Context Navigation

source: libabac/abac_pl_yy.c @ 2efdff5

mei_rt2mei_rt2_fix_1

Last change on this file since 2efdff5 was 2efdff5, checked in by Mei <mei@…>, 12 years ago

1) fix the missing check for 'This' rt2.y when called from creddy/prover

combo

2) patch up the stringify of abac_term that is of time type.
3) update the testing to reflect the changes to baseline output

Property mode set to 100644

File size: 31.2 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	int using_this=0;
14
15	extern void panic(char*);
16
17	/* from abac_pl_gen.c */
18	extern abac_list_t generate_pl_clauses(abac_aspect_t , abac_aspect_t *);
19
20	/* from rt2.y */
21	extern void abac_yyinit();
22
23	int abac_yy_error_code = 0; /* keeping last error code */
24
25	int abac_rule_is_oset=0;
26	abac_list_t *abac_rule_clauses=NULL;
27	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
28	abac_aspect_t *abac_rule_head_aspect=NULL;
29	abac_aspect_t *abac_rule_tail_aspect=NULL;
30
31
32	/* structure to hold the range information
33	within a static constraints on few types of
34	oset types
35	[a..b], [a..], [..b], [a],[a,b],[many a]
36	e_yy_RANGE_MIN=1;
37	e_yy_RANGE_MAX=2;
38	e_yy_RANGE_TARGET=3;
39	*/
40	typedef struct _abac_yy_range_t {
41	int type;
42	char *val;
43	} abac_yy_range_t;
44
45	/* local principal structure [keyid:USC] */
46	struct _abac_yy_principal_t {
47	int type;
48	char *sha; // sha is null when this is of object type
49	char *cn;
50	};
51
52	/* [principal:?Z]:..., must match a principal name */
53	struct _abac_yy_term_principal_t {
54	int type; /* this needs to be implicitly determined */
55	int is_anonymous;
56	char *name;
57	int isrange;
58	char *cond_str; // range string ??? not sure if this is possible
59	void *cond_ptr; // ptr to a saved abac_aspect_t or a list(item_t)
60	abac_yy_expression_t *cond_head_expr;
61	};
62
63	/* integer,float,time,urn,string types,
64	if has condition, then it is a variable,
65	ie,
66	[int:?Year]:<1930..1932>,
67	if no condition, then it is a constant,
68	ie,
69	[int:10]
70	*/
71	struct _abac_yy_term_data_t {
72	int is_variable;
73	int is_anonymous;
74	int type;
75	char *name;
76	char *cond_str; // range string
77	void *cond_ptr; // ptr to a saved abac_aspect_t
78	abac_list_t *cond_range;
79	abac_yy_expression_t *cond_head_expr; // parking stub
80	};
81
82	/* local term structure, will distinguish it in the future */
83	/* e_yy_DTERM_DATA, all other types
84	e_yy_DTERM_NAMED, keyid:bob
85	e_yy_DTERM_PRINCIPAL, principal:?P
86	e_yy_DTERM_ANONYMOUS ? */
87	struct _abac_yy_term_t {
88	union {
89	abac_yy_principal_t *n_ptr;
90	abac_yy_term_principal_t *p_ptr;
91	abac_yy_term_data_t *d_ptr;
92	} term;
93	int type;
94	struct _abac_yy_term_t *next;
95	int bcnt; /* this is to track number of terms in this linked up list */
96	};
97
98	/* local role/oset structure,
99	e_yy_NULL_TYPE, e_yy_ROLE_TYPE, e_yy_OSET_TYPE
100	*/
101	struct _abac_yy_roleoset_t {
102	int type;
103	char *name;
104	abac_yy_term_t *terms;
105	struct _abac_yy_roleoset_t *next;
106	int bcnt; /* this is to track number of roles in this linked up list */
107	};
108
109
110	/* A, A.r, A.r.r */
111	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
112	/* A/obj, A.o, A.r.o */
113	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
114	struct _abac_yy_expression_t {
115	int type;
116	union {
117	abac_yy_principal_t *principal;
118	abac_yy_term_data_t *object;
119	};
120	abac_yy_roleoset_t *linked_role;
121	abac_yy_roleoset_t *roleoset;
122
123	struct _abac_yy_expression_t *next;
124	int bcnt;
125	};
126
127	static void _free_yy_expression(abac_yy_expression_t *);
128
129	/************************************************************************/
130	void abac_yy_set_error_code(int v)
131	{
132	abac_yy_error_code=v;
133	}
134
135	/************************************************************************/
136	abac_stack_t *abac_yy_get_rule_id_clauses()
137	{
138	return abac_rule_id_clauses;
139	}
140
141	abac_stack_t *abac_yy_init_rule_id_clauses()
142	{
143	abac_rule_id_clauses=abac_stack_new();
144	return abac_rule_id_clauses;
145	}
146
147	void abac_yy_free_rule_id_clauses()
148	{
149	if (abac_rule_id_clauses != NULL)
150	abac_stack_free(abac_rule_id_clauses);
151	}
152
153	void abac_yy_set_rule_clauses(abac_list_t *clauses)
154	{
155	abac_rule_clauses=clauses;
156	if(debug) {
157	printf("printing out abac_rule_clauses:\n");
158	abac_print_clauses(abac_rule_clauses,NULL);
159	}
160	}
161
162	abac_list_t *abac_yy_get_rule_clauses()
163	{
164	return abac_rule_clauses;
165	}
166
167	void abac_yy_free_rule_clauses()
168	{
169	if (abac_rule_clauses != NULL) {
170	abac_pl_free_id_certs();
171	abac_list_free(abac_rule_clauses);
172	}
173	}
174
175	/* just set it to NULL without freeing the structure */
176	void abac_yy_reset_rule_clauses()
177	{
178	abac_rule_clauses=NULL;
179	}
180
181	bool abac_yy_get_rule_is_oset()
182	{
183	return abac_rule_is_oset;
184	}
185
186	abac_aspect_t *abac_yy_get_rule_head_aspect()
187	{
188	return abac_rule_head_aspect;
189	}
190
191	abac_aspect_t *abac_yy_get_rule_tail_aspect()
192	{
193	return abac_rule_tail_aspect;
194	}
195
196
197	/************************************************************************/
198	static void _free_yy_cond_range(abac_list_t *ptr)
199	{
200	if (ptr != NULL) {
201	abac_yy_range_t *cur;
202	abac_list_foreach(ptr, cur,
203	if(cur && cur->val) free(cur->val);
204	free(cur);
205	);
206	abac_list_free(ptr);
207	}
208	}
209
210	static char _string_yy_cond_range(abac_list_t ptr)
211	{
212	assert(ptr);
213	char *tmp=NULL;
214	char *min=NULL;
215	char *max=NULL;
216	char *val=NULL;
217	int type;
218
219	abac_yy_range_t *cur;
220	abac_list_foreach(ptr, cur,
221	type=cur->type;
222	switch (type) {
223	case e_yy_RANGE_MIN:
224	min=abac_xstrdup(cur->val);
225	break;
226	case e_yy_RANGE_MAX:
227	max=abac_xstrdup(cur->val);
228	break;
229	case e_yy_RANGE_TARGET:
230	if(val)
231	asprintf(&val,"%s,%s",val,cur->val);
232	else val=abac_xstrdup(cur->val);
233	break;
234	}
235	);
236	if(max && min) {
237	asprintf(&tmp,"[%s..%s]",min,max);
238	free(max);
239	free(min);
240	return tmp;
241	}
242	if(max) {
243	asprintf(&tmp,"[..%s]",max);
244	free(max);
245	return tmp;
246	}
247	if(min) {
248	asprintf(&tmp,"[%s..]",min);
249	free(min);
250	return tmp;
251	}
252	if(val) {
253	asprintf(&tmp,"[%s]",val);
254	free(val);
255	return tmp;
256	}
257	return NULL;
258	}
259
260	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
261	{
262	abac_yy_range_t *range=
263	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
264	range->type=e_yy_RANGE_TARGET;
265	range->val=abac_xstrdup(val);
266	abac_list_add(ptr, range);
267	return ptr;
268	}
269
270	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
271	{
272	abac_yy_range_t *range=
273	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
274	range->type=type;
275	range->val=abac_xstrdup(val);
276	abac_list_add(ptr, range);
277	return ptr;
278	}
279
280	abac_list_t make_yy_val_range(char val)
281	{
282	abac_list_t *ptr=abac_list_new();
283	add_yy_val_range(ptr,val);
284	return ptr;
285	}
286
287	abac_list_t make_yy_minmax_range(char min, char *max)
288	{
289	abac_list_t *ptr=abac_list_new();
290	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
291	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
292	return ptr;
293	}
294
295	abac_list_t make_yy_min_range(char min)
296	{
297	abac_list_t *ptr=abac_list_new();
298	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
299	return ptr;
300	}
301
302	abac_list_t make_yy_max_range(char max)
303	{
304	abac_list_t *ptr=abac_list_new();
305	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
306	return ptr;
307	}
308
309	/***********************************************************************/
310	abac_yy_term_data_t *make_yy_term_data()
311	{
312	abac_yy_term_data_t *ptr=
313	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
314	ptr->name=NULL;
315	ptr->type=0;
316	ptr->is_variable=0;
317	ptr->is_anonymous=0;
318	ptr->cond_str=NULL;
319	ptr->cond_head_expr=NULL;
320	ptr->cond_ptr=NULL;
321	ptr->cond_range=NULL;
322	return ptr;
323	}
324
325	void set_yy_term_data_name(abac_yy_term_data_t ptr, char name)
326	{
327	ptr->name=abac_xstrdup(name);
328	}
329
330	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
331	{
332	return ptr->cond_range;
333	}
334
335	char get_yy_term_data_name(abac_yy_term_data_t ptr)
336	{
337	return ptr->name;
338	}
339
340	bool is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
341	{
342	if(ptr->cond_head_expr != NULL)
343	return 1;
344	if(ptr->cond_range != NULL)
345	return 1;
346	return 0;
347	}
348
349	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
350	abac_list_t *range)
351	{
352	ptr->cond_range=range;
353	}
354
355	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
356	abac_yy_expression_t *expr)
357	{
358	ptr->cond_head_expr=expr;
359	}
360
361	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
362	{
363	return ptr->cond_head_expr;
364	}
365
366	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
367	{
368	int type=abac_verify_term_type(typestr);
369	ptr->type=type;
370	}
371
372	void set_yy_term_data_is_anonymous(abac_yy_term_data_t *ptr)
373	{
374	ptr->is_anonymous=1;
375	}
376
377	bool is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
378	{
379	if(ptr->type==abac_verify_term_type("integer") \|\|
380	ptr->type==abac_verify_term_type("float"))
381	return 1;
382	return 0;
383	}
384
385	bool is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
386	{
387	if(ptr->type==abac_verify_term_type("time"))
388	return 1;
389	return 0;
390	}
391
392	bool is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
393	{
394	if(ptr->type==abac_verify_term_type("string") \|\|
395	ptr->type==abac_verify_term_type("urn") \|\|
396	ptr->type==abac_verify_term_type("boolean"))
397	return 1;
398	return 0;
399	}
400
401	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
402	{
403	ptr->cond_ptr=vptr;
404	}
405
406	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
407	{
408	ptr->cond_str=abac_xstrdup(cond);
409	}
410
411	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
412	{
413	ptr->is_variable=1;
414	}
415
416	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
417	{
418	return ptr->is_variable;
419	}
420
421	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
422	{
423	free(ptr->name);
424	if(ptr->cond_str)
425	free(ptr->cond_str);
426	if(ptr->cond_head_expr)
427	_free_yy_expression(ptr->cond_head_expr);
428	if(ptr->cond_range);
429	_free_yy_cond_range(ptr->cond_range);
430	free(ptr);
431	}
432
433	abac_yy_term_principal_t *make_yy_term_principal()
434	{
435	abac_yy_term_principal_t *ptr=
436	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
437	ptr->type=0;/* this is not known */
438	ptr->is_anonymous=0;
439	ptr->name=NULL;
440	ptr->isrange=0;
441	ptr->cond_str=NULL;
442	ptr->cond_ptr=NULL;
443	ptr->cond_head_expr=NULL;
444	return ptr;
445	}
446
447	static void _set_using_this()
448	{
449	using_this=1;
450	}
451
452	void set_yy_term_principal_isrange(abac_yy_term_principal_t *ptr, int isrange)
453	{
454	ptr->isrange=isrange;
455	}
456
457	void set_yy_term_principal_name(abac_yy_term_principal_t ptr, char name)
458	{
459	/* handle special case when the name=this, change it to This */
460	if(strcmp(name,"this")==0) {
461	ptr->name=abac_xstrdup("This");
462	_set_using_this();
463	} else {
464	ptr->name=abac_xstrdup(name);
465	/* just in case name came in as This already */
466	if(strcasecmp(name,"this")==0)
467	_set_using_this();
468	}
469	}
470
471	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
472	{
473	ptr->cond_ptr=vptr;
474	}
475
476	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
477	{
478	ptr->cond_str=abac_xstrdup(cond);
479	}
480
481	void set_yy_term_principal_is_anonymous(abac_yy_term_principal_t *ptr)
482	{
483	ptr->is_anonymous=1;
484	}
485
486	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
487	{
488	return ptr->cond_head_expr;
489	}
490
491	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
492	abac_yy_expression_t *expr)
493	{
494	ptr->cond_head_expr=expr;
495	}
496
497	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
498	{
499	free(ptr->name);
500	if(ptr->cond_str)
501	free(ptr->cond_str);
502	if(ptr->cond_head_expr)
503	_free_yy_expression(ptr->cond_head_expr);
504	free(ptr);
505	}
506
507	abac_yy_term_t *make_yy_term_dterm_anonymous()
508	{
509	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
510	ptr->type = e_yy_DTERM_ANONYMOUS;
511	ptr->next=NULL;
512	ptr->bcnt=1;
513	return ptr;
514	}
515
516	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
517	{
518	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
519	if(pptr->is_anonymous)
520	ptr->type = e_yy_DTERM_ANONYMOUS;
521	else ptr->type = e_yy_DTERM_PRINCIPAL;
522	ptr->term.p_ptr=pptr;
523	ptr->next=NULL;
524	ptr->bcnt=1;
525	return ptr;
526	}
527
528	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
529	{
530	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
531	ptr->type = e_yy_DTERM_NAMED;
532	ptr->term.n_ptr=nptr;
533	ptr->next=NULL;
534	ptr->bcnt=1;
535	return ptr;
536	}
537
538	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
539	{
540	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
541
542	if(dptr->is_anonymous)
543	ptr->type = e_yy_DTERM_ANONYMOUS;
544	else ptr->type = e_yy_DTERM_DATA;
545	ptr->term.d_ptr=dptr;
546	ptr->next=NULL;
547	ptr->bcnt=1;
548	return ptr;
549	}
550
551	/****************************************************************************/
552	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
553	{
554	abac_yy_principal_t *ptr=
555	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
556	/* add p to yyparse's principal */
557	if(sha) ptr->sha=abac_xstrdup(sha);
558	else ptr->sha=NULL;
559	if(cn) ptr->cn=abac_xstrdup(cn);
560	else ptr->cn=NULL;
561	ptr->type=type;
562	return ptr;
563	}
564
565	static void _free_yy_principal(abac_yy_principal_t *ptr)
566	{
567	if(ptr->sha) free(ptr->sha);
568	if(ptr->cn) free(ptr->cn);
569	free(ptr);
570	}
571
572	int get_yy_principal_type(abac_yy_principal_t *ptr)
573	{
574	return ptr->type;
575	}
576
577	char get_yy_principal_name(abac_yy_principal_t ptr)
578	{
579	if(USE("ABAC_CN") && ptr->cn)
580	return ptr->cn;
581	return ptr->sha;
582	}
583
584	char get_yy_principal_cn(abac_yy_principal_t ptr)
585	{
586	return ptr->cn;
587	}
588
589	char get_yy_principal_sha(abac_yy_principal_t ptr)
590	{
591	return ptr->sha;
592	}
593
594	/*************************************************************************/
595
596	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
597	{
598	int i=terms->bcnt;
599	nterm->next=terms;
600	nterm->bcnt=i+1;
601	return nterm;
602	}
603
604	static void _free_yy_term(abac_yy_term_t *ptr)
605	{
606	switch (ptr->type) {
607	case e_yy_DTERM_DATA:
608	_free_yy_term_data(ptr->term.d_ptr);
609	break;
610	case e_yy_DTERM_NAMED:
611	_free_yy_principal(ptr->term.n_ptr);
612	break;
613	case e_yy_DTERM_PRINCIPAL:
614	_free_yy_term_principal(ptr->term.p_ptr);
615	break;
616	case e_yy_DTERM_ANONYMOUS:
617	break;
618	}
619	if(ptr->next)
620	_free_yy_term(ptr->next);
621	free(ptr);
622	}
623
624	/*************************************************************************/
625	abac_yy_roleoset_t make_yy_roleoset_role(char name, abac_yy_term_t *terms)
626	{
627	abac_yy_roleoset_t *ptr=
628	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
629	ptr->name=abac_xstrdup(name);
630	ptr->terms=terms;
631	ptr->next=NULL;
632	ptr->bcnt=1;
633	ptr->type=e_yy_ROLE_TYPE;
634	return ptr;
635	}
636
637	static void _free_yy_roleoset(abac_yy_roleoset_t *ptr)
638	{
639	free(ptr->name);
640	if(ptr->terms)
641	_free_yy_term(ptr->terms);
642	if(ptr->next)
643	_free_yy_roleoset(ptr->next);
644	free(ptr);
645	}
646
647	/***************************************************************************/
648	abac_yy_roleoset_t make_yy_roleoset_oset(char name, abac_yy_term_t *terms)
649	{
650	abac_yy_roleoset_t *ptr=
651	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
652	ptr->name=abac_xstrdup(name);
653	ptr->terms=terms;
654	ptr->next=NULL;
655	ptr->bcnt=1;
656	ptr->type=e_yy_OSET_TYPE;
657	return ptr;
658	}
659
660	/***************************************************************************/
661
662	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
663
664	abac_yy_expression_t make_yy_expression(int type,void pptr,
665	abac_yy_roleoset_t optr, abac_yy_roleoset_t linked_role)
666	{
667	abac_yy_expression_t *ptr=
668	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
669	ptr->type = type;
670	if(type == e_yy_EXPR_OBJECT) {
671	ptr->object=(abac_yy_term_data_t *)pptr;
672	} else {
673	ptr->principal = (abac_yy_principal_t *)pptr;
674	}
675	ptr->roleoset = optr;
676	ptr->linked_role=linked_role;
677	ptr->next=NULL;
678
679	return ptr;
680	}
681
682	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
683	{
684	if(ptr->type == e_yy_EXPR_OBJECT)
685	return ptr->object;
686	return NULL;
687	}
688
689	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
690	abac_yy_expression_t *exprs)
691	{
692	int i=exprs->bcnt;
693	nexpr->next=exprs;
694	nexpr->bcnt=i+1;
695	return nexpr;
696	}
697
698	static void _free_yy_expression(abac_yy_expression_t *ptr)
699	{
700	if(ptr->type == e_yy_EXPR_OBJECT) {
701	if(ptr->object)
702	_free_yy_term_data(ptr->object);
703	} else {
704	if(ptr->principal)
705	_free_yy_principal(ptr->principal);
706	}
707	if(ptr->roleoset) _free_yy_roleoset(ptr->roleoset);
708	if(ptr->linked_role)
709	_free_yy_roleoset(ptr->linked_role);
710	if(ptr->next)
711	_free_yy_expression(ptr->next);
712
713	free(ptr);
714	}
715
716	/***************************************************************************/
717	/* add the oset condition to constraint list */
718	void make_yy_oset_constraint(abac_yy_term_data_t ptr, char tail_string)
719	{
720	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
721	if(head_expr) {
722	abac_aspect_t *head_aspect=validate_head(e_yy_OSET_TYPE,head_expr);
723	if(head_aspect != NULL) {
724	if(debug) printf("make_yy_oset_constraint..\n");
725	set_yy_term_data_cond_ptr(ptr,head_aspect);
726	}
727	}
728	}
729
730	/* add the role condition to constraint list */
731	void make_yy_role_constraint(abac_yy_term_principal_t ptr, char tail_string)
732	{
733	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
734	if(head_expr) {
735	abac_aspect_t *head_aspect=validate_head(e_yy_ROLE_TYPE,head_expr);
736	if(head_aspect != NULL) {
737	if(debug) printf("make_yy_role_constraint..\n");
738	set_yy_term_principal_cond_ptr(ptr,head_aspect);
739	set_yy_term_principal_isrange(ptr,0);
740	}
741	}
742	}
743
744
745	/****************************************************************/
746	static void _aspect_add_terms(int linked, abac_aspect_t *aspect_ptr,
747	abac_yy_term_t *terms)
748	{
749	abac_yy_term_t *curr = terms;
750	int type;
751	int isnamed;
752	int isrange;
753	char *name;
754	char *cond;
755	void *ptr;
756
757	while (curr) {
758	name=NULL;
759	cond=NULL;
760	ptr=NULL;
761	isnamed=0;
762	isrange=0;
763	switch (curr->type) {
764	case e_yy_DTERM_DATA:
765	{
766	abac_yy_term_data_t *dptr=curr->term.d_ptr;
767	type=dptr->type;
768	name=abac_xstrdup(dptr->name);
769	if(dptr->cond_str)
770	cond=abac_xstrdup(dptr->cond_str);
771	ptr=dptr->cond_ptr;
772	isrange=(dptr->cond_range!=NULL)?1:0;
773	break;
774	}
775	case e_yy_DTERM_PRINCIPAL:
776	{
777	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
778	type=abac_verify_term_type("principal");
779	name=abac_xstrdup(pptr->name);
780	if(pptr->cond_str)
781	cond=abac_xstrdup(pptr->cond_str);
782	ptr=pptr->cond_ptr;
783	isrange=pptr->isrange;
784	break;
785	}
786	case e_yy_DTERM_NAMED:
787	{
788	abac_yy_principal_t *pptr=curr->term.n_ptr;
789	type=pptr->type;
790	name=abac_xstrdup(get_yy_principal_name(pptr));
791	isnamed=1;
792	break;
793	}
794	case e_yy_DTERM_ANONYMOUS:
795	{
796	type=abac_verify_term_type("anonymous");
797	name=abac_xstrdup("_");
798	break;
799	}
800	}
801	abac_term_t *param=NULL;
802	if(isnamed)
803	param=abac_term_named_new(type,name);
804	else param=abac_term_new(type,name,isrange,cond,ptr);
805	if (linked)
806	abac_aspect_add_linked_param(aspect_ptr, param);
807	else
808	abac_aspect_add_param(aspect_ptr, param);
809	curr=curr->next;
810	}
811	}
812
813	static void _aspect_add_linked_terms(abac_aspect_t ptr, abac_yy_term_t terms)
814	{
815	int linked=1;
816	_aspect_add_terms(linked, ptr, terms);
817	}
818
819	static void _aspect_add_aspect_terms(abac_aspect_t ptr, abac_yy_term_t terms)
820	{
821	int linked=0;
822	_aspect_add_terms(linked, ptr, terms);
823	}
824
825	abac_aspect_t validate_intersected_tail(abac_aspect_t ptr)
826	{
827	abac_aspect_t *ret_ptr=abac_aspect_intersection_new(ptr);
828	return ret_ptr;
829	}
830
831	/* A.oset, A.role */
832	abac_aspect_t validate_head(int yytype, abac_yy_expression_t expr)
833	{
834	abac_yy_principal_t *principal=expr->principal;
835	abac_yy_roleoset_t *ptr=expr->roleoset;
836
837	char *principalname=get_yy_principal_sha(principal);
838	char *name=ptr->name;
839	abac_yy_term_t *terms=ptr->terms;
840
841	abac_aspect_t *aptr=NULL;
842	if(yytype==e_yy_OSET_TYPE)
843	aptr=abac_aspect_oset_new(principalname, name);
844	else aptr=abac_aspect_role_new(principalname, name);
845
846	if (aptr==NULL) {
847	abac_yy_set_error_code(ABAC_YY_INVALID_HEAD);
848	goto error;
849	}
850
851	// insert the params for the oset
852	if(terms) {
853	_aspect_add_aspect_terms(aptr, terms);
854	}
855	return aptr;
856
857	error:
858	return NULL;
859	}
860
861	abac_aspect_t validate_head_oset(abac_yy_expression_t expr)
862	{
863	return validate_head(e_yy_OSET_TYPE,expr);
864	}
865
866	abac_aspect_t validate_head_role(abac_yy_expression_t expr)
867	{
868	return validate_head(e_yy_ROLE_TYPE,expr);
869	}
870
871	/*****************************************************************************/
872	/* B */
873	abac_aspect_t validate_named_tail(int yytype, abac_yy_expression_t expr)
874	{
875	abac_yy_principal_t *principal=expr->principal;
876	char *principalname=get_yy_principal_sha(principal);
877
878	abac_aspect_t *ptr=NULL;
879	if(yytype==e_yy_OSET_TYPE)
880	ptr=abac_aspect_oset_principal_new(principalname);
881	else ptr=abac_aspect_role_principal_new(principalname);
882	if (ptr==NULL)
883	goto error;
884	return ptr;
885
886	error:
887	panic("can not generate a simple named tail oset aspect");
888	return NULL;
889	}
890
891
892	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
893	abac_aspect_t validate_object_tail(int yytype,abac_yy_expression_t expr)
894	{
895	abac_yy_term_data_t *object=get_yy_expression_object(expr);
896	assert(object != NULL);
897
898	char *name=object->name;
899	int type=object->type;
900	char *cond=object->cond_str;
901	void *ptr=object->cond_ptr;
902	int isrange=(object->cond_range!=NULL)?1:0;
903	abac_term_t *term=abac_term_new(type,name,isrange,cond,ptr);
904	abac_aspect_t *aptr=NULL;
905	if(yytype==e_yy_OSET_TYPE)
906	aptr=abac_aspect_oset_object_new(term);
907	else
908	goto error; /* can not be a role expression with obj */
909	if (aptr==NULL)
910	goto error;
911	return aptr;
912
913	error:
914	panic("can not generate a simple object tail oset aspect");
915	return NULL;
916	}
917
918
919	/* B.role or B.oset */
920	abac_aspect_t validate_some_tail(int yytype, abac_yy_expression_t expr)
921	{
922	abac_yy_principal_t *principal=expr->principal;
923	abac_yy_roleoset_t *eptr=expr->roleoset;
924
925	char *principalname=get_yy_principal_sha(principal);
926	char *name=eptr->name;
927	abac_yy_term_t *terms=eptr->terms;
928
929	abac_aspect_t *ptr=NULL;
930	if(yytype==e_yy_OSET_TYPE)
931	ptr=abac_aspect_oset_new(principalname, name);
932	else
933	ptr=abac_aspect_role_new(principalname, name);
934	if (ptr==NULL)
935	goto error;
936
937	if(terms) {
938	_aspect_add_aspect_terms(ptr, terms);
939	}
940	return ptr;
941
942	error:
943	panic("can not generate a simple tail aspect");
944	return NULL;
945	}
946
947	/* B.role.role or B.role.oset */
948	abac_aspect_t validate_linked_tail(int yytype, abac_yy_expression_t expr)
949	{
950	abac_yy_principal_t *principal=expr->principal;
951
952	abac_yy_roleoset_t *eptr=expr->roleoset;
953	abac_yy_roleoset_t *linked_role=expr->linked_role;
954
955	char *principalname=get_yy_principal_sha(principal);
956	char *name=eptr->name;
957	abac_yy_term_t *terms=eptr->terms;
958
959	char *linkedrolename=linked_role->name;
960	abac_yy_term_t *linked_terms=linked_role->terms;
961
962	abac_aspect_t *ptr=NULL;
963	if(yytype==e_yy_OSET_TYPE)
964	ptr=abac_aspect_oset_linking_new(principalname,
965	linkedrolename, name);
966	else ptr=abac_aspect_role_linking_new(principalname,
967	linkedrolename, name);
968	if (ptr==NULL)
969	goto error;
970
971	if(linked_terms) {
972	_aspect_add_linked_terms(ptr, linked_terms);
973	}
974	if(terms) {
975	_aspect_add_aspect_terms(ptr, terms);
976	}
977
978	return ptr;
979
980	error:
981	panic("can not generate linked tail oset");
982	return NULL;
983	}
984
985
986	/**********************************************************************/
987
988	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
989	abac_yy_expression_t *tailexpr)
990	{
991	abac_aspect_t *head_oset=NULL;
992	abac_aspect_t *tail_oset=NULL;
993
994	/* build up left side's abac oset structure */
995	head_oset=validate_head(e_yy_OSET_TYPE, headexpr);
996	if(head_oset == NULL)
997	goto error;
998
999	/* build up the right side's abac oset structure */
1000	abac_yy_expression_t *curr_tail = tailexpr;
1001	int intersecting=(tailexpr->next != NULL)? 1:0;
1002	abac_aspect_t *curr_oset = NULL;
1003	while (curr_tail) {
1004	switch(curr_tail->type) {
1005	case e_yy_EXPR_OBJECT:
1006	curr_oset=validate_object_tail(e_yy_OSET_TYPE,curr_tail);
1007	break;
1008	case e_yy_EXPR_NAMED:
1009	curr_oset=validate_named_tail(e_yy_OSET_TYPE,curr_tail);
1010	break;
1011	case e_yy_EXPR_OSET:
1012	curr_oset=validate_some_tail(e_yy_OSET_TYPE,curr_tail);
1013	break;
1014	case e_yy_EXPR_LINKED:
1015	curr_oset=validate_linked_tail(e_yy_OSET_TYPE,curr_tail);
1016	break;
1017	}
1018	if(curr_oset==NULL)
1019	goto error;
1020
1021	/* check if first one */
1022	if(tail_oset==NULL) {
1023	if(intersecting)
1024	tail_oset=validate_intersected_tail(curr_oset);
1025	else
1026	tail_oset=curr_oset;
1027	} else {
1028	abac_aspect_add_intersecting_aspect(tail_oset,curr_oset);
1029	}
1030	curr_tail=curr_tail->next;
1031	} /* while */
1032
1033	preprocess_pl_head(head_oset);
1034	preprocess_pl_tail(tail_oset);
1035
1036	/* XXX collect up type clauses, constraint clauses and
1037	generate rule clauses */
1038	abac_list_t *tmp=generate_pl_clauses(head_oset,tail_oset);
1039	if(tmp == NULL)
1040	goto error;
1041
1042	if(debug) {
1043	printf("aspect head_oset: ");
1044	abac_print_aspect_string_with_condition(head_oset,NULL);
1045	printf("\n");
1046	printf("aspect tail_oset: ");
1047	abac_print_aspect_string_with_condition(tail_oset,NULL);
1048	printf("\n");
1049	}
1050
1051	_free_yy_expression(headexpr);
1052	_free_yy_expression(tailexpr);
1053	abac_rule_head_aspect=head_oset;
1054	abac_rule_tail_aspect=tail_oset;
1055	abac_rule_is_oset=1;
1056	return tmp;
1057
1058	error:
1059	_free_yy_expression(headexpr);
1060	_free_yy_expression(tailexpr);
1061	if(head_oset)
1062	abac_aspect_free(head_oset);
1063	if(tail_oset)
1064	abac_aspect_free(tail_oset);
1065	return NULL;
1066	}
1067
1068	/*****************************************************************************/
1069	abac_list_t validate_range(abac_list_t ptr)
1070	{
1071	abac_list_t *nlist=abac_list_new();
1072
1073	abac_item_t *nitem;
1074	abac_yy_range_t *cur;
1075	char *val;
1076	int type;
1077	abac_list_foreach(ptr, cur,
1078	if(cur) {
1079	type=cur->type;
1080	val=cur->val;
1081	if(type==e_yy_RANGE_MIN) nitem=abac_item_new(abac_min_item_type(),val);
1082	if(type==e_yy_RANGE_MAX) nitem=abac_item_new(abac_max_item_type(),val);
1083	if(type==e_yy_RANGE_TARGET) nitem=abac_item_new(abac_target_item_type(),val);
1084	abac_list_add(nlist,nitem);
1085	}
1086	);
1087	return nlist;
1088	}
1089
1090	/****************************************************************/
1091	void make_yy_range_constraint(abac_yy_term_data_t *ptr)
1092	{
1093	if(is_yy_term_data_type_numeric(ptr) \|\|
1094	is_yy_term_data_type_alpha(ptr) \|\|
1095	is_yy_term_data_type_time(ptr)) {
1096	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1097	if(rlist) {
1098	abac_list_t *nlist=validate_range(rlist);
1099	set_yy_term_data_cond_ptr(ptr,nlist);
1100	}
1101	}
1102	}
1103	/*****************************************************************************/
1104	/* build up the abac structure and also create the yap clause
1105	and insert it into db */
1106	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1107	abac_yy_expression_t *tailexpr)
1108	{
1109	abac_aspect_t *head_role=NULL;
1110	abac_aspect_t *tail_role=NULL;
1111
1112	/* build up left side's abac role structure */
1113	head_role=validate_head(e_yy_ROLE_TYPE,headexpr);
1114	if(head_role == NULL)
1115	goto error;
1116
1117	/* build up the right side's abac role structure */
1118	abac_yy_expression_t *curr_tail = tailexpr;
1119	int intersecting=(tailexpr->next != NULL)? 1:0;
1120	abac_aspect_t *curr_role = NULL;
1121	while (curr_tail) {
1122	switch(curr_tail->type) {
1123	case e_yy_EXPR_NAMED:
1124	curr_role=validate_named_tail(e_yy_ROLE_TYPE,curr_tail);
1125	break;
1126	case e_yy_EXPR_ROLE:
1127	curr_role=validate_some_tail(e_yy_ROLE_TYPE,curr_tail);
1128	break;
1129	case e_yy_EXPR_LINKED:
1130	curr_role=validate_linked_tail(e_yy_ROLE_TYPE,curr_tail);
1131	break;
1132	}
1133	if(curr_role==NULL)
1134	goto error;
1135
1136	/* check if first one */
1137	if(tail_role==NULL) {
1138	if(intersecting)
1139	tail_role=validate_intersected_tail(curr_role);
1140	else
1141	tail_role=curr_role;
1142	} else {
1143	abac_aspect_add_intersecting_aspect(tail_role,curr_role);
1144	}
1145	curr_tail=curr_tail->next;
1146	} /* while */
1147
1148	preprocess_pl_head(head_role);
1149	preprocess_pl_tail(tail_role);
1150
1151	/* collect up type clauses, constraint clauses and
1152	generate the final rule clauses */
1153	abac_list_t *tmp=generate_pl_clauses(head_role,tail_role);
1154	if(tmp == NULL)
1155	goto error;
1156
1157	if(debug) {
1158	printf("aspect head_role: ");
1159	abac_print_aspect_string_with_condition(head_role,NULL);
1160	printf("\n");
1161	printf("aspect tail_role: ");
1162	abac_print_aspect_string_with_condition(tail_role,NULL);
1163	printf("\n");
1164	}
1165
1166	_free_yy_expression(headexpr);
1167	_free_yy_expression(tailexpr);
1168	abac_rule_head_aspect=head_role;
1169	abac_rule_tail_aspect=tail_role;
1170	abac_rule_is_oset=0;
1171	return tmp;
1172
1173	error:
1174	_free_yy_expression(headexpr);
1175	_free_yy_expression(tailexpr);
1176	if(head_role)
1177	abac_aspect_free(head_role);
1178	if(tail_role)
1179	abac_aspect_free(tail_role);
1180	return NULL;
1181	}
1182
1183	/************************************************************************/
1184	void abac_yy_init()
1185	{
1186	abac_yyinit();
1187	abac_yy_init_rule_id_clauses();
1188	}
1189
1190

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac_pl_yy.c @ 2efdff5

Download in other formats: