Cynara: implement method for setting policies

Change-Id: I65a1c54c6307a60fba383b9e376c8541908ded59 Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
author: Rafal Krypa <r.krypa@samsung.com> 2014-07-11 17:50:43 +0200
committer: Gerrit Code Review <gerrit@review.vlan103.tizen.org> 2014-07-18 13:06:13 -0700
commit: fa749491cb36afa924364e703b7d097546d17f36 (patch)
tree: acd802a92b87b60d9021ec9203311302d39eb326
parent: b0cb6b55e919718401a3fea9a777c5ba737ccb7d (diff)
download: security-manager-fa749491cb36afa924364e703b7d097546d17f36.tar.gz
security-manager-fa749491cb36afa924364e703b7d097546d17f36.tar.bz2
security-manager-fa749491cb36afa924364e703b7d097546d17f36.zip
2 files changed, 100 insertions, 0 deletions
diff --git a/src/server/service/cynara.cpp b/src/server/service/cynara.cpp
index ab760ef8..7b1dbb8d 100644
--- a/src/server/service/cynara.cpp
+++ b/src/server/service/cynara.cpp
@@ -21,11 +21,68 @@
  * @brief       Wrapper class for Cynara interface
  */
 
+#include <cstring>
 #include <string>
+#include <vector>
 #include "cynara.h"
 
 namespace SecurityManager {
 
+
+CynaraAdminPolicy::CynaraAdminPolicy(const std::string &client, const std::string &user,
+        const std::string &privilege, Operation operation,
+        const std::string &bucket)
+{
+    this->client = strdup(client.c_str());
+    this->user = strdup(user.c_str());
+    this->privilege = strdup(privilege.c_str());
+    this->bucket = strdup(bucket.c_str());
+
+    if (this->bucket == nullptr || this->client == nullptr ||
+        this->user == nullptr || this->privilege == nullptr) {
+        free(this->bucket);
+        free(this->client);
+        free(this->user);
+        free(this->privilege);
+        throw std::bad_alloc();
+    }
+
+    this->result = static_cast<int>(operation);
+    this->result_extra = nullptr;
+}
+
+CynaraAdminPolicy::CynaraAdminPolicy(const std::string &client, const std::string &user,
+    const std::string &privilege, const std::string &goToBucket,
+    const std::string &bucket)
+{
+    this->bucket = strdup(bucket.c_str());
+    this->client = strdup(client.c_str());
+    this->user = strdup(user.c_str());
+    this->privilege = strdup(privilege.c_str());
+    this->result_extra = strdup(goToBucket.c_str());
+    this->result = CYNARA_ADMIN_BUCKET;
+
+    if (this->bucket == nullptr || this->client == nullptr ||
+        this->user == nullptr || this->privilege == nullptr ||
+        this->result_extra == nullptr) {
+        free(this->bucket);
+        free(this->client);
+        free(this->user);
+        free(this->privilege);
+        free(this->result_extra);
+        throw std::bad_alloc();
+    }
+}
+
+CynaraAdminPolicy::~CynaraAdminPolicy()
+{
+    free(this->bucket);
+    free(this->client);
+    free(this->user);
+    free(this->privilege);
+    free(this->result_extra);
+}
+
 static void checkCynaraAdminError(int result, const std::string &msg)
 {
     switch (result) {
@@ -54,4 +111,18 @@ CynaraAdmin::~CynaraAdmin()
     cynara_admin_finish(m_CynaraAdmin);
 }
 
+void CynaraAdmin::SetPolicies(const std::vector<CynaraAdminPolicy> &policies)
+{
+    std::vector<const struct cynara_admin_policy *> pp_policies(policies.size() + 1);
+
+    for (std::size_t i = 0; i < policies.size(); ++i)
+        pp_policies[i] = static_cast<const struct cynara_admin_policy *>(&policies[i]);
+
+    pp_policies[policies.size()] = nullptr;
+
+    checkCynaraAdminError(
+        cynara_admin_set_policies(m_CynaraAdmin, pp_policies.data()),
+        "Error while updating Cynara policy.");
+}
+
 } // namespace SecurityManager
diff --git a/src/server/service/include/cynara.h b/src/server/service/include/cynara.h
index e11b1335..b9ef6edf 100644
--- a/src/server/service/include/cynara.h
+++ b/src/server/service/include/cynara.h
@@ -26,6 +26,7 @@
 
 #include <cynara-admin.h>
 #include <dpl/exception.h>
+#include <string>
 
 namespace SecurityManager {
 
@@ -39,12 +40,40 @@ public:
     DECLARE_EXCEPTION_TYPE(Base, UnknownError)
 };
 
+struct CynaraAdminPolicy : cynara_admin_policy
+{
+    enum class Operation {
+        Deny = CYNARA_ADMIN_DENY,
+        Allow = CYNARA_ADMIN_ALLOW,
+        Delete = CYNARA_ADMIN_DELETE,
+        Bucket = CYNARA_ADMIN_BUCKET,
+    };
+
+    CynaraAdminPolicy(const std::string &client, const std::string &user,
+        const std::string &privilege, Operation operation,
+        const std::string &bucket = std::string(CYNARA_ADMIN_DEFAULT_BUCKET));
+
+    CynaraAdminPolicy(const std::string &client, const std::string &user,
+        const std::string &privilege, const std::string &goToBucket,
+        const std::string &bucket = std::string(CYNARA_ADMIN_DEFAULT_BUCKET));
+
+    ~CynaraAdminPolicy();
+};
+
 class CynaraAdmin
 {
 public:
     CynaraAdmin();
     virtual ~CynaraAdmin();
 
+    /**
+     * Update Cynara policies.
+     * Caller must have permission to access Cynara administrative socket.
+     *
+     * @param policies vector of CynaraAdminPolicy objects to send to Cynara
+     */
+    void SetPolicies(const std::vector<CynaraAdminPolicy> &policies);
+
 private:
     struct cynara_admin *m_CynaraAdmin;
 };
author	Rafal Krypa <r.krypa@samsung.com>	2014-07-11 17:50:43 +0200
committer	Gerrit Code Review <gerrit@review.vlan103.tizen.org>	2014-07-18 13:06:13 -0700
commit	fa749491cb36afa924364e703b7d097546d17f36 (patch)
tree	acd802a92b87b60d9021ec9203311302d39eb326
parent	b0cb6b55e919718401a3fea9a777c5ba737ccb7d (diff)
download	security-manager-fa749491cb36afa924364e703b7d097546d17f36.tar.gz security-manager-fa749491cb36afa924364e703b7d097546d17f36.tar.bz2 security-manager-fa749491cb36afa924364e703b7d097546d17f36.zip