Context Navigation

source: libabac/abac_pl_yy.c @ 7b548fa

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 7b548fa was 7b548fa, checked in by Mei <mei@…>, 12 years ago

1) add time static constraint
2) add example balltime_rt2_typed
3) change the way that time is being kept

from 20120228T080000 to time(2012,2,28,8,0,0) and
the constraint check is via compare(op,time1,time2)

Property mode set to 100644

File size: 42.2 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	extern void panic(char*);
14
15	/* from abac_pl_gen.c */
16	extern char generate_pl_range_constraint(char ,char ,char ,char *);
17	extern char generate_pl_range_time_constraint(char ,char ,char );
18	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
19	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
20	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
21	extern char* generate_pl_role_constraint_clause(abac_role_t , char );
22	extern char generate_pl_type_clause(char , int);
23	/* from abac_pl_yap.c */
24	extern char abac_pl_add_range_constraint_clause(char var,
25	char *tmplist);
26	/* from rt2.y */
27	extern void abac_yyinit();
28
29	int abac_yy_error_code = 0; /* keeping last error code */
30
31	int abac_rule_is_oset=0;
32	abac_list_t *abac_rule_clauses=NULL;
33	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
34	abac_role_t *abac_rule_head_role=NULL;
35	abac_role_t *abac_rule_tail_role=NULL;
36	abac_oset_t *abac_rule_head_oset=NULL;
37	abac_oset_t *abac_rule_tail_oset=NULL;
38
39	/* to track id certs within a rule clause */
40	typedef struct _abac_yy_id_cert_t {
41	char *principalname;
42	int type; /* keyidtype */
43	char *clause;
44	} abac_yy_id_cert_t;
45	abac_list_t *abac_yy_id_certs = NULL;
46
47	/* structure to hold the range information
48	within a static constraints on few types of
49	oset types
50	[a..b], [a..], [..b], [a],[a,b],[many a]
51	e_yy_RANGE_MIN=1;
52	e_yy_RANGE_MAX=2;
53	e_yy_RANGE_TARGET=3;
54	*/
55	typedef struct _abac_yy_range_t {
56	int type;
57	char *val;
58	} abac_yy_range_t;
59
60	/* to track role/oset constraint clauses used within a rule clause,
61	collect them up in one place, these are for conjunction clauses */
62	typedef struct _abac_yy_constraint_t {
63	char *clause;
64	} abac_yy_constraint_t;
65	abac_list_t *abac_yy_constraints = NULL;
66
67	/* local principal structure [keyid:USC] */
68	struct _abac_yy_principal_t {
69	int type;
70	char *sha; // sha is null when this is of object type
71	char *cn;
72	};
73
74	/* [principal:?Z]:..., must match a principal name */
75	struct _abac_yy_term_principal_t {
76	int type; /* this needs to be implicitly determined */
77	char *name;
78	char *cond_str;
79	void *cond_ptr; // ptr to a saved abac_role_t
80	abac_yy_expression_t *cond_head_expr;
81	};
82
83	/* integer,float,time,urn,string types,
84	if has condition, then it is a variable,
85	ie,
86	[int:?Year]:<1930..1932>,
87	if no condition, then it is a constant,
88	ie,
89	[int:10]
90	*/
91	struct _abac_yy_term_data_t {
92	int is_variable;
93	int type;
94	char *name;
95	char *cond_str;
96	void *cond_ptr; // ptr to a saved abac_oset_t
97	abac_list_t *cond_range;
98	abac_yy_expression_t *cond_head_expr; // parking stub
99	};
100
101	/* local term structure, will distinguish it in the future */
102	/* e_yy_DTERM_DATA, all other types
103	e_yy_DTERM_NAMED, keyid:bob
104	e_yy_DTERM_PRINCIPAL, principal:?P
105	e_yy_DTERM_ANONYMOUS ? */
106	struct _abac_yy_term_t {
107	union {
108	abac_yy_principal_t *n_ptr;
109	abac_yy_term_principal_t *p_ptr;
110	abac_yy_term_data_t *d_ptr;
111	} term;
112	int type;
113	struct _abac_yy_term_t *next;
114	int bcnt; /* this is to track number of terms in this linked up list */
115	};
116
117	/* local role structure */
118	struct _abac_yy_role_t {
119	int type;
120	char *name;
121	abac_yy_term_t *terms;
122	struct _abac_yy_role_t *next;
123	int bcnt; /* this is to track number of roles in this linked up list */
124	};
125
126	/* local oset structure */
127	struct _abac_yy_oset_t {
128	int type;
129	char *name;
130	abac_yy_term_t *terms;
131	struct _abac_yy_oset_t *next;
132	int bcnt; /* this is to track number of oset in this linked up list */
133	};
134
135	/* A, A.r, A.r.r */
136	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
137	/* A/obj, A.o, A.r.o */
138	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
139	struct _abac_yy_expression_t {
140	int type;
141	union {
142	abac_yy_principal_t *principal;
143	abac_yy_term_data_t *object;
144	};
145	abac_yy_role_t *linked_role;
146	union {
147	abac_yy_role_t *role;
148	abac_yy_oset_t *oset;
149	};
150	struct _abac_yy_expression_t *next;
151	int bcnt;
152	};
153
154	static void _free_yy_expression(abac_yy_expression_t *);
155
156	/************************************************************************/
157	void abac_yy_set_error_code(int v)
158	{
159	abac_yy_error_code=v;
160	}
161
162	/************************************************************************/
163	abac_stack_t *abac_yy_get_rule_id_clauses()
164	{
165	return abac_rule_id_clauses;
166	}
167
168	abac_stack_t *abac_yy_init_rule_id_clauses()
169	{
170	abac_rule_id_clauses=abac_stack_new();
171	return abac_rule_id_clauses;
172	}
173
174	void abac_yy_free_rule_id_clauses()
175	{
176	if (abac_rule_id_clauses != NULL)
177	abac_stack_free(abac_rule_id_clauses);
178	}
179
180	void abac_yy_set_rule_clauses(abac_list_t *clauses)
181	{
182	abac_rule_clauses=clauses;
183	if(debug) {
184	printf("printing out abac_rule_clauses:\n");
185	abac_print_clauses(abac_rule_clauses,NULL);
186	}
187	}
188
189	abac_list_t *abac_yy_get_rule_clauses()
190	{
191	return abac_rule_clauses;
192	}
193
194	void abac_yy_free_rule_clauses()
195	{
196	if (abac_rule_clauses != NULL) {
197	char *cur;
198	abac_list_foreach(abac_yy_id_certs, cur,
199	if(cur) free(cur);
200	);
201	abac_list_free(abac_rule_clauses);
202	}
203	}
204
205	int abac_yy_get_rule_is_oset()
206	{
207	return abac_rule_is_oset;
208	}
209
210	abac_role_t *abac_yy_get_rule_head_role()
211	{
212	return abac_rule_head_role;
213	}
214
215	abac_role_t *abac_yy_get_rule_tail_role()
216	{
217	return abac_rule_tail_role;
218	}
219
220	abac_oset_t *abac_yy_get_rule_head_oset()
221	{
222	return abac_rule_head_oset;
223	}
224
225	abac_oset_t *abac_yy_get_rule_tail_oset()
226	{
227	return abac_rule_tail_oset;
228	}
229
230
231	/************************************************************************/
232	void abac_yy_init_yy_id_certs()
233	{
234	abac_yy_id_certs = abac_list_new();
235	}
236
237	void abac_yy_free_yy_id_certs()
238	{
239	abac_yy_id_cert_t *id;
240	abac_list_foreach(abac_yy_id_certs, id,
241	if(id)
242	free(id->principalname);
243	free(id->clause);
244	free(id);
245	);
246	abac_list_free(abac_yy_id_certs);
247	abac_yy_id_certs = NULL;
248	}
249
250	int abac_yy_cnt_yy_id_certs()
251	{
252	return abac_list_size(abac_yy_id_certs);
253	}
254
255	char *abac_yy_string_yy_id_certs()
256	{
257	int first=1;
258	char *tmp=NULL;
259	abac_yy_id_cert_t *cur;
260	abac_list_foreach(abac_yy_id_certs, cur,
261	if(cur)
262	if(first) {
263	tmp=abac_xstrdup(cur->clause);
264	first=0;
265	} else {
266	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
267	}
268	);
269	return tmp;
270	}
271
272	static void _add_yy_id_certs(char *principalname, int type)
273	{
274	abac_yy_id_cert_t *id_cert=NULL;
275
276	int found=0;
277	abac_yy_id_cert_t *cur;
278	abac_list_foreach(abac_yy_id_certs, cur,
279	if(cur)
280	if(strcmp(cur->principalname,principalname)==0) {
281	found=1;
282	break;
283	}
284	);
285
286	if (found) {
287	return;
288	} else {
289	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
290	id_cert->principalname=abac_xstrdup(principalname);
291	id_cert->type=type;
292	id_cert->clause=generate_pl_type_clause(principalname,type);
293	abac_list_add(abac_yy_id_certs, id_cert);
294	}
295	}
296
297	/***********************************************************************/
298	static void _free_yy_cond_range(abac_list_t *ptr)
299	{
300	if (ptr != NULL) {
301	abac_yy_range_t *cur;
302	abac_list_foreach(ptr, cur,
303	if(cur && cur->val) free(cur->val);
304	free(cur);
305	);
306	abac_list_free(ptr);
307	}
308	}
309
310	static char _string_yy_cond_range(abac_list_t ptr)
311	{
312	assert(ptr);
313	char *tmp=NULL;
314	char *min=NULL;
315	char *max=NULL;
316	char *val=NULL;
317	int type;
318
319	abac_yy_range_t *cur;
320	abac_list_foreach(ptr, cur,
321	type=cur->type;
322	switch (type) {
323	case e_yy_RANGE_MIN:
324	min=strdup(cur->val);
325	break;
326	case e_yy_RANGE_MAX:
327	max=strdup(cur->val);
328	break;
329	case e_yy_RANGE_TARGET:
330	if(val)
331	asprintf(&val,"%s,%s",val,cur->val);
332	else val=strdup(cur->val);
333	break;
334	}
335	);
336	if(max && min) {
337	asprintf(&tmp,"[%s..%s]",min,max);
338	free(max);
339	free(min);
340	return tmp;
341	}
342	if(max) {
343	asprintf(&tmp,"[..%s]",max);
344	free(max);
345	return tmp;
346	}
347	if(min) {
348	asprintf(&tmp,"[%s..]",min);
349	free(min);
350	return tmp;
351	}
352	if(val) {
353	asprintf(&tmp,"[%s]",val);
354	free(val);
355	return tmp;
356	}
357	return NULL;
358	}
359
360	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
361	{
362	abac_yy_range_t *range=
363	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
364	range->type=e_yy_RANGE_TARGET;
365	range->val=strdup(val);
366	abac_list_add(ptr, range);
367	return ptr;
368	}
369
370	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
371	{
372	abac_yy_range_t *range=
373	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
374	range->type=type;
375	range->val=strdup(val);
376	abac_list_add(ptr, range);
377	return ptr;
378	}
379
380	abac_list_t make_yy_val_range(char val)
381	{
382	abac_list_t *ptr=abac_list_new();
383	add_yy_val_range(ptr,val);
384	return ptr;
385	}
386
387	abac_list_t make_yy_minmax_range(char min, char *max)
388	{
389	abac_list_t *ptr=abac_list_new();
390	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
391	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
392	return ptr;
393	}
394
395	abac_list_t make_yy_min_range(char min)
396	{
397	abac_list_t *ptr=abac_list_new();
398	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
399	return ptr;
400	}
401
402	abac_list_t make_yy_max_range(char max)
403	{
404	abac_list_t *ptr=abac_list_new();
405	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
406	return ptr;
407	}
408
409	/***********************************************************************/
410	abac_yy_term_data_t make_yy_term_data(char name)
411	{
412	abac_yy_term_data_t *ptr=
413	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
414	ptr->name=abac_xstrdup(name);
415	ptr->type=0;
416	ptr->is_variable=0;
417	ptr->cond_str=NULL;
418	ptr->cond_head_expr=NULL;
419	ptr->cond_ptr=NULL;
420	ptr->cond_range=NULL;
421	return ptr;
422	}
423
424	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
425	{
426	return ptr->cond_range;
427	}
428
429	char get_yy_term_data_name(abac_yy_term_data_t ptr)
430	{
431	return ptr->name;
432	}
433
434	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
435	{
436	if(ptr->cond_head_expr != NULL)
437	return 1;
438	if(ptr->cond_range != NULL)
439	return 1;
440	return 0;
441	}
442
443	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
444	abac_list_t *range)
445	{
446	ptr->cond_range=range;
447	}
448
449	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
450	abac_yy_expression_t *expr)
451	{
452	ptr->cond_head_expr=expr;
453	}
454
455	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
456	{
457	return ptr->cond_head_expr;
458	}
459
460	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
461	{
462	int type=abac_term_verify_term_type(typestr);
463	ptr->type=type;
464	}
465
466	int is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
467	{
468	if(ptr->type==abac_term_verify_term_type("integer") \|\|
469	ptr->type==abac_term_verify_term_type("float"))
470	return 1;
471	return 0;
472	}
473
474	int is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
475	{
476	if(ptr->type==abac_term_verify_term_type("time"))
477	return 1;
478	return 0;
479	}
480
481	int is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
482	{
483	if(ptr->type==abac_term_verify_term_type("string") \|\|
484	ptr->type==abac_term_verify_term_type("urn"))
485	return 1;
486	return 0;
487	}
488
489	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
490	{
491	ptr->cond_ptr=vptr;
492	}
493
494	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
495	{
496	ptr->cond_str=strdup(cond);
497	}
498
499	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
500	{
501	ptr->is_variable=1;
502	}
503
504	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
505	{
506	return ptr->is_variable;
507	}
508
509	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
510	{
511	free(ptr->name);
512	if(ptr->cond_str)
513	free(ptr->cond_str);
514	if(ptr->cond_head_expr)
515	_free_yy_expression(ptr->cond_head_expr);
516	if(ptr->cond_range);
517	_free_yy_cond_range(ptr->cond_range);
518	free(ptr);
519	}
520
521	abac_yy_term_principal_t make_yy_term_principal(char name)
522	{
523	abac_yy_term_principal_t *ptr=
524	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
525	ptr->type=0;/* this is not known */
526	ptr->name=abac_xstrdup(name);
527	ptr->cond_str=NULL;
528	ptr->cond_head_expr=NULL;
529	return ptr;
530	}
531
532	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
533	{
534	ptr->cond_ptr=vptr;
535	}
536
537	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
538	{
539	ptr->cond_str=abac_xstrdup(cond);
540	}
541
542	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
543	{
544	return ptr->cond_head_expr;
545	}
546
547	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
548	abac_yy_expression_t *expr)
549	{
550	ptr->cond_head_expr=expr;
551	}
552
553	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
554	{
555	free(ptr->name);
556	if(ptr->cond_str)
557	free(ptr->cond_str);
558	if(ptr->cond_head_expr)
559	_free_yy_expression(ptr->cond_head_expr);
560	free(ptr);
561	}
562
563	abac_yy_term_t *make_yy_term_dterm_anonymous()
564	{
565	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
566	ptr->type = e_yy_DTERM_ANONYMOUS;
567	ptr->next=NULL;
568	ptr->bcnt=1;
569	return ptr;
570	}
571
572	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
573	{
574	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
575	ptr->type = e_yy_DTERM_PRINCIPAL;
576	ptr->term.p_ptr=pptr;
577	ptr->next=NULL;
578	ptr->bcnt=1;
579	return ptr;
580	}
581
582	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
583	{
584	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
585	ptr->type = e_yy_DTERM_NAMED;
586	ptr->term.n_ptr=nptr;
587	ptr->next=NULL;
588	ptr->bcnt=1;
589	return ptr;
590	}
591
592	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
593	{
594	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
595	ptr->type = e_yy_DTERM_DATA;
596	ptr->term.d_ptr=dptr;
597	ptr->next=NULL;
598	ptr->bcnt=1;
599	return ptr;
600	}
601
602	/************************************************************************/
603	void abac_yy_init_yy_constraints()
604	{
605	abac_yy_constraints = abac_list_new();
606	}
607
608	void abac_yy_free_yy_constraints()
609	{
610	abac_yy_constraint_t *cur;
611	abac_list_foreach(abac_yy_constraints, cur,
612	if(cur && cur->clause)
613	free(cur->clause);
614	free(cur);
615	);
616	abac_list_free(abac_yy_constraints);
617	abac_yy_constraints=NULL;
618	}
619
620	int abac_yy_cnt_yy_constraints()
621	{
622	return abac_list_size(abac_yy_constraints);
623	}
624
625	char *abac_yy_string_yy_constraints()
626	{
627	int first=1;
628	char *tmp=NULL;
629	abac_yy_constraint_t *cur;
630	abac_list_foreach(abac_yy_constraints, cur,
631	if(cur && cur->clause)
632	if(first) {
633	tmp=abac_xstrdup(cur->clause);
634	first=0;
635	} else {
636	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
637	}
638	);
639	return tmp;
640	}
641
642	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
643	{
644	abac_yy_constraint_t *ptr=
645	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
646	ptr->clause=strdup(constraint);
647	abac_list_add(abac_yy_constraints, ptr);
648	return ptr;
649	}
650
651	/****************************************************************************/
652	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
653	{
654	abac_yy_principal_t *ptr=
655	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
656	ptr->sha=abac_xstrdup(sha);
657	ptr->cn=abac_xstrdup(cn);
658	ptr->type=type;
659	return ptr;
660	}
661
662	static void _free_yy_principal(abac_yy_principal_t *ptr)
663	{
664	free(ptr->sha);
665	if(ptr->cn)
666	free(ptr->cn);
667	free(ptr);
668	}
669
670	int get_yy_principal_type(abac_yy_principal_t *ptr)
671	{
672	return ptr->type;
673	}
674
675	char get_yy_principal_principalname(abac_yy_principal_t ptr)
676	{
677	if(ptr->sha == NULL)
678	return ptr->cn;
679	return ptr->sha;
680	}
681
682	/*************************************************************************/
683
684	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
685	{
686	int i=terms->bcnt;
687	nterm->next=terms;
688	nterm->bcnt=i+1;
689	return nterm;
690	}
691
692	static void _free_yy_term(abac_yy_term_t *ptr)
693	{
694	switch (ptr->type) {
695	case e_yy_DTERM_DATA:
696	_free_yy_term_data(ptr->term.d_ptr);
697	break;
698	case e_yy_DTERM_NAMED:
699	_free_yy_principal(ptr->term.n_ptr);
700	break;
701	case e_yy_DTERM_PRINCIPAL:
702	_free_yy_term_principal(ptr->term.p_ptr);
703	break;
704	case e_yy_DTERM_ANONYMOUS:
705	break;
706	}
707	if(ptr->next)
708	_free_yy_term(ptr->next);
709	free(ptr);
710	}
711
712	/*************************************************************************/
713
714	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
715	{
716	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
717	ptr->name=abac_xstrdup(name);
718	ptr->terms=terms;
719	ptr->next=NULL;
720	ptr->bcnt=1;
721	return ptr;
722	}
723
724	static void _free_yy_role(abac_yy_role_t *ptr)
725	{
726	free(ptr->name);
727	if(ptr->terms)
728	_free_yy_term(ptr->terms);
729	if(ptr->next)
730	_free_yy_role(ptr->next);
731	free(ptr);
732	}
733
734	/***************************************************************************/
735	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
736	{
737	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
738	ptr->name=abac_xstrdup(name);
739	ptr->terms=terms;
740	ptr->next=NULL;
741	ptr->bcnt=1;
742	return ptr;
743	}
744
745	static void _free_yy_oset(abac_yy_oset_t *ptr)
746	{
747	free(ptr->name);
748	if(ptr->terms)
749	_free_yy_term(ptr->terms);
750	if(ptr->next)
751	_free_yy_oset(ptr->next);
752	free(ptr);
753	}
754	/***************************************************************************/
755
756	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
757
758	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
759	{
760	abac_yy_expression_t *ptr=
761	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
762	ptr->type = type;
763	if(type == e_yy_EXPR_OBJECT) {
764	ptr->object=(abac_yy_term_data_t *)pptr;
765	} else {
766	ptr->principal = (abac_yy_principal_t *)pptr;
767	}
768	if(type == e_yy_EXPR_OSET)
769	ptr->oset = (abac_yy_oset_t *) optr;
770	else
771	ptr->role = (abac_yy_role_t *) optr;
772	ptr->linked_role=linked_role;
773	ptr->next=NULL;
774
775	return ptr;
776	}
777
778	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
779	{
780	if(ptr->type == e_yy_EXPR_OBJECT)
781	return ptr->object;
782	return NULL;
783	}
784
785	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
786	abac_yy_expression_t *exprs)
787	{
788	int i=exprs->bcnt;
789	nexpr->next=exprs;
790	nexpr->bcnt=i+1;
791	return nexpr;
792	}
793
794	static void _free_yy_expression(abac_yy_expression_t *ptr)
795	{
796	if(ptr->type == e_yy_EXPR_OBJECT) {
797	if(ptr->object)
798	_free_yy_term_data(ptr->object);
799	} else {
800	if(ptr->principal)
801	_free_yy_principal(ptr->principal);
802	}
803	if(ptr->type == e_yy_EXPR_OSET) {
804	if(ptr->oset)
805	_free_yy_oset(ptr->oset);
806	} else {
807	if(ptr->role)
808	_free_yy_role(ptr->role);
809	}
810	if(ptr->linked_role)
811	_free_yy_role(ptr->linked_role);
812	if(ptr->next)
813	_free_yy_expression(ptr->next);
814
815	free(ptr);
816	}
817
818	/***************************************************************************/
819	static void _oset_add_terms(int linked, abac_oset_t *oset,
820	abac_yy_term_t *terms)
821	{
822	abac_yy_term_t *curr = terms;
823	int type;
824	char *name=NULL;
825	char *cond=NULL;
826	void *ptr=NULL;
827	while (curr) {
828	switch (curr->type) {
829	case e_yy_DTERM_DATA:
830	{
831	abac_yy_term_data_t *ptr=curr->term.d_ptr;
832	type=ptr->type;
833	name=abac_xstrdup(ptr->name);
834	cond=abac_xstrdup(ptr->cond_str);
835	ptr=ptr->cond_ptr;
836	break;
837	}
838	case e_yy_DTERM_PRINCIPAL:
839	{
840	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
841	type=abac_term_verify_term_type("principal");
842	name=abac_xstrdup(ptr->name);
843	cond=abac_xstrdup(ptr->cond_str);
844	ptr=ptr->cond_ptr;
845	break;
846	}
847	case e_yy_DTERM_NAMED:
848	{
849	abac_yy_principal_t *ptr=curr->term.n_ptr;
850	type=ptr->type;
851	/* XXX should be switching to sha in the future */
852	name=abac_xstrdup(ptr->cn);
853	cond=NULL;
854	ptr=NULL;
855	break;
856	}
857	case e_yy_DTERM_ANONYMOUS:
858	{
859	type=0;
860	name=abac_xstrdup("_");
861	cond=NULL;
862	ptr=NULL;
863	break;
864	}
865	}
866
867	abac_term_t *param=abac_term_new(type,name,cond,ptr);
868	if (linked)
869	abac_oset_oset_add_linked_param(oset, param);
870	else
871	abac_oset_oset_add_param(oset, param);
872	curr=curr->next;
873	}
874	}
875
876	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
877	{
878	int linked=1;
879	_oset_add_terms(linked, oset, terms);
880	}
881
882	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
883	{
884	int linked=0;
885	_oset_add_terms(linked, oset, terms);
886	}
887
888
889	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
890	{
891	abac_oset_t *ret_oset=NULL;
892	abac_list_t *prereqs = abac_list_new();
893	abac_list_add(prereqs, oset);
894	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
895	return ret_oset;
896	}
897
898	/* A.oset */
899	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
900	{
901	abac_yy_principal_t *principal=expr->principal;
902	abac_yy_oset_t *oset=expr->oset;
903
904	char *principalname=get_yy_principal_principalname(principal);
905	char *osetname=oset->name;
906	abac_yy_term_t *terms=oset->terms;
907
908	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
909	if (ret_oset==NULL) {
910	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
911	goto error;
912	}
913	if (!abac_oset_is_oset(ret_oset)) {
914	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
915	goto error;
916	}
917	// insert the params for the oset
918	if(terms) {
919	_oset_add_oset_terms(ret_oset, terms);
920	}
921	_add_yy_id_certs(principal->cn,principal->type);
922
923	return ret_oset;
924
925	error:
926	return NULL;
927	}
928
929	/* B */
930	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
931	{
932	abac_yy_principal_t *principal=expr->principal;
933	char *principalname=principal->sha;
934	abac_oset_t *ret_oset=NULL;
935
936	ret_oset = abac_oset_principal_new(principalname);
937
938	_add_yy_id_certs(principal->cn,principal->type);
939
940	if (ret_oset==NULL)
941	goto error;
942	return ret_oset;
943
944	error:
945	panic("can not generate a simple named tail oset");
946	return NULL;
947	}
948
949
950	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
951	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
952	{
953	abac_yy_term_data_t *object=get_yy_expression_object(expr);
954	assert(object != NULL);
955
956	char *name=object->name;
957	int type=object->type;
958	char *cond=object->cond_str;
959	void *ptr=object->cond_ptr;
960	abac_term_t *term=abac_term_new(type,name,cond,ptr);
961	abac_oset_t *ret_oset=abac_oset_object_new(term);
962
963	if(get_yy_term_data_is_variable(object))
964	_add_yy_id_certs(name,type);
965
966	if (ret_oset==NULL)
967	goto error;
968	return ret_oset;
969
970	error:
971	panic("can not generate a simple object tail oset");
972	return NULL;
973	}
974
975
976	/* B.oset */
977	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
978	{
979	abac_yy_principal_t *principal=expr->principal;
980	abac_yy_oset_t *oset=expr->oset;
981
982	char *principalname=principal->sha;
983
984	char *osetname=oset->name;
985	abac_yy_term_t *terms=oset->terms;
986
987	int ret;
988	abac_oset_t *ret_oset=NULL;
989
990	ret_oset = abac_oset_oset_new(principalname, osetname);
991	if (ret_oset==NULL)
992	goto error;
993
994	if(terms) {
995	_oset_add_oset_terms(ret_oset, terms);
996	}
997
998	_add_yy_id_certs(principal->cn,principal->type);
999
1000	return ret_oset;
1001
1002	error:
1003	panic("can not generate a simple tail oset");
1004	return NULL;
1005	}
1006
1007	/* B.role.oset */
1008	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
1009	{
1010	abac_yy_principal_t *principal=expr->principal;
1011	abac_yy_oset_t *oset=expr->oset;
1012	abac_yy_role_t *linked_role=expr->linked_role;
1013
1014	char *principalname=principal->sha;
1015
1016	char *osetname=oset->name;
1017	abac_yy_term_t *terms=oset->terms;
1018
1019	char *linkedrolename=linked_role->name;
1020	abac_yy_term_t *linked_terms=linked_role->terms;
1021
1022	int ret;
1023	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
1024	linkedrolename, osetname);
1025	if (ret_oset==NULL)
1026	goto error;
1027
1028	if(linked_terms) {
1029	_oset_add_linked_terms(ret_oset, linked_terms);
1030	}
1031	if(terms) {
1032	_oset_add_oset_terms(ret_oset, terms);
1033	}
1034
1035	_add_yy_id_certs(principal->cn,principal->type);
1036
1037	return ret_oset;
1038
1039	error:
1040	panic("can not generate linked tail oset");
1041	return NULL;
1042	}
1043
1044
1045
1046	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
1047	abac_yy_expression_t *tailexpr)
1048	{
1049	abac_oset_t *head_oset=NULL;
1050	abac_oset_t *tail_oset=NULL;
1051
1052	/* build up left side's abac oset structure */
1053	head_oset=validate_head_oset(headexpr);
1054	if(head_oset == NULL)
1055	goto error;
1056
1057	/* build up the right side's abac oset structure */
1058	abac_yy_expression_t *curr_tail = tailexpr;
1059	int intersecting=(tailexpr->next != NULL)? 1:0;
1060	abac_oset_t *curr_oset = NULL;
1061	while (curr_tail) {
1062	switch(curr_tail->type) {
1063	case e_yy_EXPR_OBJECT:
1064	curr_oset=validate_object_tail_oset(curr_tail);
1065	break;
1066	case e_yy_EXPR_NAMED:
1067	curr_oset=validate_named_tail_oset(curr_tail);
1068	break;
1069	case e_yy_EXPR_OSET:
1070	curr_oset=validate_oset_tail_oset(curr_tail);
1071	break;
1072	case e_yy_EXPR_LINKED:
1073	curr_oset=validate_linked_tail_oset(curr_tail);
1074	break;
1075	}
1076	if(curr_oset==NULL)
1077	goto error;
1078
1079	/* check if first one */
1080	if(tail_oset==NULL) {
1081	if(intersecting)
1082	tail_oset=validate_intersected_tail_oset(curr_oset);
1083	else
1084	tail_oset=curr_oset;
1085	} else {
1086	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
1087	}
1088	curr_tail=curr_tail->next;
1089	} /* while */
1090
1091	/* XXX collect up type clauses, constraint clauses and
1092	generate rule clauses */
1093	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
1094	if(tmp == NULL)
1095	goto error;
1096
1097	if(debug) {
1098	abac_print_oset_string_with_condition(head_oset,NULL);
1099	abac_print_oset_string_with_condition(tail_oset,NULL);
1100	}
1101
1102	_free_yy_expression(headexpr);
1103	_free_yy_expression(tailexpr);
1104	abac_rule_head_oset=head_oset;
1105	abac_rule_tail_oset=tail_oset;
1106	abac_rule_is_oset=1;
1107	return tmp;
1108
1109	error:
1110	_free_yy_expression(headexpr);
1111	_free_yy_expression(tailexpr);
1112	if(head_oset)
1113	abac_oset_free(head_oset);
1114	if(tail_oset)
1115	abac_oset_free(tail_oset);
1116	return NULL;
1117	}
1118
1119	/****************************************************************/
1120	static void _role_add_terms(int linked, abac_role_t *role,
1121	abac_yy_term_t *terms)
1122	{
1123	abac_yy_term_t *curr = terms;
1124	int type;
1125	char *name=NULL;
1126	char *cond=NULL;
1127	void *ptr=NULL;
1128	while (curr) {
1129	switch (curr->type) {
1130	case e_yy_DTERM_DATA:
1131	{
1132	abac_yy_term_data_t *pptr=curr->term.d_ptr;
1133	type=pptr->type;
1134	name=abac_xstrdup(pptr->name);
1135	cond=abac_xstrdup(pptr->cond_str);
1136	ptr=pptr->cond_ptr;
1137	break;
1138	}
1139	case e_yy_DTERM_PRINCIPAL:
1140	{
1141	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
1142	type=abac_term_verify_term_type("principal");
1143	name=abac_xstrdup(pptr->name);
1144	cond=abac_xstrdup(pptr->cond_str);
1145	ptr=pptr->cond_ptr;
1146	break;
1147	}
1148	case e_yy_DTERM_NAMED:
1149	{
1150	abac_yy_principal_t *pptr=curr->term.n_ptr;
1151	type=pptr->type;
1152	/* XXX should be switching to sha in the future */
1153	name=abac_xstrdup(pptr->cn);
1154	cond=NULL;
1155	ptr=NULL;
1156	break;
1157	}
1158	case e_yy_DTERM_ANONYMOUS:
1159	{
1160	type=0;
1161	name=abac_xstrdup("_");
1162	cond=NULL;
1163	ptr=NULL;
1164	break;
1165	}
1166	}
1167
1168	abac_term_t *param=abac_term_new(type,name,cond,ptr);
1169	if (linked)
1170	abac_role_role_add_linked_param(role, param);
1171	else
1172	abac_role_role_add_param(role, param);
1173	curr=curr->next;
1174	}
1175	}
1176
1177	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
1178	{
1179	int linked=1;
1180	_role_add_terms(linked, role, terms);
1181	}
1182
1183	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
1184	{
1185	int linked=0;
1186	_role_add_terms(linked, role, terms);
1187	}
1188
1189
1190	abac_role_t validate_intersected_tail_role(abac_role_t role)
1191	{
1192	abac_role_t *ret_role=NULL;
1193	abac_list_t *prereqs = abac_list_new();
1194	abac_list_add(prereqs, role);
1195	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
1196	return ret_role;
1197	}
1198
1199	abac_role_t validate_head_role(abac_yy_expression_t expr)
1200	{
1201	abac_yy_principal_t *principal=expr->principal;
1202	abac_yy_role_t *role=expr->role;
1203
1204	char *principalname=get_yy_principal_principalname(principal);
1205	char *rolename=role->name;
1206	abac_yy_term_t *terms=role->terms;
1207	abac_role_t *ret_role=NULL;
1208
1209	ret_role=abac_role_role_new(principalname, rolename);
1210	if (ret_role==NULL) {
1211	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
1212	goto error;
1213	}
1214	if (!abac_role_is_role(ret_role)) {
1215	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
1216	goto error;
1217	}
1218	// insert the params for the role
1219	if(terms) {
1220	_role_add_role_terms(ret_role, terms);
1221	}
1222
1223	_add_yy_id_certs(principal->cn,principal->type);
1224
1225	return ret_role;
1226
1227	error:
1228	return NULL;
1229	}
1230
1231	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
1232	{
1233	abac_yy_principal_t *principal=expr->principal;
1234	char *principalname=get_yy_principal_principalname(principal);
1235	abac_role_t *ret_role=NULL;
1236
1237	ret_role = abac_role_principal_new(principalname);
1238	_add_yy_id_certs(principal->cn,principal->type);
1239
1240	if (ret_role==NULL)
1241	goto error;
1242	return ret_role;
1243
1244	error:
1245	panic("can not generate a simple named tail role");
1246	return NULL;
1247	}
1248
1249	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
1250	{
1251	abac_yy_principal_t *principal=expr->principal;
1252	abac_yy_role_t *role=expr->role;
1253
1254	char *principalname=get_yy_principal_principalname(principal);
1255
1256	char *rolename=role->name;
1257	abac_yy_term_t *terms=role->terms;
1258
1259	int ret;
1260	abac_role_t *ret_role=NULL;
1261
1262	ret_role = abac_role_role_new(principalname, rolename);
1263	if (ret_role==NULL)
1264	goto error;
1265
1266	if(terms) {
1267	_role_add_role_terms(ret_role, terms);
1268	}
1269
1270	_add_yy_id_certs(principal->cn,principal->type);
1271
1272	return ret_role;
1273
1274	error:
1275	panic("can not generate a simple tail role");
1276	return NULL;
1277	}
1278	/* need to validate/generate a linked role out of this */
1279	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
1280	{
1281	abac_yy_principal_t *principal=expr->principal;
1282	abac_yy_role_t *role=expr->role;
1283	abac_yy_role_t *linked_role=expr->linked_role;
1284
1285	char *principalname=get_yy_principal_principalname(principal);
1286
1287	char *rolename=role->name;
1288	abac_yy_term_t *terms=role->terms;
1289
1290	char *linkedrolename=linked_role->name;
1291	abac_yy_term_t *linked_terms=linked_role->terms;
1292
1293	int ret;
1294	abac_role_t *ret_role=NULL;
1295
1296	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
1297	if (ret_role==NULL)
1298	goto error;
1299
1300	if(linked_terms) {
1301	_role_add_linked_terms(ret_role, linked_terms);
1302	}
1303	if(terms) {
1304	_role_add_role_terms(ret_role, terms);
1305	}
1306
1307	_add_yy_id_certs(principal->cn,principal->type);
1308
1309	return ret_role;
1310
1311	error:
1312	panic("can not generate linked tail role");
1313	return NULL;
1314	}
1315
1316	/***********************************************************************/
1317	/* add the condition to constraint list */
1318	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
1319	{
1320	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
1321	if(head_expr) {
1322	abac_oset_t *head_oset=validate_head_oset(head_expr);
1323	if(head_oset == NULL)
1324	goto error;
1325
1326	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
1327	set_yy_term_data_cond_str(ptr,tmp);
1328	set_yy_term_data_cond_ptr(ptr,head_oset);
1329	abac_yy_add_yy_constraints(tmp);
1330	return tmp;
1331	}
1332	return NULL;
1333	error:
1334	return NULL;
1335	}
1336
1337	/****************************************************************/
1338	/* add the range condition to constraint list */
1339	/* this is for integer and float only */
1340	void make_yy_range_numeric_constraint(abac_yy_term_data_t ptr, char var)
1341	{
1342	char *typestr=abac_term_type(ptr->type);
1343	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1344	char *tmplist=NULL;
1345	char *tmp=NULL;
1346	int as_range=1; /* either , or ; */
1347	if(rlist) {
1348	char *rstring=_string_yy_cond_range(rlist);
1349	set_yy_term_data_cond_str(ptr,rstring);
1350	abac_yy_range_t *cur;
1351
1352	/* a list of values -- in chars */
1353	abac_list_foreach(rlist, cur,
1354	int type=cur->type;
1355	char *val=cur->val;
1356	switch(type) {
1357	case e_yy_RANGE_MIN:
1358	tmp=generate_pl_range_constraint(typestr,var,val,">=");
1359	break;
1360	case e_yy_RANGE_MAX:
1361	tmp=generate_pl_range_constraint(typestr,var,val,"=<");
1362	break;
1363	case e_yy_RANGE_TARGET:
1364	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1365	as_range=0;
1366	break;
1367	}
1368	/* ; is prolog's disjunction built in predicate */
1369	if(tmplist) {
1370	if(as_range)
1371	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1372	else
1373	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1374	} else {
1375	tmplist=tmp;
1376	}
1377	tmp=NULL;
1378	);
1379	asprintf(&tmplist,"(%s)",tmplist);
1380	abac_yy_add_yy_constraints(tmplist);
1381	}
1382	}
1383
1384	/****************************************************************/
1385	/* this is for time only */
1386	void make_yy_range_time_constraint(abac_yy_term_data_t ptr, char var)
1387	{
1388	char *typestr=abac_term_type(ptr->type);
1389	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1390	char *tmplist=NULL;
1391	char *tmp=NULL;
1392	char *ttmp=NULL;
1393	char *tlist=NULL;
1394	int as_range=1; /* either , or ; */
1395	if(rlist) {
1396	char *rstring=_string_yy_cond_range(rlist);
1397	set_yy_term_data_cond_str(ptr,rstring);
1398	abac_yy_range_t *cur;
1399
1400	/* a list of values -- in chars */
1401	abac_list_foreach(rlist, cur,
1402	int type=cur->type;
1403	char *tval=cur->val;
1404	char *val=abac_term_to_time(tval);
1405	switch(type) {
1406	case e_yy_RANGE_MIN:
1407	ttmp=generate_pl_range_time_constraint(var,val,">");
1408	tmp=generate_pl_range_time_constraint(var,val,"=");
1409	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
1410	tmp=tlist;
1411	break;
1412	case e_yy_RANGE_MAX:
1413	ttmp=generate_pl_range_time_constraint(var,val,"=");
1414	tmp=generate_pl_range_time_constraint(var,val,"<");
1415	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
1416	tmp=tlist;
1417	break;
1418	case e_yy_RANGE_TARGET:
1419	tmp=generate_pl_range_time_constraint(var,val,"=");
1420	as_range=0;
1421	break;
1422	}
1423	free(val);
1424	/* ; is prolog's disjunction built in predicate */
1425	if(tmplist) {
1426	if(as_range)
1427	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1428	else
1429	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1430	} else {
1431	tmplist=tmp;
1432	}
1433	tmp=NULL;
1434	);
1435
1436	asprintf(&tmplist,"(%s)",tmplist);
1437	/* generate a clause with above and add into db */
1438	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
1439	abac_yy_add_yy_constraints(tmp);
1440	}
1441	}
1442
1443	/****************************************************************/
1444	/* this is for string and urn only */
1445	void make_yy_range_string_constraint(abac_yy_term_data_t ptr, char var)
1446	{
1447	char *typestr=abac_term_type(ptr->type);
1448	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1449	char *tmplist=NULL;
1450	char *tmp=NULL;
1451	if(rlist) {
1452	char *rstring=_string_yy_cond_range(rlist);
1453	set_yy_term_data_cond_str(ptr,rstring);
1454	abac_yy_range_t *cur;
1455
1456	/* a list of values -- in chars */
1457	abac_list_foreach(rlist, cur,
1458	int type=cur->type;
1459	char *val=cur->val;
1460	switch(type) {
1461	case e_yy_RANGE_MIN:
1462	panic("make_yy_range_string_constraint, invalid range type - min");
1463	break;
1464	case e_yy_RANGE_MAX:
1465	/* invalid range type */
1466	panic("make_yy_range_string_constraint, invalid range type - max");
1467	break;
1468	case e_yy_RANGE_TARGET:
1469	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1470	break;
1471	}
1472	/* ; is prolog's disjunction built in predicate */
1473	if(tmplist)
1474	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1475	else tmplist=tmp;
1476	tmp=NULL;
1477	);
1478	asprintf(&tmplist,"(%s)",tmplist);
1479	/* generate a clause with above and add into db */
1480	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
1481	abac_yy_add_yy_constraints(tmp);
1482	}
1483	}
1484
1485	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
1486	{
1487	if(is_yy_term_data_type_numeric(ptr)) {
1488	make_yy_range_numeric_constraint(ptr, var);
1489	} else if (is_yy_term_data_type_alpha(ptr)) {
1490	make_yy_range_string_constraint(ptr, var);
1491	} else if (is_yy_term_data_type_time(ptr)) {
1492	make_yy_range_time_constraint(ptr, var);
1493	}
1494	}
1495
1496	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
1497	{
1498	char *tmp=NULL;
1499	abac_role_t *head_role=NULL;
1500
1501	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
1502	/* build up left side's abac role constraint structure */
1503	head_role=validate_head_role(head_expr);
1504	if(head_role == NULL)
1505	goto error;
1506
1507	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
1508	set_yy_term_principal_cond_str(ptr,tmp);
1509	set_yy_term_principal_cond_ptr(ptr,head_role);
1510	abac_yy_add_yy_constraints(tmp);
1511	return tmp;
1512
1513	error:
1514	return NULL;
1515	}
1516
1517	/* build up the abac structure and also create the yap clause
1518	and insert it into db */
1519	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1520	abac_yy_expression_t *tailexpr)
1521	{
1522	abac_role_t *head_role=NULL;
1523	abac_role_t *tail_role=NULL;
1524
1525	/* build up left side's abac role structure */
1526	head_role=validate_head_role(headexpr);
1527	if(head_role == NULL)
1528	goto error;
1529
1530	/* build up the right side's abac role structure */
1531	abac_yy_expression_t *curr_tail = tailexpr;
1532	int intersecting=(tailexpr->next != NULL)? 1:0;
1533	abac_role_t *curr_role = NULL;
1534	while (curr_tail) {
1535	switch(curr_tail->type) {
1536	case e_yy_EXPR_NAMED:
1537	curr_role=validate_named_tail_role(curr_tail);
1538	break;
1539	case e_yy_EXPR_ROLE:
1540	curr_role=validate_role_tail_role(curr_tail);
1541	break;
1542	case e_yy_EXPR_LINKED:
1543	curr_role=validate_linked_tail_role(curr_tail);
1544	break;
1545	}
1546	if(curr_role==NULL)
1547	goto error;
1548
1549	/* check if first one */
1550	if(tail_role==NULL) {
1551	if(intersecting)
1552	tail_role=validate_intersected_tail_role(curr_role);
1553	else
1554	tail_role=curr_role;
1555	} else {
1556	abac_role_add_intersecting_role(tail_role,curr_role);
1557	}
1558	curr_tail=curr_tail->next;
1559	} /* while */
1560
1561	/* collect up type clauses, constraint clases and
1562	generate the final rule clauses */
1563	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
1564	if(tmp == NULL)
1565	goto error;
1566
1567	if(debug) {
1568	abac_print_role_string_with_condition(head_role,NULL);
1569	abac_print_role_string_with_condition(tail_role,NULL);
1570	}
1571
1572	_free_yy_expression(headexpr);
1573	_free_yy_expression(tailexpr);
1574	abac_rule_head_role=head_role;
1575	abac_rule_tail_role=tail_role;
1576	abac_rule_is_oset=0;
1577	return tmp;
1578
1579	error:
1580	_free_yy_expression(headexpr);
1581	_free_yy_expression(tailexpr);
1582	if(head_role)
1583	abac_role_free(head_role);
1584	if(tail_role)
1585	abac_role_free(tail_role);
1586	return NULL;
1587	}
1588
1589
1590	/************************************************************************/
1591	void abac_yy_init()
1592	{
1593	abac_yyinit();
1594	abac_yy_init_rule_id_clauses();
1595	abac_yy_init_yy_id_certs();
1596	abac_yy_init_yy_constraints();
1597	}
1598
1599

Note: See TracBrowser for help on using the repository browser.

Download in other formats: