2 * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file src/service/logic/Logic.cpp
18 * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
19 * @author Zofia Abramowska <z.abramowska@samsung.com>
21 * @brief This file implements main class of logic layer in cynara service
33 #include <exceptions/BucketNotExistsException.h>
34 #include <exceptions/DatabaseException.h>
35 #include <exceptions/DefaultBucketDeletionException.h>
36 #include <exceptions/DefaultBucketSetNoneException.h>
37 #include <exceptions/InvalidBucketIdException.h>
38 #include <exceptions/PluginErrorException.h>
39 #include <exceptions/PluginNotFoundException.h>
40 #include <exceptions/UnexpectedErrorException.h>
41 #include <exceptions/UnknownPolicyTypeException.h>
42 #include <request/AdminCheckRequest.h>
43 #include <request/AgentActionRequest.h>
44 #include <request/AgentRegisterRequest.h>
45 #include <request/CancelRequest.h>
46 #include <request/CheckRequest.h>
47 #include <request/DescriptionListRequest.h>
48 #include <request/EraseRequest.h>
49 #include <request/InsertOrUpdateBucketRequest.h>
50 #include <request/ListRequest.h>
51 #include <request/RemoveBucketRequest.h>
52 #include <request/RequestContext.h>
53 #include <request/SetPoliciesRequest.h>
54 #include <request/SignalRequest.h>
55 #include <request/SimpleCheckRequest.h>
56 #include <response/AdminCheckResponse.h>
57 #include <response/AgentRegisterResponse.h>
58 #include <response/CancelResponse.h>
59 #include <response/CheckResponse.h>
60 #include <response/CodeResponse.h>
61 #include <response/DescriptionListResponse.h>
62 #include <response/ListResponse.h>
63 #include <response/SimpleCheckResponse.h>
64 #include <types/Policy.h>
66 #include <main/Cynara.h>
67 #include <agent/AgentManager.h>
68 #include <sockets/SocketManager.h>
69 #include <storage/Storage.h>
71 #include <cynara-plugin.h>
73 #include <cynara-agent.h>
85 void Logic::execute(RequestContextPtr context UNUSED, SignalRequestPtr request) {
86 LOGD("Processing signal: [%d]", request->signalNumber());
88 switch (request->signalNumber()) {
90 LOGI("SIGTERM received!");
91 m_socketManager->mainLoopStop();
96 void Logic::execute(RequestContextPtr context, AdminCheckRequestPtr request) {
98 bool bucketValid = true;
100 result = m_storage->checkPolicy(request->key(), request->startBucket(),
101 request->recursive());
102 } catch (const BucketNotExistsException &ex) {
106 context->returnResponse(context, std::make_shared<AdminCheckResponse>(result, bucketValid,
107 request->sequenceNumber()));
110 void Logic::execute(RequestContextPtr context, AgentActionRequestPtr request) {
111 AgentTalkerPtr talkerPtr = m_agentManager->getTalker(context->responseQueue(),
112 request->sequenceNumber());
114 LOGD("Received response from agent with invalid request id: [%" PRIu16 "]",
115 request->sequenceNumber());
119 CheckContextPtr checkContextPtr = m_checkRequestManager.getContext(talkerPtr);
120 if (!checkContextPtr) {
121 LOGE("No matching check context for agent talker.");
122 m_agentManager->removeTalker(talkerPtr);
126 if (!checkContextPtr->cancelled()) {
127 PluginData data(request->data().begin(), request->data().end());
128 if (request->type() == CYNARA_MSG_TYPE_CANCEL) {
129 // Nothing to do for now
130 } else if (request->type() == CYNARA_MSG_TYPE_ACTION) {
131 update(checkContextPtr->m_key, checkContextPtr->m_checkId, data,
132 checkContextPtr->m_requestContext, checkContextPtr->m_plugin);
134 LOGE("Invalid response type [%d] in response from agent <%s>",
135 static_cast<int>(request->type()), talkerPtr->agentType().c_str());
136 // TODO: disconnect agent
140 m_agentManager->removeTalker(talkerPtr);
141 m_checkRequestManager.removeRequest(checkContextPtr);
144 void Logic::execute(RequestContextPtr context, AgentRegisterRequestPtr request) {
145 auto result = m_agentManager->registerAgent(request->agentType(), context->responseQueue());
146 context->returnResponse(context, std::make_shared<AgentRegisterResponse>(
147 result, request->sequenceNumber()));
150 void Logic::execute(RequestContextPtr context, CancelRequestPtr request) {
151 CheckContextPtr checkContextPtr = m_checkRequestManager.getContext(context->responseQueue(),
152 request->sequenceNumber());
153 if (!checkContextPtr) {
154 LOGD("Cancel request id: [%" PRIu16 "] with no matching request in progress.",
155 request->sequenceNumber());
159 if (checkContextPtr->cancelled())
162 checkContextPtr->cancel();
163 checkContextPtr->m_agentTalker->cancel();
165 LOGD("Returning response for cancel request id: [%" PRIu16 "].", request->sequenceNumber());
166 context->returnResponse(context, std::make_shared<CancelResponse>(request->sequenceNumber()));
169 void Logic::execute(RequestContextPtr context, CheckRequestPtr request) {
170 PolicyResult result(PredefinedPolicyType::DENY);
171 if (check(context, request->key(), request->sequenceNumber(), result)) {
172 m_auditLog.log(request->key(), result);
173 context->returnResponse(context, std::make_shared<CheckResponse>(result,
174 request->sequenceNumber()));
178 bool Logic::check(const RequestContextPtr &context, const PolicyKey &key,
179 ProtocolFrameSequenceNumber checkId, PolicyResult &result) {
181 if (m_checkRequestManager.getContext(context->responseQueue(), checkId)) {
182 LOGE("Check request for checkId: [%" PRIu16 "] is already processing", checkId);
186 result = m_storage->checkPolicy(key);
188 switch (result.policyType()) {
189 case PredefinedPolicyType::ALLOW :
190 LOGD("check of policy key <%s> returned ALLOW", key.toString().c_str());
192 case PredefinedPolicyType::DENY :
193 LOGD("check of policy key <%s> returned DENY", key.toString().c_str());
197 return pluginCheck(context, key, checkId, result);
200 bool Logic::pluginCheck(const RequestContextPtr &context, const PolicyKey &key,
201 ProtocolFrameSequenceNumber checkId, PolicyResult &result) {
203 LOGD("Trying to check policy: <%s> in plugin.", key.toString().c_str());
205 ExternalPluginPtr plugin = m_pluginManager->getPlugin(result.policyType());
207 LOGE("Plugin not found for policy: [0x%x]", result.policyType());
208 result = PolicyResult(PredefinedPolicyType::DENY);
212 ServicePluginInterfacePtr servicePlugin =
213 std::dynamic_pointer_cast<ServicePluginInterface>(plugin);
214 if (!servicePlugin) {
215 result = PolicyResult(PredefinedPolicyType::DENY);
219 AgentType requiredAgent;
220 PluginData pluginData;
222 auto ret = servicePlugin->check(key.client().toString(), key.user().toString(),
223 key.privilege().toString(), result, requiredAgent, pluginData);
226 case ServicePluginInterface::PluginStatus::ANSWER_READY:
228 case ServicePluginInterface::PluginStatus::ANSWER_NOTREADY: {
229 result = PolicyResult(PredefinedPolicyType::DENY);
230 AgentTalkerPtr agentTalker = m_agentManager->createTalker(requiredAgent);
232 LOGE("Required agent talker for: <%s> could not be created.",
233 requiredAgent.c_str());
237 if (!m_checkRequestManager.createContext(key, context, checkId, servicePlugin,
239 LOGE("Check context for checkId: [%" PRIu16 "] could not be created.",
241 m_agentManager->removeTalker(agentTalker);
244 agentTalker->send(pluginData);
248 result = PolicyResult(PredefinedPolicyType::DENY);
253 bool Logic::update(const PolicyKey &key, ProtocolFrameSequenceNumber checkId,
254 const PluginData &agentData, const RequestContextPtr &context,
255 const ServicePluginInterfacePtr &plugin) {
257 LOGD("Check update: <%s>:[%" PRIu16 "]", key.toString().c_str(), checkId);
260 bool answerReady = false;
261 auto ret = plugin->update(key.client().toString(), key.user().toString(),
262 key.privilege().toString(), agentData, result);
264 case ServicePluginInterface::PluginStatus::SUCCESS:
267 case ServicePluginInterface::PluginStatus::ERROR:
268 result = PolicyResult(PredefinedPolicyType::DENY);
272 throw PluginErrorException(key);
275 if (answerReady && context->responseQueue()) {
276 m_auditLog.log(key, result);
277 context->returnResponse(context, std::make_shared<CheckResponse>(result, checkId));
284 void Logic::execute(RequestContextPtr context, DescriptionListRequestPtr request) {
285 auto descriptions = m_pluginManager->getPolicyDescriptions();
286 descriptions.insert(descriptions.begin(), predefinedPolicyDescr.begin(),
287 predefinedPolicyDescr.end());
288 context->returnResponse(context, std::make_shared<DescriptionListResponse>(descriptions,
289 request->sequenceNumber()));
292 void Logic::execute(RequestContextPtr context, EraseRequestPtr request) {
293 auto code = CodeResponse::Code::OK;
296 m_storage->erasePolicies(request->startBucket(), request->recursive(), request->filter());
298 } catch (const DatabaseException &ex) {
299 code = CodeResponse::Code::FAILED;
300 } catch (const BucketNotExistsException &ex) {
301 code = CodeResponse::Code::NO_BUCKET;
304 context->returnResponse(context, std::make_shared<CodeResponse>(code,
305 request->sequenceNumber()));
308 void Logic::execute(RequestContextPtr context, InsertOrUpdateBucketRequestPtr request) {
309 auto code = CodeResponse::Code::OK;
312 checkSinglePolicyType(request->result().policyType(), true, true);
313 m_storage->addOrUpdateBucket(request->bucketId(), request->result());
315 } catch (const DatabaseException &ex) {
316 code = CodeResponse::Code::FAILED;
317 } catch (const DefaultBucketSetNoneException &ex) {
318 code = CodeResponse::Code::NOT_ALLOWED;
319 } catch (const InvalidBucketIdException &ex) {
320 code = CodeResponse::Code::NOT_ALLOWED;
321 } catch (const UnknownPolicyTypeException &ex) {
322 code = CodeResponse::Code::NO_POLICY_TYPE;
325 context->returnResponse(context, std::make_shared<CodeResponse>(code,
326 request->sequenceNumber()));
329 void Logic::execute(RequestContextPtr context, ListRequestPtr request) {
330 bool bucketValid = true;
332 std::vector<Policy> policies;
334 policies = m_storage->listPolicies(request->bucket(), request->filter());
335 } catch (const BucketNotExistsException &ex) {
339 context->returnResponse(context, std::make_shared<ListResponse>(policies, bucketValid,
340 request->sequenceNumber()));
343 void Logic::execute(RequestContextPtr context, RemoveBucketRequestPtr request) {
344 auto code = CodeResponse::Code::OK;
346 m_storage->deleteBucket(request->bucketId());
348 } catch (const DatabaseException &ex) {
349 code = CodeResponse::Code::FAILED;
350 } catch (const BucketNotExistsException &ex) {
351 code = CodeResponse::Code::NO_BUCKET;
352 } catch (const DefaultBucketDeletionException &ex) {
353 code = CodeResponse::Code::NOT_ALLOWED;
355 context->returnResponse(context, std::make_shared<CodeResponse>(code,
356 request->sequenceNumber()));
359 void Logic::execute(RequestContextPtr context, SetPoliciesRequestPtr request) {
360 auto code = CodeResponse::Code::OK;
362 checkPoliciesTypes(request->policiesToBeInsertedOrUpdated(), true, false);
363 m_storage->insertPolicies(request->policiesToBeInsertedOrUpdated());
364 m_storage->deletePolicies(request->policiesToBeRemoved());
366 } catch (const DatabaseException &ex) {
367 code = CodeResponse::Code::FAILED;
368 } catch (const BucketNotExistsException &ex) {
369 code = CodeResponse::Code::NO_BUCKET;
370 } catch (const UnknownPolicyTypeException &ex) {
371 code = CodeResponse::Code::NO_POLICY_TYPE;
373 context->returnResponse(context, std::make_shared<CodeResponse>(code,
374 request->sequenceNumber()));
377 void Logic::execute(RequestContextPtr context, SimpleCheckRequestPtr request) {
378 int retValue = CYNARA_API_SUCCESS;
380 PolicyKey key = request->key();
381 result = m_storage->checkPolicy(key);
383 switch (result.policyType()) {
384 case PredefinedPolicyType::ALLOW:
385 LOGD("simple check of policy key <%s> returned ALLOW", key.toString().c_str());
387 case PredefinedPolicyType::DENY:
388 LOGD("simple check of policy key <%s> returned DENY", key.toString().c_str());
391 ExternalPluginPtr plugin = m_pluginManager->getPlugin(result.policyType());
393 LOGE("Plugin not found for policy: [0x%x]", result.policyType());
394 result = PolicyResult(PredefinedPolicyType::DENY);
395 retValue = CYNARA_API_SUCCESS;
399 ServicePluginInterfacePtr servicePlugin =
400 std::dynamic_pointer_cast<ServicePluginInterface>(plugin);
401 if (!servicePlugin) {
402 LOGE("Couldn't cast plugin pointer to ServicePluginInterface");
403 result = PolicyResult(PredefinedPolicyType::DENY);
404 retValue = CYNARA_API_SUCCESS;
408 AgentType requiredAgent;
409 PluginData pluginData;
410 auto ret = servicePlugin->check(key.client().toString(), key.user().toString(),
411 key.privilege().toString(), result, requiredAgent,
414 case ServicePluginInterface::PluginStatus::ANSWER_READY:
415 LOGD("simple check of policy key <%s> in plugin returned [" PRIu16 "]",
416 key.toString().c_str(), result.policyType());
418 case ServicePluginInterface::PluginStatus::ANSWER_NOTREADY:
419 retValue = CYNARA_API_ACCESS_NOT_RESOLVED;
422 result = PolicyResult(PredefinedPolicyType::DENY);
423 retValue = CYNARA_API_SUCCESS;
427 m_auditLog.log(request->key(), result);
428 context->returnResponse(context, std::make_shared<SimpleCheckResponse>(retValue, result,
429 request->sequenceNumber()));
432 void Logic::checkPoliciesTypes(const std::map<PolicyBucketId, std::vector<Policy>> &policies,
433 bool allowBucket, bool allowNone) {
434 for (const auto &group : policies) {
435 for (const auto &policy : group.second) {
436 checkSinglePolicyType(policy.result().policyType(), allowBucket, allowNone);
441 void Logic::checkSinglePolicyType(const PolicyType &policyType, bool allowBucket, bool allowNone) {
442 if (allowBucket && policyType == PredefinedPolicyType::BUCKET)
444 if (allowNone && policyType == PredefinedPolicyType::NONE)
446 for (const auto &descr : predefinedPolicyDescr) {
447 if (descr.type == policyType)
450 m_pluginManager->checkPolicyType(policyType);
453 void Logic::contextClosed(RequestContextPtr context) {
454 LOGD("context closed");
456 LinkId linkId = context->responseQueue();
458 m_agentManager->cleanupAgent(linkId, [&](const AgentTalkerPtr &talker) -> void {
459 handleAgentTalkerDisconnection(talker); });
461 m_checkRequestManager.cancelRequests(linkId,
462 [&](const CheckContextPtr &checkContextPtr) -> void {
463 handleClientDisconnection(checkContextPtr); });
466 void Logic::onPoliciesChanged(void) {
468 m_socketManager->disconnectAllClients();
469 m_pluginManager->invalidateAll();
470 //todo remove all saved contexts (if there will be any saved contexts)
473 void Logic::handleAgentTalkerDisconnection(const AgentTalkerPtr &agentTalkerPtr) {
474 CheckContextPtr checkContextPtr = m_checkRequestManager.getContext(agentTalkerPtr);
475 if (checkContextPtr == nullptr) {
476 LOGE("No matching check context for agent talker.");
480 if (!checkContextPtr->cancelled() && checkContextPtr->m_requestContext->responseQueue()) {
481 PolicyResult result(PredefinedPolicyType::DENY);
482 m_auditLog.log(checkContextPtr->m_key, result);
483 checkContextPtr->m_requestContext->returnResponse(checkContextPtr->m_requestContext,
484 std::make_shared<CheckResponse>(result, checkContextPtr->m_checkId));
487 m_checkRequestManager.removeRequest(checkContextPtr);
490 void Logic::handleClientDisconnection(const CheckContextPtr &checkContextPtr) {
491 LOGD("Handle client disconnection");
493 if (!checkContextPtr->cancelled()) {
494 checkContextPtr->cancel();
495 checkContextPtr->m_agentTalker->cancel();
499 } // namespace Cynara
projects / platform / core / security / cynara.git / blob