Context Navigation

source: libabac/abac_pl_pre.c @ adc0815

mei_rt2mei_rt2_fix_1

Last change on this file since adc0815 was 440ba20, checked in by Mei <mei@…>, 12 years ago

1) wrap up refactoring to move all the code gen to abac structure
2) all original testsuite passed
3) add couple more ui calls in abac.hh ie. manage constraint's

creation, hook to dump yap db.

Property mode set to 100644

File size: 9.1 KB

Line
1
2	/***********************************************************************/
3	/* abac_pl_pre.c */
4	/* clause preprocesing called to partial yap clause generations */
5	/* -> process named cred id, and constraint range/role/oset */
6	/***********************************************************************/
7	#include <stdio.h>
8	#include <assert.h>
9	#include <stdlib.h>
10
11	#include "abac_internal.h"
12	#include "abac_util.h"
13	#include "abac_list.h"
14
15	#include "uthash.h"
16
17	static int debug=0;
18
19	extern char abac_pl_add_range_constraint_clause(char var, char *tmplist);
20	extern char generate_pl_range_constraint(char ,char ,char ,char *);
21	extern char generate_pl_range_time_constraint(char ,char ,char );
22	extern char* generate_pl_constraint_clause(abac_aspect_t , char );
23
24	void preprocess_pl_head(abac_aspect_t *ptr);
25
26	/****************************************************************/
27	/* add the range condition to constraint list */
28	/* this is for integer and float only */
29	static void _preprocess_range_numeric_constraint(abac_term_t *ptr)
30	{
31	assert(abac_term_constraint(ptr));
32	char *var=abac_term_name(ptr);
33	char *typestr=abac_term_type_name(ptr);
34	abac_condition_t *cond=abac_term_constraint(ptr);
35
36	if(debug) printf("in _preprocess_range_numeric_constraint\n");
37
38	char *tmplist=NULL;
39	char *tmp=NULL;
40	int as_range=1; /* either , or ; */
41
42	abac_condition_set_range_string(cond);
43
44	abac_list_t *rlist=abac_condition_range_list(cond);
45	abac_item_t *cur;
46	abac_list_foreach(rlist, cur,
47	int type=abac_item_type(cur);
48	char *val=abac_item_val(cur);
49	switch(type) {
50	case e_ITEM_MIN:
51	tmp=generate_pl_range_constraint(typestr,var,val,">=");
52	break;
53	case e_ITEM_MAX:
54	tmp=generate_pl_range_constraint(typestr,var,val,"=<");
55	break;
56	case e_ITEM_TARGET:
57	tmp=generate_pl_range_constraint(NULL,var,val,"=");
58	as_range=0;
59	break;
60	}
61	/* ; is prolog's disjunction built in predicate */
62	if(tmplist) {
63	if(as_range)
64	asprintf(&tmplist,"%s,%s",tmplist,tmp);
65	else
66	asprintf(&tmplist,"%s;%s",tmplist,tmp);
67	} else {
68	tmplist=tmp;
69	}
70	tmp=NULL;
71	);
72	asprintf(&tmplist,"(%s)",tmplist);
73	abac_pl_add_constraints(tmplist);
74	}
75
76	/****************************************************************/
77	/* this is for time only */
78	static void _preprocess_range_time_constraint(abac_term_t *ptr)
79	{
80	assert(abac_term_constraint(ptr));
81	char *var=abac_term_name(ptr);
82	char *typestr=abac_term_type_name(ptr);
83	abac_condition_t *cond=abac_term_constraint(ptr);
84	abac_list_t *rlist=abac_condition_range_list(cond);
85	assert(rlist);
86
87	if(debug) printf("in _preprocess_range_time_constraint\n");
88
89	char *tmplist=NULL;
90	char *tmp=NULL;
91	char *ttmp=NULL;
92	char *tlist=NULL;
93	int as_range=1; /* either , or ; */
94
95	abac_condition_set_range_string(cond);
96
97	abac_item_t *cur;
98	/* a list of values -- in chars */
99	abac_list_foreach(rlist, cur,
100	int type=abac_item_type(cur);
101	char *tval=abac_item_val(cur);
102	char *val=abac_term_to_time(tval);
103	switch(type) {
104	case e_ITEM_MIN:
105	ttmp=generate_pl_range_time_constraint(var,val,">");
106	tmp=generate_pl_range_time_constraint(var,val,"=");
107	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
108	tmp=tlist;
109	break;
110	case e_ITEM_MAX:
111	ttmp=generate_pl_range_time_constraint(var,val,"=");
112	tmp=generate_pl_range_time_constraint(var,val,"<");
113	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
114	tmp=tlist;
115	break;
116	case e_ITEM_TARGET:
117	tmp=generate_pl_range_time_constraint(var,val,"=");
118	as_range=0;
119	break;
120	}
121	free(val);
122	/* ; is prolog's disjunction built in predicate */
123	if(tmplist) {
124	if(as_range)
125	asprintf(&tmplist,"%s,%s",tmplist,tmp);
126	else
127	asprintf(&tmplist,"%s;%s",tmplist,tmp);
128	} else {
129	tmplist=tmp;
130	}
131	tmp=NULL;
132	);
133
134	asprintf(&tmplist,"(%s)",tmplist);
135
136	/* generate a clause with above and add into db */
137	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
138	abac_pl_add_constraints(tmp);
139	}
140
141	/****************************************************************/
142	/* this is for string and urn only */
143	static void _preprocess_range_string_constraint(abac_term_t *ptr)
144	{
145	assert(abac_term_constraint(ptr));
146	char *var=abac_term_name(ptr);
147	char *typestr=abac_term_type_name(ptr);
148	abac_condition_t *cond=abac_term_constraint(ptr);
149	abac_list_t *rlist=abac_condition_range_list(cond);
150	assert(rlist);
151
152	char *tmplist=NULL;
153	char *tmp=NULL;
154
155	if(debug) printf("in _preprocess_range_string_constraint\n");
156
157	abac_condition_set_range_string(cond);
158	abac_item_t *cur;
159
160	/* a list of values -- in chars */
161	abac_list_foreach(rlist, cur,
162	int type=abac_item_type(cur);
163	char *val=abac_item_val(cur);
164	switch(type) {
165	case e_ITEM_MIN:
166	panic("_preprocess_range_string_constraint, invalid range type - min");
167	break;
168	case e_ITEM_MAX:
169	/* invalid range type */
170	panic("_preprocess_range_string_constraint, invalid range type - max");
171	break;
172	case e_ITEM_TARGET:
173	tmp=generate_pl_range_constraint(NULL,var,val,"=");
174	break;
175	}
176	/* ; is prolog's disjunction built in predicate */
177	if(tmplist)
178	asprintf(&tmplist,"%s;%s",tmplist,tmp);
179	else tmplist=tmp;
180	tmp=NULL;
181	);
182	asprintf(&tmplist,"(%s)",tmplist);
183	/* generate a clause with above and add into db */
184	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
185	abac_pl_add_constraints(tmp);
186	}
187
188
189	/***********************************************************************/
190	void preprocess_pl_term(abac_term_t *ptr)
191	{
192	/* add id */
193	char *name=abac_term_name(ptr);
194	char *type=abac_term_type_name(ptr);
195
196	if(abac_term_type(ptr) == e_TERM_PRINCIPAL && abac_term_isnamed(ptr)) {
197	int type=e_KEYID;
198	abac_pl_add_id_certs(name,type);
199	if(debug) printf("preprocess_pl_term: adding %s to id_certs\n",name);
200	}
201
202	abac_condition_t *cond=abac_term_constraint(ptr);
203	if(cond != NULL) {
204	if(abac_condition_is_range(cond)) {
205	if(abac_term_is_numeric(ptr)) {
206	_preprocess_range_numeric_constraint(ptr);
207	} else if (abac_term_is_alpha(ptr)) {
208	_preprocess_range_string_constraint(ptr);
209	} else if (abac_term_is_time(ptr)) {
210	_preprocess_range_time_constraint(ptr);
211	}
212	} else {
213	if(debug) printf("expecting either oset/role constraint with %s\n",name);
214	abac_aspect_t *cptr=abac_condition_of_aspect(cond);
215	preprocess_pl_head(cptr);
216	/* generate the yap clause */
217	char *tmp=generate_pl_constraint_clause(cptr,name);
218	abac_condition_set_aspect_string(cond,tmp);
219	abac_pl_add_constraints(tmp);
220	}
221	}
222	}
223
224	void preprocess_pl_params(abac_param_list_t *ptr)
225	{
226	abac_list_t *list=abac_param_list(ptr);
227	assert(list);
228	abac_term_t *cur;
229	abac_list_foreach(list, cur,
230	preprocess_pl_term(cur);
231	);
232	}
233
234	void preprocess_pl_head(abac_aspect_t *ptr)
235	{
236	char *principalname;
237	PROLOG(principalname=abac_aspect_principal_name(ptr););
238	int idtype=abac_aspect_get_issuer_idtype(ptr);
239	abac_pl_add_id_certs(principalname,idtype);
240	if(debug)
241	printf("preprocess_pl_head: adding %s to id_certs\n",principalname);
242
243	abac_param_list_t *aspect_params=abac_aspect_aspect_params(ptr);
244	if(aspect_params) {
245	preprocess_pl_params(aspect_params);
246	}
247
248	}
249
250	void preprocess_pl_tail(abac_aspect_t *ptr)
251	{
252	/* if it is an intersection, preprocess each one */
253
254	abac_list_t *list=abac_aspect_prereqs(ptr);
255	if(list != 0) {
256	abac_aspect_t *cur;
257	abac_list_foreach(list, cur,
258	if(cur)
259	preprocess_pl_tail(cur);
260	);
261	return;
262	}
263
264	/* for oset case,
265	A.oset <- B
266	A.oset <- Obj
267	A.oset <- B.oset
268	A.oset <- B.role.oset
269	*/
270	/* if it is an oset and object */
271	if(abac_aspect_is_object(ptr)) {
272	abac_term_t *tptr=abac_aspect_object_term(ptr);
273	if(tptr)
274	preprocess_pl_term(tptr);
275	} else {
276	char *principalname;
277	PROLOG(principalname=abac_aspect_principal_name(ptr););
278	int idtype=abac_aspect_get_issuer_idtype(ptr);
279	abac_pl_add_id_certs(principalname,idtype);
280	if(debug)
281	printf("preprocess_pl_tail: adding %s to id_certs\n",principalname);
282	abac_param_list_t *aspect_params=abac_aspect_aspect_params(ptr);
283	if(aspect_params) {
284	preprocess_pl_params(aspect_params);
285	}
286
287	abac_param_list_t *linked_role_params=abac_aspect_linked_role_params(ptr);
288	if(linked_role_params) {
289	preprocess_pl_params(linked_role_params);
290	}
291	}
292	}
293
294
295

Note: See TracBrowser for help on using the repository browser.

Download in other formats: