/* bison grammar rules for process new rt1 statements */ /* [keyid:isi].role:employee <- [keyid:ted] [keyid:ted].role:friend <- [keyid:mike] [keyid:usc].role:employee <- [keyid:isi].role:employee [keyid:usc].role:playground <- [keyid:usc].role:employee.role:friend query, [keyid:isi].role:playground <- [keyid:?Z] [keyid:isi].role:playground <- [keyid:mike] USC.evaluatorOf(this)<-USC.managerOf(this) USC.managerOf(this)<-USC.employee ISI.managerOf(Maryann) <- John USC.employee <- ISI.employee ISI.employee <- Maryann ISI.employee <- John USC.employee <-?- John USC.evaluatorOf(Maryann)<-?- John */ %{ // include the GNU extension of asprintf #define _GNU_SOURCE /* C declarations */ #include #include #include "abac_pl_yy.h" int yyerror (char *s); FILE *abac_yyin = NULL; FILE *abac_yyout = NULL; char *abac_yyfptr = NULL; static int sz_overhead = 0; static int abac_yy_error_code = 0; /* keeping last error code */ void panic(char *msg); extern void set_yap_clauses(abac_list_t *); extern abac_list_t *make_statement(abac_yy_role_expression_t *, abac_yy_role_expression_t *); extern abac_yy_role_expression_t *make_yy_role_expression(int, abac_yy_principal_t *, abac_yy_role_t *, abac_yy_role_t *); extern abac_yy_principal_t *make_yy_principal(char *, char *, int); extern abac_yy_role_t *make_yy_role(char *, abac_yy_dterm_t *); extern abac_yy_param_data_t *make_yy_param_data(char*, int); extern abac_yy_param_principal_t *make_yy_param_principal(char*); extern abac_yy_dterm_t *make_yy_dterm_anonymous(); extern abac_yy_dterm_t *make_yy_dterm_principal(abac_yy_param_principal_t *); extern abac_yy_dterm_t *make_yy_dterm_named(abac_yy_principal_t *); extern abac_yy_dterm_t *make_yy_dterm_data(abac_yy_param_data_t *); extern char *abac_cn_with_sha(char*); extern abac_yy_dterm_t *add_yy_dterm(abac_yy_dterm_t *, abac_yy_dterm_t *); extern abac_yy_role_expression_t *add_yy_role_expression( abac_yy_role_expression_t *, abac_yy_role_expression_t *); extern void set_yy_param_data_is_variable(abac_yy_param_data_t *); extern void abac_init_yy_id_certs(); %} /* Bison declarations */ %union { struct _abac_yy_principal_t *pstruct; struct _abac_yy_param_principal_t *ppstruct; struct _abac_yy_param_data_t *pdstruct; struct _abac_yy_role_t *rstruct; struct _abac_yy_dterm_t *dstruct; struct _abac_yy_role_expression_t *estruct; struct abac_list_t *lstruct; char *string; /* For returning char strings */ } %type stmt %type rolepart %type left %type right %type roleterm %type keypart %type dterms %type dterm %type typedpart %type principalpart %token IDEN /* keyname or rolename */ %token ROLE /* the word, role */ %token PRINCIPAL /* the word, principal */ %token KEYTYPE /* keyid | or something else */ %token DERIVE "<-" %token DOT "." %token AND "&" %token LPAREN "(" %token RPAREN ")" %token LSQUARE "[" %token RSQUARE "]" %token LANGLE "<" %token RANGLE ">" %token COLON ":" %token COMMA "," %token QMARK "?" %% /* Grammar rules */ input: /* empty */ { } | stmt { set_yap_clauses($1); } /* generate/concate prolog credentials clauses */ stmt : left DERIVE right { abac_yy_role_expression_t *headexpr=$1; abac_yy_role_expression_t *tailexpr=$3; abac_list_t *ret=make_statement(headexpr, tailexpr); if(ret == NULL) { panic("unable to parse the rule statment"); YYERROR; } else { $$=ret; } } /* [keyid:isi].role:modifyBy([keyid:mike]) [keyid:acme].role:preferred */ left : keypart DOT rolepart { abac_yy_principal_t *keypart=$1; abac_yy_role_t *rolepart=$3; abac_yy_role_expression_t *expr= make_yy_role_expression(EXPR_ROLE,keypart,rolepart,NULL); $$=expr; } /* [keyid:mike] */ keypart : LSQUARE KEYTYPE COLON IDEN RSQUARE { char *cn=abac_cn_with_sha($4); int idtype=abac_verify_keyid_type($2); if(cn && idtype) { $$=make_yy_principal($4, cn, idtype); } else { panic("encountered an invalid SHA id"); YYERROR; } } /* role:modifyBy([keyid:mike],[keyid:ted]) role:modifyBy([keyid:mike]) role:preferred */ rolepart : ROLE COLON IDEN LPAREN dterms RPAREN { $$=make_yy_role($3,$5); } | ROLE COLON IDEN { $$=make_yy_role($3,NULL); } /* [keyid:mike],[keyid:ted] [keyid:mike] [principal:?Z] ?? [principal:?this] [int:99] [int:?Z] [?] */ dterms : dterm COMMA dterms { abac_yy_dterm_t *nterm=$1; abac_yy_dterm_t *dterms=$3; $$=add_yy_dterm(nterm, dterms); } | dterm { $$=$1; } /* XX need to handdle principal:?X dterm ??? */ dterm : LSQUARE QMARK RSQUARE { $$= make_yy_dterm_anonymous(); } | keypart { $$= make_yy_dterm_named($1); } | principalpart { $$= make_yy_dterm_principal($1); } | typedpart { $$= make_yy_dterm_data($1); } typedpart : LSQUARE IDEN COLON IDEN RSQUARE { int type=abac_verify_dterm_type($2); if (type) { $$ = make_yy_param_data($4, type); } else { panic("wrong type in data dterm!!"); YYERROR; } } | LSQUARE IDEN COLON QMARK IDEN RSQUARE { int type=abac_verify_dterm_type($2); if (type) { abac_yy_param_data_t *ptr=make_yy_param_data($5, type); set_yy_param_data_is_variable(ptr); $$=ptr; } else { panic("wrong type in data dterm!!"); YYERROR; } } /* [principal:?Z] */ principalpart : LSQUARE PRINCIPAL COLON QMARK IDEN RSQUARE { $$ = make_yy_param_principal($5); } right : roleterm AND right { abac_yy_role_expression_t *nexpr=$1; abac_yy_role_expression_t *exprs=$3; $$=add_yy_role_expression(nexpr,exprs); } | roleterm { $$=$1; } /* role at tail/right side [keyid:usc].role:employee.role:friend [keyid:usc].role:worker [keyid:mike] */ roleterm : keypart DOT rolepart DOT rolepart { abac_yy_principal_t *keypart=$1; abac_yy_role_t *linked_rolepart=$3; abac_yy_role_t *rolepart=$5; abac_yy_role_expression_t *expr= make_yy_role_expression(EXPR_LINKED,keypart,rolepart,linked_rolepart); $$=expr; } | keypart DOT rolepart { abac_yy_principal_t *keypart=$1; abac_yy_role_t *rolepart=$3; abac_yy_role_expression_t *expr= make_yy_role_expression(EXPR_ROLE,keypart,rolepart,NULL); $$=expr; } | keypart { abac_yy_principal_t *keypart=$1; abac_yy_role_expression_t *expr= make_yy_role_expression(EXPR_NAMED,keypart,NULL,NULL); $$=expr; } %% /* Additional C code */ int yywrap() { /* exit when done lexing the current input */ return 1; } int yyerror (char *s) { fprintf (abac_yyout,"yyerror: %s\n", s); } /* setting defaults */ void abac_yyinit() { abac_yyin=abac_get_yyin(); abac_yyout=abac_get_yyout(); abac_yyfptr = abac_get_yyfptr(); sz_overhead = strlen(abac_yyfptr)+2000; abac_init_yap_id_clauses(); abac_init_yy_id_certs(); } void panic(char *msg) { yyerror(msg); } void set_error_code(int v) { abac_yy_error_code=v; } static int get_error_code() { return abac_yy_error_code; }