Context Navigation

source: libabac/abac_pl_yy.c @ 907af43

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 907af43 was b5a3da4, checked in by Mei <mei@…>, 13 years ago
1) add abac_oset.c 2) reorganized some yyparse related files
Property mode set to `100644`
File size: 37.5 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	extern void panic(char*);
14
15	/* from abac_pl_gen.c */
16	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
17	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
18	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
19	extern char generate_pl_type_clause(char , int);
20	/* from abac_oset.c */
21	extern abac_oset_t abac_oset_principal_new(char );
22	/* from rt2.y */
23	extern void abac_yyinit();
24	/* from abac_param.c */
25	extern char *abac_term_type(int);
26
27
28	int abac_yy_error_code = 0; /* keeping last error code */
29
30	int abac_rule_is_oset=0;
31	abac_list_t *abac_rule_clauses=NULL;
32	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
33	abac_role_t *abac_rule_head_role=NULL;
34	abac_role_t *abac_rule_tail_role=NULL;
35	abac_oset_t *abac_rule_head_oset=NULL;
36	abac_oset_t *abac_rule_tail_oset=NULL;
37
38	/* to track id certs within a rule clause */
39	typedef struct _abac_yy_id_cert_t {
40	char *principalname;
41	int type; /* keyidtype */
42	char *clause;
43	} abac_yy_id_cert_t;
44	abac_list_t *abac_yy_id_certs = NULL;
45
46	/* structure to hold the range information
47	within a static constraints on few types of
48	oset types
49	[a..b], [a..], [..b], [a],[a,b],[many a]
50	e_yy_RANGE_MIN=1;
51	e_yy_RANGE_MAX=2;
52	e_yy_RANGE_TARGET=3;
53	*/
54	typedef struct _abac_yy_range_t {
55	int type;
56	char *val;
57	} abac_yy_range_t;
58
59	/* to track role/oset constraint clauses used within a rule clause,
60	collect them up in one place */
61	typedef struct _abac_yy_constraint_t {
62	char *clause;
63	} abac_yy_constraint_t;
64	abac_list_t *abac_yy_constraints = NULL;
65
66	/* local principal structure [keyid:USC] */
67	struct _abac_yy_principal_t {
68	int type;
69	char *sha; // sha is null when this is of object type
70	char *cn;
71	};
72
73	/* [principal:?Z]:..., must match a principal name */
74	struct _abac_yy_term_principal_t {
75	int type; /* this needs to be implicitly determined */
76	char *name;
77	char *cond_str;
78	void *cond_ptr; // ptr to a saved abac_role_t
79	abac_yy_expression_t *cond_head_expr;
80	};
81
82	/* integer,float,time,urn,string types,
83	if has condition, then it is a variable,
84	ie,
85	[int:?Year]:<1930..1932>,
86	if no condition, then it is a constant,
87	ie,
88	[int:10]
89	*/
90	struct _abac_yy_term_data_t {
91	int is_variable;
92	int type;
93	char *name;
94	char *cond_str;
95	void *cond_ptr; // ptr to a saved abac_oset_t
96	abac_list_t *cond_range;
97	abac_yy_expression_t *cond_head_expr; // parking stub
98	};
99
100	/* local term structure, will distinguish it in the future */
101	/* e_yy_DTERM_DATA, all other types
102	e_yy_DTERM_NAMED, keyid:bob
103	e_yy_DTERM_PRINCIPAL, principal:?P
104	e_yy_DTERM_ANONYMOUS ? */
105	struct _abac_yy_term_t {
106	union {
107	abac_yy_principal_t *n_ptr;
108	abac_yy_term_principal_t *p_ptr;
109	abac_yy_term_data_t *d_ptr;
110	} term;
111	int type;
112	struct _abac_yy_term_t *next;
113	int bcnt; /* this is to track number of terms in this linked up list */
114	};
115
116	/* local role structure */
117	struct _abac_yy_role_t {
118	int type;
119	char *name;
120	abac_yy_term_t *terms;
121	struct _abac_yy_role_t *next;
122	int bcnt; /* this is to track number of roles in this linked up list */
123	};
124
125	/* local oset structure */
126	struct _abac_yy_oset_t {
127	int type;
128	char *name;
129	abac_yy_term_t *terms;
130	struct _abac_yy_oset_t *next;
131	int bcnt; /* this is to track number of oset in this linked up list */
132	};
133
134	/* A, A.r, A.r.r */
135	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
136	/* A/obj, A.o, A.r.o */
137	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
138	struct _abac_yy_expression_t {
139	int type;
140	union {
141	abac_yy_principal_t *principal;
142	abac_yy_term_data_t *object;
143	};
144	abac_yy_role_t *linked_role;
145	union {
146	abac_yy_role_t *role;
147	abac_yy_oset_t *oset;
148	};
149	struct _abac_yy_expression_t *next;
150	int bcnt;
151	};
152
153	static void _free_yy_expression(abac_yy_expression_t *);
154
155	/************************************************************************/
156	void abac_yy_set_error_code(int v)
157	{
158	abac_yy_error_code=v;
159	}
160
161	/************************************************************************/
162	abac_stack_t *abac_yy_get_rule_id_clauses()
163	{
164	return abac_rule_id_clauses;
165	}
166
167	abac_stack_t *abac_yy_init_rule_id_clauses()
168	{
169	abac_rule_id_clauses=abac_stack_new();
170	return abac_rule_id_clauses;
171	}
172
173	void abac_yy_free_rule_id_clauses()
174	{
175	if (abac_rule_id_clauses != NULL)
176	abac_stack_free(abac_rule_id_clauses);
177	}
178
179	void abac_yy_set_rule_clauses(abac_list_t *clauses)
180	{
181	abac_rule_clauses=clauses;
182	if(debug) {
183	printf("printing out abac_rule_clauses:\n");
184	abac_print_clauses(abac_rule_clauses,NULL);
185	}
186	}
187
188	abac_list_t *abac_yy_get_rule_clauses()
189	{
190	return abac_rule_clauses;
191	}
192
193	void abac_yy_free_rule_clauses()
194	{
195	if (abac_rule_clauses != NULL) {
196	char *cur;
197	abac_list_foreach(abac_yy_id_certs, cur,
198	if(cur) free(cur);
199	);
200	abac_list_free(abac_rule_clauses);
201	}
202	}
203
204	int abac_yy_get_rule_is_oset()
205	{
206	return abac_rule_is_oset;
207	}
208
209	abac_role_t *abac_yy_get_rule_head_role()
210	{
211	return abac_rule_head_role;
212	}
213
214	abac_role_t *abac_yy_get_rule_tail_role()
215	{
216	return abac_rule_tail_role;
217	}
218
219	abac_oset_t *abac_yy_get_rule_head_oset()
220	{
221	return abac_rule_head_oset;
222	}
223
224	abac_oset_t *abac_yy_get_rule_tail_oset()
225	{
226	return abac_rule_tail_oset;
227	}
228
229
230	/************************************************************************/
231	void abac_yy_init_yy_id_certs()
232	{
233	abac_yy_id_certs = abac_list_new();
234	}
235
236	void abac_yy_free_yy_id_certs()
237	{
238	abac_yy_id_cert_t *id;
239	abac_list_foreach(abac_yy_id_certs, id,
240	if(id)
241	free(id->principalname);
242	free(id->clause);
243	free(id);
244	);
245	abac_list_free(abac_yy_id_certs);
246	abac_yy_id_certs = NULL;
247	}
248
249	int abac_yy_cnt_yy_id_certs()
250	{
251	return abac_list_size(abac_yy_id_certs);
252	}
253
254	char *abac_yy_string_yy_id_certs()
255	{
256	int first=1;
257	char *tmp=NULL;
258	abac_yy_id_cert_t *cur;
259	abac_list_foreach(abac_yy_id_certs, cur,
260	if(cur)
261	if(first) {
262	tmp=abac_xstrdup(cur->clause);
263	first=0;
264	} else {
265	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
266	}
267	);
268	return tmp;
269	}
270
271	static void _add_yy_id_certs(char *principalname, int type)
272	{
273	abac_yy_id_cert_t *id_cert=NULL;
274
275	int found=0;
276	abac_yy_id_cert_t *cur;
277	abac_list_foreach(abac_yy_id_certs, cur,
278	if(cur)
279	if(strcmp(cur->principalname,principalname)==0) {
280	found=1;
281	break;
282	}
283	);
284
285	if (found) {
286	return;
287	} else {
288	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
289	id_cert->principalname=abac_xstrdup(principalname);
290	id_cert->type=type;
291	id_cert->clause=generate_pl_type_clause(principalname,type);
292	abac_list_add(abac_yy_id_certs, id_cert);
293	}
294	}
295
296	/***********************************************************************/
297	static void _free_yy_cond_range(abac_list_t *ptr)
298	{
299	if (ptr != NULL) {
300	abac_yy_range_t *cur;
301	abac_list_foreach(ptr, cur,
302	if(cur && cur->val) free(cur->val);
303	free(cur);
304	);
305	abac_list_free(ptr);
306	}
307	}
308
309	static char _string_yy_cond_range(abac_list_t ptr)
310	{
311	assert(ptr);
312	char *tmp=NULL;
313	char *min=NULL;
314	char *max=NULL;
315	char *val=NULL;
316	int type;
317
318	abac_yy_range_t *cur;
319	abac_list_foreach(ptr, cur,
320	type=cur->type;
321	val=cur->val;
322	switch (type) {
323	case e_yy_RANGE_MIN:
324	min=strdup(cur->val);
325	break;
326	case e_yy_RANGE_MAX:
327	max=strdup(cur->val);
328	break;
329	case e_yy_RANGE_TARGET:
330	if(val)
331	asprintf(&val,"%s,%s",val,cur->val);
332	else val=strdup(cur->val);
333	break;
334	}
335	);
336	if(max && min) {
337	asprintf(&tmp,"[%s..%s]",min,max);
338	free(max);
339	free(min);
340	return tmp;
341	}
342	if(max) {
343	asprintf(&tmp,"[..%s]",max);
344	free(max);
345	return tmp;
346	}
347	if(min) {
348	asprintf(&tmp,"[%s..]",min);
349	free(min);
350	return tmp;
351	}
352	if(val) {
353	asprintf(&tmp,"[%s]",val);
354	free(val);
355	return tmp;
356	}
357	return NULL;
358	}
359
360	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
361	{
362	abac_yy_range_t *range=
363	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
364	range->type=e_yy_RANGE_TARGET;
365	range->val=strdup(val);
366	abac_list_add(ptr, range);
367	return ptr;
368	}
369
370	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
371	{
372	abac_yy_range_t *range=
373	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
374	range->type=type;
375	range->val=strdup(val);
376	abac_list_add(ptr, range);
377	return ptr;
378	}
379
380	abac_list_t make_yy_val_range(char val)
381	{
382	abac_list_t *ptr=abac_list_new();
383	add_yy_val_range(ptr,val);
384	return ptr;
385	}
386
387	abac_list_t make_yy_minmax_range(char min, char *max)
388	{
389	abac_list_t *ptr=abac_list_new();
390	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
391	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
392	return ptr;
393	}
394
395	abac_list_t make_yy_min_range(char min)
396	{
397	abac_list_t *ptr=abac_list_new();
398	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
399	return ptr;
400	}
401
402	abac_list_t make_yy_max_range(char max)
403	{
404	abac_list_t *ptr=abac_list_new();
405	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
406	return ptr;
407	}
408
409	/***********************************************************************/
410	abac_yy_term_data_t make_yy_term_data(char name)
411	{
412	abac_yy_term_data_t *ptr=
413	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
414	ptr->name=abac_xstrdup(name);
415	ptr->type=0;
416	ptr->is_variable=0;
417	ptr->cond_str=NULL;
418	ptr->cond_head_expr=NULL;
419	ptr->cond_ptr=NULL;
420	ptr->cond_range=NULL;
421	return ptr;
422	}
423
424	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
425	{
426	return ptr->cond_range;
427	}
428
429	char get_yy_term_data_name(abac_yy_term_data_t ptr)
430	{
431	return ptr->name;
432	}
433
434	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
435	{
436	if(ptr->cond_head_expr != NULL)
437	return 1;
438	/* only select few */
439	if( ptr->cond_range != NULL && abac_term_is_integer_type(ptr->type))
440	return 1;
441	return 0;
442	}
443
444	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
445	abac_list_t *range)
446	{
447	ptr->cond_range=range;
448	}
449
450	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
451	abac_yy_expression_t *expr)
452	{
453	ptr->cond_head_expr=expr;
454	}
455
456	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
457	{
458	return ptr->cond_head_expr;
459	}
460
461	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
462	{
463	int type=abac_term_verify_term_type(typestr);
464	ptr->type=type;
465	}
466
467	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
468	{
469	ptr->cond_ptr=vptr;
470	}
471
472	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
473	{
474	ptr->cond_str=strdup(cond);
475	}
476
477	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
478	{
479	ptr->is_variable=1;
480	}
481
482	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
483	{
484	return ptr->is_variable;
485	}
486
487	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
488	{
489	free(ptr->name);
490	if(ptr->cond_str)
491	free(ptr->cond_str);
492	if(ptr->cond_head_expr)
493	_free_yy_expression(ptr->cond_head_expr);
494	if(ptr->cond_range);
495	_free_yy_cond_range(ptr->cond_range);
496	free(ptr);
497	}
498
499	abac_yy_term_principal_t make_yy_term_principal(char name)
500	{
501	abac_yy_term_principal_t *ptr=
502	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
503	ptr->name=abac_xstrdup(name);
504	ptr->cond_str=NULL;
505	ptr->cond_head_expr=NULL;
506	return ptr;
507	}
508
509	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
510	{
511	ptr->cond_ptr=vptr;
512	}
513
514	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
515	{
516	ptr->cond_str=abac_xstrdup(cond);
517	}
518
519	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
520	{
521	return ptr->cond_head_expr;
522	}
523
524	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
525	abac_yy_expression_t *expr)
526	{
527	ptr->cond_head_expr=expr;
528	}
529
530	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
531	{
532	free(ptr->name);
533	if(ptr->cond_str)
534	free(ptr->cond_str);
535	if(ptr->cond_head_expr)
536	_free_yy_expression(ptr->cond_head_expr);
537	free(ptr);
538	}
539
540	abac_yy_term_t *make_yy_term_dterm_anonymous()
541	{
542	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
543	ptr->type = e_yy_DTERM_ANONYMOUS;
544	ptr->next=NULL;
545	ptr->bcnt=1;
546	return ptr;
547	}
548
549	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
550	{
551	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
552	ptr->type = e_yy_DTERM_PRINCIPAL;
553	ptr->term.p_ptr=pptr;
554	ptr->next=NULL;
555	ptr->bcnt=1;
556	return ptr;
557	}
558
559	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
560	{
561	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
562	ptr->type = e_yy_DTERM_NAMED;
563	ptr->term.n_ptr=nptr;
564	ptr->next=NULL;
565	ptr->bcnt=1;
566	return ptr;
567	}
568
569	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
570	{
571	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
572	ptr->type = e_yy_DTERM_DATA;
573	ptr->term.d_ptr=dptr;
574	ptr->next=NULL;
575	ptr->bcnt=1;
576	return ptr;
577	}
578
579	/************************************************************************/
580	void abac_yy_init_yy_constraints()
581	{
582	abac_yy_constraints = abac_list_new();
583	}
584
585	void abac_yy_free_yy_constraints()
586	{
587	abac_yy_constraint_t *cur;
588	abac_list_foreach(abac_yy_constraints, cur,
589	if(cur && cur->clause)
590	free(cur->clause);
591	free(cur);
592	);
593	abac_list_free(abac_yy_constraints);
594	abac_yy_constraints=NULL;
595	}
596
597	int abac_yy_cnt_yy_constraints()
598	{
599	return abac_list_size(abac_yy_constraints);
600	}
601
602	char *abac_yy_string_yy_constraints()
603	{
604	int first=1;
605	char *tmp=NULL;
606	abac_yy_constraint_t *cur;
607	abac_list_foreach(abac_yy_constraints, cur,
608	if(cur && cur->clause)
609	if(first) {
610	tmp=abac_xstrdup(cur->clause);
611	first=0;
612	} else {
613	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
614	}
615	);
616	return tmp;
617	}
618
619	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
620	{
621	abac_yy_constraint_t *ptr=
622	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
623	ptr->clause=strdup(constraint);
624	abac_list_add(abac_yy_constraints, ptr);
625	return ptr;
626	}
627
628	/****************************************************************************/
629	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
630	{
631	abac_yy_principal_t *ptr=
632	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
633	ptr->sha=abac_xstrdup(sha);
634	ptr->cn=abac_xstrdup(cn);
635	ptr->type=type;
636	return ptr;
637	}
638
639	static void _free_yy_principal(abac_yy_principal_t *ptr)
640	{
641	free(ptr->sha);
642	if(ptr->cn)
643	free(ptr->cn);
644	free(ptr);
645	}
646
647	int get_yy_principal_type(abac_yy_principal_t *ptr)
648	{
649	return ptr->type;
650	}
651
652	char get_yy_principal_principalname(abac_yy_principal_t ptr)
653	{
654	if(ptr->sha == NULL)
655	return ptr->cn;
656	return ptr->sha;
657	}
658
659	/*************************************************************************/
660
661	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
662	{
663	int i=terms->bcnt;
664	nterm->next=terms;
665	nterm->bcnt=i+1;
666	return nterm;
667	}
668
669	static void _free_yy_term(abac_yy_term_t *ptr)
670	{
671	switch (ptr->type) {
672	case e_yy_DTERM_DATA:
673	_free_yy_term_data(ptr->term.d_ptr);
674	break;
675	case e_yy_DTERM_NAMED:
676	_free_yy_principal(ptr->term.n_ptr);
677	break;
678	case e_yy_DTERM_PRINCIPAL:
679	_free_yy_term_principal(ptr->term.p_ptr);
680	break;
681	case e_yy_DTERM_ANONYMOUS:
682	break;
683	}
684	if(ptr->next)
685	_free_yy_term(ptr->next);
686	free(ptr);
687	}
688
689	/*************************************************************************/
690
691	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
692	{
693	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
694	ptr->name=abac_xstrdup(name);
695	ptr->terms=terms;
696	ptr->next=NULL;
697	ptr->bcnt=1;
698	return ptr;
699	}
700
701	static void _free_yy_role(abac_yy_role_t *ptr)
702	{
703	free(ptr->name);
704	if(ptr->terms)
705	_free_yy_term(ptr->terms);
706	if(ptr->next)
707	_free_yy_role(ptr->next);
708	free(ptr);
709	}
710
711	/***************************************************************************/
712	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
713	{
714	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
715	ptr->name=abac_xstrdup(name);
716	ptr->terms=terms;
717	ptr->next=NULL;
718	ptr->bcnt=1;
719	return ptr;
720	}
721
722	static void _free_yy_oset(abac_yy_oset_t *ptr)
723	{
724	free(ptr->name);
725	if(ptr->terms)
726	_free_yy_term(ptr->terms);
727	if(ptr->next)
728	_free_yy_oset(ptr->next);
729	free(ptr);
730	}
731	/***************************************************************************/
732
733	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
734
735	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
736	{
737	abac_yy_expression_t *ptr=
738	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
739	ptr->type = type;
740	if(type == e_yy_EXPR_OBJECT) {
741	ptr->object=(abac_yy_term_data_t *)pptr;
742	} else {
743	ptr->principal = (abac_yy_principal_t *)pptr;
744	}
745	if(type == e_yy_EXPR_OSET)
746	ptr->oset = (abac_yy_oset_t *) optr;
747	else
748	ptr->role = (abac_yy_role_t *) optr;
749	ptr->linked_role=linked_role;
750	ptr->next=NULL;
751
752	return ptr;
753	}
754
755	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
756	{
757	if(ptr->type == e_yy_EXPR_OBJECT)
758	return ptr->object;
759	return NULL;
760	}
761
762	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
763	abac_yy_expression_t *exprs)
764	{
765	int i=exprs->bcnt;
766	nexpr->next=exprs;
767	nexpr->bcnt=i+1;
768	return nexpr;
769	}
770
771	static void _free_yy_expression(abac_yy_expression_t *ptr)
772	{
773	if(ptr->type == e_yy_EXPR_OBJECT) {
774	if(ptr->object)
775	_free_yy_term_data(ptr->object);
776	} else {
777	if(ptr->principal)
778	_free_yy_principal(ptr->principal);
779	}
780	if(ptr->type == e_yy_EXPR_OSET) {
781	if(ptr->oset)
782	_free_yy_oset(ptr->oset);
783	} else {
784	if(ptr->role)
785	_free_yy_role(ptr->role);
786	}
787	if(ptr->linked_role)
788	_free_yy_role(ptr->linked_role);
789	if(ptr->next)
790	_free_yy_expression(ptr->next);
791
792	free(ptr);
793	}
794
795	/***************************************************************************/
796	static void _oset_add_terms(int linked, abac_oset_t *oset,
797	abac_yy_term_t *terms)
798	{
799	abac_yy_term_t *curr = terms;
800	int type;
801	char *name=NULL;
802	char *cond=NULL;
803	void *ptr=NULL;
804	while (curr) {
805	switch (curr->type) {
806	case e_yy_DTERM_DATA:
807	{
808	abac_yy_term_data_t *ptr=curr->term.d_ptr;
809	type=ptr->type;
810	name=abac_xstrdup(ptr->name);
811	cond=abac_xstrdup(ptr->cond_str);
812	ptr=ptr->cond_ptr;
813	break;
814	}
815	case e_yy_DTERM_PRINCIPAL:
816	{
817	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
818	type=abac_term_verify_term_type("principal");
819	name=abac_xstrdup(ptr->name);
820	cond=abac_xstrdup(ptr->cond_str);
821	ptr=ptr->cond_ptr;
822	break;
823	}
824	case e_yy_DTERM_NAMED:
825	{
826	abac_yy_principal_t *ptr=curr->term.n_ptr;
827	type=ptr->type;
828	/* XXX should be switching to sha in the future */
829	name=abac_xstrdup(ptr->cn);
830	cond=NULL;
831	ptr=NULL;
832	break;
833	}
834	case e_yy_DTERM_ANONYMOUS:
835	{
836	type=0;
837	name=abac_xstrdup("_");
838	cond=NULL;
839	ptr=NULL;
840	break;
841	}
842	}
843
844	abac_term_t *param=abac_term_new(type,name,cond,ptr);
845	if (linked)
846	abac_oset_oset_add_linked_param(oset, param);
847	else
848	abac_oset_oset_add_param(oset, param);
849	curr=curr->next;
850	}
851	}
852
853	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
854	{
855	int linked=1;
856	_oset_add_terms(linked, oset, terms);
857	}
858
859	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
860	{
861	int linked=0;
862	_oset_add_terms(linked, oset, terms);
863	}
864
865
866	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
867	{
868	abac_oset_t *ret_oset=NULL;
869	abac_list_t *prereqs = abac_list_new();
870	abac_list_add(prereqs, oset);
871	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
872	return ret_oset;
873	}
874
875	/* A.oset */
876	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
877	{
878	abac_yy_principal_t *principal=expr->principal;
879	abac_yy_oset_t *oset=expr->oset;
880
881	char *principalname=get_yy_principal_principalname(principal);
882	char *osetname=oset->name;
883	abac_yy_term_t *terms=oset->terms;
884
885	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
886	if (ret_oset==NULL) {
887	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
888	goto error;
889	}
890	if (!abac_oset_is_oset(ret_oset)) {
891	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
892	goto error;
893	}
894	// insert the params for the oset
895	if(terms) {
896	_oset_add_oset_terms(ret_oset, terms);
897	}
898	_add_yy_id_certs(principal->cn,principal->type);
899
900	return ret_oset;
901
902	error:
903	return NULL;
904	}
905
906	/* B */
907	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
908	{
909	abac_yy_principal_t *principal=expr->principal;
910	char *principalname=principal->sha;
911	abac_oset_t *ret_oset=NULL;
912
913	ret_oset = abac_oset_principal_new(principalname);
914
915	_add_yy_id_certs(principal->cn,principal->type);
916
917	if (ret_oset==NULL)
918	goto error;
919	return ret_oset;
920
921	error:
922	panic("can not generate a simple named tail oset");
923	return NULL;
924	}
925
926
927	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
928	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
929	{
930	abac_yy_term_data_t *object=get_yy_expression_object(expr);
931	assert(object != NULL);
932
933	char *name=object->name;
934	int type=object->type;
935	char *cond=object->cond_str;
936	void *ptr=object->cond_ptr;
937	abac_term_t *term=abac_term_new(type,name,cond,ptr);
938	abac_oset_t *ret_oset=abac_oset_object_new(term);
939
940	if(get_yy_term_data_is_variable(object))
941	_add_yy_id_certs(name,type);
942
943	if (ret_oset==NULL)
944	goto error;
945	return ret_oset;
946
947	error:
948	panic("can not generate a simple object tail oset");
949	return NULL;
950	}
951
952
953	/* B.oset */
954	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
955	{
956	abac_yy_principal_t *principal=expr->principal;
957	abac_yy_oset_t *oset=expr->oset;
958
959	char *principalname=principal->sha;
960
961	char *osetname=oset->name;
962	abac_yy_term_t *terms=oset->terms;
963
964	int ret;
965	abac_oset_t *ret_oset=NULL;
966
967	ret_oset = abac_oset_oset_new(principalname, osetname);
968	if (ret_oset==NULL)
969	goto error;
970
971	if(terms) {
972	_oset_add_oset_terms(ret_oset, terms);
973	}
974
975	_add_yy_id_certs(principal->cn,principal->type);
976
977	return ret_oset;
978
979	error:
980	panic("can not generate a simple tail oset");
981	return NULL;
982	}
983
984	/* B.role.oset */
985	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
986	{
987	abac_yy_principal_t *principal=expr->principal;
988	abac_yy_oset_t *oset=expr->oset;
989	abac_yy_role_t *linked_role=expr->linked_role;
990
991	char *principalname=principal->sha;
992
993	char *osetname=oset->name;
994	abac_yy_term_t *terms=oset->terms;
995
996	char *linkedrolename=linked_role->name;
997	abac_yy_term_t *linked_terms=linked_role->terms;
998
999	int ret;
1000	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
1001	linkedrolename, osetname);
1002	if (ret_oset==NULL)
1003	goto error;
1004
1005	if(linked_terms) {
1006	_oset_add_linked_terms(ret_oset, linked_terms);
1007	}
1008	if(terms) {
1009	_oset_add_oset_terms(ret_oset, terms);
1010	}
1011
1012	_add_yy_id_certs(principal->cn,principal->type);
1013
1014	return ret_oset;
1015
1016	error:
1017	panic("can not generate linked tail oset");
1018	return NULL;
1019	}
1020
1021
1022
1023	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
1024	abac_yy_expression_t *tailexpr)
1025	{
1026	abac_oset_t *head_oset=NULL;
1027	abac_oset_t *tail_oset=NULL;
1028
1029	/* build up left side's abac oset structure */
1030	head_oset=validate_head_oset(headexpr);
1031	if(head_oset == NULL)
1032	goto error;
1033
1034	/* build up the right side's abac oset structure */
1035	abac_yy_expression_t *curr_tail = tailexpr;
1036	int intersecting=(tailexpr->next != NULL)? 1:0;
1037	abac_oset_t *curr_oset = NULL;
1038	while (curr_tail) {
1039	switch(curr_tail->type) {
1040	case e_yy_EXPR_OBJECT:
1041	curr_oset=validate_object_tail_oset(curr_tail);
1042	break;
1043	case e_yy_EXPR_NAMED:
1044	curr_oset=validate_named_tail_oset(curr_tail);
1045	break;
1046	case e_yy_EXPR_OSET:
1047	curr_oset=validate_oset_tail_oset(curr_tail);
1048	break;
1049	case e_yy_EXPR_LINKED:
1050	curr_oset=validate_linked_tail_oset(curr_tail);
1051	break;
1052	}
1053	if(curr_oset==NULL)
1054	goto error;
1055
1056	/* check if first one */
1057	if(tail_oset==NULL) {
1058	if(intersecting)
1059	tail_oset=validate_intersected_tail_oset(curr_oset);
1060	else
1061	tail_oset=curr_oset;
1062	} else {
1063	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
1064	}
1065	curr_tail=curr_tail->next;
1066	} /* while */
1067
1068	/* XXX collect up type clauses, constraint clauses and
1069	generate rule clauses */
1070	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
1071	if(tmp == NULL)
1072	goto error;
1073
1074	if(debug) {
1075	abac_print_oset_string_with_condition(head_oset,NULL);
1076	abac_print_oset_string_with_condition(tail_oset,NULL);
1077	}
1078
1079	_free_yy_expression(headexpr);
1080	_free_yy_expression(tailexpr);
1081	abac_rule_head_oset=head_oset;
1082	abac_rule_tail_oset=tail_oset;
1083	abac_rule_is_oset=1;
1084	return tmp;
1085
1086	error:
1087	_free_yy_expression(headexpr);
1088	_free_yy_expression(tailexpr);
1089	if(head_oset)
1090	abac_oset_free(head_oset);
1091	if(tail_oset)
1092	abac_oset_free(tail_oset);
1093	return NULL;
1094	}
1095
1096	/****************************************************************/
1097	static void _role_add_terms(int linked, abac_role_t *role,
1098	abac_yy_term_t *terms)
1099	{
1100	abac_yy_term_t *curr = terms;
1101	int type;
1102	char *name=NULL;
1103	char *cond=NULL;
1104	void *ptr=NULL;
1105	while (curr) {
1106	switch (curr->type) {
1107	case e_yy_DTERM_DATA:
1108	{
1109	abac_yy_term_data_t *ptr=curr->term.d_ptr;
1110	type=ptr->type;
1111	name=abac_xstrdup(ptr->name);
1112	cond=abac_xstrdup(ptr->cond_str);
1113	ptr=ptr->cond_ptr;
1114	break;
1115	}
1116	case e_yy_DTERM_PRINCIPAL:
1117	{
1118	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
1119	type=abac_term_verify_term_type("principal");
1120	name=abac_xstrdup(ptr->name);
1121	cond=abac_xstrdup(ptr->cond_str);
1122	ptr=ptr->cond_ptr;
1123	break;
1124	}
1125	case e_yy_DTERM_NAMED:
1126	{
1127	abac_yy_principal_t *ptr=curr->term.n_ptr;
1128	type=ptr->type;
1129	/* XXX should be switching to sha in the future */
1130	name=abac_xstrdup(ptr->cn);
1131	cond=NULL;
1132	ptr=NULL;
1133	break;
1134	}
1135	case e_yy_DTERM_ANONYMOUS:
1136	{
1137	type=0;
1138	name=abac_xstrdup("_");
1139	cond=NULL;
1140	ptr=NULL;
1141	break;
1142	}
1143	}
1144	abac_term_t *param=abac_term_new(type,name,cond,ptr);
1145	if (linked)
1146	abac_role_role_add_linked_param(role, param);
1147	else
1148	abac_role_role_add_param(role, param);
1149	curr=curr->next;
1150	}
1151	}
1152
1153	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
1154	{
1155	int linked=1;
1156	_role_add_terms(linked, role, terms);
1157	}
1158
1159	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
1160	{
1161	int linked=0;
1162	_role_add_terms(linked, role, terms);
1163	}
1164
1165
1166	abac_role_t validate_intersected_tail_role(abac_role_t role)
1167	{
1168	abac_role_t *ret_role=NULL;
1169	abac_list_t *prereqs = abac_list_new();
1170	abac_list_add(prereqs, role);
1171	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
1172	return ret_role;
1173	}
1174
1175	abac_role_t validate_head_role(abac_yy_expression_t expr)
1176	{
1177	abac_yy_principal_t *principal=expr->principal;
1178	abac_yy_role_t *role=expr->role;
1179
1180	char *principalname=get_yy_principal_principalname(principal);
1181	char *rolename=role->name;
1182	abac_yy_term_t *terms=role->terms;
1183	abac_role_t *ret_role=NULL;
1184
1185	ret_role=abac_role_role_new(principalname, rolename);
1186	if (ret_role==NULL) {
1187	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
1188	goto error;
1189	}
1190	if (!abac_role_is_role(ret_role)) {
1191	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
1192	goto error;
1193	}
1194	// insert the params for the role
1195	if(terms) {
1196	_role_add_role_terms(ret_role, terms);
1197	}
1198
1199	_add_yy_id_certs(principal->cn,principal->type);
1200
1201	return ret_role;
1202
1203	error:
1204	return NULL;
1205	}
1206
1207	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
1208	{
1209	abac_yy_principal_t *principal=expr->principal;
1210	char *principalname=get_yy_principal_principalname(principal);
1211	abac_role_t *ret_role=NULL;
1212
1213	ret_role = abac_role_principal_new(principalname);
1214	_add_yy_id_certs(principal->cn,principal->type);
1215
1216	if (ret_role==NULL)
1217	goto error;
1218	return ret_role;
1219
1220	error:
1221	panic("can not generate a simple named tail role");
1222	return NULL;
1223	}
1224
1225	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
1226	{
1227	abac_yy_principal_t *principal=expr->principal;
1228	abac_yy_role_t *role=expr->role;
1229
1230	char *principalname=get_yy_principal_principalname(principal);
1231
1232	char *rolename=role->name;
1233	abac_yy_term_t *terms=role->terms;
1234
1235	int ret;
1236	abac_role_t *ret_role=NULL;
1237
1238	ret_role = abac_role_role_new(principalname, rolename);
1239	if (ret_role==NULL)
1240	goto error;
1241
1242	if(terms) {
1243	_role_add_role_terms(ret_role, terms);
1244	}
1245
1246	_add_yy_id_certs(principal->cn,principal->type);
1247
1248	return ret_role;
1249
1250	error:
1251	panic("can not generate a simple tail role");
1252	return NULL;
1253	}
1254	/* need to validate/generate a linked role out of this */
1255	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
1256	{
1257	abac_yy_principal_t *principal=expr->principal;
1258	abac_yy_role_t *role=expr->role;
1259	abac_yy_role_t *linked_role=expr->linked_role;
1260
1261	char *principalname=get_yy_principal_principalname(principal);
1262
1263	char *rolename=role->name;
1264	abac_yy_term_t *terms=role->terms;
1265
1266	char *linkedrolename=linked_role->name;
1267	abac_yy_term_t *linked_terms=linked_role->terms;
1268
1269	int ret;
1270	abac_role_t *ret_role=NULL;
1271
1272	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
1273	if (ret_role==NULL)
1274	goto error;
1275
1276	if(linked_terms) {
1277	_role_add_linked_terms(ret_role, linked_terms);
1278	}
1279	if(terms) {
1280	_role_add_role_terms(ret_role, terms);
1281	}
1282
1283	_add_yy_id_certs(principal->cn,principal->type);
1284
1285	return ret_role;
1286
1287	error:
1288	panic("can not generate linked tail role");
1289	return NULL;
1290	}
1291
1292	/***********************************************************************/
1293	/* add the condition to constraint list */
1294	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
1295	{
1296	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
1297	if(head_expr) {
1298	abac_oset_t *head_oset=validate_head_oset(head_expr);
1299	if(head_oset == NULL)
1300	goto error;
1301
1302	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
1303	set_yy_term_data_cond_str(ptr,tmp);
1304	set_yy_term_data_cond_ptr(ptr,head_oset);
1305	abac_yy_add_yy_constraints(tmp);
1306	return tmp;
1307	}
1308	return NULL;
1309	error:
1310	return NULL;
1311	}
1312	/****************************************************************/
1313	/* add the range condition to constraint list */
1314
1315	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
1316	{
1317	char *typestr=abac_term_type(ptr->type);
1318	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1319	char *tmplist=NULL;
1320	char *tmp=NULL;
1321	int is_range=1; /* either , or \| */
1322	if(rlist) {
1323	char *rstring=_string_yy_cond_range(rlist);
1324	set_yy_term_data_cond_str(ptr,rstring);
1325	abac_yy_range_t *cur;
1326
1327	abac_list_foreach(rlist, cur,
1328	int type=cur->type;
1329	char *val=cur->val;
1330	switch(type) {
1331	case e_yy_RANGE_MIN:
1332	tmp=generate_pl_range_constraint_clause(typestr,var,val,">");
1333	break;
1334	case e_yy_RANGE_MAX:
1335	tmp=generate_pl_range_constraint_clause(typestr,var,val,"<");
1336	break;
1337	case e_yy_RANGE_TARGET:
1338	tmp=generate_pl_range_constraint_clause(typestr,var,val,"=");
1339	int is_range=0;
1340	break;
1341	}
1342	if(tmplist) {
1343	if(is_range)
1344	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1345	else
1346	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1347	} else {
1348	tmplist=tmp;
1349	}
1350	tmp=NULL;
1351	);
1352	asprintf(&tmplist,"(%s)",tmplist);
1353	abac_yy_add_yy_constraints(tmplist);
1354	}
1355	}
1356
1357	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
1358	{
1359	char *tmp=NULL;
1360	abac_role_t *head_role=NULL;
1361
1362	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
1363	/* build up left side's abac role constraint structure */
1364	head_role=validate_head_role(head_expr);
1365	if(head_role == NULL)
1366	goto error;
1367
1368	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
1369	set_yy_term_principal_cond_str(ptr,tmp);
1370	set_yy_term_principal_cond_ptr(ptr,head_role);
1371	abac_yy_add_yy_constraints(tmp);
1372	return tmp;
1373
1374	error:
1375	return NULL;
1376	}
1377
1378	/* build up the abac structure and also create the yap clause
1379	and insert it into db */
1380	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1381	abac_yy_expression_t *tailexpr)
1382	{
1383	abac_role_t *head_role=NULL;
1384	abac_role_t *tail_role=NULL;
1385
1386	/* build up left side's abac role structure */
1387	head_role=validate_head_role(headexpr);
1388	if(head_role == NULL)
1389	goto error;
1390
1391	/* build up the right side's abac role structure */
1392	abac_yy_expression_t *curr_tail = tailexpr;
1393	int intersecting=(tailexpr->next != NULL)? 1:0;
1394	abac_role_t *curr_role = NULL;
1395	while (curr_tail) {
1396	switch(curr_tail->type) {
1397	case e_yy_EXPR_NAMED:
1398	curr_role=validate_named_tail_role(curr_tail);
1399	break;
1400	case e_yy_EXPR_ROLE:
1401	curr_role=validate_role_tail_role(curr_tail);
1402	break;
1403	case e_yy_EXPR_LINKED:
1404	curr_role=validate_linked_tail_role(curr_tail);
1405	break;
1406	}
1407	if(curr_role==NULL)
1408	goto error;
1409
1410	/* check if first one */
1411	if(tail_role==NULL) {
1412	if(intersecting)
1413	tail_role=validate_intersected_tail_role(curr_role);
1414	else
1415	tail_role=curr_role;
1416	} else {
1417	abac_role_add_intersecting_role(tail_role,curr_role);
1418	}
1419	curr_tail=curr_tail->next;
1420	} /* while */
1421
1422	/* collect up type clauses, constraint clases and
1423	generate the final rule clauses */
1424	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
1425	if(tmp == NULL)
1426	goto error;
1427
1428	if(debug) {
1429	abac_print_role_string_with_condition(head_role,NULL);
1430	abac_print_role_string_with_condition(tail_role,NULL);
1431	}
1432
1433	_free_yy_expression(headexpr);
1434	_free_yy_expression(tailexpr);
1435	abac_rule_head_role=head_role;
1436	abac_rule_tail_role=tail_role;
1437	abac_rule_is_oset=0;
1438	return tmp;
1439
1440	error:
1441	_free_yy_expression(headexpr);
1442	_free_yy_expression(tailexpr);
1443	if(head_role)
1444	abac_role_free(head_role);
1445	if(tail_role)
1446	abac_role_free(tail_role);
1447	return NULL;
1448	}
1449
1450
1451	/************************************************************************/
1452	void abac_yy_init()
1453	{
1454	abac_yyinit();
1455	abac_yy_init_rule_id_clauses();
1456	abac_yy_init_yy_id_certs();
1457	abac_yy_init_yy_constraints();
1458	}
1459
1460

Note: See TracBrowser for help on using the repository browser.

Download in other formats: