SET(${TARGET_CSR_SERVER}_SRCS
framework/main/csr-main.cpp
- framework/service/logic.cpp
+ framework/service/exception.cpp
framework/service/cs-logic.cpp
framework/service/wp-logic.cpp
framework/service/em-logic.cpp
} // namespace anonymous
-bool hasPermission(const ConnShPtr &conn)
+void hasPermission(const ConnShPtr &conn)
{
- return hasPermission(conn, conn->getSockId());
+ hasPermission(conn, conn->getSockId());
}
-bool hasPermission(const ConnShPtr &conn, SockId sockId)
+void hasPermission(const ConnShPtr &conn, SockId sockId)
{
const auto &c = conn->getCredential();
const auto &d = getSockDesc(sockId);
g_cynara.initialize();
- return g_cynara.request(c.user, c.client, std::to_string(conn->getFd()), d.privilege);
+ if (!g_cynara.request(c.user, c.client, std::to_string(conn->getFd()), d.privilege))
+ ThrowExc(PermDenied, "Client[" << c.client << "] doesn't have permission"
+ " to call API. Checked by cynara.");
}
}
namespace Csr {
-bool hasPermission(const ConnShPtr &conn)
+void hasPermission(const ConnShPtr &conn)
{
- return hasPermission(conn, conn->getSockId());
+ hasPermission(conn, conn->getSockId());
}
-bool hasPermission(const ConnShPtr &conn, SockId sockId)
+void hasPermission(const ConnShPtr &conn, SockId sockId)
{
const auto &cred = conn->getCredential();
const auto &sockDesc = getSockDesc(sockId);
if (ret < 0)
ThrowExc(InternalError, "smack_have_access failed.");
- return ret == 1;
+ if (ret != 1)
+ ThrowExc(PermDenied, "Client[" << cred.label << "] doesn't have permission"
+ " to call API. Checked by smack.");
}
}
namespace Csr {
-bool hasPermission(const ConnShPtr &conn);
+void hasPermission(const ConnShPtr &conn);
// for commands which has different privilege from
// socket descriptor map information. Needed privilege and label should be used
// associated with input sockId.
// e.g., JUDGE_STATUS dispatched from SockId::CS but it's SockId::ADMIN privileged.
-bool hasPermission(const ConnShPtr &conn, SockId sockId);
+// Throw exception (PermDenied) if it's denied.
+void hasPermission(const ConnShPtr &conn, SockId sockId);
}
#include "service/type-converter.h"
#include "service/engine-error-converter.h"
#include "service/core-usage.h"
+#include "service/exception.h"
#include "ui/askuser.h"
#include <csr-error.h>
return this->handleAskUser(context, d);
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
return this->handleAskUser(context, *history);
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
return BinaryQueue::Serialize(CSR_ERROR_NONE, fileset).pop();
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
return BinaryQueue::Serialize(CSR_ERROR_NONE).pop();
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
return BinaryQueue::Serialize(CSR_ERROR_NONE).pop();
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
else
return BinaryQueue::Serialize(CSR_ERROR_NONE).pop();
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
else
return BinaryQueue::Serialize(CSR_ERROR_NONE, rows).pop();
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
else
return BinaryQueue::Serialize(CSR_ERROR_NONE).pop();
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
else
return BinaryQueue::Serialize(CSR_ERROR_NONE, rows).pop();
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
#include "common/audit/logger.h"
#include "service/engine-error-converter.h"
+#include "service/exception.h"
#include <csr-error.h>
namespace Csr {
return BinaryQueue::Serialize(CSR_ERROR_NONE, value).pop();
}
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
return BinaryQueue::Serialize(CSR_ERROR_NONE, value).pop();
}
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
return BinaryQueue::Serialize(CSR_ERROR_NONE, value).pop();
}
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
return BinaryQueue::Serialize(CSR_ERROR_NONE, value).pop();
}
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
return BinaryQueue::Serialize(CSR_ERROR_NONE, ts64).pop();
}
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret, -1).pop();
-
EXCEPTION_GUARD_END
}
return BinaryQueue::Serialize(CSR_ERROR_NONE, static_cast<int>(activated)).pop();
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret, -1).pop();
-
EXCEPTION_GUARD_END
}
static_cast<int>(state) == -1 ? static_cast<int>(CSR_DISABLE) :
static_cast<int>(state)).pop();
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret, -1).pop();
-
EXCEPTION_GUARD_END
}
return BinaryQueue::Serialize(CSR_ERROR_NONE).pop();
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}
throw std::bad_alloc();
case CSRE_ERROR_PERMISSION_DENIED:
- ThrowExc(PermDenied, "access denied related to engine");
+ ThrowExc(EnginePermDenied, "access denied related to engine");
case CSRE_ERROR_FILE_NOT_FOUND:
ThrowExc(FileDoNotExist, "file not found.");
* limitations under the License
*/
/*
- * @file logic.cpp
+ * @file exception.cpp
* @author Kyungwook Tak (k.tak@samsung.com)
* @version 1.0
- * @brief
+ * @brief exception guard and custom exceptions which are thrown
+ * only on server side
*/
-#include "service/logic.h"
+#include "service/exception.h"
#include <exception>
#include "common/audit/logger.h"
-#include "service/exception.h"
+#include "common/binary-queue.h"
#include <csr-error.h>
namespace Csr {
-RawBuffer Logic::exceptionGuard(const std::function<RawBuffer()> &func,
- const std::function<RawBuffer(int)> &closer)
+RawBuffer exceptionGuard(const std::function<RawBuffer()> &func)
{
try {
return func();
} catch (const Exception &e) {
ERROR("Exception caught. code: " << e.error() << " message: " << e.what());
- return closer(e.error());
+ return BinaryQueue::Serialize(e.error()).pop();
} catch (const std::invalid_argument &e) {
ERROR("Invalid argument: " << e.what());
- return closer(CSR_ERROR_INVALID_PARAMETER);
+ return BinaryQueue::Serialize(CSR_ERROR_INVALID_PARAMETER).pop();
} catch (const std::bad_alloc &e) {
ERROR("memory alloc failed: " << e.what());
- return closer(CSR_ERROR_OUT_OF_MEMORY);
+ return BinaryQueue::Serialize(CSR_ERROR_OUT_OF_MEMORY).pop();
} catch (const std::exception &e) {
ERROR("std exception: " << e.what());
- return closer(CSR_ERROR_UNKNOWN);
+ return BinaryQueue::Serialize(CSR_ERROR_UNKNOWN).pop();
} catch (...) {
ERROR("Unknown exception occured in logic");
- return closer(CSR_ERROR_UNKNOWN);
+ return BinaryQueue::Serialize(CSR_ERROR_UNKNOWN).pop();
}
}
* @file exception.h
* @author Kyungwook Tak (k.tak@samsung.com)
* @version 1.0
- * @brief custom exceptions which are thrown only on server side
+ * @brief exception guard and custom exceptions which are thrown
+ * only on server side
*/
#pragma once
+#include <functional>
+
#include "common/exception.h"
+#include "common/types.h"
+
+#define EXCEPTION_GUARD_START return Csr::exceptionGuard([&]() {
+#define EXCEPTION_GUARD_END });
namespace Csr {
// exceptions listed here are only thrown in server side.
-using PermDenied = DerivedException<CSR_ERROR_ENGINE_PERMISSION>;
+using PermDenied = DerivedException<CSR_ERROR_PERMISSION_DENIED>;
using DbFailed = DerivedException<CSR_ERROR_DB>;
using RemoveFailed = DerivedException<CSR_ERROR_REMOVE_FAILED>;
using FileChanged = DerivedException<CSR_ERROR_FILE_CHANGED>;
using EngineError = DerivedException<CSR_ERROR_ENGINE_INTERNAL>;
using EngineNotActivated = DerivedException<CSR_ERROR_ENGINE_NOT_ACTIVATED>;
using EngineDisabled = DerivedException<CSR_ERROR_ENGINE_DISABLED>;
+using EnginePermDenied = DerivedException<CSR_ERROR_ENGINE_PERMISSION>;
+
+RawBuffer exceptionGuard(const std::function<RawBuffer()> &);
}
*/
#pragma once
-#include <functional>
-
-#include "common/types.h"
-
-#define EXCEPTION_GUARD_START return Csr::Logic::exceptionGuard([&]() {
-#define EXCEPTION_GUARD_CLOSER(retArg) }, [](int retArg) {
-#define EXCEPTION_GUARD_END });
-
namespace Csr {
class Logic {
public:
- static RawBuffer exceptionGuard(const std::function<RawBuffer()> &func,
- const std::function<RawBuffer(int)> &closer);
+ virtual ~Logic() = default;
};
}
RawBuffer ServerService::processCs(const ConnShPtr &conn, RawBuffer &data)
{
+ EXCEPTION_GUARD_START
+
BinaryQueue q;
q.push(data);
switch (cid) {
case CommandId::SCAN_DATA: {
- if (!hasPermission(conn))
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
+ hasPermission(conn);
CsContextShPtr cptr;
RawBuffer data;
}
case CommandId::SCAN_FILE: {
- if (!hasPermission(conn))
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
+ hasPermission(conn);
CsContextShPtr cptr;
std::string filepath;
}
case CommandId::GET_SCANNABLE_FILES: {
- if (!hasPermission(conn))
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
+ hasPermission(conn);
std::string dir;
q.Deserialize(dir);
}
case CommandId::SET_DIR_TIMESTAMP: {
+ hasPermission(conn);
+
std::string dir;
int64_t ts64 = 0;
q.Deserialize(dir, ts64);
case CommandId::JUDGE_STATUS: {
// judge status needs admin privilege
- if (!hasPermission(conn, SockId::ADMIN))
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
+ hasPermission(conn, SockId::ADMIN);
std::string filepath;
int intAction;
}
case CommandId::GET_DETECTED: {
- if (!hasPermission(conn))
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
+ hasPermission(conn);
std::string filepath;
q.Deserialize(filepath);
}
case CommandId::GET_DETECTED_LIST: {
- if (!hasPermission(conn))
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
+ hasPermission(conn);
StrSet dirSet;
q.Deserialize(dirSet);
}
case CommandId::GET_IGNORED: {
- if (!hasPermission(conn))
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
+ hasPermission(conn);
std::string filepath;
q.Deserialize(filepath);
}
case CommandId::GET_IGNORED_LIST: {
- if (!hasPermission(conn))
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
+ hasPermission(conn);
StrSet dirSet;
q.Deserialize(dirSet);
default:
ThrowExc(InternalError, "CS Command isn't in range");
}
+
+ EXCEPTION_GUARD_END
}
RawBuffer ServerService::processWp(const ConnShPtr &conn, RawBuffer &data)
{
- if (!hasPermission(conn))
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
+ EXCEPTION_GUARD_START
+
+ hasPermission(conn);
BinaryQueue q;
q.push(data);
default:
ThrowExc(InternalError, "WP Command isn't in range");
}
+
+ EXCEPTION_GUARD_END
}
RawBuffer ServerService::processAdmin(const ConnShPtr &conn, RawBuffer &data)
{
+ EXCEPTION_GUARD_START
+
+ hasPermission(conn);
+
BinaryQueue q;
q.push(data);
- bool hasPerm = hasPermission(conn);
-
auto cid = extractCommandId(q);
INFO("Admin request process. command id: " << cidToString(cid));
switch (cid) {
case CommandId::EM_GET_NAME: {
- if (!hasPerm)
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
-
EmContextShPtr cptr;
q.Deserialize(cptr);
}
case CommandId::EM_GET_VENDOR: {
- if (!hasPerm)
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
-
EmContextShPtr cptr;
q.Deserialize(cptr);
}
case CommandId::EM_GET_VERSION: {
- if (!hasPerm)
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
-
EmContextShPtr cptr;
q.Deserialize(cptr);
}
case CommandId::EM_GET_DATA_VERSION: {
- if (!hasPerm)
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
-
EmContextShPtr cptr;
q.Deserialize(cptr);
}
case CommandId::EM_GET_UPDATED_TIME: {
- if (!hasPerm)
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
-
EmContextShPtr cptr;
q.Deserialize(cptr);
}
case CommandId::EM_GET_ACTIVATED: {
- if (!hasPerm)
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
-
EmContextShPtr cptr;
q.Deserialize(cptr);
}
case CommandId::EM_GET_STATE: {
- if (!hasPerm)
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
-
EmContextShPtr cptr;
q.Deserialize(cptr);
}
case CommandId::EM_SET_STATE: {
- if (!hasPerm)
- return BinaryQueue::Serialize(CSR_ERROR_PERMISSION_DENIED).pop();
-
EmContextShPtr cptr;
int intState;
q.Deserialize(cptr, intState);
default:
ThrowExc(InternalError, "ADMIN Command isn't in range");
}
+
+ EXCEPTION_GUARD_END
}
void ServerService::onMessageProcess(const ConnShPtr &connection)
#include "common/audit/logger.h"
#include "service/type-converter.h"
#include "service/engine-error-converter.h"
+#include "service/exception.h"
#include "ui/askuser.h"
#include <csr-error.h>
return BinaryQueue::Serialize(CSR_ERROR_NONE, wr).pop();
- EXCEPTION_GUARD_CLOSER(ret)
-
- return BinaryQueue::Serialize(ret).pop();
-
EXCEPTION_GUARD_END
}