Context Navigation

source: libabac/abac_pl_gen.c @ 0d0c3a9

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 0d0c3a9 was 0d0c3a9, checked in by Mei <mei@…>, 12 years ago

1) adding missing extern forward declarations that is causing

freeBSD compiled prover to coredump

Property mode set to 100644

File size: 19.8 KB

Line
1
2
3	/***********************************************************************/
4	/* clause generation called from parser to generate credential clauses */
5	/***********************************************************************/
6	#include <stdio.h>
7	#include <assert.h>
8	#include <stdlib.h>
9
10	#include "abac_set.h"
11	#include "abac_util.h"
12	#include "abac_pl.h"
13
14	#include "uthash.h"
15
16	// index to generate C1,C2..
17	static int cred_count=0;
18	char *abac_addon_clauses=NULL;
19
20	extern char* abac_yyfptr_encoded;
21	extern int abac_yy_cnt_yy_id_certs();
22	extern void abac_yy_free_yy_id_certs();
23	extern char *abac_yy_string_yy_id_certs();
24	extern void abac_yy_free_yy_constraints();
25	extern char *abac_yy_string_yy_constraints();
26
27	/***********************************************************************/
28	static int _get_next_cred_idx()
29	{
30	cred_count++;
31	return cred_count;
32	}
33
34	/* remember to free the returned string */
35	static char *_compose_cred_list()
36	{
37	int i=cred_count;
38	if(cred_count==0) return "";
39
40	char clist=(char )abac_xmalloc(sizeof(char)(cred_count)3);
41	strcpy(clist,"C1");
42	if (cred_count==1) return clist;
43
44	i=1;
45	while(i!=cred_count) {
46	i++;
47	sprintf(clist,"%s,C%d",clist,i);
48	}
49	return clist;
50	}
51
52	/* generate role(p_name, r_name, param..) */
53	static char* generate_pl_head_role_string(abac_role_t *role)
54	{
55	char *tmp=NULL;
56	char *principalname=abac_role_principal_cn(role);
57	char *rolename=abac_role_role_name(role);
58	char *param_string=NULL;
59	int cnt=0;
60
61	/* can not be a linked role */
62	abac_param_list_t *role_params=abac_role_role_params(role);
63	if(role_params) {
64	param_string=abac_param_list_string(role_params);
65	}
66
67	if (param_string != NULL) {
68	cnt=asprintf(&tmp,"role(%s,%s,%s)", principalname, rolename, param_string);
69	free(param_string);
70	} else {
71	cnt=asprintf(&tmp,"role(%s,%s)", principalname, rolename);
72	}
73	if(cnt>0)
74	return tmp;
75	else
76	return NULL;
77	}
78
79	/* generate role(p_name, r_name, param..) with isMember call ?? */
80	static char* generate_pl_tail_role_string(abac_role_t *role)
81	{
82	char *tmp;
83	char *principalname=abac_role_principal_cn(role);
84	char *rolename=abac_role_role_name(role);
85	char *linkedname=abac_role_linked_role(role);
86
87	char *param_string=NULL;
88	char *linked_param_string=NULL;
89	int cnt=0;
90
91	abac_param_list_t *role_params=abac_role_role_params(role);
92	if(role_params) {
93	param_string=abac_param_list_string(role_params);
94	}
95
96	abac_param_list_t *linked_role_params=abac_role_linked_role_params(role);
97	if(linked_role_params) {
98	linked_param_string=abac_param_list_string(linked_role_params);
99	}
100
101	/* b.r.r */
102	if(linkedname!=NULL && rolename!=NULL && principalname!=NULL ) {
103	int fst=_get_next_cred_idx();
104	int snd=_get_next_cred_idx();
105	if(linked_param_string !=NULL) {
106	if (param_string != NULL) {
107	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,role(Y,%s,%s),C%d)",
108	principalname,
109	linkedname,linked_param_string,fst,
110	rolename,param_string,snd);
111	free(param_string);
112	} else {
113	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,role(Y,%s),C%d)",
114	principalname,
115	linkedname,linked_param_string,fst,
116	rolename,snd);
117	}
118	free(linked_param_string);
119	} else {
120	if (role_params != NULL) {
121	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,role(Y,%s,%s),C%d)",
122	principalname,
123	linkedname,fst,
124	rolename,param_string,snd);
125	free(param_string);
126	} else {
127	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,role(Y,%s),C%d)",
128	principalname,
129	linkedname,fst,
130	rolename,snd);
131	}
132	}
133	if(cnt>0)
134	return tmp;
135	else
136	return NULL;
137	}
138	/* b.r */
139	if(linkedname==NULL && rolename!=NULL && principalname!=NULL ) {
140	int fst=_get_next_cred_idx();
141	if(param_string != NULL) {
142	cnt=asprintf(&tmp,"isMember(X,role(%s,%s,%s),C%d)",
143	principalname, rolename, param_string, fst);
144	free(param_string);
145	} else {
146	cnt=asprintf(&tmp,"isMember(X,role(%s,%s),C%d)",
147	principalname, rolename, fst);
148	}
149	if(cnt>0)
150	return tmp;
151	else
152	return NULL;
153	}
154	/* b */
155	if(linkedname==NULL && rolename==NULL && principalname!=NULL ) {
156	tmp=abac_xstrdup(principalname);
157	return tmp;
158	}
159
160	return tmp;
161	}
162
163
164	/* generate oset(p_name, r_name, param..) */
165	static char* generate_pl_head_oset_string(abac_oset_t *oset)
166	{
167	char *tmp=NULL;
168	char *principalname=abac_oset_principal_cn(oset);
169	char *osetname=abac_oset_oset_name(oset);
170	char *param_string=NULL;
171	int cnt=0;
172
173	/* can not be a linked role */
174	abac_param_list_t *oset_params=abac_oset_oset_params(oset);
175	if(oset_params) {
176	param_string=abac_param_list_string(oset_params);
177	}
178
179	if (param_string != NULL) {
180	cnt=asprintf(&tmp,"oset(%s,%s,%s)", principalname, osetname, param_string);
181	free(param_string);
182	} else {
183	cnt=asprintf(&tmp,"oset(%s,%s)", principalname, osetname);
184	}
185	if(cnt>0)
186	return tmp;
187	else
188	return NULL;
189	}
190
191	/* generate oset(p_name, r_name, param..) with isMember call ?? */
192	static char* generate_pl_tail_oset_string(abac_oset_t *oset)
193	{
194	char *tmp;
195	/*
196	A.oset <- B
197	A.oset <- Obj
198	A.oset <- B.oset
199	A.oset <- B.role.oset
200	*/
201	/* o */
202	if(abac_oset_is_object(oset)) {
203	char *objectname=abac_oset_object_cn(oset);
204	tmp=abac_xstrdup(objectname);
205	return tmp;
206	} else {
207	char *principalname=abac_oset_principal_cn(oset);
208	char *osetname=abac_oset_oset_name(oset);
209	char *linkedname=abac_oset_linked_role(oset);
210
211	char *param_string=NULL;
212	char *linked_param_string=NULL;
213	int cnt=0;
214
215	abac_param_list_t *oset_params=abac_oset_oset_params(oset);
216	if(oset_params) {
217	param_string=abac_param_list_string(oset_params);
218	}
219
220	abac_param_list_t *linked_role_params=abac_oset_linked_role_params(oset);
221	if(linked_role_params) {
222	linked_param_string=abac_param_list_string(linked_role_params);
223	}
224
225	/* b.r.r */
226	if(linkedname!=NULL && osetname!=NULL && principalname!=NULL ) {
227	int fst=_get_next_cred_idx();
228	int snd=_get_next_cred_idx();
229	if(linked_param_string !=NULL) {
230	if (param_string != NULL) {
231	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,oset(Y,%s,%s),C%d)",
232	principalname,
233	linkedname,linked_param_string,fst,
234	osetname,param_string,snd);
235	free(param_string);
236	} else {
237	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,oset(Y,%s),C%d)",
238	principalname,
239	linkedname,linked_param_string,fst,
240	osetname,snd);
241	}
242	free(linked_param_string);
243	} else {
244	if (oset_params != NULL) {
245	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,oset(Y,%s,%s),C%d)",
246	principalname,
247	linkedname,fst,
248	osetname,param_string,snd);
249	free(param_string);
250	} else {
251	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,oset(Y,%s),C%d)",
252	principalname,
253	linkedname,fst,
254	osetname,snd);
255	}
256	}
257	if(cnt>0)
258	return tmp;
259	else
260	return NULL;
261	}
262	/* b.r */
263	if(linkedname==NULL && osetname!=NULL && principalname!=NULL ) {
264	int fst=_get_next_cred_idx();
265	if(param_string != NULL) {
266	cnt=asprintf(&tmp,"isMember(X,oset(%s,%s,%s),C%d)",
267	principalname, osetname, param_string, fst);
268	free(param_string);
269	} else {
270	cnt=asprintf(&tmp,"isMember(X,oset(%s,%s),C%d)",
271	principalname, osetname, fst);
272	}
273	if(cnt>0)
274	return tmp;
275	else
276	return NULL;
277	}
278	/* b */
279	if(linkedname==NULL && osetname==NULL && principalname!=NULL ) {
280	tmp=abac_xstrdup(principalname);
281	return tmp;
282	}
283
284	}
285	return tmp;
286	}
287
288
289	/********************************************************************************/
290
291	static char _build_constraint_rule_clause(char head_string, char *tail_string)
292	{
293	/only, A.R <- B /
294	char *tmp;
295	int idx=_get_next_cred_idx();
296	asprintf(&tmp, "isMember(%s,%s,C%d)", tail_string,head_string,idx);
297	return tmp;
298	}
299
300	static char _build_rule_clause(char rolename, char head_string, char tail_string)
301	{
302	char *tmp=NULL;
303
304	if(rolename == NULL) {
305	/* A.R <- B */
306	if(abac_addon_clauses==NULL) {
307	asprintf(&tmp, "isMember(%s,%s,['%s'])",
308	tail_string,head_string,abac_yyfptr_encoded);
309	} else {
310	asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s",
311	tail_string,head_string,abac_yyfptr_encoded,
312	abac_addon_clauses);
313	free(abac_addon_clauses);
314	abac_addon_clauses=NULL;
315	}
316	} else {
317	/* A.R <- B.R */
318	/* A.R <- B.R.R */
319	if (cred_count==0) {
320	if(abac_addon_clauses==NULL) {
321	asprintf(&tmp,"isMember(X,%s,['%s']):-%s",
322	head_string, abac_yyfptr_encoded, tail_string);
323	} else {
324	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s",
325	head_string, abac_yyfptr_encoded,
326	tail_string,abac_addon_clauses);
327	free(abac_addon_clauses);
328	abac_addon_clauses=NULL;
329	}
330	} else {
331	char *tmp_cred_list=_compose_cred_list();
332	if(abac_addon_clauses == NULL) {
333	asprintf(&tmp,"isMember(X,%s,L):-%s, appendL([['%s'],%s],L)",
334	head_string, tail_string,
335	abac_yyfptr_encoded, tmp_cred_list);
336	} else {
337	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
338	head_string, tail_string, abac_addon_clauses,
339	abac_yyfptr_encoded, tmp_cred_list);
340	free(abac_addon_clauses);
341	abac_addon_clauses=NULL;
342	}
343	free(tmp_cred_list);
344	cred_count=0;
345	}
346	}
347	return tmp;
348	}
349
350
351	static char generate_pl_rule_role_clause(char head_role_string, abac_role_t *tail_role)
352	{
353	char *rolename=abac_role_role_name(tail_role);
354	char *tail_role_string=generate_pl_tail_role_string(tail_role);
355	if(rolename == NULL && tail_role_string == NULL)
356	goto error;
357	char *tmp=_build_rule_clause(rolename,head_role_string, tail_role_string);
358	if(tail_role_string) free(tail_role_string);
359	return tmp;
360
361	error:
362	if(tail_role_string) free(tail_role_string);
363	return NULL;
364	}
365
366	static char generate_pl_rule_oset_clause(char head_oset_string, abac_oset_t *tail_oset)
367	{
368	char *osetname=abac_oset_oset_name(tail_oset);
369	char *tail_oset_string=generate_pl_tail_oset_string(tail_oset);
370	if(osetname == NULL && tail_oset_string == NULL)
371	goto error;
372	char *tmp=_build_rule_clause(osetname,head_oset_string, tail_oset_string);
373	if(tail_oset_string) free(tail_oset_string);
374	return tmp;
375
376	error:
377	if(tail_oset_string) free(tail_oset_string);
378	return NULL;
379	}
380
381
382	static char _add_string(char dstr, char *nstr)
383	{
384	if(strlen(dstr)==0) {
385	dstr=abac_xstrdup(nstr);
386	return dstr;
387	} else {
388	int len = strlen(dstr)+strlen(nstr)+2;
389	char tmp=abac_xmalloc(lensizeof(char));
390	sprintf(tmp,"%s,%s", dstr,nstr);
391	free(dstr);
392	return tmp;
393	}
394	return NULL;
395	}
396
397	static char _build_intersecting_clause(char head_role_string, char *tail_role_string)
398	{
399	char *tmp;
400
401	if (cred_count==0) {
402	if(abac_addon_clauses ==NULL) {
403	asprintf(&tmp,"isMember(X,%s,['%s']):-%s",
404	head_role_string, abac_yyfptr_encoded, tail_role_string);
405	} else {
406	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s",
407	head_role_string, abac_yyfptr_encoded,
408	tail_role_string, abac_addon_clauses);
409	free(abac_addon_clauses);
410	abac_addon_clauses=NULL;
411	}
412	} else {
413	char *tmp_cred_list=_compose_cred_list();
414	if(abac_addon_clauses ==NULL) {
415	asprintf(&tmp,"isMember(X,%s,L):-%s, appendL([['%s'],%s],L)",
416	head_role_string, tail_role_string,
417	abac_yyfptr_encoded, tmp_cred_list);
418	} else {
419	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
420	head_role_string, tail_role_string, abac_addon_clauses,
421	abac_yyfptr_encoded, tmp_cred_list);
422	free(abac_addon_clauses);
423	abac_addon_clauses=NULL;
424	}
425	free(tmp_cred_list);
426	cred_count=0;
427	}
428	return tmp;
429	}
430
431	static char generate_pl_intersecting_role_clause(char head_role_string, abac_role_t *tail_role)
432	{
433	char *tmp=NULL;
434	char* tail_role_string=NULL;
435	abac_list_t *list=abac_role_prereqs(tail_role);
436	/* A.R <- B.R & C.R.R */
437
438	if (list != NULL) {
439	abac_role_t *cur;
440	abac_list_foreach(list, cur,
441	char *ntmp=generate_pl_tail_role_string(cur);
442	if(tail_role_string==NULL)
443	asprintf(&tail_role_string,"%s",ntmp);
444	else
445	asprintf(&tail_role_string,"%s, %s",tail_role_string,ntmp);
446	free(ntmp);
447	);
448	}
449
450	tmp=_build_intersecting_clause(head_role_string, tail_role_string);
451	if(tail_role_string) free(tail_role_string);
452	return tmp;
453	}
454
455	static char generate_pl_intersecting_oset_clause(char head_oset_string, abac_oset_t *tail_oset)
456	{
457	char *tmp=NULL;
458	char* tail_oset_string=NULL;
459	abac_list_t *list=abac_oset_prereqs(tail_oset);
460	/* A.O <- B.O & C.R.O */
461
462	if (list != NULL) {
463	abac_oset_t *cur;
464	abac_list_foreach(list, cur,
465	char *ntmp=generate_pl_tail_oset_string(cur);
466	if(tail_oset_string==NULL)
467	asprintf(&tail_oset_string,"%s",ntmp);
468	else
469	asprintf(&tail_oset_string,"%s, %s",tail_oset_string,ntmp);
470	free(ntmp);
471	);
472	}
473
474	tmp=_build_intersecting_clause(head_oset_string, tail_oset_string);
475	if(tail_oset_string) free(tail_oset_string);
476	return tmp;
477	}
478
479	/* generate the yap isMember rule clause for the credential stmt */
480	abac_list_t generate_pl_role_clauses(abac_role_t head_role, abac_role_t *tail_role)
481	{
482	char *tmp=NULL;
483	abac_list_t *clauses=abac_list_new();
484
485	int cnt=abac_yy_cnt_yy_id_certs();
486	if(cnt > 0) { /* string it up */
487	//abac_addon_clauses=abac_yy_string_yy_id_certs();
488	tmp=abac_yy_string_yy_id_certs();
489	abac_yy_free_yy_id_certs();
490	}
491
492	cnt=abac_yy_cnt_yy_constraints();
493	if(cnt > 0) {
494	char *ntmp=abac_yy_string_yy_constraints();
495	abac_yy_free_yy_constraints();
496	if(tmp)
497	asprintf(&tmp,"%s,%s",tmp,ntmp);
498	else tmp=ntmp;
499	}
500	abac_addon_clauses=tmp;
501
502	/* generate head's role string */
503	char *head_role_string=generate_pl_head_role_string(head_role);
504	if(head_role_string == NULL)
505	goto error;
506
507	/* tail side */
508	if(abac_role_is_intersection(tail_role)) {
509	tmp=generate_pl_intersecting_role_clause(head_role_string, tail_role);
510	} else {
511	tmp=generate_pl_rule_role_clause(head_role_string, tail_role);
512	}
513	if(tmp==NULL)
514	goto error;
515
516	abac_list_add(clauses,tmp);
517	return clauses;
518
519	error:
520	if(head_role_string) free(head_role_string);
521	return clauses;
522	}
523
524	abac_list_t generate_pl_oset_clauses(abac_oset_t head_oset, abac_oset_t *tail_oset)
525	{
526	char *tmp=NULL;
527	abac_list_t *clauses=abac_list_new();
528
529	int cnt=abac_yy_cnt_yy_id_certs();
530	if(cnt > 0) { /* string it up */
531	tmp=abac_yy_string_yy_id_certs();
532	abac_yy_free_yy_id_certs();
533	}
534
535	cnt=abac_yy_cnt_yy_constraints();
536	if(cnt > 0) {
537	char *ntmp=abac_yy_string_yy_constraints();
538	abac_yy_free_yy_constraints();
539	if(tmp)
540	asprintf(&tmp,"%s,%s",tmp,ntmp);
541	else tmp=ntmp;
542	}
543	abac_addon_clauses=tmp;
544
545	/* generate head's oset string */
546	char *head_oset_string=generate_pl_head_oset_string(head_oset);
547	if(head_oset_string == NULL)
548	goto error;
549
550	/* tail side */
551	if(abac_oset_is_intersection(tail_oset)) {
552	tmp=generate_pl_intersecting_oset_clause(head_oset_string, tail_oset);
553	} else {
554	tmp=generate_pl_rule_oset_clause(head_oset_string, tail_oset);
555	}
556	if(tmp==NULL)
557	goto error;
558
559	abac_list_add(clauses,tmp);
560	return clauses;
561
562	error:
563	if(head_oset_string) free(head_oset_string);
564	return clauses;
565	}
566
567	/* should be just 1 */
568	char generate_pl_role_constraint_clause(abac_role_t head_role, char *tail_string)
569	{
570	/* generate head's role string */
571	char *head_role_string=generate_pl_head_role_string(head_role);
572	if(head_role_string == NULL)
573	goto error;
574
575	/* tail side */
576	char *tmp=_build_constraint_rule_clause(head_role_string, tail_string);
577	if(tmp==NULL)
578	goto error;
579
580	return tmp;
581
582	error:
583	if(head_role_string) free(head_role_string);
584	return NULL;
585	}
586
587
588
589	/* so far, for integer type only */
590	char generate_pl_range_constraint_clause(char typestr,char var,char val,char *op)
591	{
592	char *tmp=NULL;
593	asprintf(&tmp,"%s(%s)%s%s",typestr,var,op,val);
594	return tmp;
595	}
596
597	/* should just be 1 clause */
598	char generate_pl_oset_constraint_clause(abac_oset_t head_oset,
599	char *tail_string)
600	{
601	/* generate head's oset string */
602	char *head_oset_string=generate_pl_head_oset_string(head_oset);
603	if(head_oset_string == NULL)
604	goto error;
605
606	/* tail side */
607	char *tmp=_build_constraint_rule_clause(head_oset_string, tail_string);
608	if(tmp==NULL)
609	goto error;
610
611	return tmp;
612	error:
613	if(head_oset_string) free(head_oset_string);
614	return NULL;
615	}
616
617
618	/* generate the yap isType rule clause for the type,
619	isType(Acme, keyid); */
620	char generate_pl_type_clause(char principalname, int type)
621	{
622	char *tmp=NULL;
623	char *typeid= abac_keyid_type(type);
624	int cnt=asprintf(&tmp,"isType(%s,%s)",
625	principalname, typeid);
626	return tmp;
627	}
628

Note: See TracBrowser for help on using the repository browser.

Download in other formats: