Context Navigation

source: libabac/abac_pl_gen.c @ 7b548fa

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 7b548fa was 7b548fa, checked in by Mei <mei@…>, 12 years ago

1) add time static constraint
2) add example balltime_rt2_typed
3) change the way that time is being kept

from 20120228T080000 to time(2012,2,28,8,0,0) and
the constraint check is via compare(op,time1,time2)

Property mode set to 100644

File size: 23.7 KB

Line
1
2
3	/***********************************************************************/
4	/* clause generation called from parser to generate credential clauses */
5	/***********************************************************************/
6	#include <stdio.h>
7	#include <assert.h>
8	#include <stdlib.h>
9
10	#include "abac_set.h"
11	#include "abac_util.h"
12	#include "abac_pl.h"
13
14	#include "uthash.h"
15
16	// index to generate C1,C2..
17	static int cred_count=0;
18
19	extern char* abac_yyfptr_encoded;
20	extern int abac_yy_cnt_yy_id_certs();
21	extern void abac_yy_free_yy_id_certs();
22	extern char *abac_yy_string_yy_id_certs();
23	extern void abac_yy_free_yy_constraints();
24	extern char *abac_yy_string_yy_constraints();
25
26	/***********************************************************************/
27	static int _get_next_cred_idx()
28	{
29	cred_count++;
30	return cred_count;
31	}
32
33	/* remember to free the returned string */
34	static char *_compose_cred_list()
35	{
36	int i=cred_count;
37	if(cred_count==0) return "";
38
39	char clist=(char )abac_xmalloc(sizeof(char)(cred_count)3);
40	strcpy(clist,"C1");
41	if (cred_count==1) return clist;
42
43	i=1;
44	while(i!=cred_count) {
45	i++;
46	sprintf(clist,"%s,C%d",clist,i);
47	}
48	return clist;
49	}
50
51	/***********************************************************************/
52	/* generate role(p_name, r_name, param..) */
53	static char* generate_pl_head_role_string(abac_role_t *role)
54	{
55	char *tmp=NULL;
56	char *principalname=abac_role_principal_cn(role);
57	char *rolename=abac_role_role_name(role);
58	char *param_string=NULL;
59	int cnt=0;
60
61	/* can not be a linked role */
62	abac_param_list_t *role_params=abac_role_role_params(role);
63	if(role_params) {
64	param_string=abac_param_list_string(role_params);
65	}
66
67	if (param_string != NULL) {
68	cnt=asprintf(&tmp,"role(%s,%s,%s)", principalname, rolename, param_string);
69	free(param_string);
70	} else {
71	cnt=asprintf(&tmp,"role(%s,%s)", principalname, rolename);
72	}
73	if(cnt>0)
74	return tmp;
75	else
76	return NULL;
77	}
78
79	/* generate role(p_name, r_name, param..) with isMember call ?? */
80	static char* generate_pl_tail_role_string(abac_role_t *role)
81	{
82	char *tmp;
83	char *principalname=abac_role_principal_cn(role);
84	char *rolename=abac_role_role_name(role);
85	char *linkedname=abac_role_linked_role(role);
86
87	char *param_string=NULL;
88	char *linked_param_string=NULL;
89	int cnt=0;
90
91	abac_param_list_t *role_params=abac_role_role_params(role);
92	if(role_params) {
93	param_string=abac_param_list_string(role_params);
94	}
95
96	abac_param_list_t *linked_role_params=abac_role_linked_role_params(role);
97	if(linked_role_params) {
98	linked_param_string=abac_param_list_string(linked_role_params);
99	}
100
101	/* b.r.r */
102	if(linkedname!=NULL && rolename!=NULL && principalname!=NULL ) {
103	int fst=_get_next_cred_idx();
104	int snd=_get_next_cred_idx();
105	if(linked_param_string !=NULL) {
106	if (param_string != NULL) {
107	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,role(Y,%s,%s),C%d)",
108	principalname,
109	linkedname,linked_param_string,fst,
110	rolename,param_string,snd);
111	free(param_string);
112	} else {
113	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,role(Y,%s),C%d)",
114	principalname,
115	linkedname,linked_param_string,fst,
116	rolename,snd);
117	}
118	free(linked_param_string);
119	} else {
120	if (role_params != NULL) {
121	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,role(Y,%s,%s),C%d)",
122	principalname,
123	linkedname,fst,
124	rolename,param_string,snd);
125	free(param_string);
126	} else {
127	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,role(Y,%s),C%d)",
128	principalname,
129	linkedname,fst,
130	rolename,snd);
131	}
132	}
133	if(cnt>0)
134	return tmp;
135	else
136	return NULL;
137	}
138	/* b.r */
139	if(linkedname==NULL && rolename!=NULL && principalname!=NULL ) {
140	int fst=_get_next_cred_idx();
141	if(param_string != NULL) {
142	cnt=asprintf(&tmp,"isMember(X,role(%s,%s,%s),C%d)",
143	principalname, rolename, param_string, fst);
144	free(param_string);
145	} else {
146	cnt=asprintf(&tmp,"isMember(X,role(%s,%s),C%d)",
147	principalname, rolename, fst);
148	}
149	if(cnt>0)
150	return tmp;
151	else
152	return NULL;
153	}
154	/* b */
155	if(linkedname==NULL && rolename==NULL && principalname!=NULL ) {
156	tmp=abac_xstrdup(principalname);
157	return tmp;
158	}
159
160	return tmp;
161	}
162
163
164	/* generate oset(p_name, r_name, param..) */
165	static char* generate_pl_head_oset_string(abac_oset_t *oset)
166	{
167	char *tmp=NULL;
168	char *principalname=abac_oset_principal_cn(oset);
169	char *osetname=abac_oset_oset_name(oset);
170	char *param_string=NULL;
171	int cnt=0;
172
173	/* can not be a linked role */
174	abac_param_list_t *oset_params=abac_oset_oset_params(oset);
175	if(oset_params) {
176	param_string=abac_param_list_string(oset_params);
177	}
178
179	if (param_string != NULL) {
180	cnt=asprintf(&tmp,"oset(%s,%s,%s)", principalname, osetname, param_string);
181	free(param_string);
182	} else {
183	cnt=asprintf(&tmp,"oset(%s,%s)", principalname, osetname);
184	}
185	if(cnt>0)
186	return tmp;
187	else
188	return NULL;
189	}
190
191	/* generate oset(p_name, r_name, param..) with isMember call ?? */
192	static char* generate_pl_tail_oset_string(abac_oset_t *oset)
193	{
194	char *tmp;
195	/*
196	A.oset <- B
197	A.oset <- Obj
198	A.oset <- B.oset
199	A.oset <- B.role.oset
200	*/
201	/* o */
202	if(abac_oset_is_object(oset)) {
203	char *objectname=abac_oset_object_cn(oset);
204	tmp=abac_xstrdup(objectname);
205	return tmp;
206	} else {
207	char *principalname=abac_oset_principal_cn(oset);
208	char *osetname=abac_oset_oset_name(oset);
209	char *linkedname=abac_oset_linked_role(oset);
210
211	char *param_string=NULL;
212	char *linked_param_string=NULL;
213	int cnt=0;
214
215	abac_param_list_t *oset_params=abac_oset_oset_params(oset);
216	if(oset_params) {
217	param_string=abac_param_list_string(oset_params);
218	}
219
220	abac_param_list_t *linked_role_params=abac_oset_linked_role_params(oset);
221	if(linked_role_params) {
222	linked_param_string=abac_param_list_string(linked_role_params);
223	}
224
225	/* b.r.r */
226	if(linkedname!=NULL && osetname!=NULL && principalname!=NULL ) {
227	int fst=_get_next_cred_idx();
228	int snd=_get_next_cred_idx();
229	if(linked_param_string !=NULL) {
230	if (param_string != NULL) {
231	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,oset(Y,%s,%s),C%d)",
232	principalname,
233	linkedname,linked_param_string,fst,
234	osetname,param_string,snd);
235	free(param_string);
236	} else {
237	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,oset(Y,%s),C%d)",
238	principalname,
239	linkedname,linked_param_string,fst,
240	osetname,snd);
241	}
242	free(linked_param_string);
243	} else {
244	if (oset_params != NULL) {
245	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,oset(Y,%s,%s),C%d)",
246	principalname,
247	linkedname,fst,
248	osetname,param_string,snd);
249	free(param_string);
250	} else {
251	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,oset(Y,%s),C%d)",
252	principalname,
253	linkedname,fst,
254	osetname,snd);
255	}
256	}
257	if(cnt>0)
258	return tmp;
259	else
260	return NULL;
261	}
262	/* b.r */
263	if(linkedname==NULL && osetname!=NULL && principalname!=NULL ) {
264	int fst=_get_next_cred_idx();
265	if(param_string != NULL) {
266	cnt=asprintf(&tmp,"isMember(X,oset(%s,%s,%s),C%d)",
267	principalname, osetname, param_string, fst);
268	free(param_string);
269	} else {
270	cnt=asprintf(&tmp,"isMember(X,oset(%s,%s),C%d)",
271	principalname, osetname, fst);
272	}
273	if(cnt>0)
274	return tmp;
275	else
276	return NULL;
277	}
278	/* b */
279	if(linkedname==NULL && osetname==NULL && principalname!=NULL ) {
280	tmp=abac_xstrdup(principalname);
281	return tmp;
282	}
283
284	}
285	return tmp;
286	}
287
288
289	/********************************************************************************/
290
291	static char _build_constraint_rule_clause(char head_string, char *tail_string)
292	{
293	/only, A.R <- B /
294	char *tmp;
295	int idx=_get_next_cred_idx();
296	asprintf(&tmp, "isMember(%s,%s,C%d)", tail_string,head_string,idx);
297	return tmp;
298	}
299
300	static char _build_rule_clause(char rolename, char *head_string,
301	char tail_string, char id_string, char *constraint_string)
302	{
303	char *tmp=NULL;
304
305	if(rolename == NULL) {
306	/* A.R <- B */
307	if(id_string == NULL && constraint_string == NULL) {
308	asprintf(&tmp, "isMember(%s,%s,['%s'])",
309	tail_string,head_string,abac_yyfptr_encoded);
310	} else {
311	if(id_string == NULL) {
312	asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s",
313	tail_string,head_string,abac_yyfptr_encoded,
314	constraint_string);
315	} else if(constraint_string == NULL) {
316	asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s",
317	tail_string,head_string,abac_yyfptr_encoded,
318	id_string);
319	} else { asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s,%s",
320	tail_string,head_string,abac_yyfptr_encoded,
321	id_string, constraint_string);
322	}
323	}
324	} else {
325	/* A.R <- B.R */
326	/* A.R <- B.R.R */
327	if (cred_count==0) {
328	if(id_string == NULL && constraint_string == NULL) {
329	asprintf(&tmp,"isMember(X,%s,['%s']):-%s",
330	head_string, abac_yyfptr_encoded, tail_string);
331	} else {
332	if(id_string == NULL) {
333	asprintf(&tmp,"isMember(X,%s,['%s']):-%s,%s",
334	head_string, abac_yyfptr_encoded, tail_string,
335	constraint_string);
336	} else if(constraint_string == NULL) {
337	asprintf(&tmp,"isMember(X,%s,['%s']):-%s,%s",
338	head_string, abac_yyfptr_encoded, id_string,
339	tail_string);
340	} else {
341	asprintf(&tmp,"isMember(X,%s,['%s']):-%s,%s,%s",
342	head_string, abac_yyfptr_encoded, id_string,
343	tail_string, constraint_string);
344	}
345	}
346	} else {
347	char *tmp_cred_list=_compose_cred_list();
348	if(id_string == NULL && constraint_string == NULL) {
349	asprintf(&tmp,"isMember(X,%s,L):-%s, appendL([['%s'],%s],L)",
350	head_string, tail_string,
351	abac_yyfptr_encoded, tmp_cred_list);
352	} else {
353	if(id_string == NULL) {
354	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
355	head_string, tail_string, constraint_string,
356	abac_yyfptr_encoded, tmp_cred_list);
357	} else if(constraint_string == NULL) {
358	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
359	head_string, id_string, tail_string,
360	abac_yyfptr_encoded, tmp_cred_list);
361	} else {
362	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, %s, appendL([['%s'],%s],L)",
363	head_string, id_string, tail_string,
364	constraint_string,
365	abac_yyfptr_encoded, tmp_cred_list);
366	}
367	}
368	free(tmp_cred_list);
369	cred_count=0;
370	}
371	}
372	return tmp;
373	}
374
375
376	static char generate_pl_rule_role_clause(char head_role_string,
377	abac_role_t tail_role, char id_string, char *constraint_string)
378	{
379	char *rolename=abac_role_role_name(tail_role);
380	char *tail_role_string=generate_pl_tail_role_string(tail_role);
381	if(rolename == NULL && tail_role_string == NULL)
382	goto error;
383	char *tmp=_build_rule_clause(rolename,head_role_string, tail_role_string,
384	id_string, constraint_string);
385	if(tail_role_string) free(tail_role_string);
386	return tmp;
387
388	error:
389	if(tail_role_string) free(tail_role_string);
390	return NULL;
391	}
392
393	static char generate_pl_rule_oset_clause(char head_oset_string, abac_oset_t tail_oset, char id_string, char *constraint_string)
394	{
395	char *osetname=abac_oset_oset_name(tail_oset);
396	char *tail_oset_string=generate_pl_tail_oset_string(tail_oset);
397	if(osetname == NULL && tail_oset_string == NULL)
398	goto error;
399	char *tmp=_build_rule_clause(osetname,head_oset_string, tail_oset_string, id_string, constraint_string);
400	if(tail_oset_string) free(tail_oset_string);
401	return tmp;
402
403	error:
404	if(tail_oset_string) free(tail_oset_string);
405	return NULL;
406	}
407
408
409	static char _add_string(char dstr, char *nstr)
410	{
411	if(strlen(dstr)==0) {
412	dstr=abac_xstrdup(nstr);
413	return dstr;
414	} else {
415	int len = strlen(dstr)+strlen(nstr)+2;
416	char tmp=abac_xmalloc(lensizeof(char));
417	sprintf(tmp,"%s,%s", dstr,nstr);
418	free(dstr);
419	return tmp;
420	}
421	return NULL;
422	}
423
424	static char _build_intersecting_clause(char head_role_string,
425	char tail_role_string, char id_string, char* constraint_string)
426	{
427	char *tmp;
428
429	if (cred_count==0) {
430	if(id_string == NULL && constraint_string == NULL) {
431	asprintf(&tmp,"isMember(X,%s,['%s']):-%s",
432	head_role_string, abac_yyfptr_encoded, tail_role_string);
433	} else {
434	if(id_string == NULL) {
435	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s",
436	head_role_string, abac_yyfptr_encoded,
437	tail_role_string, constraint_string);
438	} else if(constraint_string == NULL) {
439	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s",
440	head_role_string, abac_yyfptr_encoded,
441	id_string, tail_role_string);
442	} else {
443	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s, %s",
444	head_role_string, abac_yyfptr_encoded,
445	id_string, tail_role_string, constraint_string);
446	}
447	}
448	} else {
449	char *tmp_cred_list=_compose_cred_list();
450	if(id_string == NULL && constraint_string == NULL) {
451	asprintf(&tmp,"isMember(X,%s,L):-%s, appendL([['%s'],%s],L)",
452	head_role_string, tail_role_string,
453	abac_yyfptr_encoded, tmp_cred_list);
454	} else {
455	if(id_string == NULL) {
456	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
457	head_role_string, tail_role_string, constraint_string,
458	abac_yyfptr_encoded, tmp_cred_list);
459	} else if(constraint_string == NULL) {
460	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
461	head_role_string, id_string, tail_role_string,
462	abac_yyfptr_encoded, tmp_cred_list);
463	} else {
464	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, %s, appendL([['%s'],%s],L)",
465	head_role_string, id_string, tail_role_string, constraint_string,
466	abac_yyfptr_encoded, tmp_cred_list);
467	}
468	}
469	free(tmp_cred_list);
470	cred_count=0;
471	}
472	return tmp;
473	}
474
475	static char generate_pl_intersecting_role_clause(char head_role_string,
476	abac_role_t tail_role, char id_string, char* constraint_string)
477	{
478	char *tmp=NULL;
479	char* tail_role_string=NULL;
480	abac_list_t *list=abac_role_prereqs(tail_role);
481	/* A.R <- B.R & C.R.R */
482
483	if (list != NULL) {
484	abac_role_t *cur;
485	abac_list_foreach(list, cur,
486	char *ntmp=generate_pl_tail_role_string(cur);
487	if(tail_role_string==NULL)
488	asprintf(&tail_role_string,"%s",ntmp);
489	else
490	asprintf(&tail_role_string,"%s, %s",tail_role_string,ntmp);
491	free(ntmp);
492	);
493	}
494
495	tmp=_build_intersecting_clause(head_role_string, tail_role_string, id_string,constraint_string);
496	if(tail_role_string) free(tail_role_string);
497	return tmp;
498	}
499
500	static char generate_pl_intersecting_oset_clause(char head_oset_string, abac_oset_t tail_oset, char id_string, char* constraint_string)
501	{
502	char *tmp=NULL;
503	char* tail_oset_string=NULL;
504	abac_list_t *list=abac_oset_prereqs(tail_oset);
505	/* A.O <- B.O & C.R.O */
506
507	if (list != NULL) {
508	abac_oset_t *cur;
509	abac_list_foreach(list, cur,
510	char *ntmp=generate_pl_tail_oset_string(cur);
511	if(tail_oset_string==NULL)
512	asprintf(&tail_oset_string,"%s",ntmp);
513	else
514	asprintf(&tail_oset_string,"%s, %s",tail_oset_string,ntmp);
515	free(ntmp);
516	);
517	}
518
519	tmp=_build_intersecting_clause(head_oset_string, tail_oset_string,
520	id_string, constraint_string);
521	if(tail_oset_string) free(tail_oset_string);
522	return tmp;
523	}
524
525	/* generate the yap isMember rule clause for the credential stmt */
526	abac_list_t generate_pl_role_clauses(abac_role_t head_role, abac_role_t *tail_role)
527	{
528	char *tmp=NULL;
529	char *id_clauses_string=NULL;
530	char *constraint_clauses_string=NULL;
531	abac_list_t *clauses=abac_list_new();
532
533	int cnt=abac_yy_cnt_yy_id_certs();
534	if(cnt > 0) { /* string it up */
535	id_clauses_string=abac_yy_string_yy_id_certs();
536	abac_yy_free_yy_id_certs();
537	}
538
539	/* XXX make a loop here */
540	cnt=abac_yy_cnt_yy_constraints();
541	if(cnt > 0) {
542	constraint_clauses_string=abac_yy_string_yy_constraints();
543	abac_yy_free_yy_constraints();
544	}
545
546	/* generate head's role string */
547	char *head_role_string=generate_pl_head_role_string(head_role);
548	if(head_role_string == NULL)
549	goto error;
550
551	/* tail side */
552	if(abac_role_is_intersection(tail_role)) {
553	tmp=generate_pl_intersecting_role_clause(head_role_string, tail_role,
554	id_clauses_string, constraint_clauses_string);
555	} else {
556	tmp=generate_pl_rule_role_clause(head_role_string, tail_role,
557	id_clauses_string, constraint_clauses_string);
558	}
559	if(tmp==NULL)
560	goto error;
561
562	abac_list_add(clauses,tmp);
563	return clauses;
564
565	error:
566	if(head_role_string) free(head_role_string);
567	if(id_clauses_string) free(id_clauses_string);
568	if(constraint_clauses_string) free(constraint_clauses_string);
569	return clauses;
570	}
571
572	abac_list_t generate_pl_oset_clauses(abac_oset_t head_oset, abac_oset_t *tail_oset)
573	{
574	char *tmp=NULL;
575	char *id_clauses_string=NULL;
576	char *constraint_clauses_string=NULL;
577	abac_list_t *clauses=abac_list_new();
578
579	int cnt=abac_yy_cnt_yy_id_certs();
580	if(cnt > 0) { /* string it up */
581	id_clauses_string=abac_yy_string_yy_id_certs();
582	abac_yy_free_yy_id_certs();
583	}
584
585	/* XXX */
586	cnt=abac_yy_cnt_yy_constraints();
587	if(cnt > 0) {
588	constraint_clauses_string=abac_yy_string_yy_constraints();
589	abac_yy_free_yy_constraints();
590	}
591
592	/* generate head's oset string */
593	char *head_oset_string=generate_pl_head_oset_string(head_oset);
594	if(head_oset_string == NULL)
595	goto error;
596
597	/* tail side */
598	if(abac_oset_is_intersection(tail_oset)) {
599	tmp=generate_pl_intersecting_oset_clause(head_oset_string, tail_oset,
600	id_clauses_string, constraint_clauses_string);
601	} else {
602	tmp=generate_pl_rule_oset_clause(head_oset_string, tail_oset,
603	id_clauses_string, constraint_clauses_string);
604	}
605	if(tmp==NULL)
606	goto error;
607
608	abac_list_add(clauses,tmp);
609	return clauses;
610
611	error:
612	if(head_oset_string) free(head_oset_string);
613	if(id_clauses_string) free(id_clauses_string);
614	if(constraint_clauses_string) free(constraint_clauses_string);
615	return clauses;
616	}
617
618	/* should be just 1 */
619	char generate_pl_role_constraint_clause(abac_role_t head_role, char *tail_string)
620	{
621	/* generate head's role string */
622	char *head_role_string=generate_pl_head_role_string(head_role);
623	if(head_role_string == NULL)
624	goto error;
625
626	/* tail side */
627	char *tmp=_build_constraint_rule_clause(head_role_string, tail_string);
628	if(tmp==NULL)
629	goto error;
630
631	return tmp;
632
633	error:
634	if(head_role_string) free(head_role_string);
635	return NULL;
636	}
637
638	/* integer(X)<10 */
639	/* X='abc' */
640	char generate_pl_range_constraint(char typestr,char var,char val,char *op)
641	{
642	char *tmp=NULL;
643	if(typestr)
644	asprintf(&tmp,"%s(%s)%s%s",typestr,var,op,val);
645	else
646	asprintf(&tmp,"%s%s%s",var,op,val);
647	return tmp;
648	}
649
650	/* compare(op,var,val) */
651	char generate_pl_range_time_constraint(char var,char val,char op)
652	{
653	char *tmp=NULL;
654	asprintf(&tmp,"compare(%s,%s,%s)",op,var,val);
655	return tmp;
656	}
657
658	/* should just be 1 clause */
659	char generate_pl_oset_constraint_clause(abac_oset_t head_oset,
660	char *tail_string)
661	{
662	/* generate head's oset string */
663	char *head_oset_string=generate_pl_head_oset_string(head_oset);
664	if(head_oset_string == NULL)
665	goto error;
666
667	/* tail side */
668	char *tmp=_build_constraint_rule_clause(head_oset_string, tail_string);
669	if(tmp==NULL)
670	goto error;
671
672	return tmp;
673	error:
674	if(head_oset_string) free(head_oset_string);
675	return NULL;
676	}
677
678
679	/* generate the yap isType rule clause for the type,
680	isType(Acme, keyid); */
681	char generate_pl_type_clause(char principalname, int type)
682	{
683	char *tmp=NULL;
684	char *typeid= abac_keyid_type(type);
685	if(typeid==NULL \|\| strcmp(typeid,"NULL")==0)
686	panic("generate_pl_type_clause: can not have null typeid");
687	int cnt=asprintf(&tmp,"isType(%s,%s)",
688	principalname, typeid);
689	return tmp;
690	}
691

Note: See TracBrowser for help on using the repository browser.

Download in other formats: