Context Navigation

source: libabac/abac_pl_yy.c @ a9494ad

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since a9494ad was a9494ad, checked in by Mei <mei@…>, 12 years ago

1) update credential string's storage from plain to base64 encoded

in creddy and also in yap db

2) add alice_rt1_typed example directory (complex params)

Property mode set to 100644

File size: 16.4 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6
7	#include "uthash.h"
8	#include "abac_util.h"
9
10	#include "abac_pl_yy.h"
11
12	static int debug=0;
13
14	extern abac_list_t generate_pl_clauses(abac_role_t , abac_role_t *);
15	extern void panic(char*);
16	extern char generate_pl_type_clause(char , int);
17	void _add_yy_id_certs(char *, int);
18
19	abac_list_t *abac_yap_clauses=NULL;
20	/* this is to track individual id credentials */
21	abac_stack_t *abac_yap_id_clauses=NULL;
22
23	abac_role_t *abac_yap_head_role=NULL;
24	abac_role_t *abac_yap_tail_role=NULL;
25
26	/* XXX do we want to check whether the id cert is preexisting or not */
27	/* this is to track id certs within a rule clause */
28	typedef struct _abac_yy_id_cert_t {
29	char *principalname;
30	int type; /* keyidtype */
31	char *clause;
32
33	UT_hash_handle hh;
34	} abac_yy_id_cert_t;
35
36	abac_list_t *abac_yy_id_certs = NULL;
37
38	/* local principal structure [keyid:USC] */
39	struct _abac_yy_principal_t {
40	int type;
41	char *sha;
42	char *cn;
43	};
44
45	/* like [principal:?Z]:..., must match a principal name */
46	struct _abac_yy_param_principal_t {
47	int type; /* this needs to be implicitly determined */
48	char *name;
49	char *condition;
50	};
51
52	/* if has condition, then it is a variable,
53	ie,
54	[int:?Year]:<1930..1932>,
55	if no condition, then it is a constant,
56	ie,
57	[int:10]
58	*/
59	struct _abac_yy_param_data_t {
60	int is_variable;
61	int type;
62	char *name;
63	char *condition;
64	};
65
66	/* local dterm structure, will distinguish it in the future */
67	struct _abac_yy_dterm_t {
68	union {
69	abac_yy_principal_t *n_ptr;
70	abac_yy_param_principal_t *p_ptr;
71	abac_yy_param_data_t *d_ptr;
72	} term;
73	int type;
74	struct _abac_yy_dterm_t *next;
75	int bcnt; /* this is to track number of dterms in this linked up list */
76	};
77
78	/* local role structure */
79	struct _abac_yy_role_t {
80	int type;
81	char *name;
82	abac_yy_dterm_t *dterms;
83	struct _abac_yy_role_t *next;
84	int bcnt; /* this is to track number of roles in this linked up list */
85	};
86
87	struct _abac_yy_role_expression_t {
88	int rtype;
89	abac_yy_principal_t *principal;
90	abac_yy_role_t *linked_role;
91	abac_yy_role_t *role;
92	struct _abac_yy_role_expression_t *next;
93	int bcnt;
94	};
95
96	static void _free_yy_dterm(abac_yy_dterm_t *ptr);
97
98	/************************************************************************/
99	abac_stack_t *abac_get_yap_id_clauses()
100	{
101	return abac_yap_id_clauses;
102	}
103
104	abac_stack_t *abac_init_yap_id_clauses()
105	{
106	abac_yap_id_clauses=abac_stack_new();
107	return abac_yap_id_clauses;
108	}
109
110	void abac_free_yap_id_clauses()
111	{
112	if (abac_yap_id_clauses != NULL)
113	abac_stack_free(abac_yap_id_clauses);
114	}
115
116	void set_yap_clauses(abac_list_t *clauses)
117	{
118	abac_yap_clauses=clauses;
119	if(debug) {
120	printf("printing out abac_yap_clauses:\n");
121	abac_print_clauses(abac_yap_clauses);
122	}
123	}
124
125	abac_list_t *abac_get_yap_clauses()
126	{
127	return abac_yap_clauses;
128	}
129
130	void abac_free_yap_clauses()
131	{
132	if (abac_yap_clauses != NULL) {
133	char *cur;
134	abac_list_foreach(abac_yy_id_certs, cur,
135	if(cur) free(cur);
136	);
137	abac_list_free(abac_yap_clauses);
138	}
139	}
140
141	abac_role_t *abac_get_yap_head_role()
142	{
143	return abac_yap_head_role;
144	}
145
146	abac_role_t *abac_get_yap_tail_role()
147	{
148	return abac_yap_tail_role;
149	}
150
151	void abac_init_yy_id_certs()
152	{
153	abac_yy_id_certs = abac_list_new();
154	}
155
156	void abac_free_yy_id_certs()
157	{
158	abac_yy_id_cert_t *id;
159	abac_list_foreach(abac_yy_id_certs, id,
160	if(id)
161	free(id->principalname);
162	free(id->clause);
163	free(id);
164	);
165	abac_list_free(abac_yy_id_certs);
166	}
167
168	int abac_cnt_yy_id_certs()
169	{
170	return abac_list_size(abac_yy_id_certs);
171	}
172
173	char *abac_string_yy_id_certs()
174	{
175	int first=1;
176	char *tmp=NULL;
177	abac_yy_id_cert_t *cur;
178	abac_list_foreach(abac_yy_id_certs, cur,
179	if(cur)
180	if(first) {
181	tmp=abac_xstrdup(cur->clause);
182	first=0;
183	} else {
184	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
185	}
186	);
187	return tmp;
188	}
189
190	void _add_yy_id_certs(char *principalname, int type)
191	{
192	abac_yy_id_cert_t *id_cert=NULL;
193
194	int found=0;
195	abac_yy_id_cert_t *cur;
196	abac_list_foreach(abac_yy_id_certs, cur,
197	if(cur)
198	if(strcmp(cur->principalname,principalname)==0) {
199	found=1;
200	break;
201	}
202	);
203
204	if (found) {
205	return;
206	} else {
207	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
208	id_cert->principalname=abac_xstrdup(principalname);
209	id_cert->type=type;
210	id_cert->clause=generate_pl_type_clause(principalname,type);
211	abac_list_add(abac_yy_id_certs, id_cert);
212	}
213	}
214
215	/****************************************************************************/
216	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
217	{
218	abac_yy_principal_t *ptr=
219	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
220	ptr->sha=abac_xstrdup(sha);
221	ptr->cn=abac_xstrdup(cn);
222	ptr->type=type;
223	return ptr;
224	}
225
226	static void _free_yy_principal(abac_yy_principal_t *ptr)
227	{
228	free(ptr->sha);
229	if(ptr->cn)
230	free(ptr->cn);
231	free(ptr);
232	}
233
234	abac_yy_role_t make_yy_role(char name, abac_yy_dterm_t *dterms)
235	{
236	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
237	ptr->name=abac_xstrdup(name);
238	ptr->dterms=dterms;
239	ptr->next=NULL;
240	ptr->bcnt=1;
241	return ptr;
242	}
243
244	static void _free_yy_role(abac_yy_role_t *ptr)
245	{
246	free(ptr->name);
247	if(ptr->dterms)
248	_free_yy_dterm(ptr->dterms);
249	if(ptr->next)
250	_free_yy_role(ptr->next);
251	free(ptr);
252	}
253
254	abac_yy_role_expression_t *make_yy_role_expression(int rtype,
255	abac_yy_principal_t principal, abac_yy_role_t role, abac_yy_role_t *linked_role)
256	{
257	abac_yy_role_expression_t *ptr=
258	(abac_yy_role_expression_t*)abac_xmalloc(sizeof(abac_yy_role_expression_t));
259	ptr->rtype = rtype;
260	ptr->principal = principal;
261	ptr->role = role;
262	ptr->linked_role=linked_role;
263	ptr->next=NULL;
264
265	return ptr;
266	}
267
268	abac_yy_role_expression_t add_yy_role_expression(abac_yy_role_expression_t nexpr,
269	abac_yy_role_expression_t *exprs)
270	{
271	int i=exprs->bcnt;
272	nexpr->next=exprs;
273	nexpr->bcnt=i+1;
274	return nexpr;
275	}
276
277
278	static void _free_yy_role_expression(abac_yy_role_expression_t *ptr)
279	{
280	if(ptr->principal)
281	_free_yy_principal(ptr->principal);
282	if(ptr->role)
283	_free_yy_role(ptr->role);
284	if(ptr->linked_role)
285	_free_yy_role(ptr->linked_role);
286	if(ptr->next)
287	_free_yy_role_expression(ptr->next);
288
289	free(ptr);
290	}
291
292	abac_yy_param_data_t make_yy_param_data(char name, char* typestr)
293	{
294	int type=abac_verify_dterm_type(typestr);
295	abac_yy_param_data_t *ptr=
296	(abac_yy_param_data_t*)abac_xmalloc(sizeof(abac_yy_param_data_t));
297	ptr->name=abac_xstrdup(name);
298	ptr->type=type;
299	ptr->condition=NULL;
300	ptr->is_variable=0;
301	return ptr;
302	}
303
304	void set_yy_param_data_is_variable(abac_yy_param_data_t *ptr)
305	{
306	ptr->is_variable=1;
307	}
308
309	static void _free_yy_param_data(abac_yy_param_data_t *ptr)
310	{
311	free(ptr->name);
312	if(ptr->condition)
313	free(ptr->condition);
314	free(ptr);
315	}
316
317	abac_yy_param_principal_t make_yy_param_principal(char name)
318	{
319	abac_yy_param_principal_t *ptr=
320	(abac_yy_param_principal_t*)abac_xmalloc(sizeof(abac_yy_param_principal_t));
321	ptr->name=abac_xstrdup(name);
322	ptr->condition=NULL;
323	return ptr;
324	}
325
326	static void _free_yy_param_principal(abac_yy_param_principal_t *ptr)
327	{
328	free(ptr->name);
329	if(ptr->condition)
330	free(ptr->condition);
331	free(ptr);
332	}
333
334	abac_yy_dterm_t *make_yy_dterm_anonymous()
335	{
336	abac_yy_dterm_t ptr=(abac_yy_dterm_t)abac_xmalloc(sizeof(abac_yy_dterm_t));
337	ptr->type = DTERM_ANONYMOUS;
338	ptr->next=NULL;
339	ptr->bcnt=1;
340	return ptr;
341	}
342
343	abac_yy_dterm_t make_yy_dterm_principal(abac_yy_param_principal_t pptr)
344	{
345	abac_yy_dterm_t ptr=(abac_yy_dterm_t)abac_xmalloc(sizeof(abac_yy_dterm_t));
346	ptr->type = DTERM_PRINCIPAL;
347	ptr->term.p_ptr=pptr;
348	ptr->next=NULL;
349	ptr->bcnt=1;
350	return ptr;
351	}
352
353	abac_yy_dterm_t make_yy_dterm_named(abac_yy_principal_t nptr)
354	{
355	abac_yy_dterm_t ptr=(abac_yy_dterm_t)abac_xmalloc(sizeof(abac_yy_dterm_t));
356	ptr->type = DTERM_NAMED;
357	ptr->term.n_ptr=nptr;
358	ptr->next=NULL;
359	ptr->bcnt=1;
360	return ptr;
361	}
362
363	abac_yy_dterm_t make_yy_dterm_data(abac_yy_param_data_t dptr)
364	{
365	abac_yy_dterm_t ptr=(abac_yy_dterm_t)abac_xmalloc(sizeof(abac_yy_dterm_t));
366	ptr->type = DTERM_DATA;
367	ptr->term.d_ptr=dptr;
368	ptr->next=NULL;
369	ptr->bcnt=1;
370	return ptr;
371	}
372
373	abac_yy_dterm_t add_yy_dterm(abac_yy_dterm_t nterm, abac_yy_dterm_t *dterms)
374	{
375	int i=dterms->bcnt;
376	nterm->next=dterms;
377	nterm->bcnt=i+1;
378	return nterm;
379	}
380
381	static void _free_yy_dterm(abac_yy_dterm_t *ptr)
382	{
383	switch (ptr->type) {
384	case DTERM_DATA:
385	_free_yy_param_data(ptr->term.d_ptr);
386	break;
387	case DTERM_NAMED:
388	_free_yy_principal(ptr->term.n_ptr);
389	break;
390	case DTERM_PRINCIPAL:
391	_free_yy_param_principal(ptr->term.p_ptr);
392	break;
393	case DTERM_ANONYMOUS:
394	break;
395	}
396	if(ptr->next)
397	_free_yy_dterm(ptr->next);
398	free(ptr);
399	}
400
401	/****************************************************************/
402	static void _role_add_dterms(int linked, abac_role_t role, abac_yy_dterm_t dterms)
403	{
404	abac_yy_dterm_t *curr = dterms;
405	int type;
406	char *name=NULL;
407	char *cond=NULL;
408	while (curr) {
409	switch (curr->type) {
410	case DTERM_DATA:
411	{
412	abac_yy_param_data_t *ptr=curr->term.d_ptr;
413	type=ptr->type;
414	name=abac_xstrdup(ptr->name);
415	cond=abac_xstrdup(ptr->condition);
416	if(ptr->is_variable) {
417	/* XXX do some tracking */
418	}
419	break;
420	}
421	case DTERM_PRINCIPAL:
422	{
423	abac_yy_param_principal_t *ptr=curr->term.p_ptr;
424	type=abac_verify_dterm_type("principal");
425	name=abac_xstrdup(ptr->name);
426	cond=abac_xstrdup(ptr->condition);
427	/* XXX variable one, do some tracking */
428	break;
429	}
430	case DTERM_NAMED:
431	{
432	abac_yy_principal_t *ptr=curr->term.n_ptr;
433	type=ptr->type;
434	/* XXX should be switching to sha in the future */
435	name=abac_xstrdup(ptr->cn);
436	cond=NULL;
437	break;
438	}
439	case DTERM_ANONYMOUS:
440	{
441	type=0;
442	name=abac_xstrdup("_");
443	cond=NULL;
444	break;
445	}
446	}
447	if (linked)
448	abac_role_role_add_linked_param(role, type, name, cond);
449	else
450	abac_role_role_add_param(role, type, name, cond);
451	curr=curr->next;
452	}
453	}
454
455	static void _role_add_linked_dterms(abac_role_t role, abac_yy_dterm_t dterms)
456	{
457	int linked=1;
458	_role_add_dterms(linked, role, dterms);
459	}
460
461	static void _role_add_role_dterms(abac_role_t role, abac_yy_dterm_t dterms)
462	{
463	int linked=0;
464	_role_add_dterms(linked, role, dterms);
465	}
466
467
468	abac_role_t validate_intersected_tail_role(abac_role_t role)
469	{
470	abac_role_t *ret_role=NULL;
471	abac_list_t *prereqs = abac_list_new();
472	abac_list_add(prereqs, role);
473	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
474	return ret_role;
475	}
476
477	abac_role_t validate_head_role(abac_yy_role_expression_t expr)
478	{
479	abac_yy_principal_t *principal=expr->principal;
480	abac_yy_role_t *role=expr->role;
481
482	char *principalname=principal->sha;
483	char *rolename=role->name;
484	abac_yy_dterm_t *dterms=role->dterms;
485	abac_role_t *ret_role=NULL;
486
487	ret_role=abac_role_role_new(principalname, rolename);
488	if (ret_role==NULL) {
489	set_error_code(ABAC_RT_ROLE_INVALID);
490	goto error;
491	}
492	if (!abac_role_is_role(ret_role)) {
493	set_error_code(ABAC_RT_CERT_INVALID);
494	goto error;
495	}
496	// insert the params for the role
497	if(dterms) {
498	_role_add_role_dterms(ret_role, dterms);
499	}
500
501	_add_yy_id_certs(principal->cn,principal->type);
502
503	return ret_role;
504
505	error:
506	return NULL;
507	}
508
509	abac_role_t validate_named_tail_role(abac_yy_role_expression_t expr)
510	{
511	abac_yy_principal_t *principal=expr->principal;
512	char *principalname=principal->sha;
513	abac_role_t *ret_role=NULL;
514
515	ret_role = abac_role_principal_new(principalname);
516
517	_add_yy_id_certs(principal->cn,principal->type);
518
519	if (ret_role==NULL)
520	goto error;
521	return ret_role;
522
523	error:
524	panic("can not generate a simple named tail role");
525	return NULL;
526	}
527
528	abac_role_t validate_role_tail_role(abac_yy_role_expression_t expr)
529	{
530	abac_yy_principal_t *principal=expr->principal;
531	abac_yy_role_t *role=expr->role;
532
533	char *principalname=principal->sha;
534
535	char *rolename=role->name;
536	abac_yy_dterm_t *dterms=role->dterms;
537
538	int ret;
539	abac_role_t *ret_role=NULL;
540
541	ret_role = abac_role_role_new(principalname, rolename);
542	if (ret_role==NULL)
543	goto error;
544
545	if(dterms) {
546	_role_add_role_dterms(ret_role, dterms);
547	}
548
549	_add_yy_id_certs(principal->cn,principal->type);
550
551	return ret_role;
552
553	error:
554	panic("can not generate a simple tail role");
555	return NULL;
556	}
557	/* need to validate/generate a linked role out of this */
558	abac_role_t validate_linked_tail_role(abac_yy_role_expression_t expr)
559	{
560	abac_yy_principal_t *principal=expr->principal;
561	abac_yy_role_t *role=expr->role;
562	abac_yy_role_t *linked_role=expr->linked_role;
563
564	char *principalname=principal->sha;
565
566	char *rolename=role->name;
567	abac_yy_dterm_t *dterms=role->dterms;
568
569	char *linkedrolename=linked_role->name;
570	abac_yy_dterm_t *linked_dterms=linked_role->dterms;
571
572	int ret;
573	abac_role_t *ret_role=NULL;
574
575	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
576	if (ret_role==NULL)
577	goto error;
578
579	if(linked_dterms) {
580	_role_add_linked_dterms(ret_role, linked_dterms);
581	}
582	if(dterms) {
583	_role_add_role_dterms(ret_role, dterms);
584	}
585
586	_add_yy_id_certs(principal->cn,principal->type);
587
588	return ret_role;
589
590	error:
591	panic("can not generate linked tail role");
592	return NULL;
593	}
594
595
596	abac_list_t make_statement(abac_yy_role_expression_t headexpr,
597	abac_yy_role_expression_t *tailexpr)
598	{
599	abac_role_t *head_role=NULL;
600	abac_role_t *tail_role=NULL;
601
602	/* build up left side's abac role structure */
603	head_role=validate_head_role(headexpr);
604	if(head_role == NULL)
605	goto error;
606
607	/* build up the right side's abac role structure */
608	abac_yy_role_expression_t *curr_tail = tailexpr;
609	int intersecting=(tailexpr->next != NULL)? 1:0;
610	abac_role_t *curr_role = NULL;
611	while (curr_tail) {
612	switch(curr_tail->rtype) {
613	case EXPR_NAMED:
614	curr_role=validate_named_tail_role(curr_tail);
615	break;
616	case EXPR_ROLE:
617	curr_role=validate_role_tail_role(curr_tail);
618	break;
619	case EXPR_LINKED:
620	curr_role=validate_linked_tail_role(curr_tail);
621	break;
622	}
623	if(curr_role==NULL)
624	goto error;
625
626	/* check if first one */
627	if(tail_role==NULL) {
628	if(intersecting)
629	tail_role=validate_intersected_tail_role(curr_role);
630	else
631	tail_role=curr_role;
632	} else {
633	abac_role_add_intersecting_role(tail_role,curr_role);
634	}
635	curr_tail=curr_tail->next;
636	} /* while */
637
638	/* collect up type clauses and generate rule clauses */
639	abac_list_t *tmp=generate_pl_clauses(head_role,tail_role);
640	if(tmp == NULL)
641	goto error;
642
643	if(debug) {
644	abac_print_role_string_with_condition(head_role);
645	abac_print_role_string_with_condition(tail_role);
646	}
647
648	_free_yy_role_expression(headexpr);
649	_free_yy_role_expression(tailexpr);
650	abac_yap_head_role=head_role;
651	abac_yap_tail_role=tail_role;
652	return tmp;
653
654	error:
655	_free_yy_role_expression(headexpr);
656	_free_yy_role_expression(tailexpr);
657	if(head_role)
658	abac_role_free(head_role);
659	if(tail_role)
660	abac_role_free(tail_role);
661	return NULL;
662	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac_pl_yy.c @ a9494ad

Download in other formats: