mei_rt2mei_rt2_fix_1meiyap-rt1rt2
Last change
on this file since e88c95b was
e88c95b,
checked in by Mei <mei@…>, 13 years ago
|
1) switch the order of terms within the rule clause.
carl said more specific should be at the earlier part of rule so
it won't backtrack to death.
2) unset some debug flag in creddy
|
-
Property mode set to
100755
|
File size:
1.1 KB
|
Line | |
---|
1 | |
---|
2 | rm -rf creds_dump |
---|
3 | |
---|
4 | eloc=/home/mei/Deter/abac/libabac |
---|
5 | keyloc=/home/mei/Deter/abac/examples/access_rt2_typed |
---|
6 | |
---|
7 | alpha=`creddy --keyid --cert $keyloc/Alpha_ID.pem` |
---|
8 | bob=`creddy --keyid --cert $keyloc/Bob_ID.pem` |
---|
9 | joe=`creddy --keyid --cert $keyloc/Joe_ID.pem` |
---|
10 | |
---|
11 | bob_prin="[keyid:$bob]" |
---|
12 | |
---|
13 | access_fileA="[keyid:$alpha].role:access([string:'read'],[urn:'file//fileA'])" |
---|
14 | team_proj2="[keyid:$alpha].role:team([string:'proj2'])" |
---|
15 | bob_prin="[keyid:$bob]" |
---|
16 | joe_prin="[keyid:$joe]" |
---|
17 | |
---|
18 | ## dump all credentials -- does not work |
---|
19 | $eloc/abac_prover_yap --keystore $keyloc --dump creds_dump |
---|
20 | |
---|
21 | #[keyid:Alpha].role:access([string:'read'],[urn:'file//fileA']) <-?- [keyid:bob] (yes) |
---|
22 | echo "===good============ Alpha.access(read,fileA)<-?-Bob yap " |
---|
23 | $eloc/abac_prover_yap --keystore $keyloc --role "$access_fileA" --principal "$bob_prin" |
---|
24 | |
---|
25 | echo "===bad============ Alpha.access(read,fileA)<-?-Joe yap " |
---|
26 | $eloc/abac_prover_yap --keystore $keyloc --role "$access_fileA" --principal "$joe_prin" |
---|
27 | |
---|
28 | echo "===good============ Alpha.team(proj2)<-?-Joe yap " |
---|
29 | #[keyid:alpha].oset:team([string:'proj2'])<-[keyid:Joe] |
---|
30 | $eloc/abac_prover_yap --keystore $keyloc --role "$team_proj2" --principal "$joe_prin" |
---|
31 | |
---|
Note: See
TracBrowser
for help on using the repository browser.