Changeset d9c3886

Timestamp:

05/18/12 00:58:12 (13 months ago)

Author:

Mei <mei@…>

Branches:

mei_rt2, mei_rt2_fix_1

Children:

0b3ac65

Parents:

5110d42

git-author:

Mei <mei@…> (05/18/12 00:58:12)

git-committer:

Mei <mei@…> (05/18/12 00:58:12)

Message:

1) add 2 more query calls in abac.hh that take Role and Oset instead of

strings. Add supporting code in libabac that will take abac_aspect_t
and make query term directly instead of doing stringify the structure
and do string->yyparse->abac_aspect_t again.

2) start on inline doc into abac.hh
3) tweaked some scripts in examples directory

Files:

• examples/creddy_prover_tests/allout.save (modified) (2 diffs)
• examples/creddy_prover_tests/runall (modified) (3 diffs)
• examples/creddy_prover_tests/runcheck (modified) (1 diff)
• examples/python_tests/allout.save (modified) (1 diff)
• examples/python_tests/basic_id/README (modified) (1 diff)
• examples/python_tests/basic_id/id.py (modified) (1 diff)
• examples/python_tests/basic_id/id.save (modified) (3 diffs)
• examples/python_tests/basic_id/run_test (modified) (1 diff)
• examples/python_tests/runall (modified) (2 diffs)
• examples/python_tests/runcheck (modified) (1 diff)
• libabac/abac.c (modified) (1 diff)
• libabac/abac.h (modified) (1 diff)
• libabac/abac.hh (modified) (6 diffs)
• libabac/abac_pl_yap.c (modified) (1 diff)
• libabac/abac_pl_yap.h (modified) (1 diff)
• libabac/rt2.y (modified) (1 diff)

examples/creddy_prover_tests/allout.save

@@ -46 +46 @@
   
 ===bad============ Acme.preferred_customer <- badCoyote
-yyerror: encountered an invalid SHA id(bad)
+yyerror: encountered an invalid SHA id
 prover failed!!
 
@@ -64 +64 @@
   
 ===bad============ 99Acme.buy_rockets <- Coyote
-yyerror: encountered an invalid SHA id(994956018dbb522c97da1e0f19d7713510b14eb712)
+yyerror: encountered an invalid SHA id
 prover failed!!
   

examples/creddy_prover_tests/runall

@@ -7 +7 @@
 
 progname=$(basename $0)
+pwd=`pwd`
 
 if [ $# -eq 0 ]; then
@@ -17 +18 @@
 
 for i in `ls -1 `; do
-   if ( file $i | grep -Fq directory ); then
-       cd $i;
+   if [ -d $i ]; then
+       cd $i
        if [ "$1" = "clean" ]; then
            rm -rf ../allout.sha ../allout.cn
@@ -30 +31 @@
            ./run_query 
        fi 
-       cd ..;
+       cd $pwd
    fi
 done

examples/creddy_prover_tests/runcheck

@@ -6 +6 @@
 export ABAC_PROVER_PATH
 
-echo 'running ABAC testing...'
+echo 'running libabac CREDDY/ABAC_PROVER_YAP testing...'
 echo '  ---with sha'
 env ./runall run 1> allout.sha 2>/dev/null

examples/python_tests/allout.save

@@ -1 +1 @@
 
- ==> RUN on basic_api
----setup precondition
-Generating key, this will take a while. Create entropy!
-    - move the mouse
-    - generate disk activity (run find)
-Generating key, this will take a while. Create entropy!
-    - move the mouse
-    - generate disk activity (run find)
+ ==> RUN on access_rt2
+---setup principals
+---setup attributes
+---run queries
+...with sha
+...with cn
+   PASSED
+
+ ==> RUN on basic_id
+---setup principals
 ---run with sha
 ---run with cn

examples/python_tests/basic_id/README

@@ -6 +6 @@
 # In yap db, the ID credential is stored as: isType(pIDname,keyid)
 
-# Two pre-existing id credentials are generated using creddy, this is
-# to test the load_directory api call
-creddy --generate --cn CreddyBob
-creddy --generate --cn CreddyJack
 
 #  

examples/python_tests/basic_id/id.py

@@ -43 +43 @@
 id=ABAC.ID("John", 0)
 print "adding -> %s(good,invisible)" % id.name()
-id.write_privkey("John_idkey.pem")
-id.write_cert("John_idkey.pem")
-ctxt.load_id_file("John_idkey.pem")
+id.write_privkey("John_other.pem")
+id.write_cert("John_other.pem")
+ctxt.load_id_file("John_other.pem")
 
 id=ABAC.ID("Lori", 0)

examples/python_tests/basic_id/id.save

@@ -3 +3 @@
 ABAC version 1.0
 ...initial principal set...
-(pCreddyBob,keyid,y) 
-(pCreddyJack,keyid,y) 
+(pBob,keyid,y) 
+(pJack,keyid,y) 
 (pMary,keyid,y) 
 (pLori,keyid,n) 
@@ -18 +18 @@
 adding -> Casper(bad,unknown file)
 ...final principal set...
-(pCreddyBob,keyid,y) 
-(pCreddyJack,keyid,y) 
+(pBob,keyid,y) 
+(pJack,keyid,y) 
 (pMary,keyid,y) 
 (pLori,keyid,n) 
@@ -30 +30 @@
 
 ========= yap db (dump_yap)
-isType(pCreddyBob,keyid).
-isType(pCreddyJack,keyid).
+isType(pBob,keyid).
+isType(pJack,keyid).
 isType(pMary,keyid).
 isType(pLori,keyid).

examples/python_tests/basic_id/run_test

@@ -8 +8 @@
 
 echo '---setup principals'
-./README
+./setup.py 2>/dev/null 1 > id.sha
 
 echo '---run with sha'

examples/python_tests/runall

@@ -6 +6 @@
 
 progname=$(basename $0)
+pwd=`pwd`
 
 if [ $# -eq 0 ]; then
-    echo "Usage: $progname (clean|setup|run)" >&2;
+    echo "Usage: $progname (clean|run)" >&2;
     exit 1
 fi
@@ -16 +17 @@
 
 for i in `ls -1 `; do
-   if ( file $i | grep -Fq directory ); then
-       cd $i;
+   if [ -d $i ]; then
+       cd $i
        if [ "$1" = "clean" ]; then
            rm -rf ../allout.tmp
            printf "\n ==> CLEANING on %s\n" "$i" >& 2 ;
            rm -rf *.der *.pem *.cn *.sha
-       elif [ "$1" = "setup" ]; then
-           printf "\n ==> SETUP on %s\n" "$i"  >& 2;
-           ./README
        elif [ "$1" = "run" ] ; then
-           if(file run_test | grep -vq ERROR); then
-               printf "\n ==> RUN on %s\n" "$i" >& 2;
-               ./run_test
-           fi
+           printf "\n ==> RUN on %s\n" "$i" >& 2;
+           ./run_test
        fi 
-       cd ..;
+       cd $pwd
    fi
 done

examples/python_tests/runcheck

@@ -6 +6 @@
 export ABAC_PROVER_PATH
 
-echo 'running PYTHON testing...'
+echo 'running libabac PYTHON testing...'
 
 env ./runall run 1> allout.tmp 2>& 1

libabac/abac.c

@@ -297 +297 @@
 }
 
+abac_credential_t **abac_context_query_with_structure(abac_context_t *ctx,
+abac_aspect_t *queryfor, abac_aspect_t *with, int *success)
+{
+    if(debug) {
+         printf("abac_context_query_with_structure\n");
+    }
+    abac_credential_t **credentials = NULL, *cur;
+    assert(ctx != NULL); assert(queryfor != NULL);
+    assert(with != NULL); assert(success != NULL);
+
+    abac_stack_t *result = abac_pl_query_with_structure(ctx->pl, queryfor, with);
+
+    int size = abac_stack_size(result);
+    if (size > 0) {
+        *success = 1;
+    } else {
+    // XXX NOT SURE YET..
+    // return partial proof
+        *success = 0;
+    }
+
+    // make the array (leave space to NULL terminate it)
+    //      n.b., even if the list is empty, we still return an array that
+    //            only contains the NULL terminator
+    credentials = abac_xmalloc(sizeof(abac_credential_t *) * (size + 1));
+    int i = 0;
+    if(size) {
+        while(i<size) { 
+            cur=(abac_credential_t *) abac_stack_pop(result);
+            credentials[i++] = cur;
+        } 
+    }
+    credentials[i] = NULL;
+
+    if(result)
+        abac_stack_free(result);
+
+    return credentials;
+}
+
 /**
  * A NULL-terminated array of all the credentials in the context.

libabac/abac.h

@@ -43 +43 @@
 /* abac query, returns a NULL-terminated array of credentials on success, NULL on fail */
 abac_credential_t **abac_context_query(abac_context_t *ctx, char *role, char *principal, int *success);
+abac_credential_t **abac_context_query_with_structure(abac_context_t *, abac_aspect_t*, abac_aspect_t*, int*);
 
 /* get all the credentials from the context, returns a NULL-terminated array of credentials */

libabac/abac.hh

@@ -15 +15 @@
     class Oset;
 
+/*** 
+ABAC::Constraint
+   This is a constraint on a data term. It holds a ptr to
+   a abac_condition_t structure 
+***/
     class Constraint {
         public:
-            Constraint() : m_constraint(NULL) { } // do not use: here for swig
+/***
+   Constraint()
+      default constructure, do not use, for swig only 
+   Constraint(const Constraint &)
+      copy constructor, used for cloning a constraint
+   ~Constraint()
+      default destructor
+***/
+            Constraint() : m_constraint(NULL) { }
+            Constraint(const Constraint &constraint) { 
+                m_constraint =abac_condition_dup(constraint.m_constraint);
+              }
+            ~Constraint() { 
+                if(m_constraint) abac_condition_free(m_constraint);
+              }
+
+/***
+   Constraint(abac_condition_t *)
+      constructor that takes an abac_condition_t
+   Constraint(char *)
+      constructor that takes one of following string
+      as its vartype for a range constraint:
+          "integer"
+          "urn"
+          "float"
+          "boolean"
+          "time"
+          "string"
+***/
             Constraint(abac_condition_t *constraint): 
               m_constraint(abac_condition_dup(constraint))
               { }
-            Constraint(const Constraint &constraint) { 
-                m_constraint =abac_condition_dup(constraint.m_constraint);
-              }
-            ~Constraint() { 
-                if(m_constraint) abac_condition_free(m_constraint);
-              }
-
             /* range constraint */
             Constraint(char *vartype) { m_constraint=abac_condition_create(vartype); }
 
-            /* [integer:?I[10 .. 20] */
-            /* [float:?F[0.5 .. 2.5] */
+/***
+    void add_constraint_integer_max(int)
+    void add_constraint_integer_min(int)
+       Utility routines to setup a integer range constraint 
+           [integer:?I[10 .. 20]
+    void add_constraint_integer_target(int)
+       Utility routine to setup a integer list constraint 
+           [integer:?I[10,20]
+***/
             void add_constraint_integer_max(int val) {
                 abac_condition_add_range_integer_item(m_constraint,abac_max_item_type(),val);
@@ -42 +75 @@
                 abac_condition_add_range_integer_item(m_constraint,abac_target_item_type(),val);
             }
+/***
+    void add_constraint_float_max(float)
+    void add_constraint_float_min(float)
+       Utility routines to setup a float range constraint 
+           [float:?F[1.0 .. 2.5]
+    void add_constraint_float_target(float)
+       Utility routine to setup a float list constraint 
+            [float:?F[0.5, 2.5]
+***/
             void add_constraint_float_max(float val) {
                 abac_condition_add_range_float_item(m_constraint,abac_max_item_type(),val);
@@ -683 +725 @@
                  int i, success_int;
 
-                 /* make sure retrieving SHA not CN embedded string */
-                 ABAC_IN_QUERY=1;
-                 char *role_str=role.typed_string();
-                 char *p_role_str=p_role.typed_string();
-                 ABAC_IN_QUERY=0;
-                 if(debug) { 
-                     printf("query with %s\n",role_str);
-                     printf("    and %s\n",p_role_str);
-                 }
-                 creds = abac_context_query(m_ctx, role_str, p_role_str, &success_int);
+                 creds = abac_context_query_with_structure(m_ctx, role.role(), p_role.role(), &success_int);
                  success = success_int;
 
@@ -702 +735 @@
 
                  abac_context_credentials_free(creds);
-                 free(role_str);
-                 free(p_role_str);
 
                  return attributes;
@@ -711 +742 @@
                  abac_credential_t **creds, **end;
                  int i, success_int;
-                 /* make sure retrieving SHA not CN embedded string */
               
-                 ABAC_IN_QUERY++;
-                 char *oset_str=oset.typed_string();
-                 char *p_oset_str=p_oset.typed_string();
-                 ABAC_IN_QUERY--;
-
-                 creds = abac_context_query(m_ctx, oset_str, p_oset_str, &success_int);
+                 creds = abac_context_query_with_structure(m_ctx, oset.oset(), p_oset.oset(), &success_int);
                  success = success_int;
 
@@ -729 +754 @@
 
                  abac_context_credentials_free(creds);
-                 free(oset_str);
-                 free(p_oset_str);
 
                  return attributes;

libabac/abac_pl_yap.c

@@ -384 +384 @@
 }
 
+abac_stack_t *abac_pl_query_with_structure(abac_pl_t *pl, abac_aspect_t *head_aspect, abac_aspect_t *tail_aspect)
+{
+    abac_stack_t *ret=NULL;
+    ret=_query_with_aspect(pl,head_aspect,tail_aspect);
+
+    return ret;
+}
+
 void abac_pl_free(abac_pl_t *pl) {
     if(pl->fptr) {

libabac/abac_pl_yap.h

@@ -17 +17 @@
 /* return a list of credentials */
 abac_stack_t *abac_pl_query(abac_pl_t *pl, char *role, char *principal);
+abac_stack_t *abac_pl_query_with_structure(abac_pl_t *pl, abac_aspect_t *head_aspect, abac_aspect_t *tail_aspect);
 
 /* return a list of all credentials in the pl file */

libabac/rt2.y

@@ -151 +151 @@
                  } else {
                      if((USE("ABAC_CN")) && cn==NULL) {
-                         asprintf(&tmp,"encountered an invalid SHA id(%s)",$5);
+                         if(debug)
+                             asprintf(&tmp,"encountered an invalid SHA id(%s)",$5);
+                         else asprintf(&tmp,"encountered an invalid SHA id");
                          panic(tmp);
                          free(tmp);