source: libabac/abac_pl.h @ 9335cfa

mei_rt2mei_rt2_fix_1
Last change on this file since 9335cfa was 9937351, checked in by Ted Faber <faber@…>, 12 years ago

A few undefined things
  • Property mode set to 100644
File size: 6.2 KB
Line 
1#ifndef __ABAC_H__
2#define __ABAC_H__
3
4#include <stdlib.h>
5#include <abac_common.h>
6#include <abac_list.h>
7#include <abac_stack.h>
8
9typedef struct _abac_context_t abac_context_t;
10typedef struct _abac_credential_t abac_credential_t;
11typedef struct _abac_role_t abac_role_t;
12typedef struct _abac_oset_t abac_oset_t;
13typedef struct _abac_id_cert_t abac_id_cert_t;
14
15typedef struct _abac_condition_t abac_condition_t;
16typedef struct _abac_term_t abac_term_t;
17typedef struct _abac_param_list_t abac_param_list_t;
18
19/*
20 * ABAC functions, operating on an ABAC context.
21 */
22abac_context_t *abac_context_new(void);
23abac_context_t *abac_context_dup(abac_context_t *ctx);
24void abac_context_free(abac_context_t *ctx);
25
26/* see the bottom of the file for possible return codes */
27int abac_context_load_id_file(abac_context_t *ctx, char *filename);
28int abac_context_load_id_chunk(abac_context_t *ctx, abac_chunk_t cert);
29int abac_context_load_attribute_file(abac_context_t *ctx, char *filename);
30int abac_context_load_attribute_chunk(abac_context_t *ctx, abac_chunk_t cert);
31
32/* load an entire directory full of certs */
33void abac_context_load_directory(abac_context_t *ctx, char *path);
34
35/* abac query, returns a NULL-terminated array of credentials on success, NULL on fail */
36abac_credential_t **abac_context_query(abac_context_t *ctx, char *role, char *principal, int *success);
37
38/* get all the credentials from the context, returns a NULL-terminated array of credentials */
39abac_credential_t **abac_context_credentials(abac_context_t *ctx);
40
41/* use this to free the results of either of the previous two functions */
42void abac_context_credentials_free(abac_credential_t **credentials);
43
44/*
45 * Operations on credentials
46 */
47int abac_credential_holds_roles(abac_credential_t *cred);
48abac_role_t *abac_credential_head(abac_credential_t *cred);
49abac_role_t *abac_credential_tail(abac_credential_t *cred);
50abac_oset_t *abac_credential_head_oset(abac_credential_t *cred);
51abac_oset_t *abac_credential_tail_oset(abac_credential_t *cred);
52abac_chunk_t abac_credential_attribute_cert(abac_credential_t *cred);
53abac_chunk_t abac_credential_issuer_cert(abac_credential_t *cred);
54abac_credential_t *abac_credential_lookup(char *cred_string);
55/*char* abac_credential_clause(abac_credential_t *cred); */
56
57abac_credential_t *abac_credential_dup(abac_credential_t *cred);
58void abac_credential_free(abac_credential_t *cred);
59
60/*
61 * Operations on roles.
62 */
63abac_role_t *abac_role_principal_new(char *principal);
64abac_role_t *abac_role_role_new(char *principal, char *abac_role_name);
65abac_role_t *abac_role_linking_new(char *principal, char *linked_role, char *abac_role_name);
66abac_role_t *abac_role_intersection_new(char *name, abac_list_t *prereqs);
67
68// int abac_verify_roletype(char *type);
69void abac_role_free(abac_role_t *role);
70
71abac_role_t *abac_role_from_string(char *string);
72abac_role_t *abac_role_dup(abac_role_t *role);
73
74int abac_role_is_principal(abac_role_t *role);
75int abac_role_is_role(abac_role_t *role);
76int abac_role_is_linking(abac_role_t *role);
77int abac_role_is_intersection(abac_role_t *role);
78
79char *abac_role_string(abac_role_t *role);
80char *abac_role_linked_role(abac_role_t *role);
81char *abac_role_role_name(abac_role_t *role);
82char *abac_role_role_param_string(abac_role_t *role);
83char *abac_role_principal_name(abac_role_t *role);
84abac_list_t *abac_role_prereqs(abac_role_t *role);
85
86abac_param_list_t *abac_role_linked_role_params(abac_role_t *role);
87abac_param_list_t *abac_role_role_params(abac_role_t *role);
88
89char *abac_role_attr_key(abac_role_t *head_role, abac_role_t *tail_role);
90char *abac_role_principal_cn(abac_role_t *role);
91char *abac_role_principal_principalname(abac_role_t *role);
92char *abac_role_principal_name(abac_role_t *role);
93char *abac_role_string_with_condition(abac_role_t *);
94
95/*
96 * Operations on oset
97 */
98char *abac_oset_principal_cn(abac_oset_t *oset);
99char *abac_oset_principal_principalname(abac_oset_t *oset);
100char *abac_oset_principal_name(abac_oset_t *oset);
101char *abac_oset_oset_name(abac_oset_t *oset);
102abac_param_list_t *abac_oset_oset_params(abac_oset_t *);
103int abac_oset_is_object(abac_oset_t *);
104char *abac_oset_object_name(abac_oset_t *);
105char *abac_oset_linked_role(abac_oset_t *);
106abac_param_list_t *abac_oset_linked_role_params(abac_oset_t *);
107abac_list_t *abac_oset_prereqs(abac_oset_t *);
108int abac_oset_is_intersection(abac_oset_t *);
109abac_oset_t *abac_oset_principal_new(char *);
110abac_oset_t *abac_oset_intersection_new(char *, abac_list_t *);
111abac_oset_t *abac_oset_oset_new(char *, char *);
112abac_oset_t *abac_oset_object_new(abac_term_t *);
113// char *abac_oset_principal(abac_oset_t *);
114abac_oset_t *abac_oset_linking_new(char *, char *, char *);
115char *abac_oset_string_with_condition(abac_oset_t *);
116char *abac_oset_string(abac_oset_t *);
117char *abac_oset_oset_param_string(abac_oset_t *);
118
119abac_oset_t *abac_oset_dup(abac_oset_t *oset);
120void abac_oset_free(abac_oset_t *oset);
121int abac_oset_is_principal(abac_oset_t *oset);
122int abac_oset_is_oset(abac_oset_t *oset);
123int abac_oset_is_linking(abac_oset_t *oset);
124/*
125 * Operations on term/params.
126 */
127char *abac_term_to_time(char *string);
128char *abac_term_type(int);
129abac_term_t *abac_term_new(int, char *, char *, void *);
130void abac_term_free(abac_term_t *);
131int abac_term_is_time_type(int);
132char *abac_term_name(abac_term_t *);
133abac_condition_t *abac_term_constraint(abac_term_t *term);
134abac_param_list_t *abac_param_list_new(abac_term_t *term);
135abac_param_list_t *abac_param_list_free(abac_param_list_t *ptr);
136abac_param_list_t *abac_param_list_add_term(abac_param_list_t *, abac_term_t *term);
137char* abac_param_list_string(abac_param_list_t *ptr);
138char* abac_param_list_string_with_condition(abac_param_list_t *ptr);
139
140/* from abac_verifier */
141char *abac_cn_with_sha(char*);
142char *abac_keyid_type(int);
143
144/*
145 * Error codes for loading certificates.
146 */
147#define ABAC_CERT_SUCCESS           0   // certificate loaded, all is well
148#define ABAC_CERT_INVALID           -1  // invalid format; also file not found
149#define ABAC_CERT_BAD_SIG           -2  // invalid signature
150#define ABAC_CERT_MISSING_ISSUER    -3  // missing ID cert that issued the attribute cert
151#define ABAC_CERT_BAD_CN            -4  // ID cert is not matching CN=principal format
152#define ABAC_CERT_BAD_YAP           -5  // failed to insert into prolog engine
153
154#define USE(evalue) ((getenv(evalue)!=NULL)?1:0)
155
156#endif /* __ABAC_H__ */
Note: See TracBrowser for help on using the repository browser.