source: creddy/attribute.c

Last change on this file was 756011e, checked in by Ted Faber <faber@…>, 11 years ago

Now we pass -Wall with no warnings.
  • Property mode set to 100644
File size: 2.8 KB
RevLine 
[085f159]1
[461541a]2/* attribute.c */
[01044ac]3
[461541a]4#define _GNU_SOURCE
5#include <stdio.h>
[aa33ad9]6
[461541a]7#include <err.h>
8#include <termios.h>
[04f5da1]9
[4721618]10#include "libabac_common.h"
[04f5da1]11#include "creddy_common.h"
[01044ac]12
[085f159]13void attribute_main(options_t *opts) {
[461541a]14    int i, ret= 1;
[ee5afdd]15
[085f159]16    if (
17        opts->issuer == NULL ||
18        opts->key == NULL ||
19        opts->role == NULL ||
20        opts->out == NULL
21    )
22        usage(opts);
23
[aa33ad9]24    // issuer
[461541a]25    abac_id_t *issuer_id = abac_id_from_file(opts->issuer);
26    if (issuer_id == NULL)
[aa33ad9]27        errx(1, "Can't load cert from %s", opts->issuer);
[980a7b6]28
[aa33ad9]29    // private key
[461541a]30    ret = abac_id_privkey_from_file(issuer_id, opts->key);
31    if (ret != ABAC_SUCCESS)
[aa33ad9]32        errx(1, "Can't load private key from %s", opts->key);
[980a7b6]33
[461541a]34    abac_attribute_t *attr = NULL;
35    ret = abac_attribute_create(&attr, issuer_id, opts->role, opts->validity);
36    if (ret == ABAC_ATTRIBUTE_ISSUER_NOKEY)
[aa33ad9]37        abort(); // should never happen
[461541a]38    if (ret == ABAC_ATTRIBUTE_INVALID_ROLE)
[aa33ad9]39        errx(1, "Invalid role name: %s", opts->role);
[461541a]40    if (ret == ABAC_ATTRIBUTE_INVALID_VALIDITY)
[00d21a1]41        errx(1, "Invalid validity: must be >= 1 second");
[ee5afdd]42
[aa33ad9]43    for (i = 0; i < opts->num_subjects; ++i) {
44        subject_t *cur = &opts->subjects[i];
[ee5afdd]45
[aa33ad9]46        // if we have a cert we need to get its ID
47        if (cur->cert) {
[461541a]48            abac_id_t *subject = abac_id_from_file(cur->cert);
[002b25a]49            if (subject == NULL)
50                errx(1, "Can't load subject cert from %s", cur->cert);
[461541a]51            cur->id = xstrdup(abac_id_keyid(subject));
52            abac_id_free(subject);
[ee5afdd]53        }
54
[aa33ad9]55        // just a principal, add it
56        if (!cur->role) {
[ced246e]57            abac_attribute_principal(attr, cur->id);
[aa33ad9]58        }
[085f159]59
[aa33ad9]60        // either role or linking role
61        else {
[980a7b6]62            char *role = cur->role;
63            char *start[3];
64            int name_parts = 0, j;
[085f159]65
[980a7b6]66            start[name_parts++] = role;
[085f159]67
[aa33ad9]68            // split the role string up into name parts (turn . into \0)
[980a7b6]69            for (j = 0; role[j] != '\0'; ++j)
70                if (role[j] == '.') {
71                    if (name_parts == 3) {
72                        printf("bad subject role name (too many dots)\n");
73                        usage(opts);
74                    }
75                    start[name_parts++] = &role[j+1];
76                    role[j] = 0;
77                }
78
[aa33ad9]79            // role
80            if (name_parts == 1) {
[ced246e]81                abac_attribute_role(attr, cur->id, start[0]);
[aa33ad9]82            }
83            // linking role
84            else {
[ced246e]85                abac_attribute_linking_role(attr, cur->id, start[0], start[1]);
[aa33ad9]86            }
[980a7b6]87        }
[085f159]88    }
89
[461541a]90    ret = abac_attribute_bake(attr);
[002b25a]91    if (!ret)
[aa33ad9]92        errx(1, "Couldn't bake attribute cert");
[085f159]93
94    FILE *out = fopen(opts->out, "w");
95    if (out == NULL)
[aa33ad9]96        err(1, "Couldn't open attr cert file %s for writing", opts->out);
97
[461541a]98    abac_attribute_write(attr, out);
[aa33ad9]99
[085f159]100    fclose(out);
101
[461541a]102    abac_attribute_free(attr);
[085f159]103}
Note: See TracBrowser for help on using the repository browser.