Context Navigation

source: libabac/abac_pl_yy.c @ 7b548fa

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 7b548fa was 7b548fa, checked in by Mei <mei@…>, 12 years ago

1) add time static constraint
2) add example balltime_rt2_typed
3) change the way that time is being kept

from 20120228T080000 to time(2012,2,28,8,0,0) and
the constraint check is via compare(op,time1,time2)

Property mode set to 100644

File size: 42.2 KB

Rev	Line
[a9494ad]	1
	2	/* C declarations */
	3	#include <stdio.h>
	4	#include <string.h>
	5	#include <stdlib.h>
[da5afdf]	6	#include <assert.h>
[a9494ad]	7
	8	#include "abac_util.h"
	9	#include "abac_pl_yy.h"
	10
	11	static int debug=0;
	12
[b5a3da4]	13	extern void panic(char*);
	14
	15	/* from abac_pl_gen.c */
[d5bbd3e]	16	extern char generate_pl_range_constraint(char ,char ,char ,char *);
[7b548fa]	17	extern char generate_pl_range_time_constraint(char ,char ,char );
[b5a3da4]	18	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
[da5afdf]	19	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
	20	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
[0d0c3a9]	21	extern char* generate_pl_role_constraint_clause(abac_role_t , char );
[a9494ad]	22	extern char generate_pl_type_clause(char , int);
[de22a7e]	23	/* from abac_pl_yap.c */
[7b548fa]	24	extern char abac_pl_add_range_constraint_clause(char var,
[de22a7e]	25	char *tmplist);
[b5a3da4]	26	/* from rt2.y */
	27	extern void abac_yyinit();
[a9494ad]	28
[b5a3da4]	29	int abac_yy_error_code = 0; /* keeping last error code */
[a9494ad]	30
[b5a3da4]	31	int abac_rule_is_oset=0;
	32	abac_list_t *abac_rule_clauses=NULL;
	33	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
	34	abac_role_t *abac_rule_head_role=NULL;
	35	abac_role_t *abac_rule_tail_role=NULL;
	36	abac_oset_t *abac_rule_head_oset=NULL;
	37	abac_oset_t *abac_rule_tail_oset=NULL;
[da5afdf]	38
	39	/* to track id certs within a rule clause */
[a9494ad]	40	typedef struct _abac_yy_id_cert_t {
	41	char *principalname;
	42	int type; /* keyidtype */
	43	char *clause;
	44	} abac_yy_id_cert_t;
	45	abac_list_t *abac_yy_id_certs = NULL;
	46
[da5afdf]	47	/* structure to hold the range information
	48	within a static constraints on few types of
	49	oset types
	50	[a..b], [a..], [..b], [a],[a,b],[many a]
	51	e_yy_RANGE_MIN=1;
	52	e_yy_RANGE_MAX=2;
	53	e_yy_RANGE_TARGET=3;
	54	*/
	55	typedef struct _abac_yy_range_t {
	56	int type;
	57	char *val;
	58	} abac_yy_range_t;
	59
	60	/* to track role/oset constraint clauses used within a rule clause,
[d5bbd3e]	61	collect them up in one place, these are for conjunction clauses */
[da5afdf]	62	typedef struct _abac_yy_constraint_t {
	63	char *clause;
	64	} abac_yy_constraint_t;
	65	abac_list_t *abac_yy_constraints = NULL;
	66
[a9494ad]	67	/* local principal structure [keyid:USC] */
	68	struct _abac_yy_principal_t {
	69	int type;
[da5afdf]	70	char *sha; // sha is null when this is of object type
	71	char *cn;
[a9494ad]	72	};
	73
[da5afdf]	74	/* [principal:?Z]:..., must match a principal name */
	75	struct _abac_yy_term_principal_t {
[a9494ad]	76	int type; /* this needs to be implicitly determined */
	77	char *name;
[b5a3da4]	78	char *cond_str;
	79	void *cond_ptr; // ptr to a saved abac_role_t
[da5afdf]	80	abac_yy_expression_t *cond_head_expr;
[a9494ad]	81	};
	82
[b5a3da4]	83	/* integer,float,time,urn,string types,
	84	if has condition, then it is a variable,
[a9494ad]	85	ie,
	86	[int:?Year]:<1930..1932>,
	87	if no condition, then it is a constant,
	88	ie,
	89	[int:10]
	90	*/
[da5afdf]	91	struct _abac_yy_term_data_t {
[a9494ad]	92	int is_variable;
	93	int type;
	94	char *name;
[b5a3da4]	95	char *cond_str;
	96	void *cond_ptr; // ptr to a saved abac_oset_t
[da5afdf]	97	abac_list_t *cond_range;
	98	abac_yy_expression_t *cond_head_expr; // parking stub
[a9494ad]	99	};
	100
[da5afdf]	101	/* local term structure, will distinguish it in the future */
	102	/* e_yy_DTERM_DATA, all other types
	103	e_yy_DTERM_NAMED, keyid:bob
	104	e_yy_DTERM_PRINCIPAL, principal:?P
	105	e_yy_DTERM_ANONYMOUS ? */
	106	struct _abac_yy_term_t {
[a9494ad]	107	union {
	108	abac_yy_principal_t *n_ptr;
[da5afdf]	109	abac_yy_term_principal_t *p_ptr;
	110	abac_yy_term_data_t *d_ptr;
[a9494ad]	111	} term;
	112	int type;
[da5afdf]	113	struct _abac_yy_term_t *next;
	114	int bcnt; /* this is to track number of terms in this linked up list */
[a9494ad]	115	};
	116
	117	/* local role structure */
	118	struct _abac_yy_role_t {
	119	int type;
	120	char *name;
[da5afdf]	121	abac_yy_term_t *terms;
[a9494ad]	122	struct _abac_yy_role_t *next;
	123	int bcnt; /* this is to track number of roles in this linked up list */
	124	};
	125
[da5afdf]	126	/* local oset structure */
	127	struct _abac_yy_oset_t {
	128	int type;
	129	char *name;
	130	abac_yy_term_t *terms;
	131	struct _abac_yy_oset_t *next;
	132	int bcnt; /* this is to track number of oset in this linked up list */
	133	};
	134
	135	/* A, A.r, A.r.r */
	136	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
	137	/* A/obj, A.o, A.r.o */
	138	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
	139	struct _abac_yy_expression_t {
	140	int type;
	141	union {
	142	abac_yy_principal_t *principal;
	143	abac_yy_term_data_t *object;
	144	};
[a9494ad]	145	abac_yy_role_t *linked_role;
[da5afdf]	146	union {
	147	abac_yy_role_t *role;
	148	abac_yy_oset_t *oset;
	149	};
	150	struct _abac_yy_expression_t *next;
[a9494ad]	151	int bcnt;
	152	};
[b5a3da4]	153
	154	static void _free_yy_expression(abac_yy_expression_t *);
	155
	156	/************************************************************************/
	157	void abac_yy_set_error_code(int v)
	158	{
	159	abac_yy_error_code=v;
	160	}
	161
	162	/************************************************************************/
	163	abac_stack_t *abac_yy_get_rule_id_clauses()
	164	{
	165	return abac_rule_id_clauses;
	166	}
	167
	168	abac_stack_t *abac_yy_init_rule_id_clauses()
	169	{
	170	abac_rule_id_clauses=abac_stack_new();
	171	return abac_rule_id_clauses;
	172	}
	173
	174	void abac_yy_free_rule_id_clauses()
	175	{
	176	if (abac_rule_id_clauses != NULL)
	177	abac_stack_free(abac_rule_id_clauses);
	178	}
	179
	180	void abac_yy_set_rule_clauses(abac_list_t *clauses)
	181	{
	182	abac_rule_clauses=clauses;
	183	if(debug) {
	184	printf("printing out abac_rule_clauses:\n");
	185	abac_print_clauses(abac_rule_clauses,NULL);
	186	}
	187	}
	188
	189	abac_list_t *abac_yy_get_rule_clauses()
	190	{
	191	return abac_rule_clauses;
	192	}
	193
	194	void abac_yy_free_rule_clauses()
	195	{
	196	if (abac_rule_clauses != NULL) {
	197	char *cur;
	198	abac_list_foreach(abac_yy_id_certs, cur,
	199	if(cur) free(cur);
	200	);
	201	abac_list_free(abac_rule_clauses);
	202	}
	203	}
	204
	205	int abac_yy_get_rule_is_oset()
	206	{
	207	return abac_rule_is_oset;
	208	}
	209
	210	abac_role_t *abac_yy_get_rule_head_role()
	211	{
	212	return abac_rule_head_role;
	213	}
	214
	215	abac_role_t *abac_yy_get_rule_tail_role()
	216	{
	217	return abac_rule_tail_role;
	218	}
	219
	220	abac_oset_t *abac_yy_get_rule_head_oset()
	221	{
	222	return abac_rule_head_oset;
	223	}
	224
	225	abac_oset_t *abac_yy_get_rule_tail_oset()
	226	{
	227	return abac_rule_tail_oset;
	228	}
	229
[da5afdf]	230
	231	/************************************************************************/
[b5a3da4]	232	void abac_yy_init_yy_id_certs()
	233	{
	234	abac_yy_id_certs = abac_list_new();
	235	}
	236
	237	void abac_yy_free_yy_id_certs()
	238	{
	239	abac_yy_id_cert_t *id;
	240	abac_list_foreach(abac_yy_id_certs, id,
	241	if(id)
	242	free(id->principalname);
	243	free(id->clause);
	244	free(id);
	245	);
	246	abac_list_free(abac_yy_id_certs);
	247	abac_yy_id_certs = NULL;
	248	}
	249
	250	int abac_yy_cnt_yy_id_certs()
	251	{
	252	return abac_list_size(abac_yy_id_certs);
	253	}
	254
	255	char *abac_yy_string_yy_id_certs()
	256	{
	257	int first=1;
	258	char *tmp=NULL;
	259	abac_yy_id_cert_t *cur;
	260	abac_list_foreach(abac_yy_id_certs, cur,
	261	if(cur)
	262	if(first) {
	263	tmp=abac_xstrdup(cur->clause);
	264	first=0;
	265	} else {
	266	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
	267	}
	268	);
	269	return tmp;
	270	}
	271
	272	static void _add_yy_id_certs(char *principalname, int type)
	273	{
	274	abac_yy_id_cert_t *id_cert=NULL;
	275
	276	int found=0;
	277	abac_yy_id_cert_t *cur;
	278	abac_list_foreach(abac_yy_id_certs, cur,
	279	if(cur)
	280	if(strcmp(cur->principalname,principalname)==0) {
	281	found=1;
	282	break;
	283	}
	284	);
	285
	286	if (found) {
	287	return;
	288	} else {
	289	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
	290	id_cert->principalname=abac_xstrdup(principalname);
	291	id_cert->type=type;
	292	id_cert->clause=generate_pl_type_clause(principalname,type);
	293	abac_list_add(abac_yy_id_certs, id_cert);
	294	}
	295	}
	296
	297	/***********************************************************************/
	298	static void _free_yy_cond_range(abac_list_t *ptr)
[da5afdf]	299	{
	300	if (ptr != NULL) {
	301	abac_yy_range_t *cur;
	302	abac_list_foreach(ptr, cur,
	303	if(cur && cur->val) free(cur->val);
	304	free(cur);
	305	);
	306	abac_list_free(ptr);
	307	}
	308	}
	309
[b5a3da4]	310	static char _string_yy_cond_range(abac_list_t ptr)
[da5afdf]	311	{
	312	assert(ptr);
	313	char *tmp=NULL;
	314	char *min=NULL;
	315	char *max=NULL;
	316	char *val=NULL;
	317	int type;
[a9494ad]	318
[da5afdf]	319	abac_yy_range_t *cur;
	320	abac_list_foreach(ptr, cur,
	321	type=cur->type;
	322	switch (type) {
	323	case e_yy_RANGE_MIN:
	324	min=strdup(cur->val);
	325	break;
	326	case e_yy_RANGE_MAX:
	327	max=strdup(cur->val);
	328	break;
	329	case e_yy_RANGE_TARGET:
	330	if(val)
	331	asprintf(&val,"%s,%s",val,cur->val);
	332	else val=strdup(cur->val);
	333	break;
	334	}
	335	);
	336	if(max && min) {
	337	asprintf(&tmp,"[%s..%s]",min,max);
	338	free(max);
	339	free(min);
	340	return tmp;
	341	}
	342	if(max) {
	343	asprintf(&tmp,"[..%s]",max);
	344	free(max);
	345	return tmp;
	346	}
	347	if(min) {
	348	asprintf(&tmp,"[%s..]",min);
	349	free(min);
	350	return tmp;
	351	}
	352	if(val) {
	353	asprintf(&tmp,"[%s]",val);
	354	free(val);
	355	return tmp;
	356	}
	357	return NULL;
	358	}
	359
[b5a3da4]	360	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
[da5afdf]	361	{
	362	abac_yy_range_t *range=
	363	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
	364	range->type=e_yy_RANGE_TARGET;
	365	range->val=strdup(val);
	366	abac_list_add(ptr, range);
	367	return ptr;
	368	}
	369
[b5a3da4]	370	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
[da5afdf]	371	{
	372	abac_yy_range_t *range=
	373	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
	374	range->type=type;
	375	range->val=strdup(val);
	376	abac_list_add(ptr, range);
	377	return ptr;
	378	}
	379
	380	abac_list_t make_yy_val_range(char val)
	381	{
	382	abac_list_t *ptr=abac_list_new();
[b5a3da4]	383	add_yy_val_range(ptr,val);
[da5afdf]	384	return ptr;
	385	}
	386
	387	abac_list_t make_yy_minmax_range(char min, char *max)
	388	{
	389	abac_list_t *ptr=abac_list_new();
[b5a3da4]	390	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
	391	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
[da5afdf]	392	return ptr;
	393	}
	394
	395	abac_list_t make_yy_min_range(char min)
	396	{
	397	abac_list_t *ptr=abac_list_new();
[b5a3da4]	398	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
[da5afdf]	399	return ptr;
	400	}
	401
	402	abac_list_t make_yy_max_range(char max)
	403	{
	404	abac_list_t *ptr=abac_list_new();
[b5a3da4]	405	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
[da5afdf]	406	return ptr;
	407	}
[a9494ad]	408
[b5a3da4]	409	/***********************************************************************/
	410	abac_yy_term_data_t make_yy_term_data(char name)
[a9494ad]	411	{
[b5a3da4]	412	abac_yy_term_data_t *ptr=
	413	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
	414	ptr->name=abac_xstrdup(name);
	415	ptr->type=0;
	416	ptr->is_variable=0;
	417	ptr->cond_str=NULL;
	418	ptr->cond_head_expr=NULL;
	419	ptr->cond_ptr=NULL;
	420	ptr->cond_range=NULL;
	421	return ptr;
[a9494ad]	422	}
	423
[b5a3da4]	424	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
[a9494ad]	425	{
[b5a3da4]	426	return ptr->cond_range;
[a9494ad]	427	}
	428
[b5a3da4]	429	char get_yy_term_data_name(abac_yy_term_data_t ptr)
[a9494ad]	430	{
[b5a3da4]	431	return ptr->name;
[a9494ad]	432	}
	433
[b5a3da4]	434	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
[a9494ad]	435	{
[b5a3da4]	436	if(ptr->cond_head_expr != NULL)
	437	return 1;
[c586a3c]	438	if(ptr->cond_range != NULL)
[b5a3da4]	439	return 1;
	440	return 0;
[a9494ad]	441	}
	442
[b5a3da4]	443	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
	444	abac_list_t *range)
[a9494ad]	445	{
[b5a3da4]	446	ptr->cond_range=range;
[a9494ad]	447	}
	448
[b5a3da4]	449	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
	450	abac_yy_expression_t *expr)
[a9494ad]	451	{
[b5a3da4]	452	ptr->cond_head_expr=expr;
[a9494ad]	453	}
	454
[b5a3da4]	455	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
[da5afdf]	456	{
[b5a3da4]	457	return ptr->cond_head_expr;
[da5afdf]	458	}
	459
[b5a3da4]	460	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
[a9494ad]	461	{
[b5a3da4]	462	int type=abac_term_verify_term_type(typestr);
	463	ptr->type=type;
[a9494ad]	464	}
	465
[d5bbd3e]	466	int is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
	467	{
	468	if(ptr->type==abac_term_verify_term_type("integer") \|\|
	469	ptr->type==abac_term_verify_term_type("float"))
	470	return 1;
	471	return 0;
	472	}
	473
[7b548fa]	474	int is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
	475	{
	476	if(ptr->type==abac_term_verify_term_type("time"))
	477	return 1;
	478	return 0;
	479	}
	480
[d5bbd3e]	481	int is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
	482	{
	483	if(ptr->type==abac_term_verify_term_type("string") \|\|
	484	ptr->type==abac_term_verify_term_type("urn"))
	485	return 1;
	486	return 0;
	487	}
	488
[b5a3da4]	489	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
[a9494ad]	490	{
[b5a3da4]	491	ptr->cond_ptr=vptr;
[a9494ad]	492	}
	493
[b5a3da4]	494	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
[da5afdf]	495	{
[b5a3da4]	496	ptr->cond_str=strdup(cond);
[da5afdf]	497	}
	498
[b5a3da4]	499	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
[da5afdf]	500	{
[b5a3da4]	501	ptr->is_variable=1;
[da5afdf]	502	}
	503
[b5a3da4]	504	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
[a9494ad]	505	{
[b5a3da4]	506	return ptr->is_variable;
[a9494ad]	507	}
	508
[b5a3da4]	509	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
[a9494ad]	510	{
[b5a3da4]	511	free(ptr->name);
	512	if(ptr->cond_str)
	513	free(ptr->cond_str);
	514	if(ptr->cond_head_expr)
	515	_free_yy_expression(ptr->cond_head_expr);
	516	if(ptr->cond_range);
	517	_free_yy_cond_range(ptr->cond_range);
	518	free(ptr);
[a9494ad]	519	}
	520
[b5a3da4]	521	abac_yy_term_principal_t make_yy_term_principal(char name)
[a9494ad]	522	{
[b5a3da4]	523	abac_yy_term_principal_t *ptr=
	524	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
[d845403]	525	ptr->type=0;/* this is not known */
[b5a3da4]	526	ptr->name=abac_xstrdup(name);
	527	ptr->cond_str=NULL;
	528	ptr->cond_head_expr=NULL;
	529	return ptr;
[a9494ad]	530	}
	531
[b5a3da4]	532	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
[a9494ad]	533	{
[b5a3da4]	534	ptr->cond_ptr=vptr;
[a9494ad]	535	}
	536
[b5a3da4]	537	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
[a9494ad]	538	{
[b5a3da4]	539	ptr->cond_str=abac_xstrdup(cond);
[a9494ad]	540	}
	541
[b5a3da4]	542	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
[da5afdf]	543	{
[b5a3da4]	544	return ptr->cond_head_expr;
[da5afdf]	545	}
	546
[b5a3da4]	547	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
	548	abac_yy_expression_t *expr)
[da5afdf]	549	{
[b5a3da4]	550	ptr->cond_head_expr=expr;
[da5afdf]	551	}
	552
[b5a3da4]	553	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
[da5afdf]	554	{
[b5a3da4]	555	free(ptr->name);
	556	if(ptr->cond_str)
	557	free(ptr->cond_str);
	558	if(ptr->cond_head_expr)
	559	_free_yy_expression(ptr->cond_head_expr);
	560	free(ptr);
[da5afdf]	561	}
	562
[b5a3da4]	563	abac_yy_term_t *make_yy_term_dterm_anonymous()
[da5afdf]	564	{
[b5a3da4]	565	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	566	ptr->type = e_yy_DTERM_ANONYMOUS;
	567	ptr->next=NULL;
	568	ptr->bcnt=1;
	569	return ptr;
[da5afdf]	570	}
	571
[b5a3da4]	572	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
[da5afdf]	573	{
[b5a3da4]	574	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	575	ptr->type = e_yy_DTERM_PRINCIPAL;
	576	ptr->term.p_ptr=pptr;
	577	ptr->next=NULL;
	578	ptr->bcnt=1;
	579	return ptr;
	580	}
	581
	582	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
	583	{
	584	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	585	ptr->type = e_yy_DTERM_NAMED;
	586	ptr->term.n_ptr=nptr;
	587	ptr->next=NULL;
	588	ptr->bcnt=1;
	589	return ptr;
	590	}
	591
	592	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
	593	{
	594	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	595	ptr->type = e_yy_DTERM_DATA;
	596	ptr->term.d_ptr=dptr;
	597	ptr->next=NULL;
	598	ptr->bcnt=1;
	599	return ptr;
	600	}
	601
	602	/************************************************************************/
	603	void abac_yy_init_yy_constraints()
	604	{
	605	abac_yy_constraints = abac_list_new();
	606	}
	607
	608	void abac_yy_free_yy_constraints()
	609	{
	610	abac_yy_constraint_t *cur;
	611	abac_list_foreach(abac_yy_constraints, cur,
	612	if(cur && cur->clause)
	613	free(cur->clause);
	614	free(cur);
	615	);
	616	abac_list_free(abac_yy_constraints);
	617	abac_yy_constraints=NULL;
	618	}
	619
	620	int abac_yy_cnt_yy_constraints()
	621	{
	622	return abac_list_size(abac_yy_constraints);
	623	}
	624
	625	char *abac_yy_string_yy_constraints()
	626	{
	627	int first=1;
	628	char *tmp=NULL;
	629	abac_yy_constraint_t *cur;
	630	abac_list_foreach(abac_yy_constraints, cur,
	631	if(cur && cur->clause)
	632	if(first) {
	633	tmp=abac_xstrdup(cur->clause);
	634	first=0;
	635	} else {
	636	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
	637	}
	638	);
	639	return tmp;
	640	}
	641
	642	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
	643	{
	644	abac_yy_constraint_t *ptr=
	645	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
	646	ptr->clause=strdup(constraint);
	647	abac_list_add(abac_yy_constraints, ptr);
[da5afdf]	648	return ptr;
	649	}
	650
[a9494ad]	651	/****************************************************************************/
	652	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
	653	{
	654	abac_yy_principal_t *ptr=
	655	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
	656	ptr->sha=abac_xstrdup(sha);
	657	ptr->cn=abac_xstrdup(cn);
	658	ptr->type=type;
	659	return ptr;
	660	}
	661
	662	static void _free_yy_principal(abac_yy_principal_t *ptr)
	663	{
	664	free(ptr->sha);
	665	if(ptr->cn)
	666	free(ptr->cn);
	667	free(ptr);
	668	}
	669
[da5afdf]	670	int get_yy_principal_type(abac_yy_principal_t *ptr)
	671	{
	672	return ptr->type;
	673	}
	674
	675	char get_yy_principal_principalname(abac_yy_principal_t ptr)
	676	{
	677	if(ptr->sha == NULL)
	678	return ptr->cn;
	679	return ptr->sha;
	680	}
	681
[b5a3da4]	682	/*************************************************************************/
	683
	684	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
	685	{
	686	int i=terms->bcnt;
	687	nterm->next=terms;
	688	nterm->bcnt=i+1;
	689	return nterm;
	690	}
	691
	692	static void _free_yy_term(abac_yy_term_t *ptr)
	693	{
	694	switch (ptr->type) {
	695	case e_yy_DTERM_DATA:
	696	_free_yy_term_data(ptr->term.d_ptr);
	697	break;
	698	case e_yy_DTERM_NAMED:
	699	_free_yy_principal(ptr->term.n_ptr);
	700	break;
	701	case e_yy_DTERM_PRINCIPAL:
	702	_free_yy_term_principal(ptr->term.p_ptr);
	703	break;
	704	case e_yy_DTERM_ANONYMOUS:
	705	break;
	706	}
	707	if(ptr->next)
	708	_free_yy_term(ptr->next);
	709	free(ptr);
	710	}
	711
	712	/*************************************************************************/
	713
[da5afdf]	714	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
[a9494ad]	715	{
	716	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
	717	ptr->name=abac_xstrdup(name);
[da5afdf]	718	ptr->terms=terms;
[a9494ad]	719	ptr->next=NULL;
	720	ptr->bcnt=1;
	721	return ptr;
	722	}
	723
	724	static void _free_yy_role(abac_yy_role_t *ptr)
	725	{
	726	free(ptr->name);
[da5afdf]	727	if(ptr->terms)
	728	_free_yy_term(ptr->terms);
[a9494ad]	729	if(ptr->next)
	730	_free_yy_role(ptr->next);
	731	free(ptr);
	732	}
	733
[b5a3da4]	734	/***************************************************************************/
	735	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
	736	{
	737	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
	738	ptr->name=abac_xstrdup(name);
	739	ptr->terms=terms;
	740	ptr->next=NULL;
	741	ptr->bcnt=1;
	742	return ptr;
	743	}
	744
	745	static void _free_yy_oset(abac_yy_oset_t *ptr)
	746	{
	747	free(ptr->name);
	748	if(ptr->terms)
	749	_free_yy_term(ptr->terms);
	750	if(ptr->next)
	751	_free_yy_oset(ptr->next);
	752	free(ptr);
	753	}
	754	/***************************************************************************/
	755
[da5afdf]	756	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
	757
	758	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
[a9494ad]	759	{
[da5afdf]	760	abac_yy_expression_t *ptr=
	761	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
	762	ptr->type = type;
	763	if(type == e_yy_EXPR_OBJECT) {
	764	ptr->object=(abac_yy_term_data_t *)pptr;
	765	} else {
	766	ptr->principal = (abac_yy_principal_t *)pptr;
	767	}
	768	if(type == e_yy_EXPR_OSET)
	769	ptr->oset = (abac_yy_oset_t *) optr;
	770	else
	771	ptr->role = (abac_yy_role_t *) optr;
[a9494ad]	772	ptr->linked_role=linked_role;
	773	ptr->next=NULL;
	774
	775	return ptr;
	776	}
	777
[da5afdf]	778	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
	779	{
	780	if(ptr->type == e_yy_EXPR_OBJECT)
	781	return ptr->object;
	782	return NULL;
	783	}
	784
	785	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
	786	abac_yy_expression_t *exprs)
[a9494ad]	787	{
	788	int i=exprs->bcnt;
	789	nexpr->next=exprs;
	790	nexpr->bcnt=i+1;
	791	return nexpr;
	792	}
	793
[da5afdf]	794	static void _free_yy_expression(abac_yy_expression_t *ptr)
[a9494ad]	795	{
[da5afdf]	796	if(ptr->type == e_yy_EXPR_OBJECT) {
	797	if(ptr->object)
	798	_free_yy_term_data(ptr->object);
	799	} else {
	800	if(ptr->principal)
	801	_free_yy_principal(ptr->principal);
	802	}
	803	if(ptr->type == e_yy_EXPR_OSET) {
	804	if(ptr->oset)
	805	_free_yy_oset(ptr->oset);
	806	} else {
	807	if(ptr->role)
	808	_free_yy_role(ptr->role);
	809	}
[a9494ad]	810	if(ptr->linked_role)
	811	_free_yy_role(ptr->linked_role);
	812	if(ptr->next)
[da5afdf]	813	_free_yy_expression(ptr->next);
[a9494ad]	814
	815	free(ptr);
	816	}
	817
[b5a3da4]	818	/***************************************************************************/
[da5afdf]	819	static void _oset_add_terms(int linked, abac_oset_t *oset,
	820	abac_yy_term_t *terms)
	821	{
	822	abac_yy_term_t *curr = terms;
	823	int type;
	824	char *name=NULL;
	825	char *cond=NULL;
	826	void *ptr=NULL;
	827	while (curr) {
	828	switch (curr->type) {
	829	case e_yy_DTERM_DATA:
	830	{
	831	abac_yy_term_data_t *ptr=curr->term.d_ptr;
	832	type=ptr->type;
	833	name=abac_xstrdup(ptr->name);
[b5a3da4]	834	cond=abac_xstrdup(ptr->cond_str);
	835	ptr=ptr->cond_ptr;
[da5afdf]	836	break;
	837	}
	838	case e_yy_DTERM_PRINCIPAL:
	839	{
	840	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
[b5a3da4]	841	type=abac_term_verify_term_type("principal");
[da5afdf]	842	name=abac_xstrdup(ptr->name);
[b5a3da4]	843	cond=abac_xstrdup(ptr->cond_str);
	844	ptr=ptr->cond_ptr;
[da5afdf]	845	break;
	846	}
	847	case e_yy_DTERM_NAMED:
	848	{
	849	abac_yy_principal_t *ptr=curr->term.n_ptr;
	850	type=ptr->type;
	851	/* XXX should be switching to sha in the future */
	852	name=abac_xstrdup(ptr->cn);
	853	cond=NULL;
	854	ptr=NULL;
	855	break;
	856	}
	857	case e_yy_DTERM_ANONYMOUS:
	858	{
	859	type=0;
	860	name=abac_xstrdup("_");
	861	cond=NULL;
	862	ptr=NULL;
	863	break;
	864	}
	865	}
	866
	867	abac_term_t *param=abac_term_new(type,name,cond,ptr);
	868	if (linked)
	869	abac_oset_oset_add_linked_param(oset, param);
	870	else
	871	abac_oset_oset_add_param(oset, param);
	872	curr=curr->next;
	873	}
	874	}
	875
	876	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
	877	{
	878	int linked=1;
	879	_oset_add_terms(linked, oset, terms);
	880	}
	881
	882	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
	883	{
	884	int linked=0;
	885	_oset_add_terms(linked, oset, terms);
	886	}
	887
	888
	889	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
	890	{
	891	abac_oset_t *ret_oset=NULL;
	892	abac_list_t *prereqs = abac_list_new();
	893	abac_list_add(prereqs, oset);
	894	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
	895	return ret_oset;
	896	}
	897
	898	/* A.oset */
	899	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
	900	{
	901	abac_yy_principal_t *principal=expr->principal;
	902	abac_yy_oset_t *oset=expr->oset;
	903
	904	char *principalname=get_yy_principal_principalname(principal);
	905	char *osetname=oset->name;
	906	abac_yy_term_t *terms=oset->terms;
	907
	908	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
	909	if (ret_oset==NULL) {
[b5a3da4]	910	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
[da5afdf]	911	goto error;
	912	}
	913	if (!abac_oset_is_oset(ret_oset)) {
[b5a3da4]	914	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
[da5afdf]	915	goto error;
	916	}
	917	// insert the params for the oset
	918	if(terms) {
	919	_oset_add_oset_terms(ret_oset, terms);
	920	}
	921	_add_yy_id_certs(principal->cn,principal->type);
	922
	923	return ret_oset;
	924
	925	error:
	926	return NULL;
	927	}
	928
	929	/* B */
	930	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
	931	{
	932	abac_yy_principal_t *principal=expr->principal;
	933	char *principalname=principal->sha;
	934	abac_oset_t *ret_oset=NULL;
	935
	936	ret_oset = abac_oset_principal_new(principalname);
	937
	938	_add_yy_id_certs(principal->cn,principal->type);
	939
	940	if (ret_oset==NULL)
	941	goto error;
	942	return ret_oset;
	943
	944	error:
	945	panic("can not generate a simple named tail oset");
	946	return NULL;
	947	}
	948
	949
	950	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
	951	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
	952	{
	953	abac_yy_term_data_t *object=get_yy_expression_object(expr);
	954	assert(object != NULL);
	955
	956	char *name=object->name;
	957	int type=object->type;
[b5a3da4]	958	char *cond=object->cond_str;
	959	void *ptr=object->cond_ptr;
[da5afdf]	960	abac_term_t *term=abac_term_new(type,name,cond,ptr);
	961	abac_oset_t *ret_oset=abac_oset_object_new(term);
	962
	963	if(get_yy_term_data_is_variable(object))
	964	_add_yy_id_certs(name,type);
	965
	966	if (ret_oset==NULL)
	967	goto error;
	968	return ret_oset;
	969
	970	error:
	971	panic("can not generate a simple object tail oset");
	972	return NULL;
	973	}
	974
	975
	976	/* B.oset */
	977	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
	978	{
	979	abac_yy_principal_t *principal=expr->principal;
	980	abac_yy_oset_t *oset=expr->oset;
	981
	982	char *principalname=principal->sha;
	983
	984	char *osetname=oset->name;
	985	abac_yy_term_t *terms=oset->terms;
	986
	987	int ret;
	988	abac_oset_t *ret_oset=NULL;
	989
	990	ret_oset = abac_oset_oset_new(principalname, osetname);
	991	if (ret_oset==NULL)
	992	goto error;
	993
	994	if(terms) {
	995	_oset_add_oset_terms(ret_oset, terms);
	996	}
	997
	998	_add_yy_id_certs(principal->cn,principal->type);
	999
	1000	return ret_oset;
	1001
	1002	error:
	1003	panic("can not generate a simple tail oset");
	1004	return NULL;
	1005	}
	1006
	1007	/* B.role.oset */
	1008	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
	1009	{
	1010	abac_yy_principal_t *principal=expr->principal;
	1011	abac_yy_oset_t *oset=expr->oset;
	1012	abac_yy_role_t *linked_role=expr->linked_role;
	1013
	1014	char *principalname=principal->sha;
	1015
	1016	char *osetname=oset->name;
	1017	abac_yy_term_t *terms=oset->terms;
	1018
	1019	char *linkedrolename=linked_role->name;
	1020	abac_yy_term_t *linked_terms=linked_role->terms;
	1021
	1022	int ret;
	1023	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
	1024	linkedrolename, osetname);
	1025	if (ret_oset==NULL)
	1026	goto error;
	1027
	1028	if(linked_terms) {
	1029	_oset_add_linked_terms(ret_oset, linked_terms);
	1030	}
	1031	if(terms) {
	1032	_oset_add_oset_terms(ret_oset, terms);
	1033	}
	1034
	1035	_add_yy_id_certs(principal->cn,principal->type);
	1036
	1037	return ret_oset;
	1038
	1039	error:
	1040	panic("can not generate linked tail oset");
	1041	return NULL;
	1042	}
	1043
	1044
	1045
	1046	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
	1047	abac_yy_expression_t *tailexpr)
	1048	{
	1049	abac_oset_t *head_oset=NULL;
	1050	abac_oset_t *tail_oset=NULL;
	1051
	1052	/* build up left side's abac oset structure */
	1053	head_oset=validate_head_oset(headexpr);
	1054	if(head_oset == NULL)
	1055	goto error;
	1056
	1057	/* build up the right side's abac oset structure */
	1058	abac_yy_expression_t *curr_tail = tailexpr;
	1059	int intersecting=(tailexpr->next != NULL)? 1:0;
	1060	abac_oset_t *curr_oset = NULL;
	1061	while (curr_tail) {
	1062	switch(curr_tail->type) {
	1063	case e_yy_EXPR_OBJECT:
	1064	curr_oset=validate_object_tail_oset(curr_tail);
	1065	break;
	1066	case e_yy_EXPR_NAMED:
	1067	curr_oset=validate_named_tail_oset(curr_tail);
	1068	break;
	1069	case e_yy_EXPR_OSET:
	1070	curr_oset=validate_oset_tail_oset(curr_tail);
	1071	break;
	1072	case e_yy_EXPR_LINKED:
	1073	curr_oset=validate_linked_tail_oset(curr_tail);
	1074	break;
	1075	}
	1076	if(curr_oset==NULL)
	1077	goto error;
	1078
	1079	/* check if first one */
	1080	if(tail_oset==NULL) {
	1081	if(intersecting)
	1082	tail_oset=validate_intersected_tail_oset(curr_oset);
	1083	else
	1084	tail_oset=curr_oset;
	1085	} else {
	1086	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
	1087	}
	1088	curr_tail=curr_tail->next;
	1089	} /* while */
	1090
	1091	/* XXX collect up type clauses, constraint clauses and
	1092	generate rule clauses */
	1093	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
	1094	if(tmp == NULL)
	1095	goto error;
	1096
	1097	if(debug) {
	1098	abac_print_oset_string_with_condition(head_oset,NULL);
	1099	abac_print_oset_string_with_condition(tail_oset,NULL);
	1100	}
	1101
	1102	_free_yy_expression(headexpr);
	1103	_free_yy_expression(tailexpr);
[b5a3da4]	1104	abac_rule_head_oset=head_oset;
	1105	abac_rule_tail_oset=tail_oset;
	1106	abac_rule_is_oset=1;
[da5afdf]	1107	return tmp;
	1108
	1109	error:
	1110	_free_yy_expression(headexpr);
	1111	_free_yy_expression(tailexpr);
	1112	if(head_oset)
	1113	abac_oset_free(head_oset);
	1114	if(tail_oset)
	1115	abac_oset_free(tail_oset);
	1116	return NULL;
	1117	}
	1118
	1119	/****************************************************************/
	1120	static void _role_add_terms(int linked, abac_role_t *role,
	1121	abac_yy_term_t *terms)
[a9494ad]	1122	{
[da5afdf]	1123	abac_yy_term_t *curr = terms;
[a9494ad]	1124	int type;
	1125	char *name=NULL;
	1126	char *cond=NULL;
[da5afdf]	1127	void *ptr=NULL;
[a9494ad]	1128	while (curr) {
	1129	switch (curr->type) {
[da5afdf]	1130	case e_yy_DTERM_DATA:
[a9494ad]	1131	{
[d845403]	1132	abac_yy_term_data_t *pptr=curr->term.d_ptr;
	1133	type=pptr->type;
	1134	name=abac_xstrdup(pptr->name);
	1135	cond=abac_xstrdup(pptr->cond_str);
	1136	ptr=pptr->cond_ptr;
[a9494ad]	1137	break;
	1138	}
[da5afdf]	1139	case e_yy_DTERM_PRINCIPAL:
[a9494ad]	1140	{
[d845403]	1141	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
[b5a3da4]	1142	type=abac_term_verify_term_type("principal");
[d845403]	1143	name=abac_xstrdup(pptr->name);
	1144	cond=abac_xstrdup(pptr->cond_str);
	1145	ptr=pptr->cond_ptr;
[a9494ad]	1146	break;
	1147	}
[da5afdf]	1148	case e_yy_DTERM_NAMED:
[a9494ad]	1149	{
[d845403]	1150	abac_yy_principal_t *pptr=curr->term.n_ptr;
	1151	type=pptr->type;
[a9494ad]	1152	/* XXX should be switching to sha in the future */
[d845403]	1153	name=abac_xstrdup(pptr->cn);
[a9494ad]	1154	cond=NULL;
[da5afdf]	1155	ptr=NULL;
[a9494ad]	1156	break;
	1157	}
[da5afdf]	1158	case e_yy_DTERM_ANONYMOUS:
[a9494ad]	1159	{
	1160	type=0;
	1161	name=abac_xstrdup("_");
	1162	cond=NULL;
[da5afdf]	1163	ptr=NULL;
[a9494ad]	1164	break;
	1165	}
	1166	}
[d845403]	1167
[da5afdf]	1168	abac_term_t *param=abac_term_new(type,name,cond,ptr);
[a9494ad]	1169	if (linked)
[da5afdf]	1170	abac_role_role_add_linked_param(role, param);
[a9494ad]	1171	else
[da5afdf]	1172	abac_role_role_add_param(role, param);
[a9494ad]	1173	curr=curr->next;
	1174	}
	1175	}
	1176
[da5afdf]	1177	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
[a9494ad]	1178	{
	1179	int linked=1;
[da5afdf]	1180	_role_add_terms(linked, role, terms);
[a9494ad]	1181	}
	1182
[da5afdf]	1183	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
[a9494ad]	1184	{
	1185	int linked=0;
[da5afdf]	1186	_role_add_terms(linked, role, terms);
[a9494ad]	1187	}
	1188
	1189
	1190	abac_role_t validate_intersected_tail_role(abac_role_t role)
	1191	{
	1192	abac_role_t *ret_role=NULL;
	1193	abac_list_t *prereqs = abac_list_new();
	1194	abac_list_add(prereqs, role);
	1195	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
	1196	return ret_role;
	1197	}
	1198
[da5afdf]	1199	abac_role_t validate_head_role(abac_yy_expression_t expr)
[a9494ad]	1200	{
	1201	abac_yy_principal_t *principal=expr->principal;
	1202	abac_yy_role_t *role=expr->role;
	1203
[da5afdf]	1204	char *principalname=get_yy_principal_principalname(principal);
[a9494ad]	1205	char *rolename=role->name;
[da5afdf]	1206	abac_yy_term_t *terms=role->terms;
[a9494ad]	1207	abac_role_t *ret_role=NULL;
	1208
	1209	ret_role=abac_role_role_new(principalname, rolename);
	1210	if (ret_role==NULL) {
[b5a3da4]	1211	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
[a9494ad]	1212	goto error;
	1213	}
	1214	if (!abac_role_is_role(ret_role)) {
[b5a3da4]	1215	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
[a9494ad]	1216	goto error;
	1217	}
	1218	// insert the params for the role
[da5afdf]	1219	if(terms) {
	1220	_role_add_role_terms(ret_role, terms);
[a9494ad]	1221	}
	1222
	1223	_add_yy_id_certs(principal->cn,principal->type);
	1224
	1225	return ret_role;
	1226
	1227	error:
	1228	return NULL;
	1229	}
	1230
[da5afdf]	1231	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
[a9494ad]	1232	{
	1233	abac_yy_principal_t *principal=expr->principal;
[da5afdf]	1234	char *principalname=get_yy_principal_principalname(principal);
[a9494ad]	1235	abac_role_t *ret_role=NULL;
	1236
	1237	ret_role = abac_role_principal_new(principalname);
	1238	_add_yy_id_certs(principal->cn,principal->type);
	1239
	1240	if (ret_role==NULL)
	1241	goto error;
	1242	return ret_role;
	1243
	1244	error:
	1245	panic("can not generate a simple named tail role");
	1246	return NULL;
	1247	}
	1248
[da5afdf]	1249	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
[a9494ad]	1250	{
	1251	abac_yy_principal_t *principal=expr->principal;
	1252	abac_yy_role_t *role=expr->role;
	1253
[da5afdf]	1254	char *principalname=get_yy_principal_principalname(principal);
[a9494ad]	1255
	1256	char *rolename=role->name;
[da5afdf]	1257	abac_yy_term_t *terms=role->terms;
[a9494ad]	1258
	1259	int ret;
	1260	abac_role_t *ret_role=NULL;
	1261
	1262	ret_role = abac_role_role_new(principalname, rolename);
	1263	if (ret_role==NULL)
	1264	goto error;
	1265
[da5afdf]	1266	if(terms) {
	1267	_role_add_role_terms(ret_role, terms);
[a9494ad]	1268	}
	1269
	1270	_add_yy_id_certs(principal->cn,principal->type);
	1271
	1272	return ret_role;
	1273
	1274	error:
	1275	panic("can not generate a simple tail role");
	1276	return NULL;
	1277	}
	1278	/* need to validate/generate a linked role out of this */
[da5afdf]	1279	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
[a9494ad]	1280	{
	1281	abac_yy_principal_t *principal=expr->principal;
	1282	abac_yy_role_t *role=expr->role;
	1283	abac_yy_role_t *linked_role=expr->linked_role;
	1284
[da5afdf]	1285	char *principalname=get_yy_principal_principalname(principal);
[a9494ad]	1286
	1287	char *rolename=role->name;
[da5afdf]	1288	abac_yy_term_t *terms=role->terms;
[a9494ad]	1289
	1290	char *linkedrolename=linked_role->name;
[da5afdf]	1291	abac_yy_term_t *linked_terms=linked_role->terms;
[a9494ad]	1292
	1293	int ret;
	1294	abac_role_t *ret_role=NULL;
	1295
	1296	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
	1297	if (ret_role==NULL)
	1298	goto error;
	1299
[da5afdf]	1300	if(linked_terms) {
	1301	_role_add_linked_terms(ret_role, linked_terms);
[a9494ad]	1302	}
[da5afdf]	1303	if(terms) {
	1304	_role_add_role_terms(ret_role, terms);
[a9494ad]	1305	}
	1306
	1307	_add_yy_id_certs(principal->cn,principal->type);
	1308
	1309	return ret_role;
	1310
	1311	error:
	1312	panic("can not generate linked tail role");
	1313	return NULL;
	1314	}
	1315
[b5a3da4]	1316	/***********************************************************************/
	1317	/* add the condition to constraint list */
	1318	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
	1319	{
	1320	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
	1321	if(head_expr) {
	1322	abac_oset_t *head_oset=validate_head_oset(head_expr);
	1323	if(head_oset == NULL)
	1324	goto error;
	1325
	1326	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
	1327	set_yy_term_data_cond_str(ptr,tmp);
	1328	set_yy_term_data_cond_ptr(ptr,head_oset);
	1329	abac_yy_add_yy_constraints(tmp);
	1330	return tmp;
	1331	}
	1332	return NULL;
	1333	error:
	1334	return NULL;
	1335	}
[d5bbd3e]	1336
[b5a3da4]	1337	/****************************************************************/
	1338	/* add the range condition to constraint list */
[d5bbd3e]	1339	/* this is for integer and float only */
	1340	void make_yy_range_numeric_constraint(abac_yy_term_data_t ptr, char var)
[b5a3da4]	1341	{
	1342	char *typestr=abac_term_type(ptr->type);
	1343	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
	1344	char *tmplist=NULL;
	1345	char *tmp=NULL;
[d5bbd3e]	1346	int as_range=1; /* either , or ; */
[b5a3da4]	1347	if(rlist) {
	1348	char *rstring=_string_yy_cond_range(rlist);
	1349	set_yy_term_data_cond_str(ptr,rstring);
	1350	abac_yy_range_t *cur;
	1351
[d5bbd3e]	1352	/* a list of values -- in chars */
[b5a3da4]	1353	abac_list_foreach(rlist, cur,
	1354	int type=cur->type;
	1355	char *val=cur->val;
	1356	switch(type) {
	1357	case e_yy_RANGE_MIN:
[7b548fa]	1358	tmp=generate_pl_range_constraint(typestr,var,val,">=");
[b5a3da4]	1359	break;
	1360	case e_yy_RANGE_MAX:
[7b548fa]	1361	tmp=generate_pl_range_constraint(typestr,var,val,"=<");
[b5a3da4]	1362	break;
	1363	case e_yy_RANGE_TARGET:
[d5bbd3e]	1364	tmp=generate_pl_range_constraint(NULL,var,val,"=");
	1365	as_range=0;
[b5a3da4]	1366	break;
	1367	}
[d5bbd3e]	1368	/* ; is prolog's disjunction built in predicate */
[b5a3da4]	1369	if(tmplist) {
[d5bbd3e]	1370	if(as_range)
[b5a3da4]	1371	asprintf(&tmplist,"%s,%s",tmplist,tmp);
	1372	else
	1373	asprintf(&tmplist,"%s;%s",tmplist,tmp);
	1374	} else {
	1375	tmplist=tmp;
	1376	}
	1377	tmp=NULL;
	1378	);
	1379	asprintf(&tmplist,"(%s)",tmplist);
	1380	abac_yy_add_yy_constraints(tmplist);
	1381	}
	1382	}
	1383
[7b548fa]	1384	/****************************************************************/
	1385	/* this is for time only */
	1386	void make_yy_range_time_constraint(abac_yy_term_data_t ptr, char var)
	1387	{
	1388	char *typestr=abac_term_type(ptr->type);
	1389	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
	1390	char *tmplist=NULL;
	1391	char *tmp=NULL;
	1392	char *ttmp=NULL;
	1393	char *tlist=NULL;
	1394	int as_range=1; /* either , or ; */
	1395	if(rlist) {
	1396	char *rstring=_string_yy_cond_range(rlist);
	1397	set_yy_term_data_cond_str(ptr,rstring);
	1398	abac_yy_range_t *cur;
	1399
	1400	/* a list of values -- in chars */
	1401	abac_list_foreach(rlist, cur,
	1402	int type=cur->type;
	1403	char *tval=cur->val;
	1404	char *val=abac_term_to_time(tval);
	1405	switch(type) {
	1406	case e_yy_RANGE_MIN:
	1407	ttmp=generate_pl_range_time_constraint(var,val,">");
	1408	tmp=generate_pl_range_time_constraint(var,val,"=");
	1409	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
	1410	tmp=tlist;
	1411	break;
	1412	case e_yy_RANGE_MAX:
	1413	ttmp=generate_pl_range_time_constraint(var,val,"=");
	1414	tmp=generate_pl_range_time_constraint(var,val,"<");
	1415	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
	1416	tmp=tlist;
	1417	break;
	1418	case e_yy_RANGE_TARGET:
	1419	tmp=generate_pl_range_time_constraint(var,val,"=");
	1420	as_range=0;
	1421	break;
	1422	}
	1423	free(val);
	1424	/* ; is prolog's disjunction built in predicate */
	1425	if(tmplist) {
	1426	if(as_range)
	1427	asprintf(&tmplist,"%s,%s",tmplist,tmp);
	1428	else
	1429	asprintf(&tmplist,"%s;%s",tmplist,tmp);
	1430	} else {
	1431	tmplist=tmp;
	1432	}
	1433	tmp=NULL;
	1434	);
	1435
	1436	asprintf(&tmplist,"(%s)",tmplist);
	1437	/* generate a clause with above and add into db */
	1438	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
	1439	abac_yy_add_yy_constraints(tmp);
	1440	}
	1441	}
	1442
[d5bbd3e]	1443	/****************************************************************/
	1444	/* this is for string and urn only */
	1445	void make_yy_range_string_constraint(abac_yy_term_data_t ptr, char var)
	1446	{
	1447	char *typestr=abac_term_type(ptr->type);
	1448	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
	1449	char *tmplist=NULL;
	1450	char *tmp=NULL;
	1451	if(rlist) {
	1452	char *rstring=_string_yy_cond_range(rlist);
	1453	set_yy_term_data_cond_str(ptr,rstring);
	1454	abac_yy_range_t *cur;
	1455
	1456	/* a list of values -- in chars */
	1457	abac_list_foreach(rlist, cur,
	1458	int type=cur->type;
	1459	char *val=cur->val;
	1460	switch(type) {
	1461	case e_yy_RANGE_MIN:
	1462	panic("make_yy_range_string_constraint, invalid range type - min");
	1463	break;
	1464	case e_yy_RANGE_MAX:
	1465	/* invalid range type */
	1466	panic("make_yy_range_string_constraint, invalid range type - max");
	1467	break;
	1468	case e_yy_RANGE_TARGET:
	1469	tmp=generate_pl_range_constraint(NULL,var,val,"=");
	1470	break;
	1471	}
	1472	/* ; is prolog's disjunction built in predicate */
	1473	if(tmplist)
	1474	asprintf(&tmplist,"%s;%s",tmplist,tmp);
	1475	else tmplist=tmp;
	1476	tmp=NULL;
	1477	);
	1478	asprintf(&tmplist,"(%s)",tmplist);
	1479	/* generate a clause with above and add into db */
[7b548fa]	1480	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
[d5bbd3e]	1481	abac_yy_add_yy_constraints(tmp);
	1482	}
	1483	}
	1484
	1485	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
	1486	{
	1487	if(is_yy_term_data_type_numeric(ptr)) {
	1488	make_yy_range_numeric_constraint(ptr, var);
	1489	} else if (is_yy_term_data_type_alpha(ptr)) {
	1490	make_yy_range_string_constraint(ptr, var);
[7b548fa]	1491	} else if (is_yy_term_data_type_time(ptr)) {
	1492	make_yy_range_time_constraint(ptr, var);
[d5bbd3e]	1493	}
	1494	}
	1495
[b5a3da4]	1496	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
	1497	{
	1498	char *tmp=NULL;
	1499	abac_role_t *head_role=NULL;
	1500
	1501	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
	1502	/* build up left side's abac role constraint structure */
	1503	head_role=validate_head_role(head_expr);
	1504	if(head_role == NULL)
	1505	goto error;
	1506
	1507	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
	1508	set_yy_term_principal_cond_str(ptr,tmp);
	1509	set_yy_term_principal_cond_ptr(ptr,head_role);
	1510	abac_yy_add_yy_constraints(tmp);
	1511	return tmp;
	1512
	1513	error:
	1514	return NULL;
	1515	}
[a9494ad]	1516
[da5afdf]	1517	/* build up the abac structure and also create the yap clause
	1518	and insert it into db */
	1519	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
	1520	abac_yy_expression_t *tailexpr)
[a9494ad]	1521	{
	1522	abac_role_t *head_role=NULL;
	1523	abac_role_t *tail_role=NULL;
	1524
	1525	/* build up left side's abac role structure */
	1526	head_role=validate_head_role(headexpr);
	1527	if(head_role == NULL)
	1528	goto error;
	1529
	1530	/* build up the right side's abac role structure */
[da5afdf]	1531	abac_yy_expression_t *curr_tail = tailexpr;
[a9494ad]	1532	int intersecting=(tailexpr->next != NULL)? 1:0;
	1533	abac_role_t *curr_role = NULL;
	1534	while (curr_tail) {
[da5afdf]	1535	switch(curr_tail->type) {
	1536	case e_yy_EXPR_NAMED:
[a9494ad]	1537	curr_role=validate_named_tail_role(curr_tail);
	1538	break;
[da5afdf]	1539	case e_yy_EXPR_ROLE:
[a9494ad]	1540	curr_role=validate_role_tail_role(curr_tail);
	1541	break;
[da5afdf]	1542	case e_yy_EXPR_LINKED:
[a9494ad]	1543	curr_role=validate_linked_tail_role(curr_tail);
	1544	break;
	1545	}
	1546	if(curr_role==NULL)
	1547	goto error;
	1548
	1549	/* check if first one */
	1550	if(tail_role==NULL) {
	1551	if(intersecting)
	1552	tail_role=validate_intersected_tail_role(curr_role);
	1553	else
	1554	tail_role=curr_role;
	1555	} else {
	1556	abac_role_add_intersecting_role(tail_role,curr_role);
	1557	}
	1558	curr_tail=curr_tail->next;
	1559	} /* while */
	1560
[da5afdf]	1561	/* collect up type clauses, constraint clases and
	1562	generate the final rule clauses */
	1563	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
[a9494ad]	1564	if(tmp == NULL)
	1565	goto error;
	1566
	1567	if(debug) {
[da5afdf]	1568	abac_print_role_string_with_condition(head_role,NULL);
	1569	abac_print_role_string_with_condition(tail_role,NULL);
[a9494ad]	1570	}
	1571
[da5afdf]	1572	_free_yy_expression(headexpr);
	1573	_free_yy_expression(tailexpr);
[b5a3da4]	1574	abac_rule_head_role=head_role;
	1575	abac_rule_tail_role=tail_role;
	1576	abac_rule_is_oset=0;
[a9494ad]	1577	return tmp;
	1578
	1579	error:
[da5afdf]	1580	_free_yy_expression(headexpr);
	1581	_free_yy_expression(tailexpr);
[a9494ad]	1582	if(head_role)
	1583	abac_role_free(head_role);
	1584	if(tail_role)
	1585	abac_role_free(tail_role);
	1586	return NULL;
	1587	}
[da5afdf]	1588
	1589
[b5a3da4]	1590	/************************************************************************/
	1591	void abac_yy_init()
	1592	{
	1593	abac_yyinit();
	1594	abac_yy_init_rule_id_clauses();
	1595	abac_yy_init_yy_id_certs();
	1596	abac_yy_init_yy_constraints();
	1597	}
	1598
	1599

Note: See TracBrowser for help on using the repository browser.

Download in other formats: