diff options
author | Rafal Krypa <r.krypa@samsung.com> | 2014-07-11 17:50:43 +0200 |
---|---|---|
committer | Gerrit Code Review <gerrit@review.vlan103.tizen.org> | 2014-07-18 13:06:13 -0700 |
commit | fa749491cb36afa924364e703b7d097546d17f36 (patch) | |
tree | acd802a92b87b60d9021ec9203311302d39eb326 | |
parent | b0cb6b55e919718401a3fea9a777c5ba737ccb7d (diff) | |
download | security-manager-fa749491cb36afa924364e703b7d097546d17f36.tar.gz security-manager-fa749491cb36afa924364e703b7d097546d17f36.tar.bz2 security-manager-fa749491cb36afa924364e703b7d097546d17f36.zip |
Cynara: implement method for setting policies
Change-Id: I65a1c54c6307a60fba383b9e376c8541908ded59
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
-rw-r--r-- | src/server/service/cynara.cpp | 71 | ||||
-rw-r--r-- | src/server/service/include/cynara.h | 29 |
2 files changed, 100 insertions, 0 deletions
diff --git a/src/server/service/cynara.cpp b/src/server/service/cynara.cpp index ab760ef8..7b1dbb8d 100644 --- a/src/server/service/cynara.cpp +++ b/src/server/service/cynara.cpp @@ -21,11 +21,68 @@ * @brief Wrapper class for Cynara interface */ +#include <cstring> #include <string> +#include <vector> #include "cynara.h" namespace SecurityManager { + +CynaraAdminPolicy::CynaraAdminPolicy(const std::string &client, const std::string &user, + const std::string &privilege, Operation operation, + const std::string &bucket) +{ + this->client = strdup(client.c_str()); + this->user = strdup(user.c_str()); + this->privilege = strdup(privilege.c_str()); + this->bucket = strdup(bucket.c_str()); + + if (this->bucket == nullptr || this->client == nullptr || + this->user == nullptr || this->privilege == nullptr) { + free(this->bucket); + free(this->client); + free(this->user); + free(this->privilege); + throw std::bad_alloc(); + } + + this->result = static_cast<int>(operation); + this->result_extra = nullptr; +} + +CynaraAdminPolicy::CynaraAdminPolicy(const std::string &client, const std::string &user, + const std::string &privilege, const std::string &goToBucket, + const std::string &bucket) +{ + this->bucket = strdup(bucket.c_str()); + this->client = strdup(client.c_str()); + this->user = strdup(user.c_str()); + this->privilege = strdup(privilege.c_str()); + this->result_extra = strdup(goToBucket.c_str()); + this->result = CYNARA_ADMIN_BUCKET; + + if (this->bucket == nullptr || this->client == nullptr || + this->user == nullptr || this->privilege == nullptr || + this->result_extra == nullptr) { + free(this->bucket); + free(this->client); + free(this->user); + free(this->privilege); + free(this->result_extra); + throw std::bad_alloc(); + } +} + +CynaraAdminPolicy::~CynaraAdminPolicy() +{ + free(this->bucket); + free(this->client); + free(this->user); + free(this->privilege); + free(this->result_extra); +} + static void checkCynaraAdminError(int result, const std::string &msg) { switch (result) { @@ -54,4 +111,18 @@ CynaraAdmin::~CynaraAdmin() cynara_admin_finish(m_CynaraAdmin); } +void CynaraAdmin::SetPolicies(const std::vector<CynaraAdminPolicy> &policies) +{ + std::vector<const struct cynara_admin_policy *> pp_policies(policies.size() + 1); + + for (std::size_t i = 0; i < policies.size(); ++i) + pp_policies[i] = static_cast<const struct cynara_admin_policy *>(&policies[i]); + + pp_policies[policies.size()] = nullptr; + + checkCynaraAdminError( + cynara_admin_set_policies(m_CynaraAdmin, pp_policies.data()), + "Error while updating Cynara policy."); +} + } // namespace SecurityManager diff --git a/src/server/service/include/cynara.h b/src/server/service/include/cynara.h index e11b1335..b9ef6edf 100644 --- a/src/server/service/include/cynara.h +++ b/src/server/service/include/cynara.h @@ -26,6 +26,7 @@ #include <cynara-admin.h> #include <dpl/exception.h> +#include <string> namespace SecurityManager { @@ -39,12 +40,40 @@ public: DECLARE_EXCEPTION_TYPE(Base, UnknownError) }; +struct CynaraAdminPolicy : cynara_admin_policy +{ + enum class Operation { + Deny = CYNARA_ADMIN_DENY, + Allow = CYNARA_ADMIN_ALLOW, + Delete = CYNARA_ADMIN_DELETE, + Bucket = CYNARA_ADMIN_BUCKET, + }; + + CynaraAdminPolicy(const std::string &client, const std::string &user, + const std::string &privilege, Operation operation, + const std::string &bucket = std::string(CYNARA_ADMIN_DEFAULT_BUCKET)); + + CynaraAdminPolicy(const std::string &client, const std::string &user, + const std::string &privilege, const std::string &goToBucket, + const std::string &bucket = std::string(CYNARA_ADMIN_DEFAULT_BUCKET)); + + ~CynaraAdminPolicy(); +}; + class CynaraAdmin { public: CynaraAdmin(); virtual ~CynaraAdmin(); + /** + * Update Cynara policies. + * Caller must have permission to access Cynara administrative socket. + * + * @param policies vector of CynaraAdminPolicy objects to send to Cynara + */ + void SetPolicies(const std::vector<CynaraAdminPolicy> &policies); + private: struct cynara_admin *m_CynaraAdmin; }; |