Context Navigation

source: libabac/abac_pl_gen.c @ e97d2e2

mei_rt2_fix_1

Last change on this file since e97d2e2 was abf8d5d, checked in by Mei <mei@…>, 12 years ago

1) add backtrack/multiple solutions proof code changes and new

examples.

Property mode set to 100644

File size: 22.3 KB

Rev	Line
[718ad924]	1
	2	/***********************************************************************/
[d037f54]	3	/* clause generation called to generate credential clauses with a */
	4	/* given credential syntax structure (made from parser or from a */
	5	/* pre-existing structure */
	6	/* There are 2 passes, */
	7	/* first pass, process named cred id, and constraint range/role/oset */
	8	/* 2nd pass, process rule left / right */
[718ad924]	9	/***********************************************************************/
	10	#include <stdio.h>
	11	#include <assert.h>
	12	#include <stdlib.h>
	13
[8bd77b5]	14	#include "abac_internal.h"
[718ad924]	15	#include "abac_set.h"
	16	#include "abac_util.h"
	17
	18	#include "uthash.h"
	19
	20	// index to generate C1,C2..
	21	static int cred_count=0;
	22
[7727f26]	23	static int debug=0;
[d037f54]	24	int ABAC_IN_PROLOG=0;
[7727f26]	25
[440ba20]	26	abac_list_t *abac_pl_constraints=NULL;
	27
	28	/* to track id certs within a rule clause */
	29	typedef struct _abac_id_cert_t {
	30	char *principalname;
	31	int type; /* keyidtype */
	32	char *clause;
	33	} abac_id_cert_t;
	34	abac_list_t *abac_pl_id_certs = NULL;
[9335cfa]	35
[440ba20]	36	extern int using_this;
[d037f54]	37
[b5a3da4]	38	extern char* abac_yyfptr_encoded;
[440ba20]	39
[9b43fc3]	40	void generate_pl_set_abac_yyfptr_encoded(char *string)
	41	{
	42	abac_yyfptr_encoded=abac_xstrdup(string);
	43	}
	44
[440ba20]	45	char generate_pl_type_clause(char principalname, int type);
	46
[b5a3da4]	47
[718ad924]	48	/***********************************************************************/
[d037f54]	49	char prologIt(char str)
	50	{
	51	char *tmp=NULL;
	52	asprintf(&tmp,"p%s",str);
	53	return tmp;
	54	}
	55
[9335cfa]	56	static char* isX()
	57	{
	58	static char x_string[2]="X";
	59	static char this_string[5]="This";
	60	if(using_this)
	61	return this_string;
	62	else
	63	return x_string;
	64	}
	65
[718ad924]	66	static int _get_next_cred_idx()
	67	{
	68	cred_count++;
	69	return cred_count;
	70	}
	71
	72	/* remember to free the returned string */
	73	static char *_compose_cred_list()
	74	{
[da5afdf]	75	int i=cred_count;
[718ad924]	76	if(cred_count==0) return "";
	77
	78	char clist=(char )abac_xmalloc(sizeof(char)(cred_count)3);
	79	strcpy(clist,"C1");
	80	if (cred_count==1) return clist;
	81
	82	i=1;
	83	while(i!=cred_count) {
	84	i++;
	85	sprintf(clist,"%s,C%d",clist,i);
	86	}
	87	return clist;
	88	}
	89
[440ba20]	90
	91	/************************************************************************/
	92	/* this is for tracking prolog constraints */
	93	void abac_pl_init_constraints()
	94	{
	95	abac_pl_constraints = abac_list_new();
	96	}
	97
	98	void abac_pl_free_constraints()
	99	{
	100	char *cur;
	101	abac_list_foreach(abac_pl_constraints, cur,
	102	if(cur)
	103	free(cur);
	104	);
	105	abac_list_free(abac_pl_constraints);
	106	abac_pl_constraints=NULL;
	107	}
	108
	109	int abac_pl_cnt_constraints()
	110	{
	111	return abac_list_size(abac_pl_constraints);
	112	}
	113
	114	char *abac_pl_string_constraints()
	115	{
	116	int first=1;
	117	char *tmp=NULL;
	118	char *final=NULL;
	119	char* cur;
	120	abac_list_foreach(abac_pl_constraints, cur,
	121	if(cur)
	122	if(first) {
	123	final=abac_xstrdup(cur);
	124	first=0;
	125	} else {
	126	tmp=final;
	127	final=NULL;
	128	int cnt=asprintf(&final,"%s,%s", tmp, cur);
	129	}
	130	);
	131	return final;
	132	}
	133
	134	void abac_pl_add_constraints(char *constraint)
	135	{
	136	if(abac_pl_constraints == NULL)
	137	abac_pl_init_constraints();
	138	char* nptr=abac_xstrdup(constraint);
	139	abac_list_add(abac_pl_constraints, nptr);
	140	}
	141
	142
	143	/************************************************************************/
	144	void abac_pl_init_id_certs()
	145	{
	146	abac_pl_id_certs = abac_list_new();
	147	}
	148
	149	void abac_pl_free_id_certs()
	150	{
	151	if(abac_pl_id_certs==NULL)
	152	return;
	153
	154	abac_id_cert_t *id;
	155	abac_list_foreach(abac_pl_id_certs, id,
	156	if(id)
	157	free(id->principalname);
	158	free(id->clause);
	159	free(id);
	160	);
	161	abac_list_free(abac_pl_id_certs);
	162	abac_pl_id_certs = NULL;
	163	}
	164
	165	int abac_pl_cnt_id_certs()
	166	{
	167	return abac_list_size(abac_pl_id_certs);
	168	}
	169
	170	char *abac_pl_string_id_certs()
	171	{
	172	int first=1;
	173	char *tmp=NULL;
	174	abac_id_cert_t *cur;
	175	abac_list_foreach(abac_pl_id_certs, cur,
	176	if(cur)
	177	if(first) {
	178	tmp=abac_xstrdup(cur->clause);
	179	first=0;
	180	} else {
	181	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
	182	}
	183	);
	184	return tmp;
	185	}
	186
	187	void abac_pl_add_id_certs(char *principalname, int type)
	188	{
	189	abac_id_cert_t *id_cert=NULL;
	190	int found=0;
	191	abac_id_cert_t *cur;
	192
	193	if(debug) {
[b92a620]	194	fprintf(stderr,"add_id_certs: adding --> (%s)\n", principalname);
[440ba20]	195	}
	196
	197	if(abac_pl_id_certs == NULL) {
	198	abac_pl_init_id_certs();
	199	} else {
	200	abac_list_foreach(abac_pl_id_certs, cur,
	201	if(cur)
	202	if(strcmp(cur->principalname,principalname)==0) {
	203	found=1;
	204	break;
	205	}
	206	);
	207	}
	208
	209	if (found) {
	210	return;
	211	} else {
	212	id_cert=abac_xmalloc(sizeof(abac_id_cert_t));
	213	id_cert->principalname=abac_xstrdup(principalname);
	214	id_cert->type=type;
	215	id_cert->clause=generate_pl_type_clause(principalname,type);
	216	abac_list_add(abac_pl_id_certs, id_cert);
	217	}
	218	}
	219
[7b548fa]	220	/***********************************************************************/
[8bd77b5]	221	/* generate role(p_name, r_name, param..) */
	222	/* or oset(p_name, r_name, param..) */
	223	static char* generate_pl_head_string(abac_aspect_t *ptr)
[718ad924]	224	{
	225	char *tmp=NULL;
[d037f54]	226	char *principalname;
	227	PROLOG(principalname=abac_aspect_principal_name(ptr););
[8bd77b5]	228	char *aspectname=abac_aspect_aspect_name(ptr);
	229	char *typestring=abac_aspect_type_string(ptr);
[718ad924]	230	char *param_string=NULL;
	231	int cnt=0;
	232
	233	/* can not be a linked role */
[8bd77b5]	234	abac_param_list_t *aspect_params=abac_aspect_aspect_params(ptr);
	235	if(aspect_params) {
[d037f54]	236	PROLOG(param_string=abac_param_list_string(aspect_params););
[718ad924]	237	}
	238
	239	if (param_string != NULL) {
[8bd77b5]	240	cnt=asprintf(&tmp,"%s(%s,%s,%s)",
	241	typestring, principalname, aspectname, param_string);
[718ad924]	242	free(param_string);
	243	} else {
[8bd77b5]	244	cnt=asprintf(&tmp,"%s(%s,%s)",
	245	typestring, principalname, aspectname);
[718ad924]	246	}
[7727f26]	247
[b92a620]	248	if(debug && tmp) fprintf(stderr,"generate_pl_head_string: (%s)\n",tmp);
[718ad924]	249	if(cnt>0)
	250	return tmp;
	251	else
	252	return NULL;
	253	}
	254
	255	/* generate role(p_name, r_name, param..) with isMember call ?? */
[8bd77b5]	256	/* generate oset(p_name, r_name, param..) with isMember call ?? */
	257	static char* generate_pl_tail_string(abac_aspect_t *ptr)
[718ad924]	258	{
	259
[da5afdf]	260	char *tmp=NULL;
	261
[8bd77b5]	262	/* for oset case,
[da5afdf]	263	A.oset <- B
	264	A.oset <- Obj
	265	A.oset <- B.oset
	266	A.oset <- B.role.oset
	267	*/
[8bd77b5]	268	/* o only if it is an oset and object */
	269	if(abac_aspect_is_object(ptr)) {
	270	char *objectname=abac_aspect_object_name(ptr);
[da5afdf]	271	tmp=abac_xstrdup(objectname);
	272	return tmp;
	273	} else {
[d037f54]	274	char *principalname;
	275	PROLOG(principalname=abac_aspect_principal_name(ptr););
[8bd77b5]	276	char *aspectname=abac_aspect_aspect_name(ptr);
	277	char *linkedname=abac_aspect_linked_role_name(ptr);
	278	char *typestring=abac_aspect_type_string(ptr);
[da5afdf]	279
	280	char *param_string=NULL;
	281	char *linked_param_string=NULL;
	282	int cnt=0;
[8bd77b5]	283
	284	abac_param_list_t *aspect_params=abac_aspect_aspect_params(ptr);
	285	if(aspect_params) {
[d037f54]	286	PROLOG(param_string=abac_param_list_string(aspect_params););
[da5afdf]	287	}
[8bd77b5]	288
	289	abac_param_list_t *linked_role_params=abac_aspect_linked_role_params(ptr);
[da5afdf]	290	if(linked_role_params) {
[d037f54]	291	PROLOG(linked_param_string=abac_param_list_string(linked_role_params););
[da5afdf]	292	}
[8bd77b5]	293
[da5afdf]	294	/* b.r.r */
[8bd77b5]	295	if(linkedname!=NULL && aspectname!=NULL && principalname!=NULL ) {
[da5afdf]	296	int fst=_get_next_cred_idx();
	297	int snd=_get_next_cred_idx();
	298	if(linked_param_string !=NULL) {
	299	if (param_string != NULL) {
[8bd77b5]	300	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(%s,%s(Y,%s,%s),C%d)",
	301	principalname,
	302	linkedname,linked_param_string,fst,
	303	isX(), typestring,
	304	aspectname,param_string,snd);
[da5afdf]	305	free(param_string);
	306	} else {
[8bd77b5]	307	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(%s,%s(Y,%s),C%d)",
	308	principalname,
	309	linkedname,linked_param_string,fst,
	310	isX(), typestring,
	311	aspectname,snd);
[da5afdf]	312	}
	313	free(linked_param_string);
	314	} else {
[8bd77b5]	315	if (aspect_params != NULL) {
	316	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(%s,%s(Y,%s,%s),C%d)",
	317	principalname,
	318	linkedname,fst,
	319	isX(),typestring,
	320	aspectname,param_string,snd);
[da5afdf]	321	free(param_string);
	322	} else {
[8bd77b5]	323	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(%s,%s(Y,%s),C%d)",
[da5afdf]	324	principalname,
	325	linkedname,fst,
[8bd77b5]	326	isX(),typestring,
	327	aspectname,snd);
[da5afdf]	328	}
	329	}
	330	if(cnt>0)
	331	return tmp;
	332	else
	333	return NULL;
	334	}
	335	/* b.r */
[8bd77b5]	336	if(linkedname==NULL && aspectname!=NULL && principalname!=NULL ) {
[da5afdf]	337	int fst=_get_next_cred_idx();
	338	if(param_string != NULL) {
[8bd77b5]	339	cnt=asprintf(&tmp,"isMember(%s,%s(%s,%s,%s),C%d)",
	340	isX(),typestring,
	341	principalname, aspectname, param_string, fst);
[da5afdf]	342	free(param_string);
	343	} else {
[8bd77b5]	344	cnt=asprintf(&tmp,"isMember(%s,%s(%s,%s),C%d)",
	345	isX(), typestring,
	346	principalname, aspectname, fst);
[da5afdf]	347	}
	348	if(cnt>0)
	349	return tmp;
	350	else
	351	return NULL;
	352	}
	353	/* b */
[8bd77b5]	354	if(linkedname==NULL && aspectname==NULL && principalname!=NULL ) {
[da5afdf]	355	tmp=abac_xstrdup(principalname);
	356	return tmp;
	357	}
[8bd77b5]	358
	359	return tmp;
	360	}
[da5afdf]	361	return tmp;
	362	}
[8bd77b5]	363
[da5afdf]	364
	365	/********************************************************************************/
	366
	367	static char _build_constraint_rule_clause(char head_string, char *tail_string)
	368	{
	369	/only, A.R <- B /
[440ba20]	370	if(debug)
[b92a620]	371	fprintf(stderr,"calling _build_constraint_rule_clause (%s)(%s)\n", head_string, tail_string);
[da5afdf]	372	char *tmp;
	373	int idx=_get_next_cred_idx();
	374	asprintf(&tmp, "isMember(%s,%s,C%d)", tail_string,head_string,idx);
	375	return tmp;
	376	}
	377
[8bd77b5]	378	static char _build_rule_clause(char aspectname, char *head_string,
[d5bbd3e]	379	char tail_string, char id_string, char *constraint_string)
[718ad924]	380	{
	381	char *tmp=NULL;
	382
[8bd77b5]	383	if(aspectname == NULL) {
[718ad924]	384	/* A.R <- B */
[d5bbd3e]	385	if(id_string == NULL && constraint_string == NULL) {
[da5afdf]	386	asprintf(&tmp, "isMember(%s,%s,['%s'])",
	387	tail_string,head_string,abac_yyfptr_encoded);
	388	} else {
[d5bbd3e]	389	if(id_string == NULL) {
	390	asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s",
	391	tail_string,head_string,abac_yyfptr_encoded,
	392	constraint_string);
	393	} else if(constraint_string == NULL) {
	394	asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s",
	395	tail_string,head_string,abac_yyfptr_encoded,
	396	id_string);
	397	} else { asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s,%s",
	398	tail_string,head_string,abac_yyfptr_encoded,
	399	id_string, constraint_string);
	400	}
[718ad924]	401	}
	402	} else {
	403	/* A.R <- B.R */
	404	/* A.R <- B.R.R */
	405	if (cred_count==0) {
[d5bbd3e]	406	if(id_string == NULL && constraint_string == NULL) {
[9335cfa]	407	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s",
	408	isX(),
[da5afdf]	409	head_string, abac_yyfptr_encoded, tail_string);
[718ad924]	410	} else {
[d5bbd3e]	411	if(id_string == NULL) {
[9335cfa]	412	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s,%s",
	413	isX(),
[d5bbd3e]	414	head_string, abac_yyfptr_encoded, tail_string,
	415	constraint_string);
	416	} else if(constraint_string == NULL) {
[9335cfa]	417	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s,%s",
	418	isX(),
[d5bbd3e]	419	head_string, abac_yyfptr_encoded, id_string,
	420	tail_string);
	421	} else {
[9335cfa]	422	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s,%s,%s",
	423	isX(),
[d5bbd3e]	424	head_string, abac_yyfptr_encoded, id_string,
	425	tail_string, constraint_string);
	426	}
[718ad924]	427	}
	428	} else {
	429	char *tmp_cred_list=_compose_cred_list();
[d5bbd3e]	430	if(id_string == NULL && constraint_string == NULL) {
[9335cfa]	431	asprintf(&tmp,"isMember(%s,%s,L):-%s, appendL([['%s'],%s],L)",
	432	isX(),
[da5afdf]	433	head_string, tail_string,
	434	abac_yyfptr_encoded, tmp_cred_list);
[718ad924]	435	} else {
[d5bbd3e]	436	if(id_string == NULL) {
[9335cfa]	437	asprintf(&tmp,"isMember(%s,%s,L):-%s, %s, appendL([['%s'],%s],L)",
	438	isX(),
[d5bbd3e]	439	head_string, tail_string, constraint_string,
[da5afdf]	440	abac_yyfptr_encoded, tmp_cred_list);
[d5bbd3e]	441	} else if(constraint_string == NULL) {
[9335cfa]	442	asprintf(&tmp,"isMember(%s,%s,L):-%s, %s, appendL([['%s'],%s],L)",
	443	isX(),
[d5bbd3e]	444	head_string, id_string, tail_string,
	445	abac_yyfptr_encoded, tmp_cred_list);
	446	} else {
[9335cfa]	447	asprintf(&tmp,"isMember(%s,%s,L):-%s, %s, %s, appendL([['%s'],%s],L)",
	448	isX(),
[d5bbd3e]	449	head_string, id_string, tail_string,
	450	constraint_string,
	451	abac_yyfptr_encoded, tmp_cred_list);
	452	}
[718ad924]	453	}
	454	free(tmp_cred_list);
	455	cred_count=0;
	456	}
	457	}
[da5afdf]	458	return tmp;
	459	}
	460
	461
[8bd77b5]	462	static char generate_pl_rule_clause(char head_rule_string,
	463	abac_aspect_t tail_rule, char id_string, char *constraint_string)
[da5afdf]	464	{
[8bd77b5]	465	char *aspectname=abac_aspect_aspect_name(tail_rule);
	466	char *tail_rule_string=generate_pl_tail_string(tail_rule);
	467	if(aspectname == NULL && tail_rule_string == NULL)
[da5afdf]	468	goto error;
[8bd77b5]	469	char *tmp=_build_rule_clause(aspectname,head_rule_string, tail_rule_string,
[d5bbd3e]	470	id_string, constraint_string);
[8bd77b5]	471	if(tail_rule_string) free(tail_rule_string);
[da5afdf]	472	return tmp;
	473
	474	error:
[8bd77b5]	475	if(tail_rule_string) free(tail_rule_string);
[da5afdf]	476	return NULL;
	477	}
	478
[718ad924]	479	static char _add_string(char dstr, char *nstr)
	480	{
	481	if(strlen(dstr)==0) {
	482	dstr=abac_xstrdup(nstr);
	483	return dstr;
	484	} else {
	485	int len = strlen(dstr)+strlen(nstr)+2;
	486	char tmp=abac_xmalloc(lensizeof(char));
	487	sprintf(tmp,"%s,%s", dstr,nstr);
	488	free(dstr);
	489	return tmp;
	490	}
	491	return NULL;
	492	}
	493
[d5bbd3e]	494	static char _build_intersecting_clause(char head_role_string,
	495	char tail_role_string, char id_string, char* constraint_string)
[da5afdf]	496	{
	497	char *tmp;
	498
	499	if (cred_count==0) {
[d5bbd3e]	500	if(id_string == NULL && constraint_string == NULL) {
[9335cfa]	501	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s",
	502	isX(),
[da5afdf]	503	head_role_string, abac_yyfptr_encoded, tail_role_string);
	504	} else {
[d5bbd3e]	505	if(id_string == NULL) {
[9335cfa]	506	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s, %s",
	507	isX(),
[d5bbd3e]	508	head_role_string, abac_yyfptr_encoded,
	509	tail_role_string, constraint_string);
	510	} else if(constraint_string == NULL) {
[9335cfa]	511	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s, %s",
	512	isX(),
[e88c95b]	513	head_role_string, abac_yyfptr_encoded,
[d5bbd3e]	514	id_string, tail_role_string);
	515	} else {
[9335cfa]	516	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s, %s, %s",
	517	isX(),
[d5bbd3e]	518	head_role_string, abac_yyfptr_encoded,
	519	id_string, tail_role_string, constraint_string);
	520	}
[da5afdf]	521	}
	522	} else {
	523	char *tmp_cred_list=_compose_cred_list();
[d5bbd3e]	524	if(id_string == NULL && constraint_string == NULL) {
[9335cfa]	525	asprintf(&tmp,"isMember(%s,%s,L):-%s, appendL([['%s'],%s],L)",
	526	isX(),
[da5afdf]	527	head_role_string, tail_role_string,
	528	abac_yyfptr_encoded, tmp_cred_list);
	529	} else {
[d5bbd3e]	530	if(id_string == NULL) {
[9335cfa]	531	asprintf(&tmp,"isMember(%s,%s,L):-%s, %s, appendL([['%s'],%s],L)",
	532	isX(),
[d5bbd3e]	533	head_role_string, tail_role_string, constraint_string,
	534	abac_yyfptr_encoded, tmp_cred_list);
	535	} else if(constraint_string == NULL) {
[9335cfa]	536	asprintf(&tmp,"isMember(%s,%s,L):-%s, %s, appendL([['%s'],%s],L)",
	537	isX(),
[d5bbd3e]	538	head_role_string, id_string, tail_role_string,
	539	abac_yyfptr_encoded, tmp_cred_list);
	540	} else {
[9335cfa]	541	asprintf(&tmp,"isMember(%s,%s,L):-%s, %s, %s, appendL([['%s'],%s],L)",
	542	isX(),
[d5bbd3e]	543	head_role_string, id_string, tail_role_string, constraint_string,
	544	abac_yyfptr_encoded, tmp_cred_list);
	545	}
[da5afdf]	546	}
	547	free(tmp_cred_list);
	548	cred_count=0;
	549	}
	550	return tmp;
	551	}
	552
[8bd77b5]	553	static char generate_pl_intersecting_clause(char head_role_string,
	554	abac_aspect_t tail_role, char id_string, char* constraint_string)
[718ad924]	555	{
	556	char *tmp=NULL;
	557	char* tail_role_string=NULL;
[8bd77b5]	558	abac_list_t *list=abac_aspect_prereqs(tail_role);
[718ad924]	559	/* A.R <- B.R & C.R.R */
[8bd77b5]	560	/* A.O <- B.O & C.R.O */
[718ad924]	561
	562	if (list != NULL) {
[8bd77b5]	563	abac_aspect_t *cur;
[718ad924]	564	abac_list_foreach(list, cur,
[8bd77b5]	565	char *ntmp=generate_pl_tail_string(cur);
[b92a620]	566	if(debug) fprintf(stderr," intersecting tail: (%s)\n",ntmp);
[8bd77b5]	567	if(tail_role_string==NULL) {
	568	tail_role_string=abac_xstrdup(ntmp);
	569	} else {
	570	tmp=tail_role_string;
	571	tail_role_string=NULL;
	572	asprintf(&tail_role_string,"%s, %s",tmp,ntmp);
	573	free(tmp);
	574	}
[718ad924]	575	free(ntmp);
	576	);
	577	}
	578
[b92a620]	579	if(debug) fprintf(stderr," final intersecting tail: (%s)\n",tail_role_string);
[d5bbd3e]	580	tmp=_build_intersecting_clause(head_role_string, tail_role_string, id_string,constraint_string);
[718ad924]	581	if(tail_role_string) free(tail_role_string);
	582	return tmp;
	583	}
	584
[abf8d5d]	585	/* generate the prolog isMember rule clause for the credential stmt */
[8bd77b5]	586	abac_list_t generate_pl_clauses(abac_aspect_t head_aspect, abac_aspect_t *tail_aspect)
[718ad924]	587	{
	588	char *tmp=NULL;
[d5bbd3e]	589	char *id_clauses_string=NULL;
	590	char *constraint_clauses_string=NULL;
[718ad924]	591	abac_list_t *clauses=abac_list_new();
[da5afdf]	592
[440ba20]	593	int cnt=abac_pl_cnt_id_certs();
[718ad924]	594	if(cnt > 0) { /* string it up */
[440ba20]	595	id_clauses_string=abac_pl_string_id_certs();
	596	abac_pl_free_id_certs();
[718ad924]	597	}
	598
[8bd77b5]	599	/* make a loop here */
[440ba20]	600	cnt=abac_pl_cnt_constraints();
[da5afdf]	601	if(cnt > 0) {
[440ba20]	602	constraint_clauses_string=abac_pl_string_constraints();
	603	abac_pl_free_constraints();
[da5afdf]	604	}
	605
[8bd77b5]	606	/* generate head's string */
	607	char *head_string=generate_pl_head_string(head_aspect);
	608	if(head_string == NULL)
[718ad924]	609	goto error;
	610
	611	/* tail side */
[8bd77b5]	612	if(abac_aspect_is_intersection(tail_aspect)) {
	613	tmp=generate_pl_intersecting_clause(head_string, tail_aspect,
[d5bbd3e]	614	id_clauses_string, constraint_clauses_string);
[718ad924]	615	} else {
[8bd77b5]	616	tmp=generate_pl_rule_clause(head_string, tail_aspect,
[d5bbd3e]	617	id_clauses_string, constraint_clauses_string);
[718ad924]	618	}
	619	if(tmp==NULL)
	620	goto error;
[da5afdf]	621
[718ad924]	622	abac_list_add(clauses,tmp);
	623	return clauses;
	624
	625	error:
[8bd77b5]	626	if(head_string) free(head_string);
[d5bbd3e]	627	if(id_clauses_string) free(id_clauses_string);
	628	if(constraint_clauses_string) free(constraint_clauses_string);
[da5afdf]	629	return clauses;
	630	}
	631
	632	/* should be just 1 */
[8bd77b5]	633	char generate_pl_constraint_clause(abac_aspect_t head_aspect, char *tail_string)
[da5afdf]	634	{
[8bd77b5]	635	/* generate head's role or oset string */
	636	char *head_string=generate_pl_head_string(head_aspect);
	637	if(head_string == NULL)
[da5afdf]	638	goto error;
	639
	640	/* tail side */
[8bd77b5]	641	char *tmp=_build_constraint_rule_clause(head_string, tail_string);
[da5afdf]	642	if(tmp==NULL)
	643	goto error;
	644
	645	return tmp;
	646
	647	error:
[8bd77b5]	648	if(head_string) free(head_string);
[da5afdf]	649	return NULL;
	650	}
	651
[d5bbd3e]	652	/* integer(X)<10 */
	653	/* X='abc' */
	654	char generate_pl_range_constraint(char typestr,char var,char val,char *op)
[da5afdf]	655	{
	656	char *tmp=NULL;
[d5bbd3e]	657	if(typestr)
	658	asprintf(&tmp,"%s(%s)%s%s",typestr,var,op,val);
	659	else
	660	asprintf(&tmp,"%s%s%s",var,op,val);
[da5afdf]	661	return tmp;
	662	}
	663
[7b548fa]	664	/* compare(op,var,val) */
	665	char generate_pl_range_time_constraint(char var,char val,char op)
	666	{
	667	char *tmp=NULL;
	668	asprintf(&tmp,"compare(%s,%s,%s)",op,var,val);
	669	return tmp;
	670	}
	671
[abf8d5d]	672	/* generate the prolog isType rule clause for the type,
[718ad924]	673	isType(Acme, keyid); */
	674	char generate_pl_type_clause(char principalname, int type)
	675	{
	676	char *tmp=NULL;
[8bd77b5]	677	char *typeid= abac_idtype_string(type);
[7b548fa]	678	if(typeid==NULL \|\| strcmp(typeid,"NULL")==0)
[d5bbd3e]	679	panic("generate_pl_type_clause: can not have null typeid");
[440ba20]	680	if(debug)
[b92a620]	681	fprintf(stderr,"generate type clause, (%s)\n", principalname);
[718ad924]	682	int cnt=asprintf(&tmp,"isType(%s,%s)",
	683	principalname, typeid);
	684	return tmp;
	685	}
	686

Note: See TracBrowser for help on using the repository browser.

Download in other formats: