Context Navigation

source: libabac/abac_pl_gen.c @ 7727f26

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 7727f26 was 7727f26, checked in by Mei <mei@…>, 12 years ago

1) add environment variables DUMP_DB, ABAC_CN.

ABAC_CN will switch to using CNs for keyid insead of SHAs

2) add/modified couple of doc files.

Property mode set to 100644

File size: 24.4 KB

Line
1
2
3	/***********************************************************************/
4	/* clause generation called from parser to generate credential clauses */
5	/***********************************************************************/
6	#include <stdio.h>
7	#include <assert.h>
8	#include <stdlib.h>
9
10	#include "abac_set.h"
11	#include "abac_util.h"
12	#include "abac_pl.h"
13
14	#include "uthash.h"
15
16	// index to generate C1,C2..
17	static int cred_count=0;
18
19	static int debug=0;
20
21	extern char* abac_yyfptr_encoded;
22	extern int abac_yy_cnt_yy_id_certs();
23	extern void abac_yy_free_yy_id_certs();
24	extern char *abac_yy_string_yy_id_certs();
25	extern void abac_yy_free_yy_constraints();
26	extern char *abac_yy_string_yy_constraints();
27
28	/***********************************************************************/
29	static int _get_next_cred_idx()
30	{
31	cred_count++;
32	return cred_count;
33	}
34
35	/* remember to free the returned string */
36	static char *_compose_cred_list()
37	{
38	int i=cred_count;
39	if(cred_count==0) return "";
40
41	char clist=(char )abac_xmalloc(sizeof(char)(cred_count)3);
42	strcpy(clist,"C1");
43	if (cred_count==1) return clist;
44
45	i=1;
46	while(i!=cred_count) {
47	i++;
48	sprintf(clist,"%s,C%d",clist,i);
49	}
50	return clist;
51	}
52
53	/***********************************************************************/
54	/* generate role(p_name, r_name, param..) */
55	static char* generate_pl_head_role_string(abac_role_t *role)
56	{
57	char *tmp=NULL;
58	char *principalname=abac_role_principal_name(role);
59	char *rolename=abac_role_role_name(role);
60	char *param_string=NULL;
61	int cnt=0;
62
63	/* can not be a linked role */
64	abac_param_list_t *role_params=abac_role_role_params(role);
65	if(role_params) {
66	param_string=abac_param_list_string(role_params);
67	}
68
69	if (param_string != NULL) {
70	cnt=asprintf(&tmp,"role(%s,%s,%s)", principalname, rolename, param_string);
71	free(param_string);
72	} else {
73	cnt=asprintf(&tmp,"role(%s,%s)", principalname, rolename);
74	}
75
76	if(debug && tmp) printf("head_role_string: (%s)\n",tmp);
77	if(cnt>0)
78	return tmp;
79	else
80	return NULL;
81	}
82
83	/* generate role(p_name, r_name, param..) with isMember call ?? */
84	static char* generate_pl_tail_role_string(abac_role_t *role)
85	{
86	char *tmp;
87	char *principalname=abac_role_principal_name(role);
88	char *rolename=abac_role_role_name(role);
89	char *linkedname=abac_role_linked_role(role);
90
91	char *param_string=NULL;
92	char *linked_param_string=NULL;
93	int cnt=0;
94
95	abac_param_list_t *role_params=abac_role_role_params(role);
96	if(role_params) {
97	param_string=abac_param_list_string(role_params);
98	}
99
100	abac_param_list_t *linked_role_params=abac_role_linked_role_params(role);
101	if(linked_role_params) {
102	linked_param_string=abac_param_list_string(linked_role_params);
103	}
104
105	/* b.r.r */
106	if(linkedname!=NULL && rolename!=NULL && principalname!=NULL ) {
107	int fst=_get_next_cred_idx();
108	int snd=_get_next_cred_idx();
109	if(linked_param_string !=NULL) {
110	if (param_string != NULL) {
111	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,role(Y,%s,%s),C%d)",
112	principalname,
113	linkedname,linked_param_string,fst,
114	rolename,param_string,snd);
115	free(param_string);
116	} else {
117	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,role(Y,%s),C%d)",
118	principalname,
119	linkedname,linked_param_string,fst,
120	rolename,snd);
121	}
122	free(linked_param_string);
123	} else {
124	if (role_params != NULL) {
125	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,role(Y,%s,%s),C%d)",
126	principalname,
127	linkedname,fst,
128	rolename,param_string,snd);
129	free(param_string);
130	} else {
131	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,role(Y,%s),C%d)",
132	principalname,
133	linkedname,fst,
134	rolename,snd);
135	}
136	}
137	if(debug && tmp) printf("tail_role_string1: (%s)\n",tmp);
138	if(cnt>0)
139	return tmp;
140	else
141	return NULL;
142	}
143	/* b.r */
144	if(linkedname==NULL && rolename!=NULL && principalname!=NULL ) {
145	int fst=_get_next_cred_idx();
146	if(param_string != NULL) {
147	cnt=asprintf(&tmp,"isMember(X,role(%s,%s,%s),C%d)",
148	principalname, rolename, param_string, fst);
149	free(param_string);
150	} else {
151	cnt=asprintf(&tmp,"isMember(X,role(%s,%s),C%d)",
152	principalname, rolename, fst);
153	}
154	if(debug && tmp) printf("tail_role_string2: (%s)\n",tmp);
155	if(cnt>0)
156	return tmp;
157	else
158	return NULL;
159	}
160	/* b */
161	if(linkedname==NULL && rolename==NULL && principalname!=NULL ) {
162	tmp=abac_xstrdup(principalname);
163	if(debug && tmp) printf("tail_role_string3: (%s)\n",tmp);
164	return tmp;
165	}
166
167	if(debug && tmp) printf("tail_role_string4: (%s)\n",tmp);
168	return tmp;
169	}
170
171
172	/* generate oset(p_name, r_name, param..) */
173	static char* generate_pl_head_oset_string(abac_oset_t *oset)
174	{
175	char *tmp=NULL;
176	char *principalname=abac_oset_principal_name(oset);
177	char *osetname=abac_oset_oset_name(oset);
178	char *param_string=NULL;
179	int cnt=0;
180
181	/* can not be a linked role */
182	abac_param_list_t *oset_params=abac_oset_oset_params(oset);
183	if(oset_params) {
184	param_string=abac_param_list_string(oset_params);
185	}
186
187	if (param_string != NULL) {
188	cnt=asprintf(&tmp,"oset(%s,%s,%s)", principalname, osetname, param_string);
189	free(param_string);
190	} else {
191	cnt=asprintf(&tmp,"oset(%s,%s)", principalname, osetname);
192	}
193	if(debug && tmp) printf("head_oset_string: (%s)\n",tmp);
194	if(cnt>0)
195	return tmp;
196	else
197	return NULL;
198	}
199
200	/* generate oset(p_name, r_name, param..) with isMember call ?? */
201	static char* generate_pl_tail_oset_string(abac_oset_t *oset)
202	{
203	char *tmp;
204	/*
205	A.oset <- B
206	A.oset <- Obj
207	A.oset <- B.oset
208	A.oset <- B.role.oset
209	*/
210	/* o */
211	if(abac_oset_is_object(oset)) {
212	char *objectname=abac_oset_object_name(oset);
213	tmp=abac_xstrdup(objectname);
214	if(debug && tmp) printf("tail_oset_string1: (%s)\n",tmp);
215	return tmp;
216	} else {
217	char *principalname=abac_oset_principal_name(oset);
218	char *osetname=abac_oset_oset_name(oset);
219	char *linkedname=abac_oset_linked_role(oset);
220
221	char *param_string=NULL;
222	char *linked_param_string=NULL;
223	int cnt=0;
224
225	abac_param_list_t *oset_params=abac_oset_oset_params(oset);
226	if(oset_params) {
227	param_string=abac_param_list_string(oset_params);
228	}
229
230	abac_param_list_t *linked_role_params=abac_oset_linked_role_params(oset);
231	if(linked_role_params) {
232	linked_param_string=abac_param_list_string(linked_role_params);
233	}
234
235	/* b.r.r */
236	if(linkedname!=NULL && osetname!=NULL && principalname!=NULL ) {
237	int fst=_get_next_cred_idx();
238	int snd=_get_next_cred_idx();
239	if(linked_param_string !=NULL) {
240	if (param_string != NULL) {
241	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,oset(Y,%s,%s),C%d)",
242	principalname,
243	linkedname,linked_param_string,fst,
244	osetname,param_string,snd);
245	free(param_string);
246	} else {
247	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,oset(Y,%s),C%d)",
248	principalname,
249	linkedname,linked_param_string,fst,
250	osetname,snd);
251	}
252	free(linked_param_string);
253	} else {
254	if (oset_params != NULL) {
255	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,oset(Y,%s,%s),C%d)",
256	principalname,
257	linkedname,fst,
258	osetname,param_string,snd);
259	free(param_string);
260	} else {
261	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,oset(Y,%s),C%d)",
262	principalname,
263	linkedname,fst,
264	osetname,snd);
265	}
266	}
267	if(debug && tmp) printf("tail_oset_string2: (%s)\n",tmp);
268	if(cnt>0)
269	return tmp;
270	else
271	return NULL;
272	}
273	/* b.r */
274	if(linkedname==NULL && osetname!=NULL && principalname!=NULL ) {
275	int fst=_get_next_cred_idx();
276	if(param_string != NULL) {
277	cnt=asprintf(&tmp,"isMember(X,oset(%s,%s,%s),C%d)",
278	principalname, osetname, param_string, fst);
279	free(param_string);
280	} else {
281	cnt=asprintf(&tmp,"isMember(X,oset(%s,%s),C%d)",
282	principalname, osetname, fst);
283	}
284	if(debug && tmp) printf("tail_oset_string3: (%s)\n",tmp);
285	if(cnt>0)
286	return tmp;
287	else
288	return NULL;
289	}
290	/* b */
291	if(linkedname==NULL && osetname==NULL && principalname!=NULL ) {
292	tmp=abac_xstrdup(principalname);
293	if(debug && tmp) printf("tail_oset_string4: (%s)\n",tmp);
294	return tmp;
295	}
296
297	}
298	return tmp;
299	}
300
301
302	/********************************************************************************/
303
304	static char _build_constraint_rule_clause(char head_string, char *tail_string)
305	{
306	/only, A.R <- B /
307	char *tmp;
308	int idx=_get_next_cred_idx();
309	asprintf(&tmp, "isMember(%s,%s,C%d)", tail_string,head_string,idx);
310	return tmp;
311	}
312
313	static char _build_rule_clause(char rolename, char *head_string,
314	char tail_string, char id_string, char *constraint_string)
315	{
316	char *tmp=NULL;
317
318	if(rolename == NULL) {
319	/* A.R <- B */
320	if(id_string == NULL && constraint_string == NULL) {
321	asprintf(&tmp, "isMember(%s,%s,['%s'])",
322	tail_string,head_string,abac_yyfptr_encoded);
323	} else {
324	if(id_string == NULL) {
325	asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s",
326	tail_string,head_string,abac_yyfptr_encoded,
327	constraint_string);
328	} else if(constraint_string == NULL) {
329	asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s",
330	tail_string,head_string,abac_yyfptr_encoded,
331	id_string);
332	} else { asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s,%s",
333	tail_string,head_string,abac_yyfptr_encoded,
334	id_string, constraint_string);
335	}
336	}
337	} else {
338	/* A.R <- B.R */
339	/* A.R <- B.R.R */
340	if (cred_count==0) {
341	if(id_string == NULL && constraint_string == NULL) {
342	asprintf(&tmp,"isMember(X,%s,['%s']):-%s",
343	head_string, abac_yyfptr_encoded, tail_string);
344	} else {
345	if(id_string == NULL) {
346	asprintf(&tmp,"isMember(X,%s,['%s']):-%s,%s",
347	head_string, abac_yyfptr_encoded, tail_string,
348	constraint_string);
349	} else if(constraint_string == NULL) {
350	asprintf(&tmp,"isMember(X,%s,['%s']):-%s,%s",
351	head_string, abac_yyfptr_encoded, id_string,
352	tail_string);
353	} else {
354	asprintf(&tmp,"isMember(X,%s,['%s']):-%s,%s,%s",
355	head_string, abac_yyfptr_encoded, id_string,
356	tail_string, constraint_string);
357	}
358	}
359	} else {
360	char *tmp_cred_list=_compose_cred_list();
361	if(id_string == NULL && constraint_string == NULL) {
362	asprintf(&tmp,"isMember(X,%s,L):-%s, appendL([['%s'],%s],L)",
363	head_string, tail_string,
364	abac_yyfptr_encoded, tmp_cred_list);
365	} else {
366	if(id_string == NULL) {
367	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
368	head_string, tail_string, constraint_string,
369	abac_yyfptr_encoded, tmp_cred_list);
370	} else if(constraint_string == NULL) {
371	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
372	head_string, id_string, tail_string,
373	abac_yyfptr_encoded, tmp_cred_list);
374	} else {
375	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, %s, appendL([['%s'],%s],L)",
376	head_string, id_string, tail_string,
377	constraint_string,
378	abac_yyfptr_encoded, tmp_cred_list);
379	}
380	}
381	free(tmp_cred_list);
382	cred_count=0;
383	}
384	}
385	return tmp;
386	}
387
388
389	static char generate_pl_rule_role_clause(char head_role_string,
390	abac_role_t tail_role, char id_string, char *constraint_string)
391	{
392	char *rolename=abac_role_role_name(tail_role);
393	char *tail_role_string=generate_pl_tail_role_string(tail_role);
394	if(rolename == NULL && tail_role_string == NULL)
395	goto error;
396	char *tmp=_build_rule_clause(rolename,head_role_string, tail_role_string,
397	id_string, constraint_string);
398	if(tail_role_string) free(tail_role_string);
399	return tmp;
400
401	error:
402	if(tail_role_string) free(tail_role_string);
403	return NULL;
404	}
405
406	static char generate_pl_rule_oset_clause(char head_oset_string, abac_oset_t tail_oset, char id_string, char *constraint_string)
407	{
408	char *osetname=abac_oset_oset_name(tail_oset);
409	char *tail_oset_string=generate_pl_tail_oset_string(tail_oset);
410	if(osetname == NULL && tail_oset_string == NULL)
411	goto error;
412	char *tmp=_build_rule_clause(osetname,head_oset_string, tail_oset_string, id_string, constraint_string);
413	if(tail_oset_string) free(tail_oset_string);
414	return tmp;
415
416	error:
417	if(tail_oset_string) free(tail_oset_string);
418	return NULL;
419	}
420
421
422	static char _add_string(char dstr, char *nstr)
423	{
424	if(strlen(dstr)==0) {
425	dstr=abac_xstrdup(nstr);
426	return dstr;
427	} else {
428	int len = strlen(dstr)+strlen(nstr)+2;
429	char tmp=abac_xmalloc(lensizeof(char));
430	sprintf(tmp,"%s,%s", dstr,nstr);
431	free(dstr);
432	return tmp;
433	}
434	return NULL;
435	}
436
437	static char _build_intersecting_clause(char head_role_string,
438	char tail_role_string, char id_string, char* constraint_string)
439	{
440	char *tmp;
441
442	if (cred_count==0) {
443	if(id_string == NULL && constraint_string == NULL) {
444	asprintf(&tmp,"isMember(X,%s,['%s']):-%s",
445	head_role_string, abac_yyfptr_encoded, tail_role_string);
446	} else {
447	if(id_string == NULL) {
448	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s",
449	head_role_string, abac_yyfptr_encoded,
450	tail_role_string, constraint_string);
451	} else if(constraint_string == NULL) {
452	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s",
453	head_role_string, abac_yyfptr_encoded,
454	id_string, tail_role_string);
455	} else {
456	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s, %s",
457	head_role_string, abac_yyfptr_encoded,
458	id_string, tail_role_string, constraint_string);
459	}
460	}
461	} else {
462	char *tmp_cred_list=_compose_cred_list();
463	if(id_string == NULL && constraint_string == NULL) {
464	asprintf(&tmp,"isMember(X,%s,L):-%s, appendL([['%s'],%s],L)",
465	head_role_string, tail_role_string,
466	abac_yyfptr_encoded, tmp_cred_list);
467	} else {
468	if(id_string == NULL) {
469	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
470	head_role_string, tail_role_string, constraint_string,
471	abac_yyfptr_encoded, tmp_cred_list);
472	} else if(constraint_string == NULL) {
473	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
474	head_role_string, id_string, tail_role_string,
475	abac_yyfptr_encoded, tmp_cred_list);
476	} else {
477	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, %s, appendL([['%s'],%s],L)",
478	head_role_string, id_string, tail_role_string, constraint_string,
479	abac_yyfptr_encoded, tmp_cred_list);
480	}
481	}
482	free(tmp_cred_list);
483	cred_count=0;
484	}
485	return tmp;
486	}
487
488	static char generate_pl_intersecting_role_clause(char head_role_string,
489	abac_role_t tail_role, char id_string, char* constraint_string)
490	{
491	char *tmp=NULL;
492	char* tail_role_string=NULL;
493	abac_list_t *list=abac_role_prereqs(tail_role);
494	/* A.R <- B.R & C.R.R */
495
496	if (list != NULL) {
497	abac_role_t *cur;
498	abac_list_foreach(list, cur,
499	char *ntmp=generate_pl_tail_role_string(cur);
500	if(tail_role_string==NULL)
501	asprintf(&tail_role_string,"%s",ntmp);
502	else
503	asprintf(&tail_role_string,"%s, %s",tail_role_string,ntmp);
504	free(ntmp);
505	);
506	}
507
508	tmp=_build_intersecting_clause(head_role_string, tail_role_string, id_string,constraint_string);
509	if(tail_role_string) free(tail_role_string);
510	return tmp;
511	}
512
513	static char generate_pl_intersecting_oset_clause(char head_oset_string, abac_oset_t tail_oset, char id_string, char* constraint_string)
514	{
515	char *tmp=NULL;
516	char* tail_oset_string=NULL;
517	abac_list_t *list=abac_oset_prereqs(tail_oset);
518	/* A.O <- B.O & C.R.O */
519
520	if (list != NULL) {
521	abac_oset_t *cur;
522	abac_list_foreach(list, cur,
523	char *ntmp=generate_pl_tail_oset_string(cur);
524	if(tail_oset_string==NULL)
525	asprintf(&tail_oset_string,"%s",ntmp);
526	else
527	asprintf(&tail_oset_string,"%s, %s",tail_oset_string,ntmp);
528	free(ntmp);
529	);
530	}
531
532	tmp=_build_intersecting_clause(head_oset_string, tail_oset_string,
533	id_string, constraint_string);
534	if(tail_oset_string) free(tail_oset_string);
535	return tmp;
536	}
537
538	/* generate the yap isMember rule clause for the credential stmt */
539	abac_list_t generate_pl_role_clauses(abac_role_t head_role, abac_role_t *tail_role)
540	{
541	char *tmp=NULL;
542	char *id_clauses_string=NULL;
543	char *constraint_clauses_string=NULL;
544	abac_list_t *clauses=abac_list_new();
545
546	int cnt=abac_yy_cnt_yy_id_certs();
547	if(cnt > 0) { /* string it up */
548	id_clauses_string=abac_yy_string_yy_id_certs();
549	abac_yy_free_yy_id_certs();
550	}
551
552	/* XXX make a loop here */
553	cnt=abac_yy_cnt_yy_constraints();
554	if(cnt > 0) {
555	constraint_clauses_string=abac_yy_string_yy_constraints();
556	abac_yy_free_yy_constraints();
557	}
558
559	/* generate head's role string */
560	char *head_role_string=generate_pl_head_role_string(head_role);
561	if(head_role_string == NULL)
562	goto error;
563
564	/* tail side */
565	if(abac_role_is_intersection(tail_role)) {
566	tmp=generate_pl_intersecting_role_clause(head_role_string, tail_role,
567	id_clauses_string, constraint_clauses_string);
568	} else {
569	tmp=generate_pl_rule_role_clause(head_role_string, tail_role,
570	id_clauses_string, constraint_clauses_string);
571	}
572	if(tmp==NULL)
573	goto error;
574
575	abac_list_add(clauses,tmp);
576	return clauses;
577
578	error:
579	if(head_role_string) free(head_role_string);
580	if(id_clauses_string) free(id_clauses_string);
581	if(constraint_clauses_string) free(constraint_clauses_string);
582	return clauses;
583	}
584
585	abac_list_t generate_pl_oset_clauses(abac_oset_t head_oset, abac_oset_t *tail_oset)
586	{
587	char *tmp=NULL;
588	char *id_clauses_string=NULL;
589	char *constraint_clauses_string=NULL;
590	abac_list_t *clauses=abac_list_new();
591
592	int cnt=abac_yy_cnt_yy_id_certs();
593	if(cnt > 0) { /* string it up */
594	id_clauses_string=abac_yy_string_yy_id_certs();
595	abac_yy_free_yy_id_certs();
596	}
597
598	/* XXX */
599	cnt=abac_yy_cnt_yy_constraints();
600	if(cnt > 0) {
601	constraint_clauses_string=abac_yy_string_yy_constraints();
602	abac_yy_free_yy_constraints();
603	}
604
605	/* generate head's oset string */
606	char *head_oset_string=generate_pl_head_oset_string(head_oset);
607	if(head_oset_string == NULL)
608	goto error;
609
610	/* tail side */
611	if(abac_oset_is_intersection(tail_oset)) {
612	tmp=generate_pl_intersecting_oset_clause(head_oset_string, tail_oset,
613	id_clauses_string, constraint_clauses_string);
614	} else {
615	tmp=generate_pl_rule_oset_clause(head_oset_string, tail_oset,
616	id_clauses_string, constraint_clauses_string);
617	}
618	if(tmp==NULL)
619	goto error;
620
621	abac_list_add(clauses,tmp);
622	return clauses;
623
624	error:
625	if(head_oset_string) free(head_oset_string);
626	if(id_clauses_string) free(id_clauses_string);
627	if(constraint_clauses_string) free(constraint_clauses_string);
628	return clauses;
629	}
630
631	/* should be just 1 */
632	char generate_pl_role_constraint_clause(abac_role_t head_role, char *tail_string)
633	{
634	/* generate head's role string */
635	char *head_role_string=generate_pl_head_role_string(head_role);
636	if(head_role_string == NULL)
637	goto error;
638
639	/* tail side */
640	char *tmp=_build_constraint_rule_clause(head_role_string, tail_string);
641	if(tmp==NULL)
642	goto error;
643
644	return tmp;
645
646	error:
647	if(head_role_string) free(head_role_string);
648	return NULL;
649	}
650
651	/* integer(X)<10 */
652	/* X='abc' */
653	char generate_pl_range_constraint(char typestr,char var,char val,char *op)
654	{
655	char *tmp=NULL;
656	if(typestr)
657	asprintf(&tmp,"%s(%s)%s%s",typestr,var,op,val);
658	else
659	asprintf(&tmp,"%s%s%s",var,op,val);
660	return tmp;
661	}
662
663	/* compare(op,var,val) */
664	char generate_pl_range_time_constraint(char var,char val,char op)
665	{
666	char *tmp=NULL;
667	asprintf(&tmp,"compare(%s,%s,%s)",op,var,val);
668	return tmp;
669	}
670
671	/* should just be 1 clause */
672	char generate_pl_oset_constraint_clause(abac_oset_t head_oset,
673	char *tail_string)
674	{
675	/* generate head's oset string */
676	char *head_oset_string=generate_pl_head_oset_string(head_oset);
677	if(head_oset_string == NULL)
678	goto error;
679
680	/* tail side */
681	char *tmp=_build_constraint_rule_clause(head_oset_string, tail_string);
682	if(tmp==NULL)
683	goto error;
684
685	return tmp;
686	error:
687	if(head_oset_string) free(head_oset_string);
688	return NULL;
689	}
690
691
692	/* generate the yap isType rule clause for the type,
693	isType(Acme, keyid); */
694	char generate_pl_type_clause(char principalname, int type)
695	{
696	char *tmp=NULL;
697	char *typeid= abac_keyid_type(type);
698	if(typeid==NULL \|\| strcmp(typeid,"NULL")==0)
699	panic("generate_pl_type_clause: can not have null typeid");
700	int cnt=asprintf(&tmp,"isType(%s,%s)",
701	principalname, typeid);
702	return tmp;
703	}
704

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac_pl_gen.c @ 7727f26

Download in other formats: