コード例 #1
0
ファイル: tao_admin.go プロジェクト: tmroeder/cloudproxy
func createDomain() {
	dt := template()
	if dt.Config.DomainInfo.GetPolicyKeysPath() == "" {
		options.Usage("Must supply a policy_keys_path in the domain configuration")
	}

	pwd := getKey("domain policy key password", "pass")

	domain, err := tao.CreateDomain(*dt.Config, configPath(), pwd)
	options.FailIf(err, "Can't create domain")

	if domain.Config.DomainInfo.GetGuardType() == "Datalog" {
		// Add any rules specified in the domain template.
		for _, rule := range dt.DatalogRules {
			err := domain.Guard.AddRule(rule)
			options.FailIf(err, "Can't add rule to domain")
		}
	} else if domain.Config.DomainInfo.GetGuardType() == "ACLs" {
		for _, rule := range dt.AclRules {
			err := domain.Guard.AddRule(rule)
			options.FailIf(err, "Can't add rule to domain")
		}
	}

	err = domain.Save()
	options.FailIf(err, "Can't save domain")

	// Optionally, create a public cached domain.
	if addr := *options.String["pub_domain_address"]; addr != "" {
		net := *options.String["pub_domain_network"]
		ttl := *options.Duration["pub_domain_ttl"]
		_, err = domain.CreatePublicCachedDomain(net, addr, int64(ttl))
		options.FailIf(err, "Can't create public cached domain")
	}
}
コード例 #2
0
ファイル: domain_server.go プロジェクト: tmroeder/cloudproxy
func createDomain() (*tao.Domain, *x509.CertPool, error) {
	var cfg tao.DomainConfig
	d, err := ioutil.ReadFile(*configPath)
	if err != nil {
		return nil, nil, err
	}
	if err := proto.UnmarshalText(string(d), &cfg); err != nil {
		return nil, nil, err
	}
	domain, err := tao.CreateDomain(cfg, *configPath, []byte(*domainPass))
	if domain == nil {
		log.Printf("domainserver: no domain path - %s, pass - %s, err - %s\n",
			*configPath, *domainPass, err)
		return nil, nil, err
	} else if err != nil {
		log.Printf("domainserver: Couldn't load the config path %s: %s\n",
			*configPath, err)
		return nil, nil, err
	}
	log.Printf("domainserver: Created domain\n")
	err = domain_service.InitAcls(domain, *trustedEntitiesPath)
	if err != nil {
		return nil, nil, err
	}
	err = domain.Save()
	if err != nil {
		return nil, nil, err
	}
	certPool := x509.NewCertPool()
	certPool.AddCert(domain.Keys.Cert)
	return domain, certPool, nil
}
コード例 #3
0
ファイル: mixnet_test.go プロジェクト: kevinawalsh/cloudproxy
func makeTrivialDomain(configDir string) (*tao.Domain, error) {
	var policyDomainConfig tao.DomainConfig
	policyDomainConfig.SetDefaults()
	policyDomainConfig.DomainInfo.GuardType = proto.String("AllowAll")
	configPath := path.Join(configDir, "tao.config")
	return tao.CreateDomain(policyDomainConfig, configPath, password)
}
コード例 #4
0
func TestInitAcls(t *testing.T) {
	if _, err := os.Stat("./tmpdir"); os.IsNotExist(err) {
		err = os.Mkdir("./tmpdir", 0777)
		if err != nil {
			t.Fatal(err)
		}
	}
	trustedEntities := TrustedEntities{
		TrustedProgramTaoNames: []string{fmt.Sprintf("%v", programName)},
		TrustedHostTaoNames:    []string{fmt.Sprintf("%v", hostName)},
		TrustedMachineInfos:    []string{machineName}}
	f, err := os.Create("./tmpdir/TrustedEntities")
	if err != nil {
		t.Fatal(err)
	}
	err = proto.MarshalText(f, &trustedEntities)
	if err != nil {
		t.Fatal(err)
	}
	err = f.Close()
	if err != nil {
		t.Fatal(err)
	}
	aclGuardType := "ACLs"
	aclGuardPath := "acls"
	cfg := tao.DomainConfig{
		DomainInfo: &tao.DomainDetails{
			GuardType: &aclGuardType},
		AclGuardInfo: &tao.ACLGuardDetails{
			SignedAclsPath: &aclGuardPath}}
	domain, err := tao.CreateDomain(cfg, "./tmpdir/domain", []byte("xxx"))
	if err != nil {
		t.Fatal(err)
	}
	err = InitAcls(domain, "./tmpdir/TrustedEntities")
	if err != nil {
		t.Fatal(err)
	}
	machinePrin := auth.Prin{
		Type:    "MachineInfo",
		KeyHash: auth.Str(machineName),
	}
	if !domain.Guard.IsAuthorized(*programName, "Execute", []string{}) ||
		!domain.Guard.IsAuthorized(*hostName, "Host", []string{}) ||
		!domain.Guard.IsAuthorized(machinePrin, "Root", []string{}) {
		t.Fatal("Authorization checks fail")
	}
	err = os.RemoveAll("./tmpdir")
	if err != nil {
		t.Fatal(err)
	}
}
コード例 #5
0
func setUpDomain(t *testing.T) *tao.Domain {
	var err error
	if _, err = os.Stat("./tmpdir"); os.IsNotExist(err) {
		err = os.Mkdir("./tmpdir", 0777)
		if err != nil {
			t.Fatal(err)
		}
	}
	aclGuardType := "ACLs"
	aclGuardPath := "acls"
	cfg := tao.DomainConfig{
		DomainInfo: &tao.DomainDetails{
			GuardType: &aclGuardType},
		AclGuardInfo: &tao.ACLGuardDetails{
			SignedAclsPath: &aclGuardPath}}
	domain, err := tao.CreateDomain(cfg, "./tmpdir/domain", []byte("xxx"))
	if err != nil {
		t.Fatal(err)
	}
	return domain
}