From 7acf06e3c1429405bbfdebd92b12a0fa06376862 Mon Sep 17 00:00:00 2001 From: Zofia Abramowska Date: Mon, 9 Feb 2015 16:14:34 +0100 Subject: [PATCH] Add logic side implementation of simple check Add implementation of client and service logic side implementation of simple check API and request and response handling. Change-Id: Ie59fb86e20fae383196025580b164c15e855bc62 --- src/client/logic/Logic.cpp | 67 ++++++++++++++++++++++++++++++++++----------- src/client/logic/Logic.h | 3 ++ src/service/logic/Logic.cpp | 57 ++++++++++++++++++++++++++++++++++++++ src/service/logic/Logic.h | 2 ++ 4 files changed, 113 insertions(+), 16 deletions(-) diff --git a/src/client/logic/Logic.cpp b/src/client/logic/Logic.cpp index c171cce..9f738fb 100644 --- a/src/client/logic/Logic.cpp +++ b/src/client/logic/Logic.cpp @@ -35,8 +35,10 @@ #include #include #include +#include #include #include +#include #include #include @@ -65,12 +67,10 @@ int Logic::check(const std::string &client, const ClientSession &session, const PolicyKey key(client, user, privilege); int ret = m_cache->get(session, key); - //Any other situation than cache miss if (ret != CYNARA_API_CACHE_MISS) { return ret; } - //No value in Cache PolicyResult result; ret = requestResult(key, result); if (ret != CYNARA_API_SUCCESS) { @@ -83,11 +83,24 @@ int Logic::check(const std::string &client, const ClientSession &session, const int Logic::simpleCheck(const std::string &client, const ClientSession &session, const std::string &user, const std::string &privilege) { - (void)client; - (void)session; - (void)user; - (void)privilege; - return CYNARA_API_ACCESS_NOT_RESOLVED; + if (!ensureConnection()) + return CYNARA_API_SERVICE_NOT_AVAILABLE; + + PolicyKey key(client, user, privilege); + int ret = m_cache->get(session, key); + if (ret != CYNARA_API_CACHE_MISS) { + return ret; + } + + PolicyResult result; + ret = requestSimpleResult(key, result); + if (ret != CYNARA_API_SUCCESS) { + if (ret != CYNARA_API_ACCESS_NOT_RESOLVED) + LOGE("Error fetching response for simpleCheck."); + return ret; + } + + return m_cache->update(session, key, result); } bool Logic::ensureConnection(void) { @@ -100,33 +113,55 @@ bool Logic::ensureConnection(void) { return false; } -int Logic::requestResult(const PolicyKey &key, PolicyResult &result) { +template +std::shared_ptr Logic::requestResponse(const PolicyKey &key) { ProtocolFrameSequenceNumber sequenceNumber = generateSequenceNumber(); //Ask cynara service - CheckResponsePtr checkResponse; - RequestPtr request = std::make_shared(key, sequenceNumber); + std::shared_ptr reqResponse; + RequestPtr request = std::make_shared(key, sequenceNumber); ResponsePtr response; while (!(response = m_socket->askCynaraServer(request))) { onDisconnected(); if (!m_socket->connect()) - return CYNARA_API_SERVICE_NOT_AVAILABLE; + return nullptr; } - checkResponse = std::dynamic_pointer_cast(response); + reqResponse = std::dynamic_pointer_cast(response); + return reqResponse; +} + +int Logic::requestResult(const PolicyKey &key, PolicyResult &result) { + auto checkResponse = requestResponse(key); if (!checkResponse) { - LOGC("Critical error. Casting Response to CheckResponse failed."); - return CYNARA_API_ACCESS_DENIED; + LOGC("Critical error. Requesting CheckResponse failed."); + return CYNARA_API_SERVICE_NOT_AVAILABLE; } - LOGD("checkResponse: policyType = %" PRIu16 ", metadata = %s", checkResponse->m_resultRef.policyType(), checkResponse->m_resultRef.metadata().c_str()); - result = checkResponse->m_resultRef; return CYNARA_API_SUCCESS; } +int Logic::requestSimpleResult(const PolicyKey &key, PolicyResult &result) { + auto simpleCheckResponse = requestResponse(key); + if (!simpleCheckResponse) { + LOGC("Critical error. Requesting SimpleCheckResponse failed."); + return CYNARA_API_SERVICE_NOT_AVAILABLE; + } + + if (simpleCheckResponse->getReturnValue() != CYNARA_API_SUCCESS) + return simpleCheckResponse->getReturnValue(); + + LOGD("SimpleCheckResponse: policyType = %" PRIu16 ", metadata = %s", + simpleCheckResponse->getResult().policyType(), + simpleCheckResponse->getResult().metadata().c_str()); + + result = simpleCheckResponse->getResult(); + return CYNARA_API_SUCCESS; +} + void Logic::onDisconnected(void) { m_cache->clear(); } diff --git a/src/client/logic/Logic.h b/src/client/logic/Logic.h index 695f7cd..e98f950 100644 --- a/src/client/logic/Logic.h +++ b/src/client/logic/Logic.h @@ -56,7 +56,10 @@ private: void onDisconnected(void); bool ensureConnection(void); + template + std::shared_ptr requestResponse(const PolicyKey &key); int requestResult(const PolicyKey &key, PolicyResult &result); + int requestSimpleResult(const PolicyKey &key, PolicyResult &result); }; } // namespace Cynara diff --git a/src/service/logic/Logic.cpp b/src/service/logic/Logic.cpp index 5e3f82a..95656e5 100644 --- a/src/service/logic/Logic.cpp +++ b/src/service/logic/Logic.cpp @@ -16,6 +16,7 @@ /** * @file src/service/logic/Logic.cpp * @author Lukasz Wojciechowski + * @author Zofia Abramowska * @version 1.0 * @brief This file implements main class of logic layer in cynara service */ @@ -51,6 +52,7 @@ #include #include #include +#include #include #include #include @@ -58,6 +60,7 @@ #include #include #include +#include #include #include
@@ -367,6 +370,60 @@ void Logic::execute(RequestContextPtr context, SetPoliciesRequestPtr request) { request->sequenceNumber())); } +void Logic::execute(RequestContextPtr context, SimpleCheckRequestPtr request) { + int retValue = CYNARA_API_SUCCESS; + PolicyResult result; + PolicyKey key = request->key(); + result = m_storage->checkPolicy(key); + + switch (result.policyType()) { + case PredefinedPolicyType::ALLOW: + LOGD("simple check of policy key <%s> returned ALLOW", key.toString().c_str()); + break; + case PredefinedPolicyType::DENY: + LOGD("simple check of policy key <%s> returned DENY", key.toString().c_str()); + break; + default: { + ExternalPluginPtr plugin = m_pluginManager->getPlugin(result.policyType()); + if (!plugin) { + LOGE("Plugin not found for policy: [0x%x]", result.policyType()); + result = PolicyResult(PredefinedPolicyType::DENY); + retValue = CYNARA_API_SUCCESS; + break; + } + + ServicePluginInterfacePtr servicePlugin = + std::dynamic_pointer_cast(plugin); + if (!servicePlugin) { + LOGE("Couldn't cast plugin pointer to ServicePluginInterface"); + result = PolicyResult(PredefinedPolicyType::DENY); + retValue = CYNARA_API_SUCCESS; + break; + } + + AgentType requiredAgent; + PluginData pluginData; + auto ret = servicePlugin->check(key.client().toString(), key.user().toString(), + key.privilege().toString(), result, requiredAgent, + pluginData); + switch (ret) { + case ServicePluginInterface::PluginStatus::ANSWER_READY: + LOGD("simple check of policy key <%s> in plugin returned [" PRIu16 "]", + key.toString().c_str(), result.policyType()); + break; + case ServicePluginInterface::PluginStatus::ANSWER_NOTREADY: + retValue = CYNARA_API_ACCESS_NOT_RESOLVED; + break; + default: + result = PolicyResult(PredefinedPolicyType::DENY); + retValue = CYNARA_API_SUCCESS; + } + } + } + context->returnResponse(context, std::make_shared(retValue, result, + request->sequenceNumber())); +} + void Logic::checkPoliciesTypes(const std::map> &policies, bool allowBucket, bool allowNone) { for (const auto &group : policies) { diff --git a/src/service/logic/Logic.h b/src/service/logic/Logic.h index fc577bd..444f734 100644 --- a/src/service/logic/Logic.h +++ b/src/service/logic/Logic.h @@ -16,6 +16,7 @@ /** * @file src/service/logic/Logic.h * @author Lukasz Wojciechowski + * @author Zofia Abramowska * @version 1.0 * @brief This file defines main class of logic layer in cynara service */ @@ -82,6 +83,7 @@ public: virtual void execute(RequestContextPtr context, RemoveBucketRequestPtr request); virtual void execute(RequestContextPtr context, SetPoliciesRequestPtr request); virtual void execute(RequestContextPtr context, SignalRequestPtr request); + virtual void execute(RequestContextPtr context, SimpleCheckRequestPtr request); virtual void contextClosed(RequestContextPtr context); -- 2.7.4