| [085f159] | 1 | |
|---|
| [461541a] | 2 | /* attribute.c */ |
|---|
| [01044ac] | 3 | |
|---|
| [461541a] | 4 | #define _GNU_SOURCE |
|---|
| 5 | #include <stdio.h> |
|---|
| [aa33ad9] | 6 | |
|---|
| [461541a] | 7 | #include <err.h> |
|---|
| 8 | #include <termios.h> |
|---|
| [04f5da1] | 9 | |
|---|
| [4721618] | 10 | #include "libabac_common.h" |
|---|
| [04f5da1] | 11 | #include "creddy_common.h" |
|---|
| [01044ac] | 12 | |
|---|
| [085f159] | 13 | void attribute_main(options_t *opts) { |
|---|
| [461541a] | 14 | int i, ret= 1; |
|---|
| [ee5afdd] | 15 | |
|---|
| [085f159] | 16 | if ( |
|---|
| 17 | opts->issuer == NULL || |
|---|
| 18 | opts->key == NULL || |
|---|
| 19 | opts->role == NULL || |
|---|
| 20 | opts->out == NULL |
|---|
| 21 | ) |
|---|
| 22 | usage(opts); |
|---|
| 23 | |
|---|
| [aa33ad9] | 24 | // issuer |
|---|
| [461541a] | 25 | abac_id_t *issuer_id = abac_id_from_file(opts->issuer); |
|---|
| 26 | if (issuer_id == NULL) |
|---|
| [aa33ad9] | 27 | errx(1, "Can't load cert from %s", opts->issuer); |
|---|
| [980a7b6] | 28 | |
|---|
| [aa33ad9] | 29 | // private key |
|---|
| [461541a] | 30 | ret = abac_id_privkey_from_file(issuer_id, opts->key); |
|---|
| 31 | if (ret != ABAC_SUCCESS) |
|---|
| [aa33ad9] | 32 | errx(1, "Can't load private key from %s", opts->key); |
|---|
| [980a7b6] | 33 | |
|---|
| [461541a] | 34 | abac_attribute_t *attr = NULL; |
|---|
| 35 | ret = abac_attribute_create(&attr, issuer_id, opts->role, opts->validity); |
|---|
| 36 | if (ret == ABAC_ATTRIBUTE_ISSUER_NOKEY) |
|---|
| [aa33ad9] | 37 | abort(); // should never happen |
|---|
| [461541a] | 38 | if (ret == ABAC_ATTRIBUTE_INVALID_ROLE) |
|---|
| [aa33ad9] | 39 | errx(1, "Invalid role name: %s", opts->role); |
|---|
| [461541a] | 40 | if (ret == ABAC_ATTRIBUTE_INVALID_VALIDITY) |
|---|
| [00d21a1] | 41 | errx(1, "Invalid validity: must be >= 1 second"); |
|---|
| [ee5afdd] | 42 | |
|---|
| [461541a] | 43 | char *head_string=NULL; |
|---|
| 44 | char *subject_string=NULL; |
|---|
| 45 | asprintf(&head_string,"%s.%s",abac_id_keyid(issuer_id),opts->role); |
|---|
| 46 | abac_attribute_set_head(attr,head_string); |
|---|
| 47 | |
|---|
| [aa33ad9] | 48 | for (i = 0; i < opts->num_subjects; ++i) { |
|---|
| [461541a] | 49 | char *string=NULL; |
|---|
| [aa33ad9] | 50 | subject_t *cur = &opts->subjects[i]; |
|---|
| [ee5afdd] | 51 | |
|---|
| [aa33ad9] | 52 | // if we have a cert we need to get its ID |
|---|
| 53 | if (cur->cert) { |
|---|
| [461541a] | 54 | abac_id_t *subject = abac_id_from_file(cur->cert); |
|---|
| [002b25a] | 55 | if (subject == NULL) |
|---|
| 56 | errx(1, "Can't load subject cert from %s", cur->cert); |
|---|
| [461541a] | 57 | cur->id = xstrdup(abac_id_keyid(subject)); |
|---|
| 58 | abac_id_free(subject); |
|---|
| [ee5afdd] | 59 | } |
|---|
| 60 | |
|---|
| [aa33ad9] | 61 | // just a principal, add it |
|---|
| 62 | if (!cur->role) { |
|---|
| [461541a] | 63 | asprintf(&string,"%s", cur->id); |
|---|
| [aa33ad9] | 64 | } |
|---|
| [085f159] | 65 | |
|---|
| [aa33ad9] | 66 | // either role or linking role |
|---|
| 67 | else { |
|---|
| [980a7b6] | 68 | char *role = cur->role; |
|---|
| 69 | char *start[3]; |
|---|
| 70 | int name_parts = 0, j; |
|---|
| [085f159] | 71 | |
|---|
| [980a7b6] | 72 | start[name_parts++] = role; |
|---|
| [085f159] | 73 | |
|---|
| [aa33ad9] | 74 | // split the role string up into name parts (turn . into \0) |
|---|
| [980a7b6] | 75 | for (j = 0; role[j] != '\0'; ++j) |
|---|
| 76 | if (role[j] == '.') { |
|---|
| 77 | if (name_parts == 3) { |
|---|
| 78 | printf("bad subject role name (too many dots)\n"); |
|---|
| 79 | usage(opts); |
|---|
| 80 | } |
|---|
| 81 | start[name_parts++] = &role[j+1]; |
|---|
| 82 | role[j] = 0; |
|---|
| 83 | } |
|---|
| 84 | |
|---|
| [aa33ad9] | 85 | // role |
|---|
| 86 | if (name_parts == 1) { |
|---|
| [461541a] | 87 | asprintf(&string,"%s.%s", cur->id, start[0]); |
|---|
| [aa33ad9] | 88 | } |
|---|
| [085f159] | 89 | |
|---|
| [aa33ad9] | 90 | // linking role |
|---|
| 91 | else { |
|---|
| [461541a] | 92 | asprintf(&string,"%s.%s.%s", cur->id, start[0], start[1]); |
|---|
| [aa33ad9] | 93 | } |
|---|
| [980a7b6] | 94 | } |
|---|
| [461541a] | 95 | /* collect up */ |
|---|
| 96 | if(subject_string != NULL) { |
|---|
| 97 | char *tmp=subject_string; |
|---|
| 98 | subject_string=NULL; |
|---|
| 99 | asprintf(&subject_string,"%s & %s",tmp,string); |
|---|
| 100 | } else subject_string=string; |
|---|
| 101 | |
|---|
| [085f159] | 102 | } |
|---|
| 103 | |
|---|
| [461541a] | 104 | abac_attribute_set_tail(attr,subject_string); |
|---|
| 105 | ret = abac_attribute_bake(attr); |
|---|
| [002b25a] | 106 | if (!ret) |
|---|
| [aa33ad9] | 107 | errx(1, "Couldn't bake attribute cert"); |
|---|
| [085f159] | 108 | |
|---|
| 109 | FILE *out = fopen(opts->out, "w"); |
|---|
| 110 | if (out == NULL) |
|---|
| [aa33ad9] | 111 | err(1, "Couldn't open attr cert file %s for writing", opts->out); |
|---|
| 112 | |
|---|
| [461541a] | 113 | abac_attribute_write(attr, out); |
|---|
| [aa33ad9] | 114 | |
|---|
| [085f159] | 115 | fclose(out); |
|---|
| 116 | |
|---|
| [461541a] | 117 | abac_attribute_free(attr); |
|---|
| [085f159] | 118 | } |
|---|
