdio.h>
10	#include <string.h>
11
12	#include "abac_pl_yy.h"
13	#include "abac_list.h"
14
15	/* lex tie-ins flag */
16	int yyerror (char *s);
17	static int debug=0;
18
19	FILE *abac_yyout = NULL;
20	char *abac_yyfptr = NULL;
21	char *abac_yyfptr_encoded = NULL;
22
23	#define USE(evalue) ((getenv(evalue)!=NULL)?1:0)
24
25	void panic(char *msg);
26
27	%}
28	/* Bison declarations */
29	%union {
30	struct _abac_yy_principal_t *pstruct;
31	struct _abac_yy_term_principal_t *ppstruct;
32	struct _abac_yy_term_data_t *pdstruct;
33	struct _abac_yy_role_t *rstruct;
34	struct _abac_yy_oset_t *ostruct;
35	struct _abac_yy_term_t *dstruct;
36	struct _abac_yy_expression_t *estruct;
37	struct _abac_list_t *lstruct;
38	char string; / For returning char strings */
39	int intval; /* for returning some value */
40	}
41
42	%start input
43
44	%type <lstruct> stmt
45	%type <rstruct> rolepart
46	%type <estruct> roleleft
47	%type <estruct> roleright
48	%type <estruct> roleterm
49	%type <ostruct> osetpart
50	%type <estruct> osetleft
51	%type <estruct> osetright
52	%type <estruct> osetterm
53	%type <pstruct> keypart
54	%type <dstruct> terms
55	%type <dstruct> term
56	%type <pdstruct> typedpart
57	%type <pdstruct> otypetail
58	%type <ppstruct> principalpart
59	%type <lstruct> rangetype
60	%type <lstruct> values
61
62	%token <string> IDEN /* keyname or rolename or osetname */
63	%token <string> CAPIDEN /* variable name */
64	%token <string> ROLE /* the word, role */
65	%token <string> OSET /* the word, oset */
66	%token <string> PRINCIPAL /* the word, principal */
67	%token <string> OTYPE /* integer,boolean,urn,time,string,float */
68	%token <string> OTYPE_CONSTANT
69	%token <string> VARIABLE_CONSTANT /* constant for ?AAA */
70	%token <string> KEYTYPE /* keyid \| or something else */
71	%token <string> KEYID_CONSTANT /* keyid \| or something else */
72	%token <string> VALUE /* range value in static constraint */
73
74	%token <operator> DERIVE "<-"
75	%token <operator> DOT "."
76	%token <operator> AND "&"
77	%token <operator> LPAREN "("
78	%token <operator> RPAREN ")"
79	%token <operator> LSQUARE "["
80	%token <operator> RSQUARE "]"
81	%token <operator> LANGLE "<"
82	%token <operator> RANGLE ">"
83	%token <operator> COLON ":"
84	%token <operator> COMMA ","
85	%token <operator> QMARK "?"
86	%token <operator> DOTDOT ".."
87
88	%%
89	/* Grammar rules */
90
91	input: /* empty */
92	{ }
93	\| stmt
94	{
95	abac_yy_set_rule_clauses($1);
96	}
97	;
98
99	/* generate/concate prolog credentials clauses */
100	stmt : roleleft DERIVE roleright
101	{
102	abac_yy_expression_t *headexpr=$1;
103	abac_yy_expression_t *tailexpr=$3;
104	abac_list_t *ret=make_role_statement(headexpr, tailexpr);
105	if(ret == NULL) {
106	panic("unable to parse the role rule statment");
107	YYERROR;
108	} else {
109	$$=ret;
110	}
111	}
112	\| osetleft DERIVE osetright
113	{
114	abac_yy_expression_t *headexpr=$1;
115	abac_yy_expression_t *tailexpr=$3;
116	abac_list_t *ret=make_oset_statement(headexpr, tailexpr);
117	if(ret == NULL) {
118	panic("unable to parse the oset rule statment");
119	YYERROR;
120	} else {
121	$$=ret;
122	}
123	}
124	;
125	/*
126	[keyid:isi].role:modifyBy([keyid:mike])
127	[keyid:acme].role:preferred
128	*/
129	roleleft : keypart DOT rolepart
130	{
131	abac_yy_principal_t *keypart=$1;
132	abac_yy_role_t *rolepart=$3;
133	abac_yy_expression_t *expr=
134	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
135	$$=expr;
136	}
137	;
138
139	/* [keyid:mike] */
140	keypart : LSQUARE KEYTYPE COLON
141	{ abac_push_keyid_yystate(); }
142	KEYID_CONSTANT
143	{ abac_pop_yystate(); }
144	RSQUARE
145	{
146	int idtype=abac_verify_keyid_type($2);
147	char *tmp=NULL;
148	asprintf(&tmp,"p%s",$5);
149	char *cn=abac_cn_with_sha(tmp);
150	if(cn && idtype) {
151	$$=make_yy_principal(tmp, cn, idtype);
152	} else {
153	if((USE("ABAC_CN")) && cn==NULL) {
154	asprintf(&tmp,"encountered an invalid SHA id");
155	panic(tmp);
156	free(tmp);
157	YYERROR;
158	}
159	$$=make_yy_principal(tmp, NULL, idtype);
160	}
161	}
162	;
163	/*
164	role:modifyBy([keyid:mike],[keyid:ted])
165	role:modifyBy([keyid:mike])
166	role:preferred
167	*/
168	rolepart : ROLE COLON IDEN LPAREN terms RPAREN
169	{
170	$$=make_yy_role($3,$5);
171	}
172	\| ROLE COLON IDEN
173	{
174	$$=make_yy_role($3,NULL);
175	}
176	;
177
178	/*
179	[keyid:mike],[keyid:ted]
180	[keyid:mike]
181	[principal:?Z]
182	[principal:?this]
183	[int:99]
184	[int:?Z]
185	[?]
186	*/
187	terms : term COMMA terms
188	{
189	abac_yy_term_t *nterm=$1;
190	abac_yy_term_t *terms=$3;
191	$$=add_yy_term(nterm, terms);
192	}
193	\| term
194	{
195	$$=$1;
196	}
197	;
198
199	term : LSQUARE QMARK RSQUARE
200	{ $$= make_yy_term_dterm_anonymous(); }
201	\| keypart
202	{ $$= make_yy_term_dterm_named($1); }
203	\| principalpart
204	{ $$= make_yy_term_dterm_principal($1); }
205	\| typedpart
206	{ $$= make_yy_term_dterm_data($1); }
207	;
208
209	values : VALUE COMMA values
210	{ $$=add_yy_val_range($3, $1); }
211	\| VALUE
212	{ $$=make_yy_val_range($1); }
213	;
214
215
216	rangetype : LSQUARE VALUE DOTDOT VALUE RSQUARE
217	{ $$=make_yy_minmax_range($2,$4); }
218	\| LSQUARE DOTDOT VALUE RSQUARE
219	{ $$=make_yy_max_range($3); }
220	\| LSQUARE VALUE DOTDOT RSQUARE
221	{ $$=make_yy_min_range($2); }
222	\| LSQUARE values RSQUARE
223	{ $$=$2; }
224	;
225
226	/* [otype:?Z:{oset-constraint}] */
227	/* [int:?I:[10 .. 20] */
228	/* [float:?F:[0.5 .. 2.5] */
229	/* [string:?S:["abc",'efg',"hij"] -only listed range */
230	/* urn same as string */
231	/* time like int but with quoted string values */
232	otypetail : VARIABLE_CONSTANT COLON
233	{
234	abac_pop_yystate();
235	abac_push_range_yystate();
236	}
237	rangetype
238	{
239	abac_pop_yystate();
240	abac_yy_term_data_t *ptr=make_yy_term_data();
241	set_yy_term_data_name(ptr,$1);
242	set_yy_term_data_is_variable(ptr);
243	set_yy_term_data_cond_range(ptr,$4);
244	$$=ptr;
245	}
246	\| VARIABLE_CONSTANT
247	{ abac_pop_yystate(); }
248	osetleft
249	{
250	abac_yy_term_data_t *ptr=make_yy_term_data();
251	set_yy_term_data_name(ptr,$1);
252	set_yy_term_data_is_variable(ptr);
253	set_yy_term_data_cond_head_expr(ptr,$3);
254	$$=ptr;
255	}
256	\| VARIABLE_CONSTANT
257	{
258	abac_pop_yystate();
259	abac_yy_term_data_t *ptr=make_yy_term_data();
260	set_yy_term_data_name(ptr,$1);
261	set_yy_term_data_is_variable(ptr);
262	$$=ptr;
263	}
264	\| OTYPE_CONSTANT
265	{
266	abac_pop_yystate();
267	abac_yy_term_data_t *ptr=make_yy_term_data();
268	set_yy_term_data_name(ptr,$1);
269	$$=ptr;
270	}
271	\| QMARK
272	{
273	abac_pop_yystate();
274	abac_yy_term_data_t *ptr=make_yy_term_data();
275	set_yy_term_data_is_anonymous(ptr);
276	$$= ptr;
277	}
278	;
279
280	typedpart : LSQUARE OTYPE COLON
281	{ abac_push_yystate($2); }
282	otypetail RSQUARE
283	{
284	abac_yy_term_data_t *ptr=$5;
285	set_yy_term_data_type(ptr,$2);
286	if(is_yy_term_data_has_constraint(ptr)) {
287	char *tail_string=get_yy_term_data_name(ptr);
288	make_yy_range_constraint(ptr,tail_string);
289	make_yy_oset_constraint(ptr,tail_string);
290	}
291	$$=$5;
292	}
293	;
294
295
296	/* [principal:?] */
297	/* [principal:?Z] */
298	/* [principal:?This] */
299	/* [principal:?Z{role-constraint}] */
300	principalpart : LSQUARE PRINCIPAL COLON QMARK IDEN roleleft RSQUARE
301	{
302	abac_yy_expression_t *expr=$6;
303	char *tail_string=$5;
304	abac_yy_term_principal_t *ptr=make_yy_term_principal();
305	set_yy_term_principal_name(ptr,tail_string);
306	set_yy_term_principal_cond_head_expr(ptr,expr);
307	char *string=make_yy_role_constraint(ptr,tail_string);
308	$$=ptr;
309	}
310	\| LSQUARE PRINCIPAL COLON QMARK IDEN RSQUARE
311	{
312	abac_yy_term_principal_t *ptr=make_yy_term_principal();
313	set_yy_term_principal_name(ptr,$5);
314	$$ = ptr;
315	}
316	\| LSQUARE PRINCIPAL COLON QMARK RSQUARE
317	{
318	abac_yy_term_principal_t *ptr=make_yy_term_principal();
319	set_yy_term_principal_is_anonymous(ptr);
320	$$ = ptr;
321	}
322	;
323
324	roleright : roleterm AND roleright
325	{
326	abac_yy_expression_t *nexpr=$1;
327	abac_yy_expression_t *exprs=$3;
328	$$=add_yy_expression(nexpr,exprs);
329	}
330	\| roleterm
331	{ $$=$1; }
332	;
333
334	/* role at tail/right side
335	[keyid:usc].role:employee.role:friend
336	[keyid:usc].role:worker
337	[keyid:mike]
338	*/
339	roleterm : keypart DOT rolepart DOT rolepart
340	{
341	abac_yy_principal_t *keypart=$1;
342	abac_yy_role_t *linked_rolepart=$3;
343	abac_yy_role_t *rolepart=$5;
344	abac_yy_expression_t *expr=
345	make_yy_expression(e_yy_EXPR_LINKED,keypart,rolepart,linked_rolepart);
346	$$=expr;
347	}
348	\| keypart DOT rolepart
349	{
350	abac_yy_principal_t *keypart=$1;
351	abac_yy_role_t *rolepart=$3;
352	abac_yy_expression_t *expr=
353	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
354	$$=expr;
355	}
356	\| keypart
357	{
358	abac_yy_principal_t *keypart=$1;
359	abac_yy_expression_t *expr=
360	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
361	$$=expr;
362	}
363	;
364
365	osetterm : keypart DOT rolepart DOT osetpart
366	{
367	abac_yy_principal_t *keypart=$1;
368	abac_yy_role_t *linked_rolepart=$3;
369	abac_yy_oset_t *osetpart=$5;
370	abac_yy_expression_t *expr=
371	make_yy_expression(e_yy_EXPR_LINKED,keypart,osetpart,linked_rolepart);
372	$$=expr;
373	}
374	\| keypart DOT osetpart
375	{
376	abac_yy_principal_t *keypart=$1;
377	abac_yy_oset_t *osetpart=$3;
378	abac_yy_expression_t *expr=
379	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
380	$$=expr;
381	}
382	\| keypart
383	{
384	abac_yy_principal_t *keypart=$1;
385	abac_yy_expression_t *expr=
386	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
387	$$=expr;
388	}
389	\| typedpart
390	{
391	abac_yy_term_data_t *objpart=$1;
392	abac_yy_expression_t *expr=
393	make_yy_expression(e_yy_EXPR_OBJECT,objpart,NULL,NULL);
394	$$=expr;
395	}
396	;
397
398	/*
399	oset:access([urn:'fileA'])
400	*/
401	osetpart : OSET COLON IDEN LPAREN terms RPAREN
402	{
403	$$=make_yy_oset($3,$5);
404	}
405	\| OSET COLON IDEN
406	{
407	$$=make_yy_oset($3,NULL);
408	}
409	;
410
411
412	osetleft : keypart DOT osetpart
413	{
414	abac_yy_principal_t *keypart=$1;
415	abac_yy_oset_t *osetpart=$3;
416	abac_yy_expression_t *expr=
417	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
418	$$=expr;
419	}
420	;
421
422	osetright : osetterm AND osetright
423	{
424	abac_yy_expression_t *nexpr=$1;
425	abac_yy_expression_t *exprs=$3;
426	$$=add_yy_expression(nexpr,exprs);
427	}
428	\| osetterm
429	{ $$=$1; }
430	;
431	%%
432
433
434	/* Additional C code */
435	int yywrap()
436	{
437	/* exit when done lexing the current input */
438	return 1;
439	}
440
441	int yyerror (char *s)
442	{
443	fprintf (abac_yyout,"yyerror: %s\n", s);
444	}
445
446	/* setting defaults */
447	void abac_yyinit()
448	{
449	abac_yyout=abac_get_yyout();
450	abac_yyfptr = abac_get_yyfptr();
451	abac_yyfptr_encoded = abac_get_yyfptr_encoded();
452	if(debug)
453	fprintf (abac_yyout,"\n=======================================\n");
454	}
455
456	void panic(char *msg)
457	{
458	yyerror(msg);
459	}
460

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format