Context Navigation

source: libabac/abac_aspect.c @ 6244e28

mei_rt2mei_rt2_fix_1

Last change on this file since 6244e28 was 6244e28, checked in by Mei <mei@…>, 12 years ago
1) added extract_cn for abac_verifier.c 2) update example directory's save log for the new multi proof case
Property mode set to `100644`
File size: 23.4 KB

Line
1
2	/**
3	** abac_aspect.c
4	**/
5
6
7	#include <assert.h>
8	#include <stdlib.h>
9	#include <stdio.h>
10	#include <string.h>
11
12	#include "abac_internal.h"
13
14	static int debug=0;
15	/*
16	A.role <- B
17	A.role <- B.role
18	A.role <- B.role.role
19
20	A.oset <- B
21	A.oset <- Obj
22	A.oset <- B.oset
23	A.oset <- B.role.oset
24	*/
25
26	/* can store either a role or oset */
27	struct _abac_aspect_t {
28	int aspect_type;
29	int is_object;
30
31	char *principal_name;
32	char *principal_name_p; // pPrincipal_name
33	abac_term_t *principal_object;
34
35	char *linked_role_name;
36	abac_param_list_t *linked_role_params;
37
38	char *aspect_name;
39	abac_param_list_t *aspect_params;
40
41	char *type_string; // "oset" or "role"
42
43	abac_list_t *prereqs;
44	int refcount;
45	};
46
47	/**************************************************************/
48	void abac_aspect_dump(abac_aspect_t ptr, char offset)
49	{
50	char *tmp=NULL;
51	asprintf(&tmp," %s",offset);
52	if(ptr->prereqs != 0) {
53	abac_aspect_t *cur;
54	abac_list_foreach(ptr->prereqs, cur,
55	if(cur)
56	abac_aspect_dump(cur, tmp);
57	);
58	return;
59	}
60
61	printf("\n..... an aspect .....\n");
62	printf("%s aspect_type: %d(%s)\n", offset, ptr->aspect_type, abac_aspect_type_string(ptr));
63	printf("%s is_object: %d\n", offset, ptr->is_object);
64	printf("%s principal_name: %s\n", offset, ptr->principal_name);
65	if(ptr->principal_name_p)
66	printf("%s principal_name_p: %s\n", offset, ptr->principal_name_p);
67	else printf("%s principal_name_p: --\n", offset);
68	if(ptr->principal_object)
69	abac_term_dump(ptr->principal_object, tmp);
70	else ("%s principal_object: --\n", offset);
71	if(ptr->linked_role_name)
72	printf("%s linked_role_name: %s\n", offset, ptr->linked_role_name);
73	else printf("%s linked_role_name: --\n", offset);
74	if(ptr->linked_role_params)
75	abac_param_dump(ptr->linked_role_params, tmp);
76	else printf("%s linked_role_params: --\n", offset);
77	if(ptr->aspect_name)
78	printf("%s aspect_name: %s\n", offset, ptr->aspect_name);
79	else printf("%s aspect_name: --\n", offset);
80	if(ptr->aspect_params)
81	abac_param_dump(ptr->aspect_params, tmp);
82	else printf("%s aspect_params: --\n", offset);
83	if(ptr->type_string)
84	printf("%s type_string:- %s\n", offset, ptr->type_string);
85	else printf("%s type_string: --\n", offset);
86	printf("%s refcount:- %d\n", offset, ptr->refcount);
87	printf("..................................");
88	free(tmp);
89	}
90
91	bool abac_aspect_is_oset(abac_aspect_t *ptr)
92	{
93	assert(ptr);
94	if(ptr->aspect_type==e_ASPECTTYPE_OSET)
95	return 1;
96	return 0;
97	}
98
99
100	bool abac_aspect_is_role(abac_aspect_t *ptr)
101	{
102	assert(ptr);
103	if(ptr->aspect_type==e_ASPECTTYPE_ROLE)
104	return 1;
105	return 0;
106	}
107
108	bool abac_aspect_is_intersecting(abac_aspect_t *ptr)
109	{
110	assert(ptr);
111	if(ptr->aspect_type==e_ASPECTTYPE_INTERSECTING)
112	return 1;
113	return 0;
114	}
115
116	/* A.role->B or A.oset->B */
117	bool abac_aspect_is_principal(abac_aspect_t *ptr) {
118	assert(ptr != NULL);
119	return ptr->is_object == 0 &&
120	ptr->aspect_name == NULL &&
121	ptr->linked_role_name == NULL &&
122	ptr->prereqs == NULL;
123	}
124
125	/* A.oset->O */
126	bool abac_aspect_is_object(abac_aspect_t *ptr)
127	{
128	assert(ptr);
129	if(ptr->aspect_type == e_ASPECTTYPE_OSET)
130	return ptr->is_object;
131	return 0;
132	}
133
134	/* A.role->B.role.role or A.oset->B.role.oset */
135	bool abac_aspect_is_linking(abac_aspect_t *ptr)
136	{
137	assert(ptr);
138	return ptr->linked_role_name != NULL;
139	}
140
141	/**
142	* True if an aspect is an intersection.
143	*/
144	bool abac_aspect_is_intersection(abac_aspect_t *ptr)
145	{
146	assert(ptr);
147	return ptr->prereqs != NULL;
148	}
149
150	/**
151	* return the type that is common to all the intersecting aspects
152	*/
153	int abac_aspect_intersecting_aspect_type(abac_aspect_t *ptr)
154	{
155	assert(ptr);
156	assert(ptr->prereqs);
157	abac_aspect_t *cur;
158	int first=1;
159	int type;
160	abac_list_foreach(ptr->prereqs, cur,
161	if(first) {
162	type=abac_aspect_aspect_type(cur);
163	first=0;
164	} else {
165	if(abac_aspect_aspect_type(cur) != type)
166	errx(1,"Intersecting tails are not of the same type");
167	}
168	);
169	return type;
170	}
171
172	/**
173	* Returns the prereqs of an intersection.
174	*/
175	abac_list_t abac_aspect_prereqs(abac_aspect_t ptr)
176	{
177	assert(ptr);
178	return ptr->prereqs;
179	}
180
181	char* abac_aspect_type_string(abac_aspect_t *ptr)
182	{
183	assert(ptr);
184	return ptr->type_string;
185	}
186
187	int abac_aspect_aspect_type(abac_aspect_t *ptr)
188	{
189	assert(ptr);
190	return ptr->aspect_type;
191	}
192
193	/**
194	* Returns the linked part of a linking aspect.
195	* For instance, if the aspect is A.r1.r2, this returns r1.
196	*/
197	char abac_aspect_linked_role_name(abac_aspect_t ptr)
198	{
199	assert(ptr);
200	return ptr->linked_role_name;
201	}
202
203	/* A.r1 without params or constraints, callee needs to free it*/
204	char abac_aspect_linked_role_bare(abac_aspect_t ptr)
205	{
206	assert(ptr);
207	assert(ptr->principal_name);
208	assert(ptr->linked_role_name);
209	char *tmp=NULL;
210	asprintf(&tmp,"%s.%s",ptr->principal_name,ptr->linked_role_name);
211	return tmp;
212	}
213
214	abac_param_list_t abac_aspect_linked_role_params(abac_aspect_t ptr)
215	{
216	assert(ptr);
217	return ptr->linked_role_params;
218	}
219
220	/**
221	* Returns the name of an aspect. If the aspect is A.r1 then return r1.
222	* If the aspect is A.r1.r2 then return r2.
223	*/
224	char abac_aspect_aspect_name(abac_aspect_t ptr) {
225	assert(ptr);
226	return ptr->aspect_name;
227	}
228
229	abac_param_list_t abac_aspect_aspect_params(abac_aspect_t ptr)
230	{
231	assert(ptr);
232	return ptr->aspect_params;
233	}
234
235	/**
236	* Returns the principal part of an aspect. The stuff before the first dot.
237	*/
238	char abac_aspect_principal_name(abac_aspect_t ptr)
239	{
240	assert(ptr);
241	if(USE("ABAC_CN"))
242	return abac_cn_with_sha(ptr->principal_name);
243	if(ABAC_IN_PROLOG) {
244	return ptr->principal_name_p;
245	} else return ptr->principal_name;
246	}
247
248	char abac_aspect_principal_principalname(abac_aspect_t ptr)
249	{
250	assert(ptr);
251	if(ABAC_IN_PROLOG)
252	return ptr->principal_name_p;
253	return ptr->principal_name;
254	}
255
256	char abac_aspect_principal_type(abac_aspect_t ptr)
257	{
258	assert(ptr);
259	return abac_idtype_with_sha(ptr->principal_name);
260	}
261
262	char abac_aspect_principal_cn(abac_aspect_t ptr)
263	{
264	assert(ptr);
265	return abac_cn_with_sha(ptr->principal_name);
266	}
267
268	abac_term_t abac_aspect_object_term(abac_aspect_t ptr)
269	{
270	return ptr->principal_object;
271	}
272
273	char abac_aspect_object_name(abac_aspect_t ptr)
274	{
275	assert(ptr);
276	assert(ptr->is_object);
277	abac_term_t *obj=ptr->principal_object;
278	return abac_term_name(obj);
279	}
280
281	bool _abac_aspect_object_is_time_type(abac_aspect_t *ptr)
282	{
283	abac_term_t *obj=ptr->principal_object;
284	return abac_term_is_time_type(obj);
285	}
286
287	char abac_aspect_object_type(abac_aspect_t ptr)
288	{
289	assert(ptr);
290	assert(ptr->is_object);
291	abac_term_t *obj=ptr->principal_object;
292	char *tmp=abac_term_type_name(obj);
293	if(debug) fprintf(stderr,"abac_aspect_object_type: checking on object type, %s\n",tmp);
294	return tmp;
295	}
296
297	abac_condition_t abac_aspect_object_constraint(abac_aspect_t ptr)
298	{
299	assert(ptr != NULL);
300	assert(ptr->is_object);
301	abac_term_t *obj=ptr->principal_object;
302	return abac_term_constraint(obj);
303	}
304
305	char* abac_aspect_get_issuer_keytype(abac_aspect_t *ptr)
306	{
307	abac_id_t *issuer_id=NULL;
308	char *principalname=abac_aspect_principal_principalname(ptr);
309	if(principalname) {
310	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
311	if(id_cred) {
312	issuer_id=abac_id_credential_id(id_cred);
313	return abac_id_keyid(issuer_id);
314	}
315	}
316	return NULL;
317	}
318
319	int abac_aspect_get_issuer_idtype(abac_aspect_t *ptr)
320	{
321	abac_id_t *issuer_id=NULL;
322	char *principalname=abac_aspect_principal_principalname(ptr);
323	if(principalname) {
324	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
325	if(id_cred) {
326	issuer_id=abac_id_credential_id(id_cred);
327	return abac_id_idtype(issuer_id);
328	}
329	}
330	return 0;
331	}
332
333	abac_id_t abac_aspect_get_issuer_id(abac_aspect_t ptr)
334	{
335	abac_id_t *issuer_id=NULL;
336	char *principalname=abac_aspect_principal_principalname(ptr);
337	if(principalname) {
338	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
339	if(id_cred) {
340	issuer_id=abac_id_credential_id(id_cred);
341	}
342	}
343	return issuer_id;
344	}
345	/**
346	* Increase a aspect's reference count.
347	*/
348	abac_aspect_t abac_aspect_dup(abac_aspect_t ptr)
349	{
350	assert(ptr != NULL);
351	++ptr->refcount;
352	return ptr;
353	}
354
355	/**
356	* Decrease an aspect's reference count, freeing it when it reaches 0.
357	*/
358	void abac_aspect_free(abac_aspect_t *ptr) {
359
360	if(debug) {
361	if(ptr->aspect_name)
362	fprintf(stderr,"DEBUG:trying to freeing an aspect loc(%d)(%s:%d)\n",(int)ptr, ptr->aspect_name, ptr->refcount);
363	else
364	fprintf(stderr,"DEBUG:trying to freeing an aspect loc(%d)(M:%d)\n",(int)ptr,ptr->refcount);
365
366	}
367
368	assert(ptr);
369
370	--ptr->refcount;
371	if (ptr->refcount > 0)
372	return;
373
374	if(debug) {
375	if(ptr->aspect_name)
376	fprintf(stderr,"DEBUG:freeing this aspect loc(%d)(%s:%d)\n",(int)ptr, ptr->aspect_name, ptr->refcount);
377	else fprintf(stderr,"DEBUG:freeing this aspect loc(%d)(M:%d)\n",(int)ptr, ptr->refcount);
378	}
379
380	if(ptr->principal_name) free(ptr->principal_name);
381	if(ptr->principal_name_p) free(ptr->principal_name_p);
382	if(ptr->linked_role_name) free(ptr->linked_role_name);
383	if(ptr->aspect_name) free(ptr->aspect_name);
384
385	if(ptr->type_string) free(ptr->type_string);
386
387	if (ptr->aspect_params != NULL) {
388	abac_param_list_free(ptr->aspect_params);
389	}
390
391	if (ptr->linked_role_params != NULL) {
392	abac_param_list_free(ptr->linked_role_params);
393	}
394
395	if (ptr->prereqs != NULL) {
396	abac_aspect_t *cur=NULL;
397	abac_list_foreach(ptr->prereqs, cur,
398	abac_aspect_free(cur);
399	);
400	abac_list_free(ptr->prereqs);
401	}
402
403	free(ptr);
404	}
405
406	/**********************************************************************/
407
408	void abac_aspect_add_param(abac_aspect_t ptr, abac_term_t param)
409	{
410	if(ptr->aspect_params == NULL) {
411	ptr->aspect_params=abac_param_list_new(param);
412	} else {
413	abac_param_list_add_term(ptr->aspect_params, param);
414	}
415	}
416
417	void abac_aspect_add_intersecting_aspect(abac_aspect_t ptr, abac_aspect_t aspect)
418	{
419	abac_list_add(ptr->prereqs, abac_aspect_dup(aspect));
420	}
421
422	void abac_aspect_add_linked_param(abac_aspect_t ptr, abac_term_t param)
423	{
424	if(ptr->linked_role_params == NULL) {
425	ptr->linked_role_params=abac_param_list_new(param);
426	} else {
427	abac_param_list_add_term(ptr->linked_role_params, param);
428	}
429	}
430
431
432	/**********************************************************************/
433
434	/**
435	* Create a new principal and initialize it.
436	* always with the proper SHA string
437	*/
438	static abac_aspect_t *_abac_aspect_init()
439	{
440	abac_aspect_t ptr = (abac_aspect_t ) abac_xmalloc(sizeof(abac_aspect_t));
441
442	ptr->is_object=0;
443	ptr->principal_name = NULL;
444	ptr->principal_name_p = NULL;
445	ptr->aspect_type=e_ASPECTTYPE_NULL;
446
447	ptr->aspect_name = NULL;
448	ptr->aspect_params = NULL;
449
450	ptr->linked_role_name = NULL;
451	ptr->linked_role_params = NULL;
452
453	ptr->type_string=NULL;
454
455	ptr->prereqs = NULL;
456	ptr->refcount = 1;
457	}
458
459	abac_aspect_t abac_aspect_principal_new(int type, char principal_name)
460	{
461	assert(principal_name != NULL);
462
463	if (strlen(principal_name) == 0)
464	return NULL;
465
466	/* XXX currently, it might be good if the principal_name is used o
467	lookup the hashed id table and somehow link to the ID that it belongs
468	too, currently, we check it later.. */
469	abac_aspect_t *ptr = _abac_aspect_init();
470	ptr->aspect_type=type;
471	ptr->principal_name = strdup(principal_name);
472	ptr->principal_name_p = prologIt(principal_name);
473	if(type==e_ASPECTTYPE_ROLE)
474	ptr->type_string=abac_xstrdup("role");
475	if(type==e_ASPECTTYPE_OSET)
476	ptr->type_string=abac_xstrdup("oset");
477	return ptr;
478	}
479
480	abac_aspect_t abac_aspect_role_principal_new(char principal_name)
481	{
482	return abac_aspect_principal_new(e_ASPECTTYPE_ROLE,principal_name);
483	}
484
485	abac_aspect_t abac_aspect_role_principal_create(char principal_name)
486	{
487	return abac_aspect_principal_new(e_ASPECTTYPE_ROLE,principal_name);
488	}
489
490	abac_aspect_t abac_aspect_oset_principal_new(char principal_name)
491	{
492	return abac_aspect_principal_new(e_ASPECTTYPE_OSET,principal_name);
493	}
494
495	abac_aspect_t abac_aspect_oset_principal_create(char principal_name)
496	{
497	return abac_aspect_principal_new(e_ASPECTTYPE_OSET,principal_name);
498	}
499
500	abac_aspect_t abac_aspect_object_new(int type, abac_term_t object)
501	{
502	assert(object != NULL);
503	abac_aspect_t *ptr = _abac_aspect_init();
504	ptr->aspect_type=type;
505	ptr->is_object =1;
506	ptr->principal_object = object;
507	/* can not be role type */
508	if(type==e_ASPECTTYPE_OSET)
509	ptr->type_string=abac_xstrdup("oset");
510
511	return ptr;
512	}
513
514	abac_aspect_t abac_aspect_oset_object_new(abac_term_t object)
515	{
516	return abac_aspect_object_new(e_ASPECTTYPE_OSET, object);
517	}
518
519	abac_aspect_t abac_aspect_oset_object_create(abac_term_t object)
520	{
521	return abac_aspect_object_new(e_ASPECTTYPE_OSET,object);
522	}
523	abac_aspect_t abac_aspect_new(int type, char principal_name, char *aspect_name)
524	{
525	assert(principal_name != NULL);
526	assert(aspect_name != NULL);
527
528	if (strlen(principal_name) == 0 \|\| strlen(aspect_name) == 0)
529	return NULL;
530
531	abac_aspect_t *ptr = _abac_aspect_init();
532
533	ptr->principal_name = strdup(principal_name);
534	ptr->principal_name_p = prologIt(principal_name);
535	ptr->aspect_type=type;
536
537	ptr->aspect_name = abac_xstrdup(aspect_name);
538
539	if(type==e_ASPECTTYPE_OSET)
540	ptr->type_string= abac_xstrdup("oset");
541	else
542	ptr->type_string= abac_xstrdup("role");
543
544	if(debug)
545	fprintf(stderr,"DEBUG:adding a new aspect (%s) to principal (%s)\n",
546	ptr->aspect_name, ptr->principal_name);
547	return ptr;
548	}
549
550	abac_aspect_t abac_aspect_oset_new(char principal_name, char *oset_name)
551	{
552	return abac_aspect_new(e_ASPECTTYPE_OSET,principal_name, oset_name);
553	}
554
555	abac_aspect_t abac_aspect_oset_create(char principal_name, char *oset_name)
556	{
557	return abac_aspect_new(e_ASPECTTYPE_OSET,principal_name,oset_name);
558	}
559
560	abac_aspect_t abac_aspect_role_new(char principal_name, char *oset_name)
561	{
562	return abac_aspect_new(e_ASPECTTYPE_ROLE,principal_name, oset_name);
563	}
564
565	abac_aspect_t abac_aspect_role_create(char principal_name, char *role_name)
566	{
567	return abac_aspect_new(e_ASPECTTYPE_ROLE,principal_name,role_name);
568	}
569
570	/**
571	* Created a new linking role/oset and initialize it.
572	*/
573	abac_aspect_t abac_aspect_linking_new(int type, char principal_name,
574	char linked_role_name, char aspect_name)
575	{
576	assert(principal_name != NULL);
577	assert(linked_role_name != NULL);
578	assert(aspect_name != NULL);
579
580	if (strlen(principal_name) == 0 \|\|
581	strlen(linked_role_name) == 0 \|\| strlen(aspect_name) == 0)
582	return NULL;
583
584	abac_aspect_t *ptr = _abac_aspect_init();
585
586	ptr->is_object=0;
587	ptr->aspect_type=type;
588	ptr->principal_name = strdup(principal_name);
589	ptr->principal_name_p = prologIt(principal_name);
590
591	ptr->linked_role_name = strdup(linked_role_name);
592	ptr->aspect_name = strdup(aspect_name);
593	ptr->aspect_params = NULL;
594
595	if(debug)
596	fprintf(stderr,"DEBUG:adding a new linked (%s) to oset/role(%s) for principal(%s)\n",
597	ptr->linked_role_name, ptr->aspect_name, ptr->principal_name);
598
599	if(type==e_ASPECTTYPE_OSET)
600	ptr->type_string=abac_xstrdup("oset");
601	else ptr->type_string=abac_xstrdup("role");
602
603	return ptr;
604	}
605
606	abac_aspect_t abac_aspect_role_linking_new(char principal_name, char *linked_role_name,
607	char *role_name)
608	{
609	return abac_aspect_linking_new(e_ASPECTTYPE_ROLE,
610	principal_name, linked_role_name, role_name);
611	}
612
613	abac_aspect_t abac_aspect_oset_linking_new(char principal_name, char *linked_role_name,
614	char *oset_name)
615	{
616	return abac_aspect_linking_new(e_ASPECTTYPE_OSET,
617	principal_name, linked_role_name, oset_name);
618	}
619
620	/**
621	* Create an intersection oset/role.
622	*/
623	abac_aspect_t abac_aspect_intersection_new(abac_aspect_t aspect)
624	{
625	abac_aspect_t *ptr = _abac_aspect_init();
626	ptr->aspect_type=e_ASPECTTYPE_INTERSECTING;
627	abac_list_t *prereqs = abac_list_new();
628	abac_list_add(prereqs, abac_aspect_dup(aspect));
629	ptr->prereqs = prereqs;
630	ptr->refcount = 1;
631	return ptr;
632	}
633
634	/*******************************************************************/
635	char abac_aspect_intersecting_string_with_condition(int typed,abac_aspect_t ptr)
636	{
637	assert(ptr != NULL);
638	char *tmp=NULL;
639	if (ptr->prereqs != NULL) {
640	abac_aspect_t *cur;
641	abac_list_foreach(ptr->prereqs, cur,
642	char *ntmp=NULL;
643	if(typed)
644	ntmp=abac_aspect_typed_string_with_condition(cur);
645	else
646	ntmp=abac_aspect_string_with_condition(cur);
647	if(tmp==NULL) {
648	asprintf(&tmp,"%s",ntmp);
649	} else {
650	asprintf(&tmp,"%s & %s",tmp, ntmp);
651	}
652	);
653	}
654	return tmp;
655	}
656
657	/**
658	* Returns the string representation of the role/oset.
659	* principal.osetname(params..)
660	* principal.rolename(params..)
661	*/
662	char abac_aspect_string_with_condition(abac_aspect_t ptr)
663	{
664	assert(ptr != NULL);
665
666	if(abac_aspect_is_intersection(ptr)) {
667	return abac_aspect_intersecting_string_with_condition(0,ptr);
668	}
669
670	char *tmp=NULL;
671	char *principal_name;
672	if(abac_aspect_is_object(ptr)) {
673	principal_name = abac_aspect_object_name(ptr);
674	if(_abac_aspect_object_is_time_type(ptr))
675	principal_name=abac_time_to_term(principal_name);
676	} else principal_name = abac_aspect_principal_name(ptr);
677	char *aspect_name= ptr->aspect_name;
678	char *linked_role_name = ptr->linked_role_name;
679	char *params_string=NULL;
680	char *linked_params_string=NULL;
681
682	int len = 0;
683	if(principal_name)
684	len=len+strlen(principal_name)+1;
685	if(aspect_name)
686	len = len+strlen(aspect_name)+1;
687	if(linked_role_name)
688	len = len+strlen(linked_role_name)+1;
689
690	if(ptr->aspect_params) {
691	params_string=abac_param_list_string_with_condition(ptr->aspect_params);
692	len = len+strlen(params_string)+3;
693	}
694	if(ptr->linked_role_params) {
695	linked_params_string=abac_param_list_string_with_condition(ptr->linked_role_params);
696	len = len+strlen(linked_params_string)+3;
697	}
698
699	/* principal */
700	/* principal.oset/role */
701	/* principal.oset/role(params_string) */
702	/* principal.linked_role(linked_params_string).oset/role(params_string) */
703	tmp = abac_xmalloc(len);
704
705	if(principal_name)
706	sprintf(tmp,"%s",principal_name);
707
708	if(linked_role_name) {
709	strcat(tmp,".");
710	strcat(tmp,linked_role_name);
711	}
712	if(linked_params_string) {
713	strcat(tmp,"(");
714	strcat(tmp,linked_params_string);
715	strcat(tmp,")");
716	}
717	if(aspect_name) {
718	strcat(tmp,".");
719	strcat(tmp,aspect_name);
720	}
721	if(params_string) {
722	strcat(tmp,"(");
723	strcat(tmp,params_string);
724	strcat(tmp,")");
725	}
726
727	if(linked_params_string) free(linked_params_string);
728	if(params_string) free(params_string);
729	return tmp;
730	}
731
732	char abac_aspect_string(abac_aspect_t ptr) {
733	return abac_aspect_string_with_condition(ptr);
734	}
735	char abac_aspect_typed_string(abac_aspect_t ptr) {
736	return abac_aspect_typed_string_with_condition(ptr);
737	}
738
739	void abac_print_aspect_string_with_condition(abac_aspect_t ptr,FILE fp)
740	{
741	char *string=abac_aspect_string_with_condition(ptr);
742	if(fp==NULL)
743	printf("%s ",string);
744	else fprintf(fp,"%s ",string);
745	}
746
747	char abac_aspect_aspect_param_string(abac_aspect_t ptr) {
748	assert(ptr != NULL);
749	if(ptr->aspect_params) {
750	return abac_param_list_string_with_condition(ptr->aspect_params);
751	}
752	return NULL;
753	}
754
755	char abac_aspect_aspect_param_typed_string(abac_aspect_t ptr) {
756	assert(ptr != NULL);
757	if(ptr->aspect_params) {
758	return abac_param_list_typed_string_with_condition(ptr->aspect_params);
759	}
760	return NULL;
761	}
762
763	/**
764	* Returns the typed string representation of the role/oset.
765	*/
766	char abac_aspect_typed_string_with_condition(abac_aspect_t ptr)
767	{
768	assert(ptr != NULL);
769
770	if(abac_aspect_is_intersection(ptr)) {
771	return abac_aspect_intersecting_string_with_condition(1,ptr);
772	}
773
774	char tmp=NULL, final=NULL;
775	char *principal_name;
776	char *principal_name_type=NULL;
777	if(abac_aspect_is_object(ptr)) {
778	principal_name = abac_aspect_object_name(ptr);
779	/special case is when it is time type /
780	if(_abac_aspect_object_is_time_type(ptr))
781	principal_name=abac_time_to_term(principal_name);
782	principal_name_type = abac_aspect_object_type(ptr);
783	} else {
784	principal_name = abac_aspect_principal_name(ptr);
785	principal_name_type=abac_aspect_principal_type(ptr);
786	if(debug)
787	fprintf(stderr,"aspect's typed_string (%s)(%s)\n",
788	principal_name_type, principal_name);
789	}
790
791	/* the principal id is probably not in the idcreds list */
792	if(principal_name_type == NULL) {
793	errx(1,"Can not find idtype for principal_name, wrong filename suffix?");
794	}
795
796	if(debug)
797	fprintf(stderr,"aspect's typed_string (%s)(%s)\n",
798	principal_name_type, principal_name);
799	char *aspect_name=abac_aspect_aspect_name(ptr);
800	char *aspect_name_type=abac_aspect_type_string(ptr);
801	char *linked_role_name=abac_aspect_linked_role_name(ptr);
802	char *params_string=NULL;
803	char *linked_params_string=NULL;
804
805	if(ptr->aspect_params) {
806	params_string=abac_param_list_typed_string_with_condition(ptr->aspect_params);
807	}
808	if(ptr->linked_role_params) {
809	linked_params_string=abac_param_list_typed_string_with_condition(ptr->linked_role_params);
810	}
811
812	asprintf(&final,"[%s:%s]",principal_name_type,principal_name);
813	if(linked_role_name) {
814	tmp=final;
815	final=NULL;
816	asprintf(&final,"%s.role:%s",tmp,linked_role_name);
817	free(tmp);
818	}
819	if(linked_params_string) {
820	tmp=final;
821	final=NULL;
822	asprintf(&final,"%s(%s)",tmp,linked_params_string);
823	free(tmp);
824	}
825	if(aspect_name) {
826	tmp=final;
827	final=NULL;
828	asprintf(&final,"%s.%s:%s",tmp,aspect_name_type,aspect_name);
829	free(tmp);
830	}
831	if(params_string) {
832	tmp=final;
833	final=NULL;
834	asprintf(&final,"%s(%s)",tmp,params_string);
835	free(tmp);
836	}
837
838	if(linked_params_string) free(linked_params_string);
839	if(params_string) free(params_string);
840	return final;
841	}
842
843	/**
844	* Build an attribute key from head and tail osets/role. Static.
845	*/
846	#define ROLE_SEPARATOR " <- "
847	char abac_aspect_attr_key(abac_aspect_t head_ptr, abac_aspect_t *tail_ptr) {
848	char *head = abac_aspect_string_with_condition(head_ptr);
849	int head_len = strlen(head);
850
851	char *tail = abac_aspect_string_with_condition(tail_ptr);
852	int tail_len = strlen(tail);
853
854	int sep_len = sizeof(ROLE_SEPARATOR) - 1;
855
856	// "head <- tail"
857	char *ret = abac_xmalloc(head_len + tail_len + sep_len + 1);
858	memcpy(ret, head, head_len);
859	memcpy(ret + head_len, ROLE_SEPARATOR, sep_len);
860	memcpy(ret + head_len + sep_len, tail, tail_len);
861	ret[head_len + sep_len + tail_len] = 0;
862
863	return ret;
864	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: