Implement cynara check for CTC

author gloryj.kim <gloryj.kim@samsung.com>

Wed, 9 Sep 2015 12:57:07 +0000 (21:57 +0900)

committer gloryj.kim <gloryj.kim@samsung.com>

Wed, 9 Sep 2015 12:57:07 +0000 (21:57 +0900)
author gloryj.kim <gloryj.kim@samsung.com>
Wed, 9 Sep 2015 12:57:07 +0000 (21:57 +0900)
committer gloryj.kim <gloryj.kim@samsung.com>
Wed, 9 Sep 2015 12:57:07 +0000 (21:57 +0900)
diff --git a/packaging/download-provider.spec b/packaging/download-provider.spec

index 017a564..7e8bb7e 100644 (file)
--- a/packaging/download-provider.spec
+++ b/packaging/download-provider.spec
@@ -37,6 +37,11 @@ BuildRequires:  pkgconfig(security-server)
  BuildRequires:  pkgconfig(notification)
  %endif
  
+BuildRequires: pkgconfig(cynara-client)
+BuildRequires: pkgconfig(cynara-client-async)
+BuildRequires: pkgconfig(cynara-creds-socket)
+BuildRequires: pkgconfig(cynara-creds-dbus)
+
  %description
  Description: Download the contents in background
  
diff --git a/provider/CMakeLists.txt b/provider/CMakeLists.txt

index 43862ef..ab93960 100755 (executable)
--- a/provider/CMakeLists.txt
+++ b/provider/CMakeLists.txt
@@ -20,7 +20,12 @@ pkg_check_modules(dp2_pkgs REQUIRED glib-2.0
                 libsmack
                 dlog
                 libsystemd-daemon
-               vconf)
+               vconf
+               cynara-client
+               cynara-client-async
+               cynara-creds-socket
+               cynara-creds-dbus
+               )
  
  FOREACH(flag ${dp2_pkgs_CFLAGS})
         SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
diff --git a/provider/download-provider-client-manager.c b/provider/download-provider-client-manager.c

index 5eba123..13be555 100644 (file)
--- a/provider/download-provider-client-manager.c
+++ b/provider/download-provider-client-manager.c
@@ -30,6 +30,11 @@
  #include <systemd/sd-daemon.h>
  #include <glib-object.h>
  
+#include <cynara-client.h>
+#include <cynara-client-async.h>
+#include <cynara-creds-socket.h>
+#include <cynara-creds-dbus.h>
+
  #include <download-provider.h>
  #include <download-provider-log.h>
  #include <download-provider-config.h>
@@ -406,7 +411,8 @@ static int __dp_client_new(int clientfd, dp_client_slots_fmt *clients,
                 return DP_ERROR_INVALID_PARAMETER;
         }
  
-#ifdef SUPPORT_SECURITY_PRIVILEGE
+#ifdef SUPPORT_SECURITY_PRIVILEGE_OLD
+       TRACE_DEBUG("SUPPORT_SECURITY_PRIVILEGE_OLD");
         int result = security_server_check_privilege_by_sockfd(clientfd, SECURITY_PRIVILEGE_INTERNET, "w");
         if (result != SECURITY_SERVER_API_SUCCESS) {
                 TRACE_ERROR("check privilege permission:%d", result);
@@ -414,6 +420,61 @@ static int __dp_client_new(int clientfd, dp_client_slots_fmt *clients,
         }
  #endif
  
+#if 1
+       TRACE_DEBUG("SUPPORT_SECURITY_PRIVILEGE");
+       // Cynara structure init
+       int ret;
+       cynara *p_cynara;
+       //cynara_configuration conf;
+       ret = cynara_initialize(&p_cynara, NULL);
+       if(ret != CYNARA_API_SUCCESS) { /* error */ }
+
+       // Get client peer credential
+       char *clientSmack;
+       ret = cynara_creds_socket_get_client(clientfd, CLIENT_METHOD_SMACK, &clientSmack);
+       // In case of D-bus peer credential??
+       // ret = cynara_creds_dbus_get_client(DBusConnection *connection, const char *uniqueName,CLIENT_METHOD_SMACK, &clientSmack);
+       if(ret != CYNARA_API_SUCCESS) { /* error */ }
+
+       char *uid;
+       ret = cynara_creds_socket_get_user(clientfd, USER_METHOD_UID, &uid);
+       // In case of D-bus peer credential??
+       // ret = cynara_creds_dbus_get_client(DBusConnection *connection, const char *uniqueName,CLIENT_METHOD_SMACK, &clientSmack);
+       if (ret != CYNARA_API_SUCCESS) { /* error */ }
+
+       /* Concept of session is service-specific.
+         * Might be empty string if service does not have such concept
+         */
+       char *client_session="";
+
+       // Cynara check
+
+       ret = cynara_check(p_cynara, clientSmack, client_session, uid, "http://tizen.org/privilege/download");
+
+       if(ret == CYNARA_API_ACCESS_ALLOWED) {
+               TRACE_DEBUG("CYNARA_API_ACCESS_ALLOWED");
+       } else {
+               TRACE_DEBUG("DP_ERROR_PERMISSION_DENIED");
+               return DP_ERROR_PERMISSION_DENIED;
+       }
+
+       // Cleanup of cynara structure
+       if(clientSmack) {
+               //free(clientSmack);
+       }
+
+       if(client_session) {
+               //free(client_session);
+       }
+
+       if(uid) {
+               //free(uid);
+       }
+
+       cynara_finish(p_cynara);
+
+#endif
+
         // EINVAL: empty slot
         // EBUSY : occupied slot
         // locked & thread == 0 : downloading without client <= check target
@@ -594,7 +655,7 @@ void *dp_client_manager(void *arg)
                         }
  
                         // blocking & timeout to prevent the lockup by client.
-                       struct timeval tv_timeo = {5, 500000}; // 5.5 sec
+                       struct timeval tv_timeo = {1, 500000}; // 1.5 sec
                         if (setsockopt(clientfd, SOL_SOCKET, SO_RCVTIMEO, &tv_timeo,
                                         sizeof(tv_timeo)) < 0) {
                                 TRACE_ERROR("failed to set timeout in blocking socket");
author	gloryj.kim <gloryj.kim@samsung.com>
	Wed, 9 Sep 2015 12:57:07 +0000 (21:57 +0900)
committer	gloryj.kim <gloryj.kim@samsung.com>
	Wed, 9 Sep 2015 12:57:07 +0000 (21:57 +0900)
packaging/download-provider.spec		patch \| blob \| history
provider/CMakeLists.txt		patch \| blob \| history
provider/download-provider-client-manager.c		patch \| blob \| history