source: examples/access_tests/creddy_prover/scenario_s4.sh @ 7751094

mei_rt2
Last change on this file since 7751094 was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100755
File size: 7.7 KB
Line 
1#!/bin/sh
2
3#####################################################################
4# scenario #4
5#     Explores relationship between slice and controls
6#
7#  Drd, a geniPI, created(owner of) slices 'sliceA' and 'sliceB'
8#  Drd grant Frank, a geniUser, controls permission on 'sliceA'
9#  Drd grant Dan, a geniUser, controls_ permission on 'sliceA'
10#  Drd grant Jim, a geniUser, delegate_controls_ permission on 'sliceA'
11#  Jim grant Nancy, a geniUser, controls_ permission on 'sliceA'
12#  SA grant Lisa, a geniUser, controls permission on 'sliceA'
13#  SA grant Dan, a geniUser, controls_ permission on 'sliceA'
14#  SA grant Dan, a geniUser, controls_ permission on 'sliceB'
15#  SA grant Cary, a geniUser, delegate_controls_ permission on 'sliceA'
16#  SA grant Alice, a geniUser, controls_ permission on 'sliceB'
17#  SA grant Alice, a geniUser, controls_ permission on 'sliceA'
18#
19unset ABAC_CN
20keyloc=`pwd`
21sidx=s4
22
23makeWho() {
24    WHO=$1
25    rm -rf ${WHO}_*.pem
26    creddy --generate --cn ${WHO}
27}
28makeWho GR
29makeWho IDP
30makeWho EXO
31makeWho Drd
32makeWho Frank
33makeWho Dan
34makeWho Lisa
35makeWho Cary
36makeWho Jim
37makeWho Nancy
38makeWho Alice
39
40g=`creddy --keyid --cert $keyloc/G_ID.pem`
41gr=`creddy --keyid --cert $keyloc/GR_ID.pem`
42pa=`creddy --keyid --cert $keyloc/PA_ID.pem`
43sa=`creddy --keyid --cert $keyloc/SA_ID.pem`
44idp=`creddy --keyid --cert $keyloc/IDP_ID.pem`
45exo=`creddy --keyid --cert $keyloc/EXO_ID.pem`
46drd=`creddy --keyid --cert $keyloc/Drd_ID.pem`
47frank=`creddy --keyid --cert $keyloc/Frank_ID.pem`
48dan=`creddy --keyid --cert $keyloc/Dan_ID.pem`
49lisa=`creddy --keyid --cert $keyloc/Lisa_ID.pem`
50cary=`creddy --keyid --cert $keyloc/Cary_ID.pem`
51jim=`creddy --keyid --cert $keyloc/Jim_ID.pem`
52nancy=`creddy --keyid --cert $keyloc/Nancy_ID.pem`
53alice=`creddy --keyid --cert $keyloc/Alice_ID.pem`
54
55pname=${sidx}_yap_clauses
56namespace=access1
57sfile=sfile_${sidx}
58
59idp_gUser()
60{
61eval "namename=[keyid:\$$1]"
62attr="[keyid:$idp].role:geniUser <- $namename"
63name=${sidx}_IDP_gUser__$1_attr.der
64creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
65}
66
67## drd requesting a sliceA from ps
68## makeSlice $drd sliceA Drd
69makeSlice() {
70   what="'$2'"
71# Drd.slice <- 'sliceA'
72   attr="[keyid:$1].oset:slice <- [string:$what]"
73   name=${sidx}_$3_slice__$2_attr.der
74   creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
75# SA.standard <- 'sliceA'
76   attr="[keyid:$sa].oset:standard <- [string:$what]"
77   name=${sidx}_SA_standard__$2_attr.der
78   creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
79# SA.owner('sliceA') <- Drd
80   attr="[keyid:$sa].role:owner([string:$what]) <- [keyid:$1]"
81   name=${sidx}_SA_owner_$2__$3_attr.der
82   creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
83# SA.root('sliceA') <-Drd
84   attr="[keyid:$sa].role:root([string:$what]) <- [keyid:$1]"
85   name=${sidx}_SA_root_$2__$3_attr.der
86   creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
87}
88
89###############################################################################
90echo "s/$g/G/g "  > $sfile 
91echo "s/$gr/GR/g "  >> $sfile 
92echo "s/$sa/SA/g "  >> $sfile
93echo "s/$sa/SA/g "  >> $sfile
94echo "s/$idp/IDP/g "  >> $sfile
95echo "s/$exo/EXO/g "  >> $sfile
96echo "s/$drd/Drd/g "  >> $sfile
97echo "s/$frank/Frank/g "  >> $sfile
98echo "s/$dan/Dan/g "  >> $sfile
99echo "s/$lisa/Lisa/g "  >> $sfile
100echo "s/$cary/Cary/g "  >> $sfile
101echo "s/$jim/Jim/g "  >> $sfile
102echo "s/$nancy/Nancy/g "  >> $sfile
103echo "s/$alice/Alice/g "  >> $sfile
104
105# G.geniRoot <- GR
106attr="[keyid:$g].role:geniRoot <- [keyid:$gr]"
107name=${sidx}_G_geniRoot__gr_attr.der
108creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
109
110# GR.sliceAuthority <- SA
111attr="[keyid:$gr].role:sliceAuthority <- [keyid:$sa]"
112name=${sidx}_GR_sliceAuthority__sa_attr.der
113creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
114
115# GR.identityProvider <- IDP
116attr="[keyid:$gr].role:identityProvider <- [keyid:$idp]"
117name=${sidx}_GR_identityProvider__idp_attr.der
118creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
119
120# GR.projectAuthority <- PA
121attr="[keyid:$gr].role:projectAuthority <- [keyid:$pa]"
122name=${sidx}_GR_projAuthority__pa_attr.der
123creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
124
125# GR.aggregate <- EXO
126attr="[keyid:$gr].role:aggregate <- [keyid:$exo]"
127name=${sidx}_GR_aggregate__exo_attr.der
128creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
129
130# IDP.geniUser <- Drd
131idp_gUser drd
132# IDP.geniUser <- Frank
133idp_gUser frank
134# IDP.geniUser <- Dan
135idp_gUser dan
136# IDP.geniUser <- Lisa
137idp_gUser lisa
138# IDP.geniUser <- Cary
139idp_gUser cary
140# IDP.geniUser <- Jim
141idp_gUser jim
142# IDP.geniUser <- Nancy
143idp_gUser nancy
144# IDP.geniUser <- Alice
145idp_gUser alice
146
147# IDP.geniPI <- Drd
148attr="[keyid:$idp].role:geniPI <- [keyid:$drd]"
149name=${sidx}_IDP_geniPI__drd_attr.der
150creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
151
152## drd requesting a sliceA from sa
153makeSlice $drd sliceA Drd
154## drd requesting a sliceB from sa
155makeSlice $drd sliceB Drd
156
157## Drd gives controls permission on sliceA to Frank
158attr="[keyid:$drd].role:controls([string:'sliceA']) <- [keyid:$frank]"
159name=${sidx}_Drd_controls_sliceA__frank_attr.der
160creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
161
162## Drd gives controls_ permission on sliceA to Dan
163attr="[keyid:$drd].role:controls_([string:'sliceA']) <- [keyid:$dan]"
164name=${sidx}_Drd_controlsDel_sliceA__dan_attr.der
165creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
166
167## Drd gives a delegate_controls_ permission on sliceA to Jim
168attr="[keyid:$drd].role:delegate_controls_([string:'sliceA']) <- [keyid:$jim]"
169name=${sidx}_Drd_delcontrolsDel_sliceA__jim_attr.der
170creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
171
172## Jim gives a controls_ permission on sliceA to Nancy
173attr="[keyid:$jim].role:controls_([string:'sliceA']) <- [keyid:$nancy]"
174name=${sidx}_Jim_controlsDel_sliceA__nancy_attr.der
175creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
176
177## SA gives controls permission on sliceA to Lisa
178attr="[keyid:$sa].role:controls([string:'sliceA']) <- [keyid:$lisa]"
179name=${sidx}_SA_controls_sliceA__lisa_attr.der
180creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
181
182## SA gives controls_ permission on sliceA to Dan
183attr="[keyid:$sa].role:controls_([string:'sliceB']) <- [keyid:$dan]"
184name=${sidx}_SA_controlsDel_sliceB__dan_attr.der
185creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
186
187## SA gives a delegate_controls_ permission on sliceA to Cary
188attr="[keyid:$sa].role:delegate_controls_([string:'sliceA']) <- [keyid:$cary]"
189name=${sidx}_SA_delcontrolsDel_sliceA__cary_attr.der
190creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
191
192## SA gives controls_ permission on sliceA to Dan
193attr="[keyid:$sa].role:controls_([string:'sliceA']) <- [keyid:$dan]"
194name=${sidx}_SA_controlsDel_sliceA__dan_attr.der
195creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
196
197## SA gives controls_ permission on sliceB to Alice
198attr="[keyid:$sa].role:controls_([string:'sliceB']) <- [keyid:$alice]"
199name=${sidx}_SA_controlsDel_sliceB__alice_attr.der
200creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
201
202## SA gives controls_ permission on sliceA to Alice
203attr="[keyid:$sa].role:controls_([string:'sliceA']) <- [keyid:$alice]"
204name=${sidx}_SA_controlsDel_sliceA__alice_attr.der
205creddy --attrnow --string "$attr" --out $name --out_prolog $pname --namespace $namespace
206
207
208
Note: See TracBrowser for help on using the repository browser.