source: examples/example_scripts/c/abac_prover.c @ accd63d

mei_rt2
Last change on this file since accd63d was 2e9455f, checked in by Mei <mei@…>, 11 years ago

1) added namespace
2) tweak ?This,
3) allowing linking role/oset as constraining conditions
4) adding access_tests regression testing that uses GENI's access policy
5) added couple multi contexts regression tests
6) add compression/uncompression calls to abac_encode_string/abac_decode_string
(libstrongwan only allows 512 char for attribute rule storage)
7) add attribute_now option to creddy that takes a whole char string for attribute
rule
  • Property mode set to 100644
File size: 3.0 KB
Line 
1/**
2   abac_prover.c
3
4   To demonstrate how to use ABAC's api in C to make a query
5
6   call:   abac_prover "keystorestring" "rolestring" "principalstring"
7
8   pre-condition: run make attr_abac  generate IceCream_ID.pem and IceCream_private.pem with
9
10   This program will make a prover call using
11           rolestring <- principalstring
12
13**/
14
15#include <err.h>
16#include <stdio.h>
17#include <assert.h>
18#include <string.h>
19
20#include <abac.h>
21
22extern void abac_print_cred_info(abac_credential_t*, FILE*);
23extern void abac_print_prin_info(abac_id_credential_t*, FILE*);
24
25int main(int argc, char **argv) {
26    int i, success=0;
27    abac_credential_t *cred=NULL;
28    abac_credential_t **credentials=NULL;
29
30    abac_context_t *ctx = abac_context_new();
31    abac_context_load_directory(ctx, argv[1]);
32
33    char *query=strdup(argv[2]);
34    char *with=strdup(argv[3]);
35
36    printf("query %s \n", query);
37    printf("with %s\n", with);
38
39
40int k=1; /* use to do repetitions */
41while(k) {
42    credentials = abac_context_query(ctx,
43                            query, with,
44                            &success);
45    if (success)
46        puts("prover success!!");
47        else puts("prover failed!!");
48
49    if (credentials != NULL && success) {
50        puts("credentials needed :");
51        for (i = 0; credentials[i] != NULL; ++i) {
52           cred = credentials[i];
53           abac_print_cred_info(cred,NULL);
54        }
55    }
56    if(credentials)
57        abac_free_credentials(credentials);
58    k=k-1;
59}
60
61
62    /* dump credentials from context */
63{
64    printf("\n\n");
65    credentials = abac_context_credentials(ctx);
66    if (credentials != NULL) {
67        puts("context credentials :");
68        for (i = 0; credentials[i] != NULL; ++i) {
69           cred = credentials[i];
70           abac_print_typed_cred_info(cred,NULL);
71        }
72    }
73    if(credentials)
74        abac_free_credentials(credentials);
75}
76{
77    abac_id_credential_t *id_cred=NULL;
78    abac_id_credential_t **id_credentials=NULL;
79    printf("\n\n [ctx]\n");
80    id_credentials = abac_context_principals(ctx);
81    if (id_credentials != NULL) {
82        puts("principal credentials :");
83        for (i = 0; id_credentials[i] != NULL; ++i) {
84           id_cred = id_credentials[i];
85           abac_print_prin_info(id_cred,NULL);
86        }
87    }
88    if(id_credentials)
89        abac_free_principals(id_credentials);
90}
91
92    abac_context_t *ctx2 = abac_context_dup(ctx);
93
94{
95    abac_id_credential_t *id_cred=NULL;
96    abac_id_credential_t **id_credentials=NULL;
97    printf("\n\n [ctx2]\n");
98    id_credentials = abac_context_principals(ctx2);
99    if (id_credentials != NULL) {
100        puts("principal credentials :");
101        for (i = 0; id_credentials[i] != NULL; ++i) {
102           id_cred = id_credentials[i];
103           abac_print_prin_info(id_cred,NULL);
104        }
105    }
106    if(id_credentials)
107        abac_free_principals(id_credentials);
108}
109
110{
111    printf("\n\n");
112    abac_context_dump(ctx);
113}
114
115    abac_verifier_session_dump();
116
117show_yap_db("-->before");
118    abac_context_free(ctx);
119show_yap_db("-->after");
120
121    abac_verifier_session_dump();
122
123    return 0;
124}
Note: See TracBrowser for help on using the repository browser.