Zofia Abramowska [Mon, 17 Nov 2014 09:29:07 +0000 (10:29 +0100)]
Fix missing directories
Creation of cynara plugins directories was missing during
installation.
Change-Id: I774b831765f71cc034f8d5800dea0032bf2ae2c9
Lukasz Wojciechowski [Mon, 17 Nov 2014 08:41:30 +0000 (09:41 +0100)]
Change include brackets
Include brackets style of 2 files in credential libraries was changed
from "" to <> , as it is used in other headers.
Change-Id: I1dba20862a53acdccf65d671b15b254310121961
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Lukasz Wojciechowski [Mon, 17 Nov 2014 08:38:42 +0000 (09:38 +0100)]
Expose ClientSession type
ClientSession is required by client-plugin mechanism.
Files section for libcynara-commons-devel was enhanced,
so it provides ClientSession.h
Change-Id: Ia0d935bf297bdf1743fd37e5df3a0826ebf446cd
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Lukasz Wojciechowski [Mon, 17 Nov 2014 08:34:17 +0000 (09:34 +0100)]
Add missing devel package dependency
libcynara-admin-devel package requires cynara-error.h that is provided
by libcynara-client-commons-devel.
Change-Id: Ic6b9203e2dcf80fd0057fa64d906819be69b929d
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Adam Malinowski [Mon, 17 Nov 2014 07:50:27 +0000 (08:50 +0100)]
Fix linking dependencies
PluginManager was moved from service to common but linking with 'dl'
library stayed in service. This patch moves linking with dl to common.
Change-Id: If1be63e86dfe4c8651b48bbe9facc80160fd9f32
Lukasz Wojciechowski [Sat, 15 Nov 2014 04:39:18 +0000 (05:39 +0100)]
Release 0.4.0
Change-Id: Ia8f5a7e623bcbce58f9574c084a6472ea59e271a
Adam Malinowski [Mon, 3 Nov 2014 13:57:13 +0000 (14:57 +0100)]
Handle client and agent disconnection
This patch handles situations where client and/or agent connection
to cynara service is closed.
Change-Id: I410b6da96102b6ae16442e90dbbb1e867490287a
Adam Malinowski [Mon, 3 Nov 2014 13:53:33 +0000 (14:53 +0100)]
Handle agent response
This patch handles response from agent of both types:
action and cancel.
Change-Id: I3168f4f7466c79bdcb9a3f6b1c3d6863ddcf952c
Adam Malinowski [Mon, 3 Nov 2014 13:49:59 +0000 (14:49 +0100)]
Handle cancel request
This patch implements handling cancel request from client.
Change-Id: I2b5537ef8b481f3a3160702d0a549945b8a11622
Adam Malinowski [Mon, 3 Nov 2014 13:45:03 +0000 (14:45 +0100)]
Handle check request with agent usage
This patch introduces sending request to agent and storing context
for future.
Change-Id: I8187b4c5e66daa155b485b5ff6b9710de27f6345
Adam Malinowski [Mon, 3 Nov 2014 10:21:25 +0000 (11:21 +0100)]
Add manager for check contexts
This class will be used by service logic to create and handle check
contexts.
Change-Id: I8c1f1265336dd8b5a428ed254083d1e508579a2e
Adam Malinowski [Mon, 3 Nov 2014 10:16:22 +0000 (11:16 +0100)]
Add CheckContext class
This class will be used for storing all data related to check request.
This data will be used to send response to client when answer is ready.
Change-Id: I20b665409e15d249a9c55615a39f4ab5b361bc18
Adam Malinowski [Fri, 24 Oct 2014 14:05:58 +0000 (16:05 +0200)]
Add agent manager
This commit introduces AgentManager class which will help plugins
in communication with agents. Also registering and unregistering agents
will be handled by this class.
Change-Id: Id3f7e5785223c3b0316f97bc8107805572a0fd10
Adam Malinowski [Thu, 23 Oct 2014 08:13:55 +0000 (10:13 +0200)]
Add AgentTalker class
This class will be used as interface for plugin<->agent communication.
Change-Id: Id6d6c439d531a8ff7e0b2b96005c12c5a5ab63b7
Adam Malinowski [Fri, 14 Nov 2014 17:58:37 +0000 (18:58 +0100)]
Add LinkId type
This type will be used to identify clients and agents.
Change-Id: I6f6808919a6c8694ad8c3e51d826dc223541325f
Adam Malinowski [Fri, 24 Oct 2014 17:14:12 +0000 (19:14 +0200)]
Set all needed socket descriptors to write state
Now every socket that has data to write is set to write state after any
event on any socket descriptor. Before only part of them were set.
This change is needed to send requests to extension agents.
Change-Id: Id0d9ed2e73f748bac27d1f5e3e1fd22a7a2bb816
Adam Malinowski [Tue, 14 Oct 2014 07:39:46 +0000 (09:39 +0200)]
Add AgentRegisterRequest handling
Simple mockup of registering agent in cynara service.
Change-Id: I8368c6ad1af946c86e44d196f073d1bf209e97c3
Adam Malinowski [Thu, 9 Oct 2014 12:44:42 +0000 (14:44 +0200)]
Implement agent protocol layer
This patch contains implementation of (de)serializer class for agent
protocol.
Change-Id: I8ac7b5816545bd8e76a50d66a84b8ac686125985
Adam Malinowski [Thu, 2 Oct 2014 12:06:45 +0000 (14:06 +0200)]
Implement agent<->cynara communication layer
Only agent side communication layer was implemented. Also protocol is
not implemented.
Change-Id: Ic11bd0ea92284c98366a7f833f0d339f2784dad0
Marcin Niesluchowski [Fri, 14 Nov 2014 17:48:01 +0000 (18:48 +0100)]
Add protection against cynara_async_finish() call in callbacks
cynara_async_finish() called in callbacks is ignored in all cases.
Change-Id: I3c2268a0462413b279215f837e4603a7d6acb96d
Marcin Niesluchowski [Fri, 14 Nov 2014 12:18:32 +0000 (13:18 +0100)]
Forbid some operations in asynchronous callbacks
In following cases cynara api operations regarding same cynara_async
structure called from within callbacks will return
CYNARA_API_OPERATION_NOT_ALLOWED:
- always within cynara_status_callback
- within cynara_response_callback called with
CYNARA_CALL_CAUSE_SERVICE_NOT_AVAILABLE or CYNARA_CALL_CAUSE_FINISH
cause.
It regards following api funtions:
- cynara_async_check_cache()
- cynara_async_create_request()
- cynara_async_process()
- cynara_async_cancel_request()
Change-Id: I1db22e0735e1905c4709c7f4c650cc8ca3f9b454
Marcin Niesluchowski [Wed, 12 Nov 2014 12:41:43 +0000 (13:41 +0100)]
Fix answer callback call in asynchronous client
Answer callback may modify check map by calling async client api functions
within it. Check map is accessed after that call.
Change-Id: Ifbf91f99cfa119e5524457f585b2779d7ae52558
Adam Malinowski [Thu, 2 Oct 2014 12:06:45 +0000 (14:06 +0200)]
Add agent library stub implementation
This patch introduces implementation of agent library. Connection
to cynara service is not yet implemented. Only basic structure of
library is created.
Change-Id: Iff771cbff35c1eb4f0c3842631f2fd65ea322ee8
Adam Malinowski [Tue, 23 Sep 2014 11:52:19 +0000 (13:52 +0200)]
Add agent API
This patch introduces API for agents cooperating with plugins.
Agents communicate with plugins via cynara service.
Change-Id: I0f6233838f27370ee980655ad09be9fd10ae1bce
Adam Malinowski [Mon, 15 Sep 2014 12:47:22 +0000 (14:47 +0200)]
Add agent socket & dummy agent protocol
This change introduces new systemd based socket and protocol for
communication with agents. Protocol does not contain any agent
specific frame information for now.
Change-Id: I83e2211a25fd93792a46a64c1df519efb1cedfed
Zofia Abramowska [Fri, 17 Oct 2014 16:28:34 +0000 (18:28 +0200)]
Add PluginManager to CapacityCache
Change-Id: Icdaf1df3793db0a43ae4aadcf2d8d306b04f650f
Zofia Abramowska [Thu, 16 Oct 2014 14:53:14 +0000 (16:53 +0200)]
Add base class for external plugins
* Make ExternalPluginInterface a base class providing only pure
virtual getSupportedPolicyTypes() and publish its header
* Change ExternalPluginInterface definition to ServicePluginInterface
class and make it inherit after ExternalPluginInterface and publish
its header as cynara-client-plugin.h
* Rename InterpreterInterface to ClientServiceInterface, make it
inherit after ExternalPluginInterface
Change-Id: Ia572e2adb8a4486705f89903b31433d70d733381
Zofia Abramowska [Thu, 16 Oct 2014 16:35:48 +0000 (18:35 +0200)]
Fix dlopened objects management
* Add destroy function type, so deletion is compatible with allocation
* Remove extern "C" from plugin creation/destruction typedefs
* Add proper comments, so expected names of creation/destruction
function symbol are known to API user
Change-Id: I019f5bf83afc94945c8efc62e99dd324c419cc33
Zofia Abramowska [Fri, 17 Oct 2014 12:48:46 +0000 (14:48 +0200)]
Add PathConfig
Put all default paths into globally visible namespaces.
Change-Id: I4f234c5558e828cbcacf86de8d266e89a0ad687c
Zofia Abramowska [Fri, 14 Nov 2014 13:29:31 +0000 (14:29 +0100)]
Add context invalidation mechanism
RequestTaker gets RequestContext, which might be processed in
another event loop. During this loop socket associated with this
context might get closed, so class holding this context needs
notification.
Change-Id: I77dee05b84a987e444f4ec71e87bcb867682768b
Pawel Wieczorek [Fri, 14 Nov 2014 12:04:19 +0000 (13:04 +0100)]
Disallow adding valid and invalid policies at once
Storage::insertPolicies() now cares, if all buckets exist before it
makes any change in database (in memory as well as in storage).
No changes are made if any part of request contains invalid parameters.
Change-Id: Ia8d180c7af88bd945dca22f2a4a41b049fdb4c33
Zofia Abramowska [Wed, 12 Nov 2014 15:36:52 +0000 (16:36 +0100)]
Remove dangerous reference
RequestContext contained reference to an external BinaryQueue. One
problem was, BBQ was held inside vector (so practically any operation
on vector made this object out-of-date), second problem was,
RequestContext was passed to other classes inside shared_ptr, so owner
of this bbq looses control other its reference.
Moreover, soon RequestContext will be held pending (e.g. when waiting
for external Agent to return answer) inside cynara logic, so BBQ stored
inside RequestContext needs to be alive as long as corresponding
connection is opened. Not more, not less.
Change-Id: I79c9eb9b5e74927bd7bb159da01fae23612ca83e
Zofia Abramowska [Wed, 12 Nov 2014 16:07:55 +0000 (17:07 +0100)]
Reorganize ProtocolAdmin and ProtocolClient
Private methods of ProtocolAdmin and ProtocolClient lost an argument,
which was used only to pass member value from the same class.
Change-Id: I5657d38cf9ccd47892082479eeae92d62f894227
Zofia Abramowska [Wed, 12 Nov 2014 15:30:35 +0000 (16:30 +0100)]
Remove unnecessary Protocol shared pointers
ProtocolFramePtr and ProtocolFrameHeaderPtr was used unnecessary
(no shared ownership required).
Change-Id: I71d4bf797450a46bc35e2321ff8d01a6508bcf88
Zofia Abramowska [Thu, 13 Nov 2014 13:25:56 +0000 (14:25 +0100)]
Fix segfault in dump_buckets test
Change-Id: If614900c9710dc0600c48622051afb484709155f
Pawel Wieczorek [Thu, 13 Nov 2014 11:07:20 +0000 (12:07 +0100)]
Ensure creation of minimal database
This patch changes default behaviour of migration tool during package
upgrade. Previously, Cynara's state path was left untouched. Now
creation of minimal database is ensured. No changes are made if it
already existed.
Change-Id: I25158aec7d7b436ac1446d43277afe1337bfe4e5
Pawel Wieczorek [Wed, 27 Aug 2014 07:18:02 +0000 (09:18 +0200)]
Implement mechanism assuring integrity of database
There is also added mechanism for cleaning up Cynara's database
directory upon loading policies to memory.
There is added test checking whether mechanism behaves as intended.
Change-Id: I926d1aebf394c092e00731b73717e0e1c55bad0c
Rafal Krypa [Mon, 10 Nov 2014 12:43:59 +0000 (13:43 +0100)]
Fix invocations of LOG missing format string argument
First argument of LOG* macros is passed to sd_journal_print() as format string.
In some places these macros were used with no format string at all, simply
passing e.what() from an exception. This could lead to a format string
vulnerability in the code, potentially allowing arbitrary code execution.
This error also caused build break:
In file included from /data/src/tizen/cynara/src/client/api/client-api.cpp:27:0:
/data/src/tizen/cynara/src/common/exceptions/TryCatch.h: In function
‘int Cynara::tryCatch(const std::function<int()>&)’:
/data/src/tizen/cynara/src/common/exceptions/TryCatch.h:41:178: error:
format not a string literal and no format arguments [-Werror=format-security]
LOGE(e.what());
(... and more ...)
Change-Id: I1259283cf1bd2fa0fb2d271e38a7b416e17939f7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Marcin Niesluchowski [Wed, 5 Nov 2014 11:40:35 +0000 (12:40 +0100)]
Fix read errno handling in Socket class
Cynara Socket class treats ECONNRESET (socket closed transmiting RST
instead of FIN) during read as unknown error. Handle it as disconnection.
Change-Id: Iecbfa5c32c7ef8b6b5da97170269aa86e2740c22
Adam Malinowski [Thu, 6 Nov 2014 13:47:15 +0000 (14:47 +0100)]
Fix build break caused by wrong system group names
cynara-rpmlintrc file was added to project in order to ignore
errors related to wrong group names. File will be removed when
problems with new group names is fixed.
Change-Id: Ibd0ee42b707fba059f0172522cba4804c28d2cb5
Marcin Niesluchowski [Tue, 4 Nov 2014 17:09:54 +0000 (18:09 +0100)]
Change Group in spec file
Group Security/Access Control has been removed. Cynara current group
is Security/Application Privilege. Nonexistent group causes build break.
Change-Id: I58d800209cb232e60e60747eb79244fb57c7b977
Lukasz Wojciechowski [Mon, 3 Nov 2014 07:25:37 +0000 (08:25 +0100)]
Remove visibility attributes from header file
Visibility attributes ar not needed in header file.
Usage of them by CYNARA_API macro causes also to make
internal file attributes.h published.
Change-Id: I99bb84d5af96120cdc448e837601cecc05494570
Pawel Wieczorek [Wed, 22 Oct 2014 09:51:19 +0000 (11:51 +0200)]
Add migration tool for Cynara's database
This patch introduces tool for database migration if newer version of
Cynara uses backward incompatible format of storing policies data.
Migration tool is also used during installation of Cynara in order to
initialize database with minimal contents.
Change-Id: I7e6a376dad812c54f45a6a11ca559c97383d453d
Lukasz Wojciechowski [Fri, 24 Oct 2014 15:52:32 +0000 (17:52 +0200)]
Treat invalid check_id as an error in async cancel
If check_id passed to cynara_async_cancel_request() is invalid
CYNARA_API_INVALID_PARAM will be returned.
Id is invalid when:
* was never generated by any previous call to cynara_async_create_request();
* response callback related to this id was already delivered.
Change-Id: Iaa05fe71c752aedcb5414d162fc374f37420f36d
Pawel Wieczorek [Mon, 6 Oct 2014 17:08:25 +0000 (19:08 +0200)]
Add PolicyBucketId validation
This patch introduces mechanism for checking whether new PolicyBucketId
contains forbidden characters. Now only alphanumeric characters, hyphen
and underscore can be used in PolicyBucketId. InvalidBucketIdException
is thrown and OPERATION_NOT_ALLOWED error code is returned otherwise.
Change-Id: I48b6e14d20cb62adc17560929055553df0ce1077
Pawel Wieczorek [Mon, 6 Oct 2014 10:45:25 +0000 (12:45 +0200)]
Remove PolicyBucket() constructor
In some cases using parameterless constructor of PolicyBucket can
result in uninitialized PolicyBucket id. Complete removal of this
constructor guarantees inablity to create bucket with no id.
Change-Id: Id67d7f257697078ef0d4518161ade473a983cf6b
Radoslaw Bartosiak [Wed, 22 Oct 2014 20:52:50 +0000 (22:52 +0200)]
Add cynara_creds_get_[client|user]_method UT
Adding unit tests for functions used in implementation of
cynara_creds_get_[client|user]_methods
Change-Id: I3cb7b9fb03e09769dbb68fd595994cbe13956483
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Wed, 10 Sep 2014 13:04:17 +0000 (15:04 +0200)]
Implement cynara_creds_get_[client|user]_method
The functions enable obtaining system default identification method
for [process|user] by reading a configuration file (default
/etc/cynara/creds.conf).
Change-Id: I662a7681abbaa130a3d628352a13ff950a7affd3
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Mon, 8 Sep 2014 11:45:22 +0000 (13:45 +0200)]
Add creds configuration
Configuration is used by cynara_creds_get_[client|user]_method to
provide default values of [client|user] feature used in
cynara-creds.
Change-Id: I9a8b8e0bb009817414b9755523a60edb3d0386d0
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Lukasz Wojciechowski [Tue, 23 Sep 2014 15:50:27 +0000 (17:50 +0200)]
Adjust admin API policy type codes
External admin API policy types should match inner cynara values
used in storage and protocols. That would make plugins work easier
and allows correct work of cynara_admin_check function.
New header cynara-policy-types.h is provided by libcynara-common.
It defines policy type values and is included by external admin API.
Predefined policies variables use same values for initialization.
Change-Id: If1b158dcd5abbe9ee3af692e706a2d2e886f8631
Jacek Bukarewicz [Wed, 22 Oct 2014 09:06:04 +0000 (11:06 +0200)]
Remove unnecessary dependencies to Cynara
Change-Id: I02c00332c20083639b862231b507545103613051
Pawel Wieczorek [Wed, 24 Sep 2014 10:11:12 +0000 (12:11 +0200)]
Add new libcynara-admin return code
Added code is:
CYNARA_ADMIN_API_OPERATION_FAILED
It is used to indicate failures during saving database to storage. This
patch also adds handling such situations.
Change-Id: I35b7d3334def8e688a180ddec6861c0f3bdd70d6
Aleksander Zdyb [Tue, 14 Oct 2014 07:59:49 +0000 (09:59 +0200)]
Fix creation of bucket in InMemoryStorageBackend
This prevents creation of bucket without properly
initialized id.
Change-Id: Ib5374e15a0172e48ca5413987df256f19595fe91
Marcin Niesluchowski [Tue, 14 Oct 2014 11:36:08 +0000 (13:36 +0200)]
Fix comment in cynara-async api header
Change-Id: Id195797893866f5aca48b1120c04e2d2ebb69813
Jacek Bukarewicz [Wed, 15 Oct 2014 08:21:00 +0000 (10:21 +0200)]
Set build_type default value in a different way
Apparently gbs couldn't parse previous construct properly and installed
debug libraries regardless of build_type.
Change-Id: I84c6456efc692da9f1bec94b071d8107a540f3d8
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Lukasz Wojciechowski [Thu, 16 Oct 2014 06:25:04 +0000 (08:25 +0200)]
Use TryCatch() for exception catching in admin library
Change-Id: I01d0b075c7d9cb5d94cadfe2c1dc5da7bd326027
Lukasz Wojciechowski [Tue, 14 Oct 2014 12:45:27 +0000 (14:45 +0200)]
Move TryCatch from client-common to common library
TryCatch can be used also in admin libraries,
so it belongs to common library now.
Change-Id: Ibdd9c1576b9b34195555c2d9b43e72b57a83a201
Lukasz Wojciechowski [Tue, 14 Oct 2014 12:37:07 +0000 (14:37 +0200)]
Rename cynara-client-error.h to cynara-error.h
Apply new name to all files.
Change-Id: I9e4590a40e11ba5a33442707207635bb0d75a278
Lukasz Wojciechowski [Tue, 14 Oct 2014 12:09:00 +0000 (14:09 +0200)]
Use client error codes in admin libraries
We need to have one unified set of error codes. Client
error codes have been adjusted to serve admin errors
too. Then client error codes were used in admin
libraries keeping following mapping:
CYNARA_ADMIN_API_SUCCESS
-> CYNARA_API_SUCCESS
CYNARA_ADMIN_API_OUT_OF_MEMORY
-> CYNARA_API_OUT_OF_MEMORY
CYNARA_ADMIN_API_INVALID_PARAM
-> CYNARA_API_INVALID_PARAM
CYNARA_ADMIN_API_SERVICE_NOT_AVAILABLE
-> CYNARA_API_SERVICE_NOT_AVAILABLE
CYNARA_ADMIN_API_UNEXPECTED_CLIENT_ERROR
-> CYNARA_API_UNKNOWN_ERROR
CYNARA_ADMIN_API_OPERATION_NOT_ALLOWED
-> CYNARA_API_OPERATION_NOT_ALLOWED
CYNARA_ADMIN_API_BUCKET_NOT_FOUND
-> CYNARA_API_BUCKET_NOT_FOUND
Remove not needed anymore old admin error codes file:
src/include/cynara-admin-error.h
Change-Id: Ice8990a2b354bd489c67c2a004344a5c60fc15ee
Lukasz Wojciechowski [Tue, 14 Oct 2014 09:13:25 +0000 (11:13 +0200)]
Remove "noexcept" keyword from PolicyBucket
Change-Id: I0b00841efadb7584e854a04286758caf90e400cc
Lukasz Wojciechowski [Tue, 14 Oct 2014 07:21:41 +0000 (09:21 +0200)]
Clean up exception classes
Some minor clean-ups in exceptions classes:
* remove "noexcept" keyword from exception classes;
* catch exceptions in Exception::what();
* correcting comments;
* adding missing virtual keyword;
* rearranging public and private sections.
Change-Id: I99c382838adb22429a7ea8ac35974c988b3d3f33
Lukasz Wojciechowski [Tue, 14 Oct 2014 06:47:31 +0000 (08:47 +0200)]
Remove "noexcept" keyword from admin's Logic class
We don't want cause application termination.
All exceptions should be caught and handled.
Change-Id: Ic245fb42a8b8fa7a7d83665ce95c4acb89c5b964
Zofia Abramowska [Tue, 7 Oct 2014 12:46:47 +0000 (14:46 +0200)]
Add PluginErrorException
Add exception class for plugin processing error.
Change-Id: I26090bd3a54bdbc4767fd05735b5b06fae523b2f
Zofia Abramowska [Fri, 19 Sep 2014 14:42:02 +0000 (16:42 +0200)]
Add PluginManager
Add cynara service manager for loading and managing dynamic loaded
plugins supporting custom policy types.
Change-Id: I94c3bfa4842a6a8d0a078ac910aba5e54db7b468
Zofia Abramowska [Thu, 18 Sep 2014 16:37:40 +0000 (18:37 +0200)]
Add cynara external plugins
Add interface for creating external cynara plugin to enable custom
policy types support.
Change-Id: I43bd31a3e48f9667964107dd243f2286e7ffae8a
Zofia Abramowska [Thu, 18 Sep 2014 15:33:53 +0000 (17:33 +0200)]
Split PolicyResult declaration and definition
PolicyResult header will be included in package for external plugin
implementations.
Change-Id: Ic5224af395b9fd86f57138566295961e80ee8f12
Zofia Abramowska [Tue, 16 Sep 2014 10:53:09 +0000 (12:53 +0200)]
Fix cache update method
Support update with existing entry.
Change-Id: I0a242c9580ae0a521fddb8bf4fc4c2b8be3507c0
Zofia Abramowska [Fri, 12 Sep 2014 13:45:36 +0000 (15:45 +0200)]
Redo client plugins
Let plugin make decision based on last and current client session.
Plugin can change PluginResult.
Change-Id: Ia985feaf1d60a8c1ebf858ba0d4e0d6f2cc6fa40
José Bollo [Mon, 6 Oct 2014 15:31:59 +0000 (17:31 +0200)]
Improving creation of user 'cynara'
To improve the creation of the user cynara, the
home directory is now set to /var/lib/empty,
the shell is set to /sbin/nologin, the main group
is set to cynara.
Change-Id: I4582caa9f9a61cd8c52d0a6718f504903cdee479
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Marcin Niesluchowski [Wed, 24 Sep 2014 12:14:07 +0000 (14:14 +0200)]
Implement cynara_async_cancel_request()
Change-Id: I028d6a2941dc68359590263cda9e5bff2b839317
Marcin Niesluchowski [Thu, 18 Sep 2014 09:32:15 +0000 (11:32 +0200)]
Add creating, sending and receiving check requests
cynara_async_create_request() and cynara_async_process() functions work
according to the API header excluding possibility to cancel request.
Change-Id: I9818be674d58da5bd431a08b7faf47dfe0157289
Marcin Niesluchowski [Thu, 18 Sep 2014 12:41:01 +0000 (14:41 +0200)]
Implement cynara_async_check_cache()
Change-Id: I1930cdf448dcfdf800d0d5c322ff100baf5a4987
Marcin Niesluchowski [Mon, 15 Sep 2014 09:54:48 +0000 (11:54 +0200)]
Add connection check
cynara_async_check_cache should return CYNARA_API_CACHE_MISS if
disconnected.
cynara_async_create_request and cynara_async_cancel_request should try
reconnecting if disconnected and return CYNARA_API_SERVICE_NOT_AVAILABLE
on failure.
As cynara_async is connecting asynchronously, it could take connection
in progress state which is resolved in cynara_async_process and treated
as connected in other functions. As this state exists after reconnecting,
there should be no cache entries. cynara_async_process should complete
connecting if needed by waiting for write event. If connection fails in
cynara_async_process, then CYNARA_API_SERVICE_NOT_AVAILABLE should be
returned.
Change-Id: I2920f4dbd0bde3e7be74096db33f4ff465bc5028
Marcin Niesluchowski [Mon, 15 Sep 2014 09:42:42 +0000 (11:42 +0200)]
Add asynchronous socket
Change-Id: I1ca062fee144b8244fba88ae3155096df043c61e
Marcin Niesluchowski [Mon, 15 Sep 2014 09:17:34 +0000 (11:17 +0200)]
Move socket paths to common library
Change-Id: I4b5bf9c2bc47aca6f87bb89942a09b2a8ae6e251
Marcin Niesluchowski [Thu, 4 Sep 2014 13:50:32 +0000 (15:50 +0200)]
Add async api stub implementation
Below are listed asynchronous API functions with its value
returned for valid params and enough memory (stub version).
- cynara_async_initialize CYNARA_API_SUCCESS
- cynara_finish
- cynara_async_cache_check CYNARA_API_CACHE_MISS
- cynara_async_create_request CYNARA_API_MAX_PENDING_REQUESTS
- cynara_async_process CYNARA_API_SUCCESS
- cynara_async_cancel_request CYNARA_API_SUCCESS
Change-Id: Ic10d04adc5e7d45fa643a1e817db2670c05790cf
Marcin Niesluchowski [Thu, 9 Oct 2014 14:37:56 +0000 (16:37 +0200)]
Add function for catching all client exceptions
Change-Id: Ia70b4ee257aa279a26862f3d412f81dfdcae3309
Zofia Abramowska [Wed, 8 Oct 2014 15:16:18 +0000 (17:16 +0200)]
Add asynchronous API header
Add simple API which provide means to:
- ask cynara if <client, user> has permission to <privilege>
using cynara_async_check() for cache check
- create request for <client, user> having permission to <privilege>
to be sent using cynara_async_create_request()
- send requests and receive responses using cynara_async_process()
- cancel created request using cynara_async_cancel_request()
- inform user about available response and status changes of cynara
socket through callbacks
This is an asynchronus API, so all I/O operations inside are
non-blocking.
Change-Id: Id6d53eae7587c11288d44bb2dd7980ec039e7ca0
Zofia Abramowska [Wed, 8 Oct 2014 15:14:01 +0000 (17:14 +0200)]
Change client API error codes
Add CYNARA_API_ACCESS_ALLOWED to be returned instead of CYNARA_API_SUCCESS
from cynara check call.
Renumber client API error codes - now CYNARA_API_ACCESS_DENIED is treated
as answer, not as error.
Change-Id: I3d64afdc3cc241de8515be507858304efd729da6
José Bollo [Fri, 3 Oct 2014 12:00:06 +0000 (14:00 +0200)]
Removing home directory creation for user cynara
Cynara should not create a home directory.
If it must, specific options have to be providen
that explicitely should set the home directory
not in /home and should use a specific skeleton.
Change-Id: I296a5856fbae399944b41babf5ebb89a1f0f93eb
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
Pawel Wieczorek [Mon, 15 Sep 2014 14:49:19 +0000 (16:49 +0200)]
Replace @file commands for Doxygen compatibility
Not all filenames are unique for the whole project. This affects
Doxygen, as it ignores repeated @file descriptions. Patch replaces
Doxygen @file commands with full relative path to the source file.
Change-Id: Iabcdf59e9bf6fae3137598e6013f0a552e82acba
Pawel Wieczorek [Mon, 15 Sep 2014 08:38:17 +0000 (10:38 +0200)]
Replace old Aleksander Zdyb's email address
Change-Id: I39dd94fe49039cdafeedbd1098ae72247b3f1fbd
Pawel Wieczorek [Mon, 15 Sep 2014 07:53:14 +0000 (09:53 +0200)]
Add extra asterisk to file description comments
File description comment blocks lacked an extra asterisk for JavaDoc
style. This affected Doxygen as it couldn't process these documentation
comments. Patch does not affect license comment blocks.
Change-Id: Ic0222b821b242b5d318c7cefce1865952ba6ccb5
Pawel Wieczorek [Fri, 12 Sep 2014 09:33:35 +0000 (11:33 +0200)]
Replace @file description different than filename
Not all @file descriptions matched corresponding filenames. This
affects Doxygen, as it ignores such documentation comments. Patch
fixes these Doxygen @file commands.
Change-Id: I047ea1bde6c13ff2dd6ec90ea61abb2faaf7aaac
Aleksander Zdyb [Wed, 17 Sep 2014 06:22:20 +0000 (08:22 +0200)]
Extract storage code into libcynara-storage
libcynara-storage is an extrenal library containing
C++ symbols used in cynara itself as well as
in upcomming libcynara-offline-admin.
Change-Id: I56ce83339ec3bc1b17cc54e3ba5f3863316117fe
Aleksander Zdyb [Mon, 15 Sep 2014 09:01:08 +0000 (11:01 +0200)]
Introduce cynara-offline-admin API
cynara-offline-admin is a special administrative API,
which allows to alter Cynara's database directly
on filesystem.
Change-Id: I47365889f2afc05ee8a40aeee5bd3bb1de22dccd
Lukasz Wojciechowski [Tue, 16 Sep 2014 05:42:52 +0000 (07:42 +0200)]
Implement AdminCheck in admin library logic layer
Change-Id: I3b404514dbccd1829c2850b0f0f1b2dfe15d8ea9
Lukasz Wojciechowski [Mon, 15 Sep 2014 19:59:31 +0000 (21:59 +0200)]
Implement AdminCheck in service's logic layer
Change-Id: Ia4adbbb8403af6341dc4451bd2440d86a72177d8
Lukasz Wojciechowski [Mon, 15 Sep 2014 19:47:12 +0000 (21:47 +0200)]
Implement AdminCheck serialization in AdminProtocol
Change-Id: I6f52d98f21bcec0fc3db7db4d3ba83fb05153b76
Lukasz Wojciechowski [Mon, 15 Sep 2014 19:39:45 +0000 (21:39 +0200)]
Split OpCheckPolicy into request and response codes
Improve log formatting and casting arguments.
Change-Id: I16f279b7fca61108f1627c9de2996dba84165ba6
Lukasz Wojciechowski [Mon, 15 Sep 2014 18:33:39 +0000 (20:33 +0200)]
Add AdminCheckRequest class
Change-Id: I7be5c10c6905a0c4f561731a40288095c6a5e4d4
Lukasz Wojciechowski [Mon, 15 Sep 2014 17:16:17 +0000 (19:16 +0200)]
Add adminCheck() method prototype in admin Logic
Implement external API using newly added method.
Change-Id: If086d8e33caaec87da5cbb2c25e6dd4163c01048
Lukasz Wojciechowski [Mon, 15 Sep 2014 14:39:37 +0000 (16:39 +0200)]
Add admin_check() prototype
Change-Id: I650cf0748479ec1646d20cd2b767e26905770116
Aleksander Zdyb [Wed, 17 Sep 2014 06:20:44 +0000 (08:20 +0200)]
Move some definitions outside of cynara-admin.h
The consts and structs will be used by both cynara-admin
and upcomming cynara-offline-admin APIs.
Change-Id: I05e320e54ff9c6a16521318560de059c6928cbea
Adam Malinowski [Fri, 12 Sep 2014 19:29:30 +0000 (21:29 +0200)]
Remove instruction & stack pointers from backtrace
These pointers don't provide useful information but consumes
a lot of space in backtrace lines.
Change-Id: I063485334ad619d8bed6d617e5fb96673f3ce938
Adam Malinowski [Thu, 11 Sep 2014 09:10:01 +0000 (11:10 +0200)]
Add source info to backtrace
This patch recovers putting source code information in backtrace.
Previous solution was based on binutils but its license is not
acceptable. This patch uses elfutils library licensed under LGPL3.
Change-Id: I1df0a54ac0702f08d876728b535fd0e172efca17
Aleksander Zdyb [Tue, 26 Aug 2014 08:41:33 +0000 (10:41 +0200)]
Fix startup with half-populated db
In some cases, Cynara could start with half-populated database.
As this is potential security issue, we now make sure, that in case
of any error, Cynara will start with empty database and return DENY
for every request.
There are added tests revealing these potential issues.
Some test cases depend on specific state of Cynara's policy database
directory. These are now provided in cynara-tests package and placed
in /usr/share/cynara/tests/ during installation.
Test execution does not affect real database -- it uses above tests
path only, accessible by non-root users as well.
Signed-off-by: Aleksander Zdyb <a.zdyb@partner.samsung.com>
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Change-Id: Ia943f77a2a0c85f394c40dd10333a73df4d0c96a
Jacek Bukarewicz [Thu, 11 Sep 2014 13:37:41 +0000 (15:37 +0200)]
Add missing 'struct' keyword in cynara-admin.h
Change-Id: I48405d368fb8a95a86d6c94df5c50a490869f1e4
Aleksander Zdyb [Wed, 20 Aug 2014 09:24:44 +0000 (11:24 +0200)]
Support NONE policy in admin API
Change-Id: I8a54f020f2d69f9c0ad71773b8d32b09f6519b9e
Aleksander Zdyb [Wed, 20 Aug 2014 06:30:23 +0000 (08:30 +0200)]
Support NONE policy in storage
Change-Id: I80d28fee394c5e461bccf102b0d6f7b4ab243174