Context Navigation

source: libabac/abac.c @ 314869f

abac0-leakabac0-meicompt_changesgec13mei-idmei-rt0-nmei_rt0mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2tvf-new-xml

Last change on this file since 314869f was 314869f, checked in by Mike Ryan <mikeryan@…>, 14 years ago
detect duplicate credential being added to the graph
Property mode set to `100644`
File size: 5.2 KB

Line
1	#include <assert.h>
2	#include <err.h>
3	#include <glob.h>
4
5	#include <chunk.h>
6
7	#include "abac.h"
8	#include "abac_graph.h"
9	#include "abac_util.h"
10	#include "abac_verifier.h"
11
12	struct _abac_context_t {
13	abac_graph_t *graph;
14	};
15
16	/**
17	* Init the library.
18	*/
19	void libabac_init(void) {
20	abac_verifier_init();
21	}
22
23	/**
24	* Deinit the library.
25	*/
26	void libabac_deinit(void) {
27	abac_verifier_deinit();
28	}
29
30	/**
31	* Create a new abac context.
32	*/
33	abac_context_t *abac_context_new(void) {
34	abac_context_t *ctx = abac_xmalloc(sizeof(abac_context_t));
35	ctx->graph = abac_graph_new();
36	return ctx;
37	}
38
39	/**
40	* Deep copy an abac context.
41	*/
42	abac_context_t abac_context_dup(abac_context_t ctx) {
43	assert(ctx != NULL);
44
45	abac_context_t *dup = abac_xmalloc(sizeof(abac_context_t));
46	dup->graph = abac_graph_dup(ctx->graph);
47
48	return dup;
49	}
50
51	/**
52	* Free an abac context.
53	*/
54	void abac_context_free(abac_context_t *ctx) {
55	assert(ctx != NULL);
56
57	abac_graph_free(ctx->graph);
58	free(ctx);
59	}
60
61	/**
62	* Load an ID cert from a file.
63	*/
64	int abac_context_load_id_file(abac_context_t ctx, char filename) {
65	assert(ctx != NULL); assert(filename != NULL);
66	return abac_verifier_load_id_file(filename);
67	}
68
69	/**
70	* Load an ID cert from a chunk.
71	*/
72	int abac_context_load_id_chunk(abac_context_t *ctx, abac_chunk_t cert) {
73	assert(ctx != NULL);
74	chunk_t cert_chunk = { cert.ptr, cert.len };
75	return abac_verifier_load_id_chunk(cert_chunk);
76	}
77
78	/**
79	* Load an attribute cert from a file.
80	*/
81	int abac_context_load_attribute_file(abac_context_t ctx, char filename) {
82	int ret, add_ret;
83	abac_credential_t *cred;
84
85	assert(ctx != NULL); assert(filename != NULL);
86
87	ret = abac_verifier_load_attribute_cert_file(filename, &cred);
88	if (ret == ABAC_CERT_SUCCESS) {
89	add_ret = abac_graph_add_credential(ctx->graph, cred);
90	assert(add_ret != ABAC_GRAPH_CRED_INVALID);
91	abac_credential_free(cred);
92	}
93
94	return ret;
95	}
96
97	/**
98	* Load an attribute cert from a chunk.
99	*/
100	int abac_context_load_attribute_chunk(abac_context_t *ctx, abac_chunk_t cert) {
101	int ret, add_ret;
102	abac_credential_t *cred;
103
104	assert(ctx != NULL);
105
106	chunk_t cert_chunk = { cert.ptr, cert.len };
107
108	ret = abac_verifier_load_attribute_cert_chunk(cert_chunk, &cred);
109	if (ret == ABAC_CERT_SUCCESS) {
110	add_ret = abac_graph_add_credential(ctx->graph, cred);
111	assert(add_ret != ABAC_GRAPH_CRED_INVALID);
112	abac_credential_free(cred);
113	}
114
115	return ret;
116	}
117
118	#define ID_PAT "/*_ID.der"
119	#define ATTR_PAT "/*_attr.der"
120
121	/**
122	* Load a directory full of certs.
123	*/
124	void abac_context_load_directory(abac_context_t ctx, char path) {
125	char *glob_pat;
126	glob_t glob_buf;
127	int i, ret;
128
129	assert(ctx != NULL); assert(path != NULL);
130
131	int dirlen = strlen(path);
132	glob_pat = abac_xmalloc(dirlen + sizeof(ATTR_PAT));
133	memcpy(glob_pat, path, dirlen);
134
135	// first load ID certs
136	memcpy(glob_pat + dirlen, ID_PAT, sizeof(ID_PAT));
137	glob(glob_pat, 0, NULL, &glob_buf); // TODO check for error
138	for (i = 0; i < glob_buf.gl_pathc; ++i) {
139	char *cert_file = glob_buf.gl_pathv[i];
140
141	ret = abac_context_load_id_file(ctx, cert_file);
142	if (ret != ABAC_CERT_SUCCESS)
143	warnx("Couldn't load ID cert %s\n", cert_file);
144	}
145	globfree(&glob_buf);
146
147	// then load attr certs
148	memcpy(glob_pat + dirlen, ATTR_PAT, sizeof(ATTR_PAT));
149	glob(glob_pat, 0, NULL, &glob_buf); // TODO check for error
150	for (i = 0; i < glob_buf.gl_pathc; ++i) {
151	char *cert_file = glob_buf.gl_pathv[i];
152
153	ret = abac_context_load_attribute_file(ctx, cert_file);
154	if (ret != ABAC_CERT_SUCCESS)
155	warnx("Couldn't load attribute cert %s\n", cert_file);
156	}
157	globfree(&glob_buf);
158
159	free(glob_pat);
160	}
161
162	/**
163	* Run a query on the data in an abac context. Returns a NULL-terminated array
164	* of abac_credential_t.
165	*/
166	abac_credential_t *abac_context_query(abac_context_t ctx, char role, char principal, int *success) {
167	abac_credential_t *credentials = NULL, cur;
168	int i = 0;
169
170	assert(ctx != NULL); assert(role != NULL); assert(principal != NULL); assert(success != NULL);
171
172	abac_graph_t *result_graph = abac_graph_query(ctx->graph, role, principal);
173	abac_list_t *result = abac_graph_credentials(result_graph);
174
175	abac_graph_free(result_graph);
176
177	int size = abac_list_size(result);
178	if (size > 0)
179	*success = 1;
180
181	// if there is no actual path, return everything that can reach the role
182	else {
183	*success = 0;
184	abac_list_free(result);
185
186	result = abac_graph_postorder_credentials(ctx->graph, role);
187	size = abac_list_size(result);
188	}
189
190	if (size > 0) {
191	// make the array (leave space to NULL terminate it)
192	credentials = abac_xmalloc(sizeof(abac_credential_t ) (size + 1));
193	abac_list_foreach(result, cur,
194	credentials[i++] = cur;
195	);
196	credentials[i] = NULL;
197	}
198
199	abac_list_free(result);
200
201	return credentials;
202	}
203
204	/**
205	* Frees the result of an abac query.
206	*/
207	void abac_context_query_free(abac_credential_t **credentials) {
208	int i;
209
210	if (credentials == NULL)
211	return;
212
213	for (i = 0; credentials[i] != NULL; ++i)
214	abac_credential_free(credentials[i]);
215	free(credentials);
216	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: