source: examples/access_tests/creddy_prover/s6_run_query @ 11ca336

mei_rt2
Last change on this file since 11ca336 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 1.5 KB
Line 
1#!/bin/sh
2
3# geni s6_run_query
4# using aba_prover_yap
5
6echo "=====================s6_run_query=================="
7
8pwd=`pwd`
9
10eloc=`which abac_prover_yap | sed 's/\/abac_prover_yap//'`
11if [ "$eloc" = "" ]; then
12  echo "ERROR: abac_prover_yap is not in the search path!!!"
13  exit 1
14fi
15
16keyloc=$pwd
17
18g=`creddy --keyid --cert $keyloc/G_ID.pem`
19pa=`creddy --keyid --cert $keyloc/PA_ID.pem`
20sa=`creddy --keyid --cert $keyloc/SA_ID.pem`
21
22drd=`creddy --keyid --cert $keyloc/Drd_ID.pem`
23frank=`creddy --keyid --cert $keyloc/Frank_ID.pem`
24dan=`creddy --keyid --cert $keyloc/Dan_ID.pem`
25alice=`creddy --keyid --cert $keyloc/Alice_ID.pem`
26
27## dump all credentials
28env ABAC_CN=1 $eloc/abac_prover_yap  --keystore $keyloc --dump s6_creds_dump
29
30# [keyid:SA].role:controlsQ("sliceA","info") <-?- [keyid:Frank]
31#  runControlsQ Frank $frank good bad
32runControlsQ() {
33   id=$2
34   role="[keyid:$sa].role:controlsQ([string:'sliceA'],[string:'info'])"
35   prin="[keyid:$id]"
36   echo "\n\n===$3============ SA.controlsQ('sliceA','info') <-?- $1"
37   $eloc/abac_prover_yap --keystore $keyloc --role "$role" --principal "$prin"
38
39   role="[keyid:$sa].role:controlsQ([string:'sliceA'],[string:'stop'])"
40   prin="[keyid:$id]"
41   echo "\n===$4============ SA.controlsQ('sliceA','stop') <-?- $1"
42   $eloc/abac_prover_yap --keystore $keyloc --role "$role" --principal "$prin"
43}
44
45
46runControlsQ Drd $drd good good
47runControlsQ Frank $frank good bad
48runControlsQ Dan $dan bad bad
49runControlsQ Alice $alice good good
50
51echo "\n\n"
52
53
Note: See TracBrowser for help on using the repository browser.