Simplified code in ckm-logic.

Change-Id: I35d54422a88d075163509f2437d9c72d8e2a5006

diff --git a/src/include/ckmc/ckmc-type.h b/src/include/ckmc/ckmc-type.h
index 0d8907c..0a85f45 100644 (file)
--- a/src/include/ckmc/ckmc-type.h
+++ b/src/include/ckmc/ckmc-type.h
@@ -38,9 +38,8 @@ extern "C" {
  */
 
 /**
- * alias can be provided as an alias alone,
- * or together with label - in this case,
- * separator is used to separate label and alias.
+ * alias can be provided as an alias alone, or together with label - in this
+ * case, separator " " (space bar) is used to separate label and alias.
  * @see key-manager_doc.h
  */
 extern char const * const ckmc_label_name_separator;

diff --git a/src/manager/service/ckm-logic.cpp b/src/manager/service/ckm-logic.cpp
index b839872..81d2478 100644 (file)
--- a/src/manager/service/ckm-logic.cpp
+++ b/src/manager/service/ckm-logic.cpp
@@ -32,6 +32,20 @@
 
 namespace {
 const char * const CERT_SYSTEM_DIR = "/etc/ssl/certs";
+
+bool isLabelValid(const CKM::Label &label) {
+    // TODO: copy code from libprivilege control (for check smack label)
+    if (label.find(CKM::LABEL_NAME_SEPARATOR) != CKM::Label::npos)
+        return false;
+    return true;
+}
+
+bool isNameValid(const CKM::Name &name) {
+    if (name.find(CKM::LABEL_NAME_SEPARATOR) != CKM::Name::npos)
+        return false;
+    return true;
+}
+
 } // anonymous namespace
 
 namespace CKM {
@@ -215,11 +229,13 @@ int CKMLogic::saveDataHelper(
     const PolicySerializable &policy)
 {
     // use client label if not explicitly provided
-    const Label ownerLabel = label.empty() ? cred.smackLabel : label;
+    const Label &ownerLabel = label.empty() ? cred.smackLabel : label;
 
     // verify name and label are correct
-    if ( !checkNameAndLabelValid(name, ownerLabel) )
+    if (!isNameValid(name) || !isLabelValid(ownerLabel)) {
+        LogWarning("Invalid parameter passed to key-manager");
         return CKM_API_ERROR_INPUT_PARAM;
+    }
 
     // check if allowed to save using ownerLabel
     int access_ec = m_accessControl.canSave(ownerLabel, cred.smackLabel);
@@ -354,9 +370,7 @@ int CKMLogic::removeDataHelper(
     if (0 == m_userDataMap.count(cred.uid))
         return CKM_API_ERROR_DB_LOCKED;
 
-    // verify name and label are correct
-    if( !checkNameAndLabelValid(name, ownerLabel) )
-    {
+    if (!isNameValid(name) || !isLabelValid(ownerLabel)) {
         LogError("Invalid label or name format");
         return CKM_API_ERROR_INPUT_PARAM;
     }
@@ -396,7 +410,7 @@ RawBuffer CKMLogic::removeData(
     int retCode;
     Try {
         // use client label if not explicitly provided
-        const Label & ownerLabel = label.empty() ? cred.smackLabel : label;
+        const Label &ownerLabel = label.empty() ? cred.smackLabel : label;
 
         retCode = removeDataHelper(cred, name, ownerLabel);
     } Catch (CKM::Exception) {
@@ -411,19 +425,6 @@ RawBuffer CKMLogic::removeData(
     return response.Pop();
 }
 
-bool CKMLogic::checkNameAndLabelValid(const Name &name, const Label &label)
-{
-    // verify the name is valid
-    if(name.find(':') != Label::npos)
-        return false;
-
-    // verify the label is valid
-    if(label.find(LABEL_NAME_SEPARATOR) != Label::npos)
-        return false;
-
-    return true;
-}
-
 int CKMLogic::readDataRowHelper(const Name &name,
                                 const Label &ownerLabel,
                                 DBDataType dataType,
@@ -494,10 +495,9 @@ int CKMLogic::readDataHelper(
         return CKM_API_ERROR_DB_LOCKED;
 
     // use client label if not explicitly provided
-    const Label ownerLabel = label.empty() ? cred.smackLabel : label;
+    const Label &ownerLabel = label.empty() ? cred.smackLabel : label;
 
-    // verify name and label are correct
-    if (true != checkNameAndLabelValid(name, ownerLabel))
+    if (!isNameValid(name) || !isLabelValid(ownerLabel))
         return CKM_API_ERROR_INPUT_PARAM;
 
     auto &handler = m_userDataMap[cred.uid];
@@ -958,25 +958,23 @@ int CKMLogic::setPermissionHelper(
         const Label &accessorLabel,
         const Permission reqRights)
 {
-    int retCode;
+    if (0 == m_userDataMap.count(cred.uid))
+        return CKM_API_ERROR_DB_LOCKED;
+
     if(cred.smackLabel.empty() || cred.smackLabel==accessorLabel)
         return CKM_API_ERROR_INPUT_PARAM;
 
     // use client label if not explicitly provided
-    const Label ownerLabel = label.empty() ? cred.smackLabel : label;
+    const Label& ownerLabel = label.empty() ? cred.smackLabel : label;
 
     // verify name and label are correct
-    if (true != checkNameAndLabelValid(name, ownerLabel))
+    if (!isNameValid(name) || !isLabelValid(ownerLabel))
         return CKM_API_ERROR_INPUT_PARAM;
 
-    // check if allowed to modify
     int access_ec = m_accessControl.canModify(ownerLabel, cred.smackLabel);
     if(access_ec != CKM_API_SUCCESS)
         return access_ec;
 
-    if (0 == m_userDataMap.count(cred.uid))
-        return CKM_API_ERROR_DB_LOCKED;
-
     auto &database = m_userDataMap[cred.uid].database;
     DBCrypto::Transaction transaction(&database);
 
@@ -990,7 +988,7 @@ int CKMLogic::setPermissionHelper(
             return CKM_API_ERROR_INPUT_PARAM;
     }
 
-    retCode = database.setPermission(name,
+    int retCode = database.setPermission(name,
                                      ownerLabel,
                                      accessorLabel,
                                      reqRights);

diff --git a/src/manager/service/ckm-logic.h b/src/manager/service/ckm-logic.h
index 8b399fb..fd78dd3 100644 (file)
--- a/src/manager/service/ckm-logic.h
+++ b/src/manager/service/ckm-logic.h
@@ -229,11 +229,6 @@ private:
         const Label &accessorLabel,
         const Permission reqRights);
 
-    // @return true if name & label are proper, false otherwise
-    static bool checkNameAndLabelValid(
-        const Name &name,
-        const Label &label);
-
     std::map<uid_t, UserData> m_userDataMap;
     CertificateStore m_certStore;
     AccessControl m_accessControl;