CynaraAdminPolicy::CynaraAdminPolicy(const std::string &client, const std::string &user,
- const std::string &privilege, Operation operation,
+ const std::string &privilege, int operation,
const std::string &bucket)
{
this->client = strdup(client.c_str());
std::string("Error in CynaraAdminPolicy allocation."));
}
- this->result = static_cast<int>(operation);
+ this->result = operation;
this->result_extra = nullptr;
}
that.result_extra = nullptr;
}
+CynaraAdminPolicy& CynaraAdminPolicy::operator=(CynaraAdminPolicy &&that)
+{
+ if (this != &that) {
+ bucket = that.bucket;
+ client = that.client;
+ user = that.user;
+ privilege = that.privilege;
+ result_extra = that.result_extra;
+ result = that.result;
+
+ that.bucket = nullptr;
+ that.client = nullptr;
+ that.user = nullptr;
+ that.privilege = nullptr;
+ that.result_extra = nullptr;
+ };
+
+ return *this;
+}
+
CynaraAdminPolicy::~CynaraAdminPolicy()
{
free(this->bucket);
}
}
+CynaraAdmin::TypeToDescriptionMap CynaraAdmin::TypeToDescription;
+CynaraAdmin::DescriptionToTypeMap CynaraAdmin::DescriptionToType;
+
CynaraAdmin::CynaraAdmin()
+ : m_policyDescriptionsInitialized(false)
{
checkCynaraError(
cynara_admin_initialize(&m_CynaraAdmin),
LogDebug("(user = " << user << " label = " << label << ") " <<
"removing privilege " << *oldIter);
policies.push_back(CynaraAdminPolicy(label, user, *oldIter,
- CynaraAdminPolicy::Operation::Delete,
+ static_cast<int>(CynaraAdminPolicy::Operation::Delete),
Buckets.at(Bucket::MANIFESTS)));
++oldIter;
} else {
LogDebug("(user = " << user << " label = " << label << ") " <<
"adding privilege " << *newIter);
policies.push_back(CynaraAdminPolicy(label, user, *newIter,
- CynaraAdminPolicy::Operation::Allow,
+ static_cast<int>(CynaraAdminPolicy::Operation::Allow),
Buckets.at(Bucket::MANIFESTS)));
++newIter;
}
LogDebug("(user = " << user << " label = " << label << ") " <<
"removing privilege " << *oldIter);
policies.push_back(CynaraAdminPolicy(label, user, *oldIter,
- CynaraAdminPolicy::Operation::Delete,
+ static_cast<int>(CynaraAdminPolicy::Operation::Delete),
Buckets.at(Bucket::MANIFESTS)));
}
LogDebug("(user = " << user << " label = " << label << ") " <<
"adding privilege " << *newIter);
policies.push_back(CynaraAdminPolicy(label, user, *newIter,
- CynaraAdminPolicy::Operation::Allow,
+ static_cast<int>(CynaraAdminPolicy::Operation::Allow),
Buckets.at(Bucket::MANIFESTS)));
}
CynaraAdmin::getInstance().SetPolicies(policies);
}
+void CynaraAdmin::ListUsers(std::vector<uid_t> &listOfUsers)
+{
+ std::vector<CynaraAdminPolicy> tmpListOfUsers;
+ CynaraAdmin::getInstance().ListPolicies(
+ CynaraAdmin::Buckets.at(Bucket::MAIN),
+ CYNARA_ADMIN_WILDCARD,
+ CYNARA_ADMIN_ANY,
+ CYNARA_ADMIN_WILDCARD,
+ tmpListOfUsers);
+
+ for (const auto &tmpUser : tmpListOfUsers) {
+ std::string user = tmpUser.user;
+ if (!user.compare(CYNARA_ADMIN_WILDCARD))
+ continue;
+ try {
+ listOfUsers.push_back(std::stoul(user));
+ } catch (std::invalid_argument &e) {
+ LogError("Invalid UID: " << e.what());
+ continue;
+ };
+ };
+ LogDebug("Found users: " << listOfUsers.size());
+};
+
+void CynaraAdmin::UserRemove(uid_t uid)
+{
+ std::vector<CynaraAdminPolicy> policies;
+ std::string user = std::to_string(static_cast<unsigned int>(uid));
+
+ EmptyBucket(Buckets.at(Bucket::PRIVACY_MANAGER),true,
+ CYNARA_ADMIN_ANY, user, CYNARA_ADMIN_ANY);
+}
+
void CynaraAdmin::ListPolicies(
const std::string &bucketName,
const std::string &appId,
client + ", " + user + ", " + privilege);
}
+void CynaraAdmin::FetchCynaraPolicyDescriptions(bool forceRefresh)
+{
+ struct cynara_admin_policy_descr **descriptions = nullptr;
+
+ if (!forceRefresh && m_policyDescriptionsInitialized)
+ return;
+
+ // fetch
+ checkCynaraError(
+ cynara_admin_list_policies_descriptions(m_CynaraAdmin, &descriptions),
+ "Error while getting list of policies descriptions from Cynara.");
+
+ if (descriptions[0] == nullptr) {
+ LogError("Fetching policies levels descriptions from Cynara returned empty list. "
+ "There should be at least 2 entries - Allow and Deny");
+ return;
+ }
+
+ // reset the state
+ m_policyDescriptionsInitialized = false;
+ DescriptionToType.clear();
+ TypeToDescription.clear();
+
+ // extract strings
+ for (int i = 0; descriptions[i] != nullptr; i++) {
+ std::string descriptionName(descriptions[i]->name);
+
+ DescriptionToType[descriptionName] = descriptions[i]->result;
+ TypeToDescription[descriptions[i]->result] = std::move(descriptionName);
+
+ free(descriptions[i]->name);
+ free(descriptions[i]);
+ }
+
+ free(descriptions);
+
+ m_policyDescriptionsInitialized = true;
+}
+
+void CynaraAdmin::ListPoliciesDescriptions(std::vector<std::string> &policiesDescriptions)
+{
+ FetchCynaraPolicyDescriptions(false);
+
+ for (const auto &it : TypeToDescription)
+ policiesDescriptions.push_back(it.second);
+}
+
+std::string CynaraAdmin::convertToPolicyDescription(const int policyType, bool forceRefresh)
+{
+ FetchCynaraPolicyDescriptions(forceRefresh);
+
+ return TypeToDescription.at(policyType);
+}
+
+int CynaraAdmin::convertToPolicyType(const std::string &policy, bool forceRefresh)
+{
+ FetchCynaraPolicyDescriptions(forceRefresh);
+
+ return DescriptionToType.at(policy);
+}
+void CynaraAdmin::Check(const std::string &label, const std::string &privilege, const std::string &user,
+ const std::string &bucket, int &result, std::string &resultExtra, const bool recursive)
+{
+ char *resultExtraCstr = nullptr;
+
+ checkCynaraError(
+ cynara_admin_check(m_CynaraAdmin, bucket.c_str(), recursive, label.c_str(),
+ user.c_str(), privilege.c_str(), &result, &resultExtraCstr),
+ "Error while asking cynara admin API for permission for app label: " + label + ", user: "
+ + user + " privilege: " + privilege + " bucket: " + bucket);
+
+ if (resultExtraCstr == nullptr)
+ resultExtra = "";
+ else {
+ resultExtra = std::string(resultExtraCstr);
+ free(resultExtraCstr);
+ }
+}
+
Cynara::Cynara()
{
checkCynaraError(
projects / platform / core / security / security-manager.git / blobdiff