Context Navigation

source: libabac/abac_pl_yy.c @ ca72963

mei_rt2mei_rt2_fix_1

Last change on this file since ca72963 was ca72963, checked in by Mei <mei@…>, 12 years ago

1) added expanded constraint item insertion calls

add new abac_condition_x to support them

Property mode set to 100644

File size: 30.8 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	int using_this=0;
14
15	extern void panic(char*);
16
17	/* from abac_pl_gen.c */
18	extern abac_list_t generate_pl_clauses(abac_aspect_t , abac_aspect_t *);
19
20	/* from rt2.y */
21	extern void abac_yyinit();
22
23	int abac_yy_error_code = 0; /* keeping last error code */
24
25	int abac_rule_is_oset=0;
26	abac_list_t *abac_rule_clauses=NULL;
27	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
28	abac_aspect_t *abac_rule_head_aspect=NULL;
29	abac_aspect_t *abac_rule_tail_aspect=NULL;
30
31
32	/* structure to hold the range information
33	within a static constraints on few types of
34	oset types
35	[a..b], [a..], [..b], [a],[a,b],[many a]
36	e_yy_RANGE_MIN=1;
37	e_yy_RANGE_MAX=2;
38	e_yy_RANGE_TARGET=3;
39	*/
40	typedef struct _abac_yy_range_t {
41	int type;
42	char *val;
43	} abac_yy_range_t;
44
45	/* local principal structure [keyid:USC] */
46	struct _abac_yy_principal_t {
47	int type;
48	char *sha; // sha is null when this is of object type
49	char *cn;
50	};
51
52	/* [principal:?Z]:..., must match a principal name */
53	struct _abac_yy_term_principal_t {
54	int type; /* this needs to be implicitly determined */
55	int is_anonymous;
56	char *name;
57	int isrange;
58	char *cond_str; // range string ??? not sure if this is possible
59	void *cond_ptr; // ptr to a saved abac_aspect_t or a list(item_t)
60	abac_yy_expression_t *cond_head_expr;
61	};
62
63	/* integer,float,time,urn,string types,
64	if has condition, then it is a variable,
65	ie,
66	[int:?Year]:<1930..1932>,
67	if no condition, then it is a constant,
68	ie,
69	[int:10]
70	*/
71	struct _abac_yy_term_data_t {
72	int is_variable;
73	int is_anonymous;
74	int type;
75	char *name;
76	char *cond_str; // range string
77	void *cond_ptr; // ptr to a saved abac_aspect_t
78	abac_list_t *cond_range;
79	abac_yy_expression_t *cond_head_expr; // parking stub
80	};
81
82	/* local term structure, will distinguish it in the future */
83	/* e_yy_DTERM_DATA, all other types
84	e_yy_DTERM_NAMED, keyid:bob
85	e_yy_DTERM_PRINCIPAL, principal:?P
86	e_yy_DTERM_ANONYMOUS ? */
87	struct _abac_yy_term_t {
88	union {
89	abac_yy_principal_t *n_ptr;
90	abac_yy_term_principal_t *p_ptr;
91	abac_yy_term_data_t *d_ptr;
92	} term;
93	int type;
94	struct _abac_yy_term_t *next;
95	int bcnt; /* this is to track number of terms in this linked up list */
96	};
97
98	/* local role/oset structure,
99	e_yy_NULL_TYPE, e_yy_ROLE_TYPE, e_yy_OSET_TYPE
100	*/
101	struct _abac_yy_roleoset_t {
102	int type;
103	char *name;
104	abac_yy_term_t *terms;
105	struct _abac_yy_roleoset_t *next;
106	int bcnt; /* this is to track number of roles in this linked up list */
107	};
108
109
110	/* A, A.r, A.r.r */
111	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
112	/* A/obj, A.o, A.r.o */
113	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
114	struct _abac_yy_expression_t {
115	int type;
116	union {
117	abac_yy_principal_t *principal;
118	abac_yy_term_data_t *object;
119	};
120	abac_yy_roleoset_t *linked_role;
121	abac_yy_roleoset_t *roleoset;
122
123	struct _abac_yy_expression_t *next;
124	int bcnt;
125	};
126
127	static void _free_yy_expression(abac_yy_expression_t *);
128
129	/************************************************************************/
130	void abac_yy_set_error_code(int v)
131	{
132	abac_yy_error_code=v;
133	}
134
135	/************************************************************************/
136	abac_stack_t *abac_yy_get_rule_id_clauses()
137	{
138	return abac_rule_id_clauses;
139	}
140
141	abac_stack_t *abac_yy_init_rule_id_clauses()
142	{
143	abac_rule_id_clauses=abac_stack_new();
144	return abac_rule_id_clauses;
145	}
146
147	void abac_yy_free_rule_id_clauses()
148	{
149	if (abac_rule_id_clauses != NULL)
150	abac_stack_free(abac_rule_id_clauses);
151	}
152
153	void abac_yy_set_rule_clauses(abac_list_t *clauses)
154	{
155	abac_rule_clauses=clauses;
156	if(debug) {
157	printf("printing out abac_rule_clauses:\n");
158	abac_print_clauses(abac_rule_clauses,NULL);
159	}
160	}
161
162	abac_list_t *abac_yy_get_rule_clauses()
163	{
164	return abac_rule_clauses;
165	}
166
167	void abac_yy_free_rule_clauses()
168	{
169	if (abac_rule_clauses != NULL) {
170	abac_pl_free_id_certs();
171	abac_list_free(abac_rule_clauses);
172	}
173	}
174
175	bool abac_yy_get_rule_is_oset()
176	{
177	return abac_rule_is_oset;
178	}
179
180	abac_aspect_t *abac_yy_get_rule_head_aspect()
181	{
182	return abac_rule_head_aspect;
183	}
184
185	abac_aspect_t *abac_yy_get_rule_tail_aspect()
186	{
187	return abac_rule_tail_aspect;
188	}
189
190
191	/************************************************************************/
192	static void _free_yy_cond_range(abac_list_t *ptr)
193	{
194	if (ptr != NULL) {
195	abac_yy_range_t *cur;
196	abac_list_foreach(ptr, cur,
197	if(cur && cur->val) free(cur->val);
198	free(cur);
199	);
200	abac_list_free(ptr);
201	}
202	}
203
204	static char _string_yy_cond_range(abac_list_t ptr)
205	{
206	assert(ptr);
207	char *tmp=NULL;
208	char *min=NULL;
209	char *max=NULL;
210	char *val=NULL;
211	int type;
212
213	abac_yy_range_t *cur;
214	abac_list_foreach(ptr, cur,
215	type=cur->type;
216	switch (type) {
217	case e_yy_RANGE_MIN:
218	min=abac_xstrdup(cur->val);
219	break;
220	case e_yy_RANGE_MAX:
221	max=abac_xstrdup(cur->val);
222	break;
223	case e_yy_RANGE_TARGET:
224	if(val)
225	asprintf(&val,"%s,%s",val,cur->val);
226	else val=abac_xstrdup(cur->val);
227	break;
228	}
229	);
230	if(max && min) {
231	asprintf(&tmp,"[%s..%s]",min,max);
232	free(max);
233	free(min);
234	return tmp;
235	}
236	if(max) {
237	asprintf(&tmp,"[..%s]",max);
238	free(max);
239	return tmp;
240	}
241	if(min) {
242	asprintf(&tmp,"[%s..]",min);
243	free(min);
244	return tmp;
245	}
246	if(val) {
247	asprintf(&tmp,"[%s]",val);
248	free(val);
249	return tmp;
250	}
251	return NULL;
252	}
253
254	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
255	{
256	abac_yy_range_t *range=
257	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
258	range->type=e_yy_RANGE_TARGET;
259	range->val=abac_xstrdup(val);
260	abac_list_add(ptr, range);
261	return ptr;
262	}
263
264	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
265	{
266	abac_yy_range_t *range=
267	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
268	range->type=type;
269	range->val=abac_xstrdup(val);
270	abac_list_add(ptr, range);
271	return ptr;
272	}
273
274	abac_list_t make_yy_val_range(char val)
275	{
276	abac_list_t *ptr=abac_list_new();
277	add_yy_val_range(ptr,val);
278	return ptr;
279	}
280
281	abac_list_t make_yy_minmax_range(char min, char *max)
282	{
283	abac_list_t *ptr=abac_list_new();
284	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
285	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
286	return ptr;
287	}
288
289	abac_list_t make_yy_min_range(char min)
290	{
291	abac_list_t *ptr=abac_list_new();
292	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
293	return ptr;
294	}
295
296	abac_list_t make_yy_max_range(char max)
297	{
298	abac_list_t *ptr=abac_list_new();
299	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
300	return ptr;
301	}
302
303	/***********************************************************************/
304	abac_yy_term_data_t *make_yy_term_data()
305	{
306	abac_yy_term_data_t *ptr=
307	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
308	ptr->name=NULL;
309	ptr->type=0;
310	ptr->is_variable=0;
311	ptr->is_anonymous=0;
312	ptr->cond_str=NULL;
313	ptr->cond_head_expr=NULL;
314	ptr->cond_ptr=NULL;
315	ptr->cond_range=NULL;
316	return ptr;
317	}
318
319	void set_yy_term_data_name(abac_yy_term_data_t ptr, char name)
320	{
321	ptr->name=abac_xstrdup(name);
322	}
323
324	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
325	{
326	return ptr->cond_range;
327	}
328
329	char get_yy_term_data_name(abac_yy_term_data_t ptr)
330	{
331	return ptr->name;
332	}
333
334	bool is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
335	{
336	if(ptr->cond_head_expr != NULL)
337	return 1;
338	if(ptr->cond_range != NULL)
339	return 1;
340	return 0;
341	}
342
343	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
344	abac_list_t *range)
345	{
346	ptr->cond_range=range;
347	}
348
349	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
350	abac_yy_expression_t *expr)
351	{
352	ptr->cond_head_expr=expr;
353	}
354
355	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
356	{
357	return ptr->cond_head_expr;
358	}
359
360	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
361	{
362	int type=abac_verify_term_type(typestr);
363	ptr->type=type;
364	}
365
366	void set_yy_term_data_is_anonymous(abac_yy_term_data_t *ptr)
367	{
368	ptr->is_anonymous=1;
369	}
370
371	bool is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
372	{
373	if(ptr->type==abac_verify_term_type("integer") \|\|
374	ptr->type==abac_verify_term_type("float"))
375	return 1;
376	return 0;
377	}
378
379	bool is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
380	{
381	if(ptr->type==abac_verify_term_type("time"))
382	return 1;
383	return 0;
384	}
385
386	bool is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
387	{
388	if(ptr->type==abac_verify_term_type("string") \|\|
389	ptr->type==abac_verify_term_type("urn") \|\|
390	ptr->type==abac_verify_term_type("boolean"))
391	return 1;
392	return 0;
393	}
394
395	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
396	{
397	ptr->cond_ptr=vptr;
398	}
399
400	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
401	{
402	ptr->cond_str=abac_xstrdup(cond);
403	}
404
405	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
406	{
407	ptr->is_variable=1;
408	}
409
410	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
411	{
412	return ptr->is_variable;
413	}
414
415	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
416	{
417	free(ptr->name);
418	if(ptr->cond_str)
419	free(ptr->cond_str);
420	if(ptr->cond_head_expr)
421	_free_yy_expression(ptr->cond_head_expr);
422	if(ptr->cond_range);
423	_free_yy_cond_range(ptr->cond_range);
424	free(ptr);
425	}
426
427	abac_yy_term_principal_t *make_yy_term_principal()
428	{
429	abac_yy_term_principal_t *ptr=
430	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
431	ptr->type=0;/* this is not known */
432	ptr->is_anonymous=0;
433	ptr->name=NULL;
434	ptr->isrange=0;
435	ptr->cond_str=NULL;
436	ptr->cond_ptr=NULL;
437	ptr->cond_head_expr=NULL;
438	return ptr;
439	}
440
441	static void _set_using_this()
442	{
443	using_this=1;
444	}
445
446	void set_yy_term_principal_isrange(abac_yy_term_principal_t *ptr, int isrange)
447	{
448	ptr->isrange=isrange;
449	}
450
451	void set_yy_term_principal_name(abac_yy_term_principal_t ptr, char name)
452	{
453	/* handle special case when the name=this, change it to This */
454	if(strcmp(name,"this")==0) {
455	ptr->name=abac_xstrdup("This");
456	_set_using_this();
457	} else ptr->name=abac_xstrdup(name);
458	}
459
460	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
461	{
462	ptr->cond_ptr=vptr;
463	}
464
465	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
466	{
467	ptr->cond_str=abac_xstrdup(cond);
468	}
469
470	void set_yy_term_principal_is_anonymous(abac_yy_term_principal_t *ptr)
471	{
472	ptr->is_anonymous=1;
473	}
474
475	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
476	{
477	return ptr->cond_head_expr;
478	}
479
480	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
481	abac_yy_expression_t *expr)
482	{
483	ptr->cond_head_expr=expr;
484	}
485
486	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
487	{
488	free(ptr->name);
489	if(ptr->cond_str)
490	free(ptr->cond_str);
491	if(ptr->cond_head_expr)
492	_free_yy_expression(ptr->cond_head_expr);
493	free(ptr);
494	}
495
496	abac_yy_term_t *make_yy_term_dterm_anonymous()
497	{
498	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
499	ptr->type = e_yy_DTERM_ANONYMOUS;
500	ptr->next=NULL;
501	ptr->bcnt=1;
502	return ptr;
503	}
504
505	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
506	{
507	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
508	if(pptr->is_anonymous)
509	ptr->type = e_yy_DTERM_ANONYMOUS;
510	else ptr->type = e_yy_DTERM_PRINCIPAL;
511	ptr->term.p_ptr=pptr;
512	ptr->next=NULL;
513	ptr->bcnt=1;
514	return ptr;
515	}
516
517	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
518	{
519	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
520	ptr->type = e_yy_DTERM_NAMED;
521	ptr->term.n_ptr=nptr;
522	ptr->next=NULL;
523	ptr->bcnt=1;
524	return ptr;
525	}
526
527	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
528	{
529	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
530
531	if(dptr->is_anonymous)
532	ptr->type = e_yy_DTERM_ANONYMOUS;
533	else ptr->type = e_yy_DTERM_DATA;
534	ptr->term.d_ptr=dptr;
535	ptr->next=NULL;
536	ptr->bcnt=1;
537	return ptr;
538	}
539
540	/****************************************************************************/
541	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
542	{
543	abac_yy_principal_t *ptr=
544	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
545	/* add p to yyparse's principal */
546	if(sha) ptr->sha=abac_xstrdup(sha);
547	else ptr->sha=NULL;
548	if(cn) ptr->cn=abac_xstrdup(cn);
549	else ptr->cn=NULL;
550	ptr->type=type;
551	return ptr;
552	}
553
554	static void _free_yy_principal(abac_yy_principal_t *ptr)
555	{
556	if(ptr->sha) free(ptr->sha);
557	if(ptr->cn) free(ptr->cn);
558	free(ptr);
559	}
560
561	int get_yy_principal_type(abac_yy_principal_t *ptr)
562	{
563	return ptr->type;
564	}
565
566	char get_yy_principal_name(abac_yy_principal_t ptr)
567	{
568	if(USE("ABAC_CN") && ptr->cn)
569	return ptr->cn;
570	return ptr->sha;
571	}
572
573	char get_yy_principal_cn(abac_yy_principal_t ptr)
574	{
575	return ptr->cn;
576	}
577
578	char get_yy_principal_sha(abac_yy_principal_t ptr)
579	{
580	return ptr->sha;
581	}
582
583	/*************************************************************************/
584
585	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
586	{
587	int i=terms->bcnt;
588	nterm->next=terms;
589	nterm->bcnt=i+1;
590	return nterm;
591	}
592
593	static void _free_yy_term(abac_yy_term_t *ptr)
594	{
595	switch (ptr->type) {
596	case e_yy_DTERM_DATA:
597	_free_yy_term_data(ptr->term.d_ptr);
598	break;
599	case e_yy_DTERM_NAMED:
600	_free_yy_principal(ptr->term.n_ptr);
601	break;
602	case e_yy_DTERM_PRINCIPAL:
603	_free_yy_term_principal(ptr->term.p_ptr);
604	break;
605	case e_yy_DTERM_ANONYMOUS:
606	break;
607	}
608	if(ptr->next)
609	_free_yy_term(ptr->next);
610	free(ptr);
611	}
612
613	/*************************************************************************/
614	abac_yy_roleoset_t make_yy_roleoset_role(char name, abac_yy_term_t *terms)
615	{
616	abac_yy_roleoset_t *ptr=
617	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
618	ptr->name=abac_xstrdup(name);
619	ptr->terms=terms;
620	ptr->next=NULL;
621	ptr->bcnt=1;
622	ptr->type=e_yy_ROLE_TYPE;
623	return ptr;
624	}
625
626	static void _free_yy_roleoset(abac_yy_roleoset_t *ptr)
627	{
628	free(ptr->name);
629	if(ptr->terms)
630	_free_yy_term(ptr->terms);
631	if(ptr->next)
632	_free_yy_roleoset(ptr->next);
633	free(ptr);
634	}
635
636	/***************************************************************************/
637	abac_yy_roleoset_t make_yy_roleoset_oset(char name, abac_yy_term_t *terms)
638	{
639	abac_yy_roleoset_t *ptr=
640	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
641	ptr->name=abac_xstrdup(name);
642	ptr->terms=terms;
643	ptr->next=NULL;
644	ptr->bcnt=1;
645	ptr->type=e_yy_OSET_TYPE;
646	return ptr;
647	}
648
649	/***************************************************************************/
650
651	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
652
653	abac_yy_expression_t make_yy_expression(int type,void pptr,
654	abac_yy_roleoset_t optr, abac_yy_roleoset_t linked_role)
655	{
656	abac_yy_expression_t *ptr=
657	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
658	ptr->type = type;
659	if(type == e_yy_EXPR_OBJECT) {
660	ptr->object=(abac_yy_term_data_t *)pptr;
661	} else {
662	ptr->principal = (abac_yy_principal_t *)pptr;
663	}
664	ptr->roleoset = optr;
665	ptr->linked_role=linked_role;
666	ptr->next=NULL;
667
668	return ptr;
669	}
670
671	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
672	{
673	if(ptr->type == e_yy_EXPR_OBJECT)
674	return ptr->object;
675	return NULL;
676	}
677
678	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
679	abac_yy_expression_t *exprs)
680	{
681	int i=exprs->bcnt;
682	nexpr->next=exprs;
683	nexpr->bcnt=i+1;
684	return nexpr;
685	}
686
687	static void _free_yy_expression(abac_yy_expression_t *ptr)
688	{
689	if(ptr->type == e_yy_EXPR_OBJECT) {
690	if(ptr->object)
691	_free_yy_term_data(ptr->object);
692	} else {
693	if(ptr->principal)
694	_free_yy_principal(ptr->principal);
695	}
696	if(ptr->roleoset) _free_yy_roleoset(ptr->roleoset);
697	if(ptr->linked_role)
698	_free_yy_roleoset(ptr->linked_role);
699	if(ptr->next)
700	_free_yy_expression(ptr->next);
701
702	free(ptr);
703	}
704
705	/***************************************************************************/
706	/* add the oset condition to constraint list */
707	void make_yy_oset_constraint(abac_yy_term_data_t ptr, char tail_string)
708	{
709	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
710	if(head_expr) {
711	abac_aspect_t *head_aspect=validate_head(e_yy_OSET_TYPE,head_expr);
712	if(head_aspect != NULL) {
713	if(debug) printf("make_yy_oset_constraint..\n");
714	set_yy_term_data_cond_ptr(ptr,head_aspect);
715	}
716	}
717	}
718
719	/* add the role condition to constraint list */
720	void make_yy_role_constraint(abac_yy_term_principal_t ptr, char tail_string)
721	{
722	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
723	if(head_expr) {
724	abac_aspect_t *head_aspect=validate_head(e_yy_ROLE_TYPE,head_expr);
725	if(head_aspect != NULL) {
726	if(debug) printf("make_yy_role_constraint..\n");
727	set_yy_term_principal_cond_ptr(ptr,head_aspect);
728	set_yy_term_principal_isrange(ptr,0);
729	}
730	}
731	}
732
733
734	/****************************************************************/
735	static void _aspect_add_terms(int linked, abac_aspect_t *aspect_ptr,
736	abac_yy_term_t *terms)
737	{
738	abac_yy_term_t *curr = terms;
739	int type;
740	int isnamed;
741	int isrange;
742	char *name;
743	char *cond;
744	void *ptr;
745
746	while (curr) {
747	name=NULL;
748	cond=NULL;
749	ptr=NULL;
750	isnamed=0;
751	isrange=0;
752	switch (curr->type) {
753	case e_yy_DTERM_DATA:
754	{
755	abac_yy_term_data_t *dptr=curr->term.d_ptr;
756	type=dptr->type;
757	name=abac_xstrdup(dptr->name);
758	if(dptr->cond_str)
759	cond=abac_xstrdup(dptr->cond_str);
760	ptr=dptr->cond_ptr;
761	isrange=(dptr->cond_range!=NULL)?1:0;
762	break;
763	}
764	case e_yy_DTERM_PRINCIPAL:
765	{
766	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
767	type=abac_verify_term_type("principal");
768	name=abac_xstrdup(pptr->name);
769	if(pptr->cond_str)
770	cond=abac_xstrdup(pptr->cond_str);
771	ptr=pptr->cond_ptr;
772	isrange=pptr->isrange;
773	break;
774	}
775	case e_yy_DTERM_NAMED:
776	{
777	abac_yy_principal_t *pptr=curr->term.n_ptr;
778	type=pptr->type;
779	name=abac_xstrdup(get_yy_principal_name(pptr));
780	isnamed=1;
781	break;
782	}
783	case e_yy_DTERM_ANONYMOUS:
784	{
785	type=abac_verify_term_type("anonymous");
786	name=abac_xstrdup("_");
787	break;
788	}
789	}
790	abac_term_t *param=NULL;
791	if(isnamed)
792	param=abac_term_named_new(type,name);
793	else param=abac_term_new(type,name,isrange,cond,ptr);
794	if (linked)
795	abac_aspect_add_linked_param(aspect_ptr, param);
796	else
797	abac_aspect_add_param(aspect_ptr, param);
798	curr=curr->next;
799	}
800	}
801
802	static void _aspect_add_linked_terms(abac_aspect_t ptr, abac_yy_term_t terms)
803	{
804	int linked=1;
805	_aspect_add_terms(linked, ptr, terms);
806	}
807
808	static void _aspect_add_aspect_terms(abac_aspect_t ptr, abac_yy_term_t terms)
809	{
810	int linked=0;
811	_aspect_add_terms(linked, ptr, terms);
812	}
813
814	abac_aspect_t validate_intersected_tail(abac_aspect_t ptr)
815	{
816	abac_aspect_t *ret_ptr=abac_aspect_intersection_new(ptr);
817	return ret_ptr;
818	}
819
820	/* A.oset, A.role */
821	abac_aspect_t validate_head(int yytype, abac_yy_expression_t expr)
822	{
823	abac_yy_principal_t *principal=expr->principal;
824	abac_yy_roleoset_t *ptr=expr->roleoset;
825
826	char *principalname=get_yy_principal_sha(principal);
827	char *name=ptr->name;
828	abac_yy_term_t *terms=ptr->terms;
829
830	abac_aspect_t *aptr=NULL;
831	if(yytype==e_yy_OSET_TYPE)
832	aptr=abac_aspect_oset_new(principalname, name);
833	else aptr=abac_aspect_role_new(principalname, name);
834
835	if (aptr==NULL) {
836	abac_yy_set_error_code(ABAC_YY_INVALID_HEAD);
837	goto error;
838	}
839
840	// insert the params for the oset
841	if(terms) {
842	_aspect_add_aspect_terms(aptr, terms);
843	}
844	return aptr;
845
846	error:
847	return NULL;
848	}
849
850	abac_aspect_t validate_head_oset(abac_yy_expression_t expr)
851	{
852	return validate_head(e_yy_OSET_TYPE,expr);
853	}
854
855	abac_aspect_t validate_head_role(abac_yy_expression_t expr)
856	{
857	return validate_head(e_yy_ROLE_TYPE,expr);
858	}
859
860	/*****************************************************************************/
861	/* B */
862	abac_aspect_t validate_named_tail(int yytype, abac_yy_expression_t expr)
863	{
864	abac_yy_principal_t *principal=expr->principal;
865	char *principalname=get_yy_principal_sha(principal);
866
867	abac_aspect_t *ptr=NULL;
868	if(yytype==e_yy_OSET_TYPE)
869	ptr=abac_aspect_oset_principal_new(principalname);
870	else ptr=abac_aspect_role_principal_new(principalname);
871	if (ptr==NULL)
872	goto error;
873	return ptr;
874
875	error:
876	panic("can not generate a simple named tail oset aspect");
877	return NULL;
878	}
879
880
881	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
882	abac_aspect_t validate_object_tail(int yytype,abac_yy_expression_t expr)
883	{
884	abac_yy_term_data_t *object=get_yy_expression_object(expr);
885	assert(object != NULL);
886
887	char *name=object->name;
888	int type=object->type;
889	char *cond=object->cond_str;
890	void *ptr=object->cond_ptr;
891	int isrange=(object->cond_range!=NULL)?1:0;
892	abac_term_t *term=abac_term_new(type,name,isrange,cond,ptr);
893	abac_aspect_t *aptr=NULL;
894	if(yytype==e_yy_OSET_TYPE)
895	aptr=abac_aspect_oset_object_new(term);
896	else
897	goto error; /* can not be a role expression with obj */
898	if (aptr==NULL)
899	goto error;
900	return aptr;
901
902	error:
903	panic("can not generate a simple object tail oset aspect");
904	return NULL;
905	}
906
907
908	/* B.role or B.oset */
909	abac_aspect_t validate_some_tail(int yytype, abac_yy_expression_t expr)
910	{
911	abac_yy_principal_t *principal=expr->principal;
912	abac_yy_roleoset_t *eptr=expr->roleoset;
913
914	char *principalname=get_yy_principal_sha(principal);
915	char *name=eptr->name;
916	abac_yy_term_t *terms=eptr->terms;
917
918	abac_aspect_t *ptr=NULL;
919	if(yytype==e_yy_OSET_TYPE)
920	ptr=abac_aspect_oset_new(principalname, name);
921	else
922	ptr=abac_aspect_role_new(principalname, name);
923	if (ptr==NULL)
924	goto error;
925
926	if(terms) {
927	_aspect_add_aspect_terms(ptr, terms);
928	}
929	return ptr;
930
931	error:
932	panic("can not generate a simple tail aspect");
933	return NULL;
934	}
935
936	/* B.role.role or B.role.oset */
937	abac_aspect_t validate_linked_tail(int yytype, abac_yy_expression_t expr)
938	{
939	abac_yy_principal_t *principal=expr->principal;
940
941	abac_yy_roleoset_t *eptr=expr->roleoset;
942	abac_yy_roleoset_t *linked_role=expr->linked_role;
943
944	char *principalname=get_yy_principal_sha(principal);
945	char *name=eptr->name;
946	abac_yy_term_t *terms=eptr->terms;
947
948	char *linkedrolename=linked_role->name;
949	abac_yy_term_t *linked_terms=linked_role->terms;
950
951	abac_aspect_t *ptr=NULL;
952	if(yytype==e_yy_OSET_TYPE)
953	ptr=abac_aspect_oset_linking_new(principalname,
954	linkedrolename, name);
955	else ptr=abac_aspect_role_linking_new(principalname,
956	linkedrolename, name);
957	if (ptr==NULL)
958	goto error;
959
960	if(linked_terms) {
961	_aspect_add_linked_terms(ptr, linked_terms);
962	}
963	if(terms) {
964	_aspect_add_aspect_terms(ptr, terms);
965	}
966
967	return ptr;
968
969	error:
970	panic("can not generate linked tail oset");
971	return NULL;
972	}
973
974
975	/**********************************************************************/
976
977	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
978	abac_yy_expression_t *tailexpr)
979	{
980	abac_aspect_t *head_oset=NULL;
981	abac_aspect_t *tail_oset=NULL;
982
983	/* build up left side's abac oset structure */
984	head_oset=validate_head(e_yy_OSET_TYPE, headexpr);
985	if(head_oset == NULL)
986	goto error;
987
988	/* build up the right side's abac oset structure */
989	abac_yy_expression_t *curr_tail = tailexpr;
990	int intersecting=(tailexpr->next != NULL)? 1:0;
991	abac_aspect_t *curr_oset = NULL;
992	while (curr_tail) {
993	switch(curr_tail->type) {
994	case e_yy_EXPR_OBJECT:
995	curr_oset=validate_object_tail(e_yy_OSET_TYPE,curr_tail);
996	break;
997	case e_yy_EXPR_NAMED:
998	curr_oset=validate_named_tail(e_yy_OSET_TYPE,curr_tail);
999	break;
1000	case e_yy_EXPR_OSET:
1001	curr_oset=validate_some_tail(e_yy_OSET_TYPE,curr_tail);
1002	break;
1003	case e_yy_EXPR_LINKED:
1004	curr_oset=validate_linked_tail(e_yy_OSET_TYPE,curr_tail);
1005	break;
1006	}
1007	if(curr_oset==NULL)
1008	goto error;
1009
1010	/* check if first one */
1011	if(tail_oset==NULL) {
1012	if(intersecting)
1013	tail_oset=validate_intersected_tail(curr_oset);
1014	else
1015	tail_oset=curr_oset;
1016	} else {
1017	abac_aspect_add_intersecting_aspect(tail_oset,curr_oset);
1018	}
1019	curr_tail=curr_tail->next;
1020	} /* while */
1021
1022	preprocess_pl_head(head_oset);
1023	preprocess_pl_tail(tail_oset);
1024
1025	/* XXX collect up type clauses, constraint clauses and
1026	generate rule clauses */
1027	abac_list_t *tmp=generate_pl_clauses(head_oset,tail_oset);
1028	if(tmp == NULL)
1029	goto error;
1030
1031	if(debug) {
1032	abac_print_aspect_string_with_condition(head_oset,NULL);
1033	printf("\n");
1034	abac_print_aspect_string_with_condition(tail_oset,NULL);
1035	printf("\n");
1036	}
1037
1038	_free_yy_expression(headexpr);
1039	_free_yy_expression(tailexpr);
1040	abac_rule_head_aspect=head_oset;
1041	abac_rule_tail_aspect=tail_oset;
1042	abac_rule_is_oset=1;
1043	return tmp;
1044
1045	error:
1046	_free_yy_expression(headexpr);
1047	_free_yy_expression(tailexpr);
1048	if(head_oset)
1049	abac_aspect_free(head_oset);
1050	if(tail_oset)
1051	abac_aspect_free(tail_oset);
1052	return NULL;
1053	}
1054
1055	/*****************************************************************************/
1056	abac_list_t validate_range(abac_list_t ptr)
1057	{
1058	abac_list_t *nlist=abac_list_new();
1059
1060	abac_item_t *nitem;
1061	abac_yy_range_t *cur;
1062	char *val;
1063	int type;
1064	abac_list_foreach(ptr, cur,
1065	if(cur) {
1066	type=cur->type;
1067	val=cur->val;
1068	if(type==e_yy_RANGE_MIN) nitem=abac_item_new(abac_min_item_type(),val);
1069	if(type==e_yy_RANGE_MAX) nitem=abac_item_new(abac_max_item_type(),val);
1070	if(type==e_yy_RANGE_TARGET) nitem=abac_item_new(abac_target_item_type(),val);
1071	abac_list_add(nlist,nitem);
1072	}
1073	);
1074	return nlist;
1075	}
1076
1077	/****************************************************************/
1078	void make_yy_range_constraint(abac_yy_term_data_t *ptr)
1079	{
1080	if(is_yy_term_data_type_numeric(ptr) \|\|
1081	is_yy_term_data_type_alpha(ptr) \|\|
1082	is_yy_term_data_type_time(ptr)) {
1083	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1084	if(rlist) {
1085	abac_list_t *nlist=validate_range(rlist);
1086	set_yy_term_data_cond_ptr(ptr,nlist);
1087	}
1088	}
1089	}
1090	/*****************************************************************************/
1091	/* build up the abac structure and also create the yap clause
1092	and insert it into db */
1093	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1094	abac_yy_expression_t *tailexpr)
1095	{
1096	abac_aspect_t *head_role=NULL;
1097	abac_aspect_t *tail_role=NULL;
1098
1099	/* build up left side's abac role structure */
1100	head_role=validate_head(e_yy_ROLE_TYPE,headexpr);
1101	if(head_role == NULL)
1102	goto error;
1103
1104	/* build up the right side's abac role structure */
1105	abac_yy_expression_t *curr_tail = tailexpr;
1106	int intersecting=(tailexpr->next != NULL)? 1:0;
1107	abac_aspect_t *curr_role = NULL;
1108	while (curr_tail) {
1109	switch(curr_tail->type) {
1110	case e_yy_EXPR_NAMED:
1111	curr_role=validate_named_tail(e_yy_ROLE_TYPE,curr_tail);
1112	break;
1113	case e_yy_EXPR_ROLE:
1114	curr_role=validate_some_tail(e_yy_ROLE_TYPE,curr_tail);
1115	break;
1116	case e_yy_EXPR_LINKED:
1117	curr_role=validate_linked_tail(e_yy_ROLE_TYPE,curr_tail);
1118	break;
1119	}
1120	if(curr_role==NULL)
1121	goto error;
1122
1123	/* check if first one */
1124	if(tail_role==NULL) {
1125	if(intersecting)
1126	tail_role=validate_intersected_tail(curr_role);
1127	else
1128	tail_role=curr_role;
1129	} else {
1130	abac_aspect_add_intersecting_aspect(tail_role,curr_role);
1131	}
1132	curr_tail=curr_tail->next;
1133	} /* while */
1134
1135	preprocess_pl_head(head_role);
1136	preprocess_pl_tail(tail_role);
1137
1138	/* collect up type clauses, constraint clauses and
1139	generate the final rule clauses */
1140	abac_list_t *tmp=generate_pl_clauses(head_role,tail_role);
1141	if(tmp == NULL)
1142	goto error;
1143
1144	if(debug) {
1145	abac_print_aspect_string_with_condition(head_role,NULL);
1146	printf("\n");
1147	abac_print_aspect_string_with_condition(tail_role,NULL);
1148	printf("\n");
1149	}
1150
1151	_free_yy_expression(headexpr);
1152	_free_yy_expression(tailexpr);
1153	abac_rule_head_aspect=head_role;
1154	abac_rule_tail_aspect=tail_role;
1155	abac_rule_is_oset=0;
1156	return tmp;
1157
1158	error:
1159	_free_yy_expression(headexpr);
1160	_free_yy_expression(tailexpr);
1161	if(head_role)
1162	abac_aspect_free(head_role);
1163	if(tail_role)
1164	abac_aspect_free(tail_role);
1165	return NULL;
1166	}
1167
1168	/************************************************************************/
1169	void abac_yy_init()
1170	{
1171	abac_yyinit();
1172	abac_yy_init_rule_id_clauses();
1173	}
1174
1175

Note: See TracBrowser for help on using the repository browser.

Download in other formats: