Context Navigation

source: libabac/abac_pl_gen.c @ d845403

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since d845403 was b5a3da4, checked in by Mei <mei@…>, 12 years ago
1) add abac_oset.c 2) reorganized some yyparse related files
Property mode set to `100644`
File size: 19.7 KB

Line
1
2
3	/***********************************************************************/
4	/* clause generation called from parser to generate credential clauses */
5	/***********************************************************************/
6	#include <stdio.h>
7	#include <assert.h>
8	#include <stdlib.h>
9
10	#include "abac_set.h"
11	#include "abac_util.h"
12	#include "abac_pl.h"
13
14	#include "uthash.h"
15
16	// index to generate C1,C2..
17	static int cred_count=0;
18	char *abac_addon_clauses=NULL;
19
20	extern char* abac_yyfptr_encoded;
21	extern int abac_yy_cnt_yy_id_certs();
22	extern void abac_yy_free_yy_id_certs();
23	extern char *abac_yy_string_yy_id_certs();
24	extern void abac_yy_free_yy_constraints();
25
26	/***********************************************************************/
27	static int _get_next_cred_idx()
28	{
29	cred_count++;
30	return cred_count;
31	}
32
33	/* remember to free the returned string */
34	static char *_compose_cred_list()
35	{
36	int i=cred_count;
37	if(cred_count==0) return "";
38
39	char clist=(char )abac_xmalloc(sizeof(char)(cred_count)3);
40	strcpy(clist,"C1");
41	if (cred_count==1) return clist;
42
43	i=1;
44	while(i!=cred_count) {
45	i++;
46	sprintf(clist,"%s,C%d",clist,i);
47	}
48	return clist;
49	}
50
51	/* generate role(p_name, r_name, param..) */
52	static char* generate_pl_head_role_string(abac_role_t *role)
53	{
54	char *tmp=NULL;
55	char *principalname=abac_role_principal_cn(role);
56	char *rolename=abac_role_role_name(role);
57	char *param_string=NULL;
58	int cnt=0;
59
60	/* can not be a linked role */
61	abac_param_list_t *role_params=abac_role_role_params(role);
62	if(role_params) {
63	param_string=abac_param_list_string(role_params);
64	}
65
66	if (param_string != NULL) {
67	cnt=asprintf(&tmp,"role(%s,%s,%s)", principalname, rolename, param_string);
68	free(param_string);
69	} else {
70	cnt=asprintf(&tmp,"role(%s,%s)", principalname, rolename);
71	}
72	if(cnt>0)
73	return tmp;
74	else
75	return NULL;
76	}
77
78	/* generate role(p_name, r_name, param..) with isMember call ?? */
79	static char* generate_pl_tail_role_string(abac_role_t *role)
80	{
81	char *tmp;
82	char *principalname=abac_role_principal_cn(role);
83	char *rolename=abac_role_role_name(role);
84	char *linkedname=abac_role_linked_role(role);
85
86	char *param_string=NULL;
87	char *linked_param_string=NULL;
88	int cnt=0;
89
90	abac_param_list_t *role_params=abac_role_role_params(role);
91	if(role_params) {
92	param_string=abac_param_list_string(role_params);
93	}
94
95	abac_param_list_t *linked_role_params=abac_role_linked_role_params(role);
96	if(linked_role_params) {
97	linked_param_string=abac_param_list_string(linked_role_params);
98	}
99
100	/* b.r.r */
101	if(linkedname!=NULL && rolename!=NULL && principalname!=NULL ) {
102	int fst=_get_next_cred_idx();
103	int snd=_get_next_cred_idx();
104	if(linked_param_string !=NULL) {
105	if (param_string != NULL) {
106	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,role(Y,%s,%s),C%d)",
107	principalname,
108	linkedname,linked_param_string,fst,
109	rolename,param_string,snd);
110	free(param_string);
111	} else {
112	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,role(Y,%s),C%d)",
113	principalname,
114	linkedname,linked_param_string,fst,
115	rolename,snd);
116	}
117	free(linked_param_string);
118	} else {
119	if (role_params != NULL) {
120	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,role(Y,%s,%s),C%d)",
121	principalname,
122	linkedname,fst,
123	rolename,param_string,snd);
124	free(param_string);
125	} else {
126	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,role(Y,%s),C%d)",
127	principalname,
128	linkedname,fst,
129	rolename,snd);
130	}
131	}
132	if(cnt>0)
133	return tmp;
134	else
135	return NULL;
136	}
137	/* b.r */
138	if(linkedname==NULL && rolename!=NULL && principalname!=NULL ) {
139	int fst=_get_next_cred_idx();
140	if(param_string != NULL) {
141	cnt=asprintf(&tmp,"isMember(X,role(%s,%s,%s),C%d)",
142	principalname, rolename, param_string, fst);
143	free(param_string);
144	} else {
145	cnt=asprintf(&tmp,"isMember(X,role(%s,%s),C%d)",
146	principalname, rolename, fst);
147	}
148	if(cnt>0)
149	return tmp;
150	else
151	return NULL;
152	}
153	/* b */
154	if(linkedname==NULL && rolename==NULL && principalname!=NULL ) {
155	tmp=abac_xstrdup(principalname);
156	return tmp;
157	}
158
159	return tmp;
160	}
161
162
163	/* generate oset(p_name, r_name, param..) */
164	static char* generate_pl_head_oset_string(abac_oset_t *oset)
165	{
166	char *tmp=NULL;
167	char *principalname=abac_oset_principal_cn(oset);
168	char *osetname=abac_oset_oset_name(oset);
169	char *param_string=NULL;
170	int cnt=0;
171
172	/* can not be a linked role */
173	abac_param_list_t *oset_params=abac_oset_oset_params(oset);
174	if(oset_params) {
175	param_string=abac_param_list_string(oset_params);
176	}
177
178	if (param_string != NULL) {
179	cnt=asprintf(&tmp,"oset(%s,%s,%s)", principalname, osetname, param_string);
180	free(param_string);
181	} else {
182	cnt=asprintf(&tmp,"oset(%s,%s)", principalname, osetname);
183	}
184	if(cnt>0)
185	return tmp;
186	else
187	return NULL;
188	}
189
190	/* generate oset(p_name, r_name, param..) with isMember call ?? */
191	static char* generate_pl_tail_oset_string(abac_oset_t *oset)
192	{
193	char *tmp;
194	/*
195	A.oset <- B
196	A.oset <- Obj
197	A.oset <- B.oset
198	A.oset <- B.role.oset
199	*/
200	/* o */
201	if(abac_oset_is_object(oset)) {
202	char *objectname=abac_oset_object_cn(oset);
203	tmp=abac_xstrdup(objectname);
204	return tmp;
205	} else {
206	char *principalname=abac_oset_principal_cn(oset);
207	char *osetname=abac_oset_oset_name(oset);
208	char *linkedname=abac_oset_linked_role(oset);
209
210	char *param_string=NULL;
211	char *linked_param_string=NULL;
212	int cnt=0;
213
214	abac_param_list_t *oset_params=abac_oset_oset_params(oset);
215	if(oset_params) {
216	param_string=abac_param_list_string(oset_params);
217	}
218
219	abac_param_list_t *linked_role_params=abac_oset_linked_role_params(oset);
220	if(linked_role_params) {
221	linked_param_string=abac_param_list_string(linked_role_params);
222	}
223
224	/* b.r.r */
225	if(linkedname!=NULL && osetname!=NULL && principalname!=NULL ) {
226	int fst=_get_next_cred_idx();
227	int snd=_get_next_cred_idx();
228	if(linked_param_string !=NULL) {
229	if (param_string != NULL) {
230	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,oset(Y,%s,%s),C%d)",
231	principalname,
232	linkedname,linked_param_string,fst,
233	osetname,param_string,snd);
234	free(param_string);
235	} else {
236	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s,%s),C%d),isMember(X,oset(Y,%s),C%d)",
237	principalname,
238	linkedname,linked_param_string,fst,
239	osetname,snd);
240	}
241	free(linked_param_string);
242	} else {
243	if (oset_params != NULL) {
244	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,oset(Y,%s,%s),C%d)",
