/************************************************
Function: constructResponse
Parameters: xacml_response_t * response
Description:
The XACML response message is constructed here.
This implementation will use the Unix UID, Primary GID and
multiple Secondary GIDs as input to contruct the obligations and
its attributes.
************************************************/
int constructResponse (xacml_response_t * response){
/* Mapping Information Translated */
aos_context_t* context = NULL;
aos_attribute_t* attribute = NULL;
xacml_obligation_t tmp_obligation = NULL;
char* attribute_name = NULL;
char* attribute_value = NULL;
char* obligation_id = NULL;
rewindContexts();
while((context = getNextContext(OBLIGATION, NULL)) != NULL){
rewindAttributes(context);
obligation_id = getContextObligationId(context),
xacml_obligation_init(&tmp_obligation,
obligation_id,
XACML_EFFECT_Permit);
/*printf("Obligation: %s at %p", obligation_id, tmp_obligation);*/
/*EEF_log(LOG_DEBUG, "Obligation %s", obligation_id);*/
while((attribute = getNextAttribute(context)) != NULL){
attribute_name = getAttributeId(attribute);
attribute_value = getAttributeValueAsString(attribute);
if(attribute_name && attribute_value){
/*EEF_log(LOG_DEBUG, "\t%s=%s\n", attribute_name, attribute_value);*/
/* uid */
xacml_obligation_add_attribute(tmp_obligation,
attribute_name,
XACML_DATATYPE_STRING,
attribute_value);
/*printf("Added obligation at: %p type %s\n", tmp_obligation, XACML_DATATYPE_STRING);*/
}
}
xacml_response_add_obligation(*response, tmp_obligation);
xacml_obligation_destroy(tmp_obligation);
tmp_obligation = NULL;
}
/*********** E: Obligation UIDGID ***********/
xacml_response_set_saml_status_code (*response, SAML_STATUS_Success);
xacml_response_set_xacml_status_code (*response, XACML_STATUS_ok);
xacml_response_set_xacml_decision (*response, XACML_DECISION_Permit);
return 0;
}
xptr apply_before_delete_triggers_on_subtree(xptr node, node_triggers_map *fired_triggers)
{
if (tr_globals::internal_auth_switch == BLOCK_AUTH_CHECK) return node;
schema_node_cptr scm_node = getSchemaNode(node);
node_triggers_map attribute_fired_triggers;
node_triggers_map element_fired_triggers;
typedef std::pair< schema_node_xptr, std::vector<trigger_cell_xptr> > mapPair;
std::pair< node_triggers_map::iterator, bool > mapRes;
/*1. Evalute triggers for this node if there are some in fired_triggers map*/
node_triggers_map::iterator mapIter;
trigger_cell_cptr trc = XNULL;
mapIter = fired_triggers->find(scm_node.ptr());
xptr parent=nodeGetParent(node);
if( mapIter != fired_triggers->end())
for(std::vector<trigger_cell_xptr>::size_type i=0; i< mapIter->second.size(); i++)
{
trc = mapIter->second.at(i);
if(trc->execute_trigger_action(XNULL, node, parent) == XNULL) return XNULL;
}
// if the node is attribute - it has no children to process
if (scm_node->type == attribute) return node;
/*2. Find all fired triggers for all the children of the node (attribute_fired_triggers and element_fired_triggers)*/
sc_ref_item* scm_child = scm_node->children->first;
while(scm_child !=NULL)
{
cat_list<trigger_cell_xptr>::item* scm_trc = scm_child->object.snode->trigger_list->first;
if(scm_trc!=NULL)
{
std::vector<trigger_cell_xptr> triggers_vec;
if(scm_child->object.snode->type == attribute)
mapRes = attribute_fired_triggers.insert( mapPair (scm_child->object.snode, triggers_vec) );
else
mapRes = element_fired_triggers.insert( mapPair (scm_child->object.snode, triggers_vec) );
while(scm_trc!=NULL)
{
if((scm_trc->object->trigger_event == TRIGGER_DELETE_EVENT) &&
(scm_trc->object->trigger_granularity == TRIGGER_FOR_EACH_STATEMENT) &&
(scm_trc->object->trigger_time == TRIGGER_BEFORE))
mapRes.first->second.push_back(scm_trc->object);
scm_trc=scm_trc->next;
}
}
scm_child=scm_child->next;
}
/*Call this function on all children recursively*/
xptr attr_child = getFirstAttributeChild(node);
while(attr_child!=XNULL)
{
if(apply_before_delete_triggers_on_subtree(attr_child, &attribute_fired_triggers) ==XNULL)
return XNULL;
attr_child = getNextAttribute(attr_child);
}
xptr elem_child = getFirstElementChild(node);
while(elem_child!=XNULL)
{
if(apply_before_delete_triggers_on_subtree(elem_child, &element_fired_triggers) == XNULL)
return XNULL;
elem_child = getNextElement(elem_child);
}
return node;
}