Context Navigation

source: libabac/abac.c @ 5730a10

mei_rt2mei_rt2_fix_1 libabac-0.2.1

Last change on this file since 5730a10 was 5730a10, checked in by Mei <mei@…>, 12 years ago
1) fix up the sample scripts under swig and added some docs for them
Property mode set to `100644`
File size: 12.5 KB

Line
1
2	/* abac.c using prolog */
3
4	#include <assert.h>
5	#include <err.h>
6	#include <glob.h>
7
8	#include <chunk.h>
9
10	#include "abac_internal.h"
11
12	#include "abac_pl_yap.h"
13	#include "abac_util.h"
14	#include "abac_verifier.h"
15
16	static int debug=0;
17
18	struct _abac_context_t {
19	abac_pl_t *pl;
20	};
21
22	/**
23	* Init the library.
24	*/
25	void libabac_init(void) {
26	void libabac_deinit(void);
27	static int has_been_init = 0;
28
29	// called every time a context is created, so only do it once
30	if (!has_been_init) {
31	abac_verifier_init();
32	atexit(libabac_deinit);
33	has_been_init = 1;
34	}
35	}
36
37	/**
38	* Deinit the library.
39	*/
40	void libabac_deinit(void) {
41	abac_verifier_deinit();
42	}
43
44	/**
45	* Create a new abac context.
46	*/
47	abac_context_t *abac_context_new(void) {
48	libabac_init();
49
50	abac_context_t *ctx = abac_xmalloc(sizeof(abac_context_t));
51	ctx->pl = abac_pl_new();
52	return ctx;
53	}
54
55	/**
56	* Deep copy an abac context. -- XXX dummy stub
57	*/
58	abac_context_t abac_context_dup(abac_context_t ctx) {
59	assert(ctx != NULL);
60	abac_context_t *dup = abac_xmalloc(sizeof(abac_context_t));
61	return dup;
62	}
63
64
65	/**
66	* Free an abac context.
67	*/
68	void abac_context_free(abac_context_t *ctx) {
69	assert(ctx != NULL);
70
71	abac_pl_free(ctx->pl);
72	free(ctx);
73	}
74
75	/**
76	* Load an ID cert from an abac_id_t.
77	*/
78	int abac_context_load_id_id(abac_context_t ctx, abac_id_t id) {
79	assert(ctx != NULL); assert(id);
80	abac_id_credential_t *id_cert=NULL;
81	int ret = abac_verifier_load_id_id(id,&id_cert);
82	if(id_cert) {
83	int add_ret = abac_pl_add_type_credential(ctx->pl, id_cert);
84	}
85	return ret;
86	}
87
88	/**
89	* Load an ID cert from a file.
90	*/
91	int abac_context_load_id_id_file_key_file(abac_context_t ctx, char filename, char *keyfilename) {
92	assert(ctx != NULL); assert(filename != NULL); assert(keyfilename!=NULL);
93	abac_id_credential_t *id_cert=NULL;
94	int ret = abac_verifier_load_id_file_key_file(filename,keyfilename,&id_cert);
95	if(id_cert) {
96	int add_ret = abac_pl_add_type_credential(ctx->pl, id_cert);
97	}
98	return ret;
99	}
100	/**
101	* Load an ID cert from a file, it may contain key part but not necessary.
102	*/
103	int abac_context_load_id_idkey_file(abac_context_t ctx, char filename) {
104	assert(ctx != NULL); assert(filename != NULL);
105	abac_id_credential_t *id_cert=NULL;
106	int ret = abac_verifier_load_idkey_file(filename,&id_cert);
107	if(id_cert) {
108	int add_ret = abac_pl_add_type_credential(ctx->pl, id_cert);
109	}
110	return ret;
111	}
112
113	/**
114	* Load an ID cert from a chunk.
115	*/
116	int abac_context_load_id_chunk(abac_context_t *ctx, abac_chunk_t cert) {
117	assert(ctx != NULL);
118	abac_id_credential_t *id_cert=NULL;
119	chunk_t cert_chunk = { cert.ptr, cert.len };
120	int ret=abac_verifier_load_id_chunk(cert_chunk,&id_cert);
121	if(id_cert) {
122	int add_ret = abac_pl_add_type_credential(ctx->pl, id_cert);
123	}
124	return ret;
125	}
126
127
128	/**
129	* Load an ID cert and privkey from chunks.
130	*/
131	int abac_context_load_id_privkey_chunk(abac_context_t *ctx, abac_chunk_t cert, abac_chunk_t privkey) {
132	assert(ctx != NULL);
133	abac_id_credential_t *id_cert=NULL;
134	chunk_t cert_chunk = { cert.ptr, cert.len };
135	chunk_t privkey_chunk = { privkey.ptr, privkey.len };
136	int ret=abac_verifier_load_id_privkey_chunk(cert_chunk, privkey_chunk, &id_cert);
137
138	if(id_cert) {
139	int add_ret = abac_pl_add_type_credential(ctx->pl, id_cert);
140	}
141	return ret;
142	}
143
144
145	/**
146	* Load an attribute cert from an abac_attribute_t.
147	*/
148	int abac_context_load_attribute_attribute(abac_context_t ctx, abac_attribute_t ptr)
149	{
150	int ret, add_ret;
151	abac_credential_t *cred=NULL;
152
153	assert(ctx != NULL);
154
155	ret = abac_verifier_load_attribute_cert_attribute(ptr, &cred);
156	if (ret == ABAC_CERT_SUCCESS) {
157	add_ret = abac_pl_add_credential(ctx->pl, cred);
158	assert(add_ret != ABAC_PL_CRED_INVALID);
159	}
160
161	return ret;
162
163	}
164
165	/**
166	* Load an attribute cert from a file.
167	*/
168	int abac_context_load_attribute_file(abac_context_t ctx, char filename) {
169	int ret, add_ret;
170	abac_credential_t *cred=NULL;
171
172	assert(ctx != NULL); assert(filename != NULL);
173
174	ret = abac_verifier_load_attribute_cert_file(filename, &cred);
175	if (ret == ABAC_CERT_SUCCESS) {
176	add_ret = abac_pl_add_credential(ctx->pl, cred);
177	assert(add_ret != ABAC_PL_CRED_INVALID);
178	}
179
180	return ret;
181	}
182
183	/**
184	* Load an attribute cert from a chunk.
185	*/
186	int abac_context_load_attribute_chunk(abac_context_t *ctx, abac_chunk_t cert) {
187	int ret, add_ret;
188	abac_credential_t *cred=NULL;
189
190	assert(ctx != NULL);
191
192	chunk_t cert_chunk = { cert.ptr, cert.len };
193
194	ret = abac_verifier_load_attribute_cert_chunk(cert_chunk, &cred);
195	if (ret == ABAC_CERT_SUCCESS) {
196	add_ret = abac_pl_add_credential(ctx->pl, cred);
197	assert(add_ret != ABAC_PL_CRED_INVALID);
198	}
199
200	return ret;
201	}
202
203	#define KEY_PAT "/*_private.{der,pem}"
204	#define ID_PAT "/*_ID.{der,pem}"
205	#define ATTR_PAT "/*_attr.der"
206	#define IDKEY_PAT "/*_IDKEY.{der,pem}"
207
208	char _make_key_filename(char cert_file)
209	{
210	char *p=strstr(cert_file,"_ID.");
211	char *head=strndup(cert_file,p-cert_file);
212	char *tail=p+4;
213	char *keyfile=NULL;
214	asprintf(&keyfile,"%s_private.%s",head,tail);
215	free(head);
216	return keyfile;
217	}
218
219
220	/**
221	* Load a directory full of principal certs.
222	*/
223	void abac_context_load_principals(abac_context_t ctx, char path) {
224	char glob_pat, key_pat;
225	glob_t glob_buf;
226	int i, ret;
227
228	assert(ctx != NULL); assert(path != NULL);
229
230	int dirlen = strlen(path);
231
232	/* make sure pick the larger one */
233	glob_pat = abac_xmalloc(dirlen + sizeof(IDKEY_PAT));
234	memcpy(glob_pat, path, dirlen);
235
236	// load ID certs
237	memcpy(glob_pat + dirlen, ID_PAT, sizeof(ID_PAT));
238	glob(glob_pat, GLOB_BRACE, NULL, &glob_buf); // TODO check for error
239	for (i = 0; i < glob_buf.gl_pathc; ++i) {
240	/* blah_ID.pem */
241	char *cert_file = glob_buf.gl_pathv[i];
242	/* blah_private.pem */
243	char *key_file=_make_key_filename(cert_file);
244	if(debug) {
245	printf("--> ID cert... %s\n", cert_file);
246	printf("--> KEY cert... %s\n", key_file);
247	}
248	ret = abac_context_load_id_id_file_key_file(ctx, cert_file, key_file);
249	if (ret != ABAC_CERT_SUCCESS)
250	warnx("Couldn't load ID cert %s", cert_file);
251	}
252	globfree(&glob_buf);
253
254	// next load IDKEY certs
255	memcpy(glob_pat + dirlen, IDKEY_PAT, sizeof(IDKEY_PAT));
256	glob(glob_pat, GLOB_BRACE, NULL, &glob_buf); // TODO check for error
257	for (i = 0; i < glob_buf.gl_pathc; ++i) {
258	/* blah_IDKEY.pem */
259	char *certkey_file = glob_buf.gl_pathv[i];
260	if(debug) printf("--> IDKEY certkey... %s\n", certkey_file);
261	ret = abac_context_load_id_idkey_file(ctx, certkey_file);
262	if (ret != ABAC_CERT_SUCCESS)
263	warnx("Couldn't load ID/KEY IDKEY cert %s", certkey_file);
264	}
265	globfree(&glob_buf);
266
267	free(glob_pat);
268	}
269
270	/**
271	* Load a directory full of certs.
272	*/
273	void abac_context_load_directory(abac_context_t ctx, char path) {
274	char glob_pat, key_pat;
275	glob_t glob_buf;
276	int i, ret;
277
278	abac_context_load_principals(ctx,path);
279	int dirlen = strlen(path);
280
281	/* make sure pick the larger one */
282	glob_pat = abac_xmalloc(dirlen + sizeof(IDKEY_PAT));
283	memcpy(glob_pat, path, dirlen);
284
285	memcpy(glob_pat + dirlen, ATTR_PAT, sizeof(ATTR_PAT));
286	glob(glob_pat, 0, NULL, &glob_buf); // TODO check for error
287	for (i = 0; i < glob_buf.gl_pathc; ++i) {
288	char *cert_file = glob_buf.gl_pathv[i];
289
290	if(debug) printf("--> attr file... (%s)\n", cert_file);
291	ret = abac_context_load_attribute_file(ctx, cert_file);
292	if (ret != ABAC_CERT_SUCCESS)
293	warnx("Couldn't load attribute cert %s", cert_file);
294	if(debug) printf("Loaded.. (%s)\n", cert_file);
295	}
296	globfree(&glob_buf);
297
298	free(glob_pat);
299	}
300
301	/**
302	* Run a query on the data in an abac context. Returns a NULL-terminated array
303	* of abac_credential_t. Success/failure in *success.
304	* queryfor(either role or oset), with(either keyid or object type)
305	*/
306	abac_credential_t *abac_context_query(abac_context_t ctx, char queryfor, char with, int *success) {
307	if(debug) printf("abac_context_query about(%s) with(%s)\n", queryfor, with);
308	abac_credential_t *credentials = NULL, cur;
309	assert(ctx != NULL); assert(queryfor != NULL);
310	assert(with != NULL); assert(success != NULL);
311
312	abac_stack_t *result = abac_pl_query(ctx->pl, queryfor, with);
313
314	int size = abac_stack_size(result);
315	if (size > 0) {
316	*success = 1;
317	} else {
318	// XXX NOT SURE YET..
319	// return partial proof
320	*success = 0;
321	}
322
323	// make the array (leave space to NULL terminate it)
324	// n.b., even if the list is empty, we still return an array that
325	// only contains the NULL terminator
326	credentials = abac_xmalloc(sizeof(abac_credential_t ) (size + 1));
327	int i = 0;
328	if(size) {
329	while(i<size) {
330	cur=(abac_credential_t *) abac_stack_pop(result);
331	credentials[i++] = cur;
332	}
333	}
334	credentials[i] = NULL;
335
336	if(result)
337	abac_stack_free(result);
338
339	return credentials;
340	}
341
342	abac_credential_t *abac_context_query_with_structure(abac_context_t ctx,
343	abac_aspect_t queryfor, abac_aspect_t with, int *success)
344	{
345	if(debug) printf("abac_context_query_with_structure\n");
346	abac_credential_t *credentials = NULL, cur;
347	assert(ctx != NULL); assert(queryfor != NULL);
348	assert(with != NULL); assert(success != NULL);
349
350	abac_stack_t *result = abac_pl_query_with_structure(ctx->pl, queryfor, with);
351
352	int size = abac_stack_size(result);
353	if (size > 0) {
354	*success = 1;
355	} else {
356	// XXX NOT SURE YET..
357	// return partial proof
358	*success = 0;
359	}
360
361	// make the array (leave space to NULL terminate it)
362	// n.b., even if the list is empty, we still return an array that
363	// only contains the NULL terminator
364	credentials = abac_xmalloc(sizeof(abac_credential_t ) (size + 1));
365	int i = 0;
366	if(size) {
367	while(i<size) {
368	cur=(abac_credential_t *) abac_stack_pop(result);
369	credentials[i++] = cur;
370	}
371	}
372	credentials[i] = NULL;
373
374	if(result)
375	abac_stack_free(result);
376
377	return credentials;
378	}
379
380	/**
381	* A NULL-terminated array of all the credentials in the context.
382	*/
383	abac_credential_t *abac_context_credentials(abac_context_t ctx) {
384	abac_credential_t *credentials = NULL, cur;
385	assert(ctx != NULL);
386
387	abac_stack_t *result = abac_pl_credentials(ctx->pl);
388	int size = abac_stack_size(result);
389
390	// make the array (leave space to NULL terminate it)
391	// n.b., even if the list is empty, we still return an array that
392	// only contains the NULL terminator
393	credentials = abac_xmalloc(sizeof(abac_credential_t ) (size + 1));
394	int i = 0;
395	if(size) {
396	while(i<size) {
397	cur=(abac_credential_t *) abac_stack_pop(result);
398	/* if not in there yet, add into it */
399	credentials[i++] = cur;
400	}
401	}
402	credentials[i] = NULL;
403
404	if(result)
405	abac_stack_free(result);
406	return credentials;
407	}
408
409	/**
410	* Frees a NULL-terminated list of credentials.
411	*/
412	void abac_context_credentials_free(abac_credential_t **credentials) {
413	int i;
414
415	if (credentials == NULL)
416	return;
417
418	for (i = 0; credentials[i] != NULL; ++i)
419	abac_credential_free(credentials[i]);
420	free(credentials);
421	}
422
423	/**
424	* A NULL-terminated array of all the principals in the context.
425	*/
426	abac_id_credential_t *abac_context_principals(abac_context_t ctx) {
427	abac_id_credential_t *principals = NULL, cur;
428	assert(ctx != NULL);
429
430	abac_stack_t *result = abac_pl_principals(ctx->pl);
431
432	int size = abac_stack_size(result);
433
434	// make the array (leave space to NULL terminate it)
435	// n.b., even if the list is empty, we still return an array that
436	// only contains the NULL terminator
437	principals = abac_xmalloc(sizeof(abac_id_credential_t ) (size + 1));
438	int i = 0;
439	if(size) {
440	while(i<size) {
441	cur=(abac_id_credential_t *) abac_stack_pop(result);
442	/* if not in there yet, add into it */
443	principals[i++] = cur;
444	}
445	}
446	principals[i] = NULL;
447
448	if(result)
449	abac_stack_free(result);
450	return principals;
451	}
452
453	/**
454	* Frees a NULL-terminated list of principals.
455	*/
456	void abac_context_principals_free(abac_id_credential_t **principals) {
457	int i;
458
459	if (principals == NULL)
460	return;
461
462	for (i = 0; principals[i] != NULL; ++i)
463	abac_id_credential_free(principals[i]);
464	free(principals);
465	}
466

Note: See TracBrowser for help on using the repository browser.

Download in other formats: