source: libabac/abac.c @ 5d06689

mei_rt2mei_rt2_fix_1
Last change on this file since 5d06689 was 5d06689, checked in by Mei <mei@…>, 12 years ago

1) modify abac.hh and added abac_c.c to unify the c and c++ api

interface (almost)

2) add new API
3) tweak the tests
4) filling missing code for abac_verifier_load_attribute_cert_attribute
  • Property mode set to 100644
File size: 11.6 KB
Line 
1
2/* abac.c using prolog */
3
4#include <assert.h>
5#include <err.h>
6#include <glob.h>
7
8#include <chunk.h>
9
10#include "abac_internal.h"
11
12#include "abac_pl_yap.h"
13#include "abac_util.h"
14#include "abac_verifier.h"
15
16static int debug=0;
17
18struct _abac_context_t {
19    abac_pl_t *pl;
20};
21
22/**
23 * Init the library.
24 */
25void libabac_init(void) {
26    void libabac_deinit(void);
27    static int has_been_init = 0;
28
29    // called every time a context is created, so only do it once
30    if (!has_been_init) {
31        abac_verifier_init();
32        atexit(libabac_deinit);
33        has_been_init = 1;
34    }
35}
36
37/**
38 * Deinit the library.
39 */
40void libabac_deinit(void) {
41    abac_verifier_deinit();
42}
43
44/**
45 * Create a new abac context.
46 */
47abac_context_t *abac_context_new(void) {
48    libabac_init();
49
50    abac_context_t *ctx = abac_xmalloc(sizeof(abac_context_t));
51    ctx->pl = abac_pl_new();
52    return ctx;
53}
54
55/**
56 * Deep copy an abac context. -- XXX dummy stub
57 */
58abac_context_t *abac_context_dup(abac_context_t *ctx) {
59    assert(ctx != NULL);
60    abac_context_t *dup = abac_xmalloc(sizeof(abac_context_t));
61    return dup;
62}
63
64
65/**
66 * Free an abac context.
67 */
68void abac_context_free(abac_context_t *ctx) {
69    assert(ctx != NULL);
70
71    abac_pl_free(ctx->pl);
72    free(ctx);
73}
74
75/**
76 * Load an ID cert from an abac_id_t.
77 */
78int abac_context_load_id_id(abac_context_t *ctx, abac_id_t *id) {
79    assert(ctx != NULL); assert(id);
80    abac_id_credential_t *id_cert=NULL;
81    int ret = abac_verifier_load_id_id(id,&id_cert);
82    if(id_cert) {
83        int add_ret = abac_pl_add_type_credential(ctx->pl, id_cert);
84    }
85    return ret;
86}
87
88/**
89 * Load an ID cert from a file.
90 */
91int abac_context_load_id_id_file_key_file(abac_context_t *ctx, char *filename, char *keyfilename) {
92    assert(ctx != NULL); assert(filename != NULL); assert(keyfilename!=NULL);
93    abac_id_credential_t *id_cert=NULL;
94    int ret = abac_verifier_load_id_file_key_file(filename,keyfilename,&id_cert);
95    if(id_cert) {
96        int add_ret = abac_pl_add_type_credential(ctx->pl, id_cert);
97    }
98    return ret;
99}
100/**
101 * Load an ID cert from a file, it may contain key part but not necessary.
102 */
103int abac_context_load_id_idkey_file(abac_context_t *ctx, char *filename) {
104    assert(ctx != NULL); assert(filename != NULL); 
105    abac_id_credential_t *id_cert=NULL;
106    int ret = abac_verifier_load_idkey_file(filename,&id_cert);
107    if(id_cert) {
108        int add_ret = abac_pl_add_type_credential(ctx->pl, id_cert);
109    }
110    return ret;
111}
112
113/**
114 * Load an ID cert from a chunk.
115 */
116int abac_context_load_id_chunk(abac_context_t *ctx, abac_chunk_t cert) {
117    assert(ctx != NULL);
118    abac_id_credential_t *id_cert=NULL;
119    chunk_t cert_chunk = { cert.ptr, cert.len };
120    int ret=abac_verifier_load_id_chunk(cert_chunk,&id_cert);
121    if(id_cert) {
122        int add_ret = abac_pl_add_type_credential(ctx->pl, id_cert);
123    }
124    return ret;
125}
126
127/**
128 * Load an attribute cert from an abac_attribute_t.
129 */
130int abac_context_load_attribute_attribute(abac_context_t *ctx, abac_attribute_t *ptr)
131{
132    int ret, add_ret;
133    abac_credential_t *cred=NULL;
134
135    assert(ctx != NULL);
136
137    ret = abac_verifier_load_attribute_cert_attribute(ptr, &cred);
138    if (ret == ABAC_CERT_SUCCESS) {
139        add_ret = abac_pl_add_credential(ctx->pl, cred);
140        assert(add_ret != ABAC_PL_CRED_INVALID);
141    }
142
143    return ret;
144
145}
146
147/**
148 * Load an attribute cert from a file.
149 */
150int abac_context_load_attribute_file(abac_context_t *ctx, char *filename) {
151    int ret, add_ret;
152    abac_credential_t *cred=NULL;
153
154    assert(ctx != NULL); assert(filename != NULL);
155
156    ret = abac_verifier_load_attribute_cert_file(filename, &cred);
157    if (ret == ABAC_CERT_SUCCESS) {
158        add_ret = abac_pl_add_credential(ctx->pl, cred);
159        assert(add_ret != ABAC_PL_CRED_INVALID);
160    }
161
162    return ret;
163}
164
165/**
166 * Load an attribute cert from a chunk.
167 */
168int abac_context_load_attribute_chunk(abac_context_t *ctx, abac_chunk_t cert) {
169    int ret, add_ret;
170    abac_credential_t *cred=NULL;
171
172    assert(ctx != NULL);
173
174    chunk_t cert_chunk = { cert.ptr, cert.len };
175
176    ret = abac_verifier_load_attribute_cert_chunk(cert_chunk, &cred);
177    if (ret == ABAC_CERT_SUCCESS) {
178        add_ret = abac_pl_add_credential(ctx->pl, cred);
179        assert(add_ret != ABAC_PL_CRED_INVALID);
180        abac_credential_free(cred);
181    }
182
183    return ret;
184}
185
186#define KEY_PAT "/*_private.{der,pem}"
187#define ID_PAT "/*_ID.{der,pem}"
188#define ATTR_PAT "/*_attr.der"
189#define IDKEY_PAT "/*_IDKEY.{der,pem}"
190
191char *_make_key_filename(char *cert_file)
192{
193    char *p=strstr(cert_file,"_ID.");
194    char *head=strndup(cert_file,p-cert_file);
195    char *tail=p+4;
196    char *keyfile=NULL;
197    asprintf(&keyfile,"%s_private.%s",head,tail);
198    free(head);
199    return keyfile;
200}
201/**
202 * Load a directory full of certs.
203 */
204void abac_context_load_directory(abac_context_t *ctx, char *path) {
205    char *glob_pat, *key_pat;
206    glob_t glob_buf;
207    int i, ret;
208
209    assert(ctx != NULL); assert(path != NULL);
210
211    int dirlen = strlen(path);
212
213    /* make sure pick the larger one */
214    glob_pat = abac_xmalloc(dirlen + sizeof(IDKEY_PAT));
215    memcpy(glob_pat, path, dirlen);
216
217    // first load ID certs
218    memcpy(glob_pat + dirlen, ID_PAT, sizeof(ID_PAT));
219    glob(glob_pat, GLOB_BRACE, NULL, &glob_buf); // TODO check for error
220    for (i = 0; i < glob_buf.gl_pathc; ++i) {
221        /* blah_ID.pem */
222        char *cert_file = glob_buf.gl_pathv[i];
223        /* blah_private.pem */
224        char *key_file=_make_key_filename(cert_file);
225        if(debug) {
226            printf("--> ID cert... %s\n", cert_file);
227            printf("--> KEY cert... %s\n", key_file);
228        }
229        ret = abac_context_load_id_id_file_key_file(ctx, cert_file, key_file);
230        if (ret != ABAC_CERT_SUCCESS)
231            warnx("Couldn't load ID cert %s", cert_file);
232    }
233    globfree(&glob_buf);
234
235    // first load IDKEY certs
236    memcpy(glob_pat + dirlen, IDKEY_PAT, sizeof(IDKEY_PAT));
237    glob(glob_pat, GLOB_BRACE, NULL, &glob_buf); // TODO check for error
238    for (i = 0; i < glob_buf.gl_pathc; ++i) {
239        /* blah_IDKEY.pem */
240        char *certkey_file = glob_buf.gl_pathv[i];
241        if(debug) {
242            printf("--> IDKEY certkey... %s\n", certkey_file);
243        }
244        ret = abac_context_load_id_idkey_file(ctx, certkey_file);
245        if (ret != ABAC_CERT_SUCCESS)
246            warnx("Couldn't load ID/KEY IDKEY cert %s", certkey_file);
247    }
248    globfree(&glob_buf);
249
250    memcpy(glob_pat + dirlen, ATTR_PAT, sizeof(ATTR_PAT));
251    glob(glob_pat, 0, NULL, &glob_buf); // TODO check for error
252    for (i = 0; i < glob_buf.gl_pathc; ++i) {
253        char *cert_file = glob_buf.gl_pathv[i];
254
255        if(debug) printf("--> attr file... %s\n", cert_file);
256        ret = abac_context_load_attribute_file(ctx, cert_file);
257        if (ret != ABAC_CERT_SUCCESS)
258            warnx("Couldn't load attribute cert %s", cert_file);
259        if(debug) printf("Loaded.. %s\n", cert_file);
260    }
261    globfree(&glob_buf);
262
263    free(glob_pat);
264}
265
266/**
267 * Run a query on the data in an abac context. Returns a NULL-terminated array
268 * of abac_credential_t. Success/failure in *success.
269 * queryfor(either role or oset), with(either keyid or object type)
270 */
271abac_credential_t **abac_context_query(abac_context_t *ctx, char *queryfor, char *with, int *success) {
272    if(debug) {
273         printf("abac_context_query about(%s) with(%s)\n", queryfor, with);
274    }
275    abac_credential_t **credentials = NULL, *cur;
276    assert(ctx != NULL); assert(queryfor != NULL);
277    assert(with != NULL); assert(success != NULL);
278
279    abac_stack_t *result = abac_pl_query(ctx->pl, queryfor, with);
280
281    int size = abac_stack_size(result);
282    if (size > 0) {
283        *success = 1;
284    } else {
285    // XXX NOT SURE YET..
286    // return partial proof
287        *success = 0;
288    }
289
290    // make the array (leave space to NULL terminate it)
291    //      n.b., even if the list is empty, we still return an array that
292    //            only contains the NULL terminator
293    credentials = abac_xmalloc(sizeof(abac_credential_t *) * (size + 1));
294    int i = 0;
295    if(size) {
296        while(i<size) { 
297            cur=(abac_credential_t *) abac_stack_pop(result);
298            credentials[i++] = cur;
299        } 
300    }
301    credentials[i] = NULL;
302
303    if(result)
304        abac_stack_free(result);
305
306    return credentials;
307}
308
309abac_credential_t **abac_context_query_with_structure(abac_context_t *ctx,
310abac_aspect_t *queryfor, abac_aspect_t *with, int *success)
311{
312    if(debug) {
313         printf("abac_context_query_with_structure\n");
314    }
315    abac_credential_t **credentials = NULL, *cur;
316    assert(ctx != NULL); assert(queryfor != NULL);
317    assert(with != NULL); assert(success != NULL);
318
319    abac_stack_t *result = abac_pl_query_with_structure(ctx->pl, queryfor, with);
320
321    int size = abac_stack_size(result);
322    if (size > 0) {
323        *success = 1;
324    } else {
325    // XXX NOT SURE YET..
326    // return partial proof
327        *success = 0;
328    }
329
330    // make the array (leave space to NULL terminate it)
331    //      n.b., even if the list is empty, we still return an array that
332    //            only contains the NULL terminator
333    credentials = abac_xmalloc(sizeof(abac_credential_t *) * (size + 1));
334    int i = 0;
335    if(size) {
336        while(i<size) { 
337            cur=(abac_credential_t *) abac_stack_pop(result);
338            credentials[i++] = cur;
339        } 
340    }
341    credentials[i] = NULL;
342
343    if(result)
344        abac_stack_free(result);
345
346    return credentials;
347}
348
349/**
350 * A NULL-terminated array of all the credentials in the context.
351 */
352abac_credential_t **abac_context_credentials(abac_context_t *ctx) {
353    abac_credential_t **credentials = NULL, *cur;
354    assert(ctx != NULL);
355
356    abac_stack_t *result = abac_pl_credentials(ctx->pl);
357    int size = abac_stack_size(result);
358
359    // make the array (leave space to NULL terminate it)
360    //      n.b., even if the list is empty, we still return an array that
361    //            only contains the NULL terminator
362    credentials = abac_xmalloc(sizeof(abac_credential_t *) * (size + 1));
363    int i = 0;
364    if(size) {
365        while(i<size) { 
366            cur=(abac_credential_t *) abac_stack_pop(result);
367            /* if not in there yet, add into it */
368            credentials[i++] = cur;
369        } 
370    }
371    credentials[i] = NULL;
372
373    if(result)
374        abac_stack_free(result);
375    return credentials;
376}
377
378/**
379 * Frees a NULL-terminated list of credentials.
380 */
381void abac_context_credentials_free(abac_credential_t **credentials) {
382    int i;
383
384    if (credentials == NULL)
385        return;
386
387    for (i = 0; credentials[i] != NULL; ++i)
388        abac_credential_free(credentials[i]);
389    free(credentials);
390}
391
392/**
393 * A NULL-terminated array of all the principals in the context.
394 */
395abac_id_credential_t **abac_context_principals(abac_context_t *ctx) {
396    abac_id_credential_t **principals = NULL, *cur;
397    assert(ctx != NULL);
398
399    abac_stack_t *result = abac_pl_principals(ctx->pl);
400
401    int size = abac_stack_size(result);
402
403    // make the array (leave space to NULL terminate it)
404    //      n.b., even if the list is empty, we still return an array that
405    //            only contains the NULL terminator
406    principals = abac_xmalloc(sizeof(abac_id_credential_t *) * (size + 1));
407    int i = 0;
408    if(size) {
409        while(i<size) { 
410            cur=(abac_id_credential_t *) abac_stack_pop(result);
411            /* if not in there yet, add into it */
412            principals[i++] = cur;
413        } 
414    }
415    principals[i] = NULL;
416
417    if(result)
418        abac_stack_free(result);
419    return principals;
420}
421
422/**
423 * Frees a NULL-terminated list of principals.
424 */
425void abac_context_principals_free(abac_id_credential_t **principals) {
426    int i;
427
428    if (principals == NULL)
429        return;
430
431    for (i = 0; principals[i] != NULL; ++i)
432        abac_id_credential_free(principals[i]);
433    free(principals);
434}
435
Note: See TracBrowser for help on using the repository browser.