245	principalname,
246	linkedname,fst,
247	osetname,param_string,snd);
248	free(param_string);
249	} else {
250	cnt=asprintf(&tmp,"isMember(Y,role(%s,%s),C%d),isMember(X,oset(Y,%s),C%d)",
251	principalname,
252	linkedname,fst,
253	osetname,snd);
254	}
255	}
256	if(cnt>0)
257	return tmp;
258	else
259	return NULL;
260	}
261	/* b.r */
262	if(linkedname==NULL && osetname!=NULL && principalname!=NULL ) {
263	int fst=_get_next_cred_idx();
264	if(param_string != NULL) {
265	cnt=asprintf(&tmp,"isMember(X,oset(%s,%s,%s),C%d)",
266	principalname, osetname, param_string, fst);
267	free(param_string);
268	} else {
269	cnt=asprintf(&tmp,"isMember(X,oset(%s,%s),C%d)",
270	principalname, osetname, fst);
271	}
272	if(cnt>0)
273	return tmp;
274	else
275	return NULL;
276	}
277	/* b */
278	if(linkedname==NULL && osetname==NULL && principalname!=NULL ) {
279	tmp=abac_xstrdup(principalname);
280	return tmp;
281	}
282
283	}
284	return tmp;
285	}
286
287
288	/********************************************************************************/
289
290	static char _build_constraint_rule_clause(char head_string, char *tail_string)
291	{
292	/only, A.R <- B /
293	char *tmp;
294	int idx=_get_next_cred_idx();
295	asprintf(&tmp, "isMember(%s,%s,C%d)", tail_string,head_string,idx);
296	return tmp;
297	}
298
299	static char _build_rule_clause(char rolename, char head_string, char tail_string)
300	{
301	char *tmp=NULL;
302
303	if(rolename == NULL) {
304	/* A.R <- B */
305	if(abac_addon_clauses==NULL) {
306	asprintf(&tmp, "isMember(%s,%s,['%s'])",
307	tail_string,head_string,abac_yyfptr_encoded);
308	} else {
309	asprintf(&tmp, "isMember(%s,%s,['%s']) :- %s",
310	tail_string,head_string,abac_yyfptr_encoded,
311	abac_addon_clauses);
312	free(abac_addon_clauses);
313	abac_addon_clauses=NULL;
314	}
315	} else {
316	/* A.R <- B.R */
317	/* A.R <- B.R.R */
318	if (cred_count==0) {
319	if(abac_addon_clauses==NULL) {
320	asprintf(&tmp,"isMember(X,%s,['%s']):-%s",
321	head_string, abac_yyfptr_encoded, tail_string);
322	} else {
323	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s",
324	head_string, abac_yyfptr_encoded,
325	tail_string,abac_addon_clauses);
326	free(abac_addon_clauses);
327	abac_addon_clauses=NULL;
328	}
329	} else {
330	char *tmp_cred_list=_compose_cred_list();
331	if(abac_addon_clauses == NULL) {
332	asprintf(&tmp,"isMember(X,%s,L):-%s, appendL([['%s'],%s],L)",
333	head_string, tail_string,
334	abac_yyfptr_encoded, tmp_cred_list);
335	} else {
336	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
337	head_string, tail_string, abac_addon_clauses,
338	abac_yyfptr_encoded, tmp_cred_list);
339	free(abac_addon_clauses);
340	abac_addon_clauses=NULL;
341	}
342	free(tmp_cred_list);
343	cred_count=0;
344	}
345	}
346	return tmp;
347	}
348
349
350	static char generate_pl_rule_role_clause(char head_role_string, abac_role_t *tail_role)
351	{
352	char *rolename=abac_role_role_name(tail_role);
353	char *tail_role_string=generate_pl_tail_role_string(tail_role);
354	if(rolename == NULL && tail_role_string == NULL)
355	goto error;
356	char *tmp=_build_rule_clause(rolename,head_role_string, tail_role_string);
357	if(tail_role_string) free(tail_role_string);
358	return tmp;
359
360	error:
361	if(tail_role_string) free(tail_role_string);
362	return NULL;
363	}
364
365	static char generate_pl_rule_oset_clause(char head_oset_string, abac_oset_t *tail_oset)
366	{
367	char *osetname=abac_oset_oset_name(tail_oset);
368	char *tail_oset_string=generate_pl_tail_oset_string(tail_oset);
369	if(osetname == NULL && tail_oset_string == NULL)
370	goto error;
371	char *tmp=_build_rule_clause(osetname,head_oset_string, tail_oset_string);
372	if(tail_oset_string) free(tail_oset_string);
373	return tmp;
374
375	error:
376	if(tail_oset_string) free(tail_oset_string);
377	return NULL;
378	}
379
380
381	static char _add_string(char dstr, char *nstr)
382	{
383	if(strlen(dstr)==0) {
384	dstr=abac_xstrdup(nstr);
385	return dstr;
386	} else {
387	int len = strlen(dstr)+strlen(nstr)+2;
388	char tmp=abac_xmalloc(lensizeof(char));
389	sprintf(tmp,"%s,%s", dstr,nstr);
390	free(dstr);
391	return tmp;
392	}
393	return NULL;
394	}
395
396	static char _build_intersecting_clause(char head_role_string, char *tail_role_string)
397	{
398	char *tmp;
399
400	if (cred_count==0) {
401	if(abac_addon_clauses ==NULL) {
402	asprintf(&tmp,"isMember(X,%s,['%s']):-%s",
403	head_role_string, abac_yyfptr_encoded, tail_role_string);
404	} else {
405	asprintf(&tmp,"isMember(X,%s,['%s']):-%s, %s",
406	head_role_string, abac_yyfptr_encoded,
407	tail_role_string, abac_addon_clauses);
408	free(abac_addon_clauses);
409	abac_addon_clauses=NULL;
410	}
411	} else {
412	char *tmp_cred_list=_compose_cred_list();
413	if(abac_addon_clauses ==NULL) {
414	asprintf(&tmp,"isMember(X,%s,L):-%s, appendL([['%s'],%s],L)",
415	head_role_string, tail_role_string,
416	abac_yyfptr_encoded, tmp_cred_list);
417	} else {
418	asprintf(&tmp,"isMember(X,%s,L):-%s, %s, appendL([['%s'],%s],L)",
419	head_role_string, tail_role_string, abac_addon_clauses,
420	abac_yyfptr_encoded, tmp_cred_list);
421	free(abac_addon_clauses);
422	abac_addon_clauses=NULL;
423	}
424	free(tmp_cred_list);
425	cred_count=0;
426	}
427	return tmp;
428	}
429
430	static char generate_pl_intersecting_role_clause(char head_role_string, abac_role_t *tail_role)
431	{
432	char *tmp=NULL;
433	char* tail_role_string=NULL;
434	abac_list_t *list=abac_role_prereqs(tail_role);
435	/* A.R <- B.R & C.R.R */
436
437	if (list != NULL) {
438	abac_role_t *cur;
439	abac_list_foreach(list, cur,
440	char *ntmp=generate_pl_tail_role_string(cur);
441	if(tail_role_string==NULL)
442	asprintf(&tail_role_string,"%s",ntmp);
443	else
444	asprintf(&tail_role_string,"%s, %s",tail_role_string,ntmp);
445	free(ntmp);
446	);
447	}
448
449	tmp=_build_intersecting_clause(head_role_string, tail_role_string);
450	if(tail_role_string) free(tail_role_string);
451	return tmp;
452	}
453
454	static char generate_pl_intersecting_oset_clause(char head_oset_string, abac_oset_t *tail_oset)
455	{
456	char *tmp=NULL;
457	char* tail_oset_string=NULL;
458	abac_list_t *list=abac_oset_prereqs(tail_oset);
459	/* A.O <- B.O & C.R.O */
460
461	if (list != NULL) {
462	abac_oset_t *cur;
463	abac_list_foreach(list, cur,
464	char *ntmp=generate_pl_tail_oset_string(cur);
465	if(tail_oset_string==NULL)
466	asprintf(&tail_oset_string,"%s",ntmp);
467	else
468	asprintf(&tail_oset_string,"%s, %s",tail_oset_string,ntmp);
469	free(ntmp);
470	);
471	}
472
473	tmp=_build_intersecting_clause(head_oset_string, tail_oset_string);
474	if(tail_oset_string) free(tail_oset_string);
475	return tmp;
476	}
477
478	/* generate the yap isMember rule clause for the credential stmt */
479	abac_list_t generate_pl_role_clauses(abac_role_t head_role, abac_role_t *tail_role)
480	{
481	char *tmp=NULL;
482	abac_list_t *clauses=abac_list_new();
483
484	int cnt=abac_yy_cnt_yy_id_certs();
485	if(cnt > 0) { /* string it up */
486	//abac_addon_clauses=abac_yy_string_yy_id_certs();
487	tmp=abac_yy_string_yy_id_certs();
488	abac_yy_free_yy_id_certs();
489	}
490
491	cnt=abac_yy_cnt_yy_constraints();
492	if(cnt > 0) {
493	char *ntmp=abac_yy_string_yy_constraints();
494	abac_yy_free_yy_constraints();
495	if(tmp)
496	asprintf(&tmp,"%s,%s",tmp,ntmp);
497	else tmp=ntmp;
498	}
499	abac_addon_clauses=tmp;
500
501	/* generate head's role string */
502	char *head_role_string=generate_pl_head_role_string(head_role);
503	if(head_role_string == NULL)
504	goto error;
505
506	/* tail side */
507	if(abac_role_is_intersection(tail_role)) {
508	tmp=generate_pl_intersecting_role_clause(head_role_string, tail_role);
509	} else {
510	tmp=generate_pl_rule_role_clause(head_role_string, tail_role);
511	}
512	if(tmp==NULL)
513	goto error;
514
515	abac_list_add(clauses,tmp);
516	return clauses;
517
518	error:
519	if(head_role_string) free(head_role_string);
520	return clauses;
521	}
522
523	abac_list_t generate_pl_oset_clauses(abac_oset_t head_oset, abac_oset_t *tail_oset)
524	{
525	char *tmp=NULL;
526	abac_list_t *clauses=abac_list_new();
527
528	int cnt=abac_yy_cnt_yy_id_certs();
529	if(cnt > 0) { /* string it up */
530	tmp=abac_yy_string_yy_id_certs();
531	abac_yy_free_yy_id_certs();
532	}
533
534	cnt=abac_yy_cnt_yy_constraints();
535	if(cnt > 0) {
536	char *ntmp=abac_yy_string_yy_constraints();
537	abac_yy_free_yy_constraints();
538	if(tmp)
539	asprintf(&tmp,"%s,%s",tmp,ntmp);
540	else tmp=ntmp;
541	}
542	abac_addon_clauses=tmp;
543
544	/* generate head's oset string */
545	char *head_oset_string=generate_pl_head_oset_string(head_oset);
546	if(head_oset_string == NULL)
547	goto error;
548
549	/* tail side */
550	if(abac_oset_is_intersection(tail_oset)) {
551	tmp=generate_pl_intersecting_oset_clause(head_oset_string, tail_oset);
552	} else {
553	tmp=generate_pl_rule_oset_clause(head_oset_string, tail_oset);
554	}
555	if(tmp==NULL)
556	goto error;
557
558	abac_list_add(clauses,tmp);
559	return clauses;
560
561	error:
562	if(head_oset_string) free(head_oset_string);
563	return clauses;
564	}
565
566	/* should be just 1 */
567	char generate_pl_role_constraint_clause(abac_role_t head_role, char *tail_string)
568	{
569	/* generate head's role string */
570	char *head_role_string=generate_pl_head_role_string(head_role);
571	if(head_role_string == NULL)
572	goto error;
573
574	/* tail side */
575	char *tmp=_build_constraint_rule_clause(head_role_string, tail_string);
576	if(tmp==NULL)
577	goto error;
578
579	return tmp;
580
581	error:
582	if(head_role_string) free(head_role_string);
583	return NULL;
584	}
585
586
587
588	/* so far, for integer type only */
589	char generate_pl_range_constraint_clause(char typestr,char var,char val,char *op)
590	{
591	char *tmp=NULL;
592	asprintf(&tmp,"%s(%s)%s%s",typestr,var,op,val);
593	return tmp;
594	}
595
596	/* should just be 1 clause */
597	char generate_pl_oset_constraint_clause(abac_oset_t head_oset,
598	char *tail_string)
599	{
600	/* generate head's oset string */
601	char *head_oset_string=generate_pl_head_oset_string(head_oset);
602	if(head_oset_string == NULL)
603	goto error;
604
605	/* tail side */
606	char *tmp=_build_constraint_rule_clause(head_oset_string, tail_string);
607	if(tmp==NULL)
608	goto error;
609
610	return tmp;
611	error:
612	if(head_oset_string) free(head_oset_string);
613	return NULL;
614	}
615
616
617	/* generate the yap isType rule clause for the type,
618	isType(Acme, keyid); */
619	char generate_pl_type_clause(char principalname, int type)
620	{
621	char *tmp=NULL;
622	char *typeid= abac_keyid_type(type);
623	int cnt=asprintf(&tmp,"isType(%s,%s)",
624	principalname, typeid);
625	return tmp;
626	}
627

Note: See TracBrowser for help on using the repository browser.

Download in other formats: