Add access API to the control service.

Change-Id: I7145853938394f14997b6a4311b7476ab34f280d
author: Maciej J. Karpiuk <m.karpiuk2@samsung.com> 2014-10-01 14:56:58 +0200
committer: Bartlomiej Grzelewski <b.grzelewski@samsung.com> 2014-10-16 15:44:30 +0200
commit: 228e9287f2de3f6282d207e3a53034ec03f5f57e (patch)
tree: a1ec35567f0a478a9c4c529fccb68f300a30f3e2
parent: 4cf6e9564b53b247625b561a143a26b465be1db9 (diff)
download: key-manager-228e9287f2de3f6282d207e3a53034ec03f5f57e.tar.gz
key-manager-228e9287f2de3f6282d207e3a53034ec03f5f57e.tar.bz2
key-manager-228e9287f2de3f6282d207e3a53034ec03f5f57e.zip
5 files changed, 141 insertions, 35 deletions
diff --git a/src/manager/client/client-control.cpp b/src/manager/client/client-control.cpp
index 2938a562..af80df9e 100644
--- a/src/manager/client/client-control.cpp
+++ b/src/manager/client/client-control.cpp
@@ -217,21 +217,70 @@ public:
         });
     }
 
-    virtual int allowAccess(uid_t /*user*/,
-                            const std::string &/*owner*/,
-                            const std::string &/*alias*/,
-                            const std::string &/*accessor*/,
-                            AccessRight /*granted*/)
+    virtual int allowAccess(uid_t user,
+                            const std::string &owner,
+                            const std::string &alias,
+                            const std::string &accessor,
+                            AccessRight granted)
     {
-        return CKM_API_ERROR_UNKNOWN;
+        return try_catch([&] {
+            MessageBuffer send, recv;
+            Serialization::Serialize(send, static_cast<int>(ControlCommand::ALLOW_ACCESS));
+            Serialization::Serialize(send, static_cast<int>(user));
+            Serialization::Serialize(send, owner);
+            Serialization::Serialize(send, alias);
+            Serialization::Serialize(send, accessor);
+            Serialization::Serialize(send, static_cast<int>(granted));
+
+            int retCode = sendToServer(
+                    SERVICE_SOCKET_CKM_CONTROL,
+                send.Pop(),
+                recv);
+
+            if (CKM_API_SUCCESS != retCode) {
+                return retCode;
+            }
+
+            int command;
+            int counter;
+            Deserialization::Deserialize(recv, command);
+            Deserialization::Deserialize(recv, counter);
+            Deserialization::Deserialize(recv, retCode);
+
+            return retCode;
+        });
     }
 
-    virtual int denyAccess(uid_t /*user*/,
-                           const std::string &/*owner*/,
-                           const std::string &/*alias*/,
-                           const std::string &/*accessor*/)
+    virtual int denyAccess(uid_t user,
+                           const std::string &owner,
+                           const std::string &alias,
+                           const std::string &accessor)
     {
-        return CKM_API_ERROR_UNKNOWN;
+        return try_catch([&] {
+            MessageBuffer send, recv;
+            Serialization::Serialize(send, static_cast<int>(ControlCommand::DENY_ACCESS));
+            Serialization::Serialize(send, static_cast<int>(user));
+            Serialization::Serialize(send, owner);
+            Serialization::Serialize(send, alias);
+            Serialization::Serialize(send, accessor);
+
+            int retCode = sendToServer(
+                    SERVICE_SOCKET_CKM_CONTROL,
+                send.Pop(),
+                recv);
+
+            if (CKM_API_SUCCESS != retCode) {
+                return retCode;
+            }
+
+            int command;
+            int counter;
+            Deserialization::Deserialize(recv, command);
+            Deserialization::Deserialize(recv, counter);
+            Deserialization::Deserialize(recv, retCode);
+
+            return retCode;
+        });
     }
 
     virtual ~ControlImpl(){}
diff --git a/src/manager/common/protocols.h b/src/manager/common/protocols.h
index 07147130..3f4cec00 100644
--- a/src/manager/common/protocols.h
+++ b/src/manager/common/protocols.h
@@ -40,7 +40,10 @@ enum class ControlCommand : int {
     CHANGE_USER_PASSWORD,
     RESET_USER_PASSWORD,
     REMOVE_APP_DATA,
-    SET_CC_MODE
+    SET_CC_MODE,
+    ALLOW_ACCESS,
+    DENY_ACCESS,
+    // for backward compatibility append new at the end
 };
 
 enum class LogicCommand : int {
@@ -57,7 +60,7 @@ enum class LogicCommand : int {
     CREATE_KEY_PAIR_DSA,
     ALLOW_ACCESS,
     DENY_ACCESS,
-    // for backward compatibility append new on the end
+    // for backward compatibility append new at the end
 };
 
 // Do not use DB_KEY_FIRST and DB_KEY_LAST in the code.
diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index 29a70623..41b2db5f 100644
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -827,7 +827,8 @@ RawBuffer CKMLogic::verifySignature(
 
 RawBuffer CKMLogic::allowAccess(
         Credentials &cred,
-        int commandId,
+        int command,
+        int msgID,
         const Alias &item_alias,
         const std::string &accessor_label,
         const AccessRight req_rights)
@@ -853,8 +854,8 @@ RawBuffer CKMLogic::allowAccess(
     }
 
     MessageBuffer response;
-    Serialization::Serialize(response, static_cast<int>(LogicCommand::ALLOW_ACCESS));
-    Serialization::Serialize(response, commandId);
+    Serialization::Serialize(response, command);
+    Serialization::Serialize(response, msgID);
     Serialization::Serialize(response, retCode);
 
     return response.Pop();
@@ -862,7 +863,8 @@ RawBuffer CKMLogic::allowAccess(
 
 RawBuffer CKMLogic::denyAccess(
         Credentials &cred,
-        int commandId,
+        int command,
+        int msgID,
         const Alias &item_alias,
         const std::string &accessor_label)
 {
@@ -887,8 +889,8 @@ RawBuffer CKMLogic::denyAccess(
     }
 
     MessageBuffer response;
-    Serialization::Serialize(response, static_cast<int>(LogicCommand::DENY_ACCESS));
-    Serialization::Serialize(response, commandId);
+    Serialization::Serialize(response, command);
+    Serialization::Serialize(response, msgID);
     Serialization::Serialize(response, retCode);
 
     return response.Pop();
diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h
index 017d0f06..2bf3c409 100644
--- a/src/manager/service/ckm-logic.h
+++ b/src/manager/service/ckm-logic.h
@@ -138,14 +138,16 @@ public:
 
     RawBuffer allowAccess(
         Credentials &cred,
-        int commandId,
+        int command,
+        int msgID,
         const Alias &item_alias,
         const std::string &accessor_label,
         const AccessRight req_rights);
 
     RawBuffer denyAccess(
         Credentials &cred,
-        int commandId,
+        int command,
+        int msgID,
         const Alias &item_alias,
         const std::string &accessor_label);
 
diff --git a/src/manager/service/ckm-service.cpp b/src/manager/service/ckm-service.cpp
index f9eb34d0..76bb2cf6 100644
--- a/src/manager/service/ckm-service.cpp
+++ b/src/manager/service/ckm-service.cpp
@@ -145,20 +145,68 @@ RawBuffer CKMService::processControl(MessageBuffer &buffer) {
     case ControlCommand::SET_CC_MODE:
         Deserialization::Deserialize(buffer, cc_mode_status);
         return m_logic->setCCModeStatus(static_cast<CCModeState>(cc_mode_status));
+    case ControlCommand::ALLOW_ACCESS:
+    {
+        std::string owner;
+        std::string item_alias;
+        std::string accessor_label;
+        int req_rights;
+
+        Deserialization::Deserialize(buffer, user);
+        Deserialization::Deserialize(buffer, owner);
+        Deserialization::Deserialize(buffer, item_alias);
+        Deserialization::Deserialize(buffer, accessor_label);
+        Deserialization::Deserialize(buffer, req_rights);
+        Credentials cred =
+            {
+                user,
+                owner
+            };
+        return m_logic->allowAccess(
+            cred,
+            command,
+            0, // dummy
+            item_alias,
+            accessor_label,
+            static_cast<AccessRight>(req_rights));
+    }
+    case ControlCommand::DENY_ACCESS:
+    {
+        std::string owner;
+        std::string item_alias;
+        std::string accessor_label;
+
+        Deserialization::Deserialize(buffer, user);
+        Deserialization::Deserialize(buffer, owner);
+        Deserialization::Deserialize(buffer, item_alias);
+        Deserialization::Deserialize(buffer, accessor_label);
+        Credentials cred =
+            {
+                user,
+                owner
+            };
+        return m_logic->denyAccess(
+            cred,
+            command,
+            0, // dummy
+            item_alias,
+            accessor_label);
+    }
     default:
         Throw(Exception::BrokenProtocol);
     }
 }
 
-RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
+RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer)
+{
     int command;
-    int commandId;
+    int msgID;
     int tmpDataType;
     Alias alias;
     std::string user;
 
     Deserialization::Deserialize(buffer, command);
-    Deserialization::Deserialize(buffer, commandId);
+    Deserialization::Deserialize(buffer, msgID);
 
     // This is a workaround solution for locktype=None in Tizen 2.2.1
     // When locktype is None, lockscreen app doesn't interfere with unlocking process.
@@ -181,7 +229,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
             Deserialization::Deserialize(buffer, policy);
             return m_logic->saveData(
                 cred,
-                commandId,
+                msgID,
                 static_cast<DBDataType>(tmpDataType),
                 alias,
                 rawData,
@@ -193,7 +241,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
             Deserialization::Deserialize(buffer, alias);
             return m_logic->removeData(
                 cred,
-                commandId,
+                msgID,
                 static_cast<DBDataType>(tmpDataType),
                 alias);
         }
@@ -205,7 +253,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
             Deserialization::Deserialize(buffer, password);
             return m_logic->getData(
                 cred,
-                commandId,
+                msgID,
                 static_cast<DBDataType>(tmpDataType),
                 alias,
                 password);
@@ -215,7 +263,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
             Deserialization::Deserialize(buffer, tmpDataType);
             return m_logic->getDataList(
                 cred,
-                commandId,
+                msgID,
                 static_cast<DBDataType>(tmpDataType));
         }
         case LogicCommand::CREATE_KEY_PAIR_RSA:
@@ -235,7 +283,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
             return m_logic->createKeyPair(
                 cred,
                 static_cast<LogicCommand>(command),
-                commandId,
+                msgID,
                 additional_param,
                 privateKeyAlias,
                 publicKeyAlias,
@@ -250,7 +298,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
             Deserialization::Deserialize(buffer, rawBufferVector);
             return m_logic->getCertificateChain(
                 cred,
-                commandId,
+                msgID,
                 certificate,
                 rawBufferVector);
         }
@@ -262,7 +310,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
             Deserialization::Deserialize(buffer, aliasVector);
             return m_logic->getCertificateChain(
                 cred,
-                commandId,
+                msgID,
                 certificate,
                 aliasVector);
         }
@@ -280,7 +328,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
 
             return m_logic->createSignature(
                   cred,
-                  commandId,
+                  msgID,
                   privateKeyAlias,
                   password,           // password for private_key
                   message,
@@ -304,7 +352,7 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
             Deserialization::Deserialize(buffer, padding);
             return m_logic->verifySignature(
                 cred,
-                commandId,
+                msgID,
                 publicKeyOrCertAlias,
                 password,           // password for public_key (optional)
                 message,
@@ -322,7 +370,8 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
             Deserialization::Deserialize(buffer, req_rights);
             return m_logic->allowAccess(
                 cred,
-                commandId,
+                command,
+                msgID,
                 item_alias,
                 accessor_label,
                 static_cast<AccessRight>(req_rights));
@@ -335,7 +384,8 @@ RawBuffer CKMService::processStorage(Credentials &cred, MessageBuffer &buffer){
             Deserialization::Deserialize(buffer, accessor_label);
             return m_logic->denyAccess(
                 cred,
-                commandId,
+                command,
+                msgID,
                 item_alias,
                 accessor_label);
         }
author	Maciej J. Karpiuk <m.karpiuk2@samsung.com>	2014-10-01 14:56:58 +0200
committer	Bartlomiej Grzelewski <b.grzelewski@samsung.com>	2014-10-16 15:44:30 +0200
commit	228e9287f2de3f6282d207e3a53034ec03f5f57e (patch)
tree	a1ec35567f0a478a9c4c529fccb68f300a30f3e2
parent	4cf6e9564b53b247625b561a143a26b465be1db9 (diff)
download	key-manager-228e9287f2de3f6282d207e3a53034ec03f5f57e.tar.gz key-manager-228e9287f2de3f6282d207e3a53034ec03f5f57e.tar.bz2 key-manager-228e9287f2de3f6282d207e3a53034ec03f5f57e.zip