Changeset adc0815
- Timestamp:
- 05/21/12 14:49:10 (12 months ago)
- Branches:
- mei_rt2, mei_rt2_fix_1
- Children:
- 6e8997e
- Parents:
- 1621520
- git-author:
- Mei <mei@…> (05/21/12 14:49:10)
- git-committer:
- Mei <mei@…> (05/21/12 14:49:10)
- Location:
- libabac
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
libabac/abac.h
rd9c3886 radc0815 114 114 115 115 /* abac_attribute */ 116 bool abac_attribute_is_role(abac_attribute_t *ptr); 116 117 abac_chunk_t abac_attribute_cert_chunk(abac_attribute_t *ptr); 117 118 int abac_attribute_write(abac_attribute_t *ptr, FILE *out); -
libabac/abac.hh
r1621520 radc0815 648 648 ***/ 649 649 void load_privkey(char *filename) { 650 651 652 653 650 int rt=abac_id_load_privkey_file(m_id, filename); 651 if(rt != 1) 652 abac_errx(1, "Failed to load private key"); 653 } 654 654 /*** 655 655 abac_id_t *id() … … 663 663 returns the SHA1 keyid of the id cert 664 664 char *name() 665 returns the CN 665 returns the CN (the parameter passed to the constructor or the 666 CN of the cert). 666 667 ***/ 667 668 char *keyid() { return abac_id_keyid(m_id); } … … 756 757 { if(m_attr) abac_attribute_free(m_attr); } 757 758 /*** 758 XXX 759 Attribute(abac_attribute_t *) 760 constructor that takes abac_attribute_t, locally used 761 Attribute(abac_credential_t *) 762 constructor that takes abac_credential_t, locally used 759 763 ***/ 760 764 Attribute(abac_attribute_t *attr): m_attr(abac_attribute_dup(attr)) 761 { } 762 Attribute(abac_credential_t *cred) { 763 m_attr=abac_attribute_dup(abac_credential_attribute(cred)); 765 { } 766 Attribute(abac_credential_t *cred) 767 { m_attr=abac_attribute_dup(abac_credential_attribute(cred)); } 768 /*** 769 Attribute(Role&, int) 770 constructor that creates an attribute policy to be signed by the issuer 771 with the given role with a specified validity period 772 An exception will be thrown if: 773 - the issuer has no private key 774 - the Head role is invalid 775 - the validity period is invalid (must be >= 1 second) 776 ***/ 777 Attribute(Role& head, int validity) { 778 int rt=abac_attribute_create(&m_attr, head.role(), NULL, validity); 779 if(rt!=ABAC_ATTRIBUTE_SUCCESS) 780 abac_errx(1, "attribute(role), unable to make an attribute"); 781 } 782 /*** 783 Attribute(Oset&, int) 784 constructor that creates an attribute policy to be signed by the issuer 785 with the given oset with a specified validity period 786 An exception will be thrown if: 787 - the issuer has no private key 788 - the Head oset is invalid 789 - the validity period is invalid (must be >= 1 second) 790 ***/ 791 Attribute(Oset& head, int validity) { 792 int rt=abac_attribute_create(&m_attr, head.oset(), NULL, validity); 793 if(rt!=ABAC_ATTRIBUTE_SUCCESS) 794 abac_errx(1, "attribute(oset), unable to make an attribute"); 795 } 796 /*** 797 bool add_tail(Role&) 798 Add a role tail. Call multiple times for intersections 799 bool add_tail(Oset&) 800 Add an oset tail. Call multiple times for intersections 801 ***/ 802 bool add_tail(Role& tail) { 803 if(abac_attribute_add_tail(m_attr, tail.role())) 804 return 1; 805 else return 0; 806 } 807 bool add_tail(Oset& tail) { 808 if(abac_attribute_add_tail(m_attr, tail.oset())) 809 return 1; 810 else return 0; 811 } 812 /*** 813 char *head_string() 814 returns literal string of head of the attribute 815 char *tail_string() 816 returns literal string of tail of the attribute 817 ***/ 818 char *head_string() { 819 abac_aspect_t *head=abac_attribute_head(m_attr); 820 char *string=abac_aspect_string(head); 821 return string; 822 } 823 char *tail_string() { 824 abac_aspect_t *tail=abac_attribute_tail(m_attr); 825 char *string=abac_aspect_string(tail); 826 return string; 827 } 828 /*** 829 char *head_typed_string() 830 returns typed literal string of head of the attribute 831 char *tail_typed_string() 832 returns typed literal string of tail of the attribute 833 ***/ 834 char *head_typed_string() { 835 abac_aspect_t *head=abac_attribute_head(m_attr); 836 char *string=abac_aspect_typed_string(head); 837 return string; 838 } 839 char *tail_typed_string() { 840 abac_aspect_t *tail=abac_attribute_tail(m_attr); 841 char *string=abac_aspect_typed_string(tail); 842 return string; 843 } 844 /*** 845 char *string() 846 returns literal string of the attribute 847 char *typed_string() 848 returns typed literal string of the attribute 849 ***/ 850 char *string() { 851 char *head=head_string(); 852 char *tail=tail_string(); 853 if(head==NULL || tail==NULL) 854 abac_errx(1, "attribute string, head and tail can not be NULL"); 855 char *tmp=NULL; 856 asprintf(&tmp,"%s<-%s",head,tail); 857 return tmp; 858 } 859 char *typed_string() { 860 char *head=head_typed_string(); 861 char *tail=tail_typed_string(); 862 if(head==NULL || tail==NULL) 863 abac_errx(1, "attribute string, head and tail can not be NULL"); 864 char *tmp=NULL; 865 asprintf(&tmp,"%s<-%s",head,tail); 866 return tmp; 867 } 868 /*** ??? not sure about implmentation 869 const Role &role_head() 870 returns the head role 871 const Oset &oset_head() 872 returns the oset head 873 ***/ 874 const Role &role_head() { 875 abac_aspect_t *head=abac_attribute_head(m_attr); 876 static Role role=Role(head); 877 return role; 878 } 879 const Oset &oset_head() { 880 abac_aspect_t *head=abac_attribute_tail(m_attr); 881 static Oset oset=Oset(head); 882 return oset; 883 } 884 /*** ??? 885 std::vector<Role> role_tails(bool &) 886 retrieve tail role which maybe more than 1 if intersecting 887 std::vector<Oset> oset_tails(bool &) 888 retrieve tail oset which maybe more than 1 if intersecting 889 ***/ 890 std::vector<Role> role_tails(bool &success) { 891 abac_aspect_t **tails, **end; 892 int i; 893 /* make sure it is role */ 894 if(!abac_attribute_is_role(m_attr)) { 895 success=0; 896 abac_errx(1, "role_tails, attribute is not a role"); 764 897 } 765 /* Create an object to be signed by the given issuer with the given role 766 and validity period 767 An exception will be thrown if: 768 - the issuer has no private key 769 - the Head is invalid 770 - the validity period is invalid (must be >= 1 second) */ 771 Attribute(Role& head, int validity) { 772 int rt=abac_attribute_create(&m_attr, head.role(), NULL, validity); 773 if(rt!=ABAC_ATTRIBUTE_SUCCESS) 774 abac_errx(1, "attribute(role), unable to make an attribute"); 898 tails = abac_attribute_tail_vectorized(m_attr); 899 for (i = 0; tails[i] != NULL; ++i) 900 ; 901 end = &tails[i]; 902 std::vector<Role> roles = std::vector<Role>(tails, end); 903 abac_aspects_free(tails); 904 success=1; 905 return roles; 906 } 907 std::vector<Oset> oset_tails(bool &success) { 908 abac_aspect_t **tails, **end; 909 int i; 910 /* make sure that tail is not role */ 911 if(abac_attribute_is_role(m_attr)) { 912 success=0; 913 abac_errx(1, "oset_tails, attribute is not an oset"); 775 914 } 776 Attribute(Oset& head, int validity) { 777 int rt=abac_attribute_create(&m_attr, head.oset(), NULL, validity); 778 if(rt!=ABAC_ATTRIBUTE_SUCCESS) 779 abac_errx(1, "attribute(oset), unable to make an attribute"); 780 } 781 bool add_tail(Role& tail) { 782 if(abac_attribute_add_tail(m_attr, tail.role())) 783 return 1; 784 else return 0; 785 } 786 bool add_tail(Oset& tail) { 787 if(abac_attribute_add_tail(m_attr, tail.oset())) 788 return 1; 789 else return 0; 790 } 791 char *head_string() { 792 abac_aspect_t *head=abac_attribute_head(m_attr); 793 char *string=abac_aspect_string(head); 794 return string; 795 } 796 char *tail_string() { 797 abac_aspect_t *tail=abac_attribute_tail(m_attr); 798 char *string=abac_aspect_string(tail); 799 return string; 800 } 801 char *head_typed_string() { 802 abac_aspect_t *head=abac_attribute_head(m_attr); 803 char *string=abac_aspect_typed_string(head); 804 return string; 805 } 806 char *tail_typed_string() { 807 abac_aspect_t *tail=abac_attribute_tail(m_attr); 808 char *string=abac_aspect_typed_string(tail); 809 return string; 810 } 811 char *string() { 812 char *head=head_string(); 813 char *tail=tail_string(); 814 if(head==NULL || tail==NULL) 815 abac_errx(1, "attribute string, head and tail can not be NULL"); 816 char *tmp=NULL; 817 asprintf(&tmp,"%s<-%s",head,tail); 818 return tmp; 819 } 820 char *typed_string() { 821 char *head=head_typed_string(); 822 char *tail=tail_typed_string(); 823 if(head==NULL || tail==NULL) 824 abac_errx(1, "attribute string, head and tail can not be NULL"); 825 char *tmp=NULL; 826 asprintf(&tmp,"%s<-%s",head,tail); 827 return tmp; 828 } 829 const Role &role_head() { 830 abac_aspect_t *head=abac_attribute_head(m_attr); 831 static Role role=Role(head); 832 return role; 833 } 834 const Oset &oset_head() { 835 abac_aspect_t *head=abac_attribute_tail(m_attr); 836 static Oset oset=Oset(head); 837 return oset; 838 } 839 std::vector<Role> role_tails(bool &success) { 840 abac_aspect_t **tails, **end; 841 int i; 842 tails = abac_attribute_tail_vectorized(m_attr); 843 for (i = 0; tails[i] != NULL; ++i) 844 ; 845 end = &tails[i]; 846 std::vector<Role> roles = std::vector<Role>(tails, end); 847 abac_aspects_free(tails); 848 success=1; 849 return roles; 850 } 851 std::vector<Oset> oset_tails(bool &success) { 852 abac_aspect_t **tails, **end; 853 int i; 854 tails = abac_attribute_tail_vectorized(m_attr); 855 for (i = 0; tails[i] != NULL; ++i) 856 ; 857 end = &tails[i]; 858 std::vector<Oset> osets = std::vector<Oset>(tails, end); 859 success=1; 860 abac_aspects_free(tails); 861 return osets; 862 } 915 tails = abac_attribute_tail_vectorized(m_attr); 916 for (i = 0; tails[i] != NULL; ++i) 917 ; 918 end = &tails[i]; 919 std::vector<Oset> osets = std::vector<Oset>(tails, end); 920 success=1; 921 abac_aspects_free(tails); 922 return osets; 923 } 924 /*** 925 abac_attribute_t *attribute() 926 return libabac structure for attribute 927 ***/ 863 928 abac_attribute_t *attribute() { return m_attr; } 864 929 865 /* Generate the cert. Call this after you've added subjects to your cert. 866 This returns false if there are no subjects 867 This will throw an exception if the cert's already been baked. */ 930 /*** 931 bool bake() 932 Generate the cert. Call this after you've added subjects to your cert. 933 This returns false if there are no subjects 934 This will throw an exception if the cert's already been baked. 935 ***/ 868 936 bool bake() { 869 /* can not bake in ABAC_CN mode */ 870 if(USE("ABAC_CN")) 871 abac_errx(1, "bake, can not bake the cert with env(ABAC_CN) set"); 872 int rt=abac_attribute_bake(m_attr); 873 if(rt!=1) 874 abac_errx(1, "bake, can not bake the cert"); 875 } 876 /* Returns true iff the cert has been baked. */ 877 bool baked() { 878 return abac_attribute_baked(m_attr); 879 } 880 /* Write the DER-encoded X.509 attribute cert to the open file handle 881 Throws an exception if the cert isn't baked */ 937 /* can not bake in ABAC_CN mode */ 938 if(USE("ABAC_CN")) 939 abac_errx(1, "bake, can not bake the cert with env(ABAC_CN) set"); 940 int rt=abac_attribute_bake(m_attr); 941 if(rt!=1) 942 abac_errx(1, "bake, can not bake the cert"); 943 } 944 /*** 945 bool baked() 946 returns true iff the cert has been baked. 947 ***/ 948 bool baked() 949 { return abac_attribute_baked(m_attr); } 950 951 /*** 952 void write_cert(FILE *) 953 write the DER-encoded X.509 attribute cert to the open file handle 954 Throws an exception if the cert isn't baked 955 ***/ 882 956 void write_cert(FILE *out) { 883 int rt= abac_attribute_write(m_attr,out); 884 if(!rt) 885 abac_errx(1, "write, cert is not baked"); 886 } 887 /* Write the DER-encoded X.509 attribute cert to a file named out 888 Throws an exception if the cert isn't baked */ 957 int rt= abac_attribute_write(m_attr,out); 958 if(!rt) 959 abac_errx(1, "write, cert is not baked"); 960 } 961 /*** 962 void write_cert(char *) 963 write the DER-encoded X.509 attribute cert to a file named out 964 Throws an exception if the cert isn't baked 965 ***/ 889 966 void write_cert(char *filename) { 890 FILE *out = fopen(filename, "w"); 891 printf("writing to %s\n", filename); 892 write_cert(out); 893 printf("done writing to %s\n", filename); 894 fclose(out); 895 } 896 /* returns a DER-encoded binary representation of the X.509 attribute 897 cert associated with this cert 898 Throws an exception if the cert isn't baked 899 the chunk can be passed to libabac's Context::load_attribute_chunk() */ 900 abac_chunk_t cert_chunk() { 901 return abac_attribute_cert_chunk(m_attr); 902 } 903 /* generate yap clauses and injected into db */ 967 FILE *out = fopen(filename, "w"); 968 write_cert(out); 969 fclose(out); 970 } 971 /*** 972 abac_chunk_t cert_chunk() 973 returns a DER-encoded binary representation of the X.509 attribute 974 cert associated with this cert 975 Throws an exception if the cert isn't baked 976 the chunk can be passed to libabac's Context::load_attribute_chunk() 977 ***/ 978 abac_chunk_t cert_chunk() 979 { return abac_attribute_cert_chunk(m_attr); } 980 981 /*** 982 int consume() 983 generate yap clauses and injected into db 984 ***/ 904 985 int consume() { 905 986 /* attribute needs to be baked */ 906 if(!baked()) { 907 return ABAC_ATTRIBUTE_FAIL; 908 } 987 if(!baked()) { 988 return ABAC_ATTRIBUTE_FAIL; 909 989 } 990 } 910 991 private: 911 992 abac_attribute_t *m_attr; … … 913 994 914 995 996 /*** 997 ABAC::Context 998 An ABAC Context 999 ***/ 915 1000 class Context { 916 1001 public: 1002 /*** 1003 Context() 1004 default constructor 1005 Context(const Context &) 1006 copy constructor, used for cloning the context 1007 ~Context() 1008 default destructor 1009 ***/ 917 1010 Context() { m_ctx = abac_context_new(); m_abac_version=strdup("1.0"); } 918 1011 Context(const Context &context) { 919 920 921 1012 m_ctx = abac_context_dup(context.m_ctx); 1013 m_abac_version=strdup(context.m_abac_version); 1014 } 922 1015 ~Context() { 923 abac_context_free(m_ctx); 924 if(m_abac_version) free(m_abac_version); 925 } 926 927 /* load an identity certificate, returns: 928 ABAC_CERT_SUCCESS successfully loaded 929 ABAC_CERT_INVALID invalid certificate (or file not found) 930 ABAC_CERT_BAD_SIG invalid signature */ 931 void dump_yap() { 932 show_yap_db("dump_yap"); 933 } 934 int load_id(ABAC::ID& id) { 935 return abac_context_load_id_id(m_ctx, id.id()); 936 } 937 int load_id_file(char *filename) { 938 return abac_context_load_id_idkey_file(m_ctx, filename); 939 } 940 int load_id_file(char *filename, char *keyfilename) { 941 return abac_context_load_id_id_file_key_file(m_ctx, filename, keyfilename); 942 } 943 int load_id_chunk(abac_chunk_t cert) { 944 return abac_context_load_id_chunk(m_ctx, cert); 945 } 946 /* load an attribute certificate, returns the same values as above 947 * additionally can return ABAC_CERT_MISSING_ISSUER if the issuer 948 certificate has not been loaded */ 949 int load_attribute(ABAC::Attribute& a) { 950 return abac_context_load_attribute_attribute(m_ctx, a.attribute()); 951 } 952 int load_attribute_file(char *filename) { 953 return abac_context_load_attribute_file(m_ctx, filename); 954 } 955 int load_attribute_chunk(abac_chunk_t cert) { 956 return abac_context_load_attribute_chunk(m_ctx, cert); 957 } 958 /* load a directory full of certificates: 959 first: ${path}/*_ID.{der,pem} as identity certificates 960 then: ${path}/*_attr.der as attribute certificates */ 961 void load_directory(char *path) { 962 abac_context_load_directory(m_ctx, path); 963 } 964 /* run the query: 1016 abac_context_free(m_ctx); 1017 if(m_abac_version) free(m_abac_version); 1018 } 1019 /*** 1020 void dump_yap() 1021 dump the complete yap prolog database 1022 ***/ 1023 void dump_yap() 1024 { show_yap_db("dump_yap"); } 1025 1026 /*** 1027 int load_id(ABAC::ID&) 1028 load id cert from ID 1029 int load_id_file(char *) 1030 load id cert from an idkey combo file. key retrieval will be attempt 1031 but won't fail if not found 1032 int load_id_file(char *, char *) 1033 load id cert from an id file and a key file 1034 int load_id_chunk(abac_chunk_t) 1035 load id cert from a chunk structure 1036 returns: 1037 ABAC_CERT_SUCCESS successfully loaded 1038 ABAC_CERT_INVALID invalid certificate (or file not found) 1039 ABAC_CERT_BAD_SIG invalid signature 1040 ***/ 1041 int load_id(ABAC::ID& id) 1042 { return abac_context_load_id_id(m_ctx, id.id()); } 1043 int load_id_file(char *filename) 1044 { return abac_context_load_id_idkey_file(m_ctx, filename); } 1045 int load_id_file(char *filename, char *keyfilename) 1046 { return abac_context_load_id_id_file_key_file(m_ctx, filename, keyfilename); } 1047 int load_id_chunk(abac_chunk_t cert) 1048 { return abac_context_load_id_chunk(m_ctx, cert); } 1049 1050 /*** 1051 int load_attribute(ABAC::Attribute&) 1052 load attribute credential from attribute structure 1053 int load_attribute_file(char *) 1054 load attribute credential from a file 1055 int load_attribute_chunk(abac_chunk_t) 1056 load attribute credential from a chunk 1057 returns the same values as above, additionally 1058 returns ABAC_CERT_MISSING_ISSUER if the issuer 1059 certificate has not been loaded 1060 ***/ 1061 int load_attribute(ABAC::Attribute& a) 1062 { return abac_context_load_attribute_attribute(m_ctx, a.attribute()); } 1063 int load_attribute_file(char *filename) 1064 { return abac_context_load_attribute_file(m_ctx, filename); } 1065 int load_attribute_chunk(abac_chunk_t cert) 1066 { return abac_context_load_attribute_chunk(m_ctx, cert); } 1067 1068 /*** 1069 void load_directory(char *) 1070 load a directory full of certificates: 1071 first: ${path}/*_ID.{der,pem} as identity certificates 1072 implicitly looking for ${path}/*_private.{der,pem} as 1073 the private key file 1074 then: ${path}/*_IDKEY.{der,pem} as id/key combo certificate 1075 last: ${path}/*_attr.der as attribute certificates 1076 ***/ 1077 void load_directory(char *path) 1078 { abac_context_load_directory(m_ctx, path); } 1079 /*** 1080 std::vector<Attribute> query(char *, char *, bool &) 1081 the string version is for query that is composed by hand with SHA or 1082 in non ABAC_CN mode 1083 std::vector<Attribute> query(Role &, Role &, bool &) 1084 std::vector<Attribute> query(Oset &, Oset &, bool &) 1085 1086 runs the query: 965 1087 role <-?- principal 966 returns true/false in success 967 returns a proof upon success, partial proof on failure */ 968 /* the string version is for query that is composed by hand with SHA or 969 in non ABAC_CN mode */ 1088 returns true/false in success 1089 returns a proof upon success, partial proof on failure 1090 ***/ 970 1091 std::vector<Attribute> query(char *role, char *principal, bool &success) { 971 abac_credential_t **creds, **end; 972 int i, success_int; 973 974 creds = abac_context_query(m_ctx, role, principal, &success_int); 975 success = success_int; 976 977 for (i = 0; creds[i] != NULL; ++i) 978 ; 979 980 end = &creds[i]; 981 std::vector<Attribute> attributes = std::vector<Attribute>(creds, end); 982 if(debug) printf("query, got rules(%d)\n", i); 983 984 abac_context_credentials_free(creds); 985 986 return attributes; 987 } 988 989 /* another way */ 1092 abac_credential_t **creds, **end; 1093 int i, success_int; 1094 1095 creds = abac_context_query(m_ctx, role, principal, &success_int); 1096 success = success_int; 1097 1098 for (i = 0; creds[i] != NULL; ++i) 1099 ; 1100 1101 end = &creds[i]; 1102 std::vector<Attribute> attributes = std::vector<Attribute>(creds, end); 1103 if(debug) printf("query, got rules(%d)\n", i); 1104 1105 abac_context_credentials_free(creds); 1106 1107 return attributes; 1108 } 1109 990 1110 std::vector<Attribute> query(Role &role, Role &p_role, bool &success) { 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1111 abac_credential_t **creds, **end; 1112 int i, success_int; 1113 1114 creds = abac_context_query_with_structure(m_ctx, role.role(), p_role.role(), &success_int); 1115 success = success_int; 1116 1117 for (i = 0; creds[i] != NULL; ++i) 1118 ; 1119 1120 end = &creds[i]; 1121 std::vector<Attribute> attributes = std::vector<Attribute>(creds, end); 1122 1123 abac_context_credentials_free(creds); 1124 1125 return attributes; 1126 } 1007 1127 1008 1128 std::vector<Attribute> query(Oset &oset, Oset &p_oset, bool &success) { 1009 abac_credential_t **creds, **end; 1010 int i, success_int; 1011 1012 creds = abac_context_query_with_structure(m_ctx, oset.oset(), p_oset.oset(), &success_int); 1013 success = success_int; 1014 1015 for (i = 0; creds[i] != NULL; ++i) 1016 ; 1017 1018 end = &creds[i]; 1019 std::vector<Attribute> attributes = std::vector<Attribute>(creds, end); 1020 if(debug) printf("query, returning rules(%d)\n", i); 1021 1022 abac_context_credentials_free(creds); 1023 1024 return attributes; 1025 } 1026 1027 /* returns a vector of all the credentials loaded in the context */ 1129 abac_credential_t **creds, **end; 1130 int i, success_int; 1131 1132 creds = abac_context_query_with_structure(m_ctx, oset.oset(), p_oset.oset(), &success_int); 1133 success = success_int; 1134 1135 for (i = 0; creds[i] != NULL; ++i) 1136 ; 1137 1138 end = &creds[i]; 1139 std::vector<Attribute> attributes = std::vector<Attribute>(creds, end); 1140 if(debug) printf("query, returning rules(%d)\n", i); 1141 1142 abac_context_credentials_free(creds); 1143 1144 return attributes; 1145 } 1146 1147 /*** 1148 std::vector<Attribute> context_credentials(bool &) 1149 returns a vector of all the credentials loaded in the context 1150 extracted from the internal data structure 1151 ***/ 1028 1152 std::vector<Attribute> context_credentials(bool &success) { 1029 abac_credential_t **creds, **end; 1030 int i; 1031 success = 1; 1032 1033 creds = abac_context_credentials(m_ctx); 1034 for (i = 0; creds[i] != NULL; ++i) 1035 ; 1036 1037 end = &creds[i]; 1038 std::vector<Attribute> attributes = std::vector<Attribute>(creds, end); 1039 if(debug) printf("credentials, got (%d)\n", i); 1040 1041 abac_context_credentials_free(creds); 1042 if(debug) show_yap_db("calling from context_credentials"); 1043 return attributes; 1044 } 1045 1046 /* returns a vector of all the principals loaded in the context */ 1153 abac_credential_t **creds, **end; 1154 int i; 1155 success = 1; 1156 1157 creds = abac_context_credentials(m_ctx); 1158 for (i = 0; creds[i] != NULL; ++i) 1159 ; 1160 1161 end = &creds[i]; 1162 std::vector<Attribute> attributes = std::vector<Attribute>(creds, end); 1163 if(debug) printf("credentials, got (%d)\n", i); 1164 1165 abac_context_credentials_free(creds); 1166 if(debug) show_yap_db("calling from context_credentials"); 1167 return attributes; 1168 } 1169 1170 /*** 1171 std::vector<Attribute> context_principals(bool &) 1172 returns a vector of all the principals loaded in the context 1173 extracted from the internal data structure 1174 ***/ 1047 1175 std::vector<ID> context_principals(bool &success) { 1048 abac_id_credential_t **ids, **end; 1049 int i; 1050 success = 1; 1051 1052 ids = abac_context_principals(m_ctx); 1053 for (i = 0; ids[i] != NULL; ++i) 1054 ; 1055 1056 end = &ids[i]; 1057 std::vector<ID> principals = std::vector<ID>(ids, end); 1058 if(debug) printf("principals, got (%d)\n", i); 1059 1060 abac_context_principals_free(ids); 1061 return principals; 1062 } 1063 1176 abac_id_credential_t **ids, **end; 1177 int i; 1178 success = 1; 1179 1180 ids = abac_context_principals(m_ctx); 1181 for (i = 0; ids[i] != NULL; ++i) 1182 ; 1183 1184 end = &ids[i]; 1185 std::vector<ID> principals = std::vector<ID>(ids, end); 1186 if(debug) printf("principals, got (%d)\n", i); 1187 1188 abac_context_principals_free(ids); 1189 return principals; 1190 } 1191 /*** 1192 char *version() 1193 return the version of this interface 1194 ***/ 1064 1195 char *version() const { return m_abac_version; } 1065 1196 -
libabac/abac_attribute.c
rd037f54 radc0815 219 219 assert(ptr); 220 220 return ptr->head; 221 } 222 223 bool abac_attribute_is_role(abac_attribute_t *ptr) 224 { 225 assert(ptr); 226 assert(ptr->head); 227 return abac_aspect_is_role(ptr->head); 221 228 } 222 229
Note: See TracChangeset
for help on using the changeset viewer.
