Aleksander Zdyb [Tue, 23 Dec 2014 12:54:32 +0000 (13:54 +0100)]
Introduce Lockable in FileLock
FileLock now operates on lockable object instead
of a file path and internal file descriptor.
Lockable is an abstraction of file descriptor.
Change-Id: Ie17905a4455492956e5162d90add488ca6f3080c
Aleksander Zdyb [Mon, 27 Oct 2014 13:45:58 +0000 (14:45 +0100)]
Don't create database directory
This functionality was replaced by database migration tool
and database directory is always present.
Change-Id: Ib5f1f8a6c2887534f2c4f0ae3c85245d69818a14
Aleksander Zdyb [Mon, 27 Oct 2014 13:44:14 +0000 (14:44 +0100)]
Add StoragePath::lockfile path
Change-Id: I16242dd8da7435661ee65698541e935ea9105cf1
Pawel Wieczorek [Mon, 22 Dec 2014 08:29:43 +0000 (09:29 +0100)]
Remove surplus read permissions for migration tool
In order to prevent possibility of non-authorised usage of migration
tool read permissions for wrapper script are now retracted.
Change-Id: I40d3f7cea0a9597863d0d75f168b2dea9ec64d6d
Lukasz Wojciechowski [Thu, 18 Dec 2014 13:18:53 +0000 (14:18 +0100)]
Add processing EraseRequest on serviceLogic layer
Process EraseRequest, pass data to Storage layer.
Save database in case of successful erase.
Return CodeResponse to sender of EraseRequest.
Change-Id: I9bddfff64bf8b8e11f36ccac85ab5bb715f69c4f
Lukasz Wojciechowski [Thu, 18 Dec 2014 13:04:09 +0000 (14:04 +0100)]
Implement erasePolicies() in Storage
Implementation add StorageBackend::erasePolicies() in base class and
its implementation in InMemoryStorageBackend.
In Storage class erasePolicies() just passes this request to backend.
PolicyBucket class was enhanced with getSubBuckets() method returning
set of all IDs of subbuckets. Subbucket is a bucket that can be reached
with policy (type==BUCKET) from current bucket.
Change-Id: I90598aa916857a917d911068da1a1c18c69391a5
Lukasz Wojciechowski [Tue, 16 Dec 2014 12:36:38 +0000 (13:36 +0100)]
Handle EraseRequest in admin library Logic layer
Create EraseRequest and wait for CodeResponse. Interprete it
and return proper code to admin API layer.
Change-Id: I35ba3573fdf8a455c5a42020e918a6a7b17c0a46
Lukasz Wojciechowski [Tue, 16 Dec 2014 12:13:24 +0000 (13:13 +0100)]
Add tests for EraseRequest serialization
Add tests for checking equality of objects and binary data
in serialization / deserialization of EraseRequest
by ProtocolAdmin.
Change-Id: I25c2768572d6aa419c1635586437e7bf673d301f
Lukasz Wojciechowski [Tue, 16 Dec 2014 11:52:04 +0000 (12:52 +0100)]
Add serialization of EraseRequest with ProtocolAdmin
Add serialization and deserialization of request for
erasing multiple policies matching filter key.
Provide new OpCode (28) for EraseRequest.
Change-Id: Ib2370e98e6edae3fbb6a6457ebc5c58590f27580
Lukasz Wojciechowski [Fri, 19 Dec 2014 08:37:55 +0000 (09:37 +0100)]
Add EraseRequest class
EraseRequest class will be used to send request for erasing multiple
policies matching filter key from cynara database.
Change-Id: I32f8ef4449ecfcc2b32061a609a9beb442823c64
Lukasz Wojciechowski [Fri, 19 Dec 2014 08:35:24 +0000 (09:35 +0100)]
Fix documentation and code style in requests folder
Fix invalid file paths in ListRequest.* files.
Break to long line in RequestTaker.cpp
Change-Id: Icee52525c5413be1cc754d588773151689eb52f7
Lukasz Wojciechowski [Tue, 16 Dec 2014 09:48:20 +0000 (10:48 +0100)]
Implement cynara_admin_erase() in admin API layer
Implementation:
* checks validity of parameters,
* translates parameters to C++ objects used in higher layers,
* catches all exceptions,
* runs erasePolicies() method from admin Logic object.
Change-Id: I6d4f0be5f20e283c41839b9618da2dac1c36f858
Lukasz Wojciechowski [Tue, 16 Dec 2014 09:24:46 +0000 (10:24 +0100)]
Introduce new admin API function cynara_admin_erase()
cynara_admin_erase() can be used to erase multiple policies matching
given filter key (client, user, privilege). Erasing starts in given
bucket and then can step into nested buckets if recursive flag is
enabled.
Filter key can use CYNARA_ADMIN_ANY to match any value of client,
user or privilege.
Change-Id: Ib2eb55e864828b4b073a177bc6fea468ec3911c8
Zofia Abramowska [Fri, 19 Dec 2014 09:57:22 +0000 (10:57 +0100)]
Fix wrong null terminated list deallocation
Fixed wrong iteration on null terminated list in deallocating function.
Change-Id: I1f344cbfdcf775aedd3f7e0eb00518cfec423bc2
Rafal Krypa [Tue, 2 Dec 2014 12:57:33 +0000 (13:57 +0100)]
build: unbreak out-of-tree build of cynara-db-migration
Fix "make install" failing on cynara-db-migration when building out-of-tree.
Change-Id: I4a0c90a32e91e25de279d084d3a3801a1f0bb1b2
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Wojciechowski [Sat, 6 Dec 2014 00:25:25 +0000 (01:25 +0100)]
Test usage of AdminCheck Req/Resp by ProtocolAdmin
Test serialization and deserialization of AdminCheckRequest
and AdminCheckResponse objects by ProtocolAdmin.
Change-Id: Ia8923dbeaf0d03c29fd77bde3758375df59e1bc6
Lukasz Wojciechowski [Fri, 5 Dec 2014 23:37:20 +0000 (00:37 +0100)]
Respond to AdminCheckRequest with AdminCheckResponse
Change implementation of both service and admin library Logic layers
so they use AdminCheckResponse instead of CheckResponse as a reply
for AdminCheckRequest.
This change allows passing additional information about existence
or vacancy of start bucket given in AdminCheckRequest.
In case of vacancy of such bucket in cynara database cynara-admin
library returns CYNARA_API_BUCKET_NOT_FOUND from cynara_admin_check()
function.
This fixes also a bug that was hidden in service Logic. Passing
unexisting bucket causes cynara service to stop because of an unhandled
exception.
Change-Id: Ibf65a69c35ba92ea62bee91a67f43975b97052ca
Lukasz Wojciechowski [Fri, 5 Dec 2014 22:54:02 +0000 (23:54 +0100)]
Serialize AdminCheckResponse by ProtocolAdmin
Add serialization and deserialization of AdminCheckResponse
by ProtocolAdmin.
Change-Id: I727c44f5a599537887d75dca724c56a448107368
Lukasz Wojciechowski [Fri, 5 Dec 2014 21:07:18 +0000 (22:07 +0100)]
Introduce AdminCheckResponse class
AdminCheckResponse is class for responses to AdminCheckRequests.
It differs from CheckResponse as it contains additional information
about existence of start bucket. Start bucket is BucketId provided
by AdminCheckRequest from which policy search is started.
Change-Id: I9858cfdb8a0acc0016a080eb850bbc65ec081a98
Lukasz Wojciechowski [Sun, 30 Nov 2014 00:48:42 +0000 (01:48 +0100)]
Implement listPolicies() in service Logic layer
Implementation lists policies from Storage and returns filled
vector of Policies. It catches also BucketNotExistsException that
is thrown when invalid bucket is passed in ListRequest.
Change-Id: I7b3777b70f654d9a7324c6203e9f25eebb029f1e
Lukasz Wojciechowski [Sat, 29 Nov 2014 23:46:28 +0000 (00:46 +0100)]
Implement listing Policies in Storage
Implement listPolicies() in Storage and InMemoryStorageBackend.
UnitTests for Storage::listPolicies() were added.
Change-Id: I113c3c0f9b5c1d1d5cbed44e3d23d5d7e489a227
Lukasz Wojciechowski [Sat, 29 Nov 2014 23:19:55 +0000 (00:19 +0100)]
Implement listPolicies() in libcynara-admin Logic
Implementation sends ListRequest object to cynara service
and expects ListResponse.
Change-Id: I5602e815a0b5070b79a02538b1823290380d66c8
Lukasz Wojciechowski [Sat, 29 Nov 2014 22:24:00 +0000 (23:24 +0100)]
Add tests for ListRequest and ListResponse
Added tests cover testing serialization and deserialization
of ListRequest and ListResponse classes by ProtocolAdmin.
Change-Id: I19915d4712be51217a2be17776a21751cff4218d
Lukasz Wojciechowski [Sat, 29 Nov 2014 16:22:29 +0000 (17:22 +0100)]
Handle ListResponse by ProtocolAdmin
Add serialization and deserialization of ListResponse.
Change-Id: I7df388bf105183732d76cc1c37122919ca6d23df
Lukasz Wojciechowski [Sat, 29 Nov 2014 15:34:05 +0000 (16:34 +0100)]
Handle ListRequest by AdminProtocol
Add serialziation and deserialization of ListRequest to AdminProtocol.
Change-Id: Id1fadae22333acba6caec905d82c8e214c2560e9
Lukasz Wojciechowski [Sat, 29 Nov 2014 15:02:20 +0000 (16:02 +0100)]
Add ListResponse - response class for ListRequest
Introduced class wraps a response for policies list that can be sent
by admin of cynara. Response contains vector of matched policies and
boolean information about bucket validity. If there is no bucket with
name that was passed in request - returned vector is empty and bucket
validity is false.
Change-Id: I208555f7a991e0dc4a531312ebbbef658c95f22b
Lukasz Wojciechowski [Sat, 29 Nov 2014 14:40:09 +0000 (15:40 +0100)]
Add ListRequest - new class for listing policies
Introduced class wraps a request for policies list that can be sent
by admin of cynara. Request contains name of bucket that should be
searched and a policy key filter.
Change-Id: Ie12b8e5d3d997655bf5c4b8356d71ac5817dbb7f
Lukasz Wojciechowski [Tue, 25 Nov 2014 19:39:41 +0000 (20:39 +0100)]
Implement cynara_admin_list_policies in admin-api layer
Implementation is complete on admin-api layer.
ApiInterface of libcynara-admin is enhanced by listPolicies method.
Its implementation in Logic layer of admin library is stubbed.
Change-Id: I25f2d4dbc8616717c7e19835c676b218615df9eb
Lukasz Wojciechowski [Tue, 25 Nov 2014 17:15:09 +0000 (18:15 +0100)]
Enhance PolicyKey and PolicyKeyFeature by ANY wildcard
Enhance PolicyKey and PolicyKeyFeature classes, so they can hold
new ANY wildcard as user, client or privilege.
New wildcard can be used for listing and removal of many policies.
It matches any PolicyKeyFeature.
Minor cleanup in class: missing voids added, public section reordered
Change-Id: Icad8e06b87a014fc2fbab32e0553ddd76e5bb06d
Lukasz Wojciechowski [Tue, 25 Nov 2014 16:37:59 +0000 (17:37 +0100)]
Introduce cynara_admin_list_policies() admin function
Introduce new administrative API function: cynara_admin_list_policies()
New function allows listing with filter policies from a single bucket.
New admin define CYNARA_ADMIN_ANY is also introduced. It is a wildcard
for policy listing and removal. It can be used as client, user or privilege
name and matches any policy (even CYNARA_ADMIN_WILDCARD).
Change-Id: I9d014ebc8018e3fa6ad897c4de768471e672ac40
Aleksander Zdyb [Wed, 26 Nov 2014 08:23:06 +0000 (09:23 +0100)]
Add FileLock class
A class creating advisory lock on provided file.
The file must exist and be openable by the process.
Change-Id: Ia5fa4ef51e1a413beb81efd56f807e1434145691
Aleksander Zdyb [Wed, 29 Oct 2014 08:42:33 +0000 (09:42 +0100)]
Add convenient typedefs in admin ApiInterface
Change-Id: I9cd8b674a00aba90432609a4cf351e4c8fae3e66
Lukasz Wojciechowski [Tue, 25 Nov 2014 19:44:14 +0000 (20:44 +0100)]
Update documentation of cynara-admin.h
Remove out of date information. Since database integrity is fixed
database cannot be in partialy changed state. If changing database
fails it is rolled back to the before operation state.
Change-Id: Idd815cb89a4e49cd75d52abe73a4c7517adaa7fd
Zofia Abramowska [Tue, 18 Nov 2014 16:04:33 +0000 (17:04 +0100)]
Add invalidation mechanism for plugins
Every time the cynara storage is changed all data stored in
service and client plugins should be invalidated.
Change-Id: I7537aa8a6d3ea28efed0f3e0f986ae51d7f9d344
Zofia Abramowska [Mon, 17 Nov 2014 16:48:30 +0000 (17:48 +0100)]
Optimize message() method of exceptions
message() returned std::string through value, causing unnecessary
copy. Changed it to return const std::string reference.
Change-Id: I8d9631fb2468924d35ba4376b1821d0d01c7f70c
Zofia Abramowska [Fri, 21 Nov 2014 14:43:28 +0000 (15:43 +0100)]
Fix uninitialized member
Descriptor could return uninitialized BinaryQueuePtr.
Change-Id: I53fbc739438e8316ca5c4b81eec5139b6732aea2
Lukasz Wojciechowski [Tue, 18 Nov 2014 13:37:36 +0000 (14:37 +0100)]
Release 0.4.2
Change-Id: I98e8bc31f89125fa7dd7a92b9feb7d93e24772c7
Lukasz Wojciechowski [Tue, 18 Nov 2014 13:29:23 +0000 (14:29 +0100)]
Make old devel packages names obsolete
Merging all devel rpms into single cynara-devel causes
all older devel packages to be obsolete.
Change-Id: I6e10c7c74f58dbf8c5ca676ce817382f2c801752
Lukasz Wojciechowski [Mon, 17 Nov 2014 10:57:07 +0000 (11:57 +0100)]
Release 0.4.1
Change-Id: I79a7007db3af7e7815547c7ccbca8f23986fab02
Rafal Krypa [Fri, 31 Oct 2014 13:33:16 +0000 (14:33 +0100)]
packaging: make cynara-devel depend on dbus-devel
D-Bus include is being included from cynara-creds-dbus.h. D-Bus headers will
be required for successful compilation against cynara-creds-dbus.
Change-Id: Ib223f7025fe7c49f57741b6dca11f294b927d06e
Rafal Krypa [Tue, 11 Nov 2014 11:18:42 +0000 (12:18 +0100)]
packaging: tame the packaging madness
Cynara seems to adapt the model of multiple small libraries put in separate
package each. This leads into plethora of small packages.
This commit tries to rationalize this decomposition, merging some of the
packages:
- all development packages are now merged into one cynara-devel
- client, client-async and client-common are merged into one
- storage is merged into libcynara-common
The overall result is decrease in total number of packages from 24 to 12,
not counting auto generated debuginfo and debugsource.
Change-Id: I947e733872a4d5c96c722b207243e3c1cdfe1ba6
Zofia Abramowska [Mon, 17 Nov 2014 09:29:07 +0000 (10:29 +0100)]
Fix missing directories
Creation of cynara plugins directories was missing during
installation.
Change-Id: I774b831765f71cc034f8d5800dea0032bf2ae2c9
Lukasz Wojciechowski [Mon, 17 Nov 2014 08:41:30 +0000 (09:41 +0100)]
Change include brackets
Include brackets style of 2 files in credential libraries was changed
from "" to <> , as it is used in other headers.
Change-Id: I1dba20862a53acdccf65d671b15b254310121961
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Lukasz Wojciechowski [Mon, 17 Nov 2014 08:38:42 +0000 (09:38 +0100)]
Expose ClientSession type
ClientSession is required by client-plugin mechanism.
Files section for libcynara-commons-devel was enhanced,
so it provides ClientSession.h
Change-Id: Ia0d935bf297bdf1743fd37e5df3a0826ebf446cd
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Lukasz Wojciechowski [Mon, 17 Nov 2014 08:34:17 +0000 (09:34 +0100)]
Add missing devel package dependency
libcynara-admin-devel package requires cynara-error.h that is provided
by libcynara-client-commons-devel.
Change-Id: Ic6b9203e2dcf80fd0057fa64d906819be69b929d
Signed-off-by: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Adam Malinowski [Mon, 17 Nov 2014 07:50:27 +0000 (08:50 +0100)]
Fix linking dependencies
PluginManager was moved from service to common but linking with 'dl'
library stayed in service. This patch moves linking with dl to common.
Change-Id: If1be63e86dfe4c8651b48bbe9facc80160fd9f32
Lukasz Wojciechowski [Sat, 15 Nov 2014 04:39:18 +0000 (05:39 +0100)]
Release 0.4.0
Change-Id: Ia8f5a7e623bcbce58f9574c084a6472ea59e271a
Adam Malinowski [Mon, 3 Nov 2014 13:57:13 +0000 (14:57 +0100)]
Handle client and agent disconnection
This patch handles situations where client and/or agent connection
to cynara service is closed.
Change-Id: I410b6da96102b6ae16442e90dbbb1e867490287a
Adam Malinowski [Mon, 3 Nov 2014 13:53:33 +0000 (14:53 +0100)]
Handle agent response
This patch handles response from agent of both types:
action and cancel.
Change-Id: I3168f4f7466c79bdcb9a3f6b1c3d6863ddcf952c
Adam Malinowski [Mon, 3 Nov 2014 13:49:59 +0000 (14:49 +0100)]
Handle cancel request
This patch implements handling cancel request from client.
Change-Id: I2b5537ef8b481f3a3160702d0a549945b8a11622
Adam Malinowski [Mon, 3 Nov 2014 13:45:03 +0000 (14:45 +0100)]
Handle check request with agent usage
This patch introduces sending request to agent and storing context
for future.
Change-Id: I8187b4c5e66daa155b485b5ff6b9710de27f6345
Adam Malinowski [Mon, 3 Nov 2014 10:21:25 +0000 (11:21 +0100)]
Add manager for check contexts
This class will be used by service logic to create and handle check
contexts.
Change-Id: I8c1f1265336dd8b5a428ed254083d1e508579a2e
Adam Malinowski [Mon, 3 Nov 2014 10:16:22 +0000 (11:16 +0100)]
Add CheckContext class
This class will be used for storing all data related to check request.
This data will be used to send response to client when answer is ready.
Change-Id: I20b665409e15d249a9c55615a39f4ab5b361bc18
Adam Malinowski [Fri, 24 Oct 2014 14:05:58 +0000 (16:05 +0200)]
Add agent manager
This commit introduces AgentManager class which will help plugins
in communication with agents. Also registering and unregistering agents
will be handled by this class.
Change-Id: Id3f7e5785223c3b0316f97bc8107805572a0fd10
Adam Malinowski [Thu, 23 Oct 2014 08:13:55 +0000 (10:13 +0200)]
Add AgentTalker class
This class will be used as interface for plugin<->agent communication.
Change-Id: Id6d6c439d531a8ff7e0b2b96005c12c5a5ab63b7
Adam Malinowski [Fri, 14 Nov 2014 17:58:37 +0000 (18:58 +0100)]
Add LinkId type
This type will be used to identify clients and agents.
Change-Id: I6f6808919a6c8694ad8c3e51d826dc223541325f
Adam Malinowski [Fri, 24 Oct 2014 17:14:12 +0000 (19:14 +0200)]
Set all needed socket descriptors to write state
Now every socket that has data to write is set to write state after any
event on any socket descriptor. Before only part of them were set.
This change is needed to send requests to extension agents.
Change-Id: Id0d9ed2e73f748bac27d1f5e3e1fd22a7a2bb816
Adam Malinowski [Tue, 14 Oct 2014 07:39:46 +0000 (09:39 +0200)]
Add AgentRegisterRequest handling
Simple mockup of registering agent in cynara service.
Change-Id: I8368c6ad1af946c86e44d196f073d1bf209e97c3
Adam Malinowski [Thu, 9 Oct 2014 12:44:42 +0000 (14:44 +0200)]
Implement agent protocol layer
This patch contains implementation of (de)serializer class for agent
protocol.
Change-Id: I8ac7b5816545bd8e76a50d66a84b8ac686125985
Adam Malinowski [Thu, 2 Oct 2014 12:06:45 +0000 (14:06 +0200)]
Implement agent<->cynara communication layer
Only agent side communication layer was implemented. Also protocol is
not implemented.
Change-Id: Ic11bd0ea92284c98366a7f833f0d339f2784dad0
Marcin Niesluchowski [Fri, 14 Nov 2014 17:48:01 +0000 (18:48 +0100)]
Add protection against cynara_async_finish() call in callbacks
cynara_async_finish() called in callbacks is ignored in all cases.
Change-Id: I3c2268a0462413b279215f837e4603a7d6acb96d
Marcin Niesluchowski [Fri, 14 Nov 2014 12:18:32 +0000 (13:18 +0100)]
Forbid some operations in asynchronous callbacks
In following cases cynara api operations regarding same cynara_async
structure called from within callbacks will return
CYNARA_API_OPERATION_NOT_ALLOWED:
- always within cynara_status_callback
- within cynara_response_callback called with
CYNARA_CALL_CAUSE_SERVICE_NOT_AVAILABLE or CYNARA_CALL_CAUSE_FINISH
cause.
It regards following api funtions:
- cynara_async_check_cache()
- cynara_async_create_request()
- cynara_async_process()
- cynara_async_cancel_request()
Change-Id: I1db22e0735e1905c4709c7f4c650cc8ca3f9b454
Marcin Niesluchowski [Wed, 12 Nov 2014 12:41:43 +0000 (13:41 +0100)]
Fix answer callback call in asynchronous client
Answer callback may modify check map by calling async client api functions
within it. Check map is accessed after that call.
Change-Id: Ifbf91f99cfa119e5524457f585b2779d7ae52558
Adam Malinowski [Thu, 2 Oct 2014 12:06:45 +0000 (14:06 +0200)]
Add agent library stub implementation
This patch introduces implementation of agent library. Connection
to cynara service is not yet implemented. Only basic structure of
library is created.
Change-Id: Iff771cbff35c1eb4f0c3842631f2fd65ea322ee8
Adam Malinowski [Tue, 23 Sep 2014 11:52:19 +0000 (13:52 +0200)]
Add agent API
This patch introduces API for agents cooperating with plugins.
Agents communicate with plugins via cynara service.
Change-Id: I0f6233838f27370ee980655ad09be9fd10ae1bce
Adam Malinowski [Mon, 15 Sep 2014 12:47:22 +0000 (14:47 +0200)]
Add agent socket & dummy agent protocol
This change introduces new systemd based socket and protocol for
communication with agents. Protocol does not contain any agent
specific frame information for now.
Change-Id: I83e2211a25fd93792a46a64c1df519efb1cedfed
Zofia Abramowska [Fri, 17 Oct 2014 16:28:34 +0000 (18:28 +0200)]
Add PluginManager to CapacityCache
Change-Id: Icdaf1df3793db0a43ae4aadcf2d8d306b04f650f
Zofia Abramowska [Thu, 16 Oct 2014 14:53:14 +0000 (16:53 +0200)]
Add base class for external plugins
* Make ExternalPluginInterface a base class providing only pure
virtual getSupportedPolicyTypes() and publish its header
* Change ExternalPluginInterface definition to ServicePluginInterface
class and make it inherit after ExternalPluginInterface and publish
its header as cynara-client-plugin.h
* Rename InterpreterInterface to ClientServiceInterface, make it
inherit after ExternalPluginInterface
Change-Id: Ia572e2adb8a4486705f89903b31433d70d733381
Zofia Abramowska [Thu, 16 Oct 2014 16:35:48 +0000 (18:35 +0200)]
Fix dlopened objects management
* Add destroy function type, so deletion is compatible with allocation
* Remove extern "C" from plugin creation/destruction typedefs
* Add proper comments, so expected names of creation/destruction
function symbol are known to API user
Change-Id: I019f5bf83afc94945c8efc62e99dd324c419cc33
Zofia Abramowska [Fri, 17 Oct 2014 12:48:46 +0000 (14:48 +0200)]
Add PathConfig
Put all default paths into globally visible namespaces.
Change-Id: I4f234c5558e828cbcacf86de8d266e89a0ad687c
Zofia Abramowska [Fri, 14 Nov 2014 13:29:31 +0000 (14:29 +0100)]
Add context invalidation mechanism
RequestTaker gets RequestContext, which might be processed in
another event loop. During this loop socket associated with this
context might get closed, so class holding this context needs
notification.
Change-Id: I77dee05b84a987e444f4ec71e87bcb867682768b
Pawel Wieczorek [Fri, 14 Nov 2014 12:04:19 +0000 (13:04 +0100)]
Disallow adding valid and invalid policies at once
Storage::insertPolicies() now cares, if all buckets exist before it
makes any change in database (in memory as well as in storage).
No changes are made if any part of request contains invalid parameters.
Change-Id: Ia8d180c7af88bd945dca22f2a4a41b049fdb4c33
Zofia Abramowska [Wed, 12 Nov 2014 15:36:52 +0000 (16:36 +0100)]
Remove dangerous reference
RequestContext contained reference to an external BinaryQueue. One
problem was, BBQ was held inside vector (so practically any operation
on vector made this object out-of-date), second problem was,
RequestContext was passed to other classes inside shared_ptr, so owner
of this bbq looses control other its reference.
Moreover, soon RequestContext will be held pending (e.g. when waiting
for external Agent to return answer) inside cynara logic, so BBQ stored
inside RequestContext needs to be alive as long as corresponding
connection is opened. Not more, not less.
Change-Id: I79c9eb9b5e74927bd7bb159da01fae23612ca83e
Zofia Abramowska [Wed, 12 Nov 2014 16:07:55 +0000 (17:07 +0100)]
Reorganize ProtocolAdmin and ProtocolClient
Private methods of ProtocolAdmin and ProtocolClient lost an argument,
which was used only to pass member value from the same class.
Change-Id: I5657d38cf9ccd47892082479eeae92d62f894227
Zofia Abramowska [Wed, 12 Nov 2014 15:30:35 +0000 (16:30 +0100)]
Remove unnecessary Protocol shared pointers
ProtocolFramePtr and ProtocolFrameHeaderPtr was used unnecessary
(no shared ownership required).
Change-Id: I71d4bf797450a46bc35e2321ff8d01a6508bcf88
Zofia Abramowska [Thu, 13 Nov 2014 13:25:56 +0000 (14:25 +0100)]
Fix segfault in dump_buckets test
Change-Id: If614900c9710dc0600c48622051afb484709155f
Pawel Wieczorek [Thu, 13 Nov 2014 11:07:20 +0000 (12:07 +0100)]
Ensure creation of minimal database
This patch changes default behaviour of migration tool during package
upgrade. Previously, Cynara's state path was left untouched. Now
creation of minimal database is ensured. No changes are made if it
already existed.
Change-Id: I25158aec7d7b436ac1446d43277afe1337bfe4e5
Pawel Wieczorek [Wed, 27 Aug 2014 07:18:02 +0000 (09:18 +0200)]
Implement mechanism assuring integrity of database
There is also added mechanism for cleaning up Cynara's database
directory upon loading policies to memory.
There is added test checking whether mechanism behaves as intended.
Change-Id: I926d1aebf394c092e00731b73717e0e1c55bad0c
Rafal Krypa [Mon, 10 Nov 2014 12:43:59 +0000 (13:43 +0100)]
Fix invocations of LOG missing format string argument
First argument of LOG* macros is passed to sd_journal_print() as format string.
In some places these macros were used with no format string at all, simply
passing e.what() from an exception. This could lead to a format string
vulnerability in the code, potentially allowing arbitrary code execution.
This error also caused build break:
In file included from /data/src/tizen/cynara/src/client/api/client-api.cpp:27:0:
/data/src/tizen/cynara/src/common/exceptions/TryCatch.h: In function
‘int Cynara::tryCatch(const std::function<int()>&)’:
/data/src/tizen/cynara/src/common/exceptions/TryCatch.h:41:178: error:
format not a string literal and no format arguments [-Werror=format-security]
LOGE(e.what());
(... and more ...)
Change-Id: I1259283cf1bd2fa0fb2d271e38a7b416e17939f7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Marcin Niesluchowski [Wed, 5 Nov 2014 11:40:35 +0000 (12:40 +0100)]
Fix read errno handling in Socket class
Cynara Socket class treats ECONNRESET (socket closed transmiting RST
instead of FIN) during read as unknown error. Handle it as disconnection.
Change-Id: Iecbfa5c32c7ef8b6b5da97170269aa86e2740c22
Adam Malinowski [Thu, 6 Nov 2014 13:47:15 +0000 (14:47 +0100)]
Fix build break caused by wrong system group names
cynara-rpmlintrc file was added to project in order to ignore
errors related to wrong group names. File will be removed when
problems with new group names is fixed.
Change-Id: Ibd0ee42b707fba059f0172522cba4804c28d2cb5
Marcin Niesluchowski [Tue, 4 Nov 2014 17:09:54 +0000 (18:09 +0100)]
Change Group in spec file
Group Security/Access Control has been removed. Cynara current group
is Security/Application Privilege. Nonexistent group causes build break.
Change-Id: I58d800209cb232e60e60747eb79244fb57c7b977
Lukasz Wojciechowski [Mon, 3 Nov 2014 07:25:37 +0000 (08:25 +0100)]
Remove visibility attributes from header file
Visibility attributes ar not needed in header file.
Usage of them by CYNARA_API macro causes also to make
internal file attributes.h published.
Change-Id: I99bb84d5af96120cdc448e837601cecc05494570
Pawel Wieczorek [Wed, 22 Oct 2014 09:51:19 +0000 (11:51 +0200)]
Add migration tool for Cynara's database
This patch introduces tool for database migration if newer version of
Cynara uses backward incompatible format of storing policies data.
Migration tool is also used during installation of Cynara in order to
initialize database with minimal contents.
Change-Id: I7e6a376dad812c54f45a6a11ca559c97383d453d
Lukasz Wojciechowski [Fri, 24 Oct 2014 15:52:32 +0000 (17:52 +0200)]
Treat invalid check_id as an error in async cancel
If check_id passed to cynara_async_cancel_request() is invalid
CYNARA_API_INVALID_PARAM will be returned.
Id is invalid when:
* was never generated by any previous call to cynara_async_create_request();
* response callback related to this id was already delivered.
Change-Id: Iaa05fe71c752aedcb5414d162fc374f37420f36d
Pawel Wieczorek [Mon, 6 Oct 2014 17:08:25 +0000 (19:08 +0200)]
Add PolicyBucketId validation
This patch introduces mechanism for checking whether new PolicyBucketId
contains forbidden characters. Now only alphanumeric characters, hyphen
and underscore can be used in PolicyBucketId. InvalidBucketIdException
is thrown and OPERATION_NOT_ALLOWED error code is returned otherwise.
Change-Id: I48b6e14d20cb62adc17560929055553df0ce1077
Pawel Wieczorek [Mon, 6 Oct 2014 10:45:25 +0000 (12:45 +0200)]
Remove PolicyBucket() constructor
In some cases using parameterless constructor of PolicyBucket can
result in uninitialized PolicyBucket id. Complete removal of this
constructor guarantees inablity to create bucket with no id.
Change-Id: Id67d7f257697078ef0d4518161ade473a983cf6b
Radoslaw Bartosiak [Wed, 22 Oct 2014 20:52:50 +0000 (22:52 +0200)]
Add cynara_creds_get_[client|user]_method UT
Adding unit tests for functions used in implementation of
cynara_creds_get_[client|user]_methods
Change-Id: I3cb7b9fb03e09769dbb68fd595994cbe13956483
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Wed, 10 Sep 2014 13:04:17 +0000 (15:04 +0200)]
Implement cynara_creds_get_[client|user]_method
The functions enable obtaining system default identification method
for [process|user] by reading a configuration file (default
/etc/cynara/creds.conf).
Change-Id: I662a7681abbaa130a3d628352a13ff950a7affd3
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Radoslaw Bartosiak [Mon, 8 Sep 2014 11:45:22 +0000 (13:45 +0200)]
Add creds configuration
Configuration is used by cynara_creds_get_[client|user]_method to
provide default values of [client|user] feature used in
cynara-creds.
Change-Id: I9a8b8e0bb009817414b9755523a60edb3d0386d0
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Lukasz Wojciechowski [Tue, 23 Sep 2014 15:50:27 +0000 (17:50 +0200)]
Adjust admin API policy type codes
External admin API policy types should match inner cynara values
used in storage and protocols. That would make plugins work easier
and allows correct work of cynara_admin_check function.
New header cynara-policy-types.h is provided by libcynara-common.
It defines policy type values and is included by external admin API.
Predefined policies variables use same values for initialization.
Change-Id: If1b158dcd5abbe9ee3af692e706a2d2e886f8631
Jacek Bukarewicz [Wed, 22 Oct 2014 09:06:04 +0000 (11:06 +0200)]
Remove unnecessary dependencies to Cynara
Change-Id: I02c00332c20083639b862231b507545103613051
Pawel Wieczorek [Wed, 24 Sep 2014 10:11:12 +0000 (12:11 +0200)]
Add new libcynara-admin return code
Added code is:
CYNARA_ADMIN_API_OPERATION_FAILED
It is used to indicate failures during saving database to storage. This
patch also adds handling such situations.
Change-Id: I35b7d3334def8e688a180ddec6861c0f3bdd70d6
Aleksander Zdyb [Tue, 14 Oct 2014 07:59:49 +0000 (09:59 +0200)]
Fix creation of bucket in InMemoryStorageBackend
This prevents creation of bucket without properly
initialized id.
Change-Id: Ib5374e15a0172e48ca5413987df256f19595fe91
Marcin Niesluchowski [Tue, 14 Oct 2014 11:36:08 +0000 (13:36 +0200)]
Fix comment in cynara-async api header
Change-Id: Id195797893866f5aca48b1120c04e2d2ebb69813
Jacek Bukarewicz [Wed, 15 Oct 2014 08:21:00 +0000 (10:21 +0200)]
Set build_type default value in a different way
Apparently gbs couldn't parse previous construct properly and installed
debug libraries regardless of build_type.
Change-Id: I84c6456efc692da9f1bec94b071d8107a540f3d8
Signed-off-by: Jacek Bukarewicz <j.bukarewicz@samsung.com>
Lukasz Wojciechowski [Thu, 16 Oct 2014 06:25:04 +0000 (08:25 +0200)]
Use TryCatch() for exception catching in admin library
Change-Id: I01d0b075c7d9cb5d94cadfe2c1dc5da7bd326027
Lukasz Wojciechowski [Tue, 14 Oct 2014 12:45:27 +0000 (14:45 +0200)]
Move TryCatch from client-common to common library
TryCatch can be used also in admin libraries,
so it belongs to common library now.
Change-Id: Ibdd9c1576b9b34195555c2d9b43e72b57a83a201
Lukasz Wojciechowski [Tue, 14 Oct 2014 12:37:07 +0000 (14:37 +0200)]
Rename cynara-client-error.h to cynara-error.h
Apply new name to all files.
Change-Id: I9e4590a40e11ba5a33442707207635bb0d75a278
Lukasz Wojciechowski [Tue, 14 Oct 2014 12:09:00 +0000 (14:09 +0200)]
Use client error codes in admin libraries
We need to have one unified set of error codes. Client
error codes have been adjusted to serve admin errors
too. Then client error codes were used in admin
libraries keeping following mapping:
CYNARA_ADMIN_API_SUCCESS
-> CYNARA_API_SUCCESS
CYNARA_ADMIN_API_OUT_OF_MEMORY
-> CYNARA_API_OUT_OF_MEMORY
CYNARA_ADMIN_API_INVALID_PARAM
-> CYNARA_API_INVALID_PARAM
CYNARA_ADMIN_API_SERVICE_NOT_AVAILABLE
-> CYNARA_API_SERVICE_NOT_AVAILABLE
CYNARA_ADMIN_API_UNEXPECTED_CLIENT_ERROR
-> CYNARA_API_UNKNOWN_ERROR
CYNARA_ADMIN_API_OPERATION_NOT_ALLOWED
-> CYNARA_API_OPERATION_NOT_ALLOWED
CYNARA_ADMIN_API_BUCKET_NOT_FOUND
-> CYNARA_API_BUCKET_NOT_FOUND
Remove not needed anymore old admin error codes file:
src/include/cynara-admin-error.h
Change-Id: Ice8990a2b354bd489c67c2a004344a5c60fc15ee
projects / platform / core / security / cynara.git / log