Deprecated access control API fixed - proper mapping to permissions.

[Issue#] N/A
[Feature/Bug] bug: deprecated access control API not working.
[Problem] deprecated access control API incorrectly mapped given values into permissions.
[Solution] added translation mechanism between old access rights into permissions.
[Verification] compile, run updated test set.

Change-Id: If26c69160a79439774a8ffd800809c0a6f7f85e5

diff --git a/src/manager/client-capi/ckmc-control.cpp b/src/manager/client-capi/ckmc-control.cpp
index 1987a2f..8d28e6f 100644 (file)
--- a/src/manager/client-capi/ckmc-control.cpp
+++ b/src/manager/client-capi/ckmc-control.cpp
@@ -82,8 +82,13 @@ int ckmc_allow_access_by_adm(uid_t user, const char* owner, const char *alias, c
     if(!owner || !alias)
         return CKMC_ERROR_INVALID_PARAMETER;
 
+    int ec, permissionMask;
+    ec = access_to_permission_mask(granted, permissionMask);
+    if(ec != CKMC_ERROR_NONE)
+        return ec;
+
     // if label given twice, service will return an error
-    return ckmc_set_permission_by_adm(user, CKM::AliasSupport::merge(CKM::Label(owner), CKM::Name(alias)).c_str(), accessor, granted);
+    return ckmc_set_permission_by_adm(user, CKM::AliasSupport::merge(CKM::Label(owner), CKM::Name(alias)).c_str(), accessor, permissionMask);
 }
 
 KEY_MANAGER_CAPI

diff --git a/src/manager/client-capi/ckmc-manager.cpp b/src/manager/client-capi/ckmc-manager.cpp
index d4ba152..3e3f17a 100644 (file)
--- a/src/manager/client-capi/ckmc-manager.cpp
+++ b/src/manager/client-capi/ckmc-manager.cpp
@@ -797,7 +797,12 @@ int ckmc_ocsp_check(const ckmc_cert_list_s *pcert_chain_list, ckmc_ocsp_status_e
 KEY_MANAGER_CAPI
 int ckmc_allow_access(const char *alias, const char *accessor, ckmc_access_right_e granted)
 {
-    return ckmc_set_permission(alias, accessor, static_cast<int>(granted));
+    int ec, permissionMask;
+    ec = access_to_permission_mask(granted, permissionMask);
+    if(ec != CKMC_ERROR_NONE)
+        return ec;
+
+    return ckmc_set_permission(alias, accessor, permissionMask);
 }
 
 KEY_MANAGER_CAPI

diff --git a/src/manager/client-capi/ckmc-type-converter.cpp b/src/manager/client-capi/ckmc-type-converter.cpp
index e9531ed..335d24e 100644 (file)
--- a/src/manager/client-capi/ckmc-type-converter.cpp
+++ b/src/manager/client-capi/ckmc-type-converter.cpp
@@ -20,6 +20,7 @@
  * @brief       new and free methods for the struct of CAPI
  */
 
+#include <ckmc/ckmc-type.h>
 #include <ckmc-type-converter.h>
 
 int to_ckm_error(int ckmc_error) {
@@ -90,3 +91,20 @@ ckmc_ocsp_status_e to_ckmc_ocsp_status(int ckm_ocsp_status) {
     }
 }
 
+int access_to_permission_mask(ckmc_access_right_e ar, int & permissionMask)
+{
+    switch(ar)
+    {
+        case CKMC_AR_READ:
+            permissionMask = CKMC_PERMISSION_READ;
+            break;
+
+        case CKMC_AR_READ_REMOVE:
+            permissionMask = CKMC_PERMISSION_READ | CKMC_PERMISSION_REMOVE;
+            break;
+
+        default:
+            return CKMC_ERROR_INVALID_PARAMETER;
+    }
+    return CKMC_ERROR_NONE;
+}

diff --git a/src/manager/client-capi/ckmc-type-converter.h b/src/manager/client-capi/ckmc-type-converter.h
index 26618b2..1de3325 100644 (file)
--- a/src/manager/client-capi/ckmc-type-converter.h
+++ b/src/manager/client-capi/ckmc-type-converter.h
@@ -34,6 +34,7 @@ extern "C" {
 int to_ckmc_error(int ckm_error);
 int to_ckm_error(int ckmc_error);
 ckmc_ocsp_status_e to_ckmc_ocsp_status(int ckm_ocsp_status);
+int access_to_permission_mask(ckmc_access_right_e ar, int & permissionMask);
 
 #ifdef __cplusplus
 }