platform/core/security/cynara.git
9 years agoFix missing directories 69/30369/4
Zofia Abramowska [Mon, 17 Nov 2014 09:29:07 +0000 (10:29 +0100)]
Fix missing directories

Creation of cynara plugins directories was missing during
installation.

Change-Id: I774b831765f71cc034f8d5800dea0032bf2ae2c9

9 years agoChange include brackets 66/30366/3
Lukasz Wojciechowski [Mon, 17 Nov 2014 08:41:30 +0000 (09:41 +0100)]
Change include brackets

Include brackets style of 2 files in credential libraries was changed
from "" to <> , as it is used in other headers.

Change-Id: I1dba20862a53acdccf65d671b15b254310121961
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
9 years agoExpose ClientSession type 65/30365/3
Lukasz Wojciechowski [Mon, 17 Nov 2014 08:38:42 +0000 (09:38 +0100)]
Expose ClientSession type

ClientSession is required by client-plugin mechanism.
Files section for libcynara-commons-devel was enhanced,
so it provides ClientSession.h

Change-Id: Ia0d935bf297bdf1743fd37e5df3a0826ebf446cd
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
9 years agoAdd missing devel package dependency 64/30364/1
Lukasz Wojciechowski [Mon, 17 Nov 2014 08:34:17 +0000 (09:34 +0100)]
Add missing devel package dependency

libcynara-admin-devel package requires cynara-error.h that is provided
by libcynara-client-commons-devel.

Change-Id: Ic6b9203e2dcf80fd0057fa64d906819be69b929d
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
9 years agoFix linking dependencies 62/30362/1
Adam Malinowski [Mon, 17 Nov 2014 07:50:27 +0000 (08:50 +0100)]
Fix linking dependencies

PluginManager was moved from service to common but linking with 'dl'
library stayed in service. This patch moves linking with dl to common.

Change-Id: If1be63e86dfe4c8651b48bbe9facc80160fd9f32

9 years agoRelease 0.4.0 53/30353/1 submit/R4/20141115.054144 submit/tizen/20141115.054313 v0.4.0
Lukasz Wojciechowski [Sat, 15 Nov 2014 04:39:18 +0000 (05:39 +0100)]
Release 0.4.0

Change-Id: Ia8f5a7e623bcbce58f9574c084a6472ea59e271a

9 years agoHandle client and agent disconnection 05/29805/12
Adam Malinowski [Mon, 3 Nov 2014 13:57:13 +0000 (14:57 +0100)]
Handle client and agent disconnection

This patch handles situations where client and/or agent connection
to cynara service is closed.

Change-Id: I410b6da96102b6ae16442e90dbbb1e867490287a

9 years agoHandle agent response 04/29804/11
Adam Malinowski [Mon, 3 Nov 2014 13:53:33 +0000 (14:53 +0100)]
Handle agent response

This patch handles response from agent of both types:
action and cancel.

Change-Id: I3168f4f7466c79bdcb9a3f6b1c3d6863ddcf952c

9 years agoHandle cancel request 03/29803/11
Adam Malinowski [Mon, 3 Nov 2014 13:49:59 +0000 (14:49 +0100)]
Handle cancel request

This patch implements handling cancel request from client.

Change-Id: I2b5537ef8b481f3a3160702d0a549945b8a11622

9 years agoHandle check request with agent usage 02/29802/11
Adam Malinowski [Mon, 3 Nov 2014 13:45:03 +0000 (14:45 +0100)]
Handle check request with agent usage

This patch introduces sending request to agent and storing context
for future.

Change-Id: I8187b4c5e66daa155b485b5ff6b9710de27f6345

9 years agoAdd manager for check contexts 01/29801/10
Adam Malinowski [Mon, 3 Nov 2014 10:21:25 +0000 (11:21 +0100)]
Add manager for check contexts

This class will be used by service logic to create and handle check
contexts.

Change-Id: I8c1f1265336dd8b5a428ed254083d1e508579a2e

9 years agoAdd CheckContext class 00/29800/10
Adam Malinowski [Mon, 3 Nov 2014 10:16:22 +0000 (11:16 +0100)]
Add CheckContext class

This class will be used for storing all data related to check request.
This data will be used to send response to client when answer is ready.

Change-Id: I20b665409e15d249a9c55615a39f4ab5b361bc18

9 years agoAdd agent manager 99/29799/10
Adam Malinowski [Fri, 24 Oct 2014 14:05:58 +0000 (16:05 +0200)]
Add agent manager

This commit introduces AgentManager class which will help plugins
in communication with agents. Also registering and unregistering agents
will be handled by this class.

Change-Id: Id3f7e5785223c3b0316f97bc8107805572a0fd10

9 years agoAdd AgentTalker class 98/29798/8
Adam Malinowski [Thu, 23 Oct 2014 08:13:55 +0000 (10:13 +0200)]
Add AgentTalker class

This class will be used as interface for plugin<->agent communication.

Change-Id: Id6d6c439d531a8ff7e0b2b96005c12c5a5ab63b7

9 years agoAdd LinkId type 49/30349/6
Adam Malinowski [Fri, 14 Nov 2014 17:58:37 +0000 (18:58 +0100)]
Add LinkId type

This type will be used to identify clients and agents.

Change-Id: I6f6808919a6c8694ad8c3e51d826dc223541325f

9 years agoSet all needed socket descriptors to write state 95/29795/8
Adam Malinowski [Fri, 24 Oct 2014 17:14:12 +0000 (19:14 +0200)]
Set all needed socket descriptors to write state

Now every socket that has data to write is set to write state after any
event on any socket descriptor. Before only part of them were set.
This change is needed to send requests to extension agents.

Change-Id: Id0d9ed2e73f748bac27d1f5e3e1fd22a7a2bb816

9 years agoAdd AgentRegisterRequest handling 31/28731/12
Adam Malinowski [Tue, 14 Oct 2014 07:39:46 +0000 (09:39 +0200)]
Add AgentRegisterRequest handling

Simple mockup of registering agent in cynara service.

Change-Id: I8368c6ad1af946c86e44d196f073d1bf209e97c3

9 years agoImplement agent protocol layer 43/28543/14
Adam Malinowski [Thu, 9 Oct 2014 12:44:42 +0000 (14:44 +0200)]
Implement agent protocol layer

This patch contains implementation of (de)serializer class for agent
protocol.

Change-Id: I8ac7b5816545bd8e76a50d66a84b8ac686125985

9 years agoImplement agent<->cynara communication layer 42/28542/14
Adam Malinowski [Thu, 2 Oct 2014 12:06:45 +0000 (14:06 +0200)]
Implement agent<->cynara communication layer

Only agent side communication layer was implemented. Also protocol is
not implemented.

Change-Id: Ic11bd0ea92284c98366a7f833f0d339f2784dad0

9 years agoAdd protection against cynara_async_finish() call in callbacks 48/30348/5
Marcin Niesluchowski [Fri, 14 Nov 2014 17:48:01 +0000 (18:48 +0100)]
Add protection against cynara_async_finish() call in callbacks

cynara_async_finish() called in callbacks is ignored in all cases.

Change-Id: I3c2268a0462413b279215f837e4603a7d6acb96d

9 years agoForbid some operations in asynchronous callbacks 22/30322/8
Marcin Niesluchowski [Fri, 14 Nov 2014 12:18:32 +0000 (13:18 +0100)]
Forbid some operations in asynchronous callbacks

In following cases cynara api operations regarding same cynara_async
structure called from within callbacks will return
CYNARA_API_OPERATION_NOT_ALLOWED:
- always within cynara_status_callback
- within cynara_response_callback called with
  CYNARA_CALL_CAUSE_SERVICE_NOT_AVAILABLE or CYNARA_CALL_CAUSE_FINISH
  cause.

It regards following api funtions:
- cynara_async_check_cache()
- cynara_async_create_request()
- cynara_async_process()
- cynara_async_cancel_request()

Change-Id: I1db22e0735e1905c4709c7f4c650cc8ca3f9b454

9 years agoFix answer callback call in asynchronous client 91/30291/9
Marcin Niesluchowski [Wed, 12 Nov 2014 12:41:43 +0000 (13:41 +0100)]
Fix answer callback call in asynchronous client

Answer callback may modify check map by calling async client api functions
within it. Check map is accessed after that call.

Change-Id: Ifbf91f99cfa119e5524457f585b2779d7ae52558

9 years agoAdd agent library stub implementation 41/28541/13
Adam Malinowski [Thu, 2 Oct 2014 12:06:45 +0000 (14:06 +0200)]
Add agent library stub implementation

This patch introduces implementation of agent library. Connection
to cynara service is not yet implemented. Only basic structure of
library is created.

Change-Id: Iff771cbff35c1eb4f0c3842631f2fd65ea322ee8

9 years agoAdd agent API 40/28540/9
Adam Malinowski [Tue, 23 Sep 2014 11:52:19 +0000 (13:52 +0200)]
Add agent API

This patch introduces API for agents cooperating with plugins.
Agents communicate with plugins via cynara service.

Change-Id: I0f6233838f27370ee980655ad09be9fd10ae1bce

9 years agoAdd agent socket & dummy agent protocol 25/27925/10
Adam Malinowski [Mon, 15 Sep 2014 12:47:22 +0000 (14:47 +0200)]
Add agent socket & dummy agent protocol

This change introduces new systemd based socket and protocol for
communication with agents. Protocol does not contain any agent
specific frame information for now.

Change-Id: I83e2211a25fd93792a46a64c1df519efb1cedfed

9 years agoAdd PluginManager to CapacityCache 78/28978/7
Zofia Abramowska [Fri, 17 Oct 2014 16:28:34 +0000 (18:28 +0200)]
Add PluginManager to CapacityCache

Change-Id: Icdaf1df3793db0a43ae4aadcf2d8d306b04f650f

9 years agoAdd base class for external plugins 99/28899/9
Zofia Abramowska [Thu, 16 Oct 2014 14:53:14 +0000 (16:53 +0200)]
Add base class for external plugins

* Make ExternalPluginInterface a base class providing only pure
virtual getSupportedPolicyTypes() and publish its header
* Change ExternalPluginInterface definition to ServicePluginInterface
class and make it inherit after ExternalPluginInterface and publish
its header as cynara-client-plugin.h
* Rename InterpreterInterface to ClientServiceInterface, make it
inherit after ExternalPluginInterface

Change-Id: Ia572e2adb8a4486705f89903b31433d70d733381

9 years agoFix dlopened objects management 84/28884/8
Zofia Abramowska [Thu, 16 Oct 2014 16:35:48 +0000 (18:35 +0200)]
Fix dlopened objects management

* Add destroy function type, so deletion is compatible with allocation
* Remove extern "C" from plugin creation/destruction typedefs
* Add proper comments, so expected names of creation/destruction
function symbol are known to API user

Change-Id: I019f5bf83afc94945c8efc62e99dd324c419cc33

9 years agoAdd PathConfig 60/28960/8
Zofia Abramowska [Fri, 17 Oct 2014 12:48:46 +0000 (14:48 +0200)]
Add PathConfig

Put all default paths into globally visible namespaces.

Change-Id: I4f234c5558e828cbcacf86de8d266e89a0ad687c

9 years agoAdd context invalidation mechanism 26/30326/3
Zofia Abramowska [Fri, 14 Nov 2014 13:29:31 +0000 (14:29 +0100)]
Add context invalidation mechanism

RequestTaker gets RequestContext, which might be processed in
another event loop. During this loop socket associated with this
context might get closed, so class holding this context needs
notification.

Change-Id: I77dee05b84a987e444f4ec71e87bcb867682768b

9 years agoDisallow adding valid and invalid policies at once 17/30317/3
Pawel Wieczorek [Fri, 14 Nov 2014 12:04:19 +0000 (13:04 +0100)]
Disallow adding valid and invalid policies at once

Storage::insertPolicies() now cares, if all buckets exist before it
makes any change in database (in memory as well as in storage).

No changes are made if any part of request contains invalid parameters.

Change-Id: Ia8d180c7af88bd945dca22f2a4a41b049fdb4c33

9 years agoRemove dangerous reference 27/30227/4
Zofia Abramowska [Wed, 12 Nov 2014 15:36:52 +0000 (16:36 +0100)]
Remove dangerous reference

RequestContext contained reference to an external BinaryQueue. One
problem was, BBQ was held inside vector (so practically any operation
on vector made this object out-of-date), second problem was,
RequestContext was passed to other classes inside shared_ptr, so owner
of this bbq looses control other its reference.
Moreover, soon RequestContext will be held pending (e.g. when waiting
for external Agent to return answer) inside cynara logic, so BBQ stored
inside RequestContext needs to be alive as long as corresponding
connection is opened. Not more, not less.

Change-Id: I79c9eb9b5e74927bd7bb159da01fae23612ca83e

9 years agoReorganize ProtocolAdmin and ProtocolClient 19/30219/3
Zofia Abramowska [Wed, 12 Nov 2014 16:07:55 +0000 (17:07 +0100)]
Reorganize ProtocolAdmin and ProtocolClient

Private methods of ProtocolAdmin and ProtocolClient lost an argument,
 which was used only to pass member value from the same class.

Change-Id: I5657d38cf9ccd47892082479eeae92d62f894227

9 years agoRemove unnecessary Protocol shared pointers 17/30217/3
Zofia Abramowska [Wed, 12 Nov 2014 15:30:35 +0000 (16:30 +0100)]
Remove unnecessary Protocol shared pointers

ProtocolFramePtr and ProtocolFrameHeaderPtr was used unnecessary
(no shared ownership required).

Change-Id: I71d4bf797450a46bc35e2321ff8d01a6508bcf88

9 years agoFix segfault in dump_buckets test 78/30278/2
Zofia Abramowska [Thu, 13 Nov 2014 13:25:56 +0000 (14:25 +0100)]
Fix segfault in dump_buckets test

Change-Id: If614900c9710dc0600c48622051afb484709155f

9 years agoEnsure creation of minimal database 72/30272/1
Pawel Wieczorek [Thu, 13 Nov 2014 11:07:20 +0000 (12:07 +0100)]
Ensure creation of minimal database

This patch changes default behaviour of migration tool during package
upgrade. Previously, Cynara's state path was left untouched. Now
creation of minimal database is ensured. No changes are made if it
already existed.

Change-Id: I25158aec7d7b436ac1446d43277afe1337bfe4e5

9 years agoImplement mechanism assuring integrity of database 39/26639/23
Pawel Wieczorek [Wed, 27 Aug 2014 07:18:02 +0000 (09:18 +0200)]
Implement mechanism assuring integrity of database

There is also added mechanism for cleaning up Cynara's database
directory upon loading policies to memory.

There is added test checking whether mechanism behaves as intended.

Change-Id: I926d1aebf394c092e00731b73717e0e1c55bad0c

9 years agoFix invocations of LOG missing format string argument 91/30091/2
Rafal Krypa [Mon, 10 Nov 2014 12:43:59 +0000 (13:43 +0100)]
Fix invocations of LOG missing format string argument

First argument of LOG* macros is passed to sd_journal_print() as format string.
In some places these macros were used with no format string at all, simply
passing e.what() from an exception. This could lead to a format string
vulnerability in the code, potentially allowing arbitrary code execution.
This error also caused build break:

In file included from /data/src/tizen/cynara/src/client/api/client-api.cpp:27:0:
/data/src/tizen/cynara/src/common/exceptions/TryCatch.h: In function
    ‘int Cynara::tryCatch(const std::function<int()>&)’:
    /data/src/tizen/cynara/src/common/exceptions/TryCatch.h:41:178: error:
    format not a string literal and no format arguments [-Werror=format-security]
         LOGE(e.what());
(... and more ...)

Change-Id: I1259283cf1bd2fa0fb2d271e38a7b416e17939f7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
9 years agoFix read errno handling in Socket class 84/29884/2
Marcin Niesluchowski [Wed, 5 Nov 2014 11:40:35 +0000 (12:40 +0100)]
Fix read errno handling in Socket class

Cynara Socket class treats ECONNRESET (socket closed transmiting RST
instead of FIN) during read as unknown error. Handle it as disconnection.

Change-Id: Iecbfa5c32c7ef8b6b5da97170269aa86e2740c22

9 years agoFix build break caused by wrong system group names 85/29985/2
Adam Malinowski [Thu, 6 Nov 2014 13:47:15 +0000 (14:47 +0100)]
Fix build break caused by wrong system group names

cynara-rpmlintrc file was added to project in order to ignore
errors related to wrong group names. File will be removed when
problems with new group names is fixed.

Change-Id: Ibd0ee42b707fba059f0172522cba4804c28d2cb5

9 years agoChange Group in spec file 25/29825/2
Marcin Niesluchowski [Tue, 4 Nov 2014 17:09:54 +0000 (18:09 +0100)]
Change Group in spec file

Group Security/Access Control has been removed. Cynara current group
is Security/Application Privilege. Nonexistent group causes build break.

Change-Id: I58d800209cb232e60e60747eb79244fb57c7b977

9 years agoRemove visibility attributes from header file 17/29717/2
Lukasz Wojciechowski [Mon, 3 Nov 2014 07:25:37 +0000 (08:25 +0100)]
Remove visibility attributes from header file

Visibility attributes ar not needed in header file.
Usage of them by CYNARA_API macro causes also to make
internal file attributes.h published.

Change-Id: I99bb84d5af96120cdc448e837601cecc05494570

9 years agoAdd migration tool for Cynara's database 86/29186/9
Pawel Wieczorek [Wed, 22 Oct 2014 09:51:19 +0000 (11:51 +0200)]
Add migration tool for Cynara's database

This patch introduces tool for database migration if newer version of
Cynara uses backward incompatible format of storing policies data.

Migration tool is also used during installation of Cynara in order to
initialize database with minimal contents.

Change-Id: I7e6a376dad812c54f45a6a11ca559c97383d453d

10 years agoTreat invalid check_id as an error in async cancel 50/29350/2
Lukasz Wojciechowski [Fri, 24 Oct 2014 15:52:32 +0000 (17:52 +0200)]
Treat invalid check_id as an error in async cancel

If check_id passed to cynara_async_cancel_request() is invalid
CYNARA_API_INVALID_PARAM will be returned.
Id is invalid when:
* was never generated by any previous call to cynara_async_create_request();
* response callback related to this id was already delivered.

Change-Id: Iaa05fe71c752aedcb5414d162fc374f37420f36d

10 years agoAdd PolicyBucketId validation 31/28431/10
Pawel Wieczorek [Mon, 6 Oct 2014 17:08:25 +0000 (19:08 +0200)]
Add PolicyBucketId validation

This patch introduces mechanism for checking whether new PolicyBucketId
contains forbidden characters. Now only alphanumeric characters, hyphen
and underscore can be used in PolicyBucketId. InvalidBucketIdException
is thrown and OPERATION_NOT_ALLOWED error code is returned otherwise.

Change-Id: I48b6e14d20cb62adc17560929055553df0ce1077

10 years agoRemove PolicyBucket() constructor 82/28382/8
Pawel Wieczorek [Mon, 6 Oct 2014 10:45:25 +0000 (12:45 +0200)]
Remove PolicyBucket() constructor

In some cases using parameterless constructor of PolicyBucket can
result in uninitialized PolicyBucket id. Complete removal of this
constructor guarantees inablity to create bucket with no id.

Change-Id: Id67d7f257697078ef0d4518161ade473a983cf6b

10 years agoAdd cynara_creds_get_[client|user]_method UT 19/29219/4
Radoslaw Bartosiak [Wed, 22 Oct 2014 20:52:50 +0000 (22:52 +0200)]
Add cynara_creds_get_[client|user]_method UT

Adding unit tests for functions used in implementation of
cynara_creds_get_[client|user]_methods

Change-Id: I3cb7b9fb03e09769dbb68fd595994cbe13956483
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
10 years agoImplement cynara_creds_get_[client|user]_method 06/27306/19
Radoslaw Bartosiak [Wed, 10 Sep 2014 13:04:17 +0000 (15:04 +0200)]
Implement cynara_creds_get_[client|user]_method

The functions enable obtaining system default identification method
for [process|user] by reading a configuration file (default
/etc/cynara/creds.conf).

Change-Id: I662a7681abbaa130a3d628352a13ff950a7affd3
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
10 years agoAdd creds configuration 36/27236/12
Radoslaw Bartosiak [Mon, 8 Sep 2014 11:45:22 +0000 (13:45 +0200)]
Add creds configuration

Configuration is used by cynara_creds_get_[client|user]_method to
provide default values of [client|user] feature used in
cynara-creds.

Change-Id: I9a8b8e0bb009817414b9755523a60edb3d0386d0
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
10 years agoAdjust admin API policy type codes 71/27971/5
Lukasz Wojciechowski [Tue, 23 Sep 2014 15:50:27 +0000 (17:50 +0200)]
Adjust admin API policy type codes

External admin API policy types should match inner cynara values
used in storage and protocols. That would make plugins work easier
and allows correct work of cynara_admin_check function.

New header cynara-policy-types.h is provided by libcynara-common.
It defines policy type values and is included by external admin API.
Predefined policies variables use same values for initialization.

Change-Id: If1b158dcd5abbe9ee3af692e706a2d2e886f8631

10 years agoRemove unnecessary dependencies to Cynara 84/29184/1
Jacek Bukarewicz [Wed, 22 Oct 2014 09:06:04 +0000 (11:06 +0200)]
Remove unnecessary dependencies to Cynara

Change-Id: I02c00332c20083639b862231b507545103613051

10 years agoAdd new libcynara-admin return code 18/28018/4
Pawel Wieczorek [Wed, 24 Sep 2014 10:11:12 +0000 (12:11 +0200)]
Add new libcynara-admin return code

Added code is:
        CYNARA_ADMIN_API_OPERATION_FAILED

It is used to indicate failures during saving database to storage. This
patch also adds handling such situations.

Change-Id: I35b7d3334def8e688a180ddec6861c0f3bdd70d6

10 years agoFix creation of bucket in InMemoryStorageBackend 58/27958/5
Aleksander Zdyb [Tue, 14 Oct 2014 07:59:49 +0000 (09:59 +0200)]
Fix creation of bucket in InMemoryStorageBackend

This prevents creation of bucket without properly
initialized id.

Change-Id: Ib5374e15a0172e48ca5413987df256f19595fe91

10 years agoFix comment in cynara-async api header 09/28709/2
Marcin Niesluchowski [Tue, 14 Oct 2014 11:36:08 +0000 (13:36 +0200)]
Fix comment in cynara-async api header

Change-Id: Id195797893866f5aca48b1120c04e2d2ebb69813

10 years agoSet build_type default value in a different way 41/28741/3
Jacek Bukarewicz [Wed, 15 Oct 2014 08:21:00 +0000 (10:21 +0200)]
Set build_type default value in a different way

Apparently gbs couldn't parse previous construct properly and installed
debug libraries regardless of build_type.

Change-Id: I84c6456efc692da9f1bec94b071d8107a540f3d8
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
10 years agoUse TryCatch() for exception catching in admin library 82/28782/2
Lukasz Wojciechowski [Thu, 16 Oct 2014 06:25:04 +0000 (08:25 +0200)]
Use TryCatch() for exception catching in admin library

Change-Id: I01d0b075c7d9cb5d94cadfe2c1dc5da7bd326027

10 years agoMove TryCatch from client-common to common library 19/28719/4
Lukasz Wojciechowski [Tue, 14 Oct 2014 12:45:27 +0000 (14:45 +0200)]
Move TryCatch from client-common to common library

TryCatch can be used also in admin libraries,
so it belongs to common library now.

Change-Id: Ibdd9c1576b9b34195555c2d9b43e72b57a83a201

10 years agoRename cynara-client-error.h to cynara-error.h 18/28718/4
Lukasz Wojciechowski [Tue, 14 Oct 2014 12:37:07 +0000 (14:37 +0200)]
Rename cynara-client-error.h to cynara-error.h

Apply new name to all files.

Change-Id: I9e4590a40e11ba5a33442707207635bb0d75a278

10 years agoUse client error codes in admin libraries 17/28717/4
Lukasz Wojciechowski [Tue, 14 Oct 2014 12:09:00 +0000 (14:09 +0200)]
Use client error codes in admin libraries

We need to have one unified set of error codes. Client
error codes have been adjusted to serve admin errors
too. Then client error codes were used in admin
libraries keeping following mapping:
CYNARA_ADMIN_API_SUCCESS
   -> CYNARA_API_SUCCESS
CYNARA_ADMIN_API_OUT_OF_MEMORY
   -> CYNARA_API_OUT_OF_MEMORY
CYNARA_ADMIN_API_INVALID_PARAM
   -> CYNARA_API_INVALID_PARAM
CYNARA_ADMIN_API_SERVICE_NOT_AVAILABLE
   -> CYNARA_API_SERVICE_NOT_AVAILABLE
CYNARA_ADMIN_API_UNEXPECTED_CLIENT_ERROR
   -> CYNARA_API_UNKNOWN_ERROR
CYNARA_ADMIN_API_OPERATION_NOT_ALLOWED
   -> CYNARA_API_OPERATION_NOT_ALLOWED
CYNARA_ADMIN_API_BUCKET_NOT_FOUND
   -> CYNARA_API_BUCKET_NOT_FOUND

Remove not needed anymore old admin error codes file:
src/include/cynara-admin-error.h

Change-Id: Ice8990a2b354bd489c67c2a004344a5c60fc15ee

10 years agoRemove "noexcept" keyword from PolicyBucket 16/28716/3
Lukasz Wojciechowski [Tue, 14 Oct 2014 09:13:25 +0000 (11:13 +0200)]
Remove "noexcept" keyword from PolicyBucket

Change-Id: I0b00841efadb7584e854a04286758caf90e400cc

10 years agoClean up exception classes 15/28715/4
Lukasz Wojciechowski [Tue, 14 Oct 2014 07:21:41 +0000 (09:21 +0200)]
Clean up exception classes

Some minor clean-ups in exceptions classes:
* remove "noexcept" keyword from exception classes;
* catch exceptions in Exception::what();
* correcting comments;
* adding missing virtual keyword;
* rearranging public and private sections.

Change-Id: I99c382838adb22429a7ea8ac35974c988b3d3f33

10 years agoRemove "noexcept" keyword from admin's Logic class 14/28714/3
Lukasz Wojciechowski [Tue, 14 Oct 2014 06:47:31 +0000 (08:47 +0200)]
Remove "noexcept" keyword from admin's Logic class

We don't want cause application termination.
All exceptions should be caught and handled.

Change-Id: Ic245fb42a8b8fa7a7d83665ce95c4acb89c5b964

10 years agoAdd PluginErrorException 52/28452/8
Zofia Abramowska [Tue, 7 Oct 2014 12:46:47 +0000 (14:46 +0200)]
Add PluginErrorException

Add exception class for plugin processing error.

Change-Id: I26090bd3a54bdbc4767fd05735b5b06fae523b2f

10 years agoAdd PluginManager 45/27845/13
Zofia Abramowska [Fri, 19 Sep 2014 14:42:02 +0000 (16:42 +0200)]
Add PluginManager

Add cynara service manager for loading and managing dynamic loaded
plugins supporting custom policy types.

Change-Id: I94c3bfa4842a6a8d0a078ac910aba5e54db7b468

10 years agoAdd cynara external plugins 64/27464/13
Zofia Abramowska [Thu, 18 Sep 2014 16:37:40 +0000 (18:37 +0200)]
Add cynara external plugins

Add interface for creating external cynara plugin to enable custom
policy types support.

Change-Id: I43bd31a3e48f9667964107dd243f2286e7ffae8a

10 years agoSplit PolicyResult declaration and definition 66/27766/11
Zofia Abramowska [Thu, 18 Sep 2014 15:33:53 +0000 (17:33 +0200)]
Split PolicyResult declaration and definition

PolicyResult header will be included in package for external plugin
implementations.

Change-Id: Ic5224af395b9fd86f57138566295961e80ee8f12

10 years agoFix cache update method 98/27598/11
Zofia Abramowska [Tue, 16 Sep 2014 10:53:09 +0000 (12:53 +0200)]
Fix cache update method

Support update with existing entry.

Change-Id: I0a242c9580ae0a521fddb8bf4fc4c2b8be3507c0

10 years agoRedo client plugins 51/27451/11
Zofia Abramowska [Fri, 12 Sep 2014 13:45:36 +0000 (15:45 +0200)]
Redo client plugins

Let plugin make decision based on last and current client session.
Plugin can change PluginResult.

Change-Id: Ia985feaf1d60a8c1ebf858ba0d4e0d6f2cc6fa40

10 years agoImproving creation of user 'cynara' 89/28389/4
José Bollo [Mon, 6 Oct 2014 15:31:59 +0000 (17:31 +0200)]
Improving creation of user 'cynara'

To improve the creation of the user cynara, the
home directory is now set to /var/lib/empty,
the shell is set to /sbin/nologin, the main group
is set to cynara.

Change-Id: I4582caa9f9a61cd8c52d0a6718f504903cdee479
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
10 years agoImplement cynara_async_cancel_request() 60/28060/15
Marcin Niesluchowski [Wed, 24 Sep 2014 12:14:07 +0000 (14:14 +0200)]
Implement cynara_async_cancel_request()

Change-Id: I028d6a2941dc68359590263cda9e5bff2b839317

10 years agoAdd creating, sending and receiving check requests 85/28285/7
Marcin Niesluchowski [Thu, 18 Sep 2014 09:32:15 +0000 (11:32 +0200)]
Add creating, sending and receiving check requests

cynara_async_create_request() and cynara_async_process() functions work
according to the API header excluding possibility to cancel request.

Change-Id: I9818be674d58da5bd431a08b7faf47dfe0157289

10 years agoImplement cynara_async_check_cache() 42/27742/20
Marcin Niesluchowski [Thu, 18 Sep 2014 12:41:01 +0000 (14:41 +0200)]
Implement cynara_async_check_cache()

Change-Id: I1930cdf448dcfdf800d0d5c322ff100baf5a4987

10 years agoAdd connection check 62/27262/28
Marcin Niesluchowski [Mon, 15 Sep 2014 09:54:48 +0000 (11:54 +0200)]
Add connection check

cynara_async_check_cache should return CYNARA_API_CACHE_MISS if
disconnected.
cynara_async_create_request and cynara_async_cancel_request should try
reconnecting if disconnected and return CYNARA_API_SERVICE_NOT_AVAILABLE
on failure.
As cynara_async is connecting asynchronously, it could take connection
in progress state which is resolved in cynara_async_process and treated
as connected in other functions. As this state exists after reconnecting,
there should be no cache entries. cynara_async_process should complete
connecting if needed by waiting for write event. If connection fails in
cynara_async_process, then CYNARA_API_SERVICE_NOT_AVAILABLE should be
returned.

Change-Id: I2920f4dbd0bde3e7be74096db33f4ff465bc5028

10 years agoAdd asynchronous socket 24/27524/28
Marcin Niesluchowski [Mon, 15 Sep 2014 09:42:42 +0000 (11:42 +0200)]
Add asynchronous socket

Change-Id: I1ca062fee144b8244fba88ae3155096df043c61e

10 years agoMove socket paths to common library 20/27520/11
Marcin Niesluchowski [Mon, 15 Sep 2014 09:17:34 +0000 (11:17 +0200)]
Move socket paths to common library

Change-Id: I4b5bf9c2bc47aca6f87bb89942a09b2a8ae6e251

10 years agoAdd async api stub implementation 30/27230/12
Marcin Niesluchowski [Thu, 4 Sep 2014 13:50:32 +0000 (15:50 +0200)]
Add async api stub implementation

Below are listed asynchronous API functions with its value
returned for valid params and enough memory (stub version).
- cynara_async_initialize     CYNARA_API_SUCCESS
- cynara_finish
- cynara_async_cache_check    CYNARA_API_CACHE_MISS
- cynara_async_create_request CYNARA_API_MAX_PENDING_REQUESTS
- cynara_async_process        CYNARA_API_SUCCESS
- cynara_async_cancel_request CYNARA_API_SUCCESS

Change-Id: Ic10d04adc5e7d45fa643a1e817db2670c05790cf

10 years agoAdd function for catching all client exceptions 60/28560/3
Marcin Niesluchowski [Thu, 9 Oct 2014 14:37:56 +0000 (16:37 +0200)]
Add function for catching all client exceptions

Change-Id: Ia70b4ee257aa279a26862f3d412f81dfdcae3309

10 years agoAdd asynchronous API header 26/26426/11
Zofia Abramowska [Wed, 8 Oct 2014 15:16:18 +0000 (17:16 +0200)]
Add asynchronous API header

Add simple API which provide means to:
- ask cynara if <client, user> has permission to <privilege>
  using cynara_async_check() for cache check
- create request for <client, user> having permission to <privilege>
  to be sent using cynara_async_create_request()
- send requests and receive responses using cynara_async_process()
- cancel created request using cynara_async_cancel_request()
- inform user about available response and status changes of cynara
  socket through callbacks
This is an asynchronus API, so all I/O operations inside are
non-blocking.

Change-Id: Id6d53eae7587c11288d44bb2dd7980ec039e7ca0

10 years agoChange client API error codes 17/28517/1
Zofia Abramowska [Wed, 8 Oct 2014 15:14:01 +0000 (17:14 +0200)]
Change client API error codes

Add CYNARA_API_ACCESS_ALLOWED to be returned instead of CYNARA_API_SUCCESS
from cynara check call.
Renumber client API error codes - now CYNARA_API_ACCESS_DENIED is treated
as answer, not as error.

Change-Id: I3d64afdc3cc241de8515be507858304efd729da6

10 years agoRemoving home directory creation for user cynara 55/28355/2
José Bollo [Fri, 3 Oct 2014 12:00:06 +0000 (14:00 +0200)]
Removing home directory creation for user cynara

Cynara should not create a home directory.
If it must, specific options have to be providen
that explicitely should set the home directory
not in /home and should use a specific skeleton.

Change-Id: I296a5856fbae399944b41babf5ebb89a1f0f93eb
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
10 years agoReplace @file commands for Doxygen compatibility 37/27837/5
Pawel Wieczorek [Mon, 15 Sep 2014 14:49:19 +0000 (16:49 +0200)]
Replace @file commands for Doxygen compatibility

Not all filenames are unique for the whole project. This affects
Doxygen, as it ignores repeated @file descriptions. Patch replaces
Doxygen @file commands with full relative path to the source file.

Change-Id: Iabcdf59e9bf6fae3137598e6013f0a552e82acba

10 years agoReplace old Aleksander Zdyb's email address 11/27511/3
Pawel Wieczorek [Mon, 15 Sep 2014 08:38:17 +0000 (10:38 +0200)]
Replace old Aleksander Zdyb's email address

Change-Id: I39dd94fe49039cdafeedbd1098ae72247b3f1fbd

10 years agoAdd extra asterisk to file description comments 06/27506/3
Pawel Wieczorek [Mon, 15 Sep 2014 07:53:14 +0000 (09:53 +0200)]
Add extra asterisk to file description comments

File description comment blocks lacked an extra asterisk for JavaDoc
style. This affected Doxygen as it couldn't process these documentation
comments. Patch does not affect license comment blocks.

Change-Id: Ic0222b821b242b5d318c7cefce1865952ba6ccb5

10 years agoReplace @file description different than filename 12/27412/2
Pawel Wieczorek [Fri, 12 Sep 2014 09:33:35 +0000 (11:33 +0200)]
Replace @file description different than filename

Not all @file descriptions matched corresponding filenames. This
affects Doxygen, as it ignores such documentation comments. Patch
fixes these Doxygen @file commands.

Change-Id: I047ea1bde6c13ff2dd6ec90ea61abb2faaf7aaac

10 years agoExtract storage code into libcynara-storage 33/27533/5
Aleksander Zdyb [Wed, 17 Sep 2014 06:22:20 +0000 (08:22 +0200)]
Extract storage code into libcynara-storage

libcynara-storage is an extrenal library containing
C++ symbols used in cynara itself as well as
in upcomming libcynara-offline-admin.

Change-Id: I56ce83339ec3bc1b17cc54e3ba5f3863316117fe

10 years agoIntroduce cynara-offline-admin API 13/27513/7
Aleksander Zdyb [Mon, 15 Sep 2014 09:01:08 +0000 (11:01 +0200)]
Introduce cynara-offline-admin API

cynara-offline-admin is a special administrative API,
which allows to alter Cynara's database directly
on filesystem.

Change-Id: I47365889f2afc05ee8a40aeee5bd3bb1de22dccd

10 years agoImplement AdminCheck in admin library logic layer 56/27556/5
Lukasz Wojciechowski [Tue, 16 Sep 2014 05:42:52 +0000 (07:42 +0200)]
Implement AdminCheck in admin library logic layer

Change-Id: I3b404514dbccd1829c2850b0f0f1b2dfe15d8ea9

10 years agoImplement AdminCheck in service's logic layer 55/27555/5
Lukasz Wojciechowski [Mon, 15 Sep 2014 19:59:31 +0000 (21:59 +0200)]
Implement AdminCheck in service's logic layer

Change-Id: Ia4adbbb8403af6341dc4451bd2440d86a72177d8

10 years agoImplement AdminCheck serialization in AdminProtocol 54/27554/5
Lukasz Wojciechowski [Mon, 15 Sep 2014 19:47:12 +0000 (21:47 +0200)]
Implement AdminCheck serialization in AdminProtocol

Change-Id: I6f52d98f21bcec0fc3db7db4d3ba83fb05153b76

10 years agoSplit OpCheckPolicy into request and response codes 53/27553/5
Lukasz Wojciechowski [Mon, 15 Sep 2014 19:39:45 +0000 (21:39 +0200)]
Split OpCheckPolicy into request and response codes

Improve log formatting and casting arguments.

Change-Id: I16f279b7fca61108f1627c9de2996dba84165ba6

10 years agoAdd AdminCheckRequest class 52/27552/5
Lukasz Wojciechowski [Mon, 15 Sep 2014 18:33:39 +0000 (20:33 +0200)]
Add AdminCheckRequest class

Change-Id: I7be5c10c6905a0c4f561731a40288095c6a5e4d4

10 years agoAdd adminCheck() method prototype in admin Logic 51/27551/5
Lukasz Wojciechowski [Mon, 15 Sep 2014 17:16:17 +0000 (19:16 +0200)]
Add adminCheck() method prototype in admin Logic

Implement external API using newly added method.

Change-Id: If086d8e33caaec87da5cbb2c25e6dd4163c01048

10 years agoAdd admin_check() prototype 50/27550/4
Lukasz Wojciechowski [Mon, 15 Sep 2014 14:39:37 +0000 (16:39 +0200)]
Add admin_check() prototype

Change-Id: I650cf0748479ec1646d20cd2b767e26905770116

10 years agoMove some definitions outside of cynara-admin.h 12/27512/6
Aleksander Zdyb [Wed, 17 Sep 2014 06:20:44 +0000 (08:20 +0200)]
Move some definitions outside of cynara-admin.h

The consts and structs will be used by both cynara-admin
and upcomming cynara-offline-admin APIs.

Change-Id: I05e320e54ff9c6a16521318560de059c6928cbea

10 years agoRemove instruction & stack pointers from backtrace 69/27469/2
Adam Malinowski [Fri, 12 Sep 2014 19:29:30 +0000 (21:29 +0200)]
Remove instruction & stack pointers from backtrace

These pointers don't provide useful information but consumes
a lot of space in backtrace lines.

Change-Id: I063485334ad619d8bed6d617e5fb96673f3ce938

10 years agoAdd source info to backtrace 58/27358/2
Adam Malinowski [Thu, 11 Sep 2014 09:10:01 +0000 (11:10 +0200)]
Add source info to backtrace

This patch recovers putting source code information in backtrace.
Previous solution was based on binutils but its license is not
acceptable. This patch uses elfutils library licensed under LGPL3.

Change-Id: I1df0a54ac0702f08d876728b535fd0e172efca17

10 years agoFix startup with half-populated db 52/26552/5
Aleksander Zdyb [Tue, 26 Aug 2014 08:41:33 +0000 (10:41 +0200)]
Fix startup with half-populated db

In some cases, Cynara could start with half-populated database.
As this is potential security issue, we now make sure, that in case
of any error, Cynara will start with empty database and return DENY
for every request.

There are added tests revealing these potential issues.
Some test cases depend on specific state of Cynara's policy database
directory. These are now provided in cynara-tests package and placed
in /usr/share/cynara/tests/ during installation.
Test execution does not affect real database -- it uses above tests
path only, accessible by non-root users as well.

Signed-off-by: Aleksander Zdyb <a.zdyb@partner.samsung.com>
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Change-Id: Ia943f77a2a0c85f394c40dd10333a73df4d0c96a

10 years agoAdd missing 'struct' keyword in cynara-admin.h 57/27357/2
Jacek Bukarewicz [Thu, 11 Sep 2014 13:37:41 +0000 (15:37 +0200)]
Add missing 'struct' keyword in cynara-admin.h

Change-Id: I48405d368fb8a95a86d6c94df5c50a490869f1e4

10 years agoSupport NONE policy in admin API 01/26301/4
Aleksander Zdyb [Wed, 20 Aug 2014 09:24:44 +0000 (11:24 +0200)]
Support NONE policy in admin API

Change-Id: I8a54f020f2d69f9c0ad71773b8d32b09f6519b9e

10 years agoSupport NONE policy in storage 00/26300/4
Aleksander Zdyb [Wed, 20 Aug 2014 06:30:23 +0000 (08:30 +0200)]
Support NONE policy in storage

Change-Id: I80d28fee394c5e461bccf102b0d6f7b4ab243174