Context Navigation

source: libabac/abac_pl_yy.c @ 2e9455f

mei_rt2

Last change on this file since 2e9455f was 2e9455f, checked in by Mei <mei@…>, 11 years ago
1) added namespace 2) tweak ?This, 3) allowing linking role/oset as constraining conditions 4) adding access_tests regression testing that uses GENI's access policy 5) added couple multi contexts regression tests 6) add compression/uncompression calls to abac_encode_string/abac_decode_string (libstrongwan only allows 512 char for attribute rule storage) 7) add attribute_now option to creddy that takes a whole char string for attribute rule
Property mode set to `100644`
File size: 30.8 KB

Rev	Line
[2e9455f]	1	/**
	2	** abac_pl_yy.c
	3	**/
[a9494ad]	4
	5	/* C declarations */
	6	#include <stdio.h>
	7	#include <string.h>
	8	#include <stdlib.h>
[da5afdf]	9	#include <assert.h>
[a9494ad]	10
[2e9455f]	11	#include "abac_stack.h"
	12
[a9494ad]	13	#include "abac_pl_yy.h"
[2e9455f]	14	#include "abac_util.h"
	15	#include "abac_pl_gen.h"
	16	#include "abac_list.h"
	17	#include "abac_term.h"
	18	#include "abac_aspect.h"
[a9494ad]	19
	20	static int debug=0;
	21
[2e9455f]	22	abac_context_t abac_context=NULL; / context used for this parsing */
	23	static int yy_using_this=0;
	24	int abac_yy_error_code=0; /* keeping last error code */
[b5a3da4]	25	int abac_rule_is_oset=0;
[2e9455f]	26
[8bd77b5]	27	abac_aspect_t *abac_rule_head_aspect=NULL;
	28	abac_aspect_t *abac_rule_tail_aspect=NULL;
[da5afdf]	29
	30	/* structure to hold the range information
	31	within a static constraints on few types of
	32	oset types
	33	[a..b], [a..], [..b], [a],[a,b],[many a]
	34	e_yy_RANGE_MIN=1;
	35	e_yy_RANGE_MAX=2;
	36	e_yy_RANGE_TARGET=3;
	37	*/
	38	typedef struct _abac_yy_range_t {
	39	int type;
	40	char *val;
	41	} abac_yy_range_t;
	42
[a9494ad]	43	/* local principal structure [keyid:USC] */
	44	struct _abac_yy_principal_t {
	45	int type;
[da5afdf]	46	char *sha; // sha is null when this is of object type
	47	char *cn;
[a9494ad]	48	};
	49
[da5afdf]	50	/* [principal:?Z]:..., must match a principal name */
	51	struct _abac_yy_term_principal_t {
[a9494ad]	52	int type; /* this needs to be implicitly determined */
[9806e76]	53	int is_anonymous;
[a9494ad]	54	char *name;
[440ba20]	55	int isrange;
	56	char *cond_str; // range string ??? not sure if this is possible
	57	void *cond_ptr; // ptr to a saved abac_aspect_t or a list(item_t)
[da5afdf]	58	abac_yy_expression_t *cond_head_expr;
[a9494ad]	59	};
	60
[b5a3da4]	61	/* integer,float,time,urn,string types,
	62	if has condition, then it is a variable,
[a9494ad]	63	ie,
	64	[int:?Year]:<1930..1932>,
	65	if no condition, then it is a constant,
	66	ie,
	67	[int:10]
	68	*/
[da5afdf]	69	struct _abac_yy_term_data_t {
[a9494ad]	70	int is_variable;
[9806e76]	71	int is_anonymous;
[a9494ad]	72	int type;
	73	char *name;
[440ba20]	74	char *cond_str; // range string
	75	void *cond_ptr; // ptr to a saved abac_aspect_t
[da5afdf]	76	abac_list_t *cond_range;
	77	abac_yy_expression_t *cond_head_expr; // parking stub
[a9494ad]	78	};
	79
[da5afdf]	80	/* local term structure, will distinguish it in the future */
	81	/* e_yy_DTERM_DATA, all other types
	82	e_yy_DTERM_NAMED, keyid:bob
	83	e_yy_DTERM_PRINCIPAL, principal:?P
[2e9455f]	84	e_yy_DTERM_THIS, ?this
[da5afdf]	85	e_yy_DTERM_ANONYMOUS ? */
	86	struct _abac_yy_term_t {
[a9494ad]	87	union {
	88	abac_yy_principal_t *n_ptr;
[da5afdf]	89	abac_yy_term_principal_t *p_ptr;
	90	abac_yy_term_data_t *d_ptr;
[a9494ad]	91	} term;
	92	int type;
[da5afdf]	93	struct _abac_yy_term_t *next;
	94	int bcnt; /* this is to track number of terms in this linked up list */
[a9494ad]	95	};
	96
[8bd77b5]	97	/* local role/oset structure,
	98	e_yy_NULL_TYPE, e_yy_ROLE_TYPE, e_yy_OSET_TYPE
	99	*/
	100	struct _abac_yy_roleoset_t {
[a9494ad]	101	int type;
	102	char *name;
[da5afdf]	103	abac_yy_term_t *terms;
[8bd77b5]	104	struct _abac_yy_roleoset_t *next;
[a9494ad]	105	int bcnt; /* this is to track number of roles in this linked up list */
	106	};
	107
[da5afdf]	108
	109	/* A, A.r, A.r.r */
	110	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
	111	/* A/obj, A.o, A.r.o */
	112	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
	113	struct _abac_yy_expression_t {
	114	int type;
	115	union {
	116	abac_yy_principal_t *principal;
	117	abac_yy_term_data_t *object;
	118	};
[8bd77b5]	119	abac_yy_roleoset_t *linked_role;
	120	abac_yy_roleoset_t *roleoset;
	121
[da5afdf]	122	struct _abac_yy_expression_t *next;
[a9494ad]	123	int bcnt;
	124	};
[b5a3da4]	125
[2e9455f]	126	/* local */
[b5a3da4]	127	static void _free_yy_expression(abac_yy_expression_t *);
[2e9455f]	128	abac_aspect_t validate_head(int yytype, abac_yy_expression_t expr);
	129	abac_aspect_t validate_linked_tail(int yytype, abac_yy_expression_t expr);
[b5a3da4]	130
	131	/************************************************************************/
	132	void abac_yy_set_error_code(int v)
	133	{
	134	abac_yy_error_code=v;
	135	}
	136
[2a73357]	137	int abac_yy_get_rule_is_oset()
[b5a3da4]	138	{
	139	return abac_rule_is_oset;
	140	}
	141
[8bd77b5]	142	abac_aspect_t *abac_yy_get_rule_head_aspect()
[b5a3da4]	143	{
[8bd77b5]	144	return abac_rule_head_aspect;
[b5a3da4]	145	}
	146
[8bd77b5]	147	abac_aspect_t *abac_yy_get_rule_tail_aspect()
[b5a3da4]	148	{
[8bd77b5]	149	return abac_rule_tail_aspect;
[b5a3da4]	150	}
	151
[da5afdf]	152	/************************************************************************/
[b5a3da4]	153	static void _free_yy_cond_range(abac_list_t *ptr)
[da5afdf]	154	{
	155	if (ptr != NULL) {
	156	abac_yy_range_t *cur;
	157	abac_list_foreach(ptr, cur,
	158	if(cur && cur->val) free(cur->val);
	159	free(cur);
	160	);
	161	abac_list_free(ptr);
	162	}
	163	}
	164
[b5a3da4]	165	static char _string_yy_cond_range(abac_list_t ptr)
[da5afdf]	166	{
	167	assert(ptr);
	168	char *tmp=NULL;
	169	char *min=NULL;
	170	char *max=NULL;
	171	char *val=NULL;
	172	int type;
[a9494ad]	173
[da5afdf]	174	abac_yy_range_t *cur;
	175	abac_list_foreach(ptr, cur,
	176	type=cur->type;
	177	switch (type) {
	178	case e_yy_RANGE_MIN:
[8bd77b5]	179	min=abac_xstrdup(cur->val);
[da5afdf]	180	break;
	181	case e_yy_RANGE_MAX:
[8bd77b5]	182	max=abac_xstrdup(cur->val);
[da5afdf]	183	break;
	184	case e_yy_RANGE_TARGET:
	185	if(val)
	186	asprintf(&val,"%s,%s",val,cur->val);
[8bd77b5]	187	else val=abac_xstrdup(cur->val);
[da5afdf]	188	break;
	189	}
	190	);
	191	if(max && min) {
	192	asprintf(&tmp,"[%s..%s]",min,max);
	193	free(max);
	194	free(min);
	195	return tmp;
	196	}
	197	if(max) {
	198	asprintf(&tmp,"[..%s]",max);
	199	free(max);
	200	return tmp;
	201	}
	202	if(min) {
	203	asprintf(&tmp,"[%s..]",min);
	204	free(min);
	205	return tmp;
	206	}
	207	if(val) {
	208	asprintf(&tmp,"[%s]",val);
	209	free(val);
	210	return tmp;
	211	}
	212	return NULL;
	213	}
	214
[b5a3da4]	215	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
[da5afdf]	216	{
	217	abac_yy_range_t *range=
	218	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
	219	range->type=e_yy_RANGE_TARGET;
[8bd77b5]	220	range->val=abac_xstrdup(val);
[da5afdf]	221	abac_list_add(ptr, range);
	222	return ptr;
	223	}
	224
[b5a3da4]	225	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
[da5afdf]	226	{
	227	abac_yy_range_t *range=
	228	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
	229	range->type=type;
[8bd77b5]	230	range->val=abac_xstrdup(val);
[da5afdf]	231	abac_list_add(ptr, range);
	232	return ptr;
	233	}
	234
	235	abac_list_t make_yy_val_range(char val)
	236	{
	237	abac_list_t *ptr=abac_list_new();
[b5a3da4]	238	add_yy_val_range(ptr,val);
[da5afdf]	239	return ptr;
	240	}
	241
	242	abac_list_t make_yy_minmax_range(char min, char *max)
	243	{
	244	abac_list_t *ptr=abac_list_new();
[b5a3da4]	245	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
	246	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
[da5afdf]	247	return ptr;
	248	}
	249
	250	abac_list_t make_yy_min_range(char min)
	251	{
	252	abac_list_t *ptr=abac_list_new();
[b5a3da4]	253	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
[da5afdf]	254	return ptr;
	255	}
	256
	257	abac_list_t make_yy_max_range(char max)
	258	{
	259	abac_list_t *ptr=abac_list_new();
[b5a3da4]	260	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
[da5afdf]	261	return ptr;
	262	}
[a9494ad]	263
[b5a3da4]	264	/***********************************************************************/
[9806e76]	265	abac_yy_term_data_t *make_yy_term_data()
[a9494ad]	266	{
[b5a3da4]	267	abac_yy_term_data_t *ptr=
	268	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
[9806e76]	269	ptr->name=NULL;
[b5a3da4]	270	ptr->type=0;
	271	ptr->is_variable=0;
[9806e76]	272	ptr->is_anonymous=0;
[b5a3da4]	273	ptr->cond_str=NULL;
	274	ptr->cond_head_expr=NULL;
	275	ptr->cond_ptr=NULL;
	276	ptr->cond_range=NULL;
	277	return ptr;
[a9494ad]	278	}
	279
[9806e76]	280	void set_yy_term_data_name(abac_yy_term_data_t ptr, char name)
	281	{
[8bd77b5]	282	ptr->name=abac_xstrdup(name);
[9806e76]	283	}
	284
[b5a3da4]	285	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
[a9494ad]	286	{
[b5a3da4]	287	return ptr->cond_range;
[a9494ad]	288	}
	289
[b5a3da4]	290	char get_yy_term_data_name(abac_yy_term_data_t ptr)
[a9494ad]	291	{
[b5a3da4]	292	return ptr->name;
[a9494ad]	293	}
	294
[2a73357]	295	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
[a9494ad]	296	{
[b5a3da4]	297	if(ptr->cond_head_expr != NULL)
	298	return 1;
[c586a3c]	299	if(ptr->cond_range != NULL)
[b5a3da4]	300	return 1;
	301	return 0;
[a9494ad]	302	}
	303
[b5a3da4]	304	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
	305	abac_list_t *range)
[a9494ad]	306	{
[b5a3da4]	307	ptr->cond_range=range;
[a9494ad]	308	}
	309
[b5a3da4]	310	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
	311	abac_yy_expression_t *expr)
[a9494ad]	312	{
[b5a3da4]	313	ptr->cond_head_expr=expr;
[a9494ad]	314	}
	315
[b5a3da4]	316	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
[da5afdf]	317	{
[b5a3da4]	318	return ptr->cond_head_expr;
[da5afdf]	319	}
	320
[b5a3da4]	321	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
[a9494ad]	322	{
[440ba20]	323	int type=abac_verify_term_type(typestr);
[b5a3da4]	324	ptr->type=type;
[a9494ad]	325	}
	326
[9806e76]	327	void set_yy_term_data_is_anonymous(abac_yy_term_data_t *ptr)
	328	{
	329	ptr->is_anonymous=1;
	330	}
	331
[2a73357]	332	int is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
[d5bbd3e]	333	{
[440ba20]	334	if(ptr->type==abac_verify_term_type("integer") \|\|
	335	ptr->type==abac_verify_term_type("float"))
[d5bbd3e]	336	return 1;
	337	return 0;
	338	}
	339
[2a73357]	340	int is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
[7b548fa]	341	{
[440ba20]	342	if(ptr->type==abac_verify_term_type("time"))
[7b548fa]	343	return 1;
	344	return 0;
	345	}
	346
[2a73357]	347	int is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
[d5bbd3e]	348	{
[440ba20]	349	if(ptr->type==abac_verify_term_type("string") \|\|
	350	ptr->type==abac_verify_term_type("urn") \|\|
	351	ptr->type==abac_verify_term_type("boolean"))
[d5bbd3e]	352	return 1;
	353	return 0;
	354	}
	355
[b5a3da4]	356	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
[a9494ad]	357	{
[b5a3da4]	358	ptr->cond_ptr=vptr;
[a9494ad]	359	}
	360
[b5a3da4]	361	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
[da5afdf]	362	{
[8bd77b5]	363	ptr->cond_str=abac_xstrdup(cond);
[da5afdf]	364	}
	365
[b5a3da4]	366	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
[da5afdf]	367	{
[b5a3da4]	368	ptr->is_variable=1;
[da5afdf]	369	}
	370
[b5a3da4]	371	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
[a9494ad]	372	{
[b5a3da4]	373	return ptr->is_variable;
[a9494ad]	374	}
	375
[b5a3da4]	376	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
[a9494ad]	377	{
[b5a3da4]	378	free(ptr->name);
	379	if(ptr->cond_str)
	380	free(ptr->cond_str);
	381	if(ptr->cond_head_expr)
	382	_free_yy_expression(ptr->cond_head_expr);
	383	if(ptr->cond_range);
	384	_free_yy_cond_range(ptr->cond_range);
	385	free(ptr);
[a9494ad]	386	}
	387
[9806e76]	388	abac_yy_term_principal_t *make_yy_term_principal()
[a9494ad]	389	{
[b5a3da4]	390	abac_yy_term_principal_t *ptr=
	391	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
[d845403]	392	ptr->type=0;/* this is not known */
[9806e76]	393	ptr->is_anonymous=0;
	394	ptr->name=NULL;
[440ba20]	395	ptr->isrange=0;
[b5a3da4]	396	ptr->cond_str=NULL;
[440ba20]	397	ptr->cond_ptr=NULL;
[b5a3da4]	398	ptr->cond_head_expr=NULL;
	399	return ptr;
[a9494ad]	400	}
	401
[9335cfa]	402	static void _set_using_this()
	403	{
[2e9455f]	404	yy_using_this=1;
	405	}
	406
	407	int abac_yy_get_using_this()
	408	{
	409	return yy_using_this;
[9335cfa]	410	}
	411
[440ba20]	412	void set_yy_term_principal_isrange(abac_yy_term_principal_t *ptr, int isrange)
	413	{
	414	ptr->isrange=isrange;
	415	}
	416
[9806e76]	417	void set_yy_term_principal_name(abac_yy_term_principal_t ptr, char name)
	418	{
[2e9455f]	419	ptr->name=abac_xstrdup(name);
[9806e76]	420	}
	421
[b5a3da4]	422	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
[a9494ad]	423	{
[b5a3da4]	424	ptr->cond_ptr=vptr;
[a9494ad]	425	}
	426
[b5a3da4]	427	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
[a9494ad]	428	{
[b5a3da4]	429	ptr->cond_str=abac_xstrdup(cond);
[a9494ad]	430	}
	431
[9806e76]	432	void set_yy_term_principal_is_anonymous(abac_yy_term_principal_t *ptr)
	433	{
	434	ptr->is_anonymous=1;
	435	}
	436
[b5a3da4]	437	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
[da5afdf]	438	{
[b5a3da4]	439	return ptr->cond_head_expr;
[da5afdf]	440	}
	441
[b5a3da4]	442	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
	443	abac_yy_expression_t *expr)
[da5afdf]	444	{
[b5a3da4]	445	ptr->cond_head_expr=expr;
[da5afdf]	446	}
	447
[b5a3da4]	448	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
[da5afdf]	449	{
[b5a3da4]	450	free(ptr->name);
	451	if(ptr->cond_str)
	452	free(ptr->cond_str);
	453	if(ptr->cond_head_expr)
	454	_free_yy_expression(ptr->cond_head_expr);
	455	free(ptr);
[da5afdf]	456	}
	457
[2e9455f]	458	abac_yy_term_t *make_yy_term_dterm_this()
	459	{
	460	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	461	ptr->type = e_yy_DTERM_THIS;
	462	ptr->next=NULL;
	463	ptr->bcnt=1;
	464	_set_using_this();
	465	return ptr;
	466	}
	467
[b5a3da4]	468	abac_yy_term_t *make_yy_term_dterm_anonymous()
[da5afdf]	469	{
[b5a3da4]	470	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	471	ptr->type = e_yy_DTERM_ANONYMOUS;
	472	ptr->next=NULL;
	473	ptr->bcnt=1;
	474	return ptr;
[da5afdf]	475	}
	476
[b5a3da4]	477	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
[da5afdf]	478	{
[b5a3da4]	479	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
[9806e76]	480	if(pptr->is_anonymous)
	481	ptr->type = e_yy_DTERM_ANONYMOUS;
	482	else ptr->type = e_yy_DTERM_PRINCIPAL;
[b5a3da4]	483	ptr->term.p_ptr=pptr;
	484	ptr->next=NULL;
	485	ptr->bcnt=1;
	486	return ptr;
	487	}
	488
	489	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
	490	{
	491	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	492	ptr->type = e_yy_DTERM_NAMED;
	493	ptr->term.n_ptr=nptr;
	494	ptr->next=NULL;
	495	ptr->bcnt=1;
	496	return ptr;
	497	}
	498
	499	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
	500	{
	501	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
[9806e76]	502
	503	if(dptr->is_anonymous)
	504	ptr->type = e_yy_DTERM_ANONYMOUS;
	505	else ptr->type = e_yy_DTERM_DATA;
[b5a3da4]	506	ptr->term.d_ptr=dptr;
	507	ptr->next=NULL;
	508	ptr->bcnt=1;
	509	return ptr;
	510	}
	511
[a9494ad]	512	/****************************************************************************/
	513	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
	514	{
	515	abac_yy_principal_t *ptr=
	516	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
[7727f26]	517	/* add p to yyparse's principal */
	518	if(sha) ptr->sha=abac_xstrdup(sha);
	519	else ptr->sha=NULL;
	520	if(cn) ptr->cn=abac_xstrdup(cn);
	521	else ptr->cn=NULL;
[a9494ad]	522	ptr->type=type;
	523	return ptr;
	524	}
	525
	526	static void _free_yy_principal(abac_yy_principal_t *ptr)
	527	{
[7727f26]	528	if(ptr->sha) free(ptr->sha);
	529	if(ptr->cn) free(ptr->cn);
[a9494ad]	530	free(ptr);
	531	}
	532
[da5afdf]	533	int get_yy_principal_type(abac_yy_principal_t *ptr)
	534	{
	535	return ptr->type;
	536	}
	537
[7727f26]	538	char get_yy_principal_name(abac_yy_principal_t ptr)
[da5afdf]	539	{
[7727f26]	540	if(USE("ABAC_CN") && ptr->cn)
	541	return ptr->cn;
[da5afdf]	542	return ptr->sha;
	543	}
	544
[7727f26]	545	char get_yy_principal_cn(abac_yy_principal_t ptr)
	546	{
	547	return ptr->cn;
	548	}
	549
	550	char get_yy_principal_sha(abac_yy_principal_t ptr)
	551	{
	552	return ptr->sha;
	553	}
	554
[b5a3da4]	555	/*************************************************************************/
	556
	557	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
	558	{
	559	int i=terms->bcnt;
	560	nterm->next=terms;
	561	nterm->bcnt=i+1;
	562	return nterm;
	563	}
	564
	565	static void _free_yy_term(abac_yy_term_t *ptr)
	566	{
	567	switch (ptr->type) {
	568	case e_yy_DTERM_DATA:
	569	_free_yy_term_data(ptr->term.d_ptr);
	570	break;
	571	case e_yy_DTERM_NAMED:
	572	_free_yy_principal(ptr->term.n_ptr);
	573	break;
	574	case e_yy_DTERM_PRINCIPAL:
	575	_free_yy_term_principal(ptr->term.p_ptr);
	576	break;
	577	case e_yy_DTERM_ANONYMOUS:
[2e9455f]	578	case e_yy_DTERM_THIS:
[b5a3da4]	579	break;
	580	}
	581	if(ptr->next)
	582	_free_yy_term(ptr->next);
	583	free(ptr);
	584	}
	585
	586	/*************************************************************************/
[8bd77b5]	587	abac_yy_roleoset_t make_yy_roleoset_role(char name, abac_yy_term_t *terms)
[a9494ad]	588	{
[8bd77b5]	589	abac_yy_roleoset_t *ptr=
	590	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
[a9494ad]	591	ptr->name=abac_xstrdup(name);
[da5afdf]	592	ptr->terms=terms;
[a9494ad]	593	ptr->next=NULL;
	594	ptr->bcnt=1;
[8bd77b5]	595	ptr->type=e_yy_ROLE_TYPE;
[a9494ad]	596	return ptr;
	597	}
	598
[8bd77b5]	599	static void _free_yy_roleoset(abac_yy_roleoset_t *ptr)
[a9494ad]	600	{
	601	free(ptr->name);
[da5afdf]	602	if(ptr->terms)
	603	_free_yy_term(ptr->terms);
[a9494ad]	604	if(ptr->next)
[8bd77b5]	605	_free_yy_roleoset(ptr->next);
[a9494ad]	606	free(ptr);
	607	}
	608
[b5a3da4]	609	/***************************************************************************/
[8bd77b5]	610	abac_yy_roleoset_t make_yy_roleoset_oset(char name, abac_yy_term_t *terms)
[b5a3da4]	611	{
[8bd77b5]	612	abac_yy_roleoset_t *ptr=
	613	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
[b5a3da4]	614	ptr->name=abac_xstrdup(name);
	615	ptr->terms=terms;
	616	ptr->next=NULL;
	617	ptr->bcnt=1;
[8bd77b5]	618	ptr->type=e_yy_OSET_TYPE;
[b5a3da4]	619	return ptr;
	620	}
	621
	622	/***************************************************************************/
	623
[da5afdf]	624	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
	625
[8bd77b5]	626	abac_yy_expression_t make_yy_expression(int type,void pptr,
	627	abac_yy_roleoset_t optr, abac_yy_roleoset_t linked_role)
[a9494ad]	628	{
[da5afdf]	629	abac_yy_expression_t *ptr=
	630	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
	631	ptr->type = type;
	632	if(type == e_yy_EXPR_OBJECT) {
	633	ptr->object=(abac_yy_term_data_t *)pptr;
	634	} else {
	635	ptr->principal = (abac_yy_principal_t *)pptr;
	636	}
[8bd77b5]	637	ptr->roleoset = optr;
[a9494ad]	638	ptr->linked_role=linked_role;
	639	ptr->next=NULL;
	640
	641	return ptr;
	642	}
	643
[da5afdf]	644	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
	645	{
	646	if(ptr->type == e_yy_EXPR_OBJECT)
	647	return ptr->object;
	648	return NULL;
	649	}
	650
	651	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
	652	abac_yy_expression_t *exprs)
[a9494ad]	653	{
	654	int i=exprs->bcnt;
	655	nexpr->next=exprs;
	656	nexpr->bcnt=i+1;
	657	return nexpr;
	658	}
	659
[da5afdf]	660	static void _free_yy_expression(abac_yy_expression_t *ptr)
[a9494ad]	661	{
[da5afdf]	662	if(ptr->type == e_yy_EXPR_OBJECT) {
	663	if(ptr->object)
	664	_free_yy_term_data(ptr->object);
	665	} else {
	666	if(ptr->principal)
	667	_free_yy_principal(ptr->principal);
	668	}
[8bd77b5]	669	if(ptr->roleoset) _free_yy_roleoset(ptr->roleoset);
[a9494ad]	670	if(ptr->linked_role)
[8bd77b5]	671	_free_yy_roleoset(ptr->linked_role);
[a9494ad]	672	if(ptr->next)
[da5afdf]	673	_free_yy_expression(ptr->next);
[a9494ad]	674
	675	free(ptr);
	676	}
	677
[b5a3da4]	678	/***************************************************************************/
[8bd77b5]	679	/* add the oset condition to constraint list */
[440ba20]	680	void make_yy_oset_constraint(abac_yy_term_data_t ptr, char tail_string)
[8bd77b5]	681	{
[2e9455f]	682	abac_yy_expression_t *cond_expr=get_yy_term_data_cond_head_expr(ptr);
	683	if(cond_expr) {
	684	abac_aspect_t *cond_aspect=NULL;
	685	if(cond_expr->type == e_yy_EXPR_LINKED)
	686	cond_aspect=validate_linked_tail(e_yy_OSET_TYPE,cond_expr);
	687	else cond_aspect=validate_head(e_yy_OSET_TYPE,cond_expr);
	688	if(cond_aspect != NULL) {
[b92a620]	689	if(debug) fprintf(stderr,"make_yy_oset_constraint..\n");
[2e9455f]	690	set_yy_term_data_cond_ptr(ptr,cond_aspect);
[440ba20]	691	}
[8bd77b5]	692	}
	693	}
[440ba20]	694
[8bd77b5]	695	/* add the role condition to constraint list */
[440ba20]	696	void make_yy_role_constraint(abac_yy_term_principal_t ptr, char tail_string)
[8bd77b5]	697	{
[2e9455f]	698	abac_yy_expression_t *cond_expr=get_yy_term_principal_cond_head_expr(ptr);
	699	if(cond_expr) {
	700	abac_aspect_t *cond_aspect=NULL;
	701	if(cond_expr->type == e_yy_EXPR_LINKED)
	702	cond_aspect=validate_linked_tail(e_yy_ROLE_TYPE,cond_expr);
	703	else cond_aspect=validate_head(e_yy_ROLE_TYPE,cond_expr);
	704	if(cond_aspect != NULL) {
[b92a620]	705	if(debug) fprintf(stderr,"make_yy_role_constraint..\n");
[2e9455f]	706	set_yy_term_principal_cond_ptr(ptr,cond_aspect);
[440ba20]	707	set_yy_term_principal_isrange(ptr,0);
[8bd77b5]	708	}
	709	}
	710	}
	711
	712
	713	/****************************************************************/
	714	static void _aspect_add_terms(int linked, abac_aspect_t *aspect_ptr,
[da5afdf]	715	abac_yy_term_t *terms)
	716	{
	717	abac_yy_term_t *curr = terms;
	718	int type;
[d037f54]	719	int isnamed;
[440ba20]	720	int isrange;
[d037f54]	721	char *name;
	722	char *cond;
	723	void *ptr;
[7727f26]	724
[da5afdf]	725	while (curr) {
[d037f54]	726	name=NULL;
	727	cond=NULL;
	728	ptr=NULL;
	729	isnamed=0;
[440ba20]	730	isrange=0;
[da5afdf]	731	switch (curr->type) {
	732	case e_yy_DTERM_DATA:
	733	{
[8bd77b5]	734	abac_yy_term_data_t *dptr=curr->term.d_ptr;
	735	type=dptr->type;
	736	name=abac_xstrdup(dptr->name);
[440ba20]	737	if(dptr->cond_str)
[8bd77b5]	738	cond=abac_xstrdup(dptr->cond_str);
[440ba20]	739	ptr=dptr->cond_ptr;
	740	isrange=(dptr->cond_range!=NULL)?1:0;
[da5afdf]	741	break;
	742	}
	743	case e_yy_DTERM_PRINCIPAL:
	744	{
[8bd77b5]	745	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
[440ba20]	746	type=abac_verify_term_type("principal");
[8bd77b5]	747	name=abac_xstrdup(pptr->name);
[440ba20]	748	if(pptr->cond_str)
[8bd77b5]	749	cond=abac_xstrdup(pptr->cond_str);
[440ba20]	750	ptr=pptr->cond_ptr;
	751	isrange=pptr->isrange;
[da5afdf]	752	break;
	753	}
	754	case e_yy_DTERM_NAMED:
	755	{
[8bd77b5]	756	abac_yy_principal_t *pptr=curr->term.n_ptr;
	757	type=pptr->type;
	758	name=abac_xstrdup(get_yy_principal_name(pptr));
[d037f54]	759	isnamed=1;
[da5afdf]	760	break;
	761	}
	762	case e_yy_DTERM_ANONYMOUS:
	763	{
[440ba20]	764	type=abac_verify_term_type("anonymous");
[da5afdf]	765	name=abac_xstrdup("_");
	766	break;
	767	}
[2e9455f]	768	case e_yy_DTERM_THIS:
	769	{
	770	type=abac_verify_term_type("this");
	771	name=abac_xstrdup("This");
	772	break;
	773	}
[da5afdf]	774	}
[d037f54]	775	abac_term_t *param=NULL;
	776	if(isnamed)
	777	param=abac_term_named_new(type,name);
[440ba20]	778	else param=abac_term_new(type,name,isrange,cond,ptr);
[da5afdf]	779	if (linked)
[8bd77b5]	780	abac_aspect_add_linked_param(aspect_ptr, param);
[da5afdf]	781	else
[8bd77b5]	782	abac_aspect_add_param(aspect_ptr, param);
[da5afdf]	783	curr=curr->next;
	784	}
	785	}
	786
[8bd77b5]	787	static void _aspect_add_linked_terms(abac_aspect_t ptr, abac_yy_term_t terms)
[da5afdf]	788	{
	789	int linked=1;
[8bd77b5]	790	_aspect_add_terms(linked, ptr, terms);
[da5afdf]	791	}
	792
[8bd77b5]	793	static void _aspect_add_aspect_terms(abac_aspect_t ptr, abac_yy_term_t terms)
[da5afdf]	794	{
	795	int linked=0;
[8bd77b5]	796	_aspect_add_terms(linked, ptr, terms);
[da5afdf]	797	}
	798
[8bd77b5]	799	abac_aspect_t validate_intersected_tail(abac_aspect_t ptr)
[da5afdf]	800	{
[8bd77b5]	801	abac_aspect_t *ret_ptr=abac_aspect_intersection_new(ptr);
	802	return ret_ptr;
[da5afdf]	803	}
	804
[8bd77b5]	805	/* A.oset, A.role */
	806	abac_aspect_t validate_head(int yytype, abac_yy_expression_t expr)
[da5afdf]	807	{
	808	abac_yy_principal_t *principal=expr->principal;
[8bd77b5]	809	abac_yy_roleoset_t *ptr=expr->roleoset;
[da5afdf]	810
[7727f26]	811	char *principalname=get_yy_principal_sha(principal);
[8bd77b5]	812	char *name=ptr->name;
	813	abac_yy_term_t *terms=ptr->terms;
[da5afdf]	814
[8bd77b5]	815	abac_aspect_t *aptr=NULL;
	816	if(yytype==e_yy_OSET_TYPE)
	817	aptr=abac_aspect_oset_new(principalname, name);
	818	else aptr=abac_aspect_role_new(principalname, name);
	819
	820	if (aptr==NULL) {
	821	abac_yy_set_error_code(ABAC_YY_INVALID_HEAD);
[da5afdf]	822	goto error;
	823	}
[8bd77b5]	824
[da5afdf]	825	// insert the params for the oset
	826	if(terms) {
[8bd77b5]	827	_aspect_add_aspect_terms(aptr, terms);
[da5afdf]	828	}
[8bd77b5]	829	return aptr;
[da5afdf]	830
	831	error:
	832	return NULL;
	833	}
	834
[8bd77b5]	835	abac_aspect_t validate_head_oset(abac_yy_expression_t expr)
	836	{
	837	return validate_head(e_yy_OSET_TYPE,expr);
	838	}
	839
	840	abac_aspect_t validate_head_role(abac_yy_expression_t expr)
	841	{
	842	return validate_head(e_yy_ROLE_TYPE,expr);
	843	}
	844
	845	/*****************************************************************************/
[da5afdf]	846	/* B */
[8bd77b5]	847	abac_aspect_t validate_named_tail(int yytype, abac_yy_expression_t expr)
[da5afdf]	848	{
	849	abac_yy_principal_t *principal=expr->principal;
[7727f26]	850	char *principalname=get_yy_principal_sha(principal);
[da5afdf]	851
[8bd77b5]	852	abac_aspect_t *ptr=NULL;
	853	if(yytype==e_yy_OSET_TYPE)
	854	ptr=abac_aspect_oset_principal_new(principalname);
	855	else ptr=abac_aspect_role_principal_new(principalname);
	856	if (ptr==NULL)
[da5afdf]	857	goto error;
[8bd77b5]	858	return ptr;
[da5afdf]	859
	860	error:
[8bd77b5]	861	panic("can not generate a simple named tail oset aspect");
[da5afdf]	862	return NULL;
	863	}
	864
	865
	866	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
[8bd77b5]	867	abac_aspect_t validate_object_tail(int yytype,abac_yy_expression_t expr)
[da5afdf]	868	{
	869	abac_yy_term_data_t *object=get_yy_expression_object(expr);
	870	assert(object != NULL);
	871
	872	char *name=object->name;
	873	int type=object->type;
[b5a3da4]	874	char *cond=object->cond_str;
	875	void *ptr=object->cond_ptr;
[440ba20]	876	int isrange=(object->cond_range!=NULL)?1:0;
	877	abac_term_t *term=abac_term_new(type,name,isrange,cond,ptr);
[8bd77b5]	878	abac_aspect_t *aptr=NULL;
	879	if(yytype==e_yy_OSET_TYPE)
	880	aptr=abac_aspect_oset_object_new(term);
	881	else
	882	goto error; /* can not be a role expression with obj */
	883	if (aptr==NULL)
[da5afdf]	884	goto error;
[8bd77b5]	885	return aptr;
[da5afdf]	886
	887	error:
[8bd77b5]	888	panic("can not generate a simple object tail oset aspect");
[da5afdf]	889	return NULL;
	890	}
	891
	892
[8bd77b5]	893	/* B.role or B.oset */
	894	abac_aspect_t validate_some_tail(int yytype, abac_yy_expression_t expr)
[da5afdf]	895	{
	896	abac_yy_principal_t *principal=expr->principal;
[8bd77b5]	897	abac_yy_roleoset_t *eptr=expr->roleoset;
[da5afdf]	898
[7727f26]	899	char *principalname=get_yy_principal_sha(principal);
[8bd77b5]	900	char *name=eptr->name;
	901	abac_yy_term_t *terms=eptr->terms;
[da5afdf]	902
[8bd77b5]	903	abac_aspect_t *ptr=NULL;
	904	if(yytype==e_yy_OSET_TYPE)
	905	ptr=abac_aspect_oset_new(principalname, name);
	906	else
	907	ptr=abac_aspect_role_new(principalname, name);
	908	if (ptr==NULL)
[da5afdf]	909	goto error;
	910
	911	if(terms) {
[8bd77b5]	912	_aspect_add_aspect_terms(ptr, terms);
[da5afdf]	913	}
[8bd77b5]	914	return ptr;
[da5afdf]	915
	916	error:
[8bd77b5]	917	panic("can not generate a simple tail aspect");
[da5afdf]	918	return NULL;
	919	}
	920
[8bd77b5]	921	/* B.role.role or B.role.oset */
	922	abac_aspect_t validate_linked_tail(int yytype, abac_yy_expression_t expr)
[da5afdf]	923	{
	924	abac_yy_principal_t *principal=expr->principal;
[8bd77b5]	925
	926	abac_yy_roleoset_t *eptr=expr->roleoset;
	927	abac_yy_roleoset_t *linked_role=expr->linked_role;
[da5afdf]	928
[7727f26]	929	char *principalname=get_yy_principal_sha(principal);
[8bd77b5]	930	char *name=eptr->name;
	931	abac_yy_term_t *terms=eptr->terms;
[da5afdf]	932
	933	char *linkedrolename=linked_role->name;
	934	abac_yy_term_t *linked_terms=linked_role->terms;
	935
[8bd77b5]	936	abac_aspect_t *ptr=NULL;
	937	if(yytype==e_yy_OSET_TYPE)
	938	ptr=abac_aspect_oset_linking_new(principalname,
	939	linkedrolename, name);
	940	else ptr=abac_aspect_role_linking_new(principalname,
	941	linkedrolename, name);
	942	if (ptr==NULL)
[da5afdf]	943	goto error;
	944
	945	if(linked_terms) {
[8bd77b5]	946	_aspect_add_linked_terms(ptr, linked_terms);
[da5afdf]	947	}
	948	if(terms) {
[8bd77b5]	949	_aspect_add_aspect_terms(ptr, terms);
[da5afdf]	950	}
	951
[8bd77b5]	952	return ptr;
[da5afdf]	953
	954	error:
	955	panic("can not generate linked tail oset");
	956	return NULL;
	957	}
	958
	959
[8bd77b5]	960	/**********************************************************************/
[2e9455f]	961	int make_oset_statement(abac_yy_expression_t headexpr, abac_yy_expression_t tailexpr)
[da5afdf]	962	{
[2e9455f]	963	int rc=0;
[8bd77b5]	964	abac_aspect_t *head_oset=NULL;
	965	abac_aspect_t *tail_oset=NULL;
[da5afdf]	966
	967	/* build up left side's abac oset structure */
[8bd77b5]	968	head_oset=validate_head(e_yy_OSET_TYPE, headexpr);
[2e9455f]	969	if(head_oset == NULL) {
	970	rc=1;
[da5afdf]	971	goto error;
[2e9455f]	972	}
[da5afdf]	973
	974	/* build up the right side's abac oset structure */
	975	abac_yy_expression_t *curr_tail = tailexpr;
	976	int intersecting=(tailexpr->next != NULL)? 1:0;
[8bd77b5]	977	abac_aspect_t *curr_oset = NULL;
[da5afdf]	978	while (curr_tail) {
	979	switch(curr_tail->type) {
	980	case e_yy_EXPR_OBJECT:
[8bd77b5]	981	curr_oset=validate_object_tail(e_yy_OSET_TYPE,curr_tail);
[da5afdf]	982	break;
	983	case e_yy_EXPR_NAMED:
[8bd77b5]	984	curr_oset=validate_named_tail(e_yy_OSET_TYPE,curr_tail);
[da5afdf]	985	break;
	986	case e_yy_EXPR_OSET:
[8bd77b5]	987	curr_oset=validate_some_tail(e_yy_OSET_TYPE,curr_tail);
[da5afdf]	988	break;
	989	case e_yy_EXPR_LINKED:
[8bd77b5]	990	curr_oset=validate_linked_tail(e_yy_OSET_TYPE,curr_tail);
[da5afdf]	991	break;
	992	}
[2e9455f]	993	if(curr_oset==NULL) {
	994	rc=1;
[da5afdf]	995	goto error;
[2e9455f]	996	}
[da5afdf]	997
	998	/* check if first one */
	999	if(tail_oset==NULL) {
	1000	if(intersecting)
[8bd77b5]	1001	tail_oset=validate_intersected_tail(curr_oset);
[da5afdf]	1002	else
	1003	tail_oset=curr_oset;
	1004	} else {
[8bd77b5]	1005	abac_aspect_add_intersecting_aspect(tail_oset,curr_oset);
[da5afdf]	1006	}
	1007	curr_tail=curr_tail->next;
	1008	} /* while */
	1009
	1010	if(debug) {
[b92a620]	1011	fprintf(stderr,"aspect head_oset: ");
	1012	abac_print_aspect_string_with_condition(head_oset,stderr);
	1013	fprintf(stderr,"\n");
	1014	fprintf(stderr,"aspect tail_oset: ");
	1015	abac_print_aspect_string_with_condition(tail_oset,stderr);
	1016	fprintf(stderr,"\n");
[da5afdf]	1017	}
	1018
[2e9455f]	1019	error:
[da5afdf]	1020	_free_yy_expression(headexpr);
	1021	_free_yy_expression(tailexpr);
[8bd77b5]	1022	abac_rule_head_aspect=head_oset;
	1023	abac_rule_tail_aspect=tail_oset;
[b5a3da4]	1024	abac_rule_is_oset=1;
[2e9455f]	1025	return rc;
[da5afdf]	1026	}
	1027
[440ba20]	1028	/*****************************************************************************/
	1029	abac_list_t validate_range(abac_list_t ptr)
	1030	{
	1031	abac_list_t *nlist=abac_list_new();
	1032
	1033	abac_item_t *nitem;
	1034	abac_yy_range_t *cur;
	1035	char *val;
	1036	int type;
	1037	abac_list_foreach(ptr, cur,
	1038	if(cur) {
	1039	type=cur->type;
	1040	val=cur->val;
[ca72963]	1041	if(type==e_yy_RANGE_MIN) nitem=abac_item_new(abac_min_item_type(),val);
	1042	if(type==e_yy_RANGE_MAX) nitem=abac_item_new(abac_max_item_type(),val);
	1043	if(type==e_yy_RANGE_TARGET) nitem=abac_item_new(abac_target_item_type(),val);
[440ba20]	1044	abac_list_add(nlist,nitem);
	1045	}
	1046	);
	1047	return nlist;
	1048	}
	1049
	1050	/****************************************************************/
	1051	void make_yy_range_constraint(abac_yy_term_data_t *ptr)
	1052	{
	1053	if(is_yy_term_data_type_numeric(ptr) \|\|
	1054	is_yy_term_data_type_alpha(ptr) \|\|
	1055	is_yy_term_data_type_time(ptr)) {
	1056	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
	1057	if(rlist) {
	1058	abac_list_t *nlist=validate_range(rlist);
	1059	set_yy_term_data_cond_ptr(ptr,nlist);
	1060	}
	1061	}
	1062	}
[8bd77b5]	1063	/*****************************************************************************/
[2e9455f]	1064	abac_context_t *get_abac_context()
	1065	{
	1066	assert(abac_context);
	1067	return abac_context;
	1068	}
	1069
	1070	/* build up the abac structure */
	1071	int make_role_statement(abac_yy_expression_t headexpr, abac_yy_expression_t tailexpr)
[a9494ad]	1072	{
[2e9455f]	1073	int rc=0;
[8bd77b5]	1074	abac_aspect_t *head_role=NULL;
	1075	abac_aspect_t *tail_role=NULL;
[a9494ad]	1076
	1077	/* build up left side's abac role structure */
[8bd77b5]	1078	head_role=validate_head(e_yy_ROLE_TYPE,headexpr);
[2e9455f]	1079	if(head_role == NULL) {
	1080	rc=1;
[a9494ad]	1081	goto error;
[2e9455f]	1082	}
[a9494ad]	1083
	1084	/* build up the right side's abac role structure */
[da5afdf]	1085	abac_yy_expression_t *curr_tail = tailexpr;
[a9494ad]	1086	int intersecting=(tailexpr->next != NULL)? 1:0;
[8bd77b5]	1087	abac_aspect_t *curr_role = NULL;
[a9494ad]	1088	while (curr_tail) {
[da5afdf]	1089	switch(curr_tail->type) {
	1090	case e_yy_EXPR_NAMED:
[8bd77b5]	1091	curr_role=validate_named_tail(e_yy_ROLE_TYPE,curr_tail);
[a9494ad]	1092	break;
[da5afdf]	1093	case e_yy_EXPR_ROLE:
[8bd77b5]	1094	curr_role=validate_some_tail(e_yy_ROLE_TYPE,curr_tail);
[a9494ad]	1095	break;
[da5afdf]	1096	case e_yy_EXPR_LINKED:
[8bd77b5]	1097	curr_role=validate_linked_tail(e_yy_ROLE_TYPE,curr_tail);
[a9494ad]	1098	break;
	1099	}
[2e9455f]	1100	if(curr_role==NULL) {
	1101	rc=1;
[a9494ad]	1102	goto error;
[2e9455f]	1103	}
[a9494ad]	1104
	1105	/* check if first one */
	1106	if(tail_role==NULL) {
	1107	if(intersecting)
[8bd77b5]	1108	tail_role=validate_intersected_tail(curr_role);
[a9494ad]	1109	else
	1110	tail_role=curr_role;
	1111	} else {
[8bd77b5]	1112	abac_aspect_add_intersecting_aspect(tail_role,curr_role);
[a9494ad]	1113	}
	1114	curr_tail=curr_tail->next;
	1115	} /* while */
	1116
	1117	if(debug) {
[b92a620]	1118	fprintf(stderr,"aspect head_role: ");
	1119	abac_print_aspect_string_with_condition(head_role,stderr);
	1120	fprintf(stderr,"\n");
	1121	fprintf(stderr,"aspect tail_role: ");
	1122	abac_print_aspect_string_with_condition(tail_role,stderr);
	1123	fprintf(stderr,"\n");
[a9494ad]	1124	}
	1125
[2e9455f]	1126	error:
[da5afdf]	1127	_free_yy_expression(headexpr);
	1128	_free_yy_expression(tailexpr);
[8bd77b5]	1129	abac_rule_head_aspect=head_role;
	1130	abac_rule_tail_aspect=tail_role;
[b5a3da4]	1131	abac_rule_is_oset=0;
[a9494ad]	1132
[2e9455f]	1133	return rc;
[a9494ad]	1134	}
[da5afdf]	1135
[b5a3da4]	1136	/************************************************************************/
[2e9455f]	1137	void abac_yy_init(abac_context_t *ctxt)
[b5a3da4]	1138	{
[2e9455f]	1139	yy_using_this=0;
	1140	abac_context=ctxt;
[b5a3da4]	1141	abac_yyinit();
	1142	}
	1143
[2e9455f]	1144	/************************************************************************/
	1145	/* this is called to parse a string into 2 aspect structures */
	1146	/* NEED TO BE LOCKED HERE XXX */
	1147	int abac_yy_parse(abac_context_t ctxt, char attr_string, abac_aspect_t head_aspect, abac_aspect_t tail_aspect, int *using_this)
	1148	{
	1149	/ctxt could be null/
	1150	abac_ll_reset_yyfptr(attr_string);
	1151	abac_yy_init(ctxt);
	1152	int rc=yyparse();
	1153	if (rc) {
	1154	free(attr_string);
	1155	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
	1156	return 1;
	1157	}
	1158	*head_aspect = abac_yy_get_rule_head_aspect();
	1159	*tail_aspect = abac_yy_get_rule_tail_aspect();
	1160	*using_this= abac_yy_get_using_this();
	1161	return 0;
	1162	}
	1163
	1164
	1165
[b5a3da4]	1166

Note: See TracBrowser for help on using the repository browser.

Download in other formats: