#ifndef __ABAC_H__ #define __ABAC_H__ typedef struct _abac_context_t abac_context_t; typedef struct _abac_credential_t abac_credential_t; typedef struct _abac_role_t abac_role_t; typedef struct _abac_chunk_t { unsigned char *ptr; int len; } abac_chunk_t; /* * Init/deinit the library. */ void libabac_init(void); void libabac_deinit(void); /* * ABAC functions, operating on an ABAC context. */ abac_context_t *abac_context_new(void); abac_context_t *abac_context_dup(abac_context_t *ctx); void abac_context_free(abac_context_t *ctx); /* see the bottom of the file for possible return codes */ int abac_context_load_id_file(abac_context_t *ctx, char *filename); int abac_context_load_id_chunk(abac_context_t *ctx, abac_chunk_t cert); int abac_context_load_attribute_file(abac_context_t *ctx, char *filename); int abac_context_load_attribute_chunk(abac_context_t *ctx, abac_chunk_t cert); /* load an entire directory full of certs */ void abac_context_load_directory(abac_context_t *ctx, char *path); /* abac query, returns a NULL-terminated array of credentials on success, NULL on fail */ abac_credential_t **abac_context_query(abac_context_t *ctx, char *role, char *principal, int *success); void abac_context_query_free(abac_credential_t **credentials); /* * Operations on credentials */ abac_role_t *abac_credential_head(abac_credential_t *cred); abac_role_t *abac_credential_tail(abac_credential_t *cred); abac_chunk_t abac_credential_attribute_cert(abac_credential_t *cred); abac_chunk_t abac_credential_issuer_cert(abac_credential_t *cred); abac_credential_t *abac_credential_dup(abac_credential_t *cred); void abac_credential_free(abac_credential_t *cred); /* * Operations on roles. */ abac_role_t *abac_role_principal_new(char *principal); abac_role_t *abac_role_role_new(char *principal, char *abac_role_name); abac_role_t *abac_role_linking_new(char *principal, char *linked_role, char *abac_role_name); void abac_role_free(abac_role_t *role); abac_role_t *abac_role_from_string(char *string); abac_role_t *abac_role_dup(abac_role_t *role); int abac_role_is_principal(abac_role_t *role); int abac_role_is_role(abac_role_t *role); int abac_role_is_linking(abac_role_t *role); char *abac_role_string(abac_role_t *role); char *abac_role_linked_role(abac_role_t *role); char *abac_role_role_name(abac_role_t *role); char *abac_role_principal(abac_role_t *role); char *abac_role_attr_key(abac_role_t *head_role, abac_role_t *tail_role); /* * Error codes for loading certificates. */ #define ABAC_CERT_SUCCESS 0 // certificate loaded, all is well #define ABAC_CERT_INVALID -1 // invalid format; also file not found #define ABAC_CERT_BAD_SIG -2 // invalid signature #define ABAC_CERT_MISSING_ISSUER -3 // missing ID cert that issued the attribute cert #endif /* __ABAC_H__ */