source: libabac/abac_pl.h @ e95d652

mei_rt2mei_rt2_fix_1meiyap-rt1meiyap1rt2
Last change on this file since e95d652 was e95d652, checked in by Mei <mei@…>, 13 years ago

1) added yap, flex, bison to bring in prolog backend
  • Property mode set to 100644
File size: 3.2 KB
Line 
1#ifndef __ABAC_H__
2#define __ABAC_H__
3
4#include <abac_common.h>
5
6typedef struct _abac_context_t abac_context_t;
7typedef struct _abac_credential_t abac_credential_t;
8typedef struct _abac_role_t abac_role_t;
9
10/*
11 * ABAC functions, operating on an ABAC context.
12 */
13abac_context_t *abac_context_new(void);
14void abac_context_free(abac_context_t *ctx);
15
16/* see the bottom of the file for possible return codes */
17int abac_context_load_id_file(abac_context_t *ctx, char *filename);
18int abac_context_load_id_chunk(abac_context_t *ctx, abac_chunk_t cert);
19int abac_context_load_attribute_file(abac_context_t *ctx, char *filename);
20int abac_context_load_attribute_chunk(abac_context_t *ctx, abac_chunk_t cert);
21
22/* load an entire directory full of certs */
23void abac_context_load_directory(abac_context_t *ctx, char *path);
24
25/* abac query, returns a NULL-terminated array of credentials on success, NULL on fail */
26abac_credential_t **abac_context_query(abac_context_t *ctx, char *role, char *principal, int *success);
27
28/* get all the credentials from the context, returns a NULL-terminated array of credentials */
29abac_credential_t **abac_context_credentials(abac_context_t *ctx);
30
31/* use this to free the results of either of the previous two functions */
32void abac_context_credentials_free(abac_credential_t **credentials);
33
34/*
35 * Operations on credentials
36 */
37abac_role_t *abac_credential_head(abac_credential_t *cred);
38abac_role_t *abac_credential_tail(abac_credential_t *cred);
39abac_chunk_t abac_credential_attribute_cert(abac_credential_t *cred);
40abac_chunk_t abac_credential_issuer_cert(abac_credential_t *cred);
41abac_credential_t *abac_credential_lookup(char *cred_string);
42char* abac_credential_clause(abac_credential_t *cred);
43
44abac_credential_t *abac_credential_dup(abac_credential_t *cred);
45void abac_credential_free(abac_credential_t *cred);
46
47/*
48 * Operations on roles.
49 */
50abac_role_t *abac_role_principal_new(char *principal);
51abac_role_t *abac_role_role_new(char *principal, char *abac_role_name);
52abac_role_t *abac_role_linking_new(char *principal, char *linked_role, char *abac_role_name);
53
54void abac_role_free(abac_role_t *role);
55
56abac_role_t *abac_role_from_string(char *string);
57abac_role_t *abac_role_dup(abac_role_t *role);
58
59int abac_role_is_principal(abac_role_t *role);
60int abac_role_is_role(abac_role_t *role);
61int abac_role_is_linking(abac_role_t *role);
62int abac_role_is_intersection(abac_role_t *role);
63
64char *abac_role_string(abac_role_t *role);
65char *abac_role_linked_role(abac_role_t *role);
66char *abac_role_role_name(abac_role_t *role);
67char *abac_role_principal(abac_role_t *role);
68
69char *abac_role_attr_key(abac_role_t *head_role, abac_role_t *tail_role);
70
71/*
72 * Error codes for loading certificates.
73 */
74#define ABAC_CERT_SUCCESS           0   // certificate loaded, all is well
75#define ABAC_CERT_INVALID           -1  // invalid format; also file not found
76#define ABAC_CERT_BAD_SIG           -2  // invalid signature
77#define ABAC_CERT_MISSING_ISSUER    -3  // missing ID cert that issued the attribute cert
78#define ABAC_CERT_BAD_CN            -4  // ID cert is not matching CN=principal format
79#define ABAC_CERT_BAD_YAP           -5  // failed to insert into prolog engine
80
81#endif /* __ABAC_H__ */
Note: See TracBrowser for help on using the repository browser.