Context Navigation

source: libabac/abac_pl_yy.c @ 2e9455f

mei_rt2

Last change on this file since 2e9455f was 2e9455f, checked in by Mei <mei@…>, 11 years ago
1) added namespace 2) tweak ?This, 3) allowing linking role/oset as constraining conditions 4) adding access_tests regression testing that uses GENI's access policy 5) added couple multi contexts regression tests 6) add compression/uncompression calls to abac_encode_string/abac_decode_string (libstrongwan only allows 512 char for attribute rule storage) 7) add attribute_now option to creddy that takes a whole char string for attribute rule
Property mode set to `100644`
File size: 30.8 KB

Line
1	/**
2	** abac_pl_yy.c
3	**/
4
5	/* C declarations */
6	#include <stdio.h>
7	#include <string.h>
8	#include <stdlib.h>
9	#include <assert.h>
10
11	#include "abac_stack.h"
12
13	#include "abac_pl_yy.h"
14	#include "abac_util.h"
15	#include "abac_pl_gen.h"
16	#include "abac_list.h"
17	#include "abac_term.h"
18	#include "abac_aspect.h"
19
20	static int debug=0;
21
22	abac_context_t abac_context=NULL; / context used for this parsing */
23	static int yy_using_this=0;
24	int abac_yy_error_code=0; /* keeping last error code */
25	int abac_rule_is_oset=0;
26
27	abac_aspect_t *abac_rule_head_aspect=NULL;
28	abac_aspect_t *abac_rule_tail_aspect=NULL;
29
30	/* structure to hold the range information
31	within a static constraints on few types of
32	oset types
33	[a..b], [a..], [..b], [a],[a,b],[many a]
34	e_yy_RANGE_MIN=1;
35	e_yy_RANGE_MAX=2;
36	e_yy_RANGE_TARGET=3;
37	*/
38	typedef struct _abac_yy_range_t {
39	int type;
40	char *val;
41	} abac_yy_range_t;
42
43	/* local principal structure [keyid:USC] */
44	struct _abac_yy_principal_t {
45	int type;
46	char *sha; // sha is null when this is of object type
47	char *cn;
48	};
49
50	/* [principal:?Z]:..., must match a principal name */
51	struct _abac_yy_term_principal_t {
52	int type; /* this needs to be implicitly determined */
53	int is_anonymous;
54	char *name;
55	int isrange;
56	char *cond_str; // range string ??? not sure if this is possible
57	void *cond_ptr; // ptr to a saved abac_aspect_t or a list(item_t)
58	abac_yy_expression_t *cond_head_expr;
59	};
60
61	/* integer,float,time,urn,string types,
62	if has condition, then it is a variable,
63	ie,
64	[int:?Year]:<1930..1932>,
65	if no condition, then it is a constant,
66	ie,
67	[int:10]
68	*/
69	struct _abac_yy_term_data_t {
70	int is_variable;
71	int is_anonymous;
72	int type;
73	char *name;
74	char *cond_str; // range string
75	void *cond_ptr; // ptr to a saved abac_aspect_t
76	abac_list_t *cond_range;
77	abac_yy_expression_t *cond_head_expr; // parking stub
78	};
79
80	/* local term structure, will distinguish it in the future */
81	/* e_yy_DTERM_DATA, all other types
82	e_yy_DTERM_NAMED, keyid:bob
83	e_yy_DTERM_PRINCIPAL, principal:?P
84	e_yy_DTERM_THIS, ?this
85	e_yy_DTERM_ANONYMOUS ? */
86	struct _abac_yy_term_t {
87	union {
88	abac_yy_principal_t *n_ptr;
89	abac_yy_term_principal_t *p_ptr;
90	abac_yy_term_data_t *d_ptr;
91	} term;
92	int type;
93	struct _abac_yy_term_t *next;
94	int bcnt; /* this is to track number of terms in this linked up list */
95	};
96
97	/* local role/oset structure,
98	e_yy_NULL_TYPE, e_yy_ROLE_TYPE, e_yy_OSET_TYPE
99	*/
100	struct _abac_yy_roleoset_t {
101	int type;
102	char *name;
103	abac_yy_term_t *terms;
104	struct _abac_yy_roleoset_t *next;
105	int bcnt; /* this is to track number of roles in this linked up list */
106	};
107
108
109	/* A, A.r, A.r.r */
110	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
111	/* A/obj, A.o, A.r.o */
112	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
113	struct _abac_yy_expression_t {
114	int type;
115	union {
116	abac_yy_principal_t *principal;
117	abac_yy_term_data_t *object;
118	};
119	abac_yy_roleoset_t *linked_role;
120	abac_yy_roleoset_t *roleoset;
121
122	struct _abac_yy_expression_t *next;
123	int bcnt;
124	};
125
126	/* local */
127	static void _free_yy_expression(abac_yy_expression_t *);
128	abac_aspect_t validate_head(int yytype, abac_yy_expression_t expr);
129	abac_aspect_t validate_linked_tail(int yytype, abac_yy_expression_t expr);
130
131	/************************************************************************/
132	void abac_yy_set_error_code(int v)
133	{
134	abac_yy_error_code=v;
135	}
136
137	int abac_yy_get_rule_is_oset()
138	{
139	return abac_rule_is_oset;
140	}
141
142	abac_aspect_t *abac_yy_get_rule_head_aspect()
143	{
144	return abac_rule_head_aspect;
145	}
146
147	abac_aspect_t *abac_yy_get_rule_tail_aspect()
148	{
149	return abac_rule_tail_aspect;
150	}
151
152	/************************************************************************/
153	static void _free_yy_cond_range(abac_list_t *ptr)
154	{
155	if (ptr != NULL) {
156	abac_yy_range_t *cur;
157	abac_list_foreach(ptr, cur,
158	if(cur && cur->val) free(cur->val);
159	free(cur);
160	);
161	abac_list_free(ptr);
162	}
163	}
164
165	static char _string_yy_cond_range(abac_list_t ptr)
166	{
167	assert(ptr);
168	char *tmp=NULL;
169	char *min=NULL;
170	char *max=NULL;
171	char *val=NULL;
172	int type;
173
174	abac_yy_range_t *cur;
175	abac_list_foreach(ptr, cur,
176	type=cur->type;
177	switch (type) {
178	case e_yy_RANGE_MIN:
179	min=abac_xstrdup(cur->val);
180	break;
181	case e_yy_RANGE_MAX:
182	max=abac_xstrdup(cur->val);
183	break;
184	case e_yy_RANGE_TARGET:
185	if(val)
186	asprintf(&val,"%s,%s",val,cur->val);
187	else val=abac_xstrdup(cur->val);
188	break;
189	}
190	);
191	if(max && min) {
192	asprintf(&tmp,"[%s..%s]",min,max);
193	free(max);
194	free(min);
195	return tmp;
196	}
197	if(max) {
198	asprintf(&tmp,"[..%s]",max);
199	free(max);
200	return tmp;
201	}
202	if(min) {
203	asprintf(&tmp,"[%s..]",min);
204	free(min);
205	return tmp;
206	}
207	if(val) {
208	asprintf(&tmp,"[%s]",val);
209	free(val);
210	return tmp;
211	}
212	return NULL;
213	}
214
215	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
216	{
217	abac_yy_range_t *range=
218	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
219	range->type=e_yy_RANGE_TARGET;
220	range->val=abac_xstrdup(val);
221	abac_list_add(ptr, range);
222	return ptr;
223	}
224
225	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
226	{
227	abac_yy_range_t *range=
228	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
229	range->type=type;
230	range->val=abac_xstrdup(val);
231	abac_list_add(ptr, range);
232	return ptr;
233	}
234
235	abac_list_t make_yy_val_range(char val)
236	{
237	abac_list_t *ptr=abac_list_new();
238	add_yy_val_range(ptr,val);
239	return ptr;
240	}
241
242	abac_list_t make_yy_minmax_range(char min, char *max)
243	{
244	abac_list_t *ptr=abac_list_new();
245	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
246	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
247	return ptr;
248	}
249
250	abac_list_t make_yy_min_range(char min)
251	{
252	abac_list_t *ptr=abac_list_new();
253	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
254	return ptr;
255	}
256
257	abac_list_t make_yy_max_range(char max)
258	{
259	abac_list_t *ptr=abac_list_new();
260	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
261	return ptr;
262	}
263
264	/***********************************************************************/
265	abac_yy_term_data_t *make_yy_term_data()
266	{
267	abac_yy_term_data_t *ptr=
268	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
269	ptr->name=NULL;
270	ptr->type=0;
271	ptr->is_variable=0;
272	ptr->is_anonymous=0;
273	ptr->cond_str=NULL;
274	ptr->cond_head_expr=NULL;
275	ptr->cond_ptr=NULL;
276	ptr->cond_range=NULL;
277	return ptr;
278	}
279
280	void set_yy_term_data_name(abac_yy_term_data_t ptr, char name)
281	{
282	ptr->name=abac_xstrdup(name);
283	}
284
285	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
286	{
287	return ptr->cond_range;
288	}
289
290	char get_yy_term_data_name(abac_yy_term_data_t ptr)
291	{
292	return ptr->name;
293	}
294
295	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
296	{
297	if(ptr->cond_head_expr != NULL)
298	return 1;
299	if(ptr->cond_range != NULL)
300	return 1;
301	return 0;
302	}
303
304	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
305	abac_list_t *range)
306	{
307	ptr->cond_range=range;
308	}
309
310	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
311	abac_yy_expression_t *expr)
312	{
313	ptr->cond_head_expr=expr;
314	}
315
316	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
317	{
318	return ptr->cond_head_expr;
319	}
320
321	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
322	{
323	int type=abac_verify_term_type(typestr);
324	ptr->type=type;
325	}
326
327	void set_yy_term_data_is_anonymous(abac_yy_term_data_t *ptr)
328	{
329	ptr->is_anonymous=1;
330	}
331
332	int is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
333	{
334	if(ptr->type==abac_verify_term_type("integer") \|\|
335	ptr->type==abac_verify_term_type("float"))
336	return 1;
337	return 0;
338	}
339
340	int is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
341	{
342	if(ptr->type==abac_verify_term_type("time"))
343	return 1;
344	return 0;
345	}
346
347	int is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
348	{
349	if(ptr->type==abac_verify_term_type("string") \|\|
350	ptr->type==abac_verify_term_type("urn") \|\|
351	ptr->type==abac_verify_term_type("boolean"))
352	return 1;
353	return 0;
354	}
355
356	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
357	{
358	ptr->cond_ptr=vptr;
359	}
360
361	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
362	{
363	ptr->cond_str=abac_xstrdup(cond);
364	}
365
366	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
367	{
368	ptr->is_variable=1;
369	}
370
371	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
372	{
373	return ptr->is_variable;
374	}
375
376	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
377	{
378	free(ptr->name);
379	if(ptr->cond_str)
380	free(ptr->cond_str);
381	if(ptr->cond_head_expr)
382	_free_yy_expression(ptr->cond_head_expr);
383	if(ptr->cond_range);
384	_free_yy_cond_range(ptr->cond_range);
385	free(ptr);
386	}
387
388	abac_yy_term_principal_t *make_yy_term_principal()
389	{
390	abac_yy_term_principal_t *ptr=
391	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
392	ptr->type=0;/* this is not known */
393	ptr->is_anonymous=0;
394	ptr->name=NULL;
395	ptr->isrange=0;
396	ptr->cond_str=NULL;
397	ptr->cond_ptr=NULL;
398	ptr->cond_head_expr=NULL;
399	return ptr;
400	}
401
402	static void _set_using_this()
403	{
404	yy_using_this=1;
405	}
406
407	int abac_yy_get_using_this()
408	{
409	return yy_using_this;
410	}
411
412	void set_yy_term_principal_isrange(abac_yy_term_principal_t *ptr, int isrange)
413	{
414	ptr->isrange=isrange;
415	}
416
417	void set_yy_term_principal_name(abac_yy_term_principal_t ptr, char name)
418	{
419	ptr->name=abac_xstrdup(name);
420	}
421
422	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
423	{
424	ptr->cond_ptr=vptr;
425	}
426
427	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
428	{
429	ptr->cond_str=abac_xstrdup(cond);
430	}
431
432	void set_yy_term_principal_is_anonymous(abac_yy_term_principal_t *ptr)
433	{
434	ptr->is_anonymous=1;
435	}
436
437	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
438	{
439	return ptr->cond_head_expr;
440	}
441
442	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
443	abac_yy_expression_t *expr)
444	{
445	ptr->cond_head_expr=expr;
446	}
447
448	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
449	{
450	free(ptr->name);
451	if(ptr->cond_str)
452	free(ptr->cond_str);
453	if(ptr->cond_head_expr)
454	_free_yy_expression(ptr->cond_head_expr);
455	free(ptr);
456	}
457
458	abac_yy_term_t *make_yy_term_dterm_this()
459	{
460	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
461	ptr->type = e_yy_DTERM_THIS;
462	ptr->next=NULL;
463	ptr->bcnt=1;
464	_set_using_this();
465	return ptr;
466	}
467
468	abac_yy_term_t *make_yy_term_dterm_anonymous()
469	{
470	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
471	ptr->type = e_yy_DTERM_ANONYMOUS;
472	ptr->next=NULL;
473	ptr->bcnt=1;
474	return ptr;
475	}
476
477	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
478	{
479	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
480	if(pptr->is_anonymous)
481	ptr->type = e_yy_DTERM_ANONYMOUS;
482	else ptr->type = e_yy_DTERM_PRINCIPAL;
483	ptr->term.p_ptr=pptr;
484	ptr->next=NULL;
485	ptr->bcnt=1;
486	return ptr;
487	}
488
489	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
490	{
491	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
492	ptr->type = e_yy_DTERM_NAMED;
493	ptr->term.n_ptr=nptr;
494	ptr->next=NULL;
495	ptr->bcnt=1;
496	return ptr;
497	}
498
499	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
500	{
501	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
502
503	if(dptr->is_anonymous)
504	ptr->type = e_yy_DTERM_ANONYMOUS;
505	else ptr->type = e_yy_DTERM_DATA;
506	ptr->term.d_ptr=dptr;
507	ptr->next=NULL;
508	ptr->bcnt=1;
509	return ptr;
510	}
511
512	/****************************************************************************/
513	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
514	{
515	abac_yy_principal_t *ptr=
516	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
517	/* add p to yyparse's principal */
518	if(sha) ptr->sha=abac_xstrdup(sha);
519	else ptr->sha=NULL;
520	if(cn) ptr->cn=abac_xstrdup(cn);
521	else ptr->cn=NULL;
522	ptr->type=type;
523	return ptr;
524	}
525
526	static void _free_yy_principal(abac_yy_principal_t *ptr)
527	{
528	if(ptr->sha) free(ptr->sha);
529	if(ptr->cn) free(ptr->cn);
530	free(ptr);
531	}
532
533	int get_yy_principal_type(abac_yy_principal_t *ptr)
534	{
535	return ptr->type;
536	}
537
538	char get_yy_principal_name(abac_yy_principal_t ptr)
539	{
540	if(USE("ABAC_CN") && ptr->cn)
541	return ptr->cn;
542	return ptr->sha;
543	}
544
545	char get_yy_principal_cn(abac_yy_principal_t ptr)
546	{
547	return ptr->cn;
548	}
549
550	char get_yy_principal_sha(abac_yy_principal_t ptr)
551	{
552	return ptr->sha;
553	}
554
555	/*************************************************************************/
556
557	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
558	{
559	int i=terms->bcnt;
560	nterm->next=terms;
561	nterm->bcnt=i+1;
562	return nterm;
563	}
564
565	static void _free_yy_term(abac_yy_term_t *ptr)
566	{
567	switch (ptr->type) {
568	case e_yy_DTERM_DATA:
569	_free_yy_term_data(ptr->term.d_ptr);
570	break;
571	case e_yy_DTERM_NAMED:
572	_free_yy_principal(ptr->term.n_ptr);
573	break;
574	case e_yy_DTERM_PRINCIPAL:
575	_free_yy_term_principal(ptr->term.p_ptr);
576	break;
577	case e_yy_DTERM_ANONYMOUS:
578	case e_yy_DTERM_THIS:
579	break;
580	}
581	if(ptr->next)
582	_free_yy_term(ptr->next);
583	free(ptr);
584	}
585
586	/*************************************************************************/
587	abac_yy_roleoset_t make_yy_roleoset_role(char name, abac_yy_term_t *terms)
588	{
589	abac_yy_roleoset_t *ptr=
590	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
591	ptr->name=abac_xstrdup(name);
592	ptr->terms=terms;
593	ptr->next=NULL;
594	ptr->bcnt=1;
595	ptr->type=e_yy_ROLE_TYPE;
596	return ptr;
597	}
598
599	static void _free_yy_roleoset(abac_yy_roleoset_t *ptr)
600	{
601	free(ptr->name);
602	if(ptr->terms)
603	_free_yy_term(ptr->terms);
604	if(ptr->next)
605	_free_yy_roleoset(ptr->next);
606	free(ptr);
607	}
608
609	/***************************************************************************/
610	abac_yy_roleoset_t make_yy_roleoset_oset(char name, abac_yy_term_t *terms)
611	{
612	abac_yy_roleoset_t *ptr=
613	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
614	ptr->name=abac_xstrdup(name);
615	ptr->terms=terms;
616	ptr->next=NULL;
617	ptr->bcnt=1;
618	ptr->type=e_yy_OSET_TYPE;
619	return ptr;
620	}
621
622	/***************************************************************************/
623
624	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
625
626	abac_yy_expression_t make_yy_expression(int type,void pptr,
627	abac_yy_roleoset_t optr, abac_yy_roleoset_t linked_role)
628	{
629	abac_yy_expression_t *ptr=
630	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
631	ptr->type = type;
632	if(type == e_yy_EXPR_OBJECT) {
633	ptr->object=(abac_yy_term_data_t *)pptr;
634	} else {
635	ptr->principal = (abac_yy_principal_t *)pptr;
636	}
637	ptr->roleoset = optr;
638	ptr->linked_role=linked_role;
639	ptr->next=NULL;
640
641	return ptr;
642	}
643
644	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
645	{
646	if(ptr->type == e_yy_EXPR_OBJECT)
647	return ptr->object;
648	return NULL;
649	}
650
651	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
652	abac_yy_expression_t *exprs)
653	{
654	int i=exprs->bcnt;
655	nexpr->next=exprs;
656	nexpr->bcnt=i+1;
657	return nexpr;
658	}
659
660	static void _free_yy_expression(abac_yy_expression_t *ptr)
661	{
662	if(ptr->type == e_yy_EXPR_OBJECT) {
663	if(ptr->object)
664	_free_yy_term_data(ptr->object);
665	} else {
666	if(ptr->principal)
667	_free_yy_principal(ptr->principal);
668	}
669	if(ptr->roleoset) _free_yy_roleoset(ptr->roleoset);
670	if(ptr->linked_role)
671	_free_yy_roleoset(ptr->linked_role);
672	if(ptr->next)
673	_free_yy_expression(ptr->next);
674
675	free(ptr);
676	}
677
678	/***************************************************************************/
679	/* add the oset condition to constraint list */
680	void make_yy_oset_constraint(abac_yy_term_data_t ptr, char tail_string)
681	{
682	abac_yy_expression_t *cond_expr=get_yy_term_data_cond_head_expr(ptr);
683	if(cond_expr) {
684	abac_aspect_t *cond_aspect=NULL;
685	if(cond_expr->type == e_yy_EXPR_LINKED)
686	cond_aspect=validate_linked_tail(e_yy_OSET_TYPE,cond_expr);
687	else cond_aspect=validate_head(e_yy_OSET_TYPE,cond_expr);
688	if(cond_aspect != NULL) {
689	if(debug) fprintf(stderr,"make_yy_oset_constraint..\n");
690	set_yy_term_data_cond_ptr(ptr,cond_aspect);
691	}
692	}
693	}
694
695	/* add the role condition to constraint list */
696	void make_yy_role_constraint(abac_yy_term_principal_t ptr, char tail_string)
697	{
698	abac_yy_expression_t *cond_expr=get_yy_term_principal_cond_head_expr(ptr);
699	if(cond_expr) {
700	abac_aspect_t *cond_aspect=NULL;
701	if(cond_expr->type == e_yy_EXPR_LINKED)
702	cond_aspect=validate_linked_tail(e_yy_ROLE_TYPE,cond_expr);
703	else cond_aspect=validate_head(e_yy_ROLE_TYPE,cond_expr);
704	if(cond_aspect != NULL) {
705	if(debug) fprintf(stderr,"make_yy_role_constraint..\n");
706	set_yy_term_principal_cond_ptr(ptr,cond_aspect);
707	set_yy_term_principal_isrange(ptr,0);
708	}
709	}
710	}
711
712
713	/****************************************************************/
714	static void _aspect_add_terms(int linked, abac_aspect_t *aspect_ptr,
715	abac_yy_term_t *terms)
716	{
717	abac_yy_term_t *curr = terms;
718	int type;
719	int isnamed;
720	int isrange;
721	char *name;
722	char *cond;
723	void *ptr;
724
725	while (curr) {
726	name=NULL;
727	cond=NULL;
728	ptr=NULL;
729	isnamed=0;
730	isrange=0;
731	switch (curr->type) {
732	case e_yy_DTERM_DATA:
733	{
734	abac_yy_term_data_t *dptr=curr->term.d_ptr;
735	type=dptr->type;
736	name=abac_xstrdup(dptr->name);
737	if(dptr->cond_str)
738	cond=abac_xstrdup(dptr->cond_str);
739	ptr=dptr->cond_ptr;
740	isrange=(dptr->cond_range!=NULL)?1:0;
741	break;
742	}
743	case e_yy_DTERM_PRINCIPAL:
744	{
745	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
746	type=abac_verify_term_type("principal");
747	name=abac_xstrdup(pptr->name);
748	if(pptr->cond_str)
749	cond=abac_xstrdup(pptr->cond_str);
750	ptr=pptr->cond_ptr;
751	isrange=pptr->isrange;
752	break;
753	}
754	case e_yy_DTERM_NAMED:
755	{
756	abac_yy_principal_t *pptr=curr->term.n_ptr;
757	type=pptr->type;
758	name=abac_xstrdup(get_yy_principal_name(pptr));
759	isnamed=1;
760	break;
761	}
762	case e_yy_DTERM_ANONYMOUS:
763	{
764	type=abac_verify_term_type("anonymous");
765	name=abac_xstrdup("_");
766	break;
767	}
768	case e_yy_DTERM_THIS:
769	{
770	type=abac_verify_term_type("this");
771	name=abac_xstrdup("This");
772	break;
773	}
774	}
775	abac_term_t *param=NULL;
776	if(isnamed)
777	param=abac_term_named_new(type,name);
778	else param=abac_term_new(type,name,isrange,cond,ptr);
779	if (linked)
780	abac_aspect_add_linked_param(aspect_ptr, param);
781	else
782	abac_aspect_add_param(aspect_ptr, param);
783	curr=curr->next;
784	}
785	}
786
787	static void _aspect_add_linked_terms(abac_aspect_t ptr, abac_yy_term_t terms)
788	{
789	int linked=1;
790	_aspect_add_terms(linked, ptr, terms);
791	}
792
793	static void _aspect_add_aspect_terms(abac_aspect_t ptr, abac_yy_term_t terms)
794	{
795	int linked=0;
796	_aspect_add_terms(linked, ptr, terms);
797	}
798
799	abac_aspect_t validate_intersected_tail(abac_aspect_t ptr)
800	{
801	abac_aspect_t *ret_ptr=abac_aspect_intersection_new(ptr);
802	return ret_ptr;
803	}
804
805	/* A.oset, A.role */
806	abac_aspect_t validate_head(int yytype, abac_yy_expression_t expr)
807	{
808	abac_yy_principal_t *principal=expr->principal;
809	abac_yy_roleoset_t *ptr=expr->roleoset;
810
811	char *principalname=get_yy_principal_sha(principal);
812	char *name=ptr->name;
813	abac_yy_term_t *terms=ptr->terms;
814
815	abac_aspect_t *aptr=NULL;
816	if(yytype==e_yy_OSET_TYPE)
817	aptr=abac_aspect_oset_new(principalname, name);
818	else aptr=abac_aspect_role_new(principalname, name);
819
820	if (aptr==NULL) {
821	abac_yy_set_error_code(ABAC_YY_INVALID_HEAD);
822	goto error;
823	}
824
825	// insert the params for the oset
826	if(terms) {
827	_aspect_add_aspect_terms(aptr, terms);
828	}
829	return aptr;
830
831	error:
832	return NULL;
833	}
834
835	abac_aspect_t validate_head_oset(abac_yy_expression_t expr)
836	{
837	return validate_head(e_yy_OSET_TYPE,expr);
838	}
839
840	abac_aspect_t validate_head_role(abac_yy_expression_t expr)
841	{
842	return validate_head(e_yy_ROLE_TYPE,expr);
843	}
844
845	/*****************************************************************************/
846	/* B */
847	abac_aspect_t validate_named_tail(int yytype, abac_yy_expression_t expr)
848	{
849	abac_yy_principal_t *principal=expr->principal;
850	char *principalname=get_yy_principal_sha(principal);
851
852	abac_aspect_t *ptr=NULL;
853	if(yytype==e_yy_OSET_TYPE)
854	ptr=abac_aspect_oset_principal_new(principalname);
855	else ptr=abac_aspect_role_principal_new(principalname);
856	if (ptr==NULL)
857	goto error;
858	return ptr;
859
860	error:
861	panic("can not generate a simple named tail oset aspect");
862	return NULL;
863	}
864
865
866	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
867	abac_aspect_t validate_object_tail(int yytype,abac_yy_expression_t expr)
868	{
869	abac_yy_term_data_t *object=get_yy_expression_object(expr);
870	assert(object != NULL);
871
872	char *name=object->name;
873	int type=object->type;
874	char *cond=object->cond_str;
875	void *ptr=object->cond_ptr;
876	int isrange=(object->cond_range!=NULL)?1:0;
877	abac_term_t *term=abac_term_new(type,name,isrange,cond,ptr);
878	abac_aspect_t *aptr=NULL;
879	if(yytype==e_yy_OSET_TYPE)
880	aptr=abac_aspect_oset_object_new(term);
881	else
882	goto error; /* can not be a role expression with obj */
883	if (aptr==NULL)
884	goto error;
885	return aptr;
886
887	error:
888	panic("can not generate a simple object tail oset aspect");
889	return NULL;
890	}
891
892
893	/* B.role or B.oset */
894	abac_aspect_t validate_some_tail(int yytype, abac_yy_expression_t expr)
895	{
896	abac_yy_principal_t *principal=expr->principal;
897	abac_yy_roleoset_t *eptr=expr->roleoset;
898
899	char *principalname=get_yy_principal_sha(principal);
900	char *name=eptr->name;
901	abac_yy_term_t *terms=eptr->terms;
902
903	abac_aspect_t *ptr=NULL;
904	if(yytype==e_yy_OSET_TYPE)
905	ptr=abac_aspect_oset_new(principalname, name);
906	else
907	ptr=abac_aspect_role_new(principalname, name);
908	if (ptr==NULL)
909	goto error;
910
911	if(terms) {
912	_aspect_add_aspect_terms(ptr, terms);
913	}
914	return ptr;
915
916	error:
917	panic("can not generate a simple tail aspect");
918	return NULL;
919	}
920
921	/* B.role.role or B.role.oset */
922	abac_aspect_t validate_linked_tail(int yytype, abac_yy_expression_t expr)
923	{
924	abac_yy_principal_t *principal=expr->principal;
925
926	abac_yy_roleoset_t *eptr=expr->roleoset;
927	abac_yy_roleoset_t *linked_role=expr->linked_role;
928
929	char *principalname=get_yy_principal_sha(principal);
930	char *name=eptr->name;
931	abac_yy_term_t *terms=eptr->terms;
932
933	char *linkedrolename=linked_role->name;
934	abac_yy_term_t *linked_terms=linked_role->terms;
935
936	abac_aspect_t *ptr=NULL;
937	if(yytype==e_yy_OSET_TYPE)
938	ptr=abac_aspect_oset_linking_new(principalname,
939	linkedrolename, name);
940	else ptr=abac_aspect_role_linking_new(principalname,
941	linkedrolename, name);
942	if (ptr==NULL)
943	goto error;
944
945	if(linked_terms) {
946	_aspect_add_linked_terms(ptr, linked_terms);
947	}
948	if(terms) {
949	_aspect_add_aspect_terms(ptr, terms);
950	}
951
952	return ptr;
953
954	error:
955	panic("can not generate linked tail oset");
956	return NULL;
957	}
958
959
960	/**********************************************************************/
961	int make_oset_statement(abac_yy_expression_t headexpr, abac_yy_expression_t tailexpr)
962	{
963	int rc=0;
964	abac_aspect_t *head_oset=NULL;
965	abac_aspect_t *tail_oset=NULL;
966
967	/* build up left side's abac oset structure */
968	head_oset=validate_head(e_yy_OSET_TYPE, headexpr);
969	if(head_oset == NULL) {
970	rc=1;
971	goto error;
972	}
973
974	/* build up the right side's abac oset structure */
975	abac_yy_expression_t *curr_tail = tailexpr;
976	int intersecting=(tailexpr->next != NULL)? 1:0;
977	abac_aspect_t *curr_oset = NULL;
978	while (curr_tail) {
979	switch(curr_tail->type) {
980	case e_yy_EXPR_OBJECT:
981	curr_oset=validate_object_tail(e_yy_OSET_TYPE,curr_tail);
982	break;
983	case e_yy_EXPR_NAMED:
984	curr_oset=validate_named_tail(e_yy_OSET_TYPE,curr_tail);
985	break;
986	case e_yy_EXPR_OSET:
987	curr_oset=validate_some_tail(e_yy_OSET_TYPE,curr_tail);
988	break;
989	case e_yy_EXPR_LINKED:
990	curr_oset=validate_linked_tail(e_yy_OSET_TYPE,curr_tail);
991	break;
992	}
993	if(curr_oset==NULL) {
994	rc=1;
995	goto error;
996	}
997
998	/* check if first one */
999	if(tail_oset==NULL) {
1000	if(intersecting)
1001	tail_oset=validate_intersected_tail(curr_oset);
1002	else
1003	tail_oset=curr_oset;
1004	} else {
1005	abac_aspect_add_intersecting_aspect(tail_oset,curr_oset);
1006	}
1007	curr_tail=curr_tail->next;
1008	} /* while */
1009
1010	if(debug) {
1011	fprintf(stderr,"aspect head_oset: ");
1012	abac_print_aspect_string_with_condition(head_oset,stderr);
1013	fprintf(stderr,"\n");
1014	fprintf(stderr,"aspect tail_oset: ");
1015	abac_print_aspect_string_with_condition(tail_oset,stderr);
1016	fprintf(stderr,"\n");
1017	}
1018
1019	error:
1020	_free_yy_expression(headexpr);
1021	_free_yy_expression(tailexpr);
1022	abac_rule_head_aspect=head_oset;
1023	abac_rule_tail_aspect=tail_oset;
1024	abac_rule_is_oset=1;
1025	return rc;
1026	}
1027
1028	/*****************************************************************************/
1029	abac_list_t validate_range(abac_list_t ptr)
1030	{
1031	abac_list_t *nlist=abac_list_new();
1032
1033	abac_item_t *nitem;
1034	abac_yy_range_t *cur;
1035	char *val;
1036	int type;
1037	abac_list_foreach(ptr, cur,
1038	if(cur) {
1039	type=cur->type;
1040	val=cur->val;
1041	if(type==e_yy_RANGE_MIN) nitem=abac_item_new(abac_min_item_type(),val);
1042	if(type==e_yy_RANGE_MAX) nitem=abac_item_new(abac_max_item_type(),val);
1043	if(type==e_yy_RANGE_TARGET) nitem=abac_item_new(abac_target_item_type(),val);
1044	abac_list_add(nlist,nitem);
1045	}
1046	);
1047	return nlist;
1048	}
1049
1050	/****************************************************************/
1051	void make_yy_range_constraint(abac_yy_term_data_t *ptr)
1052	{
1053	if(is_yy_term_data_type_numeric(ptr) \|\|
1054	is_yy_term_data_type_alpha(ptr) \|\|
1055	is_yy_term_data_type_time(ptr)) {
1056	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1057	if(rlist) {
1058	abac_list_t *nlist=validate_range(rlist);
1059	set_yy_term_data_cond_ptr(ptr,nlist);
1060	}
1061	}
1062	}
1063	/*****************************************************************************/
1064	abac_context_t *get_abac_context()
1065	{
1066	assert(abac_context);
1067	return abac_context;
1068	}
1069
1070	/* build up the abac structure */
1071	int make_role_statement(abac_yy_expression_t headexpr, abac_yy_expression_t tailexpr)
1072	{
1073	int rc=0;
1074	abac_aspect_t *head_role=NULL;
1075	abac_aspect_t *tail_role=NULL;
1076
1077	/* build up left side's abac role structure */
1078	head_role=validate_head(e_yy_ROLE_TYPE,headexpr);
1079	if(head_role == NULL) {
1080	rc=1;
1081	goto error;
1082	}
1083
1084	/* build up the right side's abac role structure */
1085	abac_yy_expression_t *curr_tail = tailexpr;
1086	int intersecting=(tailexpr->next != NULL)? 1:0;
1087	abac_aspect_t *curr_role = NULL;
1088	while (curr_tail) {
1089	switch(curr_tail->type) {
1090	case e_yy_EXPR_NAMED:
1091	curr_role=validate_named_tail(e_yy_ROLE_TYPE,curr_tail);
1092	break;
1093	case e_yy_EXPR_ROLE:
1094	curr_role=validate_some_tail(e_yy_ROLE_TYPE,curr_tail);
1095	break;
1096	case e_yy_EXPR_LINKED:
1097	curr_role=validate_linked_tail(e_yy_ROLE_TYPE,curr_tail);
1098	break;
1099	}
1100	if(curr_role==NULL) {
1101	rc=1;
1102	goto error;
1103	}
1104
1105	/* check if first one */
1106	if(tail_role==NULL) {
1107	if(intersecting)
1108	tail_role=validate_intersected_tail(curr_role);
1109	else
1110	tail_role=curr_role;
1111	} else {
1112	abac_aspect_add_intersecting_aspect(tail_role,curr_role);
1113	}
1114	curr_tail=curr_tail->next;
1115	} /* while */
1116
1117	if(debug) {
1118	fprintf(stderr,"aspect head_role: ");
1119	abac_print_aspect_string_with_condition(head_role,stderr);
1120	fprintf(stderr,"\n");
1121	fprintf(stderr,"aspect tail_role: ");
1122	abac_print_aspect_string_with_condition(tail_role,stderr);
1123	fprintf(stderr,"\n");
1124	}
1125
1126	error:
1127	_free_yy_expression(headexpr);
1128	_free_yy_expression(tailexpr);
1129	abac_rule_head_aspect=head_role;
1130	abac_rule_tail_aspect=tail_role;
1131	abac_rule_is_oset=0;
1132
1133	return rc;
1134	}
1135
1136	/************************************************************************/
1137	void abac_yy_init(abac_context_t *ctxt)
1138	{
1139	yy_using_this=0;
1140	abac_context=ctxt;
1141	abac_yyinit();
1142	}
1143
1144	/************************************************************************/
1145	/* this is called to parse a string into 2 aspect structures */
1146	/* NEED TO BE LOCKED HERE XXX */
1147	int abac_yy_parse(abac_context_t ctxt, char attr_string, abac_aspect_t head_aspect, abac_aspect_t tail_aspect, int *using_this)
1148	{
1149	/ctxt could be null/
1150	abac_ll_reset_yyfptr(attr_string);
1151	abac_yy_init(ctxt);
1152	int rc=yyparse();
1153	if (rc) {
1154	free(attr_string);
1155	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
1156	return 1;
1157	}
1158	*head_aspect = abac_yy_get_rule_head_aspect();
1159	*tail_aspect = abac_yy_get_rule_tail_aspect();
1160	*using_this= abac_yy_get_using_this();
1161	return 0;
1162	}
1163
1164
1165
1166

Note: See TracBrowser for help on using the repository browser.

Download in other formats: