Context Navigation

source: libabac/abac_pl_yy.c @ 8bd77b5

mei_rt2mei_rt2_fix_1

Last change on this file since 8bd77b5 was 8bd77b5, checked in by Mei <mei@…>, 12 years ago

1) convert parser and libabac to use id cred and attr cred like

creddy (move those 2 files to libabac).

2) fix up abac.hh to work with expanded libabac. can now build

structure from python script

3) redid the credential dump using the internal credential table

instead of depending on a search in db.

Property mode set to 100644

File size: 39.2 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	int using_this=0;
14
15	extern void panic(char*);
16
17	/* from abac_pl_gen.c */
18	extern char generate_pl_range_constraint(char ,char ,char ,char *);
19	extern char generate_pl_range_time_constraint(char ,char ,char );
20	extern abac_list_t generate_pl_clauses(abac_aspect_t , abac_aspect_t *);
21	extern char* generate_pl_constraint_clause(abac_aspect_t , char );
22	extern char generate_pl_type_clause(char , int);
23	/* from abac_pl_yap.c */
24	extern char abac_pl_add_range_constraint_clause(char var, char *tmplist);
25	/* from rt2.y */
26	extern void abac_yyinit();
27
28	int abac_yy_error_code = 0; /* keeping last error code */
29
30	int abac_rule_is_oset=0;
31	abac_list_t *abac_rule_clauses=NULL;
32	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
33	abac_aspect_t *abac_rule_head_aspect=NULL;
34	abac_aspect_t *abac_rule_tail_aspect=NULL;
35
36	/* to track id certs within a rule clause */
37	typedef struct _abac_yy_id_cert_t {
38	char *principalname;
39	int type; /* keyidtype */
40	char *clause;
41	} abac_yy_id_cert_t;
42	abac_list_t *abac_yy_id_certs = NULL;
43
44	/* structure to hold the range information
45	within a static constraints on few types of
46	oset types
47	[a..b], [a..], [..b], [a],[a,b],[many a]
48	e_yy_RANGE_MIN=1;
49	e_yy_RANGE_MAX=2;
50	e_yy_RANGE_TARGET=3;
51	*/
52	typedef struct _abac_yy_range_t {
53	int type;
54	char *val;
55	} abac_yy_range_t;
56
57	/* to track role/oset constraint clauses used within a rule clause,
58	collect them up in one place, these are for conjunction clauses */
59	typedef struct _abac_yy_constraint_t {
60	char *clause;
61	} abac_yy_constraint_t;
62	abac_list_t *abac_yy_constraints = NULL;
63
64	/* local principal structure [keyid:USC] */
65	struct _abac_yy_principal_t {
66	int type;
67	char *sha; // sha is null when this is of object type
68	char *cn;
69	};
70
71	/* [principal:?Z]:..., must match a principal name */
72	struct _abac_yy_term_principal_t {
73	int type; /* this needs to be implicitly determined */
74	int is_anonymous;
75	char *name;
76	char *cond_str;
77	void *cond_ptr; // ptr to a saved abac_aspect_t
78	abac_yy_expression_t *cond_head_expr;
79	};
80
81	/* integer,float,time,urn,string types,
82	if has condition, then it is a variable,
83	ie,
84	[int:?Year]:<1930..1932>,
85	if no condition, then it is a constant,
86	ie,
87	[int:10]
88	*/
89	struct _abac_yy_term_data_t {
90	int is_variable;
91	int is_anonymous;
92	int type;
93	char *name;
94	char *cond_str;
95	void *cond_ptr; // ptr to a saved abac_aspect_t
96	abac_list_t *cond_range;
97	abac_yy_expression_t *cond_head_expr; // parking stub
98	};
99
100	/* local term structure, will distinguish it in the future */
101	/* e_yy_DTERM_DATA, all other types
102	e_yy_DTERM_NAMED, keyid:bob
103	e_yy_DTERM_PRINCIPAL, principal:?P
104	e_yy_DTERM_ANONYMOUS ? */
105	struct _abac_yy_term_t {
106	union {
107	abac_yy_principal_t *n_ptr;
108	abac_yy_term_principal_t *p_ptr;
109	abac_yy_term_data_t *d_ptr;
110	} term;
111	int type;
112	struct _abac_yy_term_t *next;
113	int bcnt; /* this is to track number of terms in this linked up list */
114	};
115
116	/* local role/oset structure,
117	e_yy_NULL_TYPE, e_yy_ROLE_TYPE, e_yy_OSET_TYPE
118	*/
119	struct _abac_yy_roleoset_t {
120	int type;
121	char *name;
122	abac_yy_term_t *terms;
123	struct _abac_yy_roleoset_t *next;
124	int bcnt; /* this is to track number of roles in this linked up list */
125	};
126
127
128	/* A, A.r, A.r.r */
129	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
130	/* A/obj, A.o, A.r.o */
131	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
132	struct _abac_yy_expression_t {
133	int type;
134	union {
135	abac_yy_principal_t *principal;
136	abac_yy_term_data_t *object;
137	};
138	abac_yy_roleoset_t *linked_role;
139	abac_yy_roleoset_t *roleoset;
140
141	struct _abac_yy_expression_t *next;
142	int bcnt;
143	};
144
145	static void _free_yy_expression(abac_yy_expression_t *);
146
147	/************************************************************************/
148	void abac_yy_set_error_code(int v)
149	{
150	abac_yy_error_code=v;
151	}
152
153	/************************************************************************/
154	abac_stack_t *abac_yy_get_rule_id_clauses()
155	{
156	return abac_rule_id_clauses;
157	}
158
159	abac_stack_t *abac_yy_init_rule_id_clauses()
160	{
161	abac_rule_id_clauses=abac_stack_new();
162	return abac_rule_id_clauses;
163	}
164
165	void abac_yy_free_rule_id_clauses()
166	{
167	if (abac_rule_id_clauses != NULL)
168	abac_stack_free(abac_rule_id_clauses);
169	}
170
171	void abac_yy_set_rule_clauses(abac_list_t *clauses)
172	{
173	abac_rule_clauses=clauses;
174	if(debug) {
175	printf("printing out abac_rule_clauses:\n");
176	abac_print_clauses(abac_rule_clauses,NULL);
177	}
178	}
179
180	abac_list_t *abac_yy_get_rule_clauses()
181	{
182	return abac_rule_clauses;
183	}
184
185	void abac_yy_free_rule_clauses()
186	{
187	if (abac_rule_clauses != NULL) {
188	char *cur;
189	if(abac_yy_id_certs) {
190	abac_list_foreach(abac_yy_id_certs, cur,
191	if(cur) free(cur);
192	);
193	}
194	abac_list_free(abac_rule_clauses);
195	}
196	}
197
198	bool abac_yy_get_rule_is_oset()
199	{
200	return abac_rule_is_oset;
201	}
202
203	abac_aspect_t *abac_yy_get_rule_head_aspect()
204	{
205	return abac_rule_head_aspect;
206	}
207
208	abac_aspect_t *abac_yy_get_rule_tail_aspect()
209	{
210	return abac_rule_tail_aspect;
211	}
212
213
214	/************************************************************************/
215	void abac_yy_init_yy_id_certs()
216	{
217	abac_yy_id_certs = abac_list_new();
218	}
219
220	void abac_yy_free_yy_id_certs()
221	{
222	abac_yy_id_cert_t *id;
223	abac_list_foreach(abac_yy_id_certs, id,
224	if(id)
225	free(id->principalname);
226	free(id->clause);
227	free(id);
228	);
229	abac_list_free(abac_yy_id_certs);
230	abac_yy_id_certs = NULL;
231	}
232
233	int abac_yy_cnt_yy_id_certs()
234	{
235	return abac_list_size(abac_yy_id_certs);
236	}
237
238	char *abac_yy_string_yy_id_certs()
239	{
240	int first=1;
241	char *tmp=NULL;
242	abac_yy_id_cert_t *cur;
243	abac_list_foreach(abac_yy_id_certs, cur,
244	if(cur)
245	if(first) {
246	tmp=abac_xstrdup(cur->clause);
247	first=0;
248	} else {
249	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
250	}
251	);
252	return tmp;
253	}
254
255	static void _add_yy_id_certs(char *principalname, int type)
256	{
257	abac_yy_id_cert_t *id_cert=NULL;
258
259	int found=0;
260	abac_yy_id_cert_t *cur;
261	abac_list_foreach(abac_yy_id_certs, cur,
262	if(cur)
263	if(strcmp(cur->principalname,principalname)==0) {
264	found=1;
265	break;
266	}
267	);
268
269	if (found) {
270	return;
271	} else {
272	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
273	id_cert->principalname=abac_xstrdup(principalname);
274	id_cert->type=type;
275	id_cert->clause=generate_pl_type_clause(principalname,type);
276	abac_list_add(abac_yy_id_certs, id_cert);
277	if(debug) printf(" -> adding yy id certs %s\n", principalname);
278	}
279	}
280
281	/***********************************************************************/
282	static void _free_yy_cond_range(abac_list_t *ptr)
283	{
284	if (ptr != NULL) {
285	abac_yy_range_t *cur;
286	abac_list_foreach(ptr, cur,
287	if(cur && cur->val) free(cur->val);
288	free(cur);
289	);
290	abac_list_free(ptr);
291	}
292	}
293
294	static char _string_yy_cond_range(abac_list_t ptr)
295	{
296	assert(ptr);
297	char *tmp=NULL;
298	char *min=NULL;
299	char *max=NULL;
300	char *val=NULL;
301	int type;
302
303	abac_yy_range_t *cur;
304	abac_list_foreach(ptr, cur,
305	type=cur->type;
306	switch (type) {
307	case e_yy_RANGE_MIN:
308	min=abac_xstrdup(cur->val);
309	break;
310	case e_yy_RANGE_MAX:
311	max=abac_xstrdup(cur->val);
312	break;
313	case e_yy_RANGE_TARGET:
314	if(val)
315	asprintf(&val,"%s,%s",val,cur->val);
316	else val=abac_xstrdup(cur->val);
317	break;
318	}
319	);
320	if(max && min) {
321	asprintf(&tmp,"[%s..%s]",min,max);
322	free(max);
323	free(min);
324	return tmp;
325	}
326	if(max) {
327	asprintf(&tmp,"[..%s]",max);
328	free(max);
329	return tmp;
330	}
331	if(min) {
332	asprintf(&tmp,"[%s..]",min);
333	free(min);
334	return tmp;
335	}
336	if(val) {
337	asprintf(&tmp,"[%s]",val);
338	free(val);
339	return tmp;
340	}
341	return NULL;
342	}
343
344	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
345	{
346	abac_yy_range_t *range=
347	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
348	range->type=e_yy_RANGE_TARGET;
349	range->val=abac_xstrdup(val);
350	abac_list_add(ptr, range);
351	return ptr;
352	}
353
354	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
355	{
356	abac_yy_range_t *range=
357	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
358	range->type=type;
359	range->val=abac_xstrdup(val);
360	abac_list_add(ptr, range);
361	return ptr;
362	}
363
364	abac_list_t make_yy_val_range(char val)
365	{
366	abac_list_t *ptr=abac_list_new();
367	add_yy_val_range(ptr,val);
368	return ptr;
369	}
370
371	abac_list_t make_yy_minmax_range(char min, char *max)
372	{
373	abac_list_t *ptr=abac_list_new();
374	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
375	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
376	return ptr;
377	}
378
379	abac_list_t make_yy_min_range(char min)
380	{
381	abac_list_t *ptr=abac_list_new();
382	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
383	return ptr;
384	}
385
386	abac_list_t make_yy_max_range(char max)
387	{
388	abac_list_t *ptr=abac_list_new();
389	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
390	return ptr;
391	}
392
393	/***********************************************************************/
394	abac_yy_term_data_t *make_yy_term_data()
395	{
396	abac_yy_term_data_t *ptr=
397	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
398	ptr->name=NULL;
399	ptr->type=0;
400	ptr->is_variable=0;
401	ptr->is_anonymous=0;
402	ptr->cond_str=NULL;
403	ptr->cond_head_expr=NULL;
404	ptr->cond_ptr=NULL;
405	ptr->cond_range=NULL;
406	return ptr;
407	}
408
409	void set_yy_term_data_name(abac_yy_term_data_t ptr, char name)
410	{
411	ptr->name=abac_xstrdup(name);
412	}
413
414	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
415	{
416	return ptr->cond_range;
417	}
418
419	char get_yy_term_data_name(abac_yy_term_data_t ptr)
420	{
421	return ptr->name;
422	}
423
424	bool is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
425	{
426	if(ptr->cond_head_expr != NULL)
427	return 1;
428	if(ptr->cond_range != NULL)
429	return 1;
430	return 0;
431	}
432
433	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
434	abac_list_t *range)
435	{
436	ptr->cond_range=range;
437	}
438
439	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
440	abac_yy_expression_t *expr)
441	{
442	ptr->cond_head_expr=expr;
443	}
444
445	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
446	{
447	return ptr->cond_head_expr;
448	}
449
450	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
451	{
452	int type=abac_term_verify_term_type(typestr);
453	ptr->type=type;
454	}
455
456	void set_yy_term_data_is_anonymous(abac_yy_term_data_t *ptr)
457	{
458	ptr->is_anonymous=1;
459	}
460
461	bool is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
462	{
463	if(ptr->type==abac_term_verify_term_type("integer") \|\|
464	ptr->type==abac_term_verify_term_type("float"))
465	return 1;
466	return 0;
467	}
468
469	bool is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
470	{
471	if(ptr->type==abac_term_verify_term_type("time"))
472	return 1;
473	return 0;
474	}
475
476	bool is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
477	{
478	if(ptr->type==abac_term_verify_term_type("string") \|\|
479	ptr->type==abac_term_verify_term_type("urn") \|\|
480	ptr->type==abac_term_verify_term_type("boolean"))
481	return 1;
482	return 0;
483	}
484
485	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
486	{
487	ptr->cond_ptr=vptr;
488	}
489
490	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
491	{
492	ptr->cond_str=abac_xstrdup(cond);
493	}
494
495	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
496	{
497	ptr->is_variable=1;
498	}
499
500	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
501	{
502	return ptr->is_variable;
503	}
504
505	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
506	{
507	free(ptr->name);
508	if(ptr->cond_str)
509	free(ptr->cond_str);
510	if(ptr->cond_head_expr)
511	_free_yy_expression(ptr->cond_head_expr);
512	if(ptr->cond_range);
513	_free_yy_cond_range(ptr->cond_range);
514	free(ptr);
515	}
516
517	abac_yy_term_principal_t *make_yy_term_principal()
518	{
519	abac_yy_term_principal_t *ptr=
520	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
521	ptr->type=0;/* this is not known */
522	ptr->is_anonymous=0;
523	ptr->name=NULL;
524	ptr->cond_str=NULL;
525	ptr->cond_head_expr=NULL;
526	return ptr;
527	}
528
529	static void _set_using_this()
530	{
531	using_this=1;
532	}
533
534	void set_yy_term_principal_name(abac_yy_term_principal_t ptr, char name)
535	{
536	/* handle special case when the name=this, change it to This */
537	if(strcmp(name,"this")==0) {
538	ptr->name=abac_xstrdup("This");
539	_set_using_this();
540	} else ptr->name=abac_xstrdup(name);
541	}
542
543	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
544	{
545	ptr->cond_ptr=vptr;
546	}
547
548	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
549	{
550	ptr->cond_str=abac_xstrdup(cond);
551	}
552
553	void set_yy_term_principal_is_anonymous(abac_yy_term_principal_t *ptr)
554	{
555	ptr->is_anonymous=1;
556	}
557
558	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
559	{
560	return ptr->cond_head_expr;
561	}
562
563	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
564	abac_yy_expression_t *expr)
565	{
566	ptr->cond_head_expr=expr;
567	}
568
569	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
570	{
571	free(ptr->name);
572	if(ptr->cond_str)
573	free(ptr->cond_str);
574	if(ptr->cond_head_expr)
575	_free_yy_expression(ptr->cond_head_expr);
576	free(ptr);
577	}
578
579	abac_yy_term_t *make_yy_term_dterm_anonymous()
580	{
581	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
582	ptr->type = e_yy_DTERM_ANONYMOUS;
583	ptr->next=NULL;
584	ptr->bcnt=1;
585	return ptr;
586	}
587
588	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
589	{
590	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
591	if(pptr->is_anonymous)
592	ptr->type = e_yy_DTERM_ANONYMOUS;
593	else ptr->type = e_yy_DTERM_PRINCIPAL;
594	ptr->term.p_ptr=pptr;
595	ptr->next=NULL;
596	ptr->bcnt=1;
597	return ptr;
598	}
599
600	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
601	{
602	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
603	ptr->type = e_yy_DTERM_NAMED;
604	ptr->term.n_ptr=nptr;
605	ptr->next=NULL;
606	ptr->bcnt=1;
607	return ptr;
608	}
609
610	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
611	{
612	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
613
614	if(dptr->is_anonymous)
615	ptr->type = e_yy_DTERM_ANONYMOUS;
616	else ptr->type = e_yy_DTERM_DATA;
617	ptr->term.d_ptr=dptr;
618	ptr->next=NULL;
619	ptr->bcnt=1;
620	return ptr;
621	}
622
623	/************************************************************************/
624	void abac_yy_init_yy_constraints()
625	{
626	abac_yy_constraints = abac_list_new();
627	}
628
629	void abac_yy_free_yy_constraints()
630	{
631	abac_yy_constraint_t *cur;
632	abac_list_foreach(abac_yy_constraints, cur,
633	if(cur && cur->clause)
634	free(cur->clause);
635	free(cur);
636	);
637	abac_list_free(abac_yy_constraints);
638	abac_yy_constraints=NULL;
639	}
640
641	int abac_yy_cnt_yy_constraints()
642	{
643	return abac_list_size(abac_yy_constraints);
644	}
645
646	char *abac_yy_string_yy_constraints()
647	{
648	int first=1;
649	char *tmp=NULL;
650	abac_yy_constraint_t *cur;
651	abac_list_foreach(abac_yy_constraints, cur,
652	if(cur && cur->clause)
653	if(first) {
654	tmp=abac_xstrdup(cur->clause);
655	first=0;
656	} else {
657	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
658	}
659	);
660	return tmp;
661	}
662
663	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
664	{
665	abac_yy_constraint_t *ptr=
666	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
667	ptr->clause=abac_xstrdup(constraint);
668	abac_list_add(abac_yy_constraints, ptr);
669	return ptr;
670	}
671
672	/****************************************************************************/
673	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
674	{
675	abac_yy_principal_t *ptr=
676	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
677	/* add p to yyparse's principal */
678	if(sha) ptr->sha=abac_xstrdup(sha);
679	else ptr->sha=NULL;
680	if(cn) ptr->cn=abac_xstrdup(cn);
681	else ptr->cn=NULL;
682	ptr->type=type;
683	return ptr;
684	}
685
686	static void _free_yy_principal(abac_yy_principal_t *ptr)
687	{
688	if(ptr->sha) free(ptr->sha);
689	if(ptr->cn) free(ptr->cn);
690	free(ptr);
691	}
692
693	int get_yy_principal_type(abac_yy_principal_t *ptr)
694	{
695	return ptr->type;
696	}
697
698	char get_yy_principal_name(abac_yy_principal_t ptr)
699	{
700	if(USE("ABAC_CN") && ptr->cn)
701	return ptr->cn;
702	return ptr->sha;
703	}
704
705	char get_yy_principal_cn(abac_yy_principal_t ptr)
706	{
707	return ptr->cn;
708	}
709
710	char get_yy_principal_sha(abac_yy_principal_t ptr)
711	{
712	return ptr->sha;
713	}
714
715	/*************************************************************************/
716
717	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
718	{
719	int i=terms->bcnt;
720	nterm->next=terms;
721	nterm->bcnt=i+1;
722	return nterm;
723	}
724
725	static void _free_yy_term(abac_yy_term_t *ptr)
726	{
727	switch (ptr->type) {
728	case e_yy_DTERM_DATA:
729	_free_yy_term_data(ptr->term.d_ptr);
730	break;
731	case e_yy_DTERM_NAMED:
732	_free_yy_principal(ptr->term.n_ptr);
733	break;
734	case e_yy_DTERM_PRINCIPAL:
735	_free_yy_term_principal(ptr->term.p_ptr);
736	break;
737	case e_yy_DTERM_ANONYMOUS:
738	break;
739	}
740	if(ptr->next)
741	_free_yy_term(ptr->next);
742	free(ptr);
743	}
744
745	/*************************************************************************/
746	abac_yy_roleoset_t make_yy_roleoset_role(char name, abac_yy_term_t *terms)
747	{
748	abac_yy_roleoset_t *ptr=
749	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
750	ptr->name=abac_xstrdup(name);
751	ptr->terms=terms;
752	ptr->next=NULL;
753	ptr->bcnt=1;
754	ptr->type=e_yy_ROLE_TYPE;
755	return ptr;
756	}
757
758	static void _free_yy_roleoset(abac_yy_roleoset_t *ptr)
759	{
760	free(ptr->name);
761	if(ptr->terms)
762	_free_yy_term(ptr->terms);
763	if(ptr->next)
764	_free_yy_roleoset(ptr->next);
765	free(ptr);
766	}
767
768	/***************************************************************************/
769	abac_yy_roleoset_t make_yy_roleoset_oset(char name, abac_yy_term_t *terms)
770	{
771	abac_yy_roleoset_t *ptr=
772	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
773	ptr->name=abac_xstrdup(name);
774	ptr->terms=terms;
775	ptr->next=NULL;
776	ptr->bcnt=1;
777	ptr->type=e_yy_OSET_TYPE;
778	return ptr;
779	}
780
781	/***************************************************************************/
782
783	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
784
785	abac_yy_expression_t make_yy_expression(int type,void pptr,
786	abac_yy_roleoset_t optr, abac_yy_roleoset_t linked_role)
787	{
788	abac_yy_expression_t *ptr=
789	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
790	ptr->type = type;
791	if(type == e_yy_EXPR_OBJECT) {
792	ptr->object=(abac_yy_term_data_t *)pptr;
793	} else {
794	ptr->principal = (abac_yy_principal_t *)pptr;
795	}
796	ptr->roleoset = optr;
797	ptr->linked_role=linked_role;
798	ptr->next=NULL;
799
800	return ptr;
801	}
802
803	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
804	{
805	if(ptr->type == e_yy_EXPR_OBJECT)
806	return ptr->object;
807	return NULL;
808	}
809
810	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
811	abac_yy_expression_t *exprs)
812	{
813	int i=exprs->bcnt;
814	nexpr->next=exprs;
815	nexpr->bcnt=i+1;
816	return nexpr;
817	}
818
819	static void _free_yy_expression(abac_yy_expression_t *ptr)
820	{
821	if(ptr->type == e_yy_EXPR_OBJECT) {
822	if(ptr->object)
823	_free_yy_term_data(ptr->object);
824	} else {
825	if(ptr->principal)
826	_free_yy_principal(ptr->principal);
827	}
828	if(ptr->roleoset) _free_yy_roleoset(ptr->roleoset);
829	if(ptr->linked_role)
830	_free_yy_roleoset(ptr->linked_role);
831	if(ptr->next)
832	_free_yy_expression(ptr->next);
833
834	free(ptr);
835	}
836
837	/***************************************************************************/
838	/* add the oset condition to constraint list */
839	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
840	{
841	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
842	if(head_expr) {
843	abac_aspect_t *head_aspect=validate_head(e_yy_OSET_TYPE,head_expr);
844	if(head_aspect == NULL)
845	goto error;
846
847	char *tmp=generate_pl_constraint_clause(head_aspect,tail_string);
848	set_yy_term_data_cond_str(ptr,tmp);
849	set_yy_term_data_cond_ptr(ptr,head_aspect);
850	abac_yy_add_yy_constraints(tmp);
851	return tmp;
852	}
853
854	error:
855	return NULL;
856	}
857	/* add the role condition to constraint list */
858	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
859	{
860	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
861	if(head_expr) {
862	abac_aspect_t *head_aspect=validate_head(e_yy_ROLE_TYPE,head_expr);
863	if(head_aspect == NULL)
864	goto error;
865
866	char *tmp=generate_pl_constraint_clause(head_aspect,tail_string);
867	set_yy_term_principal_cond_str(ptr,tmp);
868	set_yy_term_principal_cond_ptr(ptr,head_aspect);
869	abac_yy_add_yy_constraints(tmp);
870	if(debug) {
871	printf("make_yy_role_constraint, adding (%s) \n",tmp);
872	}
873	return tmp;
874	}
875
876	error:
877	return NULL;
878	}
879
880
881	/****************************************************************/
882	/* add the range condition to constraint list */
883	/* this is for integer and float only */
884	void make_yy_range_numeric_constraint(abac_yy_term_data_t ptr, char var)
885	{
886	char *typestr=abac_termtype_name(ptr->type);
887	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
888	char *tmplist=NULL;
889	char *tmp=NULL;
890	int as_range=1; /* either , or ; */
891	if(rlist) {
892	char *rstring=_string_yy_cond_range(rlist);
893	set_yy_term_data_cond_str(ptr,rstring);
894	abac_yy_range_t *cur;
895
896	/* a list of values -- in chars */
897	abac_list_foreach(rlist, cur,
898	int type=cur->type;
899	char *val=cur->val;
900	switch(type) {
901	case e_yy_RANGE_MIN:
902	tmp=generate_pl_range_constraint(typestr,var,val,">=");
903	break;
904	case e_yy_RANGE_MAX:
905	tmp=generate_pl_range_constraint(typestr,var,val,"=<");
906	break;
907	case e_yy_RANGE_TARGET:
908	tmp=generate_pl_range_constraint(NULL,var,val,"=");
909	as_range=0;
910	break;
911	}
912	/* ; is prolog's disjunction built in predicate */
913	if(tmplist) {
914	if(as_range)
915	asprintf(&tmplist,"%s,%s",tmplist,tmp);
916	else
917	asprintf(&tmplist,"%s;%s",tmplist,tmp);
918	} else {
919	tmplist=tmp;
920	}
921	tmp=NULL;
922	);
923	asprintf(&tmplist,"(%s)",tmplist);
924	abac_yy_add_yy_constraints(tmplist);
925	}
926	}
927
928	/****************************************************************/
929	/* this is for time only */
930	void make_yy_range_time_constraint(abac_yy_term_data_t ptr, char var)
931	{
932	char *typestr=abac_termtype_name(ptr->type);
933	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
934	char *tmplist=NULL;
935	char *tmp=NULL;
936	char *ttmp=NULL;
937	char *tlist=NULL;
938	int as_range=1; /* either , or ; */
939	if(rlist) {
940	char *rstring=_string_yy_cond_range(rlist);
941	set_yy_term_data_cond_str(ptr,rstring);
942	abac_yy_range_t *cur;
943
944	/* a list of values -- in chars */
945	abac_list_foreach(rlist, cur,
946	int type=cur->type;
947	char *tval=cur->val;
948	char *val=abac_term_to_time(tval);
949	switch(type) {
950	case e_yy_RANGE_MIN:
951	ttmp=generate_pl_range_time_constraint(var,val,">");
952	tmp=generate_pl_range_time_constraint(var,val,"=");
953	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
954	tmp=tlist;
955	break;
956	case e_yy_RANGE_MAX:
957	ttmp=generate_pl_range_time_constraint(var,val,"=");
958	tmp=generate_pl_range_time_constraint(var,val,"<");
959	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
960	tmp=tlist;
961	break;
962	case e_yy_RANGE_TARGET:
963	tmp=generate_pl_range_time_constraint(var,val,"=");
964	as_range=0;
965	break;
966	}
967	free(val);
968	/* ; is prolog's disjunction built in predicate */
969	if(tmplist) {
970	if(as_range)
971	asprintf(&tmplist,"%s,%s",tmplist,tmp);
972	else
973	asprintf(&tmplist,"%s;%s",tmplist,tmp);
974	} else {
975	tmplist=tmp;
976	}
977	tmp=NULL;
978	);
979
980	asprintf(&tmplist,"(%s)",tmplist);
981	/* generate a clause with above and add into db */
982	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
983	abac_yy_add_yy_constraints(tmp);
984	}
985	}
986
987	/****************************************************************/
988	/* this is for string and urn only */
989	void make_yy_range_string_constraint(abac_yy_term_data_t ptr, char var)
990	{
991	char *typestr=abac_termtype_name(ptr->type);
992	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
993	char *tmplist=NULL;
994	char *tmp=NULL;
995	if(rlist) {
996	char *rstring=_string_yy_cond_range(rlist);
997	set_yy_term_data_cond_str(ptr,rstring);
998	abac_yy_range_t *cur;
999
1000	/* a list of values -- in chars */
1001	abac_list_foreach(rlist, cur,
1002	int type=cur->type;
1003	char *val=cur->val;
1004	switch(type) {
1005	case e_yy_RANGE_MIN:
1006	panic("make_yy_range_string_constraint, invalid range type - min");
1007	break;
1008	case e_yy_RANGE_MAX:
1009	/* invalid range type */
1010	panic("make_yy_range_string_constraint, invalid range type - max");
1011	break;
1012	case e_yy_RANGE_TARGET:
1013	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1014	break;
1015	}
1016	/* ; is prolog's disjunction built in predicate */
1017	if(tmplist)
1018	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1019	else tmplist=tmp;
1020	tmp=NULL;
1021	);
1022	asprintf(&tmplist,"(%s)",tmplist);
1023	/* generate a clause with above and add into db */
1024	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
1025	abac_yy_add_yy_constraints(tmp);
1026	}
1027	}
1028
1029	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
1030	{
1031	if(is_yy_term_data_type_numeric(ptr)) {
1032	make_yy_range_numeric_constraint(ptr, var);
1033	} else if (is_yy_term_data_type_alpha(ptr)) {
1034	make_yy_range_string_constraint(ptr, var);
1035	} else if (is_yy_term_data_type_time(ptr)) {
1036	make_yy_range_time_constraint(ptr, var);
1037	}
1038	}
1039
1040
1041	/************************************************************************/
1042
1043	static void _aspect_add_terms(int linked, abac_aspect_t *aspect_ptr,
1044	abac_yy_term_t *terms)
1045	{
1046	abac_yy_term_t *curr = terms;
1047	int type;
1048
1049	while (curr) {
1050	char *name=NULL;
1051	char *cond=NULL;
1052	void *ptr=NULL;
1053	switch (curr->type) {
1054	case e_yy_DTERM_DATA:
1055	{
1056	abac_yy_term_data_t *dptr=curr->term.d_ptr;
1057	type=dptr->type;
1058	name=abac_xstrdup(dptr->name);
1059	if(dptr->cond_str) {
1060	cond=abac_xstrdup(dptr->cond_str);
1061	ptr=dptr->cond_ptr;
1062	}
1063	break;
1064	}
1065	case e_yy_DTERM_PRINCIPAL:
1066	{
1067	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
1068	type=abac_term_verify_term_type("principal");
1069	name=abac_xstrdup(pptr->name);
1070	if(pptr->cond_str) {
1071	cond=abac_xstrdup(pptr->cond_str);
1072	ptr=pptr->cond_ptr;
1073	}
1074	break;
1075	}
1076	case e_yy_DTERM_NAMED:
1077	{
1078	abac_yy_principal_t *pptr=curr->term.n_ptr;
1079	type=pptr->type;
1080	name=abac_xstrdup(get_yy_principal_name(pptr));
1081	cond=NULL;
1082	ptr=NULL;
1083	break;
1084	}
1085	case e_yy_DTERM_ANONYMOUS:
1086	{
1087	type=0;
1088	name=abac_xstrdup("_");
1089	cond=NULL;
1090	ptr=NULL;
1091	break;
1092	}
1093	}
1094
1095	abac_term_t *param=abac_term_new(type,name,cond,ptr);
1096	if (linked)
1097	abac_aspect_add_linked_param(aspect_ptr, param);
1098	else
1099	abac_aspect_add_param(aspect_ptr, param);
1100	curr=curr->next;
1101	}
1102	}
1103
1104	static void _aspect_add_linked_terms(abac_aspect_t ptr, abac_yy_term_t terms)
1105	{
1106	int linked=1;
1107	_aspect_add_terms(linked, ptr, terms);
1108	}
1109
1110	static void _aspect_add_aspect_terms(abac_aspect_t ptr, abac_yy_term_t terms)
1111	{
1112	int linked=0;
1113	_aspect_add_terms(linked, ptr, terms);
1114	}
1115
1116	abac_aspect_t validate_intersected_tail(abac_aspect_t ptr)
1117	{
1118	abac_aspect_t *ret_ptr=abac_aspect_intersection_new(ptr);
1119	return ret_ptr;
1120	}
1121
1122	/* A.oset, A.role */
1123	abac_aspect_t validate_head(int yytype, abac_yy_expression_t expr)
1124	{
1125	abac_yy_principal_t *principal=expr->principal;
1126	abac_yy_roleoset_t *ptr=expr->roleoset;
1127
1128	char *principalname=get_yy_principal_sha(principal);
1129	char *othername=get_yy_principal_name(principal);
1130	char *name=ptr->name;
1131	abac_yy_term_t *terms=ptr->terms;
1132
1133	abac_aspect_t *aptr=NULL;
1134	if(yytype==e_yy_OSET_TYPE)
1135	aptr=abac_aspect_oset_new(principalname, name);
1136	else aptr=abac_aspect_role_new(principalname, name);
1137
1138	if (aptr==NULL) {
1139	abac_yy_set_error_code(ABAC_YY_INVALID_HEAD);
1140	goto error;
1141	}
1142
1143	// insert the params for the oset
1144	if(terms) {
1145	_aspect_add_aspect_terms(aptr, terms);
1146	}
1147	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1148	return aptr;
1149
1150	error:
1151	return NULL;
1152	}
1153
1154	abac_aspect_t validate_head_oset(abac_yy_expression_t expr)
1155	{
1156	return validate_head(e_yy_OSET_TYPE,expr);
1157	}
1158
1159	abac_aspect_t validate_head_role(abac_yy_expression_t expr)
1160	{
1161	return validate_head(e_yy_ROLE_TYPE,expr);
1162	}
1163
1164	/*****************************************************************************/
1165	/* B */
1166	abac_aspect_t validate_named_tail(int yytype, abac_yy_expression_t expr)
1167	{
1168	abac_yy_principal_t *principal=expr->principal;
1169	char *principalname=get_yy_principal_sha(principal);
1170	char *othername=get_yy_principal_name(principal);
1171
1172	abac_aspect_t *ptr=NULL;
1173	if(yytype==e_yy_OSET_TYPE)
1174	ptr=abac_aspect_oset_principal_new(principalname);
1175	else ptr=abac_aspect_role_principal_new(principalname);
1176	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1177
1178	if (ptr==NULL)
1179	goto error;
1180	return ptr;
1181
1182	error:
1183	panic("can not generate a simple named tail oset aspect");
1184	return NULL;
1185	}
1186
1187
1188	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
1189	abac_aspect_t validate_object_tail(int yytype,abac_yy_expression_t expr)
1190	{
1191	abac_yy_term_data_t *object=get_yy_expression_object(expr);
1192	assert(object != NULL);
1193
1194	char *name=object->name;
1195	int type=object->type;
1196	char *cond=object->cond_str;
1197	void *ptr=object->cond_ptr;
1198	abac_term_t *term=abac_term_new(type,name,cond,ptr);
1199	abac_aspect_t *aptr=NULL;
1200	if(yytype==e_yy_OSET_TYPE)
1201	aptr=abac_aspect_oset_object_new(term);
1202	else
1203	goto error; /* can not be a role expression with obj */
1204
1205	if(get_yy_term_data_is_variable(object))
1206	_add_yy_id_certs(name,type);
1207
1208	if (aptr==NULL)
1209	goto error;
1210	return aptr;
1211
1212	error:
1213	panic("can not generate a simple object tail oset aspect");
1214	return NULL;
1215	}
1216
1217
1218	/* B.role or B.oset */
1219	abac_aspect_t validate_some_tail(int yytype, abac_yy_expression_t expr)
1220	{
1221	abac_yy_principal_t *principal=expr->principal;
1222	abac_yy_roleoset_t *eptr=expr->roleoset;
1223
1224	char *principalname=get_yy_principal_sha(principal);
1225	char *othername=get_yy_principal_name(principal);
1226
1227	char *name=eptr->name;
1228	abac_yy_term_t *terms=eptr->terms;
1229
1230	abac_aspect_t *ptr=NULL;
1231	if(yytype==e_yy_OSET_TYPE)
1232	ptr=abac_aspect_oset_new(principalname, name);
1233	else
1234	ptr=abac_aspect_role_new(principalname, name);
1235	if (ptr==NULL)
1236	goto error;
1237
1238	if(terms) {
1239	_aspect_add_aspect_terms(ptr, terms);
1240	}
1241
1242	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1243
1244	return ptr;
1245
1246	error:
1247	panic("can not generate a simple tail aspect");
1248	return NULL;
1249	}
1250
1251	/* B.role.role or B.role.oset */
1252	abac_aspect_t validate_linked_tail(int yytype, abac_yy_expression_t expr)
1253	{
1254	abac_yy_principal_t *principal=expr->principal;
1255
1256	abac_yy_roleoset_t *eptr=expr->roleoset;
1257	abac_yy_roleoset_t *linked_role=expr->linked_role;
1258
1259	char *principalname=get_yy_principal_sha(principal);
1260	char *othername=get_yy_principal_name(principal);
1261
1262	char *name=eptr->name;
1263	abac_yy_term_t *terms=eptr->terms;
1264
1265	char *linkedrolename=linked_role->name;
1266	abac_yy_term_t *linked_terms=linked_role->terms;
1267
1268	abac_aspect_t *ptr=NULL;
1269	if(yytype==e_yy_OSET_TYPE)
1270	ptr=abac_aspect_oset_linking_new(principalname,
1271	linkedrolename, name);
1272	else ptr=abac_aspect_role_linking_new(principalname,
1273	linkedrolename, name);
1274	if (ptr==NULL)
1275	goto error;
1276
1277	if(linked_terms) {
1278	_aspect_add_linked_terms(ptr, linked_terms);
1279	}
1280	if(terms) {
1281	_aspect_add_aspect_terms(ptr, terms);
1282	}
1283
1284	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1285
1286	return ptr;
1287
1288	error:
1289	panic("can not generate linked tail oset");
1290	return NULL;
1291	}
1292
1293
1294	/**********************************************************************/
1295
1296	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
1297	abac_yy_expression_t *tailexpr)
1298	{
1299	abac_aspect_t *head_oset=NULL;
1300	abac_aspect_t *tail_oset=NULL;
1301
1302	/* build up left side's abac oset structure */
1303	head_oset=validate_head(e_yy_OSET_TYPE, headexpr);
1304	if(head_oset == NULL)
1305	goto error;
1306
1307	/* build up the right side's abac oset structure */
1308	abac_yy_expression_t *curr_tail = tailexpr;
1309	int intersecting=(tailexpr->next != NULL)? 1:0;
1310	abac_aspect_t *curr_oset = NULL;
1311	while (curr_tail) {
1312	switch(curr_tail->type) {
1313	case e_yy_EXPR_OBJECT:
1314	curr_oset=validate_object_tail(e_yy_OSET_TYPE,curr_tail);
1315	break;
1316	case e_yy_EXPR_NAMED:
1317	curr_oset=validate_named_tail(e_yy_OSET_TYPE,curr_tail);
1318	break;
1319	case e_yy_EXPR_OSET:
1320	curr_oset=validate_some_tail(e_yy_OSET_TYPE,curr_tail);
1321	break;
1322	case e_yy_EXPR_LINKED:
1323	curr_oset=validate_linked_tail(e_yy_OSET_TYPE,curr_tail);
1324	break;
1325	}
1326	if(curr_oset==NULL)
1327	goto error;
1328
1329	/* check if first one */
1330	if(tail_oset==NULL) {
1331	if(intersecting)
1332	tail_oset=validate_intersected_tail(curr_oset);
1333	else
1334	tail_oset=curr_oset;
1335	} else {
1336	abac_aspect_add_intersecting_aspect(tail_oset,curr_oset);
1337	}
1338	curr_tail=curr_tail->next;
1339	} /* while */
1340
1341	/* XXX collect up type clauses, constraint clauses and
1342	generate rule clauses */
1343	abac_list_t *tmp=generate_pl_clauses(head_oset,tail_oset);
1344	if(tmp == NULL)
1345	goto error;
1346
1347	if(debug) {
1348	abac_print_aspect_string_with_condition(head_oset,NULL);
1349	printf("\n");
1350	abac_print_aspect_string_with_condition(tail_oset,NULL);
1351	printf("\n");
1352	}
1353
1354	_free_yy_expression(headexpr);
1355	_free_yy_expression(tailexpr);
1356	abac_rule_head_aspect=head_oset;
1357	abac_rule_tail_aspect=tail_oset;
1358	abac_rule_is_oset=1;
1359	return tmp;
1360
1361	error:
1362	_free_yy_expression(headexpr);
1363	_free_yy_expression(tailexpr);
1364	if(head_oset)
1365	abac_aspect_free(head_oset);
1366	if(tail_oset)
1367	abac_aspect_free(tail_oset);
1368	return NULL;
1369	}
1370
1371	/*****************************************************************************/
1372	/* build up the abac structure and also create the yap clause
1373	and insert it into db */
1374	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1375	abac_yy_expression_t *tailexpr)
1376	{
1377	abac_aspect_t *head_role=NULL;
1378	abac_aspect_t *tail_role=NULL;
1379
1380	/* build up left side's abac role structure */
1381	head_role=validate_head(e_yy_ROLE_TYPE,headexpr);
1382	if(head_role == NULL)
1383	goto error;
1384
1385	/* build up the right side's abac role structure */
1386	abac_yy_expression_t *curr_tail = tailexpr;
1387	int intersecting=(tailexpr->next != NULL)? 1:0;
1388	abac_aspect_t *curr_role = NULL;
1389	while (curr_tail) {
1390	switch(curr_tail->type) {
1391	case e_yy_EXPR_NAMED:
1392	curr_role=validate_named_tail(e_yy_ROLE_TYPE,curr_tail);
1393	break;
1394	case e_yy_EXPR_ROLE:
1395	curr_role=validate_some_tail(e_yy_ROLE_TYPE,curr_tail);
1396	break;
1397	case e_yy_EXPR_LINKED:
1398	curr_role=validate_linked_tail(e_yy_ROLE_TYPE,curr_tail);
1399	break;
1400	}
1401	if(curr_role==NULL)
1402	goto error;
1403
1404	/* check if first one */
1405	if(tail_role==NULL) {
1406	if(intersecting)
1407	tail_role=validate_intersected_tail(curr_role);
1408	else
1409	tail_role=curr_role;
1410	} else {
1411	abac_aspect_add_intersecting_aspect(tail_role,curr_role);
1412	}
1413	curr_tail=curr_tail->next;
1414	} /* while */
1415
1416	/* collect up type clauses, constraint clauses and
1417	generate the final rule clauses */
1418	abac_list_t *tmp=generate_pl_clauses(head_role,tail_role);
1419	if(tmp == NULL)
1420	goto error;
1421
1422	if(debug) {
1423	abac_print_aspect_string_with_condition(head_role,NULL);
1424	printf("\n");
1425	abac_print_aspect_string_with_condition(tail_role,NULL);
1426	printf("\n");
1427	}
1428
1429	_free_yy_expression(headexpr);
1430	_free_yy_expression(tailexpr);
1431	abac_rule_head_aspect=head_role;
1432	abac_rule_tail_aspect=tail_role;
1433	abac_rule_is_oset=0;
1434	return tmp;
1435
1436	error:
1437	_free_yy_expression(headexpr);
1438	_free_yy_expression(tailexpr);
1439	if(head_role)
1440	abac_aspect_free(head_role);
1441	if(tail_role)
1442	abac_aspect_free(tail_role);
1443	return NULL;
1444	}
1445
1446	/************************************************************************/
1447	void abac_yy_init()
1448	{
1449	abac_yyinit();
1450	abac_yy_init_rule_id_clauses();
1451	abac_yy_init_yy_id_certs();
1452	abac_yy_init_yy_constraints();
1453	}
1454
1455

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac_pl_yy.c @ 8bd77b5

Download in other formats: