Apply Cynara implementation

Change-Id: I1b941d797f82c73b6c1fc381d6ed848e608ff8ce
Signed-off-by: Ji-hoon Jung <jh8801.jung@samsung.com>

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 834abff877df667aa5e0b8d4eb7d9ccbc850ac26..13a93efdbc21e599d41bface434148b7fdf5e4ba 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -10,6 +10,7 @@ ENDIF()
 
 # make string from entire content of byte array
 ADD_DEFINITIONS("-DTO_STRING_ALL")
+ADD_DEFINITIONS("-DUSE_CYNARA")
 
 SET(GC_SECTIONS_FLAGS "-fdata-sections -ffunction-sections -Wl,--gc-sections")
 SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GC_SECTIONS_FLAGS}")

diff --git a/packaging/smartcard-service.spec b/packaging/smartcard-service.spec
index d4ad461bcf848808ec43bf45ba249297dbc4c5b2..fe65806863113a1e45f81bae531d61c0a6f8726c 100644 (file)
--- a/packaging/smartcard-service.spec
+++ b/packaging/smartcard-service.spec
@@ -24,6 +24,10 @@ BuildRequires: pkgconfig(libssl)
 BuildRequires: pkgconfig(libcrypto)
 BuildRequires: pkgconfig(pkgmgr)
 BuildRequires: pkgconfig(pkgmgr-info)
+BuildRequires: pkgconfig(cynara-client)
+BuildRequires: pkgconfig(cynara-creds-gdbus)
+BuildRequires: pkgconfig(cynara-session)
+
 BuildRequires: python
 BuildRequires: python-xml
 BuildRequires: hash-signer

diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt
index 2e81761433fa7ad0f828b021eccee058b5261745..21221f05a64952ba1fcc3e5f4eb935496eb8de42 100644 (file)
--- a/server/CMakeLists.txt
+++ b/server/CMakeLists.txt
@@ -29,7 +29,7 @@ ENDIF("${CMAKE_BUILD_TYPE}" STREQUAL "")
 # pkg config
 INCLUDE(FindPkgConfig)
 
-SET(PKG_MODULE glib-2.0 gio-2.0 gio-unix-2.0 dlog)
+SET(PKG_MODULE glib-2.0 gio-2.0 gio-unix-2.0 dlog cynara-client cynara-creds-gdbus cynara-session)
 
 pkg_check_modules(pkgs_server REQUIRED ${PKG_MODULE})
 

diff --git a/server/ServerGDBus.cpp b/server/ServerGDBus.cpp
old mode 100644 (file)
new mode 100755 (executable)
index 1eeae03..2a85d63
--- a/server/ServerGDBus.cpp
+++ b/server/ServerGDBus.cpp
@@ -30,6 +30,14 @@
 #include "GDBusHelper.h"
 #include "ServerGDBus.h"
 
+#ifdef USE_CYNARA
+#include "cynara-client.h"
+#include "cynara-creds-gdbus.h"
+#include "cynara-session.h"
+
+#define SMARTCARD_PRIVILEGE "http://tizen.org/privilege/secureelement"
+#endif
+
 using namespace std;
 
 #ifdef __PRIVATE
@@ -291,10 +299,63 @@ namespace smartcard_service_api
                return pid;
        }
 
-       static bool _is_authorized_request(GDBusMethodInvocation *invocation,
-               const char *rights)
+#ifdef USE_CYNARA
+       static bool _get_credentials(GDBusMethodInvocation *invocation)
        {
-               bool result = true;
+               int ret = 0;
+               int pid = 0;
+               char *user;
+               char *client;
+               char *client_session;
+               cynara *p_cynara = NULL;
+               const char *sender_unique_name;
+               GDBusConnection *connection;
+
+               connection = g_dbus_method_invocation_get_connection(invocation);
+               sender_unique_name = g_dbus_method_invocation_get_sender(invocation);
+
+               pid = ServerGDBus::getInstance().getPID(sender_unique_name);
+
+               ret = cynara_initialize(&p_cynara, NULL);
+               if (ret != CYNARA_API_SUCCESS) {
+                       _ERR("cynara_initialize() failed");
+                       return false;
+               }
+
+               ret = cynara_creds_gdbus_get_user(connection, sender_unique_name, USER_METHOD_DEFAULT, &user);
+               if (ret != CYNARA_API_SUCCESS) {
+                       _ERR("cynara_creds_gdbus_get_user() failed");
+                       return false;
+               }
+
+               ret = cynara_creds_gdbus_get_client(connection, sender_unique_name, CLIENT_METHOD_DEFAULT, &client);
+               if (ret != CYNARA_API_SUCCESS) {
+                       _ERR("cynara_creds_gdbus_get_client() failed");
+                       return false;
+               }
+
+               _ERR("user :%s , client :%s ,unique_name : %s, pid() : %d", user, client, sender_unique_name, pid);
+
+               client_session = cynara_session_from_pid(pid);
+
+               ret = cynara_check(p_cynara, client, client_session, user, SMARTCARD_PRIVILEGE);
+               if ( ret == CYNARA_API_ACCESS_ALLOWED ) {
+                       _INFO("cynara PASS");
+               }
+
+               return (ret == CYNARA_API_ACCESS_ALLOWED ) ? true : false;
+       }
+#endif
+
+       static bool _is_authorized_request(GDBusMethodInvocation *invocation)
+       {
+               bool result = false;
+
+#ifdef USE_CYNARA
+               result = _get_credentials(invocation);
+#endif
+
+               _ERR("api security check result : %d", result);
 
                return result;
        }
@@ -428,7 +489,7 @@ namespace smartcard_service_api
                vector<void *> params;
 
                /* apply user space smack */
-               if (_is_authorized_request(invocation, "r") == true) {
+               if (_is_authorized_request(invocation) == true) {
                        g_object_ref(object);
                        params.push_back((void *)object);
 
@@ -510,7 +571,7 @@ namespace smartcard_service_api
                vector<void *> params;
 
                /* apply user space smack */
-               if (_is_authorized_request(invocation, "r") == true) {
+               if (_is_authorized_request(invocation) == true) {
                        g_object_ref(object);
                        params.push_back((void *)object);
 
@@ -671,7 +732,7 @@ namespace smartcard_service_api
                vector<void *> params;
 
                /* apply user space smack */
-               if (_is_authorized_request(invocation, "r") == true) {
+               if (_is_authorized_request(invocation) == true) {
                        g_object_ref(object);
                        params.push_back((void *)object);
 
@@ -799,7 +860,7 @@ namespace smartcard_service_api
                vector<void *> params;
 
                /* apply user space smack */
-               if (_is_authorized_request(invocation, "r") == true) {
+               if (_is_authorized_request(invocation) == true) {
                        g_object_ref(object);
                        params.push_back((void *)object);
 
@@ -911,7 +972,7 @@ namespace smartcard_service_api
                vector<void *> params;
 
                /* apply user space smack */
-               if (_is_authorized_request(invocation, "r") == true) {
+               if (_is_authorized_request(invocation) == true) {
                        g_object_ref(object);
                        params.push_back((void *)object);
 
@@ -1043,7 +1104,7 @@ namespace smartcard_service_api
                vector<void *> params;
 
                /* apply user space smack */
-               if (_is_authorized_request(invocation, "rw") == true) {
+               if (_is_authorized_request(invocation) == true) {
                        g_object_ref(object);
                        params.push_back((void *)object);
 
@@ -1186,7 +1247,7 @@ namespace smartcard_service_api
                vector<void *> params;
 
                /* apply user space smack */
-               if (_is_authorized_request(invocation, "r") == true) {
+               if (_is_authorized_request(invocation) == true) {
                        g_object_ref(object);
                        params.push_back((void *)object);
 
@@ -1300,7 +1361,7 @@ namespace smartcard_service_api
                vector<void *> params;
 
                /* apply user space smack */
-               if (_is_authorized_request(invocation, "r") == true) {
+               if (_is_authorized_request(invocation) == true) {
                        /* enqueue message */
                        g_object_ref(object);
                        params.push_back((void *)object);