Context Navigation

source: libabac/abac_pl_yy.c @ 9806e76

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since 9806e76 was 9806e76, checked in by Mei <mei@…>, 12 years ago
1) add handling for typed anonymous term, [int:?] 2) make a pass through abac/doc 3) fix up creddy to take oset option at different calls
Property mode set to `100644`
File size: 42.9 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	extern void panic(char*);
14
15	/* from abac_pl_gen.c */
16	extern char generate_pl_range_constraint(char ,char ,char ,char *);
17	extern char generate_pl_range_time_constraint(char ,char ,char );
18	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
19	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
20	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
21	extern char* generate_pl_role_constraint_clause(abac_role_t , char );
22	extern char generate_pl_type_clause(char , int);
23	/* from abac_pl_yap.c */
24	extern char abac_pl_add_range_constraint_clause(char var,
25	char *tmplist);
26	/* from rt2.y */
27	extern void abac_yyinit();
28
29	int abac_yy_error_code = 0; /* keeping last error code */
30
31	int abac_rule_is_oset=0;
32	abac_list_t *abac_rule_clauses=NULL;
33	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
34	abac_role_t *abac_rule_head_role=NULL;
35	abac_role_t *abac_rule_tail_role=NULL;
36	abac_oset_t *abac_rule_head_oset=NULL;
37	abac_oset_t *abac_rule_tail_oset=NULL;
38
39	/* to track id certs within a rule clause */
40	typedef struct _abac_yy_id_cert_t {
41	char *principalname;
42	int type; /* keyidtype */
43	char *clause;
44	} abac_yy_id_cert_t;
45	abac_list_t *abac_yy_id_certs = NULL;
46
47	/* structure to hold the range information
48	within a static constraints on few types of
49	oset types
50	[a..b], [a..], [..b], [a],[a,b],[many a]
51	e_yy_RANGE_MIN=1;
52	e_yy_RANGE_MAX=2;
53	e_yy_RANGE_TARGET=3;
54	*/
55	typedef struct _abac_yy_range_t {
56	int type;
57	char *val;
58	} abac_yy_range_t;
59
60	/* to track role/oset constraint clauses used within a rule clause,
61	collect them up in one place, these are for conjunction clauses */
62	typedef struct _abac_yy_constraint_t {
63	char *clause;
64	} abac_yy_constraint_t;
65	abac_list_t *abac_yy_constraints = NULL;
66
67	/* local principal structure [keyid:USC] */
68	struct _abac_yy_principal_t {
69	int type;
70	char *sha; // sha is null when this is of object type
71	char *cn;
72	};
73
74	/* [principal:?Z]:..., must match a principal name */
75	struct _abac_yy_term_principal_t {
76	int type; /* this needs to be implicitly determined */
77	int is_anonymous;
78	char *name;
79	char *cond_str;
80	void *cond_ptr; // ptr to a saved abac_role_t
81	abac_yy_expression_t *cond_head_expr;
82	};
83
84	/* integer,float,time,urn,string types,
85	if has condition, then it is a variable,
86	ie,
87	[int:?Year]:<1930..1932>,
88	if no condition, then it is a constant,
89	ie,
90	[int:10]
91	*/
92	struct _abac_yy_term_data_t {
93	int is_variable;
94	int is_anonymous;
95	int type;
96	char *name;
97	char *cond_str;
98	void *cond_ptr; // ptr to a saved abac_oset_t
99	abac_list_t *cond_range;
100	abac_yy_expression_t *cond_head_expr; // parking stub
101	};
102
103	/* local term structure, will distinguish it in the future */
104	/* e_yy_DTERM_DATA, all other types
105	e_yy_DTERM_NAMED, keyid:bob
106	e_yy_DTERM_PRINCIPAL, principal:?P
107	e_yy_DTERM_ANONYMOUS ? */
108	struct _abac_yy_term_t {
109	union {
110	abac_yy_principal_t *n_ptr;
111	abac_yy_term_principal_t *p_ptr;
112	abac_yy_term_data_t *d_ptr;
113	} term;
114	int type;
115	struct _abac_yy_term_t *next;
116	int bcnt; /* this is to track number of terms in this linked up list */
117	};
118
119	/* local role structure */
120	struct _abac_yy_role_t {
121	int type;
122	char *name;
123	abac_yy_term_t *terms;
124	struct _abac_yy_role_t *next;
125	int bcnt; /* this is to track number of roles in this linked up list */
126	};
127
128	/* local oset structure */
129	struct _abac_yy_oset_t {
130	int type;
131	char *name;
132	abac_yy_term_t *terms;
133	struct _abac_yy_oset_t *next;
134	int bcnt; /* this is to track number of oset in this linked up list */
135	};
136
137	/* A, A.r, A.r.r */
138	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
139	/* A/obj, A.o, A.r.o */
140	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
141	struct _abac_yy_expression_t {
142	int type;
143	union {
144	abac_yy_principal_t *principal;
145	abac_yy_term_data_t *object;
146	};
147	abac_yy_role_t *linked_role;
148	union {
149	abac_yy_role_t *role;
150	abac_yy_oset_t *oset;
151	};
152	struct _abac_yy_expression_t *next;
153	int bcnt;
154	};
155
156	static void _free_yy_expression(abac_yy_expression_t *);
157
158	/************************************************************************/
159	void abac_yy_set_error_code(int v)
160	{
161	abac_yy_error_code=v;
162	}
163
164	/************************************************************************/
165	abac_stack_t *abac_yy_get_rule_id_clauses()
166	{
167	return abac_rule_id_clauses;
168	}
169
170	abac_stack_t *abac_yy_init_rule_id_clauses()
171	{
172	abac_rule_id_clauses=abac_stack_new();
173	return abac_rule_id_clauses;
174	}
175
176	void abac_yy_free_rule_id_clauses()
177	{
178	if (abac_rule_id_clauses != NULL)
179	abac_stack_free(abac_rule_id_clauses);
180	}
181
182	void abac_yy_set_rule_clauses(abac_list_t *clauses)
183	{
184	abac_rule_clauses=clauses;
185	if(debug) {
186	printf("printing out abac_rule_clauses:\n");
187	abac_print_clauses(abac_rule_clauses,NULL);
188	}
189	}
190
191	abac_list_t *abac_yy_get_rule_clauses()
192	{
193	return abac_rule_clauses;
194	}
195
196	void abac_yy_free_rule_clauses()
197	{
198	if (abac_rule_clauses != NULL) {
199	char *cur;
200	abac_list_foreach(abac_yy_id_certs, cur,
201	if(cur) free(cur);
202	);
203	abac_list_free(abac_rule_clauses);
204	}
205	}
206
207	int abac_yy_get_rule_is_oset()
208	{
209	return abac_rule_is_oset;
210	}
211
212	abac_role_t *abac_yy_get_rule_head_role()
213	{
214	return abac_rule_head_role;
215	}
216
217	abac_role_t *abac_yy_get_rule_tail_role()
218	{
219	return abac_rule_tail_role;
220	}
221
222	abac_oset_t *abac_yy_get_rule_head_oset()
223	{
224	return abac_rule_head_oset;
225	}
226
227	abac_oset_t *abac_yy_get_rule_tail_oset()
228	{
229	return abac_rule_tail_oset;
230	}
231
232
233	/************************************************************************/
234	void abac_yy_init_yy_id_certs()
235	{
236	abac_yy_id_certs = abac_list_new();
237	}
238
239	void abac_yy_free_yy_id_certs()
240	{
241	abac_yy_id_cert_t *id;
242	abac_list_foreach(abac_yy_id_certs, id,
243	if(id)
244	free(id->principalname);
245	free(id->clause);
246	free(id);
247	);
248	abac_list_free(abac_yy_id_certs);
249	abac_yy_id_certs = NULL;
250	}
251
252	int abac_yy_cnt_yy_id_certs()
253	{
254	return abac_list_size(abac_yy_id_certs);
255	}
256
257	char *abac_yy_string_yy_id_certs()
258	{
259	int first=1;
260	char *tmp=NULL;
261	abac_yy_id_cert_t *cur;
262	abac_list_foreach(abac_yy_id_certs, cur,
263	if(cur)
264	if(first) {
265	tmp=abac_xstrdup(cur->clause);
266	first=0;
267	} else {
268	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
269	}
270	);
271	return tmp;
272	}
273
274	static void _add_yy_id_certs(char *principalname, int type)
275	{
276	abac_yy_id_cert_t *id_cert=NULL;
277
278	int found=0;
279	abac_yy_id_cert_t *cur;
280	abac_list_foreach(abac_yy_id_certs, cur,
281	if(cur)
282	if(strcmp(cur->principalname,principalname)==0) {
283	found=1;
284	break;
285	}
286	);
287
288	if (found) {
289	return;
290	} else {
291	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
292	id_cert->principalname=abac_xstrdup(principalname);
293	id_cert->type=type;
294	id_cert->clause=generate_pl_type_clause(principalname,type);
295	abac_list_add(abac_yy_id_certs, id_cert);
296	}
297	}
298
299	/***********************************************************************/
300	static void _free_yy_cond_range(abac_list_t *ptr)
301	{
302	if (ptr != NULL) {
303	abac_yy_range_t *cur;
304	abac_list_foreach(ptr, cur,
305	if(cur && cur->val) free(cur->val);
306	free(cur);
307	);
308	abac_list_free(ptr);
309	}
310	}
311
312	static char _string_yy_cond_range(abac_list_t ptr)
313	{
314	assert(ptr);
315	char *tmp=NULL;
316	char *min=NULL;
317	char *max=NULL;
318	char *val=NULL;
319	int type;
320
321	abac_yy_range_t *cur;
322	abac_list_foreach(ptr, cur,
323	type=cur->type;
324	switch (type) {
325	case e_yy_RANGE_MIN:
326	min=strdup(cur->val);
327	break;
328	case e_yy_RANGE_MAX:
329	max=strdup(cur->val);
330	break;
331	case e_yy_RANGE_TARGET:
332	if(val)
333	asprintf(&val,"%s,%s",val,cur->val);
334	else val=strdup(cur->val);
335	break;
336	}
337	);
338	if(max && min) {
339	asprintf(&tmp,"[%s..%s]",min,max);
340	free(max);
341	free(min);
342	return tmp;
343	}
344	if(max) {
345	asprintf(&tmp,"[..%s]",max);
346	free(max);
347	return tmp;
348	}
349	if(min) {
350	asprintf(&tmp,"[%s..]",min);
351	free(min);
352	return tmp;
353	}
354	if(val) {
355	asprintf(&tmp,"[%s]",val);
356	free(val);
357	return tmp;
358	}
359	return NULL;
360	}
361
362	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
363	{
364	abac_yy_range_t *range=
365	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
366	range->type=e_yy_RANGE_TARGET;
367	range->val=strdup(val);
368	abac_list_add(ptr, range);
369	return ptr;
370	}
371
372	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
373	{
374	abac_yy_range_t *range=
375	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
376	range->type=type;
377	range->val=strdup(val);
378	abac_list_add(ptr, range);
379	return ptr;
380	}
381
382	abac_list_t make_yy_val_range(char val)
383	{
384	abac_list_t *ptr=abac_list_new();
385	add_yy_val_range(ptr,val);
386	return ptr;
387	}
388
389	abac_list_t make_yy_minmax_range(char min, char *max)
390	{
391	abac_list_t *ptr=abac_list_new();
392	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
393	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
394	return ptr;
395	}
396
397	abac_list_t make_yy_min_range(char min)
398	{
399	abac_list_t *ptr=abac_list_new();
400	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
401	return ptr;
402	}
403
404	abac_list_t make_yy_max_range(char max)
405	{
406	abac_list_t *ptr=abac_list_new();
407	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
408	return ptr;
409	}
410
411	/***********************************************************************/
412	abac_yy_term_data_t *make_yy_term_data()
413	{
414	abac_yy_term_data_t *ptr=
415	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
416	ptr->name=NULL;
417	ptr->type=0;
418	ptr->is_variable=0;
419	ptr->is_anonymous=0;
420	ptr->cond_str=NULL;
421	ptr->cond_head_expr=NULL;
422	ptr->cond_ptr=NULL;
423	ptr->cond_range=NULL;
424	return ptr;
425	}
426
427	void set_yy_term_data_name(abac_yy_term_data_t ptr, char name)
428	{
429	ptr->name=strdup(name);
430	}
431
432	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
433	{
434	return ptr->cond_range;
435	}
436
437	char get_yy_term_data_name(abac_yy_term_data_t ptr)
438	{
439	return ptr->name;
440	}
441
442	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
443	{
444	if(ptr->cond_head_expr != NULL)
445	return 1;
446	if(ptr->cond_range != NULL)
447	return 1;
448	return 0;
449	}
450
451	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
452	abac_list_t *range)
453	{
454	ptr->cond_range=range;
455	}
456
457	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
458	abac_yy_expression_t *expr)
459	{
460	ptr->cond_head_expr=expr;
461	}
462
463	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
464	{
465	return ptr->cond_head_expr;
466	}
467
468	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
469	{
470	int type=abac_term_verify_term_type(typestr);
471	ptr->type=type;
472	}
473
474	void set_yy_term_data_is_anonymous(abac_yy_term_data_t *ptr)
475	{
476	ptr->is_anonymous=1;
477	}
478
479	int is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
480	{
481	if(ptr->type==abac_term_verify_term_type("integer") \|\|
482	ptr->type==abac_term_verify_term_type("float"))
483	return 1;
484	return 0;
485	}
486
487	int is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
488	{
489	if(ptr->type==abac_term_verify_term_type("time"))
490	return 1;
491	return 0;
492	}
493
494	int is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
495	{
496	if(ptr->type==abac_term_verify_term_type("string") \|\|
497	ptr->type==abac_term_verify_term_type("urn") \|\|
498	ptr->type==abac_term_verify_term_type("boolean"))
499	return 1;
500	return 0;
501	}
502
503	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
504	{
505	ptr->cond_ptr=vptr;
506	}
507
508	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
509	{
510	ptr->cond_str=strdup(cond);
511	}
512
513	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
514	{
515	ptr->is_variable=1;
516	}
517
518	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
519	{
520	return ptr->is_variable;
521	}
522
523	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
524	{
525	free(ptr->name);
526	if(ptr->cond_str)
527	free(ptr->cond_str);
528	if(ptr->cond_head_expr)
529	_free_yy_expression(ptr->cond_head_expr);
530	if(ptr->cond_range);
531	_free_yy_cond_range(ptr->cond_range);
532	free(ptr);
533	}
534
535	abac_yy_term_principal_t *make_yy_term_principal()
536	{
537	abac_yy_term_principal_t *ptr=
538	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
539	ptr->type=0;/* this is not known */
540	ptr->is_anonymous=0;
541	ptr->name=NULL;
542	ptr->cond_str=NULL;
543	ptr->cond_head_expr=NULL;
544	return ptr;
545	}
546
547	void set_yy_term_principal_name(abac_yy_term_principal_t ptr, char name)
548	{
549	ptr->name=abac_xstrdup(name);
550	}
551
552	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
553	{
554	ptr->cond_ptr=vptr;
555	}
556
557	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
558	{
559	ptr->cond_str=abac_xstrdup(cond);
560	}
561
562	void set_yy_term_principal_is_anonymous(abac_yy_term_principal_t *ptr)
563	{
564	ptr->is_anonymous=1;
565	}
566
567	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
568	{
569	return ptr->cond_head_expr;
570	}
571
572	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
573	abac_yy_expression_t *expr)
574	{
575	ptr->cond_head_expr=expr;
576	}
577
578	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
579	{
580	free(ptr->name);
581	if(ptr->cond_str)
582	free(ptr->cond_str);
583	if(ptr->cond_head_expr)
584	_free_yy_expression(ptr->cond_head_expr);
585	free(ptr);
586	}
587
588	abac_yy_term_t *make_yy_term_dterm_anonymous()
589	{
590	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
591	ptr->type = e_yy_DTERM_ANONYMOUS;
592	ptr->next=NULL;
593	ptr->bcnt=1;
594	return ptr;
595	}
596
597	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
598	{
599	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
600	if(pptr->is_anonymous)
601	ptr->type = e_yy_DTERM_ANONYMOUS;
602	else ptr->type = e_yy_DTERM_PRINCIPAL;
603	ptr->term.p_ptr=pptr;
604	ptr->next=NULL;
605	ptr->bcnt=1;
606	return ptr;
607	}
608
609	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
610	{
611	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
612	ptr->type = e_yy_DTERM_NAMED;
613	ptr->term.n_ptr=nptr;
614	ptr->next=NULL;
615	ptr->bcnt=1;
616	return ptr;
617	}
618
619	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
620	{
621	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
622
623	if(dptr->is_anonymous)
624	ptr->type = e_yy_DTERM_ANONYMOUS;
625	else ptr->type = e_yy_DTERM_DATA;
626	ptr->term.d_ptr=dptr;
627	ptr->next=NULL;
628	ptr->bcnt=1;
629	return ptr;
630	}
631
632	/************************************************************************/
633	void abac_yy_init_yy_constraints()
634	{
635	abac_yy_constraints = abac_list_new();
636	}
637
638	void abac_yy_free_yy_constraints()
639	{
640	abac_yy_constraint_t *cur;
641	abac_list_foreach(abac_yy_constraints, cur,
642	if(cur && cur->clause)
643	free(cur->clause);
644	free(cur);
645	);
646	abac_list_free(abac_yy_constraints);
647	abac_yy_constraints=NULL;
648	}
649
650	int abac_yy_cnt_yy_constraints()
651	{
652	return abac_list_size(abac_yy_constraints);
653	}
654
655	char *abac_yy_string_yy_constraints()
656	{
657	int first=1;
658	char *tmp=NULL;
659	abac_yy_constraint_t *cur;
660	abac_list_foreach(abac_yy_constraints, cur,
661	if(cur && cur->clause)
662	if(first) {
663	tmp=abac_xstrdup(cur->clause);
664	first=0;
665	} else {
666	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
667	}
668	);
669	return tmp;
670	}
671
672	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
673	{
674	abac_yy_constraint_t *ptr=
675	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
676	ptr->clause=strdup(constraint);
677	abac_list_add(abac_yy_constraints, ptr);
678	return ptr;
679	}
680
681	/****************************************************************************/
682	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
683	{
684	abac_yy_principal_t *ptr=
685	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
686	ptr->sha=abac_xstrdup(sha);
687	ptr->cn=abac_xstrdup(cn);
688	ptr->type=type;
689	return ptr;
690	}
691
692	static void _free_yy_principal(abac_yy_principal_t *ptr)
693	{
694	free(ptr->sha);
695	if(ptr->cn)
696	free(ptr->cn);
697	free(ptr);
698	}
699
700	int get_yy_principal_type(abac_yy_principal_t *ptr)
701	{
702	return ptr->type;
703	}
704
705	char get_yy_principal_principalname(abac_yy_principal_t ptr)
706	{
707	if(ptr->sha == NULL)
708	return ptr->cn;
709	return ptr->sha;
710	}
711
712	/*************************************************************************/
713
714	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
715	{
716	int i=terms->bcnt;
717	nterm->next=terms;
718	nterm->bcnt=i+1;
719	return nterm;
720	}
721
722	static void _free_yy_term(abac_yy_term_t *ptr)
723	{
724	switch (ptr->type) {
725	case e_yy_DTERM_DATA:
726	_free_yy_term_data(ptr->term.d_ptr);
727	break;
728	case e_yy_DTERM_NAMED:
729	_free_yy_principal(ptr->term.n_ptr);
730	break;
731	case e_yy_DTERM_PRINCIPAL:
732	_free_yy_term_principal(ptr->term.p_ptr);
733	break;
734	case e_yy_DTERM_ANONYMOUS:
735	break;
736	}
737	if(ptr->next)
738	_free_yy_term(ptr->next);
739	free(ptr);
740	}
741
742	/*************************************************************************/
743
744	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
745	{
746	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
747	ptr->name=abac_xstrdup(name);
748	ptr->terms=terms;
749	ptr->next=NULL;
750	ptr->bcnt=1;
751	return ptr;
752	}
753
754	static void _free_yy_role(abac_yy_role_t *ptr)
755	{
756	free(ptr->name);
757	if(ptr->terms)
758	_free_yy_term(ptr->terms);
759	if(ptr->next)
760	_free_yy_role(ptr->next);
761	free(ptr);
762	}
763
764	/***************************************************************************/
765	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
766	{
767	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
768	ptr->name=abac_xstrdup(name);
769	ptr->terms=terms;
770	ptr->next=NULL;
771	ptr->bcnt=1;
772	return ptr;
773	}
774
775	static void _free_yy_oset(abac_yy_oset_t *ptr)
776	{
777	free(ptr->name);
778	if(ptr->terms)
779	_free_yy_term(ptr->terms);
780	if(ptr->next)
781	_free_yy_oset(ptr->next);
782	free(ptr);
783	}
784	/***************************************************************************/
785
786	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
787
788	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
789	{
790	abac_yy_expression_t *ptr=
791	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
792	ptr->type = type;
793	if(type == e_yy_EXPR_OBJECT) {
794	ptr->object=(abac_yy_term_data_t *)pptr;
795	} else {
796	ptr->principal = (abac_yy_principal_t *)pptr;
797	}
798	if(type == e_yy_EXPR_OSET)
799	ptr->oset = (abac_yy_oset_t *) optr;
800	else
801	ptr->role = (abac_yy_role_t *) optr;
802	ptr->linked_role=linked_role;
803	ptr->next=NULL;
804
805	return ptr;
806	}
807
808	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
809	{
810	if(ptr->type == e_yy_EXPR_OBJECT)
811	return ptr->object;
812	return NULL;
813	}
814
815	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
816	abac_yy_expression_t *exprs)
817	{
818	int i=exprs->bcnt;
819	nexpr->next=exprs;
820	nexpr->bcnt=i+1;
821	return nexpr;
822	}
823
824	static void _free_yy_expression(abac_yy_expression_t *ptr)
825	{
826	if(ptr->type == e_yy_EXPR_OBJECT) {
827	if(ptr->object)
828	_free_yy_term_data(ptr->object);
829	} else {
830	if(ptr->principal)
831	_free_yy_principal(ptr->principal);
832	}
833	if(ptr->type == e_yy_EXPR_OSET) {
834	if(ptr->oset)
835	_free_yy_oset(ptr->oset);
836	} else {
837	if(ptr->role)
838	_free_yy_role(ptr->role);
839	}
840	if(ptr->linked_role)
841	_free_yy_role(ptr->linked_role);
842	if(ptr->next)
843	_free_yy_expression(ptr->next);
844
845	free(ptr);
846	}
847
848	/***************************************************************************/
849	static void _oset_add_terms(int linked, abac_oset_t *oset,
850	abac_yy_term_t *terms)
851	{
852	abac_yy_term_t *curr = terms;
853	int type;
854	char *name=NULL;
855	char *cond=NULL;
856	void *ptr=NULL;
857	while (curr) {
858	switch (curr->type) {
859	case e_yy_DTERM_DATA:
860	{
861	abac_yy_term_data_t *ptr=curr->term.d_ptr;
862	type=ptr->type;
863	name=abac_xstrdup(ptr->name);
864	cond=abac_xstrdup(ptr->cond_str);
865	ptr=ptr->cond_ptr;
866	break;
867	}
868	case e_yy_DTERM_PRINCIPAL:
869	{
870	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
871	type=abac_term_verify_term_type("principal");
872	name=abac_xstrdup(ptr->name);
873	cond=abac_xstrdup(ptr->cond_str);
874	ptr=ptr->cond_ptr;
875	break;
876	}
877	case e_yy_DTERM_NAMED:
878	{
879	abac_yy_principal_t *ptr=curr->term.n_ptr;
880	type=ptr->type;
881	/* XXX should be switching to sha in the future */
882	name=abac_xstrdup(ptr->cn);
883	cond=NULL;
884	ptr=NULL;
885	break;
886	}
887	case e_yy_DTERM_ANONYMOUS:
888	{
889	type=0;
890	name=abac_xstrdup("_");
891	cond=NULL;
892	ptr=NULL;
893	break;
894	}
895	}
896
897	abac_term_t *param=abac_term_new(type,name,cond,ptr);
898	if (linked)
899	abac_oset_oset_add_linked_param(oset, param);
900	else
901	abac_oset_oset_add_param(oset, param);
902	curr=curr->next;
903	}
904	}
905
906	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
907	{
908	int linked=1;
909	_oset_add_terms(linked, oset, terms);
910	}
911
912	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
913	{
914	int linked=0;
915	_oset_add_terms(linked, oset, terms);
916	}
917
918
919	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
920	{
921	abac_oset_t *ret_oset=NULL;
922	abac_list_t *prereqs = abac_list_new();
923	abac_list_add(prereqs, oset);
924	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
925	return ret_oset;
926	}
927
928	/* A.oset */
929	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
930	{
931	abac_yy_principal_t *principal=expr->principal;
932	abac_yy_oset_t *oset=expr->oset;
933
934	char *principalname=get_yy_principal_principalname(principal);
935	char *osetname=oset->name;
936	abac_yy_term_t *terms=oset->terms;
937
938	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
939	if (ret_oset==NULL) {
940	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
941	goto error;
942	}
943	if (!abac_oset_is_oset(ret_oset)) {
944	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
945	goto error;
946	}
947	// insert the params for the oset
948	if(terms) {
949	_oset_add_oset_terms(ret_oset, terms);
950	}
951	_add_yy_id_certs(principal->cn,principal->type);
952
953	return ret_oset;
954
955	error:
956	return NULL;
957	}
958
959	/* B */
960	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
961	{
962	abac_yy_principal_t *principal=expr->principal;
963	char *principalname=principal->sha;
964	abac_oset_t *ret_oset=NULL;
965
966	ret_oset = abac_oset_principal_new(principalname);
967
968	_add_yy_id_certs(principal->cn,principal->type);
969
970	if (ret_oset==NULL)
971	goto error;
972	return ret_oset;
973
974	error:
975	panic("can not generate a simple named tail oset");
976	return NULL;
977	}
978
979
980	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
981	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
982	{
983	abac_yy_term_data_t *object=get_yy_expression_object(expr);
984	assert(object != NULL);
985
986	char *name=object->name;
987	int type=object->type;
988	char *cond=object->cond_str;
989	void *ptr=object->cond_ptr;
990	abac_term_t *term=abac_term_new(type,name,cond,ptr);
991	abac_oset_t *ret_oset=abac_oset_object_new(term);
992
993	if(get_yy_term_data_is_variable(object))
994	_add_yy_id_certs(name,type);
995
996	if (ret_oset==NULL)
997	goto error;
998	return ret_oset;
999
1000	error:
1001	panic("can not generate a simple object tail oset");
1002	return NULL;
1003	}
1004
1005
1006	/* B.oset */
1007	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
1008	{
1009	abac_yy_principal_t *principal=expr->principal;
1010	abac_yy_oset_t *oset=expr->oset;
1011
1012	char *principalname=principal->sha;
1013
1014	char *osetname=oset->name;
1015	abac_yy_term_t *terms=oset->terms;
1016
1017	int ret;
1018	abac_oset_t *ret_oset=NULL;
1019
1020	ret_oset = abac_oset_oset_new(principalname, osetname);
1021	if (ret_oset==NULL)
1022	goto error;
1023
1024	if(terms) {
1025	_oset_add_oset_terms(ret_oset, terms);
1026	}
1027
1028	_add_yy_id_certs(principal->cn,principal->type);
1029
1030	return ret_oset;
1031
1032	error:
1033	panic("can not generate a simple tail oset");
1034	return NULL;
1035	}
1036
1037	/* B.role.oset */
1038	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
1039	{
1040	abac_yy_principal_t *principal=expr->principal;
1041	abac_yy_oset_t *oset=expr->oset;
1042	abac_yy_role_t *linked_role=expr->linked_role;
1043
1044	char *principalname=principal->sha;
1045
1046	char *osetname=oset->name;
1047	abac_yy_term_t *terms=oset->terms;
1048
1049	char *linkedrolename=linked_role->name;
1050	abac_yy_term_t *linked_terms=linked_role->terms;
1051
1052	int ret;
1053	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
1054	linkedrolename, osetname);
1055	if (ret_oset==NULL)
1056	goto error;
1057
1058	if(linked_terms) {
1059	_oset_add_linked_terms(ret_oset, linked_terms);
1060	}
1061	if(terms) {
1062	_oset_add_oset_terms(ret_oset, terms);
1063	}
1064
1065	_add_yy_id_certs(principal->cn,principal->type);
1066
1067	return ret_oset;
1068
1069	error:
1070	panic("can not generate linked tail oset");
1071	return NULL;
1072	}
1073
1074
1075
1076	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
1077	abac_yy_expression_t *tailexpr)
1078	{
1079	abac_oset_t *head_oset=NULL;
1080	abac_oset_t *tail_oset=NULL;
1081
1082	/* build up left side's abac oset structure */
1083	head_oset=validate_head_oset(headexpr);
1084	if(head_oset == NULL)
1085	goto error;
1086
1087	/* build up the right side's abac oset structure */
1088	abac_yy_expression_t *curr_tail = tailexpr;
1089	int intersecting=(tailexpr->next != NULL)? 1:0;
1090	abac_oset_t *curr_oset = NULL;
1091	while (curr_tail) {
1092	switch(curr_tail->type) {
1093	case e_yy_EXPR_OBJECT:
1094	curr_oset=validate_object_tail_oset(curr_tail);
1095	break;
1096	case e_yy_EXPR_NAMED:
1097	curr_oset=validate_named_tail_oset(curr_tail);
1098	break;
1099	case e_yy_EXPR_OSET:
1100	curr_oset=validate_oset_tail_oset(curr_tail);
1101	break;
1102	case e_yy_EXPR_LINKED:
1103	curr_oset=validate_linked_tail_oset(curr_tail);
1104	break;
1105	}
1106	if(curr_oset==NULL)
1107	goto error;
1108
1109	/* check if first one */
1110	if(tail_oset==NULL) {
1111	if(intersecting)
1112	tail_oset=validate_intersected_tail_oset(curr_oset);
1113	else
1114	tail_oset=curr_oset;
1115	} else {
1116	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
1117	}
1118	curr_tail=curr_tail->next;
1119	} /* while */
1120
1121	/* XXX collect up type clauses, constraint clauses and
1122	generate rule clauses */
1123	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
1124	if(tmp == NULL)
1125	goto error;
1126
1127	if(debug) {
1128	abac_print_oset_string_with_condition(head_oset,NULL);
1129	abac_print_oset_string_with_condition(tail_oset,NULL);
1130	}
1131
1132	_free_yy_expression(headexpr);
1133	_free_yy_expression(tailexpr);
1134	abac_rule_head_oset=head_oset;
1135	abac_rule_tail_oset=tail_oset;
1136	abac_rule_is_oset=1;
1137	return tmp;
1138
1139	error:
1140	_free_yy_expression(headexpr);
1141	_free_yy_expression(tailexpr);
1142	if(head_oset)
1143	abac_oset_free(head_oset);
1144	if(tail_oset)
1145	abac_oset_free(tail_oset);
1146	return NULL;
1147	}
1148
1149	/****************************************************************/
1150	static void _role_add_terms(int linked, abac_role_t *role,
1151	abac_yy_term_t *terms)
1152	{
1153	abac_yy_term_t *curr = terms;
1154	int type;
1155	char *name=NULL;
1156	char *cond=NULL;
1157	void *ptr=NULL;
1158	while (curr) {
1159	switch (curr->type) {
1160	case e_yy_DTERM_DATA:
1161	{
1162	abac_yy_term_data_t *pptr=curr->term.d_ptr;
1163	type=pptr->type;
1164	name=abac_xstrdup(pptr->name);
1165	cond=abac_xstrdup(pptr->cond_str);
1166	ptr=pptr->cond_ptr;
1167	break;
1168	}
1169	case e_yy_DTERM_PRINCIPAL:
1170	{
1171	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
1172	type=abac_term_verify_term_type("principal");
1173	name=abac_xstrdup(pptr->name);
1174	cond=abac_xstrdup(pptr->cond_str);
1175	ptr=pptr->cond_ptr;
1176	break;
1177	}
1178	case e_yy_DTERM_NAMED:
1179	{
1180	abac_yy_principal_t *pptr=curr->term.n_ptr;
1181	type=pptr->type;
1182	/* XXX should be switching to sha in the future */
1183	name=abac_xstrdup(pptr->cn);
1184	cond=NULL;
1185	ptr=NULL;
1186	break;
1187	}
1188	case e_yy_DTERM_ANONYMOUS:
1189	{
1190	type=0;
1191	name=abac_xstrdup("_");
1192	cond=NULL;
1193	ptr=NULL;
1194	break;
1195	}
1196	}
1197
1198	abac_term_t *param=abac_term_new(type,name,cond,ptr);
1199	if (linked)
1200	abac_role_role_add_linked_param(role, param);
1201	else
1202	abac_role_role_add_param(role, param);
1203	curr=curr->next;
1204	}
1205	}
1206
1207	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
1208	{
1209	int linked=1;
1210	_role_add_terms(linked, role, terms);
1211	}
1212
1213	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
1214	{
1215	int linked=0;
1216	_role_add_terms(linked, role, terms);
1217	}
1218
1219
1220	abac_role_t validate_intersected_tail_role(abac_role_t role)
1221	{
1222	abac_role_t *ret_role=NULL;
1223	abac_list_t *prereqs = abac_list_new();
1224	abac_list_add(prereqs, role);
1225	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
1226	return ret_role;
1227	}
1228
1229	abac_role_t validate_head_role(abac_yy_expression_t expr)
1230	{
1231	abac_yy_principal_t *principal=expr->principal;
1232	abac_yy_role_t *role=expr->role;
1233
1234	char *principalname=get_yy_principal_principalname(principal);
1235	char *rolename=role->name;
1236	abac_yy_term_t *terms=role->terms;
1237	abac_role_t *ret_role=NULL;
1238
1239	ret_role=abac_role_role_new(principalname, rolename);
1240	if (ret_role==NULL) {
1241	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
1242	goto error;
1243	}
1244	if (!abac_role_is_role(ret_role)) {
1245	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
1246	goto error;
1247	}
1248	// insert the params for the role
1249	if(terms) {
1250	_role_add_role_terms(ret_role, terms);
1251	}
1252
1253	_add_yy_id_certs(principal->cn,principal->type);
1254
1255	return ret_role;
1256
1257	error:
1258	return NULL;
1259	}
1260
1261	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
1262	{
1263	abac_yy_principal_t *principal=expr->principal;
1264	char *principalname=get_yy_principal_principalname(principal);
1265	abac_role_t *ret_role=NULL;
1266
1267	ret_role = abac_role_principal_new(principalname);
1268	_add_yy_id_certs(principal->cn,principal->type);
1269
1270	if (ret_role==NULL)
1271	goto error;
1272	return ret_role;
1273
1274	error:
1275	panic("can not generate a simple named tail role");
1276	return NULL;
1277	}
1278
1279	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
1280	{
1281	abac_yy_principal_t *principal=expr->principal;
1282	abac_yy_role_t *role=expr->role;
1283
1284	char *principalname=get_yy_principal_principalname(principal);
1285
1286	char *rolename=role->name;
1287	abac_yy_term_t *terms=role->terms;
1288
1289	int ret;
1290	abac_role_t *ret_role=NULL;
1291
1292	ret_role = abac_role_role_new(principalname, rolename);
1293	if (ret_role==NULL)
1294	goto error;
1295
1296	if(terms) {
1297	_role_add_role_terms(ret_role, terms);
1298	}
1299
1300	_add_yy_id_certs(principal->cn,principal->type);
1301
1302	return ret_role;
1303
1304	error:
1305	panic("can not generate a simple tail role");
1306	return NULL;
1307	}
1308	/* need to validate/generate a linked role out of this */
1309	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
1310	{
1311	abac_yy_principal_t *principal=expr->principal;
1312	abac_yy_role_t *role=expr->role;
1313	abac_yy_role_t *linked_role=expr->linked_role;
1314
1315	char *principalname=get_yy_principal_principalname(principal);
1316
1317	char *rolename=role->name;
1318	abac_yy_term_t *terms=role->terms;
1319
1320	char *linkedrolename=linked_role->name;
1321	abac_yy_term_t *linked_terms=linked_role->terms;
1322
1323	int ret;
1324	abac_role_t *ret_role=NULL;
1325
1326	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
1327	if (ret_role==NULL)
1328	goto error;
1329
1330	if(linked_terms) {
1331	_role_add_linked_terms(ret_role, linked_terms);
1332	}
1333	if(terms) {
1334	_role_add_role_terms(ret_role, terms);
1335	}
1336
1337	_add_yy_id_certs(principal->cn,principal->type);
1338
1339	return ret_role;
1340
1341	error:
1342	panic("can not generate linked tail role");
1343	return NULL;
1344	}
1345
1346	/***********************************************************************/
1347	/* add the condition to constraint list */
1348	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
1349	{
1350	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
1351	if(head_expr) {
1352	abac_oset_t *head_oset=validate_head_oset(head_expr);
1353	if(head_oset == NULL)
1354	goto error;
1355
1356	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
1357	set_yy_term_data_cond_str(ptr,tmp);
1358	set_yy_term_data_cond_ptr(ptr,head_oset);
1359	abac_yy_add_yy_constraints(tmp);
1360	return tmp;
1361	}
1362	return NULL;
1363	error:
1364	return NULL;
1365	}
1366
1367	/****************************************************************/
1368	/* add the range condition to constraint list */
1369	/* this is for integer and float only */
1370	void make_yy_range_numeric_constraint(abac_yy_term_data_t ptr, char var)
1371	{
1372	char *typestr=abac_term_type(ptr->type);
1373	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1374	char *tmplist=NULL;
1375	char *tmp=NULL;
1376	int as_range=1; /* either , or ; */
1377	if(rlist) {
1378	char *rstring=_string_yy_cond_range(rlist);
1379	set_yy_term_data_cond_str(ptr,rstring);
1380	abac_yy_range_t *cur;
1381
1382	/* a list of values -- in chars */
1383	abac_list_foreach(rlist, cur,
1384	int type=cur->type;
1385	char *val=cur->val;
1386	switch(type) {
1387	case e_yy_RANGE_MIN:
1388	tmp=generate_pl_range_constraint(typestr,var,val,">=");
1389	break;
1390	case e_yy_RANGE_MAX:
1391	tmp=generate_pl_range_constraint(typestr,var,val,"=<");
1392	break;
1393	case e_yy_RANGE_TARGET:
1394	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1395	as_range=0;
1396	break;
1397	}
1398	/* ; is prolog's disjunction built in predicate */
1399	if(tmplist) {
1400	if(as_range)
1401	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1402	else
1403	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1404	} else {
1405	tmplist=tmp;
1406	}
1407	tmp=NULL;
1408	);
1409	asprintf(&tmplist,"(%s)",tmplist);
1410	abac_yy_add_yy_constraints(tmplist);
1411	}
1412	}
1413
1414	/****************************************************************/
1415	/* this is for time only */
1416	void make_yy_range_time_constraint(abac_yy_term_data_t ptr, char var)
1417	{
1418	char *typestr=abac_term_type(ptr->type);
1419	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1420	char *tmplist=NULL;
1421	char *tmp=NULL;
1422	char *ttmp=NULL;
1423	char *tlist=NULL;
1424	int as_range=1; /* either , or ; */
1425	if(rlist) {
1426	char *rstring=_string_yy_cond_range(rlist);
1427	set_yy_term_data_cond_str(ptr,rstring);
1428	abac_yy_range_t *cur;
1429
1430	/* a list of values -- in chars */
1431	abac_list_foreach(rlist, cur,
1432	int type=cur->type;
1433	char *tval=cur->val;
1434	char *val=abac_term_to_time(tval);
1435	switch(type) {
1436	case e_yy_RANGE_MIN:
1437	ttmp=generate_pl_range_time_constraint(var,val,">");
1438	tmp=generate_pl_range_time_constraint(var,val,"=");
1439	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
1440	tmp=tlist;
1441	break;
1442	case e_yy_RANGE_MAX:
1443	ttmp=generate_pl_range_time_constraint(var,val,"=");
1444	tmp=generate_pl_range_time_constraint(var,val,"<");
1445	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
1446	tmp=tlist;
1447	break;
1448	case e_yy_RANGE_TARGET:
1449	tmp=generate_pl_range_time_constraint(var,val,"=");
1450	as_range=0;
1451	break;
1452	}
1453	free(val);
1454	/* ; is prolog's disjunction built in predicate */
1455	if(tmplist) {
1456	if(as_range)
1457	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1458	else
1459	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1460	} else {
1461	tmplist=tmp;
1462	}
1463	tmp=NULL;
1464	);
1465
1466	asprintf(&tmplist,"(%s)",tmplist);
1467	/* generate a clause with above and add into db */
1468	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
1469	abac_yy_add_yy_constraints(tmp);
1470	}
1471	}
1472
1473	/****************************************************************/
1474	/* this is for string and urn only */
1475	void make_yy_range_string_constraint(abac_yy_term_data_t ptr, char var)
1476	{
1477	char *typestr=abac_term_type(ptr->type);
1478	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1479	char *tmplist=NULL;
1480	char *tmp=NULL;
1481	if(rlist) {
1482	char *rstring=_string_yy_cond_range(rlist);
1483	set_yy_term_data_cond_str(ptr,rstring);
1484	abac_yy_range_t *cur;
1485
1486	/* a list of values -- in chars */
1487	abac_list_foreach(rlist, cur,
1488	int type=cur->type;
1489	char *val=cur->val;
1490	switch(type) {
1491	case e_yy_RANGE_MIN:
1492	panic("make_yy_range_string_constraint, invalid range type - min");
1493	break;
1494	case e_yy_RANGE_MAX:
1495	/* invalid range type */
1496	panic("make_yy_range_string_constraint, invalid range type - max");
1497	break;
1498	case e_yy_RANGE_TARGET:
1499	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1500	break;
1501	}
1502	/* ; is prolog's disjunction built in predicate */
1503	if(tmplist)
1504	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1505	else tmplist=tmp;
1506	tmp=NULL;
1507	);
1508	asprintf(&tmplist,"(%s)",tmplist);
1509	/* generate a clause with above and add into db */
1510	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
1511	abac_yy_add_yy_constraints(tmp);
1512	}
1513	}
1514
1515	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
1516	{
1517	if(is_yy_term_data_type_numeric(ptr)) {
1518	make_yy_range_numeric_constraint(ptr, var);
1519	} else if (is_yy_term_data_type_alpha(ptr)) {
1520	make_yy_range_string_constraint(ptr, var);
1521	} else if (is_yy_term_data_type_time(ptr)) {
1522	make_yy_range_time_constraint(ptr, var);
1523	}
1524	}
1525
1526	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
1527	{
1528	char *tmp=NULL;
1529	abac_role_t *head_role=NULL;
1530
1531	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
1532	/* build up left side's abac role constraint structure */
1533	head_role=validate_head_role(head_expr);
1534	if(head_role == NULL)
1535	goto error;
1536
1537	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
1538	set_yy_term_principal_cond_str(ptr,tmp);
1539	set_yy_term_principal_cond_ptr(ptr,head_role);
1540	abac_yy_add_yy_constraints(tmp);
1541	return tmp;
1542
1543	error:
1544	return NULL;
1545	}
1546
1547	/* build up the abac structure and also create the yap clause
1548	and insert it into db */
1549	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1550	abac_yy_expression_t *tailexpr)
1551	{
1552	abac_role_t *head_role=NULL;
1553	abac_role_t *tail_role=NULL;
1554
1555	/* build up left side's abac role structure */
1556	head_role=validate_head_role(headexpr);
1557	if(head_role == NULL)
1558	goto error;
1559
1560	/* build up the right side's abac role structure */
1561	abac_yy_expression_t *curr_tail = tailexpr;
1562	int intersecting=(tailexpr->next != NULL)? 1:0;
1563	abac_role_t *curr_role = NULL;
1564	while (curr_tail) {
1565	switch(curr_tail->type) {
1566	case e_yy_EXPR_NAMED:
1567	curr_role=validate_named_tail_role(curr_tail);
1568	break;
1569	case e_yy_EXPR_ROLE:
1570	curr_role=validate_role_tail_role(curr_tail);
1571	break;
1572	case e_yy_EXPR_LINKED:
1573	curr_role=validate_linked_tail_role(curr_tail);
1574	break;
1575	}
1576	if(curr_role==NULL)
1577	goto error;
1578
1579	/* check if first one */
1580	if(tail_role==NULL) {
1581	if(intersecting)
1582	tail_role=validate_intersected_tail_role(curr_role);
1583	else
1584	tail_role=curr_role;
1585	} else {
1586	abac_role_add_intersecting_role(tail_role,curr_role);
1587	}
1588	curr_tail=curr_tail->next;
1589	} /* while */
1590
1591	/* collect up type clauses, constraint clases and
1592	generate the final rule clauses */
1593	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
1594	if(tmp == NULL)
1595	goto error;
1596
1597	if(debug) {
1598	abac_print_role_string_with_condition(head_role,NULL);
1599	abac_print_role_string_with_condition(tail_role,NULL);
1600	}
1601
1602	_free_yy_expression(headexpr);
1603	_free_yy_expression(tailexpr);
1604	abac_rule_head_role=head_role;
1605	abac_rule_tail_role=tail_role;
1606	abac_rule_is_oset=0;
1607	return tmp;
1608
1609	error:
1610	_free_yy_expression(headexpr);
1611	_free_yy_expression(tailexpr);
1612	if(head_role)
1613	abac_role_free(head_role);
1614	if(tail_role)
1615	abac_role_free(tail_role);
1616	return NULL;
1617	}
1618
1619
1620	/************************************************************************/
1621	void abac_yy_init()
1622	{
1623	abac_yyinit();
1624	abac_yy_init_rule_id_clauses();
1625	abac_yy_init_yy_id_certs();
1626	abac_yy_init_yy_constraints();
1627	}
1628
1629

Note: See TracBrowser for help on using the repository browser.

Download in other formats: