Context Navigation

source: libabac/abac_pl_yy.c @ c586a3c

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since c586a3c was c586a3c, checked in by Mei <mei@…>, 12 years ago
1) add support for float static range constraint 2) add a testcase for testing float static range constraint 3) add runall-fast (skipping the creddy part)
Property mode set to `100644`
File size: 37.5 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	extern void panic(char*);
14
15	/* from abac_pl_gen.c */
16	extern char generate_pl_range_constraint_clause(char ,char ,char ,char *);
17	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
18	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
19	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
20	extern char* generate_pl_role_constraint_clause(abac_role_t , char );
21	extern char generate_pl_type_clause(char , int);
22	/* from rt2.y */
23	extern void abac_yyinit();
24
25	int abac_yy_error_code = 0; /* keeping last error code */
26
27	int abac_rule_is_oset=0;
28	abac_list_t *abac_rule_clauses=NULL;
29	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
30	abac_role_t *abac_rule_head_role=NULL;
31	abac_role_t *abac_rule_tail_role=NULL;
32	abac_oset_t *abac_rule_head_oset=NULL;
33	abac_oset_t *abac_rule_tail_oset=NULL;
34
35	/* to track id certs within a rule clause */
36	typedef struct _abac_yy_id_cert_t {
37	char *principalname;
38	int type; /* keyidtype */
39	char *clause;
40	} abac_yy_id_cert_t;
41	abac_list_t *abac_yy_id_certs = NULL;
42
43	/* structure to hold the range information
44	within a static constraints on few types of
45	oset types
46	[a..b], [a..], [..b], [a],[a,b],[many a]
47	e_yy_RANGE_MIN=1;
48	e_yy_RANGE_MAX=2;
49	e_yy_RANGE_TARGET=3;
50	*/
51	typedef struct _abac_yy_range_t {
52	int type;
53	char *val;
54	} abac_yy_range_t;
55
56	/* to track role/oset constraint clauses used within a rule clause,
57	collect them up in one place */
58	typedef struct _abac_yy_constraint_t {
59	char *clause;
60	} abac_yy_constraint_t;
61	abac_list_t *abac_yy_constraints = NULL;
62
63	/* local principal structure [keyid:USC] */
64	struct _abac_yy_principal_t {
65	int type;
66	char *sha; // sha is null when this is of object type
67	char *cn;
68	};
69
70	/* [principal:?Z]:..., must match a principal name */
71	struct _abac_yy_term_principal_t {
72	int type; /* this needs to be implicitly determined */
73	char *name;
74	char *cond_str;
75	void *cond_ptr; // ptr to a saved abac_role_t
76	abac_yy_expression_t *cond_head_expr;
77	};
78
79	/* integer,float,time,urn,string types,
80	if has condition, then it is a variable,
81	ie,
82	[int:?Year]:<1930..1932>,
83	if no condition, then it is a constant,
84	ie,
85	[int:10]
86	*/
87	struct _abac_yy_term_data_t {
88	int is_variable;
89	int type;
90	char *name;
91	char *cond_str;
92	void *cond_ptr; // ptr to a saved abac_oset_t
93	abac_list_t *cond_range;
94	abac_yy_expression_t *cond_head_expr; // parking stub
95	};
96
97	/* local term structure, will distinguish it in the future */
98	/* e_yy_DTERM_DATA, all other types
99	e_yy_DTERM_NAMED, keyid:bob
100	e_yy_DTERM_PRINCIPAL, principal:?P
101	e_yy_DTERM_ANONYMOUS ? */
102	struct _abac_yy_term_t {
103	union {
104	abac_yy_principal_t *n_ptr;
105	abac_yy_term_principal_t *p_ptr;
106	abac_yy_term_data_t *d_ptr;
107	} term;
108	int type;
109	struct _abac_yy_term_t *next;
110	int bcnt; /* this is to track number of terms in this linked up list */
111	};
112
113	/* local role structure */
114	struct _abac_yy_role_t {
115	int type;
116	char *name;
117	abac_yy_term_t *terms;
118	struct _abac_yy_role_t *next;
119	int bcnt; /* this is to track number of roles in this linked up list */
120	};
121
122	/* local oset structure */
123	struct _abac_yy_oset_t {
124	int type;
125	char *name;
126	abac_yy_term_t *terms;
127	struct _abac_yy_oset_t *next;
128	int bcnt; /* this is to track number of oset in this linked up list */
129	};
130
131	/* A, A.r, A.r.r */
132	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
133	/* A/obj, A.o, A.r.o */
134	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
135	struct _abac_yy_expression_t {
136	int type;
137	union {
138	abac_yy_principal_t *principal;
139	abac_yy_term_data_t *object;
140	};
141	abac_yy_role_t *linked_role;
142	union {
143	abac_yy_role_t *role;
144	abac_yy_oset_t *oset;
145	};
146	struct _abac_yy_expression_t *next;
147	int bcnt;
148	};
149
150	static void _free_yy_expression(abac_yy_expression_t *);
151
152	/************************************************************************/
153	void abac_yy_set_error_code(int v)
154	{
155	abac_yy_error_code=v;
156	}
157
158	/************************************************************************/
159	abac_stack_t *abac_yy_get_rule_id_clauses()
160	{
161	return abac_rule_id_clauses;
162	}
163
164	abac_stack_t *abac_yy_init_rule_id_clauses()
165	{
166	abac_rule_id_clauses=abac_stack_new();
167	return abac_rule_id_clauses;
168	}
169
170	void abac_yy_free_rule_id_clauses()
171	{
172	if (abac_rule_id_clauses != NULL)
173	abac_stack_free(abac_rule_id_clauses);
174	}
175
176	void abac_yy_set_rule_clauses(abac_list_t *clauses)
177	{
178	abac_rule_clauses=clauses;
179	if(debug) {
180	printf("printing out abac_rule_clauses:\n");
181	abac_print_clauses(abac_rule_clauses,NULL);
182	}
183	}
184
185	abac_list_t *abac_yy_get_rule_clauses()
186	{
187	return abac_rule_clauses;
188	}
189
190	void abac_yy_free_rule_clauses()
191	{
192	if (abac_rule_clauses != NULL) {
193	char *cur;
194	abac_list_foreach(abac_yy_id_certs, cur,
195	if(cur) free(cur);
196	);
197	abac_list_free(abac_rule_clauses);
198	}
199	}
200
201	int abac_yy_get_rule_is_oset()
202	{
203	return abac_rule_is_oset;
204	}
205
206	abac_role_t *abac_yy_get_rule_head_role()
207	{
208	return abac_rule_head_role;
209	}
210
211	abac_role_t *abac_yy_get_rule_tail_role()
212	{
213	return abac_rule_tail_role;
214	}
215
216	abac_oset_t *abac_yy_get_rule_head_oset()
217	{
218	return abac_rule_head_oset;
219	}
220
221	abac_oset_t *abac_yy_get_rule_tail_oset()
222	{
223	return abac_rule_tail_oset;
224	}
225
226
227	/************************************************************************/
228	void abac_yy_init_yy_id_certs()
229	{
230	abac_yy_id_certs = abac_list_new();
231	}
232
233	void abac_yy_free_yy_id_certs()
234	{
235	abac_yy_id_cert_t *id;
236	abac_list_foreach(abac_yy_id_certs, id,
237	if(id)
238	free(id->principalname);
239	free(id->clause);
240	free(id);
241	);
242	abac_list_free(abac_yy_id_certs);
243	abac_yy_id_certs = NULL;
244	}
245
246	int abac_yy_cnt_yy_id_certs()
247	{
248	return abac_list_size(abac_yy_id_certs);
249	}
250
251	char *abac_yy_string_yy_id_certs()
252	{
253	int first=1;
254	char *tmp=NULL;
255	abac_yy_id_cert_t *cur;
256	abac_list_foreach(abac_yy_id_certs, cur,
257	if(cur)
258	if(first) {
259	tmp=abac_xstrdup(cur->clause);
260	first=0;
261	} else {
262	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
263	}
264	);
265	return tmp;
266	}
267
268	static void _add_yy_id_certs(char *principalname, int type)
269	{
270	abac_yy_id_cert_t *id_cert=NULL;
271
272	int found=0;
273	abac_yy_id_cert_t *cur;
274	abac_list_foreach(abac_yy_id_certs, cur,
275	if(cur)
276	if(strcmp(cur->principalname,principalname)==0) {
277	found=1;
278	break;
279	}
280	);
281
282	if (found) {
283	return;
284	} else {
285	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
286	id_cert->principalname=abac_xstrdup(principalname);
287	id_cert->type=type;
288	id_cert->clause=generate_pl_type_clause(principalname,type);
289	abac_list_add(abac_yy_id_certs, id_cert);
290	}
291	}
292
293	/***********************************************************************/
294	static void _free_yy_cond_range(abac_list_t *ptr)
295	{
296	if (ptr != NULL) {
297	abac_yy_range_t *cur;
298	abac_list_foreach(ptr, cur,
299	if(cur && cur->val) free(cur->val);
300	free(cur);
301	);
302	abac_list_free(ptr);
303	}
304	}
305
306	static char _string_yy_cond_range(abac_list_t ptr)
307	{
308	assert(ptr);
309	char *tmp=NULL;
310	char *min=NULL;
311	char *max=NULL;
312	char *val=NULL;
313	int type;
314
315	abac_yy_range_t *cur;
316	abac_list_foreach(ptr, cur,
317	type=cur->type;
318	val=cur->val;
319	switch (type) {
320	case e_yy_RANGE_MIN:
321	min=strdup(cur->val);
322	break;
323	case e_yy_RANGE_MAX:
324	max=strdup(cur->val);
325	break;
326	case e_yy_RANGE_TARGET:
327	if(val)
328	asprintf(&val,"%s,%s",val,cur->val);
329	else val=strdup(cur->val);
330	break;
331	}
332	);
333	if(max && min) {
334	asprintf(&tmp,"[%s..%s]",min,max);
335	free(max);
336	free(min);
337	return tmp;
338	}
339	if(max) {
340	asprintf(&tmp,"[..%s]",max);
341	free(max);
342	return tmp;
343	}
344	if(min) {
345	asprintf(&tmp,"[%s..]",min);
346	free(min);
347	return tmp;
348	}
349	if(val) {
350	asprintf(&tmp,"[%s]",val);
351	free(val);
352	return tmp;
353	}
354	return NULL;
355	}
356
357	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
358	{
359	abac_yy_range_t *range=
360	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
361	range->type=e_yy_RANGE_TARGET;
362	range->val=strdup(val);
363	abac_list_add(ptr, range);
364	return ptr;
365	}
366
367	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
368	{
369	abac_yy_range_t *range=
370	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
371	range->type=type;
372	range->val=strdup(val);
373	abac_list_add(ptr, range);
374	return ptr;
375	}
376
377	abac_list_t make_yy_val_range(char val)
378	{
379	abac_list_t *ptr=abac_list_new();
380	add_yy_val_range(ptr,val);
381	return ptr;
382	}
383
384	abac_list_t make_yy_minmax_range(char min, char *max)
385	{
386	abac_list_t *ptr=abac_list_new();
387	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
388	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
389	return ptr;
390	}
391
392	abac_list_t make_yy_min_range(char min)
393	{
394	abac_list_t *ptr=abac_list_new();
395	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
396	return ptr;
397	}
398
399	abac_list_t make_yy_max_range(char max)
400	{
401	abac_list_t *ptr=abac_list_new();
402	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
403	return ptr;
404	}
405
406	/***********************************************************************/
407	abac_yy_term_data_t make_yy_term_data(char name)
408	{
409	abac_yy_term_data_t *ptr=
410	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
411	ptr->name=abac_xstrdup(name);
412	ptr->type=0;
413	ptr->is_variable=0;
414	ptr->cond_str=NULL;
415	ptr->cond_head_expr=NULL;
416	ptr->cond_ptr=NULL;
417	ptr->cond_range=NULL;
418	return ptr;
419	}
420
421	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
422	{
423	return ptr->cond_range;
424	}
425
426	char get_yy_term_data_name(abac_yy_term_data_t ptr)
427	{
428	return ptr->name;
429	}
430
431	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
432	{
433	if(ptr->cond_head_expr != NULL)
434	return 1;
435	if(ptr->cond_range != NULL)
436	return 1;
437	return 0;
438	}
439
440	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
441	abac_list_t *range)
442	{
443	ptr->cond_range=range;
444	}
445
446	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
447	abac_yy_expression_t *expr)
448	{
449	ptr->cond_head_expr=expr;
450	}
451
452	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
453	{
454	return ptr->cond_head_expr;
455	}
456
457	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
458	{
459	int type=abac_term_verify_term_type(typestr);
460	ptr->type=type;
461	}
462
463	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
464	{
465	ptr->cond_ptr=vptr;
466	}
467
468	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
469	{
470	ptr->cond_str=strdup(cond);
471	}
472
473	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
474	{
475	ptr->is_variable=1;
476	}
477
478	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
479	{
480	return ptr->is_variable;
481	}
482
483	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
484	{
485	free(ptr->name);
486	if(ptr->cond_str)
487	free(ptr->cond_str);
488	if(ptr->cond_head_expr)
489	_free_yy_expression(ptr->cond_head_expr);
490	if(ptr->cond_range);
491	_free_yy_cond_range(ptr->cond_range);
492	free(ptr);
493	}
494
495	abac_yy_term_principal_t make_yy_term_principal(char name)
496	{
497	abac_yy_term_principal_t *ptr=
498	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
499	ptr->type=0;/* this is not known */
500	ptr->name=abac_xstrdup(name);
501	ptr->cond_str=NULL;
502	ptr->cond_head_expr=NULL;
503	return ptr;
504	}
505
506	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
507	{
508	ptr->cond_ptr=vptr;
509	}
510
511	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
512	{
513	ptr->cond_str=abac_xstrdup(cond);
514	}
515
516	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
517	{
518	return ptr->cond_head_expr;
519	}
520
521	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
522	abac_yy_expression_t *expr)
523	{
524	ptr->cond_head_expr=expr;
525	}
526
527	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
528	{
529	free(ptr->name);
530	if(ptr->cond_str)
531	free(ptr->cond_str);
532	if(ptr->cond_head_expr)
533	_free_yy_expression(ptr->cond_head_expr);
534	free(ptr);
535	}
536
537	abac_yy_term_t *make_yy_term_dterm_anonymous()
538	{
539	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
540	ptr->type = e_yy_DTERM_ANONYMOUS;
541	ptr->next=NULL;
542	ptr->bcnt=1;
543	return ptr;
544	}
545
546	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
547	{
548	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
549	ptr->type = e_yy_DTERM_PRINCIPAL;
550	ptr->term.p_ptr=pptr;
551	ptr->next=NULL;
552	ptr->bcnt=1;
553	return ptr;
554	}
555
556	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
557	{
558	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
559	ptr->type = e_yy_DTERM_NAMED;
560	ptr->term.n_ptr=nptr;
561	ptr->next=NULL;
562	ptr->bcnt=1;
563	return ptr;
564	}
565
566	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
567	{
568	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
569	ptr->type = e_yy_DTERM_DATA;
570	ptr->term.d_ptr=dptr;
571	ptr->next=NULL;
572	ptr->bcnt=1;
573	return ptr;
574	}
575
576	/************************************************************************/
577	void abac_yy_init_yy_constraints()
578	{
579	abac_yy_constraints = abac_list_new();
580	}
581
582	void abac_yy_free_yy_constraints()
583	{
584	abac_yy_constraint_t *cur;
585	abac_list_foreach(abac_yy_constraints, cur,
586	if(cur && cur->clause)
587	free(cur->clause);
588	free(cur);
589	);
590	abac_list_free(abac_yy_constraints);
591	abac_yy_constraints=NULL;
592	}
593
594	int abac_yy_cnt_yy_constraints()
595	{
596	return abac_list_size(abac_yy_constraints);
597	}
598
599	char *abac_yy_string_yy_constraints()
600	{
601	int first=1;
602	char *tmp=NULL;
603	abac_yy_constraint_t *cur;
604	abac_list_foreach(abac_yy_constraints, cur,
605	if(cur && cur->clause)
606	if(first) {
607	tmp=abac_xstrdup(cur->clause);
608	first=0;
609	} else {
610	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
611	}
612	);
613	return tmp;
614	}
615
616	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
617	{
618	abac_yy_constraint_t *ptr=
619	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
620	ptr->clause=strdup(constraint);
621	abac_list_add(abac_yy_constraints, ptr);
622	return ptr;
623	}
624
625	/****************************************************************************/
626	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
627	{
628	abac_yy_principal_t *ptr=
629	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
630	ptr->sha=abac_xstrdup(sha);
631	ptr->cn=abac_xstrdup(cn);
632	ptr->type=type;
633	return ptr;
634	}
635
636	static void _free_yy_principal(abac_yy_principal_t *ptr)
637	{
638	free(ptr->sha);
639	if(ptr->cn)
640	free(ptr->cn);
641	free(ptr);
642	}
643
644	int get_yy_principal_type(abac_yy_principal_t *ptr)
645	{
646	return ptr->type;
647	}
648
649	char get_yy_principal_principalname(abac_yy_principal_t ptr)
650	{
651	if(ptr->sha == NULL)
652	return ptr->cn;
653	return ptr->sha;
654	}
655
656	/*************************************************************************/
657
658	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
659	{
660	int i=terms->bcnt;
661	nterm->next=terms;
662	nterm->bcnt=i+1;
663	return nterm;
664	}
665
666	static void _free_yy_term(abac_yy_term_t *ptr)
667	{
668	switch (ptr->type) {
669	case e_yy_DTERM_DATA:
670	_free_yy_term_data(ptr->term.d_ptr);
671	break;
672	case e_yy_DTERM_NAMED:
673	_free_yy_principal(ptr->term.n_ptr);
674	break;
675	case e_yy_DTERM_PRINCIPAL:
676	_free_yy_term_principal(ptr->term.p_ptr);
677	break;
678	case e_yy_DTERM_ANONYMOUS:
679	break;
680	}
681	if(ptr->next)
682	_free_yy_term(ptr->next);
683	free(ptr);
684	}
685
686	/*************************************************************************/
687
688	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
689	{
690	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
691	ptr->name=abac_xstrdup(name);
692	ptr->terms=terms;
693	ptr->next=NULL;
694	ptr->bcnt=1;
695	return ptr;
696	}
697
698	static void _free_yy_role(abac_yy_role_t *ptr)
699	{
700	free(ptr->name);
701	if(ptr->terms)
702	_free_yy_term(ptr->terms);
703	if(ptr->next)
704	_free_yy_role(ptr->next);
705	free(ptr);
706	}
707
708	/***************************************************************************/
709	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
710	{
711	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
712	ptr->name=abac_xstrdup(name);
713	ptr->terms=terms;
714	ptr->next=NULL;
715	ptr->bcnt=1;
716	return ptr;
717	}
718
719	static void _free_yy_oset(abac_yy_oset_t *ptr)
720	{
721	free(ptr->name);
722	if(ptr->terms)
723	_free_yy_term(ptr->terms);
724	if(ptr->next)
725	_free_yy_oset(ptr->next);
726	free(ptr);
727	}
728	/***************************************************************************/
729
730	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
731
732	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
733	{
734	abac_yy_expression_t *ptr=
735	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
736	ptr->type = type;
737	if(type == e_yy_EXPR_OBJECT) {
738	ptr->object=(abac_yy_term_data_t *)pptr;
739	} else {
740	ptr->principal = (abac_yy_principal_t *)pptr;
741	}
742	if(type == e_yy_EXPR_OSET)
743	ptr->oset = (abac_yy_oset_t *) optr;
744	else
745	ptr->role = (abac_yy_role_t *) optr;
746	ptr->linked_role=linked_role;
747	ptr->next=NULL;
748
749	return ptr;
750	}
751
752	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
753	{
754	if(ptr->type == e_yy_EXPR_OBJECT)
755	return ptr->object;
756	return NULL;
757	}
758
759	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
760	abac_yy_expression_t *exprs)
761	{
762	int i=exprs->bcnt;
763	nexpr->next=exprs;
764	nexpr->bcnt=i+1;
765	return nexpr;
766	}
767
768	static void _free_yy_expression(abac_yy_expression_t *ptr)
769	{
770	if(ptr->type == e_yy_EXPR_OBJECT) {
771	if(ptr->object)
772	_free_yy_term_data(ptr->object);
773	} else {
774	if(ptr->principal)
775	_free_yy_principal(ptr->principal);
776	}
777	if(ptr->type == e_yy_EXPR_OSET) {
778	if(ptr->oset)
779	_free_yy_oset(ptr->oset);
780	} else {
781	if(ptr->role)
782	_free_yy_role(ptr->role);
783	}
784	if(ptr->linked_role)
785	_free_yy_role(ptr->linked_role);
786	if(ptr->next)
787	_free_yy_expression(ptr->next);
788
789	free(ptr);
790	}
791
792	/***************************************************************************/
793	static void _oset_add_terms(int linked, abac_oset_t *oset,
794	abac_yy_term_t *terms)
795	{
796	abac_yy_term_t *curr = terms;
797	int type;
798	char *name=NULL;
799	char *cond=NULL;
800	void *ptr=NULL;
801	while (curr) {
802	switch (curr->type) {
803	case e_yy_DTERM_DATA:
804	{
805	abac_yy_term_data_t *ptr=curr->term.d_ptr;
806	type=ptr->type;
807	name=abac_xstrdup(ptr->name);
808	cond=abac_xstrdup(ptr->cond_str);
809	ptr=ptr->cond_ptr;
810	break;
811	}
812	case e_yy_DTERM_PRINCIPAL:
813	{
814	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
815	type=abac_term_verify_term_type("principal");
816	name=abac_xstrdup(ptr->name);
817	cond=abac_xstrdup(ptr->cond_str);
818	ptr=ptr->cond_ptr;
819	break;
820	}
821	case e_yy_DTERM_NAMED:
822	{
823	abac_yy_principal_t *ptr=curr->term.n_ptr;
824	type=ptr->type;
825	/* XXX should be switching to sha in the future */
826	name=abac_xstrdup(ptr->cn);
827	cond=NULL;
828	ptr=NULL;
829	break;
830	}
831	case e_yy_DTERM_ANONYMOUS:
832	{
833	type=0;
834	name=abac_xstrdup("_");
835	cond=NULL;
836	ptr=NULL;
837	break;
838	}
839	}
840
841	abac_term_t *param=abac_term_new(type,name,cond,ptr);
842	if (linked)
843	abac_oset_oset_add_linked_param(oset, param);
844	else
845	abac_oset_oset_add_param(oset, param);
846	curr=curr->next;
847	}
848	}
849
850	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
851	{
852	int linked=1;
853	_oset_add_terms(linked, oset, terms);
854	}
855
856	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
857	{
858	int linked=0;
859	_oset_add_terms(linked, oset, terms);
860	}
861
862
863	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
864	{
865	abac_oset_t *ret_oset=NULL;
866	abac_list_t *prereqs = abac_list_new();
867	abac_list_add(prereqs, oset);
868	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
869	return ret_oset;
870	}
871
872	/* A.oset */
873	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
874	{
875	abac_yy_principal_t *principal=expr->principal;
876	abac_yy_oset_t *oset=expr->oset;
877
878	char *principalname=get_yy_principal_principalname(principal);
879	char *osetname=oset->name;
880	abac_yy_term_t *terms=oset->terms;
881
882	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
883	if (ret_oset==NULL) {
884	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
885	goto error;
886	}
887	if (!abac_oset_is_oset(ret_oset)) {
888	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
889	goto error;
890	}
891	// insert the params for the oset
892	if(terms) {
893	_oset_add_oset_terms(ret_oset, terms);
894	}
895	_add_yy_id_certs(principal->cn,principal->type);
896
897	return ret_oset;
898
899	error:
900	return NULL;
901	}
902
903	/* B */
904	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
905	{
906	abac_yy_principal_t *principal=expr->principal;
907	char *principalname=principal->sha;
908	abac_oset_t *ret_oset=NULL;
909
910	ret_oset = abac_oset_principal_new(principalname);
911
912	_add_yy_id_certs(principal->cn,principal->type);
913
914	if (ret_oset==NULL)
915	goto error;
916	return ret_oset;
917
918	error:
919	panic("can not generate a simple named tail oset");
920	return NULL;
921	}
922
923
924	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
925	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
926	{
927	abac_yy_term_data_t *object=get_yy_expression_object(expr);
928	assert(object != NULL);
929
930	char *name=object->name;
931	int type=object->type;
932	char *cond=object->cond_str;
933	void *ptr=object->cond_ptr;
934	abac_term_t *term=abac_term_new(type,name,cond,ptr);
935	abac_oset_t *ret_oset=abac_oset_object_new(term);
936
937	if(get_yy_term_data_is_variable(object))
938	_add_yy_id_certs(name,type);
939
940	if (ret_oset==NULL)
941	goto error;
942	return ret_oset;
943
944	error:
945	panic("can not generate a simple object tail oset");
946	return NULL;
947	}
948
949
950	/* B.oset */
951	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
952	{
953	abac_yy_principal_t *principal=expr->principal;
954	abac_yy_oset_t *oset=expr->oset;
955
956	char *principalname=principal->sha;
957
958	char *osetname=oset->name;
959	abac_yy_term_t *terms=oset->terms;
960
961	int ret;
962	abac_oset_t *ret_oset=NULL;
963
964	ret_oset = abac_oset_oset_new(principalname, osetname);
965	if (ret_oset==NULL)
966	goto error;
967
968	if(terms) {
969	_oset_add_oset_terms(ret_oset, terms);
970	}
971
972	_add_yy_id_certs(principal->cn,principal->type);
973
974	return ret_oset;
975
976	error:
977	panic("can not generate a simple tail oset");
978	return NULL;
979	}
980
981	/* B.role.oset */
982	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
983	{
984	abac_yy_principal_t *principal=expr->principal;
985	abac_yy_oset_t *oset=expr->oset;
986	abac_yy_role_t *linked_role=expr->linked_role;
987
988	char *principalname=principal->sha;
989
990	char *osetname=oset->name;
991	abac_yy_term_t *terms=oset->terms;
992
993	char *linkedrolename=linked_role->name;
994	abac_yy_term_t *linked_terms=linked_role->terms;
995
996	int ret;
997	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
998	linkedrolename, osetname);
999	if (ret_oset==NULL)
1000	goto error;
1001
1002	if(linked_terms) {
1003	_oset_add_linked_terms(ret_oset, linked_terms);
1004	}
1005	if(terms) {
1006	_oset_add_oset_terms(ret_oset, terms);
1007	}
1008
1009	_add_yy_id_certs(principal->cn,principal->type);
1010
1011	return ret_oset;
1012
1013	error:
1014	panic("can not generate linked tail oset");
1015	return NULL;
1016	}
1017
1018
1019
1020	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
1021	abac_yy_expression_t *tailexpr)
1022	{
1023	abac_oset_t *head_oset=NULL;
1024	abac_oset_t *tail_oset=NULL;
1025
1026	/* build up left side's abac oset structure */
1027	head_oset=validate_head_oset(headexpr);
1028	if(head_oset == NULL)
1029	goto error;
1030
1031	/* build up the right side's abac oset structure */
1032	abac_yy_expression_t *curr_tail = tailexpr;
1033	int intersecting=(tailexpr->next != NULL)? 1:0;
1034	abac_oset_t *curr_oset = NULL;
1035	while (curr_tail) {
1036	switch(curr_tail->type) {
1037	case e_yy_EXPR_OBJECT:
1038	curr_oset=validate_object_tail_oset(curr_tail);
1039	break;
1040	case e_yy_EXPR_NAMED:
1041	curr_oset=validate_named_tail_oset(curr_tail);
1042	break;
1043	case e_yy_EXPR_OSET:
1044	curr_oset=validate_oset_tail_oset(curr_tail);
1045	break;
1046	case e_yy_EXPR_LINKED:
1047	curr_oset=validate_linked_tail_oset(curr_tail);
1048	break;
1049	}
1050	if(curr_oset==NULL)
1051	goto error;
1052
1053	/* check if first one */
1054	if(tail_oset==NULL) {
1055	if(intersecting)
1056	tail_oset=validate_intersected_tail_oset(curr_oset);
1057	else
1058	tail_oset=curr_oset;
1059	} else {
1060	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
1061	}
1062	curr_tail=curr_tail->next;
1063	} /* while */
1064
1065	/* XXX collect up type clauses, constraint clauses and
1066	generate rule clauses */
1067	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
1068	if(tmp == NULL)
1069	goto error;
1070
1071	if(debug) {
1072	abac_print_oset_string_with_condition(head_oset,NULL);
1073	abac_print_oset_string_with_condition(tail_oset,NULL);
1074	}
1075
1076	_free_yy_expression(headexpr);
1077	_free_yy_expression(tailexpr);
1078	abac_rule_head_oset=head_oset;
1079	abac_rule_tail_oset=tail_oset;
1080	abac_rule_is_oset=1;
1081	return tmp;
1082
1083	error:
1084	_free_yy_expression(headexpr);
1085	_free_yy_expression(tailexpr);
1086	if(head_oset)
1087	abac_oset_free(head_oset);
1088	if(tail_oset)
1089	abac_oset_free(tail_oset);
1090	return NULL;
1091	}
1092
1093	/****************************************************************/
1094	static void _role_add_terms(int linked, abac_role_t *role,
1095	abac_yy_term_t *terms)
1096	{
1097	abac_yy_term_t *curr = terms;
1098	int type;
1099	char *name=NULL;
1100	char *cond=NULL;
1101	void *ptr=NULL;
1102	while (curr) {
1103	switch (curr->type) {
1104	case e_yy_DTERM_DATA:
1105	{
1106	abac_yy_term_data_t *pptr=curr->term.d_ptr;
1107	type=pptr->type;
1108	name=abac_xstrdup(pptr->name);
1109	cond=abac_xstrdup(pptr->cond_str);
1110	ptr=pptr->cond_ptr;
1111	break;
1112	}
1113	case e_yy_DTERM_PRINCIPAL:
1114	{
1115	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
1116	type=abac_term_verify_term_type("principal");
1117	name=abac_xstrdup(pptr->name);
1118	cond=abac_xstrdup(pptr->cond_str);
1119	ptr=pptr->cond_ptr;
1120	break;
1121	}
1122	case e_yy_DTERM_NAMED:
1123	{
1124	abac_yy_principal_t *pptr=curr->term.n_ptr;
1125	type=pptr->type;
1126	/* XXX should be switching to sha in the future */
1127	name=abac_xstrdup(pptr->cn);
1128	cond=NULL;
1129	ptr=NULL;
1130	break;
1131	}
1132	case e_yy_DTERM_ANONYMOUS:
1133	{
1134	type=0;
1135	name=abac_xstrdup("_");
1136	cond=NULL;
1137	ptr=NULL;
1138	break;
1139	}
1140	}
1141
1142	abac_term_t *param=abac_term_new(type,name,cond,ptr);
1143	if (linked)
1144	abac_role_role_add_linked_param(role, param);
1145	else
1146	abac_role_role_add_param(role, param);
1147	curr=curr->next;
1148	}
1149	}
1150
1151	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
1152	{
1153	int linked=1;
1154	_role_add_terms(linked, role, terms);
1155	}
1156
1157	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
1158	{
1159	int linked=0;
1160	_role_add_terms(linked, role, terms);
1161	}
1162
1163
1164	abac_role_t validate_intersected_tail_role(abac_role_t role)
1165	{
1166	abac_role_t *ret_role=NULL;
1167	abac_list_t *prereqs = abac_list_new();
1168	abac_list_add(prereqs, role);
1169	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
1170	return ret_role;
1171	}
1172
1173	abac_role_t validate_head_role(abac_yy_expression_t expr)
1174	{
1175	abac_yy_principal_t *principal=expr->principal;
1176	abac_yy_role_t *role=expr->role;
1177
1178	char *principalname=get_yy_principal_principalname(principal);
1179	char *rolename=role->name;
1180	abac_yy_term_t *terms=role->terms;
1181	abac_role_t *ret_role=NULL;
1182
1183	ret_role=abac_role_role_new(principalname, rolename);
1184	if (ret_role==NULL) {
1185	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
1186	goto error;
1187	}
1188	if (!abac_role_is_role(ret_role)) {
1189	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
1190	goto error;
1191	}
1192	// insert the params for the role
1193	if(terms) {
1194	_role_add_role_terms(ret_role, terms);
1195	}
1196
1197	_add_yy_id_certs(principal->cn,principal->type);
1198
1199	return ret_role;
1200
1201	error:
1202	return NULL;
1203	}
1204
1205	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
1206	{
1207	abac_yy_principal_t *principal=expr->principal;
1208	char *principalname=get_yy_principal_principalname(principal);
1209	abac_role_t *ret_role=NULL;
1210
1211	ret_role = abac_role_principal_new(principalname);
1212	_add_yy_id_certs(principal->cn,principal->type);
1213
1214	if (ret_role==NULL)
1215	goto error;
1216	return ret_role;
1217
1218	error:
1219	panic("can not generate a simple named tail role");
1220	return NULL;
1221	}
1222
1223	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
1224	{
1225	abac_yy_principal_t *principal=expr->principal;
1226	abac_yy_role_t *role=expr->role;
1227
1228	char *principalname=get_yy_principal_principalname(principal);
1229
1230	char *rolename=role->name;
1231	abac_yy_term_t *terms=role->terms;
1232
1233	int ret;
1234	abac_role_t *ret_role=NULL;
1235
1236	ret_role = abac_role_role_new(principalname, rolename);
1237	if (ret_role==NULL)
1238	goto error;
1239
1240	if(terms) {
1241	_role_add_role_terms(ret_role, terms);
1242	}
1243
1244	_add_yy_id_certs(principal->cn,principal->type);
1245
1246	return ret_role;
1247
1248	error:
1249	panic("can not generate a simple tail role");
1250	return NULL;
1251	}
1252	/* need to validate/generate a linked role out of this */
1253	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
1254	{
1255	abac_yy_principal_t *principal=expr->principal;
1256	abac_yy_role_t *role=expr->role;
1257	abac_yy_role_t *linked_role=expr->linked_role;
1258
1259	char *principalname=get_yy_principal_principalname(principal);
1260
1261	char *rolename=role->name;
1262	abac_yy_term_t *terms=role->terms;
1263
1264	char *linkedrolename=linked_role->name;
1265	abac_yy_term_t *linked_terms=linked_role->terms;
1266
1267	int ret;
1268	abac_role_t *ret_role=NULL;
1269
1270	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
1271	if (ret_role==NULL)
1272	goto error;
1273
1274	if(linked_terms) {
1275	_role_add_linked_terms(ret_role, linked_terms);
1276	}
1277	if(terms) {
1278	_role_add_role_terms(ret_role, terms);
1279	}
1280
1281	_add_yy_id_certs(principal->cn,principal->type);
1282
1283	return ret_role;
1284
1285	error:
1286	panic("can not generate linked tail role");
1287	return NULL;
1288	}
1289
1290	/***********************************************************************/
1291	/* add the condition to constraint list */
1292	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
1293	{
1294	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
1295	if(head_expr) {
1296	abac_oset_t *head_oset=validate_head_oset(head_expr);
1297	if(head_oset == NULL)
1298	goto error;
1299
1300	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
1301	set_yy_term_data_cond_str(ptr,tmp);
1302	set_yy_term_data_cond_ptr(ptr,head_oset);
1303	abac_yy_add_yy_constraints(tmp);
1304	return tmp;
1305	}
1306	return NULL;
1307	error:
1308	return NULL;
1309	}
1310	/****************************************************************/
1311	/* add the range condition to constraint list */
1312
1313	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
1314	{
1315	/* XXXX this only works for integer and float */
1316	char *typestr=abac_term_type(ptr->type);
1317	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1318	char *tmplist=NULL;
1319	char *tmp=NULL;
1320	int is_range=1; /* either , or \| */
1321	if(rlist) {
1322	char *rstring=_string_yy_cond_range(rlist);
1323	set_yy_term_data_cond_str(ptr,rstring);
1324	abac_yy_range_t *cur;
1325
1326	abac_list_foreach(rlist, cur,
1327	int type=cur->type;
1328	char *val=cur->val;
1329	switch(type) {
1330	case e_yy_RANGE_MIN:
1331	tmp=generate_pl_range_constraint_clause(typestr,var,val,">");
1332	break;
1333	case e_yy_RANGE_MAX:
1334	tmp=generate_pl_range_constraint_clause(typestr,var,val,"<");
1335	break;
1336	case e_yy_RANGE_TARGET:
1337	tmp=generate_pl_range_constraint_clause(typestr,var,val,"=");
1338	int is_range=0;
1339	break;
1340	}
1341	if(tmplist) {
1342	if(is_range)
1343	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1344	else
1345	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1346	} else {
1347	tmplist=tmp;
1348	}
1349	tmp=NULL;
1350	);
1351	asprintf(&tmplist,"(%s)",tmplist);
1352	abac_yy_add_yy_constraints(tmplist);
1353	}
1354	}
1355
1356	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
1357	{
1358	char *tmp=NULL;
1359	abac_role_t *head_role=NULL;
1360
1361	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
1362	/* build up left side's abac role constraint structure */
1363	head_role=validate_head_role(head_expr);
1364	if(head_role == NULL)
1365	goto error;
1366
1367	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
1368	set_yy_term_principal_cond_str(ptr,tmp);
1369	set_yy_term_principal_cond_ptr(ptr,head_role);
1370	abac_yy_add_yy_constraints(tmp);
1371	return tmp;
1372
1373	error:
1374	return NULL;
1375	}
1376
1377	/* build up the abac structure and also create the yap clause
1378	and insert it into db */
1379	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1380	abac_yy_expression_t *tailexpr)
1381	{
1382	abac_role_t *head_role=NULL;
1383	abac_role_t *tail_role=NULL;
1384
1385	/* build up left side's abac role structure */
1386	head_role=validate_head_role(headexpr);
1387	if(head_role == NULL)
1388	goto error;
1389
1390	/* build up the right side's abac role structure */
1391	abac_yy_expression_t *curr_tail = tailexpr;
1392	int intersecting=(tailexpr->next != NULL)? 1:0;
1393	abac_role_t *curr_role = NULL;
1394	while (curr_tail) {
1395	switch(curr_tail->type) {
1396	case e_yy_EXPR_NAMED:
1397	curr_role=validate_named_tail_role(curr_tail);
1398	break;
1399	case e_yy_EXPR_ROLE:
1400	curr_role=validate_role_tail_role(curr_tail);
1401	break;
1402	case e_yy_EXPR_LINKED:
1403	curr_role=validate_linked_tail_role(curr_tail);
1404	break;
1405	}
1406	if(curr_role==NULL)
1407	goto error;
1408
1409	/* check if first one */
1410	if(tail_role==NULL) {
1411	if(intersecting)
1412	tail_role=validate_intersected_tail_role(curr_role);
1413	else
1414	tail_role=curr_role;
1415	} else {
1416	abac_role_add_intersecting_role(tail_role,curr_role);
1417	}
1418	curr_tail=curr_tail->next;
1419	} /* while */
1420
1421	/* collect up type clauses, constraint clases and
1422	generate the final rule clauses */
1423	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
1424	if(tmp == NULL)
1425	goto error;
1426
1427	if(debug) {
1428	abac_print_role_string_with_condition(head_role,NULL);
1429	abac_print_role_string_with_condition(tail_role,NULL);
1430	}
1431
1432	_free_yy_expression(headexpr);
1433	_free_yy_expression(tailexpr);
1434	abac_rule_head_role=head_role;
1435	abac_rule_tail_role=tail_role;
1436	abac_rule_is_oset=0;
1437	return tmp;
1438
1439	error:
1440	_free_yy_expression(headexpr);
1441	_free_yy_expression(tailexpr);
1442	if(head_role)
1443	abac_role_free(head_role);
1444	if(tail_role)
1445	abac_role_free(tail_role);
1446	return NULL;
1447	}
1448
1449
1450	/************************************************************************/
1451	void abac_yy_init()
1452	{
1453	abac_yyinit();
1454	abac_yy_init_rule_id_clauses();
1455	abac_yy_init_yy_id_certs();
1456	abac_yy_init_yy_constraints();
1457	}
1458
1459

Note: See TracBrowser for help on using the repository browser.

Download in other formats: