diff options
author | Maciej J. Karpiuk <m.karpiuk2@samsung.com> | 2014-10-01 14:56:58 +0200 |
---|---|---|
committer | Bartlomiej Grzelewski <b.grzelewski@samsung.com> | 2014-10-16 15:44:30 +0200 |
commit | 228e9287f2de3f6282d207e3a53034ec03f5f57e (patch) | |
tree | a1ec35567f0a478a9c4c529fccb68f300a30f3e2 | |
parent | 4cf6e9564b53b247625b561a143a26b465be1db9 (diff) | |
download | key-manager-228e9287f2de3f6282d207e3a53034ec03f5f57e.tar.gz key-manager-228e9287f2de3f6282d207e3a53034ec03f5f57e.tar.bz2 key-manager-228e9287f2de3f6282d207e3a53034ec03f5f57e.zip |
Add access API to the control service.
Change-Id: I7145853938394f14997b6a4311b7476ab34f280d
-rw-r--r-- | src/manager/client/client-control.cpp | 71 | ||||
-rw-r--r-- | src/manager/common/protocols.h | 7 | ||||
-rw-r--r-- | src/manager/service/ckm-logic.cpp | 14 | ||||
-rw-r--r-- | src/manager/service/ckm-logic.h | 6 | ||||
-rw-r--r-- | src/manager/service/ckm-service.cpp | 78 |
5 files changed, 141 insertions, 35 deletions
diff --git a/src/manager/client/client-control.cpp b/src/manager/client/client-control.cpp index 2938a562..af80df9e 100644 --- a/src/manager/client/client-control.cpp +++ b/src/manager/client/client-control.cpp @@ -217,21 +217,70 @@ public: }); } - virtual int allowAccess(uid_t /*user*/, - const std::string &/*owner*/, - const std::string &/*alias*/, - const std::string &/*accessor*/, - AccessRight /*granted*/) + virtual int allowAccess(uid_t user, + const std::string &owner, + const std::string &alias, + const std::string &accessor, + AccessRight granted) { - return CKM_API_ERROR_UNKNOWN; + return try_catch([&] { + MessageBuffer send, recv; + Serialization::Serialize(send, static_cast<int>(ControlCommand::ALLOW_ACCESS)); + Serialization::Serialize(send, static_cast<int>(user)); + Serialization::Serialize(send, owner); + Serialization::Serialize(send, alias); + Serialization::Serialize(send, accessor); + Serialization::Serialize(send, static_cast<int>(granted)); + + int retCode = sendToServer( + SERVICE_SOCKET_CKM_CONTROL, + send.Pop(), + recv); + + if (CKM_API_SUCCESS != retCode) { + return retCode; + } + + int command; + int counter; + Deserialization::Deserialize(recv, command); + Deserialization::Deserialize(recv, counter); + Deserialization::Deserialize(recv, retCode); + + return retCode; + }); } - virtual int denyAccess(uid_t /*user*/, - const std::string &/*owner*/, - const std::string &/*alias*/, - const std::string &/*accessor*/) + virtual int denyAccess(uid_t user, + const std::string &owner, + const std::string &alias, + const std::string &accessor) { - return CKM_API_ERROR_UNKNOWN; + return try_catch([&] { + MessageBuffer send, recv; + Serialization::Serialize(send, static_cast<int>(ControlCommand::DENY_ACCESS)); + Serialization::Serialize(send, static_cast<int>(user)); + Serialization::Serialize(send, owner); + Serialization::Serialize(send, alias); + Serialization::Serialize(send, accessor); + + int retCode = sendToServer( + SERVICE_SOCKET_CKM_CONTROL, + send.Pop(), + recv); + + if (CKM_API_SUCCESS != retCode) { + return retCode; + } + + int command; + int counter; + Deserialization::Deserialize(recv, command); + Deserialization::Deserialize(recv, counter); + Deserialization::Deserialize(recv, retCode); + + return retCode; + }); } virtual ~ControlImpl(){} diff --git a/src/manager/common/protocols.h b/src/manager/common/protocols.h index 07147130..3f4cec00 100644 --- a/src/manager/common/protocols.h +++ b/src/manager/common/protocols.h @@ -40,7 +40,10 @@ enum class ControlCommand : int { CHANGE_USER_PASSWORD, RESET_USER_PASSWORD, REMOVE_APP_DATA, - SET_CC_MODE + SET_CC_MODE, + ALLOW_ACCESS, + DENY_ACCESS, + // for backward compatibility append new at the end }; enum class LogicCommand : int { @@ -57,7 +60,7 @@ enum class LogicCommand : int { CREATE_KEY_PAIR_DSA, ALLOW_ACCESS, DENY_ACCESS, - // for backward compatibility append new on the end + // for backward compatibility append new at the end }; // Do not use DB_KEY_FIRST and DB_KEY_LAST in the code. diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp index 29a70623..41b2db5f 100644 --- a/src/manager/service/ckm-logic.cpp +++ b/src/manager/service/ckm-logic.cpp @@ -827,7 +827,8 @@ RawBuffer CKMLogic::verifySignature( RawBuffer CKMLogic::allowAccess( Credentials &cred, - int commandId, + int command, + int msgID, const Alias &item_alias, const std::string &accessor_label, const AccessRight req_rights) @@ -853,8 +854,8 @@ RawBuffer CKMLogic::allowAccess( } MessageBuffer response; - Serialization::Serialize(response, static_cast<int>(LogicCommand::ALLOW_ACCESS)); - Serialization::Serialize(response, commandId); + Serialization::Serialize(response, command); + Serialization::Serialize(response, msgID); Serialization::Serialize(response, retCode); return response.Pop(); @@ -862,7 +863,8 @@ RawBuffer CKMLogic::allowAccess( RawBuffer CKMLogic::denyAccess( Credentials &cred, - int commandId, + int command, + int msgID, const Alias &item_alias, const std::string &accessor_label) { @@ -887,8 +889,8 @@ RawBuffer CKMLogic::denyAccess( } MessageBuffer response; - Serialization::Serialize(response, static_cast<int>(LogicCommand::DENY_ACCESS)); - Serialization::Serialize(response, commandId); + Serialization::Serialize(response, command); + Serialization::Serialize(response, msgID); Serialization::Serialize(response, retCode); return response.Pop(); diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h index 017d0f06..2bf3c409 100644 --- a/src/manager/service/ckm-logic.h +++ b/src/manager/service/ckm-logic.h @@ -138,14 +138,16 @@ public: RawBuffer allowAccess( Credentials &cred, - int commandId, + int command, + int msgID, const Alias &item_alias, const std::string &accessor_label, const AccessRight req_rights); RawBuffer denyAccess( Credentials &cred, - int commandId, + int command, + int msgID, const Alias &item_alias, const std::string &accessor_label); diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp index f9eb34d0..76bb2cf6 100644 --- a/src/manager/service/ckm-service.cpp +++ b/src/manager/service/ckm-service.cpp @@ -145,20 +145,68 @@ RawBuffer CKMService::processControl(MessageBuffer &buffer) { case ControlCommand::SET_CC_MODE: Deserialization::Deserialize(buffer, cc_mode_status); return m_logic->setCCModeStatus(static_cast<CCModeState>(cc_mode_status)); + case ControlCommand::ALLOW_ACCESS: + { + std::string owner; + std::string item_alias; + std::string accessor_label; + int req_rights; + + Deserialization::Deserialize(buffer, user); + Deserialization::Deserialize(buffer, owner); + Deserialization::Deserialize(buffer, item_alias); + Deserialization::Deserialize(buffer, accessor_label); + Deserialization::Deserialize(buffer, req_rights); + Credentials cred = + { + user, + owner + }; + return m_logic->allowAccess( + cred, + command, + 0, // dummy + item_alias, + accessor_label, + static_cast<AccessRight>(req_rights)); + } + case ControlCommand::DENY_ACCESS: + { + std::string owner; + std::string item_alias; + std::string accessor_label; + + Deserialization::Deserialize(buffer, user); + Deserialization::Deserialize(buffer, owner); + Deserialization::Deserialize(buffer, item_alias); + Deserialization::Deserialize(buffer, accessor_label); + Credentials cred = + { + user, + owner + }; + return m_logic->denyAccess( + cred, + command, + 0, // dummy + item_alias, + accessor_label); + } default: Throw(Exception::BrokenProtocol); } } -RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ +RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer) +{ int command; - int commandId; + int msgID; int tmpDataType; Alias alias; std::string user; Deserialization::Deserialize(buffer, command); - Deserialization::Deserialize(buffer, commandId); + Deserialization::Deserialize(buffer, msgID); // This is a workaround solution for locktype=None in Tizen 2.2.1 // When locktype is None, lockscreen app doesn't interfere with unlocking process. @@ -181,7 +229,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ Deserialization::Deserialize(buffer, policy); return m_logic->saveData( cred, - commandId, + msgID, static_cast<DBDataType>(tmpDataType), alias, rawData, @@ -193,7 +241,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ Deserialization::Deserialize(buffer, alias); return m_logic->removeData( cred, - commandId, + msgID, static_cast<DBDataType>(tmpDataType), alias); } @@ -205,7 +253,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ Deserialization::Deserialize(buffer, password); return m_logic->getData( cred, - commandId, + msgID, static_cast<DBDataType>(tmpDataType), alias, password); @@ -215,7 +263,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ Deserialization::Deserialize(buffer, tmpDataType); return m_logic->getDataList( cred, - commandId, + msgID, static_cast<DBDataType>(tmpDataType)); } case LogicCommand::CREATE_KEY_PAIR_RSA: @@ -235,7 +283,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ return m_logic->createKeyPair( cred, static_cast<LogicCommand>(command), - commandId, + msgID, additional_param, privateKeyAlias, publicKeyAlias, @@ -250,7 +298,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ Deserialization::Deserialize(buffer, rawBufferVector); return m_logic->getCertificateChain( cred, - commandId, + msgID, certificate, rawBufferVector); } @@ -262,7 +310,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ Deserialization::Deserialize(buffer, aliasVector); return m_logic->getCertificateChain( cred, - commandId, + msgID, certificate, aliasVector); } @@ -280,7 +328,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ return m_logic->createSignature( cred, - commandId, + msgID, privateKeyAlias, password, // password for private_key message, @@ -304,7 +352,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ Deserialization::Deserialize(buffer, padding); return m_logic->verifySignature( cred, - commandId, + msgID, publicKeyOrCertAlias, password, // password for public_key (optional) message, @@ -322,7 +370,8 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ Deserialization::Deserialize(buffer, req_rights); return m_logic->allowAccess( cred, - commandId, + command, + msgID, item_alias, accessor_label, static_cast<AccessRight>(req_rights)); @@ -335,7 +384,8 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){ Deserialization::Deserialize(buffer, accessor_label); return m_logic->denyAccess( cred, - commandId, + command, + msgID, item_alias, accessor_label); } |