Context Navigation

source: libabac/abac_pl_yy.c @ 4b8e1c9

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 4b8e1c9 was 4b8e1c9, checked in by Mei <mei@…>, 12 years ago
1) add boolean static range constraint handling 2) add boolean range test into balltime_rt2_typed
Property mode set to `100644`
File size: 42.3 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	extern void panic(char*);
14
15	/* from abac_pl_gen.c */
16	extern char generate_pl_range_constraint(char ,char ,char ,char *);
17	extern char generate_pl_range_time_constraint(char ,char ,char );
18	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
19	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
20	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
21	extern char* generate_pl_role_constraint_clause(abac_role_t , char );
22	extern char generate_pl_type_clause(char , int);
23	/* from abac_pl_yap.c */
24	extern char abac_pl_add_range_constraint_clause(char var,
25	char *tmplist);
26	/* from rt2.y */
27	extern void abac_yyinit();
28
29	int abac_yy_error_code = 0; /* keeping last error code */
30
31	int abac_rule_is_oset=0;
32	abac_list_t *abac_rule_clauses=NULL;
33	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
34	abac_role_t *abac_rule_head_role=NULL;
35	abac_role_t *abac_rule_tail_role=NULL;
36	abac_oset_t *abac_rule_head_oset=NULL;
37	abac_oset_t *abac_rule_tail_oset=NULL;
38
39	/* to track id certs within a rule clause */
40	typedef struct _abac_yy_id_cert_t {
41	char *principalname;
42	int type; /* keyidtype */
43	char *clause;
44	} abac_yy_id_cert_t;
45	abac_list_t *abac_yy_id_certs = NULL;
46
47	/* structure to hold the range information
48	within a static constraints on few types of
49	oset types
50	[a..b], [a..], [..b], [a],[a,b],[many a]
51	e_yy_RANGE_MIN=1;
52	e_yy_RANGE_MAX=2;
53	e_yy_RANGE_TARGET=3;
54	*/
55	typedef struct _abac_yy_range_t {
56	int type;
57	char *val;
58	} abac_yy_range_t;
59
60	/* to track role/oset constraint clauses used within a rule clause,
61	collect them up in one place, these are for conjunction clauses */
62	typedef struct _abac_yy_constraint_t {
63	char *clause;
64	} abac_yy_constraint_t;
65	abac_list_t *abac_yy_constraints = NULL;
66
67	/* local principal structure [keyid:USC] */
68	struct _abac_yy_principal_t {
69	int type;
70	char *sha; // sha is null when this is of object type
71	char *cn;
72	};
73
74	/* [principal:?Z]:..., must match a principal name */
75	struct _abac_yy_term_principal_t {
76	int type; /* this needs to be implicitly determined */
77	char *name;
78	char *cond_str;
79	void *cond_ptr; // ptr to a saved abac_role_t
80	abac_yy_expression_t *cond_head_expr;
81	};
82
83	/* integer,float,time,urn,string types,
84	if has condition, then it is a variable,
85	ie,
86	[int:?Year]:<1930..1932>,
87	if no condition, then it is a constant,
88	ie,
89	[int:10]
90	*/
91	struct _abac_yy_term_data_t {
92	int is_variable;
93	int type;
94	char *name;
95	char *cond_str;
96	void *cond_ptr; // ptr to a saved abac_oset_t
97	abac_list_t *cond_range;
98	abac_yy_expression_t *cond_head_expr; // parking stub
99	};
100
101	/* local term structure, will distinguish it in the future */
102	/* e_yy_DTERM_DATA, all other types
103	e_yy_DTERM_NAMED, keyid:bob
104	e_yy_DTERM_PRINCIPAL, principal:?P
105	e_yy_DTERM_ANONYMOUS ? */
106	struct _abac_yy_term_t {
107	union {
108	abac_yy_principal_t *n_ptr;
109	abac_yy_term_principal_t *p_ptr;
110	abac_yy_term_data_t *d_ptr;
111	} term;
112	int type;
113	struct _abac_yy_term_t *next;
114	int bcnt; /* this is to track number of terms in this linked up list */
115	};
116
117	/* local role structure */
118	struct _abac_yy_role_t {
119	int type;
120	char *name;
121	abac_yy_term_t *terms;
122	struct _abac_yy_role_t *next;
123	int bcnt; /* this is to track number of roles in this linked up list */
124	};
125
126	/* local oset structure */
127	struct _abac_yy_oset_t {
128	int type;
129	char *name;
130	abac_yy_term_t *terms;
131	struct _abac_yy_oset_t *next;
132	int bcnt; /* this is to track number of oset in this linked up list */
133	};
134
135	/* A, A.r, A.r.r */
136	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
137	/* A/obj, A.o, A.r.o */
138	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
139	struct _abac_yy_expression_t {
140	int type;
141	union {
142	abac_yy_principal_t *principal;
143	abac_yy_term_data_t *object;
144	};
145	abac_yy_role_t *linked_role;
146	union {
147	abac_yy_role_t *role;
148	abac_yy_oset_t *oset;
149	};
150	struct _abac_yy_expression_t *next;
151	int bcnt;
152	};
153
154	static void _free_yy_expression(abac_yy_expression_t *);
155
156	/************************************************************************/
157	void abac_yy_set_error_code(int v)
158	{
159	abac_yy_error_code=v;
160	}
161
162	/************************************************************************/
163	abac_stack_t *abac_yy_get_rule_id_clauses()
164	{
165	return abac_rule_id_clauses;
166	}
167
168	abac_stack_t *abac_yy_init_rule_id_clauses()
169	{
170	abac_rule_id_clauses=abac_stack_new();
171	return abac_rule_id_clauses;
172	}
173
174	void abac_yy_free_rule_id_clauses()
175	{
176	if (abac_rule_id_clauses != NULL)
177	abac_stack_free(abac_rule_id_clauses);
178	}
179
180	void abac_yy_set_rule_clauses(abac_list_t *clauses)
181	{
182	abac_rule_clauses=clauses;
183	if(debug) {
184	printf("printing out abac_rule_clauses:\n");
185	abac_print_clauses(abac_rule_clauses,NULL);
186	}
187	}
188
189	abac_list_t *abac_yy_get_rule_clauses()
190	{
191	return abac_rule_clauses;
192	}
193
194	void abac_yy_free_rule_clauses()
195	{
196	if (abac_rule_clauses != NULL) {
197	char *cur;
198	abac_list_foreach(abac_yy_id_certs, cur,
199	if(cur) free(cur);
200	);
201	abac_list_free(abac_rule_clauses);
202	}
203	}
204
205	int abac_yy_get_rule_is_oset()
206	{
207	return abac_rule_is_oset;
208	}
209
210	abac_role_t *abac_yy_get_rule_head_role()
211	{
212	return abac_rule_head_role;
213	}
214
215	abac_role_t *abac_yy_get_rule_tail_role()
216	{
217	return abac_rule_tail_role;
218	}
219
220	abac_oset_t *abac_yy_get_rule_head_oset()
221	{
222	return abac_rule_head_oset;
223	}
224
225	abac_oset_t *abac_yy_get_rule_tail_oset()
226	{
227	return abac_rule_tail_oset;
228	}
229
230
231	/************************************************************************/
232	void abac_yy_init_yy_id_certs()
233	{
234	abac_yy_id_certs = abac_list_new();
235	}
236
237	void abac_yy_free_yy_id_certs()
238	{
239	abac_yy_id_cert_t *id;
240	abac_list_foreach(abac_yy_id_certs, id,
241	if(id)
242	free(id->principalname);
243	free(id->clause);
244	free(id);
245	);
246	abac_list_free(abac_yy_id_certs);
247	abac_yy_id_certs = NULL;
248	}
249
250	int abac_yy_cnt_yy_id_certs()
251	{
252	return abac_list_size(abac_yy_id_certs);
253	}
254
255	char *abac_yy_string_yy_id_certs()
256	{
257	int first=1;
258	char *tmp=NULL;
259	abac_yy_id_cert_t *cur;
260	abac_list_foreach(abac_yy_id_certs, cur,
261	if(cur)
262	if(first) {
263	tmp=abac_xstrdup(cur->clause);
264	first=0;
265	} else {
266	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
267	}
268	);
269	return tmp;
270	}
271
272	static void _add_yy_id_certs(char *principalname, int type)
273	{
274	abac_yy_id_cert_t *id_cert=NULL;
275
276	int found=0;
277	abac_yy_id_cert_t *cur;
278	abac_list_foreach(abac_yy_id_certs, cur,
279	if(cur)
280	if(strcmp(cur->principalname,principalname)==0) {
281	found=1;
282	break;
283	}
284	);
285
286	if (found) {
287	return;
288	} else {
289	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
290	id_cert->principalname=abac_xstrdup(principalname);
291	id_cert->type=type;
292	id_cert->clause=generate_pl_type_clause(principalname,type);
293	abac_list_add(abac_yy_id_certs, id_cert);
294	}
295	}
296
297	/***********************************************************************/
298	static void _free_yy_cond_range(abac_list_t *ptr)
299	{
300	if (ptr != NULL) {
301	abac_yy_range_t *cur;
302	abac_list_foreach(ptr, cur,
303	if(cur && cur->val) free(cur->val);
304	free(cur);
305	);
306	abac_list_free(ptr);
307	}
308	}
309
310	static char _string_yy_cond_range(abac_list_t ptr)
311	{
312	assert(ptr);
313	char *tmp=NULL;
314	char *min=NULL;
315	char *max=NULL;
316	char *val=NULL;
317	int type;
318
319	abac_yy_range_t *cur;
320	abac_list_foreach(ptr, cur,
321	type=cur->type;
322	switch (type) {
323	case e_yy_RANGE_MIN:
324	min=strdup(cur->val);
325	break;
326	case e_yy_RANGE_MAX:
327	max=strdup(cur->val);
328	break;
329	case e_yy_RANGE_TARGET:
330	if(val)
331	asprintf(&val,"%s,%s",val,cur->val);
332	else val=strdup(cur->val);
333	break;
334	}
335	);
336	if(max && min) {
337	asprintf(&tmp,"[%s..%s]",min,max);
338	free(max);
339	free(min);
340	return tmp;
341	}
342	if(max) {
343	asprintf(&tmp,"[..%s]",max);
344	free(max);
345	return tmp;
346	}
347	if(min) {
348	asprintf(&tmp,"[%s..]",min);
349	free(min);
350	return tmp;
351	}
352	if(val) {
353	asprintf(&tmp,"[%s]",val);
354	free(val);
355	return tmp;
356	}
357	return NULL;
358	}
359
360	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
361	{
362	abac_yy_range_t *range=
363	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
364	range->type=e_yy_RANGE_TARGET;
365	range->val=strdup(val);
366	abac_list_add(ptr, range);
367	return ptr;
368	}
369
370	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
371	{
372	abac_yy_range_t *range=
373	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
374	range->type=type;
375	range->val=strdup(val);
376	abac_list_add(ptr, range);
377	return ptr;
378	}
379
380	abac_list_t make_yy_val_range(char val)
381	{
382	abac_list_t *ptr=abac_list_new();
383	add_yy_val_range(ptr,val);
384	return ptr;
385	}
386
387	abac_list_t make_yy_minmax_range(char min, char *max)
388	{
389	abac_list_t *ptr=abac_list_new();
390	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
391	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
392	return ptr;
393	}
394
395	abac_list_t make_yy_min_range(char min)
396	{
397	abac_list_t *ptr=abac_list_new();
398	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
399	return ptr;
400	}
401
402	abac_list_t make_yy_max_range(char max)
403	{
404	abac_list_t *ptr=abac_list_new();
405	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
406	return ptr;
407	}
408
409	/***********************************************************************/
410	abac_yy_term_data_t make_yy_term_data(char name)
411	{
412	abac_yy_term_data_t *ptr=
413	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
414	ptr->name=abac_xstrdup(name);
415	ptr->type=0;
416	ptr->is_variable=0;
417	ptr->cond_str=NULL;
418	ptr->cond_head_expr=NULL;
419	ptr->cond_ptr=NULL;
420	ptr->cond_range=NULL;
421	return ptr;
422	}
423
424	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
425	{
426	return ptr->cond_range;
427	}
428
429	char get_yy_term_data_name(abac_yy_term_data_t ptr)
430	{
431	return ptr->name;
432	}
433
434	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
435	{
436	if(ptr->cond_head_expr != NULL)
437	return 1;
438	if(ptr->cond_range != NULL)
439	return 1;
440	return 0;
441	}
442
443	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
444	abac_list_t *range)
445	{
446	ptr->cond_range=range;
447	}
448
449	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
450	abac_yy_expression_t *expr)
451	{
452	ptr->cond_head_expr=expr;
453	}
454
455	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
456	{
457	return ptr->cond_head_expr;
458	}
459
460	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
461	{
462	int type=abac_term_verify_term_type(typestr);
463	ptr->type=type;
464	}
465
466	int is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
467	{
468	if(ptr->type==abac_term_verify_term_type("integer") \|\|
469	ptr->type==abac_term_verify_term_type("float"))
470	return 1;
471	return 0;
472	}
473
474	int is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
475	{
476	if(ptr->type==abac_term_verify_term_type("time"))
477	return 1;
478	return 0;
479	}
480
481	int is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
482	{
483	if(ptr->type==abac_term_verify_term_type("string") \|\|
484	ptr->type==abac_term_verify_term_type("urn") \|\|
485	ptr->type==abac_term_verify_term_type("boolean"))
486	return 1;
487	return 0;
488	}
489
490	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
491	{
492	ptr->cond_ptr=vptr;
493	}
494
495	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
496	{
497	ptr->cond_str=strdup(cond);
498	}
499
500	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
501	{
502	ptr->is_variable=1;
503	}
504
505	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
506	{
507	return ptr->is_variable;
508	}
509
510	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
511	{
512	free(ptr->name);
513	if(ptr->cond_str)
514	free(ptr->cond_str);
515	if(ptr->cond_head_expr)
516	_free_yy_expression(ptr->cond_head_expr);
517	if(ptr->cond_range);
518	_free_yy_cond_range(ptr->cond_range);
519	free(ptr);
520	}
521
522	abac_yy_term_principal_t make_yy_term_principal(char name)
523	{
524	abac_yy_term_principal_t *ptr=
525	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
526	ptr->type=0;/* this is not known */
527	ptr->name=abac_xstrdup(name);
528	ptr->cond_str=NULL;
529	ptr->cond_head_expr=NULL;
530	return ptr;
531	}
532
533	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
534	{
535	ptr->cond_ptr=vptr;
536	}
537
538	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
539	{
540	ptr->cond_str=abac_xstrdup(cond);
541	}
542
543	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
544	{
545	return ptr->cond_head_expr;
546	}
547
548	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
549	abac_yy_expression_t *expr)
550	{
551	ptr->cond_head_expr=expr;
552	}
553
554	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
555	{
556	free(ptr->name);
557	if(ptr->cond_str)
558	free(ptr->cond_str);
559	if(ptr->cond_head_expr)
560	_free_yy_expression(ptr->cond_head_expr);
561	free(ptr);
562	}
563
564	abac_yy_term_t *make_yy_term_dterm_anonymous()
565	{
566	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
567	ptr->type = e_yy_DTERM_ANONYMOUS;
568	ptr->next=NULL;
569	ptr->bcnt=1;
570	return ptr;
571	}
572
573	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
574	{
575	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
576	ptr->type = e_yy_DTERM_PRINCIPAL;
577	ptr->term.p_ptr=pptr;
578	ptr->next=NULL;
579	ptr->bcnt=1;
580	return ptr;
581	}
582
583	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
584	{
585	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
586	ptr->type = e_yy_DTERM_NAMED;
587	ptr->term.n_ptr=nptr;
588	ptr->next=NULL;
589	ptr->bcnt=1;
590	return ptr;
591	}
592
593	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
594	{
595	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
596	ptr->type = e_yy_DTERM_DATA;
597	ptr->term.d_ptr=dptr;
598	ptr->next=NULL;
599	ptr->bcnt=1;
600	return ptr;
601	}
602
603	/************************************************************************/
604	void abac_yy_init_yy_constraints()
605	{
606	abac_yy_constraints = abac_list_new();
607	}
608
609	void abac_yy_free_yy_constraints()
610	{
611	abac_yy_constraint_t *cur;
612	abac_list_foreach(abac_yy_constraints, cur,
613	if(cur && cur->clause)
614	free(cur->clause);
615	free(cur);
616	);
617	abac_list_free(abac_yy_constraints);
618	abac_yy_constraints=NULL;
619	}
620
621	int abac_yy_cnt_yy_constraints()
622	{
623	return abac_list_size(abac_yy_constraints);
624	}
625
626	char *abac_yy_string_yy_constraints()
627	{
628	int first=1;
629	char *tmp=NULL;
630	abac_yy_constraint_t *cur;
631	abac_list_foreach(abac_yy_constraints, cur,
632	if(cur && cur->clause)
633	if(first) {
634	tmp=abac_xstrdup(cur->clause);
635	first=0;
636	} else {
637	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
638	}
639	);
640	return tmp;
641	}
642
643	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
644	{
645	abac_yy_constraint_t *ptr=
646	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
647	ptr->clause=strdup(constraint);
648	abac_list_add(abac_yy_constraints, ptr);
649	return ptr;
650	}
651
652	/****************************************************************************/
653	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
654	{
655	abac_yy_principal_t *ptr=
656	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
657	ptr->sha=abac_xstrdup(sha);
658	ptr->cn=abac_xstrdup(cn);
659	ptr->type=type;
660	return ptr;
661	}
662
663	static void _free_yy_principal(abac_yy_principal_t *ptr)
664	{
665	free(ptr->sha);
666	if(ptr->cn)
667	free(ptr->cn);
668	free(ptr);
669	}
670
671	int get_yy_principal_type(abac_yy_principal_t *ptr)
672	{
673	return ptr->type;
674	}
675
676	char get_yy_principal_principalname(abac_yy_principal_t ptr)
677	{
678	if(ptr->sha == NULL)
679	return ptr->cn;
680	return ptr->sha;
681	}
682
683	/*************************************************************************/
684
685	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
686	{
687	int i=terms->bcnt;
688	nterm->next=terms;
689	nterm->bcnt=i+1;
690	return nterm;
691	}
692
693	static void _free_yy_term(abac_yy_term_t *ptr)
694	{
695	switch (ptr->type) {
696	case e_yy_DTERM_DATA:
697	_free_yy_term_data(ptr->term.d_ptr);
698	break;
699	case e_yy_DTERM_NAMED:
700	_free_yy_principal(ptr->term.n_ptr);
701	break;
702	case e_yy_DTERM_PRINCIPAL:
703	_free_yy_term_principal(ptr->term.p_ptr);
704	break;
705	case e_yy_DTERM_ANONYMOUS:
706	break;
707	}
708	if(ptr->next)
709	_free_yy_term(ptr->next);
710	free(ptr);
711	}
712
713	/*************************************************************************/
714
715	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
716	{
717	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
718	ptr->name=abac_xstrdup(name);
719	ptr->terms=terms;
720	ptr->next=NULL;
721	ptr->bcnt=1;
722	return ptr;
723	}
724
725	static void _free_yy_role(abac_yy_role_t *ptr)
726	{
727	free(ptr->name);
728	if(ptr->terms)
729	_free_yy_term(ptr->terms);
730	if(ptr->next)
731	_free_yy_role(ptr->next);
732	free(ptr);
733	}
734
735	/***************************************************************************/
736	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
737	{
738	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
739	ptr->name=abac_xstrdup(name);
740	ptr->terms=terms;
741	ptr->next=NULL;
742	ptr->bcnt=1;
743	return ptr;
744	}
745
746	static void _free_yy_oset(abac_yy_oset_t *ptr)
747	{
748	free(ptr->name);
749	if(ptr->terms)
750	_free_yy_term(ptr->terms);
751	if(ptr->next)
752	_free_yy_oset(ptr->next);
753	free(ptr);
754	}
755	/***************************************************************************/
756
757	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
758
759	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
760	{
761	abac_yy_expression_t *ptr=
762	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
763	ptr->type = type;
764	if(type == e_yy_EXPR_OBJECT) {
765	ptr->object=(abac_yy_term_data_t *)pptr;
766	} else {
767	ptr->principal = (abac_yy_principal_t *)pptr;
768	}
769	if(type == e_yy_EXPR_OSET)
770	ptr->oset = (abac_yy_oset_t *) optr;
771	else
772	ptr->role = (abac_yy_role_t *) optr;
773	ptr->linked_role=linked_role;
774	ptr->next=NULL;
775
776	return ptr;
777	}
778
779	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
780	{
781	if(ptr->type == e_yy_EXPR_OBJECT)
782	return ptr->object;
783	return NULL;
784	}
785
786	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
787	abac_yy_expression_t *exprs)
788	{
789	int i=exprs->bcnt;
790	nexpr->next=exprs;
791	nexpr->bcnt=i+1;
792	return nexpr;
793	}
794
795	static void _free_yy_expression(abac_yy_expression_t *ptr)
796	{
797	if(ptr->type == e_yy_EXPR_OBJECT) {
798	if(ptr->object)
799	_free_yy_term_data(ptr->object);
800	} else {
801	if(ptr->principal)
802	_free_yy_principal(ptr->principal);
803	}
804	if(ptr->type == e_yy_EXPR_OSET) {
805	if(ptr->oset)
806	_free_yy_oset(ptr->oset);
807	} else {
808	if(ptr->role)
809	_free_yy_role(ptr->role);
810	}
811	if(ptr->linked_role)
812	_free_yy_role(ptr->linked_role);
813	if(ptr->next)
814	_free_yy_expression(ptr->next);
815
816	free(ptr);
817	}
818
819	/***************************************************************************/
820	static void _oset_add_terms(int linked, abac_oset_t *oset,
821	abac_yy_term_t *terms)
822	{
823	abac_yy_term_t *curr = terms;
824	int type;
825	char *name=NULL;
826	char *cond=NULL;
827	void *ptr=NULL;
828	while (curr) {
829	switch (curr->type) {
830	case e_yy_DTERM_DATA:
831	{
832	abac_yy_term_data_t *ptr=curr->term.d_ptr;
833	type=ptr->type;
834	name=abac_xstrdup(ptr->name);
835	cond=abac_xstrdup(ptr->cond_str);
836	ptr=ptr->cond_ptr;
837	break;
838	}
839	case e_yy_DTERM_PRINCIPAL:
840	{
841	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
842	type=abac_term_verify_term_type("principal");
843	name=abac_xstrdup(ptr->name);
844	cond=abac_xstrdup(ptr->cond_str);
845	ptr=ptr->cond_ptr;
846	break;
847	}
848	case e_yy_DTERM_NAMED:
849	{
850	abac_yy_principal_t *ptr=curr->term.n_ptr;
851	type=ptr->type;
852	/* XXX should be switching to sha in the future */
853	name=abac_xstrdup(ptr->cn);
854	cond=NULL;
855	ptr=NULL;
856	break;
857	}
858	case e_yy_DTERM_ANONYMOUS:
859	{
860	type=0;
861	name=abac_xstrdup("_");
862	cond=NULL;
863	ptr=NULL;
864	break;
865	}
866	}
867
868	abac_term_t *param=abac_term_new(type,name,cond,ptr);
869	if (linked)
870	abac_oset_oset_add_linked_param(oset, param);
871	else
872	abac_oset_oset_add_param(oset, param);
873	curr=curr->next;
874	}
875	}
876
877	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
878	{
879	int linked=1;
880	_oset_add_terms(linked, oset, terms);
881	}
882
883	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
884	{
885	int linked=0;
886	_oset_add_terms(linked, oset, terms);
887	}
888
889
890	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
891	{
892	abac_oset_t *ret_oset=NULL;
893	abac_list_t *prereqs = abac_list_new();
894	abac_list_add(prereqs, oset);
895	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
896	return ret_oset;
897	}
898
899	/* A.oset */
900	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
901	{
902	abac_yy_principal_t *principal=expr->principal;
903	abac_yy_oset_t *oset=expr->oset;
904
905	char *principalname=get_yy_principal_principalname(principal);
906	char *osetname=oset->name;
907	abac_yy_term_t *terms=oset->terms;
908
909	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
910	if (ret_oset==NULL) {
911	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
912	goto error;
913	}
914	if (!abac_oset_is_oset(ret_oset)) {
915	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
916	goto error;
917	}
918	// insert the params for the oset
919	if(terms) {
920	_oset_add_oset_terms(ret_oset, terms);
921	}
922	_add_yy_id_certs(principal->cn,principal->type);
923
924	return ret_oset;
925
926	error:
927	return NULL;
928	}
929
930	/* B */
931	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
932	{
933	abac_yy_principal_t *principal=expr->principal;
934	char *principalname=principal->sha;
935	abac_oset_t *ret_oset=NULL;
936
937	ret_oset = abac_oset_principal_new(principalname);
938
939	_add_yy_id_certs(principal->cn,principal->type);
940
941	if (ret_oset==NULL)
942	goto error;
943	return ret_oset;
944
945	error:
946	panic("can not generate a simple named tail oset");
947	return NULL;
948	}
949
950
951	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
952	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
953	{
954	abac_yy_term_data_t *object=get_yy_expression_object(expr);
955	assert(object != NULL);
956
957	char *name=object->name;
958	int type=object->type;
959	char *cond=object->cond_str;
960	void *ptr=object->cond_ptr;
961	abac_term_t *term=abac_term_new(type,name,cond,ptr);
962	abac_oset_t *ret_oset=abac_oset_object_new(term);
963
964	if(get_yy_term_data_is_variable(object))
965	_add_yy_id_certs(name,type);
966
967	if (ret_oset==NULL)
968	goto error;
969	return ret_oset;
970
971	error:
972	panic("can not generate a simple object tail oset");
973	return NULL;
974	}
975
976
977	/* B.oset */
978	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
979	{
980	abac_yy_principal_t *principal=expr->principal;
981	abac_yy_oset_t *oset=expr->oset;
982
983	char *principalname=principal->sha;
984
985	char *osetname=oset->name;
986	abac_yy_term_t *terms=oset->terms;
987
988	int ret;
989	abac_oset_t *ret_oset=NULL;
990
991	ret_oset = abac_oset_oset_new(principalname, osetname);
992	if (ret_oset==NULL)
993	goto error;
994
995	if(terms) {
996	_oset_add_oset_terms(ret_oset, terms);
997	}
998
999	_add_yy_id_certs(principal->cn,principal->type);
1000
1001	return ret_oset;
1002
1003	error:
1004	panic("can not generate a simple tail oset");
1005	return NULL;
1006	}
1007
1008	/* B.role.oset */
1009	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
1010	{
1011	abac_yy_principal_t *principal=expr->principal;
1012	abac_yy_oset_t *oset=expr->oset;
1013	abac_yy_role_t *linked_role=expr->linked_role;
1014
1015	char *principalname=principal->sha;
1016
1017	char *osetname=oset->name;
1018	abac_yy_term_t *terms=oset->terms;
1019
1020	char *linkedrolename=linked_role->name;
1021	abac_yy_term_t *linked_terms=linked_role->terms;
1022
1023	int ret;
1024	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
1025	linkedrolename, osetname);
1026	if (ret_oset==NULL)
1027	goto error;
1028
1029	if(linked_terms) {
1030	_oset_add_linked_terms(ret_oset, linked_terms);
1031	}
1032	if(terms) {
1033	_oset_add_oset_terms(ret_oset, terms);
1034	}
1035
1036	_add_yy_id_certs(principal->cn,principal->type);
1037
1038	return ret_oset;
1039
1040	error:
1041	panic("can not generate linked tail oset");
1042	return NULL;
1043	}
1044
1045
1046
1047	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
1048	abac_yy_expression_t *tailexpr)
1049	{
1050	abac_oset_t *head_oset=NULL;
1051	abac_oset_t *tail_oset=NULL;
1052
1053	/* build up left side's abac oset structure */
1054	head_oset=validate_head_oset(headexpr);
1055	if(head_oset == NULL)
1056	goto error;
1057
1058	/* build up the right side's abac oset structure */
1059	abac_yy_expression_t *curr_tail = tailexpr;
1060	int intersecting=(tailexpr->next != NULL)? 1:0;
1061	abac_oset_t *curr_oset = NULL;
1062	while (curr_tail) {
1063	switch(curr_tail->type) {
1064	case e_yy_EXPR_OBJECT:
1065	curr_oset=validate_object_tail_oset(curr_tail);
1066	break;
1067	case e_yy_EXPR_NAMED:
1068	curr_oset=validate_named_tail_oset(curr_tail);
1069	break;
1070	case e_yy_EXPR_OSET:
1071	curr_oset=validate_oset_tail_oset(curr_tail);
1072	break;
1073	case e_yy_EXPR_LINKED:
1074	curr_oset=validate_linked_tail_oset(curr_tail);
1075	break;
1076	}
1077	if(curr_oset==NULL)
1078	goto error;
1079
1080	/* check if first one */
1081	if(tail_oset==NULL) {
1082	if(intersecting)
1083	tail_oset=validate_intersected_tail_oset(curr_oset);
1084	else
1085	tail_oset=curr_oset;
1086	} else {
1087	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
1088	}
1089	curr_tail=curr_tail->next;
1090	} /* while */
1091
1092	/* XXX collect up type clauses, constraint clauses and
1093	generate rule clauses */
1094	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
1095	if(tmp == NULL)
1096	goto error;
1097
1098	if(debug) {
1099	abac_print_oset_string_with_condition(head_oset,NULL);
1100	abac_print_oset_string_with_condition(tail_oset,NULL);
1101	}
1102
1103	_free_yy_expression(headexpr);
1104	_free_yy_expression(tailexpr);
1105	abac_rule_head_oset=head_oset;
1106	abac_rule_tail_oset=tail_oset;
1107	abac_rule_is_oset=1;
1108	return tmp;
1109
1110	error:
1111	_free_yy_expression(headexpr);
1112	_free_yy_expression(tailexpr);
1113	if(head_oset)
1114	abac_oset_free(head_oset);
1115	if(tail_oset)
1116	abac_oset_free(tail_oset);
1117	return NULL;
1118	}
1119
1120	/****************************************************************/
1121	static void _role_add_terms(int linked, abac_role_t *role,
1122	abac_yy_term_t *terms)
1123	{
1124	abac_yy_term_t *curr = terms;
1125	int type;
1126	char *name=NULL;
1127	char *cond=NULL;
1128	void *ptr=NULL;
1129	while (curr) {
1130	switch (curr->type) {
1131	case e_yy_DTERM_DATA:
1132	{
1133	abac_yy_term_data_t *pptr=curr->term.d_ptr;
1134	type=pptr->type;
1135	name=abac_xstrdup(pptr->name);
1136	cond=abac_xstrdup(pptr->cond_str);
1137	ptr=pptr->cond_ptr;
1138	break;
1139	}
1140	case e_yy_DTERM_PRINCIPAL:
1141	{
1142	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
1143	type=abac_term_verify_term_type("principal");
1144	name=abac_xstrdup(pptr->name);
1145	cond=abac_xstrdup(pptr->cond_str);
1146	ptr=pptr->cond_ptr;
1147	break;
1148	}
1149	case e_yy_DTERM_NAMED:
1150	{
1151	abac_yy_principal_t *pptr=curr->term.n_ptr;
1152	type=pptr->type;
1153	/* XXX should be switching to sha in the future */
1154	name=abac_xstrdup(pptr->cn);
1155	cond=NULL;
1156	ptr=NULL;
1157	break;
1158	}
1159	case e_yy_DTERM_ANONYMOUS:
1160	{
1161	type=0;
1162	name=abac_xstrdup("_");
1163	cond=NULL;
1164	ptr=NULL;
1165	break;
1166	}
1167	}
1168
1169	abac_term_t *param=abac_term_new(type,name,cond,ptr);
1170	if (linked)
1171	abac_role_role_add_linked_param(role, param);
1172	else
1173	abac_role_role_add_param(role, param);
1174	curr=curr->next;
1175	}
1176	}
1177
1178	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
1179	{
1180	int linked=1;
1181	_role_add_terms(linked, role, terms);
1182	}
1183
1184	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
1185	{
1186	int linked=0;
1187	_role_add_terms(linked, role, terms);
1188	}
1189
1190
1191	abac_role_t validate_intersected_tail_role(abac_role_t role)
1192	{
1193	abac_role_t *ret_role=NULL;
1194	abac_list_t *prereqs = abac_list_new();
1195	abac_list_add(prereqs, role);
1196	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
1197	return ret_role;
1198	}
1199
1200	abac_role_t validate_head_role(abac_yy_expression_t expr)
1201	{
1202	abac_yy_principal_t *principal=expr->principal;
1203	abac_yy_role_t *role=expr->role;
1204
1205	char *principalname=get_yy_principal_principalname(principal);
1206	char *rolename=role->name;
1207	abac_yy_term_t *terms=role->terms;
1208	abac_role_t *ret_role=NULL;
1209
1210	ret_role=abac_role_role_new(principalname, rolename);
1211	if (ret_role==NULL) {
1212	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
1213	goto error;
1214	}
1215	if (!abac_role_is_role(ret_role)) {
1216	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
1217	goto error;
1218	}
1219	// insert the params for the role
1220	if(terms) {
1221	_role_add_role_terms(ret_role, terms);
1222	}
1223
1224	_add_yy_id_certs(principal->cn,principal->type);
1225
1226	return ret_role;
1227
1228	error:
1229	return NULL;
1230	}
1231
1232	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
1233	{
1234	abac_yy_principal_t *principal=expr->principal;
1235	char *principalname=get_yy_principal_principalname(principal);
1236	abac_role_t *ret_role=NULL;
1237
1238	ret_role = abac_role_principal_new(principalname);
1239	_add_yy_id_certs(principal->cn,principal->type);
1240
1241	if (ret_role==NULL)
1242	goto error;
1243	return ret_role;
1244
1245	error:
1246	panic("can not generate a simple named tail role");
1247	return NULL;
1248	}
1249
1250	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
1251	{
1252	abac_yy_principal_t *principal=expr->principal;
1253	abac_yy_role_t *role=expr->role;
1254
1255	char *principalname=get_yy_principal_principalname(principal);
1256
1257	char *rolename=role->name;
1258	abac_yy_term_t *terms=role->terms;
1259
1260	int ret;
1261	abac_role_t *ret_role=NULL;
1262
1263	ret_role = abac_role_role_new(principalname, rolename);
1264	if (ret_role==NULL)
1265	goto error;
1266
1267	if(terms) {
1268	_role_add_role_terms(ret_role, terms);
1269	}
1270
1271	_add_yy_id_certs(principal->cn,principal->type);
1272
1273	return ret_role;
1274
1275	error:
1276	panic("can not generate a simple tail role");
1277	return NULL;
1278	}
1279	/* need to validate/generate a linked role out of this */
1280	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
1281	{
1282	abac_yy_principal_t *principal=expr->principal;
1283	abac_yy_role_t *role=expr->role;
1284	abac_yy_role_t *linked_role=expr->linked_role;
1285
1286	char *principalname=get_yy_principal_principalname(principal);
1287
1288	char *rolename=role->name;
1289	abac_yy_term_t *terms=role->terms;
1290
1291	char *linkedrolename=linked_role->name;
1292	abac_yy_term_t *linked_terms=linked_role->terms;
1293
1294	int ret;
1295	abac_role_t *ret_role=NULL;
1296
1297	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
1298	if (ret_role==NULL)
1299	goto error;
1300
1301	if(linked_terms) {
1302	_role_add_linked_terms(ret_role, linked_terms);
1303	}
1304	if(terms) {
1305	_role_add_role_terms(ret_role, terms);
1306	}
1307
1308	_add_yy_id_certs(principal->cn,principal->type);
1309
1310	return ret_role;
1311
1312	error:
1313	panic("can not generate linked tail role");
1314	return NULL;
1315	}
1316
1317	/***********************************************************************/
1318	/* add the condition to constraint list */
1319	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
1320	{
1321	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
1322	if(head_expr) {
1323	abac_oset_t *head_oset=validate_head_oset(head_expr);
1324	if(head_oset == NULL)
1325	goto error;
1326
1327	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
1328	set_yy_term_data_cond_str(ptr,tmp);
1329	set_yy_term_data_cond_ptr(ptr,head_oset);
1330	abac_yy_add_yy_constraints(tmp);
1331	return tmp;
1332	}
1333	return NULL;
1334	error:
1335	return NULL;
1336	}
1337
1338	/****************************************************************/
1339	/* add the range condition to constraint list */
1340	/* this is for integer and float only */
1341	void make_yy_range_numeric_constraint(abac_yy_term_data_t ptr, char var)
1342	{
1343	char *typestr=abac_term_type(ptr->type);
1344	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1345	char *tmplist=NULL;
1346	char *tmp=NULL;
1347	int as_range=1; /* either , or ; */
1348	if(rlist) {
1349	char *rstring=_string_yy_cond_range(rlist);
1350	set_yy_term_data_cond_str(ptr,rstring);
1351	abac_yy_range_t *cur;
1352
1353	/* a list of values -- in chars */
1354	abac_list_foreach(rlist, cur,
1355	int type=cur->type;
1356	char *val=cur->val;
1357	switch(type) {
1358	case e_yy_RANGE_MIN:
1359	tmp=generate_pl_range_constraint(typestr,var,val,">=");
1360	break;
1361	case e_yy_RANGE_MAX:
1362	tmp=generate_pl_range_constraint(typestr,var,val,"=<");
1363	break;
1364	case e_yy_RANGE_TARGET:
1365	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1366	as_range=0;
1367	break;
1368	}
1369	/* ; is prolog's disjunction built in predicate */
1370	if(tmplist) {
1371	if(as_range)
1372	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1373	else
1374	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1375	} else {
1376	tmplist=tmp;
1377	}
1378	tmp=NULL;
1379	);
1380	asprintf(&tmplist,"(%s)",tmplist);
1381	abac_yy_add_yy_constraints(tmplist);
1382	}
1383	}
1384
1385	/****************************************************************/
1386	/* this is for time only */
1387	void make_yy_range_time_constraint(abac_yy_term_data_t ptr, char var)
1388	{
1389	char *typestr=abac_term_type(ptr->type);
1390	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1391	char *tmplist=NULL;
1392	char *tmp=NULL;
1393	char *ttmp=NULL;
1394	char *tlist=NULL;
1395	int as_range=1; /* either , or ; */
1396	if(rlist) {
1397	char *rstring=_string_yy_cond_range(rlist);
1398	set_yy_term_data_cond_str(ptr,rstring);
1399	abac_yy_range_t *cur;
1400
1401	/* a list of values -- in chars */
1402	abac_list_foreach(rlist, cur,
1403	int type=cur->type;
1404	char *tval=cur->val;
1405	char *val=abac_term_to_time(tval);
1406	switch(type) {
1407	case e_yy_RANGE_MIN:
1408	ttmp=generate_pl_range_time_constraint(var,val,">");
1409	tmp=generate_pl_range_time_constraint(var,val,"=");
1410	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
1411	tmp=tlist;
1412	break;
1413	case e_yy_RANGE_MAX:
1414	ttmp=generate_pl_range_time_constraint(var,val,"=");
1415	tmp=generate_pl_range_time_constraint(var,val,"<");
1416	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
1417	tmp=tlist;
1418	break;
1419	case e_yy_RANGE_TARGET:
1420	tmp=generate_pl_range_time_constraint(var,val,"=");
1421	as_range=0;
1422	break;
1423	}
1424	free(val);
1425	/* ; is prolog's disjunction built in predicate */
1426	if(tmplist) {
1427	if(as_range)
1428	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1429	else
1430	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1431	} else {
1432	tmplist=tmp;
1433	}
1434	tmp=NULL;
1435	);
1436
1437	asprintf(&tmplist,"(%s)",tmplist);
1438	/* generate a clause with above and add into db */
1439	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
1440	abac_yy_add_yy_constraints(tmp);
1441	}
1442	}
1443
1444	/****************************************************************/
1445	/* this is for string and urn only */
1446	void make_yy_range_string_constraint(abac_yy_term_data_t ptr, char var)
1447	{
1448	char *typestr=abac_term_type(ptr->type);
1449	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1450	char *tmplist=NULL;
1451	char *tmp=NULL;
1452	if(rlist) {
1453	char *rstring=_string_yy_cond_range(rlist);
1454	set_yy_term_data_cond_str(ptr,rstring);
1455	abac_yy_range_t *cur;
1456
1457	/* a list of values -- in chars */
1458	abac_list_foreach(rlist, cur,
1459	int type=cur->type;
1460	char *val=cur->val;
1461	switch(type) {
1462	case e_yy_RANGE_MIN:
1463	panic("make_yy_range_string_constraint, invalid range type - min");
1464	break;
1465	case e_yy_RANGE_MAX:
1466	/* invalid range type */
1467	panic("make_yy_range_string_constraint, invalid range type - max");
1468	break;
1469	case e_yy_RANGE_TARGET:
1470	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1471	break;
1472	}
1473	/* ; is prolog's disjunction built in predicate */
1474	if(tmplist)
1475	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1476	else tmplist=tmp;
1477	tmp=NULL;
1478	);
1479	asprintf(&tmplist,"(%s)",tmplist);
1480	/* generate a clause with above and add into db */
1481	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
1482	abac_yy_add_yy_constraints(tmp);
1483	}
1484	}
1485
1486	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
1487	{
1488	if(is_yy_term_data_type_numeric(ptr)) {
1489	make_yy_range_numeric_constraint(ptr, var);
1490	} else if (is_yy_term_data_type_alpha(ptr)) {
1491	make_yy_range_string_constraint(ptr, var);
1492	} else if (is_yy_term_data_type_time(ptr)) {
1493	make_yy_range_time_constraint(ptr, var);
1494	}
1495	}
1496
1497	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
1498	{
1499	char *tmp=NULL;
1500	abac_role_t *head_role=NULL;
1501
1502	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
1503	/* build up left side's abac role constraint structure */
1504	head_role=validate_head_role(head_expr);
1505	if(head_role == NULL)
1506	goto error;
1507
1508	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
1509	set_yy_term_principal_cond_str(ptr,tmp);
1510	set_yy_term_principal_cond_ptr(ptr,head_role);
1511	abac_yy_add_yy_constraints(tmp);
1512	return tmp;
1513
1514	error:
1515	return NULL;
1516	}
1517
1518	/* build up the abac structure and also create the yap clause
1519	and insert it into db */
1520	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1521	abac_yy_expression_t *tailexpr)
1522	{
1523	abac_role_t *head_role=NULL;
1524	abac_role_t *tail_role=NULL;
1525
1526	/* build up left side's abac role structure */
1527	head_role=validate_head_role(headexpr);
1528	if(head_role == NULL)
1529	goto error;
1530
1531	/* build up the right side's abac role structure */
1532	abac_yy_expression_t *curr_tail = tailexpr;
1533	int intersecting=(tailexpr->next != NULL)? 1:0;
1534	abac_role_t *curr_role = NULL;
1535	while (curr_tail) {
1536	switch(curr_tail->type) {
1537	case e_yy_EXPR_NAMED:
1538	curr_role=validate_named_tail_role(curr_tail);
1539	break;
1540	case e_yy_EXPR_ROLE:
1541	curr_role=validate_role_tail_role(curr_tail);
1542	break;
1543	case e_yy_EXPR_LINKED:
1544	curr_role=validate_linked_tail_role(curr_tail);
1545	break;
1546	}
1547	if(curr_role==NULL)
1548	goto error;
1549
1550	/* check if first one */
1551	if(tail_role==NULL) {
1552	if(intersecting)
1553	tail_role=validate_intersected_tail_role(curr_role);
1554	else
1555	tail_role=curr_role;
1556	} else {
1557	abac_role_add_intersecting_role(tail_role,curr_role);
1558	}
1559	curr_tail=curr_tail->next;
1560	} /* while */
1561
1562	/* collect up type clauses, constraint clases and
1563	generate the final rule clauses */
1564	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
1565	if(tmp == NULL)
1566	goto error;
1567
1568	if(debug) {
1569	abac_print_role_string_with_condition(head_role,NULL);
1570	abac_print_role_string_with_condition(tail_role,NULL);
1571	}
1572
1573	_free_yy_expression(headexpr);
1574	_free_yy_expression(tailexpr);
1575	abac_rule_head_role=head_role;
1576	abac_rule_tail_role=tail_role;
1577	abac_rule_is_oset=0;
1578	return tmp;
1579
1580	error:
1581	_free_yy_expression(headexpr);
1582	_free_yy_expression(tailexpr);
1583	if(head_role)
1584	abac_role_free(head_role);
1585	if(tail_role)
1586	abac_role_free(tail_role);
1587	return NULL;
1588	}
1589
1590
1591	/************************************************************************/
1592	void abac_yy_init()
1593	{
1594	abac_yyinit();
1595	abac_yy_init_rule_id_clauses();
1596	abac_yy_init_yy_id_certs();
1597	abac_yy_init_yy_constraints();
1598	}
1599
1600

Note: See TracBrowser for help on using the repository browser.

Download in other formats: