Reintroduce cynara-checks (remove permissive mode in no-smack mode)

This is not a simple revert of commit 54ee135b342741b9443858ae5e2e34491039b4bc
as no-smack env. means some exceptions to smack-enabled code paths
in module's logic have to be still present, even if policy
checking should be re-enabled.

Change-Id: I8daaa6d54716bb82ceee981ae811dc4309b1b44f

diff --git a/src/client-async/api/client-async-api.cpp b/src/client-async/api/client-async-api.cpp
index 3f6ead3dd76edda513e212481d8ce06e366e57bb..0b8b9236bcca7eb786133f06182df15ed38b2639 100644 (file)
--- a/src/client-async/api/client-async-api.cpp
+++ b/src/client-async/api/client-async-api.cpp
@@ -32,7 +32,6 @@
 #include <common.h>
 #include <exceptions/TryCatch.h>
 #include <log/log.h>
-#include <no_smack/no_smack.h>
 #include <types/string_validation.h>
 
 #include <api/ApiInterface.h>
@@ -139,12 +138,6 @@ int cynara_async_check_cache(cynara_async *p_cynara, const char *client, const c
     if (!isStringValid(user) || !isStringValid(privilege))
         return CYNARA_API_INVALID_PARAM;
 
-    if (!Cynara::smack_enabled()) {
-        LOGW("Cynara compiled in permissive, no-smack mode, returning ALLOW for "
-             "(client, user, privilege): (%s, %s, %s)", client, user, privilege);
-        return CYNARA_API_ACCESS_ALLOWED;
-    }
-
     return Cynara::tryCatch([&]() {
         std::string clientStr;
         std::string clientSessionStr;
@@ -176,17 +169,6 @@ int cynara_async_create_request(cynara_async *p_cynara, const char *client,
     if (!isStringValid(user) || !isStringValid(privilege))
         return CYNARA_API_INVALID_PARAM;
 
-    if (!Cynara::smack_enabled()) {
-        LOGW("Cynara compiled in permissive, no-smack mode, returning ALLOW for "
-             "(client, user, privilege): (%s, %s, %s)", client, user, privilege);
-        if (callback) {
-            *p_check_id = 1; // in case callback actualy uses it
-            callback(1, cynara_async_call_cause::CYNARA_CALL_CAUSE_ANSWER,
-                     CYNARA_API_ACCESS_ALLOWED, user_response_data);
-        }
-        return CYNARA_API_SUCCESS;
-    }
-
     return Cynara::tryCatch([&]() {
         std::string clientStr;
         std::string clientSessionStr;
@@ -224,18 +206,6 @@ int cynara_async_create_simple_request(cynara_async *p_cynara, const char *clien
     if (!isStringValid(user) || !isStringValid(privilege))
         return CYNARA_API_INVALID_PARAM;
 
-    if (!Cynara::smack_enabled()) {
-        LOGW("Cynara compiled in permissive, no-smack mode, returning ALLOW "
-             "(if callback is set) for async request "
-             "(client, user, privilege): (%s, %s, %s)", client, user, privilege);
-        *p_check_id = 1; // in case callback actualy uses it
-        if (callback) {
-            callback(1, cynara_async_call_cause::CYNARA_CALL_CAUSE_ANSWER,
-                     CYNARA_API_ACCESS_ALLOWED, user_response_data);
-        }
-        return CYNARA_API_SUCCESS;
-    }
-
     return Cynara::tryCatch([&]() {
         std::string clientStr;
         std::string clientSessionStr;
@@ -276,11 +246,6 @@ int cynara_async_cancel_request(cynara_async *p_cynara, cynara_check_id check_id
     if (!p_cynara || !p_cynara->impl)
         return CYNARA_API_INVALID_PARAM;
 
-    if (!Cynara::smack_enabled()) {
-        LOGW("Cynara compiled in permissive, no-smack mode, no need to cancel requests");
-        return CYNARA_API_SUCCESS;
-    }
-
     return Cynara::tryCatch([&]() {
         return p_cynara->impl->cancelRequest(check_id);
     });

diff --git a/src/client/api/client-api.cpp b/src/client/api/client-api.cpp
index 43361ea27dc5c7ee67c255a2bf1e596e7d60acb3..b90d4159620e8d83453996e9772fbb81b6a1156f 100644 (file)
--- a/src/client/api/client-api.cpp
+++ b/src/client/api/client-api.cpp
@@ -32,7 +32,6 @@
 #include <common.h>
 #include <exceptions/TryCatch.h>
 #include <log/log.h>
-#include <no_smack/no_smack.h>
 #include <types/string_validation.h>
 
 #include <configuration/Configuration.h>
@@ -140,12 +139,6 @@ int cynara_check(cynara *p_cynara, const char *client, const char *client_sessio
     if (!isStringValid(user) || !isStringValid(privilege))
         return CYNARA_API_INVALID_PARAM;
 
-    if (!Cynara::smack_enabled()) {
-        LOGW("Cynara compiled in permissive, no-smack mode, returning ALLOW for "\
-             "(client, user, privilege): (%s, %s, %s)", client, user, privilege);
-        return CYNARA_API_ACCESS_ALLOWED;
-    }
-
     return Cynara::tryCatch([&]() {
         std::string clientStr;
         std::string clientSessionStr;
@@ -175,12 +168,6 @@ int cynara_simple_check(cynara *p_cynara, const char *client, const char *client
     if (!isStringValid(user) || !isStringValid(privilege))
         return CYNARA_API_INVALID_PARAM;
 
-    if (!Cynara::smack_enabled()) {
-        LOGW("Cynara compiled in permissive, no-smack mode, returning ALLOW for "\
-             "(client, user, privilege): (%s, %s, %s)", client, user, privilege);
-        return CYNARA_API_ACCESS_ALLOWED;
-    }
-
     return Cynara::tryCatch([&]() {
         std::string clientStr;
         std::string clientSessionStr;