Context Navigation

source: libabac/abac.hh @ d0efdec

mei_rt2

Last change on this file since d0efdec was 2e9455f, checked in by Mei <mei@…>, 11 years ago
1) added namespace 2) tweak ?This, 3) allowing linking role/oset as constraining conditions 4) adding access_tests regression testing that uses GENI's access policy 5) added couple multi contexts regression tests 6) add compression/uncompression calls to abac_encode_string/abac_decode_string (libstrongwan only allows 512 char for attribute rule storage) 7) add attribute_now option to creddy that takes a whole char string for attribute rule
Property mode set to `100644`
File size: 51.5 KB

Line
1	#ifndef __ABAC_HH__
2	#define __ABAC_HH__
3
4	#include <string>
5	#include <vector>
6
7	namespace ABAC {
8	extern "C" {
9	#include "abac.h"
10	}
11	static int debug=0;
12	class Role;
13	class Oset;
14	class ID;
15
16	/***
17	ABAC::dump_yap_db()
18	Dump the complete yap prolog database
19	(C:show_yap_db)
20	ABAC::dump_debug_info()
21	Dump debug info on whole session
22	(C:show_debug_info)
23	***/
24	void dump_yap_db()
25	{ show_yap_db("dump_yap"); }
26	void dump_debug_info(const char *msg)
27	{ show_debug_info(msg); }
28	/***
29	ABAC::Constraint
30	Constraint on a data term.
31	There are 3 types:
32	- Role constraint on a principal
33	- Oset constraint on a principal, or a data object
34	- Range/List constraint on a data object
35	It holds a ptr to a abac_condition_t structure
36	***/
37	class Constraint {
38	public:
39	/***
40	f Constraint()
41	default constructor, do not use, for swig only
42	f Constraint(const Constraint &)
43	copy constructor, used for cloning a constraint
44	(C:abac_condition_dup)
45	f ~Constraint()
46	default destructor
47	(C:abac_condition_free)
48	***/
49	Constraint() : m_constraint(NULL) { }
50	Constraint(const Constraint &constraint) {
51	m_constraint=abac_condition_dup(constraint.m_constraint);
52	}
53	~Constraint() {
54	if(m_constraint) abac_condition_free(m_constraint);
55	}
56	/***
57	f Constraint(Role &)
58	constructor that takes a constraining role
59	[role:?R[{role-constraint}]
60	(C:abac_constraint_from_role)
61	f Constraint(Oset &)
62	constructor that takes a constraining oset
63	[oset:?O[{oset-constraint}]
64	[urn:?F[keyid:$alpha_keyid].oset:documents([string:?P])]
65	(C:abac_constraint_from_oset)
66	f Constraint(char *)
67	constructor that takes one of following string
68	as its vartype to set up a range constraint:
69	"integer"
70	"urn"
71	"float"
72	"boolean"
73	"time"
74	"string"
75	it should be followed with one or many of following utility
76	calls.
77	(C:abac_constraint_create)
78	***/
79	Constraint(Role& role); /* defined later in the class */
80	Constraint(Oset& oset); /* defined later in the class */
81	Constraint(char *vartype)
82	{ m_constraint=abac_constraint_create(vartype); }
83	/ii*
84	f Constraint(abac_condition_t *)
85	internal constructor that takes an abac_condition_t structure
86	(C:abac_condition_dup)
87	*ii/
88	Constraint(abac_condition_t *constraint):
89	m_constraint(abac_condition_dup(constraint))
90	{ }
91	/***
92	f void constraint_add_integer_max(int)
93	(C:abac_constraint_add_integer_max)
94	void constraint_add_integer_min(int)
95	utility routines to setup a integer range constraint
96	[integer:?I[10 .. 20]]
97	(C:abac_constraint_add_integer_min)
98	f void constraint_add_integer_target(int)
99	utility routine to setup a integer list constraint
100	[integer:?I[10,20]]
101	(C:abac_constraint_add_integer_target)
102	***/
103	void constraint_add_integer_max(int val)
104	{ abac_constraint_add_integer_max(m_constraint,val); }
105	void constraint_add_integer_min(int val)
106	{ abac_constraint_add_integer_min(m_constraint,val); }
107	void constraint_add_integer_target(int val)
108	{ abac_constraint_add_integer_target(m_constraint,val); }
109	/***
110	f void constraint_add_float_max(float)
111	(C:abac_constraint_add_float_max)
112	void constraint_add_float_min(float)
113	utility routines to setup a float range constraint
114	[float:?F[1.0 .. 2.5]]
115	(C:abac_constraint_add_float_min)
116	f void constraint_add_float_target(float)
117	utility routine to setup a float list constraint
118	[float:?F[0.5, 2.5]]
119	(C:abac_constraint_add_float_target)
120	***/
121	void constraint_add_float_max(float val)
122	{ abac_constraint_add_float_max(m_constraint,val); }
123	void constraint_add_float_min(float val)
124	{ abac_constraint_add_float_min(m_constraint,val); }
125	void constraint_add_float_target(float val)
126	{ abac_constraint_add_float_target(m_constraint,val); }
127	/***
128	f void constraint_add_time_max(char*)
129	(C:abac_constraint_add_time_max)
130	void constraint_add_time_min(char*)
131	utility routines to setup a time range constraint,
132	takes quoted string values, beyond T is optional
133	[time:?F["20120228T" .. "20120228T090000"]]
134	(C:abac_constraint_add_time_min)
135	f void constraint_add_time_target(char*)
136	utility routine to setup a time list constraint
137	[time:?M["20201101T182930","20201101T"]]
138	(C:abac_constraint_add_time_target)
139	***/
140	void constraint_add_time_max(char* val)
141	{ abac_constraint_add_time_max(m_constraint,val); }
142	void constraint_add_time_min(char* val)
143	{ abac_constraint_add_time_min(m_constraint,val); }
144	void constraint_add_time_target(char* val)
145	{ abac_constraint_add_time_target(m_constraint,val); }
146	/***
147	f void constraint_add_urn_target(char*)
148	utility routine to setup a an urn list constraint
149	[urn:?U["fileA","http://fileB"]]
150	(C:abac_constraint_add_urn_target)
151	f void constraint_add_string_target(char*)
152	utility routine to setup a a string list constraint
153	[string:?S["abc",'efg',"hij"]]
154	(C:abac_constraint_add_string_target)
155	f void constraint_add_boolean_target(char*)
156	utility routine to setup a a boolean list constraint
157	[boolean:?B['true']]
158	(C:abac_constraint_add_boolean_target)
159	***/
160	void constraint_add_urn_target(char* val)
161	{ abac_constraint_add_urn_target(m_constraint,val); }
162	void constraint_add_string_target(char* val)
163	{ abac_constraint_add_string_target(m_constraint,val); }
164	void constraint_add_boolean_target(char* val)
165	{ abac_constraint_add_boolean_target(m_constraint,val); }
166	/***
167	f char *string() const
168	returns literal string of the constraint
169	(C:abac_constraint_string)
170	f char *typed_string() const
171	returns typed literal string of the constraint
172	(C:abac_constraint_typed_string)
173	***/
174	char *string() const
175	{ return abac_constraint_string(m_constraint); }
176	char *typed_string() const
177	{ return abac_constraint_typed_string(m_constraint); }
178	/ii*
179	f abac_condition_t *constraint()
180	internal returns internal constraint structure
181	(S:abac_condition_t)
182	*ii/
183	abac_condition_t *constraint() { return m_constraint; }
184	private:
185	abac_condition_t *m_constraint;
186	};
187
188	/***
189	ABAC::DataTerm
190	A data term is associated with Role or Oset as a parameter that
191	maybe be instantiated, or uninstantiated but being constrained,
192	or as a principal oset term (standalone right handside of an oset
193	policy rule). It holds a pointer to a abac_term_t structure.
194	Types of data terms are:
195	"integer"
196	"urn"
197	"float"
198	"boolean"
199	"string"
200	"time"
201	"principal"
202	"anonymous"
203	"this"
204	***/
205	class DataTerm {
206	public:
207	/***
208	f DataTerm()
209	default constructor, do not use, for swig only
210	f DataTerm(const DataTerm &)
211	copy constructor, used for cloning a data term
212	(C:abac_term_dup)
213	f ~DataTerm()
214	default destructor
215	(C:abac_term_free)
216	***/
217	DataTerm() : m_term(NULL) { } // do not use: here for swig
218	DataTerm(const DataTerm &dterm) {
219	m_term=abac_term_dup(dterm.m_term);
220	}
221	~DataTerm() {
222	if(m_term) abac_term_free(m_term);
223	}
224	/ii*
225	f DataTerm(abac_term_t *)
226	internal constructor to make data term from abac_term_t structure
227	(C:abac_term_dup)
228	*ii/
229	DataTerm(abac_term_t *term)
230	{ m_term=abac_term_dup(term); }
231	/***
232	f DataTerm(char*)
233	constructor to make named principal data term for the oset RHS
234	if "this" is supplied, a term with tyep=e_TERM_THIS is created
235	if "anonymous" is supplied, a term with type=e_TERM_ANONYMOUS is created
236	(C:abac_term_named_create)
237	f DataTerm(const ID&)
238	constructor to make named principal data term for parameter term
239	(C:abac_term_id_create)
240	f DataTerm(char, char, Constraint*)
241	constructor for making a variable data term
242	(C:abac_term_create)
243	f DataTerm(char, char)
244	constructor for making an instantiated data term
245	(C:abac_term_create)
246	***/
247	DataTerm(char *name) {
248	if(debug) printf("adding a Dataterm named principal(%s)\n",name);
249	m_term=abac_term_named_create(name);
250	}
251	DataTerm(ID& id); /* defined later in the class */
252	DataTerm(char* typenm, char name, Constraint cond) {
253	if(debug) printf("adding a Dataterm (%s)\n",name);
254	m_term=abac_term_create(typenm,name,cond->constraint());
255	}
256	DataTerm(char* typenm, char *name) {
257	if(debug) printf("adding a Dataterm (%s)\n",name);
258	m_term=abac_term_create(typenm,name,NULL);
259	}
260	/***
261	f char *string() const
262	returns literal string of the data term
263	(C:abac_term_string)
264	f char *typed_string() const
265	returns typed literal string of the data term
266	(C:abac_term_typed_string)
267	***/
268	char *string() const
269	{ return abac_term_string(m_term); }
270	char *typed_string() const
271	{ return abac_term_typed_string(m_term); }
272	/***
273	f bool term_is_time() const
274	(C:abac_term_is_time)
275	bool term_is_string() const
276	(C:abac_term_is_string)
277	bool term_is_urn() const
278	(C:abac_term_is_urn)
279	bool term_is_integer() const
280	(C:abac_term_is_integer)
281	returns true if data term is of certain type
282	***/
283	bool term_is_time() const
284	{ return abac_term_is_time(m_term); }
285	bool term_is_string() const
286	{ return abac_term_is_string(m_term); }
287	bool term_is_urn() const
288	{ return abac_term_is_urn(m_term); }
289	bool term_is_integer() const
290	{ return abac_term_is_integer(m_term); }
291	/***
292	f int term_add_constraint(Contraint&)
293	utiltiy routine to add a constraint to this data term
294	(C:abac_term_add_constraint)
295	***/
296	int term_add_constraint(Constraint& cond) {
297	abac_term_add_constraint(m_term, cond.constraint());
298	return 1;
299	}
300	/***
301	f int term_type() const
302	returns subtype of the data term
303	(C:abac_term_type)
304	f char *term_name() const
305	returns the name of the data term
306	(C:abac_term_name)
307	***/
308	int term_type() const
309	{ abac_term_type(m_term); }
310	char *term_name() const
311	{ return abac_term_name(m_term); }
312	/ii*
313	f abac_term_t *term()
314	returns abac_term_t term structure
315	(S:abac_term_t)
316	*ii/
317	abac_term_t *term() { return m_term; }
318	private:
319	abac_term_t *m_term;
320	};
321
322
323	/***
324	ABAC::Role
325	A Role is role specification of a set of entitities for a principal
326	***/
327	class Role {
328	public:
329	/***
330	f Role()
331	default constructor, do not use, for swig only
332	f Role(const Role &)
333	copy constructor, used for cloning a role
334	(C:abac_aspect_dup)
335	f ~Role()
336	default destructor
337	(C:abac_aspect_free)
338	***/
339	Role() : m_role(NULL) { } // do not use: here for swig
340	Role(const Role &role) {
341	m_role = abac_aspect_dup(role.m_role);
342	}
343	~Role() {
344	if (m_role) abac_aspect_free(m_role);
345	}
346	/ii*
347	f Role(abac_aspect_t*)
348	constructor that takes an abac_aspect_t structure
349	(C:abac_aspect_dup)
350	*ii/
351	Role(abac_aspect_t *role): m_role(abac_aspect_dup(role))
352	{ }
353	/***
354	f Role(char*)
355	constructor that builds a bare bone role with just principal's name
356	(C:abac_role_principal_create)
357	f Role(char, char)
358	constructor that builds a bare bone role with just principal's name
359	and a role name
360	(C:abac_role_create)
361	f Role(char, char, char*)
362	constructor that builds a bare bone role with just principal's name
363	and a linking role name and a role name
364	(C:abac_role_linked_create)
365	***/
366	Role(char *principal_name) :
367	m_role(abac_role_principal_create(principal_name))
368	{ }
369	Role(char principal_name, char role_name) :
370	m_role(abac_role_create(principal_name, role_name))
371	{ }
372	Role(char principal_name, char linked_role_name, char *role_name) :
373	m_role(abac_role_linked_create(principal_name, linked_role_name,role_name))
374	{ }
375	/***
376	f bool role_is_principal() const
377	return true if the role is a principal object(made from
378	a data term), the right hand side of,
379	[keyid:A].role:r <- [keyid:B]
380	(C:abac_role_is_principal)
381	***/
382	bool role_is_principal() const
383	{ return abac_role_is_principal(m_role); }
384	/***
385	f bool role_is_linking() const
386	returns true if the role is a linking role like
387	the right hand side of,
388	[keyid:A].role:r1 <- [keyid:B].role:r2.role:r3
389	(C:abac_role_is_linking)
390	***/
391	bool is_linking() const
392	{ return abac_role_is_linking(m_role); }
393	/***
394	f char *string() const
395	returns literal string of the role
396	(C:abac_role_string)
397	f char *typed_string() const
398	returns typed literal string of the role
399	(C:abac_role_typed_string)
400	***/
401	char *string() const
402	{ return abac_role_string(m_role); }
403	char *typed_string()
404	{ return abac_role_typed_string(m_role); }
405	/***
406	f char *role_linked_role() const
407	returns linked part of a linking role, for
408	[keyid:A].role:r1.role:r2, it returns r1
409	(C:abac_role_linked_role)
410	***/
411	char *role_linked_role() const
412	{ return abac_role_linked_role(m_role); }
413	/***
414	f char *role_name() const
415	returns the role name of any role (the part after the last dot)
416	[keyid:A].role.r1.role:r2, it returns r2
417	[keyid:A].role.r1, it returns r1
418	(C:abac_role_name)
419	f char *role_principal() const
420	returns the principal of role (the part before the first dot)
421	[keyid:A].role.r1, it returns A
422	(C:abac_role_principal)
423	***/
424	char *role_name() const
425	{ return abac_role_name(m_role); }
426	char *role_principal() const
427	{ return abac_role_principal(m_role); }
428
429	/***
430	f void role_add_data_term(DataTerm&)
431	add a data term to the role
432	(C:abac_role_add_data_term)
433	***/
434	void role_add_data_term(DataTerm& d) {
435	abac_role_add_data_term(m_role, d.term());
436	}
437	/***
438	f std::vector<DataTerm> get_data_terms(bool &)
439	return the data terms bound to this role.
440	(C:abac_role_get_data_terms)
441	***/
442	std::vector<DataTerm> get_data_terms(bool &success) {
443	abac_term_t terms, end;
444	int i;
445	terms = abac_role_get_data_terms(m_role);
446	for (i = 0; terms[i] != NULL; ++i)
447	;
448	end = &terms[i];
449	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
450	abac_terms_free(terms);
451	success=1;
452	return dataterms;
453	}
454	/***
455	f void role_add_linked_data_term(DataTerm&)
456	add a data term to the linking role
457	(C:abac_role_add_linked_data_term)
458	***/
459	void role_add_linked_data_term(DataTerm& d) {
460	abac_role_add_linked_data_term(m_role, d.term());
461	}
462	/***
463	f std::vector<DataTerm> get_linked_data_terms(bool &)
464	return the data terms bound to this role's linking role.
465	(C:abac_role_get_linked_data_terms)
466	(C::abac_terms_free)
467	***/
468	std::vector<DataTerm> get_linked_data_terms(bool &success) {
469	abac_term_t terms, end;
470	int i;
471	terms = abac_role_get_linked_data_terms(m_role);
472	for (i = 0; terms[i] != NULL; ++i)
473	;
474	end = &terms[i];
475	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
476	abac_terms_free(terms);
477	success=1;
478	return dataterms;
479	}
480	/ii*
481	f abac_aspect_t *role()
482	returns the interal libabac representation of this role
483	(S:abac_aspect_t)
484	*ii/
485	abac_aspect_t *role() {return m_role;}
486	private:
487	abac_aspect_t *m_role;
488	};
489
490	/***
491	ABAC::Oset
492	An Oset is oset specification of a set of entitities for a principal
493	***/
494	class Oset {
495	public:
496	/***
497	f Oset()
498	default constructor, do not use, for swig only
499	f Oset(const Oset &)
500	copy constructor, used for cloning an oset
501	(C:abac_aspect_dup)
502	f ~Oset()
503	default destructor
504	(C:abac_aspect_free)
505	***/
506	Oset() : m_oset(NULL) { } // do not use: here for swig
507	Oset(const Oset &oset)
508	{ m_oset =abac_aspect_dup(oset.m_oset); }
509	~Oset()
510	{ if(m_oset) abac_aspect_free(m_oset); }
511	/ii*
512	f Oset(abac_aspect_t *)
513	constructor that takes abac_aspect_t structure
514	(C:abac_aspect_dup)
515	*ii/
516	Oset(abac_aspect_t *oset): m_oset(abac_aspect_dup(oset))
517	{ }
518	/***
519	f Oset(char *)
520	constructor that makes a principal oset, ie [keyid:B]
521	(C:abac_oset_principal_create)
522	f Oset(char , char )
523	constructor that makes a regular oset, ie. [keyid:B].oset:o
524	(C:abac_oset_create)
525	f Oset(char , char, char *)
526	constructor that makes a linked oset, ie. [keyid:B].role:r.oset:o
527	(C:abac_oset_linked_create)
528	f Oset(DataTerm&)
529	constructor that makes an object oset, ie. [urn:'file/fileA']
530	(C:abac_oset_object_create)
531	***/
532	Oset(char *oset_name) : m_oset(abac_oset_principal_create(oset_name))
533	{ }
534	Oset(char principal_name, char oset_name) :
535	m_oset(abac_oset_create(principal_name, oset_name))
536	{ }
537	Oset(char principal_name, char linked_role_name,char *oset_name) :
538	m_oset(abac_oset_linked_create(principal_name, linked_role_name, oset_name))
539	{ }
540	Oset(DataTerm& d) :
541	m_oset(abac_oset_object_create(d.term()))
542	{ }
543
544	/***
545	f bool oset_is_object(), ie <- [integer:10]
546	return ture if this oset is an object oset
547	(C:abac_oset_is_object)
548	***/
549	bool oset_is_object() const
550	{ return abac_oset_is_object(m_oset); }
551	/***
552	f bool oset_is_principal() const
553	return true if the oset is a principal object(made from
554	a data term), the right hand side of,
555	[keyid:A].oset:o <- [keyid:B]
556	(C:abac_oset_is_principal)
557	***/
558	bool oset_is_principal() const
559	{ return abac_oset_is_principal(m_oset); }
560	/***
561	f bool oset_is_linking() const
562	returns true if the oset is a linking oset like
563	the right hand side of,
564	[keyid:A].oset:o1 <- [keyid:B].role:r1.oset:o2
565	(C:abac_oset_is_linking)
566	***/
567	bool oset_is_linking() const
568	{ return abac_oset_is_linking(m_oset); }
569	/***
570	f char *string() const
571	returns literal string of the oset
572	(C:abac_oset_string)
573	f char *typed_string() const
574	returns typed literal string of the oset
575	(C:abac_oset_typed_string)
576	***/
577	char *string() const
578	{ return abac_oset_string(m_oset); }
579	char *typed_string()
580	{ return abac_oset_typed_string(m_oset); }
581	/***
582	f char *oset_linked_role() const
583	returns linked part of a linking oset, for
584	[keyid:A].role:r1.oset:o1, it returns r1
585	(C:abac_oset_linked_role)
586	***/
587	char *oset_linked_role() const
588	{ return abac_oset_linked_role(m_oset); }
589	/***
590	f char *oset_name() const
591	returns oset name,
592	[keyid:A].role:r1.oset:o1, it returns o1
593	[keyid:A].oset:o1, it returns o1
594	(C:abac_oset_name)
595	***/
596	char *oset_name() const
597	{ return abac_oset_name(m_oset); }
598	/***
599	f char *oset_principal() const
600	returns principal name,
601	[keyid:A].role:r1.oset:o1, it returns A
602	(C:abac_oset_principal)
603	***/
604	char *oset_principal() const
605	{ return abac_oset_principal(m_oset); }
606	/***
607	f char *oset_object() const
608	returns object's name when the oset is a principal object
609	[keyid:A].oset:values <- [integer:10], it returns 10
610	(C:abac_oset_object)
611	***/
612	char *oset_object() const
613	{ return abac_oset_object(m_oset); }
614	/***
615	f void add_data_term(DataTerm&)
616	add a data term to this oset's parameter set
617	(C:abac_oset_add_data_term)
618	***/
619	void oset_add_data_term(DataTerm& d) {
620	abac_oset_add_data_term(m_oset, d.term());
621	}
622	/***
623	f std::vector<DataTerm> get_data_terms(bool &)
624	returns the data terms bound to this oset.
625	(C:abac_oset_get_data_terms)
626	(C::abac_terms_free)
627	***/
628	std::vector<DataTerm> get_data_terms(bool &success) {
629	abac_term_t terms, end;
630	int i;
631	terms = abac_oset_get_data_terms(m_oset);
632	for (i = 0; terms[i] != NULL; ++i)
633	;
634	end = &terms[i];
635	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
636	abac_terms_free(terms);
637	success=1;
638	return dataterms;
639	}
640	/***
641	f void oset_add_linked_data_term(DataTerm&)
642	add a data term to this oset's linking role's parameter set.
643	(C:abac_oset_add_linked_data_term)
644	***/
645	void oset_add_linked_data_term(DataTerm& d) {
646	abac_oset_add_linked_data_term(m_oset, d.term());
647	}
648	/***
649	f std::vector<DataTerm> get_linked_data_terms(bool &)
650	returns the data terms bound to this oset's linking role.
651	(C:abac_oset_get_linked_data_terms)
652	(C::abac_terms_free)
653	***/
654	std::vector<DataTerm> get_linked_data_terms(bool &success) {
655	abac_term_t terms, end;
656	int i;
657	terms = abac_oset_get_linked_data_terms(m_oset);
658	for (i = 0; terms[i] != NULL; ++i)
659	;
660	end = &terms[i];
661	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
662	abac_terms_free(terms);
663	success=1;
664	return dataterms;
665	}
666	/ii*
667	f abac_aspect_t *oset()
668	internal returns the internal libabac representation of the oset
669	(S:abac_aspect_t)
670	*ii/
671	abac_aspect_t *oset() {return m_oset;}
672	private:
673	abac_aspect_t *m_oset;
674	};
675
676
677	/***
678	ABAC::ID
679	An ID holds a principal credential. It maybe imported from an existing
680	ID credential via external files, constructed from a streaming chunk,
681	or instantiated on the fly
682	***/
683	class ID {
684	public:
685	/***
686	f ID()
687	default constructor, do not use, for swig only
688	f ID(const ID &)
689	copy constructor, used for cloning an ID
690	(C:abac_id_dup)
691	f ~ID()
692	default destructor
693	(C:abac_id_free)
694	***/
695	ID() : m_id(NULL) { } // do not use: here for swig
696	ID(const ID &id) { m_id =abac_id_dup(id.m_id); }
697	~ID() { if(m_id) abac_id_free(m_id); }
698	/ii*
699	f ID(abac_id_t *)
700	constructor from abac_id_t
701	(C:abac_id_dup)
702	f ID(abac_id_credential_t *)
703	constructor from abac_id_credential_t
704	(C:abac_id_credential_id)
705	(S::abac_id_credential_t)
706	*ii/
707	ID(abac_id_t *id): m_id(abac_id_dup(id))
708	{ }
709	ID(abac_id_credential_t *idcred) {
710	if(idcred)
711	m_id=abac_id_dup(abac_id_credential_id(idcred));
712	else m_id=NULL;
713	}
714	/***
715	f ID(char *)
716	load an ID cert from a file, will throw an exception
717	if the cert cannot be loaded
718	(C:abac_id_from_file)
719	***/
720	ID(char *filename) {
721	if(debug) printf("calling ID with a filename\n");
722	m_id=abac_id_from_file(filename);
723	if(m_id==NULL) {
724	printf("trying.. %s\n",filename);
725	abac_errx(1, "Id creation from filename failed");
726	}
727	}
728	/***
729	f ID_chunk(abac_chunk_t chunk)
730	create an ID cert from an cert chunk, will
731	throw an exception if the cert cannot be loaded
732	(C:abac_id_from_chunk)
733	***/
734	ID(abac_chunk_t chunk) {
735	/* had to renamed to ID_chunk(chunk) to make it to work with swig */
736	if(debug) printf("calling ID with chunk\n");
737	m_id=abac_id_from_chunk(chunk);
738	if(m_id==NULL)
739	abac_errx(1, "Id creation from chunk failed");
740	}
741	/***
742	f ID(char *,int)
743	generates a new ID(cert&key) with the supplied CN and validity period
744	- CN must be alphanumeric and begin with a letter
745	- validity must be at least one second
746	will throw an exception if either of the above is violated
747	(C:abac_id_generate)
748	***/
749	ID(char *cn, int validity) {
750	int rt=abac_id_generate(&m_id, cn, validity);
751	if(rt != ABAC_ID_SUCCESS)
752	abac_errx(1, "Id generation failed");
753	}
754	/***
755	f ID(char ,int, char, char*)
756	generates a new ID from a supplied CN, keyfile, passphrase(optional) file
757	and validity period
758	- CN must be alphanumeric and begin with a letter
759	- validity must be at least one second
760	- optional passphrase is when the keyfile is encrypted
761	will throw an exception if either of the above is violated
762	(C:abac_id_generate_with_key)
763	***/
764	ID(char cn, int validity, char kfile, char* pfile) {
765
766	int rt=abac_id_generate_with_key(&m_id, cn, validity, kfile, pfile);
767	if(rt != ABAC_ID_SUCCESS)
768	abac_errx(1, "Id (with key) creation failed");
769	}
770	/***
771	f void id_load_privkey_file(char *)
772	loads the private key associated with the ID credential,
773	will throw an exception if the key cannot be loaded
774	(C:abac_id_load_privkey_file)
775	***/
776	void id_load_privkey_file(char *filename) {
777	int rt=abac_id_load_privkey_file(m_id, filename);
778	if(rt != 1)
779	abac_errx(1, "Failed to load private key");
780	}
781	/***
782	f void id_load_encrypted_privkey_file(char , char)
783	loads an encrypted private key and pfile associated with the
784	ID credential, will throw an exception if the key cannot be loaded
785	(C:abac_id_load_enc_privkey_file)
786	***/
787	void id_load_encrypted_privkey_file(char filename, char pfile) {
788	int rt=abac_id_load_enc_privkey_file(m_id, filename, pfile);
789	if(rt != 1)
790	abac_errx(1, "Failed to load private key");
791	}
792	/***
793	f char *id_keyid()
794	returns the SHA1 keyid of the id cert
795	(C:abac_id_keyid)
796	f char *id_name()
797	returns the CN (the parameter passed to the constructor or the
798	CN of the cert).
799	(C:abac_id_cn)
800	***/
801	char *id_keyid() { return abac_id_keyid(m_id); }
802	char *id_name() { return abac_id_cn(m_id); }
803	/***
804	f bool id_has_privkey()
805	returns true if the ID has an associated private key
806	(C:abac_id_has_privkey)
807	***/
808	bool id_has_privkey()
809	{ return abac_id_has_privkey(m_id); }
810
811	/***
812	f void id_write_cert(FILE *)
813	writes a PEM-encoded cert to the file handle
814	(C:abac_id_write_cert)
815	f void id_write_cert(char *)
816	writes a PEM-encoded cert to a file named out
817	(C:abac_id_write_cert_fname)
818	***/
819	void id_write_cert(FILE *out)
820	{ abac_id_write_cert(m_id, out); }
821	void id_write_cert(char *filename)
822	{ abac_id_write_cert_fname(m_id, filename); }
823	/***
824	f void id_write_privkey(FILE *)
825	writes a PEM-encoded private key to the file handle
826	throws an exception if no private key is loaded
827	(C:abac_id_write_privkey)
828	f void id_write_privkey(char *)
829	writes a PEM-encoded private key a file named out
830	throws an exception if no private key is loaded
831	(C:abac_id_write_privkey_fname)
832	***/
833	void id_write_privkey(FILE *out) {
834	if(!id_has_privkey())
835	abac_errx(1, "No privkey to write");
836	abac_id_write_privkey(m_id, out);
837	}
838	void id_write_privkey(char *filename)
839	{ abac_id_write_privkey_fname(m_id, filename); }
840	/***
841	f abac_chunk_t id_cert_chunk()
842	returns a DER-encoded binary representation of the X.509 ID cert
843	associated with this ID.
844	can be passed to libabac's Context::load_id_chunk()
845	(C:abac_id_cert_chunk)
846	f abac_chunk_t id_privkey_chunk()
847	returns a PEM-encoded binary representation of the private key
848	associated with this ID.
849	can be passed to libabac's Context::load_id_chunks()
850	(C:abac_id_privkey_chunk)
851	***/
852	abac_chunk_t id_cert_chunk()
853	{
854	return abac_id_cert_chunk(m_id);
855	}
856	abac_chunk_t id_privkey_chunk()
857	{ return abac_id_privkey_chunk(m_id); }
858	/***
859	f char *string()
860	returns literal string of the id credential
861	(C:abac_id_string)
862	***/
863	char *string()
864	{ return abac_id_string(m_id); }
865	/ii*
866	f abac_id_t *id()
867	returns the interal libabac representation of this id
868	(S:abac_id_t)
869	*ii/
870	abac_id_t *id() { return m_id; }
871	private:
872	abac_id_t *m_id;
873	};
874
875
876	/***
877	ABAC::Attribute
878	This is the attribute representation for the access policy rule
879	LHS <- RHS
880	The sequence of generation is to
881	first, instantiate the object, ie, LHS (head)
882	second, adding subject(s) to it, ie, RHS (tail)
883	and then baking it.
884	Only once it's baked can you access the X.509 cert.
885	Once it's been baked you can no longer add subjects to it
886	***/
887	class Attribute {
888	public:
889	/***
890	f Attribute()
891	default constructor, do not use, for swig only
892	f Attribute(const Attribute &)
893	copy constructor, used for cloning an attribute
894	(C:abac_attribute_dup)
895	f ~Attribute()
896	default destructor
897	(C:abac_attribute_free)
898	***/
899	Attribute() : m_attr(NULL) { }
900	Attribute(const Attribute &id)
901	{ m_attr =abac_attribute_dup(id.m_attr); }
902	~Attribute()
903	{ if(m_attr) abac_attribute_free(m_attr); }
904	/ii*
905	f Attribute(abac_attribute_t *)
906	constructor that takes abac_attribute_t, locally used
907	(C:abac_attribute_dup)
908	f Attribute(abac_credential_t *)
909	constructor that takes abac_credential_t, locally used
910	(C:abac_attribute_dup)
911	(C::abac_credential_attribute)
912	(S::abac_credential_t)
913	*ii/
914	Attribute(abac_attribute_t *attr): m_attr(abac_attribute_dup(attr))
915	{ }
916	Attribute(abac_credential_t *cred)
917	{ m_attr=abac_attribute_dup(abac_credential_attribute(cred)); }
918	/***
919	f Attribute(Role&, int)
920	constructor that creates an attribute policy to be signed by the issuer
921	with the given role with a specified validity period
922	An exception will be thrown if:
923	- the issuer has no private key
924	- the Head role is invalid
925	- the validity period is invalid (must be >= 1 second)
926	(C:abac_attribute_create)
927	***/
928	Attribute(Role& head, int validity) {
929	int rt=abac_attribute_create(&m_attr, head.role(), NULL, validity);
930	if(rt!=ABAC_ATTRIBUTE_SUCCESS)
931	abac_errx(1, "attribute(role), unable to make an attribute");
932	}
933	/***
934	f Attribute(Oset&, int)
935	constructor that creates an attribute policy to be signed by the issuer
936	with the given oset with a specified validity period
937	An exception will be thrown if:
938	- the issuer has no private key
939	- the Head oset is invalid
940	- the validity period is invalid (must be >= 1 second)
941	(C:abac_attribute_create)
942	***/
943	Attribute(Oset& head, int validity) {
944	int rt=abac_attribute_create(&m_attr, head.oset(), NULL, validity);
945	if(rt!=ABAC_ATTRIBUTE_SUCCESS)
946	abac_errx(1, "attribute(oset), unable to make an attribute");
947	}
948	/***
949	f Attribute_chunk(abac_chunk_t chunk)
950	constructor that creates an attribute policy to be signed by the issuer
951	with a given cert chunk.
952	(C:abac_attribute_from_chunk)
953	***/
954	Attribute(abac_chunk_t chunk) {
955	/* had to renamed to Attribute_chunk(chunk) to make it to work with swig */
956	m_attr=abac_attribute_from_chunk(chunk);
957	if(m_attr==NULL)
958	abac_errx(1, "attribute(chunk), unable to make an attribute");
959	}
960	/***
961	f bool attribute_add_tail(Role&)
962	Add a role tail. Call multiple times for intersection
963	(C:abac_attribute_add_tail)
964	f bool attribute_add_tail(Oset&)
965	Add an oset tail. Call multiple times for intersection
966	(C:abac_attribute_add_tail)
967	f void attribute_set_using_this()
968	Allow user set whether this attribute has '?This' in its
969	attribute rule
970	(C:abac_attribute_set_using_this)
971	***/
972	bool attribute_add_tail(Role& tail) {
973	if(abac_attribute_add_tail(m_attr, tail.role()))
974	return 1;
975	else return 0;
976	}
977	bool attribute_add_tail(Oset& tail) {
978	if(abac_attribute_add_tail(m_attr, tail.oset()))
979	return 1;
980	else return 0;
981	}
982	void attribute_set_using_this() {
983	abac_attribute_set_using_this(m_attr,1);
984	}
985	/***
986	/***
987	f char *head_string()
988	returns literal string of head of the attribute
989	(C:abac_head_string)
990	f char *tail_string()
991	returns literal string of tail of the attribute
992	(C:abac_tail_string)
993	***/
994	char *head_string()
995	{ return abac_head_string(m_attr); }
996	char *tail_string()
997	{ return abac_tail_string(m_attr); }
998	/***
999	f char *head_typed_string()
1000	returns typed literal string of head of the attribute
1001	(C:abac_head_typed_string)
1002	f char *tail_typed_string()
1003	returns typed literal string of tail of the attribute
1004	(C:abac_tail_typed_string)
1005	***/
1006	char *head_typed_string()
1007	{ return abac_head_typed_string(m_attr); }
1008	char *tail_typed_string()
1009	{ return abac_tail_typed_string(m_attr); }
1010	/***
1011	f char *string()
1012	returns literal string of the attribute
1013	(C:abac_attribute_string)
1014	f char *typed_string()
1015	returns typed literal string of the attribute
1016	(C:abac_attribute_typed_string)
1017	***/
1018	char *string()
1019	{ return abac_attribute_string(m_attr); }
1020	char *typed_string()
1021	{ return abac_attribute_typed_string(m_attr); }
1022
1023	/*** ??? not sure about implmentation
1024	f const Role &role_head()
1025	returns the head role
1026	(C:abac_attribute_head)
1027	f const Oset &oset_head()
1028	returns the oset head
1029	(C:abac_attribute_head)
1030	***/
1031	const Role &role_head() {
1032	abac_aspect_t *head=abac_attribute_head(m_attr);
1033	static Role role=Role(head);
1034	return role;
1035	}
1036	const Oset &oset_head() {
1037	abac_aspect_t *head=abac_attribute_head(m_attr);
1038	static Oset oset=Oset(head);
1039	return oset;
1040	}
1041	/***
1042	f std::vector<Role> role_tails(bool &)
1043	retrieve tail role which maybe more than 1 if intersecting
1044	(C:abac_attribute_role_tails)
1045	(C::abac_attribute_is_role)
1046	(C::abac_aspects_free)
1047	f std::vector<Oset> oset_tails(bool &)
1048	retrieve tail oset which maybe more than 1 if intersecting
1049	(C:abac_attribute_oset_tails)
1050	(C::abac_attribute_is_role)
1051	(C::abac_aspects_free)
1052	***/
1053	std::vector<Role> role_tails(bool &success) {
1054	abac_aspect_t tails, end;
1055	int i;
1056	/* make sure it is role */
1057	if(!abac_attribute_is_role(m_attr)) {
1058	success=0;
1059	abac_errx(1, "role_tails, attribute is not a role");
1060	}
1061	tails = abac_attribute_role_tails(m_attr);
1062	for (i = 0; tails[i] != NULL; ++i)
1063	;
1064	end = &tails[i];
1065	std::vector<Role> roles = std::vector<Role>(tails, end);
1066	abac_aspects_free(tails);
1067	success=1;
1068	return roles;
1069	}
1070	std::vector<Oset> oset_tails(bool &success) {
1071	abac_aspect_t tails, end;
1072	int i;
1073	/* make sure that tail is not role */
1074	if(abac_attribute_is_role(m_attr)) {
1075	success=0;
1076	abac_errx(1, "oset_tails, attribute is not an oset");
1077	}
1078	tails = abac_attribute_oset_tails(m_attr);
1079	for (i = 0; tails[i] != NULL; ++i)
1080	;
1081	end = &tails[i];
1082	std::vector<Oset> osets = std::vector<Oset>(tails, end);
1083	success=1;
1084	abac_aspects_free(tails);
1085	return osets;
1086	}
1087	/***
1088	f bool attribute_bake()
1089	Generate the cert. Call this after you've added subjects to your cert.
1090	This returns false if there are no subjects
1091	This will throw an exception if the cert's already been baked.
1092	(C:abac_attribute_bake)
1093	***/
1094	bool attribute_bake() {
1095	/* can not bake in ABAC_CN mode */
1096	if(USE("ABAC_CN"))
1097	abac_errx(1, "bake, can not bake the cert with env(ABAC_CN) set");
1098	int rt=abac_attribute_bake(m_attr);
1099	if(rt!=1)
1100	abac_errx(1, "bake, can not bake the cert");
1101	}
1102	/***
1103	f bool attribute_baked()
1104	returns true iff the cert has been baked.
1105	(C:abac_attribute_baked)
1106	***/
1107	bool attribute_baked()
1108	{ return abac_attribute_baked(m_attr); }
1109
1110	/***
1111	f void attribute_write_cert(FILE *)
1112	write the DER-encoded X.509 attribute cert to the open file handle
1113	Throws an exception if the cert isn't baked
1114	(C:abac_attribute_write_cert)
1115	***/
1116	void attribute_write_cert(FILE *out) {
1117	int rt= abac_attribute_write_cert(m_attr,out);
1118	if(!rt)
1119	abac_errx(1, "write, cert is not baked");
1120	}
1121	/***
1122	f void attribute_write_cert(char *)
1123	write the DER-encoded X.509 attribute cert to a file named out
1124	Throws an exception if the cert isn't baked
1125	(C:abac_attribute_write_cert_fname)
1126	***/
1127	void attribute_write_cert(char *filename)
1128	{ abac_attribute_write_cert_fname(m_attr,filename); }
1129	/***
1130	f abac_chunk_t cert_chunk()
1131	returns a DER-encoded binary representation of the X.509 attribute
1132	cert associated with this cert
1133	Throws an exception if the cert isn't baked
1134	the chunk can be passed to libabac's Context::load_attribute_chunk()
1135	(C:abac_attribute_cert_chunk)
1136	***/
1137	abac_chunk_t cert_chunk()
1138	{ return abac_attribute_cert_chunk(m_attr); }
1139	/ii*
1140	f abac_attribute_t *attribute()
1141	return libabac structure for attribute
1142	(S:abac_attribute_t)
1143	*ii/
1144	abac_attribute_t *attribute() { return m_attr; }
1145	private:
1146	abac_attribute_t *m_attr;
1147	};
1148
1149
1150	/***
1151	ABAC::Context
1152	An ABAC Context
1153	***/
1154	class Context {
1155	public:
1156	/***
1157	f Context()
1158	default constructor
1159	(C:abac_context_new)
1160	f Context(const Context &)
1161	copy constructor, used for cloning the context
1162	(C:abac_context_dup)
1163	f ~Context()
1164	default destructor
1165	(C:abac_context_free)
1166	***/
1167	Context() {
1168	m_ctx = abac_context_new();
1169	m_abac_version=abac_xstrdup(abac_version());
1170	}
1171	Context(const Context &context) {
1172	m_ctx = abac_context_dup(context.m_ctx);
1173	m_abac_version=abac_xstrdup(context.m_abac_version);
1174	}
1175	~Context() {
1176	if(m_abac_version!=NULL) free(m_abac_version);
1177	if(m_ctx!=NULL) abac_context_free(m_ctx);
1178	}
1179	/***
1180	f int load_id(ABAC::ID&)
1181	load id cert from ID
1182	(C:abac_context_load_id)
1183	f int load_id_file(char *)
1184	load id cert from an idkey combo file. key retrieval will be attempted
1185	but won't fail if not found
1186	(C:abac_context_load_id_idkey_file)
1187	f int load_id_encrypted_file(char , char )
1188	load id cert from an idkey combo file and a pfile. Encrypted key
1189	retrieval will be attempted but won't fail if not found
1190	(C:abac_context_load_encrypted_id_file)
1191	f int load_id_files(char , char )
1192	load id cert from an id file and a key file
1193	(C:abac_context_load_id_files)
1194	f int load_id_encrypted_files(char , char , char *)
1195	load id cert from an id file, an encrypted key file, and a pfile
1196	(C:abac_context_load_encrypted_id_files)
1197	f int load_id_chunk(abac_chunk_t)
1198	load id cert from a chunk structure
1199	(C:abac_context_load_id_chunk)
1200	f int load_id_chunks(abac_chunk_t, abac_chunk_t)
1201	load id & privkey from chunk structures
1202	(C:abac_context_load_id_privkey_chunk)
1203	f int load_id_encrypted_chunks(abac_chunk_t, abac_chunk_t,char *pfile)
1204	load id & encrypted privkey from chunk structures
1205	(C:abac_context_load_id_enc_privkey_chunk)
1206	returns:
1207	ABAC_CERT_SUCCESS successfully loaded
1208	ABAC_CERT_INVALID invalid certificate (or file not found)
1209	ABAC_CERT_BAD_SIG invalid signature
1210	***/
1211	int load_id(ABAC::ID& id)
1212	{ return abac_context_load_id(m_ctx, id.id()); }
1213	int load_id_file(char *filename)
1214	{ return abac_context_load_id_idkey_file(m_ctx, filename); }
1215	int load_id_encrypted_file(char filename, char pfile)
1216	{ return abac_context_load_encrypted_id_file(m_ctx, filename, pfile); }
1217	int load_id_files(char filename, char keyfilename)
1218	{ return abac_context_load_id_files(m_ctx, filename, keyfilename); }
1219	int load_id_encrypted_files(char filename, char keyfilename, char *pfile)
1220	{ return abac_context_load_encrypted_id_files(m_ctx, filename, keyfilename, pfile); }
1221	int load_id_chunk(abac_chunk_t cert)
1222	{ return abac_context_load_id_chunk(m_ctx, cert); }
1223	int load_id_chunks(abac_chunk_t cert, abac_chunk_t privkey)
1224	{ if(debug) printf("load_id_chunks, FUNNY privkey ptr, loc(%p)\n",
1225	privkey.ptr);
1226	return abac_context_load_id_privkey_chunk(m_ctx, cert, privkey); }
1227	int load_id_encrypted_chunks(abac_chunk_t cert, abac_chunk_t privkey, char *pfile)
1228	{ if(debug) printf("load_id_encrypted_chunks, FUNNY privkey ptr, loc(%p)\n",
1229	privkey.ptr);
1230	return abac_context_load_id_enc_privkey_chunk(m_ctx, cert, privkey, pfile); }
1231
1232	/***
1233	f int load_attribute(ABAC::Attribute&)
1234	load attribute credential from attribute structure
1235	(C:abac_context_load_attribute)
1236	f int load_attribute_file(char *)
1237	load attribute credential from a file
1238	(C:abac_context_load_attribute_file)
1239	f int load_attribute_chunk(abac_chunk_t)
1240	load attribute credential from a chunk
1241	(C:abac_context_load_attribute_chunk)
1242	f returns the same values as above, additionally
1243	returns ABAC_CERT_MISSING_ISSUER if the issuer
1244	certificate has not been loaded
1245	***/
1246	int load_attribute(ABAC::Attribute& a)
1247	{ return abac_context_load_attribute(m_ctx, a.attribute()); }
1248	int load_attribute_file(char *filename)
1249	{ return abac_context_load_attribute_file(m_ctx, filename); }
1250	int load_attribute_chunk(abac_chunk_t cert)
1251	{ return abac_context_load_attribute_chunk(m_ctx, cert); }
1252	/***
1253	f void load_principals(char *)
1254	load a directory full of principals only:
1255	f first: ${path}/*_ID.{der,pem} as identity certificates
1256	implicitly looking for ${path}/*_private.{der,pem} as
1257	the private key file
1258	then: ${path}/*_IDKEY.{der,pem} as id/key combo certificate
1259	(C:abac_context_load_principals)
1260	f void load_directory(char *)
1261	load a directory full of certificates:
1262	f first: ${path}/*_ID.{der,pem} as identity certificates
1263	implicitly looking for ${path}/*_private.{der,pem} as
1264	the private key file
1265	then: ${path}/*_IDKEY.{der,pem} as id/key combo certificate
1266	last: ${path}/*_attr.der as attribute certificates
1267	(C:abac_context_load_directory)
1268	***/
1269	void load_principals(char *path)
1270	{ abac_context_load_principals(m_ctx, path); }
1271	void load_directory(char *path)
1272	{ abac_context_load_directory(m_ctx, path); }
1273	/***
1274	f void set_no_partial_proof()
1275	(C:abac_context_set_no_partial_proof)
1276	void set_want_partial_proof()
1277	enable and disable the partial proof on query proof failure
1278	(C:abac_context_set_want_partial_proof)
1279	***/
1280	void set_no_partial_proof()
1281	{ abac_context_set_no_partial_proof(m_ctx); }
1282	void set_want_partial_proof()
1283	{ abac_context_set_want_partial_proof(m_ctx); }
1284	/***
1285	f std::vector<Attribute> query(char , char , bool &)
1286	the string version is for query that is composed by hand with SHA or
1287	in non ABAC_CN mode
1288	(C:abac_context_query)
1289	(C::abac_free_credentials)
1290	f std::vector<Attribute> query(Role &, Role &, bool &)
1291	(C:abac_context_query_with_structure)
1292	(C::abac_free_credentials)
1293	std::vector<Attribute> query(Oset &, Oset &, bool &)
1294	(C:abac_context_query_with_structure)
1295	(C::abac_free_credentials)
1296	runs the query:
1297	role <-?- principal
1298	oset <-?- principal/obj
1299	returns true/false in success
1300	returns a proof upon success,
1301	a partial proof on failure by default
1302	***/
1303	std::vector<Attribute> query(char role, char principal, bool &success) {
1304	abac_credential_t creds, end;
1305	int i, success_int;
1306
1307	creds = abac_context_query(m_ctx, role, principal, &success_int);
1308	success = success_int;
1309
1310	if(debug) printf("query, returning success(%d)\n", success_int);
1311
1312	for (i = 0; creds[i] != NULL; ++i)
1313	;
1314
1315	end = &creds[i];
1316	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
1317	if(debug) printf("query, got rules(%d)\n", i);
1318
1319	abac_free_credentials(creds);
1320
1321	return attributes;
1322	}
1323
1324	std::vector<Attribute> query(Role &role, Role &p_role, bool &success) {
1325	abac_credential_t creds, end;
1326	int i, success_int;
1327
1328	creds = abac_context_query_with_structure(m_ctx, role.role(), p_role.role(), &success_int);
1329	success = success_int;
1330
1331	if(debug) printf("query, returning success(%d)\n", success_int);
1332
1333	for (i = 0; creds[i] != NULL; ++i)
1334	;
1335
1336	end = &creds[i];
1337	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
1338
1339	abac_free_credentials(creds);
1340
1341	return attributes;
1342	}
1343
1344	std::vector<Attribute> query(Oset &oset, Oset &p_oset, bool &success) {
1345	abac_credential_t creds, end;
1346	int i, success_int;
1347
1348	creds = abac_context_query_with_structure(m_ctx, oset.oset(), p_oset.oset(), &success_int);
1349	success = success_int;
1350
1351	if(debug) printf("query, returning success(%d)\n", success_int);
1352
1353	for (i = 0; creds[i] != NULL; ++i)
1354	;
1355
1356	end = &creds[i];
1357	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
1358	if(debug) printf("query, returning rules(%d)\n", i);
1359
1360	abac_free_credentials(creds);
1361
1362	return attributes;
1363	}
1364
1365	/***
1366	f std::vector<Attribute> next_proof(bool &)
1367	(C:abac_context_query_again)
1368	(C::abac_free_credentials)
1369	force backtrack and try to get next solution proof:
1370	returns true/false in success
1371	returns a proof upon success,
1372	***/
1373	std::vector<Attribute> next_proof(bool &success) {
1374	abac_credential_t creds, end;
1375	int i, success_int;
1376
1377	creds = abac_context_query_again(m_ctx, &success_int);
1378	success = success_int;
1379
1380	for (i = 0; creds[i] != NULL; ++i)
1381	;
1382
1383	end = &creds[i];
1384	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
1385	if(debug) printf("repeat query, got rules(%d)\n", i);
1386
1387	abac_free_credentials(creds);
1388
1389	return attributes;
1390	}
1391	/***
1392	f std::vector<Attribute> context_credentials(bool &)
1393	returns a vector of all the credentials loaded in the context
1394	extracted from the internal data structure
1395	(C:abac_context_credentials)
1396	(C::abac_free_credentials)
1397	f int credential_count()
1398	returns the number of credentials loaded in the context currently
1399	(C:abac_context_credential_count()
1400	***/
1401	std::vector<Attribute> context_credentials(bool &success) {
1402	abac_credential_t creds, end;
1403	int i;
1404	success = 1;
1405
1406	creds = abac_context_credentials(m_ctx);
1407	for (i = 0; creds[i] != NULL; ++i)
1408	;
1409
1410	end = &creds[i];
1411	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
1412	if(debug) printf("credentials, got (%d)\n", i);
1413
1414	abac_free_credentials(creds);
1415	if(debug) show_yap_db("calling from context_credentials");
1416	return attributes;
1417	}
1418
1419	int credential_count() const
1420	{ return abac_context_credential_count(m_ctx); }
1421	/***
1422	f std::vector<Attribute> context_principals(bool &)
1423	returns a vector of all the principals loaded in the context
1424	extracted from the internal data structure
1425	(C:abac_context_principals)
1426	(C::abac_free_principals)
1427	f int principal_count()
1428	returns the number of principals loaded in the context currently
1429	(C:abac_context_principal_count()
1430	***/
1431	std::vector<ID> context_principals(bool &success) {
1432	abac_id_credential_t ids, end;
1433	int i;
1434	success = 1;
1435
1436	ids = abac_context_principals(m_ctx);
1437	for (i = 0; ids[i] != NULL; ++i)
1438	;
1439
1440	end = &ids[i];
1441	std::vector<ID> principals = std::vector<ID>(ids, end);
1442	if(debug) printf("principals, got (%d)\n", i);
1443
1444	abac_free_principals(ids);
1445	return principals;
1446	}
1447	int principal_count() const
1448	{ return abac_context_principal_count(m_ctx); }
1449	/***
1450	f ID lookup_principal(char *)
1451	find a particular principal from the context
1452	(C:abac_context_principal_lookup)
1453	***/
1454	ID lookup_principal(char *name) const
1455	{
1456	abac_id_credential_t *principal=abac_context_principal_lookup(m_ctx,name);
1457	if(principal==NULL) {
1458	if(debug) printf("did not find the principal(%s)\n", name);
1459	abac_errx(1, "lookup principal failed");
1460	}
1461	return principal;
1462	}
1463	/***
1464	f char *version()
1465	return the version of this interface
1466	***/
1467	char *version() const { return m_abac_version; }
1468
1469	/ii*
1470	f abac_context_t *context()
1471	return libabac structure for context
1472	(S:abac_context_t)
1473	*ii/
1474	abac_context_t *context() { return m_ctx; }
1475	private:
1476	abac_context_t *m_ctx;
1477	char *m_abac_version;
1478	};
1479
1480	Constraint::Constraint(Role& role)
1481	{ m_constraint=abac_constraint_from_role(role.role()); }
1482	Constraint::Constraint(Oset &oset)
1483	{ m_constraint=abac_constraint_from_oset(oset.oset()); }
1484	DataTerm::DataTerm(ID& id)
1485	{ m_term=abac_term_id_create(id.id()); }
1486	}
1487
1488	#endif /* __ABAC_HH__ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: