[7f25a67f] | 1 | #include <err.h> |
---|
| 2 | #include <stdio.h> |
---|
[4571abc] | 3 | #include <stdlib.h> |
---|
[7f25a67f] | 4 | |
---|
[6ede88c] | 5 | #include <abac.h> |
---|
[4721618] | 6 | #include "abac_list.h" |
---|
[ad13a62] | 7 | /* For abac_id_cert_cn et al*/ |
---|
| 8 | #include "abac_verifier.h" |
---|
[7af34ed] | 9 | #include "options.h" |
---|
| 10 | |
---|
[13b087a] | 11 | static void _dump_context(FILE *fp, abac_context_t *ctx) |
---|
| 12 | { |
---|
| 13 | int i; |
---|
| 14 | abac_credential_t **credentials = abac_context_credentials(ctx); |
---|
| 15 | abac_credential_t *cred; |
---|
| 16 | if (credentials != NULL) |
---|
| 17 | for (i = 0; credentials[i] != NULL; ++i) { |
---|
| 18 | cred = credentials[i]; |
---|
| 19 | fprintf(fp,"%s <- %s\n", |
---|
| 20 | abac_role_string(abac_credential_head(cred)), |
---|
| 21 | abac_role_string(abac_credential_tail(cred))); |
---|
| 22 | } |
---|
| 23 | abac_context_credentials_free(credentials); |
---|
| 24 | |
---|
| 25 | abac_id_cert_t **ilist=abac_context_principals(ctx); |
---|
| 26 | abac_id_cert_t *cert; |
---|
| 27 | if (ilist != NULL) |
---|
| 28 | for (i = 0; ilist[i] != NULL; ++i) { |
---|
| 29 | cert = ilist[i]; |
---|
[4f79997] | 30 | fprintf(fp,"id[%d] %s (%s)\n",i, abac_id_cert_keyid(cert), abac_id_cert_cn(cert)); |
---|
[13b087a] | 31 | } |
---|
| 32 | abac_context_id_credentials_free(ilist); |
---|
| 33 | } |
---|
| 34 | |
---|
[7f25a67f] | 35 | int main(int argc, char **argv) { |
---|
[4e426c9] | 36 | int i, success; |
---|
[401a054] | 37 | abac_credential_t *cred; |
---|
[dc62c68] | 38 | |
---|
[7af34ed] | 39 | options_t opts = { 0, }; |
---|
| 40 | get_options(argc, argv, &opts); |
---|
[7f25a67f] | 41 | |
---|
[390f749] | 42 | abac_context_t *ctx = abac_context_new(); |
---|
[7af34ed] | 43 | abac_context_load_directory(ctx, opts.keystore); |
---|
[186cb75] | 44 | |
---|
[461541a] | 45 | if(opts.rulefile) { |
---|
| 46 | FILE *fp=fopen(opts.rulefile,"w+"); |
---|
| 47 | if(fp) { |
---|
[13b087a] | 48 | _dump_context(fp,ctx); |
---|
[461541a] | 49 | fclose(fp); |
---|
| 50 | } |
---|
[4f79997] | 51 | if(opts.role == NULL) { /* just a pure dump call */ |
---|
[4571abc] | 52 | free_options(&opts); |
---|
[4f79997] | 53 | abac_context_free(ctx); |
---|
| 54 | return 0; |
---|
| 55 | } |
---|
[461541a] | 56 | } |
---|
| 57 | |
---|
[401a054] | 58 | abac_credential_t **credentials = abac_context_query(ctx, |
---|
[7af34ed] | 59 | opts.role, opts.principal, |
---|
[4e426c9] | 60 | &success |
---|
[dc62c68] | 61 | ); |
---|
| 62 | |
---|
[91a6b20] | 63 | |
---|
[4e426c9] | 64 | if (success) |
---|
| 65 | puts("success"); |
---|
[605ee1d] | 66 | else |
---|
| 67 | puts("fail, here's a partial proof"); |
---|
[4e426c9] | 68 | |
---|
| 69 | if (credentials != NULL) |
---|
| 70 | for (i = 0; credentials[i] != NULL; ++i) { |
---|
| 71 | cred = credentials[i]; |
---|
| 72 | printf("credential %s <- %s\n", |
---|
| 73 | abac_role_string(abac_credential_head(cred)), |
---|
[9a411d7] | 74 | abac_role_string(abac_credential_tail(cred)) |
---|
[4e426c9] | 75 | ); |
---|
| 76 | } |
---|
| 77 | |
---|
[3c4fd68] | 78 | abac_context_credentials_free(credentials); |
---|
[390f749] | 79 | abac_context_free(ctx); |
---|
[91a6b20] | 80 | free_options(&opts); |
---|
[ea401bc] | 81 | |
---|
[3c30b59] | 82 | if(success) { |
---|
| 83 | fprintf(stderr,"returning success- 0\n"); |
---|
| 84 | return 0; |
---|
| 85 | } else { |
---|
| 86 | fprintf(stderr,"returning failure- 1\n"); |
---|
| 87 | return 1; |
---|
| 88 | } |
---|
[7f25a67f] | 89 | } |
---|