Context Navigation

source: libabac/abac_pl_yy.c @ de22a7e

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since de22a7e was de22a7e, checked in by Ted Faber <faber@…>, 12 years ago
Need another extern declaration.
Property mode set to `100644`
File size: 40.0 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	extern void panic(char*);
14
15	/* from abac_pl_gen.c */
16	extern char generate_pl_range_constraint(char ,char ,char ,char *);
17	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
18	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
19	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
20	extern char* generate_pl_role_constraint_clause(abac_role_t , char );
21	extern char generate_pl_type_clause(char , int);
22	/* from abac_pl_yap.c */
23	extern char abac_pl_add_string_range_constraint_clause(char var,
24	char *tmplist);
25	/* from rt2.y */
26	extern void abac_yyinit();
27
28	int abac_yy_error_code = 0; /* keeping last error code */
29
30	int abac_rule_is_oset=0;
31	abac_list_t *abac_rule_clauses=NULL;
32	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
33	abac_role_t *abac_rule_head_role=NULL;
34	abac_role_t *abac_rule_tail_role=NULL;
35	abac_oset_t *abac_rule_head_oset=NULL;
36	abac_oset_t *abac_rule_tail_oset=NULL;
37
38	/* to track id certs within a rule clause */
39	typedef struct _abac_yy_id_cert_t {
40	char *principalname;
41	int type; /* keyidtype */
42	char *clause;
43	} abac_yy_id_cert_t;
44	abac_list_t *abac_yy_id_certs = NULL;
45
46	/* structure to hold the range information
47	within a static constraints on few types of
48	oset types
49	[a..b], [a..], [..b], [a],[a,b],[many a]
50	e_yy_RANGE_MIN=1;
51	e_yy_RANGE_MAX=2;
52	e_yy_RANGE_TARGET=3;
53	*/
54	typedef struct _abac_yy_range_t {
55	int type;
56	char *val;
57	} abac_yy_range_t;
58
59	/* to track role/oset constraint clauses used within a rule clause,
60	collect them up in one place, these are for conjunction clauses */
61	typedef struct _abac_yy_constraint_t {
62	char *clause;
63	} abac_yy_constraint_t;
64	abac_list_t *abac_yy_constraints = NULL;
65
66	/* local principal structure [keyid:USC] */
67	struct _abac_yy_principal_t {
68	int type;
69	char *sha; // sha is null when this is of object type
70	char *cn;
71	};
72
73	/* [principal:?Z]:..., must match a principal name */
74	struct _abac_yy_term_principal_t {
75	int type; /* this needs to be implicitly determined */
76	char *name;
77	char *cond_str;
78	void *cond_ptr; // ptr to a saved abac_role_t
79	abac_yy_expression_t *cond_head_expr;
80	};
81
82	/* integer,float,time,urn,string types,
83	if has condition, then it is a variable,
84	ie,
85	[int:?Year]:<1930..1932>,
86	if no condition, then it is a constant,
87	ie,
88	[int:10]
89	*/
90	struct _abac_yy_term_data_t {
91	int is_variable;
92	int type;
93	char *name;
94	char *cond_str;
95	void *cond_ptr; // ptr to a saved abac_oset_t
96	abac_list_t *cond_range;
97	abac_yy_expression_t *cond_head_expr; // parking stub
98	};
99
100	/* local term structure, will distinguish it in the future */
101	/* e_yy_DTERM_DATA, all other types
102	e_yy_DTERM_NAMED, keyid:bob
103	e_yy_DTERM_PRINCIPAL, principal:?P
104	e_yy_DTERM_ANONYMOUS ? */
105	struct _abac_yy_term_t {
106	union {
107	abac_yy_principal_t *n_ptr;
108	abac_yy_term_principal_t *p_ptr;
109	abac_yy_term_data_t *d_ptr;
110	} term;
111	int type;
112	struct _abac_yy_term_t *next;
113	int bcnt; /* this is to track number of terms in this linked up list */
114	};
115
116	/* local role structure */
117	struct _abac_yy_role_t {
118	int type;
119	char *name;
120	abac_yy_term_t *terms;
121	struct _abac_yy_role_t *next;
122	int bcnt; /* this is to track number of roles in this linked up list */
123	};
124
125	/* local oset structure */
126	struct _abac_yy_oset_t {
127	int type;
128	char *name;
129	abac_yy_term_t *terms;
130	struct _abac_yy_oset_t *next;
131	int bcnt; /* this is to track number of oset in this linked up list */
132	};
133
134	/* A, A.r, A.r.r */
135	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
136	/* A/obj, A.o, A.r.o */
137	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
138	struct _abac_yy_expression_t {
139	int type;
140	union {
141	abac_yy_principal_t *principal;
142	abac_yy_term_data_t *object;
143	};
144	abac_yy_role_t *linked_role;
145	union {
146	abac_yy_role_t *role;
147	abac_yy_oset_t *oset;
148	};
149	struct _abac_yy_expression_t *next;
150	int bcnt;
151	};
152
153	static void _free_yy_expression(abac_yy_expression_t *);
154
155	/************************************************************************/
156	void abac_yy_set_error_code(int v)
157	{
158	abac_yy_error_code=v;
159	}
160
161	/************************************************************************/
162	abac_stack_t *abac_yy_get_rule_id_clauses()
163	{
164	return abac_rule_id_clauses;
165	}
166
167	abac_stack_t *abac_yy_init_rule_id_clauses()
168	{
169	abac_rule_id_clauses=abac_stack_new();
170	return abac_rule_id_clauses;
171	}
172
173	void abac_yy_free_rule_id_clauses()
174	{
175	if (abac_rule_id_clauses != NULL)
176	abac_stack_free(abac_rule_id_clauses);
177	}
178
179	void abac_yy_set_rule_clauses(abac_list_t *clauses)
180	{
181	abac_rule_clauses=clauses;
182	if(debug) {
183	printf("printing out abac_rule_clauses:\n");
184	abac_print_clauses(abac_rule_clauses,NULL);
185	}
186	}
187
188	abac_list_t *abac_yy_get_rule_clauses()
189	{
190	return abac_rule_clauses;
191	}
192
193	void abac_yy_free_rule_clauses()
194	{
195	if (abac_rule_clauses != NULL) {
196	char *cur;
197	abac_list_foreach(abac_yy_id_certs, cur,
198	if(cur) free(cur);
199	);
200	abac_list_free(abac_rule_clauses);
201	}
202	}
203
204	int abac_yy_get_rule_is_oset()
205	{
206	return abac_rule_is_oset;
207	}
208
209	abac_role_t *abac_yy_get_rule_head_role()
210	{
211	return abac_rule_head_role;
212	}
213
214	abac_role_t *abac_yy_get_rule_tail_role()
215	{
216	return abac_rule_tail_role;
217	}
218
219	abac_oset_t *abac_yy_get_rule_head_oset()
220	{
221	return abac_rule_head_oset;
222	}
223
224	abac_oset_t *abac_yy_get_rule_tail_oset()
225	{
226	return abac_rule_tail_oset;
227	}
228
229
230	/************************************************************************/
231	void abac_yy_init_yy_id_certs()
232	{
233	abac_yy_id_certs = abac_list_new();
234	}
235
236	void abac_yy_free_yy_id_certs()
237	{
238	abac_yy_id_cert_t *id;
239	abac_list_foreach(abac_yy_id_certs, id,
240	if(id)
241	free(id->principalname);
242	free(id->clause);
243	free(id);
244	);
245	abac_list_free(abac_yy_id_certs);
246	abac_yy_id_certs = NULL;
247	}
248
249	int abac_yy_cnt_yy_id_certs()
250	{
251	return abac_list_size(abac_yy_id_certs);
252	}
253
254	char *abac_yy_string_yy_id_certs()
255	{
256	int first=1;
257	char *tmp=NULL;
258	abac_yy_id_cert_t *cur;
259	abac_list_foreach(abac_yy_id_certs, cur,
260	if(cur)
261	if(first) {
262	tmp=abac_xstrdup(cur->clause);
263	first=0;
264	} else {
265	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
266	}
267	);
268	return tmp;
269	}
270
271	static void _add_yy_id_certs(char *principalname, int type)
272	{
273	abac_yy_id_cert_t *id_cert=NULL;
274
275	int found=0;
276	abac_yy_id_cert_t *cur;
277	abac_list_foreach(abac_yy_id_certs, cur,
278	if(cur)
279	if(strcmp(cur->principalname,principalname)==0) {
280	found=1;
281	break;
282	}
283	);
284
285	if (found) {
286	return;
287	} else {
288	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
289	id_cert->principalname=abac_xstrdup(principalname);
290	id_cert->type=type;
291	id_cert->clause=generate_pl_type_clause(principalname,type);
292	abac_list_add(abac_yy_id_certs, id_cert);
293	}
294	}
295
296	/***********************************************************************/
297	static void _free_yy_cond_range(abac_list_t *ptr)
298	{
299	if (ptr != NULL) {
300	abac_yy_range_t *cur;
301	abac_list_foreach(ptr, cur,
302	if(cur && cur->val) free(cur->val);
303	free(cur);
304	);
305	abac_list_free(ptr);
306	}
307	}
308
309	static char _string_yy_cond_range(abac_list_t ptr)
310	{
311	assert(ptr);
312	char *tmp=NULL;
313	char *min=NULL;
314	char *max=NULL;
315	char *val=NULL;
316	int type;
317
318	abac_yy_range_t *cur;
319	abac_list_foreach(ptr, cur,
320	type=cur->type;
321	switch (type) {
322	case e_yy_RANGE_MIN:
323	min=strdup(cur->val);
324	break;
325	case e_yy_RANGE_MAX:
326	max=strdup(cur->val);
327	break;
328	case e_yy_RANGE_TARGET:
329	if(val)
330	asprintf(&val,"%s,%s",val,cur->val);
331	else val=strdup(cur->val);
332	break;
333	}
334	);
335	if(max && min) {
336	asprintf(&tmp,"[%s..%s]",min,max);
337	free(max);
338	free(min);
339	return tmp;
340	}
341	if(max) {
342	asprintf(&tmp,"[..%s]",max);
343	free(max);
344	return tmp;
345	}
346	if(min) {
347	asprintf(&tmp,"[%s..]",min);
348	free(min);
349	return tmp;
350	}
351	if(val) {
352	asprintf(&tmp,"[%s]",val);
353	free(val);
354	return tmp;
355	}
356	return NULL;
357	}
358
359	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
360	{
361	abac_yy_range_t *range=
362	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
363	range->type=e_yy_RANGE_TARGET;
364	range->val=strdup(val);
365	abac_list_add(ptr, range);
366	return ptr;
367	}
368
369	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
370	{
371	abac_yy_range_t *range=
372	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
373	range->type=type;
374	range->val=strdup(val);
375	abac_list_add(ptr, range);
376	return ptr;
377	}
378
379	abac_list_t make_yy_val_range(char val)
380	{
381	abac_list_t *ptr=abac_list_new();
382	add_yy_val_range(ptr,val);
383	return ptr;
384	}
385
386	abac_list_t make_yy_minmax_range(char min, char *max)
387	{
388	abac_list_t *ptr=abac_list_new();
389	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
390	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
391	return ptr;
392	}
393
394	abac_list_t make_yy_min_range(char min)
395	{
396	abac_list_t *ptr=abac_list_new();
397	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
398	return ptr;
399	}
400
401	abac_list_t make_yy_max_range(char max)
402	{
403	abac_list_t *ptr=abac_list_new();
404	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
405	return ptr;
406	}
407
408	/***********************************************************************/
409	abac_yy_term_data_t make_yy_term_data(char name)
410	{
411	abac_yy_term_data_t *ptr=
412	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
413	ptr->name=abac_xstrdup(name);
414	ptr->type=0;
415	ptr->is_variable=0;
416	ptr->cond_str=NULL;
417	ptr->cond_head_expr=NULL;
418	ptr->cond_ptr=NULL;
419	ptr->cond_range=NULL;
420	return ptr;
421	}
422
423	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
424	{
425	return ptr->cond_range;
426	}
427
428	char get_yy_term_data_name(abac_yy_term_data_t ptr)
429	{
430	return ptr->name;
431	}
432
433	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
434	{
435	if(ptr->cond_head_expr != NULL)
436	return 1;
437	if(ptr->cond_range != NULL)
438	return 1;
439	return 0;
440	}
441
442	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
443	abac_list_t *range)
444	{
445	ptr->cond_range=range;
446	}
447
448	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
449	abac_yy_expression_t *expr)
450	{
451	ptr->cond_head_expr=expr;
452	}
453
454	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
455	{
456	return ptr->cond_head_expr;
457	}
458
459	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
460	{
461	int type=abac_term_verify_term_type(typestr);
462	ptr->type=type;
463	}
464
465	int is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
466	{
467	if(ptr->type==abac_term_verify_term_type("integer") \|\|
468	ptr->type==abac_term_verify_term_type("float"))
469	return 1;
470	return 0;
471	}
472
473	int is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
474	{
475	if(ptr->type==abac_term_verify_term_type("string") \|\|
476	ptr->type==abac_term_verify_term_type("urn"))
477	return 1;
478	return 0;
479	}
480
481	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
482	{
483	ptr->cond_ptr=vptr;
484	}
485
486	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
487	{
488	ptr->cond_str=strdup(cond);
489	}
490
491	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
492	{
493	ptr->is_variable=1;
494	}
495
496	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
497	{
498	return ptr->is_variable;
499	}
500
501	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
502	{
503	free(ptr->name);
504	if(ptr->cond_str)
505	free(ptr->cond_str);
506	if(ptr->cond_head_expr)
507	_free_yy_expression(ptr->cond_head_expr);
508	if(ptr->cond_range);
509	_free_yy_cond_range(ptr->cond_range);
510	free(ptr);
511	}
512
513	abac_yy_term_principal_t make_yy_term_principal(char name)
514	{
515	abac_yy_term_principal_t *ptr=
516	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
517	ptr->type=0;/* this is not known */
518	ptr->name=abac_xstrdup(name);
519	ptr->cond_str=NULL;
520	ptr->cond_head_expr=NULL;
521	return ptr;
522	}
523
524	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
525	{
526	ptr->cond_ptr=vptr;
527	}
528
529	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
530	{
531	ptr->cond_str=abac_xstrdup(cond);
532	}
533
534	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
535	{
536	return ptr->cond_head_expr;
537	}
538
539	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
540	abac_yy_expression_t *expr)
541	{
542	ptr->cond_head_expr=expr;
543	}
544
545	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
546	{
547	free(ptr->name);
548	if(ptr->cond_str)
549	free(ptr->cond_str);
550	if(ptr->cond_head_expr)
551	_free_yy_expression(ptr->cond_head_expr);
552	free(ptr);
553	}
554
555	abac_yy_term_t *make_yy_term_dterm_anonymous()
556	{
557	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
558	ptr->type = e_yy_DTERM_ANONYMOUS;
559	ptr->next=NULL;
560	ptr->bcnt=1;
561	return ptr;
562	}
563
564	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
565	{
566	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
567	ptr->type = e_yy_DTERM_PRINCIPAL;
568	ptr->term.p_ptr=pptr;
569	ptr->next=NULL;
570	ptr->bcnt=1;
571	return ptr;
572	}
573
574	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
575	{
576	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
577	ptr->type = e_yy_DTERM_NAMED;
578	ptr->term.n_ptr=nptr;
579	ptr->next=NULL;
580	ptr->bcnt=1;
581	return ptr;
582	}
583
584	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
585	{
586	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
587	ptr->type = e_yy_DTERM_DATA;
588	ptr->term.d_ptr=dptr;
589	ptr->next=NULL;
590	ptr->bcnt=1;
591	return ptr;
592	}
593
594	/************************************************************************/
595	void abac_yy_init_yy_constraints()
596	{
597	abac_yy_constraints = abac_list_new();
598	}
599
600	void abac_yy_free_yy_constraints()
601	{
602	abac_yy_constraint_t *cur;
603	abac_list_foreach(abac_yy_constraints, cur,
604	if(cur && cur->clause)
605	free(cur->clause);
606	free(cur);
607	);
608	abac_list_free(abac_yy_constraints);
609	abac_yy_constraints=NULL;
610	}
611
612	int abac_yy_cnt_yy_constraints()
613	{
614	return abac_list_size(abac_yy_constraints);
615	}
616
617	char *abac_yy_string_yy_constraints()
618	{
619	int first=1;
620	char *tmp=NULL;
621	abac_yy_constraint_t *cur;
622	abac_list_foreach(abac_yy_constraints, cur,
623	if(cur && cur->clause)
624	if(first) {
625	tmp=abac_xstrdup(cur->clause);
626	first=0;
627	} else {
628	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
629	}
630	);
631	return tmp;
632	}
633
634	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
635	{
636	abac_yy_constraint_t *ptr=
637	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
638	ptr->clause=strdup(constraint);
639	abac_list_add(abac_yy_constraints, ptr);
640	return ptr;
641	}
642
643	/****************************************************************************/
644	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
645	{
646	abac_yy_principal_t *ptr=
647	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
648	ptr->sha=abac_xstrdup(sha);
649	ptr->cn=abac_xstrdup(cn);
650	ptr->type=type;
651	return ptr;
652	}
653
654	static void _free_yy_principal(abac_yy_principal_t *ptr)
655	{
656	free(ptr->sha);
657	if(ptr->cn)
658	free(ptr->cn);
659	free(ptr);
660	}
661
662	int get_yy_principal_type(abac_yy_principal_t *ptr)
663	{
664	return ptr->type;
665	}
666
667	char get_yy_principal_principalname(abac_yy_principal_t ptr)
668	{
669	if(ptr->sha == NULL)
670	return ptr->cn;
671	return ptr->sha;
672	}
673
674	/*************************************************************************/
675
676	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
677	{
678	int i=terms->bcnt;
679	nterm->next=terms;
680	nterm->bcnt=i+1;
681	return nterm;
682	}
683
684	static void _free_yy_term(abac_yy_term_t *ptr)
685	{
686	switch (ptr->type) {
687	case e_yy_DTERM_DATA:
688	_free_yy_term_data(ptr->term.d_ptr);
689	break;
690	case e_yy_DTERM_NAMED:
691	_free_yy_principal(ptr->term.n_ptr);
692	break;
693	case e_yy_DTERM_PRINCIPAL:
694	_free_yy_term_principal(ptr->term.p_ptr);
695	break;
696	case e_yy_DTERM_ANONYMOUS:
697	break;
698	}
699	if(ptr->next)
700	_free_yy_term(ptr->next);
701	free(ptr);
702	}
703
704	/*************************************************************************/
705
706	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
707	{
708	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
709	ptr->name=abac_xstrdup(name);
710	ptr->terms=terms;
711	ptr->next=NULL;
712	ptr->bcnt=1;
713	return ptr;
714	}
715
716	static void _free_yy_role(abac_yy_role_t *ptr)
717	{
718	free(ptr->name);
719	if(ptr->terms)
720	_free_yy_term(ptr->terms);
721	if(ptr->next)
722	_free_yy_role(ptr->next);
723	free(ptr);
724	}
725
726	/***************************************************************************/
727	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
728	{
729	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
730	ptr->name=abac_xstrdup(name);
731	ptr->terms=terms;
732	ptr->next=NULL;
733	ptr->bcnt=1;
734	return ptr;
735	}
736
737	static void _free_yy_oset(abac_yy_oset_t *ptr)
738	{
739	free(ptr->name);
740	if(ptr->terms)
741	_free_yy_term(ptr->terms);
742	if(ptr->next)
743	_free_yy_oset(ptr->next);
744	free(ptr);
745	}
746	/***************************************************************************/
747
748	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
749
750	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
751	{
752	abac_yy_expression_t *ptr=
753	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
754	ptr->type = type;
755	if(type == e_yy_EXPR_OBJECT) {
756	ptr->object=(abac_yy_term_data_t *)pptr;
757	} else {
758	ptr->principal = (abac_yy_principal_t *)pptr;
759	}
760	if(type == e_yy_EXPR_OSET)
761	ptr->oset = (abac_yy_oset_t *) optr;
762	else
763	ptr->role = (abac_yy_role_t *) optr;
764	ptr->linked_role=linked_role;
765	ptr->next=NULL;
766
767	return ptr;
768	}
769
770	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
771	{
772	if(ptr->type == e_yy_EXPR_OBJECT)
773	return ptr->object;
774	return NULL;
775	}
776
777	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
778	abac_yy_expression_t *exprs)
779	{
780	int i=exprs->bcnt;
781	nexpr->next=exprs;
782	nexpr->bcnt=i+1;
783	return nexpr;
784	}
785
786	static void _free_yy_expression(abac_yy_expression_t *ptr)
787	{
788	if(ptr->type == e_yy_EXPR_OBJECT) {
789	if(ptr->object)
790	_free_yy_term_data(ptr->object);
791	} else {
792	if(ptr->principal)
793	_free_yy_principal(ptr->principal);
794	}
795	if(ptr->type == e_yy_EXPR_OSET) {
796	if(ptr->oset)
797	_free_yy_oset(ptr->oset);
798	} else {
799	if(ptr->role)
800	_free_yy_role(ptr->role);
801	}
802	if(ptr->linked_role)
803	_free_yy_role(ptr->linked_role);
804	if(ptr->next)
805	_free_yy_expression(ptr->next);
806
807	free(ptr);
808	}
809
810	/***************************************************************************/
811	static void _oset_add_terms(int linked, abac_oset_t *oset,
812	abac_yy_term_t *terms)
813	{
814	abac_yy_term_t *curr = terms;
815	int type;
816	char *name=NULL;
817	char *cond=NULL;
818	void *ptr=NULL;
819	while (curr) {
820	switch (curr->type) {
821	case e_yy_DTERM_DATA:
822	{
823	abac_yy_term_data_t *ptr=curr->term.d_ptr;
824	type=ptr->type;
825	name=abac_xstrdup(ptr->name);
826	cond=abac_xstrdup(ptr->cond_str);
827	ptr=ptr->cond_ptr;
828	break;
829	}
830	case e_yy_DTERM_PRINCIPAL:
831	{
832	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
833	type=abac_term_verify_term_type("principal");
834	name=abac_xstrdup(ptr->name);
835	cond=abac_xstrdup(ptr->cond_str);
836	ptr=ptr->cond_ptr;
837	break;
838	}
839	case e_yy_DTERM_NAMED:
840	{
841	abac_yy_principal_t *ptr=curr->term.n_ptr;
842	type=ptr->type;
843	/* XXX should be switching to sha in the future */
844	name=abac_xstrdup(ptr->cn);
845	cond=NULL;
846	ptr=NULL;
847	break;
848	}
849	case e_yy_DTERM_ANONYMOUS:
850	{
851	type=0;
852	name=abac_xstrdup("_");
853	cond=NULL;
854	ptr=NULL;
855	break;
856	}
857	}
858
859	abac_term_t *param=abac_term_new(type,name,cond,ptr);
860	if (linked)
861	abac_oset_oset_add_linked_param(oset, param);
862	else
863	abac_oset_oset_add_param(oset, param);
864	curr=curr->next;
865	}
866	}
867
868	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
869	{
870	int linked=1;
871	_oset_add_terms(linked, oset, terms);
872	}
873
874	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
875	{
876	int linked=0;
877	_oset_add_terms(linked, oset, terms);
878	}
879
880
881	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
882	{
883	abac_oset_t *ret_oset=NULL;
884	abac_list_t *prereqs = abac_list_new();
885	abac_list_add(prereqs, oset);
886	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
887	return ret_oset;
888	}
889
890	/* A.oset */
891	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
892	{
893	abac_yy_principal_t *principal=expr->principal;
894	abac_yy_oset_t *oset=expr->oset;
895
896	char *principalname=get_yy_principal_principalname(principal);
897	char *osetname=oset->name;
898	abac_yy_term_t *terms=oset->terms;
899
900	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
901	if (ret_oset==NULL) {
902	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
903	goto error;
904	}
905	if (!abac_oset_is_oset(ret_oset)) {
906	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
907	goto error;
908	}
909	// insert the params for the oset
910	if(terms) {
911	_oset_add_oset_terms(ret_oset, terms);
912	}
913	_add_yy_id_certs(principal->cn,principal->type);
914
915	return ret_oset;
916
917	error:
918	return NULL;
919	}
920
921	/* B */
922	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
923	{
924	abac_yy_principal_t *principal=expr->principal;
925	char *principalname=principal->sha;
926	abac_oset_t *ret_oset=NULL;
927
928	ret_oset = abac_oset_principal_new(principalname);
929
930	_add_yy_id_certs(principal->cn,principal->type);
931
932	if (ret_oset==NULL)
933	goto error;
934	return ret_oset;
935
936	error:
937	panic("can not generate a simple named tail oset");
938	return NULL;
939	}
940
941
942	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
943	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
944	{
945	abac_yy_term_data_t *object=get_yy_expression_object(expr);
946	assert(object != NULL);
947
948	char *name=object->name;
949	int type=object->type;
950	char *cond=object->cond_str;
951	void *ptr=object->cond_ptr;
952	abac_term_t *term=abac_term_new(type,name,cond,ptr);
953	abac_oset_t *ret_oset=abac_oset_object_new(term);
954
955	if(get_yy_term_data_is_variable(object))
956	_add_yy_id_certs(name,type);
957
958	if (ret_oset==NULL)
959	goto error;
960	return ret_oset;
961
962	error:
963	panic("can not generate a simple object tail oset");
964	return NULL;
965	}
966
967
968	/* B.oset */
969	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
970	{
971	abac_yy_principal_t *principal=expr->principal;
972	abac_yy_oset_t *oset=expr->oset;
973
974	char *principalname=principal->sha;
975
976	char *osetname=oset->name;
977	abac_yy_term_t *terms=oset->terms;
978
979	int ret;
980	abac_oset_t *ret_oset=NULL;
981
982	ret_oset = abac_oset_oset_new(principalname, osetname);
983	if (ret_oset==NULL)
984	goto error;
985
986	if(terms) {
987	_oset_add_oset_terms(ret_oset, terms);
988	}
989
990	_add_yy_id_certs(principal->cn,principal->type);
991
992	return ret_oset;
993
994	error:
995	panic("can not generate a simple tail oset");
996	return NULL;
997	}
998
999	/* B.role.oset */
1000	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
1001	{
1002	abac_yy_principal_t *principal=expr->principal;
1003	abac_yy_oset_t *oset=expr->oset;
1004	abac_yy_role_t *linked_role=expr->linked_role;
1005
1006	char *principalname=principal->sha;
1007
1008	char *osetname=oset->name;
1009	abac_yy_term_t *terms=oset->terms;
1010
1011	char *linkedrolename=linked_role->name;
1012	abac_yy_term_t *linked_terms=linked_role->terms;
1013
1014	int ret;
1015	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
1016	linkedrolename, osetname);
1017	if (ret_oset==NULL)
1018	goto error;
1019
1020	if(linked_terms) {
1021	_oset_add_linked_terms(ret_oset, linked_terms);
1022	}
1023	if(terms) {
1024	_oset_add_oset_terms(ret_oset, terms);
1025	}
1026
1027	_add_yy_id_certs(principal->cn,principal->type);
1028
1029	return ret_oset;
1030
1031	error:
1032	panic("can not generate linked tail oset");
1033	return NULL;
1034	}
1035
1036
1037
1038	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
1039	abac_yy_expression_t *tailexpr)
1040	{
1041	abac_oset_t *head_oset=NULL;
1042	abac_oset_t *tail_oset=NULL;
1043
1044	/* build up left side's abac oset structure */
1045	head_oset=validate_head_oset(headexpr);
1046	if(head_oset == NULL)
1047	goto error;
1048
1049	/* build up the right side's abac oset structure */
1050	abac_yy_expression_t *curr_tail = tailexpr;
1051	int intersecting=(tailexpr->next != NULL)? 1:0;
1052	abac_oset_t *curr_oset = NULL;
1053	while (curr_tail) {
1054	switch(curr_tail->type) {
1055	case e_yy_EXPR_OBJECT:
1056	curr_oset=validate_object_tail_oset(curr_tail);
1057	break;
1058	case e_yy_EXPR_NAMED:
1059	curr_oset=validate_named_tail_oset(curr_tail);
1060	break;
1061	case e_yy_EXPR_OSET:
1062	curr_oset=validate_oset_tail_oset(curr_tail);
1063	break;
1064	case e_yy_EXPR_LINKED:
1065	curr_oset=validate_linked_tail_oset(curr_tail);
1066	break;
1067	}
1068	if(curr_oset==NULL)
1069	goto error;
1070
1071	/* check if first one */
1072	if(tail_oset==NULL) {
1073	if(intersecting)
1074	tail_oset=validate_intersected_tail_oset(curr_oset);
1075	else
1076	tail_oset=curr_oset;
1077	} else {
1078	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
1079	}
1080	curr_tail=curr_tail->next;
1081	} /* while */
1082
1083	/* XXX collect up type clauses, constraint clauses and
1084	generate rule clauses */
1085	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
1086	if(tmp == NULL)
1087	goto error;
1088
1089	if(debug) {
1090	abac_print_oset_string_with_condition(head_oset,NULL);
1091	abac_print_oset_string_with_condition(tail_oset,NULL);
1092	}
1093
1094	_free_yy_expression(headexpr);
1095	_free_yy_expression(tailexpr);
1096	abac_rule_head_oset=head_oset;
1097	abac_rule_tail_oset=tail_oset;
1098	abac_rule_is_oset=1;
1099	return tmp;
1100
1101	error:
1102	_free_yy_expression(headexpr);
1103	_free_yy_expression(tailexpr);
1104	if(head_oset)
1105	abac_oset_free(head_oset);
1106	if(tail_oset)
1107	abac_oset_free(tail_oset);
1108	return NULL;
1109	}
1110
1111	/****************************************************************/
1112	static void _role_add_terms(int linked, abac_role_t *role,
1113	abac_yy_term_t *terms)
1114	{
1115	abac_yy_term_t *curr = terms;
1116	int type;
1117	char *name=NULL;
1118	char *cond=NULL;
1119	void *ptr=NULL;
1120	while (curr) {
1121	switch (curr->type) {
1122	case e_yy_DTERM_DATA:
1123	{
1124	abac_yy_term_data_t *pptr=curr->term.d_ptr;
1125	type=pptr->type;
1126	name=abac_xstrdup(pptr->name);
1127	cond=abac_xstrdup(pptr->cond_str);
1128	ptr=pptr->cond_ptr;
1129	break;
1130	}
1131	case e_yy_DTERM_PRINCIPAL:
1132	{
1133	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
1134	type=abac_term_verify_term_type("principal");
1135	name=abac_xstrdup(pptr->name);
1136	cond=abac_xstrdup(pptr->cond_str);
1137	ptr=pptr->cond_ptr;
1138	break;
1139	}
1140	case e_yy_DTERM_NAMED:
1141	{
1142	abac_yy_principal_t *pptr=curr->term.n_ptr;
1143	type=pptr->type;
1144	/* XXX should be switching to sha in the future */
1145	name=abac_xstrdup(pptr->cn);
1146	cond=NULL;
1147	ptr=NULL;
1148	break;
1149	}
1150	case e_yy_DTERM_ANONYMOUS:
1151	{
1152	type=0;
1153	name=abac_xstrdup("_");
1154	cond=NULL;
1155	ptr=NULL;
1156	break;
1157	}
1158	}
1159
1160	abac_term_t *param=abac_term_new(type,name,cond,ptr);
1161	if (linked)
1162	abac_role_role_add_linked_param(role, param);
1163	else
1164	abac_role_role_add_param(role, param);
1165	curr=curr->next;
1166	}
1167	}
1168
1169	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
1170	{
1171	int linked=1;
1172	_role_add_terms(linked, role, terms);
1173	}
1174
1175	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
1176	{
1177	int linked=0;
1178	_role_add_terms(linked, role, terms);
1179	}
1180
1181
1182	abac_role_t validate_intersected_tail_role(abac_role_t role)
1183	{
1184	abac_role_t *ret_role=NULL;
1185	abac_list_t *prereqs = abac_list_new();
1186	abac_list_add(prereqs, role);
1187	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
1188	return ret_role;
1189	}
1190
1191	abac_role_t validate_head_role(abac_yy_expression_t expr)
1192	{
1193	abac_yy_principal_t *principal=expr->principal;
1194	abac_yy_role_t *role=expr->role;
1195
1196	char *principalname=get_yy_principal_principalname(principal);
1197	char *rolename=role->name;
1198	abac_yy_term_t *terms=role->terms;
1199	abac_role_t *ret_role=NULL;
1200
1201	ret_role=abac_role_role_new(principalname, rolename);
1202	if (ret_role==NULL) {
1203	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
1204	goto error;
1205	}
1206	if (!abac_role_is_role(ret_role)) {
1207	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
1208	goto error;
1209	}
1210	// insert the params for the role
1211	if(terms) {
1212	_role_add_role_terms(ret_role, terms);
1213	}
1214
1215	_add_yy_id_certs(principal->cn,principal->type);
1216
1217	return ret_role;
1218
1219	error:
1220	return NULL;
1221	}
1222
1223	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
1224	{
1225	abac_yy_principal_t *principal=expr->principal;
1226	char *principalname=get_yy_principal_principalname(principal);
1227	abac_role_t *ret_role=NULL;
1228
1229	ret_role = abac_role_principal_new(principalname);
1230	_add_yy_id_certs(principal->cn,principal->type);
1231
1232	if (ret_role==NULL)
1233	goto error;
1234	return ret_role;
1235
1236	error:
1237	panic("can not generate a simple named tail role");
1238	return NULL;
1239	}
1240
1241	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
1242	{
1243	abac_yy_principal_t *principal=expr->principal;
1244	abac_yy_role_t *role=expr->role;
1245
1246	char *principalname=get_yy_principal_principalname(principal);
1247
1248	char *rolename=role->name;
1249	abac_yy_term_t *terms=role->terms;
1250
1251	int ret;
1252	abac_role_t *ret_role=NULL;
1253
1254	ret_role = abac_role_role_new(principalname, rolename);
1255	if (ret_role==NULL)
1256	goto error;
1257
1258	if(terms) {
1259	_role_add_role_terms(ret_role, terms);
1260	}
1261
1262	_add_yy_id_certs(principal->cn,principal->type);
1263
1264	return ret_role;
1265
1266	error:
1267	panic("can not generate a simple tail role");
1268	return NULL;
1269	}
1270	/* need to validate/generate a linked role out of this */
1271	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
1272	{
1273	abac_yy_principal_t *principal=expr->principal;
1274	abac_yy_role_t *role=expr->role;
1275	abac_yy_role_t *linked_role=expr->linked_role;
1276
1277	char *principalname=get_yy_principal_principalname(principal);
1278
1279	char *rolename=role->name;
1280	abac_yy_term_t *terms=role->terms;
1281
1282	char *linkedrolename=linked_role->name;
1283	abac_yy_term_t *linked_terms=linked_role->terms;
1284
1285	int ret;
1286	abac_role_t *ret_role=NULL;
1287
1288	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
1289	if (ret_role==NULL)
1290	goto error;
1291
1292	if(linked_terms) {
1293	_role_add_linked_terms(ret_role, linked_terms);
1294	}
1295	if(terms) {
1296	_role_add_role_terms(ret_role, terms);
1297	}
1298
1299	_add_yy_id_certs(principal->cn,principal->type);
1300
1301	return ret_role;
1302
1303	error:
1304	panic("can not generate linked tail role");
1305	return NULL;
1306	}
1307
1308	/***********************************************************************/
1309	/* add the condition to constraint list */
1310	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
1311	{
1312	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
1313	if(head_expr) {
1314	abac_oset_t *head_oset=validate_head_oset(head_expr);
1315	if(head_oset == NULL)
1316	goto error;
1317
1318	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
1319	set_yy_term_data_cond_str(ptr,tmp);
1320	set_yy_term_data_cond_ptr(ptr,head_oset);
1321	abac_yy_add_yy_constraints(tmp);
1322	return tmp;
1323	}
1324	return NULL;
1325	error:
1326	return NULL;
1327	}
1328
1329	/****************************************************************/
1330	/* add the range condition to constraint list */
1331	/* this is for integer and float only */
1332	void make_yy_range_numeric_constraint(abac_yy_term_data_t ptr, char var)
1333	{
1334	char *typestr=abac_term_type(ptr->type);
1335	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1336	char *tmplist=NULL;
1337	char *tmp=NULL;
1338	int as_range=1; /* either , or ; */
1339	if(rlist) {
1340	char *rstring=_string_yy_cond_range(rlist);
1341	set_yy_term_data_cond_str(ptr,rstring);
1342	abac_yy_range_t *cur;
1343
1344	/* a list of values -- in chars */
1345	abac_list_foreach(rlist, cur,
1346	int type=cur->type;
1347	char *val=cur->val;
1348	switch(type) {
1349	case e_yy_RANGE_MIN:
1350	tmp=generate_pl_range_constraint(typestr,var,val,">");
1351	break;
1352	case e_yy_RANGE_MAX:
1353	tmp=generate_pl_range_constraint(typestr,var,val,"<");
1354	break;
1355	case e_yy_RANGE_TARGET:
1356	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1357	as_range=0;
1358	break;
1359	}
1360	/* ; is prolog's disjunction built in predicate */
1361	if(tmplist) {
1362	if(as_range)
1363	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1364	else
1365	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1366	} else {
1367	tmplist=tmp;
1368	}
1369	tmp=NULL;
1370	);
1371	asprintf(&tmplist,"(%s)",tmplist);
1372	abac_yy_add_yy_constraints(tmplist);
1373	}
1374	}
1375
1376	/****************************************************************/
1377	/* this is for string and urn only */
1378	void make_yy_range_string_constraint(abac_yy_term_data_t ptr, char var)
1379	{
1380	char *typestr=abac_term_type(ptr->type);
1381	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1382	char *tmplist=NULL;
1383	char *tmp=NULL;
1384	if(rlist) {
1385	char *rstring=_string_yy_cond_range(rlist);
1386	set_yy_term_data_cond_str(ptr,rstring);
1387	abac_yy_range_t *cur;
1388
1389	/* a list of values -- in chars */
1390	abac_list_foreach(rlist, cur,
1391	int type=cur->type;
1392	char *val=cur->val;
1393	switch(type) {
1394	case e_yy_RANGE_MIN:
1395	panic("make_yy_range_string_constraint, invalid range type - min");
1396	break;
1397	case e_yy_RANGE_MAX:
1398	/* invalid range type */
1399	panic("make_yy_range_string_constraint, invalid range type - max");
1400	break;
1401	case e_yy_RANGE_TARGET:
1402	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1403	break;
1404	}
1405	/* ; is prolog's disjunction built in predicate */
1406	if(tmplist)
1407	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1408	else tmplist=tmp;
1409	tmp=NULL;
1410	);
1411	asprintf(&tmplist,"(%s)",tmplist);
1412	/* generate a clause with above and add into db */
1413	tmp=abac_pl_add_string_range_constraint_clause(var,tmplist);
1414	abac_yy_add_yy_constraints(tmp);
1415	}
1416	}
1417
1418	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
1419	{
1420	if(is_yy_term_data_type_numeric(ptr)) {
1421	make_yy_range_numeric_constraint(ptr, var);
1422	} else if (is_yy_term_data_type_alpha(ptr)) {
1423	make_yy_range_string_constraint(ptr, var);
1424	}
1425	/*
1426	} else if (is_yy_term_data_type_time(ptr)) {
1427	make_yy_range_time_constraint(ptr, var);
1428	}
1429	*/
1430	}
1431
1432	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
1433	{
1434	char *tmp=NULL;
1435	abac_role_t *head_role=NULL;
1436
1437	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
1438	/* build up left side's abac role constraint structure */
1439	head_role=validate_head_role(head_expr);
1440	if(head_role == NULL)
1441	goto error;
1442
1443	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
1444	set_yy_term_principal_cond_str(ptr,tmp);
1445	set_yy_term_principal_cond_ptr(ptr,head_role);
1446	abac_yy_add_yy_constraints(tmp);
1447	return tmp;
1448
1449	error:
1450	return NULL;
1451	}
1452
1453	/* build up the abac structure and also create the yap clause
1454	and insert it into db */
1455	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1456	abac_yy_expression_t *tailexpr)
1457	{
1458	abac_role_t *head_role=NULL;
1459	abac_role_t *tail_role=NULL;
1460
1461	/* build up left side's abac role structure */
1462	head_role=validate_head_role(headexpr);
1463	if(head_role == NULL)
1464	goto error;
1465
1466	/* build up the right side's abac role structure */
1467	abac_yy_expression_t *curr_tail = tailexpr;
1468	int intersecting=(tailexpr->next != NULL)? 1:0;
1469	abac_role_t *curr_role = NULL;
1470	while (curr_tail) {
1471	switch(curr_tail->type) {
1472	case e_yy_EXPR_NAMED:
1473	curr_role=validate_named_tail_role(curr_tail);
1474	break;
1475	case e_yy_EXPR_ROLE:
1476	curr_role=validate_role_tail_role(curr_tail);
1477	break;
1478	case e_yy_EXPR_LINKED:
1479	curr_role=validate_linked_tail_role(curr_tail);
1480	break;
1481	}
1482	if(curr_role==NULL)
1483	goto error;
1484
1485	/* check if first one */
1486	if(tail_role==NULL) {
1487	if(intersecting)
1488	tail_role=validate_intersected_tail_role(curr_role);
1489	else
1490	tail_role=curr_role;
1491	} else {
1492	abac_role_add_intersecting_role(tail_role,curr_role);
1493	}
1494	curr_tail=curr_tail->next;
1495	} /* while */
1496
1497	/* collect up type clauses, constraint clases and
1498	generate the final rule clauses */
1499	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
1500	if(tmp == NULL)
1501	goto error;
1502
1503	if(debug) {
1504	abac_print_role_string_with_condition(head_role,NULL);
1505	abac_print_role_string_with_condition(tail_role,NULL);
1506	}
1507
1508	_free_yy_expression(headexpr);
1509	_free_yy_expression(tailexpr);
1510	abac_rule_head_role=head_role;
1511	abac_rule_tail_role=tail_role;
1512	abac_rule_is_oset=0;
1513	return tmp;
1514
1515	error:
1516	_free_yy_expression(headexpr);
1517	_free_yy_expression(tailexpr);
1518	if(head_role)
1519	abac_role_free(head_role);
1520	if(tail_role)
1521	abac_role_free(tail_role);
1522	return NULL;
1523	}
1524
1525
1526	/************************************************************************/
1527	void abac_yy_init()
1528	{
1529	abac_yyinit();
1530	abac_yy_init_rule_id_clauses();
1531	abac_yy_init_yy_id_certs();
1532	abac_yy_init_yy_constraints();
1533	}
1534
1535

Note: See TracBrowser for help on using the repository browser.

Download in other formats: