From e4876487e05d76dd9dfbedd8016936ed112a6b18 Mon Sep 17 00:00:00 2001 From: Lukasz Wojciechowski Date: Tue, 13 Jan 2015 20:38:08 +0100 Subject: [PATCH] Verify PolicyType on service and offline client side Verification of PolicyTypes was removed from libcynara-admin library. Now it is added to Cynara service and cynara offline admin with full plugin support. It means, that validation passes only for predefined types or types provided by loaded cynara service plugins. In case, the validation fails, new CodeResponse::Code::NO_POLICY_TYPE value is returned from service to libcynara admin side and CYNARA_API_INVALID_PARAM is returned from cynara_admin_set_policies() or cynara_admin_set_bucket() functions. Change-Id: Id1a85aafaa4feb31d8513e819c78736813a9ff38 --- src/admin/logic/OfflineLogic.cpp | 34 ++++++++++++- src/admin/logic/OfflineLogic.h | 7 ++- src/admin/logic/OnlineLogic.cpp | 5 +- src/common/exceptions/UnknownPolicyTypeException.h | 56 ++++++++++++++++++++++ src/common/plugin/PluginManager.cpp | 10 +++- src/common/plugin/PluginManager.h | 6 ++- src/common/response/CodeResponse.h | 3 +- src/service/logic/Logic.cpp | 30 +++++++++++- src/service/logic/Logic.h | 11 ++++- 9 files changed, 154 insertions(+), 8 deletions(-) create mode 100644 src/common/exceptions/UnknownPolicyTypeException.h diff --git a/src/admin/logic/OfflineLogic.cpp b/src/admin/logic/OfflineLogic.cpp index 1e57aa4..f421f2a 100644 --- a/src/admin/logic/OfflineLogic.cpp +++ b/src/admin/logic/OfflineLogic.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ /** * @file src/admin/logic/OfflineLogic.cpp * @author Aleksander Zdyb + * @author Lukasz Wojciechowski * @version 1.0 * @brief This file contains implementation of OfflineLogic class */ @@ -28,6 +29,7 @@ #include #include #include +#include #include #include @@ -52,10 +54,34 @@ void OfflineLogic::acquirePlugins(void) { m_pluginManager->loadPlugins(); } +void OfflineLogic::checkPoliciesTypes(const ApiInterface::PoliciesByBucket &policies, + bool allowBucket, bool allowNone) { + for (const auto &group : policies) { + for (const auto &policy : group.second) { + checkSinglePolicyType(policy.result().policyType(), allowBucket, allowNone); + } + } +} + +void OfflineLogic::checkSinglePolicyType(const PolicyType &policyType, bool allowBucket, + bool allowNone) { + if (allowBucket && policyType == PredefinedPolicyType::BUCKET) + return; + if (allowNone && policyType == PredefinedPolicyType::NONE) + return; + for (const auto &descr : predefinedPolicyDescr) { + if (descr.type == policyType) + return; + } + m_pluginManager->checkPolicyType(policyType); +} + int OfflineLogic::setPolicies(const ApiInterface::PoliciesByBucket &insertOrUpdate, const ApiInterface::KeysByBucket &remove) { try { acquireDatabase(); + acquirePlugins(); + checkPoliciesTypes(insertOrUpdate, true, false); m_storage->insertPolicies(insertOrUpdate); m_storage->deletePolicies(remove); onPoliciesChanged(); @@ -63,6 +89,8 @@ int OfflineLogic::setPolicies(const ApiInterface::PoliciesByBucket &insertOrUpda return CYNARA_API_BUCKET_NOT_FOUND; } catch (const DatabaseException &) { return CYNARA_API_OPERATION_FAILED; + } catch (const UnknownPolicyTypeException &ex) { + return CYNARA_API_INVALID_PARAM; } return CYNARA_API_SUCCESS; @@ -72,6 +100,8 @@ int OfflineLogic::insertOrUpdateBucket(const PolicyBucketId &bucket, const PolicyResult &policyResult) { try { acquireDatabase(); + acquirePlugins(); + checkSinglePolicyType(policyResult.policyType(), true, true); m_storage->addOrUpdateBucket(bucket, policyResult); onPoliciesChanged(); } catch (const DefaultBucketSetNoneException &) { @@ -80,6 +110,8 @@ int OfflineLogic::insertOrUpdateBucket(const PolicyBucketId &bucket, return CYNARA_API_OPERATION_NOT_ALLOWED; } catch (const DatabaseException &) { return CYNARA_API_OPERATION_FAILED; + } catch (const UnknownPolicyTypeException &ex) { + return CYNARA_API_INVALID_PARAM; } return CYNARA_API_SUCCESS; diff --git a/src/admin/logic/OfflineLogic.h b/src/admin/logic/OfflineLogic.h index da7b0aa..6dc2a7e 100644 --- a/src/admin/logic/OfflineLogic.h +++ b/src/admin/logic/OfflineLogic.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ /** * @file src/admin/logic/OfflineLogic.h * @author Aleksander Zdyb + * @author Lukasz Wojciechowski * @version 1.0 * @brief This file contains definition of OfflineLogic class */ @@ -27,6 +28,7 @@ #include #include +#include #include #include @@ -56,6 +58,9 @@ protected: void acquireDatabase(void); void acquirePlugins(void); void onPoliciesChanged(void); + void checkPoliciesTypes(const ApiInterface::PoliciesByBucket &policies, bool allowBucket, + bool allowNone); + void checkSinglePolicyType(const PolicyType &policyType, bool allowBucket, bool allowNone); private: typedef std::unique_ptr StorageUniquePtr; diff --git a/src/admin/logic/OnlineLogic.cpp b/src/admin/logic/OnlineLogic.cpp index b9be92d..9671111 100644 --- a/src/admin/logic/OnlineLogic.cpp +++ b/src/admin/logic/OnlineLogic.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -104,6 +104,9 @@ static int interpretCodeResponse(const CodeResponse::Code &code) { case CodeResponse::Code::NO_BUCKET: LOGE("Trying to use unexisting bucket."); return CYNARA_API_BUCKET_NOT_FOUND; + case CodeResponse::Code::NO_POLICY_TYPE: + LOGE("Trying to use unknown policy type."); + return CYNARA_API_INVALID_PARAM; case CodeResponse::Code::FAILED: LOGC("Cynara service answered: Operation failed."); return CYNARA_API_OPERATION_FAILED; diff --git a/src/common/exceptions/UnknownPolicyTypeException.h b/src/common/exceptions/UnknownPolicyTypeException.h new file mode 100644 index 0000000..5ca1037 --- /dev/null +++ b/src/common/exceptions/UnknownPolicyTypeException.h @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file src/common/exceptions/UnknownPolicyTypeException.h + * @author Lukasz Wojciechowski + * @version 1.0 + * @brief Implementation of UnknownPolicyTypeException + */ + +#ifndef SRC_COMMON_EXCEPTIONS_UNKNOWNPOLICYTYPEEXCEPTION_H_ +#define SRC_COMMON_EXCEPTIONS_UNKNOWNPOLICYTYPEEXCEPTION_H_ + +#include + +#include "Exception.h" +#include "types/PolicyType.h" + +namespace Cynara { + +class UnknownPolicyTypeException : public Exception { +public: + UnknownPolicyTypeException() = delete; + UnknownPolicyTypeException(const PolicyType &policyType) + : m_policyType(policyType), m_message("UnknownPolicyTypeException") { + } + virtual ~UnknownPolicyTypeException() {}; + + virtual const std::string &message(void) const { + return m_message; + } + + const PolicyType &policyType(void) const { + return m_policyType; + } + +private: + PolicyType m_policyType; + std::string m_message; +}; + +} /* namespace Cynara */ + +#endif /* SRC_COMMON_EXCEPTIONS_UNKNOWNPOLICYTYPEEXCEPTION_H_ */ diff --git a/src/common/plugin/PluginManager.cpp b/src/common/plugin/PluginManager.cpp index e843895..38a83ff 100644 --- a/src/common/plugin/PluginManager.cpp +++ b/src/common/plugin/PluginManager.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ /** * @file src/common/plugin/PluginManager.cpp * @author Zofia Abramowska + * @author Lukasz Wojciechowski * @version 1.0 * @brief Definition of PluginManager class */ @@ -28,6 +29,7 @@ #include #include +#include #include #include "PluginManager.h" @@ -79,6 +81,12 @@ void PluginManager::invalidateAll(void) { } } +void PluginManager::checkPolicyType(PolicyType pType) const { + const auto it = m_plugins.find(pType); + if (it == m_plugins.end() || it->second == nullptr) + throw UnknownPolicyTypeException(pType); +} + void PluginManager::loadPlugins(void) { struct dirent **nameList = NULL; int fileAmount = scandir(m_dir.c_str(), &nameList, pluginFilter, alphasort); diff --git a/src/common/plugin/PluginManager.h b/src/common/plugin/PluginManager.h index b17e75b..ecd1e6c 100644 --- a/src/common/plugin/PluginManager.h +++ b/src/common/plugin/PluginManager.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ /** * @file src/common/plugin/PluginManager.h * @author Zofia Abramowska + * @author Lukasz Wojciechowski * @version 1.0 * @brief Declaration of PluginManager class */ @@ -32,6 +33,7 @@ #include #include +#include namespace Cynara { typedef std::shared_ptr ExternalPluginPtr; @@ -47,6 +49,8 @@ public: std::vector getPolicyDescriptions(void) const; void invalidateAll(void); + void checkPolicyType(PolicyType pType) const; + private: typedef std::unique_ptr> PluginLibPtr; typedef std::list PluginLibs; diff --git a/src/common/response/CodeResponse.h b/src/common/response/CodeResponse.h index 7a6020f..f5790f4 100644 --- a/src/common/response/CodeResponse.h +++ b/src/common/response/CodeResponse.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -34,6 +34,7 @@ public: enum Code { OK, NO_BUCKET, + NO_POLICY_TYPE, NOT_ALLOWED, FAILED }; diff --git a/src/service/logic/Logic.cpp b/src/service/logic/Logic.cpp index c6a045f..5e3f82a 100644 --- a/src/service/logic/Logic.cpp +++ b/src/service/logic/Logic.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -301,6 +302,7 @@ void Logic::execute(RequestContextPtr context, InsertOrUpdateBucketRequestPtr re auto code = CodeResponse::Code::OK; try { + checkSinglePolicyType(request->result().policyType(), true, true); m_storage->addOrUpdateBucket(request->bucketId(), request->result()); onPoliciesChanged(); } catch (const DatabaseException &ex) { @@ -309,6 +311,8 @@ void Logic::execute(RequestContextPtr context, InsertOrUpdateBucketRequestPtr re code = CodeResponse::Code::NOT_ALLOWED; } catch (const InvalidBucketIdException &ex) { code = CodeResponse::Code::NOT_ALLOWED; + } catch (const UnknownPolicyTypeException &ex) { + code = CodeResponse::Code::NO_POLICY_TYPE; } context->returnResponse(context, std::make_shared(code, @@ -348,6 +352,7 @@ void Logic::execute(RequestContextPtr context, RemoveBucketRequestPtr request) { void Logic::execute(RequestContextPtr context, SetPoliciesRequestPtr request) { auto code = CodeResponse::Code::OK; try { + checkPoliciesTypes(request->policiesToBeInsertedOrUpdated(), true, false); m_storage->insertPolicies(request->policiesToBeInsertedOrUpdated()); m_storage->deletePolicies(request->policiesToBeRemoved()); onPoliciesChanged(); @@ -355,11 +360,34 @@ void Logic::execute(RequestContextPtr context, SetPoliciesRequestPtr request) { code = CodeResponse::Code::FAILED; } catch (const BucketNotExistsException &ex) { code = CodeResponse::Code::NO_BUCKET; + } catch (const UnknownPolicyTypeException &ex) { + code = CodeResponse::Code::NO_POLICY_TYPE; } context->returnResponse(context, std::make_shared(code, request->sequenceNumber())); } +void Logic::checkPoliciesTypes(const std::map> &policies, + bool allowBucket, bool allowNone) { + for (const auto &group : policies) { + for (const auto &policy : group.second) { + checkSinglePolicyType(policy.result().policyType(), allowBucket, allowNone); + } + } +} + +void Logic::checkSinglePolicyType(const PolicyType &policyType, bool allowBucket, bool allowNone) { + if (allowBucket && policyType == PredefinedPolicyType::BUCKET) + return; + if (allowNone && policyType == PredefinedPolicyType::NONE) + return; + for (const auto &descr : predefinedPolicyDescr) { + if (descr.type == policyType) + return; + } + m_pluginManager->checkPolicyType(policyType); +} + void Logic::contextClosed(RequestContextPtr context) { LOGD("context closed"); diff --git a/src/service/logic/Logic.h b/src/service/logic/Logic.h index a0ea510..fc577bd 100644 --- a/src/service/logic/Logic.h +++ b/src/service/logic/Logic.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,8 +23,14 @@ #ifndef SRC_SERVICE_LOGIC_LOGIC_H_ #define SRC_SERVICE_LOGIC_LOGIC_H_ +#include +#include + +#include +#include #include #include +#include #include
#include @@ -94,6 +100,9 @@ private: const PluginData &agentData, const RequestContextPtr &request, const ServicePluginInterfacePtr &plugin); + void checkPoliciesTypes(const std::map> &policies, + bool allowBucket, bool allowNone); + void checkSinglePolicyType(const PolicyType &policyType, bool allowBucket, bool allowNone); void handleAgentTalkerDisconnection(const AgentTalkerPtr &agentTalkerPtr); void handleClientDisconnection(const CheckContextPtr &checkContextPtr); -- 2.7.4