1 | /** |
---|
2 | ** prover_yap.c |
---|
3 | ** implement a C prover using the libabac C interface |
---|
4 | **/ |
---|
5 | |
---|
6 | #include <err.h> |
---|
7 | #include <stdio.h> |
---|
8 | #include <assert.h> |
---|
9 | |
---|
10 | #include "abac.h" |
---|
11 | #include "options.h" |
---|
12 | |
---|
13 | int main(int argc, char **argv) { |
---|
14 | int i, success=0; |
---|
15 | abac_credential_t *cred=NULL; |
---|
16 | abac_credential_t **credentials=NULL; |
---|
17 | abac_id_credential_t *prin=NULL; |
---|
18 | abac_id_credential_t **principals=NULL; |
---|
19 | options_t opts = { 0, }; |
---|
20 | get_options(argc, argv, &opts); |
---|
21 | abac_context_t *ctx = abac_context_new(); |
---|
22 | abac_context_load_directory(ctx, opts.keystore); |
---|
23 | abac_context_set_no_partial_proof(ctx); |
---|
24 | |
---|
25 | if(opts.filename) { |
---|
26 | FILE *fp=fopen(opts.filename,"w+"); |
---|
27 | |
---|
28 | credentials = abac_context_credentials(ctx); |
---|
29 | if (credentials != NULL) { |
---|
30 | for (i = 0; credentials[i] != NULL; ++i) { |
---|
31 | cred = credentials[i]; |
---|
32 | abac_print_cred_info(cred,fp); |
---|
33 | } |
---|
34 | abac_free_credentials(credentials); |
---|
35 | } |
---|
36 | |
---|
37 | principals = abac_context_principals(ctx); |
---|
38 | if (principals != NULL) { |
---|
39 | for (i = 0; principals[i] != NULL; ++i) { |
---|
40 | prin = principals[i]; |
---|
41 | abac_print_prin_info(prin,fp); |
---|
42 | } |
---|
43 | abac_free_principals(principals); |
---|
44 | } |
---|
45 | fclose(fp); |
---|
46 | return 0; |
---|
47 | } |
---|
48 | |
---|
49 | if(opts.dbdump) { |
---|
50 | show_yap_db("yap db"); |
---|
51 | return 0; |
---|
52 | } |
---|
53 | |
---|
54 | char *query=NULL; |
---|
55 | char *with=NULL; |
---|
56 | if(opts.role && opts.principal) { |
---|
57 | query=opts.role; |
---|
58 | with=opts.principal; |
---|
59 | } else { |
---|
60 | if(opts.oset) { |
---|
61 | query=opts.oset; |
---|
62 | } |
---|
63 | if(opts.principal) { |
---|
64 | with=opts.principal; |
---|
65 | } else if(opts.object) { |
---|
66 | with=opts.object; |
---|
67 | } |
---|
68 | if(with==NULL || query==NULL) { |
---|
69 | puts("prover eeekkk \n"); |
---|
70 | assert(0); |
---|
71 | } |
---|
72 | } |
---|
73 | |
---|
74 | credentials = abac_context_query(ctx, |
---|
75 | query, with, |
---|
76 | &success); |
---|
77 | if (success) |
---|
78 | puts("prover success!!"); |
---|
79 | else puts("prover failed!!"); |
---|
80 | |
---|
81 | /* if returning partial, success=0, and credential is not NULL */ |
---|
82 | if (credentials != NULL && credentials[0] != NULL) { |
---|
83 | puts("credentials needed :"); |
---|
84 | for (i = 0; credentials[i] != NULL; ++i) { |
---|
85 | cred = credentials[i]; |
---|
86 | abac_print_cred_info(cred,NULL); |
---|
87 | } |
---|
88 | } |
---|
89 | if(credentials) |
---|
90 | abac_free_credentials(credentials); |
---|
91 | |
---|
92 | /** limit at most 2 more fact solution proof **/ |
---|
93 | if(success && opts.all) { |
---|
94 | int n=2; |
---|
95 | while(n && success) { |
---|
96 | credentials = abac_context_query_again(ctx, &success); |
---|
97 | if (success) |
---|
98 | puts("another proof!!"); |
---|
99 | else puts("no more!!"); |
---|
100 | if (credentials != NULL && success) { |
---|
101 | puts("credentials needed :"); |
---|
102 | for (i = 0; credentials[i] != NULL; ++i) { |
---|
103 | cred = credentials[i]; |
---|
104 | abac_print_cred_info(cred,NULL); |
---|
105 | } |
---|
106 | } |
---|
107 | if(credentials) |
---|
108 | abac_free_credentials(credentials); |
---|
109 | n=n-1; |
---|
110 | } |
---|
111 | } |
---|
112 | |
---|
113 | abac_context_free(ctx); |
---|
114 | |
---|
115 | return 0; |
---|
116 | } |
---|