Unify dulicated code regarding checking msg validity

[platform/core/multimedia/media-server.git] / lib / media-util-cynara.c

/*
 * Media Server
 *
 * Copyright (c) 2015 Samsung Electronics Co., Ltd. All rights reserved.
 *
 * Contact: Yong Yeon Kim <yy9875.kim@samsung.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

/**
 * This file contains Cynara integration code
 *
 * @file                media-util-cynara.c
 * @author      Jacek Bukarewicz (j.bukarewicz@samsung.com)
 * @version     1.0
 * @brief
 */

#include <glib.h>
#include <unistd.h>

#include <media-util-cynara.h>
#include <media-util-dbg.h>
#include <media-util-err.h>
#include <media-util-internal.h>

#include <cynara-client.h>
#include <cynara-session.h>
#include <cynara-error.h>
#include <cynara-creds-socket.h>

static cynara *_cynara = NULL;
static cynara_configuration *_p_conf = NULL;
G_LOCK_DEFINE_STATIC(cynara_mutex);

static void ms_cynara_dbg_err(const char *prefix, int error_code)
{
        char error_buffer[256];
        int err;
        error_buffer[0] = '\0';

        err = cynara_strerror(error_code, error_buffer, sizeof(error_buffer));
        if (err == CYNARA_API_SUCCESS)
                MSAPI_DBG_ERR("%s: %s", prefix, error_buffer);
        else
                MSAPI_DBG_ERR("%s: error code %i", prefix, error_code);
}

int ms_cynara_initialize(void)
{
        int ret = 0;

        ret = cynara_configuration_create(&_p_conf);
        if (ret != CYNARA_API_SUCCESS)  {
                ms_cynara_dbg_err("cynara_configuration_create", ret);
                return MS_MEDIA_ERR_INTERNAL;
        }
        ret = cynara_configuration_set_cache_size(_p_conf, 100);
        if (ret != CYNARA_API_SUCCESS)  {
                ms_cynara_dbg_err("cynara_configuration_set_cache_size", ret);
                return MS_MEDIA_ERR_INTERNAL;
        }
        ret = cynara_initialize(&_cynara, _p_conf);
        if (ret  != CYNARA_API_SUCCESS) {
                ms_cynara_dbg_err("cynara_initialize", ret);
                return MS_MEDIA_ERR_INTERNAL;
        }

        cynara_configuration_destroy(_p_conf);

        return MS_MEDIA_ERR_NONE;
}

void ms_cynara_finish(void)
{
        cynara_finish(_cynara);
        _cynara = NULL;
}

int ms_cynara_receive_untrusted_message(int sockfd, ms_comm_msg_s *recv_msg, ms_peer_credentials *credentials)
{
        int ret = 0;
        int recv_msg_size = 0;

        if (!recv_msg || !credentials)
                return MS_MEDIA_ERR_INVALID_PARAMETER;

        if ((recv_msg_size = read(sockfd, recv_msg, sizeof(ms_comm_msg_s))) < 0) {
                MSAPI_DBG_STRERROR("recv failed");
                return MS_MEDIA_ERR_IPC;
        }

        MSAPI_RETVM_IF(!ms_ipc_is_valid_msg(recv_msg->msg), MS_MEDIA_ERR_IPC, "Invalid msg");

        MSAPI_DBG_SLOG("receive msg from P[%d] T[%d] M[%.*s] S[%.*s]", recv_msg->pid, recv_msg->msg_type, MAX_MSG_SIZE, recv_msg->msg, MS_UUID_SIZE, recv_msg->storage_id);

        if (strlen(recv_msg->storage_id) >= MS_UUID_SIZE) {
                MSAPI_DBG_ERR("IPC message is wrong. storage_id size is over MS_UUID_SIZE");
                return MS_MEDIA_ERR_IPC;
        }

        ret = cynara_creds_socket_get_pid(sockfd, &(credentials->pid));
        MSAPI_RETVM_IF(ret != 0, MS_MEDIA_ERR_INTERNAL, "[CYNARA]Failed to get pid");

        ret = cynara_creds_socket_get_user(sockfd, USER_METHOD_UID, &(credentials->uid));
        MSAPI_RETVM_IF(ret != 0, MS_MEDIA_ERR_INTERNAL, "[CYNARA]Failed to get uid");

        ret = cynara_creds_socket_get_client(sockfd, CLIENT_METHOD_SMACK, &(credentials->smack));
        if (ret != 0) {
                MSAPI_DBG_ERR("[CYNARA]Failed to get smack");
                MS_SAFE_FREE(credentials->uid);

                return MS_MEDIA_ERR_INTERNAL;
        }

        return MS_MEDIA_ERR_NONE;
}

int ms_cynara_receive_untrusted_message_thumb(int sockfd, thumbMsg *recv_msg, ms_peer_credentials *credentials)
{
        int ret = 0;
        unsigned int header_size = 0;
        int recv_msg_size = 0;
        unsigned char *buf = NULL;

        if (!recv_msg || !credentials)
                return MS_MEDIA_ERR_INVALID_PARAMETER;

        header_size = sizeof(thumbMsg) - sizeof(unsigned char *);
        MS_MALLOC(buf, header_size);

        if ((recv_msg_size = recv(sockfd, buf, header_size, 0)) < 0) {
                MSAPI_DBG_STRERROR("recv failed");
                MS_SAFE_FREE(buf);
                return MS_MEDIA_ERR_IPC;
        }

        memcpy(recv_msg, buf, header_size);
        MS_SAFE_FREE(buf);

        /* Can be null (kill server msg) */
        if (strlen(recv_msg->org_path) >= MAX_FILEPATH_LEN) {
                MSAPI_DBG_ERR("org_path size is invlid[%zu]", strlen(recv_msg->org_path));
                return MS_MEDIA_ERR_IPC;
        }

        /* Can be null (raw request case) */
        if (strlen(recv_msg->dst_path) >= MAX_FILEPATH_LEN) {
                MSAPI_DBG_ERR("dst_path size is invlid[%zu]", strlen(recv_msg->dst_path));
                return MS_MEDIA_ERR_IPC;
        }

        ret = cynara_creds_socket_get_pid(sockfd, &(credentials->pid));
        MSAPI_RETVM_IF(ret != 0, MS_MEDIA_ERR_INTERNAL, "[CYNARA]Failed to get pid");

        ret = cynara_creds_socket_get_user(sockfd, USER_METHOD_UID, &(credentials->uid));
        MSAPI_RETVM_IF(ret != 0, MS_MEDIA_ERR_INTERNAL, "[CYNARA]Failed to get uid");

        ret = cynara_creds_socket_get_client(sockfd, CLIENT_METHOD_SMACK, &(credentials->smack));
        MSAPI_RETVM_IF(ret != 0, MS_MEDIA_ERR_INTERNAL, "[CYNARA]Failed to get smack");

        return MS_MEDIA_ERR_NONE;
}

int ms_cynara_check(const ms_peer_credentials *creds, const char *privilege)
{
        int result;
        char *session;

        if (!creds || !privilege)
                return MS_MEDIA_ERR_INVALID_PARAMETER;

        session = cynara_session_from_pid(creds->pid);
        MSAPI_RETVM_IF(session == NULL, MS_MEDIA_ERR_INTERNAL, "cynara_session_from_pid failed");

        G_LOCK(cynara_mutex);
        result = cynara_check(_cynara, creds->smack, session, creds->uid, privilege);
        G_UNLOCK(cynara_mutex);

        if (result != CYNARA_API_ACCESS_ALLOWED)
                ms_cynara_dbg_err("cynara_check", result);

        MS_SAFE_FREE(session);
        return result == CYNARA_API_ACCESS_ALLOWED ? MS_MEDIA_ERR_NONE : MS_MEDIA_ERR_PERMISSION_DENIED;
}

int ms_cynara_enable_credentials_passing(int fd)
{
        const int optval = 1;
        int err;

        err = setsockopt(fd, SOL_SOCKET, SO_PASSSEC, &optval, sizeof(optval));
        MSAPI_RETVM_IF(err != 0, MS_MEDIA_ERR_IPC, "Failed to set SO_PASSSEC socket option");

        err = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &optval, sizeof(optval));
        MSAPI_RETVM_IF(err != 0, MS_MEDIA_ERR_IPC, "Failed to set SO_PASSCRED socket option");

        return MS_MEDIA_ERR_NONE;
}