Context Navigation

source: libabac/abac_aspect.c @ d0efdec

mei_rt2

Last change on this file since d0efdec was d0efdec, checked in by Mei <mei@…>, 11 years ago
1) less bsd compiler complaints
Property mode set to `100644`
File size: 24.0 KB

Line
1
2	/**
3	** abac_aspect.c
4	**/
5
6	#include <assert.h>
7
8	#include "abac_defines.h"
9	#include "abac_util.h"
10	#include "abac_term.h"
11	#include "abac_verifier.h"
12	#include "abac_list.h"
13	#include "abac_context.h"
14	#include "abac_id.h"
15
16	static int debug=1;
17	extern int ABAC_IN_PROLOG;
18
19	/*
20	A.role <- B
21	A.role <- B.role
22	A.role <- B.role.role
23
24	A.oset <- B
25	A.oset <- Obj
26	A.oset <- B.oset
27	A.oset <- B.role.oset
28	*/
29
30	/* can store either a role or oset */
31	struct _abac_aspect_t {
32	int aspect_type;
33	int is_object;
34
35	char *principal_name;
36	char *principal_name_p; // pPrincipal_name
37	abac_term_t *principal_object;
38
39	char *linked_role_name;
40	abac_param_list_t *linked_role_params;
41
42	char *aspect_name;
43	abac_param_list_t *aspect_params;
44
45	char *type_string; // "oset" or "role"
46
47	abac_list_t *prereqs;
48	int refcount;
49	};
50
51	/* local */
52	char abac_aspect_string_with_condition(abac_aspect_t );
53	char abac_aspect_typed_string_with_condition(abac_aspect_t );
54	static abac_aspect_t *_abac_aspect_init();
55
56	/**************************************************************/
57	int abac_aspect_is_oset(abac_aspect_t *ptr)
58	{
59	assert(ptr);
60	if(ptr->aspect_type == e_ASPECTTYPE_OSET)
61	return 1;
62	return 0;
63	}
64
65	int abac_aspect_is_role(abac_aspect_t *ptr)
66	{
67	assert(ptr);
68	if(ptr->aspect_type==e_ASPECTTYPE_ROLE)
69	return 1;
70	return 0;
71	}
72
73	int abac_aspect_is_intersecting(abac_aspect_t *ptr)
74	{
75	assert(ptr);
76	if(ptr->aspect_type == e_ASPECTTYPE_INTERSECTING)
77	return 1;
78	else return 0;
79	}
80
81	/* A.role->B or A.oset->B */
82	int abac_aspect_is_principal(abac_aspect_t *ptr) {
83	assert(ptr != NULL);
84	return ptr->is_object == 0 &&
85	ptr->aspect_name == NULL &&
86	ptr->linked_role_name == NULL &&
87	ptr->prereqs == NULL;
88	}
89
90	/* A.oset->O */
91	int abac_aspect_is_object(abac_aspect_t *ptr)
92	{
93	assert(ptr);
94	if(ptr->aspect_type == e_ASPECTTYPE_OSET)
95	return ptr->is_object;
96	return 0;
97	}
98
99	/* A.role->B.role.role or A.oset->B.role.oset */
100	int abac_aspect_is_linking(abac_aspect_t *ptr)
101	{
102	assert(ptr);
103	return ptr->linked_role_name != NULL;
104	}
105
106	/**
107	* True if an aspect is an intersection.
108	*/
109	int abac_aspect_is_intersection(abac_aspect_t *ptr)
110	{
111	assert(ptr);
112	return ptr->prereqs != NULL;
113	}
114
115	/**
116	* return the type that is common to all the intersecting aspects
117	*/
118	int abac_aspect_intersecting_aspect_type(abac_aspect_t *ptr)
119	{
120	assert(ptr);
121	assert(ptr->prereqs);
122	abac_aspect_t *cur;
123	int first=1;
124	int type;
125	abac_list_foreach(ptr->prereqs, cur,
126	if(first) {
127	type=abac_aspect_aspect_type(cur);
128	first=0;
129	} else {
130	if(abac_aspect_aspect_type(cur) != type)
131	errx(1,"Intersecting tails are not of the same type");
132	}
133	);
134	return type;
135	}
136
137	/**
138	* Returns the prereqs of an intersection.
139	*/
140	abac_list_t abac_aspect_prereqs(abac_aspect_t ptr)
141	{
142	assert(ptr);
143	return ptr->prereqs;
144	}
145
146	char* abac_aspect_type_string(abac_aspect_t *ptr)
147	{
148	assert(ptr);
149	return ptr->type_string;
150	}
151
152	int abac_aspect_aspect_type(abac_aspect_t *ptr)
153	{
154	assert(ptr);
155	return ptr->aspect_type;
156	}
157
158	/**
159	* Returns the linked part of a linking aspect.
160	* For instance, if the aspect is A.r1.r2, this returns r1.
161	*/
162	char abac_aspect_linked_role_name(abac_aspect_t ptr)
163	{
164	assert(ptr);
165	return ptr->linked_role_name;
166	}
167
168	/* A.r1 without params or constraints, callee needs to free it*/
169	char abac_aspect_linked_role_bare(abac_aspect_t ptr)
170	{
171	assert(ptr);
172	assert(ptr->principal_name);
173	assert(ptr->linked_role_name);
174	char *tmp=NULL;
175	asprintf(&tmp,"%s.%s",ptr->principal_name,ptr->linked_role_name);
176	return tmp;
177	}
178
179	abac_param_list_t abac_aspect_linked_role_params(abac_aspect_t ptr)
180	{
181	assert(ptr);
182	return ptr->linked_role_params;
183	}
184
185	/**
186	* Returns the name of an aspect. If the aspect is A.r1 then return r1.
187	* If the aspect is A.r1.r2 then return r2.
188	*/
189	char abac_aspect_aspect_name(abac_aspect_t ptr) {
190	assert(ptr);
191	return ptr->aspect_name;
192	}
193
194	abac_param_list_t abac_aspect_aspect_params(abac_aspect_t ptr)
195	{
196	assert(ptr);
197	return ptr->aspect_params;
198	}
199
200	/**
201	* Returns the principal part of an aspect. The stuff before the first dot.
202	*/
203	char abac_aspect_principal_name(abac_aspect_t ptr)
204	{
205	assert(ptr);
206	if(USE("ABAC_CN"))
207	return abac_cn_with_sha(ptr->principal_name);
208	if(ABAC_IN_PROLOG) {
209	return ptr->principal_name_p;
210	} else return ptr->principal_name;
211	}
212
213	char abac_aspect_principal_principalname(abac_aspect_t ptr)
214	{
215	assert(ptr);
216	if(ABAC_IN_PROLOG)
217	return ptr->principal_name_p;
218	return ptr->principal_name;
219	}
220
221	char abac_aspect_principal_type(abac_aspect_t ptr)
222	{
223	assert(ptr);
224	return abac_idtype_with_sha(ptr->principal_name);
225	}
226
227	char abac_aspect_principal_cn(abac_aspect_t ptr)
228	{
229	assert(ptr);
230	return abac_cn_with_sha(ptr->principal_name);
231	}
232
233	abac_term_t abac_aspect_object_term(abac_aspect_t ptr)
234	{
235	return ptr->principal_object;
236	}
237
238	char abac_aspect_object_name(abac_aspect_t ptr)
239	{
240	assert(ptr);
241	assert(ptr->is_object);
242	abac_term_t *obj=ptr->principal_object;
243	return abac_term_name(obj);
244	}
245
246	int _abac_aspect_object_is_time_type(abac_aspect_t *ptr)
247	{
248	abac_term_t *obj=ptr->principal_object;
249	return abac_term_is_time_type(obj);
250	}
251
252	char abac_aspect_object_type(abac_aspect_t ptr)
253	{
254	assert(ptr);
255	assert(ptr->is_object);
256	abac_term_t *obj=ptr->principal_object;
257	char *tmp=abac_term_type_name(obj);
258	if(debug) fprintf(stderr,"abac_aspect_object_type: checking on object type, %s\n",tmp);
259	return tmp;
260	}
261
262	abac_condition_t abac_aspect_object_constraint(abac_aspect_t ptr)
263	{
264	assert(ptr != NULL);
265	assert(ptr->is_object);
266	abac_term_t *obj=ptr->principal_object;
267	return abac_term_constraint(obj);
268	}
269
270	/* currently the issuer's id is extracted from session's
271	master copy instead of checking through context's list first
272	This might allow some loopholes of incomplete validation somewhere..
273	need to revisit again XXX */
274	char* abac_aspect_get_issuer_keytype(abac_aspect_t *ptr)
275	{
276	abac_id_t *issuer_id=NULL;
277	char *principalname=abac_aspect_principal_principalname(ptr);
278	if(principalname) {
279	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
280	if(id_cred) {
281	issuer_id=abac_id_credential_id(id_cred);
282	return abac_id_keyid(issuer_id);
283	}
284	}
285	return NULL;
286	}
287
288	int abac_aspect_get_issuer_idtype(abac_aspect_t *ptr)
289	{
290	abac_id_t *issuer_id=NULL;
291	char *principalname=abac_aspect_principal_principalname(ptr);
292	if(principalname) {
293	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
294	if(id_cred) {
295	issuer_id=abac_id_credential_id(id_cred);
296	return abac_id_idtype(issuer_id);
297	}
298	}
299	return 0;
300	}
301
302	abac_id_t abac_aspect_get_issuer_id(abac_aspect_t ptr)
303	{
304	abac_id_t *issuer_id=NULL;
305	char *principalname=abac_aspect_principal_principalname(ptr);
306	if(principalname) {
307	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
308	if(id_cred) {
309	issuer_id=abac_id_credential_id(id_cred);
310	}
311	}
312	return issuer_id;
313	}
314	/**
315	* deep copy of aspect
316	*/
317	abac_aspect_t abac_aspect_copy(abac_aspect_t ptr)
318	{
319	if(ptr == NULL) return NULL;
320
321	abac_aspect_t *nptr=_abac_aspect_init();
322	nptr->aspect_type=ptr->aspect_type;
323	nptr->is_object=ptr->is_object;
324
325	if(ptr->principal_name)
326	nptr->principal_name=abac_xstrdup(ptr->principal_name);
327	if(ptr->principal_name_p)
328	nptr->principal_name_p=abac_xstrdup(ptr->principal_name_p);
329	if(ptr->principal_object)
330	nptr->principal_object=abac_term_copy(ptr->principal_object);
331
332	if(ptr->linked_role_name)
333	nptr->linked_role_name=abac_xstrdup(ptr->linked_role_name);
334	nptr->linked_role_params=abac_param_list_copy(ptr->linked_role_params);
335
336	if(ptr->aspect_name)
337	nptr->aspect_name=abac_xstrdup(ptr->aspect_name);
338	nptr->aspect_params=abac_param_list_copy(ptr->aspect_params);
339
340	if(ptr->type_string)
341	nptr->type_string=abac_xstrdup(ptr->type_string);
342
343	if (ptr->prereqs != NULL) {
344	nptr->prereqs=abac_list_new();
345	abac_aspect_t *cur=NULL;
346	abac_aspect_t *ncur=NULL;
347	abac_list_foreach(ptr->prereqs, cur,
348	ncur=abac_aspect_copy(cur);
349	abac_list_add(nptr->prereqs,ncur);
350	);
351	}
352	return nptr;
353	}
354	/**
355	* Increase a aspect's reference count.
356	*/
357	abac_aspect_t abac_aspect_dup(abac_aspect_t ptr)
358	{
359	assert(ptr != NULL);
360	++ptr->refcount;
361	return ptr;
362	}
363
364	/**
365	* Decrease an aspect's reference count, freeing it when it reaches 0.
366	*/
367	void abac_aspect_free(abac_aspect_t *ptr) {
368
369	if(debug) {
370	if(ptr->aspect_name)
371	fprintf(stderr,"DEBUG:trying to freeing an aspect loc(%ld)(%s:%d)\n",(long)ptr, ptr->aspect_name, ptr->refcount);
372	else
373	fprintf(stderr,"DEBUG:trying to freeing an aspect loc(%ld)(M:%d)\n",(long)ptr,ptr->refcount);
374
375	}
376
377	assert(ptr);
378
379	--ptr->refcount;
380	if (ptr->refcount > 0)
381	return;
382
383	if(debug) {
384	if(ptr->aspect_name)
385	fprintf(stderr,"DEBUG:freeing this aspect loc(%ld)(%s:%d)\n",(long)ptr, ptr->aspect_name, ptr->refcount);
386	else fprintf(stderr,"DEBUG:freeing this aspect loc(%ld)(M:%d)\n",(long)ptr, ptr->refcount);
387	}
388
389	if(ptr->principal_name) free(ptr->principal_name);
390	if(ptr->principal_name_p) free(ptr->principal_name_p);
391	if(ptr->linked_role_name) free(ptr->linked_role_name);
392	if(ptr->aspect_name) free(ptr->aspect_name);
393
394	if(ptr->type_string) free(ptr->type_string);
395
396	if (ptr->aspect_params != NULL) {
397	abac_param_list_free(ptr->aspect_params);
398	}
399
400	if (ptr->linked_role_params != NULL) {
401	abac_param_list_free(ptr->linked_role_params);
402	}
403
404	if (ptr->prereqs != NULL) {
405	abac_aspect_t *cur=NULL;
406	abac_list_foreach(ptr->prereqs, cur,
407	abac_aspect_free(cur);
408	);
409	abac_list_free(ptr->prereqs);
410	}
411
412	free(ptr);
413	}
414
415	/**********************************************************************/
416
417	void abac_aspect_add_param(abac_aspect_t ptr, abac_term_t param)
418	{
419	if(ptr->aspect_params == NULL) {
420	ptr->aspect_params=abac_param_list_new(param);
421	} else {
422	abac_param_list_add_term(ptr->aspect_params, param);
423	}
424	}
425
426	void abac_aspect_add_intersecting_aspect(abac_aspect_t ptr, abac_aspect_t aspect)
427	{
428	abac_list_add(ptr->prereqs, abac_aspect_dup(aspect));
429	}
430
431	void abac_aspect_add_linked_param(abac_aspect_t ptr, abac_term_t param)
432	{
433	if(ptr->linked_role_params == NULL) {
434	ptr->linked_role_params=abac_param_list_new(param);
435	} else {
436	abac_param_list_add_term(ptr->linked_role_params, param);
437	}
438	}
439
440
441	/**********************************************************************/
442
443	/**
444	* Create a new principal and initialize it.
445	* always with the proper SHA string
446	*/
447	static abac_aspect_t *_abac_aspect_init()
448	{
449	abac_aspect_t ptr = (abac_aspect_t ) abac_xmalloc(sizeof(abac_aspect_t));
450
451	ptr->aspect_type=e_ASPECTTYPE_NULL;
452	ptr->is_object=0;
453
454	ptr->principal_name = NULL;
455	ptr->principal_name_p = NULL;
456	ptr->principal_object = NULL;
457
458	ptr->aspect_name = NULL;
459	ptr->aspect_params = NULL;
460
461	ptr->linked_role_name = NULL;
462	ptr->linked_role_params = NULL;
463
464	ptr->type_string=NULL;
465
466	ptr->prereqs = NULL;
467	ptr->refcount = 1;
468	}
469
470	abac_aspect_t abac_aspect_principal_new(int type, char principal_name)
471	{
472	assert(principal_name != NULL);
473
474	if (strlen(principal_name) == 0)
475	return NULL;
476
477	/* XXX currently, it might be good if the principal_name is used o
478	lookup the hashed id table and somehow link to the ID that it belongs
479	too, currently, we check it later.. */
480	abac_aspect_t *ptr = _abac_aspect_init();
481	ptr->aspect_type=type;
482	ptr->principal_name = abac_xstrdup(principal_name);
483	ptr->principal_name_p = prologIt(principal_name);
484	if(type==e_ASPECTTYPE_ROLE)
485	ptr->type_string=abac_xstrdup("role");
486	if(type==e_ASPECTTYPE_OSET)
487	ptr->type_string=abac_xstrdup("oset");
488	return ptr;
489	}
490
491	abac_aspect_t abac_aspect_role_principal_new(char principal_name)
492	{
493	return abac_aspect_principal_new(e_ASPECTTYPE_ROLE,principal_name);
494	}
495
496	abac_aspect_t abac_aspect_role_principal_create(char principal_name)
497	{
498	return abac_aspect_principal_new(e_ASPECTTYPE_ROLE,principal_name);
499	}
500
501	abac_aspect_t abac_aspect_oset_principal_new(char principal_name)
502	{
503	return abac_aspect_principal_new(e_ASPECTTYPE_OSET,principal_name);
504	}
505
506	abac_aspect_t abac_aspect_oset_principal_create(char principal_name)
507	{
508	return abac_aspect_principal_new(e_ASPECTTYPE_OSET,principal_name);
509	}
510
511	abac_aspect_t abac_aspect_object_new(int type, abac_term_t object)
512	{
513	assert(object != NULL);
514	abac_aspect_t *ptr = _abac_aspect_init();
515	ptr->aspect_type=type;
516	ptr->is_object =1;
517	ptr->principal_object = object;
518	/* can not be role type */
519	if(type==e_ASPECTTYPE_OSET)
520	ptr->type_string=abac_xstrdup("oset");
521
522	return ptr;
523	}
524
525	abac_aspect_t abac_aspect_oset_object_new(abac_term_t object)
526	{
527	return abac_aspect_object_new(e_ASPECTTYPE_OSET, object);
528	}
529
530	abac_aspect_t abac_aspect_oset_object_create(abac_term_t object)
531	{
532	return abac_aspect_object_new(e_ASPECTTYPE_OSET,object);
533	}
534	abac_aspect_t abac_aspect_new(int type, char principal_name, char *aspect_name)
535	{
536	assert(principal_name != NULL);
537	assert(aspect_name != NULL);
538
539	if (strlen(principal_name) == 0 \|\| strlen(aspect_name) == 0)
540	return NULL;
541
542	abac_aspect_t *ptr = _abac_aspect_init();
543
544	ptr->principal_name = abac_xstrdup(principal_name);
545	ptr->principal_name_p = prologIt(principal_name);
546	ptr->aspect_type=type;
547
548	ptr->aspect_name = abac_xstrdup(aspect_name);
549
550	if(type==e_ASPECTTYPE_OSET)
551	ptr->type_string= abac_xstrdup("oset");
552	else
553	ptr->type_string= abac_xstrdup("role");
554
555	if(debug)
556	fprintf(stderr,"abac_aspect_new:adding a new aspect type(%d) (%s) to principal (%s)\n",
557	type, ptr->aspect_name, ptr->principal_name);
558	return ptr;
559	}
560
561	abac_aspect_t abac_aspect_oset_new(char principal_name, char *oset_name)
562	{
563	return abac_aspect_new(e_ASPECTTYPE_OSET,principal_name, oset_name);
564	}
565
566	abac_aspect_t abac_aspect_oset_create(char principal_name, char *oset_name)
567	{
568	return abac_aspect_new(e_ASPECTTYPE_OSET,principal_name,oset_name);
569	}
570
571	abac_aspect_t abac_aspect_role_new(char principal_name, char *oset_name)
572	{
573	return abac_aspect_new(e_ASPECTTYPE_ROLE,principal_name, oset_name);
574	}
575
576	abac_aspect_t abac_aspect_role_create(char principal_name, char *role_name)
577	{
578	return abac_aspect_new(e_ASPECTTYPE_ROLE,principal_name,role_name);
579	}
580
581	/**
582	* Created a new linking role/oset and initialize it.
583	*/
584	abac_aspect_t abac_aspect_linking_new(int type, char principal_name,
585	char linked_role_name, char aspect_name)
586	{
587	assert(principal_name != NULL);
588	assert(linked_role_name != NULL);
589	assert(aspect_name != NULL);
590
591	if (strlen(principal_name) == 0 \|\|
592	strlen(linked_role_name) == 0 \|\| strlen(aspect_name) == 0)
593	return NULL;
594
595	abac_aspect_t *ptr = _abac_aspect_init();
596
597	ptr->is_object=0;
598	ptr->aspect_type=type;
599	ptr->principal_name = abac_xstrdup(principal_name);
600	ptr->principal_name_p = prologIt(principal_name);
601
602	ptr->linked_role_name = abac_xstrdup(linked_role_name);
603	ptr->aspect_name = abac_xstrdup(aspect_name);
604
605	if(debug)
606	fprintf(stderr,"DEBUG:adding a new linked (%s) to oset/role(%s) for principal(%s)\n",
607	ptr->linked_role_name, ptr->aspect_name, ptr->principal_name);
608
609	if(type==e_ASPECTTYPE_OSET)
610	ptr->type_string=abac_xstrdup("oset");
611	else ptr->type_string=abac_xstrdup("role");
612
613	return ptr;
614	}
615
616	abac_aspect_t abac_aspect_role_linking_new(char principal_name, char *linked_role_name,
617	char *role_name)
618	{
619	return abac_aspect_linking_new(e_ASPECTTYPE_ROLE,
620	principal_name, linked_role_name, role_name);
621	}
622
623	abac_aspect_t abac_aspect_oset_linking_new(char principal_name, char *linked_role_name,
624	char *oset_name)
625	{
626	return abac_aspect_linking_new(e_ASPECTTYPE_OSET,
627	principal_name, linked_role_name, oset_name);
628	}
629
630	/**
631	* Create an intersection oset/role.
632	*/
633	abac_aspect_t abac_aspect_intersection_new(abac_aspect_t aspect)
634	{
635	abac_aspect_t *ptr = _abac_aspect_init();
636	ptr->aspect_type=e_ASPECTTYPE_INTERSECTING;
637	abac_list_t *prereqs = abac_list_new();
638	abac_list_add(prereqs, abac_aspect_dup(aspect));
639	ptr->prereqs = prereqs;
640	return ptr;
641	}
642
643	/*******************************************************************/
644	char abac_aspect_intersecting_string_with_condition(int typed,abac_aspect_t ptr)
645	{
646	assert(ptr != NULL);
647	char *tmp=NULL;
648	if (ptr->prereqs != NULL) {
649	abac_aspect_t *cur;
650	abac_list_foreach(ptr->prereqs, cur,
651	char *ntmp=NULL;
652	if(typed)
653	ntmp=abac_aspect_typed_string_with_condition(cur);
654	else
655	ntmp=abac_aspect_string_with_condition(cur);
656	if(tmp==NULL) {
657	asprintf(&tmp,"%s",ntmp);
658	} else {
659	asprintf(&tmp,"%s & %s",tmp, ntmp);
660	}
661	);
662	}
663	return tmp;
664	}
665
666	/**
667	* Returns the string representation of the role/oset.
668	* principal.osetname(params..)
669	* principal.rolename(params..)
670	*/
671	char abac_aspect_string_with_condition(abac_aspect_t ptr)
672	{
673	assert(ptr != NULL);
674
675	if(abac_aspect_is_intersection(ptr)) {
676	return abac_aspect_intersecting_string_with_condition(0,ptr);
677	}
678
679	char *tmp=NULL;
680	char *principal_name;
681	if(abac_aspect_is_object(ptr)) {
682	principal_name = abac_aspect_object_name(ptr);
683	if(_abac_aspect_object_is_time_type(ptr))
684	principal_name=abac_time_to_term(principal_name);
685	} else principal_name = abac_aspect_principal_name(ptr);
686	char *aspect_name= ptr->aspect_name;
687	char *linked_role_name = ptr->linked_role_name;
688	char *params_string=NULL;
689	char *linked_params_string=NULL;
690
691	int len = 0;
692	if(principal_name)
693	len=len+strlen(principal_name)+1;
694	if(aspect_name)
695	len = len+strlen(aspect_name)+1;
696	if(linked_role_name)
697	len = len+strlen(linked_role_name)+1;
698
699	if(ptr->aspect_params) {
700	params_string=abac_param_list_string_with_condition(ptr->aspect_params);
701	len = len+strlen(params_string)+3;
702	}
703	if(ptr->linked_role_params) {
704	linked_params_string=abac_param_list_string_with_condition(ptr->linked_role_params);
705	len = len+strlen(linked_params_string)+3;
706	}
707
708	/* principal */
709	/* principal.oset/role */
710	/* principal.oset/role(params_string) */
711	/* principal.linked_role(linked_params_string).oset/role(params_string) */
712	tmp = abac_xmalloc(len);
713
714	if(principal_name)
715	sprintf(tmp,"%s",principal_name);
716
717	if(linked_role_name) {
718	strcat(tmp,".");
719	strcat(tmp,linked_role_name);
720	}
721	if(linked_params_string) {
722	strcat(tmp,"(");
723	strcat(tmp,linked_params_string);
724	strcat(tmp,")");
725	}
726	if(aspect_name) {
727	strcat(tmp,".");
728	strcat(tmp,aspect_name);
729	}
730	if(params_string) {
731	strcat(tmp,"(");
732	strcat(tmp,params_string);
733	strcat(tmp,")");
734	}
735
736	if(linked_params_string) free(linked_params_string);
737	if(params_string) free(params_string);
738	return tmp;
739	}
740
741	char abac_aspect_string(abac_aspect_t ptr) {
742	return abac_aspect_string_with_condition(ptr);
743	}
744	char abac_aspect_typed_string(abac_aspect_t ptr) {
745	return abac_aspect_typed_string_with_condition(ptr);
746	}
747
748	void abac_print_aspect_string_with_condition(abac_aspect_t ptr,FILE fp)
749	{
750	char *string=abac_aspect_string_with_condition(ptr);
751	if(fp==NULL)
752	printf("%s ",string);
753	else fprintf(fp,"%s ",string);
754	}
755
756	void abac_print_aspect_typed_string_with_condition(abac_aspect_t ptr,FILE fp)
757	{
758	char *string=abac_aspect_typed_string_with_condition(ptr);
759	if(fp==NULL)
760	printf("%s ",string);
761	else fprintf(fp,"%s ",string);
762	}
763
764	int abac_aspect_aspect_param_cnt(abac_aspect_t *ptr) {
765	if(ptr->aspect_params) {
766	return abac_param_list_cnt(ptr->aspect_params);
767	}
768	return 0;
769	}
770
771	char abac_aspect_aspect_param_string(abac_aspect_t ptr) {
772	assert(ptr != NULL);
773	if(ptr->aspect_params) {
774	return abac_param_list_string_with_condition(ptr->aspect_params);
775	}
776	return NULL;
777	}
778
779	char abac_aspect_aspect_param_typed_string(abac_aspect_t ptr) {
780	assert(ptr != NULL);
781	if(ptr->aspect_params) {
782	return abac_param_list_typed_string_with_condition(ptr->aspect_params);
783	}
784	return NULL;
785	}
786
787	/**
788	* Returns the typed string representation of the role/oset.
789	*/
790	char abac_aspect_typed_string_with_condition(abac_aspect_t ptr)
791	{
792	assert(ptr != NULL);
793
794	if(abac_aspect_is_intersection(ptr)) {
795	return abac_aspect_intersecting_string_with_condition(1,ptr);
796	}
797
798	char tmp=NULL, final=NULL;
799	char *principal_name;
800	char *principal_name_type=NULL;
801	if(abac_aspect_is_object(ptr)) {
802	principal_name = abac_aspect_object_name(ptr);
803	/special case is when it is time type /
804	if(_abac_aspect_object_is_time_type(ptr))
805	principal_name=abac_time_to_term(principal_name);
806	principal_name_type = abac_aspect_object_type(ptr);
807	} else {
808	principal_name = abac_aspect_principal_name(ptr);
809	principal_name_type=abac_aspect_principal_type(ptr);
810	if(debug)
811	fprintf(stderr,"aspect's typed_string (%s)(%s)\n",
812	principal_name_type, principal_name);
813	}
814
815	/* the principal id is probably not in the idcreds list */
816	if(principal_name_type == NULL) {
817	if(debug)fprintf(stderr,"THIS IS BAD, %s \n", principal_name);
818	errx(1,"Can not find idtype for principal_name, don't see it in context?");
819	}
820
821	if(debug)
822	fprintf(stderr,"aspect's typed_string (%s)(%s)\n",
823	principal_name_type, principal_name);
824	char *aspect_name=abac_aspect_aspect_name(ptr);
825	char *aspect_name_type=abac_aspect_type_string(ptr);
826	char *linked_role_name=abac_aspect_linked_role_name(ptr);
827	char *params_string=NULL;
828	char *linked_params_string=NULL;
829
830	if(ptr->aspect_params) {
831	params_string=abac_param_list_typed_string_with_condition(ptr->aspect_params);
832	}
833	if(ptr->linked_role_params) {
834	linked_params_string=abac_param_list_typed_string_with_condition(ptr->linked_role_params);
835	}
836
837	asprintf(&final,"[%s:%s]",principal_name_type,principal_name);
838	if(linked_role_name) {
839	tmp=final;
840	final=NULL;
841	asprintf(&final,"%s.role:%s",tmp,linked_role_name);
842	free(tmp);
843	}
844	if(linked_params_string) {
845	tmp=final;
846	final=NULL;
847	asprintf(&final,"%s(%s)",tmp,linked_params_string);
848	free(tmp);
849	}
850	if(aspect_name) {
851	tmp=final;
852	final=NULL;
853	asprintf(&final,"%s.%s:%s",tmp,aspect_name_type,aspect_name);
854	free(tmp);
855	}
856	if(params_string) {
857	tmp=final;
858	final=NULL;
859	asprintf(&final,"%s(%s)",tmp,params_string);
860	free(tmp);
861	}
862
863	if(linked_params_string) free(linked_params_string);
864	if(params_string) free(params_string);
865	/* XXX */
866	fprintf(stderr,"final is at(%ld)(%s)\n",(long)final, final);
867	return final;
868	}
869
870	/**
871	* Build an attribute key from head and tail osets/role. Static.
872	*/
873	#define ROLE_SEPARATOR " <- "
874	char abac_aspect_attr_key(abac_aspect_t head_ptr, abac_aspect_t *tail_ptr) {
875	char *head = abac_aspect_string_with_condition(head_ptr);
876	int head_len = strlen(head);
877
878	char *tail = abac_aspect_string_with_condition(tail_ptr);
879	int tail_len = strlen(tail);
880
881	int sep_len = sizeof(ROLE_SEPARATOR) - 1;
882
883	// "head <- tail"
884	char *ret = abac_xmalloc(head_len + tail_len + sep_len + 1);
885	memcpy(ret, head, head_len);
886	memcpy(ret + head_len, ROLE_SEPARATOR, sep_len);
887	memcpy(ret + head_len + sep_len, tail, tail_len);
888	ret[head_len + sep_len + tail_len] = 0;
889
890	return ret;
891	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: