Context Navigation

source: libabac/abac_pl_yy.c @ 440ba20

mei_rt2mei_rt2_fix_1

Last change on this file since 440ba20 was 440ba20, checked in by Mei <mei@…>, 12 years ago

1) wrap up refactoring to move all the code gen to abac structure
2) all original testsuite passed
3) add couple more ui calls in abac.hh ie. manage constraint's

creation, hook to dump yap db.

Property mode set to 100644

File size: 30.7 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	int using_this=0;
14
15	extern void panic(char*);
16
17	/* from abac_pl_gen.c */
18	extern abac_list_t generate_pl_clauses(abac_aspect_t , abac_aspect_t *);
19
20	/* from rt2.y */
21	extern void abac_yyinit();
22
23	int abac_yy_error_code = 0; /* keeping last error code */
24
25	int abac_rule_is_oset=0;
26	abac_list_t *abac_rule_clauses=NULL;
27	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
28	abac_aspect_t *abac_rule_head_aspect=NULL;
29	abac_aspect_t *abac_rule_tail_aspect=NULL;
30
31
32	/* structure to hold the range information
33	within a static constraints on few types of
34	oset types
35	[a..b], [a..], [..b], [a],[a,b],[many a]
36	e_yy_RANGE_MIN=1;
37	e_yy_RANGE_MAX=2;
38	e_yy_RANGE_TARGET=3;
39	*/
40	typedef struct _abac_yy_range_t {
41	int type;
42	char *val;
43	} abac_yy_range_t;
44
45	/* local principal structure [keyid:USC] */
46	struct _abac_yy_principal_t {
47	int type;
48	char *sha; // sha is null when this is of object type
49	char *cn;
50	};
51
52	/* [principal:?Z]:..., must match a principal name */
53	struct _abac_yy_term_principal_t {
54	int type; /* this needs to be implicitly determined */
55	int is_anonymous;
56	char *name;
57	int isrange;
58	char *cond_str; // range string ??? not sure if this is possible
59	void *cond_ptr; // ptr to a saved abac_aspect_t or a list(item_t)
60	abac_yy_expression_t *cond_head_expr;
61	};
62
63	/* integer,float,time,urn,string types,
64	if has condition, then it is a variable,
65	ie,
66	[int:?Year]:<1930..1932>,
67	if no condition, then it is a constant,
68	ie,
69	[int:10]
70	*/
71	struct _abac_yy_term_data_t {
72	int is_variable;
73	int is_anonymous;
74	int type;
75	char *name;
76	char *cond_str; // range string
77	void *cond_ptr; // ptr to a saved abac_aspect_t
78	abac_list_t *cond_range;
79	abac_yy_expression_t *cond_head_expr; // parking stub
80	};
81
82	/* local term structure, will distinguish it in the future */
83	/* e_yy_DTERM_DATA, all other types
84	e_yy_DTERM_NAMED, keyid:bob
85	e_yy_DTERM_PRINCIPAL, principal:?P
86	e_yy_DTERM_ANONYMOUS ? */
87	struct _abac_yy_term_t {
88	union {
89	abac_yy_principal_t *n_ptr;
90	abac_yy_term_principal_t *p_ptr;
91	abac_yy_term_data_t *d_ptr;
92	} term;
93	int type;
94	struct _abac_yy_term_t *next;
95	int bcnt; /* this is to track number of terms in this linked up list */
96	};
97
98	/* local role/oset structure,
99	e_yy_NULL_TYPE, e_yy_ROLE_TYPE, e_yy_OSET_TYPE
100	*/
101	struct _abac_yy_roleoset_t {
102	int type;
103	char *name;
104	abac_yy_term_t *terms;
105	struct _abac_yy_roleoset_t *next;
106	int bcnt; /* this is to track number of roles in this linked up list */
107	};
108
109
110	/* A, A.r, A.r.r */
111	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
112	/* A/obj, A.o, A.r.o */
113	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
114	struct _abac_yy_expression_t {
115	int type;
116	union {
117	abac_yy_principal_t *principal;
118	abac_yy_term_data_t *object;
119	};
120	abac_yy_roleoset_t *linked_role;
121	abac_yy_roleoset_t *roleoset;
122
123	struct _abac_yy_expression_t *next;
124	int bcnt;
125	};
126
127	static void _free_yy_expression(abac_yy_expression_t *);
128
129	/************************************************************************/
130	void abac_yy_set_error_code(int v)
131	{
132	abac_yy_error_code=v;
133	}
134
135	/************************************************************************/
136	abac_stack_t *abac_yy_get_rule_id_clauses()
137	{
138	return abac_rule_id_clauses;
139	}
140
141	abac_stack_t *abac_yy_init_rule_id_clauses()
142	{
143	abac_rule_id_clauses=abac_stack_new();
144	return abac_rule_id_clauses;
145	}
146
147	void abac_yy_free_rule_id_clauses()
148	{
149	if (abac_rule_id_clauses != NULL)
150	abac_stack_free(abac_rule_id_clauses);
151	}
152
153	void abac_yy_set_rule_clauses(abac_list_t *clauses)
154	{
155	abac_rule_clauses=clauses;
156	if(debug) {
157	printf("printing out abac_rule_clauses:\n");
158	abac_print_clauses(abac_rule_clauses,NULL);
159	}
160	}
161
162	abac_list_t *abac_yy_get_rule_clauses()
163	{
164	return abac_rule_clauses;
165	}
166
167	void abac_yy_free_rule_clauses()
168	{
169	if (abac_rule_clauses != NULL) {
170	abac_pl_free_id_certs();
171	abac_list_free(abac_rule_clauses);
172	}
173	}
174
175	bool abac_yy_get_rule_is_oset()
176	{
177	return abac_rule_is_oset;
178	}
179
180	abac_aspect_t *abac_yy_get_rule_head_aspect()
181	{
182	return abac_rule_head_aspect;
183	}
184
185	abac_aspect_t *abac_yy_get_rule_tail_aspect()
186	{
187	return abac_rule_tail_aspect;
188	}
189
190
191	/************************************************************************/
192	static void _free_yy_cond_range(abac_list_t *ptr)
193	{
194	if (ptr != NULL) {
195	abac_yy_range_t *cur;
196	abac_list_foreach(ptr, cur,
197	if(cur && cur->val) free(cur->val);
198	free(cur);
199	);
200	abac_list_free(ptr);
201	}
202	}
203
204	static char _string_yy_cond_range(abac_list_t ptr)
205	{
206	assert(ptr);
207	char *tmp=NULL;
208	char *min=NULL;
209	char *max=NULL;
210	char *val=NULL;
211	int type;
212
213	abac_yy_range_t *cur;
214	abac_list_foreach(ptr, cur,
215	type=cur->type;
216	switch (type) {
217	case e_yy_RANGE_MIN:
218	min=abac_xstrdup(cur->val);
219	break;
220	case e_yy_RANGE_MAX:
221	max=abac_xstrdup(cur->val);
222	break;
223	case e_yy_RANGE_TARGET:
224	if(val)
225	asprintf(&val,"%s,%s",val,cur->val);
226	else val=abac_xstrdup(cur->val);
227	break;
228	}
229	);
230	if(max && min) {
231	asprintf(&tmp,"[%s..%s]",min,max);
232	free(max);
233	free(min);
234	return tmp;
235	}
236	if(max) {
237	asprintf(&tmp,"[..%s]",max);
238	free(max);
239	return tmp;
240	}
241	if(min) {
242	asprintf(&tmp,"[%s..]",min);
243	free(min);
244	return tmp;
245	}
246	if(val) {
247	asprintf(&tmp,"[%s]",val);
248	free(val);
249	return tmp;
250	}
251	return NULL;
252	}
253
254	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
255	{
256	abac_yy_range_t *range=
257	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
258	range->type=e_yy_RANGE_TARGET;
259	range->val=abac_xstrdup(val);
260	abac_list_add(ptr, range);
261	return ptr;
262	}
263
264	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
265	{
266	abac_yy_range_t *range=
267	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
268	range->type=type;
269	range->val=abac_xstrdup(val);
270	abac_list_add(ptr, range);
271	return ptr;
272	}
273
274	abac_list_t make_yy_val_range(char val)
275	{
276	abac_list_t *ptr=abac_list_new();
277	add_yy_val_range(ptr,val);
278	return ptr;
279	}
280
281	abac_list_t make_yy_minmax_range(char min, char *max)
282	{
283	abac_list_t *ptr=abac_list_new();
284	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
285	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
286	return ptr;
287	}
288
289	abac_list_t make_yy_min_range(char min)
290	{
291	abac_list_t *ptr=abac_list_new();
292	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
293	return ptr;
294	}
295
296	abac_list_t make_yy_max_range(char max)
297	{
298	abac_list_t *ptr=abac_list_new();
299	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
300	return ptr;
301	}
302
303	/***********************************************************************/
304	abac_yy_term_data_t *make_yy_term_data()
305	{
306	abac_yy_term_data_t *ptr=
307	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
308	ptr->name=NULL;
309	ptr->type=0;
310	ptr->is_variable=0;
311	ptr->is_anonymous=0;
312	ptr->cond_str=NULL;
313	ptr->cond_head_expr=NULL;
314	ptr->cond_ptr=NULL;
315	ptr->cond_range=NULL;
316	return ptr;
317	}
318
319	void set_yy_term_data_name(abac_yy_term_data_t ptr, char name)
320	{
321	ptr->name=abac_xstrdup(name);
322	}
323
324	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
325	{
326	return ptr->cond_range;
327	}
328
329	char get_yy_term_data_name(abac_yy_term_data_t ptr)
330	{
331	return ptr->name;
332	}
333
334	bool is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
335	{
336	if(ptr->cond_head_expr != NULL)
337	return 1;
338	if(ptr->cond_range != NULL)
339	return 1;
340	return 0;
341	}
342
343	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
344	abac_list_t *range)
345	{
346	ptr->cond_range=range;
347	}
348
349	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
350	abac_yy_expression_t *expr)
351	{
352	ptr->cond_head_expr=expr;
353	}
354
355	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
356	{
357	return ptr->cond_head_expr;
358	}
359
360	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
361	{
362	int type=abac_verify_term_type(typestr);
363	ptr->type=type;
364	}
365
366	void set_yy_term_data_is_anonymous(abac_yy_term_data_t *ptr)
367	{
368	ptr->is_anonymous=1;
369	}
370
371	bool is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
372	{
373	if(ptr->type==abac_verify_term_type("integer") \|\|
374	ptr->type==abac_verify_term_type("float"))
375	return 1;
376	return 0;
377	}
378
379	bool is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
380	{
381	if(ptr->type==abac_verify_term_type("time"))
382	return 1;
383	return 0;
384	}
385
386	bool is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
387	{
388	if(ptr->type==abac_verify_term_type("string") \|\|
389	ptr->type==abac_verify_term_type("urn") \|\|
390	ptr->type==abac_verify_term_type("boolean"))
391	return 1;
392	return 0;
393	}
394
395	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
396	{
397	ptr->cond_ptr=vptr;
398	}
399
400	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
401	{
402	ptr->cond_str=abac_xstrdup(cond);
403	}
404
405	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
406	{
407	ptr->is_variable=1;
408	}
409
410	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
411	{
412	return ptr->is_variable;
413	}
414
415	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
416	{
417	free(ptr->name);
418	if(ptr->cond_str)
419	free(ptr->cond_str);
420	if(ptr->cond_head_expr)
421	_free_yy_expression(ptr->cond_head_expr);
422	if(ptr->cond_range);
423	_free_yy_cond_range(ptr->cond_range);
424	free(ptr);
425	}
426
427	abac_yy_term_principal_t *make_yy_term_principal()
428	{
429	abac_yy_term_principal_t *ptr=
430	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
431	ptr->type=0;/* this is not known */
432	ptr->is_anonymous=0;
433	ptr->name=NULL;
434	ptr->isrange=0;
435	ptr->cond_str=NULL;
436	ptr->cond_ptr=NULL;
437	ptr->cond_head_expr=NULL;
438	return ptr;
439	}
440
441	static void _set_using_this()
442	{
443	using_this=1;
444	}
445
446	void set_yy_term_principal_isrange(abac_yy_term_principal_t *ptr, int isrange)
447	{
448	ptr->isrange=isrange;
449	}
450
451	void set_yy_term_principal_name(abac_yy_term_principal_t ptr, char name)
452	{
453	/* handle special case when the name=this, change it to This */
454	if(strcmp(name,"this")==0) {
455	ptr->name=abac_xstrdup("This");
456	_set_using_this();
457	} else ptr->name=abac_xstrdup(name);
458	}
459
460	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
461	{
462	ptr->cond_ptr=vptr;
463	}
464
465	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
466	{
467	ptr->cond_str=abac_xstrdup(cond);
468	}
469
470	void set_yy_term_principal_is_anonymous(abac_yy_term_principal_t *ptr)
471	{
472	ptr->is_anonymous=1;
473	}
474
475	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
476	{
477	return ptr->cond_head_expr;
478	}
479
480	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
481	abac_yy_expression_t *expr)
482	{
483	ptr->cond_head_expr=expr;
484	}
485
486	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
487	{
488	free(ptr->name);
489	if(ptr->cond_str)
490	free(ptr->cond_str);
491	if(ptr->cond_head_expr)
492	_free_yy_expression(ptr->cond_head_expr);
493	free(ptr);
494	}
495
496	abac_yy_term_t *make_yy_term_dterm_anonymous()
497	{
498	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
499	ptr->type = e_yy_DTERM_ANONYMOUS;
500	ptr->next=NULL;
501	ptr->bcnt=1;
502	return ptr;
503	}
504
505	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
506	{
507	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
508	if(pptr->is_anonymous)
509	ptr->type = e_yy_DTERM_ANONYMOUS;
510	else ptr->type = e_yy_DTERM_PRINCIPAL;
511	ptr->term.p_ptr=pptr;
512	ptr->next=NULL;
513	ptr->bcnt=1;
514	return ptr;
515	}
516
517	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
518	{
519	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
520	ptr->type = e_yy_DTERM_NAMED;
521	ptr->term.n_ptr=nptr;
522	ptr->next=NULL;
523	ptr->bcnt=1;
524	return ptr;
525	}
526
527	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
528	{
529	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
530
531	if(dptr->is_anonymous)
532	ptr->type = e_yy_DTERM_ANONYMOUS;
533	else ptr->type = e_yy_DTERM_DATA;
534	ptr->term.d_ptr=dptr;
535	ptr->next=NULL;
536	ptr->bcnt=1;
537	return ptr;
538	}
539
540	/****************************************************************************/
541	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
542	{
543	abac_yy_principal_t *ptr=
544	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
545	/* add p to yyparse's principal */
546	if(sha) ptr->sha=abac_xstrdup(sha);
547	else ptr->sha=NULL;
548	if(cn) ptr->cn=abac_xstrdup(cn);
549	else ptr->cn=NULL;
550	ptr->type=type;
551	return ptr;
552	}
553
554	static void _free_yy_principal(abac_yy_principal_t *ptr)
555	{
556	if(ptr->sha) free(ptr->sha);
557	if(ptr->cn) free(ptr->cn);
558	free(ptr);
559	}
560
561	int get_yy_principal_type(abac_yy_principal_t *ptr)
562	{
563	return ptr->type;
564	}
565
566	char get_yy_principal_name(abac_yy_principal_t ptr)
567	{
568	if(USE("ABAC_CN") && ptr->cn)
569	return ptr->cn;
570	return ptr->sha;
571	}
572
573	char get_yy_principal_cn(abac_yy_principal_t ptr)
574	{
575	return ptr->cn;
576	}
577
578	char get_yy_principal_sha(abac_yy_principal_t ptr)
579	{
580	return ptr->sha;
581	}
582
583	/*************************************************************************/
584
585	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
586	{
587	int i=terms->bcnt;
588	nterm->next=terms;
589	nterm->bcnt=i+1;
590	return nterm;
591	}
592
593	static void _free_yy_term(abac_yy_term_t *ptr)
594	{
595	switch (ptr->type) {
596	case e_yy_DTERM_DATA:
597	_free_yy_term_data(ptr->term.d_ptr);
598	break;
599	case e_yy_DTERM_NAMED:
600	_free_yy_principal(ptr->term.n_ptr);
601	break;
602	case e_yy_DTERM_PRINCIPAL:
603	_free_yy_term_principal(ptr->term.p_ptr);
604	break;
605	case e_yy_DTERM_ANONYMOUS:
606	break;
607	}
608	if(ptr->next)
609	_free_yy_term(ptr->next);
610	free(ptr);
611	}
612
613	/*************************************************************************/
614	abac_yy_roleoset_t make_yy_roleoset_role(char name, abac_yy_term_t *terms)
615	{
616	abac_yy_roleoset_t *ptr=
617	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
618	ptr->name=abac_xstrdup(name);
619	ptr->terms=terms;
620	ptr->next=NULL;
621	ptr->bcnt=1;
622	ptr->type=e_yy_ROLE_TYPE;
623	return ptr;
624	}
625
626	static void _free_yy_roleoset(abac_yy_roleoset_t *ptr)
627	{
628	free(ptr->name);
629	if(ptr->terms)
630	_free_yy_term(ptr->terms);
631	if(ptr->next)
632	_free_yy_roleoset(ptr->next);
633	free(ptr);
634	}
635
636	/***************************************************************************/
637	abac_yy_roleoset_t make_yy_roleoset_oset(char name, abac_yy_term_t *terms)
638	{
639	abac_yy_roleoset_t *ptr=
640	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
641	ptr->name=abac_xstrdup(name);
642	ptr->terms=terms;
643	ptr->next=NULL;
644	ptr->bcnt=1;
645	ptr->type=e_yy_OSET_TYPE;
646	return ptr;
647	}
648
649	/***************************************************************************/
650
651	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
652
653	abac_yy_expression_t make_yy_expression(int type,void pptr,
654	abac_yy_roleoset_t optr, abac_yy_roleoset_t linked_role)
655	{
656	abac_yy_expression_t *ptr=
657	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
658	ptr->type = type;
659	if(type == e_yy_EXPR_OBJECT) {
660	ptr->object=(abac_yy_term_data_t *)pptr;
661	} else {
662	ptr->principal = (abac_yy_principal_t *)pptr;
663	}
664	ptr->roleoset = optr;
665	ptr->linked_role=linked_role;
666	ptr->next=NULL;
667
668	return ptr;
669	}
670
671	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
672	{
673	if(ptr->type == e_yy_EXPR_OBJECT)
674	return ptr->object;
675	return NULL;
676	}
677
678	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
679	abac_yy_expression_t *exprs)
680	{
681	int i=exprs->bcnt;
682	nexpr->next=exprs;
683	nexpr->bcnt=i+1;
684	return nexpr;
685	}
686
687	static void _free_yy_expression(abac_yy_expression_t *ptr)
688	{
689	if(ptr->type == e_yy_EXPR_OBJECT) {
690	if(ptr->object)
691	_free_yy_term_data(ptr->object);
692	} else {
693	if(ptr->principal)
694	_free_yy_principal(ptr->principal);
695	}
696	if(ptr->roleoset) _free_yy_roleoset(ptr->roleoset);
697	if(ptr->linked_role)
698	_free_yy_roleoset(ptr->linked_role);
699	if(ptr->next)
700	_free_yy_expression(ptr->next);
701
702	free(ptr);
703	}
704
705	/***************************************************************************/
706	/* add the oset condition to constraint list */
707	void make_yy_oset_constraint(abac_yy_term_data_t ptr, char tail_string)
708	{
709	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
710	if(head_expr) {
711	abac_aspect_t *head_aspect=validate_head(e_yy_OSET_TYPE,head_expr);
712	if(head_aspect != NULL) {
713	if(debug) printf("make_yy_oset_constraint..\n");
714	set_yy_term_data_cond_ptr(ptr,head_aspect);
715	}
716	}
717	}
718
719	/* add the role condition to constraint list */
720	void make_yy_role_constraint(abac_yy_term_principal_t ptr, char tail_string)
721	{
722	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
723	if(head_expr) {
724	abac_aspect_t *head_aspect=validate_head(e_yy_ROLE_TYPE,head_expr);
725	if(head_aspect != NULL) {
726	if(debug) printf("make_yy_role_constraint..\n");
727	set_yy_term_principal_cond_ptr(ptr,head_aspect);
728	set_yy_term_principal_isrange(ptr,0);
729	}
730	}
731	}
732
733
734	/****************************************************************/
735	static void _aspect_add_terms(int linked, abac_aspect_t *aspect_ptr,
736	abac_yy_term_t *terms)
737	{
738	abac_yy_term_t *curr = terms;
739	int type;
740	int isnamed;
741	int isrange;
742	char *name;
743	char *cond;
744	void *ptr;
745
746	while (curr) {
747	name=NULL;
748	cond=NULL;
749	ptr=NULL;
750	isnamed=0;
751	isrange=0;
752	switch (curr->type) {
753	case e_yy_DTERM_DATA:
754	{
755	abac_yy_term_data_t *dptr=curr->term.d_ptr;
756	type=dptr->type;
757	name=abac_xstrdup(dptr->name);
758	if(dptr->cond_str)
759	cond=abac_xstrdup(dptr->cond_str);
760	ptr=dptr->cond_ptr;
761	isrange=(dptr->cond_range!=NULL)?1:0;
762	break;
763	}
764	case e_yy_DTERM_PRINCIPAL:
765	{
766	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
767	type=abac_verify_term_type("principal");
768	name=abac_xstrdup(pptr->name);
769	if(pptr->cond_str)
770	cond=abac_xstrdup(pptr->cond_str);
771	ptr=pptr->cond_ptr;
772	isrange=pptr->isrange;
773	break;
774	}
775	case e_yy_DTERM_NAMED:
776	{
777	abac_yy_principal_t *pptr=curr->term.n_ptr;
778	type=pptr->type;
779	name=abac_xstrdup(get_yy_principal_name(pptr));
780	isnamed=1;
781	break;
782	}
783	case e_yy_DTERM_ANONYMOUS:
784	{
785	type=abac_verify_term_type("anonymous");
786	name=abac_xstrdup("_");
787	break;
788	}
789	}
790	abac_term_t *param=NULL;
791	if(isnamed)
792	param=abac_term_named_new(type,name);
793	else param=abac_term_new(type,name,isrange,cond,ptr);
794	if (linked)
795	abac_aspect_add_linked_param(aspect_ptr, param);
796	else
797	abac_aspect_add_param(aspect_ptr, param);
798	curr=curr->next;
799	}
800	}
801
802	static void _aspect_add_linked_terms(abac_aspect_t ptr, abac_yy_term_t terms)
803	{
804	int linked=1;
805	_aspect_add_terms(linked, ptr, terms);
806	}
807
808	static void _aspect_add_aspect_terms(abac_aspect_t ptr, abac_yy_term_t terms)
809	{
810	int linked=0;
811	_aspect_add_terms(linked, ptr, terms);
812	}
813
814	abac_aspect_t validate_intersected_tail(abac_aspect_t ptr)
815	{
816	abac_aspect_t *ret_ptr=abac_aspect_intersection_new(ptr);
817	return ret_ptr;
818	}
819
820	/* A.oset, A.role */
821	abac_aspect_t validate_head(int yytype, abac_yy_expression_t expr)
822	{
823	abac_yy_principal_t *principal=expr->principal;
824	abac_yy_roleoset_t *ptr=expr->roleoset;
825
826	char *principalname=get_yy_principal_sha(principal);
827	char *name=ptr->name;
828	abac_yy_term_t *terms=ptr->terms;
829
830	abac_aspect_t *aptr=NULL;
831	if(yytype==e_yy_OSET_TYPE)
832	aptr=abac_aspect_oset_new(principalname, name);
833	else aptr=abac_aspect_role_new(principalname, name);
834
835	if (aptr==NULL) {
836	abac_yy_set_error_code(ABAC_YY_INVALID_HEAD);
837	goto error;
838	}
839
840	// insert the params for the oset
841	if(terms) {
842	_aspect_add_aspect_terms(aptr, terms);
843	}
844	return aptr;
845
846	error:
847	return NULL;
848	}
849
850	abac_aspect_t validate_head_oset(abac_yy_expression_t expr)
851	{
852	return validate_head(e_yy_OSET_TYPE,expr);
853	}
854
855	abac_aspect_t validate_head_role(abac_yy_expression_t expr)
856	{
857	return validate_head(e_yy_ROLE_TYPE,expr);
858	}
859
860	/*****************************************************************************/
861	/* B */
862	abac_aspect_t validate_named_tail(int yytype, abac_yy_expression_t expr)
863	{
864	abac_yy_principal_t *principal=expr->principal;
865	char *principalname=get_yy_principal_sha(principal);
866
867	abac_aspect_t *ptr=NULL;
868	if(yytype==e_yy_OSET_TYPE)
869	ptr=abac_aspect_oset_principal_new(principalname);
870	else ptr=abac_aspect_role_principal_new(principalname);
871	if (ptr==NULL)
872	goto error;
873	return ptr;
874
875	error:
876	panic("can not generate a simple named tail oset aspect");
877	return NULL;
878	}
879
880
881	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
882	abac_aspect_t validate_object_tail(int yytype,abac_yy_expression_t expr)
883	{
884	abac_yy_term_data_t *object=get_yy_expression_object(expr);
885	assert(object != NULL);
886
887	char *name=object->name;
888	int type=object->type;
889	char *cond=object->cond_str;
890	void *ptr=object->cond_ptr;
891	int isrange=(object->cond_range!=NULL)?1:0;
892	abac_term_t *term=abac_term_new(type,name,isrange,cond,ptr);
893	abac_aspect_t *aptr=NULL;
894	if(yytype==e_yy_OSET_TYPE)
895	aptr=abac_aspect_oset_object_new(term);
896	else
897	goto error; /* can not be a role expression with obj */
898	if (aptr==NULL)
899	goto error;
900	return aptr;
901
902	error:
903	panic("can not generate a simple object tail oset aspect");
904	return NULL;
905	}
906
907
908	/* B.role or B.oset */
909	abac_aspect_t validate_some_tail(int yytype, abac_yy_expression_t expr)
910	{
911	abac_yy_principal_t *principal=expr->principal;
912	abac_yy_roleoset_t *eptr=expr->roleoset;
913
914	char *principalname=get_yy_principal_sha(principal);
915	char *name=eptr->name;
916	abac_yy_term_t *terms=eptr->terms;
917
918	abac_aspect_t *ptr=NULL;
919	if(yytype==e_yy_OSET_TYPE)
920	ptr=abac_aspect_oset_new(principalname, name);
921	else
922	ptr=abac_aspect_role_new(principalname, name);
923	if (ptr==NULL)
924	goto error;
925
926	if(terms) {
927	_aspect_add_aspect_terms(ptr, terms);
928	}
929	return ptr;
930
931	error:
932	panic("can not generate a simple tail aspect");
933	return NULL;
934	}
935
936	/* B.role.role or B.role.oset */
937	abac_aspect_t validate_linked_tail(int yytype, abac_yy_expression_t expr)
938	{
939	abac_yy_principal_t *principal=expr->principal;
940
941	abac_yy_roleoset_t *eptr=expr->roleoset;
942	abac_yy_roleoset_t *linked_role=expr->linked_role;
943
944	char *principalname=get_yy_principal_sha(principal);
945	char *name=eptr->name;
946	abac_yy_term_t *terms=eptr->terms;
947
948	char *linkedrolename=linked_role->name;
949	abac_yy_term_t *linked_terms=linked_role->terms;
950
951	abac_aspect_t *ptr=NULL;
952	if(yytype==e_yy_OSET_TYPE)
953	ptr=abac_aspect_oset_linking_new(principalname,
954	linkedrolename, name);
955	else ptr=abac_aspect_role_linking_new(principalname,
956	linkedrolename, name);
957	if (ptr==NULL)
958	goto error;
959
960	if(linked_terms) {
961	_aspect_add_linked_terms(ptr, linked_terms);
962	}
963	if(terms) {
964	_aspect_add_aspect_terms(ptr, terms);
965	}
966
967	return ptr;
968
969	error:
970	panic("can not generate linked tail oset");
971	return NULL;
972	}
973
974
975	/**********************************************************************/
976
977	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
978	abac_yy_expression_t *tailexpr)
979	{
980	abac_aspect_t *head_oset=NULL;
981	abac_aspect_t *tail_oset=NULL;
982
983	/* build up left side's abac oset structure */
984	head_oset=validate_head(e_yy_OSET_TYPE, headexpr);
985	if(head_oset == NULL)
986	goto error;
987
988	/* build up the right side's abac oset structure */
989	abac_yy_expression_t *curr_tail = tailexpr;
990	int intersecting=(tailexpr->next != NULL)? 1:0;
991	abac_aspect_t *curr_oset = NULL;
992	while (curr_tail) {
993	switch(curr_tail->type) {
994	case e_yy_EXPR_OBJECT:
995	curr_oset=validate_object_tail(e_yy_OSET_TYPE,curr_tail);
996	break;
997	case e_yy_EXPR_NAMED:
998	curr_oset=validate_named_tail(e_yy_OSET_TYPE,curr_tail);
999	break;
1000	case e_yy_EXPR_OSET:
1001	curr_oset=validate_some_tail(e_yy_OSET_TYPE,curr_tail);
1002	break;
1003	case e_yy_EXPR_LINKED:
1004	curr_oset=validate_linked_tail(e_yy_OSET_TYPE,curr_tail);
1005	break;
1006	}
1007	if(curr_oset==NULL)
1008	goto error;
1009
1010	/* check if first one */
1011	if(tail_oset==NULL) {
1012	if(intersecting)
1013	tail_oset=validate_intersected_tail(curr_oset);
1014	else
1015	tail_oset=curr_oset;
1016	} else {
1017	abac_aspect_add_intersecting_aspect(tail_oset,curr_oset);
1018	}
1019	curr_tail=curr_tail->next;
1020	} /* while */
1021
1022	preprocess_pl_head(head_oset);
1023	preprocess_pl_tail(tail_oset);
1024
1025	/* XXX collect up type clauses, constraint clauses and
1026	generate rule clauses */
1027	abac_list_t *tmp=generate_pl_clauses(head_oset,tail_oset);
1028	if(tmp == NULL)
1029	goto error;
1030
1031	if(debug) {
1032	abac_print_aspect_string_with_condition(head_oset,NULL);
1033	printf("\n");
1034	abac_print_aspect_string_with_condition(tail_oset,NULL);
1035	printf("\n");
1036	}
1037
1038	_free_yy_expression(headexpr);
1039	_free_yy_expression(tailexpr);
1040	abac_rule_head_aspect=head_oset;
1041	abac_rule_tail_aspect=tail_oset;
1042	abac_rule_is_oset=1;
1043	return tmp;
1044
1045	error:
1046	_free_yy_expression(headexpr);
1047	_free_yy_expression(tailexpr);
1048	if(head_oset)
1049	abac_aspect_free(head_oset);
1050	if(tail_oset)
1051	abac_aspect_free(tail_oset);
1052	return NULL;
1053	}
1054
1055	/*****************************************************************************/
1056	abac_list_t validate_range(abac_list_t ptr)
1057	{
1058	abac_list_t *nlist=abac_list_new();
1059
1060	abac_item_t *nitem;
1061	abac_yy_range_t *cur;
1062	char *val;
1063	int type;
1064	abac_list_foreach(ptr, cur,
1065	if(cur) {
1066	type=cur->type;
1067	val=cur->val;
1068	if(type==e_yy_RANGE_MIN) nitem=abac_item_new("min",val);
1069	if(type==e_yy_RANGE_MAX) nitem=abac_item_new("max",val);
1070	if(type==e_yy_RANGE_TARGET) nitem=abac_item_new("target",val);
1071	abac_list_add(nlist,nitem);
1072	}
1073	);
1074	return nlist;
1075	}
1076
1077	/****************************************************************/
1078	void make_yy_range_constraint(abac_yy_term_data_t *ptr)
1079	{
1080	if(is_yy_term_data_type_numeric(ptr) \|\|
1081	is_yy_term_data_type_alpha(ptr) \|\|
1082	is_yy_term_data_type_time(ptr)) {
1083	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1084	if(rlist) {
1085	abac_list_t *nlist=validate_range(rlist);
1086	set_yy_term_data_cond_ptr(ptr,nlist);
1087	}
1088	}
1089	}
1090	/*****************************************************************************/
1091	/* build up the abac structure and also create the yap clause
1092	and insert it into db */
1093	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1094	abac_yy_expression_t *tailexpr)
1095	{
1096	abac_aspect_t *head_role=NULL;
1097	abac_aspect_t *tail_role=NULL;
1098
1099	/* build up left side's abac role structure */
1100	head_role=validate_head(e_yy_ROLE_TYPE,headexpr);
1101	if(head_role == NULL)
1102	goto error;
1103
1104	/* build up the right side's abac role structure */
1105	abac_yy_expression_t *curr_tail = tailexpr;
1106	int intersecting=(tailexpr->next != NULL)? 1:0;
1107	abac_aspect_t *curr_role = NULL;
1108	while (curr_tail) {
1109	switch(curr_tail->type) {
1110	case e_yy_EXPR_NAMED:
1111	curr_role=validate_named_tail(e_yy_ROLE_TYPE,curr_tail);
1112	break;
1113	case e_yy_EXPR_ROLE:
1114	curr_role=validate_some_tail(e_yy_ROLE_TYPE,curr_tail);
1115	break;
1116	case e_yy_EXPR_LINKED:
1117	curr_role=validate_linked_tail(e_yy_ROLE_TYPE,curr_tail);
1118	break;
1119	}
1120	if(curr_role==NULL)
1121	goto error;
1122
1123	/* check if first one */
1124	if(tail_role==NULL) {
1125	if(intersecting)
1126	tail_role=validate_intersected_tail(curr_role);
1127	else
1128	tail_role=curr_role;
1129	} else {
1130	abac_aspect_add_intersecting_aspect(tail_role,curr_role);
1131	}
1132	curr_tail=curr_tail->next;
1133	} /* while */
1134
1135	preprocess_pl_head(head_role);
1136	preprocess_pl_tail(tail_role);
1137
1138	/* collect up type clauses, constraint clauses and
1139	generate the final rule clauses */
1140	abac_list_t *tmp=generate_pl_clauses(head_role,tail_role);
1141	if(tmp == NULL)
1142	goto error;
1143
1144	if(debug) {
1145	abac_print_aspect_string_with_condition(head_role,NULL);
1146	printf("\n");
1147	abac_print_aspect_string_with_condition(tail_role,NULL);
1148	printf("\n");
1149	}
1150
1151	_free_yy_expression(headexpr);
1152	_free_yy_expression(tailexpr);
1153	abac_rule_head_aspect=head_role;
1154	abac_rule_tail_aspect=tail_role;
1155	abac_rule_is_oset=0;
1156	return tmp;
1157
1158	error:
1159	_free_yy_expression(headexpr);
1160	_free_yy_expression(tailexpr);
1161	if(head_role)
1162	abac_aspect_free(head_role);
1163	if(tail_role)
1164	abac_aspect_free(tail_role);
1165	return NULL;
1166	}
1167
1168	/************************************************************************/
1169	void abac_yy_init()
1170	{
1171	abac_yyinit();
1172	abac_yy_init_rule_id_clauses();
1173	}
1174
1175

Note: See TracBrowser for help on using the repository browser.

Download in other formats: