github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/tao/guard.go (about) 1 // Copyright (c) 2013, Google Inc. All rights reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // This interface was derived from the code in src/tao/tao_guard.h. 16 17 package tao 18 19 import ( 20 "errors" 21 22 "github.com/jlmucb/cloudproxy/go/tao/auth" 23 // "github.com/jlmucb/cloudproxy/go/util" 24 ) 25 26 // Guard is an interface for evaluating policy decisions. 27 type Guard interface { 28 // Subprincipal returns a unique subprincipal for this policy. 29 Subprincipal() auth.SubPrin 30 31 // Save writes all presistent policy data to disk, signed by key. 32 Save(key *Signer) error 33 34 // Authorize adds an authorization for a principal to perform an 35 // operation. 36 Authorize(name auth.Prin, op string, args []string) error 37 38 // Retract removes an authorization for a principal to perform an 39 // operation, essentially reversing the effect of an Authorize() call 40 // with identical name, op, and args. Note: this reverses the effect of 41 // an Authorize() call with identical parameters of the equivalent 42 // AddRule() call. However, particularly when expressive policies are 43 // supported (e.g., an "authorize all" rule), other rules may still be 44 // in place authorizing the principal to perform the operation. 45 Retract(name auth.Prin, op string, args []string) error 46 47 // IsAuthorized checks whether a principal is authorized to perform an 48 // operation. 49 IsAuthorized(name auth.Prin, op string, args []string) bool 50 51 // AddRule adds a policy rule. Subclasses should support at least rules 52 // of the form: Authorized(P, op, args...). This is equivalent to 53 // calling Authorize(P, op, args...) with each of the arguments 54 // converted to either a string or integer. 55 AddRule(rule string) error 56 57 // RetractRule removes a rule previously added via AddRule() or the 58 // equivalent Authorize() call. 59 RetractRule(rule string) error 60 61 // Clear removes all rules. 62 Clear() error 63 64 // Query the policy. Implementations of this interface should support 65 // at least queries of the form: Authorized(P, op, args...). 66 Query(query string) (bool, error) 67 68 // RuleCount returns a count of the total number of rules. 69 RuleCount() int 70 71 // GetRule returns the ith policy rule, if it exists. 72 GetRule(i int) string 73 74 // RuleDebugString returns a debug string for the ith policy rule, if 75 // it exists. 76 RuleDebugString(i int) string 77 78 // String returns a string suitable for showing users authorization 79 // info. 80 String() string 81 } 82 83 // A TrivialGuard implements a constant policy: either ConservativeGuard ("deny 84 // all") or LiberalGuard ("allow all"). 85 // TODO(kwalsh) make this a bool 86 type TrivialGuard int 87 88 // The types of TrivialGuard 89 const ( 90 ConservativeGuard TrivialGuard = 1 << iota 91 LiberalGuard 92 ) 93 94 // errTrivialGuard is the error returned for all non-trivial policy operations 95 // on the TrivialGuard. 96 var errTrivialGuard = errors.New("can't perform policy operations on TrivialGuard") 97 98 // Subprincipal returns subprincipal TrivialGuard(<policy>). 99 func (t TrivialGuard) Subprincipal() auth.SubPrin { 100 var policy string 101 switch t { 102 case ConservativeGuard: 103 policy = "Conservative" 104 case LiberalGuard: 105 policy = "Liberal" 106 default: 107 policy = "Unspecified" 108 } 109 e := auth.PrinExt{Name: "TrivialGuard", Arg: []auth.Term{auth.Str(policy)}} 110 return auth.SubPrin{e} 111 } 112 113 // Save writes all persistent policy data to disk, signed by key. 114 func (t TrivialGuard) Save(key *Signer) error { 115 return nil // nothing to save 116 } 117 118 // Authorize adds an authorization for a principal to perform an 119 // operation. 120 func (t TrivialGuard) Authorize(name auth.Prin, op string, args []string) error { 121 if t != LiberalGuard { 122 // FIX? 123 return errors.New("Can't authorize on this guard") 124 // return util.Logged(errTrivialGuard) 125 } 126 return nil 127 } 128 129 // Retract removes an authorization for a principal to perform an 130 // operation, essentially reversing the effect of an Authorize() call 131 // with identical name, op, and args. Note: this reverses the effect of 132 // an Authorize() call with identical parameters of the equivalent 133 // AddRule() call. However, particularly when expressive policies are 134 // supported (e.g., an "authorize all" rule), other rules may still be 135 // in place authorizing the principal to perform the operation. 136 func (t TrivialGuard) Retract(name auth.Prin, op string, args []string) error { 137 if t != ConservativeGuard { 138 // FIX? 139 return errors.New("Can't retract from this guard") 140 // return util.Logged(errTrivialGuard) 141 } 142 return nil 143 } 144 145 // IsAuthorized checks whether a principal is authorized to perform an 146 // operation. 147 func (t TrivialGuard) IsAuthorized(name auth.Prin, op string, args []string) bool { 148 switch t { 149 case ConservativeGuard: 150 return false 151 case LiberalGuard: 152 return true 153 default: 154 return false 155 } 156 } 157 158 // AddRule adds a policy rule. Subclasses should support at least rules 159 // of the form: Authorized(P, op, args...). This is equivalent to 160 // calling Authorize(P, op, args...) with each of the arguments 161 // converted to either a string or integer. 162 func (t TrivialGuard) AddRule(rule string) error { 163 if t != LiberalGuard { 164 // FIX? 165 return errors.New("Can't add on this guard") 166 // return util.Logged(errTrivialGuard) 167 } 168 return nil 169 } 170 171 // RetractRule removes a rule previously added via AddRule() or the 172 // equivalent Authorize() call. 173 func (t TrivialGuard) RetractRule(rule string) error { 174 if t != ConservativeGuard { 175 // FIX? 176 return errors.New("Can't retract rule from this guard") 177 // return util.Logged(errTrivialGuard) 178 } 179 return nil 180 } 181 182 // Clear removes all rules. 183 func (t TrivialGuard) Clear() error { 184 return nil 185 } 186 187 // Query the policy. Implementations of this interface should support 188 // at least queries of the form: Authorized(P, op, args...). 189 func (t TrivialGuard) Query(query string) (bool, error) { 190 switch t { 191 case ConservativeGuard: 192 return false, nil 193 case LiberalGuard: 194 return true, nil 195 default: 196 return false, nil 197 } 198 } 199 200 // RuleCount returns a count of the total number of rules. 201 func (t TrivialGuard) RuleCount() int { 202 return 1 203 } 204 205 // GetRule returns the ith policy rule, if it exists. 206 func (t TrivialGuard) GetRule(i int) string { 207 switch t { 208 case ConservativeGuard: 209 return "Deny All" 210 case LiberalGuard: 211 return "Allow All" 212 default: 213 return "Unspecified Policy" 214 } 215 } 216 217 // RuleDebugString returns a debug string for the ith policy rule, if 218 // it exists. 219 // TODO(kwalsh): build this into the auth library. 220 func (t TrivialGuard) RuleDebugString(i int) string { 221 switch t { 222 case ConservativeGuard: 223 return "Deny All" 224 case LiberalGuard: 225 return "Allow All" 226 default: 227 return "Unspecified Policy" 228 } 229 } 230 231 // String returns a string suitable for showing users authorization info. 232 func (t TrivialGuard) String() string { 233 switch t { 234 case ConservativeGuard: 235 return "Trivial Conservative Policy (a.k.a. \"deny all\")" 236 case LiberalGuard: 237 return "Trivial Liberal Policy (a.k.a. \"allow all\")" 238 default: 239 return "Unspecified Policy" 240 } 241 }