Context Navigation

source: libabac/abac_pl_gen.c @ 9335cfa

mei_rt2mei_rt2_fix_1

Last change on this file since 9335cfa was 9335cfa, checked in by Mei <mei@…>, 12 years ago
1) add handling of 'this' data term for the principal type 2) add payraise_rt1_typed example 3) expand more test cases for python/swig/libabac
Property mode set to `100644`
File size: 25.6 KB

Line
1
2
3	/***********************************************************************/
4	/* clause generation called from parser to generate credential clauses */
5	/***********************************************************************/
6	#include <stdio.h>
7	#include <assert.h>
8	#include <stdlib.h>
9
10	#include "abac_set.h"
11	#include "abac_util.h"
12	#include "abac_pl.h"
13
14	#include "uthash.h"
15
16	// index to generate C1,C2..
17	static int cred_count=0;
18
19	static int debug=0;
20
21	extern int using_this;
22
23	extern char* abac_yyfptr_encoded;
24	extern int abac_yy_cnt_yy_id_certs();
25	extern void abac_yy_free_yy_id_certs();
26	extern char *abac_yy_string_yy_id_certs();
27	extern void abac_yy_free_yy_constraints();
28	extern char *abac_yy_string_yy_constraints();
29
30	/***********************************************************************/
31	static char* isX()
32	{
33	static char x_string[2]="X";
34	static char this_string[5]="This";
35	if(using_this)
36	return this_string;
37	else
38	return x_string;
39	}
40
41	static int _get_next_cred_idx()
42	{
43	cred_count++;
44	return cred_count;
45	}
46
47	/* remember to free the returned string */
48	static char *_compose_cred_list()
49	{
50	int i=cred_count;
51	if(cred_count==0) return "";
52
53	char clist=(char )abac_xmalloc(sizeof(char)(cred_count)3);
54	strcpy(clist,"C1");
55	if (cred_count==1) return clist;
56
57	i=1;
58	while(i!=cred_count) {
59	i++;
60	sprintf(clist,"%s,C%d",clist,i);
61	}
62	return clist;
63	}
64
65	/***********************************************************************/
66	/* generate role(p_name, r_name, param..) */
67	static char* generate_pl_head_role_string(abac_role_t *role)
68	{
69	char *tmp=NULL;
70	char *principalname=abac_role_principal_name(role);
71	char *rolename=abac_role_role_name(role);
72	char *param_string=NULL;
73	int cnt=0;
74
75	/* can not be a linked role */
76	abac_param_list_t *role_params=abac_role_role_params(role);
77	if(role_params) {
78	param_string=abac_param_list_string(role_params);
79	}
80
81	if (param_string != NULL) {
82	cnt=asprintf(&tmp,"role(%s,%s,%s)", principalname, rolename, param_string);
83	free(param_string);
84	} else {
85	cnt=asprintf(&tmp,"role(%s,%s)", principalname, rolename);
86	}
87
88	if(debug && tmp) printf("head_role_string: (%s)\n",tmp);
89	if(cnt>0)
90	return tmp;
91	else
92	return NULL;
93	}
94
95	/* generate role(p_name, r_name, param..) with isMember call ?? */
96	static char* generate_pl_tail_role_string(abac_role_t *role)
97	{
98	char *tmp;
99	char *principalname=abac_role_principal_name(role);
100	char *rolename=abac_role_role_name(role);
101	char *linkedname=abac_role_linked_role(role);
102
103	char *param_string=NULL;
104	char *linked_param_string=NULL;
105	int cnt=0;
106
107	abac_param_list_t *role_params=abac_role_role_params(role);
108	if(role_params) {
109	param_string=abac_param_list_string(role_params);
110	}
111
112	abac_param_list_t *linked_role_params=abac_role_linked_role_params(role);
113	if(linked_role_params) {
114	linked_param_string=abac_param_list_string(linked_role_params);
115	}
116
117	/* b.r.r */
118	if(linkedname!=NULL && rolename!=NULL && principalname!=NULL ) {
119	int fst=_get_next_cred_idx();
120	int snd=_get_next_cred_idx();
121	if(linked_param_string !=NULL) {
122	if (param_string != NULL) {
123	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(%s,role(Y,%s,%s),C%d)",
124	principalname,
125	linkedname,linked_param_string,fst,
126	isX(),
127	rolename,param_string,snd);
128	free(param_string);
129	} else {
130	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(%s,role(Y,%s),C%d)",
131	principalname,
132	linkedname,linked_param_string,fst,
133	isX(),
134	rolename,snd);
135	}
136	free(linked_param_string);
137	} else {
138	if (role_params != NULL) {
139	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(%s,role(Y,%s,%s),C%d)",
140	principalname,
141	linkedname,fst,
142	isX(),
143	rolename,param_string,snd);
144	free(param_string);
145	} else {
146	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(%s,role(Y,%s),C%d)",
147	principalname,
148	linkedname,fst,
149	isX(),
150	rolename,snd);
151	}
152	}
153	if(debug && tmp) printf("tail_role_string1: (%s)\n",tmp);
154	if(cnt>0)
155	return tmp;
156	else
157	return NULL;
158	}
159	/* b.r */
160	if(linkedname==NULL && rolename!=NULL && principalname!=NULL ) {
161	int fst=_get_next_cred_idx();
162	if(param_string != NULL) {
163	cnt=asprintf(&tmp,"isMember(%s,role(%s,%s,%s),C%d)",
164	isX(),
165	principalname, rolename, param_string, fst);
166	free(param_string);
167	} else {
168	cnt=asprintf(&tmp,"isMember(%s,role(%s,%s),C%d)",
169	isX(),
170	principalname, rolename, fst);
171	}
172	if(debug && tmp) printf("tail_role_string2: (%s)\n",tmp);
173	if(cnt>0)
174	return tmp;
175	else
176	return NULL;
177	}
178	/* b */
179	if(linkedname==NULL && rolename==NULL && principalname!=NULL ) {
180	tmp=abac_xstrdup(principalname);
181	if(debug && tmp) printf("tail_role_string3: (%s)\n",tmp);
182	return tmp;
183	}
184
185	if(debug && tmp) printf("tail_role_string4: (%s)\n",tmp);
186	return tmp;
187	}
188
189
190	/* generate oset(p_name, r_name, param..) */
191	static char* generate_pl_head_oset_string(abac_oset_t *oset)
192	{
193	char *tmp=NULL;
194	char *principalname=abac_oset_principal_name(oset);
195	char *osetname=abac_oset_oset_name(oset);
196	char *param_string=NULL;
197	int cnt=0;
198
199	/* can not be a linked role */
200	abac_param_list_t *oset_params=abac_oset_oset_params(oset);
201	if(oset_params) {
202	param_string=abac_param_list_string(oset_params);
203	}
204
205	if (param_string != NULL) {
206	cnt=asprintf(&tmp,"oset(%s,%s,%s)", principalname, osetname, param_string);
207	free(param_string);
208	} else {
209	cnt=asprintf(&tmp,"oset(%s,%s)", principalname, osetname);
210	}
211	if(debug && tmp) printf("head_oset_string: (%s)\n",tmp);
212	if(cnt>0)
213	return tmp;
214	else
215	return NULL;
216	}
217
218	/* generate oset(p_name, r_name, param..) with isMember call ?? */
219	static char* generate_pl_tail_oset_string(abac_oset_t *oset)
220	{
221	char *tmp;
222	/*
223	A.oset <- B
224	A.oset <- Obj
225	A.oset <- B.oset
226	A.oset <- B.role.oset
227	*/
228	/* o */
229	if(abac_oset_is_object(oset)) {
230	char *objectname=abac_oset_object_name(oset);
231	tmp=abac_xstrdup(objectname);
232	if(debug && tmp) printf("tail_oset_string1: (%s)\n",tmp);
233	return tmp;
234	} else {
235	char *principalname=abac_oset_principal_name(oset);
236	char *osetname=abac_oset_oset_name(oset);
237	char *linkedname=abac_oset_linked_role(oset);
238
239	char *param_string=NULL;
240	char *linked_param_string=NULL;
241	int cnt=0;
242
243	abac_param_list_t *oset_params=abac_oset_oset_params(oset);
244	if(oset_params) {
245	param_string=abac_param_list_string(oset_params);
246	}
247
248	abac_param_list_t *linked_role_params=abac_oset_linked_role_params(oset);
249	if(linked_role_params) {
250	linked_param_string=abac_param_list_string(linked_role_params);
251	}
252
253	/* b.r.r */
254	if(linkedname!=NULL && osetname!=NULL && principalname!=NULL ) {
255	int fst=_get_next_cred_idx();
256	int snd=_get_next_cred_idx();
257	if(linked_param_string !=NULL) {
258	if (param_string != NULL) {
259	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(%s,oset(Y,%s,%s),C%d)",
260	principalname,
261	linkedname,linked_param_string,fst,
262	isX(),
263	osetname,param_string,snd);
264	free(param_string);
265	} else {
266	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(%s,oset(Y,%s),C%d)",
267	principalname,
268	linkedname,linked_param_string,fst,
269	isX(),
270	osetname,snd);
271	}
272	free(linked_param_string);
273	} else {
274	if (oset_params != NULL) {
275	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(%s,oset(Y,%s,%s),C%d)",
276	principalname,
277	linkedname,fst,
278	isX(),
279	osetname,param_string,snd);
280	free(param_string);
281	} else {
282	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(%s,oset(Y,%s),C%d)",
283	principalname,
284	linkedname,fst,
285	isX(),
286	osetname,snd);
287	}
288	}
289	if(debug && tmp) printf("tail_oset_string2: (%s)\n",tmp);
290	if(cnt>0)
291	return tmp;
292	else
293	return NULL;
294	}
295	/* b.r */
296	if(linkedname==NULL && osetname!=NULL && principalname!=NULL ) {
297	int fst=_get_next_cred_idx();
298	if(param_string != NULL) {
299	cnt=asprintf(&tmp,"isMember(%s,oset(%s,%s,%s),C%d)",
300	isX(),
301	principalname, osetname, param_string, fst);
302	free(param_string);
303	} else {
304	cnt=asprintf(&tmp,"isMember(%s,oset(%s,%s),C%d)",
305	isX(),
306	principalname, osetname, fst);
307	}
308	if(debug && tmp) printf("tail_oset_string3: (%s)\n",tmp);
309	if(cnt>0)
310	return tmp;
311	else
312	return NULL;
313	}
314	/* b */
315	if(linkedname==NULL && osetname==NULL && principalname!=NULL ) {
316	tmp=abac_xstrdup(principalname);
317	if(debug && tmp) printf("tail_oset_string4: (%s)\n",tmp);
318	return tmp;
319	}
320
321	}
322	return tmp;
323	}
324
325
326	/********************************************************************************/
327
328	static char _build_constraint_rule_clause(char head_string, char *tail_string)
329	{
330	/only, A.R <- B /
331	char *tmp;
332	int idx=_get_next_cred_idx();
333	asprintf(&tmp, "isMember(%s,%s,C%d)", tail_string,head_string,idx);
334	return tmp;
335	}
336
337	static char _build_rule_clause(char rolename, char *head_string,
338	char tail_string, char id_string, char *constraint_string)
339	{
340	char *tmp=NULL;
341
342	if(rolename == NULL) {
343	/* A.R <- B */
344	if(id_string == NULL && constraint_string == NULL) {
345	asprintf(&tmp, "isMember(%s,%s,['%s'])",
346	tail_string,head_string,abac_yyfptr_encoded);
347	} else {
348	if(id_string == NULL) {
349	asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s",
350	tail_string,head_string,abac_yyfptr_encoded,
351	constraint_string);
352	} else if(constraint_string == NULL) {
353	asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s",
354	tail_string,head_string,abac_yyfptr_encoded,
355	id_string);
356	} else { asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s,%s",
357	tail_string,head_string,abac_yyfptr_encoded,
358	id_string, constraint_string);
359	}
360	}
361	} else {
362	/* A.R <- B.R */
363	/* A.R <- B.R.R */
364	if (cred_count==0) {
365	if(id_string == NULL && constraint_string == NULL) {
366	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s",
367	isX(),
368	head_string, abac_yyfptr_encoded, tail_string);
369	} else {
370	if(id_string == NULL) {
371	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s,%s",
372	isX(),
373	head_string, abac_yyfptr_encoded, tail_string,
374	constraint_string);
375	} else if(constraint_string == NULL) {
376	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s,%s",
377	isX(),
378	head_string, abac_yyfptr_encoded, id_string,
379	tail_string);
380	} else {
381	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s,%s,%s",
382	isX(),
383	head_string, abac_yyfptr_encoded, id_string,
384	tail_string, constraint_string);
385	}
386	}
387	} else {
388	char *tmp_cred_list=_compose_cred_list();
389	if(id_string == NULL && constraint_string == NULL) {
390	asprintf(&tmp,"isMember(%s,%s,L):-%s, appendL([['%s'],%s],L)",
391	isX(),
392	head_string, tail_string,
393	abac_yyfptr_encoded, tmp_cred_list);
394	} else {
395	if(id_string == NULL) {
396	asprintf(&tmp,"isMember(%s,%s,L):-%s, %s, appendL([['%s'],%s],L)",
397	isX(),
398	head_string, tail_string, constraint_string,
399	abac_yyfptr_encoded, tmp_cred_list);
400	} else if(constraint_string == NULL) {
401	asprintf(&tmp,"isMember(%s,%s,L):-%s, %s, appendL([['%s'],%s],L)",
402	isX(),
403	head_string, id_string, tail_string,
404	abac_yyfptr_encoded, tmp_cred_list);
405	} else {
406	asprintf(&tmp,"isMember(%s,%s,L):-%s, %s, %s, appendL([['%s'],%s],L)",
407	isX(),
408	head_string, id_string, tail_string,
409	constraint_string,
410	abac_yyfptr_encoded, tmp_cred_list);
411	}
412	}
413	free(tmp_cred_list);
414	cred_count=0;
415	}
416	}
417	return tmp;
418	}
419
420
421	static char generate_pl_rule_role_clause(char head_role_string,
422	abac_role_t tail_role, char id_string, char *constraint_string)
423	{
424	char *rolename=abac_role_role_name(tail_role);
425	char *tail_role_string=generate_pl_tail_role_string(tail_role);
426	if(rolename == NULL && tail_role_string == NULL)
427	goto error;
428	char *tmp=_build_rule_clause(rolename,head_role_string, tail_role_string,
429	id_string, constraint_string);
430	if(tail_role_string) free(tail_role_string);
431	return tmp;
432
433	error:
434	if(tail_role_string) free(tail_role_string);
435	return NULL;
436	}
437
438	static char generate_pl_rule_oset_clause(char head_oset_string, abac_oset_t tail_oset, char id_string, char *constraint_string)
439	{
440	char *osetname=abac_oset_oset_name(tail_oset);
441	char *tail_oset_string=generate_pl_tail_oset_string(tail_oset);
442	if(osetname == NULL && tail_oset_string == NULL)
443	goto error;
444	char *tmp=_build_rule_clause(osetname,head_oset_string, tail_oset_string, id_string, constraint_string);
445	if(tail_oset_string) free(tail_oset_string);
446	return tmp;
447
448	error:
449	if(tail_oset_string) free(tail_oset_string);
450	return NULL;
451	}
452
453
454	static char _add_string(char dstr, char *nstr)
455	{
456	if(strlen(dstr)==0) {
457	dstr=abac_xstrdup(nstr);
458	return dstr;
459	} else {
460	int len = strlen(dstr)+strlen(nstr)+2;
461	char tmp=abac_xmalloc(lensizeof(char));
462	sprintf(tmp,"%s,%s", dstr,nstr);
463	free(dstr);
464	return tmp;
465	}
466	return NULL;
467	}
468
469	static char _build_intersecting_clause(char head_role_string,
470	char tail_role_string, char id_string, char* constraint_string)
471	{
472	char *tmp;
473
474	if (cred_count==0) {
475	if(id_string == NULL && constraint_string == NULL) {
476	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s",
477	isX(),
478	head_role_string, abac_yyfptr_encoded, tail_role_string);
479	} else {
480	if(id_string == NULL) {
481	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s, %s",
482	isX(),
483	head_role_string, abac_yyfptr_encoded,
484	tail_role_string, constraint_string);
485	} else if(constraint_string == NULL) {
486	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s, %s",
487	isX(),
488	head_role_string, abac_yyfptr_encoded,
489	id_string, tail_role_string);
490	} else {
491	asprintf(&tmp,"isMember(%s,%s,['%s']):-%s, %s, %s",
492	isX(),
493	head_role_string, abac_yyfptr_encoded,
494	id_string, tail_role_string, constraint_string);
495	}
496	}
497	} else {
498	char *tmp_cred_list=_compose_cred_list();
499	if(id_string == NULL && constraint_string == NULL) {
500	asprintf(&tmp,"isMember(%s,%s,L):-%s, appendL([['%s'],%s],L)",
501	isX(),
502	head_role_string, tail_role_string,
503	abac_yyfptr_encoded, tmp_cred_list);
504	} else {
505	if(id_string == NULL) {
506	asprintf(&tmp,"isMember(%s,%s,L):-%s, %s, appendL([['%s'],%s],L)",
507	isX(),
508	head_role_string, tail_role_string, constraint_string,
509	abac_yyfptr_encoded, tmp_cred_list);
510	} else if(constraint_string == NULL) {
511	asprintf(&tmp,"isMember(%s,%s,L):-%s, %s, appendL([['%s'],%s],L)",
512	isX(),
513	head_role_string, id_string, tail_role_string,
514	abac_yyfptr_encoded, tmp_cred_list);
515	} else {
516	asprintf(&tmp,"isMember(%s,%s,L):-%s, %s, %s, appendL([['%s'],%s],L)",
517	isX(),
518	head_role_string, id_string, tail_role_string, constraint_string,
519	abac_yyfptr_encoded, tmp_cred_list);
520	}
521	}
522	free(tmp_cred_list);
523	cred_count=0;
524	}
525	return tmp;
526	}
527
528	static char generate_pl_intersecting_role_clause(char head_role_string,
529	abac_role_t tail_role, char id_string, char* constraint_string)
530	{
531	char *tmp=NULL;
532	char* tail_role_string=NULL;
533	abac_list_t *list=abac_role_prereqs(tail_role);
534	/* A.R <- B.R & C.R.R */
535
536	if (list != NULL) {
537	abac_role_t *cur;
538	abac_list_foreach(list, cur,
539	char *ntmp=generate_pl_tail_role_string(cur);
540	if(tail_role_string==NULL)
541	asprintf(&tail_role_string,"%s",ntmp);
542	else
543	asprintf(&tail_role_string,"%s, %s",tail_role_string,ntmp);
544	free(ntmp);
545	);
546	}
547
548	tmp=_build_intersecting_clause(head_role_string, tail_role_string, id_string,constraint_string);
549	if(tail_role_string) free(tail_role_string);
550	return tmp;
551	}
552
553	static char generate_pl_intersecting_oset_clause(char head_oset_string, abac_oset_t tail_oset, char id_string, char* constraint_string)
554	{
555	char *tmp=NULL;
556	char* tail_oset_string=NULL;
557	abac_list_t *list=abac_oset_prereqs(tail_oset);
558	/* A.O <- B.O & C.R.O */
559
560	if (list != NULL) {
561	abac_oset_t *cur;
562	abac_list_foreach(list, cur,
563	char *ntmp=generate_pl_tail_oset_string(cur);
564	if(tail_oset_string==NULL)
565	asprintf(&tail_oset_string,"%s",ntmp);
566	else
567	asprintf(&tail_oset_string,"%s, %s",tail_oset_string,ntmp);
568	free(ntmp);
569	);
570	}
571
572	tmp=_build_intersecting_clause(head_oset_string, tail_oset_string,
573	id_string, constraint_string);
574	if(tail_oset_string) free(tail_oset_string);
575	return tmp;
576	}
577
578	/* generate the yap isMember rule clause for the credential stmt */
579	abac_list_t generate_pl_role_clauses(abac_role_t head_role, abac_role_t *tail_role)
580	{
581	char *tmp=NULL;
582	char *id_clauses_string=NULL;
583	char *constraint_clauses_string=NULL;
584	abac_list_t *clauses=abac_list_new();
585
586	int cnt=abac_yy_cnt_yy_id_certs();
587	if(cnt > 0) { /* string it up */
588	id_clauses_string=abac_yy_string_yy_id_certs();
589	abac_yy_free_yy_id_certs();
590	}
591
592	/* XXX make a loop here */
593	cnt=abac_yy_cnt_yy_constraints();
594	if(cnt > 0) {
595	constraint_clauses_string=abac_yy_string_yy_constraints();
596	abac_yy_free_yy_constraints();
597	}
598
599	/* generate head's role string */
600	char *head_role_string=generate_pl_head_role_string(head_role);
601	if(head_role_string == NULL)
602	goto error;
603
604	/* tail side */
605	if(abac_role_is_intersection(tail_role)) {
606	tmp=generate_pl_intersecting_role_clause(head_role_string, tail_role,
607	id_clauses_string, constraint_clauses_string);
608	} else {
609	tmp=generate_pl_rule_role_clause(head_role_string, tail_role,
610	id_clauses_string, constraint_clauses_string);
611	}
612	if(tmp==NULL)
613	goto error;
614
615	abac_list_add(clauses,tmp);
616	return clauses;
617
618	error:
619	if(head_role_string) free(head_role_string);
620	if(id_clauses_string) free(id_clauses_string);
621	if(constraint_clauses_string) free(constraint_clauses_string);
622	return clauses;
623	}
624
625	abac_list_t generate_pl_oset_clauses(abac_oset_t head_oset, abac_oset_t *tail_oset)
626	{
627	char *tmp=NULL;
628	char *id_clauses_string=NULL;
629	char *constraint_clauses_string=NULL;
630	abac_list_t *clauses=abac_list_new();
631
632	int cnt=abac_yy_cnt_yy_id_certs();
633	if(cnt > 0) { /* string it up */
634	id_clauses_string=abac_yy_string_yy_id_certs();
635	abac_yy_free_yy_id_certs();
636	}
637
638	/* XXX */
639	cnt=abac_yy_cnt_yy_constraints();
640	if(cnt > 0) {
641	constraint_clauses_string=abac_yy_string_yy_constraints();
642	abac_yy_free_yy_constraints();
643	}
644
645	/* generate head's oset string */
646	char *head_oset_string=generate_pl_head_oset_string(head_oset);
647	if(head_oset_string == NULL)
648	goto error;
649
650	/* tail side */
651	if(abac_oset_is_intersection(tail_oset)) {
652	tmp=generate_pl_intersecting_oset_clause(head_oset_string, tail_oset,
653	id_clauses_string, constraint_clauses_string);
654	} else {
655	tmp=generate_pl_rule_oset_clause(head_oset_string, tail_oset,
656	id_clauses_string, constraint_clauses_string);
657	}
658	if(tmp==NULL)
659	goto error;
660
661	abac_list_add(clauses,tmp);
662	return clauses;
663
664	error:
665	if(head_oset_string) free(head_oset_string);
666	if(id_clauses_string) free(id_clauses_string);
667	if(constraint_clauses_string) free(constraint_clauses_string);
668	return clauses;
669	}
670
671	/* should be just 1 */
672	char generate_pl_role_constraint_clause(abac_role_t head_role, char *tail_string)
673	{
674	/* generate head's role string */
675	char *head_role_string=generate_pl_head_role_string(head_role);
676	if(head_role_string == NULL)
677	goto error;
678
679	/* tail side */
680	char *tmp=_build_constraint_rule_clause(head_role_string, tail_string);
681	if(tmp==NULL)
682	goto error;
683
684	return tmp;
685
686	error:
687	if(head_role_string) free(head_role_string);
688	return NULL;
689	}
690
691	/* integer(X)<10 */
692	/* X='abc' */
693	char generate_pl_range_constraint(char typestr,char var,char val,char *op)
694	{
695	char *tmp=NULL;
696	if(typestr)
697	asprintf(&tmp,"%s(%s)%s%s",typestr,var,op,val);
698	else
699	asprintf(&tmp,"%s%s%s",var,op,val);
700	return tmp;
701	}
702
703	/* compare(op,var,val) */
704	char generate_pl_range_time_constraint(char var,char val,char op)
705	{
706	char *tmp=NULL;
707	asprintf(&tmp,"compare(%s,%s,%s)",op,var,val);
708	return tmp;
709	}
710
711	/* should just be 1 clause */
712	char generate_pl_oset_constraint_clause(abac_oset_t head_oset,
713	char *tail_string)
714	{
715	/* generate head's oset string */
716	char *head_oset_string=generate_pl_head_oset_string(head_oset);
717	if(head_oset_string == NULL)
718	goto error;
719
720	/* tail side */
721	char *tmp=_build_constraint_rule_clause(head_oset_string, tail_string);
722	if(tmp==NULL)
723	goto error;
724
725	return tmp;
726	error:
727	if(head_oset_string) free(head_oset_string);
728	return NULL;
729	}
730
731
732	/* generate the yap isType rule clause for the type,
733	isType(Acme, keyid); */
734	char generate_pl_type_clause(char principalname, int type)
735	{
736	char *tmp=NULL;
737	char *typeid= abac_keyid_type(type);
738	if(typeid==NULL \|\| strcmp(typeid,"NULL")==0)
739	panic("generate_pl_type_clause: can not have null typeid");
740	int cnt=asprintf(&tmp,"isType(%s,%s)",
741	principalname, typeid);
742	return tmp;
743	}
744

Note: See TracBrowser for help on using the repository browser.

Download in other formats: