Context Navigation

source: libabac/abac.hh @ 5110d42

mei_rt2mei_rt2_fix_1

Last change on this file since 5110d42 was 5110d42, checked in by Mei <mei@…>, 12 years ago

1) reorganized the test directory to include python tests
2) attribute via api and principal via api from python scripts is

working (although there is a annoying seg fault at the very end
that must be related to something not been dup()ed.. need to wait
for c example to debug it)

3) able to query via api
4) replicated access_rt2 example in python and the query result matches
5) expanded api to make it easier to generate rt2 structure

Property mode set to 100644

File size: 30.5 KB

Line
1	#ifndef __ABAC_HH__
2	#define __ABAC_HH__
3
4	#include <string>
5	#include <vector>
6
7	namespace ABAC {
8	extern "C" {
9	#include "abac.h"
10	}
11
12	static int debug=0;
13
14	class Role;
15	class Oset;
16
17	class Constraint {
18	public:
19	Constraint() : m_constraint(NULL) { } // do not use: here for swig
20	Constraint(abac_condition_t *constraint):
21	m_constraint(abac_condition_dup(constraint))
22	{ }
23	Constraint(const Constraint &constraint) {
24	m_constraint =abac_condition_dup(constraint.m_constraint);
25	}
26	~Constraint() {
27	if(m_constraint) abac_condition_free(m_constraint);
28	}
29
30	/* range constraint */
31	Constraint(char *vartype) { m_constraint=abac_condition_create(vartype); }
32
33	/* [integer:?I[10 .. 20] */
34	/* [float:?F[0.5 .. 2.5] */
35	void add_constraint_integer_max(int val) {
36	abac_condition_add_range_integer_item(m_constraint,abac_max_item_type(),val);
37	}
38	void add_constraint_integer_min(int val) {
39	abac_condition_add_range_integer_item(m_constraint,abac_min_item_type(),val);
40	}
41	void add_constraint_integer_target(int val) {
42	abac_condition_add_range_integer_item(m_constraint,abac_target_item_type(),val);
43	}
44	void add_constraint_float_max(float val) {
45	abac_condition_add_range_float_item(m_constraint,abac_max_item_type(),val);
46	}
47	void add_constraint_float_min(float val) {
48	abac_condition_add_range_float_item(m_constraint,abac_min_item_type(),val);
49	}
50	void add_constraint_float_target(float val) {
51	abac_condition_add_range_float_item(m_constraint,abac_target_item_type(),val);
52	}
53	/* quoted string values */
54	/* [time:?T["20201101T182930"] */
55	void add_constraint_time_max(char* val) {
56	abac_condition_add_range_time_item(m_constraint,abac_max_item_type(),val);
57	}
58	void add_constraint_time_min(char* val) {
59	abac_condition_add_range_time_item(m_constraint,abac_min_item_type(),val);
60	}
61	void add_constraint_time_target(char* val) {
62	abac_condition_add_range_time_item(m_constraint,abac_target_item_type(),val);
63	}
64	/* [urn:?U["fileA","http://fileB"] -only listed range */
65	void add_constraint_urn_target(char* val) {
66	abac_condition_add_range_urn_item(m_constraint,val);
67	}
68	/* [string:?S["abc",'efg',"hij"] -only listed range */
69	void add_constraint_string_target(char* val) {
70	abac_condition_add_range_string_item(m_constraint,val);
71	}
72	/[boolean:?B['true']] /
73	void add_constraint_boolean_target(char* val) {
74	abac_condition_add_range_boolean_item(m_constraint,val);
75	}
76
77
78	/* [oset:?O[{oset-constraint}] */
79	/* [role:?R[{role-constraint}] */
80	/* [urn:?F[keyid:$alpha_keyid].oset:documents([string:?P])] */
81	/* role constraint */
82	Constraint(Role *role);
83	/* oset constraint */
84	Constraint(Oset *oset);
85	char *string() const {
86	return abac_condition_string(m_constraint);
87	}
88	char *typed_string() const {
89	return abac_condition_typed_string(m_constraint);
90	}
91	abac_condition_t *constraint()
92	{ return m_constraint; }
93	private:
94	abac_condition_t *m_constraint;
95	};
96
97	/* XXX need to track the principal [keyid:alice] so can generate
98	the id_type_clause within attribute clause */
99	class DataTerm {
100	public:
101	DataTerm() : m_term(NULL) { } // do not use: here for swig
102	DataTerm(abac_term_t *term) {
103	m_term=abac_term_dup(term);
104	abac_condition_t *constraint=abac_term_constraint(m_term);
105	if(constraint) m_cond=new Constraint(constraint);
106	else m_cond=NULL;
107	}
108	DataTerm(const DataTerm &term) {
109	m_term =abac_term_dup(term.m_term);
110	abac_condition_t *constraint=abac_term_constraint(m_term);
111	if(constraint) m_cond=new Constraint(constraint);
112	else m_cond=NULL;
113	}
114	~DataTerm() {
115	if(m_term) abac_term_free(m_term);
116	if(m_cond) free(m_cond);
117	}
118	/* this is for named principal data term */
119	DataTerm(char *sha) {
120	if(debug) printf("adding a Dataterm named principal(%s)\n",sha);
121	int isnamed=1;
122	int type=e_TERM_PRINCIPAL;
123	m_term=abac_term_named_create(type,sha);
124	}
125	/* can be an a variable data term or a specific value */
126	DataTerm(char* typenm, char name, Constraint cond=NULL) {
127	int type=abac_verify_term_type(typenm);
128	if(debug) printf("adding a Dataterm (%s)\n",name);
129	if(type==ABAC_TERM_FAIL)
130	abac_errx(1, "DataTerm, fail to create the term");
131	if(cond) {
132	m_cond=cond;
133	m_term=abac_term_create(type,name,cond->constraint());
134	} else {
135	m_cond=NULL;
136	m_term=abac_term_create(type,name,NULL);
137	}
138	}
139	char *string() const {
140	return abac_term_string(m_term);
141	}
142	char *typed_string() const {
143	return abac_term_typed_string(m_term);
144	}
145	bool is_time() const {
146	return abac_term_is_time_type(m_term);
147	}
148	bool is_string() const {
149	return abac_term_is_string_type(m_term);
150	}
151	bool is_urn() const {
152	return abac_term_is_urn_type(m_term);
153	}
154	bool is_integer() const {
155	return abac_term_is_integer_type(m_term);
156	}
157	/* Add a constraint to this term. */
158	int add_constraint(Constraint& cond) {
159	m_cond=new Constraint(cond);
160	abac_term_add_constraint(m_term, m_cond->constraint());
161	}
162	int type() {
163	abac_term_type(m_term);
164	}
165	char *name() {
166	return abac_term_name(m_term);
167	}
168	char *value() {
169	/* ??? value XXX */
170	}
171	Constraint *constraint() {
172	return m_cond;
173	}
174	abac_term_t *term() {
175	return m_term;
176	}
177
178	private:
179	abac_term_t *m_term;
180	Constraint *m_cond;
181	};
182
183
184	class Role {
185	public:
186	Role() : m_role(NULL) { } // do not use: here for swig
187	Role(abac_aspect_t *role): m_role(abac_aspect_dup(role))
188	{ }
189	Role(char *principal_name) :
190	m_role(abac_aspect_role_principal_create(principal_name))
191	{ }
192	Role(char principal_name, char role_name) :
193	m_role(abac_aspect_role_create(principal_name, role_name))
194	{ }
195	Role(const Role &role) {
196	m_role = abac_aspect_dup(role.m_role);
197	}
198	~Role() {
199	if (m_role) abac_aspect_free(m_role);
200	}
201	bool is_principal() const {
202	return abac_aspect_is_principal(m_role);
203	}
204	bool is_linking() const {
205	return abac_aspect_is_linking(m_role);
206	}
207	char *string() const {
208	return abac_aspect_string(m_role);
209	}
210	char *typed_string() {
211	char* string=abac_aspect_typed_string(m_role);
212	return string;
213	}
214	char *linked_role() const {
215	return abac_aspect_linked_role_name(m_role);
216	}
217	char *role_name() const {
218	return abac_aspect_aspect_name(m_role);
219	}
220	char *principal() const {
221	return abac_aspect_principal_name(m_role);
222	}
223	/* Add a data term to this name. */
224	int add_data_term(DataTerm& d) {
225	abac_aspect_add_param(m_role, d.term());
226	return 1;
227	}
228	/* Return the DataTerms bound to this name. If the name is returned
229	in a proof, these will all have values. */
230	std::vector<DataTerm> get_data_terms(bool &success) {
231	abac_term_t terms, end;
232	int i;
233	terms = abac_param_list_vectorize(abac_aspect_aspect_params(m_role));
234	for (i = 0; terms[i] != NULL; ++i)
235	;
236	end = &terms[i];
237	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
238	abac_terms_free(terms);
239	success=1;
240	return dataterms;
241	}
242	int add_linking_data_term(DataTerm& d) {
243	abac_aspect_add_linked_param(m_role, d.term());
244	return 1;
245	}
246	std::vector<DataTerm> get_linked_data_terms(bool &success) {
247	abac_term_t terms, end;
248	int i;
249	terms = abac_param_list_vectorize(abac_aspect_linked_role_params(m_role));
250	for (i = 0; terms[i] != NULL; ++i)
251	;
252	end = &terms[i];
253	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
254	abac_terms_free(terms);
255	success=1;
256	return dataterms;
257	}
258	abac_aspect_t *role() {return m_role;}
259	private:
260	abac_aspect_t *m_role;
261	};
262
263	class Oset {
264	public:
265	Oset() : m_oset(NULL) { } // do not use: here for swig
266	Oset(abac_aspect_t *oset): m_oset(abac_aspect_dup(oset))
267	{ }
268	Oset(char *oset_name) : m_oset(abac_aspect_oset_principal_create(oset_name))
269	{ }
270	Oset(char principal_name, char oset_name) :
271	m_oset(abac_aspect_oset_create(principal_name, oset_name))
272	{ }
273	Oset(DataTerm& d) :
274	m_oset(abac_aspect_oset_object_create(d.term()))
275	{ }
276	Oset(const Oset &oset) {
277	m_oset =abac_aspect_dup(oset.m_oset);
278	}
279	~Oset() {
280	if(m_oset) abac_aspect_free(m_oset);
281	}
282	bool is_object() const {
283	return abac_aspect_is_object(m_oset);
284	}
285	bool is_principal() const {
286	return abac_aspect_is_principal(m_oset);
287	}
288	bool is_linking() const {
289	return abac_aspect_is_linking(m_oset);
290	}
291	char *string() const {
292	return abac_aspect_string(m_oset);
293	}
294	char *typed_string() {
295	char* string=abac_aspect_typed_string(m_oset);
296	return string;
297	}
298	char *linked_role() const {
299	return abac_aspect_linked_role_name(m_oset);
300	}
301	char *oset_name() const {
302	return abac_aspect_aspect_name(m_oset);
303	}
304	char *principal() const {
305	return abac_aspect_principal_name(m_oset);
306	}
307	char *object() const {
308	return abac_aspect_object_name(m_oset);
309	}
310	/* Add a data term to this name. */
311	int add_data_term(DataTerm& d) {
312	abac_aspect_add_param(m_oset, d.term());
313	return 1;
314	}
315	/* Return the DataTerms bound to this name. If the name is returned
316	in a proof, these will all have values. */
317	std::vector<DataTerm> get_data_terms(bool &success) {
318	abac_term_t terms, end;
319	int i;
320	terms = abac_param_list_vectorize(abac_aspect_aspect_params(m_oset));
321	for (i = 0; terms[i] != NULL; ++i)
322	;
323	end = &terms[i];
324	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
325	abac_terms_free(terms);
326	success=1;
327	return dataterms;
328	}
329	int add_linking_data_term(DataTerm& d) {
330	abac_aspect_add_linked_param(m_oset, d.term());
331	return 1;
332	}
333	std::vector<DataTerm> get_linked_data_terms(bool &success) {
334	abac_term_t terms, end;
335	int i;
336	terms = abac_param_list_vectorize(abac_aspect_linked_role_params(m_oset));
337	for (i = 0; terms[i] != NULL; ++i)
338	;
339	end = &terms[i];
340	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
341	abac_terms_free(terms);
342	success=1;
343	return dataterms;
344	}
345	abac_aspect_t *oset() {return m_oset;}
346	private:
347	abac_aspect_t *m_oset;
348	};
349
350
351	class ID {
352	public:
353	ID() : m_id(NULL) { } // do not use: here for swig
354	ID(abac_id_t *id): m_id(abac_id_dup(id))
355	{ }
356	ID(abac_id_credential_t *idcred) {
357	if(idcred)
358	m_id=abac_id_dup(abac_id_credential_id(idcred));
359	else m_id=NULL;
360	}
361	ID(const ID &id) { m_id =abac_id_dup(id.m_id); }
362	~ID() { if(m_id) abac_id_free(m_id); }
363
364	/* load an ID cert from a file
365	Will throw an exception if the cert cannot be loaded */
366	ID(char *filename) {
367	m_id=abac_id_from_file(filename);
368	if(m_id==NULL)
369	abac_errx(1, "Id creation from filename failed");
370	}
371	/* generates a new ID with the supplied CN and validity period
372	- CN must be alphanumeric and begin with a letter
373	- validity must be at least one second
374	Will throw an exception if either of the above is violated */
375	ID(char *cn, int validity) {
376	int rt=abac_id_generate(&m_id, cn, validity);
377	if(rt != ABAC_ID_SUCCESS)
378	abac_errx(1, "Id creation failed");
379	}
380	/* loads the private key associated with the cert
381	will throw an exception if the key cannot be loaded */
382	void load_privkey(char *filename) {
383	int rt=abac_id_load_privkey_file(m_id, filename);
384	if(rt != 1)
385	abac_errx(1, "Failed to load private key");
386	}
387	abac_id_t *id() { return m_id; }
388
389	/* returns the SHA1 keyid of the cert */
390	char *keyid() { return abac_id_keyid(m_id); }
391	/* returns the CN */
392	char *name() { return abac_id_cn(m_id); }
393	/* returns true if the ID has an associated private key */
394	bool has_privkey() {
395	return abac_id_has_privkey(m_id);
396	}
397	/* writes a PEM-encoded cert to the file handle */
398	void write_cert(FILE *out) {
399	abac_id_write_cert(m_id, out);
400	}
401	/* writes a PEM-encoded cert to a file named out */
402	void write_cert(char *filename) {
403	FILE *out = fopen(filename, "a");
404	write_cert(out);
405	fclose(out);
406	}
407	/* writes a PEM-encoded private key to the file handle
408	throws an exception if no private key is loaded */
409	void write_privkey(FILE *out) {
410	if(!has_privkey())
411	abac_errx(1, "No privkey to write");
412	abac_id_write_privkey(m_id, out);
413	}
414	/* writes a PEM-encoded private key a file named out
415	throws an exception if no private key is loaded */
416	void write_privkey(char *filename) {
417	FILE *out = fopen(filename, "a");
418	write_privkey(out);
419	fclose(out);
420	}
421	/* returns a DER-encoded binary representation of the X.509 ID cert
422	associated with this ID.
423	can be passed to libabac's Context::load_id_chunk() */
424	abac_chunk_t cert_chunk() {
425	return abac_id_cert_chunk(m_id);
426	}
427	char *string() {
428	char *tmp=NULL;
429	if(has_privkey())
430	asprintf(&tmp,"(%s,%s,y)",abac_id_name(m_id),abac_id_idtype_string(m_id));
431	else asprintf(&tmp,"(%s,%s,n)",abac_id_name(m_id),abac_id_idtype_string(m_id));
432	return tmp;
433	}
434	public:
435	abac_id_t *m_id;
436	};
437
438
439	/* N.B., The way you use this class is by instantiating the object, adding
440	subjects to it, and then baking it. Only once it's baked can you access the
441	X.509 cert. Once it's been baked you can no longer add subjects to it. */
442	class Attribute {
443	public:
444	Attribute() : m_attr(NULL) { } // do not use: here for swig
445	Attribute(abac_attribute_t *attr): m_attr(abac_attribute_dup(attr))
446	{ }
447	Attribute(abac_credential_t *cred) {
448	m_attr=abac_attribute_dup(abac_credential_attribute(cred));
449	}
450	Attribute(const Attribute &id) {
451	m_attr =abac_attribute_dup(id.m_attr);
452	}
453	~Attribute() {
454	if(m_attr) abac_attribute_free(m_attr);
455	}
456	/* Create an object to be signed by the given issuer with the given role
457	and validity period
458	An exception will be thrown if:
459	- the issuer has no private key
460	- the Head is invalid
461	- the validity period is invalid (must be >= 1 second) */
462	Attribute(Role& head, int validity) {
463	int rt=abac_attribute_create(&m_attr, head.role(), NULL, validity);
464	if(rt!=ABAC_ATTRIBUTE_SUCCESS)
465	abac_errx(1, "attribute(role), unable to make an attribute");
466	}
467	Attribute(Oset& head, int validity) {
468	int rt=abac_attribute_create(&m_attr, head.oset(), NULL, validity);
469	if(rt!=ABAC_ATTRIBUTE_SUCCESS)
470	abac_errx(1, "attribute(oset), unable to make an attribute");
471	}
472	bool add_tail(Role& tail) {
473	if(abac_attribute_add_tail(m_attr, tail.role()))
474	return 1;
475	else return 0;
476	}
477	bool add_tail(Oset& tail) {
478	if(abac_attribute_add_tail(m_attr, tail.oset()))
479	return 1;
480	else return 0;
481	}
482	char *head_string() {
483	abac_aspect_t *head=abac_attribute_head(m_attr);
484	char *string=abac_aspect_string(head);
485	return string;
486	}
487	char *tail_string() {
488	abac_aspect_t *tail=abac_attribute_tail(m_attr);
489	char *string=abac_aspect_string(tail);
490	return string;
491	}
492	char *head_typed_string() {
493	abac_aspect_t *head=abac_attribute_head(m_attr);
494	char *string=abac_aspect_typed_string(head);
495	return string;
496	}
497	char *tail_typed_string() {
498	abac_aspect_t *tail=abac_attribute_tail(m_attr);
499	char *string=abac_aspect_typed_string(tail);
500	return string;
501	}
502	char *string() {
503	char *head=head_string();
504	char *tail=tail_string();
505	if(head==NULL \|\| tail==NULL)
506	abac_errx(1, "attribute string, head and tail can not be NULL");
507	char *tmp=NULL;
508	asprintf(&tmp,"%s<-%s",head,tail);
509	return tmp;
510	}
511	char *typed_string() {
512	char *head=head_typed_string();
513	char *tail=tail_typed_string();
514	if(head==NULL \|\| tail==NULL)
515	abac_errx(1, "attribute string, head and tail can not be NULL");
516	char *tmp=NULL;
517	asprintf(&tmp,"%s<-%s",head,tail);
518	return tmp;
519	}
520	const Role &role_head() {
521	abac_aspect_t *head=abac_attribute_head(m_attr);
522	static Role role=Role(head);
523	return role;
524	}
525	const Oset &oset_head() {
526	abac_aspect_t *head=abac_attribute_tail(m_attr);
527	static Oset oset=Oset(head);
528	return oset;
529	}
530	std::vector<Role> role_tails(bool &success) {
531	abac_aspect_t tails, end;
532	int i;
533	tails = abac_attribute_tail_vectorized(m_attr);
534	for (i = 0; tails[i] != NULL; ++i)
535	;
536	end = &tails[i];
537	std::vector<Role> roles = std::vector<Role>(tails, end);
538	abac_aspects_free(tails);
539	success=1;
540	return roles;
541	}
542	std::vector<Oset> oset_tails(bool &success) {
543	abac_aspect_t tails, end;
544	int i;
545	tails = abac_attribute_tail_vectorized(m_attr);
546	for (i = 0; tails[i] != NULL; ++i)
547	;
548	end = &tails[i];
549	std::vector<Oset> osets = std::vector<Oset>(tails, end);
550	success=1;
551	abac_aspects_free(tails);
552	return osets;
553	}
554	abac_attribute_t *attribute() { return m_attr; }
555
556	/* Generate the cert. Call this after you've added subjects to your cert.
557	This returns false if there are no subjects
558	This will throw an exception if the cert's already been baked. */
559	bool bake() {
560	/* can not bake in ABAC_CN mode */
561	if(USE("ABAC_CN"))
562	abac_errx(1, "bake, can not bake the cert with env(ABAC_CN) set");
563	int rt=abac_attribute_bake(m_attr);
564	if(rt!=1)
565	abac_errx(1, "bake, can not bake the cert");
566	}
567	/* Returns true iff the cert has been baked. */
568	bool baked() {
569	return abac_attribute_baked(m_attr);
570	}
571	/* Write the DER-encoded X.509 attribute cert to the open file handle
572	Throws an exception if the cert isn't baked */
573	void write_cert(FILE *out) {
574	int rt= abac_attribute_write(m_attr,out);
575	if(!rt)
576	abac_errx(1, "write, cert is not baked");
577	}
578	/* Write the DER-encoded X.509 attribute cert to a file named out
579	Throws an exception if the cert isn't baked */
580	void write_cert(char *filename) {
581	FILE *out = fopen(filename, "w");
582	printf("writing to %s\n", filename);
583	write_cert(out);
584	printf("done writing to %s\n", filename);
585	fclose(out);
586	}
587	/* returns a DER-encoded binary representation of the X.509 attribute
588	cert associated with this cert
589	Throws an exception if the cert isn't baked
590	the chunk can be passed to libabac's Context::load_attribute_chunk() */
591	abac_chunk_t cert_chunk() {
592	return abac_attribute_cert_chunk(m_attr);
593	}
594	/* generate yap clauses and injected into db */
595	int consume() {
596	/* attribute needs to be baked */
597	if(!baked()) {
598	return ABAC_ATTRIBUTE_FAIL;
599	}
600	}
601	private:
602	abac_attribute_t *m_attr;
603	};
604
605
606	class Context {
607	public:
608	Context() { m_ctx = abac_context_new(); m_abac_version=strdup("1.0"); }
609	Context(const Context &context) {
610	m_ctx = abac_context_dup(context.m_ctx);
611	m_abac_version=strdup(context.m_abac_version);
612	}
613	~Context() {
614	abac_context_free(m_ctx);
615	if(m_abac_version) free(m_abac_version);
616	}
617
618	/* load an identity certificate, returns:
619	ABAC_CERT_SUCCESS successfully loaded
620	ABAC_CERT_INVALID invalid certificate (or file not found)
621	ABAC_CERT_BAD_SIG invalid signature */
622	void dump_yap() {
623	show_yap_db("dump_yap");
624	}
625	int load_id(ABAC::ID& id) {
626	return abac_context_load_id_id(m_ctx, id.id());
627	}
628	int load_id_file(char *filename) {
629	return abac_context_load_id_idkey_file(m_ctx, filename);
630	}
631	int load_id_file(char filename, char keyfilename) {
632	return abac_context_load_id_id_file_key_file(m_ctx, filename, keyfilename);
633	}
634	int load_id_chunk(abac_chunk_t cert) {
635	return abac_context_load_id_chunk(m_ctx, cert);
636	}
637	/* load an attribute certificate, returns the same values as above
638	* additionally can return ABAC_CERT_MISSING_ISSUER if the issuer
639	certificate has not been loaded */
640	int load_attribute(ABAC::Attribute& a) {
641	return abac_context_load_attribute_attribute(m_ctx, a.attribute());
642	}
643	int load_attribute_file(char *filename) {
644	return abac_context_load_attribute_file(m_ctx, filename);
645	}
646	int load_attribute_chunk(abac_chunk_t cert) {
647	return abac_context_load_attribute_chunk(m_ctx, cert);
648	}
649	/* load a directory full of certificates:
650	first: ${path}/*_ID.{der,pem} as identity certificates
651	then: ${path}/_attr.der as attribute certificates /
652	void load_directory(char *path) {
653	abac_context_load_directory(m_ctx, path);
654	}
655	/* run the query:
656	role <-?- principal
657	returns true/false in success
658	returns a proof upon success, partial proof on failure */
659	/* the string version is for query that is composed by hand with SHA or
660	in non ABAC_CN mode */
661	std::vector<Attribute> query(char role, char principal, bool &success) {
662	abac_credential_t creds, end;
663	int i, success_int;
664
665	creds = abac_context_query(m_ctx, role, principal, &success_int);
666	success = success_int;
667
668	for (i = 0; creds[i] != NULL; ++i)
669	;
670
671	end = &creds[i];
672	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
673	if(debug) printf("query, got rules(%d)\n", i);
674
675	abac_context_credentials_free(creds);
676
677	return attributes;
678	}
679
680	/* another way */
681	std::vector<Attribute> query(Role &role, Role &p_role, bool &success) {
682	abac_credential_t creds, end;
683	int i, success_int;
684
685	/* make sure retrieving SHA not CN embedded string */
686	ABAC_IN_QUERY=1;
687	char *role_str=role.typed_string();
688	char *p_role_str=p_role.typed_string();
689	ABAC_IN_QUERY=0;
690	if(debug) {
691	printf("query with %s\n",role_str);
692	printf(" and %s\n",p_role_str);
693	}
694	creds = abac_context_query(m_ctx, role_str, p_role_str, &success_int);
695	success = success_int;
696
697	for (i = 0; creds[i] != NULL; ++i)
698	;
699
700	end = &creds[i];
701	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
702
703	abac_context_credentials_free(creds);
704	free(role_str);
705	free(p_role_str);
706
707	return attributes;
708	}
709
710	std::vector<Attribute> query(Oset &oset, Oset &p_oset, bool &success) {
711	abac_credential_t creds, end;
712	int i, success_int;
713	/* make sure retrieving SHA not CN embedded string */
714
715	ABAC_IN_QUERY++;
716	char *oset_str=oset.typed_string();
717	char *p_oset_str=p_oset.typed_string();
718	ABAC_IN_QUERY--;
719
720	creds = abac_context_query(m_ctx, oset_str, p_oset_str, &success_int);
721	success = success_int;
722
723	for (i = 0; creds[i] != NULL; ++i)
724	;
725
726	end = &creds[i];
727	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
728	if(debug) printf("query, returning rules(%d)\n", i);
729
730	abac_context_credentials_free(creds);
731	free(oset_str);
732	free(p_oset_str);
733
734	return attributes;
735	}
736
737	/* returns a vector of all the credentials loaded in the context */
738	std::vector<Attribute> context_credentials(bool &success) {
739	abac_credential_t creds, end;
740	int i;
741	success = 1;
742
743	creds = abac_context_credentials(m_ctx);
744	for (i = 0; creds[i] != NULL; ++i)
745	;
746
747	end = &creds[i];
748	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
749	if(debug) printf("credentials, got (%d)\n", i);
750
751	abac_context_credentials_free(creds);
752	if(debug) show_yap_db("calling from context_credentials");
753	return attributes;
754	}
755
756	/* returns a vector of all the principals loaded in the context */
757	std::vector<ID> context_principals(bool &success) {
758	abac_id_credential_t ids, end;
759	int i;
760	success = 1;
761
762	ids = abac_context_principals(m_ctx);
763	for (i = 0; ids[i] != NULL; ++i)
764	;
765
766	end = &ids[i];
767	std::vector<ID> principals = std::vector<ID>(ids, end);
768	if(debug) printf("principals, got (%d)\n", i);
769
770	abac_context_principals_free(ids);
771	return principals;
772	}
773
774	char *version() const { return m_abac_version; }
775
776	private:
777	abac_context_t *m_ctx;
778	char *m_abac_version;
779	};
780
781	Constraint::Constraint(Role *role)
782	{ m_constraint=abac_condition_create_from_aspect(role->role()); }
783	Constraint::Constraint(Oset *oset)
784	{ m_constraint=abac_condition_create_from_aspect(oset->oset()); }
785	}
786
787	#endif /* __ABAC_HH__ */

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac.hh @ 5110d42

Download in other formats: