Context Navigation

source: libabac/abac_term.c @ d0efdec

mei_rt2

Last change on this file since d0efdec was 2e9455f, checked in by Mei <mei@…>, 11 years ago
1) added namespace 2) tweak ?This, 3) allowing linking role/oset as constraining conditions 4) adding access_tests regression testing that uses GENI's access policy 5) added couple multi contexts regression tests 6) add compression/uncompression calls to abac_encode_string/abac_decode_string (libstrongwan only allows 512 char for attribute rule storage) 7) add attribute_now option to creddy that takes a whole char string for attribute rule
Property mode set to `100644`
File size: 29.6 KB

Line
1	/***********************************************************
2	abac_term.c
3	dterm=data term of rt1
4	term is a kind of dterm
5	***********************************************************/
6	#include <assert.h>
7	#include <stdlib.h>
8	#include <stdio.h>
9	#include <string.h>
10	#include <ctype.h>
11	#include <time.h>
12
13	#include "abac_util.h"
14	#include "abac_aspect.h"
15	#include "abac_verifier.h"
16	#include "abac_id.h"
17	#include "abac_list.h"
18
19	static int debug=0;
20
21	extern char strptime(const char s, const char format, struct tm tm);
22	extern int ABAC_IN_PROLOG;
23
24	/* termname[dtermtype] */
25	static const char *const _termname[] =
26	{
27	"badterm",
28	"integer",
29	"urn",
30	"float",
31	"boolean",
32	"string",
33	"time" ,
34	"principal",
35	"anonymous",
36	"this"
37	};
38	static int _termname_cnt=9;
39
40	typedef enum _condtype_t {
41	e_COND_ROLE = 1,
42	e_COND_OSET = 2,
43	e_COND_RANGE = 3
44	} abac_condtype_t;
45
46	/* condname[condtype] */
47	static const char *const _condname[] =
48	{
49	"badcondition",
50	"role",
51	"oset",
52	"range"
53	};
54	static int _condname_cnt=3;
55
56	/* itemname[itemtype] */
57	static const char *const _itemname[] =
58	{
59	"baditem",
60	"min",
61	"max",
62	"target"
63	};
64	static int _itemname_cnt=3;
65
66	/* itemtype is
67	[a..b], [a..], [..b], [a],[a,b],[many a]
68	*/
69	struct _abac_item_t {
70	int itemtype;
71	char *val;
72	};
73
74	/* condtype is
75	e_COND_ROLE = 1,
76	e_COND_OSET = 2,
77	e_COND_RANGE = 3
78	vartype is one of termtype
79	string will contain either
80	the range literal (static constraint)
81	or
82	the oset/role prologized string (dynamic constraint)
83	it is set if this condition has been pre-processed for codegen
84	of_aspect ptr will only be set only if it is a dynamic
85	constraint
86	range_list is set only if needed
87	*/
88	struct _abac_condition_t {
89	int condtype;
90	int vartype;
91	char *string;
92	abac_list_t *range_list;
93	abac_aspect_t *of_aspect;
94	};
95
96	/* termtype_t/name pair for the data terms
97	idtype_t/name/p_name pair for the named principal term
98	*/
99	struct _abac_term_t {
100	int type;
101	char *name;
102	int isnamed;
103	char *p_name;
104	char *cn; //XXX ?? might not need this at all
105	abac_condition_t *constraint;
106	};
107
108	/* new, free, add one of terms */
109	struct _abac_param_list_t {
110	abac_list_t *list;
111	};
112
113	/****************************************************************/
114	char *abac_condtype_string(int i)
115	{
116	if(i>_condname_cnt)
117	panic("abac_condtype_string: went out of range on condname");
118	return (char *) _condname[i];
119	}
120	char *abac_termtype_string(int i)
121	{
122	if(i>_termname_cnt)
123	panic("abac_termtype_string: went out of range on termname");
124	return (char *) _termname[i];
125	}
126
127	int abac_verify_term_type(char *type) {
128	int i;
129
130	if (type == NULL)
131	panic("abac_verify_term_type: fail with NULL type\n");
132
133	for (i = 1; i <= _termname_cnt ; i++)
134	if(strcmp(type,_termname[i])==0)
135	return i;
136
137	printf("abac_verify_term_type: weird (%s)\n", type);
138	panic("abac_verify_term_type: fail with unfounded type \n");
139	}
140
141	int abac_max_item_type() { return e_ITEM_MAX;}
142	int abac_min_item_type() { return e_ITEM_MIN;}
143	int abac_target_item_type() { return e_ITEM_TARGET;}
144
145	int abac_verify_item_type(char *type) {
146	int i;
147
148	if (type == NULL)
149	panic("abac_verify_item_type: fail with NULL type\n");
150
151	for (i = 1; i <= _itemname_cnt ; i++)
152	if(strcmp(type,_itemname[i])==0)
153	return i;
154	panic("abac_verify_item_type: fail with unfounded type\n");
155	}
156
157	char abac_range_string(abac_list_t ptr)
158	{
159	assert(ptr);
160	char *tmp=NULL;
161	char *min=NULL;
162	char *max=NULL;
163	char *val=NULL;
164	int type;
165
166	abac_item_t *cur;
167	assert(ptr);
168	abac_list_foreach(ptr, cur,
169	type=cur->itemtype;
170	switch (type) {
171	case e_ITEM_MIN:
172	min=abac_xstrdup(cur->val);
173	break;
174	case e_ITEM_MAX:
175	max=abac_xstrdup(cur->val);
176	break;
177	case e_ITEM_TARGET:
178	if(val)
179	asprintf(&val,"%s,%s",cur->val,val);
180	else val=abac_xstrdup(cur->val);
181	break;
182	}
183	);
184	if(max && min) {
185	asprintf(&tmp,"[%s..%s]",min,max);
186	free(max);
187	free(min);
188	return tmp;
189	}
190	if(max) {
191	asprintf(&tmp,"[..%s]",max);
192	free(max);
193	return tmp;
194	}
195	if(min) {
196	asprintf(&tmp,"[%s..]",min);
197	free(min);
198	return tmp;
199	}
200	if(val) {
201	asprintf(&tmp,"[%s]",val);
202	free(val);
203	return tmp;
204	}
205	return NULL;
206	}
207	/******************************************************************/
208	abac_item_t abac_item_new(int itype, char val)
209	{
210	abac_item_t *nptr=
211	(abac_item_t *)abac_xmalloc(sizeof(abac_item_t));
212	nptr->itemtype=itype;
213	nptr->val=abac_xstrdup(val);
214	return nptr;
215	}
216
217	void abac_item_free(abac_item_t *ptr)
218	{
219	assert(ptr);
220	assert(ptr->val);
221	free(ptr->val);
222	free(ptr);
223	}
224
225	abac_item_t abac_item_dup(abac_item_t ptr)
226	{
227	abac_item_t *nptr=
228	(abac_item_t *)abac_xmalloc(sizeof(abac_item_t));
229	nptr->itemtype=ptr->itemtype;
230	nptr->val=abac_xstrdup(ptr->val);
231	return nptr;
232	}
233
234	/* deep copy/same as dup */
235	abac_item_t abac_item_copy(abac_item_t ptr)
236	{
237	abac_item_t *nptr=
238	(abac_item_t *)abac_xmalloc(sizeof(abac_item_t));
239	nptr->itemtype=ptr->itemtype;
240	nptr->val=abac_xstrdup(ptr->val);
241	return nptr;
242	}
243
244	int abac_item_type(abac_item_t *ptr)
245	{
246	return ptr->itemtype;
247	}
248
249	char abac_item_val(abac_item_t ptr)
250	{
251	return ptr->val;
252	}
253
254	/******************************************************************/
255	static abac_condition_t *_abac_condition_new(int type, int vtype,
256	char* condstr,void *cptr)
257	{
258	if(debug) {
259	fprintf(stderr," abac_condition_new: \n");
260	fprintf(stderr," condtype is %d(%s)\n", type, abac_condtype_string(type));
261	fprintf(stderr," vtype is %d(%s)\n", vtype, abac_termtype_string(type));
262	fprintf(stderr," condstr is (%s)\n", condstr);
263	if(cptr) fprintf(stderr," yes on cptr\n");
264	else fprintf(stderr," no on cptr\n");
265	}
266	abac_condition_t *ptr=
267	(abac_condition_t *)abac_xmalloc(sizeof(abac_condition_t));
268	ptr->condtype=type;
269	ptr->vartype=vtype;
270	ptr->string=abac_xstrdup(condstr);
271	ptr->of_aspect=NULL;
272	ptr->range_list=NULL;
273	if(type==e_COND_RANGE) {
274	ptr->range_list=(abac_list_t *)cptr;
275	} else {
276	if(cptr) ptr->of_aspect=abac_aspect_dup((abac_aspect_t *)cptr);
277	}
278	return ptr;
279	}
280
281	void abac_condition_free(abac_condition_t *ptr)
282	{
283	switch(ptr->condtype) {
284	case e_COND_OSET:
285	case e_COND_ROLE:
286	abac_aspect_free(ptr->of_aspect);
287	break;
288	case e_COND_RANGE:
289	/* do nothing */
290	break;
291	}
292	if(ptr->string) free(ptr->string);
293	if(ptr->range_list != NULL) {
294	abac_item_t *cur;
295	abac_list_foreach(ptr->range_list, cur,
296	abac_item_free(cur);
297	);
298	abac_list_free(ptr->range_list);
299	}
300	free(ptr);
301	}
302
303	abac_aspect_t abac_condition_of_aspect(abac_condition_t ptr)
304	{
305	return ptr->of_aspect;
306	}
307
308	int abac_condition_is_range(abac_condition_t *ptr)
309	{
310	if(ptr->condtype==e_COND_RANGE)
311	return 1;
312	else return 0;
313	}
314
315	/* called from backend, intended as stub for range constraint */
316	abac_condition_t abac_condition_create(char vtype)
317	{
318	abac_condition_t *nptr=
319	(abac_condition_t *)abac_xmalloc(sizeof(abac_condition_t));
320	nptr->condtype=e_COND_RANGE;
321	nptr->vartype=abac_verify_term_type(vtype);
322	nptr->string=NULL;
323	nptr->range_list=NULL;
324	nptr->of_aspect=NULL;
325	return nptr;
326	}
327
328	abac_condition_t abac_condition_create_from_aspect(abac_aspect_t ptr)
329	{
330	assert(ptr);
331	abac_condition_t *nptr=
332	(abac_condition_t *)abac_xmalloc(sizeof(abac_condition_t));
333	if(abac_aspect_is_role(ptr))
334	nptr->condtype=e_COND_ROLE;
335	else nptr->condtype=e_COND_OSET;
336	nptr->vartype=e_TERM_PRINCIPAL;
337	nptr->string=NULL;
338	nptr->range_list=NULL;
339	nptr->of_aspect=abac_aspect_dup(ptr);
340	return nptr;
341	}
342
343	/* make a shallow copy */
344	abac_condition_t abac_condition_dup(abac_condition_t ptr)
345	{
346	abac_condition_t *nptr=
347	(abac_condition_t *)abac_xmalloc(sizeof(abac_condition_t));
348	nptr->condtype=ptr->condtype;
349	nptr->vartype=ptr->vartype;
350	if(ptr->string)
351	nptr->string=abac_xstrdup(ptr->string);
352	else nptr->string=NULL;
353	if(ptr->of_aspect)
354	nptr->of_aspect=abac_aspect_dup(ptr->of_aspect);
355	else nptr->of_aspect=NULL;
356
357	if(ptr->range_list!=NULL) {
358	nptr->range_list=abac_list_new();
359	abac_item_t *cur;
360	abac_item_t *nitem;
361	abac_list_foreach(ptr->range_list, cur,
362	nitem=abac_item_dup(cur);
363	abac_list_add(nptr->range_list,nitem);
364	);
365	} else {
366	nptr->range_list=NULL;
367	}
368	return nptr;
369	}
370
371	/* make a deep copy */
372	abac_condition_t abac_condition_copy(abac_condition_t ptr)
373	{
374	abac_condition_t *nptr=
375	(abac_condition_t *)abac_xmalloc(sizeof(abac_condition_t));
376	nptr->condtype=ptr->condtype;
377	nptr->vartype=ptr->vartype;
378	if(ptr->string) {
379	nptr->string=abac_xstrdup(ptr->string);
380	} else {
381	nptr->string=NULL;
382	}
383	if(ptr->of_aspect)
384	nptr->of_aspect=abac_aspect_copy(ptr->of_aspect);
385	else nptr->of_aspect=NULL;
386
387	if(ptr->range_list!=NULL) {
388	nptr->range_list=abac_list_new();
389	abac_item_t *cur;
390	abac_item_t *nitem;
391	abac_list_foreach(ptr->range_list, cur,
392	nitem=abac_item_copy(cur);
393	abac_list_add(nptr->range_list,nitem);
394	);
395	} else {
396	nptr->range_list=NULL;
397	}
398	return nptr;
399	}
400
401	int abac_condition_vartype(abac_condition_t *ptr)
402	{
403	return ptr->vartype;
404	}
405
406	abac_list_t abac_condition_range_list(abac_condition_t ptr)
407	{
408	assert(ptr);
409	return ptr->range_list;
410	}
411
412
413	/***********************************************************************/
414	static void _abac_condition_add_range_item(abac_condition_t ptr, int itype, char val)
415	{
416	abac_item_t *nitem=abac_item_new(itype,val);
417	if(ptr->range_list==NULL)
418	ptr->range_list=abac_list_new();
419	abac_list_add(ptr->range_list,nitem);
420	}
421
422	void abac_condition_add_range_integer_item(abac_condition_t *ptr, int itype, int val)
423	{
424	if(abac_condition_vartype(ptr) != abac_verify_term_type("integer"))
425	panic("abac_condition_add_range_integer_item, mismatched contraint type to abac integer term\n");
426	char *tmp=NULL;
427	asprintf(&tmp,"%d",val);
428	_abac_condition_add_range_item(ptr,itype,tmp);
429	}
430	void abac_condition_add_range_float_item(abac_condition_t *ptr, int itype, float val)
431	{
432	if(abac_condition_vartype(ptr) != abac_verify_term_type("float"))
433	panic("abac_condition_add_range_float_item, mismatched contraint type to abac float term\n");
434	char *tmp=NULL;
435	asprintf(&tmp,"%f",val);
436	_abac_condition_add_range_item(ptr,itype,tmp);
437	}
438
439	void abac_condition_add_range_time_item(abac_condition_t ptr, int itype, char val)
440	{
441	if(abac_condition_vartype(ptr) != abac_verify_term_type("time"))
442	panic("abac_condition_add_range_time_item, mismatched contraint type to abac time term\n");
443	_abac_condition_add_range_item(ptr,itype,val);
444	}
445
446	void abac_condition_add_range_urn_item(abac_condition_t ptr, char val)
447	{
448	if(abac_condition_vartype(ptr) != abac_verify_term_type("urn"))
449	panic("abac_condition_add_range_urn_item, mismatched contraint type to abac urn term\n");
450	_abac_condition_add_range_item(ptr,e_ITEM_TARGET,val);
451	}
452
453	void abac_condition_add_range_string_item(abac_condition_t ptr, char val)
454	{
455	if(abac_condition_vartype(ptr) != abac_verify_term_type("string"))
456	panic("abac_condition_add_range_string_item, mismatched contraint type to abac string term\n");
457	_abac_condition_add_range_item(ptr,e_ITEM_TARGET,val);
458	}
459
460	void abac_condition_add_range_boolean_item(abac_condition_t ptr, char val)
461	{
462	if(abac_condition_vartype(ptr) != abac_verify_term_type("boolean"))
463	panic("abac_condition_add_range_boolean_item, mismatched contraint type to abac boolen term\n");
464	if(strcmp(val,"true")==0 \|\| strcmp(val,"false")==0) {
465	_abac_condition_add_range_item(ptr,e_ITEM_TARGET,val);
466	} else {
467	panic("abac_condition_add_range_boolean_item, invalid matching value\n");
468	}
469	}
470
471
472	char abac_condition_string(abac_condition_t ptr)
473	{
474	char *string=NULL;
475	switch(ptr->condtype) {
476	case e_COND_OSET:
477	case e_COND_ROLE:
478	string=abac_aspect_string_with_condition(ptr->of_aspect);
479	return string;
480	break;
481	case e_COND_RANGE:
482	if(ptr->string != NULL) {
483	string=abac_xstrdup(ptr->string);
484	return string;
485	}
486	if(ptr->range_list != NULL) {
487	string=abac_range_string(ptr->range_list);
488	return string;
489	}
490	break;
491	}
492	return string;
493	}
494
495	char abac_condition_typed_string(abac_condition_t ptr)
496	{
497	char *string=NULL;
498	switch(ptr->condtype) {
499	case e_COND_OSET:
500	case e_COND_ROLE:
501	string=abac_aspect_typed_string_with_condition(ptr->of_aspect);
502	return string;
503	break;
504	case e_COND_RANGE:
505	if(ptr->string != NULL) {
506	string=abac_xstrdup(ptr->string);
507	return string;
508	}
509	if(ptr->range_list != NULL) {
510	string=abac_range_string(ptr->range_list);
511	return string;
512	}
513	break;
514	}
515	return string;
516	}
517
518	int abac_condition_set_range_string(abac_condition_t *ptr)
519	{
520	char *string= abac_range_string(ptr->range_list);
521	ptr->string=string;
522	return 1;
523	}
524
525	int abac_condition_set_aspect_string(abac_condition_t ptr, char str)
526	{
527	ptr->string=abac_xstrdup(str);
528	return 1;
529	}
530
531	int abac_condition_set_aspect_ptr(abac_condition_t ptr, abac_aspect_t aptr)
532	{
533	ptr->of_aspect=abac_aspect_dup(aptr);
534	return 1;
535	}
536
537	/******************************************************************/
538	int abac_term_isvar(abac_term_t *term)
539	{
540	if(isupper(term->name[0])) return 1;
541	else return 0;
542	}
543
544	int abac_term_isnamed(abac_term_t *term)
545	{
546	if(term->isnamed) return 1;
547	else return 0;
548	}
549
550	char abac_term_name(abac_term_t term)
551	{
552	if(ABAC_IN_PROLOG && term->p_name) {
553	return term->p_name;
554	}
555	return term->name;
556	}
557
558	char abac_term_cn(abac_term_t term)
559	{
560	return term->cn;
561	}
562
563	abac_condition_t abac_term_constraint(abac_term_t term)
564	{
565	return term->constraint;
566	}
567
568	char abac_term_type_name(abac_term_t term)
569	{
570	if(term->isnamed)
571	return abac_idtype_string(term->type);
572	return abac_termtype_string(term->type);
573	}
574
575	int abac_term_type(abac_term_t *term)
576	{
577	return term->type;
578	}
579
580	int abac_term_is_anonymous(abac_term_t *ptr)
581	{
582	if(ptr->type == e_TERM_ANONYMOUS)
583	return 1;
584	return 0;
585	}
586	int abac_term_is_this(abac_term_t *ptr)
587	{
588	if(ptr->type == e_TERM_THIS)
589	return 1;
590	return 0;
591	}
592	static int _abac_termtype_is_time_type(int i)
593	{
594	if (i == e_TERM_TIME)
595	return 1;
596	return 0;
597	}
598
599	int abac_term_is_time_type(abac_term_t *term)
600	{
601	return _abac_termtype_is_time_type(term->type);
602	}
603
604	static int _abac_termtype_is_string_type(int i)
605	{
606	if (i == e_TERM_STRING)
607	return 1;
608	return 0;
609	}
610
611	int abac_term_is_string(abac_term_t *term)
612	{
613	return _abac_termtype_is_string_type(term->type);
614	}
615
616	static int _abac_termtype_is_integer_type(int i)
617	{
618	if (i == e_TERM_INTEGER)
619	return 1;
620	return 0;
621	}
622
623	int abac_term_is_integer(abac_term_t *term)
624	{
625	return _abac_termtype_is_integer_type(term->type);
626	}
627
628	static int _abac_termtype_is_urn_type(int i)
629	{
630	if (i == e_TERM_URN)
631	return 1;
632	return 0;
633	}
634
635	int abac_term_is_urn(abac_term_t *term)
636	{
637	return _abac_termtype_is_urn_type(term->type);
638	}
639
640	int abac_term_is_alpha(abac_term_t *term)
641	{
642	if(term->type == e_TERM_URN \|\|
643	term->type == e_TERM_STRING \|\|
644	term->type == e_TERM_BOOLEAN)
645	return 1;
646	return 0;
647	}
648
649	int abac_term_is_numeric(abac_term_t *term)
650	{
651	if(term->type == e_TERM_INTEGER \|\|
652	term->type == e_TERM_FLOAT)
653	return 1;
654	return 0;
655	}
656
657	int abac_term_is_time(abac_term_t *term)
658	{
659	if(term->type == e_TERM_TIME)
660	return 1;
661	return 0;
662	}
663
664	/* need to preset tm1 structure with init_string to nullify
665	field that might not get set the supplied time string */
666	char abac_term_to_time(char string)
667	{
668	struct tm tm1;
669	char buf[255];
670	char *init_string="19991212T000000";
671
672	strptime(init_string, "%Y%m%dT%H%M%S", &tm1);
673	strptime(string, "%Y%m%dT%H%M%S", &tm1);
674	strftime(buf, sizeof(buf), "time(%Y,%m,%d,%H,%M,%S)", &tm1);
675	return abac_xstrdup(buf);
676	}
677
678	char abac_time_to_term(char string)
679	{
680	char buf[255];
681	struct tm tm1;
682
683	char* rt=strptime(string, "time(%Y,%m,%d,%H,%M,%S)", &tm1);
684	if(rt==NULL)
685	return abac_xstrdup(string);
686	strftime(buf, sizeof(buf), "%Y%m%dT%H%M%S", &tm1);
687	return strdup(buf);
688	}
689
690	static abac_term_t *_abac_term_init()
691	{
692	abac_term_t *ptr=abac_xmalloc(sizeof(abac_term_t));
693	ptr->type;
694	ptr->name=NULL;
695	ptr->isnamed=0;
696	ptr->p_name=NULL;
697	ptr->cn=NULL;
698	ptr->constraint=NULL;
699	}
700
701	/* called from yy, cptr is either abac_aspect_t or abac_list_t */
702	abac_term_t abac_term_new(int type, char name, int isrange, char cond, void cptr)
703	{
704	if(debug) {
705	fprintf(stderr,"abac_term_new: \n");
706	fprintf(stderr," type is %d(%s)\n", type, abac_termtype_string(type));
707	fprintf(stderr," name is (%s)\n", name);
708	if(cond)
709	fprintf(stderr," cond is %s\n", cond);
710	else fprintf(stderr," no cond \n");
711	fprintf(stderr," isrange is %d\n", isrange);
712	if(cptr) {
713	if(isrange) fprintf(stderr," cptr is (%s)\n",
714	abac_range_string((abac_list_t *)cptr));
715	else
716	fprintf(stderr," cptr is (%s)\n",
717	abac_aspect_string_with_condition((abac_aspect_t *)cptr));
718	} else fprintf(stderr," there is no cptr\n");
719	}
720	abac_condition_t *constraint=NULL;
721	if (cptr) {
722	if(isrange) {
723	constraint=_abac_condition_new(e_COND_RANGE,type,cond,cptr);
724	} else {
725	if(type==e_TERM_PRINCIPAL)
726	constraint=_abac_condition_new(e_COND_ROLE,type,cond,cptr);
727	else
728	constraint=_abac_condition_new(e_COND_OSET,type,cond,cptr);
729	}
730	}
731	abac_term_t *ptr=_abac_term_init();
732	ptr->isnamed=0;
733	ptr->type=type;
734	/* reformat the term name if it is a time type */
735	if((!constraint) && _abac_termtype_is_time_type(type) && isdigit(name[0])) {
736	char *tmp=abac_term_to_time(name);
737	ptr->name=tmp;
738	} else {
739	ptr->name=abac_xstrdup(name);
740	}
741	ptr->constraint=constraint;
742	return ptr;
743	}
744
745	abac_term_t abac_term_create(char typename, char name, abac_condition_t cptr)
746	{
747	int type=abac_verify_term_type(typename);
748	if(debug) {
749	fprintf(stderr,"abac_term_create: \n");
750	fprintf(stderr," type is %d(%s)\n", type, abac_termtype_string(type));
751	fprintf(stderr," name is (%s)\n", name);
752	if(cptr)
753	fprintf(stderr," cptr is (%s)\n", abac_condition_typed_string(cptr));
754	else fprintf(stderr," there is no cptr\n");
755	}
756
757	abac_term_t *ptr=_abac_term_init();
758	ptr->isnamed=0;
759	ptr->type=type;
760	/* reformat the term name if it is a time type */
761	if((!cptr) && _abac_termtype_is_time_type(type) && isdigit(name[0])) {
762	char *tmp=abac_term_to_time(name);
763	ptr->name=tmp;
764	} else {
765	ptr->name=abac_xstrdup(name);
766	}
767	if(cptr)
768	ptr->constraint=abac_condition_dup(cptr);
769	return ptr;
770	}
771
772	/* called from yy, named principal type */
773	abac_term_t abac_term_named_new(int idtype, char name)
774	{
775	DEBUG_PRINTF("abac_term_named_new: \n type is %d(%s)\n",
776	idtype, abac_idtype_string(idtype));
777	DEBUG_PRINTF(" name is (%s)\n", name);
778	abac_term_t *ptr=_abac_term_init();
779	ptr->isnamed=1;
780	ptr->type=idtype;
781	ptr->name=abac_xstrdup(name);
782	/* if ABAC_CN, no need to attach p */
783	if(!USE("ABAC_CN"))
784	asprintf(&ptr->p_name,"p%s",name);
785	return ptr;
786	}
787
788	abac_term_t *abac_term_this_create()
789	{
790	DEBUG_PRINTF("abac_term_this_create:\n");
791	abac_term_t *ptr=_abac_term_init();
792	ptr->type=e_TERM_THIS;
793	ptr->name=abac_xstrdup("This");
794	return ptr;
795	}
796
797
798	/* seems to be always idtype==e_TERM_PRINCIPAL except for ?This*/
799	abac_term_t abac_term_named_create(char name)
800	{
801	DEBUG_PRINTF("abac_term_named_create: name is (%s)\n",name);
802	abac_term_t *ptr=_abac_term_init();
803	/* special case when it is a ?this */
804	if(strcasecmp(name,"this")==0) {
805	ptr->type=e_TERM_THIS;
806	ptr->name=abac_xstrdup("This");
807	return ptr;
808	}
809	if(strcasecmp(name,"anonymous")==0) {
810	ptr->type=e_TERM_ANONYMOUS;
811	ptr->name=abac_xstrdup("_");
812	return ptr;
813	}
814	ptr->isnamed=1;
815	ptr->type=e_TERM_PRINCIPAL;
816	ptr->name=abac_xstrdup(name);
817	/* if ABAC_CN, no need to attach p */
818	if(!USE("ABAC_CN"))
819	asprintf(&ptr->p_name,"p%s",name);
820	return ptr;
821	}
822
823	/* seems to be always idtype==keyid type */
824	abac_term_t abac_term_id_create(abac_id_t idptr)
825	{
826	DEBUG_PRINTF("abac_term_named_id_create: name is (%s)\n", abac_id_name(idptr));
827	abac_term_t *ptr=_abac_term_init();
828	ptr->isnamed=1;
829	ptr->type=abac_id_idtype(idptr);
830	ptr->name=abac_xstrdup(abac_id_name(idptr));
831	/* if ABAC_CN, no need to attach p */
832	if(!USE("ABAC_CN"))
833	asprintf(&ptr->p_name,"p%s",ptr->name);
834	return ptr;
835	}
836
837
838	abac_term_t abac_term_dup(abac_term_t ptr)
839	{
840	assert(ptr);
841	abac_term_t *nptr=_abac_term_init();
842	nptr->isnamed=ptr->isnamed;
843	nptr->type=ptr->type;
844	nptr->name=abac_xstrdup(ptr->name);
845	if(ptr->p_name)
846	nptr->p_name=abac_xstrdup(ptr->p_name);
847	if(ptr->constraint!=NULL)
848	nptr->constraint=abac_condition_dup(ptr->constraint);
849	if(ptr->cn)
850	nptr->cn=abac_xstrdup(ptr->cn);
851	return nptr;
852	}
853
854	/* a deep copy */
855	abac_term_t abac_term_copy(abac_term_t ptr)
856	{
857	if(ptr == NULL) return NULL;
858	abac_term_t *nptr=_abac_term_init();
859	nptr->isnamed=ptr->isnamed;
860	nptr->type=ptr->type;
861	if(ptr->name)
862	nptr->name=abac_xstrdup(ptr->name);
863	if(ptr->p_name)
864	nptr->p_name=abac_xstrdup(ptr->p_name);
865	if(ptr->constraint!=NULL)
866	nptr->constraint=abac_condition_copy(ptr->constraint);
867	if(ptr->cn)
868	nptr->cn=abac_xstrdup(ptr->cn);
869	return nptr;
870	}
871
872	void abac_term_free(abac_term_t *ptr)
873	{
874	if(ptr->constraint) {
875	abac_condition_free(ptr->constraint);
876	}
877	free(ptr->name);
878	if(ptr->p_name) free(ptr->p_name);
879	if(ptr->cn) free(ptr->cn);
880	free(ptr);
881	}
882
883	abac_term_t abac_term_add_constraint(abac_term_t ptr, abac_condition_t *cond)
884	{
885	/* make sure the types are matching */
886	if(abac_condition_vartype(cond) != abac_term_type(ptr)) {
887	panic("abac_term_add_constraint: mismatched constraint type with the dataterm\n");
888	return NULL;
889	}
890
891	if(ptr->constraint) {
892	abac_condition_free(ptr->constraint);
893	}
894	ptr->constraint = abac_condition_dup(cond);
895	return ptr;
896	}
897
898	/* name or name:cond */
899	static char abac_term_string_with_condition(abac_term_t ptr)
900	{
901	char *tmp=NULL;
902	char *cond=NULL;
903	char *name=abac_term_name(ptr);
904	if(ptr->constraint) {
905	cond=abac_condition_string(ptr->constraint);
906	}
907	int free_name=0;
908	if(abac_term_is_time_type(ptr) && !ABAC_IN_PROLOG ) {
909	name=abac_time_to_term(name);
910	free_name=1;
911	}
912	if(cond) {
913	asprintf(&tmp,"%s:%s", name, cond);
914	free(cond);
915	} else tmp=abac_xstrdup(name);
916	if(free_name) free(name);
917	return tmp;
918	}
919
920	/* [type:name] or [typed:name:cond] */
921	static char abac_term_typed_string_with_condition(abac_term_t ptr)
922	{
923	char *tmp=NULL;
924	char *cond=NULL;
925	int free_name=0;
926	char *name=abac_term_name(ptr);
927	char *type=abac_term_type_name(ptr);
928	if(ptr->constraint) {
929	cond=abac_condition_typed_string(ptr->constraint);
930	}
931	/* special case if term is actually a time term... */
932	if(abac_term_is_time_type(ptr) && !ABAC_IN_PROLOG ) {
933	name=abac_time_to_term(name); /* this should be freed */
934	DEBUG_PRINTF("abac_term_typed_string_with_condition: trying to turn the time back\n");
935	free_name=1;
936	}
937	if(cond) {
938	if(abac_condition_is_range(ptr->constraint))
939	asprintf(&tmp,"[%s:?%s:%s]", type, name, cond);
940	else asprintf(&tmp,"[%s:?%s%s]", type, name, cond);
941	free(cond);
942	} else {
943	if(abac_term_is_anonymous(ptr)) {
944	asprintf(&tmp,"[?]");
945	} else {
946	if(abac_term_is_this(ptr)) {
947	asprintf(&tmp,"[?This]");
948	} else {
949	if(isupper(name[0]))
950	asprintf(&tmp,"[%s:?%s]", type, name);
951	else asprintf(&tmp,"[%s:%s]", type, name);
952	}
953	}
954	}
955	DEBUG_PRINTF("abac_term_typed_string_with_condition: (%s)\n",tmp);
956	if(free_name) free(name);
957	return tmp;
958	}
959
960	char abac_term_string(abac_term_t ptr)
961	{
962	return abac_xstrdup(abac_term_name(ptr));
963	}
964
965	char abac_term_typed_string(abac_term_t ptr)
966	{
967	return abac_term_typed_string_with_condition(ptr);
968	}
969
970	/********************************************************************/
971	int abac_param_list_cnt(abac_param_list_t *ptr)
972	{
973	assert(ptr);
974	int cnt=abac_list_size(ptr->list);
975	return cnt;
976	}
977
978	abac_list_t abac_param_list(abac_param_list_t ptr)
979	{
980	assert(ptr);
981	return ptr->list;
982	}
983
984	abac_param_list_t abac_param_list_copy(abac_param_list_t ptr)
985	{
986	if(ptr == NULL) return NULL;
987	abac_param_list_t *nptr=abac_xmalloc(sizeof(abac_param_list_t));
988	nptr->list=abac_list_new();
989	abac_term_t *cur;
990	abac_term_t *ncur;
991	abac_list_foreach(ptr->list, cur,
992	ncur=abac_term_copy(cur);
993	abac_list_add(nptr->list, ncur);
994	);
995	return nptr;
996	}
997
998	abac_param_list_t abac_param_list_new(abac_term_t term)
999	{
1000	abac_param_list_t *ptr=abac_xmalloc(sizeof(abac_param_list_t));
1001	ptr->list=abac_list_new();
1002	abac_list_add(ptr->list, abac_term_dup(term));
1003	return ptr;
1004	}
1005
1006	abac_param_list_t abac_param_list_free(abac_param_list_t ptr)
1007	{
1008	abac_list_t *list=ptr->list;
1009	abac_term_t *cur;
1010	abac_list_foreach(list, cur,
1011	abac_term_free(cur);
1012	);
1013	abac_list_free(list);
1014	free(ptr);
1015	}
1016
1017	abac_param_list_t abac_param_list_add_term(abac_param_list_t ptr, abac_term_t *term)
1018	{
1019	abac_list_t *list=ptr->list;
1020	abac_list_add(list, abac_term_dup(term));
1021	return ptr;
1022	}
1023
1024
1025	/* term1:cond1,term2:cond2 */
1026	char* abac_param_list_string_with_condition(abac_param_list_t *ptr)
1027	{
1028	if(ptr->list == NULL)
1029	return "";
1030
1031	abac_term_t *cur;
1032	char tmp=NULL, final=NULL;
1033	abac_list_foreach(ptr->list, cur,
1034	char *s=abac_term_string_with_condition(cur);
1035	if(final==NULL) {
1036	final=abac_xstrdup(s);
1037	} else {
1038	tmp=final;
1039	final=NULL;
1040	asprintf(&final,"%s,%s",tmp,s);
1041	free(tmp);
1042	}
1043	free(s);
1044	);
1045	return final;
1046	}
1047
1048	/* [type:term1:cond1],[type:term2:cond2] */
1049	char* abac_param_list_typed_string_with_condition(abac_param_list_t *ptr)
1050	{
1051	if(ptr->list == NULL)
1052	return "";
1053
1054	abac_term_t *cur;
1055	char tmp=NULL, final=NULL;
1056	abac_list_foreach(ptr->list, cur,
1057	char *s=abac_term_typed_string_with_condition(cur);
1058	if(final==NULL) {
1059	final=abac_xstrdup(s);
1060	} else {
1061	tmp=final;
1062	final=NULL;
1063	asprintf(&final,"%s,%s",tmp,s);
1064	DEBUG_PRINTF("typed param so far, %s\n", final);
1065	free(tmp);
1066	}
1067	free(s);
1068	);
1069	DEBUG_PRINTF("typed param so far, %s\n", final);
1070	return final;
1071	}
1072
1073	/* term1,term2 */
1074	char* abac_param_list_string(abac_param_list_t *ptr)
1075	{
1076	abac_list_t *list=ptr->list;
1077	if(list == NULL)
1078	return "";
1079	abac_term_t *cur;
1080	char *final=NULL;
1081	char *tmp=NULL;
1082
1083	/* collect up all the string */
1084	abac_list_foreach(list, cur,
1085	char *s=abac_term_string(cur);
1086	if(final==NULL) {
1087	final=abac_xstrdup(s);
1088	} else {
1089	tmp=final;
1090	final=NULL;
1091	asprintf(&final,"%s,%s",tmp,s);
1092	DEBUG_PRINTF("param so far, %s\n", final);
1093	free(tmp);
1094	}
1095	free(s);
1096	);
1097	DEBUG_PRINTF("param so far, %s\n", final);
1098	return final;
1099	}
1100
1101	/* make a stack of it for the abac.hh */
1102	abac_term_t *abac_param_list_vectorize(abac_param_list_t ptr)
1103	{
1104	abac_term_t **terms=NULL;
1105	abac_list_t *list=ptr->list;
1106	int cnt=0;
1107	if(list != NULL)
1108	cnt=abac_list_size(list);
1109
1110	// make the array (leave space to NULL terminate it)
1111	// n.b., even if the list is empty, we still return an array that
1112	// only contains the NULL terminator
1113	terms = abac_xmalloc(sizeof(abac_term_t ) (cnt + 1));
1114
1115	abac_term_t *cur;
1116	int i = 0;
1117	if(i<cnt) {
1118	abac_list_foreach(list, cur,
1119	terms[i++] = abac_term_dup(cur);
1120	);
1121	}
1122	terms[i] = NULL;
1123	return terms;
1124	}
1125
1126
1127	void abac_terms_free(abac_term_t **terms)
1128	{
1129	/* always null terminating */
1130	assert(terms);
1131	int i;
1132	for (i = 0; terms[i] != NULL; ++i) {
1133	abac_term_free(terms[i]);
1134	}
1135	free(terms);
1136	}
1137

Note: See TracBrowser for help on using the repository browser.

Download in other formats: