Context Navigation

source: libabac/abac_pl_yy.c @ d037f54

mei_rt2mei_rt2_fix_1

Last change on this file since d037f54 was d037f54, checked in by Mei <mei@…>, 12 years ago

1) able to programmatially build structure, bake attribute credential

write it out to a .der file and use prover to bring it back and
process just like other .der files.
-- tested with rt1 like policy without constraint.

2) changed abac_term structure alittle to ready it for 2 pass code

gen.

Property mode set to 100644

File size: 39.6 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	int using_this=0;
14
15	extern void panic(char*);
16
17	/* from abac_pl_gen.c */
18	extern char generate_pl_range_constraint(char ,char ,char ,char *);
19	extern char generate_pl_range_time_constraint(char ,char ,char );
20	extern abac_list_t generate_pl_clauses(abac_aspect_t , abac_aspect_t *);
21	extern char* generate_pl_constraint_clause(abac_aspect_t , char );
22	extern char generate_pl_type_clause(char , int);
23	/* from abac_pl_yap.c */
24	extern char abac_pl_add_range_constraint_clause(char var, char *tmplist);
25	/* from rt2.y */
26	extern void abac_yyinit();
27
28	int abac_yy_error_code = 0; /* keeping last error code */
29
30	int abac_rule_is_oset=0;
31	abac_list_t *abac_rule_clauses=NULL;
32	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
33	abac_aspect_t *abac_rule_head_aspect=NULL;
34	abac_aspect_t *abac_rule_tail_aspect=NULL;
35
36	/* to track id certs within a rule clause */
37	typedef struct _abac_yy_id_cert_t {
38	char *principalname;
39	int type; /* keyidtype */
40	char *clause;
41	} abac_yy_id_cert_t;
42	abac_list_t *abac_yy_id_certs = NULL;
43
44	/* structure to hold the range information
45	within a static constraints on few types of
46	oset types
47	[a..b], [a..], [..b], [a],[a,b],[many a]
48	e_yy_RANGE_MIN=1;
49	e_yy_RANGE_MAX=2;
50	e_yy_RANGE_TARGET=3;
51	*/
52	typedef struct _abac_yy_range_t {
53	int type;
54	char *val;
55	} abac_yy_range_t;
56
57	/* to track role/oset constraint clauses used within a rule clause,
58	collect them up in one place, these are for conjunction clauses */
59	typedef struct _abac_yy_constraint_t {
60	char *clause;
61	} abac_yy_constraint_t;
62	abac_list_t *abac_yy_constraints = NULL;
63
64	/* local principal structure [keyid:USC] */
65	struct _abac_yy_principal_t {
66	int type;
67	char *sha; // sha is null when this is of object type
68	char *cn;
69	};
70
71	/* [principal:?Z]:..., must match a principal name */
72	struct _abac_yy_term_principal_t {
73	int type; /* this needs to be implicitly determined */
74	int is_anonymous;
75	char *name;
76	char *cond_str;
77	void *cond_ptr; // ptr to a saved abac_aspect_t
78	abac_yy_expression_t *cond_head_expr;
79	};
80
81	/* integer,float,time,urn,string types,
82	if has condition, then it is a variable,
83	ie,
84	[int:?Year]:<1930..1932>,
85	if no condition, then it is a constant,
86	ie,
87	[int:10]
88	*/
89	struct _abac_yy_term_data_t {
90	int is_variable;
91	int is_anonymous;
92	int type;
93	char *name;
94	char *cond_str;
95	void *cond_ptr; // ptr to a saved abac_aspect_t
96	abac_list_t *cond_range;
97	abac_yy_expression_t *cond_head_expr; // parking stub
98	};
99
100	/* local term structure, will distinguish it in the future */
101	/* e_yy_DTERM_DATA, all other types
102	e_yy_DTERM_NAMED, keyid:bob
103	e_yy_DTERM_PRINCIPAL, principal:?P
104	e_yy_DTERM_ANONYMOUS ? */
105	struct _abac_yy_term_t {
106	union {
107	abac_yy_principal_t *n_ptr;
108	abac_yy_term_principal_t *p_ptr;
109	abac_yy_term_data_t *d_ptr;
110	} term;
111	int type;
112	struct _abac_yy_term_t *next;
113	int bcnt; /* this is to track number of terms in this linked up list */
114	};
115
116	/* local role/oset structure,
117	e_yy_NULL_TYPE, e_yy_ROLE_TYPE, e_yy_OSET_TYPE
118	*/
119	struct _abac_yy_roleoset_t {
120	int type;
121	char *name;
122	abac_yy_term_t *terms;
123	struct _abac_yy_roleoset_t *next;
124	int bcnt; /* this is to track number of roles in this linked up list */
125	};
126
127
128	/* A, A.r, A.r.r */
129	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
130	/* A/obj, A.o, A.r.o */
131	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
132	struct _abac_yy_expression_t {
133	int type;
134	union {
135	abac_yy_principal_t *principal;
136	abac_yy_term_data_t *object;
137	};
138	abac_yy_roleoset_t *linked_role;
139	abac_yy_roleoset_t *roleoset;
140
141	struct _abac_yy_expression_t *next;
142	int bcnt;
143	};
144
145	static void _free_yy_expression(abac_yy_expression_t *);
146
147	/************************************************************************/
148	void abac_yy_set_error_code(int v)
149	{
150	abac_yy_error_code=v;
151	}
152
153	/************************************************************************/
154	abac_stack_t *abac_yy_get_rule_id_clauses()
155	{
156	return abac_rule_id_clauses;
157	}
158
159	abac_stack_t *abac_yy_init_rule_id_clauses()
160	{
161	abac_rule_id_clauses=abac_stack_new();
162	return abac_rule_id_clauses;
163	}
164
165	void abac_yy_free_rule_id_clauses()
166	{
167	if (abac_rule_id_clauses != NULL)
168	abac_stack_free(abac_rule_id_clauses);
169	}
170
171	void abac_yy_set_rule_clauses(abac_list_t *clauses)
172	{
173	abac_rule_clauses=clauses;
174	if(debug) {
175	printf("printing out abac_rule_clauses:\n");
176	abac_print_clauses(abac_rule_clauses,NULL);
177	}
178	}
179
180	abac_list_t *abac_yy_get_rule_clauses()
181	{
182	return abac_rule_clauses;
183	}
184
185	void abac_yy_free_rule_clauses()
186	{
187	if (abac_rule_clauses != NULL) {
188	char *cur;
189	if(abac_yy_id_certs) {
190	abac_list_foreach(abac_yy_id_certs, cur,
191	if(cur) free(cur);
192	);
193	}
194	abac_list_free(abac_rule_clauses);
195	}
196	}
197
198	bool abac_yy_get_rule_is_oset()
199	{
200	return abac_rule_is_oset;
201	}
202
203	abac_aspect_t *abac_yy_get_rule_head_aspect()
204	{
205	return abac_rule_head_aspect;
206	}
207
208	abac_aspect_t *abac_yy_get_rule_tail_aspect()
209	{
210	return abac_rule_tail_aspect;
211	}
212
213
214	/************************************************************************/
215	void abac_yy_init_yy_id_certs()
216	{
217	abac_yy_id_certs = abac_list_new();
218	}
219
220	void abac_yy_free_yy_id_certs()
221	{
222	abac_yy_id_cert_t *id;
223	abac_list_foreach(abac_yy_id_certs, id,
224	if(id)
225	free(id->principalname);
226	free(id->clause);
227	free(id);
228	);
229	abac_list_free(abac_yy_id_certs);
230	abac_yy_id_certs = NULL;
231	}
232
233	int abac_yy_cnt_yy_id_certs()
234	{
235	return abac_list_size(abac_yy_id_certs);
236	}
237
238	char *abac_yy_string_yy_id_certs()
239	{
240	int first=1;
241	char *tmp=NULL;
242	abac_yy_id_cert_t *cur;
243	abac_list_foreach(abac_yy_id_certs, cur,
244	if(cur)
245	if(first) {
246	tmp=abac_xstrdup(cur->clause);
247	first=0;
248	} else {
249	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
250	}
251	);
252	return tmp;
253	}
254
255	static void _add_yy_id_certs(char *principalname, int type)
256	{
257	abac_yy_id_cert_t *id_cert=NULL;
258
259	if(debug) {
260	printf("add_yy_id_certs: adding --> (%s)\n", principalname);
261	}
262	int found=0;
263	abac_yy_id_cert_t *cur;
264	abac_list_foreach(abac_yy_id_certs, cur,
265	if(cur)
266	if(strcmp(cur->principalname,principalname)==0) {
267	found=1;
268	break;
269	}
270	);
271
272	if (found) {
273	return;
274	} else {
275	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
276	id_cert->principalname=abac_xstrdup(principalname);
277	id_cert->type=type;
278	if(USE("ABAC_CN")) {
279	id_cert->clause=generate_pl_type_clause(principalname,type);
280	} else {
281	int *tmp=NULL;
282	asprintf(&tmp,"p%s",principalname);
283	id_cert->clause=generate_pl_type_clause(tmp,type);
284	free(tmp);
285	}
286	abac_list_add(abac_yy_id_certs, id_cert);
287	}
288	}
289
290	/***********************************************************************/
291	static void _free_yy_cond_range(abac_list_t *ptr)
292	{
293	if (ptr != NULL) {
294	abac_yy_range_t *cur;
295	abac_list_foreach(ptr, cur,
296	if(cur && cur->val) free(cur->val);
297	free(cur);
298	);
299	abac_list_free(ptr);
300	}
301	}
302
303	static char _string_yy_cond_range(abac_list_t ptr)
304	{
305	assert(ptr);
306	char *tmp=NULL;
307	char *min=NULL;
308	char *max=NULL;
309	char *val=NULL;
310	int type;
311
312	abac_yy_range_t *cur;
313	abac_list_foreach(ptr, cur,
314	type=cur->type;
315	switch (type) {
316	case e_yy_RANGE_MIN:
317	min=abac_xstrdup(cur->val);
318	break;
319	case e_yy_RANGE_MAX:
320	max=abac_xstrdup(cur->val);
321	break;
322	case e_yy_RANGE_TARGET:
323	if(val)
324	asprintf(&val,"%s,%s",val,cur->val);
325	else val=abac_xstrdup(cur->val);
326	break;
327	}
328	);
329	if(max && min) {
330	asprintf(&tmp,"[%s..%s]",min,max);
331	free(max);
332	free(min);
333	return tmp;
334	}
335	if(max) {
336	asprintf(&tmp,"[..%s]",max);
337	free(max);
338	return tmp;
339	}
340	if(min) {
341	asprintf(&tmp,"[%s..]",min);
342	free(min);
343	return tmp;
344	}
345	if(val) {
346	asprintf(&tmp,"[%s]",val);
347	free(val);
348	return tmp;
349	}
350	return NULL;
351	}
352
353	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
354	{
355	abac_yy_range_t *range=
356	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
357	range->type=e_yy_RANGE_TARGET;
358	range->val=abac_xstrdup(val);
359	abac_list_add(ptr, range);
360	return ptr;
361	}
362
363	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
364	{
365	abac_yy_range_t *range=
366	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
367	range->type=type;
368	range->val=abac_xstrdup(val);
369	abac_list_add(ptr, range);
370	return ptr;
371	}
372
373	abac_list_t make_yy_val_range(char val)
374	{
375	abac_list_t *ptr=abac_list_new();
376	add_yy_val_range(ptr,val);
377	return ptr;
378	}
379
380	abac_list_t make_yy_minmax_range(char min, char *max)
381	{
382	abac_list_t *ptr=abac_list_new();
383	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
384	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
385	return ptr;
386	}
387
388	abac_list_t make_yy_min_range(char min)
389	{
390	abac_list_t *ptr=abac_list_new();
391	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
392	return ptr;
393	}
394
395	abac_list_t make_yy_max_range(char max)
396	{
397	abac_list_t *ptr=abac_list_new();
398	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
399	return ptr;
400	}
401
402	/***********************************************************************/
403	abac_yy_term_data_t *make_yy_term_data()
404	{
405	abac_yy_term_data_t *ptr=
406	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
407	ptr->name=NULL;
408	ptr->type=0;
409	ptr->is_variable=0;
410	ptr->is_anonymous=0;
411	ptr->cond_str=NULL;
412	ptr->cond_head_expr=NULL;
413	ptr->cond_ptr=NULL;
414	ptr->cond_range=NULL;
415	return ptr;
416	}
417
418	void set_yy_term_data_name(abac_yy_term_data_t ptr, char name)
419	{
420	ptr->name=abac_xstrdup(name);
421	}
422
423	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
424	{
425	return ptr->cond_range;
426	}
427
428	char get_yy_term_data_name(abac_yy_term_data_t ptr)
429	{
430	return ptr->name;
431	}
432
433	bool is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
434	{
435	if(ptr->cond_head_expr != NULL)
436	return 1;
437	if(ptr->cond_range != NULL)
438	return 1;
439	return 0;
440	}
441
442	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
443	abac_list_t *range)
444	{
445	ptr->cond_range=range;
446	}
447
448	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
449	abac_yy_expression_t *expr)
450	{
451	ptr->cond_head_expr=expr;
452	}
453
454	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
455	{
456	return ptr->cond_head_expr;
457	}
458
459	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
460	{
461	int type=abac_term_verify_term_type(typestr);
462	ptr->type=type;
463	}
464
465	void set_yy_term_data_is_anonymous(abac_yy_term_data_t *ptr)
466	{
467	ptr->is_anonymous=1;
468	}
469
470	bool is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
471	{
472	if(ptr->type==abac_term_verify_term_type("integer") \|\|
473	ptr->type==abac_term_verify_term_type("float"))
474	return 1;
475	return 0;
476	}
477
478	bool is_yy_term_data_type_time(abac_yy_term_data_t *ptr)
479	{
480	if(ptr->type==abac_term_verify_term_type("time"))
481	return 1;
482	return 0;
483	}
484
485	bool is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
486	{
487	if(ptr->type==abac_term_verify_term_type("string") \|\|
488	ptr->type==abac_term_verify_term_type("urn") \|\|
489	ptr->type==abac_term_verify_term_type("boolean"))
490	return 1;
491	return 0;
492	}
493
494	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
495	{
496	ptr->cond_ptr=vptr;
497	}
498
499	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
500	{
501	ptr->cond_str=abac_xstrdup(cond);
502	}
503
504	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
505	{
506	ptr->is_variable=1;
507	}
508
509	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
510	{
511	return ptr->is_variable;
512	}
513
514	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
515	{
516	free(ptr->name);
517	if(ptr->cond_str)
518	free(ptr->cond_str);
519	if(ptr->cond_head_expr)
520	_free_yy_expression(ptr->cond_head_expr);
521	if(ptr->cond_range);
522	_free_yy_cond_range(ptr->cond_range);
523	free(ptr);
524	}
525
526	abac_yy_term_principal_t *make_yy_term_principal()
527	{
528	abac_yy_term_principal_t *ptr=
529	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
530	ptr->type=0;/* this is not known */
531	ptr->is_anonymous=0;
532	ptr->name=NULL;
533	ptr->cond_str=NULL;
534	ptr->cond_head_expr=NULL;
535	return ptr;
536	}
537
538	static void _set_using_this()
539	{
540	using_this=1;
541	}
542
543	void set_yy_term_principal_name(abac_yy_term_principal_t ptr, char name)
544	{
545	/* handle special case when the name=this, change it to This */
546	if(strcmp(name,"this")==0) {
547	ptr->name=abac_xstrdup("This");
548	_set_using_this();
549	} else ptr->name=abac_xstrdup(name);
550	}
551
552	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
553	{
554	ptr->cond_ptr=vptr;
555	}
556
557	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
558	{
559	ptr->cond_str=abac_xstrdup(cond);
560	}
561
562	void set_yy_term_principal_is_anonymous(abac_yy_term_principal_t *ptr)
563	{
564	ptr->is_anonymous=1;
565	}
566
567	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
568	{
569	return ptr->cond_head_expr;
570	}
571
572	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
573	abac_yy_expression_t *expr)
574	{
575	ptr->cond_head_expr=expr;
576	}
577
578	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
579	{
580	free(ptr->name);
581	if(ptr->cond_str)
582	free(ptr->cond_str);
583	if(ptr->cond_head_expr)
584	_free_yy_expression(ptr->cond_head_expr);
585	free(ptr);
586	}
587
588	abac_yy_term_t *make_yy_term_dterm_anonymous()
589	{
590	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
591	ptr->type = e_yy_DTERM_ANONYMOUS;
592	ptr->next=NULL;
593	ptr->bcnt=1;
594	return ptr;
595	}
596
597	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
598	{
599	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
600	if(pptr->is_anonymous)
601	ptr->type = e_yy_DTERM_ANONYMOUS;
602	else ptr->type = e_yy_DTERM_PRINCIPAL;
603	ptr->term.p_ptr=pptr;
604	ptr->next=NULL;
605	ptr->bcnt=1;
606	return ptr;
607	}
608
609	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
610	{
611	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
612	ptr->type = e_yy_DTERM_NAMED;
613	ptr->term.n_ptr=nptr;
614	ptr->next=NULL;
615	ptr->bcnt=1;
616	return ptr;
617	}
618
619	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
620	{
621	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
622
623	if(dptr->is_anonymous)
624	ptr->type = e_yy_DTERM_ANONYMOUS;
625	else ptr->type = e_yy_DTERM_DATA;
626	ptr->term.d_ptr=dptr;
627	ptr->next=NULL;
628	ptr->bcnt=1;
629	return ptr;
630	}
631
632	/************************************************************************/
633	void abac_yy_init_yy_constraints()
634	{
635	abac_yy_constraints = abac_list_new();
636	}
637
638	void abac_yy_free_yy_constraints()
639	{
640	abac_yy_constraint_t *cur;
641	abac_list_foreach(abac_yy_constraints, cur,
642	if(cur && cur->clause)
643	free(cur->clause);
644	free(cur);
645	);
646	abac_list_free(abac_yy_constraints);
647	abac_yy_constraints=NULL;
648	}
649
650	int abac_yy_cnt_yy_constraints()
651	{
652	return abac_list_size(abac_yy_constraints);
653	}
654
655	char *abac_yy_string_yy_constraints()
656	{
657	int first=1;
658	char *tmp=NULL;
659	abac_yy_constraint_t *cur;
660	abac_list_foreach(abac_yy_constraints, cur,
661	if(cur && cur->clause)
662	if(first) {
663	tmp=abac_xstrdup(cur->clause);
664	first=0;
665	} else {
666	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
667	}
668	);
669	return tmp;
670	}
671
672	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
673	{
674	abac_yy_constraint_t *ptr=
675	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
676	ptr->clause=abac_xstrdup(constraint);
677	abac_list_add(abac_yy_constraints, ptr);
678	return ptr;
679	}
680
681	/****************************************************************************/
682	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
683	{
684	abac_yy_principal_t *ptr=
685	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
686	/* add p to yyparse's principal */
687	if(sha) ptr->sha=abac_xstrdup(sha);
688	else ptr->sha=NULL;
689	if(cn) ptr->cn=abac_xstrdup(cn);
690	else ptr->cn=NULL;
691	ptr->type=type;
692	return ptr;
693	}
694
695	static void _free_yy_principal(abac_yy_principal_t *ptr)
696	{
697	if(ptr->sha) free(ptr->sha);
698	if(ptr->cn) free(ptr->cn);
699	free(ptr);
700	}
701
702	int get_yy_principal_type(abac_yy_principal_t *ptr)
703	{
704	return ptr->type;
705	}
706
707	char get_yy_principal_name(abac_yy_principal_t ptr)
708	{
709	if(USE("ABAC_CN") && ptr->cn)
710	return ptr->cn;
711	return ptr->sha;
712	}
713
714	char get_yy_principal_cn(abac_yy_principal_t ptr)
715	{
716	return ptr->cn;
717	}
718
719	char get_yy_principal_sha(abac_yy_principal_t ptr)
720	{
721	return ptr->sha;
722	}
723
724	/*************************************************************************/
725
726	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
727	{
728	int i=terms->bcnt;
729	nterm->next=terms;
730	nterm->bcnt=i+1;
731	return nterm;
732	}
733
734	static void _free_yy_term(abac_yy_term_t *ptr)
735	{
736	switch (ptr->type) {
737	case e_yy_DTERM_DATA:
738	_free_yy_term_data(ptr->term.d_ptr);
739	break;
740	case e_yy_DTERM_NAMED:
741	_free_yy_principal(ptr->term.n_ptr);
742	break;
743	case e_yy_DTERM_PRINCIPAL:
744	_free_yy_term_principal(ptr->term.p_ptr);
745	break;
746	case e_yy_DTERM_ANONYMOUS:
747	break;
748	}
749	if(ptr->next)
750	_free_yy_term(ptr->next);
751	free(ptr);
752	}
753
754	/*************************************************************************/
755	abac_yy_roleoset_t make_yy_roleoset_role(char name, abac_yy_term_t *terms)
756	{
757	abac_yy_roleoset_t *ptr=
758	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
759	ptr->name=abac_xstrdup(name);
760	ptr->terms=terms;
761	ptr->next=NULL;
762	ptr->bcnt=1;
763	ptr->type=e_yy_ROLE_TYPE;
764	return ptr;
765	}
766
767	static void _free_yy_roleoset(abac_yy_roleoset_t *ptr)
768	{
769	free(ptr->name);
770	if(ptr->terms)
771	_free_yy_term(ptr->terms);
772	if(ptr->next)
773	_free_yy_roleoset(ptr->next);
774	free(ptr);
775	}
776
777	/***************************************************************************/
778	abac_yy_roleoset_t make_yy_roleoset_oset(char name, abac_yy_term_t *terms)
779	{
780	abac_yy_roleoset_t *ptr=
781	(abac_yy_roleoset_t*)abac_xmalloc(sizeof(abac_yy_roleoset_t));
782	ptr->name=abac_xstrdup(name);
783	ptr->terms=terms;
784	ptr->next=NULL;
785	ptr->bcnt=1;
786	ptr->type=e_yy_OSET_TYPE;
787	return ptr;
788	}
789
790	/***************************************************************************/
791
792	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
793
794	abac_yy_expression_t make_yy_expression(int type,void pptr,
795	abac_yy_roleoset_t optr, abac_yy_roleoset_t linked_role)
796	{
797	abac_yy_expression_t *ptr=
798	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
799	ptr->type = type;
800	if(type == e_yy_EXPR_OBJECT) {
801	ptr->object=(abac_yy_term_data_t *)pptr;
802	} else {
803	ptr->principal = (abac_yy_principal_t *)pptr;
804	}
805	ptr->roleoset = optr;
806	ptr->linked_role=linked_role;
807	ptr->next=NULL;
808
809	return ptr;
810	}
811
812	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
813	{
814	if(ptr->type == e_yy_EXPR_OBJECT)
815	return ptr->object;
816	return NULL;
817	}
818
819	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
820	abac_yy_expression_t *exprs)
821	{
822	int i=exprs->bcnt;
823	nexpr->next=exprs;
824	nexpr->bcnt=i+1;
825	return nexpr;
826	}
827
828	static void _free_yy_expression(abac_yy_expression_t *ptr)
829	{
830	if(ptr->type == e_yy_EXPR_OBJECT) {
831	if(ptr->object)
832	_free_yy_term_data(ptr->object);
833	} else {
834	if(ptr->principal)
835	_free_yy_principal(ptr->principal);
836	}
837	if(ptr->roleoset) _free_yy_roleoset(ptr->roleoset);
838	if(ptr->linked_role)
839	_free_yy_roleoset(ptr->linked_role);
840	if(ptr->next)
841	_free_yy_expression(ptr->next);
842
843	free(ptr);
844	}
845
846	/***************************************************************************/
847	/* add the oset condition to constraint list */
848	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
849	{
850	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
851	if(head_expr) {
852	abac_aspect_t *head_aspect=validate_head(e_yy_OSET_TYPE,head_expr);
853	if(head_aspect == NULL)
854	goto error;
855
856	char *tmp=generate_pl_constraint_clause(head_aspect,tail_string);
857	set_yy_term_data_cond_str(ptr,tmp);
858	set_yy_term_data_cond_ptr(ptr,head_aspect);
859	abac_yy_add_yy_constraints(tmp);
860	return tmp;
861	}
862
863	error:
864	return NULL;
865	}
866	/* add the role condition to constraint list */
867	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
868	{
869	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
870	if(head_expr) {
871	abac_aspect_t *head_aspect=validate_head(e_yy_ROLE_TYPE,head_expr);
872	if(head_aspect == NULL)
873	goto error;
874
875	char *tmp=generate_pl_constraint_clause(head_aspect,tail_string);
876	set_yy_term_principal_cond_str(ptr,tmp);
877	set_yy_term_principal_cond_ptr(ptr,head_aspect);
878	abac_yy_add_yy_constraints(tmp);
879	if(debug) {
880	printf("make_yy_role_constraint, adding (%s) \n",tmp);
881	}
882	return tmp;
883	}
884
885	error:
886	return NULL;
887	}
888
889
890	/****************************************************************/
891	/* add the range condition to constraint list */
892	/* this is for integer and float only */
893	void make_yy_range_numeric_constraint(abac_yy_term_data_t ptr, char var)
894	{
895	char *typestr=abac_termtype_string(ptr->type);
896	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
897	char *tmplist=NULL;
898	char *tmp=NULL;
899	int as_range=1; /* either , or ; */
900	if(rlist) {
901	char *rstring=_string_yy_cond_range(rlist);
902	set_yy_term_data_cond_str(ptr,rstring);
903	abac_yy_range_t *cur;
904
905	/* a list of values -- in chars */
906	abac_list_foreach(rlist, cur,
907	int type=cur->type;
908	char *val=cur->val;
909	switch(type) {
910	case e_yy_RANGE_MIN:
911	tmp=generate_pl_range_constraint(typestr,var,val,">=");
912	break;
913	case e_yy_RANGE_MAX:
914	tmp=generate_pl_range_constraint(typestr,var,val,"=<");
915	break;
916	case e_yy_RANGE_TARGET:
917	tmp=generate_pl_range_constraint(NULL,var,val,"=");
918	as_range=0;
919	break;
920	}
921	/* ; is prolog's disjunction built in predicate */
922	if(tmplist) {
923	if(as_range)
924	asprintf(&tmplist,"%s,%s",tmplist,tmp);
925	else
926	asprintf(&tmplist,"%s;%s",tmplist,tmp);
927	} else {
928	tmplist=tmp;
929	}
930	tmp=NULL;
931	);
932	asprintf(&tmplist,"(%s)",tmplist);
933	abac_yy_add_yy_constraints(tmplist);
934	}
935	}
936
937	/****************************************************************/
938	/* this is for time only */
939	void make_yy_range_time_constraint(abac_yy_term_data_t ptr, char var)
940	{
941	char *typestr=abac_termtype_string(ptr->type);
942	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
943	char *tmplist=NULL;
944	char *tmp=NULL;
945	char *ttmp=NULL;
946	char *tlist=NULL;
947	int as_range=1; /* either , or ; */
948	if(rlist) {
949	char *rstring=_string_yy_cond_range(rlist);
950	set_yy_term_data_cond_str(ptr,rstring);
951	abac_yy_range_t *cur;
952
953	/* a list of values -- in chars */
954	abac_list_foreach(rlist, cur,
955	int type=cur->type;
956	char *tval=cur->val;
957	char *val=abac_term_to_time(tval);
958	switch(type) {
959	case e_yy_RANGE_MIN:
960	ttmp=generate_pl_range_time_constraint(var,val,">");
961	tmp=generate_pl_range_time_constraint(var,val,"=");
962	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
963	tmp=tlist;
964	break;
965	case e_yy_RANGE_MAX:
966	ttmp=generate_pl_range_time_constraint(var,val,"=");
967	tmp=generate_pl_range_time_constraint(var,val,"<");
968	asprintf(&tlist,"(%s;%s)",ttmp,tmp);
969	tmp=tlist;
970	break;
971	case e_yy_RANGE_TARGET:
972	tmp=generate_pl_range_time_constraint(var,val,"=");
973	as_range=0;
974	break;
975	}
976	free(val);
977	/* ; is prolog's disjunction built in predicate */
978	if(tmplist) {
979	if(as_range)
980	asprintf(&tmplist,"%s,%s",tmplist,tmp);
981	else
982	asprintf(&tmplist,"%s;%s",tmplist,tmp);
983	} else {
984	tmplist=tmp;
985	}
986	tmp=NULL;
987	);
988
989	asprintf(&tmplist,"(%s)",tmplist);
990	/* generate a clause with above and add into db */
991	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
992	abac_yy_add_yy_constraints(tmp);
993	}
994	}
995
996	/****************************************************************/
997	/* this is for string and urn only */
998	void make_yy_range_string_constraint(abac_yy_term_data_t ptr, char var)
999	{
1000	char *typestr=abac_termtype_string(ptr->type);
1001	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1002	char *tmplist=NULL;
1003	char *tmp=NULL;
1004	if(rlist) {
1005	char *rstring=_string_yy_cond_range(rlist);
1006	set_yy_term_data_cond_str(ptr,rstring);
1007	abac_yy_range_t *cur;
1008
1009	/* a list of values -- in chars */
1010	abac_list_foreach(rlist, cur,
1011	int type=cur->type;
1012	char *val=cur->val;
1013	switch(type) {
1014	case e_yy_RANGE_MIN:
1015	panic("make_yy_range_string_constraint, invalid range type - min");
1016	break;
1017	case e_yy_RANGE_MAX:
1018	/* invalid range type */
1019	panic("make_yy_range_string_constraint, invalid range type - max");
1020	break;
1021	case e_yy_RANGE_TARGET:
1022	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1023	break;
1024	}
1025	/* ; is prolog's disjunction built in predicate */
1026	if(tmplist)
1027	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1028	else tmplist=tmp;
1029	tmp=NULL;
1030	);
1031	asprintf(&tmplist,"(%s)",tmplist);
1032	/* generate a clause with above and add into db */
1033	tmp=abac_pl_add_range_constraint_clause(var,tmplist);
1034	abac_yy_add_yy_constraints(tmp);
1035	}
1036	}
1037
1038	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
1039	{
1040	if(is_yy_term_data_type_numeric(ptr)) {
1041	make_yy_range_numeric_constraint(ptr, var);
1042	} else if (is_yy_term_data_type_alpha(ptr)) {
1043	make_yy_range_string_constraint(ptr, var);
1044	} else if (is_yy_term_data_type_time(ptr)) {
1045	make_yy_range_time_constraint(ptr, var);
1046	}
1047	}
1048
1049
1050	/************************************************************************/
1051
1052	static void _aspect_add_terms(int linked, abac_aspect_t *aspect_ptr,
1053	abac_yy_term_t *terms)
1054	{
1055	abac_yy_term_t *curr = terms;
1056	int type;
1057	int isnamed;
1058	char *name;
1059	char *cond;
1060	void *ptr;
1061
1062	while (curr) {
1063	name=NULL;
1064	cond=NULL;
1065	ptr=NULL;
1066	isnamed=0;
1067	switch (curr->type) {
1068	case e_yy_DTERM_DATA:
1069	{
1070	abac_yy_term_data_t *dptr=curr->term.d_ptr;
1071	type=dptr->type;
1072	name=abac_xstrdup(dptr->name);
1073	if(dptr->cond_str) {
1074	cond=abac_xstrdup(dptr->cond_str);
1075	ptr=dptr->cond_ptr;
1076	}
1077	break;
1078	}
1079	case e_yy_DTERM_PRINCIPAL:
1080	{
1081	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
1082	type=abac_term_verify_term_type("principal");
1083	name=abac_xstrdup(pptr->name);
1084	if(pptr->cond_str) {
1085	cond=abac_xstrdup(pptr->cond_str);
1086	ptr=pptr->cond_ptr;
1087	}
1088	break;
1089	}
1090	case e_yy_DTERM_NAMED:
1091	{
1092	abac_yy_principal_t *pptr=curr->term.n_ptr;
1093	type=pptr->type;
1094	name=abac_xstrdup(get_yy_principal_name(pptr));
1095	isnamed=1;
1096	break;
1097	}
1098	case e_yy_DTERM_ANONYMOUS:
1099	{
1100	type=abac_term_verify_term_type("anonymous");
1101	name=abac_xstrdup("_");
1102	break;
1103	}
1104	}
1105	abac_term_t *param=NULL;
1106	if(isnamed)
1107	param=abac_term_named_new(type,name);
1108	else param=abac_term_new(type,name,cond,ptr);
1109	if (linked)
1110	abac_aspect_add_linked_param(aspect_ptr, param);
1111	else
1112	abac_aspect_add_param(aspect_ptr, param);
1113	curr=curr->next;
1114	}
1115	}
1116
1117	static void _aspect_add_linked_terms(abac_aspect_t ptr, abac_yy_term_t terms)
1118	{
1119	int linked=1;
1120	_aspect_add_terms(linked, ptr, terms);
1121	}
1122
1123	static void _aspect_add_aspect_terms(abac_aspect_t ptr, abac_yy_term_t terms)
1124	{
1125	int linked=0;
1126	_aspect_add_terms(linked, ptr, terms);
1127	}
1128
1129	abac_aspect_t validate_intersected_tail(abac_aspect_t ptr)
1130	{
1131	abac_aspect_t *ret_ptr=abac_aspect_intersection_new(ptr);
1132	return ret_ptr;
1133	}
1134
1135	/* A.oset, A.role */
1136	abac_aspect_t validate_head(int yytype, abac_yy_expression_t expr)
1137	{
1138	abac_yy_principal_t *principal=expr->principal;
1139	abac_yy_roleoset_t *ptr=expr->roleoset;
1140
1141	char *principalname=get_yy_principal_sha(principal);
1142	char *othername=get_yy_principal_name(principal);
1143	char *name=ptr->name;
1144	abac_yy_term_t *terms=ptr->terms;
1145
1146	abac_aspect_t *aptr=NULL;
1147	if(yytype==e_yy_OSET_TYPE)
1148	aptr=abac_aspect_oset_new(principalname, name);
1149	else aptr=abac_aspect_role_new(principalname, name);
1150
1151	if (aptr==NULL) {
1152	abac_yy_set_error_code(ABAC_YY_INVALID_HEAD);
1153	goto error;
1154	}
1155
1156	// insert the params for the oset
1157	if(terms) {
1158	_aspect_add_aspect_terms(aptr, terms);
1159	}
1160	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1161	return aptr;
1162
1163	error:
1164	return NULL;
1165	}
1166
1167	abac_aspect_t validate_head_oset(abac_yy_expression_t expr)
1168	{
1169	return validate_head(e_yy_OSET_TYPE,expr);
1170	}
1171
1172	abac_aspect_t validate_head_role(abac_yy_expression_t expr)
1173	{
1174	return validate_head(e_yy_ROLE_TYPE,expr);
1175	}
1176
1177	/*****************************************************************************/
1178	/* B */
1179	abac_aspect_t validate_named_tail(int yytype, abac_yy_expression_t expr)
1180	{
1181	abac_yy_principal_t *principal=expr->principal;
1182	char *principalname=get_yy_principal_sha(principal);
1183	char *othername=get_yy_principal_name(principal);
1184
1185	abac_aspect_t *ptr=NULL;
1186	if(yytype==e_yy_OSET_TYPE)
1187	ptr=abac_aspect_oset_principal_new(principalname);
1188	else ptr=abac_aspect_role_principal_new(principalname);
1189	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1190	if (ptr==NULL)
1191	goto error;
1192	return ptr;
1193
1194	error:
1195	panic("can not generate a simple named tail oset aspect");
1196	return NULL;
1197	}
1198
1199
1200	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
1201	abac_aspect_t validate_object_tail(int yytype,abac_yy_expression_t expr)
1202	{
1203	abac_yy_term_data_t *object=get_yy_expression_object(expr);
1204	assert(object != NULL);
1205
1206	char *name=object->name;
1207	int type=object->type;
1208	char *cond=object->cond_str;
1209	void *ptr=object->cond_ptr;
1210	abac_term_t *term=abac_term_new(type,name,cond,ptr);
1211	abac_aspect_t *aptr=NULL;
1212	if(yytype==e_yy_OSET_TYPE)
1213	aptr=abac_aspect_oset_object_new(term);
1214	else
1215	goto error; /* can not be a role expression with obj */
1216
1217	if(get_yy_term_data_is_variable(object))
1218	_add_yy_id_certs(name,type);
1219
1220	if (aptr==NULL)
1221	goto error;
1222	return aptr;
1223
1224	error:
1225	panic("can not generate a simple object tail oset aspect");
1226	return NULL;
1227	}
1228
1229
1230	/* B.role or B.oset */
1231	abac_aspect_t validate_some_tail(int yytype, abac_yy_expression_t expr)
1232	{
1233	abac_yy_principal_t *principal=expr->principal;
1234	abac_yy_roleoset_t *eptr=expr->roleoset;
1235
1236	char *principalname=get_yy_principal_sha(principal);
1237	char *othername=get_yy_principal_name(principal);
1238
1239	char *name=eptr->name;
1240	abac_yy_term_t *terms=eptr->terms;
1241
1242	abac_aspect_t *ptr=NULL;
1243	if(yytype==e_yy_OSET_TYPE)
1244	ptr=abac_aspect_oset_new(principalname, name);
1245	else
1246	ptr=abac_aspect_role_new(principalname, name);
1247	if (ptr==NULL)
1248	goto error;
1249
1250	if(terms) {
1251	_aspect_add_aspect_terms(ptr, terms);
1252	}
1253
1254	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1255
1256	return ptr;
1257
1258	error:
1259	panic("can not generate a simple tail aspect");
1260	return NULL;
1261	}
1262
1263	/* B.role.role or B.role.oset */
1264	abac_aspect_t validate_linked_tail(int yytype, abac_yy_expression_t expr)
1265	{
1266	abac_yy_principal_t *principal=expr->principal;
1267
1268	abac_yy_roleoset_t *eptr=expr->roleoset;
1269	abac_yy_roleoset_t *linked_role=expr->linked_role;
1270
1271	char *principalname=get_yy_principal_sha(principal);
1272	char *othername=get_yy_principal_name(principal);
1273
1274	char *name=eptr->name;
1275	abac_yy_term_t *terms=eptr->terms;
1276
1277	char *linkedrolename=linked_role->name;
1278	abac_yy_term_t *linked_terms=linked_role->terms;
1279
1280	abac_aspect_t *ptr=NULL;
1281	if(yytype==e_yy_OSET_TYPE)
1282	ptr=abac_aspect_oset_linking_new(principalname,
1283	linkedrolename, name);
1284	else ptr=abac_aspect_role_linking_new(principalname,
1285	linkedrolename, name);
1286	if (ptr==NULL)
1287	goto error;
1288
1289	if(linked_terms) {
1290	_aspect_add_linked_terms(ptr, linked_terms);
1291	}
1292	if(terms) {
1293	_aspect_add_aspect_terms(ptr, terms);
1294	}
1295
1296	_add_yy_id_certs(othername,get_yy_principal_type(principal));
1297
1298	return ptr;
1299
1300	error:
1301	panic("can not generate linked tail oset");
1302	return NULL;
1303	}
1304
1305
1306	/**********************************************************************/
1307
1308	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
1309	abac_yy_expression_t *tailexpr)
1310	{
1311	abac_aspect_t *head_oset=NULL;
1312	abac_aspect_t *tail_oset=NULL;
1313
1314	/* build up left side's abac oset structure */
1315	head_oset=validate_head(e_yy_OSET_TYPE, headexpr);
1316	if(head_oset == NULL)
1317	goto error;
1318
1319	/* build up the right side's abac oset structure */
1320	abac_yy_expression_t *curr_tail = tailexpr;
1321	int intersecting=(tailexpr->next != NULL)? 1:0;
1322	abac_aspect_t *curr_oset = NULL;
1323	while (curr_tail) {
1324	switch(curr_tail->type) {
1325	case e_yy_EXPR_OBJECT:
1326	curr_oset=validate_object_tail(e_yy_OSET_TYPE,curr_tail);
1327	break;
1328	case e_yy_EXPR_NAMED:
1329	curr_oset=validate_named_tail(e_yy_OSET_TYPE,curr_tail);
1330	break;
1331	case e_yy_EXPR_OSET:
1332	curr_oset=validate_some_tail(e_yy_OSET_TYPE,curr_tail);
1333	break;
1334	case e_yy_EXPR_LINKED:
1335	curr_oset=validate_linked_tail(e_yy_OSET_TYPE,curr_tail);
1336	break;
1337	}
1338	if(curr_oset==NULL)
1339	goto error;
1340
1341	/* check if first one */
1342	if(tail_oset==NULL) {
1343	if(intersecting)
1344	tail_oset=validate_intersected_tail(curr_oset);
1345	else
1346	tail_oset=curr_oset;
1347	} else {
1348	abac_aspect_add_intersecting_aspect(tail_oset,curr_oset);
1349	}
1350	curr_tail=curr_tail->next;
1351	} /* while */
1352
1353	/* XXX collect up type clauses, constraint clauses and
1354	generate rule clauses */
1355	abac_list_t *tmp=generate_pl_clauses(head_oset,tail_oset);
1356	if(tmp == NULL)
1357	goto error;
1358
1359	if(debug) {
1360	abac_print_aspect_string_with_condition(head_oset,NULL);
1361	printf("\n");
1362	abac_print_aspect_string_with_condition(tail_oset,NULL);
1363	printf("\n");
1364	}
1365
1366	_free_yy_expression(headexpr);
1367	_free_yy_expression(tailexpr);
1368	abac_rule_head_aspect=head_oset;
1369	abac_rule_tail_aspect=tail_oset;
1370	abac_rule_is_oset=1;
1371	return tmp;
1372
1373	error:
1374	_free_yy_expression(headexpr);
1375	_free_yy_expression(tailexpr);
1376	if(head_oset)
1377	abac_aspect_free(head_oset);
1378	if(tail_oset)
1379	abac_aspect_free(tail_oset);
1380	return NULL;
1381	}
1382
1383	/*****************************************************************************/
1384	/* build up the abac structure and also create the yap clause
1385	and insert it into db */
1386	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1387	abac_yy_expression_t *tailexpr)
1388	{
1389	abac_aspect_t *head_role=NULL;
1390	abac_aspect_t *tail_role=NULL;
1391
1392	/* build up left side's abac role structure */
1393	head_role=validate_head(e_yy_ROLE_TYPE,headexpr);
1394	if(head_role == NULL)
1395	goto error;
1396
1397	/* build up the right side's abac role structure */
1398	abac_yy_expression_t *curr_tail = tailexpr;
1399	int intersecting=(tailexpr->next != NULL)? 1:0;
1400	abac_aspect_t *curr_role = NULL;
1401	while (curr_tail) {
1402	switch(curr_tail->type) {
1403	case e_yy_EXPR_NAMED:
1404	curr_role=validate_named_tail(e_yy_ROLE_TYPE,curr_tail);
1405	break;
1406	case e_yy_EXPR_ROLE:
1407	curr_role=validate_some_tail(e_yy_ROLE_TYPE,curr_tail);
1408	break;
1409	case e_yy_EXPR_LINKED:
1410	curr_role=validate_linked_tail(e_yy_ROLE_TYPE,curr_tail);
1411	break;
1412	}
1413	if(curr_role==NULL)
1414	goto error;
1415
1416	/* check if first one */
1417	if(tail_role==NULL) {
1418	if(intersecting)
1419	tail_role=validate_intersected_tail(curr_role);
1420	else
1421	tail_role=curr_role;
1422	} else {
1423	abac_aspect_add_intersecting_aspect(tail_role,curr_role);
1424	}
1425	curr_tail=curr_tail->next;
1426	} /* while */
1427
1428	/* collect up type clauses, constraint clauses and
1429	generate the final rule clauses */
1430	abac_list_t *tmp=generate_pl_clauses(head_role,tail_role);
1431	if(tmp == NULL)
1432	goto error;
1433
1434	if(debug) {
1435	abac_print_aspect_string_with_condition(head_role,NULL);
1436	printf("\n");
1437	abac_print_aspect_string_with_condition(tail_role,NULL);
1438	printf("\n");
1439	}
1440
1441	_free_yy_expression(headexpr);
1442	_free_yy_expression(tailexpr);
1443	abac_rule_head_aspect=head_role;
1444	abac_rule_tail_aspect=tail_role;
1445	abac_rule_is_oset=0;
1446	return tmp;
1447
1448	error:
1449	_free_yy_expression(headexpr);
1450	_free_yy_expression(tailexpr);
1451	if(head_role)
1452	abac_aspect_free(head_role);
1453	if(tail_role)
1454	abac_aspect_free(tail_role);
1455	return NULL;
1456	}
1457
1458	/************************************************************************/
1459	void abac_yy_init()
1460	{
1461	abac_yyinit();
1462	abac_yy_init_rule_id_clauses();
1463	abac_yy_init_yy_id_certs();
1464	abac_yy_init_yy_constraints();
1465	}
1466
1467

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac_pl_yy.c @ d037f54

Download in other formats: