#include <protocol/ProtocolClient.h>
#include <request/CheckRequest.h>
#include <request/pointers.h>
+#include <request/SimpleCheckRequest.h>
#include <response/CheckResponse.h>
#include <response/pointers.h>
+#include <response/SimpleCheckResponse.h>
#include <sockets/SocketClient.h>
#include <logic/Logic.h>
PolicyKey key(client, user, privilege);
int ret = m_cache->get(session, key);
- //Any other situation than cache miss
if (ret != CYNARA_API_CACHE_MISS) {
return ret;
}
- //No value in Cache
PolicyResult result;
ret = requestResult(key, result);
if (ret != CYNARA_API_SUCCESS) {
int Logic::simpleCheck(const std::string &client, const ClientSession &session,
const std::string &user, const std::string &privilege) {
- (void)client;
- (void)session;
- (void)user;
- (void)privilege;
- return CYNARA_API_ACCESS_NOT_RESOLVED;
+ if (!ensureConnection())
+ return CYNARA_API_SERVICE_NOT_AVAILABLE;
+
+ PolicyKey key(client, user, privilege);
+ int ret = m_cache->get(session, key);
+ if (ret != CYNARA_API_CACHE_MISS) {
+ return ret;
+ }
+
+ PolicyResult result;
+ ret = requestSimpleResult(key, result);
+ if (ret != CYNARA_API_SUCCESS) {
+ if (ret != CYNARA_API_ACCESS_NOT_RESOLVED)
+ LOGE("Error fetching response for simpleCheck.");
+ return ret;
+ }
+
+ return m_cache->update(session, key, result);
}
bool Logic::ensureConnection(void) {
return false;
}
-int Logic::requestResult(const PolicyKey &key, PolicyResult &result) {
+template <typename Req, typename Res>
+std::shared_ptr<Res> Logic::requestResponse(const PolicyKey &key) {
ProtocolFrameSequenceNumber sequenceNumber = generateSequenceNumber();
//Ask cynara service
- CheckResponsePtr checkResponse;
- RequestPtr request = std::make_shared<CheckRequest>(key, sequenceNumber);
+ std::shared_ptr<Res> reqResponse;
+ RequestPtr request = std::make_shared<Req>(key, sequenceNumber);
ResponsePtr response;
while (!(response = m_socket->askCynaraServer(request))) {
onDisconnected();
if (!m_socket->connect())
- return CYNARA_API_SERVICE_NOT_AVAILABLE;
+ return nullptr;
}
- checkResponse = std::dynamic_pointer_cast<CheckResponse>(response);
+ reqResponse = std::dynamic_pointer_cast<Res>(response);
+ return reqResponse;
+}
+
+int Logic::requestResult(const PolicyKey &key, PolicyResult &result) {
+ auto checkResponse = requestResponse<CheckRequest, CheckResponse>(key);
if (!checkResponse) {
- LOGC("Critical error. Casting Response to CheckResponse failed.");
- return CYNARA_API_ACCESS_DENIED;
+ LOGC("Critical error. Requesting CheckResponse failed.");
+ return CYNARA_API_SERVICE_NOT_AVAILABLE;
}
-
LOGD("checkResponse: policyType = %" PRIu16 ", metadata = %s",
checkResponse->m_resultRef.policyType(),
checkResponse->m_resultRef.metadata().c_str());
-
result = checkResponse->m_resultRef;
return CYNARA_API_SUCCESS;
}
+int Logic::requestSimpleResult(const PolicyKey &key, PolicyResult &result) {
+ auto simpleCheckResponse = requestResponse<SimpleCheckRequest, SimpleCheckResponse>(key);
+ if (!simpleCheckResponse) {
+ LOGC("Critical error. Requesting SimpleCheckResponse failed.");
+ return CYNARA_API_SERVICE_NOT_AVAILABLE;
+ }
+
+ if (simpleCheckResponse->getReturnValue() != CYNARA_API_SUCCESS)
+ return simpleCheckResponse->getReturnValue();
+
+ LOGD("SimpleCheckResponse: policyType = %" PRIu16 ", metadata = %s",
+ simpleCheckResponse->getResult().policyType(),
+ simpleCheckResponse->getResult().metadata().c_str());
+
+ result = simpleCheckResponse->getResult();
+ return CYNARA_API_SUCCESS;
+}
+
void Logic::onDisconnected(void) {
m_cache->clear();
}
/**
* @file src/service/logic/Logic.cpp
* @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
+ * @author Zofia Abramowska <z.abramowska@samsung.com>
* @version 1.0
* @brief This file implements main class of logic layer in cynara service
*/
#include <request/RequestContext.h>
#include <request/SetPoliciesRequest.h>
#include <request/SignalRequest.h>
+#include <request/SimpleCheckRequest.h>
#include <response/AdminCheckResponse.h>
#include <response/AgentRegisterResponse.h>
#include <response/CancelResponse.h>
#include <response/CodeResponse.h>
#include <response/DescriptionListResponse.h>
#include <response/ListResponse.h>
+#include <response/SimpleCheckResponse.h>
#include <types/Policy.h>
#include <main/Cynara.h>
request->sequenceNumber()));
}
+void Logic::execute(RequestContextPtr context, SimpleCheckRequestPtr request) {
+ int retValue = CYNARA_API_SUCCESS;
+ PolicyResult result;
+ PolicyKey key = request->key();
+ result = m_storage->checkPolicy(key);
+
+ switch (result.policyType()) {
+ case PredefinedPolicyType::ALLOW:
+ LOGD("simple check of policy key <%s> returned ALLOW", key.toString().c_str());
+ break;
+ case PredefinedPolicyType::DENY:
+ LOGD("simple check of policy key <%s> returned DENY", key.toString().c_str());
+ break;
+ default: {
+ ExternalPluginPtr plugin = m_pluginManager->getPlugin(result.policyType());
+ if (!plugin) {
+ LOGE("Plugin not found for policy: [0x%x]", result.policyType());
+ result = PolicyResult(PredefinedPolicyType::DENY);
+ retValue = CYNARA_API_SUCCESS;
+ break;
+ }
+
+ ServicePluginInterfacePtr servicePlugin =
+ std::dynamic_pointer_cast<ServicePluginInterface>(plugin);
+ if (!servicePlugin) {
+ LOGE("Couldn't cast plugin pointer to ServicePluginInterface");
+ result = PolicyResult(PredefinedPolicyType::DENY);
+ retValue = CYNARA_API_SUCCESS;
+ break;
+ }
+
+ AgentType requiredAgent;
+ PluginData pluginData;
+ auto ret = servicePlugin->check(key.client().toString(), key.user().toString(),
+ key.privilege().toString(), result, requiredAgent,
+ pluginData);
+ switch (ret) {
+ case ServicePluginInterface::PluginStatus::ANSWER_READY:
+ LOGD("simple check of policy key <%s> in plugin returned [" PRIu16 "]",
+ key.toString().c_str(), result.policyType());
+ break;
+ case ServicePluginInterface::PluginStatus::ANSWER_NOTREADY:
+ retValue = CYNARA_API_ACCESS_NOT_RESOLVED;
+ break;
+ default:
+ result = PolicyResult(PredefinedPolicyType::DENY);
+ retValue = CYNARA_API_SUCCESS;
+ }
+ }
+ }
+ context->returnResponse(context, std::make_shared<SimpleCheckResponse>(retValue, result,
+ request->sequenceNumber()));
+}
+
void Logic::checkPoliciesTypes(const std::map<PolicyBucketId, std::vector<Policy>> &policies,
bool allowBucket, bool allowNone) {
for (const auto &group : policies) {
projects / platform / core / security / cynara.git / commitdiff