source: libabac/abac.c @ 15200be

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml
Last change on this file since 15200be was 15200be, checked in by Mike Ryan <mikeryan@…>, 14 years ago

move libabac into its own directory
  • Property mode set to 100644
File size: 4.9 KB
Line 
1#include <assert.h>
2#include <err.h>
3#include <glob.h>
4
5#include <chunk.h>
6
7#include "abac.h"
8#include "abac_graph.h"
9#include "abac_util.h"
10#include "abac_verifier.h"
11
12struct _abac_context_t {
13    abac_graph_t *graph;
14};
15
16/**
17 * Init the library.
18 */
19void libabac_init(void) {
20    abac_verifier_init();
21}
22
23/**
24 * Deinit the library.
25 */
26void libabac_deinit(void) {
27    abac_verifier_deinit();
28}
29
30/**
31 * Create a new abac context.
32 */
33abac_context_t *abac_context_new(void) {
34    abac_context_t *ctx = abac_xmalloc(sizeof(abac_context_t));
35    ctx->graph = abac_graph_new();
36    return ctx;
37}
38
39/**
40 * Deep copy an abac context.
41 */
42abac_context_t *abac_context_dup(abac_context_t *ctx) {
43    assert(ctx != NULL);
44
45    abac_context_t *dup = abac_xmalloc(sizeof(abac_context_t));
46    dup->graph = abac_graph_dup(ctx->graph);
47
48    return dup;
49}
50
51/**
52 * Free an abac context.
53 */
54void abac_context_free(abac_context_t *ctx) {
55    assert(ctx != NULL);
56
57    abac_graph_free(ctx->graph);
58    free(ctx);
59}
60
61/**
62 * Load an ID cert from a file.
63 */
64int abac_context_load_id_file(abac_context_t *ctx, char *filename) {
65    assert(ctx != NULL); assert(filename != NULL);
66    return abac_verifier_load_id_file(filename);
67}
68
69/**
70 * Load an ID cert from a chunk.
71 */
72int abac_context_load_id_chunk(abac_context_t *ctx, abac_chunk_t cert) {
73    assert(ctx != NULL);
74    chunk_t cert_chunk = { cert.ptr, cert.len };
75    return abac_verifier_load_id_chunk(cert_chunk);
76}
77
78/**
79 * Load an attribute cert from a file.
80 */
81int abac_context_load_attribute_file(abac_context_t *ctx, char *filename) {
82    int ret = 0;
83
84    assert(ctx != NULL); assert(filename != NULL);
85
86    abac_credential_t *cred = abac_verifier_load_attribute_cert_file(filename);
87    if (cred != NULL) {
88        ret = abac_graph_add_credential(ctx->graph, cred);
89        abac_credential_free(cred);
90    }
91
92    return ret;
93}
94
95/**
96 * Load an attribute cert from a chunk.
97 */
98int abac_context_load_attribute_chunk(abac_context_t *ctx, abac_chunk_t cert) {
99    assert(ctx != NULL);
100
101    chunk_t cert_chunk = { cert.ptr, cert.len };
102    abac_credential_t *cred = abac_verifier_load_attribute_cert_chunk(cert_chunk);
103    if (cred != NULL)
104        return abac_graph_add_credential(ctx->graph, cred);
105    else
106        return 0;
107}
108
109#define ID_PAT "/*_ID.der"
110#define ATTR_PAT "/*_attr.der"
111
112/**
113 * Load a directory full of certs.
114 */
115void abac_context_load_directory(abac_context_t *ctx, char *path) {
116    char *glob_pat;
117    glob_t glob_buf;
118    int i, ret;
119
120    assert(ctx != NULL); assert(path != NULL);
121
122    int dirlen = strlen(path);
123    glob_pat = abac_xmalloc(dirlen + sizeof(ATTR_PAT));
124    memcpy(glob_pat, path, dirlen);
125
126    // first load ID certs
127    memcpy(glob_pat + dirlen, ID_PAT, sizeof(ID_PAT));
128    glob(glob_pat, 0, NULL, &glob_buf); // TODO check for error
129    for (i = 0; i < glob_buf.gl_pathc; ++i) {
130        char *cert_file = glob_buf.gl_pathv[i];
131
132        ret = abac_context_load_id_file(ctx, cert_file);
133        if (!ret)
134            warnx("Couldn't load ID cert %s\n", cert_file);
135    }
136    globfree(&glob_buf);
137
138    // then load attr certs
139    memcpy(glob_pat + dirlen, ATTR_PAT, sizeof(ATTR_PAT));
140    glob(glob_pat, 0, NULL, &glob_buf); // TODO check for error
141    for (i = 0; i < glob_buf.gl_pathc; ++i) {
142        char *cert_file = glob_buf.gl_pathv[i];
143
144        ret = abac_context_load_attribute_file(ctx, cert_file);
145        if (!ret)
146            warnx("Couldn't load attribute cert %s\n", cert_file);
147    }
148    globfree(&glob_buf);
149
150    free(glob_pat);
151}
152
153/**
154 * Run a query on the data in an abac context. Returns a NULL-terminated array
155 * of abac_credential_t.
156 */
157abac_credential_t **abac_context_query(abac_context_t *ctx, char *role, char *principal, int *success) {
158    abac_credential_t **credentials = NULL, *cur;
159    int i = 0;
160
161    assert(ctx != NULL); assert(role != NULL); assert(principal != NULL); assert(success != NULL);
162
163    abac_graph_t *result_graph = abac_graph_query(ctx->graph, role, principal);
164    abac_list_t *result = abac_graph_credentials(result_graph);
165
166    abac_graph_free(result_graph);
167
168    int size = abac_list_size(result);
169    if (size > 0)
170        *success = 1;
171
172    // if there is no actual path, return everything that can reach the role
173    else {
174        *success = 0;
175        abac_list_free(result);
176
177        result = abac_graph_postorder_credentials(ctx->graph, role);
178        size = abac_list_size(result);
179    }
180
181    if (size > 0) {
182        // make the array (leave space to NULL terminate it)
183        credentials = abac_xmalloc(sizeof(abac_credential_t *) * (size + 1));
184        abac_list_foreach(result, cur,
185            credentials[i++] = cur;
186        );
187        credentials[i] = NULL;
188    }
189
190    abac_list_free(result);
191
192    return credentials;
193}
194
195/**
196 * Frees the result of an abac query.
197 */
198void abac_context_query_free(abac_credential_t **credentials) {
199    int i;
200
201    if (credentials == NULL)
202        return;
203
204    for (i = 0; credentials[i] != NULL; ++i)
205        abac_credential_free(credentials[i]);
206    free(credentials);
207}
Note: See TracBrowser for help on using the repository browser.