[90d20f0] | 1 | #ifndef __ABAC_H__ |
---|
| 2 | #define __ABAC_H__ |
---|
| 3 | |
---|
[390f749] | 4 | typedef struct _abac_context_t abac_context_t; |
---|
[401a054] | 5 | typedef struct _abac_credential_t abac_credential_t; |
---|
[1743825] | 6 | typedef struct _abac_role_t abac_role_t; |
---|
[90d20f0] | 7 | |
---|
[9efbfbf] | 8 | typedef struct _abac_chunk_t { |
---|
| 9 | unsigned char *ptr; |
---|
| 10 | int len; |
---|
| 11 | } abac_chunk_t; |
---|
| 12 | |
---|
[0bf0e67] | 13 | /* |
---|
| 14 | * ABAC functions, operating on an ABAC context. |
---|
| 15 | */ |
---|
[390f749] | 16 | abac_context_t *abac_context_new(void); |
---|
| 17 | abac_context_t *abac_context_dup(abac_context_t *ctx); |
---|
| 18 | void abac_context_free(abac_context_t *ctx); |
---|
[90d20f0] | 19 | |
---|
[0779c99] | 20 | /* see the bottom of the file for possible return codes */ |
---|
[390f749] | 21 | int abac_context_load_id_file(abac_context_t *ctx, char *filename); |
---|
| 22 | int abac_context_load_id_chunk(abac_context_t *ctx, abac_chunk_t cert); |
---|
| 23 | int abac_context_load_attribute_file(abac_context_t *ctx, char *filename); |
---|
| 24 | int abac_context_load_attribute_chunk(abac_context_t *ctx, abac_chunk_t cert); |
---|
[90d20f0] | 25 | |
---|
[03b3293] | 26 | /* load an entire directory full of certs */ |
---|
[390f749] | 27 | void abac_context_load_directory(abac_context_t *ctx, char *path); |
---|
[03b3293] | 28 | |
---|
[401a054] | 29 | /* abac query, returns a NULL-terminated array of credentials on success, NULL on fail */ |
---|
[4e426c9] | 30 | abac_credential_t **abac_context_query(abac_context_t *ctx, char *role, char *principal, int *success); |
---|
[3c4fd68] | 31 | |
---|
| 32 | /* get all the credentials from the context, returns a NULL-terminated array of credentials */ |
---|
| 33 | abac_credential_t **abac_context_credentials(abac_context_t *ctx); |
---|
| 34 | |
---|
| 35 | /* use this to free the results of either of the previous two functions */ |
---|
| 36 | void abac_context_credentials_free(abac_credential_t **credentials); |
---|
[90d20f0] | 37 | |
---|
[0bf0e67] | 38 | /* |
---|
[401a054] | 39 | * Operations on credentials |
---|
[0bf0e67] | 40 | */ |
---|
[401a054] | 41 | abac_role_t *abac_credential_head(abac_credential_t *cred); |
---|
| 42 | abac_role_t *abac_credential_tail(abac_credential_t *cred); |
---|
| 43 | abac_chunk_t abac_credential_attribute_cert(abac_credential_t *cred); |
---|
| 44 | abac_chunk_t abac_credential_issuer_cert(abac_credential_t *cred); |
---|
[0bf0e67] | 45 | |
---|
[401a054] | 46 | abac_credential_t *abac_credential_dup(abac_credential_t *cred); |
---|
| 47 | void abac_credential_free(abac_credential_t *cred); |
---|
[0bf0e67] | 48 | |
---|
| 49 | /* |
---|
| 50 | * Operations on roles. |
---|
| 51 | */ |
---|
[dcc1a8e] | 52 | abac_role_t *abac_role_principal_new(char *principal); |
---|
| 53 | abac_role_t *abac_role_role_new(char *principal, char *abac_role_name); |
---|
| 54 | abac_role_t *abac_role_linking_new(char *principal, char *linked_role, char *abac_role_name); |
---|
[0bf0e67] | 55 | |
---|
[dcc1a8e] | 56 | void abac_role_free(abac_role_t *role); |
---|
[0bf0e67] | 57 | |
---|
[dcc1a8e] | 58 | abac_role_t *abac_role_from_string(char *string); |
---|
| 59 | abac_role_t *abac_role_dup(abac_role_t *role); |
---|
[0bf0e67] | 60 | |
---|
[dcc1a8e] | 61 | int abac_role_is_principal(abac_role_t *role); |
---|
| 62 | int abac_role_is_role(abac_role_t *role); |
---|
| 63 | int abac_role_is_linking(abac_role_t *role); |
---|
[9a411d7] | 64 | int abac_role_is_intersection(abac_role_t *role); |
---|
[0bf0e67] | 65 | |
---|
[dcc1a8e] | 66 | char *abac_role_string(abac_role_t *role); |
---|
| 67 | char *abac_role_linked_role(abac_role_t *role); |
---|
| 68 | char *abac_role_role_name(abac_role_t *role); |
---|
| 69 | char *abac_role_principal(abac_role_t *role); |
---|
[0bf0e67] | 70 | |
---|
[dcc1a8e] | 71 | char *abac_role_attr_key(abac_role_t *head_role, abac_role_t *tail_role); |
---|
[0bf0e67] | 72 | |
---|
[0779c99] | 73 | /* |
---|
| 74 | * Error codes for loading certificates. |
---|
| 75 | */ |
---|
| 76 | #define ABAC_CERT_SUCCESS 0 // certificate loaded, all is well |
---|
| 77 | #define ABAC_CERT_INVALID -1 // invalid format; also file not found |
---|
| 78 | #define ABAC_CERT_BAD_SIG -2 // invalid signature |
---|
| 79 | #define ABAC_CERT_MISSING_ISSUER -3 // missing ID cert that issued the attribute cert |
---|
| 80 | |
---|
[90d20f0] | 81 | #endif /* __ABAC_H__ */ |
---|