Context Navigation

source: libabac/abac.hh @ d9c3886

mei_rt2mei_rt2_fix_1

Last change on this file since d9c3886 was d9c3886, checked in by Mei <mei@…>, 12 years ago

1) add 2 more query calls in abac.hh that take Role and Oset instead of

strings. Add supporting code in libabac that will take abac_aspect_t
and make query term directly instead of doing stringify the structure
and do string->yyparse->abac_aspect_t again.

2) start on inline doc into abac.hh
3) tweaked some scripts in examples directory

Property mode set to 100644

File size: 30.9 KB

Line
1	#ifndef __ABAC_HH__
2	#define __ABAC_HH__
3
4	#include <string>
5	#include <vector>
6
7	namespace ABAC {
8	extern "C" {
9	#include "abac.h"
10	}
11
12	static int debug=0;
13
14	class Role;
15	class Oset;
16
17	/***
18	ABAC::Constraint
19	This is a constraint on a data term. It holds a ptr to
20	a abac_condition_t structure
21	***/
22	class Constraint {
23	public:
24	/***
25	Constraint()
26	default constructure, do not use, for swig only
27	Constraint(const Constraint &)
28	copy constructor, used for cloning a constraint
29	~Constraint()
30	default destructor
31	***/
32	Constraint() : m_constraint(NULL) { }
33	Constraint(const Constraint &constraint) {
34	m_constraint =abac_condition_dup(constraint.m_constraint);
35	}
36	~Constraint() {
37	if(m_constraint) abac_condition_free(m_constraint);
38	}
39
40	/***
41	Constraint(abac_condition_t *)
42	constructor that takes an abac_condition_t
43	Constraint(char *)
44	constructor that takes one of following string
45	as its vartype for a range constraint:
46	"integer"
47	"urn"
48	"float"
49	"boolean"
50	"time"
51	"string"
52	***/
53	Constraint(abac_condition_t *constraint):
54	m_constraint(abac_condition_dup(constraint))
55	{ }
56	/* range constraint */
57	Constraint(char *vartype) { m_constraint=abac_condition_create(vartype); }
58
59	/***
60	void add_constraint_integer_max(int)
61	void add_constraint_integer_min(int)
62	Utility routines to setup a integer range constraint
63	[integer:?I[10 .. 20]
64	void add_constraint_integer_target(int)
65	Utility routine to setup a integer list constraint
66	[integer:?I[10,20]
67	***/
68	void add_constraint_integer_max(int val) {
69	abac_condition_add_range_integer_item(m_constraint,abac_max_item_type(),val);
70	}
71	void add_constraint_integer_min(int val) {
72	abac_condition_add_range_integer_item(m_constraint,abac_min_item_type(),val);
73	}
74	void add_constraint_integer_target(int val) {
75	abac_condition_add_range_integer_item(m_constraint,abac_target_item_type(),val);
76	}
77	/***
78	void add_constraint_float_max(float)
79	void add_constraint_float_min(float)
80	Utility routines to setup a float range constraint
81	[float:?F[1.0 .. 2.5]
82	void add_constraint_float_target(float)
83	Utility routine to setup a float list constraint
84	[float:?F[0.5, 2.5]
85	***/
86	void add_constraint_float_max(float val) {
87	abac_condition_add_range_float_item(m_constraint,abac_max_item_type(),val);
88	}
89	void add_constraint_float_min(float val) {
90	abac_condition_add_range_float_item(m_constraint,abac_min_item_type(),val);
91	}
92	void add_constraint_float_target(float val) {
93	abac_condition_add_range_float_item(m_constraint,abac_target_item_type(),val);
94	}
95	/* quoted string values */
96	/* [time:?T["20201101T182930"] */
97	void add_constraint_time_max(char* val) {
98	abac_condition_add_range_time_item(m_constraint,abac_max_item_type(),val);
99	}
100	void add_constraint_time_min(char* val) {
101	abac_condition_add_range_time_item(m_constraint,abac_min_item_type(),val);
102	}
103	void add_constraint_time_target(char* val) {
104	abac_condition_add_range_time_item(m_constraint,abac_target_item_type(),val);
105	}
106	/* [urn:?U["fileA","http://fileB"] -only listed range */
107	void add_constraint_urn_target(char* val) {
108	abac_condition_add_range_urn_item(m_constraint,val);
109	}
110	/* [string:?S["abc",'efg',"hij"] -only listed range */
111	void add_constraint_string_target(char* val) {
112	abac_condition_add_range_string_item(m_constraint,val);
113	}
114	/[boolean:?B['true']] /
115	void add_constraint_boolean_target(char* val) {
116	abac_condition_add_range_boolean_item(m_constraint,val);
117	}
118
119
120	/* [oset:?O[{oset-constraint}] */
121	/* [role:?R[{role-constraint}] */
122	/* [urn:?F[keyid:$alpha_keyid].oset:documents([string:?P])] */
123	/* role constraint */
124	Constraint(Role *role);
125	/* oset constraint */
126	Constraint(Oset *oset);
127	char *string() const {
128	return abac_condition_string(m_constraint);
129	}
130	char *typed_string() const {
131	return abac_condition_typed_string(m_constraint);
132	}
133	abac_condition_t *constraint()
134	{ return m_constraint; }
135	private:
136	abac_condition_t *m_constraint;
137	};
138
139	/* XXX need to track the principal [keyid:alice] so can generate
140	the id_type_clause within attribute clause */
141	class DataTerm {
142	public:
143	DataTerm() : m_term(NULL) { } // do not use: here for swig
144	DataTerm(abac_term_t *term) {
145	m_term=abac_term_dup(term);
146	abac_condition_t *constraint=abac_term_constraint(m_term);
147	if(constraint) m_cond=new Constraint(constraint);
148	else m_cond=NULL;
149	}
150	DataTerm(const DataTerm &term) {
151	m_term =abac_term_dup(term.m_term);
152	abac_condition_t *constraint=abac_term_constraint(m_term);
153	if(constraint) m_cond=new Constraint(constraint);
154	else m_cond=NULL;
155	}
156	~DataTerm() {
157	if(m_term) abac_term_free(m_term);
158	if(m_cond) free(m_cond);
159	}
160	/* this is for named principal data term */
161	DataTerm(char *sha) {
162	if(debug) printf("adding a Dataterm named principal(%s)\n",sha);
163	int isnamed=1;
164	int type=e_TERM_PRINCIPAL;
165	m_term=abac_term_named_create(type,sha);
166	}
167	/* can be an a variable data term or a specific value */
168	DataTerm(char* typenm, char name, Constraint cond=NULL) {
169	int type=abac_verify_term_type(typenm);
170	if(debug) printf("adding a Dataterm (%s)\n",name);
171	if(type==ABAC_TERM_FAIL)
172	abac_errx(1, "DataTerm, fail to create the term");
173	if(cond) {
174	m_cond=cond;
175	m_term=abac_term_create(type,name,cond->constraint());
176	} else {
177	m_cond=NULL;
178	m_term=abac_term_create(type,name,NULL);
179	}
180	}
181	char *string() const {
182	return abac_term_string(m_term);
183	}
184	char *typed_string() const {
185	return abac_term_typed_string(m_term);
186	}
187	bool is_time() const {
188	return abac_term_is_time_type(m_term);
189	}
190	bool is_string() const {
191	return abac_term_is_string_type(m_term);
192	}
193	bool is_urn() const {
194	return abac_term_is_urn_type(m_term);
195	}
196	bool is_integer() const {
197	return abac_term_is_integer_type(m_term);
198	}
199	/* Add a constraint to this term. */
200	int add_constraint(Constraint& cond) {
201	m_cond=new Constraint(cond);
202	abac_term_add_constraint(m_term, m_cond->constraint());
203	}
204	int type() {
205	abac_term_type(m_term);
206	}
207	char *name() {
208	return abac_term_name(m_term);
209	}
210	char *value() {
211	/* ??? value XXX */
212	}
213	Constraint *constraint() {
214	return m_cond;
215	}
216	abac_term_t *term() {
217	return m_term;
218	}
219
220	private:
221	abac_term_t *m_term;
222	Constraint *m_cond;
223	};
224
225
226	class Role {
227	public:
228	Role() : m_role(NULL) { } // do not use: here for swig
229	Role(abac_aspect_t *role): m_role(abac_aspect_dup(role))
230	{ }
231	Role(char *principal_name) :
232	m_role(abac_aspect_role_principal_create(principal_name))
233	{ }
234	Role(char principal_name, char role_name) :
235	m_role(abac_aspect_role_create(principal_name, role_name))
236	{ }
237	Role(const Role &role) {
238	m_role = abac_aspect_dup(role.m_role);
239	}
240	~Role() {
241	if (m_role) abac_aspect_free(m_role);
242	}
243	bool is_principal() const {
244	return abac_aspect_is_principal(m_role);
245	}
246	bool is_linking() const {
247	return abac_aspect_is_linking(m_role);
248	}
249	char *string() const {
250	return abac_aspect_string(m_role);
251	}
252	char *typed_string() {
253	char* string=abac_aspect_typed_string(m_role);
254	return string;
255	}
256	char *linked_role() const {
257	return abac_aspect_linked_role_name(m_role);
258	}
259	char *role_name() const {
260	return abac_aspect_aspect_name(m_role);
261	}
262	char *principal() const {
263	return abac_aspect_principal_name(m_role);
264	}
265	/* Add a data term to this name. */
266	int add_data_term(DataTerm& d) {
267	abac_aspect_add_param(m_role, d.term());
268	return 1;
269	}
270	/* Return the DataTerms bound to this name. If the name is returned
271	in a proof, these will all have values. */
272	std::vector<DataTerm> get_data_terms(bool &success) {
273	abac_term_t terms, end;
274	int i;
275	terms = abac_param_list_vectorize(abac_aspect_aspect_params(m_role));
276	for (i = 0; terms[i] != NULL; ++i)
277	;
278	end = &terms[i];
279	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
280	abac_terms_free(terms);
281	success=1;
282	return dataterms;
283	}
284	int add_linking_data_term(DataTerm& d) {
285	abac_aspect_add_linked_param(m_role, d.term());
286	return 1;
287	}
288	std::vector<DataTerm> get_linked_data_terms(bool &success) {
289	abac_term_t terms, end;
290	int i;
291	terms = abac_param_list_vectorize(abac_aspect_linked_role_params(m_role));
292	for (i = 0; terms[i] != NULL; ++i)
293	;
294	end = &terms[i];
295	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
296	abac_terms_free(terms);
297	success=1;
298	return dataterms;
299	}
300	abac_aspect_t *role() {return m_role;}
301	private:
302	abac_aspect_t *m_role;
303	};
304
305	class Oset {
306	public:
307	Oset() : m_oset(NULL) { } // do not use: here for swig
308	Oset(abac_aspect_t *oset): m_oset(abac_aspect_dup(oset))
309	{ }
310	Oset(char *oset_name) : m_oset(abac_aspect_oset_principal_create(oset_name))
311	{ }
312	Oset(char principal_name, char oset_name) :
313	m_oset(abac_aspect_oset_create(principal_name, oset_name))
314	{ }
315	Oset(DataTerm& d) :
316	m_oset(abac_aspect_oset_object_create(d.term()))
317	{ }
318	Oset(const Oset &oset) {
319	m_oset =abac_aspect_dup(oset.m_oset);
320	}
321	~Oset() {
322	if(m_oset) abac_aspect_free(m_oset);
323	}
324	bool is_object() const {
325	return abac_aspect_is_object(m_oset);
326	}
327	bool is_principal() const {
328	return abac_aspect_is_principal(m_oset);
329	}
330	bool is_linking() const {
331	return abac_aspect_is_linking(m_oset);
332	}
333	char *string() const {
334	return abac_aspect_string(m_oset);
335	}
336	char *typed_string() {
337	char* string=abac_aspect_typed_string(m_oset);
338	return string;
339	}
340	char *linked_role() const {
341	return abac_aspect_linked_role_name(m_oset);
342	}
343	char *oset_name() const {
344	return abac_aspect_aspect_name(m_oset);
345	}
346	char *principal() const {
347	return abac_aspect_principal_name(m_oset);
348	}
349	char *object() const {
350	return abac_aspect_object_name(m_oset);
351	}
352	/* Add a data term to this name. */
353	int add_data_term(DataTerm& d) {
354	abac_aspect_add_param(m_oset, d.term());
355	return 1;
356	}
357	/* Return the DataTerms bound to this name. If the name is returned
358	in a proof, these will all have values. */
359	std::vector<DataTerm> get_data_terms(bool &success) {
360	abac_term_t terms, end;
361	int i;
362	terms = abac_param_list_vectorize(abac_aspect_aspect_params(m_oset));
363	for (i = 0; terms[i] != NULL; ++i)
364	;
365	end = &terms[i];
366	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
367	abac_terms_free(terms);
368	success=1;
369	return dataterms;
370	}
371	int add_linking_data_term(DataTerm& d) {
372	abac_aspect_add_linked_param(m_oset, d.term());
373	return 1;
374	}
375	std::vector<DataTerm> get_linked_data_terms(bool &success) {
376	abac_term_t terms, end;
377	int i;
378	terms = abac_param_list_vectorize(abac_aspect_linked_role_params(m_oset));
379	for (i = 0; terms[i] != NULL; ++i)
380	;
381	end = &terms[i];
382	std::vector<DataTerm> dataterms = std::vector<DataTerm>(terms, end);
383	abac_terms_free(terms);
384	success=1;
385	return dataterms;
386	}
387	abac_aspect_t *oset() {return m_oset;}
388	private:
389	abac_aspect_t *m_oset;
390	};
391
392
393	class ID {
394	public:
395	ID() : m_id(NULL) { } // do not use: here for swig
396	ID(abac_id_t *id): m_id(abac_id_dup(id))
397	{ }
398	ID(abac_id_credential_t *idcred) {
399	if(idcred)
400	m_id=abac_id_dup(abac_id_credential_id(idcred));
401	else m_id=NULL;
402	}
403	ID(const ID &id) { m_id =abac_id_dup(id.m_id); }
404	~ID() { if(m_id) abac_id_free(m_id); }
405
406	/* load an ID cert from a file
407	Will throw an exception if the cert cannot be loaded */
408	ID(char *filename) {
409	m_id=abac_id_from_file(filename);
410	if(m_id==NULL)
411	abac_errx(1, "Id creation from filename failed");
412	}
413	/* generates a new ID with the supplied CN and validity period
414	- CN must be alphanumeric and begin with a letter
415	- validity must be at least one second
416	Will throw an exception if either of the above is violated */
417	ID(char *cn, int validity) {
418	int rt=abac_id_generate(&m_id, cn, validity);
419	if(rt != ABAC_ID_SUCCESS)
420	abac_errx(1, "Id creation failed");
421	}
422	/* loads the private key associated with the cert
423	will throw an exception if the key cannot be loaded */
424	void load_privkey(char *filename) {
425	int rt=abac_id_load_privkey_file(m_id, filename);
426	if(rt != 1)
427	abac_errx(1, "Failed to load private key");
428	}
429	abac_id_t *id() { return m_id; }
430
431	/* returns the SHA1 keyid of the cert */
432	char *keyid() { return abac_id_keyid(m_id); }
433	/* returns the CN */
434	char *name() { return abac_id_cn(m_id); }
435	/* returns true if the ID has an associated private key */
436	bool has_privkey() {
437	return abac_id_has_privkey(m_id);
438	}
439	/* writes a PEM-encoded cert to the file handle */
440	void write_cert(FILE *out) {
441	abac_id_write_cert(m_id, out);
442	}
443	/* writes a PEM-encoded cert to a file named out */
444	void write_cert(char *filename) {
445	FILE *out = fopen(filename, "a");
446	write_cert(out);
447	fclose(out);
448	}
449	/* writes a PEM-encoded private key to the file handle
450	throws an exception if no private key is loaded */
451	void write_privkey(FILE *out) {
452	if(!has_privkey())
453	abac_errx(1, "No privkey to write");
454	abac_id_write_privkey(m_id, out);
455	}
456	/* writes a PEM-encoded private key a file named out
457	throws an exception if no private key is loaded */
458	void write_privkey(char *filename) {
459	FILE *out = fopen(filename, "a");
460	write_privkey(out);
461	fclose(out);
462	}
463	/* returns a DER-encoded binary representation of the X.509 ID cert
464	associated with this ID.
465	can be passed to libabac's Context::load_id_chunk() */
466	abac_chunk_t cert_chunk() {
467	return abac_id_cert_chunk(m_id);
468	}
469	char *string() {
470	char *tmp=NULL;
471	if(has_privkey())
472	asprintf(&tmp,"(%s,%s,y)",abac_id_name(m_id),abac_id_idtype_string(m_id));
473	else asprintf(&tmp,"(%s,%s,n)",abac_id_name(m_id),abac_id_idtype_string(m_id));
474	return tmp;
475	}
476	public:
477	abac_id_t *m_id;
478	};
479
480
481	/* N.B., The way you use this class is by instantiating the object, adding
482	subjects to it, and then baking it. Only once it's baked can you access the
483	X.509 cert. Once it's been baked you can no longer add subjects to it. */
484	class Attribute {
485	public:
486	Attribute() : m_attr(NULL) { } // do not use: here for swig
487	Attribute(abac_attribute_t *attr): m_attr(abac_attribute_dup(attr))
488	{ }
489	Attribute(abac_credential_t *cred) {
490	m_attr=abac_attribute_dup(abac_credential_attribute(cred));
491	}
492	Attribute(const Attribute &id) {
493	m_attr =abac_attribute_dup(id.m_attr);
494	}
495	~Attribute() {
496	if(m_attr) abac_attribute_free(m_attr);
497	}
498	/* Create an object to be signed by the given issuer with the given role
499	and validity period
500	An exception will be thrown if:
501	- the issuer has no private key
502	- the Head is invalid
503	- the validity period is invalid (must be >= 1 second) */
504	Attribute(Role& head, int validity) {
505	int rt=abac_attribute_create(&m_attr, head.role(), NULL, validity);
506	if(rt!=ABAC_ATTRIBUTE_SUCCESS)
507	abac_errx(1, "attribute(role), unable to make an attribute");
508	}
509	Attribute(Oset& head, int validity) {
510	int rt=abac_attribute_create(&m_attr, head.oset(), NULL, validity);
511	if(rt!=ABAC_ATTRIBUTE_SUCCESS)
512	abac_errx(1, "attribute(oset), unable to make an attribute");
513	}
514	bool add_tail(Role& tail) {
515	if(abac_attribute_add_tail(m_attr, tail.role()))
516	return 1;
517	else return 0;
518	}
519	bool add_tail(Oset& tail) {
520	if(abac_attribute_add_tail(m_attr, tail.oset()))
521	return 1;
522	else return 0;
523	}
524	char *head_string() {
525	abac_aspect_t *head=abac_attribute_head(m_attr);
526	char *string=abac_aspect_string(head);
527	return string;
528	}
529	char *tail_string() {
530	abac_aspect_t *tail=abac_attribute_tail(m_attr);
531	char *string=abac_aspect_string(tail);
532	return string;
533	}
534	char *head_typed_string() {
535	abac_aspect_t *head=abac_attribute_head(m_attr);
536	char *string=abac_aspect_typed_string(head);
537	return string;
538	}
539	char *tail_typed_string() {
540	abac_aspect_t *tail=abac_attribute_tail(m_attr);
541	char *string=abac_aspect_typed_string(tail);
542	return string;
543	}
544	char *string() {
545	char *head=head_string();
546	char *tail=tail_string();
547	if(head==NULL \|\| tail==NULL)
548	abac_errx(1, "attribute string, head and tail can not be NULL");
549	char *tmp=NULL;
550	asprintf(&tmp,"%s<-%s",head,tail);
551	return tmp;
552	}
553	char *typed_string() {
554	char *head=head_typed_string();
555	char *tail=tail_typed_string();
556	if(head==NULL \|\| tail==NULL)
557	abac_errx(1, "attribute string, head and tail can not be NULL");
558	char *tmp=NULL;
559	asprintf(&tmp,"%s<-%s",head,tail);
560	return tmp;
561	}
562	const Role &role_head() {
563	abac_aspect_t *head=abac_attribute_head(m_attr);
564	static Role role=Role(head);
565	return role;
566	}
567	const Oset &oset_head() {
568	abac_aspect_t *head=abac_attribute_tail(m_attr);
569	static Oset oset=Oset(head);
570	return oset;
571	}
572	std::vector<Role> role_tails(bool &success) {
573	abac_aspect_t tails, end;
574	int i;
575	tails = abac_attribute_tail_vectorized(m_attr);
576	for (i = 0; tails[i] != NULL; ++i)
577	;
578	end = &tails[i];
579	std::vector<Role> roles = std::vector<Role>(tails, end);
580	abac_aspects_free(tails);
581	success=1;
582	return roles;
583	}
584	std::vector<Oset> oset_tails(bool &success) {
585	abac_aspect_t tails, end;
586	int i;
587	tails = abac_attribute_tail_vectorized(m_attr);
588	for (i = 0; tails[i] != NULL; ++i)
589	;
590	end = &tails[i];
591	std::vector<Oset> osets = std::vector<Oset>(tails, end);
592	success=1;
593	abac_aspects_free(tails);
594	return osets;
595	}
596	abac_attribute_t *attribute() { return m_attr; }
597
598	/* Generate the cert. Call this after you've added subjects to your cert.
599	This returns false if there are no subjects
600	This will throw an exception if the cert's already been baked. */
601	bool bake() {
602	/* can not bake in ABAC_CN mode */
603	if(USE("ABAC_CN"))
604	abac_errx(1, "bake, can not bake the cert with env(ABAC_CN) set");
605	int rt=abac_attribute_bake(m_attr);
606	if(rt!=1)
607	abac_errx(1, "bake, can not bake the cert");
608	}
609	/* Returns true iff the cert has been baked. */
610	bool baked() {
611	return abac_attribute_baked(m_attr);
612	}
613	/* Write the DER-encoded X.509 attribute cert to the open file handle
614	Throws an exception if the cert isn't baked */
615	void write_cert(FILE *out) {
616	int rt= abac_attribute_write(m_attr,out);
617	if(!rt)
618	abac_errx(1, "write, cert is not baked");
619	}
620	/* Write the DER-encoded X.509 attribute cert to a file named out
621	Throws an exception if the cert isn't baked */
622	void write_cert(char *filename) {
623	FILE *out = fopen(filename, "w");
624	printf("writing to %s\n", filename);
625	write_cert(out);
626	printf("done writing to %s\n", filename);
627	fclose(out);
628	}
629	/* returns a DER-encoded binary representation of the X.509 attribute
630	cert associated with this cert
631	Throws an exception if the cert isn't baked
632	the chunk can be passed to libabac's Context::load_attribute_chunk() */
633	abac_chunk_t cert_chunk() {
634	return abac_attribute_cert_chunk(m_attr);
635	}
636	/* generate yap clauses and injected into db */
637	int consume() {
638	/* attribute needs to be baked */
639	if(!baked()) {
640	return ABAC_ATTRIBUTE_FAIL;
641	}
642	}
643	private:
644	abac_attribute_t *m_attr;
645	};
646
647
648	class Context {
649	public:
650	Context() { m_ctx = abac_context_new(); m_abac_version=strdup("1.0"); }
651	Context(const Context &context) {
652	m_ctx = abac_context_dup(context.m_ctx);
653	m_abac_version=strdup(context.m_abac_version);
654	}
655	~Context() {
656	abac_context_free(m_ctx);
657	if(m_abac_version) free(m_abac_version);
658	}
659
660	/* load an identity certificate, returns:
661	ABAC_CERT_SUCCESS successfully loaded
662	ABAC_CERT_INVALID invalid certificate (or file not found)
663	ABAC_CERT_BAD_SIG invalid signature */
664	void dump_yap() {
665	show_yap_db("dump_yap");
666	}
667	int load_id(ABAC::ID& id) {
668	return abac_context_load_id_id(m_ctx, id.id());
669	}
670	int load_id_file(char *filename) {
671	return abac_context_load_id_idkey_file(m_ctx, filename);
672	}
673	int load_id_file(char filename, char keyfilename) {
674	return abac_context_load_id_id_file_key_file(m_ctx, filename, keyfilename);
675	}
676	int load_id_chunk(abac_chunk_t cert) {
677	return abac_context_load_id_chunk(m_ctx, cert);
678	}
679	/* load an attribute certificate, returns the same values as above
680	* additionally can return ABAC_CERT_MISSING_ISSUER if the issuer
681	certificate has not been loaded */
682	int load_attribute(ABAC::Attribute& a) {
683	return abac_context_load_attribute_attribute(m_ctx, a.attribute());
684	}
685	int load_attribute_file(char *filename) {
686	return abac_context_load_attribute_file(m_ctx, filename);
687	}
688	int load_attribute_chunk(abac_chunk_t cert) {
689	return abac_context_load_attribute_chunk(m_ctx, cert);
690	}
691	/* load a directory full of certificates:
692	first: ${path}/*_ID.{der,pem} as identity certificates
693	then: ${path}/_attr.der as attribute certificates /
694	void load_directory(char *path) {
695	abac_context_load_directory(m_ctx, path);
696	}
697	/* run the query:
698	role <-?- principal
699	returns true/false in success
700	returns a proof upon success, partial proof on failure */
701	/* the string version is for query that is composed by hand with SHA or
702	in non ABAC_CN mode */
703	std::vector<Attribute> query(char role, char principal, bool &success) {
704	abac_credential_t creds, end;
705	int i, success_int;
706
707	creds = abac_context_query(m_ctx, role, principal, &success_int);
708	success = success_int;
709
710	for (i = 0; creds[i] != NULL; ++i)
711	;
712
713	end = &creds[i];
714	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
715	if(debug) printf("query, got rules(%d)\n", i);
716
717	abac_context_credentials_free(creds);
718
719	return attributes;
720	}
721
722	/* another way */
723	std::vector<Attribute> query(Role &role, Role &p_role, bool &success) {
724	abac_credential_t creds, end;
725	int i, success_int;
726
727	creds = abac_context_query_with_structure(m_ctx, role.role(), p_role.role(), &success_int);
728	success = success_int;
729
730	for (i = 0; creds[i] != NULL; ++i)
731	;
732
733	end = &creds[i];
734	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
735
736	abac_context_credentials_free(creds);
737
738	return attributes;
739	}
740
741	std::vector<Attribute> query(Oset &oset, Oset &p_oset, bool &success) {
742	abac_credential_t creds, end;
743	int i, success_int;
744
745	creds = abac_context_query_with_structure(m_ctx, oset.oset(), p_oset.oset(), &success_int);
746	success = success_int;
747
748	for (i = 0; creds[i] != NULL; ++i)
749	;
750
751	end = &creds[i];
752	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
753	if(debug) printf("query, returning rules(%d)\n", i);
754
755	abac_context_credentials_free(creds);
756
757	return attributes;
758	}
759
760	/* returns a vector of all the credentials loaded in the context */
761	std::vector<Attribute> context_credentials(bool &success) {
762	abac_credential_t creds, end;
763	int i;
764	success = 1;
765
766	creds = abac_context_credentials(m_ctx);
767	for (i = 0; creds[i] != NULL; ++i)
768	;
769
770	end = &creds[i];
771	std::vector<Attribute> attributes = std::vector<Attribute>(creds, end);
772	if(debug) printf("credentials, got (%d)\n", i);
773
774	abac_context_credentials_free(creds);
775	if(debug) show_yap_db("calling from context_credentials");
776	return attributes;
777	}
778
779	/* returns a vector of all the principals loaded in the context */
780	std::vector<ID> context_principals(bool &success) {
781	abac_id_credential_t ids, end;
782	int i;
783	success = 1;
784
785	ids = abac_context_principals(m_ctx);
786	for (i = 0; ids[i] != NULL; ++i)
787	;
788
789	end = &ids[i];
790	std::vector<ID> principals = std::vector<ID>(ids, end);
791	if(debug) printf("principals, got (%d)\n", i);
792
793	abac_context_principals_free(ids);
794	return principals;
795	}
796
797	char *version() const { return m_abac_version; }
798
799	private:
800	abac_context_t *m_ctx;
801	char *m_abac_version;
802	};
803
804	Constraint::Constraint(Role *role)
805	{ m_constraint=abac_condition_create_from_aspect(role->role()); }
806	Constraint::Constraint(Oset *oset)
807	{ m_constraint=abac_condition_create_from_aspect(oset->oset()); }
808	}
809
810	#endif /* __ABAC_HH__ */

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac.hh @ d9c3886

Download in other formats: