Context Navigation

source: libabac/rt2.y @ d037f54

mei_rt2mei_rt2_fix_1

Last change on this file since d037f54 was d037f54, checked in by Mei <mei@…>, 12 years ago

1) able to programmatially build structure, bake attribute credential

write it out to a .der file and use prover to bring it back and
process just like other .der files.
-- tested with rt1 like policy without constraint.

2) changed abac_term structure alittle to ready it for 2 pass code

gen.

Property mode set to 100644

File size: 13.2 KB

Line
1
2	/* bison grammar rules for process new rt2 statements */
3
4	%{
5	// include the GNU extension of asprintf
6	#define _GNU_SOURCE
7
8	/* C declarations */
9	#include <stdio.h>
10	#include <string.h>
11
12	#include "abac_pl_yy.h"
13	#include "abac_list.h"
14
15	/* lex tie-ins flag */
16	int yyerror (char *s);
17	static int debug=0;
18
19	FILE *abac_yyout = NULL;
20	char *abac_yyfptr = NULL;
21	char *abac_yyfptr_encoded = NULL;
22
23	#define USE(evalue) ((getenv(evalue)!=NULL)?1:0)
24
25	void panic(char *msg);
26
27	%}
28	/* Bison declarations */
29	%union {
30	struct _abac_yy_principal_t *pstruct;
31	struct _abac_yy_term_principal_t *ppstruct;
32	struct _abac_yy_term_data_t *pdstruct;
33	struct _abac_yy_roleoset_t *rostruct;
34	struct _abac_yy_term_t *dstruct;
35	struct _abac_yy_expression_t *estruct;
36	struct _abac_list_t *lstruct;
37	char string; / For returning char strings */
38	int intval; /* for returning some value */
39	}
40
41	%start input
42
43	%type <lstruct> stmt
44	%type <rostruct> rolepart
45	%type <estruct> roleleft
46	%type <estruct> roleright
47	%type <estruct> roleterm
48	%type <rostruct> osetpart
49	%type <estruct> osetleft
50	%type <estruct> osetright
51	%type <estruct> osetterm
52	%type <pstruct> keypart
53	%type <dstruct> terms
54	%type <dstruct> term
55	%type <pdstruct> typedpart
56	%type <pdstruct> otypetail
57	%type <ppstruct> principalpart
58	%type <lstruct> rangetype
59	%type <lstruct> values
60
61	%token <string> IDEN /* keyname or rolename or osetname */
62	%token <string> CAPIDEN /* variable name */
63	%token <string> ROLE /* the word, role */
64	%token <string> OSET /* the word, oset */
65	%token <string> PRINCIPAL /* the word, principal */
66	%token <string> OTYPE /* integer,boolean,urn,time,string,float */
67	%token <string> OTYPE_CONSTANT
68	%token <string> VARIABLE_CONSTANT /* constant for ?AAA */
69	%token <string> KEYTYPE /* keyid \| or something else */
70	%token <string> KEYID_CONSTANT /* keyid \| or something else */
71	%token <string> VALUE /* range value in static constraint */
72
73	%token <operator> DERIVE "<-"
74	%token <operator> DOT "."
75	%token <operator> AND "&"
76	%token <operator> LPAREN "("
77	%token <operator> RPAREN ")"
78	%token <operator> LSQUARE "["
79	%token <operator> RSQUARE "]"
80	%token <operator> LANGLE "<"
81	%token <operator> RANGLE ">"
82	%token <operator> COLON ":"
83	%token <operator> COMMA ","
84	%token <operator> QMARK "?"
85	%token <operator> DOTDOT ".."
86
87	%%
88	/* Grammar rules */
89
90	input: /* empty */
91	{ }
92	\| stmt
93	{
94	abac_yy_set_rule_clauses($1);
95	}
96	;
97
98	/* generate/concate prolog credentials clauses */
99	stmt : roleleft DERIVE roleright
100	{
101	abac_yy_expression_t *headexpr=$1;
102	abac_yy_expression_t *tailexpr=$3;
103	abac_list_t *ret=make_role_statement(headexpr, tailexpr);
104	if(ret == NULL) {
105	panic("unable to parse the role rule statment");
106	YYERROR;
107	} else {
108	$$=ret;
109	}
110	}
111	\| osetleft DERIVE osetright
112	{
113	abac_yy_expression_t *headexpr=$1;
114	abac_yy_expression_t *tailexpr=$3;
115	abac_list_t *ret=make_oset_statement(headexpr, tailexpr);
116	if(ret == NULL) {
117	panic("unable to parse the oset rule statment");
118	YYERROR;
119	} else {
120	$$=ret;
121	}
122	}
123	;
124	/*
125	[keyid:isi].role:modifyBy([keyid:mike])
126	[keyid:acme].role:preferred
127	*/
128	roleleft : keypart DOT rolepart
129	{
130	abac_yy_principal_t *keypart=$1;
131	abac_yy_roleoset_t *rolepart=$3;
132	abac_yy_expression_t *expr=
133	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
134	$$=expr;
135	}
136	;
137
138	/* [keyid:mike] */
139	keypart : LSQUARE KEYTYPE COLON
140	{ abac_push_keyid_yystate(); }
141	KEYID_CONSTANT
142	{ abac_pop_yystate(); }
143	RSQUARE
144	{
145	int idtype=abac_verify_idtype_type($2);
146	char *tmp=NULL;
147	/* XXX
148	asprintf(&tmp,"p%s",$5);
149	*/
150	asprintf(&tmp,"%s",$5);
151	char *cn=abac_cn_with_sha(tmp);
152	if(cn && idtype) {
153	$$=make_yy_principal(tmp, cn, idtype);
154	} else {
155	if((USE("ABAC_CN")) && cn==NULL) {
156	asprintf(&tmp,"encountered an invalid SHA id");
157	panic(tmp);
158	free(tmp);
159	YYERROR;
160	}
161	$$=make_yy_principal(tmp, NULL, idtype);
162	}
163	}
164	;
165	/*
166	role:modifyBy([keyid:mike],[keyid:ted])
167	role:modifyBy([keyid:mike])
168	role:preferred
169	*/
170	rolepart : ROLE COLON IDEN LPAREN terms RPAREN
171	{
172	$$=make_yy_roleoset_role($3,$5);
173	}
174	\| ROLE COLON IDEN
175	{
176	$$=make_yy_roleoset_role($3,NULL);
177	}
178	;
179
180	/*
181	[keyid:mike],[keyid:ted]
182	[keyid:mike]
183	[principal:?Z]
184	[principal:?this]
185	[int:99]
186	[int:?Z]
187	[?]
188	*/
189	terms : term COMMA terms
190	{
191	abac_yy_term_t *nterm=$1;
192	abac_yy_term_t *terms=$3;
193	$$=add_yy_term(nterm, terms);
194	}
195	\| term
196	{
197	$$=$1;
198	}
199	;
200
201	term : LSQUARE QMARK RSQUARE
202	{ $$= make_yy_term_dterm_anonymous(); }
203	\| keypart
204	{ $$= make_yy_term_dterm_named($1); }
205	\| principalpart
206	{ $$= make_yy_term_dterm_principal($1); }
207	\| typedpart
208	{ $$= make_yy_term_dterm_data($1); }
209	;
210
211	values : VALUE COMMA values
212	{ $$=add_yy_val_range($3, $1); }
213	\| VALUE
214	{ $$=make_yy_val_range($1); }
215	;
216
217
218	rangetype : LSQUARE VALUE DOTDOT VALUE RSQUARE
219	{ $$=make_yy_minmax_range($2,$4); }
220	\| LSQUARE DOTDOT VALUE RSQUARE
221	{ $$=make_yy_max_range($3); }
222	\| LSQUARE VALUE DOTDOT RSQUARE
223	{ $$=make_yy_min_range($2); }
224	\| LSQUARE values RSQUARE
225	{ $$=$2; }
226	;
227
228	/* [otype:?Z:{oset-constraint}] */
229	/* [int:?I:[10 .. 20] */
230	/* [float:?F:[0.5 .. 2.5] */
231	/* [string:?S:["abc",'efg',"hij"] -only listed range */
232	/* urn same as string */
233	/* time like int but with quoted string values */
234	otypetail : VARIABLE_CONSTANT COLON
235	{
236	abac_pop_yystate();
237	abac_push_range_yystate();
238	}
239	rangetype
240	{
241	abac_pop_yystate();
242	abac_yy_term_data_t *ptr=make_yy_term_data();
243	set_yy_term_data_name(ptr,$1);
244	set_yy_term_data_is_variable(ptr);
245	set_yy_term_data_cond_range(ptr,$4);
246	$$=ptr;
247	}
248	\| VARIABLE_CONSTANT
249	{ abac_pop_yystate(); }
250	osetleft
251	{
252	abac_yy_term_data_t *ptr=make_yy_term_data();
253	set_yy_term_data_name(ptr,$1);
254	set_yy_term_data_is_variable(ptr);
255	set_yy_term_data_cond_head_expr(ptr,$3);
256	$$=ptr;
257	}
258	\| VARIABLE_CONSTANT
259	{
260	abac_pop_yystate();
261	abac_yy_term_data_t *ptr=make_yy_term_data();
262	set_yy_term_data_name(ptr,$1);
263	set_yy_term_data_is_variable(ptr);
264	$$=ptr;
265	}
266	\| OTYPE_CONSTANT
267	{
268	abac_pop_yystate();
269	abac_yy_term_data_t *ptr=make_yy_term_data();
270	set_yy_term_data_name(ptr,$1);
271	$$=ptr;
272	}
273	\| QMARK
274	{
275	abac_pop_yystate();
276	abac_yy_term_data_t *ptr=make_yy_term_data();
277	set_yy_term_data_is_anonymous(ptr);
278	$$= ptr;
279	}
280	;
281
282	typedpart : LSQUARE OTYPE COLON
283	{ abac_push_yystate($2); }
284	otypetail RSQUARE
285	{
286	abac_yy_term_data_t *ptr=$5;
287	set_yy_term_data_type(ptr,$2);
288	if(is_yy_term_data_has_constraint(ptr)) {
289	char *tail_string=get_yy_term_data_name(ptr);
290	make_yy_range_constraint(ptr,tail_string);
291	make_yy_oset_constraint(ptr,tail_string);
292	}
293	$$=$5;
294	}
295	;
296
297
298	/* [principal:?] */
299	/* [principal:?Z] */
300	/* [principal:?This] */
301	/* [principal:?Z{role-constraint}] */
302	principalpart : LSQUARE PRINCIPAL COLON QMARK IDEN roleleft RSQUARE
303	{
304	abac_yy_expression_t *expr=$6;
305	char *tail_string=$5;
306	abac_yy_term_principal_t *ptr=make_yy_term_principal();
307	set_yy_term_principal_name(ptr,tail_string);
308	set_yy_term_principal_cond_head_expr(ptr,expr);
309	char *string=make_yy_role_constraint(ptr,tail_string);
310	$$=ptr;
311	}
312	\| LSQUARE PRINCIPAL COLON QMARK IDEN RSQUARE
313	{
314	abac_yy_term_principal_t *ptr=make_yy_term_principal();
315	set_yy_term_principal_name(ptr,$5);
316	$$ = ptr;
317	}
318	\| LSQUARE PRINCIPAL COLON QMARK RSQUARE
319	{
320	abac_yy_term_principal_t *ptr=make_yy_term_principal();
321	set_yy_term_principal_is_anonymous(ptr);
322	$$ = ptr;
323	}
324	;
325
326	roleright : roleterm AND roleright
327	{
328	abac_yy_expression_t *nexpr=$1;
329	abac_yy_expression_t *exprs=$3;
330	$$=add_yy_expression(nexpr,exprs);
331	}
332	\| roleterm
333	{ $$=$1; }
334	;
335
336	/* role at tail/right side
337	[keyid:usc].role:employee.role:friend
338	[keyid:usc].role:worker
339	[keyid:mike]
340	*/
341	roleterm : keypart DOT rolepart DOT rolepart
342	{
343	abac_yy_principal_t *keypart=$1;
344	abac_yy_roleoset_t *linked_rolepart=$3;
345	abac_yy_roleoset_t *rolepart=$5;
346	abac_yy_expression_t *expr=
347	make_yy_expression(e_yy_EXPR_LINKED,keypart,rolepart,linked_rolepart);
348	$$=expr;
349	}
350	\| keypart DOT rolepart
351	{
352	abac_yy_principal_t *keypart=$1;
353	abac_yy_roleoset_t *rolepart=$3;
354	abac_yy_expression_t *expr=
355	make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL);
356	$$=expr;
357	}
358	\| keypart
359	{
360	abac_yy_principal_t *keypart=$1;
361	abac_yy_expression_t *expr=
362	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
363	$$=expr;
364	}
365	;
366
367	osetterm : keypart DOT rolepart DOT osetpart
368	{
369	abac_yy_principal_t *keypart=$1;
370	abac_yy_roleoset_t *linked_rolepart=$3;
371	abac_yy_roleoset_t *osetpart=$5;
372	abac_yy_expression_t *expr=
373	make_yy_expression(e_yy_EXPR_LINKED,keypart,osetpart,linked_rolepart);
374	$$=expr;
375	}
376	\| keypart DOT osetpart
377	{
378	abac_yy_principal_t *keypart=$1;
379	abac_yy_roleoset_t *osetpart=$3;
380	abac_yy_expression_t *expr=
381	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
382	$$=expr;
383	}
384	\| keypart
385	{
386	abac_yy_principal_t *keypart=$1;
387	abac_yy_expression_t *expr=
388	make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL);
389	$$=expr;
390	}
391	\| typedpart
392	{
393	abac_yy_term_data_t *objpart=$1;
394	abac_yy_expression_t *expr=
395	make_yy_expression(e_yy_EXPR_OBJECT,objpart,NULL,NULL);
396	$$=expr;
397	}
398	;
399
400	/*
401	oset:access([urn:'fileA'])
402	*/
403	osetpart : OSET COLON IDEN LPAREN terms RPAREN
404	{
405	$$=make_yy_roleoset_oset($3,$5);
406	}
407	\| OSET COLON IDEN
408	{
409	$$=make_yy_roleoset_oset($3,NULL);
410	}
411	;
412
413
414	osetleft : keypart DOT osetpart
415	{
416	abac_yy_principal_t *keypart=$1;
417	abac_yy_roleoset_t *osetpart=$3;
418	abac_yy_expression_t *expr=
419	make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL);
420	$$=expr;
421	}
422	;
423
424	osetright : osetterm AND osetright
425	{
426	abac_yy_expression_t *nexpr=$1;
427	abac_yy_expression_t *exprs=$3;
428	$$=add_yy_expression(nexpr,exprs);
429	}
430	\| osetterm
431	{ $$=$1; }
432	;
433	%%
434
435
436	/* Additional C code */
437	int yywrap()
438	{
439	/* exit when done lexing the current input */
440	return 1;
441	}
442
443	int yyerror (char *s)
444	{
445	fprintf (abac_yyout,"yyerror: %s\n", s);
446	}
447
448	/* setting defaults */
449	void abac_yyinit()
450	{
451	abac_yyout=abac_get_yyout();
452	abac_yyfptr = abac_get_yyfptr();
453	abac_yyfptr_encoded = abac_get_yyfptr_encoded();
454	if(debug)
455	fprintf (abac_yyout,"\n=======================================\n");
456	}
457
458	void panic(char *msg)
459	{
460	yyerror(msg);
461	}
462

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format