From 151c71ce94b2d5e2ae141c58c7c0f6068b2ef45f Mon Sep 17 00:00:00 2001 From: Manasij Sur Roy Date: Wed, 18 May 2016 16:13:00 +0530 Subject: [PATCH] Removed Cynara based privilege checking Change-Id: I8c4eb96d22d3c91b9e8c9a6073379d708be83bd8 Signed-off-by: Manasij Sur Roy --- packaging/fido-client.spec | 3 - server/CMakeLists.txt | 3 - server/fido_privilege_checker.c | 173 ---------------------------------------- 3 files changed, 179 deletions(-) diff --git a/packaging/fido-client.spec b/packaging/fido-client.spec index 2100daf..1b5bb74 100644 --- a/packaging/fido-client.spec +++ b/packaging/fido-client.spec @@ -26,9 +26,6 @@ BuildRequires: pkgconfig(gio-unix-2.0) %if "%{?tizen_version}" == "3.0" BuildRequires: pkgconfig(libtzplatform-config) -BuildRequires: pkgconfig(cynara-client) -BuildRequires: pkgconfig(cynara-session) -BuildRequires: pkgconfig(cynara-creds-gdbus) %endif BuildRequires: pkgconfig(pkgmgr-info) diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt index 4f78439..7dd8eda 100755 --- a/server/CMakeLists.txt +++ b/server/CMakeLists.txt @@ -17,9 +17,6 @@ pkg_check_modules(SERVER_pkgs REQUIRED capi-appfw-package-manager openssl bundle - cynara-client - cynara-session - cynara-creds-gdbus libtzplatform-config ) else() diff --git a/server/fido_privilege_checker.c b/server/fido_privilege_checker.c index d6e88d2..352efff 100644 --- a/server/fido_privilege_checker.c +++ b/server/fido_privilege_checker.c @@ -18,181 +18,8 @@ #include "fido_privilege_checker.h" #include "fido_logs.h" -#ifdef WITH_JSON_BUILDER -#include -#include -#include -static cynara *__cynara = NULL; -#endif - -#define _DISABLE_PRIV_CHECK - -#ifdef WITH_JSON_BUILDER - -static guint -_get_client_pid(GDBusMethodInvocation* invoc) -{ - const char *name = NULL; - name = g_dbus_method_invocation_get_sender(invoc); - if (name == NULL) { - _ERR("g_dbus_method_invocation_get_sender failed"); - return -1; - } - _INFO("sender=[%s]", name); - - - guint pid = -1; - GError *error = NULL; - GVariant *_ret; - - _INFO("calling GetConnectionUnixProcessID"); - - GDBusConnection* conn = g_dbus_method_invocation_get_connection(invoc); - _ret = g_dbus_connection_call_sync(conn, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixProcessID", - g_variant_new("(s)", name), - NULL, - G_DBUS_CALL_FLAGS_NONE, - -1, - NULL, - &error); - - if (_ret != NULL) { - g_variant_get(_ret, "(u)", &pid); - g_variant_unref(_ret); - } - - _INFO("process Id = [%u]", pid); - return pid; -} - -static int -__check_privilege_by_cynara(const char *client, const char *session, const char *user, const char *privilege) -{ -#ifdef WITH_JSON_BUILDER - int ret; - char err_buf[128] = {0,}; - - ret = cynara_check(__cynara, client, session, user, privilege); - switch (ret) { - case CYNARA_API_ACCESS_ALLOWED: - _DBG("cynara_check success"); - return FIDO_ERROR_NONE; - - case CYNARA_API_ACCESS_DENIED: - _ERR("cynara_check permission deined, privilege=%s, error = CYNARA_API_ACCESS_DENIED", privilege); - return FIDO_ERROR_PERMISSION_DENIED; - - default: - cynara_strerror(ret, err_buf, sizeof(err_buf)); - _ERR("cynara_check error : %s, privilege=%s, ret = %d", err_buf, privilege, ret); - return FIDO_ERROR_PERMISSION_DENIED; - } - - return FIDO_ERROR_NONE; -#endif - - return FIDO_ERROR_NONE; -} - -static int -__get_information_for_cynara_check(GDBusMethodInvocation *invocation, char **client, char **user, char **session) -{ -#ifdef WITH_JSON_BUILDER - GDBusConnection *gdbus_conn = NULL; - char* sender = NULL; - int ret = -1; - - gdbus_conn = g_dbus_method_invocation_get_connection(invocation); - if (gdbus_conn == NULL) { - _ERR("g_dbus_method_invocation_get_connection failed"); - return -1; - } - - sender = (char*) g_dbus_method_invocation_get_sender(invocation); - if (sender == NULL) { - _ERR("g_dbus_method_invocation_get_sender failed"); - return -1; - } - - ret = cynara_creds_gdbus_get_user(gdbus_conn, sender, USER_METHOD_DEFAULT, user); - if (ret != CYNARA_API_SUCCESS) { - _ERR("cynara_creds_gdbus_get_user failed, ret = %d", ret); - return -1; - } - - ret = cynara_creds_gdbus_get_client(gdbus_conn, sender, CLIENT_METHOD_DEFAULT, client); - if (ret != CYNARA_API_SUCCESS) { - _ERR("cynara_creds_gdbus_get_client failed, ret = %d", ret); - return -1; - } - - guint pid = _get_client_pid(invocation); - _INFO("client Id = [%u]", pid); - - *session = cynara_session_from_pid(pid); - if (*session == NULL) { - _ERR("cynara_session_from_pid failed"); - return -1; - } - return FIDO_ERROR_NONE; - #endif - - return FIDO_ERROR_NONE; -} -#endif - bool is_allowed_to_call(GDBusMethodInvocation *invocation, const char* privilege) { -#ifdef WITH_JSON_BUILDER - - int ret = -1; - - if (__cynara == NULL) { - ret = cynara_initialize(&__cynara, NULL); - if (ret != CYNARA_API_SUCCESS) { - _ERR("CYNARA Initialization fail"); - return false; - } - } - - char *client = NULL; - char *session = NULL; - char *user = NULL; - - ret = __get_information_for_cynara_check(invocation, &client, &user, &session); - if (ret != FIDO_ERROR_NONE) { - _ERR("__get_information_for_cynara_check failed"); - g_free(client); - g_free(user); - SAFE_DELETE(session); - - return false; - } - - ret = __check_privilege_by_cynara(client, session, user, privilege); - - /*TODO enable after smack is defined*/ -#ifndef _DISABLE_PRIV_CHECK - if (ret != FIDO_ERROR_NONE) { - _ERR("__check_privilege_by_cynara failed, ret = %d", ret); - g_free(client); - g_free(user); - SAFE_DELETE(session); - - return false; - } -#endif - g_free(client); - g_free(user); - SAFE_DELETE(session); - - return true; - #endif - return true; } -- 2.7.4