From: Aleksander Zdyb Date: Wed, 20 Aug 2014 09:24:44 +0000 (+0200) Subject: Support NONE policy in admin API X-Git-Tag: submit/R4/20141115.054144~93 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5504f5f71535309694ca2926b6fb5afc496990c4;p=platform%2Fcore%2Fsecurity%2Fcynara.git Support NONE policy in admin API Change-Id: I8a54f020f2d69f9c0ad71773b8d32b09f6519b9e --- diff --git a/src/admin/api/admin-api.cpp b/src/admin/api/admin-api.cpp index 417baa3..ce7e241 100644 --- a/src/admin/api/admin-api.cpp +++ b/src/admin/api/admin-api.cpp @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -85,7 +86,7 @@ int cynara_admin_set_policies(struct cynara_admin *p_cynara_admin, std::map> insertOrUpdate; std::map> remove; - auto key = ([](const cynara_admin_policy *i)->Cynara::PolicyKey { + auto key = ([](const cynara_admin_policy *policy)->Cynara::PolicyKey { std::string wildcard(CYNARA_ADMIN_WILDCARD); auto feature = ([&wildcard] (const char *str)->Cynara::PolicyKeyFeature { @@ -95,34 +96,37 @@ int cynara_admin_set_policies(struct cynara_admin *p_cynara_admin, return Cynara::PolicyKeyFeature::createWildcard(); }); - return Cynara::PolicyKey(feature(i->client), feature(i->user), feature(i->privilege)); + return Cynara::PolicyKey(feature(policy->client), feature(policy->user), + feature(policy->privilege)); }); try { for (auto i = policies; *i; i++) { - if(!(*i)->bucket || !(*i)->client || !(*i)->user || !(*i)->privilege) + const cynara_admin_policy *policy = *i; + if(!policy->bucket || !policy->client || !policy->user || !policy->privilege) return CYNARA_ADMIN_API_INVALID_PARAM; - switch ((*i)->result) { + switch (policy->result) { case CYNARA_ADMIN_DELETE: - remove[(*i)->bucket].push_back(key(*i)); + remove[policy->bucket].push_back(key(policy)); break; case CYNARA_ADMIN_DENY: - insertOrUpdate[(*i)->bucket].push_back(Cynara::Policy(key(*i), + insertOrUpdate[policy->bucket].push_back(Cynara::Policy(key(policy), Cynara::PredefinedPolicyType::DENY)); break; case CYNARA_ADMIN_ALLOW: - insertOrUpdate[(*i)->bucket].push_back(Cynara::Policy(key(*i), + insertOrUpdate[policy->bucket].push_back(Cynara::Policy(key(policy), Cynara::PredefinedPolicyType::ALLOW)); break; case CYNARA_ADMIN_BUCKET: - if (!(*i)->result_extra) + if (!policy->result_extra) return CYNARA_ADMIN_API_INVALID_PARAM; - insertOrUpdate[(*i)->bucket].push_back(Cynara::Policy(key(*i), + insertOrUpdate[policy->bucket].push_back(Cynara::Policy(key(policy), Cynara::PolicyResult( Cynara::PredefinedPolicyType::BUCKET, - (*i)->result_extra))); + policy->result_extra))); break; + case CYNARA_ADMIN_NONE: default: return CYNARA_ADMIN_API_INVALID_PARAM; } @@ -157,6 +161,12 @@ int cynara_admin_set_bucket(struct cynara_admin *p_cynara_admin, const char *buc case CYNARA_ADMIN_ALLOW: return p_cynara_admin->impl->insertOrUpdateBucket(bucket, Cynara::PolicyResult(Cynara::PredefinedPolicyType::ALLOW, extraStr)); + case CYNARA_ADMIN_NONE: + if (bucket != Cynara::defaultPolicyBucketId) { + return p_cynara_admin->impl->insertOrUpdateBucket(bucket, + Cynara::PolicyResult(Cynara::PredefinedPolicyType::NONE)); + } + return CYNARA_ADMIN_API_OPERATION_NOT_ALLOWED; case CYNARA_ADMIN_BUCKET: default: return CYNARA_ADMIN_API_INVALID_PARAM; diff --git a/src/include/cynara-admin.h b/src/include/cynara-admin.h index b8aec4e..1e0a162 100644 --- a/src/include/cynara-admin.h +++ b/src/include/cynara-admin.h @@ -64,11 +64,14 @@ struct cynara_admin; /*! \brief set policy result or bucket's default policy to DENY */ #define CYNARA_ADMIN_DENY 0 +/*! \brief set bucket's default policy to NONE */ +#define CYNARA_ADMIN_NONE 1 + /*! \brief set policy result or bucket's default policy to ALLOW */ -#define CYNARA_ADMIN_ALLOW 1 +#define CYNARA_ADMIN_ALLOW 2 /*! \brief set policy to point into another bucket */ -#define CYNARA_ADMIN_BUCKET 2 +#define CYNARA_ADMIN_BUCKET 3 /** @}*/ /** diff --git a/src/service/logic/Logic.cpp b/src/service/logic/Logic.cpp index 377bcce..2701e86 100644 --- a/src/service/logic/Logic.cpp +++ b/src/service/logic/Logic.cpp @@ -25,6 +25,7 @@ #include #include #include +#include #include #include
@@ -90,10 +91,16 @@ bool Logic::check(RequestContextPtr context UNUSED, const PolicyKey &key, } void Logic::execute(RequestContextPtr context, InsertOrUpdateBucketRequestPtr request) { - m_storage->addOrUpdateBucket(request->bucketId(), request->result()); - onPoliciesChanged(); + auto code = CodeResponse::Code::OK; - context->returnResponse(context, std::make_shared(CodeResponse::Code::OK, + try { + m_storage->addOrUpdateBucket(request->bucketId(), request->result()); + onPoliciesChanged(); + } catch (const DefaultBucketSetNoneException &ex) { + code = CodeResponse::Code::NOT_ALLOWED; + } + + context->returnResponse(context, std::make_shared(code, request->sequenceNumber())); }