-
#include <stdint.h>
#include <stdlib.h>
#include <stdbool.h>
#include "util.h"
#ifdef HAVE_CYNARA
+#include <stdio.h>
+#include <stdarg.h>
+
#include <cynara-session.h>
#include <cynara-client.h>
#include <cynara-creds-socket.h>
#include <sys/smack.h>
-#include <stdarg.h>
-#include <stdio.h>
#define CYNARA_BUFSIZE 128
-static cynara *g_cynara = NULL;
-static int g_cynara_refcount = 0;
+struct ds_cynara
+{
+ cynara *handle;
+ int references;
+};
+
+static struct ds_cynara ds_cynara;
+
+static bool ds_cynara_init(void);
+static void ds_cynara_finish(void);
+static bool ds_cynara_check_privilege(pid_t pid, uid_t uid,
+ const char *privilege);
+#endif
+
+bool
+tizen_security_check_privilege(pid_t pid, uid_t uid, const char *privilege)
+{
+#ifdef HAVE_CYNARA
+ return ds_cynara_check_privilege(pid, uid, privilege);
+#else
+ return true;
+#endif
+}
+
+bool
+tizen_security_init(void)
+{
+#ifdef HAVE_CYNARA
+ return ds_cynara_init();
+#else
+ return true;
+#endif
+}
+
+void
+tizen_security_finish(void)
+{
+#ifdef HAVE_CYNARA
+ ds_cynara_finish();
+#endif
+}
+#ifdef HAVE_CYNARA
static void
-__security_log_print(int err, const char *fmt, ...)
+print_cynara_error(int err, const char *fmt, ...)
{
int ret;
va_list args;
ds_err("%s is failed. (%s)\n", tmp, buf);
}
-#endif
-bool
-tizen_security_check_privilege(pid_t pid, uid_t uid, const char *privilege)
+static bool
+ds_cynara_init(void)
+{
+ int ret = CYNARA_API_SUCCESS;
+ int retry_cnt = 0;
+
+ if (++ds_cynara.references != 1)
+ return true;
+
+ for (retry_cnt = 0; retry_cnt < 5; retry_cnt++) {
+ ds_dbg("Retry cynara initialize: %d\n", retry_cnt + 1);
+
+ ret = cynara_initialize(&ds_cynara.handle, NULL);
+
+ if (CYNARA_API_SUCCESS == ret) {
+ ds_dbg("Succeed to initialize cynara !\n");
+ return true;
+ }
+
+ print_cynara_error(ret, "cynara_initialize");
+ }
+
+ ds_err("Failed to initialize cynara! (error:%d, retry_cnt=%d)\n",
+ ret, retry_cnt);
+
+ --ds_cynara.references;
+
+ return false;
+
+}
+
+static void
+ds_cynara_finish(void)
+{
+ if (ds_cynara.references < 1) {
+ ds_err("%s called without ds_cynara_init\n", __FUNCTION__);
+ return;
+ }
+
+ if (--ds_cynara.references != 0)
+ return;
+
+ cynara_finish(ds_cynara.handle);
+ ds_cynara.handle = NULL;
+}
+
+static bool
+ds_cynara_check_privilege(pid_t pid, uid_t uid, const char *privilege)
{
-#ifdef HAVE_CYNARA
bool res = false;
char *client_smack = NULL;
char *client_session = NULL;
int len = -1;
int ret = -1;
- if (!g_cynara) {
- ds_err("security has not been initialized.\n");
+ if (!ds_cynara.handle) {
+ ds_err("ds_cynara has not been initialized.\n");
return false;
}
if (!client_session)
goto finish;
- ret = cynara_check(g_cynara, client_smack, client_session,
- uid_str, privilege);
+ ret = cynara_check(ds_cynara.handle, client_smack, client_session,
+ uid_str, privilege);
if (ret == CYNARA_API_ACCESS_ALLOWED)
res = true;
else
- __security_log_print(ret, "privilege: %s, client_smack: %s, pid: %d", privilege, client_smack, pid);
+ print_cynara_error(ret, "privilege: %s, client_smack: %s, pid: %d",
+ privilege, client_smack, pid);
finish:
- ds_dbg("Privilege Check For '%s' %s pid:%u uid:%u client_smack:%s(len:%d) client_session:%s ret:%d",
+ ds_dbg("Privilege Check For '%s' %s pid:%u uid:%u client_smack:%s(len:%d) "
+ "client_session:%s ret:%d",
privilege, res ? "SUCCESS" : "FAIL", pid, uid,
client_smack ? client_smack : "N/A", len,
client_session ? client_session: "N/A", ret);
if (client_session)
free(client_session);
+
if (client_smack)
free(client_smack);
return res;
-#else
- return true;
-#endif
}
-
-int
-tizen_security_init(void)
-{
-#ifdef HAVE_CYNARA
- int ret = CYNARA_API_SUCCESS;
- int retry_cnt = 0;
- static bool retried = false;
-
- if (++g_cynara_refcount != 1)
- return g_cynara_refcount;
-
- if (!g_cynara && false == retried) {
- retried = true;
-
- for (retry_cnt = 0; retry_cnt < 5; retry_cnt++) {
- ds_dbg("Retry cynara initialize: %d\n", retry_cnt + 1);
-
- ret = cynara_initialize(&g_cynara, NULL);
-
- if (CYNARA_API_SUCCESS == ret) {
- ds_dbg("Succeed to initialize cynara !\n");
- return 1;
- }
-
- __security_log_print(ret, "cynara_initialize");
- g_cynara = NULL;
- }
- }
-
- ds_err("Failed to initialize _security ! (error:%d, retry_cnt=%d)\n",
- ret, retry_cnt);
- --g_cynara_refcount;
-
- return 0;
-#else
- return 1;
#endif
-}
-
-void
-tizen_security_finish(void)
-{
-#ifdef HAVE_CYNARA
- if (g_cynara_refcount < 1) {
- ds_err("%s called without tizen_security_init\n", __FUNCTION__);
- return;
- }
-
- if (--g_cynara_refcount != 0)
- return;
-
- if (g_cynara) {
- cynara_finish(g_cynara);
- g_cynara = NULL;
- }
-#endif
-}
-