[085f159] | 1 | |
---|
[461541a] | 2 | /* attribute.c */ |
---|
[01044ac] | 3 | |
---|
[461541a] | 4 | #define _GNU_SOURCE |
---|
| 5 | #include <stdio.h> |
---|
[aa33ad9] | 6 | |
---|
[461541a] | 7 | #include <err.h> |
---|
| 8 | #include <termios.h> |
---|
[04f5da1] | 9 | |
---|
[4721618] | 10 | #include "libabac_common.h" |
---|
[04f5da1] | 11 | #include "creddy_common.h" |
---|
[01044ac] | 12 | |
---|
[085f159] | 13 | void attribute_main(options_t *opts) { |
---|
[461541a] | 14 | int i, ret= 1; |
---|
[ee5afdd] | 15 | |
---|
[085f159] | 16 | if ( |
---|
| 17 | opts->issuer == NULL || |
---|
| 18 | opts->key == NULL || |
---|
| 19 | opts->role == NULL || |
---|
| 20 | opts->out == NULL |
---|
| 21 | ) |
---|
| 22 | usage(opts); |
---|
| 23 | |
---|
[aa33ad9] | 24 | // issuer |
---|
[461541a] | 25 | abac_id_t *issuer_id = abac_id_from_file(opts->issuer); |
---|
| 26 | if (issuer_id == NULL) |
---|
[aa33ad9] | 27 | errx(1, "Can't load cert from %s", opts->issuer); |
---|
[980a7b6] | 28 | |
---|
[aa33ad9] | 29 | // private key |
---|
[461541a] | 30 | ret = abac_id_privkey_from_file(issuer_id, opts->key); |
---|
| 31 | if (ret != ABAC_SUCCESS) |
---|
[aa33ad9] | 32 | errx(1, "Can't load private key from %s", opts->key); |
---|
[980a7b6] | 33 | |
---|
[461541a] | 34 | abac_attribute_t *attr = NULL; |
---|
| 35 | ret = abac_attribute_create(&attr, issuer_id, opts->role, opts->validity); |
---|
| 36 | if (ret == ABAC_ATTRIBUTE_ISSUER_NOKEY) |
---|
[aa33ad9] | 37 | abort(); // should never happen |
---|
[461541a] | 38 | if (ret == ABAC_ATTRIBUTE_INVALID_ROLE) |
---|
[aa33ad9] | 39 | errx(1, "Invalid role name: %s", opts->role); |
---|
[461541a] | 40 | if (ret == ABAC_ATTRIBUTE_INVALID_VALIDITY) |
---|
[00d21a1] | 41 | errx(1, "Invalid validity: must be >= 1 second"); |
---|
[ee5afdd] | 42 | |
---|
[aa33ad9] | 43 | for (i = 0; i < opts->num_subjects; ++i) { |
---|
| 44 | subject_t *cur = &opts->subjects[i]; |
---|
[ee5afdd] | 45 | |
---|
[aa33ad9] | 46 | // if we have a cert we need to get its ID |
---|
| 47 | if (cur->cert) { |
---|
[461541a] | 48 | abac_id_t *subject = abac_id_from_file(cur->cert); |
---|
[002b25a] | 49 | if (subject == NULL) |
---|
| 50 | errx(1, "Can't load subject cert from %s", cur->cert); |
---|
[461541a] | 51 | cur->id = xstrdup(abac_id_keyid(subject)); |
---|
| 52 | abac_id_free(subject); |
---|
[ee5afdd] | 53 | } |
---|
| 54 | |
---|
[aa33ad9] | 55 | // just a principal, add it |
---|
| 56 | if (!cur->role) { |
---|
[ced246e] | 57 | abac_attribute_principal(attr, cur->id); |
---|
[aa33ad9] | 58 | } |
---|
[085f159] | 59 | |
---|
[aa33ad9] | 60 | // either role or linking role |
---|
| 61 | else { |
---|
[980a7b6] | 62 | char *role = cur->role; |
---|
| 63 | char *start[3]; |
---|
| 64 | int name_parts = 0, j; |
---|
[085f159] | 65 | |
---|
[980a7b6] | 66 | start[name_parts++] = role; |
---|
[085f159] | 67 | |
---|
[aa33ad9] | 68 | // split the role string up into name parts (turn . into \0) |
---|
[980a7b6] | 69 | for (j = 0; role[j] != '\0'; ++j) |
---|
| 70 | if (role[j] == '.') { |
---|
| 71 | if (name_parts == 3) { |
---|
| 72 | printf("bad subject role name (too many dots)\n"); |
---|
| 73 | usage(opts); |
---|
| 74 | } |
---|
| 75 | start[name_parts++] = &role[j+1]; |
---|
| 76 | role[j] = 0; |
---|
| 77 | } |
---|
| 78 | |
---|
[aa33ad9] | 79 | // role |
---|
| 80 | if (name_parts == 1) { |
---|
[ced246e] | 81 | abac_attribute_role(attr, cur->id, start[0]); |
---|
[aa33ad9] | 82 | } |
---|
| 83 | // linking role |
---|
| 84 | else { |
---|
[ced246e] | 85 | abac_attribute_linking_role(attr, cur->id, start[0], start[1]); |
---|
[aa33ad9] | 86 | } |
---|
[980a7b6] | 87 | } |
---|
[085f159] | 88 | } |
---|
| 89 | |
---|
[461541a] | 90 | ret = abac_attribute_bake(attr); |
---|
[002b25a] | 91 | if (!ret) |
---|
[aa33ad9] | 92 | errx(1, "Couldn't bake attribute cert"); |
---|
[085f159] | 93 | |
---|
| 94 | FILE *out = fopen(opts->out, "w"); |
---|
| 95 | if (out == NULL) |
---|
[aa33ad9] | 96 | err(1, "Couldn't open attr cert file %s for writing", opts->out); |
---|
| 97 | |
---|
[461541a] | 98 | abac_attribute_write(attr, out); |
---|
[aa33ad9] | 99 | |
---|
[085f159] | 100 | fclose(out); |
---|
| 101 | |
---|
[461541a] | 102 | abac_attribute_free(attr); |
---|
[085f159] | 103 | } |
---|