source: libabac/abac.h @ 651fd21

#ifndef __ABAC_H__
#define __ABAC_H__

typedef struct _abac_context_t abac_context_t;
typedef struct _abac_credential_t abac_credential_t;
typedef struct _abac_role_t abac_role_t;

typedef struct _abac_chunk_t {
    unsigned char *ptr;
    int len;
} abac_chunk_t;

/*
 * ABAC functions, operating on an ABAC context.
 */
abac_context_t *abac_context_new(void);
abac_context_t *abac_context_dup(abac_context_t *ctx);
void abac_context_free(abac_context_t *ctx);

/* see the bottom of the file for possible return codes */
int abac_context_load_id_file(abac_context_t *ctx, char *filename);
int abac_context_load_id_chunk(abac_context_t *ctx, abac_chunk_t cert);
int abac_context_load_attribute_file(abac_context_t *ctx, char *filename);
int abac_context_load_attribute_chunk(abac_context_t *ctx, abac_chunk_t cert);

/* load an entire directory full of certs */
void abac_context_load_directory(abac_context_t *ctx, char *path);

/* abac query, returns a NULL-terminated array of credentials on success, NULL on fail */
abac_credential_t **abac_context_query(abac_context_t *ctx, char *role, char *principal, int *success);

/* get all the credentials from the context, returns a NULL-terminated array of credentials */
abac_credential_t **abac_context_credentials(abac_context_t *ctx);

/* use this to free the results of either of the previous two functions */
void abac_context_credentials_free(abac_credential_t **credentials);

/*
 * Operations on credentials
 */
abac_role_t *abac_credential_head(abac_credential_t *cred);
abac_role_t *abac_credential_tail(abac_credential_t *cred);
abac_chunk_t abac_credential_attribute_cert(abac_credential_t *cred);
abac_chunk_t abac_credential_issuer_cert(abac_credential_t *cred);

abac_credential_t *abac_credential_dup(abac_credential_t *cred);
void abac_credential_free(abac_credential_t *cred);

/*
 * Operations on roles.
 */
abac_role_t *abac_role_principal_new(char *principal);
abac_role_t *abac_role_role_new(char *principal, char *abac_role_name);
abac_role_t *abac_role_linking_new(char *principal, char *linked_role, char *abac_role_name);

void abac_role_free(abac_role_t *role);

abac_role_t *abac_role_from_string(char *string);
abac_role_t *abac_role_dup(abac_role_t *role);

int abac_role_is_principal(abac_role_t *role);
int abac_role_is_role(abac_role_t *role);
int abac_role_is_linking(abac_role_t *role);
int abac_role_is_intersection(abac_role_t *role);

char *abac_role_string(abac_role_t *role);
char *abac_role_linked_role(abac_role_t *role);
char *abac_role_role_name(abac_role_t *role);
char *abac_role_principal(abac_role_t *role);

char *abac_role_attr_key(abac_role_t *head_role, abac_role_t *tail_role);

/*
 * Error codes for loading certificates.
 */
#define ABAC_CERT_SUCCESS           0   // certificate loaded, all is well
#define ABAC_CERT_INVALID           -1  // invalid format; also file not found
#define ABAC_CERT_BAD_SIG           -2  // invalid signature
#define ABAC_CERT_MISSING_ISSUER    -3  // missing ID cert that issued the attribute cert

#endif /* __ABAC_H__ */