Context Navigation

source: libabac/abac_pl_yy.c @ 4b8e1c9

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 4b8e1c9 was 4b8e1c9, checked in by Mei <mei@…>, 12 years ago
1) add boolean static range constraint handling 2) add boolean range test into balltime_rt2_typed
Property mode set to `100644`
File size: 42.3 KB

Rev	Line
[a9494ad]	1
	2	/* C declarations */
	3	#include <stdio.h>
	4	#include <string.h>
	5	#include <stdlib.h>
[da5afdf]	6	#include <assert.h>
[a9494ad]	7
	8	#include "abac_util.h"
	9	#include "abac_pl_yy.h"
	10
	11	static int debug=0;
	12
[b5a3da4]	13	extern void panic(char*);
	14
	15	/* from abac_pl_gen.c */
[d5bbd3e]	16	extern char generate_pl_range_constraint(char ,char ,char ,char *);
[7b548fa]	17	extern char generate_pl_range_time_constraint(char ,char ,char );
[b5a3da4]	18	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
[da5afdf]	19	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
	20	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
[0d0c3a9]	21	extern char* generate_pl_role_constraint_clause(abac_role_t , char );
[a9494ad]	22	extern char generate_pl_type_clause(char , int);
[de22a7e]	23	/* from abac_pl_yap.c */
[7b548fa]	24	extern char abac_pl_add_range_constraint_clause(char var,
[de22a7e]	25	char *tmplist);
[b5a3da4]	26	/* from rt2.y */
	27	extern void abac_yyinit();
[a9494ad]	28
[b5a3da4]	29	int abac_yy_error_code = 0; /* keeping last error code */
[a9494ad]	30
[b5a3da4]	31	int abac_rule_is_oset=0;
	32	abac_list_t *abac_rule_clauses=NULL;
	33	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
	34	abac_role_t *abac_rule_head_role=NULL;
	35	abac_role_t *abac_rule_tail_role=NULL;
	36	abac_oset_t *abac_rule_head_oset=NULL;
	37	abac_oset_t *abac_rule_tail_oset=NULL;
[da5afdf]	38
	39	/* to track id certs within a rule clause */
[a9494ad]	40	typedef struct _abac_yy_id_cert_t {
	41	char *principalname;
	42	int type; /* keyidtype */
	43	char *clause;
	44	} abac_yy_id_cert_t;
	45	abac_list_t *abac_yy_id_certs = NULL;
	46
[da5afdf]	47	/* structure to hold the range information
	48	within a static constraints on few types of
	49	oset types
	50	[a..b], [a..], [..b], [a],[a,b],[many a]
	51	e_yy_RANGE_MIN=1;
	52	e_yy_RANGE_MAX=2;
	53	e_yy_RANGE_TARGET=3;
	54	*/
	55	typedef struct _abac_yy_range_t {
	56	int type;
	57	char *val;
	58	} abac_yy_range_t;
	59
	60	/* to track role/oset constraint clauses used within a rule clause,
[d5bbd3e]	61	collect them up in one place, these are for conjunction clauses */
[da5afdf]	62	typedef struct _abac_yy_constraint_t {
	63	char *clause;
	64	} abac_yy_constraint_t;
	65	abac_list_t *abac_yy_constraints = NULL;
	66
[a9494ad]	67	/* local principal structure [keyid:USC] */
	68	struct _abac_yy_principal_t {
	69	int type;
[da5afdf]	70	char *sha; // sha is null when this is of object type
	71	char *cn;
[a9494ad]	72	};
	73
[da5afdf]	74	/* [principal:?Z]:..., must match a principal name */
	75	struct _abac_yy_term_principal_t {
[a9494ad]	76	int type; /* this needs to be implicitly determined */
	77	char *name;
[b5a3da4]	78	char *cond_str;
	79	void *cond_ptr; // ptr to a saved abac_role_t
[da5afdf]	80	abac_yy_expression_t *cond_head_expr;
[a9494ad]	81	};
	82
[b5a3da4]	83	/* integer,float,time,urn,string types,
	84	if has condition, then it is a variable,
[a9494ad]	85	ie,
	86	[int:?Year]:<1930..1932>,
	87	if no condition, then it is a constant,
	88	ie,
	89	[int:10]
	90	*/
[da5afdf]	91	struct _abac_yy_term_data_t {
[a9494ad]	92	int is_variable;
	93	int type;
	94	char *name;
[b5a3da4]	95	char *cond_str;
	96	void *cond_ptr; // ptr to a saved abac_oset_t
[da5afdf]	97	abac_list_t *cond_range;
	98	abac_yy_expression_t *cond_head_expr; // parking stub
[a9494ad]	99	};
	100
[da5afdf]	101	/* local term structure, will distinguish it in the future */
	102	/* e_yy_DTERM_DATA, all other types
	103	e_yy_DTERM_NAMED, keyid:bob
	104	e_yy_DTERM_PRINCIPAL, principal:?P
	105	e_yy_DTERM_ANONYMOUS ? */
	106	struct _abac_yy_term_t {
[a9494ad]	107	union {
	108	abac_yy_principal_t *n_ptr;
[da5afdf]	109	abac_yy_term_principal_t *p_ptr;
	110	abac_yy_term_data_t *d_ptr;
[a9494ad]	111	} term;
	112	int type;
[da5afdf]	113	struct _abac_yy_term_t *next;
	114	int bcnt; /* this is to track number of terms in this linked up list */
[a9494ad]	115	};
	116
	117	/* local role structure */
	118	struct _abac_yy_role_t {
	119	int type;
	120	char *name;
[da5afdf]	121	abac_yy_term_t *terms;
[a9494ad]	122	struct _abac_yy_role_t *next;
	123	int bcnt; /* this is to track number of roles in this linked up list */
	124	};
	125
[da5afdf]	126	/* local oset structure */
	127	struct _abac_yy_oset_t {
	128	int type;
	129	char *name;
	130	abac_yy_term_t *terms;
	131	struct _abac_yy_oset_t *next;
	132	int bcnt; /* this is to track number of oset in this linked up list */
	133	};
	134
	135	/* A, A.r, A.r.r */
	136	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
	137	/* A/obj, A.o, A.r.o */
	138	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
	139	struct _abac_yy_expression_t {
	140	int type;
	141	union {
	142	abac_yy_principal_t *principal;
	143	abac_yy_term_data_t *object;
	144	};
[a9494ad]	145	abac_yy_role_t *linked_role;
[da5afdf]	146	union {
	147	abac_yy_role_t *role;
	148	abac_yy_oset_t *oset;
	149	};
	150	struct _abac_yy_expression_t *next;
[a9494ad]	151	int bcnt;
	152	};
[b5a3da4]	153
	154	static void _free_yy_expression(abac_yy_expression_t *);
	155
	156	/************************************************************************/
	157	void abac_yy_set_error_code(int v)
	158	{
	159	abac_yy_error_code=v;
	160	}
	161
	162	/************************************************************************/
	163	abac_stack_t *abac_yy_get_rule_id_clauses()
	164	{
	165	return abac_rule_id_clauses;
	166	}
	167
	168	abac_stack_t *abac_yy_init_rule_id_clauses()
	169	{
	170	abac_rule_id_clauses=abac_stack_new();
	171	return abac_rule_id_clauses;
	172	}
	173
	174	void abac_yy_free_rule_id_clauses()
	175	{
	176	if (abac_rule_id_clauses != NULL)
	177	abac_stack_free(abac_rule_id_clauses);
	178	}
	179
	180	void abac_yy_set_rule_clauses(abac_list_t *clauses)
	181	{
	182	abac_rule_clauses=clauses;
	183	if(debug) {
	184	printf("printing out abac_rule_clauses:\n");
	185	abac_print_clauses(abac_rule_clauses,NULL);
	186	}
	187	}
	188
	189	abac_list_t *abac_yy_get_rule_clauses()
	190	{
	191	return abac_rule_clauses;
	192	}
	193
	194	void abac_yy_free_rule_clauses()
	195	{
	196	if (abac_rule_clauses != NULL) {
	197	char *cur;
	198	abac_list_foreach(abac_yy_id_certs, cur,
	199	if(cur) free(cur);
	200	);
	201	abac_list_free(abac_rule_clauses);
	202	}
	203	}
	204
	205	int abac_yy_get_rule_is_oset()
	206	{
	207	return abac_rule_is_oset;
	208	}
	209
	210	abac_role_t *abac_yy_get_rule_head_role()
	211	{
	212	return abac_rule_head_role;
	213	}
	214
	215	abac_role_t *abac_yy_get_rule_tail_role()
	216	{
	217	return abac_rule_tail_role;
	218	}
	219
	220	abac_oset_t *abac_yy_get_rule_head_oset()
	221	{
	222	return abac_rule_head_oset;
	223	}
	224
	225	abac_oset_t *abac_yy_get_rule_tail_oset()
	226	{
	227	return abac_rule_tail_oset;
	228	}
	229
[da5afdf]	230
	231	/************************************************************************/
[b5a3da4]	232	void abac_yy_init_yy_id_certs()
	233	{
	234	abac_yy_id_certs = abac_list_new();
	235	}
	236
	237	void abac_yy_free_yy_id_certs()
	238	{
	239	abac_yy_id_cert_t *id;
	240	abac_list_foreach(abac_yy_id_certs, id,
	241	if(id)
	242	free(id->principalname);
	243	free(id->clause);
	244	free(id);
	245	);
	246	abac_list_free(abac_yy_id_certs);
	247	abac_yy_id_certs = NULL;
	248	}
	249
	250	int abac_yy_cnt_yy_id_certs()
	251	{
	252	return abac_list_size(abac_yy_id_certs);
	253	}
	254
	255	char *abac_yy_string_yy_id_certs()
	256	{
	257	int first=1;
	258	char *tmp=NULL;
	259	abac_yy_id_cert_t *cur;
	260	abac_list_foreach(abac_yy_id_certs, cur,
	261	if(cur)
	262	if(first) {
	263	tmp=abac_xstrdup(cur->clause);
	264	first=0;
	265	} else {
	266	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
	267	}
	268	);
	269	return tmp;
	270	}
	271
	272	static void _add_yy_id_certs(char *principalname, int type)
	273	{
	274	abac_yy_id_cert_t *id_cert=NULL;
	275
	276	int found=0;
	277	abac_yy_id_cert_t *cur;
	278	abac_list_foreach(abac_yy_id_certs, cur,
	279	if(cur)
	280	if(strcmp(cur->principalname,principalname)==0) {
	281	found=1;
	282	break;
	283	}
	284	);
	285
	286	if (found) {
	287	return;
	288	} else {
	289	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
	290	id_cert->principalname=abac_xstrdup(principalname);
	291	id_cert->type=type;
	292	id_cert->clause=generate_pl_type_clause(principalname,type);
	293	abac_list_add(abac_yy_id_certs, id_cert);
	294	}
	295	}
	296
	297	/***********************************************************************/
	298	static void _free_yy_cond_range(abac_list_t *ptr)
[da5afdf]	299	{
	300	if (ptr != NULL) {
	301	abac_yy_range_t *cur;
	302	abac_list_foreach(ptr, cur,
	303	if(cur && cur->val) free(cur->val);
	304	free(cur);
	305	);
	306	abac_list_free(ptr);
	307	}
	308	}
	309
[b5a3da4]	310	static char _string_yy_cond_range(abac_list_t ptr)
[da5afdf]	311	{
	312	assert(ptr);
	313	char *tmp=NULL;
	314	char *min=NULL;
	315	char *max=NULL;
	316	char *val=NULL;
	317	int type;
[a9494ad]	318
[da5afdf]	319	abac_yy_range_t *cur;
	320	abac_list_foreach(ptr, cur,
	321	type=cur->type;
	322	switch (type) {
	323	case e_yy_RANGE_MIN:
	324	min=strdup(cur->val);
	325	break;
	326	case e_yy_RANGE_MAX:
	327	max=strdup(cur->val);
	328	break;
	329	case e_yy_RANGE_TARGET:
	330	if(val)
	331	asprintf(&val,"%s,%s",val,cur->val);
	332	else val=strdup(cur->val);
	333	break;
	334	}
	335	);
	336	if(max && min) {
	337	asprintf(&tmp,"[%s..%s]",min,max);
	338	free(max);
	339	free(min);
	340	return tmp;
	341	}
	342	if(max) {
	343	asprintf(&tmp,"[..%s]",max);
	344	free(max);
	345	return tmp;
	346	}
	347	if(min) {
	348	asprintf(&tmp,"[%s..]",min);
	349	free(min);
	350	return tmp;
	351	}
	352	if(val) {
	353	asprintf(&tmp,"[%s]",val);
	354	free(val);
	355	return tmp;
	356	}
	357	return NULL;
	358	}
	359
[b5a3da4]	360	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
[da5afdf]	361	{
	362	abac_yy_range_t *range=
	363	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
	364	range->type=e_yy_RANGE_TARGET;
	365	range->val=strdup(val);
	366	abac_list_add(ptr, range);
	367	return ptr;
	368	}
	369
[b5a3da4]	370	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
[da5afdf]	371	{
	372	abac_yy_range_t *range=
	373	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
	374	range->type=type;
	375	range->val=strdup(val);
	376	abac_list_add(ptr, range);
	377	return ptr;
	378	}
	379
	380	abac_list_t make_yy_val_range(char val)
	381	{
	382	abac_list_t *ptr=abac_list_new();
[b5a3da4]	383	add_yy_val_range(ptr,val);
[da5afdf]	384	return ptr;
	385	}
	386
	387	abac_list_t make_yy_minmax_range(char min, char *max)
	388	{
	389	abac_list_t *ptr=abac_list_new();
[b5a3da4]	390	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
	391	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
[da5afdf]	392	return ptr;
	393	}
	394
	395	abac_list_t make_yy_min_range(char min)
	396	{
	397	abac_list_t *ptr=abac_list_new();
[b5a3da4]	398	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
[da5afdf]	399	return ptr;
	400	}
	401
	402	abac_list_t make_yy_max_range(char max)
	403	{
	404	abac_list_t *ptr=abac_list_new();
[b5a3da4]	405	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
[da5afdf]	406	return ptr;
	407	}
[a9494ad]	408
[b5a3da4]	409	/***********************************************************************/
	410	abac_yy_term_data_t make_yy_term_data(char name)
[a9494ad]	411	{
[b5a3da4]	412	abac_yy_term_data_t *ptr=
	413	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
	414	ptr->name=abac_xstrdup(name);
	415	ptr->type=0;
	416	ptr->is_variable=0;
	417	ptr->cond_str=NULL;
	418	ptr->cond_head_expr=NULL;
	419	ptr->cond_ptr=NULL;
	420	ptr->cond_range=NULL;
	421	return ptr;
[a9494ad]	422	}
	423
[b5a3da4]	424	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
[a9494ad]	425	{
[b5a3da4]	426	return ptr->cond_range;
[a9494ad]	427	}
	428
[b5a3da4]	429	char get_yy_term_data_name(abac_yy_term_data_t ptr)
[a9494ad]	430	{
[b5a3da4]	431	return ptr->name;
[a9494ad]	432	}
	433
[b5a3da4]	434	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
[a9494ad]	435	{
[b5a3da4]	436	if(ptr->cond_head_expr != NULL)
	437	return 1;
[c586a3c]	438	if(ptr->cond_range != NULL)
[b5a3da4]	439	return 1;
	440	return 0;
[a9494ad]	441	}
	442
[b5a3da4]	443	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
	444	abac_list_t *range)
[a9494ad]	445	{
[b5a3da4]	446	ptr->cond_range=range;
[a9494ad]	447	}
	448
[b5a3da4]	449	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
	450	abac_yy_expression_t *expr)
[a9494ad]	451	{
[b5a3da4]	452	ptr->cond_head_expr=expr;
[a9494ad]	453	}
	454
[b5a3da4]	455	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
[da5afdf]	456	{
[b5a3da4]	457	return ptr->cond_head_expr;
[da5afdf]	458	}
	459
[b5a3da4]	460	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
[a9494ad]	461	{
[b5a3da4]	462	int type=abac_term_verify_term_type(typestr);
	463	ptr->type=type;
[a9494ad]	464	}
	465
[d5bbd3e]	466	int is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
	467	{
	468	if(ptr->type==abac_term_verify_term_type("integer") \|\|
	469	ptr->type==abac_term_verify_term_type("float"))
	470	return 1;
	471	return 0;
	472	}
	473
[7b548fa]	474	int is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
	475	{
	476	if(ptr->type==abac_term_verify_term_type("time"))
	477	return 1;
	478	return 0;
	479	}
	480
[d5bbd3e]	481	int is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
	482	{
	483	if(ptr->type==abac_term_verify_term_type("string") \|\|
[4b8e1c9]	484	ptr->type==abac_term_verify_term_type("urn") \|\|
	485	ptr->type==abac_term_verify_term_type("boolean"))
[d5bbd3e]	486	return 1;
	487	return 0;
	488	}
	489
[b5a3da4]	490	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
[a9494ad]	491	{
[b5a3da4]	492	ptr->cond_ptr=vptr;
[a9494ad]	493	}
	494
[b5a3da4]	495	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
[da5afdf]	496	{
[b5a3da4]	497	ptr->cond_str=strdup(cond);
[da5afdf]	498	}
	499
[b5a3da4]	500	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
[da5afdf]	501	{
[b5a3da4]	502	ptr->is_variable=1;
[da5afdf]	503	}
	504
[b5a3da4]	505	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
[a9494ad]	506	{
[b5a3da4]	507	return ptr->is_variable;
[a9494ad]	508	}
	509
[b5a3da4]	510	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
[a9494ad]	511	{
[b5a3da4]	512	free(ptr->name);
	513	if(ptr->cond_str)
	514	free(ptr->cond_str);
	515	if(ptr->cond_head_expr)
	516	_free_yy_expression(ptr->cond_head_expr);
	517	if(ptr->cond_range);
	518	_free_yy_cond_range(ptr->cond_range);
	519	free(ptr);
[a9494ad]	520	}
	521
[b5a3da4]	522	abac_yy_term_principal_t make_yy_term_principal(char name)
[a9494ad]	523	{
[b5a3da4]	524	abac_yy_term_principal_t *ptr=
	525	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
[d845403]	526	ptr->type=0;/* this is not known */
[b5a3da4]	527	ptr->name=abac_xstrdup(name);
	528	ptr->cond_str=NULL;
	529	ptr->cond_head_expr=NULL;
	530	return ptr;
[a9494ad]	531	}
	532
[b5a3da4]	533	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
[a9494ad]	534	{
[b5a3da4]	535	ptr->cond_ptr=vptr;
[a9494ad]	536	}
	537
[b5a3da4]	538	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
[a9494ad]	539	{
[b5a3da4]	540	ptr->cond_str=abac_xstrdup(cond);
[a9494ad]	541	}
	542
[b5a3da4]	543	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
[da5afdf]	544	{
[b5a3da4]	545	return ptr->cond_head_expr;
[da5afdf]	546	}
	547
[b5a3da4]	548	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
	549	abac_yy_expression_t *expr)
[da5afdf]	550	{
[b5a3da4]	551	ptr->cond_head_expr=expr;
[da5afdf]	552	}
	553
[b5a3da4]	554	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
[da5afdf]	555	{
[b5a3da4]	556	free(ptr->name);
	557	if(ptr->cond_str)
	558	free(ptr->cond_str);
	559	if(ptr->cond_head_expr)
	560	_free_yy_expression(ptr->cond_head_expr);
	561	free(ptr);
[da5afdf]	562	}
	563
[b5a3da4]	564	abac_yy_term_t *make_yy_term_dterm_anonymous()
[da5afdf]	565	{
[b5a3da4]	566	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	567	ptr->type = e_yy_DTERM_ANONYMOUS;
	568	ptr->next=NULL;
	569	ptr->bcnt=1;
	570	return ptr;
[da5afdf]	571	}
	572
[b5a3da4]	573	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
[da5afdf]	574	{
[b5a3da4]	575	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	576	ptr->type = e_yy_DTERM_PRINCIPAL;
	577	ptr->term.p_ptr=pptr;
	578	ptr->next=NULL;
	579	ptr->bcnt=1;
	580	return ptr;
	581	}
	582
	583	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
	584	{
	585	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	586	ptr->type = e_yy_DTERM_NAMED;
	587	ptr->term.n_ptr=nptr;
	588	ptr->next=NULL;
	589	ptr->bcnt=1;
	590	return ptr;
	591	}
	592
	593	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
	594	{
	595	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	596	ptr->type = e_yy_DTERM_DATA;
	597	ptr->term.d_ptr=dptr;
	598	ptr->next=NULL;
	599	ptr->bcnt=1;
	600	return ptr;
	601	}
	602
	603	/************************************************************************/
	604	void abac_yy_init_yy_constraints()
	605	{
	606	abac_yy_constraints = abac_list_new();
	607	}
	608
	609	void abac_yy_free_yy_constraints()
	610	{
	611	abac_yy_constraint_t *cur;
	612	abac_list_foreach(abac_yy_constraints, cur,
	613	if(cur && cur->clause)
	614	free(cur->clause);
	615	free(cur);
	616	);
	617	abac_list_free(abac_yy_constraints);
	618	abac_yy_constraints=NULL;
	619	}
	620
	621	int abac_yy_cnt_yy_constraints()
	622	{
	623	return abac_list_size(abac_yy_constraints);
	624	}
	625
	626	char *abac_yy_string_yy_constraints()
	627	{
	628	int first=1;
	629	char *tmp=NULL;
	630	abac_yy_constraint_t *cur;
	631	abac_list_foreach(abac_yy_constraints, cur,
	632	if(cur && cur->clause)
	633	if(first) {
	634	tmp=abac_xstrdup(cur->clause);
	635	first=0;
	636	} else {
	637	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
	638	}
	639	);
	640	return tmp;
	641	}
	642
	643	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
	644	{
	645	abac_yy_constraint_t *ptr=
	646	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
	647	ptr->clause=strdup(constraint);
	648	abac_list_add(abac_yy_constraints, ptr);
[da5afdf]	649	return ptr;
	650	}
	651
[a9494ad]	652	/****************************************************************************/
	653	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
	654	{
	655	abac_yy_principal_t *ptr=
	656	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
	657	ptr->sha=abac_xstrdup(sha);
	658	ptr->cn=abac_xstrdup(cn);
	659	ptr->type=type;
	660	return ptr;
	661	}
	662
	663	static void _free_yy_principal(abac_yy_principal_t *ptr)
	664	{
	665	free(ptr->sha);
	666	if(ptr->cn)
	667	free(ptr->cn);
	668	free(ptr);
	669	}
	670
[da5afdf]	671	int get_yy_principal_type(abac_yy_principal_t *ptr)
	672	{
	673	return ptr->type;
	674	}
	675
	676	char get_yy_principal_principalname(abac_yy_principal_t ptr)
	677	{
	678	if(ptr->sha == NULL)
	679	return ptr->cn;
	680	return ptr->sha;
	681	}
	682
[b5a3da4]	683	/*************************************************************************/
	684
	685	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
	686	{
	687	int i=terms->bcnt;
	688	nterm->next=terms;
	689	nterm->bcnt=i+1;
	690	return nterm;
	691	}
	692
	693	static void _free_yy_term(abac_yy_term_t *ptr)
	694	{
	695	switch (ptr->type) {
	696	case e_yy_DTERM_DATA:
	697	_free_yy_term_data(ptr->term.d_ptr);
	698	break;
	699	case e_yy_DTERM_NAMED:
	700	_free_yy_principal(ptr->term.n_ptr);
	701	break;
	702	case e_yy_DTERM_PRINCIPAL:
	703	_free_yy_term_principal(ptr->term.p_ptr);
	704	break;
	705	case e_yy_DTERM_ANONYMOUS:
	706	break;
	707	}
	708	if(ptr->next)
	709	_free_yy_term(ptr->next);
	710	free(ptr);
	711	}
	712
	713	/*************************************************************************/
	714
[da5afdf]	715	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
[a9494ad]	716	{
	717	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
	718	ptr->name=abac_xstrdup(name);
[da5afdf]	719	ptr->terms=terms;
[a9494ad]	720	ptr->next=NULL;
	721	ptr->bcnt=1;
	722	return ptr;
	723	}
	724
	725	static void _free_yy_role(abac_yy_role_t *ptr)
	726	{
	727	free(ptr->name);
[da5afdf]	728	if(ptr->terms)
	729	_free_yy_term(ptr->terms);
[a9494ad]	730	if(ptr->next)
	731	_free_yy_role(ptr->next);
	732	free(ptr);
	733	}
	734
[b5a3da4]	735	/***************************************************************************/
	736	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
	737	{
	738	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
	739	ptr->name=abac_xstrdup(name);
	740	ptr->terms=terms;
	741	ptr->next=NULL;
	742	ptr->bcnt=1;
	743	return ptr;
	744	}
	745
	746	static void _free_yy_oset(abac_yy_oset_t *ptr)
	747	{
	748	free(ptr->name);
	749	if(ptr->terms)
	750	_free_yy_term(ptr->terms);
	751	if(ptr->next)
	752	_free_yy_oset(ptr->next);
	753	free(ptr);
	754	}
	755	/***************************************************************************/
	756
[da5afdf]	757	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
	758
	759	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
[a9494ad]	760	{
[da5afdf]	761	abac_yy_expression_t *ptr=
	762	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
	763	ptr->type = type;
	764	if(type == e_yy_EXPR_OBJECT) {
	765	ptr->object=(abac_yy_term_data_t *)pptr;
	766	} else {
	767	ptr->principal = (abac_yy_principal_t *)pptr;
	768	}
	769	if(type == e_yy_EXPR_OSET)
	770	ptr->oset = (abac_yy_oset_t *) optr;
	771	else
	772	ptr->role = (abac_yy_role_t *) optr;
[a9494ad]	773	ptr->linked_role=linked_role;
	774	ptr->next=NULL;
	775
	776	return ptr;
	777	}
	778
[da5afdf]	779	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
	780	{
	781	if(ptr->type == e_yy_EXPR_OBJECT)
	782	return ptr->object;
	783	return NULL;
	784	}
	785
	786	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
	787	abac_yy_expression_t *exprs)
[a9494ad]	788	{
	789	int i=exprs->bcnt;
	790	nexpr->next=exprs;
	791	nexpr->bcnt=i+1;
	792	return nexpr;
	793	}
	794
[da5afdf]	795	static void _free_yy_expression(abac_yy_expression_t *ptr)
[a9494ad]	796	{
[da5afdf]	797	if(ptr->type == e_yy_EXPR_OBJECT) {
	798	if(ptr->object)
	799	_free_yy_term_data(ptr->object);
	800	} else {
	801	if(ptr->principal)
	802	_free_yy_principal(ptr->principal);
	803	}
	804	if(ptr->type == e_yy_EXPR_OSET) {
	805	if(ptr->oset)
	806	_free_yy_oset(ptr->oset);
	807	} else {
	808	if(ptr->role)
	809	_free_yy_role(ptr->role);
	810	}
[a9494ad]	811	if(ptr->linked_role)
	812	_free_yy_role(ptr->linked_role);
	813	if(ptr->next)
[da5afdf]	814	_free_yy_expression(ptr->next);
[a9494ad]	815
	816	free(ptr);
	817	}
	818
[b5a3da4]	819	/***************************************************************************/
[da5afdf]	820	static void _oset_add_terms(int linked, abac_oset_t *oset,
	821	abac_yy_term_t *terms)
	822	{
	823	abac_yy_term_t *curr = terms;
	824	int type;
	825	char *name=NULL;
	826	char *cond=NULL;
	827	void *ptr=NULL;
	828	while (curr) {
	829	switch (curr->type) {
	830	case e_yy_DTERM_DATA:
	831	{
	832	abac_yy_term_data_t *ptr=curr->term.d_ptr;
	833	type=ptr->type;
	834	name=abac_xstrdup(ptr->name);
[b5a3da4]	835	cond=abac_xstrdup(ptr->cond_str);
	836	ptr=ptr->cond_ptr;
[da5afdf]	837	break;
	838	}
	839	case e_yy_DTERM_PRINCIPAL:
	840	{
	841	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
[b5a3da4]	842	type=abac_term_verify_term_type("principal");
[da5afdf]	843	name=abac_xstrdup(ptr->name);
[b5a3da4]	844	cond=abac_xstrdup(ptr->cond_str);
	845	ptr=ptr->cond_ptr;
[da5afdf]	846	break;
	847	}
	848	case e_yy_DTERM_NAMED:
	849	{
	850	abac_yy_principal_t *ptr=curr->term.n_ptr;
	851	type=ptr->type;
	852	/* XXX should be switching to sha in the future */
	853	name=abac_xstrdup(ptr->cn);
	854	cond=NULL;
	855	ptr=NULL;
	856	break;
	857	}
	858	case e_yy_DTERM_ANONYMOUS:
	859	{
	860	type=0;
	861	name=abac_xstrdup("_");
	862	cond=NULL;
	863	ptr=NULL;
	864	break;
	865	}
	866	}
	867
	868	abac_term_t *param=abac_term_new(type,name,cond,ptr);
	869	if (linked)
	870	abac_oset_oset_add_linked_param(oset, param);
	871	else
	872	abac_oset_oset_add_param(oset, param);
	873	curr=curr->next;
	874	}
	875	}
	876
	877	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
	878	{
	879	int linked=1;
	880	_oset_add_terms(linked, oset, terms);
	881	}
	882
	883	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
	884	{
	885	int linked=0;
	886	_oset_add_terms(linked, oset, terms);
	887	}
	888
	889
	890	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
	891	{
	892	abac_oset_t *ret_oset=NULL;
	893	abac_list_t *prereqs = abac_list_new();
	894	abac_list_add(prereqs, oset);
	895	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
	896	return ret_oset;
	897	}
	898
	899	/* A.oset */
	900	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
	901	{
	902	abac_yy_principal_t *principal=expr->principal;
	903	abac_yy_oset_t *oset=expr->oset;
	904
	905	char *principalname=get_yy_principal_principalname(principal);
	906	char *osetname=oset->name;
	907	abac_yy_term_t *terms=oset->terms;
	908
	909	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
	910	if (ret_oset==NULL) {
[b5a3da4]	911	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
[da5afdf]	912	goto error;
	913	}
	914	if (!abac_oset_is_oset(ret_oset)) {
[b5a3da4]	915	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
[da5afdf]	916	goto error;
	917	}
	918	// insert the params for the oset
	919	if(terms) {
	920	_oset_add_oset_terms(ret_oset, terms);
	921	}
	922	_add_yy_id_certs(principal->cn,principal->type);
	923
	924	return ret_oset;
	925
	926	error:
	927	return NULL;
	928	}
	929
	930	/* B */
	931	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
	932	{
	933	abac_yy_principal_t *principal=expr->principal;
	934	char *principalname=principal->sha;
	935	abac_oset_t *ret_oset=NULL;
	936
	937	ret_oset = abac_oset_principal_new(principalname);
	938
	939	_add_yy_id_certs(principal->cn,principal->type);
	940
	941	if (ret_oset==NULL)
	942	goto error;
	943	return ret_oset;
	944
	945	error:
	946	panic("can not generate a simple named tail oset");
	947	return NULL;
	948	}
	949
	950
	951	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
	952	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
	953	{
	954	abac_yy_term_data_t *object=get_yy_expression_object(expr);
	955	assert(object != NULL);
	956
	957	char *name=object->name;
	958	int type=object->type;
[b5a3da4]	959	char *cond=object->cond_str;
	960	void *ptr=object->cond_ptr;
[da5afdf]	961	abac_term_t *term=abac_term_new(type,name,cond,ptr);
	962	abac_oset_t *ret_oset=abac_oset_object_new(term);
	963
	964	if(get_yy_term_data_is_variable(object))
	965	_add_yy_id_certs(name,type);
	966
	967	if (ret_oset==NULL)
	968	goto error;
	969	return ret_oset;
	970
	971	error:
	972	panic("can not generate a simple object tail oset");
	973	return NULL;
	974	}
	975
	976
	977	/* B.oset */
	978	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
	979	{
	980	abac_yy_principal_t *principal=expr->principal;
	981	abac_yy_oset_t *oset=expr->oset;
	982
	983	char *principalname=principal->sha;
	984
	985	char *osetname=oset->name;
	986	abac_yy_term_t *terms=oset->terms;
	987
	988	int ret;
	989	abac_oset_t *ret_oset=NULL;
	990
	991	ret_oset = abac_oset_oset_new(principalname, osetname);
	992	if (ret_oset==NULL)
	993	goto error;
	994
	995	if(terms) {
	996	_oset_add_oset_terms(ret_oset, terms);
	997	}
	998
	999	_add_yy_id_certs(principal->cn,principal->type);
	1000
	1001	return ret_oset;
	1002
	1003	error:
	1004	panic("can not generate a simple tail oset");
	1005	return NULL;
	1006	}
	1007
	1008	/* B.role.oset */
	1009	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
	1010	{
	1011	abac_yy_principal_t *principal=expr->principal;
	1012	abac_yy_oset_t *oset=expr->oset;
	1013	abac_yy_role_t *linked_role=expr->linked_role;
	1014
	1015	char *principalname=principal->sha;
	1016
	1017	char *osetname=oset->name;
	1018	abac_yy_term_t *terms=oset->terms;
	1019
	1020	char *linkedrolename=linked_role->name;
	1021	abac_yy_term_t *linked_terms=linked_role->terms;
	1022
	1023	int ret;
	1024	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
	1025	linkedrolename, osetname);
	1026	if (ret_oset==NULL)
	1027	goto error;
	1028
	1029	if(linked_terms) {
	1030	_oset_add_linked_terms(ret_oset, linked_terms);
	1031	}
	1032	if(terms) {
	1033	_oset_add_oset_terms(ret_oset, terms);
	1034	}
	1035
	1036	_add_yy_id_certs(principal->cn,principal->type);
	1037
	1038	return ret_oset;
	1039
	1040	error:
	1041	panic("can not generate linked tail oset");
	1042	return NULL;
	1043	}
	1044
	1045
	1046
	1047	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
	1048	abac_yy_expression_t *tailexpr)
	1049	{
	1050	abac_oset_t *head_oset=NULL;
	1051	abac_oset_t *tail_oset=NULL;
	1052
	1053	/* build up left side's abac oset structure */
	1054	head_oset=validate_head_oset(headexpr);
	1055	if(head_oset == NULL)
	1056	goto error;
	1057
	1058	/* build up the right side's abac oset structure */
	1059	abac_yy_expression_t *curr_tail = tailexpr;
	1060	int intersecting=(tailexpr->next != NULL)? 1:0;
	1061	abac_oset_t *curr_oset = NULL;
	1062	while (curr_tail) {
	1063	switch(curr_tail->type) {
	1064	case e_yy_EXPR_OBJECT:
	1065	curr_oset=validate_object_tail_oset(curr_tail);
	1066	break;
	1067	case e_yy_EXPR_NAMED:
	1068	curr_oset=validate_named_tail_oset(curr_tail);
	1069	break;
	1070	case e_yy_EXPR_OSET:
	1071	curr_oset=validate_oset_tail_oset(curr_tail);
	1072	break;
	1073	case e_yy_EXPR_LINKED:
	1074	curr_oset=validate_linked_tail_oset(curr_tail);
	1075	break;
	1076	}
	1077	if(curr_oset==NULL)
	1078	goto error;
	1079
	1080	/* check if first one */
	1081	if(tail_oset==NULL) {
	1082	if(intersecting)
	1083	tail_oset=validate_intersected_tail_oset(curr_oset);
	1084	else
	1085	tail_oset=curr_oset;
	1086	} else {
	1087	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
	1088	}
	1089	curr_tail=curr_tail->next;
	1090	} /* while */
	1091
	1092	/* XXX collect up type clauses, constraint clauses and
	1093	generate rule clauses */
	1094	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
	1095	if(tmp == NULL)
	1096	goto error;
	1097
	1098	if(debug) {
	1099	abac_print_oset_string_with_condition(head_oset,NULL);
	1100	abac_print_oset_string_with_condition(tail_oset,NULL);
	1101	}
	1102
	1103	_free_yy_expression(headexpr);
	1104	_free_yy_expression(tailexpr);
[b5a3da4]	1105	abac_rule_head_oset=head_oset;
	1106	abac_rule_tail_oset=tail_oset;
	1107	abac_rule_is_oset=1;
[da5afdf]	1108	return tmp;
	1109
	1110	error:
	1111	_free_yy_expression(headexpr);
	1112	_free_yy_expression(tailexpr);
	1113	if(head_oset)
	1114	abac_oset_free(head_oset);
	1115	if(tail_oset)
	1116	abac_oset_free(tail_oset);
	1117	return NULL;
	1118	}
	1119
	1120	/****************************************************************/
	1121	static void _role_add_terms(int linked, abac_role_t *role,
	1122	abac_yy_term_t *terms)
[a9494ad]	1123	{
[da5afdf]	1124	abac_yy_term_t *curr = terms;
[a9494ad]	1125	int type;
	1126	char *name=NULL;
	1127	char *cond=NULL;
[da5afdf]	1128	void *ptr=NULL;
[a9494ad]	1129	while (curr) {
	1130	switch (curr->type) {
[da5afdf]	1131	case e_yy_DTERM_DATA:
[a9494ad]	1132	{
[d845403]	1133	abac_yy_term_data_t *pptr=curr->term.d_ptr;
	1134	type=pptr->type;
	1135	name=abac_xstrdup(pptr->name);
	1136	cond=abac_xstrdup(pptr->cond_str);
	1137	ptr=pptr->cond_ptr;
[a9494ad]	1138	break;
	1139	}
[da5afdf]	1140	case e_yy_DTERM_PRINCIPAL:
[a9494ad]	1141	{
[d845403]	1142	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
[b5a3da4]	1143	type=abac_term_verify_term_type("principal");
[d845403]	1144	name=abac_xstrdup(pptr->name);
	1145	cond=abac_xstrdup(pptr->cond_str);
	1146	ptr=pptr->cond_ptr;
[a9494ad]	1147	break;
	1148	}
[da5afdf]	1149	case e_yy_DTERM_NAMED:
[a9494ad]	1150	{
[d845403]	1151	abac_yy_principal_t *pptr=curr->term.n_ptr;
	1152	type=pptr->type;
[a9494ad]	1153	/* XXX should be switching to sha in the future */
[d845403]	1154	name=abac_xstrdup(pptr->cn);
[a9494ad]	1155	cond=NULL;
[da5afdf]	1156	ptr=NULL;
[a9494ad]	1157	break;
	1158	}
[da5afdf]	1159	case e_yy_DTERM_ANONYMOUS:
[a9494ad]	1160	{
	1161	type=0;
	1162	name=abac_xstrdup("_");
	1163	cond=NULL;
[da5afdf]	1164	ptr=NULL;
[a9494ad]	1165	break;
	1166	}
	1167	}
[d845403]	1168
[da5afdf]	1169	abac_term_t *param=abac_term_new(type,name,cond,ptr);
[a9494ad]	1170	if (linked)
[da5afdf]	1171	abac_role_role_add_linked_param(role, param);
[a9494ad]	1172	else
[da5afdf]	1173	abac_role_role_add_param(role, param);
[a9494ad]	1174	curr=curr->next;
	1175	}
	1176	}
	1177
[da5afdf]	1178	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
[a9494ad]	1179	{
	1180	int linked=1;
[da5afdf]	1181	_role_add_terms(linked, role, terms);
[a9494ad]	1182	}
	1183
[da5afdf]	1184	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
[a9494ad]	1185	{
	1186	int linked=0;
[da5afdf]	1187	_role_add_terms(linked, role, terms);
[a9494ad]	1188	}
	1189
	1190
	1191	abac_role_t validate_intersected_tail_role(abac_role_t role)
	1192	{
	1193	abac_role_t *ret_role=NULL;
	1194	abac_list_t *prereqs = abac_list_new();
	1195	abac_list_add(prereqs, role);
	1196	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
	1197	return ret_role;
	1198	}
	1199
[da5afdf]	1200	abac_role_t validate_head_role(abac_yy_expression_t expr)
[a9494ad]	1201	{
	1202	abac_yy_principal_t *principal=expr->principal;
	1203	abac_yy_role_t *role=expr->role;
	1204
[da5afdf]	1205	char *principalname=get_yy_principal_principalname(principal);
[a9494ad]	1206	char *rolename=role->name;
[da5afdf]	1207	abac_yy_term_t *terms=role->terms;
[a9494ad]	1208	abac_role_t *ret_role=NULL;
	1209
	1210	ret_role=abac_role_role_new(principalname, rolename);
	1211	if (ret_role==NULL) {
[b5a3da4]	1212	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
[a9494ad]	1213	goto error;
	1214	}
	1215	if (!abac_role_is_role(ret_role)) {
[b5a3da4]	1216	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
[a9494ad]	1217	goto error;
	1218	}
	1219	// insert the params for the role
[da5afdf]	1220	if(terms) {
	1221	_role_add_role_terms(ret_role, terms);
[a9494ad]	1222	}
	1223
	1224	_add_yy_id_certs(principal->cn,principal->type);
	1225
	1226	return ret_role;
	1227
	1228	error:
	1229	return NULL;
	1230	}
	1231
[da5afdf]	1232	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
[a9494ad]	1233	{
	1234	abac_yy_principal_t *principal=expr->principal;
[da5afdf]	1235	char *principalname=get_yy_principal_principalname(principal);
[a9494ad]	1236	abac_role_t *ret_role=NULL;
	1237
	1238	ret_role = abac_role_principal_new(principalname);
	1239	_add_yy_id_certs(principal->cn,principal->type);
	1240
	1241	if (ret_role==NULL)
	1242	goto error;
	1243	return ret_role;
	1244
	1245	error:
	1246	panic("can not generate a simple named tail role");
	1247	return NULL;
	1248	}
	1249
[da5afdf]	1250	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
[a9494ad]	1251	{
	1252	abac_yy_principal_t *principal=expr->principal;
	1253	abac_yy_role_t *role=expr->role;
	1254
[da5afdf]	1255	char *principalname=get_yy_principal_principalname(principal);
[a9494ad]	1256
	1257	char *rolename=role->name;
[da5afdf]	1258	abac_yy_term_t *terms=role->terms;
[a9494ad]	1259
	1260	int ret;
	1261	abac_role_t *ret_role=NULL;
	1262
	1263	ret_role = abac_role_role_new(principalname, rolename);
	1264	if (ret_role==NULL)
	1265	goto error;
	1266
[da5afdf]	1267	if(terms) {
	1268	_role_add_role_terms(ret_role, terms);
[a9494ad]	1269	}
	1270
	1271	_add_yy_id_certs(principal->cn,principal->type);
	1272
	1273	return ret_role;
	1274
	1275	error:
	1276	panic("can not generate a simple tail role");
	1277	return NULL;
	1278	}
	1279	/* need to validate/generate a linked role out of this */
[da5afdf]	1280	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
[a9494ad]	1281	{
	1282	abac_yy_principal_t *principal=expr->principal;
	1283	abac_yy_role_t *role=expr->role;
	1284	abac_yy_role_t *linked_role=expr->linked_role;
	1285
[da5afdf]	1286	char *principalname=get_yy_principal_principalname(principal);
[a9494ad]	1287
	1288	char *rolename=role->name;
[da5afdf]	1289	abac_yy_term_t *terms=role->terms;
[a9494ad]	1290
	1291	char *linkedrolename=linked_role->name;
[da5afdf]	1292	abac_yy_term_t *linked_terms=linked_role->terms;
[a9494ad]	1293
	1294	int ret;
	1295	abac_role_t *ret_role=NULL;
	1296
	1297	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
	1298	if (ret_role==NULL)
	1299	goto error;
	1300
[da5afdf]	1301	if(linked_terms) {
	1302	_role_add_linked_terms(ret_role, linked_terms);
[a9494ad]	1303	}
[da5afdf]	1304	if(terms) {
	1305	_role_add_role_terms(ret_role, terms);
[a9494ad]	1306	}
	1307
	1308	_add_yy_id_certs(principal->cn,principal->type);
	1309
	1310	return ret_role;
	1311
	1312	error:
	1313	panic("can not generate linked tail role");
	1314	return NULL;
	1315	}
	1316
[b5a3da4]	1317	/***********************************************************************/
	1318	/* add the condition to constraint list */
	1319	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
	1320	{
	1321	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
	1322	if(head_expr) {
	1323	abac_oset_t *head_oset=validate_head_oset(head_expr);
	1324	if(head_oset == NULL)
	1325	goto error;
	1326
	1327	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
	1328	set_yy_term_data_cond_str(ptr,tmp);
	1329	set_yy_term_data_cond_ptr(ptr,head_oset);
	1330	abac_yy_add_yy_constraints(tmp);
	1331	return tmp;
	1332	}
	1333	return NULL;
	1334	error:
	1335	return NULL;
	1336	}
[d5bbd3e]	1337
[b5a3da4]	1338	/****************************************************************/
	1339	/* add the range condition to constraint list */
[d5bbd3e]	1340	/* this is for integer and float only */
	1341	void make_yy_range_numeric_constraint(abac_yy_term_data_t ptr, char var)
[b5a3da4]	1342	{
	1343	char *typestr=abac_term_type(ptr->type);
	1344	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
	1345	char *tmplist=NULL;
	1346	char *tmp=NULL;
[d5bbd3e]	1347	int as_range=1; /* either , or ; */
[b5a3da4]	1348	if(rlist) {
	1349	char *rstring=_string_yy_cond_range(rlist);
	1350	set_yy_term_data_cond_str(ptr,rstring);
	1351	abac_yy_range_t *cur;
	1352
[d5bbd3e]	1353	/* a list of values -- in chars */
[b5a3da4]	1354	abac_list_foreach(rlist, cur,
	1355	int type=cur->type;
	1356	char *val=cur->val;
	1357	switch(type) {
	1358	case e_yy_RANGE_MIN:
[7b548fa]	1359	tmp=generate_pl_range_constraint(typestr,var,val,">=");
[b5a3da4]	1360	break;
	1361	case e_yy_RANGE_MAX:
[7b548fa]	1362	tmp=generate_pl_range_constraint(typestr,var,val,"=<");
[b5a3da4]	1363	break;
	1364	case e_yy_RANGE_TARGET:
[d5bbd3e]	1365	tmp=generate_pl_range_constraint(NULL,var,val,"=");
	1366	as_range=0;
[b5a3da4]	1367	break;
	1368	}
[d5bbd3e]	1369	/* ; is prolog's disjunction built in predicate */
[b5a3da4]	1370	if(tmplist) {
[d5bbd3e]	1371	if(as_range)
[b5a3da4]	1372	asprintf(&tmplist,"%s,%s",tmplist,tmp);
	1373	else
	1374	asprintf(&tmplist,"%s;%s",tmplist,tmp);
	1375	} else {
	1376	tmplist=tmp;
	1377	}
	1378	tmp=NULL;
	1379	);
	1380	asprintf(&tmplist,"(%s)",tmplist);
	1381	abac_yy_add_yy_constraints(tmplist);
	1382	}
	1383	}
	1384
[7b548fa]	1385	/****************************************************************/
	1386	/* this is for time only */
	1387	void make_yy_range_time_constraint(abac_yy_term_data_t ptr, char var)
	1388	{
	1389	char *typestr=abac_term_type(ptr->type);
	1390	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
	1391	char *tmplist=NULL;
	1392	char *tmp=NULL;
	1393	char *ttmp=NULL;
	1394	char *tlist=NULL;
	1395	int as_range=1; /* either , or ; */
	1396	if(rlist) {
	1397	char *rstring=_string_yy_cond_range(rlist);
	1398	set_yy_term_data_cond_str(ptr,rstring);
	1399	abac_yy_range_t *cur;
	1400
	1401	/* a list of values -- in chars */
	1402	abac_list_foreach(rlist, cur,
	1403	int type=cur->type;
	1404	char *tval=cur->val;
	1405	char *val=abac_term_to_time(tval);
	1406	switch(type) {
	1407	case e_yy_RANGE_MIN:
	1408	ttmp=generate_pl_range_time_constraint(var,val,">");
	1409	tmp=generate_pl_range_time_constraint(var,val,"=");
	1410	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
	1411	tmp=tlist;
	1412	break;
	1413	case e_yy_RANGE_MAX:
	1414	ttmp=generate_pl_range_time_constraint(var,val,"=");
	1415	tmp=generate_pl_range_time_constraint(var,val,"<");
	1416	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
	1417	tmp=tlist;
	1418	break;
	1419	case e_yy_RANGE_TARGET:
	1420	tmp=generate_pl_range_time_constraint(var,val,"=");
	1421	as_range=0;
	1422	break;
	1423	}
	1424	free(val);
	1425	/* ; is prolog's disjunction built in predicate */
	1426	if(tmplist) {
	1427	if(as_range)
	1428	asprintf(&tmplist,"%s,%s",tmplist,tmp);
	1429	else
	1430	asprintf(&tmplist,"%s;%s",tmplist,tmp);
	1431	} else {
	1432	tmplist=tmp;
	1433	}
	1434	tmp=NULL;
	1435	);
	1436
	1437	asprintf(&tmplist,"(%s)",tmplist);
	1438	/* generate a clause with above and add into db */
	1439	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
	1440	abac_yy_add_yy_constraints(tmp);
	1441	}
	1442	}
	1443
[d5bbd3e]	1444	/****************************************************************/
	1445	/* this is for string and urn only */
	1446	void make_yy_range_string_constraint(abac_yy_term_data_t ptr, char var)
	1447	{
	1448	char *typestr=abac_term_type(ptr->type);
	1449	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
	1450	char *tmplist=NULL;
	1451	char *tmp=NULL;
	1452	if(rlist) {
	1453	char *rstring=_string_yy_cond_range(rlist);
	1454	set_yy_term_data_cond_str(ptr,rstring);
	1455	abac_yy_range_t *cur;
	1456
	1457	/* a list of values -- in chars */
	1458	abac_list_foreach(rlist, cur,
	1459	int type=cur->type;
	1460	char *val=cur->val;
	1461	switch(type) {
	1462	case e_yy_RANGE_MIN:
	1463	panic("make_yy_range_string_constraint, invalid range type - min");
	1464	break;
	1465	case e_yy_RANGE_MAX:
	1466	/* invalid range type */
	1467	panic("make_yy_range_string_constraint, invalid range type - max");
	1468	break;
	1469	case e_yy_RANGE_TARGET:
	1470	tmp=generate_pl_range_constraint(NULL,var,val,"=");
	1471	break;
	1472	}
	1473	/* ; is prolog's disjunction built in predicate */
	1474	if(tmplist)
	1475	asprintf(&tmplist,"%s;%s",tmplist,tmp);
	1476	else tmplist=tmp;
	1477	tmp=NULL;
	1478	);
	1479	asprintf(&tmplist,"(%s)",tmplist);
	1480	/* generate a clause with above and add into db */
[7b548fa]	1481	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
[d5bbd3e]	1482	abac_yy_add_yy_constraints(tmp);
	1483	}
	1484	}
	1485
	1486	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
	1487	{
	1488	if(is_yy_term_data_type_numeric(ptr)) {
	1489	make_yy_range_numeric_constraint(ptr, var);
	1490	} else if (is_yy_term_data_type_alpha(ptr)) {
	1491	make_yy_range_string_constraint(ptr, var);
[7b548fa]	1492	} else if (is_yy_term_data_type_time(ptr)) {
	1493	make_yy_range_time_constraint(ptr, var);
[d5bbd3e]	1494	}
	1495	}
	1496
[b5a3da4]	1497	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
	1498	{
	1499	char *tmp=NULL;
	1500	abac_role_t *head_role=NULL;
	1501
	1502	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
	1503	/* build up left side's abac role constraint structure */
	1504	head_role=validate_head_role(head_expr);
	1505	if(head_role == NULL)
	1506	goto error;
	1507
	1508	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
	1509	set_yy_term_principal_cond_str(ptr,tmp);
	1510	set_yy_term_principal_cond_ptr(ptr,head_role);
	1511	abac_yy_add_yy_constraints(tmp);
	1512	return tmp;
	1513
	1514	error:
	1515	return NULL;
	1516	}
[a9494ad]	1517
[da5afdf]	1518	/* build up the abac structure and also create the yap clause
	1519	and insert it into db */
	1520	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
	1521	abac_yy_expression_t *tailexpr)
[a9494ad]	1522	{
	1523	abac_role_t *head_role=NULL;
	1524	abac_role_t *tail_role=NULL;
	1525
	1526	/* build up left side's abac role structure */
	1527	head_role=validate_head_role(headexpr);
	1528	if(head_role == NULL)
	1529	goto error;
	1530
	1531	/* build up the right side's abac role structure */
[da5afdf]	1532	abac_yy_expression_t *curr_tail = tailexpr;
[a9494ad]	1533	int intersecting=(tailexpr->next != NULL)? 1:0;
	1534	abac_role_t *curr_role = NULL;
	1535	while (curr_tail) {
[da5afdf]	1536	switch(curr_tail->type) {
	1537	case e_yy_EXPR_NAMED:
[a9494ad]	1538	curr_role=validate_named_tail_role(curr_tail);
	1539	break;
[da5afdf]	1540	case e_yy_EXPR_ROLE:
[a9494ad]	1541	curr_role=validate_role_tail_role(curr_tail);
	1542	break;
[da5afdf]	1543	case e_yy_EXPR_LINKED:
[a9494ad]	1544	curr_role=validate_linked_tail_role(curr_tail);
	1545	break;
	1546	}
	1547	if(curr_role==NULL)
	1548	goto error;
	1549
	1550	/* check if first one */
	1551	if(tail_role==NULL) {
	1552	if(intersecting)
	1553	tail_role=validate_intersected_tail_role(curr_role);
	1554	else
	1555	tail_role=curr_role;
	1556	} else {
	1557	abac_role_add_intersecting_role(tail_role,curr_role);
	1558	}
	1559	curr_tail=curr_tail->next;
	1560	} /* while */
	1561
[da5afdf]	1562	/* collect up type clauses, constraint clases and
	1563	generate the final rule clauses */
	1564	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
[a9494ad]	1565	if(tmp == NULL)
	1566	goto error;
	1567
	1568	if(debug) {
[da5afdf]	1569	abac_print_role_string_with_condition(head_role,NULL);
	1570	abac_print_role_string_with_condition(tail_role,NULL);
[a9494ad]	1571	}
	1572
[da5afdf]	1573	_free_yy_expression(headexpr);
	1574	_free_yy_expression(tailexpr);
[b5a3da4]	1575	abac_rule_head_role=head_role;
	1576	abac_rule_tail_role=tail_role;
	1577	abac_rule_is_oset=0;
[a9494ad]	1578	return tmp;
	1579
	1580	error:
[da5afdf]	1581	_free_yy_expression(headexpr);
	1582	_free_yy_expression(tailexpr);
[a9494ad]	1583	if(head_role)
	1584	abac_role_free(head_role);
	1585	if(tail_role)
	1586	abac_role_free(tail_role);
	1587	return NULL;
	1588	}
[da5afdf]	1589
	1590
[b5a3da4]	1591	/************************************************************************/
	1592	void abac_yy_init()
	1593	{
	1594	abac_yyinit();
	1595	abac_yy_init_rule_id_clauses();
	1596	abac_yy_init_yy_id_certs();
	1597	abac_yy_init_yy_constraints();
	1598	}
	1599
	1600

Note: See TracBrowser for help on using the repository browser.

Download in other formats: