Context Navigation

source: libabac/abac_aspect.c @ ca72963

mei_rt2mei_rt2_fix_1

Last change on this file since ca72963 was 440ba20, checked in by Mei <mei@…>, 12 years ago

1) wrap up refactoring to move all the code gen to abac structure
2) all original testsuite passed
3) add couple more ui calls in abac.hh ie. manage constraint's

creation, hook to dump yap db.

Property mode set to 100644

File size: 21.9 KB

Line
1
2	/**
3	** abac_aspect.c
4	**/
5
6
7	#include <assert.h>
8	#include <stdlib.h>
9	#include <stdio.h>
10	#include <string.h>
11
12	#include "abac_list.h"
13	#include "abac_util.h"
14
15	#include "abac_internal.h"
16
17	static int debug=0;
18	/*
19	A.role <- B
20	A.role <- B.role
21	A.role <- B.role.role
22
23	A.oset <- B
24	A.oset <- Obj
25	A.oset <- B.oset
26	A.oset <- B.role.oset
27	*/
28
29	/* can store either a role or oset */
30	struct _abac_aspect_t {
31	int aspect_type;
32	int is_object;
33
34	char *principal_name;
35	char *principal_name_p; // pPrincipal_name
36	abac_term_t *principal_object;
37
38	char *linked_role_name;
39	abac_param_list_t *linked_role_params;
40
41	char *aspect_name;
42	abac_param_list_t *aspect_params;
43
44	char *type_string; // "oset" or "role"
45
46	abac_list_t *prereqs;
47	int refcount;
48	};
49
50	/**************************************************************/
51	void abac_aspect_dump(abac_aspect_t ptr, char offset)
52	{
53	char *tmp=NULL;
54	asprintf(&tmp," %s",offset);
55	if(ptr->prereqs != 0) {
56	abac_aspect_t *cur;
57	abac_list_foreach(ptr->prereqs, cur,
58	if(cur)
59	abac_aspect_dump(cur, tmp);
60	);
61	return;
62	}
63
64	printf("\n..... an aspect .....\n");
65	printf("%s aspect_type: %d(%s)\n", offset, ptr->aspect_type, abac_aspect_type_string(ptr));
66	printf("%s is_object: %d\n", offset, ptr->is_object);
67	printf("%s principal_name: %s\n", offset, ptr->principal_name);
68	if(ptr->principal_name_p)
69	printf("%s principal_name_p: %s\n", offset, ptr->principal_name_p);
70	else printf("%s principal_name_p: --\n", offset);
71	if(ptr->principal_object)
72	abac_term_dump(ptr->principal_object, tmp);
73	else ("%s principal_object: --\n", offset);
74	if(ptr->linked_role_name)
75	printf("%s linked_role_name: %s\n", offset, ptr->linked_role_name);
76	else printf("%s linked_role_name: --\n", offset);
77	if(ptr->linked_role_params)
78	abac_param_dump(ptr->linked_role_params, tmp);
79	else printf("%s linked_role_params: --\n", offset);
80	if(ptr->aspect_name)
81	printf("%s aspect_name: %s\n", offset, ptr->aspect_name);
82	else printf("%s aspect_name: --\n", offset);
83	if(ptr->aspect_params)
84	abac_param_dump(ptr->aspect_params, tmp);
85	else printf("%s aspect_params: --\n", offset);
86	if(ptr->type_string)
87	printf("%s type_string:- %s\n", offset, ptr->type_string);
88	else printf("%s type_string: --\n", offset);
89	printf("%s refcount:- %d\n", offset, ptr->refcount);
90	printf("..................................");
91	free(tmp);
92	}
93
94	bool abac_aspect_is_oset(abac_aspect_t *ptr)
95	{
96	assert(ptr);
97	if(ptr->aspect_type==e_ASPECTTYPE_OSET)
98	return 1;
99	return 0;
100	}
101
102
103	bool abac_aspect_is_role(abac_aspect_t *ptr)
104	{
105	assert(ptr);
106	if(ptr->aspect_type==e_ASPECTTYPE_ROLE)
107	return 1;
108	return 0;
109	}
110
111	bool abac_aspect_is_intersecting(abac_aspect_t *ptr)
112	{
113	assert(ptr);
114	if(ptr->aspect_type==e_ASPECTTYPE_INTERSECTING)
115	return 1;
116	return 0;
117	}
118
119	/* A.role->B or A.oset->B */
120	bool abac_aspect_is_principal(abac_aspect_t *ptr) {
121	assert(ptr != NULL);
122	return ptr->is_object == 0 &&
123	ptr->aspect_name == NULL &&
124	ptr->linked_role_name == NULL &&
125	ptr->prereqs == NULL;
126	}
127
128	/* A.oset->O */
129	bool abac_aspect_is_object(abac_aspect_t *ptr)
130	{
131	assert(ptr);
132	if(ptr->aspect_type == e_ASPECTTYPE_OSET)
133	return ptr->is_object;
134	return 0;
135	}
136
137	/* A.role->B.role.role or A.oset->B.role.oset */
138	bool abac_aspect_is_linking(abac_aspect_t *ptr)
139	{
140	assert(ptr);
141	return ptr->linked_role_name != NULL;
142	}
143
144	/**
145	* True if an aspect is an intersection.
146	*/
147	bool abac_aspect_is_intersection(abac_aspect_t *ptr)
148	{
149	assert(ptr);
150	return ptr->prereqs != NULL;
151	}
152
153	/**
154	* return the type that is common to all the intersecting aspects
155	*/
156	int abac_aspect_intersecting_aspect_type(abac_aspect_t *ptr)
157	{
158	assert(ptr);
159	assert(ptr->prereqs);
160	abac_aspect_t *cur;
161	int first=1;
162	int type;
163	abac_list_foreach(ptr->prereqs, cur,
164	if(first) {
165	type=abac_aspect_aspect_type(cur);
166	first=0;
167	} else {
168	if(abac_aspect_aspect_type(cur) != type)
169	errx(1,"Intersecting tails are not of the same type");
170	}
171	);
172	return type;
173	}
174
175	/**
176	* Returns the prereqs of an intersection.
177	*/
178	abac_list_t abac_aspect_prereqs(abac_aspect_t ptr)
179	{
180	assert(ptr);
181	return ptr->prereqs;
182	}
183
184	char* abac_aspect_type_string(abac_aspect_t *ptr)
185	{
186	assert(ptr);
187	return ptr->type_string;
188	}
189
190	int abac_aspect_aspect_type(abac_aspect_t *ptr)
191	{
192	assert(ptr);
193	return ptr->aspect_type;
194	}
195
196	/**
197	* Returns the linked part of a linking aspect.
198	* For instance, if the aspect is A.r1.r2, this returns r1.
199	*/
200	char abac_aspect_linked_role_name(abac_aspect_t ptr)
201	{
202	assert(ptr);
203	return ptr->linked_role_name;
204	}
205
206	/* A.r1 without params or constraints, callee needs to free it*/
207	char abac_aspect_linked_role_bare(abac_aspect_t ptr)
208	{
209	assert(ptr);
210	assert(ptr->principal_name);
211	assert(ptr->linked_role_name);
212	char *tmp=NULL;
213	asprintf(&tmp,"%s.%s",ptr->principal_name,ptr->linked_role_name);
214	return tmp;
215	}
216
217	abac_param_list_t abac_aspect_linked_role_params(abac_aspect_t ptr)
218	{
219	assert(ptr);
220	return ptr->linked_role_params;
221	}
222
223	/**
224	* Returns the name of an aspect. If the aspect is A.r1 then return r1.
225	* If the aspect is A.r1.r2 then return r2.
226	*/
227	char abac_aspect_aspect_name(abac_aspect_t ptr) {
228	assert(ptr);
229	return ptr->aspect_name;
230	}
231
232	abac_param_list_t abac_aspect_aspect_params(abac_aspect_t ptr)
233	{
234	assert(ptr);
235	return ptr->aspect_params;
236	}
237
238	/**
239	* Returns the principal part of an aspect. The stuff before the first dot.
240	*/
241	char abac_aspect_principal_name(abac_aspect_t ptr)
242	{
243	assert(ptr);
244	if(USE("ABAC_CN"))
245	return abac_cn_with_sha(ptr->principal_name);
246	if(ABAC_IN_PROLOG) {
247	return ptr->principal_name_p;
248	} else return ptr->principal_name;
249	}
250
251	char abac_aspect_principal_principalname(abac_aspect_t ptr)
252	{
253	assert(ptr);
254	if(ABAC_IN_PROLOG)
255	return ptr->principal_name_p;
256	return ptr->principal_name;
257	}
258
259	char abac_aspect_principal_type(abac_aspect_t ptr)
260	{
261	assert(ptr);
262	return abac_idtype_with_sha(ptr->principal_name);
263	}
264
265	char abac_aspect_principal_cn(abac_aspect_t ptr)
266	{
267	assert(ptr);
268	return abac_cn_with_sha(ptr->principal_name);
269	}
270
271	abac_term_t abac_aspect_object_term(abac_aspect_t ptr)
272	{
273	return ptr->principal_object;
274	}
275
276	char abac_aspect_object_name(abac_aspect_t ptr)
277	{
278	assert(ptr);
279	assert(ptr->is_object);
280	abac_term_t *obj=ptr->principal_object;
281	char *tmp=abac_term_name(obj);
282	return abac_term_name(obj);
283	}
284
285	char abac_aspect_object_type(abac_aspect_t ptr)
286	{
287	assert(ptr);
288	assert(ptr->is_object);
289	abac_term_t *obj=ptr->principal_object;
290	char *tmp=abac_term_type_name(obj);
291	return tmp;
292	}
293
294	abac_condition_t abac_aspect_object_constraint(abac_aspect_t ptr)
295	{
296	assert(ptr != NULL);
297	assert(ptr->is_object);
298	abac_term_t *obj=ptr->principal_object;
299	return abac_term_constraint(obj);
300	}
301
302	char* abac_aspect_get_issuer_keytype(abac_aspect_t *ptr)
303	{
304	abac_id_t *issuer_id;
305	char *principalname=abac_aspect_principal_principalname(ptr);
306	if(principalname) {
307	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
308	if(id_cred) {
309	issuer_id=abac_id_credential_id(id_cred);
310	return abac_id_keyid(issuer_id);
311	}
312	}
313	return NULL;
314	}
315
316	int abac_aspect_get_issuer_idtype(abac_aspect_t *ptr)
317	{
318	abac_id_t *issuer_id;
319	char *principalname=abac_aspect_principal_principalname(ptr);
320	if(principalname) {
321	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
322	if(id_cred) {
323	issuer_id=abac_id_credential_id(id_cred);
324	return abac_id_idtype(issuer_id);
325	}
326	}
327	return 0;
328	}
329
330	abac_id_t abac_aspect_get_issuer_id(abac_aspect_t ptr)
331	{
332	abac_id_t *issuer_id;
333	char *principalname=abac_aspect_principal_principalname(ptr);
334	if(principalname) {
335	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
336	if(id_cred)
337	issuer_id=abac_id_credential_id(id_cred);
338	}
339	return issuer_id;
340	}
341	/**
342	* Increase a aspect's reference count.
343	*/
344	abac_aspect_t abac_aspect_dup(abac_aspect_t ptr)
345	{
346	assert(ptr != NULL);
347	++ptr->refcount;
348	return ptr;
349	}
350
351	/**
352	* Decrease an aspect's reference count, freeing it when it reaches 0.
353	*/
354	void abac_aspect_free(abac_aspect_t *ptr) {
355
356	if(debug)
357	printf("DEBUG:trying to freeing an aspect %d\n",(int)ptr);
358
359	assert(ptr);
360
361	--ptr->refcount;
362	if (ptr->refcount > 0)
363	return;
364
365	if(ptr->principal_name) free(ptr->principal_name);
366	if(ptr->principal_name_p) free(ptr->principal_name_p);
367	if(ptr->linked_role_name) free(ptr->linked_role_name);
368	if(ptr->aspect_name) free(ptr->aspect_name);
369
370	if(ptr->type_string) free(ptr->type_string);
371
372	if (ptr->aspect_params != NULL) {
373	abac_param_list_free(ptr->aspect_params);
374	}
375
376	if (ptr->linked_role_params != NULL) {
377	abac_param_list_free(ptr->linked_role_params);
378	}
379
380	if (ptr->prereqs != NULL) {
381	abac_aspect_t *cur;
382	abac_list_foreach(ptr->prereqs, cur,
383	abac_aspect_free(cur);
384	);
385	abac_list_free(ptr->prereqs);
386	}
387
388	free(ptr);
389	}
390
391	/**********************************************************************/
392
393	abac_aspect_t abac_aspect_add_param(abac_aspect_t ptr, abac_term_t *param)
394	{
395	if(ptr->aspect_params == NULL) {
396	ptr->aspect_params=abac_param_list_new(param);
397	} else {
398	abac_param_list_add_term(ptr->aspect_params, param);
399	}
400	return ptr;
401	}
402
403	abac_aspect_t abac_aspect_add_intersecting_aspect(abac_aspect_t ptr, abac_aspect_t *aspect)
404	{
405	abac_list_add(ptr->prereqs, abac_aspect_dup(aspect));
406	return ptr;
407	}
408
409	abac_aspect_t abac_aspect_add_linked_param(abac_aspect_t ptr, abac_term_t *param)
410	{
411	if(ptr->linked_role_params == NULL) {
412	ptr->linked_role_params=abac_param_list_new(param);
413	} else {
414	abac_param_list_add_term(ptr->linked_role_params, param);
415	}
416	return ptr;
417	}
418
419
420	/**********************************************************************/
421
422	/**
423	* Create a new principal and initialize it.
424	* always with the proper SHA string
425	*/
426	static abac_aspect_t *_abac_aspect_init()
427	{
428	abac_aspect_t ptr = (abac_aspect_t ) abac_xmalloc(sizeof(abac_aspect_t));
429
430	ptr->is_object=0;
431	ptr->principal_name = NULL;
432	ptr->principal_name_p = NULL;
433	ptr->aspect_type=e_ASPECTTYPE_NULL;
434
435	ptr->aspect_name = NULL;
436	ptr->aspect_params = NULL;
437
438	ptr->linked_role_name = NULL;
439	ptr->linked_role_params = NULL;
440
441	ptr->type_string=NULL;
442
443	ptr->prereqs = NULL;
444	ptr->refcount = 1;
445	}
446
447	abac_aspect_t abac_aspect_principal_new(int type, char principal_name)
448	{
449	assert(principal_name != NULL);
450
451	if (strlen(principal_name) == 0)
452	return NULL;
453
454	abac_aspect_t *ptr = _abac_aspect_init();
455	ptr->aspect_type=type;
456	ptr->principal_name = strdup(principal_name);
457	ptr->principal_name_p = prologIt(principal_name);
458	if(type==e_ASPECTTYPE_ROLE)
459	ptr->type_string=abac_xstrdup("role");
460	if(type==e_ASPECTTYPE_OSET)
461	ptr->type_string=abac_xstrdup("oset");
462	return ptr;
463	}
464
465	abac_aspect_t abac_aspect_role_principal_new(char principal_name)
466	{
467	return abac_aspect_principal_new(e_ASPECTTYPE_ROLE,principal_name);
468	}
469
470	abac_aspect_t abac_aspect_role_principal_create(char principal_name)
471	{
472	return abac_aspect_principal_new(e_ASPECTTYPE_ROLE,principal_name);
473	}
474
475	abac_aspect_t abac_aspect_oset_principal_new(char principal_name)
476	{
477	return abac_aspect_principal_new(e_ASPECTTYPE_OSET,principal_name);
478	}
479
480	abac_aspect_t abac_aspect_oset_principal_create(char principal_name)
481	{
482	return abac_aspect_principal_new(e_ASPECTTYPE_OSET,principal_name);
483	}
484
485
486	abac_aspect_t abac_aspect_object_new(int type, abac_term_t object)
487	{
488	assert(object != NULL);
489	abac_aspect_t *ptr = _abac_aspect_init();
490	ptr->aspect_type=type;
491	ptr->is_object =1;
492	ptr->principal_object = object;
493	/* can not be role type */
494	if(type==e_ASPECTTYPE_OSET)
495	ptr->type_string=abac_xstrdup("oset");
496
497	return ptr;
498	}
499
500	abac_aspect_t abac_aspect_oset_object_new(abac_term_t object)
501	{
502	return abac_aspect_object_new(e_ASPECTTYPE_OSET, object);
503	}
504
505	abac_aspect_t abac_aspect_new(int type, char principal_name, char *aspect_name)
506	{
507	assert(principal_name != NULL);
508	assert(aspect_name != NULL);
509
510	if (strlen(principal_name) == 0 \|\| strlen(aspect_name) == 0)
511	return NULL;
512
513	abac_aspect_t *ptr = _abac_aspect_init();
514
515	ptr->principal_name = strdup(principal_name);
516	ptr->principal_name_p = prologIt(principal_name);
517	ptr->aspect_type=type;
518
519	ptr->aspect_name = abac_xstrdup(aspect_name);
520
521	if(type==e_ASPECTTYPE_OSET)
522	ptr->type_string= abac_xstrdup("oset");
523	else
524	ptr->type_string= abac_xstrdup("role");
525
526	if(debug)
527	printf("DEBUG:adding a new aspect (%s) to principal (%s)\n",
528	ptr->aspect_name, ptr->principal_name);
529	return ptr;
530	}
531
532	abac_aspect_t abac_aspect_oset_new(char principal_name, char *oset_name)
533	{
534	return abac_aspect_new(e_ASPECTTYPE_OSET,principal_name, oset_name);
535	}
536
537	abac_aspect_t abac_aspect_oset_create(char principal_name, char *oset_name)
538	{
539	return abac_aspect_new(e_ASPECTTYPE_OSET,principal_name,oset_name);
540	}
541
542	abac_aspect_t abac_aspect_role_new(char principal_name, char *oset_name)
543	{
544	return abac_aspect_new(e_ASPECTTYPE_ROLE,principal_name, oset_name);
545	}
546
547	abac_aspect_t abac_aspect_role_create(char principal_name, char *role_name)
548	{
549	return abac_aspect_new(e_ASPECTTYPE_ROLE,principal_name,role_name);
550	}
551
552	/**
553	* Created a new linking role/oset and initialize it.
554	*/
555	abac_aspect_t abac_aspect_linking_new(int type, char principal_name,
556	char linked_role_name, char aspect_name)
557	{
558	assert(principal_name != NULL);
559	assert(linked_role_name != NULL);
560	assert(aspect_name != NULL);
561
562	if (strlen(principal_name) == 0 \|\|
563	strlen(linked_role_name) == 0 \|\| strlen(aspect_name) == 0)
564	return NULL;
565
566	abac_aspect_t *ptr = _abac_aspect_init();
567
568	ptr->is_object=0;
569	ptr->aspect_type=type;
570	ptr->principal_name = strdup(principal_name);
571	ptr->principal_name_p = prologIt(principal_name);
572
573	ptr->linked_role_name = strdup(linked_role_name);
574	ptr->aspect_name = strdup(aspect_name);
575	ptr->aspect_params = NULL;
576
577	if(debug)
578	printf("DEBUG:adding a new linked (%s) to oset(%s) for principal(%s)\n",
579	ptr->linked_role_name, ptr->aspect_name, ptr->principal_name);
580
581	if(type==e_ASPECTTYPE_OSET)
582	ptr->type_string=abac_xstrdup("oset");
583	else ptr->type_string=abac_xstrdup("role");
584
585	return ptr;
586	}
587
588	abac_aspect_t abac_aspect_role_linking_new(char principal_name, char *linked_role_name,
589	char *role_name)
590	{
591	return abac_aspect_linking_new(e_ASPECTTYPE_ROLE,
592	principal_name, linked_role_name, role_name);
593	}
594
595	abac_aspect_t abac_aspect_oset_linking_new(char principal_name, char *linked_role_name,
596	char *oset_name)
597	{
598	return abac_aspect_linking_new(e_ASPECTTYPE_OSET,
599	principal_name, linked_role_name, oset_name);
600	}
601
602	/**
603	* Create an intersection oset/role.
604	*/
605	abac_aspect_t abac_aspect_intersection_new(abac_aspect_t aspect)
606	{
607	abac_aspect_t *ptr = _abac_aspect_init();
608	ptr->aspect_type=e_ASPECTTYPE_INTERSECTING;
609	abac_list_t *prereqs = abac_list_new();
610	abac_list_add(prereqs, abac_aspect_dup(aspect));
611	ptr->prereqs = prereqs;
612	ptr->refcount = 1;
613	return ptr;
614	}
615
616	/*******************************************************************/
617	char abac_aspect_intersecting_string_with_condition(int typed,abac_aspect_t ptr)
618	{
619	assert(ptr != NULL);
620	char *tmp=NULL;
621	if (ptr->prereqs != NULL) {
622	abac_aspect_t *cur;
623	abac_list_foreach(ptr->prereqs, cur,
624	char *ntmp=NULL;
625	if(typed)
626	ntmp=abac_aspect_typed_string_with_condition(cur);
627	else
628	ntmp=abac_aspect_string_with_condition(cur);
629	if(tmp==NULL) {
630	asprintf(&tmp,"%s",ntmp);
631	} else {
632	asprintf(&tmp,"%s & %s",tmp, ntmp);
633	}
634	);
635	}
636	return tmp;
637	}
638
639	/**
640	* Returns the string representation of the role/oset.
641	* principal.osetname(params..)
642	* principal.rolename(params..)
643	*/
644	char abac_aspect_string_with_condition(abac_aspect_t ptr)
645	{
646	assert(ptr != NULL);
647
648	if(abac_aspect_is_intersection(ptr)) {
649	return abac_aspect_intersecting_string_with_condition(0,ptr);
650	}
651
652	char *tmp=NULL;
653	char *principal_name;
654	if(abac_aspect_is_object(ptr))
655	principal_name = abac_aspect_object_name(ptr);
656	else principal_name = abac_aspect_principal_name(ptr);
657	char *aspect_name= ptr->aspect_name;
658	char *linked_role_name = ptr->linked_role_name;
659	char *params_string=NULL;
660	char *linked_params_string=NULL;
661
662	int len = 0;
663	if(principal_name)
664	len=len+strlen(principal_name)+1;
665	if(aspect_name)
666	len = len+strlen(aspect_name)+1;
667	if(linked_role_name)
668	len = len+strlen(linked_role_name)+1;
669
670	if(ptr->aspect_params) {
671	params_string=abac_param_list_string_with_condition(ptr->aspect_params);
672	len = len+strlen(params_string)+3;
673	}
674	if(ptr->linked_role_params) {
675	linked_params_string=abac_param_list_string_with_condition(ptr->linked_role_params);
676	len = len+strlen(linked_params_string)+3;
677	}
678
679	/* principal */
680	/* principal.oset/role */
681	/* principal.oset/role(params_string) */
682	/* principal.linked_role(linked_params_string).oset/role(params_string) */
683	tmp = abac_xmalloc(len);
684
685	if(principal_name)
686	sprintf(tmp,"%s",principal_name);
687
688	if(linked_role_name) {
689	strcat(tmp,".");
690	strcat(tmp,linked_role_name);
691	}
692	if(linked_params_string) {
693	strcat(tmp,"(");
694	strcat(tmp,linked_params_string);
695	strcat(tmp,")");
696	}
697	if(aspect_name) {
698	strcat(tmp,".");
699	strcat(tmp,aspect_name);
700	}
701	if(params_string) {
702	strcat(tmp,"(");
703	strcat(tmp,params_string);
704	strcat(tmp,")");
705	}
706
707	if(linked_params_string) free(linked_params_string);
708	if(params_string) free(params_string);
709	return tmp;
710	}
711
712	char abac_aspect_string(abac_aspect_t ptr) {
713	return abac_aspect_string_with_condition(ptr);
714	}
715	char abac_aspect_typed_string(abac_aspect_t ptr) {
716	return abac_aspect_typed_string_with_condition(ptr);
717	}
718
719	void abac_print_aspect_string_with_condition(abac_aspect_t ptr,FILE fp)
720	{
721	char *string=abac_aspect_string_with_condition(ptr);
722	if(fp==NULL)
723	printf("%s ",string);
724	else fprintf(fp,"%s ",string);
725	}
726
727	char abac_aspect_aspect_param_string(abac_aspect_t ptr) {
728	assert(ptr != NULL);
729	if(ptr->aspect_params) {
730	return abac_param_list_string_with_condition(ptr->aspect_params);
731	}
732	return NULL;
733	}
734
735	char abac_aspect_aspect_param_typed_string(abac_aspect_t ptr) {
736	assert(ptr != NULL);
737	if(ptr->aspect_params) {
738	return abac_param_list_typed_string_with_condition(ptr->aspect_params);
739	}
740	return NULL;
741	}
742
743	/**
744	* Returns the typed string representation of the role/oset.
745	*/
746	char abac_aspect_typed_string_with_condition(abac_aspect_t ptr)
747	{
748	assert(ptr != NULL);
749
750	if(abac_aspect_is_intersection(ptr)) {
751	return abac_aspect_intersecting_string_with_condition(1,ptr);
752	}
753
754	char tmp=NULL, final=NULL;
755	char *principal_name;
756	char *principal_name_type=NULL;
757	if(abac_aspect_is_object(ptr)) {
758	principal_name = abac_aspect_object_name(ptr);
759	principal_name_type = abac_aspect_object_type(ptr);
760	} else {
761	principal_name = abac_aspect_principal_name(ptr);
762	principal_name_type=abac_aspect_principal_type(ptr);
763	if(debug) {
764	printf("aspect's typed_string (%s)(%s)\n", principal_name_type, principal_name);
765	}
766	}
767	char *aspect_name=abac_aspect_aspect_name(ptr);
768	char *aspect_name_type=abac_aspect_type_string(ptr);
769	char *linked_role_name=abac_aspect_linked_role_name(ptr);
770	char *params_string=NULL;
771	char *linked_params_string=NULL;
772
773	if(ptr->aspect_params) {
774	params_string=abac_param_list_typed_string_with_condition(ptr->aspect_params);
775	}
776	if(ptr->linked_role_params) {
777	linked_params_string=abac_param_list_typed_string_with_condition(ptr->linked_role_params);
778	}
779
780	asprintf(&final,"[%s:%s]",principal_name_type,principal_name);
781	if(linked_role_name) {
782	tmp=final;
783	final=NULL;
784	asprintf(&final,".role:%s",tmp,linked_role_name);
785	free(tmp);
786	}
787	if(linked_params_string) {
788	tmp=final;
789	final=NULL;
790	asprintf(&final,"%s(%s)",tmp,linked_params_string);
791	free(tmp);
792	}
793	if(aspect_name) {
794	tmp=final;
795	final=NULL;
796	asprintf(&final,"%s.%s:%s",tmp,aspect_name_type,aspect_name);
797	free(tmp);
798	}
799	if(params_string) {
800	tmp=final;
801	final=NULL;
802	asprintf(&final,"%s(%s)",tmp,params_string);
803	free(tmp);
804	}
805
806	if(linked_params_string) free(linked_params_string);
807	if(params_string) free(params_string);
808	return final;
809	}
810
811	/**
812	* Build an attribute key from head and tail osets/role. Static.
813	*/
814	#define ROLE_SEPARATOR " <- "
815	char abac_aspect_attr_key(abac_aspect_t head_ptr, abac_aspect_t *tail_ptr) {
816	char *head = abac_aspect_string_with_condition(head_ptr);
817	int head_len = strlen(head);
818
819	char *tail = abac_aspect_string_with_condition(tail_ptr);
820	int tail_len = strlen(tail);
821
822	int sep_len = sizeof(ROLE_SEPARATOR) - 1;
823
824	// "head <- tail"
825	char *ret = abac_xmalloc(head_len + tail_len + sep_len + 1);
826	memcpy(ret, head, head_len);
827	memcpy(ret + head_len, ROLE_SEPARATOR, sep_len);
828	memcpy(ret + head_len + sep_len, tail, tail_len);
829	ret[head_len + sep_len + tail_len] = 0;
830
831	return ret;
832	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: