Context Navigation

source: libabac/abac_pl_yy.c @ 2cdbe49

mei_rt2mei_rt2_fix_1

Last change on this file since 2cdbe49 was 137b55f, checked in by Mei <mei@…>, 12 years ago
1) upgraded to use strongswan-4.6.4
Property mode set to `100644`
File size: 30.9 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	int using_this=0;
14
15	extern void panic(char*);
16
17	/* from abac_pl_gen.c */
18	extern abac_list_t generate_pl_clauses(abac_aspect_t , abac_aspect_t *);
19
20	/* from rt2.y */
21	extern void abac_yyinit();
22
23	int abac_yy_error_code = 0; /* keeping last error code */
24
25	int abac_rule_is_oset=0;
26	abac_list_t *abac_rule_clauses=NULL;
27	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
28	abac_aspect_t *abac_rule_head_aspect=NULL;
29	abac_aspect_t *abac_rule_tail_aspect=NULL;
30
31
32	/* structure to hold the range information
33	within a static constraints on few types of
34	oset types
35	[a..b], [a..], [..b], [a],[a,b],[many a]
36	e_yy_RANGE_MIN=1;
37	e_yy_RANGE_MAX=2;
38	e_yy_RANGE_TARGET=3;
39	*/
40	typedef struct _abac_yy_range_t {
41	int type;
42	char *val;
43	} abac_yy_range_t;
44
45	/* local principal structure [keyid:USC] */
46	struct _abac_yy_principal_t {
47	int type;
48	char *sha; // sha is null when this is of object type
49	char *cn;
50	};
51
52	/* [principal:?Z]:..., must match a principal name */
53	struct _abac_yy_term_principal_t {
54	int type; /* this needs to be implicitly determined */
55	int is_anonymous;
56	char *name;
57	int isrange;
58	char *cond_str; // range string ??? not sure if this is possible
59	void *cond_ptr; // ptr to a saved abac_aspect_t or a list(item_t)
60	abac_yy_expression_t *cond_head_expr;
61	};
62
63	/* integer,float,time,urn,string types,
64	if has condition, then it is a variable,
65	ie,
66	[int:?Year]:<1930..1932>,
67	if no condition, then it is a constant,
68	ie,
69	[int:10]
70	*/
71	struct _abac_yy_term_data_t {
72	int is_variable;
73	int is_anonymous;
74	int type;
75	char *name;
76	char *cond_str; // range string
77	void *cond_ptr; // ptr to a saved abac_aspect_t
78	abac_list_t *cond_range;
79	abac_yy_expression_t *cond_head_expr; // parking stub
80	};
81
82	/* local term structure, will distinguish it in the future */
83	/* e_yy_DTERM_DATA, all other types
84	e_yy_DTERM_NAMED, keyid:bob
85	e_yy_DTERM_PRINCIPAL, principal:?P
86	e_yy_DTERM_ANONYMOUS ? */
87	struct _abac_yy_term_t {
88	union {
89	abac_yy_principal_t *n_ptr;
90	abac_yy_term_principal_t *p_ptr;
91	abac_yy_term_data_t *d_ptr;
92	} term;
93	int type;
94	struct _abac_yy_term_t *next;
95	int bcnt; /* this is to track number of terms in this linked up list */
96	};
97
98	/* local role/oset structure,
99	e_yy_NULL_TYPE, e_yy_ROLE_TYPE, e_yy_OSET_TYPE
100	*/
101	struct _abac_yy_roleoset_t {
102	int type;
103	char *name;
104	abac_yy_term_t *terms;
105	struct _abac_yy_roleoset_t *next;
106	int bcnt; /* this is to track number of roles in this linked up list */
107	};
108
109
110	/* A, A.r, A.r.r */
111	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
112	/* A/obj, A.o, A.r.o */
113	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
114	struct _abac_yy_expression_t {
115	int type;
116	union {
117	abac_yy_principal_t *principal;
118	abac_yy_term_data_t *object;
119	};
120	abac_yy_roleoset_t *linked_role;
121	abac_yy_roleoset_t *roleoset;
122
123	struct _abac_yy_expression_t *next;
124	int bcnt;
125	};
126
127	static void _free_yy_expression(abac_yy_expression_t *);
128
129	/************************************************************************/
130	void abac_yy_set_error_code(int v)
131	{
132	abac_yy_error_code=v;
133	}
134
135	/************************************************************************/
136	abac_stack_t *abac_yy_get_rule_id_clauses()
137	{
138	return abac_rule_id_clauses;
139	}
140
141	abac_stack_t *abac_yy_init_rule_id_clauses()
142	{
143	abac_rule_id_clauses=abac_stack_new();
144	return abac_rule_id_clauses;
145	}
146
147	void abac_yy_free_rule_id_clauses()
148	{
149	if (abac_rule_id_clauses != NULL)
150	abac_stack_free(abac_rule_id_clauses);
151	}
152
153	void abac_yy_set_rule_clauses(abac_list_t *clauses)
154	{
155	abac_rule_clauses=clauses;
156	if(debug) {
157	printf("printing out abac_rule_clauses:\n");
158	abac_print_clauses(abac_rule_clauses,NULL);
159	}
160	}
161
162	abac_list_t *abac_yy_get_rule_clauses()
163	{
164	return abac_rule_clauses;
165	}
166
167	void abac_yy_free_rule_clauses()
168	{
169	if (abac_rule_clauses != NULL) {
170	abac_pl_free_id_certs();
171	abac_list_free(abac_rule_clauses);
172	}
173	}
174
175	/* just set it to NULL without freeing the structure */
176	void abac_yy_reset_rule_clauses()
177	{
178	abac_rule_clauses=NULL;
179	}
180
181	bool abac_yy_get_rule_is_oset()
182	{
183	return abac_rule_is_oset;
184	}
185
186	abac_aspect_t *abac_yy_get_rule_head_aspect()
187	{
188	return abac_rule_head_aspect;
189	}
190
191	abac_aspect_t *abac_yy_get_rule_tail_aspect()
192	{
193	return abac_rule_tail_aspect;
194	}
195
196
197	/************************************************************************/
198	static void _free_yy_cond_range(abac_list_t *ptr)
199	{
200	if (ptr != NULL) {
201	abac_yy_range_t *cur;
202	abac_list_foreach(ptr, cur,
203	if(cur && cur->val) free(cur->val);
204	free(cur);
205	);
206	abac_list_free(ptr);
207	}
208	}
209
210	static char _string_yy_cond_range(abac_list_t ptr)
211	{
212	assert(ptr);
213	char *tmp=NULL;
214	char *min=NULL;
215	char *max=NULL;
216	char *val=NULL;
217	int type;
218
219	abac_yy_range_t *cur;
220	abac_list_foreach(ptr, cur,
221	type=cur->type;
222	switch (type) {
223	case e_yy_RANGE_MIN:
224	min=abac_xstrdup(cur->val);
225	break;
226	case e_yy_RANGE_MAX:
227	max=abac_xstrdup(cur->val);
228	break;
229	case e_yy_RANGE_TARGET:
230	if(val)
231	asprintf(&val,"%s,%s",val,cur->val);
232	else val=abac_xstrdup(cur->val);
233	break;
234	}
235	);
236	if(max && min) {
237	asprintf(&tmp,"[%s..%s]",min,max);
238	free(max);
239	free(min);
240	return tmp;
241	}
242	if(max) {
243	asprintf(&tmp,"[..%s]",max);
244	free(max);
245	return tmp;
246	}
247	if(min) {
248	asprintf(&tmp,"[%s..]",min);
249	free(min);
250	return tmp;
251	}
252	if(val) {
253	asprintf(&tmp,"[%s]",val);
254	free(val);
255	return tmp;
256	}
257	return NULL;
258	}
259
260	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
261	{
262	abac_yy_range_t *range=
263	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
264	range->type=e_yy_RANGE_TARGET;
265	range->val=abac_xstrdup(val);
266	abac_list_add(ptr, range);
267	return ptr;
268	}
269
270	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
271	{
272	abac_yy_range_t *range=
273	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
274	range->type=type;
275	range->val=abac_xstrdup(val);
276	abac_list_add(ptr, range);
277	return ptr;
278	}
279
280	abac_list_t make_yy_val_range(char val)
281	{
282	abac_list_t *ptr=abac_list_new();
283	add_yy_val_range(ptr,val);
284	return ptr;
285	}
286
287	abac_list_t make_yy_minmax_range(char min, char *max)
288	{
289	abac_list_t *ptr=abac_list_new();
290	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
291	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
292	return ptr;
293	}
294
295	abac_list_t make_yy_min_range(char min)
296	{
297	abac_list_t *ptr=abac_list_new();
298	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
299	return ptr;
300	}
301
302	abac_list_t make_yy_max_range(char max)
303	{
304	abac_list_t *ptr=abac_list_new();
305	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
306	return ptr;
307	}
308
309	/***********************************************************************/
310	abac_yy_term_data_t *make_yy_term_data()
311	{
312	abac_yy_term_data_t *ptr=
313	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
314	ptr->name=NULL;
315	ptr->type=0;
316	ptr->is_variable=0;
317	ptr->is_anonymous=0;
318	ptr->cond_str=NULL;
319	ptr->cond_head_expr=NULL;
320	ptr->cond_ptr=NULL;
321	ptr->cond_range=NULL;
322	return ptr;
323	}
324
325	void set_yy_term_data_name(abac_yy_term_data_t ptr, char name)
326	{
327	ptr->name=abac_xstrdup(name);
328	}
329
330	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
331	{
332	return ptr->cond_range;
333	}
334
335	char get_yy_term_data_name(abac_yy_term_data_t ptr)
336	{
337	return ptr->name;
338	}
339
340	bool is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
341	{
342	if(ptr->cond_head_expr != NULL)
343	return 1;
344	if(ptr->cond_range != NULL)
345	return 1;
346	return 0;
347	}
348
349	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
350	abac_list_t *range)
351	{
352	ptr->cond_range=range;
353	}
354
355	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
356	abac_yy_expression_t *expr)
357	{
358	ptr->cond_head_expr=expr;
359	}
360
361	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
362	{
363	return ptr->cond_head_expr;
364	}
365
366	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
367	{
368	int type=abac_verify_term_type(typestr);
369	ptr->type=type;
370	}
371
372	void set_yy_term_data_is_anonymous(abac_yy_term_data_t *ptr)
373	{
374	ptr->is_anonymous=1;
375	}
376
377	bool is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
378	{
379	if(ptr->type==abac_verify_term_type("integer") \|\|
380	ptr->type==abac_verify_term_type("float"))
381	return 1;
382	return 0;
383	}
384
385	bool is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
386	{
387	if(ptr->type==abac_verify_term_type("time"))
388	return 1;
389	return 0;
390	}
391
392	bool is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
393	{
394	if(ptr->type==abac_verify_term_type("string") \|\|
395	ptr->type==abac_verify_term_type("urn") \|\|
396	ptr->type==abac_verify_term_type("boolean"))
397	return 1;
398	return 0;
399	}
400
401	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
402	{
403	ptr->cond_ptr=vptr;
404	}
405
406	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
407	{
408	ptr->cond_str=abac_xstrdup(cond);
409	}
410
411	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
412	{
413	ptr->is_variable=1;
414	}
415
416	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
417	{
418	return ptr->is_variable;
419	}
420
421	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
422	{
423	free(ptr->name);
424	if(ptr->cond_str)
425	free(ptr->cond_str);
426	if(ptr->cond_head_expr)
427	_free_yy_expression(ptr->cond_head_expr);
428	if(ptr->cond_range);
429	_free_yy_cond_range(ptr->cond_range);
430	free(ptr);
431	}
432
433	abac_yy_term_principal_t *make_yy_term_principal()
434	{
435	abac_yy_term_principal_t *ptr=
436	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
437	ptr->type=0;/* this is not known */
438	ptr->is_anonymous=0;
439	ptr->name=NULL;
440	ptr->isrange=0;
441	ptr->cond_str=NULL;
442	ptr->cond_ptr=NULL;
443	ptr->cond_head_expr=NULL;
444	return ptr;
445	}
446
447	static void _set_using_this()
448	{
449	using_this=1;
450	}
451
452	void set_yy_term_principal_isrange(abac_yy_term_principal_t *ptr, int isrange)
453	{
454	ptr->isrange=isrange;
455	}
456
457	void set_yy_term_principal_name(abac_yy_term_principal_t ptr, char name)
458	{
459	/* handle special case when the name=this, change it to This */
460	if(strcmp(name,"this")==0) {
461	ptr->name=abac_xstrdup("This");
462	_set_using_this();
463	} else ptr->name=abac_xstrdup(name);
464	}
465
466	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
467	{
468	ptr->cond_ptr=vptr;
469	}
470
471	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
472	{
473	ptr->cond_str=abac_xstrdup(cond);
474	}
475
476	void set_yy_term_principal_is_anonymous(abac_yy_term_principal_t *ptr)
477	{
478	ptr->is_anonymous=1;
479	}
480
481	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
482	{
483	return ptr->cond_head_expr;
484	}
485
486	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
487	abac_yy_expression_t *expr)
488	{
489	ptr->cond_head_expr=expr;
490	}
491
492	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
493	{
494	free(ptr->name);
495	if(ptr->cond_str)
496	free(ptr->cond_str);
497	if(ptr->cond_head_expr)
498	_free_yy_expression(ptr->cond_head_expr);
499	free(ptr);
500	}
501
502	abac_yy_term_t *make_yy_term_dterm_anonymous()
503	{
504	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
505	ptr->type = e_yy_DTERM_ANONYMOUS;
506	ptr->next=NULL;
507	ptr->bcnt=1;
508	return ptr;
509	}
510
511	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
512	{
513	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
514	if(pptr->is_anonymous)
515	ptr->type = e_yy_DTERM_ANONYMOUS;
516	else ptr->type = e_yy_DTERM_PRINCIPAL;
517	ptr->term.p_ptr=pptr;
518	ptr->next=NULL;
519	ptr->bcnt=1;
520	return ptr;
521	}
522
523	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
524	{
525	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
526	ptr->type = e_yy_DTERM_NAMED;
527	ptr->term.n_ptr=nptr;
528	ptr->next=NULL;
529	ptr->bcnt=1;
530	return ptr;
531	}
532
533	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
534	{
535	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
536
537	if(dptr->is_anonymous)
538	ptr->type = e_yy_DTERM_ANONYMOUS;
539	else ptr->type = e_yy_DTERM_DATA;
540	ptr->term.d_ptr=dptr;
541	ptr->next=NULL;
542	ptr->bcnt=1;
543	return ptr;
544	}
545
546	/****************************************************************************/
547	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
548	{
549	abac_yy_principal_t *ptr=
550	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
551	/* add p to yyparse's principal */
552	if(sha) ptr->sha=abac_xstrdup(sha);
553	else ptr->sha=NULL;
554	if(cn) ptr->cn=abac_xstrdup(cn);
555	else ptr->cn=NULL;
556	ptr->type=type;
557	return ptr;
558	}
559
560	static void _free_yy_principal(abac_yy_principal_t *ptr)
561	{
562	if(ptr->sha) free(ptr->sha);
563	if(ptr->cn) free(ptr->cn);
564	free(ptr);
565	}
566
567	int get_yy_principal_type(abac_yy_principal_t *ptr)
568	{
569	return ptr->type;
570	}
571
572	char get_yy_principal_name(abac_yy_principal_t ptr)
573	{
574	if(USE("ABAC_CN") && ptr->cn)
575	return ptr->cn;
576	return ptr->sha;
577	}
578
579	char get_yy_principal_cn(abac_yy_principal_t ptr)
580	{
581	return ptr->cn;
582	}
583
584	char get_yy_principal_sha(abac_yy_principal_t ptr)
585	{
586	return ptr->sha;
587	}
588
589	/*************************************************************************/
590
591	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
592	{
593	int i=terms->bcnt;
594	nterm->next=terms;
595	nterm->bcnt=i+1;
596	return nterm;
597	}
598
599	static void _free_yy_term(abac_yy_term_t *ptr)
600	{
601	switch (ptr->type) {
602	case e_yy_DTERM_DATA:
603	_free_yy_term_data(ptr->term.d_ptr);
604	break;
605	case e_yy_DTERM_NAMED:
606	_free_yy_principal(ptr->term.n_ptr);
607	break;
608	case e_yy_DTERM_PRINCIPAL:
609	_free_yy_term_principal(ptr->term.p_ptr);
610	break;
611	case e_yy_DTERM_ANONYMOUS:
612	break;
613	}
614	if(ptr->next)
615	_free_yy_term(ptr->next);
616	free(ptr);
617	}
618
619	/*************************************************************************/
620	abac_yy_roleoset_t make_yy_roleoset_role(char name, abac_yy_term_t *terms)
621	{
622	abac_yy_roleoset_t *ptr=
623	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
624	ptr->name=abac_xstrdup(name);
625	ptr->terms=terms;
626	ptr->next=NULL;
627	ptr->bcnt=1;
628	ptr->type=e_yy_ROLE_TYPE;
629	return ptr;
630	}
631
632	static void _free_yy_roleoset(abac_yy_roleoset_t *ptr)
633	{
634	free(ptr->name);
635	if(ptr->terms)
636	_free_yy_term(ptr->terms);
637	if(ptr->next)
638	_free_yy_roleoset(ptr->next);
639	free(ptr);
640	}
641
642	/***************************************************************************/
643	abac_yy_roleoset_t make_yy_roleoset_oset(char name, abac_yy_term_t *terms)
644	{
645	abac_yy_roleoset_t *ptr=
646	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
647	ptr->name=abac_xstrdup(name);
648	ptr->terms=terms;
649	ptr->next=NULL;
650	ptr->bcnt=1;
651	ptr->type=e_yy_OSET_TYPE;
652	return ptr;
653	}
654
655	/***************************************************************************/
656
657	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
658
659	abac_yy_expression_t make_yy_expression(int type,void pptr,
660	abac_yy_roleoset_t optr, abac_yy_roleoset_t linked_role)
661	{
662	abac_yy_expression_t *ptr=
663	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
664	ptr->type = type;
665	if(type == e_yy_EXPR_OBJECT) {
666	ptr->object=(abac_yy_term_data_t *)pptr;
667	} else {
668	ptr->principal = (abac_yy_principal_t *)pptr;
669	}
670	ptr->roleoset = optr;
671	ptr->linked_role=linked_role;
672	ptr->next=NULL;
673
674	return ptr;
675	}
676
677	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
678	{
679	if(ptr->type == e_yy_EXPR_OBJECT)
680	return ptr->object;
681	return NULL;
682	}
683
684	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
685	abac_yy_expression_t *exprs)
686	{
687	int i=exprs->bcnt;
688	nexpr->next=exprs;
689	nexpr->bcnt=i+1;
690	return nexpr;
691	}
692
693	static void _free_yy_expression(abac_yy_expression_t *ptr)
694	{
695	if(ptr->type == e_yy_EXPR_OBJECT) {
696	if(ptr->object)
697	_free_yy_term_data(ptr->object);
698	} else {
699	if(ptr->principal)
700	_free_yy_principal(ptr->principal);
701	}
702	if(ptr->roleoset) _free_yy_roleoset(ptr->roleoset);
703	if(ptr->linked_role)
704	_free_yy_roleoset(ptr->linked_role);
705	if(ptr->next)
706	_free_yy_expression(ptr->next);
707
708	free(ptr);
709	}
710
711	/***************************************************************************/
712	/* add the oset condition to constraint list */
713	void make_yy_oset_constraint(abac_yy_term_data_t ptr, char tail_string)
714	{
715	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
716	if(head_expr) {
717	abac_aspect_t *head_aspect=validate_head(e_yy_OSET_TYPE,head_expr);
718	if(head_aspect != NULL) {
719	if(debug) printf("make_yy_oset_constraint..\n");
720	set_yy_term_data_cond_ptr(ptr,head_aspect);
721	}
722	}
723	}
724
725	/* add the role condition to constraint list */
726	void make_yy_role_constraint(abac_yy_term_principal_t ptr, char tail_string)
727	{
728	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
729	if(head_expr) {
730	abac_aspect_t *head_aspect=validate_head(e_yy_ROLE_TYPE,head_expr);
731	if(head_aspect != NULL) {
732	if(debug) printf("make_yy_role_constraint..\n");
733	set_yy_term_principal_cond_ptr(ptr,head_aspect);
734	set_yy_term_principal_isrange(ptr,0);
735	}
736	}
737	}
738
739
740	/****************************************************************/
741	static void _aspect_add_terms(int linked, abac_aspect_t *aspect_ptr,
742	abac_yy_term_t *terms)
743	{
744	abac_yy_term_t *curr = terms;
745	int type;
746	int isnamed;
747	int isrange;
748	char *name;
749	char *cond;
750	void *ptr;
751
752	while (curr) {
753	name=NULL;
754	cond=NULL;
755	ptr=NULL;
756	isnamed=0;
757	isrange=0;
758	switch (curr->type) {
759	case e_yy_DTERM_DATA:
760	{
761	abac_yy_term_data_t *dptr=curr->term.d_ptr;
762	type=dptr->type;
763	name=abac_xstrdup(dptr->name);
764	if(dptr->cond_str)
765	cond=abac_xstrdup(dptr->cond_str);
766	ptr=dptr->cond_ptr;
767	isrange=(dptr->cond_range!=NULL)?1:0;
768	break;
769	}
770	case e_yy_DTERM_PRINCIPAL:
771	{
772	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
773	type=abac_verify_term_type("principal");
774	name=abac_xstrdup(pptr->name);
775	if(pptr->cond_str)
776	cond=abac_xstrdup(pptr->cond_str);
777	ptr=pptr->cond_ptr;
778	isrange=pptr->isrange;
779	break;
780	}
781	case e_yy_DTERM_NAMED:
782	{
783	abac_yy_principal_t *pptr=curr->term.n_ptr;
784	type=pptr->type;
785	name=abac_xstrdup(get_yy_principal_name(pptr));
786	isnamed=1;
787	break;
788	}
789	case e_yy_DTERM_ANONYMOUS:
790	{
791	type=abac_verify_term_type("anonymous");
792	name=abac_xstrdup("_");
793	break;
794	}
795	}
796	abac_term_t *param=NULL;
797	if(isnamed)
798	param=abac_term_named_new(type,name);
799	else param=abac_term_new(type,name,isrange,cond,ptr);
800	if (linked)
801	abac_aspect_add_linked_param(aspect_ptr, param);
802	else
803	abac_aspect_add_param(aspect_ptr, param);
804	curr=curr->next;
805	}
806	}
807
808	static void _aspect_add_linked_terms(abac_aspect_t ptr, abac_yy_term_t terms)
809	{
810	int linked=1;
811	_aspect_add_terms(linked, ptr, terms);
812	}
813
814	static void _aspect_add_aspect_terms(abac_aspect_t ptr, abac_yy_term_t terms)
815	{
816	int linked=0;
817	_aspect_add_terms(linked, ptr, terms);
818	}
819
820	abac_aspect_t validate_intersected_tail(abac_aspect_t ptr)
821	{
822	abac_aspect_t *ret_ptr=abac_aspect_intersection_new(ptr);
823	return ret_ptr;
824	}
825
826	/* A.oset, A.role */
827	abac_aspect_t validate_head(int yytype, abac_yy_expression_t expr)
828	{
829	abac_yy_principal_t *principal=expr->principal;
830	abac_yy_roleoset_t *ptr=expr->roleoset;
831
832	char *principalname=get_yy_principal_sha(principal);
833	char *name=ptr->name;
834	abac_yy_term_t *terms=ptr->terms;
835
836	abac_aspect_t *aptr=NULL;
837	if(yytype==e_yy_OSET_TYPE)
838	aptr=abac_aspect_oset_new(principalname, name);
839	else aptr=abac_aspect_role_new(principalname, name);
840
841	if (aptr==NULL) {
842	abac_yy_set_error_code(ABAC_YY_INVALID_HEAD);
843	goto error;
844	}
845
846	// insert the params for the oset
847	if(terms) {
848	_aspect_add_aspect_terms(aptr, terms);
849	}
850	return aptr;
851
852	error:
853	return NULL;
854	}
855
856	abac_aspect_t validate_head_oset(abac_yy_expression_t expr)
857	{
858	return validate_head(e_yy_OSET_TYPE,expr);
859	}
860
861	abac_aspect_t validate_head_role(abac_yy_expression_t expr)
862	{
863	return validate_head(e_yy_ROLE_TYPE,expr);
864	}
865
866	/*****************************************************************************/
867	/* B */
868	abac_aspect_t validate_named_tail(int yytype, abac_yy_expression_t expr)
869	{
870	abac_yy_principal_t *principal=expr->principal;
871	char *principalname=get_yy_principal_sha(principal);
872
873	abac_aspect_t *ptr=NULL;
874	if(yytype==e_yy_OSET_TYPE)
875	ptr=abac_aspect_oset_principal_new(principalname);
876	else ptr=abac_aspect_role_principal_new(principalname);
877	if (ptr==NULL)
878	goto error;
879	return ptr;
880
881	error:
882	panic("can not generate a simple named tail oset aspect");
883	return NULL;
884	}
885
886
887	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
888	abac_aspect_t validate_object_tail(int yytype,abac_yy_expression_t expr)
889	{
890	abac_yy_term_data_t *object=get_yy_expression_object(expr);
891	assert(object != NULL);
892
893	char *name=object->name;
894	int type=object->type;
895	char *cond=object->cond_str;
896	void *ptr=object->cond_ptr;
897	int isrange=(object->cond_range!=NULL)?1:0;
898	abac_term_t *term=abac_term_new(type,name,isrange,cond,ptr);
899	abac_aspect_t *aptr=NULL;
900	if(yytype==e_yy_OSET_TYPE)
901	aptr=abac_aspect_oset_object_new(term);
902	else
903	goto error; /* can not be a role expression with obj */
904	if (aptr==NULL)
905	goto error;
906	return aptr;
907
908	error:
909	panic("can not generate a simple object tail oset aspect");
910	return NULL;
911	}
912
913
914	/* B.role or B.oset */
915	abac_aspect_t validate_some_tail(int yytype, abac_yy_expression_t expr)
916	{
917	abac_yy_principal_t *principal=expr->principal;
918	abac_yy_roleoset_t *eptr=expr->roleoset;
919
920	char *principalname=get_yy_principal_sha(principal);
921	char *name=eptr->name;
922	abac_yy_term_t *terms=eptr->terms;
923
924	abac_aspect_t *ptr=NULL;
925	if(yytype==e_yy_OSET_TYPE)
926	ptr=abac_aspect_oset_new(principalname, name);
927	else
928	ptr=abac_aspect_role_new(principalname, name);
929	if (ptr==NULL)
930	goto error;
931
932	if(terms) {
933	_aspect_add_aspect_terms(ptr, terms);
934	}
935	return ptr;
936
937	error:
938	panic("can not generate a simple tail aspect");
939	return NULL;
940	}
941
942	/* B.role.role or B.role.oset */
943	abac_aspect_t validate_linked_tail(int yytype, abac_yy_expression_t expr)
944	{
945	abac_yy_principal_t *principal=expr->principal;
946
947	abac_yy_roleoset_t *eptr=expr->roleoset;
948	abac_yy_roleoset_t *linked_role=expr->linked_role;
949
950	char *principalname=get_yy_principal_sha(principal);
951	char *name=eptr->name;
952	abac_yy_term_t *terms=eptr->terms;
953
954	char *linkedrolename=linked_role->name;
955	abac_yy_term_t *linked_terms=linked_role->terms;
956
957	abac_aspect_t *ptr=NULL;
958	if(yytype==e_yy_OSET_TYPE)
959	ptr=abac_aspect_oset_linking_new(principalname,
960	linkedrolename, name);
961	else ptr=abac_aspect_role_linking_new(principalname,
962	linkedrolename, name);
963	if (ptr==NULL)
964	goto error;
965
966	if(linked_terms) {
967	_aspect_add_linked_terms(ptr, linked_terms);
968	}
969	if(terms) {
970	_aspect_add_aspect_terms(ptr, terms);
971	}
972
973	return ptr;
974
975	error:
976	panic("can not generate linked tail oset");
977	return NULL;
978	}
979
980
981	/**********************************************************************/
982
983	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
984	abac_yy_expression_t *tailexpr)
985	{
986	abac_aspect_t *head_oset=NULL;
987	abac_aspect_t *tail_oset=NULL;
988
989	/* build up left side's abac oset structure */
990	head_oset=validate_head(e_yy_OSET_TYPE, headexpr);
991	if(head_oset == NULL)
992	goto error;
993
994	/* build up the right side's abac oset structure */
995	abac_yy_expression_t *curr_tail = tailexpr;
996	int intersecting=(tailexpr->next != NULL)? 1:0;
997	abac_aspect_t *curr_oset = NULL;
998	while (curr_tail) {
999	switch(curr_tail->type) {
1000	case e_yy_EXPR_OBJECT:
1001	curr_oset=validate_object_tail(e_yy_OSET_TYPE,curr_tail);
1002	break;
1003	case e_yy_EXPR_NAMED:
1004	curr_oset=validate_named_tail(e_yy_OSET_TYPE,curr_tail);
1005	break;
1006	case e_yy_EXPR_OSET:
1007	curr_oset=validate_some_tail(e_yy_OSET_TYPE,curr_tail);
1008	break;
1009	case e_yy_EXPR_LINKED:
1010	curr_oset=validate_linked_tail(e_yy_OSET_TYPE,curr_tail);
1011	break;
1012	}
1013	if(curr_oset==NULL)
1014	goto error;
1015
1016	/* check if first one */
1017	if(tail_oset==NULL) {
1018	if(intersecting)
1019	tail_oset=validate_intersected_tail(curr_oset);
1020	else
1021	tail_oset=curr_oset;
1022	} else {
1023	abac_aspect_add_intersecting_aspect(tail_oset,curr_oset);
1024	}
1025	curr_tail=curr_tail->next;
1026	} /* while */
1027
1028	preprocess_pl_head(head_oset);
1029	preprocess_pl_tail(tail_oset);
1030
1031	/* XXX collect up type clauses, constraint clauses and
1032	generate rule clauses */
1033	abac_list_t *tmp=generate_pl_clauses(head_oset,tail_oset);
1034	if(tmp == NULL)
1035	goto error;
1036
1037	if(debug) {
1038	abac_print_aspect_string_with_condition(head_oset,NULL);
1039	printf("\n");
1040	abac_print_aspect_string_with_condition(tail_oset,NULL);
1041	printf("\n");
1042	}
1043
1044	_free_yy_expression(headexpr);
1045	_free_yy_expression(tailexpr);
1046	abac_rule_head_aspect=head_oset;
1047	abac_rule_tail_aspect=tail_oset;
1048	abac_rule_is_oset=1;
1049	return tmp;
1050
1051	error:
1052	_free_yy_expression(headexpr);
1053	_free_yy_expression(tailexpr);
1054	if(head_oset)
1055	abac_aspect_free(head_oset);
1056	if(tail_oset)
1057	abac_aspect_free(tail_oset);
1058	return NULL;
1059	}
1060
1061	/*****************************************************************************/
1062	abac_list_t validate_range(abac_list_t ptr)
1063	{
1064	abac_list_t *nlist=abac_list_new();
1065
1066	abac_item_t *nitem;
1067	abac_yy_range_t *cur;
1068	char *val;
1069	int type;
1070	abac_list_foreach(ptr, cur,
1071	if(cur) {
1072	type=cur->type;
1073	val=cur->val;
1074	if(type==e_yy_RANGE_MIN) nitem=abac_item_new(abac_min_item_type(),val);
1075	if(type==e_yy_RANGE_MAX) nitem=abac_item_new(abac_max_item_type(),val);
1076	if(type==e_yy_RANGE_TARGET) nitem=abac_item_new(abac_target_item_type(),val);
1077	abac_list_add(nlist,nitem);
1078	}
1079	);
1080	return nlist;
1081	}
1082
1083	/****************************************************************/
1084	void make_yy_range_constraint(abac_yy_term_data_t *ptr)
1085	{
1086	if(is_yy_term_data_type_numeric(ptr) \|\|
1087	is_yy_term_data_type_alpha(ptr) \|\|
1088	is_yy_term_data_type_time(ptr)) {
1089	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1090	if(rlist) {
1091	abac_list_t *nlist=validate_range(rlist);
1092	set_yy_term_data_cond_ptr(ptr,nlist);
1093	}
1094	}
1095	}
1096	/*****************************************************************************/
1097	/* build up the abac structure and also create the yap clause
1098	and insert it into db */
1099	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1100	abac_yy_expression_t *tailexpr)
1101	{
1102	abac_aspect_t *head_role=NULL;
1103	abac_aspect_t *tail_role=NULL;
1104
1105	/* build up left side's abac role structure */
1106	head_role=validate_head(e_yy_ROLE_TYPE,headexpr);
1107	if(head_role == NULL)
1108	goto error;
1109
1110	/* build up the right side's abac role structure */
1111	abac_yy_expression_t *curr_tail = tailexpr;
1112	int intersecting=(tailexpr->next != NULL)? 1:0;
1113	abac_aspect_t *curr_role = NULL;
1114	while (curr_tail) {
1115	switch(curr_tail->type) {
1116	case e_yy_EXPR_NAMED:
1117	curr_role=validate_named_tail(e_yy_ROLE_TYPE,curr_tail);
1118	break;
1119	case e_yy_EXPR_ROLE:
1120	curr_role=validate_some_tail(e_yy_ROLE_TYPE,curr_tail);
1121	break;
1122	case e_yy_EXPR_LINKED:
1123	curr_role=validate_linked_tail(e_yy_ROLE_TYPE,curr_tail);
1124	break;
1125	}
1126	if(curr_role==NULL)
1127	goto error;
1128
1129	/* check if first one */
1130	if(tail_role==NULL) {
1131	if(intersecting)
1132	tail_role=validate_intersected_tail(curr_role);
1133	else
1134	tail_role=curr_role;
1135	} else {
1136	abac_aspect_add_intersecting_aspect(tail_role,curr_role);
1137	}
1138	curr_tail=curr_tail->next;
1139	} /* while */
1140
1141	preprocess_pl_head(head_role);
1142	preprocess_pl_tail(tail_role);
1143
1144	/* collect up type clauses, constraint clauses and
1145	generate the final rule clauses */
1146	abac_list_t *tmp=generate_pl_clauses(head_role,tail_role);
1147	if(tmp == NULL)
1148	goto error;
1149
1150	if(debug) {
1151	abac_print_aspect_string_with_condition(head_role,NULL);
1152	printf("\n");
1153	abac_print_aspect_string_with_condition(tail_role,NULL);
1154	printf("\n");
1155	}
1156
1157	_free_yy_expression(headexpr);
1158	_free_yy_expression(tailexpr);
1159	abac_rule_head_aspect=head_role;
1160	abac_rule_tail_aspect=tail_role;
1161	abac_rule_is_oset=0;
1162	return tmp;
1163
1164	error:
1165	_free_yy_expression(headexpr);
1166	_free_yy_expression(tailexpr);
1167	if(head_role)
1168	abac_aspect_free(head_role);
1169	if(tail_role)
1170	abac_aspect_free(tail_role);
1171	return NULL;
1172	}
1173
1174	/************************************************************************/
1175	void abac_yy_init()
1176	{
1177	abac_yyinit();
1178	abac_yy_init_rule_id_clauses();
1179	}
1180
1181

Note: See TracBrowser for help on using the repository browser.

Download in other formats: