SET(SERVER_SOURCES
main/generic-socket-manager.cpp
- main/privilege-check.cpp
main/server-main.cpp
main/smack-check.cpp
main/socket-manager.cpp
- main/user-check.cpp
service/password.cpp
service/password-manager.cpp
service/policy-file.cpp
service/policy-manager.cpp
service/plugin-loader.cpp
service/plugin-manager.cpp
+ service/privilege-check.cpp
+ service/user-check.cpp
plugin/generic-backend/password-file-buffer.cpp
)
+++ /dev/null
-/*
- * Authentication password
- *
- * Copyright (c) 2025 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Jooseong Lee <jooseong.lee@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-#ifndef _PRIVILEGE_CHECK_H_
-#define _PRIVILEGE_CHECK_H_
-
-#include <memory>
-#include <string>
-
-#include <cynara-client.h>
-
-namespace AuthPasswd {
-
-const std::string PLATFORM_PRIVILEGE = "http://tizen.org/privilege/internal/default/platform";
-
-class CynaraChecker {
-public:
- // singleton pattern
- static CynaraChecker& instance() {
- static CynaraChecker inst; // created once
- return inst;
- }
-
- // deletes copy constructor & copy assignment operator
- CynaraChecker(const CynaraChecker&) = delete;
- CynaraChecker& operator=(const CynaraChecker&) = delete;
-
- // deletes move constructor & move assignment operator
- CynaraChecker(CynaraChecker&&) = delete;
- CynaraChecker& operator=(CynaraChecker&) = delete;
-
- // calls cynara_finish();
- ~CynaraChecker();
-
- // checks if a client has the given privilege.
- bool checkClientPrivilege(int sockfd, const std::string& privilege);
-
-private:
- cynara* m_CynaraInstance;
-
- // calls cynara_initialize()
- CynaraChecker();
-};
-
-
-} // namespace AuthPasswd
-
-#endif // _PRIVILEGE_CHECK_H_
+++ /dev/null
-/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file user-check.h
- * @author Jooseong Lee (jooseong.lee@samsung.com)
- * @version 1.0
- * @brief Get user id from socket file descriptor of client.
- */
-#pragma once
-
-namespace AuthPasswd {
-
-int socket_get_user(int sockfd, unsigned int &user);
-
-} // namespace AuthPasswd
-
+++ /dev/null
-/*
- * Copyright (c) 2025 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @author Dongsun Lee(ds73.lee@samsung.com)
- * @version 1.0
- * @brief Check client's privilege
- */
-#include "privilege-check.h"
-
-#include <dpl/log/log.h>
-
-#include <cynara-creds-socket.h>
-#include <cynara-session.h>
-
-
-namespace AuthPasswd {
-
-struct string_free_deleter {
- void operator()(char * p) const {
- free(p);
- }
-};
-
-static inline std::string cynara_error_to_string(int error) {
- char buffer[256];
- int ret = cynara_strerror(error, buffer, sizeof(buffer));
- if(ret == CYNARA_API_SUCCESS)
- return std::string(buffer);
- return std::string("Can't translate error");
-}
-
-CynaraChecker::CynaraChecker()
-{
- cynara_configuration* cynara_conf = nullptr;
- int error = cynara_configuration_create(&cynara_conf);
- if(error != CYNARA_API_SUCCESS) {
- LogError("Can't initialize Cynara configuration: " << error);
- throw std::runtime_error("Can't initialize Cynara configuration");
- }
-
- error = cynara_initialize(&m_CynaraInstance, cynara_conf);
- cynara_configuration_destroy(cynara_conf);
- if(error != CYNARA_API_SUCCESS) {
- LogError("Can't initialize Cynara instance: " << error);
- throw std::runtime_error("Can't initialize Cynara instance");
- }
-
- LogDebug("CynaraChecker: cynara_initialize() was done.");
-}
-
-CynaraChecker::~CynaraChecker()
-{
- cynara_finish(m_CynaraInstance);
- LogDebug("CynaraChecker: cynara_finish() was done.");
-}
-
-
-bool CynaraChecker::checkClientPrivilege(int sockfd, const std::string& privilege)
-{
- int ret = 0;
- char* tmp_str;
- pid_t pid = 0;
-
- std::unique_ptr<char, string_free_deleter> user;
- std::unique_ptr<char, string_free_deleter> client;
- std::unique_ptr<char, string_free_deleter> client_session;
-
- /* Get user info */
- tmp_str = nullptr;
- ret = cynara_creds_socket_get_user(sockfd, USER_METHOD_DEFAULT, &tmp_str);
- if(ret != CYNARA_API_SUCCESS) {
- LogError("Can't get user from socket : " << ret << " - " << cynara_error_to_string(ret));
- return false;
- }
- user.reset(tmp_str);
-
- /* Get client info */
- tmp_str = nullptr;
- ret = cynara_creds_socket_get_client(sockfd, CLIENT_METHOD_DEFAULT, &tmp_str);
- if(ret != CYNARA_API_SUCCESS) {
- LogError("Can't get client from socket : " << ret << " - " << cynara_error_to_string(ret));
- return false;
- }
- client.reset(tmp_str);
-
- /* Get client PID from socket */
- ret = cynara_creds_socket_get_pid(sockfd, &pid);
- if(ret != CYNARA_API_SUCCESS) {
- LogError("Can't get PID from socket : " << ret << " - " << cynara_error_to_string(ret));
- return false;
- }
-
- client_session.reset(cynara_session_from_pid(pid));
- if(!client_session) {
- LogError("Can't get session identifier from PID");
- return false;
- }
-
- LogDebug("Got new session from " << pid << " with user " << user.get() <<
- ", client ID " << client.get() << " and session ID " << client_session.get());
-
- ret = cynara_check(m_CynaraInstance, client.get(), client_session.get(), user.get(), privilege.c_str());
-
- if(ret != CYNARA_API_ACCESS_ALLOWED) {
- LogError("Application access denied for " << pid << ", privilege: " <<
- privilege << ", error: - " << cynara_error_to_string(ret));
- return false;
- }
-
- LogDebug("Access granted for " << pid << " with privilege " << privilege);
- return true;
-}
-
-} // namespace AuthPasswd
+++ /dev/null
-/*
- * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file user-check.cpp
- * @author Jooseong Lee (jooseong.lee@samsung.com)
- * @version 1.0
- * @brief Get user id from socket file descriptor of client.
- */
-#include "user-check.h"
-
-#include <sys/socket.h>
-#include <sys/un.h>
-
-#include <dpl/log/log.h>
-
-namespace AuthPasswd {
-
-int socket_get_user(int sockfd, unsigned int &user)
-{
- struct ucred cr;
- socklen_t len = sizeof(struct ucred);
-
- if (getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &len)) {
- LogError("getsockopt() failed");
- return 1;
- }
-
- user = cr.uid;
- return 0;
-}
-
-} // namespace AuthPasswd
--- /dev/null
+/*
+ * Authentication password
+ *
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Jooseong Lee <jooseong.lee@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#ifndef _PRIVILEGE_CHECK_H_
+#define _PRIVILEGE_CHECK_H_
+
+#include <memory>
+#include <string>
+
+#include <cynara-client.h>
+
+namespace AuthPasswd {
+
+const std::string PLATFORM_PRIVILEGE = "http://tizen.org/privilege/internal/default/platform";
+
+class CynaraChecker {
+public:
+ // singleton pattern
+ static CynaraChecker& instance() {
+ static CynaraChecker inst; // created once
+ return inst;
+ }
+
+ // deletes copy constructor & copy assignment operator
+ CynaraChecker(const CynaraChecker&) = delete;
+ CynaraChecker& operator=(const CynaraChecker&) = delete;
+
+ // deletes move constructor & move assignment operator
+ CynaraChecker(CynaraChecker&&) = delete;
+ CynaraChecker& operator=(CynaraChecker&) = delete;
+
+ // calls cynara_finish();
+ ~CynaraChecker();
+
+ // checks if a client has the given privilege.
+ bool checkClientPrivilege(int sockfd, const std::string& privilege);
+
+private:
+ cynara* m_CynaraInstance;
+
+ // calls cynara_initialize()
+ CynaraChecker();
+};
+
+
+} // namespace AuthPasswd
+
+#endif // _PRIVILEGE_CHECK_H_
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file user-check.h
+ * @author Jooseong Lee (jooseong.lee@samsung.com)
+ * @version 1.0
+ * @brief Get user id from socket file descriptor of client.
+ */
+#pragma once
+
+namespace AuthPasswd {
+
+int socket_get_user(int sockfd, unsigned int &user);
+
+} // namespace AuthPasswd
+
--- /dev/null
+/*
+ * Copyright (c) 2025 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @author Dongsun Lee(ds73.lee@samsung.com)
+ * @version 1.0
+ * @brief Check client's privilege
+ */
+#include "privilege-check.h"
+
+#include <dpl/log/log.h>
+
+#include <cynara-creds-socket.h>
+#include <cynara-session.h>
+
+
+namespace AuthPasswd {
+
+struct string_free_deleter {
+ void operator()(char * p) const {
+ free(p);
+ }
+};
+
+static inline std::string cynara_error_to_string(int error) {
+ char buffer[256];
+ int ret = cynara_strerror(error, buffer, sizeof(buffer));
+ if(ret == CYNARA_API_SUCCESS)
+ return std::string(buffer);
+ return std::string("Can't translate error");
+}
+
+CynaraChecker::CynaraChecker()
+{
+ cynara_configuration* cynara_conf = nullptr;
+ int error = cynara_configuration_create(&cynara_conf);
+ if(error != CYNARA_API_SUCCESS) {
+ LogError("Can't initialize Cynara configuration: " << error);
+ throw std::runtime_error("Can't initialize Cynara configuration");
+ }
+
+ error = cynara_initialize(&m_CynaraInstance, cynara_conf);
+ cynara_configuration_destroy(cynara_conf);
+ if(error != CYNARA_API_SUCCESS) {
+ LogError("Can't initialize Cynara instance: " << error);
+ throw std::runtime_error("Can't initialize Cynara instance");
+ }
+
+ LogDebug("CynaraChecker: cynara_initialize() was done.");
+}
+
+CynaraChecker::~CynaraChecker()
+{
+ cynara_finish(m_CynaraInstance);
+ LogDebug("CynaraChecker: cynara_finish() was done.");
+}
+
+
+bool CynaraChecker::checkClientPrivilege(int sockfd, const std::string& privilege)
+{
+ int ret = 0;
+ char* tmp_str;
+ pid_t pid = 0;
+
+ std::unique_ptr<char, string_free_deleter> user;
+ std::unique_ptr<char, string_free_deleter> client;
+ std::unique_ptr<char, string_free_deleter> client_session;
+
+ /* Get user info */
+ tmp_str = nullptr;
+ ret = cynara_creds_socket_get_user(sockfd, USER_METHOD_DEFAULT, &tmp_str);
+ if(ret != CYNARA_API_SUCCESS) {
+ LogError("Can't get user from socket : " << ret << " - " << cynara_error_to_string(ret));
+ return false;
+ }
+ user.reset(tmp_str);
+
+ /* Get client info */
+ tmp_str = nullptr;
+ ret = cynara_creds_socket_get_client(sockfd, CLIENT_METHOD_DEFAULT, &tmp_str);
+ if(ret != CYNARA_API_SUCCESS) {
+ LogError("Can't get client from socket : " << ret << " - " << cynara_error_to_string(ret));
+ return false;
+ }
+ client.reset(tmp_str);
+
+ /* Get client PID from socket */
+ ret = cynara_creds_socket_get_pid(sockfd, &pid);
+ if(ret != CYNARA_API_SUCCESS) {
+ LogError("Can't get PID from socket : " << ret << " - " << cynara_error_to_string(ret));
+ return false;
+ }
+
+ client_session.reset(cynara_session_from_pid(pid));
+ if(!client_session) {
+ LogError("Can't get session identifier from PID");
+ return false;
+ }
+
+ LogDebug("Got new session from " << pid << " with user " << user.get() <<
+ ", client ID " << client.get() << " and session ID " << client_session.get());
+
+ ret = cynara_check(m_CynaraInstance, client.get(), client_session.get(), user.get(), privilege.c_str());
+
+ if(ret != CYNARA_API_ACCESS_ALLOWED) {
+ LogError("Application access denied for " << pid << ", privilege: " <<
+ privilege << ", error: - " << cynara_error_to_string(ret));
+ return false;
+ }
+
+ LogDebug("Access granted for " << pid << " with privilege " << privilege);
+ return true;
+}
+
+} // namespace AuthPasswd
--- /dev/null
+/*
+ * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file user-check.cpp
+ * @author Jooseong Lee (jooseong.lee@samsung.com)
+ * @version 1.0
+ * @brief Get user id from socket file descriptor of client.
+ */
+#include "user-check.h"
+
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <dpl/log/log.h>
+
+namespace AuthPasswd {
+
+int socket_get_user(int sockfd, unsigned int &user)
+{
+ struct ucred cr;
+ socklen_t len = sizeof(struct ucred);
+
+ if (getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &cr, &len)) {
+ LogError("getsockopt() failed");
+ return 1;
+ }
+
+ user = cr.uid;
+ return 0;
+}
+
+} // namespace AuthPasswd
projects / platform / core / security / auth-fw.git / commitdiff