Context Navigation

source: libabac/abac_pl_yy.c @ 7727f26

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 7727f26 was 7727f26, checked in by Mei <mei@…>, 12 years ago

1) add environment variables DUMP_DB, ABAC_CN.

ABAC_CN will switch to using CNs for keyid insead of SHAs

2) add/modified couple of doc files.

Property mode set to 100644

File size: 44.1 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	extern void panic(char*);
14
15	/* from abac_pl_gen.c */
16	extern char generate_pl_range_constraint(char ,char ,char ,char *);
17	extern char generate_pl_range_time_constraint(char ,char ,char );
18	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
19	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
20	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
21	extern char* generate_pl_role_constraint_clause(abac_role_t , char );
22	extern char generate_pl_type_clause(char , int);
23	/* from abac_pl_yap.c */
24	extern char abac_pl_add_range_constraint_clause(char var,
25	char *tmplist);
26	/* from rt2.y */
27	extern void abac_yyinit();
28
29	int abac_yy_error_code = 0; /* keeping last error code */
30
31	int abac_rule_is_oset=0;
32	abac_list_t *abac_rule_clauses=NULL;
33	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
34	abac_role_t *abac_rule_head_role=NULL;
35	abac_role_t *abac_rule_tail_role=NULL;
36	abac_oset_t *abac_rule_head_oset=NULL;
37	abac_oset_t *abac_rule_tail_oset=NULL;
38
39	/* to track id certs within a rule clause */
40	typedef struct _abac_yy_id_cert_t {
41	char *principalname;
42	int type; /* keyidtype */
43	char *clause;
44	} abac_yy_id_cert_t;
45	abac_list_t *abac_yy_id_certs = NULL;
46
47	/* structure to hold the range information
48	within a static constraints on few types of
49	oset types
50	[a..b], [a..], [..b], [a],[a,b],[many a]
51	e_yy_RANGE_MIN=1;
52	e_yy_RANGE_MAX=2;
53	e_yy_RANGE_TARGET=3;
54	*/
55	typedef struct _abac_yy_range_t {
56	int type;
57	char *val;
58	} abac_yy_range_t;
59
60	/* to track role/oset constraint clauses used within a rule clause,
61	collect them up in one place, these are for conjunction clauses */
62	typedef struct _abac_yy_constraint_t {
63	char *clause;
64	} abac_yy_constraint_t;
65	abac_list_t *abac_yy_constraints = NULL;
66
67	/* local principal structure [keyid:USC] */
68	struct _abac_yy_principal_t {
69	int type;
70	char *sha; // sha is null when this is of object type
71	char *cn;
72	};
73
74	/* [principal:?Z]:..., must match a principal name */
75	struct _abac_yy_term_principal_t {
76	int type; /* this needs to be implicitly determined */
77	int is_anonymous;
78	char *name;
79	char *cond_str;
80	void *cond_ptr; // ptr to a saved abac_role_t
81	abac_yy_expression_t *cond_head_expr;
82	};
83
84	/* integer,float,time,urn,string types,
85	if has condition, then it is a variable,
86	ie,
87	[int:?Year]:<1930..1932>,
88	if no condition, then it is a constant,
89	ie,
90	[int:10]
91	*/
92	struct _abac_yy_term_data_t {
93	int is_variable;
94	int is_anonymous;
95	int type;
96	char *name;
97	char *cond_str;
98	void *cond_ptr; // ptr to a saved abac_oset_t
99	abac_list_t *cond_range;
100	abac_yy_expression_t *cond_head_expr; // parking stub
101	};
102
103	/* local term structure, will distinguish it in the future */
104	/* e_yy_DTERM_DATA, all other types
105	e_yy_DTERM_NAMED, keyid:bob
106	e_yy_DTERM_PRINCIPAL, principal:?P
107	e_yy_DTERM_ANONYMOUS ? */
108	struct _abac_yy_term_t {
109	union {
110	abac_yy_principal_t *n_ptr;
111	abac_yy_term_principal_t *p_ptr;
112	abac_yy_term_data_t *d_ptr;
113	} term;
114	int type;
115	struct _abac_yy_term_t *next;
116	int bcnt; /* this is to track number of terms in this linked up list */
117	};
118
119	/* local role structure */
120	struct _abac_yy_role_t {
121	int type;
122	char *name;
123	abac_yy_term_t *terms;
124	struct _abac_yy_role_t *next;
125	int bcnt; /* this is to track number of roles in this linked up list */
126	};
127
128	/* local oset structure */
129	struct _abac_yy_oset_t {
130	int type;
131	char *name;
132	abac_yy_term_t *terms;
133	struct _abac_yy_oset_t *next;
134	int bcnt; /* this is to track number of oset in this linked up list */
135	};
136
137	/* A, A.r, A.r.r */
138	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
139	/* A/obj, A.o, A.r.o */
140	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
141	struct _abac_yy_expression_t {
142	int type;
143	union {
144	abac_yy_principal_t *principal;
145	abac_yy_term_data_t *object;
146	};
147	abac_yy_role_t *linked_role;
148	union {
149	abac_yy_role_t *role;
150	abac_yy_oset_t *oset;
151	};
152	struct _abac_yy_expression_t *next;
153	int bcnt;
154	};
155
156	static void _free_yy_expression(abac_yy_expression_t *);
157
158	/************************************************************************/
159	void abac_yy_set_error_code(int v)
160	{
161	abac_yy_error_code=v;
162	}
163
164	/************************************************************************/
165	abac_stack_t *abac_yy_get_rule_id_clauses()
166	{
167	return abac_rule_id_clauses;
168	}
169
170	abac_stack_t *abac_yy_init_rule_id_clauses()
171	{
172	abac_rule_id_clauses=abac_stack_new();
173	return abac_rule_id_clauses;
174	}
175
176	void abac_yy_free_rule_id_clauses()
177	{
178	if (abac_rule_id_clauses != NULL)
179	abac_stack_free(abac_rule_id_clauses);
180	}
181
182	void abac_yy_set_rule_clauses(abac_list_t *clauses)
183	{
184	abac_rule_clauses=clauses;
185	if(debug) {
186	printf("printing out abac_rule_clauses:\n");
187	abac_print_clauses(abac_rule_clauses,NULL);
188	}
189	}
190
191	abac_list_t *abac_yy_get_rule_clauses()
192	{
193	return abac_rule_clauses;
194	}
195
196	void abac_yy_free_rule_clauses()
197	{
198	if (abac_rule_clauses != NULL) {
199	char *cur;
200	if(abac_yy_id_certs) {
201	abac_list_foreach(abac_yy_id_certs, cur,
202	if(cur) free(cur);
203	);
204	}
205	abac_list_free(abac_rule_clauses);
206	}
207	}
208
209	int abac_yy_get_rule_is_oset()
210	{
211	return abac_rule_is_oset;
212	}
213
214	abac_role_t *abac_yy_get_rule_head_role()
215	{
216	return abac_rule_head_role;
217	}
218
219	abac_role_t *abac_yy_get_rule_tail_role()
220	{
221	return abac_rule_tail_role;
222	}
223
224	abac_oset_t *abac_yy_get_rule_head_oset()
225	{
226	return abac_rule_head_oset;
227	}
228
229	abac_oset_t *abac_yy_get_rule_tail_oset()
230	{
231	return abac_rule_tail_oset;
232	}
233
234
235	/************************************************************************/
236	void abac_yy_init_yy_id_certs()
237	{
238	abac_yy_id_certs = abac_list_new();
239	}
240
241	void abac_yy_free_yy_id_certs()
242	{
243	abac_yy_id_cert_t *id;
244	abac_list_foreach(abac_yy_id_certs, id,
245	if(id)
246	free(id->principalname);
247	free(id->clause);
248	free(id);
249	);
250	abac_list_free(abac_yy_id_certs);
251	abac_yy_id_certs = NULL;
252	}
253
254	int abac_yy_cnt_yy_id_certs()
255	{
256	return abac_list_size(abac_yy_id_certs);
257	}
258
259	char *abac_yy_string_yy_id_certs()
260	{
261	int first=1;
262	char *tmp=NULL;
263	abac_yy_id_cert_t *cur;
264	abac_list_foreach(abac_yy_id_certs, cur,
265	if(cur)
266	if(first) {
267	tmp=abac_xstrdup(cur->clause);
268	first=0;
269	} else {
270	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
271	}
272	);
273	return tmp;
274	}
275
276	static void _add_yy_id_certs(char *principalname, int type)
277	{
278	abac_yy_id_cert_t *id_cert=NULL;
279
280	int found=0;
281	abac_yy_id_cert_t *cur;
282	abac_list_foreach(abac_yy_id_certs, cur,
283	if(cur)
284	if(strcmp(cur->principalname,principalname)==0) {
285	found=1;
286	break;
287	}
288	);
289
290	if (found) {
291	return;
292	} else {
293	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
294	id_cert->principalname=abac_xstrdup(principalname);
295	id_cert->type=type;
296	id_cert->clause=generate_pl_type_clause(principalname,type);
297	abac_list_add(abac_yy_id_certs, id_cert);
298	if(debug) printf(" -> adding yy id certs %s\n", principalname);
299	}
300	}
301
302	/***********************************************************************/
303	static void _free_yy_cond_range(abac_list_t *ptr)
304	{
305	if (ptr != NULL) {
306	abac_yy_range_t *cur;
307	abac_list_foreach(ptr, cur,
308	if(cur && cur->val) free(cur->val);
309	free(cur);
310	);
311	abac_list_free(ptr);
312	}
313	}
314
315	static char _string_yy_cond_range(abac_list_t ptr)
316	{
317	assert(ptr);
318	char *tmp=NULL;
319	char *min=NULL;
320	char *max=NULL;
321	char *val=NULL;
322	int type;
323
324	abac_yy_range_t *cur;
325	abac_list_foreach(ptr, cur,
326	type=cur->type;
327	switch (type) {
328	case e_yy_RANGE_MIN:
329	min=strdup(cur->val);
330	break;
331	case e_yy_RANGE_MAX:
332	max=strdup(cur->val);
333	break;
334	case e_yy_RANGE_TARGET:
335	if(val)
336	asprintf(&val,"%s,%s",val,cur->val);
337	else val=strdup(cur->val);
338	break;
339	}
340	);
341	if(max && min) {
342	asprintf(&tmp,"[%s..%s]",min,max);
343	free(max);
344	free(min);
345	return tmp;
346	}
347	if(max) {
348	asprintf(&tmp,"[..%s]",max);
349	free(max);
350	return tmp;
351	}
352	if(min) {
353	asprintf(&tmp,"[%s..]",min);
354	free(min);
355	return tmp;
356	}
357	if(val) {
358	asprintf(&tmp,"[%s]",val);
359	free(val);
360	return tmp;
361	}
362	return NULL;
363	}
364
365	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
366	{
367	abac_yy_range_t *range=
368	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
369	range->type=e_yy_RANGE_TARGET;
370	range->val=strdup(val);
371	abac_list_add(ptr, range);
372	return ptr;
373	}
374
375	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
376	{
377	abac_yy_range_t *range=
378	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
379	range->type=type;
380	range->val=strdup(val);
381	abac_list_add(ptr, range);
382	return ptr;
383	}
384
385	abac_list_t make_yy_val_range(char val)
386	{
387	abac_list_t *ptr=abac_list_new();
388	add_yy_val_range(ptr,val);
389	return ptr;
390	}
391
392	abac_list_t make_yy_minmax_range(char min, char *max)
393	{
394	abac_list_t *ptr=abac_list_new();
395	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
396	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
397	return ptr;
398	}
399
400	abac_list_t make_yy_min_range(char min)
401	{
402	abac_list_t *ptr=abac_list_new();
403	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
404	return ptr;
405	}
406
407	abac_list_t make_yy_max_range(char max)
408	{
409	abac_list_t *ptr=abac_list_new();
410	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
411	return ptr;
412	}
413
414	/***********************************************************************/
415	abac_yy_term_data_t *make_yy_term_data()
416	{
417	abac_yy_term_data_t *ptr=
418	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
419	ptr->name=NULL;
420	ptr->type=0;
421	ptr->is_variable=0;
422	ptr->is_anonymous=0;
423	ptr->cond_str=NULL;
424	ptr->cond_head_expr=NULL;
425	ptr->cond_ptr=NULL;
426	ptr->cond_range=NULL;
427	return ptr;
428	}
429
430	void set_yy_term_data_name(abac_yy_term_data_t ptr, char name)
431	{
432	ptr->name=strdup(name);
433	}
434
435	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
436	{
437	return ptr->cond_range;
438	}
439
440	char get_yy_term_data_name(abac_yy_term_data_t ptr)
441	{
442	return ptr->name;
443	}
444
445	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
446	{
447	if(ptr->cond_head_expr != NULL)
448	return 1;
449	if(ptr->cond_range != NULL)
450	return 1;
451	return 0;
452	}
453
454	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
455	abac_list_t *range)
456	{
457	ptr->cond_range=range;
458	}
459
460	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
461	abac_yy_expression_t *expr)
462	{
463	ptr->cond_head_expr=expr;
464	}
465
466	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
467	{
468	return ptr->cond_head_expr;
469	}
470
471	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
472	{
473	int type=abac_term_verify_term_type(typestr);
474	ptr->type=type;
475	}
476
477	void set_yy_term_data_is_anonymous(abac_yy_term_data_t *ptr)
478	{
479	ptr->is_anonymous=1;
480	}
481
482	int is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
483	{
484	if(ptr->type==abac_term_verify_term_type("integer") \|\|
485	ptr->type==abac_term_verify_term_type("float"))
486	return 1;
487	return 0;
488	}
489
490	int is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
491	{
492	if(ptr->type==abac_term_verify_term_type("time"))
493	return 1;
494	return 0;
495	}
496
497	int is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
498	{
499	if(ptr->type==abac_term_verify_term_type("string") \|\|
500	ptr->type==abac_term_verify_term_type("urn") \|\|
501	ptr->type==abac_term_verify_term_type("boolean"))
502	return 1;
503	return 0;
504	}
505
506	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
507	{
508	ptr->cond_ptr=vptr;
509	}
510
511	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
512	{
513	ptr->cond_str=strdup(cond);
514	}
515
516	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
517	{
518	ptr->is_variable=1;
519	}
520
521	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
522	{
523	return ptr->is_variable;
524	}
525
526	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
527	{
528	free(ptr->name);
529	if(ptr->cond_str)
530	free(ptr->cond_str);
531	if(ptr->cond_head_expr)
532	_free_yy_expression(ptr->cond_head_expr);
533	if(ptr->cond_range);
534	_free_yy_cond_range(ptr->cond_range);
535	free(ptr);
536	}
537
538	abac_yy_term_principal_t *make_yy_term_principal()
539	{
540	abac_yy_term_principal_t *ptr=
541	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
542	ptr->type=0;/* this is not known */
543	ptr->is_anonymous=0;
544	ptr->name=NULL;
545	ptr->cond_str=NULL;
546	ptr->cond_head_expr=NULL;
547	return ptr;
548	}
549
550	void set_yy_term_principal_name(abac_yy_term_principal_t ptr, char name)
551	{
552	ptr->name=abac_xstrdup(name);
553	}
554
555	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
556	{
557	ptr->cond_ptr=vptr;
558	}
559
560	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
561	{
562	ptr->cond_str=abac_xstrdup(cond);
563	}
564
565	void set_yy_term_principal_is_anonymous(abac_yy_term_principal_t *ptr)
566	{
567	ptr->is_anonymous=1;
568	}
569
570	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
571	{
572	return ptr->cond_head_expr;
573	}
574
575	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
576	abac_yy_expression_t *expr)
577	{
578	ptr->cond_head_expr=expr;
579	}
580
581	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
582	{
583	free(ptr->name);
584	if(ptr->cond_str)
585	free(ptr->cond_str);
586	if(ptr->cond_head_expr)
587	_free_yy_expression(ptr->cond_head_expr);
588	free(ptr);
589	}
590
591	abac_yy_term_t *make_yy_term_dterm_anonymous()
592	{
593	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
594	ptr->type = e_yy_DTERM_ANONYMOUS;
595	ptr->next=NULL;
596	ptr->bcnt=1;
597	return ptr;
598	}
599
600	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
601	{
602	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
603	if(pptr->is_anonymous)
604	ptr->type = e_yy_DTERM_ANONYMOUS;
605	else ptr->type = e_yy_DTERM_PRINCIPAL;
606	ptr->term.p_ptr=pptr;
607	ptr->next=NULL;
608	ptr->bcnt=1;
609	return ptr;
610	}
611
612	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
613	{
614	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
615	ptr->type = e_yy_DTERM_NAMED;
616	ptr->term.n_ptr=nptr;
617	ptr->next=NULL;
618	ptr->bcnt=1;
619	return ptr;
620	}
621
622	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
623	{
624	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
625
626	if(dptr->is_anonymous)
627	ptr->type = e_yy_DTERM_ANONYMOUS;
628	else ptr->type = e_yy_DTERM_DATA;
629	ptr->term.d_ptr=dptr;
630	ptr->next=NULL;
631	ptr->bcnt=1;
632	return ptr;
633	}
634
635	/************************************************************************/
636	void abac_yy_init_yy_constraints()
637	{
638	abac_yy_constraints = abac_list_new();
639	}
640
641	void abac_yy_free_yy_constraints()
642	{
643	abac_yy_constraint_t *cur;
644	abac_list_foreach(abac_yy_constraints, cur,
645	if(cur && cur->clause)
646	free(cur->clause);
647	free(cur);
648	);
649	abac_list_free(abac_yy_constraints);
650	abac_yy_constraints=NULL;
651	}
652
653	int abac_yy_cnt_yy_constraints()
654	{
655	return abac_list_size(abac_yy_constraints);
656	}
657
658	char *abac_yy_string_yy_constraints()
659	{
660	int first=1;
661	char *tmp=NULL;
662	abac_yy_constraint_t *cur;
663	abac_list_foreach(abac_yy_constraints, cur,
664	if(cur && cur->clause)
665	if(first) {
666	tmp=abac_xstrdup(cur->clause);
667	first=0;
668	} else {
669	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
670	}
671	);
672	return tmp;
673	}
674
675	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
676	{
677	abac_yy_constraint_t *ptr=
678	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
679	ptr->clause=strdup(constraint);
680	abac_list_add(abac_yy_constraints, ptr);
681	return ptr;
682	}
683
684	/****************************************************************************/
685	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
686	{
687	abac_yy_principal_t *ptr=
688	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
689	/* add p to yyparse's principal */
690	if(sha) ptr->sha=abac_xstrdup(sha);
691	else ptr->sha=NULL;
692	if(cn) ptr->cn=abac_xstrdup(cn);
693	else ptr->cn=NULL;
694	ptr->type=type;
695	return ptr;
696	}
697
698	static void _free_yy_principal(abac_yy_principal_t *ptr)
699	{
700	if(ptr->sha) free(ptr->sha);
701	if(ptr->cn) free(ptr->cn);
702	free(ptr);
703	}
704
705	int get_yy_principal_type(abac_yy_principal_t *ptr)
706	{
707	return ptr->type;
708	}
709
710	char get_yy_principal_name(abac_yy_principal_t ptr)
711	{
712	if(USE("ABAC_CN") && ptr->cn)
713	return ptr->cn;
714	return ptr->sha;
715	}
716
717	char get_yy_principal_cn(abac_yy_principal_t ptr)
718	{
719	return ptr->cn;
720	}
721
722	char get_yy_principal_sha(abac_yy_principal_t ptr)
723	{
724	return ptr->sha;
725	}
726
727	/*************************************************************************/
728
729	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
730	{
731	int i=terms->bcnt;
732	nterm->next=terms;
733	nterm->bcnt=i+1;
734	return nterm;
735	}
736
737	static void _free_yy_term(abac_yy_term_t *ptr)
738	{
739	switch (ptr->type) {
740	case e_yy_DTERM_DATA:
741	_free_yy_term_data(ptr->term.d_ptr);
742	break;
743	case e_yy_DTERM_NAMED:
744	_free_yy_principal(ptr->term.n_ptr);
745	break;
746	case e_yy_DTERM_PRINCIPAL:
747	_free_yy_term_principal(ptr->term.p_ptr);
748	break;
749	case e_yy_DTERM_ANONYMOUS:
750	break;
751	}
752	if(ptr->next)
753	_free_yy_term(ptr->next);
754	free(ptr);
755	}
756
757	/*************************************************************************/
758
759	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
760	{
761	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
762	ptr->name=abac_xstrdup(name);
763	ptr->terms=terms;
764	ptr->next=NULL;
765	ptr->bcnt=1;
766	return ptr;
767	}
768
769	static void _free_yy_role(abac_yy_role_t *ptr)
770	{
771	free(ptr->name);
772	if(ptr->terms)
773	_free_yy_term(ptr->terms);
774	if(ptr->next)
775	_free_yy_role(ptr->next);
776	free(ptr);
777	}
778
779	/***************************************************************************/
780	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
781	{
782	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
783	ptr->name=abac_xstrdup(name);
784	ptr->terms=terms;
785	ptr->next=NULL;
786	ptr->bcnt=1;
787	return ptr;
788	}
789
790	static void _free_yy_oset(abac_yy_oset_t *ptr)
791	{
792	free(ptr->name);
793	if(ptr->terms)
794	_free_yy_term(ptr->terms);
795	if(ptr->next)
796	_free_yy_oset(ptr->next);
797	free(ptr);
798	}
799	/***************************************************************************/
800
801	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
802
803	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
804	{
805	abac_yy_expression_t *ptr=
806	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
807	ptr->type = type;
808	if(type == e_yy_EXPR_OBJECT) {
809	ptr->object=(abac_yy_term_data_t *)pptr;
810	} else {
811	ptr->principal = (abac_yy_principal_t *)pptr;
812	}
813	if(type == e_yy_EXPR_OSET)
814	ptr->oset = (abac_yy_oset_t *) optr;
815	else
816	ptr->role = (abac_yy_role_t *) optr;
817	ptr->linked_role=linked_role;
818	ptr->next=NULL;
819
820	return ptr;
821	}
822
823	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
824	{
825	if(ptr->type == e_yy_EXPR_OBJECT)
826	return ptr->object;
827	return NULL;
828	}
829
830	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
831	abac_yy_expression_t *exprs)
832	{
833	int i=exprs->bcnt;
834	nexpr->next=exprs;
835	nexpr->bcnt=i+1;
836	return nexpr;
837	}
838
839	static void _free_yy_expression(abac_yy_expression_t *ptr)
840	{
841	if(ptr->type == e_yy_EXPR_OBJECT) {
842	if(ptr->object)
843	_free_yy_term_data(ptr->object);
844	} else {
845	if(ptr->principal)
846	_free_yy_principal(ptr->principal);
847	}
848	if(ptr->type == e_yy_EXPR_OSET) {
849	if(ptr->oset)
850	_free_yy_oset(ptr->oset);
851	} else {
852	if(ptr->role)
853	_free_yy_role(ptr->role);
854	}
855	if(ptr->linked_role)
856	_free_yy_role(ptr->linked_role);
857	if(ptr->next)
858	_free_yy_expression(ptr->next);
859
860	free(ptr);
861	}
862
863	/***************************************************************************/
864	static void _oset_add_terms(int linked, abac_oset_t *oset,
865	abac_yy_term_t *terms)
866	{
867	abac_yy_term_t *curr = terms;
868	int type;
869
870	while (curr) {
871	char *name=NULL;
872	char *cond=NULL;
873	void *ptr=NULL;
874	switch (curr->type) {
875	case e_yy_DTERM_DATA:
876	{
877	abac_yy_term_data_t *ptr=curr->term.d_ptr;
878	type=ptr->type;
879	name=abac_xstrdup(ptr->name);
880	if(ptr->cond_str)
881	cond=abac_xstrdup(ptr->cond_str);
882	else cond=NULL;
883	ptr=ptr->cond_ptr;
884	break;
885	}
886	case e_yy_DTERM_PRINCIPAL:
887	{
888	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
889	type=abac_term_verify_term_type("principal");
890	name=abac_xstrdup(ptr->name);
891	if(ptr->cond_str)
892	cond=abac_xstrdup(ptr->cond_str);
893	else cond=NULL;
894	ptr=ptr->cond_ptr;
895	break;
896	}
897	case e_yy_DTERM_NAMED:
898	{
899	abac_yy_principal_t *ptr=curr->term.n_ptr;
900	type=ptr->type;
901	name=abac_xstrdup(get_yy_principal_name(ptr));
902	cond=NULL;
903	ptr=NULL;
904	break;
905	}
906	case e_yy_DTERM_ANONYMOUS:
907	{
908	type=0;
909	name=abac_xstrdup("_");
910	cond=NULL;
911	ptr=NULL;
912	break;
913	}
914	}
915
916	abac_term_t *param=abac_term_new(type,name,cond,ptr);
917	if (linked)
918	abac_oset_oset_add_linked_param(oset, param);
919	else
920	abac_oset_oset_add_param(oset, param);
921	curr=curr->next;
922	}
923	}
924
925	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
926	{
927	int linked=1;
928	_oset_add_terms(linked, oset, terms);
929	}
930
931	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
932	{
933	int linked=0;
934	_oset_add_terms(linked, oset, terms);
935	}
936
937
938	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
939	{
940	abac_oset_t *ret_oset=NULL;
941	abac_list_t *prereqs = abac_list_new();
942	abac_list_add(prereqs, oset);
943	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
944	return ret_oset;
945	}
946
947	/* A.oset */
948	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
949	{
950	abac_yy_principal_t *principal=expr->principal;
951	abac_yy_oset_t *oset=expr->oset;
952
953	char *principalname=get_yy_principal_sha(principal);
954	char *othername=get_yy_principal_name(principal);
955	char *osetname=oset->name;
956	abac_yy_term_t *terms=oset->terms;
957
958	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
959	if (ret_oset==NULL) {
960	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
961	goto error;
962	}
963	if (!abac_oset_is_oset(ret_oset)) {
964	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
965	goto error;
966	}
967	// insert the params for the oset
968	if(terms) {
969	_oset_add_oset_terms(ret_oset, terms);
970	}
971
972	_add_yy_id_certs(othername,get_yy_principal_type(principal));
973
974	return ret_oset;
975
976	error:
977	return NULL;
978	}
979
980	/* B */
981	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
982	{
983	abac_yy_principal_t *principal=expr->principal;
984	char *principalname=get_yy_principal_sha(principal);
985	char *othername=get_yy_principal_name(principal);
986	abac_oset_t *ret_oset=NULL;
987
988	ret_oset = abac_oset_principal_new(principalname);
989
990	_add_yy_id_certs(othername,get_yy_principal_type(principal));
991
992	if (ret_oset==NULL)
993	goto error;
994	return ret_oset;
995
996	error:
997	panic("can not generate a simple named tail oset");
998	return NULL;
999	}
1000
1001
1002	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
1003	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
1004	{
1005	abac_yy_term_data_t *object=get_yy_expression_object(expr);
1006	assert(object != NULL);
1007
1008	char *name=object->name;
1009	int type=object->type;
1010	char *cond=object->cond_str;
1011	void *ptr=object->cond_ptr;
1012	abac_term_t *term=abac_term_new(type,name,cond,ptr);
1013	abac_oset_t *ret_oset=abac_oset_object_new(term);
1014
1015	if(get_yy_term_data_is_variable(object))
1016	_add_yy_id_certs(name,type);
1017
1018	if (ret_oset==NULL)
1019	goto error;
1020	return ret_oset;
1021
1022	error:
1023	panic("can not generate a simple object tail oset");
1024	return NULL;
1025	}
1026
1027
1028	/* B.oset */
1029	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
1030	{
1031	abac_yy_principal_t *principal=expr->principal;
1032	abac_yy_oset_t *oset=expr->oset;
1033
1034	char *principalname=get_yy_principal_sha(principal);
1035	char *othername=get_yy_principal_name(principal);
1036
1037	char *osetname=oset->name;
1038	abac_yy_term_t *terms=oset->terms;
1039
1040	int ret;
1041	abac_oset_t *ret_oset=NULL;
1042
1043	ret_oset = abac_oset_oset_new(principalname, osetname);
1044	if (ret_oset==NULL)
1045	goto error;
1046
1047	if(terms) {
1048	_oset_add_oset_terms(ret_oset, terms);
1049	}
1050
1051	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1052
1053	return ret_oset;
1054
1055	error:
1056	panic("can not generate a simple tail oset");
1057	return NULL;
1058	}
1059
1060	/* B.role.oset */
1061	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
1062	{
1063	abac_yy_principal_t *principal=expr->principal;
1064	abac_yy_oset_t *oset=expr->oset;
1065	abac_yy_role_t *linked_role=expr->linked_role;
1066
1067	char *principalname=get_yy_principal_sha(principal);
1068	char *othername=get_yy_principal_name(principal);
1069
1070	char *osetname=oset->name;
1071	abac_yy_term_t *terms=oset->terms;
1072
1073	char *linkedrolename=linked_role->name;
1074	abac_yy_term_t *linked_terms=linked_role->terms;
1075
1076	int ret;
1077	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
1078	linkedrolename, osetname);
1079	if (ret_oset==NULL)
1080	goto error;
1081
1082	if(linked_terms) {
1083	_oset_add_linked_terms(ret_oset, linked_terms);
1084	}
1085	if(terms) {
1086	_oset_add_oset_terms(ret_oset, terms);
1087	}
1088
1089	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1090
1091	return ret_oset;
1092
1093	error:
1094	panic("can not generate linked tail oset");
1095	return NULL;
1096	}
1097
1098
1099
1100	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
1101	abac_yy_expression_t *tailexpr)
1102	{
1103	abac_oset_t *head_oset=NULL;
1104	abac_oset_t *tail_oset=NULL;
1105
1106	/* build up left side's abac oset structure */
1107	head_oset=validate_head_oset(headexpr);
1108	if(head_oset == NULL)
1109	goto error;
1110
1111	/* build up the right side's abac oset structure */
1112	abac_yy_expression_t *curr_tail = tailexpr;
1113	int intersecting=(tailexpr->next != NULL)? 1:0;
1114	abac_oset_t *curr_oset = NULL;
1115	while (curr_tail) {
1116	switch(curr_tail->type) {
1117	case e_yy_EXPR_OBJECT:
1118	curr_oset=validate_object_tail_oset(curr_tail);
1119	break;
1120	case e_yy_EXPR_NAMED:
1121	curr_oset=validate_named_tail_oset(curr_tail);
1122	break;
1123	case e_yy_EXPR_OSET:
1124	curr_oset=validate_oset_tail_oset(curr_tail);
1125	break;
1126	case e_yy_EXPR_LINKED:
1127	curr_oset=validate_linked_tail_oset(curr_tail);
1128	break;
1129	}
1130	if(curr_oset==NULL)
1131	goto error;
1132
1133	/* check if first one */
1134	if(tail_oset==NULL) {
1135	if(intersecting)
1136	tail_oset=validate_intersected_tail_oset(curr_oset);
1137	else
1138	tail_oset=curr_oset;
1139	} else {
1140	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
1141	}
1142	curr_tail=curr_tail->next;
1143	} /* while */
1144
1145	/* XXX collect up type clauses, constraint clauses and
1146	generate rule clauses */
1147	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
1148	if(tmp == NULL)
1149	goto error;
1150
1151	if(debug) {
1152	abac_print_oset_string_with_condition(head_oset,NULL);
1153	printf("\n");
1154	abac_print_oset_string_with_condition(tail_oset,NULL);
1155	printf("\n");
1156	}
1157
1158	_free_yy_expression(headexpr);
1159	_free_yy_expression(tailexpr);
1160	abac_rule_head_oset=head_oset;
1161	abac_rule_tail_oset=tail_oset;
1162	abac_rule_is_oset=1;
1163	return tmp;
1164
1165	error:
1166	_free_yy_expression(headexpr);
1167	_free_yy_expression(tailexpr);
1168	if(head_oset)
1169	abac_oset_free(head_oset);
1170	if(tail_oset)
1171	abac_oset_free(tail_oset);
1172	return NULL;
1173	}
1174
1175	/****************************************************************/
1176	static void _role_add_terms(int linked, abac_role_t *role,
1177	abac_yy_term_t *terms)
1178	{
1179	abac_yy_term_t *curr = terms;
1180	int type;
1181	while (curr) {
1182	char *name=NULL;
1183	char *cond=NULL;
1184	void *ptr=NULL;
1185	switch (curr->type) {
1186	case e_yy_DTERM_DATA:
1187	{
1188	abac_yy_term_data_t *pptr=curr->term.d_ptr;
1189	type=pptr->type;
1190	name=abac_xstrdup(pptr->name);
1191	if(pptr->cond_str)
1192	cond=abac_xstrdup(pptr->cond_str);
1193	ptr=pptr->cond_ptr;
1194	break;
1195	}
1196	case e_yy_DTERM_PRINCIPAL:
1197	{
1198	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
1199	type=abac_term_verify_term_type("principal");
1200	name=abac_xstrdup(pptr->name);
1201	if(pptr->cond_str)
1202	cond=abac_xstrdup(pptr->cond_str);
1203	ptr=pptr->cond_ptr;
1204	break;
1205	}
1206	case e_yy_DTERM_NAMED:
1207	{
1208	abac_yy_principal_t *pptr=curr->term.n_ptr;
1209	type=pptr->type;
1210	name=abac_xstrdup(get_yy_principal_name(pptr));
1211	cond=NULL;
1212	ptr=NULL;
1213	break;
1214	}
1215	case e_yy_DTERM_ANONYMOUS:
1216	{
1217	type=0;
1218	name=abac_xstrdup("_");
1219	cond=NULL;
1220	ptr=NULL;
1221	break;
1222	}
1223	}
1224
1225	abac_term_t *param=abac_term_new(type,name,cond,ptr);
1226	if (linked)
1227	abac_role_role_add_linked_param(role, param);
1228	else
1229	abac_role_role_add_param(role, param);
1230	curr=curr->next;
1231	}
1232	}
1233
1234	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
1235	{
1236	int linked=1;
1237	_role_add_terms(linked, role, terms);
1238	}
1239
1240	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
1241	{
1242	int linked=0;
1243	_role_add_terms(linked, role, terms);
1244	}
1245
1246
1247	abac_role_t validate_intersected_tail_role(abac_role_t role)
1248	{
1249	abac_role_t *ret_role=NULL;
1250	abac_list_t *prereqs = abac_list_new();
1251	abac_list_add(prereqs, role);
1252	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
1253	return ret_role;
1254	}
1255
1256	abac_role_t validate_head_role(abac_yy_expression_t expr)
1257	{
1258	abac_yy_principal_t *principal=expr->principal;
1259	abac_yy_role_t *role=expr->role;
1260
1261	char *principalname=get_yy_principal_sha(principal);
1262	char *othername=get_yy_principal_name(principal);
1263	char *rolename=role->name;
1264	abac_yy_term_t *terms=role->terms;
1265	abac_role_t *ret_role=NULL;
1266
1267	ret_role=abac_role_role_new(principalname, rolename);
1268	if (ret_role==NULL) {
1269	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
1270	goto error;
1271	}
1272	if (!abac_role_is_role(ret_role)) {
1273	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
1274	goto error;
1275	}
1276	// insert the params for the role
1277	if(terms) {
1278	_role_add_role_terms(ret_role, terms);
1279	}
1280
1281	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1282
1283	return ret_role;
1284
1285	error:
1286	return NULL;
1287	}
1288
1289	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
1290	{
1291	abac_yy_principal_t *principal=expr->principal;
1292	char *principalname=get_yy_principal_sha(principal);
1293	char *othername=get_yy_principal_name(principal);
1294	abac_role_t *ret_role=NULL;
1295
1296	ret_role = abac_role_principal_new(principalname);
1297
1298	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1299
1300	if (ret_role==NULL)
1301	goto error;
1302	return ret_role;
1303
1304	error:
1305	panic("can not generate a simple named tail role");
1306	return NULL;
1307	}
1308
1309	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
1310	{
1311	abac_yy_principal_t *principal=expr->principal;
1312	abac_yy_role_t *role=expr->role;
1313
1314	char *principalname=get_yy_principal_sha(principal);
1315	char *othername=get_yy_principal_name(principal);
1316
1317	char *rolename=role->name;
1318	abac_yy_term_t *terms=role->terms;
1319
1320	int ret;
1321	abac_role_t *ret_role=NULL;
1322
1323	ret_role = abac_role_role_new(principalname, rolename);
1324	if (ret_role==NULL)
1325	goto error;
1326
1327	if(terms) {
1328	_role_add_role_terms(ret_role, terms);
1329	}
1330
1331	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1332
1333	return ret_role;
1334
1335	error:
1336	panic("can not generate a simple tail role");
1337	return NULL;
1338	}
1339	/* need to validate/generate a linked role out of this */
1340	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
1341	{
1342	abac_yy_principal_t *principal=expr->principal;
1343	abac_yy_role_t *role=expr->role;
1344	abac_yy_role_t *linked_role=expr->linked_role;
1345
1346	char *principalname=get_yy_principal_sha(principal);
1347	char *othername=get_yy_principal_name(principal);
1348
1349	char *rolename=role->name;
1350	abac_yy_term_t *terms=role->terms;
1351
1352	char *linkedrolename=linked_role->name;
1353	abac_yy_term_t *linked_terms=linked_role->terms;
1354
1355	int ret;
1356	abac_role_t *ret_role=NULL;
1357
1358	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
1359	if (ret_role==NULL)
1360	goto error;
1361
1362	if(linked_terms) {
1363	_role_add_linked_terms(ret_role, linked_terms);
1364	}
1365	if(terms) {
1366	_role_add_role_terms(ret_role, terms);
1367	}
1368
1369	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1370
1371	return ret_role;
1372
1373	error:
1374	panic("can not generate linked tail role");
1375	return NULL;
1376	}
1377
1378	/***********************************************************************/
1379	/* add the condition to constraint list */
1380	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
1381	{
1382	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
1383	if(head_expr) {
1384	abac_oset_t *head_oset=validate_head_oset(head_expr);
1385	if(head_oset == NULL)
1386	goto error;
1387
1388	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
1389	set_yy_term_data_cond_str(ptr,tmp);
1390	set_yy_term_data_cond_ptr(ptr,head_oset);
1391	abac_yy_add_yy_constraints(tmp);
1392	return tmp;
1393	}
1394	return NULL;
1395	error:
1396	return NULL;
1397	}
1398
1399	/****************************************************************/
1400	/* add the range condition to constraint list */
1401	/* this is for integer and float only */
1402	void make_yy_range_numeric_constraint(abac_yy_term_data_t ptr, char var)
1403	{
1404	char *typestr=abac_term_type(ptr->type);
1405	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1406	char *tmplist=NULL;
1407	char *tmp=NULL;
1408	int as_range=1; /* either , or ; */
1409	if(rlist) {
1410	char *rstring=_string_yy_cond_range(rlist);
1411	set_yy_term_data_cond_str(ptr,rstring);
1412	abac_yy_range_t *cur;
1413
1414	/* a list of values -- in chars */
1415	abac_list_foreach(rlist, cur,
1416	int type=cur->type;
1417	char *val=cur->val;
1418	switch(type) {
1419	case e_yy_RANGE_MIN:
1420	tmp=generate_pl_range_constraint(typestr,var,val,">=");
1421	break;
1422	case e_yy_RANGE_MAX:
1423	tmp=generate_pl_range_constraint(typestr,var,val,"=<");
1424	break;
1425	case e_yy_RANGE_TARGET:
1426	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1427	as_range=0;
1428	break;
1429	}
1430	/* ; is prolog's disjunction built in predicate */
1431	if(tmplist) {
1432	if(as_range)
1433	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1434	else
1435	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1436	} else {
1437	tmplist=tmp;
1438	}
1439	tmp=NULL;
1440	);
1441	asprintf(&tmplist,"(%s)",tmplist);
1442	abac_yy_add_yy_constraints(tmplist);
1443	}
1444	}
1445
1446	/****************************************************************/
1447	/* this is for time only */
1448	void make_yy_range_time_constraint(abac_yy_term_data_t ptr, char var)
1449	{
1450	char *typestr=abac_term_type(ptr->type);
1451	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1452	char *tmplist=NULL;
1453	char *tmp=NULL;
1454	char *ttmp=NULL;
1455	char *tlist=NULL;
1456	int as_range=1; /* either , or ; */
1457	if(rlist) {
1458	char *rstring=_string_yy_cond_range(rlist);
1459	set_yy_term_data_cond_str(ptr,rstring);
1460	abac_yy_range_t *cur;
1461
1462	/* a list of values -- in chars */
1463	abac_list_foreach(rlist, cur,
1464	int type=cur->type;
1465	char *tval=cur->val;
1466	char *val=abac_term_to_time(tval);
1467	switch(type) {
1468	case e_yy_RANGE_MIN:
1469	ttmp=generate_pl_range_time_constraint(var,val,">");
1470	tmp=generate_pl_range_time_constraint(var,val,"=");
1471	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
1472	tmp=tlist;
1473	break;
1474	case e_yy_RANGE_MAX:
1475	ttmp=generate_pl_range_time_constraint(var,val,"=");
1476	tmp=generate_pl_range_time_constraint(var,val,"<");
1477	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
1478	tmp=tlist;
1479	break;
1480	case e_yy_RANGE_TARGET:
1481	tmp=generate_pl_range_time_constraint(var,val,"=");
1482	as_range=0;
1483	break;
1484	}
1485	free(val);
1486	/* ; is prolog's disjunction built in predicate */
1487	if(tmplist) {
1488	if(as_range)
1489	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1490	else
1491	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1492	} else {
1493	tmplist=tmp;
1494	}
1495	tmp=NULL;
1496	);
1497
1498	asprintf(&tmplist,"(%s)",tmplist);
1499	/* generate a clause with above and add into db */
1500	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
1501	abac_yy_add_yy_constraints(tmp);
1502	}
1503	}
1504
1505	/****************************************************************/
1506	/* this is for string and urn only */
1507	void make_yy_range_string_constraint(abac_yy_term_data_t ptr, char var)
1508	{
1509	char *typestr=abac_term_type(ptr->type);
1510	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1511	char *tmplist=NULL;
1512	char *tmp=NULL;
1513	if(rlist) {
1514	char *rstring=_string_yy_cond_range(rlist);
1515	set_yy_term_data_cond_str(ptr,rstring);
1516	abac_yy_range_t *cur;
1517
1518	/* a list of values -- in chars */
1519	abac_list_foreach(rlist, cur,
1520	int type=cur->type;
1521	char *val=cur->val;
1522	switch(type) {
1523	case e_yy_RANGE_MIN:
1524	panic("make_yy_range_string_constraint, invalid range type - min");
1525	break;
1526	case e_yy_RANGE_MAX:
1527	/* invalid range type */
1528	panic("make_yy_range_string_constraint, invalid range type - max");
1529	break;
1530	case e_yy_RANGE_TARGET:
1531	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1532	break;
1533	}
1534	/* ; is prolog's disjunction built in predicate */
1535	if(tmplist)
1536	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1537	else tmplist=tmp;
1538	tmp=NULL;
1539	);
1540	asprintf(&tmplist,"(%s)",tmplist);
1541	/* generate a clause with above and add into db */
1542	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
1543	abac_yy_add_yy_constraints(tmp);
1544	}
1545	}
1546
1547	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
1548	{
1549	if(is_yy_term_data_type_numeric(ptr)) {
1550	make_yy_range_numeric_constraint(ptr, var);
1551	} else if (is_yy_term_data_type_alpha(ptr)) {
1552	make_yy_range_string_constraint(ptr, var);
1553	} else if (is_yy_term_data_type_time(ptr)) {
1554	make_yy_range_time_constraint(ptr, var);
1555	}
1556	}
1557
1558	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
1559	{
1560	char *tmp=NULL;
1561	abac_role_t *head_role=NULL;
1562
1563	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
1564	/* build up left side's abac role constraint structure */
1565	head_role=validate_head_role(head_expr);
1566	if(head_role == NULL)
1567	goto error;
1568
1569	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
1570	set_yy_term_principal_cond_str(ptr,tmp);
1571	set_yy_term_principal_cond_ptr(ptr,head_role);
1572	abac_yy_add_yy_constraints(tmp);
1573	return tmp;
1574
1575	error:
1576	return NULL;
1577	}
1578
1579	/* build up the abac structure and also create the yap clause
1580	and insert it into db */
1581	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1582	abac_yy_expression_t *tailexpr)
1583	{
1584	abac_role_t *head_role=NULL;
1585	abac_role_t *tail_role=NULL;
1586
1587	/* build up left side's abac role structure */
1588	head_role=validate_head_role(headexpr);
1589	if(head_role == NULL)
1590	goto error;
1591
1592	/* build up the right side's abac role structure */
1593	abac_yy_expression_t *curr_tail = tailexpr;
1594	int intersecting=(tailexpr->next != NULL)? 1:0;
1595	abac_role_t *curr_role = NULL;
1596	while (curr_tail) {
1597	switch(curr_tail->type) {
1598	case e_yy_EXPR_NAMED:
1599	curr_role=validate_named_tail_role(curr_tail);
1600	break;
1601	case e_yy_EXPR_ROLE:
1602	curr_role=validate_role_tail_role(curr_tail);
1603	break;
1604	case e_yy_EXPR_LINKED:
1605	curr_role=validate_linked_tail_role(curr_tail);
1606	break;
1607	}
1608	if(curr_role==NULL)
1609	goto error;
1610
1611	/* check if first one */
1612	if(tail_role==NULL) {
1613	if(intersecting)
1614	tail_role=validate_intersected_tail_role(curr_role);
1615	else
1616	tail_role=curr_role;
1617	} else {
1618	abac_role_add_intersecting_role(tail_role,curr_role);
1619	}
1620	curr_tail=curr_tail->next;
1621	} /* while */
1622
1623	/* collect up type clauses, constraint clauses and
1624	generate the final rule clauses */
1625	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
1626	if(tmp == NULL)
1627	goto error;
1628
1629	if(debug) {
1630	abac_print_role_string_with_condition(head_role,NULL);
1631	printf("\n");
1632	abac_print_role_string_with_condition(tail_role,NULL);
1633	printf("\n");
1634	}
1635
1636	_free_yy_expression(headexpr);
1637	_free_yy_expression(tailexpr);
1638	abac_rule_head_role=head_role;
1639	abac_rule_tail_role=tail_role;
1640	abac_rule_is_oset=0;
1641	return tmp;
1642
1643	error:
1644	_free_yy_expression(headexpr);
1645	_free_yy_expression(tailexpr);
1646	if(head_role)
1647	abac_role_free(head_role);
1648	if(tail_role)
1649	abac_role_free(tail_role);
1650	return NULL;
1651	}
1652
1653
1654	/************************************************************************/
1655	void abac_yy_init()
1656	{
1657	abac_yyinit();
1658	abac_yy_init_rule_id_clauses();
1659	abac_yy_init_yy_id_certs();
1660	abac_yy_init_yy_constraints();
1661	}
1662
1663

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac_pl_yy.c @ 7727f26

Download in other formats: