Context Navigation

source: libabac/abac_pl_yy.c @ fb2f449

mei_rt2mei_rt2_fix_1meiyap-rt1rt2

Last change on this file since fb2f449 was 0d0c3a9, checked in by Mei <mei@…>, 12 years ago

1) adding missing extern forward declarations that is causing

freeBSD compiled prover to coredump

Property mode set to 100644

File size: 37.5 KB

Line
1
2	/* C declarations */
3	#include <stdio.h>
4	#include <string.h>
5	#include <stdlib.h>
6	#include <assert.h>
7
8	#include "abac_util.h"
9	#include "abac_pl_yy.h"
10
11	static int debug=0;
12
13	extern void panic(char*);
14
15	/* from abac_pl_gen.c */
16	extern char generate_pl_range_constraint_clause(char ,char ,char ,char *);
17	extern char generate_pl_oset_constraint_clause(abac_oset_t , char *);
18	extern abac_list_t generate_pl_role_clauses(abac_role_t , abac_role_t *);
19	extern abac_list_t generate_pl_oset_clauses(abac_oset_t , abac_oset_t *);
20	extern char* generate_pl_role_constraint_clause(abac_role_t , char );
21	extern char generate_pl_type_clause(char , int);
22	/* from rt2.y */
23	extern void abac_yyinit();
24
25	int abac_yy_error_code = 0; /* keeping last error code */
26
27	int abac_rule_is_oset=0;
28	abac_list_t *abac_rule_clauses=NULL;
29	abac_stack_t abac_rule_id_clauses=NULL; / tracking individual id credentials */
30	abac_role_t *abac_rule_head_role=NULL;
31	abac_role_t *abac_rule_tail_role=NULL;
32	abac_oset_t *abac_rule_head_oset=NULL;
33	abac_oset_t *abac_rule_tail_oset=NULL;
34
35	/* to track id certs within a rule clause */
36	typedef struct _abac_yy_id_cert_t {
37	char *principalname;
38	int type; /* keyidtype */
39	char *clause;
40	} abac_yy_id_cert_t;
41	abac_list_t *abac_yy_id_certs = NULL;
42
43	/* structure to hold the range information
44	within a static constraints on few types of
45	oset types
46	[a..b], [a..], [..b], [a],[a,b],[many a]
47	e_yy_RANGE_MIN=1;
48	e_yy_RANGE_MAX=2;
49	e_yy_RANGE_TARGET=3;
50	*/
51	typedef struct _abac_yy_range_t {
52	int type;
53	char *val;
54	} abac_yy_range_t;
55
56	/* to track role/oset constraint clauses used within a rule clause,
57	collect them up in one place */
58	typedef struct _abac_yy_constraint_t {
59	char *clause;
60	} abac_yy_constraint_t;
61	abac_list_t *abac_yy_constraints = NULL;
62
63	/* local principal structure [keyid:USC] */
64	struct _abac_yy_principal_t {
65	int type;
66	char *sha; // sha is null when this is of object type
67	char *cn;
68	};
69
70	/* [principal:?Z]:..., must match a principal name */
71	struct _abac_yy_term_principal_t {
72	int type; /* this needs to be implicitly determined */
73	char *name;
74	char *cond_str;
75	void *cond_ptr; // ptr to a saved abac_role_t
76	abac_yy_expression_t *cond_head_expr;
77	};
78
79	/* integer,float,time,urn,string types,
80	if has condition, then it is a variable,
81	ie,
82	[int:?Year]:<1930..1932>,
83	if no condition, then it is a constant,
84	ie,
85	[int:10]
86	*/
87	struct _abac_yy_term_data_t {
88	int is_variable;
89	int type;
90	char *name;
91	char *cond_str;
92	void *cond_ptr; // ptr to a saved abac_oset_t
93	abac_list_t *cond_range;
94	abac_yy_expression_t *cond_head_expr; // parking stub
95	};
96
97	/* local term structure, will distinguish it in the future */
98	/* e_yy_DTERM_DATA, all other types
99	e_yy_DTERM_NAMED, keyid:bob
100	e_yy_DTERM_PRINCIPAL, principal:?P
101	e_yy_DTERM_ANONYMOUS ? */
102	struct _abac_yy_term_t {
103	union {
104	abac_yy_principal_t *n_ptr;
105	abac_yy_term_principal_t *p_ptr;
106	abac_yy_term_data_t *d_ptr;
107	} term;
108	int type;
109	struct _abac_yy_term_t *next;
110	int bcnt; /* this is to track number of terms in this linked up list */
111	};
112
113	/* local role structure */
114	struct _abac_yy_role_t {
115	int type;
116	char *name;
117	abac_yy_term_t *terms;
118	struct _abac_yy_role_t *next;
119	int bcnt; /* this is to track number of roles in this linked up list */
120	};
121
122	/* local oset structure */
123	struct _abac_yy_oset_t {
124	int type;
125	char *name;
126	abac_yy_term_t *terms;
127	struct _abac_yy_oset_t *next;
128	int bcnt; /* this is to track number of oset in this linked up list */
129	};
130
131	/* A, A.r, A.r.r */
132	/* type: e_yy_EXPR_NAMED,e_yy_EXPR_ROLE,e_yy_EXPR_LINKED */
133	/* A/obj, A.o, A.r.o */
134	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
135	struct _abac_yy_expression_t {
136	int type;
137	union {
138	abac_yy_principal_t *principal;
139	abac_yy_term_data_t *object;
140	};
141	abac_yy_role_t *linked_role;
142	union {
143	abac_yy_role_t *role;
144	abac_yy_oset_t *oset;
145	};
146	struct _abac_yy_expression_t *next;
147	int bcnt;
148	};
149
150	static void _free_yy_expression(abac_yy_expression_t *);
151
152	/************************************************************************/
153	void abac_yy_set_error_code(int v)
154	{
155	abac_yy_error_code=v;
156	}
157
158	/************************************************************************/
159	abac_stack_t *abac_yy_get_rule_id_clauses()
160	{
161	return abac_rule_id_clauses;
162	}
163
164	abac_stack_t *abac_yy_init_rule_id_clauses()
165	{
166	abac_rule_id_clauses=abac_stack_new();
167	return abac_rule_id_clauses;
168	}
169
170	void abac_yy_free_rule_id_clauses()
171	{
172	if (abac_rule_id_clauses != NULL)
173	abac_stack_free(abac_rule_id_clauses);
174	}
175
176	void abac_yy_set_rule_clauses(abac_list_t *clauses)
177	{
178	abac_rule_clauses=clauses;
179	if(debug) {
180	printf("printing out abac_rule_clauses:\n");
181	abac_print_clauses(abac_rule_clauses,NULL);
182	}
183	}
184
185	abac_list_t *abac_yy_get_rule_clauses()
186	{
187	return abac_rule_clauses;
188	}
189
190	void abac_yy_free_rule_clauses()
191	{
192	if (abac_rule_clauses != NULL) {
193	char *cur;
194	abac_list_foreach(abac_yy_id_certs, cur,
195	if(cur) free(cur);
196	);
197	abac_list_free(abac_rule_clauses);
198	}
199	}
200
201	int abac_yy_get_rule_is_oset()
202	{
203	return abac_rule_is_oset;
204	}
205
206	abac_role_t *abac_yy_get_rule_head_role()
207	{
208	return abac_rule_head_role;
209	}
210
211	abac_role_t *abac_yy_get_rule_tail_role()
212	{
213	return abac_rule_tail_role;
214	}
215
216	abac_oset_t *abac_yy_get_rule_head_oset()
217	{
218	return abac_rule_head_oset;
219	}
220
221	abac_oset_t *abac_yy_get_rule_tail_oset()
222	{
223	return abac_rule_tail_oset;
224	}
225
226
227	/************************************************************************/
228	void abac_yy_init_yy_id_certs()
229	{
230	abac_yy_id_certs = abac_list_new();
231	}
232
233	void abac_yy_free_yy_id_certs()
234	{
235	abac_yy_id_cert_t *id;
236	abac_list_foreach(abac_yy_id_certs, id,
237	if(id)
238	free(id->principalname);
239	free(id->clause);
240	free(id);
241	);
242	abac_list_free(abac_yy_id_certs);
243	abac_yy_id_certs = NULL;
244	}
245
246	int abac_yy_cnt_yy_id_certs()
247	{
248	return abac_list_size(abac_yy_id_certs);
249	}
250
251	char *abac_yy_string_yy_id_certs()
252	{
253	int first=1;
254	char *tmp=NULL;
255	abac_yy_id_cert_t *cur;
256	abac_list_foreach(abac_yy_id_certs, cur,
257	if(cur)
258	if(first) {
259	tmp=abac_xstrdup(cur->clause);
260	first=0;
261	} else {
262	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
263	}
264	);
265	return tmp;
266	}
267
268	static void _add_yy_id_certs(char *principalname, int type)
269	{
270	abac_yy_id_cert_t *id_cert=NULL;
271
272	int found=0;
273	abac_yy_id_cert_t *cur;
274	abac_list_foreach(abac_yy_id_certs, cur,
275	if(cur)
276	if(strcmp(cur->principalname,principalname)==0) {
277	found=1;
278	break;
279	}
280	);
281
282	if (found) {
283	return;
284	} else {
285	id_cert=abac_xmalloc(sizeof(abac_yy_id_cert_t));
286	id_cert->principalname=abac_xstrdup(principalname);
287	id_cert->type=type;
288	id_cert->clause=generate_pl_type_clause(principalname,type);
289	abac_list_add(abac_yy_id_certs, id_cert);
290	}
291	}
292
293	/***********************************************************************/
294	static void _free_yy_cond_range(abac_list_t *ptr)
295	{
296	if (ptr != NULL) {
297	abac_yy_range_t *cur;
298	abac_list_foreach(ptr, cur,
299	if(cur && cur->val) free(cur->val);
300	free(cur);
301	);
302	abac_list_free(ptr);
303	}
304	}
305
306	static char _string_yy_cond_range(abac_list_t ptr)
307	{
308	assert(ptr);
309	char *tmp=NULL;
310	char *min=NULL;
311	char *max=NULL;
312	char *val=NULL;
313	int type;
314
315	abac_yy_range_t *cur;
316	abac_list_foreach(ptr, cur,
317	type=cur->type;
318	val=cur->val;
319	switch (type) {
320	case e_yy_RANGE_MIN:
321	min=strdup(cur->val);
322	break;
323	case e_yy_RANGE_MAX:
324	max=strdup(cur->val);
325	break;
326	case e_yy_RANGE_TARGET:
327	if(val)
328	asprintf(&val,"%s,%s",val,cur->val);
329	else val=strdup(cur->val);
330	break;
331	}
332	);
333	if(max && min) {
334	asprintf(&tmp,"[%s..%s]",min,max);
335	free(max);
336	free(min);
337	return tmp;
338	}
339	if(max) {
340	asprintf(&tmp,"[..%s]",max);
341	free(max);
342	return tmp;
343	}
344	if(min) {
345	asprintf(&tmp,"[%s..]",min);
346	free(min);
347	return tmp;
348	}
349	if(val) {
350	asprintf(&tmp,"[%s]",val);
351	free(val);
352	return tmp;
353	}
354	return NULL;
355	}
356
357	abac_list_t add_yy_val_range(abac_list_t ptr, char * val)
358	{
359	abac_yy_range_t *range=
360	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
361	range->type=e_yy_RANGE_TARGET;
362	range->val=strdup(val);
363	abac_list_add(ptr, range);
364	return ptr;
365	}
366
367	static abac_list_t _add_yy_range(abac_list_t ptr, int type, char * val)
368	{
369	abac_yy_range_t *range=
370	(abac_yy_range_t *) abac_xmalloc(sizeof(abac_yy_range_t));
371	range->type=type;
372	range->val=strdup(val);
373	abac_list_add(ptr, range);
374	return ptr;
375	}
376
377	abac_list_t make_yy_val_range(char val)
378	{
379	abac_list_t *ptr=abac_list_new();
380	add_yy_val_range(ptr,val);
381	return ptr;
382	}
383
384	abac_list_t make_yy_minmax_range(char min, char *max)
385	{
386	abac_list_t *ptr=abac_list_new();
387	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
388	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
389	return ptr;
390	}
391
392	abac_list_t make_yy_min_range(char min)
393	{
394	abac_list_t *ptr=abac_list_new();
395	_add_yy_range(ptr, e_yy_RANGE_MIN, min);
396	return ptr;
397	}
398
399	abac_list_t make_yy_max_range(char max)
400	{
401	abac_list_t *ptr=abac_list_new();
402	_add_yy_range(ptr, e_yy_RANGE_MAX, max);
403	return ptr;
404	}
405
406	/***********************************************************************/
407	abac_yy_term_data_t make_yy_term_data(char name)
408	{
409	abac_yy_term_data_t *ptr=
410	(abac_yy_term_data_t*)abac_xmalloc(sizeof(abac_yy_term_data_t));
411	ptr->name=abac_xstrdup(name);
412	ptr->type=0;
413	ptr->is_variable=0;
414	ptr->cond_str=NULL;
415	ptr->cond_head_expr=NULL;
416	ptr->cond_ptr=NULL;
417	ptr->cond_range=NULL;
418	return ptr;
419	}
420
421	abac_list_t get_yy_term_data_cond_range(abac_yy_term_data_t ptr)
422	{
423	return ptr->cond_range;
424	}
425
426	char get_yy_term_data_name(abac_yy_term_data_t ptr)
427	{
428	return ptr->name;
429	}
430
431	int is_yy_term_data_has_constraint(abac_yy_term_data_t *ptr)
432	{
433	if(ptr->cond_head_expr != NULL)
434	return 1;
435	/* only select few */
436	if( ptr->cond_range != NULL && abac_term_is_integer_type(ptr->type))
437	return 1;
438	return 0;
439	}
440
441	void set_yy_term_data_cond_range(abac_yy_term_data_t *ptr,
442	abac_list_t *range)
443	{
444	ptr->cond_range=range;
445	}
446
447	void set_yy_term_data_cond_head_expr(abac_yy_term_data_t *ptr,
448	abac_yy_expression_t *expr)
449	{
450	ptr->cond_head_expr=expr;
451	}
452
453	abac_yy_expression_t get_yy_term_data_cond_head_expr(abac_yy_term_data_t ptr)
454	{
455	return ptr->cond_head_expr;
456	}
457
458	void set_yy_term_data_type(abac_yy_term_data_t ptr, char typestr)
459	{
460	int type=abac_term_verify_term_type(typestr);
461	ptr->type=type;
462	}
463
464	void set_yy_term_data_cond_ptr(abac_yy_term_data_t ptr, void vptr)
465	{
466	ptr->cond_ptr=vptr;
467	}
468
469	void set_yy_term_data_cond_str(abac_yy_term_data_t ptr, char cond)
470	{
471	ptr->cond_str=strdup(cond);
472	}
473
474	void set_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
475	{
476	ptr->is_variable=1;
477	}
478
479	int get_yy_term_data_is_variable(abac_yy_term_data_t *ptr)
480	{
481	return ptr->is_variable;
482	}
483
484	static void _free_yy_term_data(abac_yy_term_data_t *ptr)
485	{
486	free(ptr->name);
487	if(ptr->cond_str)
488	free(ptr->cond_str);
489	if(ptr->cond_head_expr)
490	_free_yy_expression(ptr->cond_head_expr);
491	if(ptr->cond_range);
492	_free_yy_cond_range(ptr->cond_range);
493	free(ptr);
494	}
495
496	abac_yy_term_principal_t make_yy_term_principal(char name)
497	{
498	abac_yy_term_principal_t *ptr=
499	(abac_yy_term_principal_t*)abac_xmalloc(sizeof(abac_yy_term_principal_t));
500	ptr->type=0;/* this is not known */
501	ptr->name=abac_xstrdup(name);
502	ptr->cond_str=NULL;
503	ptr->cond_head_expr=NULL;
504	return ptr;
505	}
506
507	void set_yy_term_principal_cond_ptr(abac_yy_term_principal_t ptr, void vptr)
508	{
509	ptr->cond_ptr=vptr;
510	}
511
512	void set_yy_term_principal_cond_str(abac_yy_term_principal_t ptr, char cond)
513	{
514	ptr->cond_str=abac_xstrdup(cond);
515	}
516
517	abac_yy_expression_t get_yy_term_principal_cond_head_expr(abac_yy_term_principal_t ptr)
518	{
519	return ptr->cond_head_expr;
520	}
521
522	void set_yy_term_principal_cond_head_expr(abac_yy_term_principal_t *ptr,
523	abac_yy_expression_t *expr)
524	{
525	ptr->cond_head_expr=expr;
526	}
527
528	static void _free_yy_term_principal(abac_yy_term_principal_t *ptr)
529	{
530	free(ptr->name);
531	if(ptr->cond_str)
532	free(ptr->cond_str);
533	if(ptr->cond_head_expr)
534	_free_yy_expression(ptr->cond_head_expr);
535	free(ptr);
536	}
537
538	abac_yy_term_t *make_yy_term_dterm_anonymous()
539	{
540	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
541	ptr->type = e_yy_DTERM_ANONYMOUS;
542	ptr->next=NULL;
543	ptr->bcnt=1;
544	return ptr;
545	}
546
547	abac_yy_term_t make_yy_term_dterm_principal(abac_yy_term_principal_t pptr)
548	{
549	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
550	ptr->type = e_yy_DTERM_PRINCIPAL;
551	ptr->term.p_ptr=pptr;
552	ptr->next=NULL;
553	ptr->bcnt=1;
554	return ptr;
555	}
556
557	abac_yy_term_t make_yy_term_dterm_named(abac_yy_principal_t nptr)
558	{
559	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
560	ptr->type = e_yy_DTERM_NAMED;
561	ptr->term.n_ptr=nptr;
562	ptr->next=NULL;
563	ptr->bcnt=1;
564	return ptr;
565	}
566
567	abac_yy_term_t make_yy_term_dterm_data(abac_yy_term_data_t dptr)
568	{
569	abac_yy_term_t ptr=(abac_yy_term_t)abac_xmalloc(sizeof(abac_yy_term_t));
570	ptr->type = e_yy_DTERM_DATA;
571	ptr->term.d_ptr=dptr;
572	ptr->next=NULL;
573	ptr->bcnt=1;
574	return ptr;
575	}
576
577	/************************************************************************/
578	void abac_yy_init_yy_constraints()
579	{
580	abac_yy_constraints = abac_list_new();
581	}
582
583	void abac_yy_free_yy_constraints()
584	{
585	abac_yy_constraint_t *cur;
586	abac_list_foreach(abac_yy_constraints, cur,
587	if(cur && cur->clause)
588	free(cur->clause);
589	free(cur);
590	);
591	abac_list_free(abac_yy_constraints);
592	abac_yy_constraints=NULL;
593	}
594
595	int abac_yy_cnt_yy_constraints()
596	{
597	return abac_list_size(abac_yy_constraints);
598	}
599
600	char *abac_yy_string_yy_constraints()
601	{
602	int first=1;
603	char *tmp=NULL;
604	abac_yy_constraint_t *cur;
605	abac_list_foreach(abac_yy_constraints, cur,
606	if(cur && cur->clause)
607	if(first) {
608	tmp=abac_xstrdup(cur->clause);
609	first=0;
610	} else {
611	int cnt=asprintf(&tmp,"%s,%s", tmp, cur->clause);
612	}
613	);
614	return tmp;
615	}
616
617	abac_yy_constraint_t abac_yy_add_yy_constraints(char constraint)
618	{
619	abac_yy_constraint_t *ptr=
620	(abac_yy_constraint_t *) abac_xmalloc(sizeof(abac_yy_constraint_t));
621	ptr->clause=strdup(constraint);
622	abac_list_add(abac_yy_constraints, ptr);
623	return ptr;
624	}
625
626	/****************************************************************************/
627	abac_yy_principal_t make_yy_principal(char sha, char *cn, int type)
628	{
629	abac_yy_principal_t *ptr=
630	(abac_yy_principal_t*)abac_xmalloc(sizeof(abac_yy_principal_t));
631	ptr->sha=abac_xstrdup(sha);
632	ptr->cn=abac_xstrdup(cn);
633	ptr->type=type;
634	return ptr;
635	}
636
637	static void _free_yy_principal(abac_yy_principal_t *ptr)
638	{
639	free(ptr->sha);
640	if(ptr->cn)
641	free(ptr->cn);
642	free(ptr);
643	}
644
645	int get_yy_principal_type(abac_yy_principal_t *ptr)
646	{
647	return ptr->type;
648	}
649
650	char get_yy_principal_principalname(abac_yy_principal_t ptr)
651	{
652	if(ptr->sha == NULL)
653	return ptr->cn;
654	return ptr->sha;
655	}
656
657	/*************************************************************************/
658
659	abac_yy_term_t add_yy_term(abac_yy_term_t nterm, abac_yy_term_t *terms)
660	{
661	int i=terms->bcnt;
662	nterm->next=terms;
663	nterm->bcnt=i+1;
664	return nterm;
665	}
666
667	static void _free_yy_term(abac_yy_term_t *ptr)
668	{
669	switch (ptr->type) {
670	case e_yy_DTERM_DATA:
671	_free_yy_term_data(ptr->term.d_ptr);
672	break;
673	case e_yy_DTERM_NAMED:
674	_free_yy_principal(ptr->term.n_ptr);
675	break;
676	case e_yy_DTERM_PRINCIPAL:
677	_free_yy_term_principal(ptr->term.p_ptr);
678	break;
679	case e_yy_DTERM_ANONYMOUS:
680	break;
681	}
682	if(ptr->next)
683	_free_yy_term(ptr->next);
684	free(ptr);
685	}
686
687	/*************************************************************************/
688
689	abac_yy_role_t make_yy_role(char name, abac_yy_term_t *terms)
690	{
691	abac_yy_role_t ptr=(abac_yy_role_t)abac_xmalloc(sizeof(abac_yy_role_t));
692	ptr->name=abac_xstrdup(name);
693	ptr->terms=terms;
694	ptr->next=NULL;
695	ptr->bcnt=1;
696	return ptr;
697	}
698
699	static void _free_yy_role(abac_yy_role_t *ptr)
700	{
701	free(ptr->name);
702	if(ptr->terms)
703	_free_yy_term(ptr->terms);
704	if(ptr->next)
705	_free_yy_role(ptr->next);
706	free(ptr);
707	}
708
709	/***************************************************************************/
710	abac_yy_oset_t make_yy_oset(char name, abac_yy_term_t *terms)
711	{
712	abac_yy_oset_t ptr=(abac_yy_oset_t)abac_xmalloc(sizeof(abac_yy_oset_t));
713	ptr->name=abac_xstrdup(name);
714	ptr->terms=terms;
715	ptr->next=NULL;
716	ptr->bcnt=1;
717	return ptr;
718	}
719
720	static void _free_yy_oset(abac_yy_oset_t *ptr)
721	{
722	free(ptr->name);
723	if(ptr->terms)
724	_free_yy_term(ptr->terms);
725	if(ptr->next)
726	_free_yy_oset(ptr->next);
727	free(ptr);
728	}
729	/***************************************************************************/
730
731	/* type: e_yy_EXPR_NAMED, e_yy_EXPR_OBJECT, e_yy_EXPR_OSET,e_yy_EXPR_LINKED */
732
733	abac_yy_expression_t make_yy_expression(int type,void pptr, void optr, abac_yy_role_t linked_role)
734	{
735	abac_yy_expression_t *ptr=
736	(abac_yy_expression_t*)abac_xmalloc(sizeof(abac_yy_expression_t));
737	ptr->type = type;
738	if(type == e_yy_EXPR_OBJECT) {
739	ptr->object=(abac_yy_term_data_t *)pptr;
740	} else {
741	ptr->principal = (abac_yy_principal_t *)pptr;
742	}
743	if(type == e_yy_EXPR_OSET)
744	ptr->oset = (abac_yy_oset_t *) optr;
745	else
746	ptr->role = (abac_yy_role_t *) optr;
747	ptr->linked_role=linked_role;
748	ptr->next=NULL;
749
750	return ptr;
751	}
752
753	abac_yy_term_data_t get_yy_expression_object(abac_yy_expression_t ptr)
754	{
755	if(ptr->type == e_yy_EXPR_OBJECT)
756	return ptr->object;
757	return NULL;
758	}
759
760	abac_yy_expression_t add_yy_expression(abac_yy_expression_t nexpr,
761	abac_yy_expression_t *exprs)
762	{
763	int i=exprs->bcnt;
764	nexpr->next=exprs;
765	nexpr->bcnt=i+1;
766	return nexpr;
767	}
768
769	static void _free_yy_expression(abac_yy_expression_t *ptr)
770	{
771	if(ptr->type == e_yy_EXPR_OBJECT) {
772	if(ptr->object)
773	_free_yy_term_data(ptr->object);
774	} else {
775	if(ptr->principal)
776	_free_yy_principal(ptr->principal);
777	}
778	if(ptr->type == e_yy_EXPR_OSET) {
779	if(ptr->oset)
780	_free_yy_oset(ptr->oset);
781	} else {
782	if(ptr->role)
783	_free_yy_role(ptr->role);
784	}
785	if(ptr->linked_role)
786	_free_yy_role(ptr->linked_role);
787	if(ptr->next)
788	_free_yy_expression(ptr->next);
789
790	free(ptr);
791	}
792
793	/***************************************************************************/
794	static void _oset_add_terms(int linked, abac_oset_t *oset,
795	abac_yy_term_t *terms)
796	{
797	abac_yy_term_t *curr = terms;
798	int type;
799	char *name=NULL;
800	char *cond=NULL;
801	void *ptr=NULL;
802	while (curr) {
803	switch (curr->type) {
804	case e_yy_DTERM_DATA:
805	{
806	abac_yy_term_data_t *ptr=curr->term.d_ptr;
807	type=ptr->type;
808	name=abac_xstrdup(ptr->name);
809	cond=abac_xstrdup(ptr->cond_str);
810	ptr=ptr->cond_ptr;
811	break;
812	}
813	case e_yy_DTERM_PRINCIPAL:
814	{
815	abac_yy_term_principal_t *ptr=curr->term.p_ptr;
816	type=abac_term_verify_term_type("principal");
817	name=abac_xstrdup(ptr->name);
818	cond=abac_xstrdup(ptr->cond_str);
819	ptr=ptr->cond_ptr;
820	break;
821	}
822	case e_yy_DTERM_NAMED:
823	{
824	abac_yy_principal_t *ptr=curr->term.n_ptr;
825	type=ptr->type;
826	/* XXX should be switching to sha in the future */
827	name=abac_xstrdup(ptr->cn);
828	cond=NULL;
829	ptr=NULL;
830	break;
831	}
832	case e_yy_DTERM_ANONYMOUS:
833	{
834	type=0;
835	name=abac_xstrdup("_");
836	cond=NULL;
837	ptr=NULL;
838	break;
839	}
840	}
841
842	abac_term_t *param=abac_term_new(type,name,cond,ptr);
843	if (linked)
844	abac_oset_oset_add_linked_param(oset, param);
845	else
846	abac_oset_oset_add_param(oset, param);
847	curr=curr->next;
848	}
849	}
850
851	static void _oset_add_linked_terms(abac_oset_t oset, abac_yy_term_t terms)
852	{
853	int linked=1;
854	_oset_add_terms(linked, oset, terms);
855	}
856
857	static void _oset_add_oset_terms(abac_oset_t oset, abac_yy_term_t terms)
858	{
859	int linked=0;
860	_oset_add_terms(linked, oset, terms);
861	}
862
863
864	abac_oset_t validate_intersected_tail_oset(abac_oset_t oset)
865	{
866	abac_oset_t *ret_oset=NULL;
867	abac_list_t *prereqs = abac_list_new();
868	abac_list_add(prereqs, oset);
869	ret_oset = abac_oset_intersection_new("intersectingOSET", prereqs);
870	return ret_oset;
871	}
872
873	/* A.oset */
874	abac_oset_t validate_head_oset(abac_yy_expression_t expr)
875	{
876	abac_yy_principal_t *principal=expr->principal;
877	abac_yy_oset_t *oset=expr->oset;
878
879	char *principalname=get_yy_principal_principalname(principal);
880	char *osetname=oset->name;
881	abac_yy_term_t *terms=oset->terms;
882
883	abac_oset_t *ret_oset=abac_oset_oset_new(principalname, osetname);
884	if (ret_oset==NULL) {
885	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
886	goto error;
887	}
888	if (!abac_oset_is_oset(ret_oset)) {
889	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
890	goto error;
891	}
892	// insert the params for the oset
893	if(terms) {
894	_oset_add_oset_terms(ret_oset, terms);
895	}
896	_add_yy_id_certs(principal->cn,principal->type);
897
898	return ret_oset;
899
900	error:
901	return NULL;
902	}
903
904	/* B */
905	abac_oset_t validate_named_tail_oset(abac_yy_expression_t expr)
906	{
907	abac_yy_principal_t *principal=expr->principal;
908	char *principalname=principal->sha;
909	abac_oset_t *ret_oset=NULL;
910
911	ret_oset = abac_oset_principal_new(principalname);
912
913	_add_yy_id_certs(principal->cn,principal->type);
914
915	if (ret_oset==NULL)
916	goto error;
917	return ret_oset;
918
919	error:
920	panic("can not generate a simple named tail oset");
921	return NULL;
922	}
923
924
925	/* [keyid:alpha].oset:documents([string:'proj1'])<-[urn:'file//fileA'] */
926	abac_oset_t validate_object_tail_oset(abac_yy_expression_t expr)
927	{
928	abac_yy_term_data_t *object=get_yy_expression_object(expr);
929	assert(object != NULL);
930
931	char *name=object->name;
932	int type=object->type;
933	char *cond=object->cond_str;
934	void *ptr=object->cond_ptr;
935	abac_term_t *term=abac_term_new(type,name,cond,ptr);
936	abac_oset_t *ret_oset=abac_oset_object_new(term);
937
938	if(get_yy_term_data_is_variable(object))
939	_add_yy_id_certs(name,type);
940
941	if (ret_oset==NULL)
942	goto error;
943	return ret_oset;
944
945	error:
946	panic("can not generate a simple object tail oset");
947	return NULL;
948	}
949
950
951	/* B.oset */
952	abac_oset_t validate_oset_tail_oset(abac_yy_expression_t expr)
953	{
954	abac_yy_principal_t *principal=expr->principal;
955	abac_yy_oset_t *oset=expr->oset;
956
957	char *principalname=principal->sha;
958
959	char *osetname=oset->name;
960	abac_yy_term_t *terms=oset->terms;
961
962	int ret;
963	abac_oset_t *ret_oset=NULL;
964
965	ret_oset = abac_oset_oset_new(principalname, osetname);
966	if (ret_oset==NULL)
967	goto error;
968
969	if(terms) {
970	_oset_add_oset_terms(ret_oset, terms);
971	}
972
973	_add_yy_id_certs(principal->cn,principal->type);
974
975	return ret_oset;
976
977	error:
978	panic("can not generate a simple tail oset");
979	return NULL;
980	}
981
982	/* B.role.oset */
983	abac_oset_t validate_linked_tail_oset(abac_yy_expression_t expr)
984	{
985	abac_yy_principal_t *principal=expr->principal;
986	abac_yy_oset_t *oset=expr->oset;
987	abac_yy_role_t *linked_role=expr->linked_role;
988
989	char *principalname=principal->sha;
990
991	char *osetname=oset->name;
992	abac_yy_term_t *terms=oset->terms;
993
994	char *linkedrolename=linked_role->name;
995	abac_yy_term_t *linked_terms=linked_role->terms;
996
997	int ret;
998	abac_oset_t *ret_oset=abac_oset_linking_new(principalname,
999	linkedrolename, osetname);
1000	if (ret_oset==NULL)
1001	goto error;
1002
1003	if(linked_terms) {
1004	_oset_add_linked_terms(ret_oset, linked_terms);
1005	}
1006	if(terms) {
1007	_oset_add_oset_terms(ret_oset, terms);
1008	}
1009
1010	_add_yy_id_certs(principal->cn,principal->type);
1011
1012	return ret_oset;
1013
1014	error:
1015	panic("can not generate linked tail oset");
1016	return NULL;
1017	}
1018
1019
1020
1021	abac_list_t make_oset_statement(abac_yy_expression_t headexpr,
1022	abac_yy_expression_t *tailexpr)
1023	{
1024	abac_oset_t *head_oset=NULL;
1025	abac_oset_t *tail_oset=NULL;
1026
1027	/* build up left side's abac oset structure */
1028	head_oset=validate_head_oset(headexpr);
1029	if(head_oset == NULL)
1030	goto error;
1031
1032	/* build up the right side's abac oset structure */
1033	abac_yy_expression_t *curr_tail = tailexpr;
1034	int intersecting=(tailexpr->next != NULL)? 1:0;
1035	abac_oset_t *curr_oset = NULL;
1036	while (curr_tail) {
1037	switch(curr_tail->type) {
1038	case e_yy_EXPR_OBJECT:
1039	curr_oset=validate_object_tail_oset(curr_tail);
1040	break;
1041	case e_yy_EXPR_NAMED:
1042	curr_oset=validate_named_tail_oset(curr_tail);
1043	break;
1044	case e_yy_EXPR_OSET:
1045	curr_oset=validate_oset_tail_oset(curr_tail);
1046	break;
1047	case e_yy_EXPR_LINKED:
1048	curr_oset=validate_linked_tail_oset(curr_tail);
1049	break;
1050	}
1051	if(curr_oset==NULL)
1052	goto error;
1053
1054	/* check if first one */
1055	if(tail_oset==NULL) {
1056	if(intersecting)
1057	tail_oset=validate_intersected_tail_oset(curr_oset);
1058	else
1059	tail_oset=curr_oset;
1060	} else {
1061	abac_oset_add_intersecting_oset(tail_oset,curr_oset);
1062	}
1063	curr_tail=curr_tail->next;
1064	} /* while */
1065
1066	/* XXX collect up type clauses, constraint clauses and
1067	generate rule clauses */
1068	abac_list_t *tmp=generate_pl_oset_clauses(head_oset,tail_oset);
1069	if(tmp == NULL)
1070	goto error;
1071
1072	if(debug) {
1073	abac_print_oset_string_with_condition(head_oset,NULL);
1074	abac_print_oset_string_with_condition(tail_oset,NULL);
1075	}
1076
1077	_free_yy_expression(headexpr);
1078	_free_yy_expression(tailexpr);
1079	abac_rule_head_oset=head_oset;
1080	abac_rule_tail_oset=tail_oset;
1081	abac_rule_is_oset=1;
1082	return tmp;
1083
1084	error:
1085	_free_yy_expression(headexpr);
1086	_free_yy_expression(tailexpr);
1087	if(head_oset)
1088	abac_oset_free(head_oset);
1089	if(tail_oset)
1090	abac_oset_free(tail_oset);
1091	return NULL;
1092	}
1093
1094	/****************************************************************/
1095	static void _role_add_terms(int linked, abac_role_t *role,
1096	abac_yy_term_t *terms)
1097	{
1098	abac_yy_term_t *curr = terms;
1099	int type;
1100	char *name=NULL;
1101	char *cond=NULL;
1102	void *ptr=NULL;
1103	while (curr) {
1104	switch (curr->type) {
1105	case e_yy_DTERM_DATA:
1106	{
1107	abac_yy_term_data_t *pptr=curr->term.d_ptr;
1108	type=pptr->type;
1109	name=abac_xstrdup(pptr->name);
1110	cond=abac_xstrdup(pptr->cond_str);
1111	ptr=pptr->cond_ptr;
1112	break;
1113	}
1114	case e_yy_DTERM_PRINCIPAL:
1115	{
1116	abac_yy_term_principal_t *pptr=curr->term.p_ptr;
1117	type=abac_term_verify_term_type("principal");
1118	name=abac_xstrdup(pptr->name);
1119	cond=abac_xstrdup(pptr->cond_str);
1120	ptr=pptr->cond_ptr;
1121	break;
1122	}
1123	case e_yy_DTERM_NAMED:
1124	{
1125	abac_yy_principal_t *pptr=curr->term.n_ptr;
1126	type=pptr->type;
1127	/* XXX should be switching to sha in the future */
1128	name=abac_xstrdup(pptr->cn);
1129	cond=NULL;
1130	ptr=NULL;
1131	break;
1132	}
1133	case e_yy_DTERM_ANONYMOUS:
1134	{
1135	type=0;
1136	name=abac_xstrdup("_");
1137	cond=NULL;
1138	ptr=NULL;
1139	break;
1140	}
1141	}
1142
1143	abac_term_t *param=abac_term_new(type,name,cond,ptr);
1144	if (linked)
1145	abac_role_role_add_linked_param(role, param);
1146	else
1147	abac_role_role_add_param(role, param);
1148	curr=curr->next;
1149	}
1150	}
1151
1152	static void _role_add_linked_terms(abac_role_t role, abac_yy_term_t terms)
1153	{
1154	int linked=1;
1155	_role_add_terms(linked, role, terms);
1156	}
1157
1158	static void _role_add_role_terms(abac_role_t role, abac_yy_term_t terms)
1159	{
1160	int linked=0;
1161	_role_add_terms(linked, role, terms);
1162	}
1163
1164
1165	abac_role_t validate_intersected_tail_role(abac_role_t role)
1166	{
1167	abac_role_t *ret_role=NULL;
1168	abac_list_t *prereqs = abac_list_new();
1169	abac_list_add(prereqs, role);
1170	ret_role = abac_role_intersection_new("intersectingROLE", prereqs);
1171	return ret_role;
1172	}
1173
1174	abac_role_t validate_head_role(abac_yy_expression_t expr)
1175	{
1176	abac_yy_principal_t *principal=expr->principal;
1177	abac_yy_role_t *role=expr->role;
1178
1179	char *principalname=get_yy_principal_principalname(principal);
1180	char *rolename=role->name;
1181	abac_yy_term_t *terms=role->terms;
1182	abac_role_t *ret_role=NULL;
1183
1184	ret_role=abac_role_role_new(principalname, rolename);
1185	if (ret_role==NULL) {
1186	abac_yy_set_error_code(ABAC_RT_ROLE_INVALID);
1187	goto error;
1188	}
1189	if (!abac_role_is_role(ret_role)) {
1190	abac_yy_set_error_code(ABAC_RT_CERT_INVALID);
1191	goto error;
1192	}
1193	// insert the params for the role
1194	if(terms) {
1195	_role_add_role_terms(ret_role, terms);
1196	}
1197
1198	_add_yy_id_certs(principal->cn,principal->type);
1199
1200	return ret_role;
1201
1202	error:
1203	return NULL;
1204	}
1205
1206	abac_role_t validate_named_tail_role(abac_yy_expression_t expr)
1207	{
1208	abac_yy_principal_t *principal=expr->principal;
1209	char *principalname=get_yy_principal_principalname(principal);
1210	abac_role_t *ret_role=NULL;
1211
1212	ret_role = abac_role_principal_new(principalname);
1213	_add_yy_id_certs(principal->cn,principal->type);
1214
1215	if (ret_role==NULL)
1216	goto error;
1217	return ret_role;
1218
1219	error:
1220	panic("can not generate a simple named tail role");
1221	return NULL;
1222	}
1223
1224	abac_role_t validate_role_tail_role(abac_yy_expression_t expr)
1225	{
1226	abac_yy_principal_t *principal=expr->principal;
1227	abac_yy_role_t *role=expr->role;
1228
1229	char *principalname=get_yy_principal_principalname(principal);
1230
1231	char *rolename=role->name;
1232	abac_yy_term_t *terms=role->terms;
1233
1234	int ret;
1235	abac_role_t *ret_role=NULL;
1236
1237	ret_role = abac_role_role_new(principalname, rolename);
1238	if (ret_role==NULL)
1239	goto error;
1240
1241	if(terms) {
1242	_role_add_role_terms(ret_role, terms);
1243	}
1244
1245	_add_yy_id_certs(principal->cn,principal->type);
1246
1247	return ret_role;
1248
1249	error:
1250	panic("can not generate a simple tail role");
1251	return NULL;
1252	}
1253	/* need to validate/generate a linked role out of this */
1254	abac_role_t validate_linked_tail_role(abac_yy_expression_t expr)
1255	{
1256	abac_yy_principal_t *principal=expr->principal;
1257	abac_yy_role_t *role=expr->role;
1258	abac_yy_role_t *linked_role=expr->linked_role;
1259
1260	char *principalname=get_yy_principal_principalname(principal);
1261
1262	char *rolename=role->name;
1263	abac_yy_term_t *terms=role->terms;
1264
1265	char *linkedrolename=linked_role->name;
1266	abac_yy_term_t *linked_terms=linked_role->terms;
1267
1268	int ret;
1269	abac_role_t *ret_role=NULL;
1270
1271	ret_role = abac_role_linking_new(principalname, linkedrolename, rolename);
1272	if (ret_role==NULL)
1273	goto error;
1274
1275	if(linked_terms) {
1276	_role_add_linked_terms(ret_role, linked_terms);
1277	}
1278	if(terms) {
1279	_role_add_role_terms(ret_role, terms);
1280	}
1281
1282	_add_yy_id_certs(principal->cn,principal->type);
1283
1284	return ret_role;
1285
1286	error:
1287	panic("can not generate linked tail role");
1288	return NULL;
1289	}
1290
1291	/***********************************************************************/
1292	/* add the condition to constraint list */
1293	char make_yy_oset_constraint(abac_yy_term_data_t ptr, char *tail_string)
1294	{
1295	abac_yy_expression_t *head_expr=get_yy_term_data_cond_head_expr(ptr);
1296	if(head_expr) {
1297	abac_oset_t *head_oset=validate_head_oset(head_expr);
1298	if(head_oset == NULL)
1299	goto error;
1300
1301	char *tmp=generate_pl_oset_constraint_clause(head_oset,tail_string);
1302	set_yy_term_data_cond_str(ptr,tmp);
1303	set_yy_term_data_cond_ptr(ptr,head_oset);
1304	abac_yy_add_yy_constraints(tmp);
1305	return tmp;
1306	}
1307	return NULL;
1308	error:
1309	return NULL;
1310	}
1311	/****************************************************************/
1312	/* add the range condition to constraint list */
1313
1314	void make_yy_range_constraint(abac_yy_term_data_t ptr, char var)
1315	{
1316	char *typestr=abac_term_type(ptr->type);
1317	abac_list_t *rlist=get_yy_term_data_cond_range(ptr);
1318	char *tmplist=NULL;
1319	char *tmp=NULL;
1320	int is_range=1; /* either , or \| */
1321	if(rlist) {
1322	char *rstring=_string_yy_cond_range(rlist);
1323	set_yy_term_data_cond_str(ptr,rstring);
1324	abac_yy_range_t *cur;
1325
1326	abac_list_foreach(rlist, cur,
1327	int type=cur->type;
1328	char *val=cur->val;
1329	switch(type) {
1330	case e_yy_RANGE_MIN:
1331	tmp=generate_pl_range_constraint_clause(typestr,var,val,">");
1332	break;
1333	case e_yy_RANGE_MAX:
1334	tmp=generate_pl_range_constraint_clause(typestr,var,val,"<");
1335	break;
1336	case e_yy_RANGE_TARGET:
1337	tmp=generate_pl_range_constraint_clause(typestr,var,val,"=");
1338	int is_range=0;
1339	break;
1340	}
1341	if(tmplist) {
1342	if(is_range)
1343	asprintf(&tmplist,"%s,%s",tmplist,tmp);
1344	else
1345	asprintf(&tmplist,"%s;%s",tmplist,tmp);
1346	} else {
1347	tmplist=tmp;
1348	}
1349	tmp=NULL;
1350	);
1351	asprintf(&tmplist,"(%s)",tmplist);
1352	abac_yy_add_yy_constraints(tmplist);
1353	}
1354	}
1355
1356	char make_yy_role_constraint(abac_yy_term_principal_t ptr, char *tail_string)
1357	{
1358	char *tmp=NULL;
1359	abac_role_t *head_role=NULL;
1360
1361	abac_yy_expression_t *head_expr=get_yy_term_principal_cond_head_expr(ptr);
1362	/* build up left side's abac role constraint structure */
1363	head_role=validate_head_role(head_expr);
1364	if(head_role == NULL)
1365	goto error;
1366
1367	tmp=generate_pl_role_constraint_clause(head_role,tail_string);
1368	set_yy_term_principal_cond_str(ptr,tmp);
1369	set_yy_term_principal_cond_ptr(ptr,head_role);
1370	abac_yy_add_yy_constraints(tmp);
1371	return tmp;
1372
1373	error:
1374	return NULL;
1375	}
1376
1377	/* build up the abac structure and also create the yap clause
1378	and insert it into db */
1379	abac_list_t make_role_statement(abac_yy_expression_t headexpr,
1380	abac_yy_expression_t *tailexpr)
1381	{
1382	abac_role_t *head_role=NULL;
1383	abac_role_t *tail_role=NULL;
1384
1385	/* build up left side's abac role structure */
1386	head_role=validate_head_role(headexpr);
1387	if(head_role == NULL)
1388	goto error;
1389
1390	/* build up the right side's abac role structure */
1391	abac_yy_expression_t *curr_tail = tailexpr;
1392	int intersecting=(tailexpr->next != NULL)? 1:0;
1393	abac_role_t *curr_role = NULL;
1394	while (curr_tail) {
1395	switch(curr_tail->type) {
1396	case e_yy_EXPR_NAMED:
1397	curr_role=validate_named_tail_role(curr_tail);
1398	break;
1399	case e_yy_EXPR_ROLE:
1400	curr_role=validate_role_tail_role(curr_tail);
1401	break;
1402	case e_yy_EXPR_LINKED:
1403	curr_role=validate_linked_tail_role(curr_tail);
1404	break;
1405	}
1406	if(curr_role==NULL)
1407	goto error;
1408
1409	/* check if first one */
1410	if(tail_role==NULL) {
1411	if(intersecting)
1412	tail_role=validate_intersected_tail_role(curr_role);
1413	else
1414	tail_role=curr_role;
1415	} else {
1416	abac_role_add_intersecting_role(tail_role,curr_role);
1417	}
1418	curr_tail=curr_tail->next;
1419	} /* while */
1420
1421	/* collect up type clauses, constraint clases and
1422	generate the final rule clauses */
1423	abac_list_t *tmp=generate_pl_role_clauses(head_role,tail_role);
1424	if(tmp == NULL)
1425	goto error;
1426
1427	if(debug) {
1428	abac_print_role_string_with_condition(head_role,NULL);
1429	abac_print_role_string_with_condition(tail_role,NULL);
1430	}
1431
1432	_free_yy_expression(headexpr);
1433	_free_yy_expression(tailexpr);
1434	abac_rule_head_role=head_role;
1435	abac_rule_tail_role=tail_role;
1436	abac_rule_is_oset=0;
1437	return tmp;
1438
1439	error:
1440	_free_yy_expression(headexpr);
1441	_free_yy_expression(tailexpr);
1442	if(head_role)
1443	abac_role_free(head_role);
1444	if(tail_role)
1445	abac_role_free(tail_role);
1446	return NULL;
1447	}
1448
1449
1450	/************************************************************************/
1451	void abac_yy_init()
1452	{
1453	abac_yyinit();
1454	abac_yy_init_rule_id_clauses();
1455	abac_yy_init_yy_id_certs();
1456	abac_yy_init_yy_constraints();
1457	}
1458
1459

Note: See TracBrowser for help on using the repository browser.

Download in other formats: