Context Navigation

source: libabac/abac_pl_yy.c @ f0eb81d

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since f0eb81d was d5bbd3e, checked in by Mei <mei@…>, 12 years ago

1) add alumni2_rt1_typed

(target static range constraint)

2) add another rule for fruits example
3) add target static range constraint handling for string & urn

Property mode set to 100644

File size: 39.9 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	extern void panic(char*);
14
15	/* from abac_pl_gen.c */
16	extern char generate_pl_range_constraint(char ,char ,char ,char *);
17	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
18	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
19	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
20	extern char* generate_pl_role_constraint_clause(abac_role_t , char );
21	extern char generate_pl_type_clause(char , int);
22	/* from rt2.y */
23	extern void abac_yyinit();
24
25	int abac_yy_error_code = 0; /* keeping last error code */
26
27	int abac_rule_is_oset=0;
28	abac_list_t *abac_rule_clauses=NULL;
29	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
30	abac_role_t *abac_rule_head_role=NULL;
31	abac_role_t *abac_rule_tail_role=NULL;
32	abac_oset_t *abac_rule_head_oset=NULL;
33	abac_oset_t *abac_rule_tail_oset=NULL;
34
35	/* to track id certs within a rule clause */
36	typedef struct _abac_yy_id_cert_t {
37	char *principalname;
38	int type; /* keyidtype */
39	char *clause;
40	} abac_yy_id_cert_t;
41	abac_list_t *abac_yy_id_certs = NULL;
42
43	/* structure to hold the range information
44	within a static constraints on few types of
45	oset types
46	[a..b], [a..], [..b], [a],[a,b],[many a]
47	e_yy_RANGE_MIN=1;
48	e_yy_RANGE_MAX=2;
49	e_yy_RANGE_TARGET=3;
50	*/
51	typedef struct _abac_yy_range_t {
52	int type;
53	char *val;
54	} abac_yy_range_t;
55
56	/* to track role/oset constraint clauses used within a rule clause,
57	collect them up in one place, these are for conjunction clauses */
58	typedef struct _abac_yy_constraint_t {
59	char *clause;
60	} abac_yy_constraint_t;
61	abac_list_t *abac_yy_constraints = NULL;
62
63	/* local principal structure [keyid:USC] */
64	struct _abac_yy_principal_t {
65	int type;
66	char *sha; // sha is null when this is of object type
67	char *cn;
68	};
69
70	/* [principal:?Z]:..., must match a principal name */
71	struct _abac_yy_term_principal_t {
72	int type; /* this needs to be implicitly determined */
73	char *name;
74	char *cond_str;
75	void *cond_ptr; // ptr to a saved abac_role_t
76	abac_yy_expression_t *cond_head_expr;
77	};
78
79	/* integer,float,time,urn,string types,
80	if has condition, then it is a variable,
81	ie,
82	[int:?Year]:<1930..1932>,
83	if no condition, then it is a constant,
84	ie,
85	[int:10]
86	*/
87	struct _abac_yy_term_data_t {
88	int is_variable;
89	int type;
90	char *name;
91	char *cond_str;
92	void *cond_ptr; // ptr to a saved abac_oset_t
93	abac_list_t *cond_range;
94	abac_yy_expression_t *cond_head_expr; // parking stub
95	};
96
97	/* local term structure, will distinguish it in the future */
98	/* e_yy_DTERM_DATA, all other types
99	e_yy_DTERM_NAMED, keyid:bob
100	e_yy_DTERM_PRINCIPAL, principal:?P
101	e_yy_DTERM_ANONYMOUS ? */
102	struct _abac_yy_term_t {
103	union {
104	abac_yy_principal_t *n_ptr;
105	abac_yy_term_principal_t *p_ptr;
106	abac_yy_term_data_t *d_ptr;
107	} term;
108	int type;
109	struct _abac_yy_term_t *next;
110	int bcnt; /* this is to track number of terms in this linked up list */
111	};
112
113	/* local role structure */
114	struct _abac_yy_role_t {
115	int type;
116	char *name;
117	abac_yy_term_t *terms;
118	struct _abac_yy_role_t *next;
119	int bcnt; /* this is to track number of roles in this linked up list */
120	};
121
122	/* local oset structure */
123	struct _abac_yy_oset_t {
124	int type;
125	char *name;
126	abac_yy_term_t *terms;
127	struct _abac_yy_oset_t *next;
128	int bcnt; /* this is to track number of oset in this linked up list */
129	};
130
131	/* A, A.r, A.r.r */
132	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
133	/* A/obj, A.o, A.r.o */
134	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
135	struct _abac_yy_expression_t {
136	int type;
137	union {
138	abac_yy_principal_t *principal;
139	abac_yy_term_data_t *object;
140	};
141	abac_yy_role_t *linked_role;
142	union {
143	abac_yy_role_t *role;
144	abac_yy_oset_t *oset;
145	};
146	struct _abac_yy_expression_t *next;
147	int bcnt;
148	};
149
150	static void _free_yy_expression(abac_yy_expression_t *);
151
152	/************************************************************************/
153	void abac_yy_set_error_code(int v)
154	{
155	abac_yy_error_code=v;
156	}
157
158	/************************************************************************/
159	abac_stack_t *abac_yy_get_rule_id_clauses()
160	{
161	return abac_rule_id_clauses;
162	}
163
164	abac_stack_t *abac_yy_init_rule_id_clauses()
165	{
166	abac_rule_id_clauses=abac_stack_new();
167	return abac_rule_id_clauses;
168	}
169
170	void abac_yy_free_rule_id_clauses()
171	{
172	if (abac_rule_id_clauses != NULL)
173	abac_stack_free(abac_rule_id_clauses);
174	}
175
176	void abac_yy_set_rule_clauses(abac_list_t *clauses)
177	{
178	abac_rule_clauses=clauses;
179	if(debug) {
180	printf("printing out abac_rule_clauses:\n");
181	abac_print_clauses(abac_rule_clauses,NULL);
182	}
183	}
184
185	abac_list_t *abac_yy_get_rule_clauses()
186	{
187	return abac_rule_clauses;
188	}
189
190	void abac_yy_free_rule_clauses()
191	{
192	if (abac_rule_clauses != NULL) {
193	char *cur;
194	abac_list_foreach(abac_yy_id_certs, cur,
195	if(cur) free(cur);
196	);
197	abac_list_free(abac_rule_clauses);
198	}
199	}
200
201	int abac_yy_get_rule_is_oset()
202	{
203	return abac_rule_is_oset;
204	}
205
206	abac_role_t *abac_yy_get_rule_head_role()
207	{
208	return abac_rule_head_role;
209	}
210
211	abac_role_t *abac_yy_get_rule_tail_role()
212	{
213	return abac_rule_tail_role;
214	}
215
216	abac_oset_t *abac_yy_get_rule_head_oset()
217	{
218	return abac_rule_head_oset;
219	}
220
221	abac_oset_t *abac_yy_get_rule_tail_oset()
222	{
223	return abac_rule_tail_oset;
224	}
225
226
227	/************************************************************************/
228	void abac_yy_init_yy_id_certs()
229	{
230	abac_yy_id_certs = abac_list_new();
231	}
232
233	void abac_yy_free_yy_id_certs()
234	{
235	abac_yy_id_cert_t *id;
236	abac_list_foreach(abac_yy_id_certs, id,
237	if(id)
238	free(id->principalname);
239	free(id->clause);
240	free(id);
241	);
242	abac_list_free(abac_yy_id_certs);
243	abac_yy_id_certs = NULL;
244	}
245
246	int abac_yy_cnt_yy_id_certs()
247	{
248	return abac_list_size(abac_yy_id_certs);
249	}
250
251	char *abac_yy_string_yy_id_certs()
252	{
253	int first=1;
254	char *tmp=NULL;
255	abac_yy_id_cert_t *cur;
256	abac_list_foreach(abac_yy_id_certs, cur,
257	if(cur)
258	if(first) {
259	tmp=abac_xstrdup(cur->clause);
260	first=0;
261	} else {
262	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
263	}
264	);
265	return tmp;
266	}
267
268	static void _add_yy_id_certs(char *principalname, int type)
269	{
270	abac_yy_id_cert_t *id_cert=NULL;
271
272	int found=0;
273	abac_yy_id_cert_t *cur;
274	abac_list_foreach(abac_yy_id_certs, cur,
275	if(cur)
276	if(strcmp(cur->principalname,principalname)==0) {
277	found=1;
278	break;
279	}
280	);
281
282	if (found) {
283	return;
284	} else {
285	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
286	id_cert->principalname=abac_xstrdup(principalname);
287	id_cert->type=type;
288	id_cert->clause=generate_pl_type_clause(principalname,type);
289	abac_list_add(abac_yy_id_certs, id_cert);
290	}
291	}
292
293	/***********************************************************************/
294	static void _free_yy_cond_range(abac_list_t *ptr)
295	{
296	if (ptr != NULL) {
297	abac_yy_range_t *cur;
298	abac_list_foreach(ptr, cur,
299	if(cur && cur->val) free(cur->val);
300	free(cur);
301	);
302	abac_list_free(ptr);
303	}
304	}
305
306	static char _string_yy_cond_range(abac_list_t ptr)
307	{
308	assert(ptr);
309	char *tmp=NULL;
310	char *min=NULL;
311	char *max=NULL;
312	char *val=NULL;
313	int type;
314
315	abac_yy_range_t *cur;
316	abac_list_foreach(ptr, cur,
317	type=cur->type;
318	switch (type) {
319	case e_yy_RANGE_MIN:
320	min=strdup(cur->val);
321	break;
322	case e_yy_RANGE_MAX:
323	max=strdup(cur->val);
324	break;
325	case e_yy_RANGE_TARGET:
326	if(val)
327	asprintf(&val,"%s,%s",val,cur->val);
328	else val=strdup(cur->val);
329	break;
330	}
331	);
332	if(max && min) {
333	asprintf(&tmp,"[%s..%s]",min,max);
334	free(max);
335	free(min);
336	return tmp;
337	}
338	if(max) {
339	asprintf(&tmp,"[..%s]",max);
340	free(max);
341	return tmp;
342	}
343	if(min) {
344	asprintf(&tmp,"[%s..]",min);
345	free(min);
346	return tmp;
347	}
348	if(val) {
349	asprintf(&tmp,"[%s]",val);
350	free(val);
351	return tmp;
352	}
353	return NULL;
354	}
355
356	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
357	{
358	abac_yy_range_t *range=
359	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
360	range->type=e_yy_RANGE_TARGET;
361	range->val=strdup(val);
362	abac_list_add(ptr, range);
363	return ptr;
364	}
365
366	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
367	{
368	abac_yy_range_t *range=
369	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
370	range->type=type;
371	range->val=strdup(val);
372	abac_list_add(ptr, range);
373	return ptr;
374	}
375
376	abac_list_t make_yy_val_range(char val)
377	{
378	abac_list_t *ptr=abac_list_new();
379	add_yy_val_range(ptr,val);
380	return ptr;
381	}
382
383	abac_list_t make_yy_minmax_range(char min, char *max)
384	{
385	abac_list_t *ptr=abac_list_new();
386	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
387	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
388	return ptr;
389	}
390
391	abac_list_t make_yy_min_range(char min)
392	{
393	abac_list_t *ptr=abac_list_new();
394	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
395	return ptr;
396	}
397
398	abac_list_t make_yy_max_range(char max)
399	{
400	abac_list_t *ptr=abac_list_new();
401	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
402	return ptr;
403	}
404
405	/***********************************************************************/
406	abac_yy_term_data_t make_yy_term_data(char name)
407	{
408	abac_yy_term_data_t *ptr=
409	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
410	ptr->name=abac_xstrdup(name);
411	ptr->type=0;
412	ptr->is_variable=0;
413	ptr->cond_str=NULL;
414	ptr->cond_head_expr=NULL;
415	ptr->cond_ptr=NULL;
416	ptr->cond_range=NULL;
417	return ptr;
418	}
419
420	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
421	{
422	return ptr->cond_range;
423	}
424
425	char get_yy_term_data_name(abac_yy_term_data_t ptr)
426	{
427	return ptr->name;
428	}
429
430	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
431	{
432	if(ptr->cond_head_expr != NULL)
433	return 1;
434	if(ptr->cond_range != NULL)
435	return 1;
436	return 0;
437	}
438
439	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
440	abac_list_t *range)
441	{
442	ptr->cond_range=range;
443	}
444
445	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
446	abac_yy_expression_t *expr)
447	{
448	ptr->cond_head_expr=expr;
449	}
450
451	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
452	{
453	return ptr->cond_head_expr;
454	}
455
456	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
457	{
458	int type=abac_term_verify_term_type(typestr);
459	ptr->type=type;
460	}
461
462	int is_yy_term_data_type_numeric(abac_yy_term_data_t *ptr)
463	{
464	if(ptr->type==abac_term_verify_term_type("integer") \|\|
465	ptr->type==abac_term_verify_term_type("float"))
466	return 1;
467	return 0;
468	}
469
470	int is_yy_term_data_type_alpha(abac_yy_term_data_t *ptr)
471	{
472	if(ptr->type==abac_term_verify_term_type("string") \|\|
473	ptr->type==abac_term_verify_term_type("urn"))
474	return 1;
475	return 0;
476	}
477
478	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
479	{
480	ptr->cond_ptr=vptr;
481	}
482
483	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
484	{
485	ptr->cond_str=strdup(cond);
486	}
487
488	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
489	{
490	ptr->is_variable=1;
491	}
492
493	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
494	{
495	return ptr->is_variable;
496	}
497
498	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
499	{
500	free(ptr->name);
501	if(ptr->cond_str)
502	free(ptr->cond_str);
503	if(ptr->cond_head_expr)
504	_free_yy_expression(ptr->cond_head_expr);
505	if(ptr->cond_range);
506	_free_yy_cond_range(ptr->cond_range);
507	free(ptr);
508	}
509
510	abac_yy_term_principal_t make_yy_term_principal(char name)
511	{
512	abac_yy_term_principal_t *ptr=
513	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
514	ptr->type=0;/* this is not known */
515	ptr->name=abac_xstrdup(name);
516	ptr->cond_str=NULL;
517	ptr->cond_head_expr=NULL;
518	return ptr;
519	}
520
521	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
522	{
523	ptr->cond_ptr=vptr;
524	}
525
526	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
527	{
528	ptr->cond_str=abac_xstrdup(cond);
529	}
530
531	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
532	{
533	return ptr->cond_head_expr;
534	}
535
536	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
537	abac_yy_expression_t *expr)
538	{
539	ptr->cond_head_expr=expr;
540	}
541
542	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
543	{
544	free(ptr->name);
545	if(ptr->cond_str)
546	free(ptr->cond_str);
547	if(ptr->cond_head_expr)
548	_free_yy_expression(ptr->cond_head_expr);
549	free(ptr);
550	}
551
552	abac_yy_term_t *make_yy_term_dterm_anonymous()
553	{
554	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
555	ptr->type = e_yy_DTERM_ANONYMOUS;
556	ptr->next=NULL;
557	ptr->bcnt=1;
558	return ptr;
559	}
560
561	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
562	{
563	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
564	ptr->type = e_yy_DTERM_PRINCIPAL;
565	ptr->term.p_ptr=pptr;
566	ptr->next=NULL;
567	ptr->bcnt=1;
568	return ptr;
569	}
570
571	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
572	{
573	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
574	ptr->type = e_yy_DTERM_NAMED;
575	ptr->term.n_ptr=nptr;
576	ptr->next=NULL;
577	ptr->bcnt=1;
578	return ptr;
579	}
580
581	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
582	{
583	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
584	ptr->type = e_yy_DTERM_DATA;
585	ptr->term.d_ptr=dptr;
586	ptr->next=NULL;
587	ptr->bcnt=1;
588	return ptr;
589	}
590
591	/************************************************************************/
592	void abac_yy_init_yy_constraints()
593	{
594	abac_yy_constraints = abac_list_new();
595	}
596
597	void abac_yy_free_yy_constraints()
598	{
599	abac_yy_constraint_t *cur;
600	abac_list_foreach(abac_yy_constraints, cur,
601	if(cur && cur->clause)
602	free(cur->clause);
603	free(cur);
604	);
605	abac_list_free(abac_yy_constraints);
606	abac_yy_constraints=NULL;
607	}
608
609	int abac_yy_cnt_yy_constraints()
610	{
611	return abac_list_size(abac_yy_constraints);
612	}
613
614	char *abac_yy_string_yy_constraints()
615	{
616	int first=1;
617	char *tmp=NULL;
618	abac_yy_constraint_t *cur;
619	abac_list_foreach(abac_yy_constraints, cur,
620	if(cur && cur->clause)
621	if(first) {
622	tmp=abac_xstrdup(cur->clause);
623	first=0;
624	} else {
625	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
626	}
627	);
628	return tmp;
629	}
630
631	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
632	{
633	abac_yy_constraint_t *ptr=
634	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
635	ptr->clause=strdup(constraint);
636	abac_list_add(abac_yy_constraints, ptr);
637	return ptr;
638	}
639
640	/****************************************************************************/
641	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
642	{
643	abac_yy_principal_t *ptr=
644	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
645	ptr->sha=abac_xstrdup(sha);
646	ptr->cn=abac_xstrdup(cn);
647	ptr->type=type;
648	return ptr;
649	}
650
651	static void _free_yy_principal(abac_yy_principal_t *ptr)
652	{
653	free(ptr->sha);
654	if(ptr->cn)
655	free(ptr->cn);
656	free(ptr);
657	}
658
659	int get_yy_principal_type(abac_yy_principal_t *ptr)
660	{
661	return ptr->type;
662	}
663
664	char get_yy_principal_principalname(abac_yy_principal_t ptr)
665	{
666	if(ptr->sha == NULL)
667	return ptr->cn;
668	return ptr->sha;
669	}
670
671	/*************************************************************************/
672
673	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
674	{
675	int i=terms->bcnt;
676	nterm->next=terms;
677	nterm->bcnt=i+1;
678	return nterm;
679	}
680
681	static void _free_yy_term(abac_yy_term_t *ptr)
682	{
683	switch (ptr->type) {
684	case e_yy_DTERM_DATA:
685	_free_yy_term_data(ptr->term.d_ptr);
686	break;
687	case e_yy_DTERM_NAMED:
688	_free_yy_principal(ptr->term.n_ptr);
689	break;
690	case e_yy_DTERM_PRINCIPAL:
691	_free_yy_term_principal(ptr->term.p_ptr);
692	break;
693	case e_yy_DTERM_ANONYMOUS:
694	break;
695	}
696	if(ptr->next)
697	_free_yy_term(ptr->next);
698	free(ptr);
699	}
700
701	/*************************************************************************/
702
703	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
704	{
705	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
706	ptr->name=abac_xstrdup(name);
707	ptr->terms=terms;
708	ptr->next=NULL;
709	ptr->bcnt=1;
710	return ptr;
711	}
712
713	static void _free_yy_role(abac_yy_role_t *ptr)
714	{
715	free(ptr->name);
716	if(ptr->terms)
717	_free_yy_term(ptr->terms);
718	if(ptr->next)
719	_free_yy_role(ptr->next);
720	free(ptr);
721	}
722
723	/***************************************************************************/
724	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
725	{
726	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
727	ptr->name=abac_xstrdup(name);
728	ptr->terms=terms;
729	ptr->next=NULL;
730	ptr->bcnt=1;
731	return ptr;
732	}
733
734	static void _free_yy_oset(abac_yy_oset_t *ptr)
735	{
736	free(ptr->name);
737	if(ptr->terms)
738	_free_yy_term(ptr->terms);
739	if(ptr->next)
740	_free_yy_oset(ptr->next);
741	free(ptr);
742	}
743	/***************************************************************************/
744
745	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
746
747	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
748	{
749	abac_yy_expression_t *ptr=
750	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
751	ptr->type = type;
752	if(type == e_yy_EXPR_OBJECT) {
753	ptr->object=(abac_yy_term_data_t *)pptr;
754	} else {
755	ptr->principal = (abac_yy_principal_t *)pptr;
756	}
757	if(type == e_yy_EXPR_OSET)
758	ptr->oset = (abac_yy_oset_t *) optr;
759	else
760	ptr->role = (abac_yy_role_t *) optr;
761	ptr->linked_role=linked_role;
762	ptr->next=NULL;
763
764	return ptr;
765	}
766
767	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
768	{
769	if(ptr->type == e_yy_EXPR_OBJECT)
770	return ptr->object;
771	return NULL;
772	}
773
774	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
775	abac_yy_expression_t *exprs)
776	{
777	int i=exprs->bcnt;
778	nexpr->next=exprs;
779	nexpr->bcnt=i+1;
780	return nexpr;
781	}
782
783	static void _free_yy_expression(abac_yy_expression_t *ptr)
784	{
785	if(ptr->type == e_yy_EXPR_OBJECT) {
786	if(ptr->object)
787	_free_yy_term_data(ptr->object);
788	} else {
789	if(ptr->principal)
790	_free_yy_principal(ptr->principal);
791	}
792	if(ptr->type == e_yy_EXPR_OSET) {
793	if(ptr->oset)
794	_free_yy_oset(ptr->oset);
795	} else {
796	if(ptr->role)
797	_free_yy_role(ptr->role);
798	}
799	if(ptr->linked_role)
800	_free_yy_role(ptr->linked_role);
801	if(ptr->next)
802	_free_yy_expression(ptr->next);
803
804	free(ptr);
805	}
806
807	/***************************************************************************/
808	static void _oset_add_terms(int linked, abac_oset_t *oset,
809	abac_yy_term_t *terms)
810	{
811	abac_yy_term_t *curr = terms;
812	int type;
813	char *name=NULL;
814	char *cond=NULL;
815	void *ptr=NULL;
816	while (curr) {
817	switch (curr->type) {
818	case e_yy_DTERM_DATA:
819	{
820	abac_yy_term_data_t *ptr=curr->term.d_ptr;
821	type=ptr->type;
822	name=abac_xstrdup(ptr->name);
823	cond=abac_xstrdup(ptr->cond_str);
824	ptr=ptr->cond_ptr;
825	break;
826	}
827	case e_yy_DTERM_PRINCIPAL:
828	{
829	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
830	type=abac_term_verify_term_type("principal");
831	name=abac_xstrdup(ptr->name);
832	cond=abac_xstrdup(ptr->cond_str);
833	ptr=ptr->cond_ptr;
834	break;
835	}
836	case e_yy_DTERM_NAMED:
837	{
838	abac_yy_principal_t *ptr=curr->term.n_ptr;
839	type=ptr->type;
840	/* XXX should be switching to sha in the future */
841	name=abac_xstrdup(ptr->cn);
842	cond=NULL;
843	ptr=NULL;
844	break;
845	}
846	case e_yy_DTERM_ANONYMOUS:
847	{
848	type=0;
849	name=abac_xstrdup("_");
850	cond=NULL;
851	ptr=NULL;
852	break;
853	}
854	}
855
856	abac_term_t *param=abac_term_new(type,name,cond,ptr);
857	if (linked)
858	abac_oset_oset_add_linked_param(oset, param);
859	else
860	abac_oset_oset_add_param(oset, param);
861	curr=curr->next;
862	}
863	}
864
865	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
866	{
867	int linked=1;
868	_oset_add_terms(linked, oset, terms);
869	}
870
871	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
872	{
873	int linked=0;
874	_oset_add_terms(linked, oset, terms);
875	}
876
877
878	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
879	{
880	abac_oset_t *ret_oset=NULL;
881	abac_list_t *prereqs = abac_list_new();
882	abac_list_add(prereqs, oset);
883	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
884	return ret_oset;
885	}
886
887	/* A.oset */
888	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
889	{
890	abac_yy_principal_t *principal=expr->principal;
891	abac_yy_oset_t *oset=expr->oset;
892
893	char *principalname=get_yy_principal_principalname(principal);
894	char *osetname=oset->name;
895	abac_yy_term_t *terms=oset->terms;
896
897	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
898	if (ret_oset==NULL) {
899	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
900	goto error;
901	}
902	if (!abac_oset_is_oset(ret_oset)) {
903	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
904	goto error;
905	}
906	// insert the params for the oset
907	if(terms) {
908	_oset_add_oset_terms(ret_oset, terms);
909	}
910	_add_yy_id_certs(principal->cn,principal->type);
911
912	return ret_oset;
913
914	error:
915	return NULL;
916	}
917
918	/* B */
919	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
920	{
921	abac_yy_principal_t *principal=expr->principal;
922	char *principalname=principal->sha;
923	abac_oset_t *ret_oset=NULL;
924
925	ret_oset = abac_oset_principal_new(principalname);
926
927	_add_yy_id_certs(principal->cn,principal->type);
928
929	if (ret_oset==NULL)
930	goto error;
931	return ret_oset;
932
933	error:
934	panic("can not generate a simple named tail oset");
935	return NULL;
936	}
937
938
939	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
940	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
941	{
942	abac_yy_term_data_t *object=get_yy_expression_object(expr);
943	assert(object != NULL);
944
945	char *name=object->name;
946	int type=object->type;
947	char *cond=object->cond_str;
948	void *ptr=object->cond_ptr;
949	abac_term_t *term=abac_term_new(type,name,cond,ptr);
950	abac_oset_t *ret_oset=abac_oset_object_new(term);
951
952	if(get_yy_term_data_is_variable(object))
953	_add_yy_id_certs(name,type);
954
955	if (ret_oset==NULL)
956	goto error;
957	return ret_oset;
958
959	error:
960	panic("can not generate a simple object tail oset");
961	return NULL;
962	}
963
964
965	/* B.oset */
966	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
967	{
968	abac_yy_principal_t *principal=expr->principal;
969	abac_yy_oset_t *oset=expr->oset;
970
971	char *principalname=principal->sha;
972
973	char *osetname=oset->name;
974	abac_yy_term_t *terms=oset->terms;
975
976	int ret;
977	abac_oset_t *ret_oset=NULL;
978
979	ret_oset = abac_oset_oset_new(principalname, osetname);
980	if (ret_oset==NULL)
981	goto error;
982
983	if(terms) {
984	_oset_add_oset_terms(ret_oset, terms);
985	}
986
987	_add_yy_id_certs(principal->cn,principal->type);
988
989	return ret_oset;
990
991	error:
992	panic("can not generate a simple tail oset");
993	return NULL;
994	}
995
996	/* B.role.oset */
997	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
998	{
999	abac_yy_principal_t *principal=expr->principal;
1000	abac_yy_oset_t *oset=expr->oset;
1001	abac_yy_role_t *linked_role=expr->linked_role;
1002
1003	char *principalname=principal->sha;
1004
1005	char *osetname=oset->name;
1006	abac_yy_term_t *terms=oset->terms;
1007
1008	char *linkedrolename=linked_role->name;
1009	abac_yy_term_t *linked_terms=linked_role->terms;
1010
1011	int ret;
1012	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
1013	linkedrolename, osetname);
1014	if (ret_oset==NULL)
1015	goto error;
1016
1017	if(linked_terms) {
1018	_oset_add_linked_terms(ret_oset, linked_terms);
1019	}
1020	if(terms) {
1021	_oset_add_oset_terms(ret_oset, terms);
1022	}
1023
1024	_add_yy_id_certs(principal->cn,principal->type);
1025
1026	return ret_oset;
1027
1028	error:
1029	panic("can not generate linked tail oset");
1030	return NULL;
1031	}
1032
1033
1034
1035	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
1036	abac_yy_expression_t *tailexpr)
1037	{
1038	abac_oset_t *head_oset=NULL;
1039	abac_oset_t *tail_oset=NULL;
1040
1041	/* build up left side's abac oset structure */
1042	head_oset=validate_head_oset(headexpr);
1043	if(head_oset == NULL)
1044	goto error;
1045
1046	/* build up the right side's abac oset structure */
1047	abac_yy_expression_t *curr_tail = tailexpr;
1048	int intersecting=(tailexpr->next != NULL)? 1:0;
1049	abac_oset_t *curr_oset = NULL;
1050	while (curr_tail) {
1051	switch(curr_tail->type) {
1052	case e_yy_EXPR_OBJECT:
1053	curr_oset=validate_object_tail_oset(curr_tail);
1054	break;
1055	case e_yy_EXPR_NAMED:
1056	curr_oset=validate_named_tail_oset(curr_tail);
1057	break;
1058	case e_yy_EXPR_OSET:
1059	curr_oset=validate_oset_tail_oset(curr_tail);
1060	break;
1061	case e_yy_EXPR_LINKED:
1062	curr_oset=validate_linked_tail_oset(curr_tail);
1063	break;
1064	}
1065	if(curr_oset==NULL)
1066	goto error;
1067
1068	/* check if first one */
1069	if(tail_oset==NULL) {
1070	if(intersecting)
1071	tail_oset=validate_intersected_tail_oset(curr_oset);
1072	else
1073	tail_oset=curr_oset;
1074	} else {
1075	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
1076	}
1077	curr_tail=curr_tail->next;
1078	} /* while */
1079
1080	/* XXX collect up type clauses, constraint clauses and
1081	generate rule clauses */
1082	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
1083	if(tmp == NULL)
1084	goto error;
1085
1086	if(debug) {
1087	abac_print_oset_string_with_condition(head_oset,NULL);
1088	abac_print_oset_string_with_condition(tail_oset,NULL);
1089	}
1090
1091	_free_yy_expression(headexpr);
1092	_free_yy_expression(tailexpr);
1093	abac_rule_head_oset=head_oset;
1094	abac_rule_tail_oset=tail_oset;
1095	abac_rule_is_oset=1;
1096	return tmp;
1097
1098	error:
1099	_free_yy_expression(headexpr);
1100	_free_yy_expression(tailexpr);
1101	if(head_oset)
1102	abac_oset_free(head_oset);
1103	if(tail_oset)
1104	abac_oset_free(tail_oset);
1105	return NULL;
1106	}
1107
1108	/****************************************************************/
1109	static void _role_add_terms(int linked, abac_role_t *role,
1110	abac_yy_term_t *terms)
1111	{
1112	abac_yy_term_t *curr = terms;
1113	int type;
1114	char *name=NULL;
1115	char *cond=NULL;
1116	void *ptr=NULL;
1117	while (curr) {
1118	switch (curr->type) {
1119	case e_yy_DTERM_DATA:
1120	{
1121	abac_yy_term_data_t *pptr=curr->term.d_ptr;
1122	type=pptr->type;
1123	name=abac_xstrdup(pptr->name);
1124	cond=abac_xstrdup(pptr->cond_str);
1125	ptr=pptr->cond_ptr;
1126	break;
1127	}
1128	case e_yy_DTERM_PRINCIPAL:
1129	{
1130	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
1131	type=abac_term_verify_term_type("principal");
1132	name=abac_xstrdup(pptr->name);
1133	cond=abac_xstrdup(pptr->cond_str);
1134	ptr=pptr->cond_ptr;
1135	break;
1136	}
1137	case e_yy_DTERM_NAMED:
1138	{
1139	abac_yy_principal_t *pptr=curr->term.n_ptr;
1140	type=pptr->type;
1141	/* XXX should be switching to sha in the future */
1142	name=abac_xstrdup(pptr->cn);
1143	cond=NULL;
1144	ptr=NULL;
1145	break;
1146	}
1147	case e_yy_DTERM_ANONYMOUS:
1148	{
1149	type=0;
1150	name=abac_xstrdup("_");
1151	cond=NULL;
1152	ptr=NULL;
1153	break;
1154	}
1155	}
1156
1157	abac_term_t *param=abac_term_new(type,name,cond,ptr);
1158	if (linked)
1159	abac_role_role_add_linked_param(role, param);
1160	else
1161	abac_role_role_add_param(role, param);
1162	curr=curr->next;
1163	}
1164	}
1165
1166	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
1167	{
1168	int linked=1;
1169	_role_add_terms(linked, role, terms);
1170	}
1171
1172	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
1173	{
1174	int linked=0;
1175	_role_add_terms(linked, role, terms);
1176	}
1177
1178
1179	abac_role_t validate_intersected_tail_role(abac_role_t role)
1180	{
1181	abac_role_t *ret_role=NULL;
1182	abac_list_t *prereqs = abac_list_new();
1183	abac_list_add(prereqs, role);
1184	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
1185	return ret_role;
1186	}
1187
1188	abac_role_t validate_head_role(abac_yy_expression_t expr)
1189	{
1190	abac_yy_principal_t *principal=expr->principal;
1191	abac_yy_role_t *role=expr->role;
1192
1193	char *principalname=get_yy_principal_principalname(principal);
1194	char *rolename=role->name;
1195	abac_yy_term_t *terms=role->terms;
1196	abac_role_t *ret_role=NULL;
1197
1198	ret_role=abac_role_role_new(principalname, rolename);
1199	if (ret_role==NULL) {
1200	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
1201	goto error;
1202	}
1203	if (!abac_role_is_role(ret_role)) {
1204	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
1205	goto error;
1206	}
1207	// insert the params for the role
1208	if(terms) {
1209	_role_add_role_terms(ret_role, terms);
1210	}
1211
1212	_add_yy_id_certs(principal->cn,principal->type);
1213
1214	return ret_role;
1215
1216	error:
1217	return NULL;
1218	}
1219
1220	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
1221	{
1222	abac_yy_principal_t *principal=expr->principal;
1223	char *principalname=get_yy_principal_principalname(principal);
1224	abac_role_t *ret_role=NULL;
1225
1226	ret_role = abac_role_principal_new(principalname);
1227	_add_yy_id_certs(principal->cn,principal->type);
1228
1229	if (ret_role==NULL)
1230	goto error;
1231	return ret_role;
1232
1233	error:
1234	panic("can not generate a simple named tail role");
1235	return NULL;
1236	}
1237
1238	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
1239	{
1240	abac_yy_principal_t *principal=expr->principal;
1241	abac_yy_role_t *role=expr->role;
1242
1243	char *principalname=get_yy_principal_principalname(principal);
1244
1245	char *rolename=role->name;
1246	abac_yy_term_t *terms=role->terms;
1247
1248	int ret;
1249	abac_role_t *ret_role=NULL;
1250
1251	ret_role = abac_role_role_new(principalname, rolename);
1252	if (ret_role==NULL)
1253	goto error;
1254
1255	if(terms) {
1256	_role_add_role_terms(ret_role, terms);
1257	}
1258
1259	_add_yy_id_certs(principal->cn,principal->type);
1260
1261	return ret_role;
1262
1263	error:
1264	panic("can not generate a simple tail role");
1265	return NULL;
1266	}
1267	/* need to validate/generate a linked role out of this */
1268	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
1269	{
1270	abac_yy_principal_t *principal=expr->principal;
1271	abac_yy_role_t *role=expr->role;
1272	abac_yy_role_t *linked_role=expr->linked_role;
1273
1274	char *principalname=get_yy_principal_principalname(principal);
1275
1276	char *rolename=role->name;
1277	abac_yy_term_t *terms=role->terms;
1278
1279	char *linkedrolename=linked_role->name;
1280	abac_yy_term_t *linked_terms=linked_role->terms;
1281
1282	int ret;
1283	abac_role_t *ret_role=NULL;
1284
1285	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
1286	if (ret_role==NULL)
1287	goto error;
1288
1289	if(linked_terms) {
1290	_role_add_linked_terms(ret_role, linked_terms);
1291	}
1292	if(terms) {
1293	_role_add_role_terms(ret_role, terms);
1294	}
1295
1296	_add_yy_id_certs(principal->cn,principal->type);
1297
1298	return ret_role;
1299
1300	error:
1301	panic("can not generate linked tail role");
1302	return NULL;
1303	}
1304
1305	/***********************************************************************/
1306	/* add the condition to constraint list */
1307	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
1308	{
1309	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
1310	if(head_expr) {
1311	abac_oset_t *head_oset=validate_head_oset(head_expr);
1312	if(head_oset == NULL)
1313	goto error;
1314
1315	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
1316	set_yy_term_data_cond_str(ptr,tmp);
1317	set_yy_term_data_cond_ptr(ptr,head_oset);
1318	abac_yy_add_yy_constraints(tmp);
1319	return tmp;
1320	}
1321	return NULL;
1322	error:
1323	return NULL;
1324	}
1325
1326	/****************************************************************/
1327	/* add the range condition to constraint list */
1328	/* this is for integer and float only */
1329	void make_yy_range_numeric_constraint(abac_yy_term_data_t ptr, char var)
1330	{
1331	char *typestr=abac_term_type(ptr->type);
1332	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1333	char *tmplist=NULL;
1334	char *tmp=NULL;
1335	int as_range=1; /* either , or ; */
1336	if(rlist) {
1337	char *rstring=_string_yy_cond_range(rlist);
1338	set_yy_term_data_cond_str(ptr,rstring);
1339	abac_yy_range_t *cur;
1340
1341	/* a list of values -- in chars */
1342	abac_list_foreach(rlist, cur,
1343	int type=cur->type;
1344	char *val=cur->val;
1345	switch(type) {
1346	case e_yy_RANGE_MIN:
1347	tmp=generate_pl_range_constraint(typestr,var,val,">");
1348	break;
1349	case e_yy_RANGE_MAX:
1350	tmp=generate_pl_range_constraint(typestr,var,val,"<");
1351	break;
1352	case e_yy_RANGE_TARGET:
1353	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1354	as_range=0;
1355	break;
1356	}
1357	/* ; is prolog's disjunction built in predicate */
1358	if(tmplist) {
1359	if(as_range)
1360	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1361	else
1362	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1363	} else {
1364	tmplist=tmp;
1365	}
1366	tmp=NULL;
1367	);
1368	asprintf(&tmplist,"(%s)",tmplist);
1369	abac_yy_add_yy_constraints(tmplist);
1370	}
1371	}
1372
1373	/****************************************************************/
1374	/* this is for string and urn only */
1375	void make_yy_range_string_constraint(abac_yy_term_data_t ptr, char var)
1376	{
1377	char *typestr=abac_term_type(ptr->type);
1378	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1379	char *tmplist=NULL;
1380	char *tmp=NULL;
1381	if(rlist) {
1382	char *rstring=_string_yy_cond_range(rlist);
1383	set_yy_term_data_cond_str(ptr,rstring);
1384	abac_yy_range_t *cur;
1385
1386	/* a list of values -- in chars */
1387	abac_list_foreach(rlist, cur,
1388	int type=cur->type;
1389	char *val=cur->val;
1390	switch(type) {
1391	case e_yy_RANGE_MIN:
1392	panic("make_yy_range_string_constraint, invalid range type - min");
1393	break;
1394	case e_yy_RANGE_MAX:
1395	/* invalid range type */
1396	panic("make_yy_range_string_constraint, invalid range type - max");
1397	break;
1398	case e_yy_RANGE_TARGET:
1399	tmp=generate_pl_range_constraint(NULL,var,val,"=");
1400	break;
1401	}
1402	/* ; is prolog's disjunction built in predicate */
1403	if(tmplist)
1404	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1405	else tmplist=tmp;
1406	tmp=NULL;
1407	);
1408	asprintf(&tmplist,"(%s)",tmplist);
1409	/* generate a clause with above and add into db */
1410	tmp=abac_pl_add_string_range_constraint_clause(var,tmplist);
1411	abac_yy_add_yy_constraints(tmp);
1412	}
1413	}
1414
1415	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
1416	{
1417	if(is_yy_term_data_type_numeric(ptr)) {
1418	make_yy_range_numeric_constraint(ptr, var);
1419	} else if (is_yy_term_data_type_alpha(ptr)) {
1420	make_yy_range_string_constraint(ptr, var);
1421	}
1422	/*
1423	} else if (is_yy_term_data_type_time(ptr)) {
1424	make_yy_range_time_constraint(ptr, var);
1425	}
1426	*/
1427	}
1428
1429	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
1430	{
1431	char *tmp=NULL;
1432	abac_role_t *head_role=NULL;
1433
1434	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
1435	/* build up left side's abac role constraint structure */
1436	head_role=validate_head_role(head_expr);
1437	if(head_role == NULL)
1438	goto error;
1439
1440	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
1441	set_yy_term_principal_cond_str(ptr,tmp);
1442	set_yy_term_principal_cond_ptr(ptr,head_role);
1443	abac_yy_add_yy_constraints(tmp);
1444	return tmp;
1445
1446	error:
1447	return NULL;
1448	}
1449
1450	/* build up the abac structure and also create the yap clause
1451	and insert it into db */
1452	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1453	abac_yy_expression_t *tailexpr)
1454	{
1455	abac_role_t *head_role=NULL;
1456	abac_role_t *tail_role=NULL;
1457
1458	/* build up left side's abac role structure */
1459	head_role=validate_head_role(headexpr);
1460	if(head_role == NULL)
1461	goto error;
1462
1463	/* build up the right side's abac role structure */
1464	abac_yy_expression_t *curr_tail = tailexpr;
1465	int intersecting=(tailexpr->next != NULL)? 1:0;
1466	abac_role_t *curr_role = NULL;
1467	while (curr_tail) {
1468	switch(curr_tail->type) {
1469	case e_yy_EXPR_NAMED:
1470	curr_role=validate_named_tail_role(curr_tail);
1471	break;
1472	case e_yy_EXPR_ROLE:
1473	curr_role=validate_role_tail_role(curr_tail);
1474	break;
1475	case e_yy_EXPR_LINKED:
1476	curr_role=validate_linked_tail_role(curr_tail);
1477	break;
1478	}
1479	if(curr_role==NULL)
1480	goto error;
1481
1482	/* check if first one */
1483	if(tail_role==NULL) {
1484	if(intersecting)
1485	tail_role=validate_intersected_tail_role(curr_role);
1486	else
1487	tail_role=curr_role;
1488	} else {
1489	abac_role_add_intersecting_role(tail_role,curr_role);
1490	}
1491	curr_tail=curr_tail->next;
1492	} /* while */
1493
1494	/* collect up type clauses, constraint clases and
1495	generate the final rule clauses */
1496	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
1497	if(tmp == NULL)
1498	goto error;
1499
1500	if(debug) {
1501	abac_print_role_string_with_condition(head_role,NULL);
1502	abac_print_role_string_with_condition(tail_role,NULL);
1503	}
1504
1505	_free_yy_expression(headexpr);
1506	_free_yy_expression(tailexpr);
1507	abac_rule_head_role=head_role;
1508	abac_rule_tail_role=tail_role;
1509	abac_rule_is_oset=0;
1510	return tmp;
1511
1512	error:
1513	_free_yy_expression(headexpr);
1514	_free_yy_expression(tailexpr);
1515	if(head_role)
1516	abac_role_free(head_role);
1517	if(tail_role)
1518	abac_role_free(tail_role);
1519	return NULL;
1520	}
1521
1522
1523	/************************************************************************/
1524	void abac_yy_init()
1525	{
1526	abac_yyinit();
1527	abac_yy_init_rule_id_clauses();
1528	abac_yy_init_yy_id_certs();
1529	abac_yy_init_yy_constraints();
1530	}
1531
1532

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac_pl_yy.c @ f0eb81d

Download in other formats: