Context Navigation

source: libabac/abac_pl_yy.c @ c586a3c

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since c586a3c was c586a3c, checked in by Mei <mei@…>, 12 years ago
1) add support for float static range constraint 2) add a testcase for testing float static range constraint 3) add runall-fast (skipping the creddy part)
Property mode set to `100644`
File size: 37.5 KB

Rev	Line
[a9494ad]	1
	2	/* C declarations */
	3	#include <stdio.h>
	4	#include <string.h>
	5	#include <stdlib.h>
[da5afdf]	6	#include <assert.h>
[a9494ad]	7
	8	#include "abac_util.h"
	9	#include "abac_pl_yy.h"
	10
	11	static int debug=0;
	12
[b5a3da4]	13	extern void panic(char*);
	14
	15	/* from abac_pl_gen.c */
[0d0c3a9]	16	extern char generate_pl_range_constraint_clause(char ,char ,char ,char *);
[b5a3da4]	17	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
[da5afdf]	18	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
	19	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
[0d0c3a9]	20	extern char* generate_pl_role_constraint_clause(abac_role_t , char );
[a9494ad]	21	extern char generate_pl_type_clause(char , int);
[b5a3da4]	22	/* from rt2.y */
	23	extern void abac_yyinit();
[a9494ad]	24
[b5a3da4]	25	int abac_yy_error_code = 0; /* keeping last error code */
[a9494ad]	26
[b5a3da4]	27	int abac_rule_is_oset=0;
	28	abac_list_t *abac_rule_clauses=NULL;
	29	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
	30	abac_role_t *abac_rule_head_role=NULL;
	31	abac_role_t *abac_rule_tail_role=NULL;
	32	abac_oset_t *abac_rule_head_oset=NULL;
	33	abac_oset_t *abac_rule_tail_oset=NULL;
[da5afdf]	34
	35	/* to track id certs within a rule clause */
[a9494ad]	36	typedef struct _abac_yy_id_cert_t {
	37	char *principalname;
	38	int type; /* keyidtype */
	39	char *clause;
	40	} abac_yy_id_cert_t;
	41	abac_list_t *abac_yy_id_certs = NULL;
	42
[da5afdf]	43	/* structure to hold the range information
	44	within a static constraints on few types of
	45	oset types
	46	[a..b], [a..], [..b], [a],[a,b],[many a]
	47	e_yy_RANGE_MIN=1;
	48	e_yy_RANGE_MAX=2;
	49	e_yy_RANGE_TARGET=3;
	50	*/
	51	typedef struct _abac_yy_range_t {
	52	int type;
	53	char *val;
	54	} abac_yy_range_t;
	55
	56	/* to track role/oset constraint clauses used within a rule clause,
	57	collect them up in one place */
	58	typedef struct _abac_yy_constraint_t {
	59	char *clause;
	60	} abac_yy_constraint_t;
	61	abac_list_t *abac_yy_constraints = NULL;
	62
[a9494ad]	63	/* local principal structure [keyid:USC] */
	64	struct _abac_yy_principal_t {
	65	int type;
[da5afdf]	66	char *sha; // sha is null when this is of object type
	67	char *cn;
[a9494ad]	68	};
	69
[da5afdf]	70	/* [principal:?Z]:..., must match a principal name */
	71	struct _abac_yy_term_principal_t {
[a9494ad]	72	int type; /* this needs to be implicitly determined */
	73	char *name;
[b5a3da4]	74	char *cond_str;
	75	void *cond_ptr; // ptr to a saved abac_role_t
[da5afdf]	76	abac_yy_expression_t *cond_head_expr;
[a9494ad]	77	};
	78
[b5a3da4]	79	/* integer,float,time,urn,string types,
	80	if has condition, then it is a variable,
[a9494ad]	81	ie,
	82	[int:?Year]:<1930..1932>,
	83	if no condition, then it is a constant,
	84	ie,
	85	[int:10]
	86	*/
[da5afdf]	87	struct _abac_yy_term_data_t {
[a9494ad]	88	int is_variable;
	89	int type;
	90	char *name;
[b5a3da4]	91	char *cond_str;
	92	void *cond_ptr; // ptr to a saved abac_oset_t
[da5afdf]	93	abac_list_t *cond_range;
	94	abac_yy_expression_t *cond_head_expr; // parking stub
[a9494ad]	95	};
	96
[da5afdf]	97	/* local term structure, will distinguish it in the future */
	98	/* e_yy_DTERM_DATA, all other types
	99	e_yy_DTERM_NAMED, keyid:bob
	100	e_yy_DTERM_PRINCIPAL, principal:?P
	101	e_yy_DTERM_ANONYMOUS ? */
	102	struct _abac_yy_term_t {
[a9494ad]	103	union {
	104	abac_yy_principal_t *n_ptr;
[da5afdf]	105	abac_yy_term_principal_t *p_ptr;
	106	abac_yy_term_data_t *d_ptr;
[a9494ad]	107	} term;
	108	int type;
[da5afdf]	109	struct _abac_yy_term_t *next;
	110	int bcnt; /* this is to track number of terms in this linked up list */
[a9494ad]	111	};
	112
	113	/* local role structure */
	114	struct _abac_yy_role_t {
	115	int type;
	116	char *name;
[da5afdf]	117	abac_yy_term_t *terms;
[a9494ad]	118	struct _abac_yy_role_t *next;
	119	int bcnt; /* this is to track number of roles in this linked up list */
	120	};
	121
[da5afdf]	122	/* local oset structure */
	123	struct _abac_yy_oset_t {
	124	int type;
	125	char *name;
	126	abac_yy_term_t *terms;
	127	struct _abac_yy_oset_t *next;
	128	int bcnt; /* this is to track number of oset in this linked up list */
	129	};
	130
	131	/* A, A.r, A.r.r */
	132	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
	133	/* A/obj, A.o, A.r.o */
	134	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
	135	struct _abac_yy_expression_t {
	136	int type;
	137	union {
	138	abac_yy_principal_t *principal;
	139	abac_yy_term_data_t *object;
	140	};
[a9494ad]	141	abac_yy_role_t *linked_role;
[da5afdf]	142	union {
	143	abac_yy_role_t *role;
	144	abac_yy_oset_t *oset;
	145	};
	146	struct _abac_yy_expression_t *next;
[a9494ad]	147	int bcnt;
	148	};
[b5a3da4]	149
	150	static void _free_yy_expression(abac_yy_expression_t *);
	151
	152	/************************************************************************/
	153	void abac_yy_set_error_code(int v)
	154	{
	155	abac_yy_error_code=v;
	156	}
	157
	158	/************************************************************************/
	159	abac_stack_t *abac_yy_get_rule_id_clauses()
	160	{
	161	return abac_rule_id_clauses;
	162	}
	163
	164	abac_stack_t *abac_yy_init_rule_id_clauses()
	165	{
	166	abac_rule_id_clauses=abac_stack_new();
	167	return abac_rule_id_clauses;
	168	}
	169
	170	void abac_yy_free_rule_id_clauses()
	171	{
	172	if (abac_rule_id_clauses != NULL)
	173	abac_stack_free(abac_rule_id_clauses);
	174	}
	175
	176	void abac_yy_set_rule_clauses(abac_list_t *clauses)
	177	{
	178	abac_rule_clauses=clauses;
	179	if(debug) {
	180	printf("printing out abac_rule_clauses:\n");
	181	abac_print_clauses(abac_rule_clauses,NULL);
	182	}
	183	}
	184
	185	abac_list_t *abac_yy_get_rule_clauses()
	186	{
	187	return abac_rule_clauses;
	188	}
	189
	190	void abac_yy_free_rule_clauses()
	191	{
	192	if (abac_rule_clauses != NULL) {
	193	char *cur;
	194	abac_list_foreach(abac_yy_id_certs, cur,
	195	if(cur) free(cur);
	196	);
	197	abac_list_free(abac_rule_clauses);
	198	}
	199	}
	200
	201	int abac_yy_get_rule_is_oset()
	202	{
	203	return abac_rule_is_oset;
	204	}
	205
	206	abac_role_t *abac_yy_get_rule_head_role()
	207	{
	208	return abac_rule_head_role;
	209	}
	210
	211	abac_role_t *abac_yy_get_rule_tail_role()
	212	{
	213	return abac_rule_tail_role;
	214	}
	215
	216	abac_oset_t *abac_yy_get_rule_head_oset()
	217	{
	218	return abac_rule_head_oset;
	219	}
	220
	221	abac_oset_t *abac_yy_get_rule_tail_oset()
	222	{
	223	return abac_rule_tail_oset;
	224	}
	225
[da5afdf]	226
	227	/************************************************************************/
[b5a3da4]	228	void abac_yy_init_yy_id_certs()
	229	{
	230	abac_yy_id_certs = abac_list_new();
	231	}
	232
	233	void abac_yy_free_yy_id_certs()
	234	{
	235	abac_yy_id_cert_t *id;
	236	abac_list_foreach(abac_yy_id_certs, id,
	237	if(id)
	238	free(id->principalname);
	239	free(id->clause);
	240	free(id);
	241	);
	242	abac_list_free(abac_yy_id_certs);
	243	abac_yy_id_certs = NULL;
	244	}
	245
	246	int abac_yy_cnt_yy_id_certs()
	247	{
	248	return abac_list_size(abac_yy_id_certs);
	249	}
	250
	251	char *abac_yy_string_yy_id_certs()
	252	{
	253	int first=1;
	254	char *tmp=NULL;
	255	abac_yy_id_cert_t *cur;
	256	abac_list_foreach(abac_yy_id_certs, cur,
	257	if(cur)
	258	if(first) {
	259	tmp=abac_xstrdup(cur->clause);
	260	first=0;
	261	} else {
	262	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
	263	}
	264	);
	265	return tmp;
	266	}
	267
	268	static void _add_yy_id_certs(char *principalname, int type)
	269	{
	270	abac_yy_id_cert_t *id_cert=NULL;
	271
	272	int found=0;
	273	abac_yy_id_cert_t *cur;
	274	abac_list_foreach(abac_yy_id_certs, cur,
	275	if(cur)
	276	if(strcmp(cur->principalname,principalname)==0) {
	277	found=1;
	278	break;
	279	}
	280	);
	281
	282	if (found) {
	283	return;
	284	} else {
	285	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
	286	id_cert->principalname=abac_xstrdup(principalname);
	287	id_cert->type=type;
	288	id_cert->clause=generate_pl_type_clause(principalname,type);
	289	abac_list_add(abac_yy_id_certs, id_cert);
	290	}
	291	}
	292
	293	/***********************************************************************/
	294	static void _free_yy_cond_range(abac_list_t *ptr)
[da5afdf]	295	{
	296	if (ptr != NULL) {
	297	abac_yy_range_t *cur;
	298	abac_list_foreach(ptr, cur,
	299	if(cur && cur->val) free(cur->val);
	300	free(cur);
	301	);
	302	abac_list_free(ptr);
	303	}
	304	}
	305
[b5a3da4]	306	static char _string_yy_cond_range(abac_list_t ptr)
[da5afdf]	307	{
	308	assert(ptr);
	309	char *tmp=NULL;
	310	char *min=NULL;
	311	char *max=NULL;
	312	char *val=NULL;
	313	int type;
[a9494ad]	314
[da5afdf]	315	abac_yy_range_t *cur;
	316	abac_list_foreach(ptr, cur,
	317	type=cur->type;
	318	val=cur->val;
	319	switch (type) {
	320	case e_yy_RANGE_MIN:
	321	min=strdup(cur->val);
	322	break;
	323	case e_yy_RANGE_MAX:
	324	max=strdup(cur->val);
	325	break;
	326	case e_yy_RANGE_TARGET:
	327	if(val)
	328	asprintf(&val,"%s,%s",val,cur->val);
	329	else val=strdup(cur->val);
	330	break;
	331	}
	332	);
	333	if(max && min) {
	334	asprintf(&tmp,"[%s..%s]",min,max);
	335	free(max);
	336	free(min);
	337	return tmp;
	338	}
	339	if(max) {
	340	asprintf(&tmp,"[..%s]",max);
	341	free(max);
	342	return tmp;
	343	}
	344	if(min) {
	345	asprintf(&tmp,"[%s..]",min);
	346	free(min);
	347	return tmp;
	348	}
	349	if(val) {
	350	asprintf(&tmp,"[%s]",val);
	351	free(val);
	352	return tmp;
	353	}
	354	return NULL;
	355	}
	356
[b5a3da4]	357	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
[da5afdf]	358	{
	359	abac_yy_range_t *range=
	360	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
	361	range->type=e_yy_RANGE_TARGET;
	362	range->val=strdup(val);
	363	abac_list_add(ptr, range);
	364	return ptr;
	365	}
	366
[b5a3da4]	367	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
[da5afdf]	368	{
	369	abac_yy_range_t *range=
	370	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
	371	range->type=type;
	372	range->val=strdup(val);
	373	abac_list_add(ptr, range);
	374	return ptr;
	375	}
	376
	377	abac_list_t make_yy_val_range(char val)
	378	{
	379	abac_list_t *ptr=abac_list_new();
[b5a3da4]	380	add_yy_val_range(ptr,val);
[da5afdf]	381	return ptr;
	382	}
	383
	384	abac_list_t make_yy_minmax_range(char min, char *max)
	385	{
	386	abac_list_t *ptr=abac_list_new();
[b5a3da4]	387	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
	388	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
[da5afdf]	389	return ptr;
	390	}
	391
	392	abac_list_t make_yy_min_range(char min)
	393	{
	394	abac_list_t *ptr=abac_list_new();
[b5a3da4]	395	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
[da5afdf]	396	return ptr;
	397	}
	398
	399	abac_list_t make_yy_max_range(char max)
	400	{
	401	abac_list_t *ptr=abac_list_new();
[b5a3da4]	402	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
[da5afdf]	403	return ptr;
	404	}
[a9494ad]	405
[b5a3da4]	406	/***********************************************************************/
	407	abac_yy_term_data_t make_yy_term_data(char name)
[a9494ad]	408	{
[b5a3da4]	409	abac_yy_term_data_t *ptr=
	410	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
	411	ptr->name=abac_xstrdup(name);
	412	ptr->type=0;
	413	ptr->is_variable=0;
	414	ptr->cond_str=NULL;
	415	ptr->cond_head_expr=NULL;
	416	ptr->cond_ptr=NULL;
	417	ptr->cond_range=NULL;
	418	return ptr;
[a9494ad]	419	}
	420
[b5a3da4]	421	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
[a9494ad]	422	{
[b5a3da4]	423	return ptr->cond_range;
[a9494ad]	424	}
	425
[b5a3da4]	426	char get_yy_term_data_name(abac_yy_term_data_t ptr)
[a9494ad]	427	{
[b5a3da4]	428	return ptr->name;
[a9494ad]	429	}
	430
[b5a3da4]	431	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
[a9494ad]	432	{
[b5a3da4]	433	if(ptr->cond_head_expr != NULL)
	434	return 1;
[c586a3c]	435	if(ptr->cond_range != NULL)
[b5a3da4]	436	return 1;
	437	return 0;
[a9494ad]	438	}
	439
[b5a3da4]	440	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
	441	abac_list_t *range)
[a9494ad]	442	{
[b5a3da4]	443	ptr->cond_range=range;
[a9494ad]	444	}
	445
[b5a3da4]	446	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
	447	abac_yy_expression_t *expr)
[a9494ad]	448	{
[b5a3da4]	449	ptr->cond_head_expr=expr;
[a9494ad]	450	}
	451
[b5a3da4]	452	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
[da5afdf]	453	{
[b5a3da4]	454	return ptr->cond_head_expr;
[da5afdf]	455	}
	456
[b5a3da4]	457	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
[a9494ad]	458	{
[b5a3da4]	459	int type=abac_term_verify_term_type(typestr);
	460	ptr->type=type;
[a9494ad]	461	}
	462
[b5a3da4]	463	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
[a9494ad]	464	{
[b5a3da4]	465	ptr->cond_ptr=vptr;
[a9494ad]	466	}
	467
[b5a3da4]	468	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
[da5afdf]	469	{
[b5a3da4]	470	ptr->cond_str=strdup(cond);
[da5afdf]	471	}
	472
[b5a3da4]	473	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
[da5afdf]	474	{
[b5a3da4]	475	ptr->is_variable=1;
[da5afdf]	476	}
	477
[b5a3da4]	478	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
[a9494ad]	479	{
[b5a3da4]	480	return ptr->is_variable;
[a9494ad]	481	}
	482
[b5a3da4]	483	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
[a9494ad]	484	{
[b5a3da4]	485	free(ptr->name);
	486	if(ptr->cond_str)
	487	free(ptr->cond_str);
	488	if(ptr->cond_head_expr)
	489	_free_yy_expression(ptr->cond_head_expr);
	490	if(ptr->cond_range);
	491	_free_yy_cond_range(ptr->cond_range);
	492	free(ptr);
[a9494ad]	493	}
	494
[b5a3da4]	495	abac_yy_term_principal_t make_yy_term_principal(char name)
[a9494ad]	496	{
[b5a3da4]	497	abac_yy_term_principal_t *ptr=
	498	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
[d845403]	499	ptr->type=0;/* this is not known */
[b5a3da4]	500	ptr->name=abac_xstrdup(name);
	501	ptr->cond_str=NULL;
	502	ptr->cond_head_expr=NULL;
	503	return ptr;
[a9494ad]	504	}
	505
[b5a3da4]	506	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
[a9494ad]	507	{
[b5a3da4]	508	ptr->cond_ptr=vptr;
[a9494ad]	509	}
	510
[b5a3da4]	511	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
[a9494ad]	512	{
[b5a3da4]	513	ptr->cond_str=abac_xstrdup(cond);
[a9494ad]	514	}
	515
[b5a3da4]	516	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
[da5afdf]	517	{
[b5a3da4]	518	return ptr->cond_head_expr;
[da5afdf]	519	}
	520
[b5a3da4]	521	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
	522	abac_yy_expression_t *expr)
[da5afdf]	523	{
[b5a3da4]	524	ptr->cond_head_expr=expr;
[da5afdf]	525	}
	526
[b5a3da4]	527	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
[da5afdf]	528	{
[b5a3da4]	529	free(ptr->name);
	530	if(ptr->cond_str)
	531	free(ptr->cond_str);
	532	if(ptr->cond_head_expr)
	533	_free_yy_expression(ptr->cond_head_expr);
	534	free(ptr);
[da5afdf]	535	}
	536
[b5a3da4]	537	abac_yy_term_t *make_yy_term_dterm_anonymous()
[da5afdf]	538	{
[b5a3da4]	539	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	540	ptr->type = e_yy_DTERM_ANONYMOUS;
	541	ptr->next=NULL;
	542	ptr->bcnt=1;
	543	return ptr;
[da5afdf]	544	}
	545
[b5a3da4]	546	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
[da5afdf]	547	{
[b5a3da4]	548	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	549	ptr->type = e_yy_DTERM_PRINCIPAL;
	550	ptr->term.p_ptr=pptr;
	551	ptr->next=NULL;
	552	ptr->bcnt=1;
	553	return ptr;
	554	}
	555
	556	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
	557	{
	558	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	559	ptr->type = e_yy_DTERM_NAMED;
	560	ptr->term.n_ptr=nptr;
	561	ptr->next=NULL;
	562	ptr->bcnt=1;
	563	return ptr;
	564	}
	565
	566	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
	567	{
	568	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
	569	ptr->type = e_yy_DTERM_DATA;
	570	ptr->term.d_ptr=dptr;
	571	ptr->next=NULL;
	572	ptr->bcnt=1;
	573	return ptr;
	574	}
	575
	576	/************************************************************************/
	577	void abac_yy_init_yy_constraints()
	578	{
	579	abac_yy_constraints = abac_list_new();
	580	}
	581
	582	void abac_yy_free_yy_constraints()
	583	{
	584	abac_yy_constraint_t *cur;
	585	abac_list_foreach(abac_yy_constraints, cur,
	586	if(cur && cur->clause)
	587	free(cur->clause);
	588	free(cur);
	589	);
	590	abac_list_free(abac_yy_constraints);
	591	abac_yy_constraints=NULL;
	592	}
	593
	594	int abac_yy_cnt_yy_constraints()
	595	{
	596	return abac_list_size(abac_yy_constraints);
	597	}
	598
	599	char *abac_yy_string_yy_constraints()
	600	{
	601	int first=1;
	602	char *tmp=NULL;
	603	abac_yy_constraint_t *cur;
	604	abac_list_foreach(abac_yy_constraints, cur,
	605	if(cur && cur->clause)
	606	if(first) {
	607	tmp=abac_xstrdup(cur->clause);
	608	first=0;
	609	} else {
	610	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
	611	}
	612	);
	613	return tmp;
	614	}
	615
	616	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
	617	{
	618	abac_yy_constraint_t *ptr=
	619	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
	620	ptr->clause=strdup(constraint);
	621	abac_list_add(abac_yy_constraints, ptr);
[da5afdf]	622	return ptr;
	623	}
	624
[a9494ad]	625	/****************************************************************************/
	626	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
	627	{
	628	abac_yy_principal_t *ptr=
	629	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
	630	ptr->sha=abac_xstrdup(sha);
	631	ptr->cn=abac_xstrdup(cn);
	632	ptr->type=type;
	633	return ptr;
	634	}
	635
	636	static void _free_yy_principal(abac_yy_principal_t *ptr)
	637	{
	638	free(ptr->sha);
	639	if(ptr->cn)
	640	free(ptr->cn);
	641	free(ptr);
	642	}
	643
[da5afdf]	644	int get_yy_principal_type(abac_yy_principal_t *ptr)
	645	{
	646	return ptr->type;
	647	}
	648
	649	char get_yy_principal_principalname(abac_yy_principal_t ptr)
	650	{
	651	if(ptr->sha == NULL)
	652	return ptr->cn;
	653	return ptr->sha;
	654	}
	655
[b5a3da4]	656	/*************************************************************************/
	657
	658	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
	659	{
	660	int i=terms->bcnt;
	661	nterm->next=terms;
	662	nterm->bcnt=i+1;
	663	return nterm;
	664	}
	665
	666	static void _free_yy_term(abac_yy_term_t *ptr)
	667	{
	668	switch (ptr->type) {
	669	case e_yy_DTERM_DATA:
	670	_free_yy_term_data(ptr->term.d_ptr);
	671	break;
	672	case e_yy_DTERM_NAMED:
	673	_free_yy_principal(ptr->term.n_ptr);
	674	break;
	675	case e_yy_DTERM_PRINCIPAL:
	676	_free_yy_term_principal(ptr->term.p_ptr);
	677	break;
	678	case e_yy_DTERM_ANONYMOUS:
	679	break;
	680	}
	681	if(ptr->next)
	682	_free_yy_term(ptr->next);
	683	free(ptr);
	684	}
	685
	686	/*************************************************************************/
	687
[da5afdf]	688	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
[a9494ad]	689	{
	690	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
	691	ptr->name=abac_xstrdup(name);
[da5afdf]	692	ptr->terms=terms;
[a9494ad]	693	ptr->next=NULL;
	694	ptr->bcnt=1;
	695	return ptr;
	696	}
	697
	698	static void _free_yy_role(abac_yy_role_t *ptr)
	699	{
	700	free(ptr->name);
[da5afdf]	701	if(ptr->terms)
	702	_free_yy_term(ptr->terms);
[a9494ad]	703	if(ptr->next)
	704	_free_yy_role(ptr->next);
	705	free(ptr);
	706	}
	707
[b5a3da4]	708	/***************************************************************************/
	709	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
	710	{
	711	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
	712	ptr->name=abac_xstrdup(name);
	713	ptr->terms=terms;
	714	ptr->next=NULL;
	715	ptr->bcnt=1;
	716	return ptr;
	717	}
	718
	719	static void _free_yy_oset(abac_yy_oset_t *ptr)
	720	{
	721	free(ptr->name);
	722	if(ptr->terms)
	723	_free_yy_term(ptr->terms);
	724	if(ptr->next)
	725	_free_yy_oset(ptr->next);
	726	free(ptr);
	727	}
	728	/***************************************************************************/
	729
[da5afdf]	730	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
	731
	732	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
[a9494ad]	733	{
[da5afdf]	734	abac_yy_expression_t *ptr=
	735	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
	736	ptr->type = type;
	737	if(type == e_yy_EXPR_OBJECT) {
	738	ptr->object=(abac_yy_term_data_t *)pptr;
	739	} else {
	740	ptr->principal = (abac_yy_principal_t *)pptr;
	741	}
	742	if(type == e_yy_EXPR_OSET)
	743	ptr->oset = (abac_yy_oset_t *) optr;
	744	else
	745	ptr->role = (abac_yy_role_t *) optr;
[a9494ad]	746	ptr->linked_role=linked_role;
	747	ptr->next=NULL;
	748
	749	return ptr;
	750	}
	751
[da5afdf]	752	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
	753	{
	754	if(ptr->type == e_yy_EXPR_OBJECT)
	755	return ptr->object;
	756	return NULL;
	757	}
	758
	759	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
	760	abac_yy_expression_t *exprs)
[a9494ad]	761	{
	762	int i=exprs->bcnt;
	763	nexpr->next=exprs;
	764	nexpr->bcnt=i+1;
	765	return nexpr;
	766	}
	767
[da5afdf]	768	static void _free_yy_expression(abac_yy_expression_t *ptr)
[a9494ad]	769	{
[da5afdf]	770	if(ptr->type == e_yy_EXPR_OBJECT) {
	771	if(ptr->object)
	772	_free_yy_term_data(ptr->object);
	773	} else {
	774	if(ptr->principal)
	775	_free_yy_principal(ptr->principal);
	776	}
	777	if(ptr->type == e_yy_EXPR_OSET) {
	778	if(ptr->oset)
	779	_free_yy_oset(ptr->oset);
	780	} else {
	781	if(ptr->role)
	782	_free_yy_role(ptr->role);
	783	}
[a9494ad]	784	if(ptr->linked_role)
	785	_free_yy_role(ptr->linked_role);
	786	if(ptr->next)
[da5afdf]	787	_free_yy_expression(ptr->next);
[a9494ad]	788
	789	free(ptr);
	790	}
	791
[b5a3da4]	792	/***************************************************************************/
[da5afdf]	793	static void _oset_add_terms(int linked, abac_oset_t *oset,
	794	abac_yy_term_t *terms)
	795	{
	796	abac_yy_term_t *curr = terms;
	797	int type;
	798	char *name=NULL;
	799	char *cond=NULL;
	800	void *ptr=NULL;
	801	while (curr) {
	802	switch (curr->type) {
	803	case e_yy_DTERM_DATA:
	804	{
	805	abac_yy_term_data_t *ptr=curr->term.d_ptr;
	806	type=ptr->type;
	807	name=abac_xstrdup(ptr->name);
[b5a3da4]	808	cond=abac_xstrdup(ptr->cond_str);
	809	ptr=ptr->cond_ptr;
[da5afdf]	810	break;
	811	}
	812	case e_yy_DTERM_PRINCIPAL:
	813	{
	814	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
[b5a3da4]	815	type=abac_term_verify_term_type("principal");
[da5afdf]	816	name=abac_xstrdup(ptr->name);
[b5a3da4]	817	cond=abac_xstrdup(ptr->cond_str);
	818	ptr=ptr->cond_ptr;
[da5afdf]	819	break;
	820	}
	821	case e_yy_DTERM_NAMED:
	822	{
	823	abac_yy_principal_t *ptr=curr->term.n_ptr;
	824	type=ptr->type;
	825	/* XXX should be switching to sha in the future */
	826	name=abac_xstrdup(ptr->cn);
	827	cond=NULL;
	828	ptr=NULL;
	829	break;
	830	}
	831	case e_yy_DTERM_ANONYMOUS:
	832	{
	833	type=0;
	834	name=abac_xstrdup("_");
	835	cond=NULL;
	836	ptr=NULL;
	837	break;
	838	}
	839	}
	840
	841	abac_term_t *param=abac_term_new(type,name,cond,ptr);
	842	if (linked)
	843	abac_oset_oset_add_linked_param(oset, param);
	844	else
	845	abac_oset_oset_add_param(oset, param);
	846	curr=curr->next;
	847	}
	848	}
	849
	850	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
	851	{
	852	int linked=1;
	853	_oset_add_terms(linked, oset, terms);
	854	}
	855
	856	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
	857	{
	858	int linked=0;
	859	_oset_add_terms(linked, oset, terms);
	860	}
	861
	862
	863	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
	864	{
	865	abac_oset_t *ret_oset=NULL;
	866	abac_list_t *prereqs = abac_list_new();
	867	abac_list_add(prereqs, oset);
	868	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
	869	return ret_oset;
	870	}
	871
	872	/* A.oset */
	873	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
	874	{
	875	abac_yy_principal_t *principal=expr->principal;
	876	abac_yy_oset_t *oset=expr->oset;
	877
	878	char *principalname=get_yy_principal_principalname(principal);
	879	char *osetname=oset->name;
	880	abac_yy_term_t *terms=oset->terms;
	881
	882	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
	883	if (ret_oset==NULL) {
[b5a3da4]	884	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
[da5afdf]	885	goto error;
	886	}
	887	if (!abac_oset_is_oset(ret_oset)) {
[b5a3da4]	888	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
[da5afdf]	889	goto error;
	890	}
	891	// insert the params for the oset
	892	if(terms) {
	893	_oset_add_oset_terms(ret_oset, terms);
	894	}
	895	_add_yy_id_certs(principal->cn,principal->type);
	896
	897	return ret_oset;
	898
	899	error:
	900	return NULL;
	901	}
	902
	903	/* B */
	904	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
	905	{
	906	abac_yy_principal_t *principal=expr->principal;
	907	char *principalname=principal->sha;
	908	abac_oset_t *ret_oset=NULL;
	909
	910	ret_oset = abac_oset_principal_new(principalname);
	911
	912	_add_yy_id_certs(principal->cn,principal->type);
	913
	914	if (ret_oset==NULL)
	915	goto error;
	916	return ret_oset;
	917
	918	error:
	919	panic("can not generate a simple named tail oset");
	920	return NULL;
	921	}
	922
	923
	924	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
	925	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
	926	{
	927	abac_yy_term_data_t *object=get_yy_expression_object(expr);
	928	assert(object != NULL);
	929
	930	char *name=object->name;
	931	int type=object->type;
[b5a3da4]	932	char *cond=object->cond_str;
	933	void *ptr=object->cond_ptr;
[da5afdf]	934	abac_term_t *term=abac_term_new(type,name,cond,ptr);
	935	abac_oset_t *ret_oset=abac_oset_object_new(term);
	936
	937	if(get_yy_term_data_is_variable(object))
	938	_add_yy_id_certs(name,type);
	939
	940	if (ret_oset==NULL)
	941	goto error;
	942	return ret_oset;
	943
	944	error:
	945	panic("can not generate a simple object tail oset");
	946	return NULL;
	947	}
	948
	949
	950	/* B.oset */
	951	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
	952	{
	953	abac_yy_principal_t *principal=expr->principal;
	954	abac_yy_oset_t *oset=expr->oset;
	955
	956	char *principalname=principal->sha;
	957
	958	char *osetname=oset->name;
	959	abac_yy_term_t *terms=oset->terms;
	960
	961	int ret;
	962	abac_oset_t *ret_oset=NULL;
	963
	964	ret_oset = abac_oset_oset_new(principalname, osetname);
	965	if (ret_oset==NULL)
	966	goto error;
	967
	968	if(terms) {
	969	_oset_add_oset_terms(ret_oset, terms);
	970	}
	971
	972	_add_yy_id_certs(principal->cn,principal->type);
	973
	974	return ret_oset;
	975
	976	error:
	977	panic("can not generate a simple tail oset");
	978	return NULL;
	979	}
	980
	981	/* B.role.oset */
	982	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
	983	{
	984	abac_yy_principal_t *principal=expr->principal;
	985	abac_yy_oset_t *oset=expr->oset;
	986	abac_yy_role_t *linked_role=expr->linked_role;
	987
	988	char *principalname=principal->sha;
	989
	990	char *osetname=oset->name;
	991	abac_yy_term_t *terms=oset->terms;
	992
	993	char *linkedrolename=linked_role->name;
	994	abac_yy_term_t *linked_terms=linked_role->terms;
	995
	996	int ret;
	997	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
	998	linkedrolename, osetname);
	999	if (ret_oset==NULL)
	1000	goto error;
	1001
	1002	if(linked_terms) {
	1003	_oset_add_linked_terms(ret_oset, linked_terms);
	1004	}
	1005	if(terms) {
	1006	_oset_add_oset_terms(ret_oset, terms);
	1007	}
	1008
	1009	_add_yy_id_certs(principal->cn,principal->type);
	1010
	1011	return ret_oset;
	1012
	1013	error:
	1014	panic("can not generate linked tail oset");
	1015	return NULL;
	1016	}
	1017
	1018
	1019
	1020	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
	1021	abac_yy_expression_t *tailexpr)
	1022	{
	1023	abac_oset_t *head_oset=NULL;
	1024	abac_oset_t *tail_oset=NULL;
	1025
	1026	/* build up left side's abac oset structure */
	1027	head_oset=validate_head_oset(headexpr);
	1028	if(head_oset == NULL)
	1029	goto error;
	1030
	1031	/* build up the right side's abac oset structure */
	1032	abac_yy_expression_t *curr_tail = tailexpr;
	1033	int intersecting=(tailexpr->next != NULL)? 1:0;
	1034	abac_oset_t *curr_oset = NULL;
	1035	while (curr_tail) {
	1036	switch(curr_tail->type) {
	1037	case e_yy_EXPR_OBJECT:
	1038	curr_oset=validate_object_tail_oset(curr_tail);
	1039	break;
	1040	case e_yy_EXPR_NAMED:
	1041	curr_oset=validate_named_tail_oset(curr_tail);
	1042	break;
	1043	case e_yy_EXPR_OSET:
	1044	curr_oset=validate_oset_tail_oset(curr_tail);
	1045	break;
	1046	case e_yy_EXPR_LINKED:
	1047	curr_oset=validate_linked_tail_oset(curr_tail);
	1048	break;
	1049	}
	1050	if(curr_oset==NULL)
	1051	goto error;
	1052
	1053	/* check if first one */
	1054	if(tail_oset==NULL) {
	1055	if(intersecting)
	1056	tail_oset=validate_intersected_tail_oset(curr_oset);
	1057	else
	1058	tail_oset=curr_oset;
	1059	} else {
	1060	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
	1061	}
	1062	curr_tail=curr_tail->next;
	1063	} /* while */
	1064
	1065	/* XXX collect up type clauses, constraint clauses and
	1066	generate rule clauses */
	1067	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
	1068	if(tmp == NULL)
	1069	goto error;
	1070
	1071	if(debug) {
	1072	abac_print_oset_string_with_condition(head_oset,NULL);
	1073	abac_print_oset_string_with_condition(tail_oset,NULL);
	1074	}
	1075
	1076	_free_yy_expression(headexpr);
	1077	_free_yy_expression(tailexpr);
[b5a3da4]	1078	abac_rule_head_oset=head_oset;
	1079	abac_rule_tail_oset=tail_oset;
	1080	abac_rule_is_oset=1;
[da5afdf]	1081	return tmp;
	1082
	1083	error:
	1084	_free_yy_expression(headexpr);
	1085	_free_yy_expression(tailexpr);
	1086	if(head_oset)
	1087	abac_oset_free(head_oset);
	1088	if(tail_oset)
	1089	abac_oset_free(tail_oset);
	1090	return NULL;
	1091	}
	1092
	1093	/****************************************************************/
	1094	static void _role_add_terms(int linked, abac_role_t *role,
	1095	abac_yy_term_t *terms)
[a9494ad]	1096	{
[da5afdf]	1097	abac_yy_term_t *curr = terms;
[a9494ad]	1098	int type;
	1099	char *name=NULL;
	1100	char *cond=NULL;
[da5afdf]	1101	void *ptr=NULL;
[a9494ad]	1102	while (curr) {
	1103	switch (curr->type) {
[da5afdf]	1104	case e_yy_DTERM_DATA:
[a9494ad]	1105	{
[d845403]	1106	abac_yy_term_data_t *pptr=curr->term.d_ptr;
	1107	type=pptr->type;
	1108	name=abac_xstrdup(pptr->name);
	1109	cond=abac_xstrdup(pptr->cond_str);
	1110	ptr=pptr->cond_ptr;
[a9494ad]	1111	break;
	1112	}
[da5afdf]	1113	case e_yy_DTERM_PRINCIPAL:
[a9494ad]	1114	{
[d845403]	1115	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
[b5a3da4]	1116	type=abac_term_verify_term_type("principal");
[d845403]	1117	name=abac_xstrdup(pptr->name);
	1118	cond=abac_xstrdup(pptr->cond_str);
	1119	ptr=pptr->cond_ptr;
[a9494ad]	1120	break;
	1121	}
[da5afdf]	1122	case e_yy_DTERM_NAMED:
[a9494ad]	1123	{
[d845403]	1124	abac_yy_principal_t *pptr=curr->term.n_ptr;
	1125	type=pptr->type;
[a9494ad]	1126	/* XXX should be switching to sha in the future */
[d845403]	1127	name=abac_xstrdup(pptr->cn);
[a9494ad]	1128	cond=NULL;
[da5afdf]	1129	ptr=NULL;
[a9494ad]	1130	break;
	1131	}
[da5afdf]	1132	case e_yy_DTERM_ANONYMOUS:
[a9494ad]	1133	{
	1134	type=0;
	1135	name=abac_xstrdup("_");
	1136	cond=NULL;
[da5afdf]	1137	ptr=NULL;
[a9494ad]	1138	break;
	1139	}
	1140	}
[d845403]	1141
[da5afdf]	1142	abac_term_t *param=abac_term_new(type,name,cond,ptr);
[a9494ad]	1143	if (linked)
[da5afdf]	1144	abac_role_role_add_linked_param(role, param);
[a9494ad]	1145	else
[da5afdf]	1146	abac_role_role_add_param(role, param);
[a9494ad]	1147	curr=curr->next;
	1148	}
	1149	}
	1150
[da5afdf]	1151	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
[a9494ad]	1152	{
	1153	int linked=1;
[da5afdf]	1154	_role_add_terms(linked, role, terms);
[a9494ad]	1155	}
	1156
[da5afdf]	1157	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
[a9494ad]	1158	{
	1159	int linked=0;
[da5afdf]	1160	_role_add_terms(linked, role, terms);
[a9494ad]	1161	}
	1162
	1163
	1164	abac_role_t validate_intersected_tail_role(abac_role_t role)
	1165	{
	1166	abac_role_t *ret_role=NULL;
	1167	abac_list_t *prereqs = abac_list_new();
	1168	abac_list_add(prereqs, role);
	1169	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
	1170	return ret_role;
	1171	}
	1172
[da5afdf]	1173	abac_role_t validate_head_role(abac_yy_expression_t expr)
[a9494ad]	1174	{
	1175	abac_yy_principal_t *principal=expr->principal;
	1176	abac_yy_role_t *role=expr->role;
	1177
[da5afdf]	1178	char *principalname=get_yy_principal_principalname(principal);
[a9494ad]	1179	char *rolename=role->name;
[da5afdf]	1180	abac_yy_term_t *terms=role->terms;
[a9494ad]	1181	abac_role_t *ret_role=NULL;
	1182
	1183	ret_role=abac_role_role_new(principalname, rolename);
	1184	if (ret_role==NULL) {
[b5a3da4]	1185	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
[a9494ad]	1186	goto error;
	1187	}
	1188	if (!abac_role_is_role(ret_role)) {
[b5a3da4]	1189	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
[a9494ad]	1190	goto error;
	1191	}
	1192	// insert the params for the role
[da5afdf]	1193	if(terms) {
	1194	_role_add_role_terms(ret_role, terms);
[a9494ad]	1195	}
	1196
	1197	_add_yy_id_certs(principal->cn,principal->type);
	1198
	1199	return ret_role;
	1200
	1201	error:
	1202	return NULL;
	1203	}
	1204
[da5afdf]	1205	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
[a9494ad]	1206	{
	1207	abac_yy_principal_t *principal=expr->principal;
[da5afdf]	1208	char *principalname=get_yy_principal_principalname(principal);
[a9494ad]	1209	abac_role_t *ret_role=NULL;
	1210
	1211	ret_role = abac_role_principal_new(principalname);
	1212	_add_yy_id_certs(principal->cn,principal->type);
	1213
	1214	if (ret_role==NULL)
	1215	goto error;
	1216	return ret_role;
	1217
	1218	error:
	1219	panic("can not generate a simple named tail role");
	1220	return NULL;
	1221	}
	1222
[da5afdf]	1223	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
[a9494ad]	1224	{
	1225	abac_yy_principal_t *principal=expr->principal;
	1226	abac_yy_role_t *role=expr->role;
	1227
[da5afdf]	1228	char *principalname=get_yy_principal_principalname(principal);
[a9494ad]	1229
	1230	char *rolename=role->name;
[da5afdf]	1231	abac_yy_term_t *terms=role->terms;
[a9494ad]	1232
	1233	int ret;
	1234	abac_role_t *ret_role=NULL;
	1235
	1236	ret_role = abac_role_role_new(principalname, rolename);
	1237	if (ret_role==NULL)
	1238	goto error;
	1239
[da5afdf]	1240	if(terms) {
	1241	_role_add_role_terms(ret_role, terms);
[a9494ad]	1242	}
	1243
	1244	_add_yy_id_certs(principal->cn,principal->type);
	1245
	1246	return ret_role;
	1247
	1248	error:
	1249	panic("can not generate a simple tail role");
	1250	return NULL;
	1251	}
	1252	/* need to validate/generate a linked role out of this */
[da5afdf]	1253	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
[a9494ad]	1254	{
	1255	abac_yy_principal_t *principal=expr->principal;
	1256	abac_yy_role_t *role=expr->role;
	1257	abac_yy_role_t *linked_role=expr->linked_role;
	1258
[da5afdf]	1259	char *principalname=get_yy_principal_principalname(principal);
[a9494ad]	1260
	1261	char *rolename=role->name;
[da5afdf]	1262	abac_yy_term_t *terms=role->terms;
[a9494ad]	1263
	1264	char *linkedrolename=linked_role->name;
[da5afdf]	1265	abac_yy_term_t *linked_terms=linked_role->terms;
[a9494ad]	1266
	1267	int ret;
	1268	abac_role_t *ret_role=NULL;
	1269
	1270	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
	1271	if (ret_role==NULL)
	1272	goto error;
	1273
[da5afdf]	1274	if(linked_terms) {
	1275	_role_add_linked_terms(ret_role, linked_terms);
[a9494ad]	1276	}
[da5afdf]	1277	if(terms) {
	1278	_role_add_role_terms(ret_role, terms);
[a9494ad]	1279	}
	1280
	1281	_add_yy_id_certs(principal->cn,principal->type);
	1282
	1283	return ret_role;
	1284
	1285	error:
	1286	panic("can not generate linked tail role");
	1287	return NULL;
	1288	}
	1289
[b5a3da4]	1290	/***********************************************************************/
	1291	/* add the condition to constraint list */
	1292	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
	1293	{
	1294	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
	1295	if(head_expr) {
	1296	abac_oset_t *head_oset=validate_head_oset(head_expr);
	1297	if(head_oset == NULL)
	1298	goto error;
	1299
	1300	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
	1301	set_yy_term_data_cond_str(ptr,tmp);
	1302	set_yy_term_data_cond_ptr(ptr,head_oset);
	1303	abac_yy_add_yy_constraints(tmp);
	1304	return tmp;
	1305	}
	1306	return NULL;
	1307	error:
	1308	return NULL;
	1309	}
	1310	/****************************************************************/
	1311	/* add the range condition to constraint list */
	1312
	1313	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
	1314	{
[c586a3c]	1315	/* XXXX this only works for integer and float */
[b5a3da4]	1316	char *typestr=abac_term_type(ptr->type);
	1317	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
	1318	char *tmplist=NULL;
	1319	char *tmp=NULL;
	1320	int is_range=1; /* either , or \| */
	1321	if(rlist) {
	1322	char *rstring=_string_yy_cond_range(rlist);
	1323	set_yy_term_data_cond_str(ptr,rstring);
	1324	abac_yy_range_t *cur;
	1325
	1326	abac_list_foreach(rlist, cur,
	1327	int type=cur->type;
	1328	char *val=cur->val;
	1329	switch(type) {
	1330	case e_yy_RANGE_MIN:
	1331	tmp=generate_pl_range_constraint_clause(typestr,var,val,">");
	1332	break;
	1333	case e_yy_RANGE_MAX:
	1334	tmp=generate_pl_range_constraint_clause(typestr,var,val,"<");
	1335	break;
	1336	case e_yy_RANGE_TARGET:
	1337	tmp=generate_pl_range_constraint_clause(typestr,var,val,"=");
	1338	int is_range=0;
	1339	break;
	1340	}
	1341	if(tmplist) {
	1342	if(is_range)
	1343	asprintf(&tmplist,"%s,%s",tmplist,tmp);
	1344	else
	1345	asprintf(&tmplist,"%s;%s",tmplist,tmp);
	1346	} else {
	1347	tmplist=tmp;
	1348	}
	1349	tmp=NULL;
	1350	);
	1351	asprintf(&tmplist,"(%s)",tmplist);
	1352	abac_yy_add_yy_constraints(tmplist);
	1353	}
	1354	}
	1355
	1356	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
	1357	{
	1358	char *tmp=NULL;
	1359	abac_role_t *head_role=NULL;
	1360
	1361	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
	1362	/* build up left side's abac role constraint structure */
	1363	head_role=validate_head_role(head_expr);
	1364	if(head_role == NULL)
	1365	goto error;
	1366
	1367	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
	1368	set_yy_term_principal_cond_str(ptr,tmp);
	1369	set_yy_term_principal_cond_ptr(ptr,head_role);
	1370	abac_yy_add_yy_constraints(tmp);
	1371	return tmp;
	1372
	1373	error:
	1374	return NULL;
	1375	}
[a9494ad]	1376
[da5afdf]	1377	/* build up the abac structure and also create the yap clause
	1378	and insert it into db */
	1379	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
	1380	abac_yy_expression_t *tailexpr)
[a9494ad]	1381	{
	1382	abac_role_t *head_role=NULL;
	1383	abac_role_t *tail_role=NULL;
	1384
	1385	/* build up left side's abac role structure */
	1386	head_role=validate_head_role(headexpr);
	1387	if(head_role == NULL)
	1388	goto error;
	1389
	1390	/* build up the right side's abac role structure */
[da5afdf]	1391	abac_yy_expression_t *curr_tail = tailexpr;
[a9494ad]	1392	int intersecting=(tailexpr->next != NULL)? 1:0;
	1393	abac_role_t *curr_role = NULL;
	1394	while (curr_tail) {
[da5afdf]	1395	switch(curr_tail->type) {
	1396	case e_yy_EXPR_NAMED:
[a9494ad]	1397	curr_role=validate_named_tail_role(curr_tail);
	1398	break;
[da5afdf]	1399	case e_yy_EXPR_ROLE:
[a9494ad]	1400	curr_role=validate_role_tail_role(curr_tail);
	1401	break;
[da5afdf]	1402	case e_yy_EXPR_LINKED:
[a9494ad]	1403	curr_role=validate_linked_tail_role(curr_tail);
	1404	break;
	1405	}
	1406	if(curr_role==NULL)
	1407	goto error;
	1408
	1409	/* check if first one */
	1410	if(tail_role==NULL) {
	1411	if(intersecting)
	1412	tail_role=validate_intersected_tail_role(curr_role);
	1413	else
	1414	tail_role=curr_role;
	1415	} else {
	1416	abac_role_add_intersecting_role(tail_role,curr_role);
	1417	}
	1418	curr_tail=curr_tail->next;
	1419	} /* while */
	1420
[da5afdf]	1421	/* collect up type clauses, constraint clases and
	1422	generate the final rule clauses */
	1423	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
[a9494ad]	1424	if(tmp == NULL)
	1425	goto error;
	1426
	1427	if(debug) {
[da5afdf]	1428	abac_print_role_string_with_condition(head_role,NULL);
	1429	abac_print_role_string_with_condition(tail_role,NULL);
[a9494ad]	1430	}
	1431
[da5afdf]	1432	_free_yy_expression(headexpr);
	1433	_free_yy_expression(tailexpr);
[b5a3da4]	1434	abac_rule_head_role=head_role;
	1435	abac_rule_tail_role=tail_role;
	1436	abac_rule_is_oset=0;
[a9494ad]	1437	return tmp;
	1438
	1439	error:
[da5afdf]	1440	_free_yy_expression(headexpr);
	1441	_free_yy_expression(tailexpr);
[a9494ad]	1442	if(head_role)
	1443	abac_role_free(head_role);
	1444	if(tail_role)
	1445	abac_role_free(tail_role);
	1446	return NULL;
	1447	}
[da5afdf]	1448
	1449
[b5a3da4]	1450	/************************************************************************/
	1451	void abac_yy_init()
	1452	{
	1453	abac_yyinit();
	1454	abac_yy_init_rule_id_clauses();
	1455	abac_yy_init_yy_id_certs();
	1456	abac_yy_init_yy_constraints();
	1457	}
	1458
	1459

Note: See TracBrowser for help on using the repository browser.

Download in other formats: