/* Move constructor is the way to go. */
CynaraAdminPolicy(CynaraAdminPolicy &&that);
+ CynaraAdminPolicy& operator=(CynaraAdminPolicy &&that);
~CynaraAdminPolicy();
};
typedef std::map<Bucket, const std::string > BucketsMap;
static BucketsMap Buckets;
+ typedef std::map<int, std::string> TypeToDescriptionMap;
+ typedef std::map<std::string, int> DescriptionToTypeMap;
+
virtual ~CynaraAdmin();
static CynaraAdmin &getInstance();
void UserInit(uid_t uid, security_manager_user_type userType);
/**
+ * List all users registered in Cynara
+ *
+ * @param[out] listOfUsers list of users
+ */
+ void ListUsers(std::vector<uid_t> &listOfUsers);
+
+ /**
* Removes all entries for a user from cynara database
*
* @param uid removed user uid
const std::string &privilege,
std::vector<CynaraAdminPolicy> &policies);
+ /**
+ * Wrapper for Cynara API function cynara_admin_list_policies_descriptions.
+ * It collects all policies descriptions, extracts names
+ * of policies and returns as std strings. Caller is responsible for clearing
+ * vector passed as argument.
+ *
+ * @param policiesDescriptions empty vector for policies descriptions.
+ */
+ void ListPoliciesDescriptions(std::vector<std::string> &policiesDescriptions);
+
+ /**
+ * Function translates internal Cynara policy type integer to string
+ * description. Descriptions are retrieved from Cynara using
+ * ListPoliciesDescriptions() function. Caller can force refetching of
+ * descriptions list from Cynara on each call.
+ *
+ * @throws std::out_of_range
+ *
+ * @param policyType Cynara policy result type.
+ * @param forceRefresh switch to force refetching of descriptions from Cynara.
+ */
+ std::string convertToPolicyDescription(const int policyType, bool forceRefresh = false);
+
+ /**
+ * Function translates Cynara policy result string
+ * description to internal Cynara policy type integer.
+ * Descriptions are retrieved from Cynara using
+ * ListPoliciesDescriptions() function. Caller can force refetching of
+ * descriptions list from Cynara on each call.
+ *
+ * @throws std::out_of_range
+ *
+ * @param policy Cynara policy result string description.
+ * @param forceRefresh switch to force refetching of descriptions from Cynara.
+ */
+ int convertToPolicyType(const std::string &policy, bool forceRefresh = false);
+
+ /**
+ * Ask Cynara for permission starting the search at specified bucket.
+ * Essentialy a wrapper on cynara_admin_check.
+ *
+ * @param label application Smack label
+ * @param privilege privilege string to match in search
+ * @param user user string to match in search
+ * @param bucket name of the bucket to search policies in
+ * @param result integer to return policy result
+ * @param resultExtra string to return additional information about policy
+ * result. If result is Bucket then resultExtra is the name of
+ * bucket.
+ * @param recursive flag to indicate if check should be done recursively in
+ * all buckets linked with bucket provided
+ */
+ void Check(const std::string &label,
+ const std::string &privilege,
+ const std::string &user,
+ const std::string &bucket,
+ int &result,
+ std::string &resultExtra,
+ const bool recursive);
+
private:
CynaraAdmin();
void EmptyBucket(const std::string &bucketName, bool recursive,
const std::string &client, const std::string &user, const std::string &privilege);
+ /**
+ * Get Cynara policies result descriptions and cache them in std::map
+ *
+ * @param forceRefresh true if you want to reinitialize mappings
+ */
+ void FetchCynaraPolicyDescriptions(bool forceRefresh = false);
+
struct cynara_admin *m_CynaraAdmin;
+
+ static TypeToDescriptionMap TypeToDescription;
+ static DescriptionToTypeMap DescriptionToType;
+ bool m_policyDescriptionsInitialized;
};
class Cynara