Context Navigation

source: libabac/abac_util.c @ adc0815

mei_rt2mei_rt2_fix_1

Last change on this file since adc0815 was d037f54, checked in by Mei <mei@…>, 12 years ago

1) able to programmatially build structure, bake attribute credential

write it out to a .der file and use prover to bring it back and
process just like other .der files.
-- tested with rt1 like policy without constraint.

2) changed abac_term structure alittle to ready it for 2 pass code

gen.

Property mode set to 100644

File size: 5.0 KB

Line
1
2	/**
3	** abac_util.c
4	**/
5
6	#include <err.h>
7	#include <stdlib.h>
8	#include <string.h>
9	#include <stdio.h>
10	#include <assert.h>
11
12	#include "abac_util.h"
13
14	static int debug=0;
15
16	#define SHA1_LENGTH 40
17
18
19	/**
20	* Malloc, fatal on error.
21	*/
22	void *abac_xmalloc(size_t size) {
23	void *ret;
24
25	ret = malloc(size);
26	if (ret == NULL)
27	err(1, "malloc");
28
29	return ret;
30	}
31
32	void abac_xrealloc(void ptr, size_t size) {
33	void *ret = realloc(ptr, size);
34	if (ret == NULL)
35	err(1, "couldn't realloc %d bytes\n", size);
36	return ret;
37	}
38
39
40	/**
41	* strdup fatal on error
42	*/
43	char abac_xstrdup(char source) {
44	char *ret;
45
46	if (source == NULL) {
47	if(debug) printf("BAD -> duping null string..\n");
48	return NULL;
49	}
50
51	ret = strdup(source);
52	if (ret == NULL)
53	err(1, "strdup");
54
55	return ret;
56	}
57
58	/* make a brand new string with or without being trimmed */
59	char abac_trim_quotes(char string) {
60	char *tmp=abac_xstrdup(string);
61	int len=strlen(tmp);
62	if( (tmp[len-1] == '\'' \|\| tmp[len-1] == '"') &&
63	(tmp[0] == '\'' \|\| tmp[0] == '"')) {
64	tmp[len-1]='\0';
65	char *ntmp=abac_xstrdup(&tmp[1]);
66	free(tmp);
67	return ntmp;
68	}
69	return tmp;
70	}
71
72	/**
73	* Split a string based on the given delimiter.
74	*/
75	void abac_split(char string, char delim, char *ret, int num) {
76	int len = strlen(delim);
77	char *start = string;
78	int count = 0;
79
80	// split the string by the delim
81	while ((start = strstr(string, delim)) != NULL) {
82	*start = 0;
83	ret[count++] = string;
84	string = start + len;
85	}
86	ret[count++] = string;
87
88	*num = count;
89	}
90
91	int abac_validate_clean_name(char *string) {
92	int i;
93
94	assert(string != NULL);
95
96	// must start with a letter/number
97	if (!isalnum(string[0])) return 0;
98
99	// Name must be alphanumeric or -
100	for (i = 1; string[i] != '\0'; ++i)
101	if (!isalnum(string[i]) && string[i] != '-')
102	return 0;
103
104	return 1;
105	}
106
107	/* check up to first ( if its there..
108	a.role(this)
109	a.role(?,?Year:[100..200],?Value:[one,two,three])
110	a.role(isi)
111	*/
112	int abac_validate_clean_aspect_name(char *string) {
113	int i;
114
115	assert(string != NULL);
116
117	// must start with a letter/number
118	if (!isalnum(string[0])) return 0;
119
120	// Name must be alphanumeric or - or _ up to the ( if there is one
121	for (i = 1; string[i] != '\0' && string[i] != '(' ; ++i)
122	if (!isalnum(string[i]) && string[i] != '-' &&
123	string[i] != '_' )
124	return 0;
125	return 1;
126	}
127
128	chunk_t abac_generate_serial() {
129	chunk_t serial = chunk_empty;
130
131	// create a serial (stolen from strongswan pki)
132	rng_t *rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
133	if (!rng)
134	errx(1, "no random number generator");
135
136	rng->allocate_bytes(rng, 8, &serial);
137	while (serial.ptr[0] == 0)
138	// don't get leading 0's
139	rng->get_bytes(rng, 1, serial.ptr);
140	rng->destroy(rng);
141
142	return serial;
143	}
144
145	// validate a princpal's name
146	// makes sure it's a valid SHA1 identifier
147	// return values:
148	// success: malloc'd copy with all hex digits lowercase
149	// fail: NULL
150	char abac_validate_principal(char keyid) {
151	int i;
152	char *copy = NULL;
153
154	if (strlen(keyid) != SHA1_LENGTH)
155	return NULL;
156
157	int len = strlen(keyid) + 1;
158	copy = abac_xmalloc(len);
159	sprintf(copy, "%s", keyid);
160
161	i=0;
162	for (; i < SHA1_LENGTH; ++i) {
163	copy[i] = tolower(copy[i]);
164	if (!isxdigit(copy[i]))
165	goto error;
166	}
167	return copy;
168	error:
169	free(copy);
170	return NULL;
171	}
172
173	// parse&validate the validity
174	int abac_validate_validity_string(char *validity_str)
175	{
176	int validity=0;
177	if (validity_str != NULL) {
178	char suffix = 'd'; // default suffix is days
179	int multiplier;
180
181	int len = strlen(validity_str);
182	assert(len > 0);
183
184	// get the suffix char if it's alphabetical
185	if (isalpha(validity_str[len - 1])) {
186	suffix = validity_str[len - 1];
187
188	// truncate
189	validity_str[len - 1] = '\0';
190	--len;
191
192	// make sure it's not only a suffix
193	if (len == 0) {
194	errx(1,"Invalid validity\n");
195	}
196	}
197
198	// convert the suffix to a multiplier
199	switch(suffix) {
200	case 's': multiplier = 1; break;
201	case 'm': multiplier = 60; break;
202	case 'h': multiplier = 3600; break;
203	case 'd': multiplier = 86400; break;
204	case 'y': multiplier = 31536000; break;
205	default:
206	errx(1,"Invalid suffix, must be s m h d y\n");
207	}
208
209	// ascii to int
210	char *end;
211	validity = strtol(validity_str, &end, 10);
212	if (end - validity_str < len) {
213	errx(1,"Invalid validity\n");
214	}
215
216	if (validity <= 0) {
217	errx(1,"Invalid validity: must be > 0\n");
218	}
219
220	// multiply!
221	validity *= multiplier;
222	}
223	return validity;
224	}
225
226
227	void abac_errx(int val, const char *string)
228	{
229	errx(val, "%s", string);
230	}
231

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: libabac/abac_util.c @ adc0815

Download in other formats: