2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
16 #include <cynara-client.h>
17 #include <cynara-session.h>
19 #include "rmi/secure-erase.h"
20 #include "rmi/internal-encryption.h"
21 #include "rmi/external-encryption.h"
22 #include "key-manager/key-generator.h"
26 using namespace std::placeholders;
30 const std::string ODE_MANAGER_ADDRESS = "/tmp/.ode.sock";
32 std::unique_ptr<ode::SecureErase> secureErase;
33 std::unique_ptr<ode::InternalEncryption> internalEncryption;
34 std::unique_ptr<ode::ExternalEncryption> externalEncryption;
40 service.reset(new rmi::Service(ODE_MANAGER_ADDRESS));
42 service->setPrivilegeChecker(std::bind(&Server::checkPeerPrivilege, this, _1, _2));
44 secureErase.reset(new ode::SecureErase(*this));
45 internalEncryption.reset(new ode::InternalEncryption(*this));
46 externalEncryption.reset(new ode::ExternalEncryption(*this));
48 ode::KeyGenerator::init();
53 ode::KeyGenerator::cleanup();
58 // Prepare execution environment
62 void Server::terminate()
67 bool Server::checkPeerPrivilege(const rmi::Credentials& cred, const std::string& privilege)
71 if (privilege.empty()) {
75 if (::cynara_initialize(&p_cynara, NULL) != CYNARA_API_SUCCESS) {
76 ERROR("Failure in cynara API");
80 if (::cynara_check(p_cynara, cred.security.c_str(), "",
81 std::to_string(cred.uid).c_str(),
82 privilege.c_str()) != CYNARA_API_ACCESS_ALLOWED) {
83 ::cynara_finish(p_cynara);
84 ERROR("Access denied: " + cred.security + " : " + privilege);
88 ::cynara_finish(p_cynara);