Context Navigation

source: libabac/abac_pl.c @ 10e1588

mei_rt2mei_rt2_fix_1meiyap-rt1rt2 rt2-01

Last change on this file since 10e1588 was 202a7f9, checked in by Mei <mei@…>, 13 years ago
commited modified files for rt1
Property mode set to `100644`
File size: 7.2 KB

Line
1
2	/* abac.c using prolog */
3
4	#include <assert.h>
5	#include <err.h>
6	#include <glob.h>
7
8	#include <chunk.h>
9
10	#include "abac_pl.h"
11	#include "abac_pl_yap.h"
12
13	#ifdef DEBUG_IT
14	#include "abac_pl_yap_dbg.h"
15	#endif
16
17	#include "abac_util.h"
18	#include "abac_verifier.h"
19
20	static int debug=0;
21
22	struct _abac_context_t {
23	abac_pl_t *pl;
24	#ifdef DEBUG_IT
25	/* this is just for debugging */
26	abac_pl_yap_dbg_t *dpl;
27	#endif
28	};
29
30	/**
31	* Init the library.
32	*/
33	void libabac_init(void) {
34	void libabac_deinit(void);
35	static int has_been_init = 0;
36
37	// called every time a context is created, so only do it once
38	if (!has_been_init) {
39	abac_verifier_init();
40	atexit(libabac_deinit);
41	has_been_init = 1;
42	}
43	}
44
45	/**
46	* Deinit the library.
47	*/
48	void libabac_deinit(void) {
49	abac_verifier_deinit();
50	}
51
52	/**
53	* Create a new abac context.
54	*/
55	abac_context_t *abac_context_new(void) {
56	libabac_init();
57
58	abac_context_t *ctx = abac_xmalloc(sizeof(abac_context_t));
59	ctx->pl = abac_pl_new();
60	#ifdef DEBUG_IT
61	if (debug) {
62	ctx->dpl = abac_pl_yap_dbg_new();
63	} else ctx->dpl = NULL;
64	#endif
65	return ctx;
66	}
67
68	/**
69	* Deep copy an abac context. -- XXX dummy stub
70	*/
71	abac_context_t abac_context_dup(abac_context_t ctx) {
72	assert(ctx != NULL);
73
74	abac_context_t *dup = abac_xmalloc(sizeof(abac_context_t));
75
76	return dup;
77	}
78
79
80	/**
81	* Free an abac context.
82	*/
83	void abac_context_free(abac_context_t *ctx) {
84	assert(ctx != NULL);
85
86	abac_pl_free(ctx->pl);
87	#ifdef DEBUG_IT
88	if (ctx->dpl)
89	abac_pl_yap_dbg_free(ctx->dpl);
90	#endif
91	free(ctx);
92	}
93
94	/**
95	* Load an ID cert from a file.
96	*/
97	int abac_context_load_id_file(abac_context_t ctx, char filename) {
98	assert(ctx != NULL); assert(filename != NULL);
99	abac_id_cert_t *id_cert=NULL;
100	int ret = abac_verifier_load_id_file(filename,&id_cert);
101	if(id_cert) {
102	int add_ret = abac_pl_add_type_credential(ctx->pl, id_cert);
103	}
104	return ret;
105	}
106
107	/**
108	* Load an ID cert from a chunk.
109	*/
110	int abac_context_load_id_chunk(abac_context_t *ctx, abac_chunk_t cert) {
111	assert(ctx != NULL);
112	abac_id_cert_t *id_cert=NULL;
113	chunk_t cert_chunk = { cert.ptr, cert.len };
114	int ret=abac_verifier_load_id_chunk(cert_chunk,&id_cert);
115	if(id_cert) {
116	int add_ret = abac_pl_add_type_credential(ctx->pl, id_cert);
117	}
118	return ret;
119	}
120
121	/**
122	* Load a collection of attribute certs from a file.
123	*/
124	int abac_context_load_certs_file(abac_context_t ctx, char filename) {
125	int ret, add_ret;
126
127	assert(ctx != NULL); assert(filename != NULL);
128	return abac_verifier_load_certs_file(filename);
129	}
130
131	/**
132	* Load an attribute cert from a file.
133	*/
134	int abac_context_load_attribute_file(abac_context_t ctx, char filename) {
135	int ret, add_ret;
136	abac_credential_t *cred;
137
138	assert(ctx != NULL); assert(filename != NULL);
139
140	ret = abac_verifier_load_attribute_cert_file(filename, &cred);
141	if (ret == ABAC_CERT_SUCCESS) {
142	add_ret = abac_pl_add_credential(ctx->pl, cred);
143	assert(add_ret != ABAC_PL_CRED_INVALID);
144	}
145
146	return ret;
147	}
148
149	/**
150	* Load an attribute cert from a chunk.
151	*/
152	int abac_context_load_attribute_chunk(abac_context_t *ctx, abac_chunk_t cert) {
153	int ret, add_ret;
154	abac_credential_t *cred;
155
156	assert(ctx != NULL);
157
158	chunk_t cert_chunk = { cert.ptr, cert.len };
159
160	ret = abac_verifier_load_attribute_cert_chunk(cert_chunk, &cred);
161	if (ret == ABAC_CERT_SUCCESS) {
162	add_ret = abac_pl_add_credential(ctx->pl, cred);
163	assert(add_ret != ABAC_PL_CRED_INVALID);
164	abac_credential_free(cred);
165	}
166
167	return ret;
168	}
169
170	#define ID_PAT "/*_ID.{der,pem}"
171	#define ATTR_PAT "/*_attr.der"
172	#define ATTR_FILE_PAT "/*_attr.file"
173
174	/**
175	* Load a directory full of certs.
176	*/
177	void abac_context_load_directory(abac_context_t ctx, char path) {
178	char *glob_pat;
179	glob_t glob_buf;
180	int i, ret;
181
182	assert(ctx != NULL); assert(path != NULL);
183
184	int dirlen = strlen(path);
185	glob_pat = abac_xmalloc(dirlen + sizeof(ID_PAT));
186	memcpy(glob_pat, path, dirlen);
187
188	// first load ID certs
189	memcpy(glob_pat + dirlen, ID_PAT, sizeof(ID_PAT));
190	glob(glob_pat, GLOB_BRACE, NULL, &glob_buf); // TODO check for error
191	for (i = 0; i < glob_buf.gl_pathc; ++i) {
192	char *cert_file = glob_buf.gl_pathv[i];
193
194	printf("--> ID cert... %s\n", cert_file);
195	ret = abac_context_load_id_file(ctx, cert_file);
196	if (ret != ABAC_CERT_SUCCESS)
197	warnx("Couldn't load ID cert %s", cert_file);
198	}
199	globfree(&glob_buf);
200
201	// then load attr certs
202	memcpy(glob_pat + dirlen, ATTR_PAT, sizeof(ATTR_PAT));
203	glob(glob_pat, 0, NULL, &glob_buf); // TODO check for error
204	for (i = 0; i < glob_buf.gl_pathc; ++i) {
205	char *cert_file = glob_buf.gl_pathv[i];
206
207	printf("--> attr file... %s\n", cert_file);
208	ret = abac_context_load_attribute_file(ctx, cert_file);
209	if (ret != ABAC_CERT_SUCCESS)
210	warnx("Couldn't load attribute cert %s", cert_file);
211	}
212	globfree(&glob_buf);
213
214	// then load attr cert rule file (this is a HACK -- MEI)
215	memcpy(glob_pat + dirlen, ATTR_FILE_PAT, sizeof(ATTR_FILE_PAT));
216	glob(glob_pat, 0, NULL, &glob_buf); // TODO check for error
217	for (i = 0; i < glob_buf.gl_pathc; ++i) {
218	char *rule_file = glob_buf.gl_pathv[i];
219
220	printf("--> attr rule file... %s\n", rule_file);
221	ret = abac_context_load_certs_file(ctx, rule_file);
222	if (ret != ABAC_CERT_SUCCESS)
223	warnx("Couldn't load attribute rule file %s", rule_file);
224	}
225	globfree(&glob_buf);
226
227	free(glob_pat);
228	}
229
230	/**
231	* Run a query on the data in an abac context. Returns a NULL-terminated array
232	* of abac_credential_t. Success/failure in *success.
233	*/
234	abac_credential_t *abac_context_query(abac_context_t ctx, char role, char principal, int *success) {
235	abac_credential_t *credentials = NULL, cur;
236
237	assert(ctx != NULL); assert(role != NULL); assert(principal != NULL); assert(success != NULL);
238
239	abac_stack_t *result = abac_pl_query(ctx->pl, role, principal);
240
241	int size = abac_stack_size(result);
242	if (size > 0)
243	*success = 1;
244
245	else {
246	// XXX NOT SURE YET..
247	// return partial proof
248	}
249
250	// make the array (leave space to NULL terminate it)
251	// n.b., even if the list is empty, we still return an array that
252	// only contains the NULL terminator
253	credentials = abac_xmalloc(sizeof(abac_credential_t ) (size + 1));
254	int i = 0;
255	if(size) {
256	while(i<size) {
257	cur=(abac_credential_t *) abac_stack_pop(result);
258	credentials[i++] = cur;
259	}
260	}
261	credentials[i] = NULL;
262
263	abac_stack_free(result);
264
265	return credentials;
266	}
267
268	/**
269	* A NULL-terminated array of all the credentials in the context.
270	*/
271	abac_credential_t *abac_context_credentials(abac_context_t ctx) {
272	assert(ctx != NULL);
273	}
274
275	/**
276	* Frees a NULL-terminated list of credentials.
277	*/
278	void abac_context_credentials_free(abac_credential_t **credentials) {
279	int i;
280
281	if (credentials == NULL)
282	return;
283
284	for (i = 0; credentials[i] != NULL; ++i)
285	abac_credential_free(credentials[i]);
286	free(credentials);
287	}
288
289	#ifdef DEBUG_IT
290	// for debugging only
291	void abac_context_debug_run(abac_context_t *ctx) {
292	if (ctx) {
293	abac_pl_yap_dbg_run_can(ctx->dpl);
294	}
295	}
296	#endif

Note: See TracBrowser for help on using the repository browser.

Download in other formats: