source: libabac/abac.h @ 440ba20

mei_rt2mei_rt2_fix_1
Last change on this file since 440ba20 was 440ba20, checked in by Mei <mei@…>, 12 years ago

1) wrap up refactoring to move all the code gen to abac structure
2) all original testsuite passed
3) add couple more ui calls in abac.hh ie. manage constraint's

creation, hook to dump yap db.
  • Property mode set to 100644
File size: 10.1 KB
Line 
1#ifndef __ABAC_H__
2#define __ABAC_H__
3
4#include <stdlib.h>
5#include <abac_list.h>
6#include <abac_stack.h>
7#include <abac_common.h>
8
9typedef struct _abac_context_t abac_context_t;
10typedef struct _abac_credential_t abac_credential_t;
11typedef struct _abac_aspect_t abac_aspect_t;
12typedef struct _abac_attribute_t abac_attribute_t;
13typedef struct _abac_id_t abac_id_t;
14typedef struct _abac_id_credential_t abac_id_credential_t;
15
16typedef struct _abac_condition_t abac_condition_t;
17typedef struct _abac_term_t abac_term_t;
18typedef struct _abac_item_t abac_item_t;
19typedef struct _abac_param_list_t abac_param_list_t;
20
21/*
22 * ABAC functions, operating on an ABAC context.
23 */
24abac_context_t *abac_context_new(void);
25abac_context_t *abac_context_dup(abac_context_t *ctx);
26abac_context_t *abac_context_dup(abac_context_t *ctx);
27void abac_context_free(abac_context_t *ctx);
28
29/* see the bottom of the file for possible return codes */
30int abac_context_load_id_id(abac_context_t *ctx, abac_id_t *);
31int abac_context_load_id_file(abac_context_t *ctx, char *filename, char* keyfielname);
32int abac_context_load_id_chunk(abac_context_t *ctx, abac_chunk_t cert);
33int abac_context_load_attribute_attribute(abac_context_t *ctx, abac_attribute_t *);
34int abac_context_load_attribute_file(abac_context_t *ctx, char *filename);
35int abac_context_load_attribute_chunk(abac_context_t *ctx, abac_chunk_t cert);
36
37/* load an entire directory full of certs */
38void abac_context_load_directory(abac_context_t *ctx, char *path);
39
40/* abac query, returns a NULL-terminated array of credentials on success, NULL on fail */
41abac_credential_t **abac_context_query(abac_context_t *ctx, char *role, char *principal, int *success);
42
43/* get all the credentials from the context, returns a NULL-terminated array of credentials */
44abac_credential_t **abac_context_credentials(abac_context_t *ctx);
45
46/* use this to free the results of either of the previous two functions */
47void abac_context_credentials_free(abac_credential_t **credentials);
48
49/*
50 * Operations on credentials
51 */
52abac_aspect_t *abac_credential_head(abac_credential_t *cred);
53abac_aspect_t *abac_credential_tail(abac_credential_t *cred);
54abac_chunk_t abac_credential_attribute_cert(abac_credential_t *cred);
55abac_chunk_t abac_credential_issuer_cert(abac_credential_t *cred);
56abac_credential_t *abac_credential_lookup(char *cred_string);
57abac_id_credential_t *abac_id_credential_lookup(char*);
58abac_id_t *abac_id_credential_id(abac_id_credential_t *ptr);
59
60abac_credential_t *abac_credential_dup(abac_credential_t *cred);
61abac_attribute_t *abac_credential_attribute(abac_credential_t *cred);
62void abac_credential_free(abac_credential_t *cred);
63
64/*
65 * Operations on aspect.
66 */
67abac_aspect_t *abac_aspect_role_principal_create(char *principal_name);
68abac_aspect_t *abac_aspect_oset_principal_create(char *principal_name);
69abac_aspect_t *abac_aspect_role_create(char *principal_name, char *role_name);
70abac_aspect_t *abac_aspect_oset_create(char *principal_name, char *oset_name);
71
72bool abac_aspect_is_principal(abac_aspect_t *ptr);
73abac_aspect_t *abac_aspect_dup(abac_aspect_t *ptr);
74char *abac_aspect_string(abac_aspect_t *ptr);
75bool abac_aspect_is_linking(abac_aspect_t *ptr);
76char *abac_aspect_typed_string(abac_aspect_t *ptr);
77abac_aspect_t *abac_aspect_add_param(abac_aspect_t *ptr, abac_term_t *param);
78abac_aspect_t *abac_aspect_add_linked_param(abac_aspect_t *ptr, abac_term_t *param);
79bool abac_aspect_is_object(abac_aspect_t *ptr);
80char *abac_aspect_principal_name(abac_aspect_t *ptr);
81char* abac_aspect_type_string(abac_aspect_t *ptr);
82char *abac_aspect_aspect_name(abac_aspect_t *ptr);
83int abac_aspect_aspect_type(abac_aspect_t *ptr);
84abac_param_list_t *abac_aspect_aspect_params(abac_aspect_t *ptr);
85abac_param_list_t *abac_aspect_linked_role_params(abac_aspect_t *ptr);
86abac_aspect_t *abac_aspect_oset_linking_new(char *principal_name, 
87                              char *linked_role_name, char *oset_name);
88abac_aspect_t *abac_aspect_role_linking_new(char *principal_name,
89                              char *linked_role_name, char *role_name);
90abac_aspect_t *abac_aspect_role_new(char *principal_name, char *role_name);
91abac_aspect_t *abac_aspect_oset_new(char *principal_name, char *oset_name);
92abac_aspect_t *abac_aspect_oset_principal_new(char *principal_name);
93abac_aspect_t *abac_aspect_role_principal_new(char *principal_name);
94abac_aspect_t *abac_aspect_oset_object_new(abac_term_t *object);
95char *abac_aspect_linked_role_name(abac_aspect_t *ptr);
96char *abac_aspect_object_name(abac_aspect_t *ptr);
97char *abac_aspect_object_type(abac_aspect_t *ptr);
98abac_list_t *abac_aspect_prereqs(abac_aspect_t *ptr);
99char *abac_aspect_string_with_condition(abac_aspect_t *);
100char *abac_aspect_typed_string_with_condition(abac_aspect_t *);
101char *abac_aspect_principal_principalname(abac_aspect_t *ptr);
102void abac_print_aspect_string_with_condition(abac_aspect_t *ptr,FILE *fp);
103char *abac_aspect_aspect_param_string(abac_aspect_t *ptr);
104abac_aspect_t *abac_aspect_intersection_new(abac_aspect_t *);
105abac_aspect_t *abac_aspect_add_intersecting_aspect(abac_aspect_t *ptr, abac_aspect_t *aspect);
106abac_id_t *abac_aspect_get_issuer_id(abac_aspect_t *ptr);
107int abac_aspect_intersecting_aspect_type(abac_aspect_t *ptr);
108
109/* abac_attribute */
110abac_chunk_t abac_attribute_cert_chunk(abac_attribute_t *ptr);
111int abac_attribute_write(abac_attribute_t *ptr, FILE *out);
112int abac_attribute_bake(abac_attribute_t *ptr);
113int abac_attribute_baked(abac_attribute_t *ptr);
114abac_aspect_t *abac_attribute_head(abac_attribute_t *ptr);
115abac_aspect_t *abac_attribute_tail(abac_attribute_t *ptr);
116int abac_attribute_lastone(abac_attribute_t *ptr);
117int abac_attribute_create(abac_attribute_t **ret,abac_aspect_t *head, abac_aspect_t *tail,int validity);
118abac_attribute_t *abac_attribute_set_head(abac_attribute_t *ptr, abac_aspect_t *);
119abac_attribute_t *abac_attribute_add_tail(abac_attribute_t *ptr, abac_aspect_t *);
120abac_attribute_t *abac_attribute_dup(abac_attribute_t *ptr);
121abac_aspect_t **abac_attribute_tail_vectorized(abac_attribute_t *ptr);
122void abac_attribute_free(abac_attribute_t *ptr);
123void abac_aspects_free(abac_aspect_t **aspects);
124
125/*
126 * Operations on term/params.
127 */
128abac_condition_t *abac_condition_create(char *vtype);
129abac_condition_t *abac_condition_create_from_aspect(abac_aspect_t *ptr);
130abac_condition_t *abac_condition_dup(abac_condition_t *ptr);
131int abac_condition_add_range_item(abac_condition_t*, char*, char*, char*);
132void abac_condition_free(abac_condition_t *ptr);
133char *abac_condition_typed_string(abac_condition_t *ptr);
134char *abac_condition_string(abac_condition_t *ptr);
135char *abac_term_to_time(char *string);
136int abac_term_isvar(abac_term_t *term);
137char *abac_term_typed_string(abac_term_t *ptr);
138char *abac_term_string(abac_term_t *ptr);
139char *abac_term_type_name(abac_term_t *term);
140abac_term_t *abac_term_dup(abac_term_t *ptr);
141abac_term_t *abac_term_create(int, char*, abac_condition_t*);
142abac_term_t *abac_term_named_create(int, char*);
143bool abac_term_is_numeric(abac_term_t *);
144bool abac_term_is_alpha(abac_term_t *);
145bool abac_term_is_time(abac_term_t *);
146bool abac_term_is_integer_type(abac_term_t *term);
147bool abac_term_is_urn_type(abac_term_t *term);
148bool abac_term_is_string_type(abac_term_t *term);
149bool abac_term_is_time_type(abac_term_t *term);
150int abac_term_type(abac_term_t *term);
151abac_term_t *abac_term_add_constraint(abac_term_t *ptr, abac_condition_t *cond);
152abac_term_t *abac_term_new(int, char *, int, char *, void *);
153abac_term_t *abac_term_named_new(int, char *);
154void abac_term_free(abac_term_t *);
155bool abac_term_is_time_type(abac_term_t *);
156bool abac_term_is_string_type(abac_term_t *);
157char *abac_term_name(abac_term_t *);
158abac_condition_t *abac_term_constraint(abac_term_t *term);
159abac_param_list_t *abac_param_list_new(abac_term_t *term);
160abac_param_list_t *abac_param_list_free(abac_param_list_t *ptr);
161abac_param_list_t *abac_param_list_add_term(abac_param_list_t *, abac_term_t *term);
162char* abac_param_list_string(abac_param_list_t *ptr);
163char* abac_param_list_string_with_condition(abac_param_list_t *ptr);
164char* abac_param_list_typed_string_with_condition(abac_param_list_t *ptr);
165abac_term_t **abac_param_list_vectorize(abac_param_list_t *ptr);
166void abac_terms_free(abac_term_t **terms);
167int abac_verify_term_type(char *);
168
169/* from abac_verifier */
170char *abac_cn_with_sha(char*);
171char *abac_idtype_with_sha(char*);
172abac_stack_t *abac_verifier_dump_creds();
173abac_id_credential_t *abac_verifier_add_id_credential(abac_id_t *a_id);
174
175/* from abac_id */
176int abac_id_lastone(abac_id_t *ptr);
177abac_id_t *abac_id_dup(abac_id_t *id);
178void abac_id_free(abac_id_t *id);
179char *abac_id_cn(abac_id_t *id);
180char *abac_id_keyid(abac_id_t *id);
181abac_id_t *abac_id_from_file(char *filename);
182int abac_id_load_privkey(abac_id_t *id, char *filename);
183int abac_id_write_privkey(abac_id_t *id, FILE *out);
184int abac_id_has_privkey(abac_id_t *id);
185void abac_id_write_cert(abac_id_t *id, FILE *out);
186int abac_id_generate(abac_id_t **ret, char *cn, int validity);
187abac_chunk_t abac_id_cert_chunk(abac_id_t *id);
188
189/* from abac_aspect */
190void abac_aspect_free(abac_aspect_t *);
191void abac_errx(int val, const char *string);
192
193/* from abac_pl_yap */
194void show_yap_db(const char *msg);
195
196/*
197 * Error codes for loading certificates.
198 */
199#define ABAC_CERT_SUCCESS           0   // certificate loaded, all is well
200#define ABAC_CERT_INVALID           -1  // invalid format; also file not found
201#define ABAC_CERT_BAD_SIG           -2  // invalid signature
202#define ABAC_CERT_MISSING_ISSUER    -3  // missing ID cert that issued the attribute cert
203#define ABAC_CERT_BAD_CN            -4  // ID cert is not matching CN=principal format
204#define ABAC_CERT_BAD_YAP           -5  // failed to insert into prolog engine
205#define ABAC_CERT_EXISTS            1   // ID already exists (does not default to a failure)
206
207#define ABAC_ID_SUCCESS                     0
208#define ABAC_ID_GENERATE_INVALID_CN        -1
209#define ABAC_ID_GENERATE_INVALID_VALIDITY  -2
210
211#define ABAC_ATTRIBUTE_SUCCESS              0
212#define ABAC_ATTRIBUTE_INVALID_ROLE        -1
213#define ABAC_ATTRIBUTE_INVALID_VALIDITY    -2
214#define ABAC_ATTRIBUTE_ISSUER_NOKEY        -3
215#define ABAC_ATTRIBUTE_FAIL                -4
216
217#define ABAC_TERM_SUCCESS                   0
218#define ABAC_TERM_FAIL                     -1
219
220
221#define USE(evalue) ((getenv(evalue)!=NULL)?1:0)
222
223#endif /* __ABAC_H__ */
Note: See TracBrowser for help on using the repository browser.