Context Navigation

source: libabac/abac_pl_yap.c @ 646e57e

mei_rt2mei_rt2_fix_1

Last change on this file since 646e57e was 646e57e, checked in by Mei <mei@…>, 12 years ago
1) add partial proof
Property mode set to `100644`
File size: 24.8 KB

Line
1
2	/* copied from abac_graph.c
3	implementation of the low level using
4	yap prolog
5	*/
6
7	#include <err.h>
8	#include <stdio.h>
9	#include <assert.h>
10	#include <stdlib.h>
11	#include <string.h>
12	#include <Yap/YapInterface.h>
13
14	#include "abac_internal.h"
15
16	#include "abac_pl_yap.h"
17	#include "abac_util.h"
18
19	#include "uthash.h"
20
21	extern abac_list_t abac_credential_clauses(abac_credential_t );
22	extern char abac_id_clause(abac_id_credential_t );
23	extern abac_aspect_t *abac_yy_get_rule_tail_aspect();
24	extern abac_aspect_t *abac_yy_get_rule_head_aspect();
25
26	static int debug=0;
27
28	/* track constraint's external clause's -unique name id */
29
30	static int constraint_label_count=0;
31	static char *constraint_label="isABAC_constraint";
32
33	/*
34	x can pLadybug buy_rockets from pAcme ? (_arg_for_fact)
35	x can pLadybug What from pAcme ? (_arg_for_what)
36	x Who can buy_rockets from pAcme ? (_arg_for_who)
37	x can pLadybug buy_rockets from Whom ? (_arg_for_whom)
38	x can pLadybug What from Whom ? (_arg_for_what_whom)
39	the type ordering also dictates the order of partial proof query
40	sequence
41	*/
42	enum _query_type_t {
43	e_PL_FACT=0,
44	e_PL_WHAT=1,
45	e_PL_WHAT_DFLT=2,
46	e_PL_WHO=3,
47	e_PL_WHOM=4,
48	e_PL_WHAT_WHOM=5,
49	e_PL_NOMORE=6
50	};
51
52	// pl -- place holder for now
53	struct _abac_pl_t {
54	/* a_term <- prin */
55	char *whom;
56	char *who;
57	char *aspect;
58	char *what;
59	char *whatwith;
60	int pcnt; /* pcnt=number of params in whatwith */
61
62	int query_made; /* 1+ yes, 0 no, rc is valid only if a query is made */
63	int query_rc; /* rc of query call */
64	int next_rc; /* rc of next-last query */
65	/* proof count = abac_list_size(proof_list) */
66	int is_partial;
67	int want_partial;
68	int query_type;
69	abac_list_t proof_list; / list of list of cred_list */
70	long safe_t; /* holding the YAP slot for the goal */
71	};
72
73	/***********************************************************/
74	static int _get_next_constraint_label_idx()
75	{
76	constraint_label_count++;
77	return constraint_label_count;
78	}
79
80	static int _get_constraint_label_idx()
81	{
82	return constraint_label_count;
83	}
84
85	/***********************************************************/
86
87	static int _insert_clause(char *str)
88	{
89	YAP_Term eterm;
90	YAP_Term goalArgs=YAP_ReadBuffer(str, &eterm);
91	char *tmp=YAP_CompileClause(goalArgs);
92	if (tmp!=NULL) { /* something is wrong */
93	printf("error: result of compile clause (%s)\n", tmp);
94	printf("error: str used (%s)\n", str);
95	return 1;
96	}
97	return 0;
98	}
99
100	static int _insert_cred_clause(char *cstr)
101	{
102	int ret=ABAC_CERT_SUCCESS;
103	int rc=_insert_clause(cstr);
104	if (rc)
105	return ABAC_CERT_BAD_YAP;
106	return ABAC_CERT_SUCCESS;
107	}
108
109	void show_yap_db(const char *msg)
110	{
111	char lstr[]="listing";
112	YAP_Term eterm; /* error term */
113
114	printf("\n\n/* ========= yap db (%s) */\n",msg);
115	YAP_Term goal=YAP_ReadBuffer(lstr, &eterm);
116	int rc =YAP_RunGoal( goal );
117	if (rc) {
118	printf("/* listing ok.. */\n");
119	} else {
120	printf("/* listing's rc is bad.. */ \n");
121	YAP_Exit(1);
122	}
123	printf("/* ========= */\n\n");
124	}
125
126	/**
127	* Include some utility routines
128	*/
129	abac_pl_t *abac_pl_utility(void) {
130	/*
131	append([],L,L).
132	append([X\|L1],L2,[X\|L3]):-append(L1,L2,L3).
133
134	appendL([],[]).
135	appendL([H\|T], L) :-
136	appendL(T,L2), append(H,L2,L).
137	*/
138	if(_insert_clause("append([],L,L)"))
139	YAP_Exit(1);
140	if(_insert_clause("append([X\|L1],L2,[X\|L3]):-append(L1,L2,L3)"))
141	YAP_Exit(1);
142	if(_insert_clause("appendL([],[])"))
143	YAP_Exit(1);
144	if(_insert_clause("appendL([H\|T], L) :- appendL(T,L2), append(H,L2,L)"))
145	YAP_Exit(1);
146	}
147
148	/**
149	* Create a new yap structure.
150	*/
151	abac_pl_t *abac_pl_new(void) {
152
153	if (YAP_FastInit(NULL) == YAP_BOOT_ERROR)
154	YAP_Exit(1);
155
156	if (YAP_RunGoal(YAP_MkAtomTerm(YAP_LookupAtom("source")))) {
157	if(debug) fprintf(stderr, "calling source..\n");
158	} else {
159	if(debug) fprintf(stderr,"calling source failed..\n");
160	YAP_Exit(1);
161	}
162
163	abac_pl_utility();
164
165	abac_pl_t *pl = abac_xmalloc(sizeof(abac_pl_t));
166
167	pl->who=NULL;
168	pl->whom = NULL;
169	pl->what = NULL;
170	pl->whatwith = NULL;
171	pl->aspect = NULL;
172	pl->pcnt=0;
173	pl->query_made=0;
174	pl->query_rc=0;
175	pl->is_partial=0;
176	pl->want_partial=1;
177	pl->query_type=e_PL_FACT;
178	pl->next_rc=0;
179	pl->proof_list=NULL;
180	pl->safe_t=0;
181	return pl;
182	}
183
184	int abac_pl_returning_partial(abac_pl_t *pl)
185	{
186	return pl->is_partial;
187	}
188
189	/* returns the number of solution so far */
190	int abac_pl_proof_cnt(abac_pl_t *pl)
191	{
192	if(pl->proof_list)
193	return abac_list_size(pl->proof_list);
194	return 0;
195	}
196
197	int abac_pl_is_partial(abac_pl_t *pl)
198	{
199	return pl->is_partial;
200	}
201
202	/* is this the conclusion of the query ? */
203	/* 1 is yes, 0 N/A */
204	int abac_pl_done_yet(abac_pl_t *pl)
205	{
206	if(pl->query_made) {
207	if(pl->query_rc) {
208	if(!pl->next_rc) return 1;
209	return 0;
210	} else return 1; /* even init query failed */
211	}
212	return 0;
213	}
214
215	void abac_pl_set_no_partial(abac_pl_t *pl)
216	{
217	pl->want_partial=0;
218	}
219
220	void abac_pl_set_want_partial(abac_pl_t *pl)
221	{
222	pl->want_partial=1;
223	}
224
225	static void _free_p_list(abac_list_t *p)
226	{
227	if( p != NULL ) {
228	if(abac_list_size(p) != 0) {
229	abac_credential_t *cur=NULL;
230	abac_list_foreach(p, cur,
231	abac_credential_free(cur);
232	);
233	}
234	abac_list_free(p);
235	}
236	}
237
238	static void _free_pf_list(abac_list_t *p)
239	{
240
241	if(p != NULL) {
242	if(abac_list_size(p) != 0) {
243	abac_list_t *cur=NULL;
244	abac_list_foreach(p, cur,
245	_free_p_list(cur);
246	);
247	}
248	abac_list_free(p);
249	}
250	}
251
252	void abac_pl_free(abac_pl_t *pl) {
253	if(pl->who) free(pl->who);
254	if(pl->whom) free(pl->whom);
255	if(pl->what) free(pl->what);
256	if(pl->whatwith) free(pl->whatwith);
257	if(pl->aspect) free(pl->aspect);
258	_free_pf_list(pl->proof_list);
259	free(pl);
260	}
261
262	/* this is done whenever a new query starts in */
263	static void _reset_pl(abac_pl_t pl, char who,
264	char what, char whom, char aspect, char whatwith, int pcnt)
265	{
266	if(pl->safe_t) {
267	YAP_RecoverSlots(1);
268	YAP_Reset();
269	}
270	/* free the old ones */
271	if(pl->who) free(pl->who);
272	if(pl->whom) free(pl->whom);
273	if(pl->what) free(pl->what);
274	if(pl->whatwith) free(pl->whatwith);
275	if(pl->aspect) free(pl->aspect);
276
277	pl->who = (who !=NULL)?abac_xstrdup(who):NULL;
278	pl->whom = (whom !=NULL)?abac_xstrdup(whom):NULL;
279	pl->what = (what!=NULL)?abac_xstrdup(what):NULL;
280	pl->whatwith = (whatwith!=NULL)?abac_xstrdup(whatwith):NULL;
281	pl->aspect = (aspect!=NULL)?abac_xstrdup(aspect):NULL;
282
283	pl->pcnt=pcnt;
284
285	pl->query_made=0;
286	pl->query_rc=0;
287	pl->next_rc=0;
288	pl->is_partial=0;
289	pl->query_type=e_PL_FACT;
290	_free_pf_list(pl->proof_list);
291	pl->proof_list=abac_list_new();
292	pl->safe_t=0;
293	}
294
295	/**
296	* Add a credential to the db, not duplicating a copy and so
297	* don't try to free it after this call.
298	*/
299	int abac_pl_add_credential(abac_pl_t pl, abac_credential_t cred)
300	{
301	int rc=0;
302	abac_list_t *clauses=abac_credential_clauses(cred);
303	if (clauses != NULL) {
304	char *cur;
305	abac_list_foreach(clauses, cur,
306	if(cur) {
307	if(debug) fprintf(stderr,"inserting =>%s\n",cur);
308	rc=_insert_cred_clause(cur);
309	}
310	);
311	}
312	return rc;
313	}
314
315	int abac_pl_add_type_credential(abac_pl_t pl, abac_id_credential_t id_cert)
316	{
317	char *clause=abac_id_clause(id_cert);
318	if (clause != NULL) {
319	int rc=_insert_cred_clause(clause);
320	return rc;
321	}
322	return 0;
323	}
324
325	/* string1(S):- S="abc";S="efg";S="ijk" */
326	char abac_pl_add_range_constraint_clause(char var, char *tmplist)
327	{
328	int i=_get_next_constraint_label_idx();
329	char *tmp=NULL;
330	asprintf(&tmp,"%s_%d(%s) :- %s", constraint_label, i, var, tmplist);
331	int rc=_insert_cred_clause(tmp);
332	free(tmp);
333	if(rc)
334	panic("abac_pl_add_range_constraint_clause, failed to insert");
335	asprintf(&tmp,"%s_%d(%s)", constraint_label, i, var);
336	return tmp;
337	}
338
339	/* cases,
340	['str']
341	['str1','str2']
342	([] is not possible, and don't care)
343	*/
344	static void _credentials_from_string(abac_list_t credentials,char slist) {
345	char cptr=slist; / current ptr */
346	char sptr; / string ptr */
347	char *ptr;
348	int len=0;
349	char *string;
350	abac_credential_t *cred=NULL;
351	int cnt=0;
352
353	/* find first [' */
354	ptr=strstr(cptr,"['");
355	if(ptr == NULL)
356	return;
357	cptr=ptr+2;
358	sptr=cptr;
359	while (1) {
360	/* find next ',' or '] */
361	ptr=strstr(cptr,"','");
362	if(ptr!=NULL) {
363	cptr=ptr+3;
364	len=(ptr-sptr);
365	string=strndup(sptr,len);
366	cred=abac_credential_lookup(string);
367	free(string);
368	if(cred) {
369	int i=abac_list_unique_add(credentials, cred);
370	if(i) cnt++;
371	} else {
372	printf("BAD BAD\n");
373	}
374	sptr=cptr;
375	} else {
376	ptr=strstr(cptr,"']");
377	if(ptr!=NULL) {
378	len=(ptr-sptr);
379	string=strndup(sptr,len);
380	cred=abac_credential_lookup(string);
381	free(string);
382	if(cred) {
383	int i=abac_list_unique_add(credentials, cred);
384	if(i) cnt++;
385	} else {
386	printf("BAD BAD BAD\n");
387	}
388	break;
389	}
390	}
391	}
392	if(debug)
393	fprintf(stderr,"DEBUG:total %d credentials\n", cnt);
394	}
395
396	/* MAX 1024x1024, double as it goes */
397	static int try_again(int sz, char **tptr)
398	{
399	int blk=10242; / 2048 */
400	int max=1024*1024;
401	int size;
402	char *tmp = NULL;
403
404	if(sz==0) {
405	size = (sizeof(char) * (blk+1));
406	} else {
407	if (sz>=max) {
408	size=0;
409	*tptr=tmp;
410	return 0;
411	}
412	size=sz*2+1;
413	if(size > max) size=max;
414	}
415
416	tmp = (char *) YAP_AllocSpaceFromYap(size);
417	if(tmp==NULL) {
418	fprintf(stderr,"ERROR: malloc failed !!!\n");
419	YAP_Exit(1);
420	}
421	*tptr=tmp;
422	return size;
423	}
424
425	abac_list_t run_goal(abac_pl_t pl, YAP_Term *arg)
426	{
427	abac_list_t *cred_list=abac_list_new();
428	YAP_Atom f = YAP_LookupAtom("isMember");
429	YAP_Functor func = YAP_MkFunctor(f, 3);
430	YAP_Term goal=YAP_MkApplTerm(func, 3, arg);
431
432	pl->safe_t = YAP_InitSlot(goal);
433	pl->query_rc =YAP_RunGoal(goal);
434	pl->query_made=1;
435	pl->next_rc=pl->query_rc;
436	if (pl->query_rc) {
437	if(pl->is_partial)
438	printf("A partial proof(type:%d)\n",pl->query_type);
439	else printf("YAP query succeed\n");
440	char *tmp=NULL;
441	int tmp_sz=try_again(0, &tmp);
442	YAP_Term argterm=YAP_ArgOfTerm(3,YAP_GetFromSlot(pl->safe_t));
443	while(1) {
444	/* not in 6.2.2
445	int rc=YAP_WriteBuffer(argterm, tmp, tmp_sz,YAP_WRITE_HANDLE_VARS);
446	*/
447	YAP_WriteBuffer(argterm, tmp, tmp_sz,YAP_WRITE_HANDLE_VARS);
448	/*
449	if(debug) fprintf(stderr,"call YAP_WriteBuffer: rc(%d) tmp_sz(%d)\n", rc, tmp_sz);
450	*/
451	if(strlen(tmp) > 5 && tmp[0]=='\[') {
452	if(debug) fprintf(stderr,"what came back .. (%s)\n", tmp);
453	break;
454	}
455	tmp_sz=try_again(tmp_sz,&tmp);
456	if(debug) fprintf(stderr,"try_again: tmp_sz(%d)\n", tmp_sz);
457	if(tmp_sz==0) {
458	fprintf(stderr," PANIC, run out of heap space..\n");
459	YAP_Exit(1);
460	}
461	}
462	/* this is returned as ['string1','string2'] */
463	if(debug) fprintf(stderr," query answer : %s(%d)\n", tmp, strlen(tmp));
464	_credentials_from_string(cred_list,tmp);
465	if(abac_list_size(cred_list)==0) {
466	fprintf(stderr,"CAN NOT retrieve result properly from YAP!!!\n");
467	YAP_Exit(1);
468	}
469	abac_list_add(pl->proof_list, cred_list);
470	YAP_FreeSpaceFromYap(tmp);
471	} else {
472	/* don't print anything if it is running a parital proof goal */
473	if(!pl->is_partial)
474	printf("YAP query failed\n");
475
476	}
477	return cred_list;
478	}
479
480	/*************************************************************************/
481	YAP_Term _make_term(char *term) {
482	YAP_Term eterm;
483	YAP_Term ret;
484	if(term[0]=='\'' \|\| term[0]=='"') {
485	ret =YAP_ReadBuffer(term,&eterm);
486	} else {
487	ret = YAP_MkAtomTerm(YAP_LookupAtom(term));
488	}
489	}
490
491	// isMember(who,aspect(whom,what,whatwith))
492	/* aspect(whom, what, whatwith) */
493	YAP_Term _aspect_base(char whom,char aspect, char what, char whatwith)
494	{
495	YAP_Term eterm;
496	YAP_Term ret;
497
498	char *estring=NULL;
499	if(whatwith)
500	asprintf(&estring, "%s(%s,%s,%s)",aspect,whom,what,whatwith);
501	else asprintf(&estring, "%s(%s,%s)",aspect,whom,what);
502	if(debug) fprintf(stderr,"_aspect_base, doing %s\n",estring);
503	ret=YAP_ReadBuffer(estring,&eterm);
504	free(estring);
505	return ret;
506	}
507
508	/* generate a string of whatwith that are of ?variable */
509	char _make_whatwith_var(char whatwith, int pcnt)
510	{
511	/* this is a dumb count since it is in porting directory */
512	if(whatwith==NULL \|\| pcnt==0) return NULL;
513	char *tmp=NULL;
514	char *ptr=NULL;
515	int i;
516	for(i=0;i<pcnt;i++) {
517	ptr=tmp;
518	tmp=NULL;
519	if(i == 0)
520	asprintf(&tmp,"Whatwith%d",i);
521	else asprintf(&tmp,"%s,Whatwith%d",ptr,i);
522	}
523	return tmp;
524	}
525
526	/* aspect(X, Y, Whatwith) */
527	YAP_Term _aspect_what_whom(char whom,char aspect, char what, char whatwith)
528	{
529	YAP_Term ret=_aspect_base("Whom",aspect,"What",whatwith);
530	return ret;
531	}
532
533	/* aspect(whom,Y,Whatwith) */
534	/* call with char tmp=_make_whatwith_var(whatwith); /
535	YAP_Term _aspect_what(char whom,char aspect, char what, char whatwith)
536	{
537	YAP_Term ret=_aspect_base(whom,aspect,"What",whatwith);
538	return ret;
539	}
540
541	/* aspect(X,what,whatwith) */
542	YAP_Term _aspect_whom(char whom,char aspect, char what, char whatwith)
543	{
544	YAP_Term ret=_aspect_base("Whom",aspect,what,whatwith);
545	return ret;
546	}
547
548	/* aspect(whom,what,whatwith) */
549	YAP_Term _aspect_fact(char whom,char aspect, char what, char whatwith)
550	{
551	YAP_Term ret=_aspect_base(whom,aspect,what,whatwith);
552	return ret;
553	}
554
555	// Whom.What <- ladybug
556	// isMember(ladybug, role(W1, W2), R)
557	static void _arg_for_what_whom(YAP_Term arg,char who, char *whom,
558	char aspect, charwhat, char *whatwith, int pcnt)
559	{
560	arg[0] = _make_term(who);
561	char *tmp=_make_whatwith_var(whatwith,pcnt);
562	arg[1] = _aspect_what_whom(who,aspect,what,tmp);
563	if(tmp) free(tmp);
564	arg[2] = YAP_MkVarTerm();
565	}
566
567	// pAcme.What <- ladybug
568	// isMember(ladybug, role(pAcme, W), R)
569	static void _arg_for_what(YAP_Term arg,char who, char* whom,
570	char aspect, charwhat, char*whatwith, int pcnt)
571	{
572	arg[0] = _make_term(who);
573	char *tmp=_make_whatwith_var(whatwith,pcnt);
574	arg[1] = _aspect_what(whom,aspect,what,tmp);
575	if(tmp) free(tmp);
576	arg[2] = YAP_MkVarTerm();
577	}
578
579	// W.rocket <- ladybug
580	// isMember(ladybug, role(W, buy_rockets), R)
581	static void _arg_for_whom(YAP_Term arg, char who, char*whom,
582	char aspect, char what, char*whatwith)
583	{
584	arg[0] = _make_term(who);
585	arg[1] = _aspect_whom(whom,aspect,what,whatwith);
586	arg[2] = YAP_MkVarTerm();
587	}
588
589	// Acme.rocket <- V
590	// isMember(V, role(pAcme, buy_rockets), R)
591	static int _arg_for_who(YAP_Term arg, char who,char *whom,
592	char aspect, char what, char*whatwith)
593	{
594	arg[0] = YAP_MkVarTerm();
595	arg[1] = _aspect_fact(whom, aspect, what, whatwith);
596	arg[2] = YAP_MkVarTerm();
597	}
598
599	// Acme.rocket <- x
600	// isMember(x, role(pAcme, buy_rockets), R)
601	static void _arg_for_fact(YAP_Term arg,char who,char *whom,
602	char* aspect, char what, charwhatwith)
603	{
604	arg[0] = _make_term(who);
605	arg[1] = _aspect_fact(whom, aspect, what, whatwith);
606	arg[2] = YAP_MkVarTerm();
607	}
608
609
610	static abac_list_t _make_partial_query(abac_pl_t pl)
611	{
612	abac_list_t *ret=abac_list_new();
613	pl->is_partial=1;
614	char *who=pl->who;
615	char *whom=pl->whom;
616	char *aspect=pl->aspect;
617	char *what=pl->what;
618	char *whatwith=pl->whatwith;
619	int pcnt=pl->pcnt;
620	if(debug) fprintf(stderr,"making make_partial_query..\n");
621
622	switch (pl->query_type) {
623	case e_PL_FACT: /* try what */
624	{
625	YAP_Term arg[3];
626	if(debug) fprintf(stderr,"... 1st partial attempt\n");
627	pl->query_type = e_PL_WHAT;
628	_arg_for_what(arg,who,whom, aspect, what, whatwith, pcnt);
629	ret=run_goal(pl,arg);
630	if(pcnt==0) pl->query_type= e_PL_WHAT_DFLT;
631	if(pl->query_rc) return ret;
632	break;
633	}
634	case e_PL_WHAT: /* try what with no params if need to */
635	{
636	YAP_Term arg[3];
637	if(debug) fprintf(stderr,"... 2nd partial attempt\n");
638	pl->query_type = e_PL_WHAT_DFLT;
639	_arg_for_what(arg,who,whom, aspect, what, whatwith, 0);
640	ret=run_goal(pl,arg);
641	if(pl->query_rc) return ret;
642	break;
643	}
644	case e_PL_WHAT_DFLT: /* try who */
645	{
646	YAP_Term arg[3];
647	if(debug) fprintf(stderr,"... 2nd half partial attempt\n");
648	pl->query_type = e_PL_WHO;
649	_arg_for_who(arg,who,whom, aspect, what, whatwith);
650	ret=run_goal(pl,arg);
651	if(pl->query_rc) return ret;
652	break;
653	}
654	case e_PL_WHO: /* try whom */
655	{
656	YAP_Term arg[3];
657	if(debug) fprintf(stderr,"... 3rd partial attempt\n");
658	pl->query_type = e_PL_WHOM;
659	_arg_for_whom(arg,who,whom, aspect, what, whatwith);
660	ret=run_goal(pl,arg);
661	if(pl->query_rc) return ret;
662	break;
663	}
664	case e_PL_WHOM: /* try what-whom */
665	{
666	YAP_Term arg[3];
667	if(debug) fprintf(stderr,"... 4th partial attempt\n");
668	pl->query_type = e_PL_WHAT_WHOM;
669	_arg_for_what_whom(arg,who,whom, aspect, what, whatwith,pcnt);
670	ret=run_goal(pl,arg);
671	if(pl->query_rc) return ret;
672	break;
673	}
674	default :
675	{
676	if(debug) fprintf(stderr,"... no more partial query to try\n");
677	pl->query_type = e_PL_NOMORE;
678	}
679	}
680	return ret;
681	}
682
683	/* make a query and extract just first set of result,
684	simple = rt0
685	aspect => role/oset
686	aspect_string => rest of params
687	prin => principal
688	issuer => issuer
689	estring => aspect(issuer, aspect_type_string)
690	*/
691	static abac_list_t _make_yap_query(abac_pl_t pl, char *who,
692	char whom, char aspect, char what, char whatwith, int pcnt)
693	{
694	if(debug) {
695	fprintf(stderr,"_make_yap_query: the who part(%s)\n", who);
696	fprintf(stderr,"_make_yap_query: whom part(%s)\n", whom);
697	fprintf(stderr,"_make_yap_query: the role/oset (%s)\n", aspect);
698	fprintf(stderr,"_make_yap_query: aspect what (%s)\n", what);
699	fprintf(stderr,"_make_yap_query: pcnt (%d)\n", pcnt);
700	if(whatwith)
701	fprintf(stderr,"_make_yap_query: aspect what part(%s)\n", whatwith);
702	}
703	if(debug) fprintf(stderr,"making a yap query..\n");
704
705	/* run query on fact goal */
706	YAP_Term arg[3];
707	_arg_for_fact(arg, who,whom, aspect, what, whatwith);
708	abac_list_t *ret=run_goal(pl,arg);
709
710	/* fact query failed and so run partial query */
711	if(!pl->query_rc && pl->want_partial) {
712	while(pl->query_type != e_PL_NOMORE) {
713	abac_list_free(ret);
714	ret=_make_partial_query(pl);
715	if( pl->query_rc ) break;
716	}
717	}
718	return ret;
719	}
720
721	/* make a query for next possible solution proof */
722	static abac_list_t _query_again(abac_pl_t pl)
723	{
724	abac_list_t *cred_list=abac_list_new();
725
726	if(debug) fprintf(stderr,"making query_again call..\n");
727	pl->next_rc=YAP_RestartGoal();
728	pl->query_made++;
729
730	char *tmp=NULL;
731	int tmp_sz=try_again(0, &tmp);
732	YAP_Term argterm=YAP_ArgOfTerm(3,YAP_GetFromSlot(pl->safe_t));
733	if(pl->next_rc) {
734	if(debug) fprintf(stderr,"query_again: another success\n");
735	if(pl->is_partial)
736	printf("A partial proof(type:%d)\n",pl->query_type);
737	while(1) {
738	YAP_WriteBuffer(argterm, tmp, tmp_sz,YAP_WRITE_HANDLE_VARS);
739	if(strlen(tmp) > 5 && tmp[0]=='\[')
740	break;
741	tmp_sz=try_again(tmp_sz,&tmp);
742	if(tmp_sz==0) {
743	fprintf(stderr," PANIC, run out of heap space..\n");
744	YAP_Exit(1);
745	}
746	}
747	/* this is returned as ['string1','string2'] */
748	if(debug) fprintf(stderr," query answer : %s(%d)\n", tmp, strlen(tmp));
749	_credentials_from_string(cred_list,tmp);
750	if(abac_list_size(cred_list)==0) {
751	fprintf(stderr,"CAN NOT retrieve result properly from YAP!!!\n");
752	YAP_Exit(1);
753	}
754	abac_list_add(pl->proof_list, cred_list);
755	YAP_FreeSpaceFromYap(tmp);
756	} else {
757	if(debug) fprintf(stderr,"query_again: fail finding next\n");
758	if(pl->is_partial) { /* if there is more partial query to make */
759	while(pl->query_type != e_PL_NOMORE) {
760	abac_list_free(cred_list);
761	cred_list=_make_partial_query(pl);
762	if( pl->query_rc ) break;
763	}
764	}
765	}
766	return cred_list;
767	}
768
769	abac_stack_t _make_cred_stack(abac_list_t p)
770	{
771	abac_stack_t *ret=abac_stack_new();
772	if(abac_list_size(p) != 0) {
773	abac_credential_t *cur=NULL;
774	abac_list_foreach(p, cur,
775	abac_stack_push(ret, (void *)abac_credential_dup(cur));
776	);
777	}
778	return ret;
779	}
780
781	/* force a backtrack to get next solution proof */
782	abac_stack_t abac_pl_query_again(abac_pl_t pl)
783	{
784	abac_list_t *rlist=_query_again(pl);
785	abac_stack_t *ret=_make_cred_stack(rlist);
786	return ret;
787	}
788
789	/* 2 types
790	acme.buys_rocket <- coyote (coyote=prin, acme.buys_rocket=role)
791	==> isMember(coyote,role(acme,buys_rocket), L)
792	acme.buys_rocket <- acme.preferred_customer -- NOT valid
793	*/
794	static abac_stack_t _query_with_aspect(abac_pl_t pl, abac_aspect_t* head, abac_aspect_t* tail)
795	{
796	abac_stack_t *ret=NULL;
797	char *tmp=NULL;
798
799	if(0)
800	show_yap_db("DEBUG:calling within _query_with_aspect");
801
802	char *whom=NULL;
803	PROLOG(whom=abac_aspect_principal_name(head););
804
805	/* could be obj or principal */
806	char *who=NULL;
807	if(abac_aspect_is_object(tail)) {
808	who=abac_aspect_object_name(tail);
809	} else {
810	PROLOG(who=abac_aspect_principal_name(tail););
811	}
812
813	if(abac_aspect_aspect_name(tail)!=NULL) {
814	printf("fail, a.o <- b.o and a.r <- a.r query is not implemented yet !!!\n");
815	YAP_Exit(1);
816	}
817
818	if (who == NULL \|\| whom == NULL) {
819	printf("fail, query's call got bad aspect names .. \n");
820	YAP_Exit(1);
821	}
822
823	if(debug) fprintf(stderr,"printing up the yap query ..\n");
824
825	char *pstring;
826	PROLOG(pstring=abac_aspect_aspect_param_string(head););
827
828	char *aspect=abac_aspect_type_string(head);
829	int pcnt=abac_aspect_aspect_param_cnt(head);
830	char *what=abac_aspect_aspect_name(head);
831
832	_reset_pl(pl, who, what, whom, aspect, pstring, pcnt);
833
834	abac_list_t *rlist=NULL;
835	if(pcnt)
836	rlist=_make_yap_query(pl,who,whom,aspect,abac_aspect_aspect_name(head),pstring,pcnt);
837	else
838	rlist=_make_yap_query(pl,who,whom,aspect,abac_aspect_aspect_name(head),NULL,0);
839
840	/* generate the resulting stack from a list */
841	ret=_make_cred_stack(rlist);
842	if(tmp) free(tmp);
843	if(pstring) free(pstring);
844	return ret;
845	}
846
847	/**
848	* Get all the credentials (attribute/issuer cert pairs) from prolog
849	* (which returns in string form)
850	*/
851	abac_stack_t abac_pl_credentials(abac_pl_t pl)
852	{
853	abac_stack_t *ret=abac_verifier_dump_creds();
854	return ret;
855	}
856
857	abac_stack_t abac_pl_principals(abac_pl_t pl)
858	{
859	abac_stack_t *ret=abac_verifier_dump_principals();
860	return ret;
861	}
862
863	/**
864	* Make a query into prolog db
865	--role acme.preferred_customer --principal coyote
866	--role acme.prefer_customer.buy_rockets --principlal coyote
867	--oset acme.rockets -- object mrx-21
868	--oset acme.villans -- principal coyote
869	*/
870	abac_stack_t abac_pl_query(abac_pl_t pl, char roleoset, char prinobj)
871	{
872	abac_stack_t *ret=NULL;
873	int len=strlen(roleoset)+strlen(prinobj)+5;
874	char* attr_string=(char ) abac_xmalloc(sizeof(char)len);
875	sprintf(attr_string,"%s<-%s", roleoset, prinobj);
876
877	if(debug)
878	fprintf(stderr,"abac_pl_query, query string is (%s)\n",attr_string);
879
880	/* call into yacc parser */
881	abac_reset_yyfptr(attr_string);
882	abac_yy_init();
883	int rc=yyparse();
884	if (rc) {
885	free(attr_string);
886	return NULL;
887	}
888
889	abac_aspect_t *head_aspect = abac_yy_get_rule_head_aspect();
890	abac_aspect_t *tail_aspect = abac_yy_get_rule_tail_aspect();
891
892	ret=_query_with_aspect(pl,head_aspect,tail_aspect);
893
894	return ret;
895	}
896
897	abac_stack_t abac_pl_query_with_structure(abac_pl_t pl, abac_aspect_t head_aspect, abac_aspect_t tail_aspect)
898	{
899	abac_stack_t *ret=NULL;
900	ret=_query_with_aspect(pl,head_aspect,tail_aspect);
901
902	return ret;
903	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: