Context Navigation

source: libabac/abac_aspect.c @ e3462b4

mei_rt2mei_rt2_fix_1

Last change on this file since e3462b4 was e3462b4, checked in by Mei <mei@…>, 12 years ago

1) make regression test to use just runcheck (hide runall)
2) alter the absolute path in the error message so the regression testing

would not be so user dependent when doing validation

3) add the missing null setting in abac_verifier's issuer_id line 335

Property mode set to 100644

File size: 22.9 KB

Line
1
2	/**
3	** abac_aspect.c
4	**/
5
6
7	#include <assert.h>
8	#include <stdlib.h>
9	#include <stdio.h>
10	#include <string.h>
11
12	#include "abac_internal.h"
13
14	static int debug=0;
15	/*
16	A.role <- B
17	A.role <- B.role
18	A.role <- B.role.role
19
20	A.oset <- B
21	A.oset <- Obj
22	A.oset <- B.oset
23	A.oset <- B.role.oset
24	*/
25
26	/* can store either a role or oset */
27	struct _abac_aspect_t {
28	int aspect_type;
29	int is_object;
30
31	char *principal_name;
32	char *principal_name_p; // pPrincipal_name
33	abac_term_t *principal_object;
34
35	char *linked_role_name;
36	abac_param_list_t *linked_role_params;
37
38	char *aspect_name;
39	abac_param_list_t *aspect_params;
40
41	char *type_string; // "oset" or "role"
42
43	abac_list_t *prereqs;
44	int refcount;
45	};
46
47	/**************************************************************/
48	void abac_aspect_dump(abac_aspect_t ptr, char offset)
49	{
50	char *tmp=NULL;
51	asprintf(&tmp," %s",offset);
52	if(ptr->prereqs != 0) {
53	abac_aspect_t *cur;
54	abac_list_foreach(ptr->prereqs, cur,
55	if(cur)
56	abac_aspect_dump(cur, tmp);
57	);
58	return;
59	}
60
61	printf("\n..... an aspect .....\n");
62	printf("%s aspect_type: %d(%s)\n", offset, ptr->aspect_type, abac_aspect_type_string(ptr));
63	printf("%s is_object: %d\n", offset, ptr->is_object);
64	printf("%s principal_name: %s\n", offset, ptr->principal_name);
65	if(ptr->principal_name_p)
66	printf("%s principal_name_p: %s\n", offset, ptr->principal_name_p);
67	else printf("%s principal_name_p: --\n", offset);
68	if(ptr->principal_object)
69	abac_term_dump(ptr->principal_object, tmp);
70	else ("%s principal_object: --\n", offset);
71	if(ptr->linked_role_name)
72	printf("%s linked_role_name: %s\n", offset, ptr->linked_role_name);
73	else printf("%s linked_role_name: --\n", offset);
74	if(ptr->linked_role_params)
75	abac_param_dump(ptr->linked_role_params, tmp);
76	else printf("%s linked_role_params: --\n", offset);
77	if(ptr->aspect_name)
78	printf("%s aspect_name: %s\n", offset, ptr->aspect_name);
79	else printf("%s aspect_name: --\n", offset);
80	if(ptr->aspect_params)
81	abac_param_dump(ptr->aspect_params, tmp);
82	else printf("%s aspect_params: --\n", offset);
83	if(ptr->type_string)
84	printf("%s type_string:- %s\n", offset, ptr->type_string);
85	else printf("%s type_string: --\n", offset);
86	printf("%s refcount:- %d\n", offset, ptr->refcount);
87	printf("..................................");
88	free(tmp);
89	}
90
91	bool abac_aspect_is_oset(abac_aspect_t *ptr)
92	{
93	assert(ptr);
94	if(ptr->aspect_type==e_ASPECTTYPE_OSET)
95	return 1;
96	return 0;
97	}
98
99
100	bool abac_aspect_is_role(abac_aspect_t *ptr)
101	{
102	assert(ptr);
103	if(ptr->aspect_type==e_ASPECTTYPE_ROLE)
104	return 1;
105	return 0;
106	}
107
108	bool abac_aspect_is_intersecting(abac_aspect_t *ptr)
109	{
110	assert(ptr);
111	if(ptr->aspect_type==e_ASPECTTYPE_INTERSECTING)
112	return 1;
113	return 0;
114	}
115
116	/* A.role->B or A.oset->B */
117	bool abac_aspect_is_principal(abac_aspect_t *ptr) {
118	assert(ptr != NULL);
119	return ptr->is_object == 0 &&
120	ptr->aspect_name == NULL &&
121	ptr->linked_role_name == NULL &&
122	ptr->prereqs == NULL;
123	}
124
125	/* A.oset->O */
126	bool abac_aspect_is_object(abac_aspect_t *ptr)
127	{
128	assert(ptr);
129	if(ptr->aspect_type == e_ASPECTTYPE_OSET)
130	return ptr->is_object;
131	return 0;
132	}
133
134	/* A.role->B.role.role or A.oset->B.role.oset */
135	bool abac_aspect_is_linking(abac_aspect_t *ptr)
136	{
137	assert(ptr);
138	return ptr->linked_role_name != NULL;
139	}
140
141	/**
142	* True if an aspect is an intersection.
143	*/
144	bool abac_aspect_is_intersection(abac_aspect_t *ptr)
145	{
146	assert(ptr);
147	return ptr->prereqs != NULL;
148	}
149
150	/**
151	* return the type that is common to all the intersecting aspects
152	*/
153	int abac_aspect_intersecting_aspect_type(abac_aspect_t *ptr)
154	{
155	assert(ptr);
156	assert(ptr->prereqs);
157	abac_aspect_t *cur;
158	int first=1;
159	int type;
160	abac_list_foreach(ptr->prereqs, cur,
161	if(first) {
162	type=abac_aspect_aspect_type(cur);
163	first=0;
164	} else {
165	if(abac_aspect_aspect_type(cur) != type)
166	errx(1,"Intersecting tails are not of the same type");
167	}
168	);
169	return type;
170	}
171
172	/**
173	* Returns the prereqs of an intersection.
174	*/
175	abac_list_t abac_aspect_prereqs(abac_aspect_t ptr)
176	{
177	assert(ptr);
178	return ptr->prereqs;
179	}
180
181	char* abac_aspect_type_string(abac_aspect_t *ptr)
182	{
183	assert(ptr);
184	return ptr->type_string;
185	}
186
187	int abac_aspect_aspect_type(abac_aspect_t *ptr)
188	{
189	assert(ptr);
190	return ptr->aspect_type;
191	}
192
193	/**
194	* Returns the linked part of a linking aspect.
195	* For instance, if the aspect is A.r1.r2, this returns r1.
196	*/
197	char abac_aspect_linked_role_name(abac_aspect_t ptr)
198	{
199	assert(ptr);
200	return ptr->linked_role_name;
201	}
202
203	/* A.r1 without params or constraints, callee needs to free it*/
204	char abac_aspect_linked_role_bare(abac_aspect_t ptr)
205	{
206	assert(ptr);
207	assert(ptr->principal_name);
208	assert(ptr->linked_role_name);
209	char *tmp=NULL;
210	asprintf(&tmp,"%s.%s",ptr->principal_name,ptr->linked_role_name);
211	return tmp;
212	}
213
214	abac_param_list_t abac_aspect_linked_role_params(abac_aspect_t ptr)
215	{
216	assert(ptr);
217	return ptr->linked_role_params;
218	}
219
220	/**
221	* Returns the name of an aspect. If the aspect is A.r1 then return r1.
222	* If the aspect is A.r1.r2 then return r2.
223	*/
224	char abac_aspect_aspect_name(abac_aspect_t ptr) {
225	assert(ptr);
226	return ptr->aspect_name;
227	}
228
229	abac_param_list_t abac_aspect_aspect_params(abac_aspect_t ptr)
230	{
231	assert(ptr);
232	return ptr->aspect_params;
233	}
234
235	/**
236	* Returns the principal part of an aspect. The stuff before the first dot.
237	*/
238	char abac_aspect_principal_name(abac_aspect_t ptr)
239	{
240	assert(ptr);
241	if(USE("ABAC_CN"))
242	return abac_cn_with_sha(ptr->principal_name);
243	if(ABAC_IN_PROLOG) {
244	return ptr->principal_name_p;
245	} else return ptr->principal_name;
246	}
247
248	char abac_aspect_principal_principalname(abac_aspect_t ptr)
249	{
250	assert(ptr);
251	if(ABAC_IN_PROLOG)
252	return ptr->principal_name_p;
253	return ptr->principal_name;
254	}
255
256	char abac_aspect_principal_type(abac_aspect_t ptr)
257	{
258	assert(ptr);
259	return abac_idtype_with_sha(ptr->principal_name);
260	}
261
262	char abac_aspect_principal_cn(abac_aspect_t ptr)
263	{
264	assert(ptr);
265	return abac_cn_with_sha(ptr->principal_name);
266	}
267
268	abac_term_t abac_aspect_object_term(abac_aspect_t ptr)
269	{
270	return ptr->principal_object;
271	}
272
273	char abac_aspect_object_name(abac_aspect_t ptr)
274	{
275	assert(ptr);
276	assert(ptr->is_object);
277	abac_term_t *obj=ptr->principal_object;
278	return abac_term_name(obj);
279	}
280
281	bool _abac_aspect_object_is_time_type(abac_aspect_t *ptr)
282	{
283	abac_term_t *obj=ptr->principal_object;
284	return abac_term_is_time_type(obj);
285	}
286
287	char abac_aspect_object_type(abac_aspect_t ptr)
288	{
289	assert(ptr);
290	assert(ptr->is_object);
291	abac_term_t *obj=ptr->principal_object;
292	char *tmp=abac_term_type_name(obj);
293	if(debug) printf("abac_aspect_object_type: checking on object type, %s\n",tmp);
294	return tmp;
295	}
296
297	abac_condition_t abac_aspect_object_constraint(abac_aspect_t ptr)
298	{
299	assert(ptr != NULL);
300	assert(ptr->is_object);
301	abac_term_t *obj=ptr->principal_object;
302	return abac_term_constraint(obj);
303	}
304
305	char* abac_aspect_get_issuer_keytype(abac_aspect_t *ptr)
306	{
307	abac_id_t *issuer_id=NULL;
308	char *principalname=abac_aspect_principal_principalname(ptr);
309	if(principalname) {
310	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
311	if(id_cred) {
312	issuer_id=abac_id_credential_id(id_cred);
313	return abac_id_keyid(issuer_id);
314	}
315	}
316	return NULL;
317	}
318
319	int abac_aspect_get_issuer_idtype(abac_aspect_t *ptr)
320	{
321	abac_id_t *issuer_id=NULL;
322	char *principalname=abac_aspect_principal_principalname(ptr);
323	if(principalname) {
324	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
325	if(id_cred) {
326	issuer_id=abac_id_credential_id(id_cred);
327	return abac_id_idtype(issuer_id);
328	}
329	}
330	return 0;
331	}
332
333	abac_id_t abac_aspect_get_issuer_id(abac_aspect_t ptr)
334	{
335	abac_id_t *issuer_id=NULL;
336	char *principalname=abac_aspect_principal_principalname(ptr);
337	if(principalname) {
338	abac_id_credential_t *id_cred=abac_id_credential_lookup(principalname);
339	if(id_cred)
340	issuer_id=abac_id_credential_id(id_cred);
341	}
342	return issuer_id;
343	}
344	/**
345	* Increase a aspect's reference count.
346	*/
347	abac_aspect_t abac_aspect_dup(abac_aspect_t ptr)
348	{
349	assert(ptr != NULL);
350	++ptr->refcount;
351	return ptr;
352	}
353
354	/**
355	* Decrease an aspect's reference count, freeing it when it reaches 0.
356	*/
357	void abac_aspect_free(abac_aspect_t *ptr) {
358
359	if(debug) {
360	if(ptr->aspect_name)
361	printf("DEBUG:trying to freeing an aspect %d(%s:%d)\n",(int)ptr, ptr->aspect_name, ptr->refcount);
362	else
363	printf("DEBUG:trying to freeing an aspect %d(M:%d)\n",(int)ptr,ptr->refcount);
364
365	}
366
367	assert(ptr);
368
369	--ptr->refcount;
370	if (ptr->refcount > 0)
371	return;
372
373	if(debug) {
374	if(ptr->aspect_name)
375	printf("DEBUG:freeing this aspect %d(%s:%d)\n",(int)ptr, ptr->aspect_name, ptr->refcount);
376	else printf("DEBUG:freeing this aspect %d(M:%d)\n",(int)ptr, ptr->refcount);
377	}
378
379	if(ptr->principal_name) free(ptr->principal_name);
380	if(ptr->principal_name_p) free(ptr->principal_name_p);
381	if(ptr->linked_role_name) free(ptr->linked_role_name);
382	if(ptr->aspect_name) free(ptr->aspect_name);
383	if(debug) printf("DEBUG:here\n");
384
385	if(ptr->type_string) free(ptr->type_string);
386
387	if (ptr->aspect_params != NULL) {
388	abac_param_list_free(ptr->aspect_params);
389	}
390
391	if (ptr->linked_role_params != NULL) {
392	abac_param_list_free(ptr->linked_role_params);
393	}
394
395	if (ptr->prereqs != NULL) {
396	abac_aspect_t *cur=NULL;
397	abac_list_foreach(ptr->prereqs, cur,
398	abac_aspect_free(cur);
399	);
400	abac_list_free(ptr->prereqs);
401	}
402
403	free(ptr);
404	if(debug) printf("DEBUG:done\n");
405	}
406
407	/**********************************************************************/
408
409	void abac_aspect_add_param(abac_aspect_t ptr, abac_term_t param)
410	{
411	if(ptr->aspect_params == NULL) {
412	ptr->aspect_params=abac_param_list_new(param);
413	} else {
414	abac_param_list_add_term(ptr->aspect_params, param);
415	}
416	}
417
418	void abac_aspect_add_intersecting_aspect(abac_aspect_t ptr, abac_aspect_t aspect)
419	{
420	abac_list_add(ptr->prereqs, abac_aspect_dup(aspect));
421	}
422
423	void abac_aspect_add_linked_param(abac_aspect_t ptr, abac_term_t param)
424	{
425	if(ptr->linked_role_params == NULL) {
426	ptr->linked_role_params=abac_param_list_new(param);
427	} else {
428	abac_param_list_add_term(ptr->linked_role_params, param);
429	}
430	}
431
432
433	/**********************************************************************/
434
435	/**
436	* Create a new principal and initialize it.
437	* always with the proper SHA string
438	*/
439	static abac_aspect_t *_abac_aspect_init()
440	{
441	abac_aspect_t ptr = (abac_aspect_t ) abac_xmalloc(sizeof(abac_aspect_t));
442
443	ptr->is_object=0;
444	ptr->principal_name = NULL;
445	ptr->principal_name_p = NULL;
446	ptr->aspect_type=e_ASPECTTYPE_NULL;
447
448	ptr->aspect_name = NULL;
449	ptr->aspect_params = NULL;
450
451	ptr->linked_role_name = NULL;
452	ptr->linked_role_params = NULL;
453
454	ptr->type_string=NULL;
455
456	ptr->prereqs = NULL;
457	ptr->refcount = 1;
458	}
459
460	abac_aspect_t abac_aspect_principal_new(int type, char principal_name)
461	{
462	assert(principal_name != NULL);
463
464	if (strlen(principal_name) == 0)
465	return NULL;
466
467	/* XXX currently, it might be good if the principal_name is used o
468	lookup the hashed id table and somehow link to the ID that it belongs
469	too, currently, we check it later.. */
470	abac_aspect_t *ptr = _abac_aspect_init();
471	ptr->aspect_type=type;
472	ptr->principal_name = strdup(principal_name);
473	ptr->principal_name_p = prologIt(principal_name);
474	if(type==e_ASPECTTYPE_ROLE)
475	ptr->type_string=abac_xstrdup("role");
476	if(type==e_ASPECTTYPE_OSET)
477	ptr->type_string=abac_xstrdup("oset");
478	return ptr;
479	}
480
481	abac_aspect_t abac_aspect_role_principal_new(char principal_name)
482	{
483	return abac_aspect_principal_new(e_ASPECTTYPE_ROLE,principal_name);
484	}
485
486	abac_aspect_t abac_aspect_role_principal_create(char principal_name)
487	{
488	return abac_aspect_principal_new(e_ASPECTTYPE_ROLE,principal_name);
489	}
490
491	abac_aspect_t abac_aspect_oset_principal_new(char principal_name)
492	{
493	return abac_aspect_principal_new(e_ASPECTTYPE_OSET,principal_name);
494	}
495
496	abac_aspect_t abac_aspect_oset_principal_create(char principal_name)
497	{
498	return abac_aspect_principal_new(e_ASPECTTYPE_OSET,principal_name);
499	}
500
501	abac_aspect_t abac_aspect_object_new(int type, abac_term_t object)
502	{
503	assert(object != NULL);
504	abac_aspect_t *ptr = _abac_aspect_init();
505	ptr->aspect_type=type;
506	ptr->is_object =1;
507	ptr->principal_object = object;
508	/* can not be role type */
509	if(type==e_ASPECTTYPE_OSET)
510	ptr->type_string=abac_xstrdup("oset");
511
512	return ptr;
513	}
514
515	abac_aspect_t abac_aspect_oset_object_new(abac_term_t object)
516	{
517	return abac_aspect_object_new(e_ASPECTTYPE_OSET, object);
518	}
519
520	abac_aspect_t abac_aspect_oset_object_create(abac_term_t object)
521	{
522	return abac_aspect_object_new(e_ASPECTTYPE_OSET,object);
523	}
524	abac_aspect_t abac_aspect_new(int type, char principal_name, char *aspect_name)
525	{
526	assert(principal_name != NULL);
527	assert(aspect_name != NULL);
528
529	if (strlen(principal_name) == 0 \|\| strlen(aspect_name) == 0)
530	return NULL;
531
532	abac_aspect_t *ptr = _abac_aspect_init();
533
534	ptr->principal_name = strdup(principal_name);
535	ptr->principal_name_p = prologIt(principal_name);
536	ptr->aspect_type=type;
537
538	ptr->aspect_name = abac_xstrdup(aspect_name);
539
540	if(type==e_ASPECTTYPE_OSET)
541	ptr->type_string= abac_xstrdup("oset");
542	else
543	ptr->type_string= abac_xstrdup("role");
544
545	if(debug)
546	printf("DEBUG:adding a new aspect (%s) to principal (%s)\n",
547	ptr->aspect_name, ptr->principal_name);
548	return ptr;
549	}
550
551	abac_aspect_t abac_aspect_oset_new(char principal_name, char *oset_name)
552	{
553	return abac_aspect_new(e_ASPECTTYPE_OSET,principal_name, oset_name);
554	}
555
556	abac_aspect_t abac_aspect_oset_create(char principal_name, char *oset_name)
557	{
558	return abac_aspect_new(e_ASPECTTYPE_OSET,principal_name,oset_name);
559	}
560
561	abac_aspect_t abac_aspect_role_new(char principal_name, char *oset_name)
562	{
563	return abac_aspect_new(e_ASPECTTYPE_ROLE,principal_name, oset_name);
564	}
565
566	abac_aspect_t abac_aspect_role_create(char principal_name, char *role_name)
567	{
568	return abac_aspect_new(e_ASPECTTYPE_ROLE,principal_name,role_name);
569	}
570
571	/**
572	* Created a new linking role/oset and initialize it.
573	*/
574	abac_aspect_t abac_aspect_linking_new(int type, char principal_name,
575	char linked_role_name, char aspect_name)
576	{
577	assert(principal_name != NULL);
578	assert(linked_role_name != NULL);
579	assert(aspect_name != NULL);
580
581	if (strlen(principal_name) == 0 \|\|
582	strlen(linked_role_name) == 0 \|\| strlen(aspect_name) == 0)
583	return NULL;
584
585	abac_aspect_t *ptr = _abac_aspect_init();
586
587	ptr->is_object=0;
588	ptr->aspect_type=type;
589	ptr->principal_name = strdup(principal_name);
590	ptr->principal_name_p = prologIt(principal_name);
591
592	ptr->linked_role_name = strdup(linked_role_name);
593	ptr->aspect_name = strdup(aspect_name);
594	ptr->aspect_params = NULL;
595
596	if(debug)
597	printf("DEBUG:adding a new linked (%s) to oset/role(%s) for principal(%s)\n",
598	ptr->linked_role_name, ptr->aspect_name, ptr->principal_name);
599
600	if(type==e_ASPECTTYPE_OSET)
601	ptr->type_string=abac_xstrdup("oset");
602	else ptr->type_string=abac_xstrdup("role");
603
604	return ptr;
605	}
606
607	abac_aspect_t abac_aspect_role_linking_new(char principal_name, char *linked_role_name,
608	char *role_name)
609	{
610	return abac_aspect_linking_new(e_ASPECTTYPE_ROLE,
611	principal_name, linked_role_name, role_name);
612	}
613
614	abac_aspect_t abac_aspect_oset_linking_new(char principal_name, char *linked_role_name,
615	char *oset_name)
616	{
617	return abac_aspect_linking_new(e_ASPECTTYPE_OSET,
618	principal_name, linked_role_name, oset_name);
619	}
620
621	/**
622	* Create an intersection oset/role.
623	*/
624	abac_aspect_t abac_aspect_intersection_new(abac_aspect_t aspect)
625	{
626	abac_aspect_t *ptr = _abac_aspect_init();
627	ptr->aspect_type=e_ASPECTTYPE_INTERSECTING;
628	abac_list_t *prereqs = abac_list_new();
629	abac_list_add(prereqs, abac_aspect_dup(aspect));
630	ptr->prereqs = prereqs;
631	ptr->refcount = 1;
632	return ptr;
633	}
634
635	/*******************************************************************/
636	char abac_aspect_intersecting_string_with_condition(int typed,abac_aspect_t ptr)
637	{
638	assert(ptr != NULL);
639	char *tmp=NULL;
640	if (ptr->prereqs != NULL) {
641	abac_aspect_t *cur;
642	abac_list_foreach(ptr->prereqs, cur,
643	char *ntmp=NULL;
644	if(typed)
645	ntmp=abac_aspect_typed_string_with_condition(cur);
646	else
647	ntmp=abac_aspect_string_with_condition(cur);
648	if(tmp==NULL) {
649	asprintf(&tmp,"%s",ntmp);
650	} else {
651	asprintf(&tmp,"%s & %s",tmp, ntmp);
652	}
653	);
654	}
655	return tmp;
656	}
657
658	/**
659	* Returns the string representation of the role/oset.
660	* principal.osetname(params..)
661	* principal.rolename(params..)
662	*/
663	char abac_aspect_string_with_condition(abac_aspect_t ptr)
664	{
665	assert(ptr != NULL);
666
667	if(abac_aspect_is_intersection(ptr)) {
668	return abac_aspect_intersecting_string_with_condition(0,ptr);
669	}
670
671	char *tmp=NULL;
672	char *principal_name;
673	if(abac_aspect_is_object(ptr)) {
674	principal_name = abac_aspect_object_name(ptr);
675	} else principal_name = abac_aspect_principal_name(ptr);
676	char *aspect_name= ptr->aspect_name;
677	char *linked_role_name = ptr->linked_role_name;
678	char *params_string=NULL;
679	char *linked_params_string=NULL;
680
681	int len = 0;
682	if(principal_name)
683	len=len+strlen(principal_name)+1;
684	if(aspect_name)
685	len = len+strlen(aspect_name)+1;
686	if(linked_role_name)
687	len = len+strlen(linked_role_name)+1;
688
689	if(ptr->aspect_params) {
690	params_string=abac_param_list_string_with_condition(ptr->aspect_params);
691	len = len+strlen(params_string)+3;
692	}
693	if(ptr->linked_role_params) {
694	linked_params_string=abac_param_list_string_with_condition(ptr->linked_role_params);
695	len = len+strlen(linked_params_string)+3;
696	}
697
698	/* principal */
699	/* principal.oset/role */
700	/* principal.oset/role(params_string) */
701	/* principal.linked_role(linked_params_string).oset/role(params_string) */
702	tmp = abac_xmalloc(len);
703
704	if(principal_name)
705	sprintf(tmp,"%s",principal_name);
706
707	if(linked_role_name) {
708	strcat(tmp,".");
709	strcat(tmp,linked_role_name);
710	}
711	if(linked_params_string) {
712	strcat(tmp,"(");
713	strcat(tmp,linked_params_string);
714	strcat(tmp,")");
715	}
716	if(aspect_name) {
717	strcat(tmp,".");
718	strcat(tmp,aspect_name);
719	}
720	if(params_string) {
721	strcat(tmp,"(");
722	strcat(tmp,params_string);
723	strcat(tmp,")");
724	}
725
726	if(linked_params_string) free(linked_params_string);
727	if(params_string) free(params_string);
728	return tmp;
729	}
730
731	char abac_aspect_string(abac_aspect_t ptr) {
732	return abac_aspect_string_with_condition(ptr);
733	}
734	char abac_aspect_typed_string(abac_aspect_t ptr) {
735	return abac_aspect_typed_string_with_condition(ptr);
736	}
737
738	void abac_print_aspect_string_with_condition(abac_aspect_t ptr,FILE fp)
739	{
740	char *string=abac_aspect_string_with_condition(ptr);
741	if(fp==NULL)
742	printf("%s ",string);
743	else fprintf(fp,"%s ",string);
744	}
745
746	char abac_aspect_aspect_param_string(abac_aspect_t ptr) {
747	assert(ptr != NULL);
748	if(ptr->aspect_params) {
749	return abac_param_list_string_with_condition(ptr->aspect_params);
750	}
751	return NULL;
752	}
753
754	char abac_aspect_aspect_param_typed_string(abac_aspect_t ptr) {
755	assert(ptr != NULL);
756	if(ptr->aspect_params) {
757	return abac_param_list_typed_string_with_condition(ptr->aspect_params);
758	}
759	return NULL;
760	}
761
762	/**
763	* Returns the typed string representation of the role/oset.
764	*/
765	char abac_aspect_typed_string_with_condition(abac_aspect_t ptr)
766	{
767	assert(ptr != NULL);
768
769	if(abac_aspect_is_intersection(ptr)) {
770	return abac_aspect_intersecting_string_with_condition(1,ptr);
771	}
772
773	char tmp=NULL, final=NULL;
774	char *principal_name;
775	char *principal_name_type=NULL;
776	if(abac_aspect_is_object(ptr)) {
777	principal_name = abac_aspect_object_name(ptr);
778	/special case is when it is time type /
779	if(_abac_aspect_object_is_time_type(ptr))
780	principal_name=abac_time_to_term(principal_name);
781	principal_name_type = abac_aspect_object_type(ptr);
782	} else {
783	principal_name = abac_aspect_principal_name(ptr);
784	principal_name_type=abac_aspect_principal_type(ptr);
785	if(debug) {
786	printf("aspect's typed_string (%s)(%s)\n", principal_name_type, principal_name);
787	}
788	}
789	char *aspect_name=abac_aspect_aspect_name(ptr);
790	char *aspect_name_type=abac_aspect_type_string(ptr);
791	char *linked_role_name=abac_aspect_linked_role_name(ptr);
792	char *params_string=NULL;
793	char *linked_params_string=NULL;
794
795	if(ptr->aspect_params) {
796	params_string=abac_param_list_typed_string_with_condition(ptr->aspect_params);
797	}
798	if(ptr->linked_role_params) {
799	linked_params_string=abac_param_list_typed_string_with_condition(ptr->linked_role_params);
800	}
801
802	asprintf(&final,"[%s:%s]",principal_name_type,principal_name);
803	if(linked_role_name) {
804	tmp=final;
805	final=NULL;
806	asprintf(&final,"%s.role:%s",tmp,linked_role_name);
807	free(tmp);
808	}
809	if(linked_params_string) {
810	tmp=final;
811	final=NULL;
812	asprintf(&final,"%s(%s)",tmp,linked_params_string);
813	free(tmp);
814	}
815	if(aspect_name) {
816	tmp=final;
817	final=NULL;
818	asprintf(&final,"%s.%s:%s",tmp,aspect_name_type,aspect_name);
819	free(tmp);
820	}
821	if(params_string) {
822	tmp=final;
823	final=NULL;
824	asprintf(&final,"%s(%s)",tmp,params_string);
825	free(tmp);
826	}
827
828	if(linked_params_string) free(linked_params_string);
829	if(params_string) free(params_string);
830	return final;
831	}
832
833	/**
834	* Build an attribute key from head and tail osets/role. Static.
835	*/
836	#define ROLE_SEPARATOR " <- "
837	char abac_aspect_attr_key(abac_aspect_t head_ptr, abac_aspect_t *tail_ptr) {
838	char *head = abac_aspect_string_with_condition(head_ptr);
839	int head_len = strlen(head);
840
841	char *tail = abac_aspect_string_with_condition(tail_ptr);
842	int tail_len = strlen(tail);
843
844	int sep_len = sizeof(ROLE_SEPARATOR) - 1;
845
846	// "head <- tail"
847	char *ret = abac_xmalloc(head_len + tail_len + sep_len + 1);
848	memcpy(ret, head, head_len);
849	memcpy(ret + head_len, ROLE_SEPARATOR, sep_len);
850	memcpy(ret + head_len + sep_len, tail, tail_len);
851	ret[head_len + sep_len + tail_len] = 0;
852
853	return ret;
854	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac_aspect.c @ e3462b4

Download in other formats: