From 8dcd79f13ef1e0c71bf3239c704d263d1f0c129f Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek
Date: Mon, 22 Dec 2014 09:29:43 +0100
Subject: [PATCH 01/16] Remove surplus read permissions for migration tool
In order to prevent possibility of non-authorised usage of migration
tool read permissions for wrapper script are now retracted.
Change-Id: I40d3f7cea0a9597863d0d75f168b2dea9ec64d6d
---
packaging/cynara.spec | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/packaging/cynara.spec b/packaging/cynara.spec
index 91b80a6..c057aa1 100644
--- a/packaging/cynara.spec
+++ b/packaging/cynara.spec
@@ -357,4 +357,4 @@ fi
%files -n cynara-db-migration
%manifest cynara-db-migration.manifest
-%attr(744,root,root) %{_sbindir}/cynara/cynara-db-migration.sh
+%attr(700,root,root) %{_sbindir}/cynara/cynara-db-migration.sh
--
2.7.4
From aa62332eb893ad65d5b65cb19f020ed6f87b2514 Mon Sep 17 00:00:00 2001
From: Aleksander Zdyb
Date: Mon, 27 Oct 2014 14:44:14 +0100
Subject: [PATCH 02/16] Add StoragePath::lockfile path
Change-Id: I16242dd8da7435661ee65698541e935ea9105cf1
---
src/common/config/PathConfig.cpp | 2 ++
src/common/config/PathConfig.h | 2 ++
2 files changed, 4 insertions(+)
diff --git a/src/common/config/PathConfig.cpp b/src/common/config/PathConfig.cpp
index f2799a1..8dd0491 100644
--- a/src/common/config/PathConfig.cpp
+++ b/src/common/config/PathConfig.cpp
@@ -16,6 +16,7 @@
/**
* @file src/common/config/PathConfig.cpp
* @author Zofia Abramowska
+ * @author Aleksander Zdyb
* @version 1.0
* @brief This file specifies PathConfig namespace containing values of default cynara paths
*/
@@ -52,6 +53,7 @@ const std::string agent(clientPath + "cynara-agent.socket");
namespace StoragePath {
const std::string dbDir(statePath + "db/");
+const std::string lockFile(statePath);
} // namespace StoragePath
namespace PluginPath {
diff --git a/src/common/config/PathConfig.h b/src/common/config/PathConfig.h
index 2f5836a..da5671f 100644
--- a/src/common/config/PathConfig.h
+++ b/src/common/config/PathConfig.h
@@ -16,6 +16,7 @@
/**
* @file src/common/config/PathConfig.h
* @author Zofia Abramowska
+ * @author Aleksander Zdyb
* @version 1.0
* @brief This file specifies PathConfig namespace containing default cynara paths
*/
@@ -40,6 +41,7 @@ extern const std::string agent;
namespace StoragePath {
extern const std::string dbDir;
+extern const std::string lockFile;
} // namespace StoragePath
namespace PluginPath {
--
2.7.4
From 7a6ec0f04bc425bbc35000c08f86ae17a8394cd1 Mon Sep 17 00:00:00 2001
From: Aleksander Zdyb
Date: Mon, 27 Oct 2014 14:45:58 +0100
Subject: [PATCH 03/16] Don't create database directory
This functionality was replaced by database migration tool
and database directory is always present.
Change-Id: Ib5f1f8a6c2887534f2c4f0ae3c85245d69818a14
---
src/storage/InMemoryStorageBackend.cpp | 12 ------------
1 file changed, 12 deletions(-)
diff --git a/src/storage/InMemoryStorageBackend.cpp b/src/storage/InMemoryStorageBackend.cpp
index f5bd505..77676f0 100644
--- a/src/storage/InMemoryStorageBackend.cpp
+++ b/src/storage/InMemoryStorageBackend.cpp
@@ -95,18 +95,6 @@ void InMemoryStorageBackend::load(void) {
}
void InMemoryStorageBackend::save(void) {
-
- //create directory
- int ret = mkdir(m_dbPath.c_str(), S_IRWXU);
- if (ret < 0) {
- int err = errno;
- if (err != EEXIST) {
- LOGE("Cannot create directory <%s>. Error [%d] : <%s>.",
- m_dbPath.c_str(), err, strerror(err));
- throw UnexpectedErrorException(err, strerror(err));
- }
- }
-
auto indexStream = std::make_shared();
std::string indexFilename = m_dbPath + m_indexFilename;
openDumpFileStream(indexStream, indexFilename + m_backupFilenameSuffix);
--
2.7.4
From d514cd59397d07540b44bf8bc925947cee545e5b Mon Sep 17 00:00:00 2001
From: Aleksander Zdyb
Date: Tue, 23 Dec 2014 13:54:32 +0100
Subject: [PATCH 04/16] Introduce Lockable in FileLock
FileLock now operates on lockable object instead
of a file path and internal file descriptor.
Lockable is an abstraction of file descriptor.
Change-Id: Ie17905a4455492956e5162d90add488ca6f3080c
---
src/common/lock/FileLock.cpp | 21 ++++++++++++++++-----
src/common/lock/FileLock.h | 18 ++++++++++++++----
2 files changed, 30 insertions(+), 9 deletions(-)
diff --git a/src/common/lock/FileLock.cpp b/src/common/lock/FileLock.cpp
index b8bd34a..98141f6 100644
--- a/src/common/lock/FileLock.cpp
+++ b/src/common/lock/FileLock.cpp
@@ -36,8 +36,8 @@
namespace Cynara {
-FileLock::FileLock(const std::string &lockFilename) : m_lockFilename(lockFilename) {
- m_fd = ::open(m_lockFilename.c_str(), O_RDONLY);
+Lockable::Lockable(const std::string &lockFilename) {
+ m_fd = TEMP_FAILURE_RETRY(::open(lockFilename.c_str(), O_RDONLY));
if (m_fd < 0) {
LOGE("Could not open lock file <%s>", lockFilename.c_str());
@@ -47,12 +47,18 @@ FileLock::FileLock(const std::string &lockFilename) : m_lockFilename(lockFilenam
LOGD("File lock file opened");
}
-FileLock::~FileLock() {
+Lockable::~Lockable() {
::close(m_fd);
}
+FileLock::FileLock(Lockable &lockable) : m_lockable(lockable) {}
+
+FileLock::~FileLock() {
+ unlock();
+}
+
bool FileLock::tryLock(void) {
- int lock = TEMP_FAILURE_RETRY(::flock(m_fd, LOCK_EX | LOCK_NB));
+ int lock = TEMP_FAILURE_RETRY(::flock(m_lockable.m_fd, LOCK_EX | LOCK_NB));
if (lock == 0) {
LOGI("File lock acquired");
@@ -66,7 +72,7 @@ bool FileLock::tryLock(void) {
}
void FileLock::lock(void) {
- int lock = TEMP_FAILURE_RETRY(::flock(m_fd, LOCK_EX));
+ int lock = TEMP_FAILURE_RETRY(::flock(m_lockable.m_fd, LOCK_EX));
if (lock == -1)
throw FileLockAcquiringException(errno);
@@ -74,4 +80,9 @@ void FileLock::lock(void) {
LOGI("File lock acquired");
}
+void FileLock::unlock(void) {
+ LOGI("Releasing file lock");
+ TEMP_FAILURE_RETRY(::flock(m_lockable.m_fd, LOCK_UN));
+}
+
} /* namespace Cynara */
diff --git a/src/common/lock/FileLock.h b/src/common/lock/FileLock.h
index 53f048f..69311f0 100644
--- a/src/common/lock/FileLock.h
+++ b/src/common/lock/FileLock.h
@@ -27,16 +27,26 @@
namespace Cynara {
+class FileLock;
+
+class Lockable {
+ friend FileLock;
+public:
+ explicit Lockable(const std::string &lockFilename);
+ ~Lockable();
+private:
+ int m_fd;
+};
+
class FileLock {
public:
- explicit FileLock(const std::string &lockFilename);
+ explicit FileLock(Lockable &lockable);
~FileLock();
bool tryLock(void);
void lock(void);
-
+ void unlock(void);
private:
- std::string m_lockFilename;
- int m_fd;
+ Lockable &m_lockable;
};
} /* namespace Cynara */
--
2.7.4
From b2abe6e5fd4ac22dc1e75b2efcb9f4177aa57a8d Mon Sep 17 00:00:00 2001
From: Aleksander Zdyb
Date: Mon, 27 Oct 2014 14:49:11 +0100
Subject: [PATCH 05/16] Lock database in Cynara::init()
Change-Id: Ib90550c8dd26af899d9749901b3ab3e043fe3e2a
---
src/service/main/Cynara.cpp | 5 ++++-
src/service/main/Cynara.h | 5 +++++
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/service/main/Cynara.cpp b/src/service/main/Cynara.cpp
index 96443ce..a6b96c6 100644
--- a/src/service/main/Cynara.cpp
+++ b/src/service/main/Cynara.cpp
@@ -16,6 +16,7 @@
/**
* @file src/service/main/Cynara.cpp
* @author Lukasz Wojciechowski
+ * @author Aleksander Zdyb
* @version 1.0
* @brief This file implements main class of cynara service
*/
@@ -40,7 +41,8 @@
namespace Cynara {
Cynara::Cynara()
- : m_logic(nullptr), m_socketManager(nullptr), m_storage(nullptr), m_storageBackend(nullptr) {
+ : m_logic(nullptr), m_socketManager(nullptr), m_storage(nullptr), m_storageBackend(nullptr),
+ m_lockFile(PathConfig::StoragePath::lockFile), m_databaseLock(m_lockFile) {
}
Cynara::~Cynara() {
@@ -62,6 +64,7 @@ void Cynara::init(void) {
m_socketManager->bindLogic(m_logic);
+ m_databaseLock.lock(); // Wait until database lock can be acquired
m_storage->load();
}
diff --git a/src/service/main/Cynara.h b/src/service/main/Cynara.h
index 89bdd76..b138040 100644
--- a/src/service/main/Cynara.h
+++ b/src/service/main/Cynara.h
@@ -16,6 +16,7 @@
/**
* @file src/service/main/Cynara.h
* @author Lukasz Wojciechowski
+ * @author Aleksander Zdyb
* @version 1.0
* @brief This file defines main class of cynara service
*/
@@ -23,6 +24,8 @@
#ifndef SRC_SERVICE_MAIN_CYNARA_H_
#define SRC_SERVICE_MAIN_CYNARA_H_
+#include
+
#include
namespace Cynara {
@@ -43,6 +46,8 @@ private:
SocketManagerPtr m_socketManager;
StoragePtr m_storage;
StorageBackendPtr m_storageBackend;
+ Lockable m_lockFile;
+ FileLock m_databaseLock;
};
} // namespace Cynara
--
2.7.4
From 899a094acbd9523c65432a9cb9c55bd596ddc2bc Mon Sep 17 00:00:00 2001
From: Aleksander Zdyb
Date: Tue, 23 Dec 2014 14:11:15 +0100
Subject: [PATCH 06/16] Inherit from Exception in FileLockAcquiringException
Change-Id: I40eb3f6b906f34261f8c6b6596e0afb503e41e7a
---
src/common/exceptions/FileLockAcquiringException.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/common/exceptions/FileLockAcquiringException.h b/src/common/exceptions/FileLockAcquiringException.h
index 44bc54a..4640719 100644
--- a/src/common/exceptions/FileLockAcquiringException.h
+++ b/src/common/exceptions/FileLockAcquiringException.h
@@ -30,12 +30,13 @@
namespace Cynara {
-class FileLockAcquiringException {
+class FileLockAcquiringException : public Exception {
public:
FileLockAcquiringException(const int errNumber) : m_errno(errNumber) {
m_message = "File lock acquiring error [" + std::to_string(errorNumber()) + "]"
+ " <" + errorString() + ">";
};
+
virtual ~FileLockAcquiringException() {};
const std::string &message(void) const {
--
2.7.4
From f308922e9e1ef90823bef58b504d70a5e4d7bf3a Mon Sep 17 00:00:00 2001
From: Aleksander Zdyb
Date: Wed, 17 Dec 2014 10:24:11 +0100
Subject: [PATCH 07/16] Rename admin's Logic to OnlineLogic
This is a preparation to implement OfflineLogic.
Change-Id: Ica6e7dfe12ac9bc921f77e2c5d08bc539373ed07
---
src/admin/CMakeLists.txt | 2 +-
src/admin/api/admin-api.cpp | 4 ++--
src/admin/logic/{Logic.cpp => OnlineLogic.cpp} | 31 +++++++++++++-------------
src/admin/logic/{Logic.h => OnlineLogic.h} | 18 +++++++--------
4 files changed, 27 insertions(+), 28 deletions(-)
rename src/admin/logic/{Logic.cpp => OnlineLogic.cpp} (86%)
rename src/admin/logic/{Logic.h => OnlineLogic.h} (84%)
diff --git a/src/admin/CMakeLists.txt b/src/admin/CMakeLists.txt
index f58c751..321ca92 100644
--- a/src/admin/CMakeLists.txt
+++ b/src/admin/CMakeLists.txt
@@ -23,7 +23,7 @@ SET(CYNARA_LIB_CYNARA_ADMIN_PATH ${CYNARA_PATH}/admin)
SET(LIB_CYNARA_ADMIN_SOURCES
${CYNARA_LIB_CYNARA_ADMIN_PATH}/api/admin-api.cpp
- ${CYNARA_LIB_CYNARA_ADMIN_PATH}/logic/Logic.cpp
+ ${CYNARA_LIB_CYNARA_ADMIN_PATH}/logic/OnlineLogic.cpp
)
INCLUDE_DIRECTORIES(
diff --git a/src/admin/api/admin-api.cpp b/src/admin/api/admin-api.cpp
index 401df51..1dfeb90 100644
--- a/src/admin/api/admin-api.cpp
+++ b/src/admin/api/admin-api.cpp
@@ -43,7 +43,7 @@
#include
#include
-#include
+#include
struct cynara_admin {
Cynara::ApiInterface *impl;
@@ -61,7 +61,7 @@ int cynara_admin_initialize(struct cynara_admin **pp_cynara_admin) {
return CYNARA_API_INVALID_PARAM;
return Cynara::tryCatch([&]() {
- *pp_cynara_admin = new cynara_admin(new Cynara::Logic);
+ *pp_cynara_admin = new cynara_admin(new Cynara::OnlineLogic);
init_log();
diff --git a/src/admin/logic/Logic.cpp b/src/admin/logic/OnlineLogic.cpp
similarity index 86%
rename from src/admin/logic/Logic.cpp
rename to src/admin/logic/OnlineLogic.cpp
index b0ea895..9aa1831 100644
--- a/src/admin/logic/Logic.cpp
+++ b/src/admin/logic/OnlineLogic.cpp
@@ -14,10 +14,11 @@
* limitations under the License
*/
/**
- * @file src/admin/logic/Logic.cpp
+ * @file src/admin/logic/OnlineLogic.cpp
* @author Lukasz Wojciechowski
+ * @author Aleksander Zdyb
* @version 1.0
- * @brief This file contains implementation of Logic class - main libcynara-admin class
+ * @brief This file contains implementation of online version of Logic class
*/
#include
@@ -45,11 +46,11 @@
#include
#include
-#include "Logic.h"
+#include "OnlineLogic.h"
namespace Cynara {
-Logic::Logic() {
+OnlineLogic::OnlineLogic() {
m_socketClient = std::make_shared(PathConfig::SocketPath::admin,
std::make_shared());
}
@@ -59,12 +60,12 @@ ProtocolFrameSequenceNumber generateSequenceNumber(void) {
return ++sequenceNumber;
}
-bool Logic::ensureConnection(void) {
+bool OnlineLogic::ensureConnection(void) {
return m_socketClient->isConnected() || m_socketClient->connect();
}
template
-int Logic::askCynaraAndInterpreteCodeResponse(Args... args) {
+int OnlineLogic::askCynaraAndInterpreteCodeResponse(Args... args) {
if (!ensureConnection()) {
LOGE("Cannot connect to cynara. Service not available.");
return CYNARA_API_SERVICE_NOT_AVAILABLE;
@@ -109,22 +110,22 @@ int Logic::askCynaraAndInterpreteCodeResponse(Args... args) {
}
}
-int Logic::setPolicies(const ApiInterface::PoliciesByBucket &insertOrUpdate,
- const ApiInterface::KeysByBucket &remove) {
+int OnlineLogic::setPolicies(const ApiInterface::PoliciesByBucket &insertOrUpdate,
+ const ApiInterface::KeysByBucket &remove) {
return askCynaraAndInterpreteCodeResponse(insertOrUpdate, remove);
}
-int Logic::insertOrUpdateBucket(const PolicyBucketId &bucket,
- const PolicyResult &policyResult) {
+int OnlineLogic::insertOrUpdateBucket(const PolicyBucketId &bucket,
+ const PolicyResult &policyResult) {
return askCynaraAndInterpreteCodeResponse(bucket, policyResult);
}
-int Logic::removeBucket(const PolicyBucketId &bucket) {
+int OnlineLogic::removeBucket(const PolicyBucketId &bucket) {
return askCynaraAndInterpreteCodeResponse(bucket);
}
-int Logic::adminCheck(const PolicyBucketId &startBucket, bool recursive, const PolicyKey &key,
- PolicyResult &result) {
+int OnlineLogic::adminCheck(const PolicyBucketId &startBucket, bool recursive, const PolicyKey &key,
+ PolicyResult &result) {
if (!ensureConnection()) {
LOGE("Cannot connect to cynara. Service not available.");
return CYNARA_API_SERVICE_NOT_AVAILABLE;
@@ -163,7 +164,7 @@ int Logic::adminCheck(const PolicyBucketId &startBucket, bool recursive, const P
return CYNARA_API_SUCCESS;
}
-int Logic::listPolicies(const PolicyBucketId &bucket, const PolicyKey &filter,
+int OnlineLogic::listPolicies(const PolicyBucketId &bucket, const PolicyKey &filter,
std::vector &policies) {
if (!ensureConnection()) {
LOGE("Cannot connect to cynara. Service not available.");
@@ -199,7 +200,7 @@ int Logic::listPolicies(const PolicyBucketId &bucket, const PolicyKey &filter,
return CYNARA_API_SUCCESS;
}
-int Logic::erasePolicies(const PolicyBucketId &startBucket, bool recursive,
+int OnlineLogic::erasePolicies(const PolicyBucketId &startBucket, bool recursive,
const PolicyKey &filter) {
return askCynaraAndInterpreteCodeResponse(startBucket, recursive, filter);
}
diff --git a/src/admin/logic/Logic.h b/src/admin/logic/OnlineLogic.h
similarity index 84%
rename from src/admin/logic/Logic.h
rename to src/admin/logic/OnlineLogic.h
index 584d35d..19e3304 100644
--- a/src/admin/logic/Logic.h
+++ b/src/admin/logic/OnlineLogic.h
@@ -14,16 +14,14 @@
* limitations under the License
*/
/**
- * @file src/admin/logic/Logic.h
+ * @file src/admin/logic/OnlineLogic.h
* @author Lukasz Wojciechowski
* @version 1.0
- * @brief This file contains definition of Logic class - main libcynara-admin class
+ * @brief This file contains definition of online version of Logic class
*/
-#ifndef SRC_ADMIN_LOGIC_LOGIC_H_
-#define SRC_ADMIN_LOGIC_LOGIC_H_
-
-#include
+#ifndef SRC_ADMIN_LOGIC_ONLINELOGIC_H_
+#define SRC_ADMIN_LOGIC_ONLINELOGIC_H_
#include
@@ -31,7 +29,7 @@
namespace Cynara {
-class Logic : public ApiInterface {
+class OnlineLogic : public ApiInterface {
private:
SocketClientPtr m_socketClient;
@@ -40,8 +38,8 @@ private:
int askCynaraAndInterpreteCodeResponse(Args... args);
public:
- Logic();
- virtual ~Logic() {};
+ OnlineLogic();
+ virtual ~OnlineLogic() {};
virtual int setPolicies(const ApiInterface::PoliciesByBucket &insertOrUpdate,
const ApiInterface::KeysByBucket &remove);
@@ -59,4 +57,4 @@ public:
} // namespace Cynara
-#endif /* SRC_ADMIN_LOGIC_LOGIC_H_ */
+#endif /* SRC_ADMIN_LOGIC_ONLINELOGIC_H_ */
--
2.7.4
From 14d1fb229ad782830543cb3ac04b58a46c67f504 Mon Sep 17 00:00:00 2001
From: Aleksander Zdyb
Date: Tue, 23 Dec 2014 14:21:47 +0100
Subject: [PATCH 08/16] Implement detection of online/offline mode in admin
Change-Id: I93a2af08266d7606491abf4f89bf16663c7d0e15
---
src/admin/CMakeLists.txt | 4 ++
src/admin/api/admin-api.cpp | 10 ++-
src/admin/logic/Logic.cpp | 95 ++++++++++++++++++++++++++++
src/admin/logic/Logic.h | 67 ++++++++++++++++++++
src/admin/logic/OfflineLogic.cpp | 133 +++++++++++++++++++++++++++++++++++++++
src/admin/logic/OfflineLogic.h | 68 ++++++++++++++++++++
6 files changed, 375 insertions(+), 2 deletions(-)
create mode 100644 src/admin/logic/Logic.cpp
create mode 100644 src/admin/logic/Logic.h
create mode 100644 src/admin/logic/OfflineLogic.cpp
create mode 100644 src/admin/logic/OfflineLogic.h
diff --git a/src/admin/CMakeLists.txt b/src/admin/CMakeLists.txt
index 321ca92..3cbff78 100644
--- a/src/admin/CMakeLists.txt
+++ b/src/admin/CMakeLists.txt
@@ -23,10 +23,13 @@ SET(CYNARA_LIB_CYNARA_ADMIN_PATH ${CYNARA_PATH}/admin)
SET(LIB_CYNARA_ADMIN_SOURCES
${CYNARA_LIB_CYNARA_ADMIN_PATH}/api/admin-api.cpp
+ ${CYNARA_LIB_CYNARA_ADMIN_PATH}/logic/Logic.cpp
+ ${CYNARA_LIB_CYNARA_ADMIN_PATH}/logic/OfflineLogic.cpp
${CYNARA_LIB_CYNARA_ADMIN_PATH}/logic/OnlineLogic.cpp
)
INCLUDE_DIRECTORIES(
+ ${CYNARA_PATH}
${CYNARA_PATH}/include
${CYNARA_LIB_CYNARA_ADMIN_PATH}
)
@@ -43,6 +46,7 @@ SET_TARGET_PROPERTIES(
TARGET_LINK_LIBRARIES(${TARGET_LIB_CYNARA_ADMIN}
${CYNARA_DEP_LIBRARIES}
${TARGET_CYNARA_COMMON}
+ ${TARGET_LIB_CYNARA_STORAGE}
)
INSTALL(TARGETS ${TARGET_LIB_CYNARA_ADMIN} DESTINATION ${LIB_INSTALL_DIR})
diff --git a/src/admin/api/admin-api.cpp b/src/admin/api/admin-api.cpp
index 1dfeb90..d3b6a36 100644
--- a/src/admin/api/admin-api.cpp
+++ b/src/admin/api/admin-api.cpp
@@ -30,6 +30,7 @@
#include
#include
+#include
#include
#include
#include
@@ -43,7 +44,7 @@
#include
#include
-#include
+#include
struct cynara_admin {
Cynara::ApiInterface *impl;
@@ -61,7 +62,12 @@ int cynara_admin_initialize(struct cynara_admin **pp_cynara_admin) {
return CYNARA_API_INVALID_PARAM;
return Cynara::tryCatch([&]() {
- *pp_cynara_admin = new cynara_admin(new Cynara::OnlineLogic);
+ try {
+ *pp_cynara_admin = new cynara_admin(new Cynara::Logic);
+ } catch (const Cynara::FileLockAcquiringException &ex) {
+ LOGE("%s", ex.what());
+ return CYNARA_API_OPERATION_FAILED;
+ }
init_log();
diff --git a/src/admin/logic/Logic.cpp b/src/admin/logic/Logic.cpp
new file mode 100644
index 0000000..57fc0b5
--- /dev/null
+++ b/src/admin/logic/Logic.cpp
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/**
+ * @file src/admin/logic/Logic.cpp
+ * @author Lukasz Wojciechowski
+ * @author Aleksander Zdyb
+ * @version 1.0
+ * @brief This file contains implementation of Logic class - main libcynara-admin class
+ */
+
+#include
+#include
+#include
+
+#include "Logic.h"
+#include "OfflineLogic.h"
+#include "OnlineLogic.h"
+
+namespace Cynara {
+
+Logic::Logic() : m_onlineLogic(new OnlineLogic()), m_offlineLogic(new OfflineLogic()),
+ m_lockable(PathConfig::StoragePath::lockFile) {}
+
+Logic::~Logic() {
+ delete m_onlineLogic;
+ delete m_offlineLogic;
+}
+
+int Logic::setPolicies(const ApiInterface::PoliciesByBucket &insertOrUpdate,
+ const ApiInterface::KeysByBucket &remove) {
+ using std::placeholders::_1;
+ return callApiFunction(std::bind(&ApiInterface::setPolicies, _1,
+ std::cref(insertOrUpdate), std::cref(remove)));
+}
+
+int Logic::insertOrUpdateBucket(const PolicyBucketId &bucket,
+ const PolicyResult &policyResult) {
+ using std::placeholders::_1;
+ auto f = std::bind(&ApiInterface::insertOrUpdateBucket, _1,
+ std::cref(bucket), std::cref(policyResult));
+ return callApiFunction(f);
+}
+
+int Logic::removeBucket(const PolicyBucketId &bucket) {
+ using std::placeholders::_1;
+ return callApiFunction(std::bind(&ApiInterface::removeBucket, _1, std::cref(bucket)));
+}
+
+int Logic::adminCheck(const PolicyBucketId &startBucket, bool recursive, const PolicyKey &key,
+ PolicyResult &result) {
+ using std::placeholders::_1;
+ return callApiFunction(std::bind(&ApiInterface::adminCheck, _1, std::cref(startBucket),
+ recursive, std::cref(key), std::ref(result)));
+}
+
+int Logic::listPolicies(const PolicyBucketId &bucket, const PolicyKey &filter,
+ std::vector &policies) {
+ using std::placeholders::_1;
+ return callApiFunction(std::bind(&ApiInterface::listPolicies, _1, std::cref(bucket),
+ std::cref(filter), std::ref(policies)));
+}
+
+int Logic::erasePolicies(const PolicyBucketId &startBucket, bool recursive,
+ const PolicyKey &filter) {
+ using std::placeholders::_1;
+ return callApiFunction(std::bind(&ApiInterface::erasePolicies, _1, std::cref(startBucket),
+ recursive, std::cref(filter)));
+}
+
+int Logic::callApiFunction(std::function apiCall) {
+ FileLock lock(m_lockable);
+ if (lock.tryLock() == true) {
+ m_offlineLogic->acquireDatabase();
+ LOGI("Admin uses offline API");
+ return apiCall(m_offlineLogic);
+ } else {
+ LOGI("Admin uses online API");
+ return apiCall(m_onlineLogic);
+ }
+}
+
+} // namespace Cynara
diff --git a/src/admin/logic/Logic.h b/src/admin/logic/Logic.h
new file mode 100644
index 0000000..9a24de7
--- /dev/null
+++ b/src/admin/logic/Logic.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/**
+ * @file src/admin/logic/Logic.h
+ * @author Lukasz Wojciechowski
+ * @author Aleksander Zdyb
+ * @version 1.0
+ * @brief This file contains definition of Logic class - main libcynara-admin class
+ */
+
+#ifndef SRC_ADMIN_LOGIC_LOGIC_H_
+#define SRC_ADMIN_LOGIC_LOGIC_H_
+
+#include
+
+#include
+
+#include
+
+namespace Cynara {
+
+class OnlineLogic;
+class OfflineLogic;
+
+class Logic : public ApiInterface {
+
+public:
+ Logic();
+ virtual ~Logic();
+
+ virtual int setPolicies(const ApiInterface::PoliciesByBucket &insertOrUpdate,
+ const ApiInterface::KeysByBucket &remove);
+ virtual int insertOrUpdateBucket(const PolicyBucketId &bucket,
+ const PolicyResult &policyResult);
+ virtual int removeBucket(const PolicyBucketId &bucket);
+ virtual int adminCheck(const PolicyBucketId &startBucket, bool recursive,
+ const PolicyKey &key, PolicyResult &result);
+ virtual int listPolicies(const PolicyBucketId &bucket, const PolicyKey &filter,
+ std::vector &policies);
+ virtual int erasePolicies(const PolicyBucketId &startBucket, bool recursive,
+ const PolicyKey &filter);
+
+protected:
+ int callApiFunction(std::function apiCall);
+
+private:
+ OnlineLogic *m_onlineLogic;
+ OfflineLogic *m_offlineLogic;
+ Lockable m_lockable;
+};
+
+} // namespace Cynara
+
+#endif /* SRC_ADMIN_LOGIC_LOGIC_H_ */
diff --git a/src/admin/logic/OfflineLogic.cpp b/src/admin/logic/OfflineLogic.cpp
new file mode 100644
index 0000000..a52a0fe
--- /dev/null
+++ b/src/admin/logic/OfflineLogic.cpp
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file src/admin/logic/OfflineLogic.cpp
+ * @author Aleksander Zdyb
+ * @version 1.0
+ * @brief This file contains implementation of OfflineLogic class
+ */
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include
+#include
+
+#include
+
+#include "OfflineLogic.h"
+
+namespace Cynara {
+
+OfflineLogic::OfflineLogic() {}
+
+void OfflineLogic::acquireDatabase(void) {
+ m_storageBackend.reset(new InMemoryStorageBackend(PathConfig::StoragePath::dbDir));
+ m_storage.reset(new Storage(*m_storageBackend));
+ m_storage->load();
+}
+
+int OfflineLogic::setPolicies(const ApiInterface::PoliciesByBucket &insertOrUpdate,
+ const ApiInterface::KeysByBucket &remove) {
+ try {
+ m_storage->insertPolicies(insertOrUpdate);
+ m_storage->deletePolicies(remove);
+ onPoliciesChanged();
+ } catch (const BucketNotExistsException &) {
+ return CYNARA_API_BUCKET_NOT_FOUND;
+ } catch (const DatabaseException &) {
+ return CYNARA_API_OPERATION_FAILED;
+ }
+
+ return CYNARA_API_SUCCESS;
+}
+
+int OfflineLogic::insertOrUpdateBucket(const PolicyBucketId &bucket,
+ const PolicyResult &policyResult) {
+ try {
+ m_storage->addOrUpdateBucket(bucket, policyResult);
+ onPoliciesChanged();
+ } catch (const DefaultBucketSetNoneException &) {
+ return CYNARA_API_OPERATION_NOT_ALLOWED;
+ } catch (const InvalidBucketIdException &ex) {
+ return CYNARA_API_OPERATION_NOT_ALLOWED;
+ } catch (const DatabaseException &) {
+ return CYNARA_API_OPERATION_FAILED;
+ }
+
+ return CYNARA_API_SUCCESS;
+}
+
+int OfflineLogic::removeBucket(const PolicyBucketId &bucket) {
+ try {
+ m_storage->deleteBucket(bucket);
+ onPoliciesChanged();
+ } catch (const BucketNotExistsException &) {
+ return CYNARA_API_BUCKET_NOT_FOUND;
+ } catch (const DefaultBucketDeletionException &) {
+ return CYNARA_API_OPERATION_NOT_ALLOWED;
+ } catch (const DatabaseException &) {
+ return CYNARA_API_OPERATION_FAILED;
+ }
+
+ return CYNARA_API_SUCCESS;
+}
+
+int OfflineLogic::adminCheck(const PolicyBucketId &startBucket, bool recursive,
+ const PolicyKey &key, PolicyResult &result) {
+ try {
+ result = m_storage->checkPolicy(key, startBucket, recursive);
+ } catch (const BucketNotExistsException &ex) {
+ return CYNARA_API_BUCKET_NOT_FOUND;
+ }
+
+ return CYNARA_API_SUCCESS;
+}
+
+int OfflineLogic::listPolicies(const PolicyBucketId &bucket, const PolicyKey &filter,
+ std::vector &policies) {
+ try {
+ policies = m_storage->listPolicies(bucket, filter);
+ } catch (const BucketNotExistsException &ex) {
+ return CYNARA_API_BUCKET_NOT_FOUND;
+ }
+
+ return CYNARA_API_SUCCESS;
+}
+
+int OfflineLogic::erasePolicies(const PolicyBucketId &startBucket, bool recursive,
+ const PolicyKey &filter) {
+ try {
+ m_storage->erasePolicies(startBucket, recursive, filter);
+ onPoliciesChanged();
+ } catch (const BucketNotExistsException &) {
+ return CYNARA_API_BUCKET_NOT_FOUND;
+ }
+
+ return CYNARA_API_SUCCESS;
+}
+
+void OfflineLogic::onPoliciesChanged(void) {
+ m_storage->save();
+}
+
+} /* namespace Cynara */
diff --git a/src/admin/logic/OfflineLogic.h b/src/admin/logic/OfflineLogic.h
new file mode 100644
index 0000000..ec180f2
--- /dev/null
+++ b/src/admin/logic/OfflineLogic.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file src/admin/logic/OfflineLogic.h
+ * @author Aleksander Zdyb
+ * @version 1.0
+ * @brief This file contains definition of OfflineLogic class
+ */
+
+#ifndef SRC_ADMIN_LOGIC_OFFLINELOGIC_H_
+#define SRC_ADMIN_LOGIC_OFFLINELOGIC_H_
+
+#include
+
+#include
+
+#include
+#include
+
+#include
+
+namespace Cynara {
+
+class OfflineLogic : public ApiInterface {
+public:
+ OfflineLogic();
+
+ void acquireDatabase(void);
+
+ int setPolicies(const ApiInterface::PoliciesByBucket &insertOrUpdate,
+ const ApiInterface::KeysByBucket &remove);
+ int insertOrUpdateBucket(const PolicyBucketId &bucket,
+ const PolicyResult &policyResult);
+ int removeBucket(const PolicyBucketId &bucket);
+ int adminCheck(const PolicyBucketId &startBucket, bool recursive,
+ const PolicyKey &key, PolicyResult &result);
+ int listPolicies(const PolicyBucketId &bucket, const PolicyKey &filter,
+ std::vector &policies);
+ int erasePolicies(const PolicyBucketId &startBucket, bool recursive,
+ const PolicyKey &filter);
+
+protected:
+ void onPoliciesChanged(void);
+
+private:
+ typedef std::unique_ptr StorageUniquePtr;
+ typedef std::unique_ptr StorageBackendUniquePtr;
+
+ StorageUniquePtr m_storage;
+ StorageBackendUniquePtr m_storageBackend;
+};
+
+} /* namespace Cynara */
+
+#endif /* SRC_ADMIN_LOGIC_OFFLINELOGIC_H_ */
--
2.7.4
From 582e79ea7c430629a9ee5fa432839956174c736d Mon Sep 17 00:00:00 2001
From: Zofia Abramowska
Date: Tue, 16 Dec 2014 16:48:58 +0100
Subject: [PATCH 09/16] Add listing types of policies
Change-Id: Iab51f7ec232fb711ac6945be1ce71effa7e59ef1
---
src/client-async/logic/Logic.cpp | 4 +--
src/client-common/CMakeLists.txt | 1 -
src/client-common/cache/CacheInterface.h | 8 ++---
src/client-common/plugins/NaiveInterpreter.cpp | 30 ----------------
src/client-common/plugins/NaiveInterpreter.h | 7 ++--
src/client/logic/Logic.cpp | 4 +--
src/common/CMakeLists.txt | 2 ++
src/common/plugin/ExternalPluginInterface.h | 7 ++--
src/common/plugin/PluginManager.cpp | 18 +++++++---
src/common/plugin/PluginManager.h | 5 ++-
src/common/types/PolicyDescription.cpp | 36 +++++++++++++++++++
src/common/types/PolicyDescription.h | 48 ++++++++++++++++++++++++++
src/include/cynara-client-plugin.h | 3 +-
13 files changed, 119 insertions(+), 54 deletions(-)
delete mode 100644 src/client-common/plugins/NaiveInterpreter.cpp
create mode 100644 src/common/types/PolicyDescription.cpp
create mode 100644 src/common/types/PolicyDescription.h
diff --git a/src/client-async/logic/Logic.cpp b/src/client-async/logic/Logic.cpp
index 48b8bad..7504c7e 100644
--- a/src/client-async/logic/Logic.cpp
+++ b/src/client-async/logic/Logic.cpp
@@ -50,8 +50,8 @@ Logic::Logic(cynara_status_callback callback, void *userStatusData)
m_cache = std::make_shared();
auto naiveInterpreter = std::make_shared();
- for (auto &type : naiveInterpreter->getSupportedPolicyTypes()) {
- m_cache->registerPlugin(type, naiveInterpreter);
+ for (auto &descr : naiveInterpreter->getSupportedPolicyDescr()) {
+ m_cache->registerPlugin(descr, naiveInterpreter);
}
}
diff --git a/src/client-common/CMakeLists.txt b/src/client-common/CMakeLists.txt
index bb02eca..2c60ca9 100644
--- a/src/client-common/CMakeLists.txt
+++ b/src/client-common/CMakeLists.txt
@@ -28,7 +28,6 @@ INCLUDE_DIRECTORIES(
SET(LIB_CYNARA_COMMON_SOURCES
${LIB_CYNARA_COMMON_PATH}/cache/CapacityCache.cpp
- ${LIB_CYNARA_COMMON_PATH}/plugins/NaiveInterpreter.cpp
)
ADD_DEFINITIONS("-fvisibility=default")
diff --git a/src/client-common/cache/CacheInterface.h b/src/client-common/cache/CacheInterface.h
index 03b7624..bbd18c8 100644
--- a/src/client-common/cache/CacheInterface.h
+++ b/src/client-common/cache/CacheInterface.h
@@ -31,9 +31,9 @@
#include
#include
#include
+#include
#include
#include
-#include
namespace Cynara {
@@ -48,8 +48,8 @@ public:
const PolicyKey &key,
const PolicyResult &result) = 0;
- void registerPlugin(const PolicyType policyType, ClientPluginInterfacePtr plugin) {
- m_plugins[policyType] = plugin;
+ void registerPlugin(const PolicyDescription &policyDescr, ClientPluginInterfacePtr plugin) {
+ m_plugins[policyDescr] = plugin;
}
virtual void clear(void) {
@@ -59,7 +59,7 @@ public:
virtual ~PluginCache() {};
protected:
- std::map m_plugins;
+ std::map m_plugins;
};
} // namespace Cynara
diff --git a/src/client-common/plugins/NaiveInterpreter.cpp b/src/client-common/plugins/NaiveInterpreter.cpp
deleted file mode 100644
index 7141cb7..0000000
--- a/src/client-common/plugins/NaiveInterpreter.cpp
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/**
- * @file src/client-common/plugins/NaiveInterpreter.cpp
- * @author Zofia Abramowska
- * @version 1.0
- * @brief This file contains NaiveInterpreter supported types definition.
- */
-
-#include
-
-namespace Cynara {
-
- const std::vector NaiveInterpreter::s_supportedTypes =
- {PredefinedPolicyType::ALLOW, PredefinedPolicyType::DENY};
-
-}
diff --git a/src/client-common/plugins/NaiveInterpreter.h b/src/client-common/plugins/NaiveInterpreter.h
index 059554d..a0e2d67 100644
--- a/src/client-common/plugins/NaiveInterpreter.h
+++ b/src/client-common/plugins/NaiveInterpreter.h
@@ -25,6 +25,7 @@
#include
#include
#include
+#include
namespace Cynara {
@@ -45,13 +46,11 @@ public:
return CYNARA_API_ACCESS_DENIED;
}
- const std::vector &getSupportedPolicyTypes(void) {
- return s_supportedTypes;
+ const std::vector &getSupportedPolicyDescr(void) {
+ return predefinedPolicyDescr;
}
void invalidate(void) {}
-private:
- static const std::vector s_supportedTypes;
};
} // namespace Cynara
diff --git a/src/client/logic/Logic.cpp b/src/client/logic/Logic.cpp
index 498e53c..f8fc543 100644
--- a/src/client/logic/Logic.cpp
+++ b/src/client/logic/Logic.cpp
@@ -52,8 +52,8 @@ Logic::Logic() {
std::make_shared());
m_cache = std::make_shared();
auto naiveInterpreter = std::make_shared();
- for (auto &type : naiveInterpreter->getSupportedPolicyTypes()) {
- m_cache->registerPlugin(type, naiveInterpreter);
+ for (auto &descr : naiveInterpreter->getSupportedPolicyDescr()) {
+ m_cache->registerPlugin(descr, naiveInterpreter);
}
}
diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt
index 37073ad..fe2f727 100644
--- a/src/common/CMakeLists.txt
+++ b/src/common/CMakeLists.txt
@@ -62,9 +62,11 @@ SET(COMMON_SOURCES
${COMMON_PATH}/sockets/Socket.cpp
${COMMON_PATH}/sockets/SocketClient.cpp
${COMMON_PATH}/types/PolicyBucket.cpp
+ ${COMMON_PATH}/types/PolicyDescription.cpp
${COMMON_PATH}/types/PolicyKey.cpp
${COMMON_PATH}/types/PolicyKeyHelpers.cpp
${COMMON_PATH}/types/PolicyResult.cpp
+ ${COMMON_PATH}/types/PolicyType.cpp
)
IF (CMAKE_BUILD_TYPE MATCHES "DEBUG")
diff --git a/src/common/plugin/ExternalPluginInterface.h b/src/common/plugin/ExternalPluginInterface.h
index ddd8363..f4e8a63 100644
--- a/src/common/plugin/ExternalPluginInterface.h
+++ b/src/common/plugin/ExternalPluginInterface.h
@@ -25,7 +25,7 @@
#include
-#include
+#include
namespace Cynara {
@@ -47,11 +47,10 @@ typedef void (*destroy_t)(ExternalPluginInterface *);
class ExternalPluginInterface {
public:
-
/**
- * Policy type supported by plugin.
+ * Policy types supported by plugin.
*/
- virtual const std::vector &getSupportedPolicyTypes(void) = 0;
+ virtual const std::vector &getSupportedPolicyDescr(void) = 0;
/**
* Informs, that every data stored based on previously given input
diff --git a/src/common/plugin/PluginManager.cpp b/src/common/plugin/PluginManager.cpp
index c8a38c5..300dc7f 100644
--- a/src/common/plugin/PluginManager.cpp
+++ b/src/common/plugin/PluginManager.cpp
@@ -65,6 +65,15 @@ ExternalPluginPtr PluginManager::getPlugin(PolicyType pType) {
return m_plugins[pType];
}
+std::vector PluginManager::getPolicyDescriptions(void) const {
+ std::vector descriptions;
+ descriptions.reserve(m_plugins.size());
+ for (auto &plugin : m_plugins) {
+ descriptions.push_back(plugin.first);
+ }
+ return descriptions;
+}
+
void PluginManager::invalidateAll(void) {
for (auto &plugin : m_plugins) {
plugin.second->invalidate();
@@ -125,14 +134,15 @@ void PluginManager::openPlugin(const std::string &path) {
return;
}
- auto policies = pluginPtr->getSupportedPolicyTypes();
+ auto policies = pluginPtr->getSupportedPolicyDescr();
if (policies.empty()) {
LOGE("Plugin <%s> does not support any type!", path.c_str());
return;
}
- for (auto type : policies) {
- if (!m_plugins.insert(std::make_pair(type, pluginPtr)).second) {
- LOGW("policyType [%" PRIu16 "] was already supported.", type);
+ for (auto &desc : policies) {
+ if (!m_plugins.insert(std::make_pair(desc, pluginPtr)).second) {
+ LOGW("policy type: [%" PRIu16 "] name: <%s> was already supported.",
+ desc.type, desc.name.c_str());
}
}
diff --git a/src/common/plugin/PluginManager.h b/src/common/plugin/PluginManager.h
index 8de33ae..87b0597 100644
--- a/src/common/plugin/PluginManager.h
+++ b/src/common/plugin/PluginManager.h
@@ -28,8 +28,10 @@
#include