From 153f603e21aa5b9b3aa87757ef4eb7795153295c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Daniel=20Kou=C5=99il?= <kouril@ics.muni.cz>
Date: Wed, 7 Apr 2010 12:16:19 +0000
Subject: [PATCH] Support for broader format of authorization policy

---
 org.glite.lb.common/interface/authz.h | 30 ++++++++++---
 org.glite.lb.common/src/context.c     | 85 +++++++++++++++++++++++++++--------
 2 files changed, 90 insertions(+), 25 deletions(-)

diff --git a/org.glite.lb.common/interface/authz.h b/org.glite.lb.common/interface/authz.h
index d5a083a..1ece9e3 100644
--- a/org.glite.lb.common/interface/authz.h
+++ b/org.glite.lb.common/interface/authz.h
@@ -36,15 +36,25 @@ typedef struct _edg_wll_VomsGroups {
 	edg_wll_VomsGroup *val;
 } edg_wll_VomsGroups;
 
+typedef struct _edg_wll_authz_attr {
+	int id;
+	char *value;
+} _edg_wll_authz_attr;
+
 typedef struct _edg_wll_authz_rule {
-	int action;
-	int attr_id;
-	char *attr_value;
+	struct _edg_wll_authz_attr *attrs;
+	size_t attrs_num;
 } _edg_wll_authz_rule;
 
-typedef struct _edg_wll_authz_policy {
+typedef struct _edg_wll_authz_action {
+	int id;
 	struct _edg_wll_authz_rule *rules;
-	int num;
+	int rules_num;
+} _edg_wll_authz_action;
+	
+typedef struct _edg_wll_authz_policy {
+	struct _edg_wll_authz_action *actions;
+	int actions_num;
 } _edg_wll_authz_policy;
 
 typedef struct _edg_wll_authz_policy *edg_wll_authz_policy;
@@ -53,8 +63,14 @@ int
 edg_wll_add_authz_rule(edg_wll_Context ctx,
 		       edg_wll_authz_policy policy,
 		       int action,
-		       int attr_id,
-		       char *attr_value);
+		       struct _edg_wll_authz_rule *);
+
+int
+edg_wll_add_authz_attr(edg_wll_Context ctx,
+		       struct _edg_wll_authz_rule *rule,
+		       int id,
+		       char *value);
+		       
 
 #ifdef __cplusplus 
 }
diff --git a/org.glite.lb.common/src/context.c b/org.glite.lb.common/src/context.c
index ca3db1c..fb638b8 100644
--- a/org.glite.lb.common/src/context.c
+++ b/org.glite.lb.common/src/context.c
@@ -162,9 +162,18 @@ void edg_wll_FreeContext(edg_wll_Context ctx)
 		free(ctx->fqans);
 		ctx->fqans = NULL;
 	}
-	if (ctx->authz_policy.num) {
-		for (i = 0; i < ctx->authz_policy.num; i++)
-			free((ctx->authz_policy.rules[i]).attr_value);
+	if (ctx->authz_policy.actions_num) {
+		for (i = 0; i < ctx->authz_policy.actions_num; i++) {
+			int j;
+			struct _edg_wll_authz_attr *a;
+			for (j = 0; j < ctx->authz_policy.actions[i].rules_num; j++) {
+				a = ctx->authz_policy.actions[i].rules[j].attrs;
+				if (a && a->value)
+					free(a->value);
+			}
+			free(ctx->authz_policy.actions[i].rules);
+		}
+		free (ctx->authz_policy.actions);
 	}
 	
 	if (ctx->jpreg_dir) free(ctx->jpreg_dir);
@@ -590,25 +599,65 @@ int edg_wll_SetErrorGss(edg_wll_Context ctx, const char *desc, edg_wll_GssStatus
 }
 
 int
-edg_wll_add_authz_rule(edg_wll_Context ctx,
-		       edg_wll_authz_policy policy,
-		       int action,
-		       int attr_id,
-		       char *attr_value)
+edg_wll_add_authz_attr(edg_wll_Context ctx,
+                       struct _edg_wll_authz_rule *rule,
+                       int id,
+                       char *value)
 {
-    struct _edg_wll_authz_rule *tmp = policy->rules;
-    int num = policy->num;
+    struct _edg_wll_authz_attr *attrs = rule->attrs;
+    int num = rule->attrs_num;
 
-    tmp = realloc(tmp, (num + 1) * sizeof(*tmp));
-    if (tmp == NULL)
-        return edg_wll_SetError(ctx, ENOMEM, NULL);;
+    attrs = realloc(rule->attrs, (num + 1) * sizeof(*attrs));
+    if (attrs == NULL)
+	return edg_wll_SetError(ctx, ENOMEM, NULL);
 
-    tmp[num].action = action;
-    tmp[num].attr_id = attr_id;
-    tmp[num].attr_value = strdup(attr_value);
+    attrs[num].id = id;
+    attrs[num].value = strdup(value);
+    rule->attrs = attrs;
+    rule->attrs_num++;
 
-    policy->rules = tmp;
-    policy->num++;
     return 0;
 }
 
+int
+edg_wll_add_authz_rule(edg_wll_Context ctx,
+		       edg_wll_authz_policy policy,
+		       int action,
+		       struct _edg_wll_authz_rule *rule)
+{
+    struct _edg_wll_authz_rule *rules;
+    struct _edg_wll_authz_action *a = policy->actions;
+    int idx;
+    int num, i;
+
+    num = policy->actions_num;
+    for (idx = 0; idx < num; idx++)
+	if (policy->actions[idx].id == action)
+	    break;
+
+    if (idx == num) {
+	a = realloc(policy->actions, (num + 1) * sizeof(*a));
+	if (a == NULL)
+	    return edg_wll_SetError(ctx, ENOMEM, NULL);
+	a[num].id = action;
+	a[num].rules = NULL;
+	a[num].rules_num = 0;
+	policy->actions = a;
+	policy->actions_num++;
+    }
+
+    num = policy->actions[idx].rules_num;
+    rules = policy->actions[idx].rules;
+    rules = realloc(rules, (num + 1) * sizeof(*rules));
+    if (rules == NULL)
+        return edg_wll_SetError(ctx, ENOMEM, NULL);
+    rules[num].attrs = NULL;
+    rules[num].attrs_num = 0;
+    for (i=0; i < rule->attrs_num; i++)
+	edg_wll_add_authz_attr(ctx, &rules[num],
+			       rule->attrs[i].id, rule->attrs[i].value);
+    policy->actions[idx].rules = rules;
+    policy->actions[idx].rules_num++;
+
+    return 0;
+}
-- 
1.8.2.3