/* bison grammar rules for process new rt1 statements */ /* [keyid:A].oset:r <- [urn:'file://dir/filename'] */ %{ // include the GNU extension of asprintf #define _GNU_SOURCE /* C declarations */ #include #include #include "abac_pl_yy.h" /* lex tie-ins flag */ int yyerror (char *s); FILE *abac_yyin = NULL; FILE *abac_yyout = NULL; char *abac_yyfptr = NULL; char *abac_yyfptr_encoded = NULL; static int sz_overhead = 0; static int abac_yy_error_code = 0; /* keeping last error code */ void panic(char *msg); /* lex tie-ins functions*/ extern void set_yap_clauses(abac_list_t *); extern abac_list_t *make_role_statement(abac_yy_expression_t *, abac_yy_expression_t *); extern abac_list_t *make_oset_statement(abac_yy_expression_t *, abac_yy_expression_t *); extern abac_yy_expression_t *make_yy_expression(int, void *, void *, abac_yy_role_t *); extern abac_yy_principal_t *make_yy_principal(char *, char *, int); extern abac_yy_role_t *make_yy_role(char *, abac_yy_term_t *); extern abac_yy_term_data_t *make_yy_term_data(char*); extern abac_yy_term_principal_t *make_yy_term_principal(char*); extern abac_yy_term_t *make_yy_term_dterm_anonymous(); extern abac_yy_term_t *make_yy_term_dterm_principal(abac_yy_term_principal_t *); extern abac_yy_term_t *make_yy_term_dterm_named(abac_yy_principal_t *); extern abac_yy_term_t *make_yy_term_dterm_data(abac_yy_term_data_t *); extern char *abac_cn_with_sha(char*); extern abac_yy_term_t *add_yy_term(abac_yy_term_t *, abac_yy_term_t *); extern abac_yy_expression_t *add_yy_expression( abac_yy_expression_t *, abac_yy_expression_t *); extern void set_yy_term_data_is_variable(abac_yy_term_data_t *); extern void set_yy_term_data_type(abac_yy_term_data_t *,char*); extern void abac_init_yy_id_certs(); extern void abac_init_yy_constraints(); extern void make_yy_range_constraint(abac_yy_term_data_t *ptr, char*); extern char *make_yy_oset_constraint(abac_yy_term_data_t *ptr, char*); extern char *make_yy_role_constraint(abac_yy_term_principal_t *ptr, char*); %} /* Bison declarations */ %union { struct _abac_yy_principal_t *pstruct; struct _abac_yy_term_principal_t *ppstruct; struct _abac_yy_term_data_t *pdstruct; struct _abac_yy_role_t *rstruct; struct _abac_yy_oset_t *ostruct; struct _abac_yy_term_t *dstruct; struct _abac_yy_expression_t *estruct; struct abac_list_t *lstruct; char *string; /* For returning char strings */ int intval; /* for returning some value */ } %start input %type stmt %type rolepart %type roleleft %type roleright %type roleterm %type osetpart %type osetleft %type osetright %type osetterm %type keypart %type terms %type term %type typedpart %type otypetail %type principalpart %type rangetype %type values %token IDEN /* keyname or rolename */ %token CAPIDEN /* variable name */ %token ROLE /* the word, role */ %token OSET /* the word, oset */ %token PRINCIPAL /* the word, principal */ %token OTYPE /* integer,boolean,urn,time,string,float */ %token OTYPE_CONSTANT %token VARIABLE_CONSTANT /* constant for ?AAA */ %token KEYTYPE /* keyid | or something else */ %token KEYID_CONSTANT /* keyid | or something else */ %token VALUE /* range value in static constraint */ %token DERIVE "<-" %token DOT "." %token AND "&" %token LPAREN "(" %token RPAREN ")" %token LSQUARE "[" %token RSQUARE "]" %token LWIGGLE "{" %token RWIGGLE "}" %token LANGLE "<" %token RANGLE ">" %token COLON ":" %token COMMA "," %token QMARK "?" %token DOTDOT ".." %% /* Grammar rules */ input: /* empty */ { } | stmt { set_yap_clauses($1); } ; /* generate/concate prolog credentials clauses */ stmt : roleleft DERIVE roleright { abac_yy_expression_t *headexpr=$1; abac_yy_expression_t *tailexpr=$3; abac_list_t *ret=make_role_statement(headexpr, tailexpr); if(ret == NULL) { panic("unable to parse the role rule statment"); YYERROR; } else { $$=ret; } } | osetleft DERIVE osetright { abac_yy_expression_t *headexpr=$1; abac_yy_expression_t *tailexpr=$3; abac_list_t *ret=make_oset_statement(headexpr, tailexpr); if(ret == NULL) { panic("unable to parse the oset rule statment"); YYERROR; } else { $$=ret; } } ; /* [keyid:isi].role:modifyBy([keyid:mike]) [keyid:acme].role:preferred */ roleleft : keypart DOT rolepart { abac_yy_principal_t *keypart=$1; abac_yy_role_t *rolepart=$3; abac_yy_expression_t *expr= make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL); $$=expr; } ; /* [keyid:mike] */ keypart : LSQUARE KEYTYPE COLON { abac_yy_push_keyid_state(); } KEYID_CONSTANT { abac_yy_pop_state(); } RSQUARE { char *cn=abac_cn_with_sha($5); int idtype=abac_verify_keyid_type($2); if(cn && idtype) { $$=make_yy_principal($5, cn, idtype); } else { panic("encountered an invalid SHA id"); YYERROR; } } ; /* role:modifyBy([keyid:mike],[keyid:ted]) role:modifyBy([keyid:mike]) role:preferred */ rolepart : ROLE COLON IDEN LPAREN terms RPAREN { $$=make_yy_role($3,$5); } | ROLE COLON IDEN { $$=make_yy_role($3,NULL); } ; /* [keyid:mike],[keyid:ted] [keyid:mike] [principal:?Z] ?? [principal:?this] [int:99] [int:?Z] [?] */ terms : term COMMA terms { abac_yy_term_t *nterm=$1; abac_yy_term_t *terms=$3; $$=add_yy_term(nterm, terms); } | term { $$=$1; } ; term : LSQUARE QMARK RSQUARE { $$= make_yy_term_dterm_anonymous(); } | keypart { $$= make_yy_term_dterm_named($1); } | principalpart { $$= make_yy_term_dterm_principal($1); } | typedpart { $$= make_yy_term_dterm_data($1); } ; values : VALUE COMMA values { $$=addto_yy_val_range($3, $1); } | VALUE { $$=make_yy_val_range($1); } ; rangetype : LSQUARE VALUE DOTDOT VALUE RSQUARE { $$=make_yy_minmax_range($2,$4); } | LSQUARE DOTDOT VALUE RSQUARE { $$=make_yy_max_range($3); } | LSQUARE VALUE DOTDOT RSQUARE { $$=make_yy_min_range($2); } | LSQUARE values RSQUARE { $$=$2; } ; /* [otype:?Z:{oset-constraint}] */ /* [int:?I:[10 .. 20] */ otypetail : | VARIABLE_CONSTANT COLON { abac_yy_pop_state(); abac_yy_push_range_state(); } rangetype { abac_yy_pop_state(); abac_yy_term_data_t *ptr=make_yy_term_data($1); set_yy_term_data_is_variable(ptr); set_yy_term_data_cond_range(ptr,$4); $$=ptr; } | VARIABLE_CONSTANT { abac_yy_pop_state(); } osetleft { abac_yy_term_data_t *ptr=make_yy_term_data($1); set_yy_term_data_cond_head_expr(ptr,$3); set_yy_term_data_is_variable(ptr); $$=ptr; } | VARIABLE_CONSTANT { abac_yy_pop_state(); abac_yy_term_data_t *ptr=make_yy_term_data($1); set_yy_term_data_is_variable(ptr); $$=ptr; } | OTYPE_CONSTANT { abac_yy_pop_state(); abac_yy_term_data_t *ptr=make_yy_term_data($1); $$=ptr; } ; typedpart : LSQUARE OTYPE COLON { abac_yy_push_state($2); } otypetail RSQUARE { abac_yy_term_data_t *ptr=$5; char *tail_string=get_yy_term_data_name(ptr); set_yy_term_data_type(ptr,$2); if(is_yy_term_data_has_constraint(ptr)) { make_yy_oset_constraint(ptr,tail_string); make_yy_range_constraint(ptr,tail_string); } $$=$5; } ; /* [principal:?Z] */ /* [principal:?Z{role-constraint}] */ principalpart : LSQUARE PRINCIPAL COLON QMARK IDEN roleleft RSQUARE { abac_yy_expression_t *expr=$6; char *tail_string=$5; abac_yy_term_principal_t *ptr=make_yy_term_principal(tail_string); set_yy_term_principal_cond_head_expr(ptr,expr); char *string=make_yy_role_constraint(ptr,tail_string); $$=ptr; } | LSQUARE PRINCIPAL COLON QMARK IDEN RSQUARE { $$ = make_yy_term_principal($5); } ; roleright : roleterm AND roleright { abac_yy_expression_t *nexpr=$1; abac_yy_expression_t *exprs=$3; $$=add_yy_expression(nexpr,exprs); } | roleterm { $$=$1; } ; /* role at tail/right side [keyid:usc].role:employee.role:friend [keyid:usc].role:worker [keyid:mike] */ roleterm : keypart DOT rolepart DOT rolepart { abac_yy_principal_t *keypart=$1; abac_yy_role_t *linked_rolepart=$3; abac_yy_role_t *rolepart=$5; abac_yy_expression_t *expr= make_yy_expression(e_yy_EXPR_LINKED,keypart,rolepart,linked_rolepart); $$=expr; } | keypart DOT rolepart { abac_yy_principal_t *keypart=$1; abac_yy_role_t *rolepart=$3; abac_yy_expression_t *expr= make_yy_expression(e_yy_EXPR_ROLE,keypart,rolepart,NULL); $$=expr; } | keypart { abac_yy_principal_t *keypart=$1; abac_yy_expression_t *expr= make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL); $$=expr; } ; osetterm : keypart DOT rolepart DOT osetpart { abac_yy_principal_t *keypart=$1; abac_yy_role_t *linked_rolepart=$3; abac_yy_oset_t *osetpart=$5; abac_yy_expression_t *expr= make_yy_expression(e_yy_EXPR_LINKED,keypart,osetpart,linked_rolepart); $$=expr; } | keypart DOT osetpart { abac_yy_principal_t *keypart=$1; abac_yy_oset_t *osetpart=$3; abac_yy_expression_t *expr= make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL); $$=expr; } | keypart { abac_yy_principal_t *keypart=$1; abac_yy_expression_t *expr= make_yy_expression(e_yy_EXPR_NAMED,keypart,NULL,NULL); $$=expr; } | typedpart { abac_yy_term_data_t *objpart=$1; abac_yy_expression_t *expr= make_yy_expression(e_yy_EXPR_OBJECT,objpart,NULL,NULL); $$=expr; } ; /* oset:access([urn:'fileA']) */ osetpart : OSET COLON IDEN LPAREN terms RPAREN { $$=make_yy_oset($3,$5); } | OSET COLON IDEN { $$=make_yy_oset($3,NULL); } ; osetleft : keypart DOT osetpart { abac_yy_principal_t *keypart=$1; abac_yy_oset_t *osetpart=$3; abac_yy_expression_t *expr= make_yy_expression(e_yy_EXPR_OSET,keypart,osetpart,NULL); $$=expr; } ; osetright : osetterm AND osetright { abac_yy_expression_t *nexpr=$1; abac_yy_expression_t *exprs=$3; $$=add_yy_expression(nexpr,exprs); } | osetterm { $$=$1; } ; %% /* Additional C code */ int yywrap() { /* exit when done lexing the current input */ return 1; } int yyerror (char *s) { fprintf (abac_yyout,"yyerror: %s\n", s); } /* setting defaults */ void abac_yyinit() { abac_yyin=abac_get_yyin(); abac_yyout=abac_get_yyout(); abac_yyfptr = abac_get_yyfptr(); abac_yyfptr_encoded = abac_get_yyfptr_encoded(); sz_overhead = strlen(abac_yyfptr)+2000; abac_init_yap_id_clauses(); abac_init_yy_id_certs(); abac_init_yy_constraints(); } void panic(char *msg) { yyerror(msg); } void set_error_code(int v) { abac_yy_error_code=v; } static int get_error_code() { return abac_yy_error_code; }