Context Navigation

source: libabac/abac_pl_gen.c @ 9502c50

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 9502c50 was 7727f26, checked in by Mei <mei@…>, 12 years ago

1) add environment variables DUMP_DB, ABAC_CN.

ABAC_CN will switch to using CNs for keyid insead of SHAs

2) add/modified couple of doc files.

Property mode set to 100644

File size: 24.4 KB

Rev	Line
[718ad924]	1
	2
	3	/***********************************************************************/
	4	/* clause generation called from parser to generate credential clauses */
	5	/***********************************************************************/
	6	#include <stdio.h>
	7	#include <assert.h>
	8	#include <stdlib.h>
	9
	10	#include "abac_set.h"
	11	#include "abac_util.h"
	12	#include "abac_pl.h"
	13
	14	#include "uthash.h"
	15
	16	// index to generate C1,C2..
	17	static int cred_count=0;
	18
[7727f26]	19	static int debug=0;
	20
[b5a3da4]	21	extern char* abac_yyfptr_encoded;
	22	extern int abac_yy_cnt_yy_id_certs();
	23	extern void abac_yy_free_yy_id_certs();
	24	extern char *abac_yy_string_yy_id_certs();
	25	extern void abac_yy_free_yy_constraints();
[0d0c3a9]	26	extern char *abac_yy_string_yy_constraints();
[b5a3da4]	27
[718ad924]	28	/***********************************************************************/
	29	static int _get_next_cred_idx()
	30	{
	31	cred_count++;
	32	return cred_count;
	33	}
	34
	35	/* remember to free the returned string */
	36	static char *_compose_cred_list()
	37	{
[da5afdf]	38	int i=cred_count;
[718ad924]	39	if(cred_count==0) return "";
	40
	41	char clist=(char )abac_xmalloc(sizeof(char)(cred_count)3);
	42	strcpy(clist,"C1");
	43	if (cred_count==1) return clist;
	44
	45	i=1;
	46	while(i!=cred_count) {
	47	i++;
	48	sprintf(clist,"%s,C%d",clist,i);
	49	}
	50	return clist;
	51	}
	52
[7b548fa]	53	/***********************************************************************/
[718ad924]	54	/* generate role(p_name, r_name, param..) */
	55	static char* generate_pl_head_role_string(abac_role_t *role)
	56	{
	57	char *tmp=NULL;
[7727f26]	58	char *principalname=abac_role_principal_name(role);
[718ad924]	59	char *rolename=abac_role_role_name(role);
	60	char *param_string=NULL;
	61	int cnt=0;
	62
	63	/* can not be a linked role */
	64	abac_param_list_t *role_params=abac_role_role_params(role);
	65	if(role_params) {
	66	param_string=abac_param_list_string(role_params);
	67	}
	68
	69	if (param_string != NULL) {
	70	cnt=asprintf(&tmp,"role(%s,%s,%s)", principalname, rolename, param_string);
	71	free(param_string);
	72	} else {
	73	cnt=asprintf(&tmp,"role(%s,%s)", principalname, rolename);
	74	}
[7727f26]	75
	76	if(debug && tmp) printf("head_role_string: (%s)\n",tmp);
[718ad924]	77	if(cnt>0)
	78	return tmp;
	79	else
	80	return NULL;
	81	}
	82
	83	/* generate role(p_name, r_name, param..) with isMember call ?? */
	84	static char* generate_pl_tail_role_string(abac_role_t *role)
	85	{
	86	char *tmp;
[7727f26]	87	char *principalname=abac_role_principal_name(role);
[718ad924]	88	char *rolename=abac_role_role_name(role);
	89	char *linkedname=abac_role_linked_role(role);
	90
	91	char *param_string=NULL;
	92	char *linked_param_string=NULL;
	93	int cnt=0;
	94
	95	abac_param_list_t *role_params=abac_role_role_params(role);
	96	if(role_params) {
	97	param_string=abac_param_list_string(role_params);
	98	}
	99
	100	abac_param_list_t *linked_role_params=abac_role_linked_role_params(role);
	101	if(linked_role_params) {
	102	linked_param_string=abac_param_list_string(linked_role_params);
	103	}
	104
	105	/* b.r.r */
	106	if(linkedname!=NULL && rolename!=NULL && principalname!=NULL ) {
	107	int fst=_get_next_cred_idx();
	108	int snd=_get_next_cred_idx();
	109	if(linked_param_string !=NULL) {
	110	if (param_string != NULL) {
	111	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,role(Y,%s,%s),C%d)",
	112	principalname,
	113	linkedname,linked_param_string,fst,
	114	rolename,param_string,snd);
	115	free(param_string);
	116	} else {
	117	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,role(Y,%s),C%d)",
	118	principalname,
	119	linkedname,linked_param_string,fst,
	120	rolename,snd);
	121	}
	122	free(linked_param_string);
	123	} else {
	124	if (role_params != NULL) {
	125	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,role(Y,%s,%s),C%d)",
	126	principalname,
	127	linkedname,fst,
	128	rolename,param_string,snd);
	129	free(param_string);
	130	} else {
	131	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,role(Y,%s),C%d)",
	132	principalname,
	133	linkedname,fst,
	134	rolename,snd);
	135	}
	136	}
[7727f26]	137	if(debug && tmp) printf("tail_role_string1: (%s)\n",tmp);
[718ad924]	138	if(cnt>0)
	139	return tmp;
	140	else
	141	return NULL;
	142	}
	143	/* b.r */
	144	if(linkedname==NULL && rolename!=NULL && principalname!=NULL ) {
	145	int fst=_get_next_cred_idx();
	146	if(param_string != NULL) {
	147	cnt=asprintf(&tmp,"isMember(X,role(%s,%s,%s),C%d)",
	148	principalname, rolename, param_string, fst);
	149	free(param_string);
	150	} else {
	151	cnt=asprintf(&tmp,"isMember(X,role(%s,%s),C%d)",
	152	principalname, rolename, fst);
	153	}
[7727f26]	154	if(debug && tmp) printf("tail_role_string2: (%s)\n",tmp);
[718ad924]	155	if(cnt>0)
	156	return tmp;
	157	else
	158	return NULL;
	159	}
	160	/* b */
	161	if(linkedname==NULL && rolename==NULL && principalname!=NULL ) {
	162	tmp=abac_xstrdup(principalname);
[7727f26]	163	if(debug && tmp) printf("tail_role_string3: (%s)\n",tmp);
[718ad924]	164	return tmp;
	165	}
	166
[7727f26]	167	if(debug && tmp) printf("tail_role_string4: (%s)\n",tmp);
[718ad924]	168	return tmp;
	169	}
	170
	171
[da5afdf]	172	/* generate oset(p_name, r_name, param..) */
	173	static char* generate_pl_head_oset_string(abac_oset_t *oset)
	174	{
	175	char *tmp=NULL;
[7727f26]	176	char *principalname=abac_oset_principal_name(oset);
[da5afdf]	177	char *osetname=abac_oset_oset_name(oset);
	178	char *param_string=NULL;
	179	int cnt=0;
	180
	181	/* can not be a linked role */
	182	abac_param_list_t *oset_params=abac_oset_oset_params(oset);
	183	if(oset_params) {
	184	param_string=abac_param_list_string(oset_params);
	185	}
	186
	187	if (param_string != NULL) {
	188	cnt=asprintf(&tmp,"oset(%s,%s,%s)", principalname, osetname, param_string);
	189	free(param_string);
	190	} else {
	191	cnt=asprintf(&tmp,"oset(%s,%s)", principalname, osetname);
	192	}
[7727f26]	193	if(debug && tmp) printf("head_oset_string: (%s)\n",tmp);
[da5afdf]	194	if(cnt>0)
	195	return tmp;
	196	else
	197	return NULL;
	198	}
	199
	200	/* generate oset(p_name, r_name, param..) with isMember call ?? */
	201	static char* generate_pl_tail_oset_string(abac_oset_t *oset)
	202	{
	203	char *tmp;
	204	/*
	205	A.oset <- B
	206	A.oset <- Obj
	207	A.oset <- B.oset
	208	A.oset <- B.role.oset
	209	*/
	210	/* o */
	211	if(abac_oset_is_object(oset)) {
[7727f26]	212	char *objectname=abac_oset_object_name(oset);
[da5afdf]	213	tmp=abac_xstrdup(objectname);
[7727f26]	214	if(debug && tmp) printf("tail_oset_string1: (%s)\n",tmp);
[da5afdf]	215	return tmp;
	216	} else {
[7727f26]	217	char *principalname=abac_oset_principal_name(oset);
[da5afdf]	218	char *osetname=abac_oset_oset_name(oset);
	219	char *linkedname=abac_oset_linked_role(oset);
	220
	221	char *param_string=NULL;
	222	char *linked_param_string=NULL;
	223	int cnt=0;
	224
	225	abac_param_list_t *oset_params=abac_oset_oset_params(oset);
	226	if(oset_params) {
	227	param_string=abac_param_list_string(oset_params);
	228	}
	229
	230	abac_param_list_t *linked_role_params=abac_oset_linked_role_params(oset);
	231	if(linked_role_params) {
	232	linked_param_string=abac_param_list_string(linked_role_params);
	233	}
	234
	235	/* b.r.r */
	236	if(linkedname!=NULL && osetname!=NULL && principalname!=NULL ) {
	237	int fst=_get_next_cred_idx();
	238	int snd=_get_next_cred_idx();
	239	if(linked_param_string !=NULL) {
	240	if (param_string != NULL) {
	241	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,oset(Y,%s,%s),C%d)",
	242	principalname,
	243	linkedname,linked_param_string,fst,
	244	osetname,param_string,snd);
	245	free(param_string);
	246	} else {
	247	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,oset(Y,%s),C%d)",
	248	principalname,
	249	linkedname,linked_param_string,fst,
	250	osetname,snd);
	251	}
	252	free(linked_param_string);
	253	} else {
	254	if (oset_params != NULL) {
	255	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,oset(Y,%s,%s),C%d)",
	256	principalname,
	257	linkedname,fst,
	258	osetname,param_string,snd);
	259	free(param_string);
	260	} else {
	261	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,oset(Y,%s),C%d)",
	262	principalname,
	263	linkedname,fst,
	264	osetname,snd);
	265	}
	266	}
[7727f26]	267	if(debug && tmp) printf("tail_oset_string2: (%s)\n",tmp);
[da5afdf]	268	if(cnt>0)
	269	return tmp;
	270	else
	271	return NULL;
	272	}
	273	/* b.r */
	274	if(linkedname==NULL && osetname!=NULL && principalname!=NULL ) {
	275	int fst=_get_next_cred_idx();
	276	if(param_string != NULL) {
	277	cnt=asprintf(&tmp,"isMember(X,oset(%s,%s,%s),C%d)",
	278	principalname, osetname, param_string, fst);
	279	free(param_string);
	280	} else {
	281	cnt=asprintf(&tmp,"isMember(X,oset(%s,%s),C%d)",
	282	principalname, osetname, fst);
	283	}
[7727f26]	284	if(debug && tmp) printf("tail_oset_string3: (%s)\n",tmp);
[da5afdf]	285	if(cnt>0)
	286	return tmp;
	287	else
	288	return NULL;
	289	}
	290	/* b */
	291	if(linkedname==NULL && osetname==NULL && principalname!=NULL ) {
	292	tmp=abac_xstrdup(principalname);
[7727f26]	293	if(debug && tmp) printf("tail_oset_string4: (%s)\n",tmp);
[da5afdf]	294	return tmp;
	295	}
	296
	297	}
	298	return tmp;
	299	}
	300
	301
	302	/********************************************************************************/
	303
	304	static char _build_constraint_rule_clause(char head_string, char *tail_string)
	305	{
	306	/only, A.R <- B /
	307	char *tmp;
	308	int idx=_get_next_cred_idx();
	309	asprintf(&tmp, "isMember(%s,%s,C%d)", tail_string,head_string,idx);
	310	return tmp;
	311	}
	312
[d5bbd3e]	313	static char _build_rule_clause(char rolename, char *head_string,
	314	char tail_string, char id_string, char *constraint_string)
[718ad924]	315	{
	316	char *tmp=NULL;
	317
	318	if(rolename == NULL) {
	319	/* A.R <- B */
[d5bbd3e]	320	if(id_string == NULL && constraint_string == NULL) {
[da5afdf]	321	asprintf(&tmp, "isMember(%s,%s,['%s'])",
	322	tail_string,head_string,abac_yyfptr_encoded);
	323	} else {
[d5bbd3e]	324	if(id_string == NULL) {
	325	asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s",
	326	tail_string,head_string,abac_yyfptr_encoded,
	327	constraint_string);
	328	} else if(constraint_string == NULL) {
	329	asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s",
	330	tail_string,head_string,abac_yyfptr_encoded,
	331	id_string);
	332	} else { asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s,%s",
	333	tail_string,head_string,abac_yyfptr_encoded,
	334	id_string, constraint_string);
	335	}
[718ad924]	336	}
	337	} else {
	338	/* A.R <- B.R */
	339	/* A.R <- B.R.R */
	340	if (cred_count==0) {
[d5bbd3e]	341	if(id_string == NULL && constraint_string == NULL) {
[718ad924]	342	asprintf(&tmp,"isMember(X,%s,['%s']):-%s",
[da5afdf]	343	head_string, abac_yyfptr_encoded, tail_string);
[718ad924]	344	} else {
[d5bbd3e]	345	if(id_string == NULL) {
	346	asprintf(&tmp,"isMember(X,%s,['%s']):-%s,%s",
	347	head_string, abac_yyfptr_encoded, tail_string,
	348	constraint_string);
	349	} else if(constraint_string == NULL) {
	350	asprintf(&tmp,"isMember(X,%s,['%s']):-%s,%s",
	351	head_string, abac_yyfptr_encoded, id_string,
	352	tail_string);
	353	} else {
	354	asprintf(&tmp,"isMember(X,%s,['%s']):-%s,%s,%s",
	355	head_string, abac_yyfptr_encoded, id_string,
	356	tail_string, constraint_string);
	357	}
[718ad924]	358	}
	359	} else {
	360	char *tmp_cred_list=_compose_cred_list();
[d5bbd3e]	361	if(id_string == NULL && constraint_string == NULL) {
[da5afdf]	362	asprintf(&tmp,"isMember(X,%s,L):-%s, appendL([['%s'],%s],L)",
	363	head_string, tail_string,
	364	abac_yyfptr_encoded, tmp_cred_list);
[718ad924]	365	} else {
[d5bbd3e]	366	if(id_string == NULL) {
	367	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
	368	head_string, tail_string, constraint_string,
[da5afdf]	369	abac_yyfptr_encoded, tmp_cred_list);
[d5bbd3e]	370	} else if(constraint_string == NULL) {
	371	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
	372	head_string, id_string, tail_string,
	373	abac_yyfptr_encoded, tmp_cred_list);
	374	} else {
	375	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, %s, appendL([['%s'],%s],L)",
	376	head_string, id_string, tail_string,
	377	constraint_string,
	378	abac_yyfptr_encoded, tmp_cred_list);
	379	}
[718ad924]	380	}
	381	free(tmp_cred_list);
	382	cred_count=0;
	383	}
	384	}
[da5afdf]	385	return tmp;
	386	}
	387
	388
[d5bbd3e]	389	static char generate_pl_rule_role_clause(char head_role_string,
	390	abac_role_t tail_role, char id_string, char *constraint_string)
[da5afdf]	391	{
	392	char *rolename=abac_role_role_name(tail_role);
	393	char *tail_role_string=generate_pl_tail_role_string(tail_role);
	394	if(rolename == NULL && tail_role_string == NULL)
	395	goto error;
[d5bbd3e]	396	char *tmp=_build_rule_clause(rolename,head_role_string, tail_role_string,
	397	id_string, constraint_string);
[718ad924]	398	if(tail_role_string) free(tail_role_string);
	399	return tmp;
	400
	401	error:
	402	if(tail_role_string) free(tail_role_string);
	403	return NULL;
	404	}
	405
[d5bbd3e]	406	static char generate_pl_rule_oset_clause(char head_oset_string, abac_oset_t tail_oset, char id_string, char *constraint_string)
[da5afdf]	407	{
	408	char *osetname=abac_oset_oset_name(tail_oset);
	409	char *tail_oset_string=generate_pl_tail_oset_string(tail_oset);
	410	if(osetname == NULL && tail_oset_string == NULL)
	411	goto error;
[d5bbd3e]	412	char *tmp=_build_rule_clause(osetname,head_oset_string, tail_oset_string, id_string, constraint_string);
[da5afdf]	413	if(tail_oset_string) free(tail_oset_string);
	414	return tmp;
	415
	416	error:
	417	if(tail_oset_string) free(tail_oset_string);
	418	return NULL;
	419	}
	420
	421
[718ad924]	422	static char _add_string(char dstr, char *nstr)
	423	{
	424	if(strlen(dstr)==0) {
	425	dstr=abac_xstrdup(nstr);
	426	return dstr;
	427	} else {
	428	int len = strlen(dstr)+strlen(nstr)+2;
	429	char tmp=abac_xmalloc(lensizeof(char));
	430	sprintf(tmp,"%s,%s", dstr,nstr);
	431	free(dstr);
	432	return tmp;
	433	}
	434	return NULL;
	435	}
	436
[d5bbd3e]	437	static char _build_intersecting_clause(char head_role_string,
	438	char tail_role_string, char id_string, char* constraint_string)
[da5afdf]	439	{
	440	char *tmp;
	441
	442	if (cred_count==0) {
[d5bbd3e]	443	if(id_string == NULL && constraint_string == NULL) {
[da5afdf]	444	asprintf(&tmp,"isMember(X,%s,['%s']):-%s",
	445	head_role_string, abac_yyfptr_encoded, tail_role_string);
	446	} else {
[d5bbd3e]	447	if(id_string == NULL) {
	448	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s",
	449	head_role_string, abac_yyfptr_encoded,
	450	tail_role_string, constraint_string);
	451	} else if(constraint_string == NULL) {
[da5afdf]	452	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s",
[e88c95b]	453	head_role_string, abac_yyfptr_encoded,
[d5bbd3e]	454	id_string, tail_role_string);
	455	} else {
	456	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s, %s",
	457	head_role_string, abac_yyfptr_encoded,
	458	id_string, tail_role_string, constraint_string);
	459	}
[da5afdf]	460	}
	461	} else {
	462	char *tmp_cred_list=_compose_cred_list();
[d5bbd3e]	463	if(id_string == NULL && constraint_string == NULL) {
[da5afdf]	464	asprintf(&tmp,"isMember(X,%s,L):-%s, appendL([['%s'],%s],L)",
	465	head_role_string, tail_role_string,
	466	abac_yyfptr_encoded, tmp_cred_list);
	467	} else {
[d5bbd3e]	468	if(id_string == NULL) {
	469	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
	470	head_role_string, tail_role_string, constraint_string,
	471	abac_yyfptr_encoded, tmp_cred_list);
	472	} else if(constraint_string == NULL) {
	473	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
	474	head_role_string, id_string, tail_role_string,
	475	abac_yyfptr_encoded, tmp_cred_list);
	476	} else {
	477	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, %s, appendL([['%s'],%s],L)",
	478	head_role_string, id_string, tail_role_string, constraint_string,
	479	abac_yyfptr_encoded, tmp_cred_list);
	480	}
[da5afdf]	481	}
	482	free(tmp_cred_list);
	483	cred_count=0;
	484	}
	485	return tmp;
	486	}
	487
[d5bbd3e]	488	static char generate_pl_intersecting_role_clause(char head_role_string,
	489	abac_role_t tail_role, char id_string, char* constraint_string)
[718ad924]	490	{
	491	char *tmp=NULL;
	492	char* tail_role_string=NULL;
	493	abac_list_t *list=abac_role_prereqs(tail_role);
	494	/* A.R <- B.R & C.R.R */
	495
	496	if (list != NULL) {
	497	abac_role_t *cur;
	498	abac_list_foreach(list, cur,
	499	char *ntmp=generate_pl_tail_role_string(cur);
	500	if(tail_role_string==NULL)
	501	asprintf(&tail_role_string,"%s",ntmp);
	502	else
	503	asprintf(&tail_role_string,"%s, %s",tail_role_string,ntmp);
	504	free(ntmp);
	505	);
	506	}
	507
[d5bbd3e]	508	tmp=_build_intersecting_clause(head_role_string, tail_role_string, id_string,constraint_string);
[718ad924]	509	if(tail_role_string) free(tail_role_string);
	510	return tmp;
	511	}
	512
[d5bbd3e]	513	static char generate_pl_intersecting_oset_clause(char head_oset_string, abac_oset_t tail_oset, char id_string, char* constraint_string)
[da5afdf]	514	{
	515	char *tmp=NULL;
	516	char* tail_oset_string=NULL;
	517	abac_list_t *list=abac_oset_prereqs(tail_oset);
	518	/* A.O <- B.O & C.R.O */
	519
	520	if (list != NULL) {
	521	abac_oset_t *cur;
	522	abac_list_foreach(list, cur,
	523	char *ntmp=generate_pl_tail_oset_string(cur);
	524	if(tail_oset_string==NULL)
	525	asprintf(&tail_oset_string,"%s",ntmp);
	526	else
	527	asprintf(&tail_oset_string,"%s, %s",tail_oset_string,ntmp);
	528	free(ntmp);
	529	);
	530	}
	531
[d5bbd3e]	532	tmp=_build_intersecting_clause(head_oset_string, tail_oset_string,
	533	id_string, constraint_string);
[da5afdf]	534	if(tail_oset_string) free(tail_oset_string);
	535	return tmp;
	536	}
	537
[718ad924]	538	/* generate the yap isMember rule clause for the credential stmt */
[da5afdf]	539	abac_list_t generate_pl_role_clauses(abac_role_t head_role, abac_role_t *tail_role)
[718ad924]	540	{
	541	char *tmp=NULL;
[d5bbd3e]	542	char *id_clauses_string=NULL;
	543	char *constraint_clauses_string=NULL;
[718ad924]	544	abac_list_t *clauses=abac_list_new();
[da5afdf]	545
[b5a3da4]	546	int cnt=abac_yy_cnt_yy_id_certs();
[718ad924]	547	if(cnt > 0) { /* string it up */
[d5bbd3e]	548	id_clauses_string=abac_yy_string_yy_id_certs();
[b5a3da4]	549	abac_yy_free_yy_id_certs();
[718ad924]	550	}
	551
[d5bbd3e]	552	/* XXX make a loop here */
[b5a3da4]	553	cnt=abac_yy_cnt_yy_constraints();
[da5afdf]	554	if(cnt > 0) {
[d5bbd3e]	555	constraint_clauses_string=abac_yy_string_yy_constraints();
[b5a3da4]	556	abac_yy_free_yy_constraints();
[da5afdf]	557	}
	558
[718ad924]	559	/* generate head's role string */
	560	char *head_role_string=generate_pl_head_role_string(head_role);
	561	if(head_role_string == NULL)
	562	goto error;
	563
	564	/* tail side */
	565	if(abac_role_is_intersection(tail_role)) {
[d5bbd3e]	566	tmp=generate_pl_intersecting_role_clause(head_role_string, tail_role,
	567	id_clauses_string, constraint_clauses_string);
[718ad924]	568	} else {
[d5bbd3e]	569	tmp=generate_pl_rule_role_clause(head_role_string, tail_role,
	570	id_clauses_string, constraint_clauses_string);
[718ad924]	571	}
	572	if(tmp==NULL)
	573	goto error;
[da5afdf]	574
[718ad924]	575	abac_list_add(clauses,tmp);
	576	return clauses;
	577
	578	error:
	579	if(head_role_string) free(head_role_string);
[d5bbd3e]	580	if(id_clauses_string) free(id_clauses_string);
	581	if(constraint_clauses_string) free(constraint_clauses_string);
[718ad924]	582	return clauses;
	583	}
	584
[da5afdf]	585	abac_list_t generate_pl_oset_clauses(abac_oset_t head_oset, abac_oset_t *tail_oset)
	586	{
	587	char *tmp=NULL;
[d5bbd3e]	588	char *id_clauses_string=NULL;
	589	char *constraint_clauses_string=NULL;
[da5afdf]	590	abac_list_t *clauses=abac_list_new();
	591
[b5a3da4]	592	int cnt=abac_yy_cnt_yy_id_certs();
[da5afdf]	593	if(cnt > 0) { /* string it up */
[d5bbd3e]	594	id_clauses_string=abac_yy_string_yy_id_certs();
[b5a3da4]	595	abac_yy_free_yy_id_certs();
[da5afdf]	596	}
	597
[d5bbd3e]	598	/* XXX */
[b5a3da4]	599	cnt=abac_yy_cnt_yy_constraints();
[da5afdf]	600	if(cnt > 0) {
[d5bbd3e]	601	constraint_clauses_string=abac_yy_string_yy_constraints();
[b5a3da4]	602	abac_yy_free_yy_constraints();
[da5afdf]	603	}
	604
	605	/* generate head's oset string */
	606	char *head_oset_string=generate_pl_head_oset_string(head_oset);
	607	if(head_oset_string == NULL)
	608	goto error;
	609
	610	/* tail side */
	611	if(abac_oset_is_intersection(tail_oset)) {
[d5bbd3e]	612	tmp=generate_pl_intersecting_oset_clause(head_oset_string, tail_oset,
	613	id_clauses_string, constraint_clauses_string);
[da5afdf]	614	} else {
[d5bbd3e]	615	tmp=generate_pl_rule_oset_clause(head_oset_string, tail_oset,
	616	id_clauses_string, constraint_clauses_string);
[da5afdf]	617	}
	618	if(tmp==NULL)
	619	goto error;
	620
	621	abac_list_add(clauses,tmp);
	622	return clauses;
	623
	624	error:
	625	if(head_oset_string) free(head_oset_string);
[d5bbd3e]	626	if(id_clauses_string) free(id_clauses_string);
	627	if(constraint_clauses_string) free(constraint_clauses_string);
[da5afdf]	628	return clauses;
	629	}
	630
	631	/* should be just 1 */
	632	char generate_pl_role_constraint_clause(abac_role_t head_role, char *tail_string)
	633	{
	634	/* generate head's role string */
	635	char *head_role_string=generate_pl_head_role_string(head_role);
	636	if(head_role_string == NULL)
	637	goto error;
	638
	639	/* tail side */
	640	char *tmp=_build_constraint_rule_clause(head_role_string, tail_string);
	641	if(tmp==NULL)
	642	goto error;
	643
	644	return tmp;
	645
	646	error:
	647	if(head_role_string) free(head_role_string);
	648	return NULL;
	649	}
	650
[d5bbd3e]	651	/* integer(X)<10 */
	652	/* X='abc' */
	653	char generate_pl_range_constraint(char typestr,char var,char val,char *op)
[da5afdf]	654	{
	655	char *tmp=NULL;
[d5bbd3e]	656	if(typestr)
	657	asprintf(&tmp,"%s(%s)%s%s",typestr,var,op,val);
	658	else
	659	asprintf(&tmp,"%s%s%s",var,op,val);
[da5afdf]	660	return tmp;
	661	}
	662
[7b548fa]	663	/* compare(op,var,val) */
	664	char generate_pl_range_time_constraint(char var,char val,char op)
	665	{
	666	char *tmp=NULL;
	667	asprintf(&tmp,"compare(%s,%s,%s)",op,var,val);
	668	return tmp;
	669	}
	670
[da5afdf]	671	/* should just be 1 clause */
	672	char generate_pl_oset_constraint_clause(abac_oset_t head_oset,
	673	char *tail_string)
	674	{
	675	/* generate head's oset string */
	676	char *head_oset_string=generate_pl_head_oset_string(head_oset);
	677	if(head_oset_string == NULL)
	678	goto error;
	679
	680	/* tail side */
	681	char *tmp=_build_constraint_rule_clause(head_oset_string, tail_string);
	682	if(tmp==NULL)
	683	goto error;
	684
	685	return tmp;
	686	error:
	687	if(head_oset_string) free(head_oset_string);
	688	return NULL;
	689	}
	690
	691
[718ad924]	692	/* generate the yap isType rule clause for the type,
	693	isType(Acme, keyid); */
	694	char generate_pl_type_clause(char principalname, int type)
	695	{
	696	char *tmp=NULL;
	697	char *typeid= abac_keyid_type(type);
[7b548fa]	698	if(typeid==NULL \|\| strcmp(typeid,"NULL")==0)
[d5bbd3e]	699	panic("generate_pl_type_clause: can not have null typeid");
[718ad924]	700	int cnt=asprintf(&tmp,"isType(%s,%s)",
	701	principalname, typeid);
	702	return tmp;
	703	}
	704

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac_pl_gen.c @ 9502c50

Download in other formats: