source: libabac/abac.h @ 13c9479

mei_rt2mei_rt2_fix_1
Last change on this file since 13c9479 was 8bd77b5, checked in by Mei <mei@…>, 12 years ago

1) convert parser and libabac to use id cred and attr cred like

creddy (move those 2 files to libabac).

2) fix up abac.hh to work with expanded libabac. can now build

structure from python script

3) redid the credential dump using the internal credential table

instead of depending on a search in db.
  • Property mode set to 100644
File size: 9.4 KB
Line 
1#ifndef __ABAC_H__
2#define __ABAC_H__
3
4#include <stdlib.h>
5#include <abac_list.h>
6#include <abac_stack.h>
7#include <abac_common.h>
8
9typedef struct _abac_context_t abac_context_t;
10typedef struct _abac_credential_t abac_credential_t;
11typedef struct _abac_aspect_t abac_aspect_t;
12typedef struct _abac_attribute_t abac_attribute_t;
13typedef struct _abac_id_t abac_id_t;
14typedef struct _abac_id_credential_t abac_id_credential_t;
15
16typedef struct _abac_condition_t abac_condition_t;
17typedef struct _abac_term_t abac_term_t;
18typedef struct _abac_param_list_t abac_param_list_t;
19
20/*
21 * ABAC functions, operating on an ABAC context.
22 */
23abac_context_t *abac_context_new(void);
24abac_context_t *abac_context_dup(abac_context_t *ctx);
25void abac_context_free(abac_context_t *ctx);
26
27/* see the bottom of the file for possible return codes */
28int abac_context_load_id_id(abac_context_t *ctx, abac_id_t *);
29int abac_context_load_id_file(abac_context_t *ctx, char *filename);
30int abac_context_load_id_chunk(abac_context_t *ctx, abac_chunk_t cert);
31int abac_context_load_attribute_attribute(abac_context_t *ctx, abac_attribute_t *);
32int abac_context_load_attribute_file(abac_context_t *ctx, char *filename);
33int abac_context_load_attribute_chunk(abac_context_t *ctx, abac_chunk_t cert);
34
35/* load an entire directory full of certs */
36void abac_context_load_directory(abac_context_t *ctx, char *path);
37
38/* abac query, returns a NULL-terminated array of credentials on success, NULL on fail */
39abac_credential_t **abac_context_query(abac_context_t *ctx, char *role, char *principal, int *success);
40
41/* get all the credentials from the context, returns a NULL-terminated array of credentials */
42abac_credential_t **abac_context_credentials(abac_context_t *ctx);
43
44/* use this to free the results of either of the previous two functions */
45void abac_context_credentials_free(abac_credential_t **credentials);
46
47/*
48 * Operations on credentials
49 */
50abac_aspect_t *abac_credential_head(abac_credential_t *cred);
51abac_aspect_t *abac_credential_tail(abac_credential_t *cred);
52abac_chunk_t abac_credential_attribute_cert(abac_credential_t *cred);
53abac_chunk_t abac_credential_issuer_cert(abac_credential_t *cred);
54abac_credential_t *abac_credential_lookup(char *cred_string);
55abac_id_credential_t *abac_id_credential_lookup(char*);
56abac_id_t *abac_id_credential_id(abac_id_credential_t *ptr);
57
58abac_credential_t *abac_credential_dup(abac_credential_t *cred);
59abac_attribute_t *abac_credential_attribute(abac_credential_t *cred);
60void abac_credential_free(abac_credential_t *cred);
61
62/*
63 * Operations on aspect.
64 */
65abac_aspect_t *abac_aspect_role_principal_create(char *principal_name);
66abac_aspect_t *abac_aspect_oset_principal_create(char *principal_name);
67abac_aspect_t *abac_aspect_role_create(char *principal_name, char *role_name);
68abac_aspect_t *abac_aspect_oset_create(char *principal_name, char *oset_name);
69
70bool abac_aspect_is_principal(abac_aspect_t *ptr);
71abac_aspect_t *abac_aspect_dup(abac_aspect_t *ptr);
72char *abac_aspect_string(abac_aspect_t *ptr);
73bool abac_aspect_is_linking(abac_aspect_t *ptr);
74char *abac_aspect_typed_string(abac_aspect_t *ptr);
75abac_aspect_t *abac_aspect_add_param(abac_aspect_t *ptr, abac_term_t *param);
76abac_aspect_t *abac_aspect_add_linked_param(abac_aspect_t *ptr, abac_term_t *param);
77bool abac_aspect_is_object(abac_aspect_t *ptr);
78char *abac_aspect_principal_name(abac_aspect_t *ptr);
79char* abac_aspect_type_string(abac_aspect_t *ptr);
80char *abac_aspect_aspect_name(abac_aspect_t *ptr);
81int abac_aspect_aspect_type(abac_aspect_t *ptr);
82abac_param_list_t *abac_aspect_aspect_params(abac_aspect_t *ptr);
83abac_param_list_t *abac_aspect_linked_role_params(abac_aspect_t *ptr);
84abac_aspect_t *abac_aspect_oset_linking_new(char *principal_name, 
85                              char *linked_role_name, char *oset_name);
86abac_aspect_t *abac_aspect_role_linking_new(char *principal_name,
87                              char *linked_role_name, char *role_name);
88abac_aspect_t *abac_aspect_role_new(char *principal_name, char *role_name);
89abac_aspect_t *abac_aspect_oset_new(char *principal_name, char *oset_name);
90abac_aspect_t *abac_aspect_oset_principal_new(char *principal_name);
91abac_aspect_t *abac_aspect_role_principal_new(char *principal_name);
92abac_aspect_t *abac_aspect_oset_object_new(abac_term_t *object);
93char *abac_aspect_linked_role_name(abac_aspect_t *ptr);
94char *abac_aspect_object_name(abac_aspect_t *ptr);
95char *abac_aspect_object_type(abac_aspect_t *ptr);
96abac_list_t *abac_aspect_prereqs(abac_aspect_t *ptr);
97char *abac_aspect_string_with_condition(abac_aspect_t *);
98char *abac_aspect_typed_string_with_condition(abac_aspect_t *);
99char *abac_aspect_principal_principalname(abac_aspect_t *ptr);
100void abac_print_aspect_string_with_condition(abac_aspect_t *ptr,FILE *fp);
101char *abac_aspect_aspect_param_string(abac_aspect_t *ptr);
102abac_aspect_t *abac_aspect_intersection_new(abac_aspect_t *);
103abac_aspect_t *abac_aspect_add_intersecting_aspect(abac_aspect_t *ptr, abac_aspect_t *aspect);
104abac_id_t *abac_aspect_get_issuer_id(abac_aspect_t *ptr);
105int abac_aspect_intersecting_aspect_type(abac_aspect_t *ptr);
106
107/* abac_attribute */
108abac_chunk_t abac_attribute_cert_chunk(abac_attribute_t *ptr);
109int abac_attribute_write(abac_attribute_t *ptr, FILE *out);
110int abac_attribute_bake(abac_attribute_t *ptr);
111int abac_attribute_baked(abac_attribute_t *ptr);
112abac_aspect_t *abac_attribute_head(abac_attribute_t *ptr);
113abac_aspect_t *abac_attribute_tail(abac_attribute_t *ptr);
114int abac_attribute_lastone(abac_attribute_t *ptr);
115int abac_attribute_create(abac_attribute_t **ret,abac_aspect_t *head, abac_aspect_t *tail,int validity);
116abac_attribute_t *abac_attribute_set_head(abac_attribute_t *ptr, abac_aspect_t *);
117abac_attribute_t *abac_attribute_add_tail(abac_attribute_t *ptr, abac_aspect_t *);
118abac_attribute_t *abac_attribute_dup(abac_attribute_t *ptr);
119abac_aspect_t **abac_attribute_tail_vectorized(abac_attribute_t *ptr);
120void abac_attribute_free(abac_attribute_t *ptr);
121void abac_aspects_free(abac_aspect_t **aspects);
122
123/*
124 * Operations on term/params.
125 */
126abac_condition_t *abac_condition_dup(abac_condition_t *ptr);
127void abac_condition_free(abac_condition_t *ptr);
128abac_condition_t *abac_condition_from_string(char *string);
129abac_condition_t *abac_condition_from_aspect(abac_aspect_t *ptr);
130char *abac_condition_typed_string(abac_condition_t *ptr);
131char *abac_condition_string(abac_condition_t *ptr);
132char *abac_condtype_name(int);
133char *abac_term_to_time(char *string);
134char *abac_term_typed_string(abac_term_t *ptr);
135char *abac_term_string(abac_term_t *ptr);
136char *abac_termtype_name(int i);
137char *abac_term_type_name(abac_term_t *term);
138abac_term_t *abac_term_dup(abac_term_t *ptr);
139abac_term_t *abac_term_create(int type, char *name, abac_condition_t *cptr);
140bool abac_term_is_urn_type(abac_term_t *);
141bool abac_term_is_integer_type(abac_term_t *);
142int abac_term_type(abac_term_t *term);
143abac_term_t *abac_term_add_constraint(abac_term_t *ptr, abac_condition_t *cond);
144abac_term_t *abac_term_new(int, char *, char *, abac_aspect_t *);
145void abac_term_free(abac_term_t *);
146bool abac_term_is_time_type(abac_term_t *);
147bool abac_term_is_string_type(abac_term_t *);
148char *abac_term_name(abac_term_t *);
149abac_condition_t *abac_term_constraint(abac_term_t *term);
150abac_param_list_t *abac_param_list_new(abac_term_t *term);
151abac_param_list_t *abac_param_list_free(abac_param_list_t *ptr);
152abac_param_list_t *abac_param_list_add_term(abac_param_list_t *, abac_term_t *term);
153char* abac_param_list_string(abac_param_list_t *ptr);
154char* abac_param_list_string_with_condition(abac_param_list_t *ptr);
155char* abac_param_list_typed_string_with_condition(abac_param_list_t *ptr);
156abac_term_t **abac_param_list_vectorize(abac_param_list_t *ptr);
157void abac_terms_free(abac_term_t **terms);
158
159/* from abac_verifier */
160char *abac_cn_with_sha(char*);
161char *abac_idtype_with_sha(char*);
162char *abac_idtype_string(int);
163abac_stack_t *abac_verifier_dump_creds();
164abac_id_credential_t *abac_verifier_add_id_credential(abac_id_t *a_id);
165
166/* from abac_id */
167int abac_id_lastone(abac_id_t *ptr);
168abac_id_t *abac_id_dup(abac_id_t *id);
169void abac_id_free(abac_id_t *id);
170char *abac_id_cn(abac_id_t *id);
171char *abac_id_keyid(abac_id_t *id);
172abac_id_t *abac_id_from_file(char *filename);
173int abac_id_load_privkey(abac_id_t *id, char *filename);
174int abac_id_write_privkey(abac_id_t *id, FILE *out);
175int abac_id_has_privkey(abac_id_t *id);
176void abac_id_write_cert(abac_id_t *id, FILE *out);
177int abac_id_generate(abac_id_t **ret, char *cn, int validity);
178abac_chunk_t abac_id_cert_chunk(abac_id_t *id);
179
180/* from abac_aspect */
181void abac_aspect_free(abac_aspect_t *);
182void abac_errx(int val, char *string);
183
184/*
185 * Error codes for loading certificates.
186 */
187#define ABAC_CERT_SUCCESS           0   // certificate loaded, all is well
188#define ABAC_CERT_INVALID           -1  // invalid format; also file not found
189#define ABAC_CERT_BAD_SIG           -2  // invalid signature
190#define ABAC_CERT_MISSING_ISSUER    -3  // missing ID cert that issued the attribute cert
191#define ABAC_CERT_BAD_CN            -4  // ID cert is not matching CN=principal format
192#define ABAC_CERT_BAD_YAP           -5  // failed to insert into prolog engine
193
194#define ABAC_ID_SUCCESS                     0
195#define ABAC_ID_GENERATE_INVALID_CN        -1
196#define ABAC_ID_GENERATE_INVALID_VALIDITY  -2
197
198#define ABAC_ATTRIBUTE_SUCCESS              0
199#define ABAC_ATTRIBUTE_INVALID_ROLE        -1
200#define ABAC_ATTRIBUTE_INVALID_VALIDITY    -2
201#define ABAC_ATTRIBUTE_ISSUER_NOKEY        -3
202
203
204#define USE(evalue) ((getenv(evalue)!=NULL)?1:0)
205
206#endif /* __ABAC_H__ */
Note: See TracBrowser for help on using the repository browser.