Context Navigation

source: libabac/abac_pl_yy.c @ 9335cfa

mei_rt2mei_rt2_fix_1

Last change on this file since 9335cfa was 9335cfa, checked in by Mei <mei@…>, 12 years ago
1) add handling of 'this' data term for the principal type 2) add payraise_rt1_typed example 3) expand more test cases for python/swig/libabac
Property mode set to `100644`
File size: 44.3 KB

Rev	Line
[a9494ad]	1
	2	/* C declarations */
	3	#include <stdio.h>
	4	#include <string.h>
	5	#include <stdlib.h>
[da5afdf]	6	#include <assert.h>
[a9494ad]	7
	8	#include "abac_util.h"
	9	#include "abac_pl_yy.h"
	10
	11	static int debug=0;
	12
[9335cfa]	13	int using_this=0;
	14
[b5a3da4]	15	extern void panic(char*);
	16
	17	/* from abac_pl_gen.c */
[d5bbd3e]	18	extern char generate_pl_range_constraint(char ,char ,char ,char *);
[7b548fa]	19	extern char generate_pl_range_time_constraint(char ,char ,char );
[b5a3da4]	20	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
[da5afdf]	21	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
	22	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
[0d0c3a9]	23	extern char* generate_pl_role_constraint_clause(abac_role_t , char );
[a9494ad]	24	extern char generate_pl_type_clause(char , int);
[de22a7e]	25	/* from abac_pl_yap.c */
[7b548fa]	26	extern char abac_pl_add_range_constraint_clause(char var,
[de22a7e]	27	char *tmplist);
[b5a3da4]	28	/* from rt2.y */
	29	extern void abac_yyinit();
[a9494ad]	30
[b5a3da4]	31	int abac_yy_error_code = 0; /* keeping last error code */
[a9494ad]	32
[b5a3da4]	33	int abac_rule_is_oset=0;
	34	abac_list_t *abac_rule_clauses=NULL;
	35	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
	36	abac_role_t *abac_rule_head_role=NULL;
	37	abac_role_t *abac_rule_tail_role=NULL;
	38	abac_oset_t *abac_rule_head_oset=NULL;
	39	abac_oset_t *abac_rule_tail_oset=NULL;
[da5afdf]	40
	41	/* to track id certs within a rule clause */
[a9494ad]	42	typedef struct _abac_yy_id_cert_t {
	43	char *principalname;
	44	int type; /* keyidtype */
	45	char *clause;
	46	} abac_yy_id_cert_t;
	47	abac_list_t *abac_yy_id_certs = NULL;
	48
[da5afdf]	49	/* structure to hold the range information
	50	within a static constraints on few types of
	51	oset types
	52	[a..b], [a..], [..b], [a],[a,b],[many a]
	53	e_yy_RANGE_MIN=1;
	54	e_yy_RANGE_MAX=2;
	55	e_yy_RANGE_TARGET=3;
	56	*/
	57	typedef struct _abac_yy_range_t {
	58	int type;
	59	char *val;
	60	} abac_yy_range_t;
	61
	62	/* to track role/oset constraint clauses used within a rule clause,
[d5bbd3e]	63	collect them up in one place, these are for conjunction clauses */
[da5afdf]	64	typedef struct _abac_yy_constraint_t {
	65	char *clause;
	66	} abac_yy_constraint_t;
	67	abac_list_t *abac_yy_constraints = NULL;
	68
[a9494ad]	69	/* local principal structure [keyid:USC] */
	70	struct _abac_yy_principal_t {
	71	int type;
[da5afdf]	72	char *sha; // sha is null when this is of object type
	73	char *cn;
[a9494ad]	74	};
	75
[da5afdf]	76	/* [principal:?Z]:..., must match a principal name */
	77	struct _abac_yy_term_principal_t {
[a9494ad]	78	int type; /* this needs to be implicitly determined */
[9806e76]	79	int is_anonymous;
[a9494ad]	80	char *name;
[b5a3da4]	81	char *cond_str;
	82	void *cond_ptr; // ptr to a saved abac_role_t
[da5afdf]	83	abac_yy_expression_t *cond_head_expr;
[a9494ad]	84	};
	85
[b5a3da4]	86	/* integer,float,time,urn,string types,
	87	if has condition, then it is a variable,
[a9494ad]	88	ie,
	89	[int:?Year]:<1930..1932>,
	90	if no condition, then it is a constant,
	91	ie,
	92	[int:10]
	93	*/
[da5afdf]	94	struct _abac_yy_term_data_t {
[a9494ad]	95	int is_variable;
[9806e76]	96	int is_anonymous;
[a9494ad]	97	int type;
	98	char *name;
[b5a3da4]	99	char *cond_str;
	100	void *cond_ptr; // ptr to a saved abac_oset_t
[da5afdf]	101	abac_list_t *cond_range;
	102	abac_yy_expression_t *cond_head_expr; // parking stub
[a9494ad]	103	};
	104
[da5afdf]	105	/* local term structure, will distinguish it in the future */
	106	/* e_yy_DTERM_DATA, all other types
	107	e_yy_DTERM_NAMED, keyid:bob
	108	e_yy_DTERM_PRINCIPAL, principal:?P
	109	e_yy_DTERM_ANONYMOUS ? */
	110	struct _abac_yy_term_t {
[a9494ad]	111	union {
	112	abac_yy_principal_t *n_ptr;
[da5afdf]	113	abac_yy_term_principal_t *p_ptr;
	114	abac_yy_term_data_t *d_ptr;
[a9494ad]	115	} term;
	116	int type;
[da5afdf]	117	struct _abac_yy_term_t *next;
	118	int bcnt; /* this is to track number of terms in this linked up list */
[a9494ad]	119	};
	120
	121	/* local role structure */
	122	struct _abac_yy_role_t {
	123	int type;
	124	char *name;
[da5afdf]	125	abac_yy_term_t *terms;
[a9494ad]	126	struct _abac_yy_role_t *next;
	127	int bcnt; /* this is to track number of roles in this linked up list */
	128	};
	129
[da5afdf]	130	/* local oset structure */
	131	struct _abac_yy_oset_t {
	132	int type;
	133	char *name;
	134	abac_yy_term_t *terms;
	135	struct _abac_yy_oset_t *next;
	136	int bcnt; /* this is to track number of oset in this linked up list */
	137	};
	138
	139	/* A, A.r, A.r.r */
	140	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
	141	/* A/obj, A.o, A.r.o */
	142	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
	143	struct _abac_yy_expression_t {
	144	int type;
	145	union {
	146	abac_yy_principal_t *principal;
	147	abac_yy_term_data_t *object;
	148	};
[a9494ad]	149	abac_yy_role_t *linked_role;
[da5afdf]	150	union {
	151	abac_yy_role_t *role;
	152	abac_yy_oset_t *oset;
	153	};
	154	struct _abac_yy_expression_t *next;
[a9494ad]	155	int bcnt;
	156	};
[b5a3da4]	157
	158	static void _free_yy_expression(abac_yy_expression_t *);
	159
	160	/************************************************************************/
	161	void abac_yy_set_error_code(int v)
	162	{
	163	abac_yy_error_code=v;
	164	}
	165
	166	/************************************************************************/
	167	abac_stack_t *abac_yy_get_rule_id_clauses()
	168	{
	169	return abac_rule_id_clauses;
	170	}
	171
	172	abac_stack_t *abac_yy_init_rule_id_clauses()
	173	{
	174	abac_rule_id_clauses=abac_stack_new();
	175	return abac_rule_id_clauses;
	176	}
	177
	178	void abac_yy_free_rule_id_clauses()
	179	{
	180	if (abac_rule_id_clauses != NULL)
	181	abac_stack_free(abac_rule_id_clauses);
	182	}
	183
	184	void abac_yy_set_rule_clauses(abac_list_t *clauses)
	185	{
	186	abac_rule_clauses=clauses;
	187	if(debug) {
	188	printf("printing out abac_rule_clauses:\n");
	189	abac_print_clauses(abac_rule_clauses,NULL);
	190	}
	191	}
	192
	193	abac_list_t *abac_yy_get_rule_clauses()
	194	{
	195	return abac_rule_clauses;
	196	}
	197
	198	void abac_yy_free_rule_clauses()
	199	{
	200	if (abac_rule_clauses != NULL) {
	201	char *cur;
[7727f26]	202	if(abac_yy_id_certs) {
	203	abac_list_foreach(abac_yy_id_certs, cur,
	204	if(cur) free(cur);
	205	);
	206	}
[b5a3da4]	207	abac_list_free(abac_rule_clauses);
	208	}
	209	}
	210
	211	int abac_yy_get_rule_is_oset()
	212	{
	213	return abac_rule_is_oset;
	214	}
	215
	216	abac_role_t *abac_yy_get_rule_head_role()
	217	{
	218	return abac_rule_head_role;
	219	}
	220
	221	abac_role_t *abac_yy_get_rule_tail_role()
	222	{
	223	return abac_rule_tail_role;
	224	}
	225
	226	abac_oset_t *abac_yy_get_rule_head_oset()
	227	{
	228	return abac_rule_head_oset;
	229	}
	230
	231	abac_oset_t *abac_yy_get_rule_tail_oset()
	232	{
	233	return abac_rule_tail_oset;
	234	}
	235
[da5afdf]	236
	237	/************************************************************************/
[b5a3da4]	238	void abac_yy_init_yy_id_certs()
	239	{
	240	abac_yy_id_certs = abac_list_new();
	241	}
	242
	243	void abac_yy_free_yy_id_certs()
	244	{
	245	abac_yy_id_cert_t *id;
	246	abac_list_foreach(abac_yy_id_certs, id,
	247	if(id)
	248	free(id->principalname);
	249	free(id->clause);
	250	free(id);
	251	);
	252	abac_list_free(abac_yy_id_certs);
	253	abac_yy_id_certs = NULL;
	254	}
	255
	256	int abac_yy_cnt_yy_id_certs()
	257	{
	258	return abac_list_size(abac_yy_id_certs);
	259	}
	260
	261	char *abac_yy_string_yy_id_certs()
	262	{
	263	int first=1;
	264	char *tmp=NULL;
	265	abac_yy_id_cert_t *cur;
	266	abac_list_foreach(abac_yy_id_certs, cur,
	267	if(cur)
	268	if(first) {
	269	tmp=abac_xstrdup(cur->clause);
	270	first=0;
	271	} else {
	272	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
	273	}
	274	);
	275	return tmp;
	276	}
	277
	278	static void _add_yy_id_certs(char *principalname, int type)
	279	{
	280	abac_yy_id_cert_t *id_cert=NULL;
	281
	282	int found=0;
	283	abac_yy_id_cert_t *cur;
	284	abac_list_foreach(abac_yy_id_certs, cur,
	285	if(cur)
	286	if(strcmp(cur->principalname,principalname)==0) {
	287	found=1;
	288	break;
	289	}
	290	);
	291
	292	if (found) {
	293	return;
	294	} else {
	295	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
	296	id_cert->principalname=abac_xstrdup(principalname);
	297	id_cert->type=type;
	298	id_cert->clause=generate_pl_type_clause(principalname,type);
	299	abac_list_add(abac_yy_id_certs, id_cert);
[7727f26]	300	if(debug) printf(" -> adding yy id certs %s\n", principalname);
[b5a3da4]	301	}
	302	}
	303
	304	/***********************************************************************/
	305	static void _free_yy_cond_range(abac_list_t *ptr)
[da5afdf]	306	{
	307	if (ptr != NULL) {
	308	abac_yy_range_t *cur;
	309	abac_list_foreach(ptr, cur,
	310	if(cur && cur->val) free(cur->val);
	311	free(cur);
	312	);
	313	abac_list_free(ptr);
	314	}
	315	}
	316
[b5a3da4]	317	static char _string_yy_cond_range(abac_list_t ptr)
[da5afdf]	318	{
	319	assert(ptr);
	320	char *tmp=NULL;
	321	char *min=NULL;
	322	char *max=NULL;
	323	char *val=NULL;
	324	int type;
[a9494ad]	325
[da5afdf]	326	abac_yy_range_t *cur;
	327	abac_list_foreach(ptr, cur,
	328	type=cur->type;
	329	switch (type) {
	330	case e_yy_RANGE_MIN:
	331	min=strdup(cur->val);
	332	break;
	333	case e_yy_RANGE_MAX:
	334	max=strdup(cur->val);
	335	break;
	336	case e_yy_RANGE_TARGET:
	337	if(val)
	338	asprintf(&val,"%s,%s",val,cur->val);
	339	else val=strdup(cur->val);
	340	break;
	341	}
	342	);
	343	if(max && min) {
	344	asprintf(&tmp,"[%s..%s]",min,max);
	345	free(max);
	346	free(min);
	347	return tmp;
	348	}
	349	if(max) {
	350	asprintf(&tmp,"[..%s]",max);
	351	free(max);
	352	return tmp;
	353	}
	354	if(min) {
	355	asprintf(&tmp,"[%s..]",min);
	356	free(min);
	357	return tmp;
	358	}
	359	if(val) {
	360	asprintf(&tmp,"[%s]",val);
	361	free(val);
	362	return tmp;
	363	}
	364	return NULL;
	365	}
	366
[b5a3da4]	367	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
[da5afdf]	368	{
	369	abac_yy_range_t *range=
	370	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
	371	range->type=e_yy_RANGE_TARGET;
	372	range->val=strdup(val);
	373	abac_list_add(ptr, range);
	374	return ptr;
	375	}
	376
[b5a3da4]	377	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
[da5afdf]	378	{
	379	abac_yy_range_t *range=
	380	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
	381	range->type=type;
	382	range->val=strdup(val);
	383	abac_list_add(ptr, range);
	384	return ptr;
	385	}
	386
	387	abac_list_t make_yy_val_range(char val)
	388	{
	389	abac_list_t *ptr=abac_list_new();
[b5a3da4]	390	add_yy_val_range(ptr,val);
[da5afdf]	391	return ptr;
	392	}
	393
	394	abac_list_t make_yy_minmax_range(char min, char *max)
	395	{
	396	abac_list_t *ptr=abac_list_new();
[b5a3da4]	397	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
	398	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
[da5afdf]	399	return ptr;
	400	}
	401
	402	abac_list_t make_yy_min_range(char min)
	403	{
	404	abac_list_t *ptr=abac_list_new();
[b5a3da4]	405	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
[da5afdf]	406	return ptr;
	407	}
	408
	409	abac_list_t make_yy_max_range(char max)
	410	{
	411	abac_list_t *ptr=abac_list_new();
[b5a3da4]	412	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
[da5afdf]	413	return ptr;
	414	}
[a9494ad]	415
[b5a3da4]	416	/***********************************************************************/
[9806e76]	417	abac_yy_term_data_t *make_yy_term_data()
[a9494ad]	418	{
[b5a3da4]	419	abac_yy_term_data_t *ptr=
	420	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
[9806e76]	421	ptr->name=NULL;
[b5a3da4]	422	ptr->type=0;
	423	ptr->is_variable=0;
[9806e76]	424	ptr->is_anonymous=0;
[b5a3da4]	425	ptr->cond_str=NULL;
	426	ptr->cond_head_expr=NULL;
	427	ptr->cond_ptr=NULL;
	428	ptr->cond_range=NULL;
	429	return ptr;
[a9494ad]	430	}
	431
[9806e76]	432	void set_yy_term_data_name(abac_yy_term_data_t ptr, char name)
	433	{
	434	ptr->name=strdup(name);
	435	}
	436
[b5a3da4]	437	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
[a9494ad]	438	{
[b5a3da4]	439	return ptr->cond_range;
[a9494ad]	440	}
	441
[b5a3da4]	442	char get_yy_term_data_name(abac_yy_term_data_t ptr)
[a9494ad]	443	{
[b5a3da4]	444	return ptr->name;
[a9494ad]	445	}
	446
[b5a3da4]	447	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
[a9494ad]	448	{
[b5a3da4]	449	if(ptr->cond_head_expr != NULL)
	450	return 1;
[c586a3c]	451	if(ptr->cond_range != NULL)
[b5a3da4]	452	return 1;
	453	return 0;
[a9494ad]	454	}
	455
[b5a3da4]	456	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
	457	abac_list_t *range)
[a9494ad]	458	{
[b5a3da4]	459	ptr->cond_range=range;
[a9494ad]	460	}
	461
[b5a3da4]	462	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
	463	abac_yy_expression_t *expr)
[a9494ad]	464	{
[b5a3da4]	465	ptr->cond_head_expr=expr;
[a9494ad]	466	}
	467
[b5a3da4]	468	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
[da5afdf]	469	{
[b5a3da4]	470	return ptr->cond_head_expr;
[da5afdf]	471	}
	472
[b5a3da4]	473	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
[a9494ad]	474	{
[b5a3da4]	475	int type=abac_term_verify_term_type(typestr);
	476	ptr->type=type;
[a9494ad]	477	}
	478
[9806e76]	479	void set_yy_term_data_is_anonymous(abac_yy_term_data_t *ptr)
	480	{
	481	ptr->is_anonymous=1;
	482	}
	483
[d5bbd3e]	484	int is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
	485	{
	486	if(ptr->type==abac_term_verify_term_type("integer") \|\|
	487	ptr->type==abac_term_verify_term_type("float"))
	488	return 1;
	489	return 0;
	490	}
	491
[7b548fa]	492	int is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
	493	{
	494	if(ptr->type==abac_term_verify_term_type("time"))
	495	return 1;
	496	return 0;
	497	}
	498
[d5bbd3e]	499	int is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
	500	{
	501	if(ptr->type==abac_term_verify_term_type("string") \|\|
[4b8e1c9]	502	ptr->type==abac_term_verify_term_type("urn") \|\|
	503	ptr->type==abac_term_verify_term_type("boolean"))
[d5bbd3e]	504	return 1;
	505	return 0;
	506	}
	507
[b5a3da4]	508	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
[a9494ad]	509	{
[b5a3da4]	510	ptr->cond_ptr=vptr;
[a9494ad]	511	}
	512
[b5a3da4]	513	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
[da5afdf]	514	{
[b5a3da4]	515	ptr->cond_str=strdup(cond);
[da5afdf]	516	}
	517
[b5a3da4]	518	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
[da5afdf]	519	{
[b5a3da4]	520	ptr->is_variable=1;
[da5afdf]	521	}
	522
[b5a3da4]	523	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
[a9494ad]	524	{
[b5a3da4]	525	return ptr->is_variable;
[a9494ad]	526	}
	527
[b5a3da4]	528	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
[a9494ad]	529	{
[b5a3da4]	530	free(ptr->name);
	531	if(ptr->cond_str)
	532	free(ptr->cond_str);
	533	if(ptr->cond_head_expr)
	534	_free_yy_expression(ptr->cond_head_expr);
	535	if(ptr->cond_range);
	536	_free_yy_cond_range(ptr->cond_range);
	537	free(ptr);
[a9494ad]	538	}
	539
[9806e76]	540	abac_yy_term_principal_t *make_yy_term_principal()
[a9494ad]	541	{
[b5a3da4]	542	abac_yy_term_principal_t *ptr=
	543	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
[d845403]	544	ptr->type=0;/* this is not known */
[9806e76]	545	ptr->is_anonymous=0;
	546	ptr->name=NULL;
[b5a3da4]	547	ptr->cond_str=NULL;
	548	ptr->cond_head_expr=NULL;
	549	return ptr;
[a9494ad]	550	}
	551
[9335cfa]	552	static void _set_using_this()
	553	{
	554	using_this=1;
	555	}
	556
[9806e76]	557	void set_yy_term_principal_name(abac_yy_term_principal_t ptr, char name)
	558	{
[9335cfa]	559	/* handle special case when the name=this, change it to This */
	560	if(strcmp(name,"this")==0) {
	561	ptr->name=abac_xstrdup("This");
	562	_set_using_this();
	563	} else ptr->name=abac_xstrdup(name);
[9806e76]	564	}
	565
[b5a3da4]	566	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
[a9494ad]	567	{
[b5a3da4]	568	ptr->cond_ptr=vptr;
[a9494ad]	569	}
	570
[b5a3da4]	571	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
[a9494ad]	572	{
[b5a3da4]	573	ptr->cond_str=abac_xstrdup(cond);
[a9494ad]	574	}
	575
[9806e76]	576	void set_yy_term_principal_is_anonymous(abac_yy_term_principal_t *ptr)
	577	{
	578	ptr->is_anonymous=1;
	579	}
	580
[b5a3da4]	581	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
[da5afdf]	582	{
[b5a3da4]	583	return ptr->cond_head_expr;
[da5afdf]	584	}
	585
[b5a3da4]	586	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
	587	abac_yy_expression_t *expr)
[da5afdf]	588	{
[b5a3da4]	589	ptr->cond_head_expr=expr;
[da5afdf]	590	}
	591
[b5a3da4]	592	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
[da5afdf]	593	{
[b5a3da4]	594	free(ptr->name);
	595	if(ptr->cond_str)
	596	free(ptr->cond_str);
	597	if(ptr->cond_head_expr)
	598	_free_yy_expression(ptr->cond_head_expr);
	599	free(ptr);
[da5afdf]	600	}
	601
[b5a3da4]	602	abac_yy_term_t *make_yy_term_dterm_anonymous()
[da5afdf]	603	{
[b5a3da4]	604	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	605	ptr->type = e_yy_DTERM_ANONYMOUS;
	606	ptr->next=NULL;
	607	ptr->bcnt=1;
	608	return ptr;
[da5afdf]	609	}
	610
[b5a3da4]	611	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
[da5afdf]	612	{
[b5a3da4]	613	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
[9806e76]	614	if(pptr->is_anonymous)
	615	ptr->type = e_yy_DTERM_ANONYMOUS;
	616	else ptr->type = e_yy_DTERM_PRINCIPAL;
[b5a3da4]	617	ptr->term.p_ptr=pptr;
	618	ptr->next=NULL;
	619	ptr->bcnt=1;
	620	return ptr;
	621	}
	622
	623	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
	624	{
	625	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	626	ptr->type = e_yy_DTERM_NAMED;
	627	ptr->term.n_ptr=nptr;
	628	ptr->next=NULL;
	629	ptr->bcnt=1;
	630	return ptr;
	631	}
	632
	633	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
	634	{
	635	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
[9806e76]	636
	637	if(dptr->is_anonymous)
	638	ptr->type = e_yy_DTERM_ANONYMOUS;
	639	else ptr->type = e_yy_DTERM_DATA;
[b5a3da4]	640	ptr->term.d_ptr=dptr;
	641	ptr->next=NULL;
	642	ptr->bcnt=1;
	643	return ptr;
	644	}
	645
	646	/************************************************************************/
	647	void abac_yy_init_yy_constraints()
	648	{
	649	abac_yy_constraints = abac_list_new();
	650	}
	651
	652	void abac_yy_free_yy_constraints()
	653	{
	654	abac_yy_constraint_t *cur;
	655	abac_list_foreach(abac_yy_constraints, cur,
	656	if(cur && cur->clause)
	657	free(cur->clause);
	658	free(cur);
	659	);
	660	abac_list_free(abac_yy_constraints);
	661	abac_yy_constraints=NULL;
	662	}
	663
	664	int abac_yy_cnt_yy_constraints()
	665	{
	666	return abac_list_size(abac_yy_constraints);
	667	}
	668
	669	char *abac_yy_string_yy_constraints()
	670	{
	671	int first=1;
	672	char *tmp=NULL;
	673	abac_yy_constraint_t *cur;
	674	abac_list_foreach(abac_yy_constraints, cur,
	675	if(cur && cur->clause)
	676	if(first) {
	677	tmp=abac_xstrdup(cur->clause);
	678	first=0;
	679	} else {
	680	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
	681	}
	682	);
	683	return tmp;
	684	}
	685
	686	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
	687	{
	688	abac_yy_constraint_t *ptr=
	689	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
	690	ptr->clause=strdup(constraint);
	691	abac_list_add(abac_yy_constraints, ptr);
[da5afdf]	692	return ptr;
	693	}
	694
[a9494ad]	695	/****************************************************************************/
	696	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
	697	{
	698	abac_yy_principal_t *ptr=
	699	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
[7727f26]	700	/* add p to yyparse's principal */
	701	if(sha) ptr->sha=abac_xstrdup(sha);
	702	else ptr->sha=NULL;
	703	if(cn) ptr->cn=abac_xstrdup(cn);
	704	else ptr->cn=NULL;
[a9494ad]	705	ptr->type=type;
	706	return ptr;
	707	}
	708
	709	static void _free_yy_principal(abac_yy_principal_t *ptr)
	710	{
[7727f26]	711	if(ptr->sha) free(ptr->sha);
	712	if(ptr->cn) free(ptr->cn);
[a9494ad]	713	free(ptr);
	714	}
	715
[da5afdf]	716	int get_yy_principal_type(abac_yy_principal_t *ptr)
	717	{
	718	return ptr->type;
	719	}
	720
[7727f26]	721	char get_yy_principal_name(abac_yy_principal_t ptr)
[da5afdf]	722	{
[7727f26]	723	if(USE("ABAC_CN") && ptr->cn)
	724	return ptr->cn;
[da5afdf]	725	return ptr->sha;
	726	}
	727
[7727f26]	728	char get_yy_principal_cn(abac_yy_principal_t ptr)
	729	{
	730	return ptr->cn;
	731	}
	732
	733	char get_yy_principal_sha(abac_yy_principal_t ptr)
	734	{
	735	return ptr->sha;
	736	}
	737
[b5a3da4]	738	/*************************************************************************/
	739
	740	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
	741	{
	742	int i=terms->bcnt;
	743	nterm->next=terms;
	744	nterm->bcnt=i+1;
	745	return nterm;
	746	}
	747
	748	static void _free_yy_term(abac_yy_term_t *ptr)
	749	{
	750	switch (ptr->type) {
	751	case e_yy_DTERM_DATA:
	752	_free_yy_term_data(ptr->term.d_ptr);
	753	break;
	754	case e_yy_DTERM_NAMED:
	755	_free_yy_principal(ptr->term.n_ptr);
	756	break;
	757	case e_yy_DTERM_PRINCIPAL:
	758	_free_yy_term_principal(ptr->term.p_ptr);
	759	break;
	760	case e_yy_DTERM_ANONYMOUS:
	761	break;
	762	}
	763	if(ptr->next)
	764	_free_yy_term(ptr->next);
	765	free(ptr);
	766	}
	767
	768	/*************************************************************************/
	769
[da5afdf]	770	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
[a9494ad]	771	{
	772	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
	773	ptr->name=abac_xstrdup(name);
[da5afdf]	774	ptr->terms=terms;
[a9494ad]	775	ptr->next=NULL;
	776	ptr->bcnt=1;
	777	return ptr;
	778	}
	779
	780	static void _free_yy_role(abac_yy_role_t *ptr)
	781	{
	782	free(ptr->name);
[da5afdf]	783	if(ptr->terms)
	784	_free_yy_term(ptr->terms);
[a9494ad]	785	if(ptr->next)
	786	_free_yy_role(ptr->next);
	787	free(ptr);
	788	}
	789
[b5a3da4]	790	/***************************************************************************/
	791	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
	792	{
	793	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
	794	ptr->name=abac_xstrdup(name);
	795	ptr->terms=terms;
	796	ptr->next=NULL;
	797	ptr->bcnt=1;
	798	return ptr;
	799	}
	800
	801	static void _free_yy_oset(abac_yy_oset_t *ptr)
	802	{
	803	free(ptr->name);
	804	if(ptr->terms)
	805	_free_yy_term(ptr->terms);
	806	if(ptr->next)
	807	_free_yy_oset(ptr->next);
	808	free(ptr);
	809	}
	810	/***************************************************************************/
	811
[da5afdf]	812	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
	813
	814	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
[a9494ad]	815	{
[da5afdf]	816	abac_yy_expression_t *ptr=
	817	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
	818	ptr->type = type;
	819	if(type == e_yy_EXPR_OBJECT) {
	820	ptr->object=(abac_yy_term_data_t *)pptr;
	821	} else {
	822	ptr->principal = (abac_yy_principal_t *)pptr;
	823	}
	824	if(type == e_yy_EXPR_OSET)
	825	ptr->oset = (abac_yy_oset_t *) optr;
	826	else
	827	ptr->role = (abac_yy_role_t *) optr;
[a9494ad]	828	ptr->linked_role=linked_role;
	829	ptr->next=NULL;
	830
	831	return ptr;
	832	}
	833
[da5afdf]	834	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
	835	{
	836	if(ptr->type == e_yy_EXPR_OBJECT)
	837	return ptr->object;
	838	return NULL;
	839	}
	840
	841	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
	842	abac_yy_expression_t *exprs)
[a9494ad]	843	{
	844	int i=exprs->bcnt;
	845	nexpr->next=exprs;
	846	nexpr->bcnt=i+1;
	847	return nexpr;
	848	}
	849
[da5afdf]	850	static void _free_yy_expression(abac_yy_expression_t *ptr)
[a9494ad]	851	{
[da5afdf]	852	if(ptr->type == e_yy_EXPR_OBJECT) {
	853	if(ptr->object)
	854	_free_yy_term_data(ptr->object);
	855	} else {
	856	if(ptr->principal)
	857	_free_yy_principal(ptr->principal);
	858	}
	859	if(ptr->type == e_yy_EXPR_OSET) {
	860	if(ptr->oset)
	861	_free_yy_oset(ptr->oset);
	862	} else {
	863	if(ptr->role)
	864	_free_yy_role(ptr->role);
	865	}
[a9494ad]	866	if(ptr->linked_role)
	867	_free_yy_role(ptr->linked_role);
	868	if(ptr->next)
[da5afdf]	869	_free_yy_expression(ptr->next);
[a9494ad]	870
	871	free(ptr);
	872	}
	873
[b5a3da4]	874	/***************************************************************************/
[da5afdf]	875	static void _oset_add_terms(int linked, abac_oset_t *oset,
	876	abac_yy_term_t *terms)
	877	{
	878	abac_yy_term_t *curr = terms;
	879	int type;
[7727f26]	880
[da5afdf]	881	while (curr) {
[7727f26]	882	char *name=NULL;
	883	char *cond=NULL;
	884	void *ptr=NULL;
[da5afdf]	885	switch (curr->type) {
	886	case e_yy_DTERM_DATA:
	887	{
	888	abac_yy_term_data_t *ptr=curr->term.d_ptr;
	889	type=ptr->type;
	890	name=abac_xstrdup(ptr->name);
[7727f26]	891	if(ptr->cond_str)
	892	cond=abac_xstrdup(ptr->cond_str);
	893	else cond=NULL;
[b5a3da4]	894	ptr=ptr->cond_ptr;
[da5afdf]	895	break;
	896	}
	897	case e_yy_DTERM_PRINCIPAL:
	898	{
	899	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
[b5a3da4]	900	type=abac_term_verify_term_type("principal");
[da5afdf]	901	name=abac_xstrdup(ptr->name);
[7727f26]	902	if(ptr->cond_str)
	903	cond=abac_xstrdup(ptr->cond_str);
	904	else cond=NULL;
[b5a3da4]	905	ptr=ptr->cond_ptr;
[da5afdf]	906	break;
	907	}
	908	case e_yy_DTERM_NAMED:
	909	{
	910	abac_yy_principal_t *ptr=curr->term.n_ptr;
	911	type=ptr->type;
[7727f26]	912	name=abac_xstrdup(get_yy_principal_name(ptr));
[da5afdf]	913	cond=NULL;
	914	ptr=NULL;
	915	break;
	916	}
	917	case e_yy_DTERM_ANONYMOUS:
	918	{
	919	type=0;
	920	name=abac_xstrdup("_");
	921	cond=NULL;
	922	ptr=NULL;
	923	break;
	924	}
	925	}
	926
	927	abac_term_t *param=abac_term_new(type,name,cond,ptr);
	928	if (linked)
	929	abac_oset_oset_add_linked_param(oset, param);
	930	else
	931	abac_oset_oset_add_param(oset, param);
	932	curr=curr->next;
	933	}
	934	}
	935
	936	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
	937	{
	938	int linked=1;
	939	_oset_add_terms(linked, oset, terms);
	940	}
	941
	942	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
	943	{
	944	int linked=0;
	945	_oset_add_terms(linked, oset, terms);
	946	}
	947
	948
	949	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
	950	{
	951	abac_oset_t *ret_oset=NULL;
	952	abac_list_t *prereqs = abac_list_new();
	953	abac_list_add(prereqs, oset);
	954	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
	955	return ret_oset;
	956	}
	957
	958	/* A.oset */
	959	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
	960	{
	961	abac_yy_principal_t *principal=expr->principal;
	962	abac_yy_oset_t *oset=expr->oset;
	963
[7727f26]	964	char *principalname=get_yy_principal_sha(principal);
	965	char *othername=get_yy_principal_name(principal);
[da5afdf]	966	char *osetname=oset->name;
	967	abac_yy_term_t *terms=oset->terms;
	968
	969	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
	970	if (ret_oset==NULL) {
[b5a3da4]	971	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
[da5afdf]	972	goto error;
	973	}
	974	if (!abac_oset_is_oset(ret_oset)) {
[b5a3da4]	975	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
[da5afdf]	976	goto error;
	977	}
	978	// insert the params for the oset
	979	if(terms) {
	980	_oset_add_oset_terms(ret_oset, terms);
	981	}
[7727f26]	982
	983	_add_yy_id_certs(othername,get_yy_principal_type(principal));
[da5afdf]	984
	985	return ret_oset;
	986
	987	error:
	988	return NULL;
	989	}
	990
	991	/* B */
	992	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
	993	{
	994	abac_yy_principal_t *principal=expr->principal;
[7727f26]	995	char *principalname=get_yy_principal_sha(principal);
	996	char *othername=get_yy_principal_name(principal);
[da5afdf]	997	abac_oset_t *ret_oset=NULL;
	998
	999	ret_oset = abac_oset_principal_new(principalname);
	1000
[7727f26]	1001	_add_yy_id_certs(othername,get_yy_principal_type(principal));
[da5afdf]	1002
	1003	if (ret_oset==NULL)
	1004	goto error;
	1005	return ret_oset;
	1006
	1007	error:
	1008	panic("can not generate a simple named tail oset");
	1009	return NULL;
	1010	}
	1011
	1012
	1013	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
	1014	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
	1015	{
	1016	abac_yy_term_data_t *object=get_yy_expression_object(expr);
	1017	assert(object != NULL);
	1018
	1019	char *name=object->name;
	1020	int type=object->type;
[b5a3da4]	1021	char *cond=object->cond_str;
	1022	void *ptr=object->cond_ptr;
[da5afdf]	1023	abac_term_t *term=abac_term_new(type,name,cond,ptr);
	1024	abac_oset_t *ret_oset=abac_oset_object_new(term);
	1025
	1026	if(get_yy_term_data_is_variable(object))
	1027	_add_yy_id_certs(name,type);
	1028
	1029	if (ret_oset==NULL)
	1030	goto error;
	1031	return ret_oset;
	1032
	1033	error:
	1034	panic("can not generate a simple object tail oset");
	1035	return NULL;
	1036	}
	1037
	1038
	1039	/* B.oset */
	1040	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
	1041	{
	1042	abac_yy_principal_t *principal=expr->principal;
	1043	abac_yy_oset_t *oset=expr->oset;
	1044
[7727f26]	1045	char *principalname=get_yy_principal_sha(principal);
	1046	char *othername=get_yy_principal_name(principal);
[da5afdf]	1047
	1048	char *osetname=oset->name;
	1049	abac_yy_term_t *terms=oset->terms;
	1050
	1051	int ret;
	1052	abac_oset_t *ret_oset=NULL;
	1053
	1054	ret_oset = abac_oset_oset_new(principalname, osetname);
	1055	if (ret_oset==NULL)
	1056	goto error;
	1057
	1058	if(terms) {
	1059	_oset_add_oset_terms(ret_oset, terms);
	1060	}
	1061
[7727f26]	1062	_add_yy_id_certs(othername,get_yy_principal_type(principal));
[da5afdf]	1063
	1064	return ret_oset;
	1065
	1066	error:
	1067	panic("can not generate a simple tail oset");
	1068	return NULL;
	1069	}
	1070
	1071	/* B.role.oset */
	1072	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
	1073	{
	1074	abac_yy_principal_t *principal=expr->principal;
	1075	abac_yy_oset_t *oset=expr->oset;
	1076	abac_yy_role_t *linked_role=expr->linked_role;
	1077
[7727f26]	1078	char *principalname=get_yy_principal_sha(principal);
	1079	char *othername=get_yy_principal_name(principal);
[da5afdf]	1080
	1081	char *osetname=oset->name;
	1082	abac_yy_term_t *terms=oset->terms;
	1083
	1084	char *linkedrolename=linked_role->name;
	1085	abac_yy_term_t *linked_terms=linked_role->terms;
	1086
	1087	int ret;
	1088	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
	1089	linkedrolename, osetname);
	1090	if (ret_oset==NULL)
	1091	goto error;
	1092
	1093	if(linked_terms) {
	1094	_oset_add_linked_terms(ret_oset, linked_terms);
	1095	}
	1096	if(terms) {
	1097	_oset_add_oset_terms(ret_oset, terms);
	1098	}
	1099
[7727f26]	1100	_add_yy_id_certs(othername,get_yy_principal_type(principal));
[da5afdf]	1101
	1102	return ret_oset;
	1103
	1104	error:
	1105	panic("can not generate linked tail oset");
	1106	return NULL;
	1107	}
	1108
	1109
	1110
	1111	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
	1112	abac_yy_expression_t *tailexpr)
	1113	{
	1114	abac_oset_t *head_oset=NULL;
	1115	abac_oset_t *tail_oset=NULL;
	1116
	1117	/* build up left side's abac oset structure */
	1118	head_oset=validate_head_oset(headexpr);
	1119	if(head_oset == NULL)
	1120	goto error;
	1121
	1122	/* build up the right side's abac oset structure */
	1123	abac_yy_expression_t *curr_tail = tailexpr;
	1124	int intersecting=(tailexpr->next != NULL)? 1:0;
	1125	abac_oset_t *curr_oset = NULL;
	1126	while (curr_tail) {
	1127	switch(curr_tail->type) {
	1128	case e_yy_EXPR_OBJECT:
	1129	curr_oset=validate_object_tail_oset(curr_tail);
	1130	break;
	1131	case e_yy_EXPR_NAMED:
	1132	curr_oset=validate_named_tail_oset(curr_tail);
	1133	break;
	1134	case e_yy_EXPR_OSET:
	1135	curr_oset=validate_oset_tail_oset(curr_tail);
	1136	break;
	1137	case e_yy_EXPR_LINKED:
	1138	curr_oset=validate_linked_tail_oset(curr_tail);
	1139	break;
	1140	}
	1141	if(curr_oset==NULL)
	1142	goto error;
	1143
	1144	/* check if first one */
	1145	if(tail_oset==NULL) {
	1146	if(intersecting)
	1147	tail_oset=validate_intersected_tail_oset(curr_oset);
	1148	else
	1149	tail_oset=curr_oset;
	1150	} else {
	1151	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
	1152	}
	1153	curr_tail=curr_tail->next;
	1154	} /* while */
	1155
	1156	/* XXX collect up type clauses, constraint clauses and
	1157	generate rule clauses */
	1158	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
	1159	if(tmp == NULL)
	1160	goto error;
	1161
	1162	if(debug) {
	1163	abac_print_oset_string_with_condition(head_oset,NULL);
[7727f26]	1164	printf("\n");
[da5afdf]	1165	abac_print_oset_string_with_condition(tail_oset,NULL);
[7727f26]	1166	printf("\n");
[da5afdf]	1167	}
	1168
	1169	_free_yy_expression(headexpr);
	1170	_free_yy_expression(tailexpr);
[b5a3da4]	1171	abac_rule_head_oset=head_oset;
	1172	abac_rule_tail_oset=tail_oset;
	1173	abac_rule_is_oset=1;
[da5afdf]	1174	return tmp;
	1175
	1176	error:
	1177	_free_yy_expression(headexpr);
	1178	_free_yy_expression(tailexpr);
	1179	if(head_oset)
	1180	abac_oset_free(head_oset);
	1181	if(tail_oset)
	1182	abac_oset_free(tail_oset);
	1183	return NULL;
	1184	}
	1185
	1186	/****************************************************************/
	1187	static void _role_add_terms(int linked, abac_role_t *role,
	1188	abac_yy_term_t *terms)
[a9494ad]	1189	{
[da5afdf]	1190	abac_yy_term_t *curr = terms;
[a9494ad]	1191	int type;
	1192	while (curr) {
[7727f26]	1193	char *name=NULL;
	1194	char *cond=NULL;
	1195	void *ptr=NULL;
[a9494ad]	1196	switch (curr->type) {
[da5afdf]	1197	case e_yy_DTERM_DATA:
[a9494ad]	1198	{
[d845403]	1199	abac_yy_term_data_t *pptr=curr->term.d_ptr;
	1200	type=pptr->type;
	1201	name=abac_xstrdup(pptr->name);
[7727f26]	1202	if(pptr->cond_str)
	1203	cond=abac_xstrdup(pptr->cond_str);
[d845403]	1204	ptr=pptr->cond_ptr;
[a9494ad]	1205	break;
	1206	}
[da5afdf]	1207	case e_yy_DTERM_PRINCIPAL:
[a9494ad]	1208	{
[d845403]	1209	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
[b5a3da4]	1210	type=abac_term_verify_term_type("principal");
[d845403]	1211	name=abac_xstrdup(pptr->name);
[7727f26]	1212	if(pptr->cond_str)
	1213	cond=abac_xstrdup(pptr->cond_str);
[d845403]	1214	ptr=pptr->cond_ptr;
[a9494ad]	1215	break;
	1216	}
[da5afdf]	1217	case e_yy_DTERM_NAMED:
[a9494ad]	1218	{
[d845403]	1219	abac_yy_principal_t *pptr=curr->term.n_ptr;
	1220	type=pptr->type;
[7727f26]	1221	name=abac_xstrdup(get_yy_principal_name(pptr));
[a9494ad]	1222	cond=NULL;
[da5afdf]	1223	ptr=NULL;
[a9494ad]	1224	break;
	1225	}
[da5afdf]	1226	case e_yy_DTERM_ANONYMOUS:
[a9494ad]	1227	{
	1228	type=0;
	1229	name=abac_xstrdup("_");
	1230	cond=NULL;
[da5afdf]	1231	ptr=NULL;
[a9494ad]	1232	break;
	1233	}
	1234	}
[d845403]	1235
[da5afdf]	1236	abac_term_t *param=abac_term_new(type,name,cond,ptr);
[a9494ad]	1237	if (linked)
[da5afdf]	1238	abac_role_role_add_linked_param(role, param);
[a9494ad]	1239	else
[da5afdf]	1240	abac_role_role_add_param(role, param);
[a9494ad]	1241	curr=curr->next;
	1242	}
	1243	}
	1244
[da5afdf]	1245	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
[a9494ad]	1246	{
	1247	int linked=1;
[da5afdf]	1248	_role_add_terms(linked, role, terms);
[a9494ad]	1249	}
	1250
[da5afdf]	1251	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
[a9494ad]	1252	{
	1253	int linked=0;
[da5afdf]	1254	_role_add_terms(linked, role, terms);
[a9494ad]	1255	}
	1256
	1257
	1258	abac_role_t validate_intersected_tail_role(abac_role_t role)
	1259	{
	1260	abac_role_t *ret_role=NULL;
	1261	abac_list_t *prereqs = abac_list_new();
	1262	abac_list_add(prereqs, role);
	1263	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
	1264	return ret_role;
	1265	}
	1266
[da5afdf]	1267	abac_role_t validate_head_role(abac_yy_expression_t expr)
[a9494ad]	1268	{
	1269	abac_yy_principal_t *principal=expr->principal;
	1270	abac_yy_role_t *role=expr->role;
	1271
[7727f26]	1272	char *principalname=get_yy_principal_sha(principal);
	1273	char *othername=get_yy_principal_name(principal);
[a9494ad]	1274	char *rolename=role->name;
[da5afdf]	1275	abac_yy_term_t *terms=role->terms;
[a9494ad]	1276	abac_role_t *ret_role=NULL;
	1277
	1278	ret_role=abac_role_role_new(principalname, rolename);
	1279	if (ret_role==NULL) {
[b5a3da4]	1280	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
[a9494ad]	1281	goto error;
	1282	}
	1283	if (!abac_role_is_role(ret_role)) {
[b5a3da4]	1284	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
[a9494ad]	1285	goto error;
	1286	}
	1287	// insert the params for the role
[da5afdf]	1288	if(terms) {
	1289	_role_add_role_terms(ret_role, terms);
[a9494ad]	1290	}
	1291
[7727f26]	1292	_add_yy_id_certs(othername,get_yy_principal_type(principal));
[a9494ad]	1293
	1294	return ret_role;
	1295
	1296	error:
	1297	return NULL;
	1298	}
	1299
[da5afdf]	1300	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
[a9494ad]	1301	{
	1302	abac_yy_principal_t *principal=expr->principal;
[7727f26]	1303	char *principalname=get_yy_principal_sha(principal);
	1304	char *othername=get_yy_principal_name(principal);
[a9494ad]	1305	abac_role_t *ret_role=NULL;
	1306
	1307	ret_role = abac_role_principal_new(principalname);
[7727f26]	1308
	1309	_add_yy_id_certs(othername,get_yy_principal_type(principal));
[a9494ad]	1310
	1311	if (ret_role==NULL)
	1312	goto error;
	1313	return ret_role;
	1314
	1315	error:
	1316	panic("can not generate a simple named tail role");
	1317	return NULL;
	1318	}
	1319
[da5afdf]	1320	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
[a9494ad]	1321	{
	1322	abac_yy_principal_t *principal=expr->principal;
	1323	abac_yy_role_t *role=expr->role;
	1324
[7727f26]	1325	char *principalname=get_yy_principal_sha(principal);
	1326	char *othername=get_yy_principal_name(principal);
[a9494ad]	1327
	1328	char *rolename=role->name;
[da5afdf]	1329	abac_yy_term_t *terms=role->terms;
[a9494ad]	1330
	1331	int ret;
	1332	abac_role_t *ret_role=NULL;
	1333
	1334	ret_role = abac_role_role_new(principalname, rolename);
	1335	if (ret_role==NULL)
	1336	goto error;
	1337
[da5afdf]	1338	if(terms) {
	1339	_role_add_role_terms(ret_role, terms);
[a9494ad]	1340	}
	1341
[7727f26]	1342	_add_yy_id_certs(othername,get_yy_principal_type(principal));
[a9494ad]	1343
	1344	return ret_role;
	1345
	1346	error:
	1347	panic("can not generate a simple tail role");
	1348	return NULL;
	1349	}
	1350	/* need to validate/generate a linked role out of this */
[da5afdf]	1351	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
[a9494ad]	1352	{
	1353	abac_yy_principal_t *principal=expr->principal;
	1354	abac_yy_role_t *role=expr->role;
	1355	abac_yy_role_t *linked_role=expr->linked_role;
	1356
[7727f26]	1357	char *principalname=get_yy_principal_sha(principal);
	1358	char *othername=get_yy_principal_name(principal);
[a9494ad]	1359
	1360	char *rolename=role->name;
[da5afdf]	1361	abac_yy_term_t *terms=role->terms;
[a9494ad]	1362
	1363	char *linkedrolename=linked_role->name;
[da5afdf]	1364	abac_yy_term_t *linked_terms=linked_role->terms;
[a9494ad]	1365
	1366	int ret;
	1367	abac_role_t *ret_role=NULL;
	1368
	1369	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
	1370	if (ret_role==NULL)
	1371	goto error;
	1372
[da5afdf]	1373	if(linked_terms) {
	1374	_role_add_linked_terms(ret_role, linked_terms);
[a9494ad]	1375	}
[da5afdf]	1376	if(terms) {
	1377	_role_add_role_terms(ret_role, terms);
[a9494ad]	1378	}
	1379
[7727f26]	1380	_add_yy_id_certs(othername,get_yy_principal_type(principal));
[a9494ad]	1381
	1382	return ret_role;
	1383
	1384	error:
	1385	panic("can not generate linked tail role");
	1386	return NULL;
	1387	}
	1388
[b5a3da4]	1389	/***********************************************************************/
	1390	/* add the condition to constraint list */
	1391	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
	1392	{
	1393	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
	1394	if(head_expr) {
	1395	abac_oset_t *head_oset=validate_head_oset(head_expr);
	1396	if(head_oset == NULL)
	1397	goto error;
	1398
	1399	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
	1400	set_yy_term_data_cond_str(ptr,tmp);
	1401	set_yy_term_data_cond_ptr(ptr,head_oset);
	1402	abac_yy_add_yy_constraints(tmp);
	1403	return tmp;
	1404	}
	1405	return NULL;
	1406	error:
	1407	return NULL;
	1408	}
[d5bbd3e]	1409
[b5a3da4]	1410	/****************************************************************/
	1411	/* add the range condition to constraint list */
[d5bbd3e]	1412	/* this is for integer and float only */
	1413	void make_yy_range_numeric_constraint(abac_yy_term_data_t ptr, char var)
[b5a3da4]	1414	{
	1415	char *typestr=abac_term_type(ptr->type);
	1416	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
	1417	char *tmplist=NULL;
	1418	char *tmp=NULL;
[d5bbd3e]	1419	int as_range=1; /* either , or ; */
[b5a3da4]	1420	if(rlist) {
	1421	char *rstring=_string_yy_cond_range(rlist);
	1422	set_yy_term_data_cond_str(ptr,rstring);
	1423	abac_yy_range_t *cur;
	1424
[d5bbd3e]	1425	/* a list of values -- in chars */
[b5a3da4]	1426	abac_list_foreach(rlist, cur,
	1427	int type=cur->type;
	1428	char *val=cur->val;
	1429	switch(type) {
	1430	case e_yy_RANGE_MIN:
[7b548fa]	1431	tmp=generate_pl_range_constraint(typestr,var,val,">=");
[b5a3da4]	1432	break;
	1433	case e_yy_RANGE_MAX:
[7b548fa]	1434	tmp=generate_pl_range_constraint(typestr,var,val,"=<");
[b5a3da4]	1435	break;
	1436	case e_yy_RANGE_TARGET:
[d5bbd3e]	1437	tmp=generate_pl_range_constraint(NULL,var,val,"=");
	1438	as_range=0;
[b5a3da4]	1439	break;
	1440	}
[d5bbd3e]	1441	/* ; is prolog's disjunction built in predicate */
[b5a3da4]	1442	if(tmplist) {
[d5bbd3e]	1443	if(as_range)
[b5a3da4]	1444	asprintf(&tmplist,"%s,%s",tmplist,tmp);
	1445	else
	1446	asprintf(&tmplist,"%s;%s",tmplist,tmp);
	1447	} else {
	1448	tmplist=tmp;
	1449	}
	1450	tmp=NULL;
	1451	);
	1452	asprintf(&tmplist,"(%s)",tmplist);
	1453	abac_yy_add_yy_constraints(tmplist);
	1454	}
	1455	}
	1456
[7b548fa]	1457	/****************************************************************/
	1458	/* this is for time only */
	1459	void make_yy_range_time_constraint(abac_yy_term_data_t ptr, char var)
	1460	{
	1461	char *typestr=abac_term_type(ptr->type);
	1462	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
	1463	char *tmplist=NULL;
	1464	char *tmp=NULL;
	1465	char *ttmp=NULL;
	1466	char *tlist=NULL;
	1467	int as_range=1; /* either , or ; */
	1468	if(rlist) {
	1469	char *rstring=_string_yy_cond_range(rlist);
	1470	set_yy_term_data_cond_str(ptr,rstring);
	1471	abac_yy_range_t *cur;
	1472
	1473	/* a list of values -- in chars */
	1474	abac_list_foreach(rlist, cur,
	1475	int type=cur->type;
	1476	char *tval=cur->val;
	1477	char *val=abac_term_to_time(tval);
	1478	switch(type) {
	1479	case e_yy_RANGE_MIN:
	1480	ttmp=generate_pl_range_time_constraint(var,val,">");
	1481	tmp=generate_pl_range_time_constraint(var,val,"=");
	1482	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
	1483	tmp=tlist;
	1484	break;
	1485	case e_yy_RANGE_MAX:
	1486	ttmp=generate_pl_range_time_constraint(var,val,"=");
	1487	tmp=generate_pl_range_time_constraint(var,val,"<");
	1488	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
	1489	tmp=tlist;
	1490	break;
	1491	case e_yy_RANGE_TARGET:
	1492	tmp=generate_pl_range_time_constraint(var,val,"=");
	1493	as_range=0;
	1494	break;
	1495	}
	1496	free(val);
	1497	/* ; is prolog's disjunction built in predicate */
	1498	if(tmplist) {
	1499	if(as_range)
	1500	asprintf(&tmplist,"%s,%s",tmplist,tmp);
	1501	else
	1502	asprintf(&tmplist,"%s;%s",tmplist,tmp);
	1503	} else {
	1504	tmplist=tmp;
	1505	}
	1506	tmp=NULL;
	1507	);
	1508
	1509	asprintf(&tmplist,"(%s)",tmplist);
	1510	/* generate a clause with above and add into db */
	1511	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
	1512	abac_yy_add_yy_constraints(tmp);
	1513	}
	1514	}
	1515
[d5bbd3e]	1516	/****************************************************************/
	1517	/* this is for string and urn only */
	1518	void make_yy_range_string_constraint(abac_yy_term_data_t ptr, char var)
	1519	{
	1520	char *typestr=abac_term_type(ptr->type);
	1521	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
	1522	char *tmplist=NULL;
	1523	char *tmp=NULL;
	1524	if(rlist) {
	1525	char *rstring=_string_yy_cond_range(rlist);
	1526	set_yy_term_data_cond_str(ptr,rstring);
	1527	abac_yy_range_t *cur;
	1528
	1529	/* a list of values -- in chars */
	1530	abac_list_foreach(rlist, cur,
	1531	int type=cur->type;
	1532	char *val=cur->val;
	1533	switch(type) {
	1534	case e_yy_RANGE_MIN:
	1535	panic("make_yy_range_string_constraint, invalid range type - min");
	1536	break;
	1537	case e_yy_RANGE_MAX:
	1538	/* invalid range type */
	1539	panic("make_yy_range_string_constraint, invalid range type - max");
	1540	break;
	1541	case e_yy_RANGE_TARGET:
	1542	tmp=generate_pl_range_constraint(NULL,var,val,"=");
	1543	break;
	1544	}
	1545	/* ; is prolog's disjunction built in predicate */
	1546	if(tmplist)
	1547	asprintf(&tmplist,"%s;%s",tmplist,tmp);
	1548	else tmplist=tmp;
	1549	tmp=NULL;
	1550	);
	1551	asprintf(&tmplist,"(%s)",tmplist);
	1552	/* generate a clause with above and add into db */
[7b548fa]	1553	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
[d5bbd3e]	1554	abac_yy_add_yy_constraints(tmp);
	1555	}
	1556	}
	1557
	1558	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
	1559	{
	1560	if(is_yy_term_data_type_numeric(ptr)) {
	1561	make_yy_range_numeric_constraint(ptr, var);
	1562	} else if (is_yy_term_data_type_alpha(ptr)) {
	1563	make_yy_range_string_constraint(ptr, var);
[7b548fa]	1564	} else if (is_yy_term_data_type_time(ptr)) {
	1565	make_yy_range_time_constraint(ptr, var);
[d5bbd3e]	1566	}
	1567	}
	1568
[b5a3da4]	1569	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
	1570	{
	1571	char *tmp=NULL;
	1572	abac_role_t *head_role=NULL;
	1573
	1574	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
	1575	/* build up left side's abac role constraint structure */
	1576	head_role=validate_head_role(head_expr);
	1577	if(head_role == NULL)
	1578	goto error;
	1579
	1580	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
	1581	set_yy_term_principal_cond_str(ptr,tmp);
	1582	set_yy_term_principal_cond_ptr(ptr,head_role);
	1583	abac_yy_add_yy_constraints(tmp);
	1584	return tmp;
	1585
	1586	error:
	1587	return NULL;
	1588	}
[a9494ad]	1589
[da5afdf]	1590	/* build up the abac structure and also create the yap clause
	1591	and insert it into db */
	1592	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
	1593	abac_yy_expression_t *tailexpr)
[a9494ad]	1594	{
	1595	abac_role_t *head_role=NULL;
	1596	abac_role_t *tail_role=NULL;
	1597
	1598	/* build up left side's abac role structure */
	1599	head_role=validate_head_role(headexpr);
	1600	if(head_role == NULL)
	1601	goto error;
	1602
	1603	/* build up the right side's abac role structure */
[da5afdf]	1604	abac_yy_expression_t *curr_tail = tailexpr;
[a9494ad]	1605	int intersecting=(tailexpr->next != NULL)? 1:0;
	1606	abac_role_t *curr_role = NULL;
	1607	while (curr_tail) {
[da5afdf]	1608	switch(curr_tail->type) {
	1609	case e_yy_EXPR_NAMED:
[a9494ad]	1610	curr_role=validate_named_tail_role(curr_tail);
	1611	break;
[da5afdf]	1612	case e_yy_EXPR_ROLE:
[a9494ad]	1613	curr_role=validate_role_tail_role(curr_tail);
	1614	break;
[da5afdf]	1615	case e_yy_EXPR_LINKED:
[a9494ad]	1616	curr_role=validate_linked_tail_role(curr_tail);
	1617	break;
	1618	}
	1619	if(curr_role==NULL)
	1620	goto error;
	1621
	1622	/* check if first one */
	1623	if(tail_role==NULL) {
	1624	if(intersecting)
	1625	tail_role=validate_intersected_tail_role(curr_role);
	1626	else
	1627	tail_role=curr_role;
	1628	} else {
	1629	abac_role_add_intersecting_role(tail_role,curr_role);
	1630	}
	1631	curr_tail=curr_tail->next;
	1632	} /* while */
	1633
[7727f26]	1634	/* collect up type clauses, constraint clauses and
[da5afdf]	1635	generate the final rule clauses */
	1636	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
[a9494ad]	1637	if(tmp == NULL)
	1638	goto error;
	1639
	1640	if(debug) {
[da5afdf]	1641	abac_print_role_string_with_condition(head_role,NULL);
[7727f26]	1642	printf("\n");
[da5afdf]	1643	abac_print_role_string_with_condition(tail_role,NULL);
[7727f26]	1644	printf("\n");
[a9494ad]	1645	}
	1646
[da5afdf]	1647	_free_yy_expression(headexpr);
	1648	_free_yy_expression(tailexpr);
[b5a3da4]	1649	abac_rule_head_role=head_role;
	1650	abac_rule_tail_role=tail_role;
	1651	abac_rule_is_oset=0;
[a9494ad]	1652	return tmp;
	1653
	1654	error:
[da5afdf]	1655	_free_yy_expression(headexpr);
	1656	_free_yy_expression(tailexpr);
[a9494ad]	1657	if(head_role)
	1658	abac_role_free(head_role);
	1659	if(tail_role)
	1660	abac_role_free(tail_role);
	1661	return NULL;
	1662	}
[da5afdf]	1663
	1664
[b5a3da4]	1665	/************************************************************************/
	1666	void abac_yy_init()
	1667	{
	1668	abac_yyinit();
	1669	abac_yy_init_rule_id_clauses();
	1670	abac_yy_init_yy_id_certs();
	1671	abac_yy_init_yy_constraints();
	1672	}
	1673
	1674

Note: See TracBrowser for help on using the repository browser.

Download in other formats: