Context Navigation

source: libabac/abac_aspect.c @ d9c3886

mei_rt2mei_rt2_fix_1

Last change on this file since d9c3886 was 5110d42, checked in by Mei <mei@…>, 12 years ago

1) reorganized the test directory to include python tests
2) attribute via api and principal via api from python scripts is

working (although there is a annoying seg fault at the very end
that must be related to something not been dup()ed.. need to wait
for c example to debug it)

3) able to query via api
4) replicated access_rt2 example in python and the query result matches
5) expanded api to make it easier to generate rt2 structure

Property mode set to 100644

File size: 22.5 KB

Line
1
2	/**
3	** abac_aspect.c
4	**/
5
6
7	#include <assert.h>
8	#include <stdlib.h>
9	#include <stdio.h>
10	#include <string.h>
11
12	#include "abac_list.h"
13	#include "abac_util.h"
14
15	#include "abac_internal.h"
16
17	static int debug=0;
18	/*
19	A.role <- B
20	A.role <- B.role
21	A.role <- B.role.role
22
23	A.oset <- B
24	A.oset <- Obj
25	A.oset <- B.oset
26	A.oset <- B.role.oset
27	*/
28
29	/* can store either a role or oset */
30	struct _abac_aspect_t {
31	int aspect_type;
32	int is_object;
33
34	char *principal_name;
35	char *principal_name_p; // pPrincipal_name
36	abac_term_t *principal_object;
37
38	char *linked_role_name;
39	abac_param_list_t *linked_role_params;
40
41	char *aspect_name;
42	abac_param_list_t *aspect_params;
43
44	char *type_string; // "oset" or "role"
45
46	abac_list_t *prereqs;
47	int refcount;
48	};
49
50	/**************************************************************/
51	void abac_aspect_dump(abac_aspect_t ptr, char offset)
52	{
53	char *tmp=NULL;
54	asprintf(&tmp," %s",offset);
55	if(ptr->prereqs != 0) {
56	abac_aspect_t *cur;
57	abac_list_foreach(ptr->prereqs, cur,
58	if(cur)
59	abac_aspect_dump(cur, tmp);
60	);
61	return;
62	}
63
64	printf("\n..... an aspect .....\n");
65	printf("%s aspect_type: %d(%s)\n", offset, ptr->aspect_type, abac_aspect_type_string(ptr));
66	printf("%s is_object: %d\n", offset, ptr->is_object);
67	printf("%s principal_name: %s\n", offset, ptr->principal_name);
68	if(ptr->principal_name_p)
69	printf("%s principal_name_p: %s\n", offset, ptr->principal_name_p);
70	else printf("%s principal_name_p: --\n", offset);
71	if(ptr->principal_object)
72	abac_term_dump(ptr->principal_object, tmp);
73	else ("%s principal_object: --\n", offset);
74	if(ptr->linked_role_name)
75	printf("%s linked_role_name: %s\n", offset, ptr->linked_role_name);
76	else printf("%s linked_role_name: --\n", offset);
77	if(ptr->linked_role_params)
78	abac_param_dump(ptr->linked_role_params, tmp);
79	else printf("%s linked_role_params: --\n", offset);
80	if(ptr->aspect_name)
81	printf("%s aspect_name: %s\n", offset, ptr->aspect_name);
82	else printf("%s aspect_name: --\n", offset);
83	if(ptr->aspect_params)
84	abac_param_dump(ptr->aspect_params, tmp);
85	else printf("%s aspect_params: --\n", offset);
86	if(ptr->type_string)
87	printf("%s type_string:- %s\n", offset, ptr->type_string);
88	else printf("%s type_string: --\n", offset);
89	printf("%s refcount:- %d\n", offset, ptr->refcount);
90	printf("..................................");
91	free(tmp);
92	}
93
94	bool abac_aspect_is_oset(abac_aspect_t *ptr)
95	{
96	assert(ptr);
97	if(ptr->aspect_type==e_ASPECTTYPE_OSET)
98	return 1;
99	return 0;
100	}
101
102
103	bool abac_aspect_is_role(abac_aspect_t *ptr)
104	{
105	assert(ptr);
106	if(ptr->aspect_type==e_ASPECTTYPE_ROLE)
107	return 1;
108	return 0;
109	}
110
111	bool abac_aspect_is_intersecting(abac_aspect_t *ptr)
112	{
113	assert(ptr);
114	if(ptr->aspect_type==e_ASPECTTYPE_INTERSECTING)
115	return 1;
116	return 0;
117	}
118
119	/* A.role->B or A.oset->B */
120	bool abac_aspect_is_principal(abac_aspect_t *ptr) {
121	assert(ptr != NULL);
122	return ptr->is_object == 0 &&
123	ptr->aspect_name == NULL &&
124	ptr->linked_role_name == NULL &&
125	ptr->prereqs == NULL;
126	}
127
128	/* A.oset->O */
129	bool abac_aspect_is_object(abac_aspect_t *ptr)
130	{
131	assert(ptr);
132	if(ptr->aspect_type == e_ASPECTTYPE_OSET)
133	return ptr->is_object;
134	return 0;
135	}
136
137	/* A.role->B.role.role or A.oset->B.role.oset */
138	bool abac_aspect_is_linking(abac_aspect_t *ptr)
139	{
140	assert(ptr);
141	return ptr->linked_role_name != NULL;
142	}
143
144	/**
145	* True if an aspect is an intersection.
146	*/
147	bool abac_aspect_is_intersection(abac_aspect_t *ptr)
148	{
149	assert(ptr);
150	return ptr->prereqs != NULL;
151	}
152
153	/**
154	* return the type that is common to all the intersecting aspects
155	*/
156	int abac_aspect_intersecting_aspect_type(abac_aspect_t *ptr)
157	{
158	assert(ptr);
159	assert(ptr->prereqs);
160	abac_aspect_t *cur;
161	int first=1;
162	int type;
163	abac_list_foreach(ptr->prereqs, cur,
164	if(first) {
165	type=abac_aspect_aspect_type(cur);
166	first=0;
167	} else {
168	if(abac_aspect_aspect_type(cur) != type)
169	errx(1,"Intersecting tails are not of the same type");
170	}
171	);
172	return type;
173	}
174
175	/**
176	* Returns the prereqs of an intersection.
177	*/
178	abac_list_t abac_aspect_prereqs(abac_aspect_t ptr)
179	{
180	assert(ptr);
181	return ptr->prereqs;
182	}
183
184	char* abac_aspect_type_string(abac_aspect_t *ptr)
185	{
186	assert(ptr);
187	return ptr->type_string;
188	}
189
190	int abac_aspect_aspect_type(abac_aspect_t *ptr)
191	{
192	assert(ptr);
193	return ptr->aspect_type;
194	}
195
196	/**
197	* Returns the linked part of a linking aspect.
198	* For instance, if the aspect is A.r1.r2, this returns r1.
199	*/
200	char abac_aspect_linked_role_name(abac_aspect_t ptr)
201	{
202	assert(ptr);
203	return ptr->linked_role_name;
204	}
205
206	/* A.r1 without params or constraints, callee needs to free it*/
207	char abac_aspect_linked_role_bare(abac_aspect_t ptr)
208	{
209	assert(ptr);
210	assert(ptr->principal_name);
211	assert(ptr->linked_role_name);
212	char *tmp=NULL;
213	asprintf(&tmp,"%s.%s",ptr->principal_name,ptr->linked_role_name);
214	return tmp;
215	}
216
217	abac_param_list_t abac_aspect_linked_role_params(abac_aspect_t ptr)
218	{
219	assert(ptr);
220	return ptr->linked_role_params;
221	}
222
223	/**
224	* Returns the name of an aspect. If the aspect is A.r1 then return r1.
225	* If the aspect is A.r1.r2 then return r2.
226	*/
227	char abac_aspect_aspect_name(abac_aspect_t ptr) {
228	assert(ptr);
229	return ptr->aspect_name;
230	}
231
232	abac_param_list_t abac_aspect_aspect_params(abac_aspect_t ptr)
233	{
234	assert(ptr);
235	return ptr->aspect_params;
236	}
237
238	/**
239	* Returns the principal part of an aspect. The stuff before the first dot.
240	*/
241	char abac_aspect_principal_name(abac_aspect_t ptr)
242	{
243	assert(ptr);
244	if(USE("ABAC_CN") && !ABAC_IN_QUERY)
245	return abac_cn_with_sha(ptr->principal_name);
246	if(ABAC_IN_PROLOG) {
247	return ptr->principal_name_p;
248	} else return ptr->principal_name;
249	}
250
251	char abac_aspect_principal_principalname(abac_aspect_t ptr)
252	{
253	assert(ptr);
254	if(ABAC_IN_PROLOG)
255	return ptr->principal_name_p;
256	return ptr->principal_name;
257	}
258
259	char abac_aspect_principal_type(abac_aspect_t ptr)
260	{
261	assert(ptr);
262	return abac_idtype_with_sha(ptr->principal_name);
263	}
264
265	char abac_aspect_principal_cn(abac_aspect_t ptr)
266	{
267	assert(ptr);
268	return abac_cn_with_sha(ptr->principal_name);
269	}
270
271	abac_term_t abac_aspect_object_term(abac_aspect_t ptr)
272	{
273	return ptr->principal_object;
274	}
275
276	char abac_aspect_object_name(abac_aspect_t ptr)
277	{
278	assert(ptr);
279	assert(ptr->is_object);
280	abac_term_t *obj=ptr->principal_object;
281	char *tmp=abac_term_name(obj);
282	return abac_term_name(obj);
283	}
284
285	char abac_aspect_object_type(abac_aspect_t ptr)
286	{
287	assert(ptr);
288	assert(ptr->is_object);
289	abac_term_t *obj=ptr->principal_object;
290	char *tmp=abac_term_type_name(obj);
291	return tmp;
292	}
293
294	abac_condition_t abac_aspect_object_constraint(abac_aspect_t ptr)
295	{
296	assert(ptr != NULL);
297	assert(ptr->is_object);
298	abac_term_t *obj=ptr->principal_object;
299	return abac_term_constraint(obj);
300	}
301
302	char* abac_aspect_get_issuer_keytype(abac_aspect_t *ptr)
303	{
304	abac_id_t *issuer_id;
305	char *principalname=abac_aspect_principal_principalname(ptr);
306	if(principalname) {
307	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
308	if(id_cred) {
309	issuer_id=abac_id_credential_id(id_cred);
310	return abac_id_keyid(issuer_id);
311	}
312	}
313	return NULL;
314	}
315
316	int abac_aspect_get_issuer_idtype(abac_aspect_t *ptr)
317	{
318	abac_id_t *issuer_id;
319	char *principalname=abac_aspect_principal_principalname(ptr);
320	if(principalname) {
321	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
322	if(id_cred) {
323	issuer_id=abac_id_credential_id(id_cred);
324	return abac_id_idtype(issuer_id);
325	}
326	}
327	return 0;
328	}
329
330	abac_id_t abac_aspect_get_issuer_id(abac_aspect_t ptr)
331	{
332	abac_id_t *issuer_id;
333	char *principalname=abac_aspect_principal_principalname(ptr);
334	if(principalname) {
335	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
336	if(id_cred)
337	issuer_id=abac_id_credential_id(id_cred);
338	}
339	return issuer_id;
340	}
341	/**
342	* Increase a aspect's reference count.
343	*/
344	abac_aspect_t abac_aspect_dup(abac_aspect_t ptr)
345	{
346	assert(ptr != NULL);
347	++ptr->refcount;
348	return ptr;
349	}
350
351	/**
352	* Decrease an aspect's reference count, freeing it when it reaches 0.
353	*/
354	void abac_aspect_free(abac_aspect_t *ptr) {
355
356	if(debug) {
357	if(ptr->aspect_name)
358	printf("DEBUG:trying to freeing an aspect %d(%s:%d)\n",(int)ptr, ptr->aspect_name, ptr->refcount);
359	else
360	printf("DEBUG:trying to freeing an aspect %d(M:%d)\n",(int)ptr,ptr->refcount);
361
362	}
363
364	assert(ptr);
365
366	--ptr->refcount;
367	if (ptr->refcount > 0)
368	return;
369
370	if(debug) {
371	if(ptr->aspect_name)
372	printf("DEBUG:freeing this aspect %d(%s:%d)\n",(int)ptr, ptr->aspect_name, ptr->refcount);
373	else printf("DEBUG:freeing this aspect %d(M:%d)\n",(int)ptr, ptr->refcount);
374	}
375
376	if(ptr->principal_name) free(ptr->principal_name);
377	if(ptr->principal_name_p) free(ptr->principal_name_p);
378	if(ptr->linked_role_name) free(ptr->linked_role_name);
379	if(ptr->aspect_name) free(ptr->aspect_name);
380	if(debug) printf("DEBUG:here\n");
381
382	if(ptr->type_string) free(ptr->type_string);
383
384	if (ptr->aspect_params != NULL) {
385	abac_param_list_free(ptr->aspect_params);
386	}
387
388	if (ptr->linked_role_params != NULL) {
389	abac_param_list_free(ptr->linked_role_params);
390	}
391
392	if (ptr->prereqs != NULL) {
393	abac_aspect_t *cur;
394	abac_list_foreach(ptr->prereqs, cur,
395	abac_aspect_free(cur);
396	);
397	abac_list_free(ptr->prereqs);
398	}
399
400	free(ptr);
401	if(debug) printf("DEBUG:done\n");
402	}
403
404	/**********************************************************************/
405
406	abac_aspect_t abac_aspect_add_param(abac_aspect_t ptr, abac_term_t *param)
407	{
408	if(ptr->aspect_params == NULL) {
409	ptr->aspect_params=abac_param_list_new(param);
410	} else {
411	abac_param_list_add_term(ptr->aspect_params, param);
412	}
413	return ptr;
414	}
415
416	abac_aspect_t abac_aspect_add_intersecting_aspect(abac_aspect_t ptr, abac_aspect_t *aspect)
417	{
418	abac_list_add(ptr->prereqs, abac_aspect_dup(aspect));
419	return ptr;
420	}
421
422	abac_aspect_t abac_aspect_add_linked_param(abac_aspect_t ptr, abac_term_t *param)
423	{
424	if(ptr->linked_role_params == NULL) {
425	ptr->linked_role_params=abac_param_list_new(param);
426	} else {
427	abac_param_list_add_term(ptr->linked_role_params, param);
428	}
429	return ptr;
430	}
431
432
433	/**********************************************************************/
434
435	/**
436	* Create a new principal and initialize it.
437	* always with the proper SHA string
438	*/
439	static abac_aspect_t *_abac_aspect_init()
440	{
441	abac_aspect_t ptr = (abac_aspect_t ) abac_xmalloc(sizeof(abac_aspect_t));
442
443	ptr->is_object=0;
444	ptr->principal_name = NULL;
445	ptr->principal_name_p = NULL;
446	ptr->aspect_type=e_ASPECTTYPE_NULL;
447
448	ptr->aspect_name = NULL;
449	ptr->aspect_params = NULL;
450
451	ptr->linked_role_name = NULL;
452	ptr->linked_role_params = NULL;
453
454	ptr->type_string=NULL;
455
456	ptr->prereqs = NULL;
457	ptr->refcount = 1;
458	}
459
460	abac_aspect_t abac_aspect_principal_new(int type, char principal_name)
461	{
462	assert(principal_name != NULL);
463
464	if (strlen(principal_name) == 0)
465	return NULL;
466
467	abac_aspect_t *ptr = _abac_aspect_init();
468	ptr->aspect_type=type;
469	ptr->principal_name = strdup(principal_name);
470	ptr->principal_name_p = prologIt(principal_name);
471	if(type==e_ASPECTTYPE_ROLE)
472	ptr->type_string=abac_xstrdup("role");
473	if(type==e_ASPECTTYPE_OSET)
474	ptr->type_string=abac_xstrdup("oset");
475	return ptr;
476	}
477
478	abac_aspect_t abac_aspect_role_principal_new(char principal_name)
479	{
480	return abac_aspect_principal_new(e_ASPECTTYPE_ROLE,principal_name);
481	}
482
483	abac_aspect_t abac_aspect_role_principal_create(char principal_name)
484	{
485	return abac_aspect_principal_new(e_ASPECTTYPE_ROLE,principal_name);
486	}
487
488	abac_aspect_t abac_aspect_oset_principal_new(char principal_name)
489	{
490	return abac_aspect_principal_new(e_ASPECTTYPE_OSET,principal_name);
491	}
492
493	abac_aspect_t abac_aspect_oset_principal_create(char principal_name)
494	{
495	return abac_aspect_principal_new(e_ASPECTTYPE_OSET,principal_name);
496	}
497
498	abac_aspect_t abac_aspect_object_new(int type, abac_term_t object)
499	{
500	assert(object != NULL);
501	abac_aspect_t *ptr = _abac_aspect_init();
502	ptr->aspect_type=type;
503	ptr->is_object =1;
504	ptr->principal_object = object;
505	/* can not be role type */
506	if(type==e_ASPECTTYPE_OSET)
507	ptr->type_string=abac_xstrdup("oset");
508
509	return ptr;
510	}
511
512	abac_aspect_t abac_aspect_oset_object_new(abac_term_t object)
513	{
514	return abac_aspect_object_new(e_ASPECTTYPE_OSET, object);
515	}
516
517	abac_aspect_t abac_aspect_oset_object_create(abac_term_t object)
518	{
519	return abac_aspect_object_new(e_ASPECTTYPE_OSET,object);
520	}
521	abac_aspect_t abac_aspect_new(int type, char principal_name, char *aspect_name)
522	{
523	assert(principal_name != NULL);
524	assert(aspect_name != NULL);
525
526	if (strlen(principal_name) == 0 \|\| strlen(aspect_name) == 0)
527	return NULL;
528
529	abac_aspect_t *ptr = _abac_aspect_init();
530
531	ptr->principal_name = strdup(principal_name);
532	ptr->principal_name_p = prologIt(principal_name);
533	ptr->aspect_type=type;
534
535	ptr->aspect_name = abac_xstrdup(aspect_name);
536
537	if(type==e_ASPECTTYPE_OSET)
538	ptr->type_string= abac_xstrdup("oset");
539	else
540	ptr->type_string= abac_xstrdup("role");
541
542	if(debug)
543	printf("DEBUG:adding a new aspect (%s) to principal (%s)\n",
544	ptr->aspect_name, ptr->principal_name);
545	return ptr;
546	}
547
548	abac_aspect_t abac_aspect_oset_new(char principal_name, char *oset_name)
549	{
550	return abac_aspect_new(e_ASPECTTYPE_OSET,principal_name, oset_name);
551	}
552
553	abac_aspect_t abac_aspect_oset_create(char principal_name, char *oset_name)
554	{
555	return abac_aspect_new(e_ASPECTTYPE_OSET,principal_name,oset_name);
556	}
557
558	abac_aspect_t abac_aspect_role_new(char principal_name, char *oset_name)
559	{
560	return abac_aspect_new(e_ASPECTTYPE_ROLE,principal_name, oset_name);
561	}
562
563	abac_aspect_t abac_aspect_role_create(char principal_name, char *role_name)
564	{
565	return abac_aspect_new(e_ASPECTTYPE_ROLE,principal_name,role_name);
566	}
567
568	/**
569	* Created a new linking role/oset and initialize it.
570	*/
571	abac_aspect_t abac_aspect_linking_new(int type, char principal_name,
572	char linked_role_name, char aspect_name)
573	{
574	assert(principal_name != NULL);
575	assert(linked_role_name != NULL);
576	assert(aspect_name != NULL);
577
578	if (strlen(principal_name) == 0 \|\|
579	strlen(linked_role_name) == 0 \|\| strlen(aspect_name) == 0)
580	return NULL;
581
582	abac_aspect_t *ptr = _abac_aspect_init();
583
584	ptr->is_object=0;
585	ptr->aspect_type=type;
586	ptr->principal_name = strdup(principal_name);
587	ptr->principal_name_p = prologIt(principal_name);
588
589	ptr->linked_role_name = strdup(linked_role_name);
590	ptr->aspect_name = strdup(aspect_name);
591	ptr->aspect_params = NULL;
592
593	if(debug)
594	printf("DEBUG:adding a new linked (%s) to oset(%s) for principal(%s)\n",
595	ptr->linked_role_name, ptr->aspect_name, ptr->principal_name);
596
597	if(type==e_ASPECTTYPE_OSET)
598	ptr->type_string=abac_xstrdup("oset");
599	else ptr->type_string=abac_xstrdup("role");
600
601	return ptr;
602	}
603
604	abac_aspect_t abac_aspect_role_linking_new(char principal_name, char *linked_role_name,
605	char *role_name)
606	{
607	return abac_aspect_linking_new(e_ASPECTTYPE_ROLE,
608	principal_name, linked_role_name, role_name);
609	}
610
611	abac_aspect_t abac_aspect_oset_linking_new(char principal_name, char *linked_role_name,
612	char *oset_name)
613	{
614	return abac_aspect_linking_new(e_ASPECTTYPE_OSET,
615	principal_name, linked_role_name, oset_name);
616	}
617
618	/**
619	* Create an intersection oset/role.
620	*/
621	abac_aspect_t abac_aspect_intersection_new(abac_aspect_t aspect)
622	{
623	abac_aspect_t *ptr = _abac_aspect_init();
624	ptr->aspect_type=e_ASPECTTYPE_INTERSECTING;
625	abac_list_t *prereqs = abac_list_new();
626	abac_list_add(prereqs, abac_aspect_dup(aspect));
627	ptr->prereqs = prereqs;
628	ptr->refcount = 1;
629	return ptr;
630	}
631
632	/*******************************************************************/
633	char abac_aspect_intersecting_string_with_condition(int typed,abac_aspect_t ptr)
634	{
635	assert(ptr != NULL);
636	char *tmp=NULL;
637	if (ptr->prereqs != NULL) {
638	abac_aspect_t *cur;
639	abac_list_foreach(ptr->prereqs, cur,
640	char *ntmp=NULL;
641	if(typed)
642	ntmp=abac_aspect_typed_string_with_condition(cur);
643	else
644	ntmp=abac_aspect_string_with_condition(cur);
645	if(tmp==NULL) {
646	asprintf(&tmp,"%s",ntmp);
647	} else {
648	asprintf(&tmp,"%s & %s",tmp, ntmp);
649	}
650	);
651	}
652	return tmp;
653	}
654
655	/**
656	* Returns the string representation of the role/oset.
657	* principal.osetname(params..)
658	* principal.rolename(params..)
659	*/
660	char abac_aspect_string_with_condition(abac_aspect_t ptr)
661	{
662	assert(ptr != NULL);
663
664	if(abac_aspect_is_intersection(ptr)) {
665	return abac_aspect_intersecting_string_with_condition(0,ptr);
666	}
667
668	char *tmp=NULL;
669	char *principal_name;
670	if(abac_aspect_is_object(ptr))
671	principal_name = abac_aspect_object_name(ptr);
672	else principal_name = abac_aspect_principal_name(ptr);
673	char *aspect_name= ptr->aspect_name;
674	char *linked_role_name = ptr->linked_role_name;
675	char *params_string=NULL;
676	char *linked_params_string=NULL;
677
678	int len = 0;
679	if(principal_name)
680	len=len+strlen(principal_name)+1;
681	if(aspect_name)
682	len = len+strlen(aspect_name)+1;
683	if(linked_role_name)
684	len = len+strlen(linked_role_name)+1;
685
686	if(ptr->aspect_params) {
687	params_string=abac_param_list_string_with_condition(ptr->aspect_params);
688	len = len+strlen(params_string)+3;
689	}
690	if(ptr->linked_role_params) {
691	linked_params_string=abac_param_list_string_with_condition(ptr->linked_role_params);
692	len = len+strlen(linked_params_string)+3;
693	}
694
695	/* principal */
696	/* principal.oset/role */
697	/* principal.oset/role(params_string) */
698	/* principal.linked_role(linked_params_string).oset/role(params_string) */
699	tmp = abac_xmalloc(len);
700
701	if(principal_name)
702	sprintf(tmp,"%s",principal_name);
703
704	if(linked_role_name) {
705	strcat(tmp,".");
706	strcat(tmp,linked_role_name);
707	}
708	if(linked_params_string) {
709	strcat(tmp,"(");
710	strcat(tmp,linked_params_string);
711	strcat(tmp,")");
712	}
713	if(aspect_name) {
714	strcat(tmp,".");
715	strcat(tmp,aspect_name);
716	}
717	if(params_string) {
718	strcat(tmp,"(");
719	strcat(tmp,params_string);
720	strcat(tmp,")");
721	}
722
723	if(linked_params_string) free(linked_params_string);
724	if(params_string) free(params_string);
725	return tmp;
726	}
727
728	char abac_aspect_string(abac_aspect_t ptr) {
729	return abac_aspect_string_with_condition(ptr);
730	}
731	char abac_aspect_typed_string(abac_aspect_t ptr) {
732	return abac_aspect_typed_string_with_condition(ptr);
733	}
734
735	void abac_print_aspect_string_with_condition(abac_aspect_t ptr,FILE fp)
736	{
737	char *string=abac_aspect_string_with_condition(ptr);
738	if(fp==NULL)
739	printf("%s ",string);
740	else fprintf(fp,"%s ",string);
741	}
742
743	char abac_aspect_aspect_param_string(abac_aspect_t ptr) {
744	assert(ptr != NULL);
745	if(ptr->aspect_params) {
746	return abac_param_list_string_with_condition(ptr->aspect_params);
747	}
748	return NULL;
749	}
750
751	char abac_aspect_aspect_param_typed_string(abac_aspect_t ptr) {
752	assert(ptr != NULL);
753	if(ptr->aspect_params) {
754	return abac_param_list_typed_string_with_condition(ptr->aspect_params);
755	}
756	return NULL;
757	}
758
759	/**
760	* Returns the typed string representation of the role/oset.
761	*/
762	char abac_aspect_typed_string_with_condition(abac_aspect_t ptr)
763	{
764	assert(ptr != NULL);
765
766	if(abac_aspect_is_intersection(ptr)) {
767	return abac_aspect_intersecting_string_with_condition(1,ptr);
768	}
769
770	char tmp=NULL, final=NULL;
771	char *principal_name;
772	char *principal_name_type=NULL;
773	if(abac_aspect_is_object(ptr)) {
774	principal_name = abac_aspect_object_name(ptr);
775	principal_name_type = abac_aspect_object_type(ptr);
776	} else {
777	principal_name = abac_aspect_principal_name(ptr);
778	principal_name_type=abac_aspect_principal_type(ptr);
779	if(debug) {
780	printf("aspect's typed_string (%s)(%s)\n", principal_name_type, principal_name);
781	}
782	}
783	char *aspect_name=abac_aspect_aspect_name(ptr);
784	char *aspect_name_type=abac_aspect_type_string(ptr);
785	char *linked_role_name=abac_aspect_linked_role_name(ptr);
786	char *params_string=NULL;
787	char *linked_params_string=NULL;
788
789	if(ptr->aspect_params) {
790	params_string=abac_param_list_typed_string_with_condition(ptr->aspect_params);
791	}
792	if(ptr->linked_role_params) {
793	linked_params_string=abac_param_list_typed_string_with_condition(ptr->linked_role_params);
794	}
795
796	asprintf(&final,"[%s:%s]",principal_name_type,principal_name);
797	if(linked_role_name) {
798	tmp=final;
799	final=NULL;
800	asprintf(&final,".role:%s",tmp,linked_role_name);
801	free(tmp);
802	}
803	if(linked_params_string) {
804	tmp=final;
805	final=NULL;
806	asprintf(&final,"%s(%s)",tmp,linked_params_string);
807	free(tmp);
808	}
809	if(aspect_name) {
810	tmp=final;
811	final=NULL;
812	asprintf(&final,"%s.%s:%s",tmp,aspect_name_type,aspect_name);
813	free(tmp);
814	}
815	if(params_string) {
816	tmp=final;
817	final=NULL;
818	asprintf(&final,"%s(%s)",tmp,params_string);
819	free(tmp);
820	}
821
822	if(linked_params_string) free(linked_params_string);
823	if(params_string) free(params_string);
824	return final;
825	}
826
827	/**
828	* Build an attribute key from head and tail osets/role. Static.
829	*/
830	#define ROLE_SEPARATOR " <- "
831	char abac_aspect_attr_key(abac_aspect_t head_ptr, abac_aspect_t *tail_ptr) {
832	char *head = abac_aspect_string_with_condition(head_ptr);
833	int head_len = strlen(head);
834
835	char *tail = abac_aspect_string_with_condition(tail_ptr);
836	int tail_len = strlen(tail);
837
838	int sep_len = sizeof(ROLE_SEPARATOR) - 1;
839
840	// "head <- tail"
841	char *ret = abac_xmalloc(head_len + tail_len + sep_len + 1);
842	memcpy(ret, head, head_len);
843	memcpy(ret + head_len, ROLE_SEPARATOR, sep_len);
844	memcpy(ret + head_len + sep_len, tail, tail_len);
845	ret[head_len + sep_len + tail_len] = 0;
846
847	return ret;
848	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac_aspect.c @ d9c3886

Download in other formats: