From 2fc373fce947bef2dfccedaa748384aae6d6e95c Mon Sep 17 00:00:00 2001 From: Lukasz Wojciechowski Date: Thu, 8 May 2014 16:11:43 +0200 Subject: [PATCH 2/3] Add cynara directory structure, manifest and build files Definition of libcynara-client header [Bug/Feature] N/A [Cause] Definition of repository and build structure. [Solution] Directory structure and build system files added. [Verification] Should build on all platforms and provide following packages:cynara, libcynara-admin, libcynara-client. Change-Id: I922c2e0ccce5b0e49302aa643afbc2fbb9778cd2 Signed-off-by: Lukasz Wojciechowski --- AUTHORS | 4 + CMakeLists.txt | 63 ++++++++++ LICENSE | 203 ++++++++++++++++++++++++++++++++ README | 1 + build/CMakeLists.txt | 20 ++++ build/cynara-admin/CMakeLists.txt | 26 ++++ build/cynara-admin/cynara-admin.pc.in | 11 ++ build/cynara-client/CMakeLists.txt | 26 ++++ build/cynara-client/cynara-client.pc.in | 11 ++ packaging/cynara.manifest | 5 + packaging/cynara.spec | 170 ++++++++++++++++++++++++++ packaging/libcynara-admin.manifest | 5 + packaging/libcynara-client.manifest | 5 + src/CMakeLists.txt | 39 ++++++ src/admin/CMakeLists.txt | 43 +++++++ src/admin/admin-api.cpp | 23 ++++ src/client/CMakeLists.txt | 43 +++++++ src/client/client-api.cpp | 24 ++++ src/common/CMakeLists.txt | 42 +++++++ src/common/common.cpp | 23 ++++ src/include/CMakeLists.txt | 27 +++++ src/include/cynara-admin.h | 36 ++++++ src/include/cynara-client.h | 168 ++++++++++++++++++++++++++ src/service/CMakeLists.txt | 41 +++++++ src/service/main/main.cpp | 26 ++++ systemd/CMakeLists.txt | 27 +++++ systemd/cynara-admin.socket | 14 +++ systemd/cynara.service | 11 ++ systemd/cynara.socket | 14 +++ systemd/cynara.target | 4 + 30 files changed, 1155 insertions(+) create mode 100644 AUTHORS create mode 100644 CMakeLists.txt create mode 100644 LICENSE create mode 100644 README create mode 100644 build/CMakeLists.txt create mode 100644 build/cynara-admin/CMakeLists.txt create mode 100644 build/cynara-admin/cynara-admin.pc.in create mode 100644 build/cynara-client/CMakeLists.txt create mode 100644 build/cynara-client/cynara-client.pc.in create mode 100644 packaging/cynara.manifest create mode 100644 packaging/cynara.spec create mode 100644 packaging/libcynara-admin.manifest create mode 100644 packaging/libcynara-client.manifest create mode 100644 src/CMakeLists.txt create mode 100644 src/admin/CMakeLists.txt create mode 100644 src/admin/admin-api.cpp create mode 100644 src/client/CMakeLists.txt create mode 100644 src/client/client-api.cpp create mode 100644 src/common/CMakeLists.txt create mode 100644 src/common/common.cpp create mode 100644 src/include/CMakeLists.txt create mode 100644 src/include/cynara-admin.h create mode 100644 src/include/cynara-client.h create mode 100644 src/service/CMakeLists.txt create mode 100644 src/service/main/main.cpp create mode 100644 systemd/CMakeLists.txt create mode 100644 systemd/cynara-admin.socket create mode 100644 systemd/cynara.service create mode 100644 systemd/cynara.socket create mode 100644 systemd/cynara.target diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..481009a --- /dev/null +++ b/AUTHORS @@ -0,0 +1,4 @@ +Bartlomiej Grzelewski +Lukasz Wojciechowski +Adam Malinowski +Aleksander Zdyb diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..384ee9e --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,63 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Lukasz Wojciechowski +# + +############################# Check minimum CMake version ##################### + +CMAKE_MINIMUM_REQUIRED(VERSION 2.8.3) +PROJECT("cynara") + +############################# cmake packages ################################## + +INCLUDE(FindPkgConfig) + +############################# compiler flags ################################## + +SET(CMAKE_C_FLAGS_PROFILING "-g -O0 -pg") +SET(CMAKE_CXX_FLAGS_PROFILING "-g -std=c++0x -O0 -pg") +SET(CMAKE_C_FLAGS_DEBUG "-g -O0 -ggdb") +SET(CMAKE_CXX_FLAGS_DEBUG "-g -std=c++0x -O0 -ggdb") +SET(CMAKE_C_FLAGS_RELEASE "-g -O2") +SET(CMAKE_CXX_FLAGS_RELEASE "-g -std=c++0x -O2") +SET(CMAKE_C_FLAGS_CCOV "-g -O2 --coverage") +SET(CMAKE_CXX_FLAGS_CCOV "-g -std=c++0x -O2 --coverage") + +# If supported for the target machine, emit position-independent code,suitable +# for dynamic linking and avoiding any limit on the size of the global offset +# table. This option makes a difference on the m68k, PowerPC and SPARC. +ADD_DEFINITIONS("-fPIC") + +# Set compiler warning flags +ADD_DEFINITIONS("-Werror") # Make all warnings into errors. +ADD_DEFINITIONS("-Wall") # Generate all warnings +ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings + +STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}") +ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"") + +IF (CMAKE_BUILD_TYPE MATCHES "DEBUG") + ADD_DEFINITIONS("-DBUILD_TYPE_DEBUG") +ENDIF (CMAKE_BUILD_TYPE MATCHES "DEBUG") + +SET(TARGET_CYNARA "cynara") +SET(TARGET_LIB_CYNARA "cynara-client") +SET(TARGET_LIB_CYNARA_ADMIN "cynara-admin") +SET(TARGET_CYNARA_COMMON "cynara-commons") + +ADD_SUBDIRECTORY(src) +ADD_SUBDIRECTORY(build) +ADD_SUBDIRECTORY(systemd) diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e24cb52 --- /dev/null +++ b/LICENSE @@ -0,0 +1,203 @@ +Copyright (c) 2014 - 2014 Samsung Electronics Co., Ltd. All rights reserved. + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README b/README new file mode 100644 index 0000000..a6af6dc --- /dev/null +++ b/README @@ -0,0 +1 @@ +README for cynara project diff --git a/build/CMakeLists.txt b/build/CMakeLists.txt new file mode 100644 index 0000000..269b258 --- /dev/null +++ b/build/CMakeLists.txt @@ -0,0 +1,20 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Lukasz Wojciechowski +# + +ADD_SUBDIRECTORY(cynara-client) +ADD_SUBDIRECTORY(cynara-admin) diff --git a/build/cynara-admin/CMakeLists.txt b/build/cynara-admin/CMakeLists.txt new file mode 100644 index 0000000..215d6d7 --- /dev/null +++ b/build/cynara-admin/CMakeLists.txt @@ -0,0 +1,26 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Lukasz Wojciechowski +# @brief +# + +CONFIGURE_FILE(cynara-admin.pc.in cynara-admin.pc @ONLY) + +INSTALL(FILES + ${CMAKE_BINARY_DIR}/build/cynara-admin/cynara-admin.pc + DESTINATION + ${LIB_INSTALL_DIR}/pkgconfig + ) diff --git a/build/cynara-admin/cynara-admin.pc.in b/build/cynara-admin/cynara-admin.pc.in new file mode 100644 index 0000000..3bf19a0 --- /dev/null +++ b/build/cynara-admin/cynara-admin.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=@LIB_INSTALL_DIR@ +includedir=${prefix}/include + +Name: cynara-admin +Description: cynara-admin package +Version: 0.0.1 +Requires: +Libs: -L${libdir} -lcynara-admin +Cflags: -I${includedir}/cynara diff --git a/build/cynara-client/CMakeLists.txt b/build/cynara-client/CMakeLists.txt new file mode 100644 index 0000000..b23c222 --- /dev/null +++ b/build/cynara-client/CMakeLists.txt @@ -0,0 +1,26 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Lukasz Wojciechowski +# @brief +# + +CONFIGURE_FILE(cynara-client.pc.in cynara-client.pc @ONLY) + +INSTALL(FILES + ${CMAKE_BINARY_DIR}/build/cynara-client/cynara-client.pc + DESTINATION + ${LIB_INSTALL_DIR}/pkgconfig + ) diff --git a/build/cynara-client/cynara-client.pc.in b/build/cynara-client/cynara-client.pc.in new file mode 100644 index 0000000..d81e8ab --- /dev/null +++ b/build/cynara-client/cynara-client.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=@LIB_INSTALL_DIR@ +includedir=${prefix}/include + +Name: cynara-client +Description: cynara-client package +Version: 0.0.1 +Requires: +Libs: -L${libdir} -lcynara-client +Cflags: -I${includedir}/cynara diff --git a/packaging/cynara.manifest b/packaging/cynara.manifest new file mode 100644 index 0000000..a76fdba --- /dev/null +++ b/packaging/cynara.manifest @@ -0,0 +1,5 @@ + + + + + diff --git a/packaging/cynara.spec b/packaging/cynara.spec new file mode 100644 index 0000000..a3b212a --- /dev/null +++ b/packaging/cynara.spec @@ -0,0 +1,170 @@ +Name: cynara +Summary: Cynara service with client libraries +Version: 0.0.1 +Release: 1 +Group: Security/Access Control +License: Apache-2.0 +Source0: %{name}-%{version}.tar.gz +Source1001: cynara.manifest +Source1002: libcynara-client.manifest +Source1003: libcynara-admin.manifest +BuildRequires: cmake +BuildRequires: zip +BuildRequires: pkgconfig(libsystemd-daemon) +%{?systemd_requires} + +%description +service and client libraries (libcynara-client, libcynara-admin) + +####################################################### +%package -n libcynara-client +Summary: Cynara - client library +Requires: cynara = %{version}-%{release} +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n libcynara-client +client library for checking policies + +%package -n libcynara-client-devel +Summary: Cynara - client library (devel) +Requires: libcynara-client = %{version}-%{release} + +%description -n libcynara-client-devel +client library (devel) for checking policies + +####################################################### +%package -n libcynara-admin +Summary: Cynara - admin client library +Requires: cynara = %{version}-%{release} +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n libcynara-admin +admin client library for setting, listing and removing policies + +%package -n libcynara-admin-devel +Summary: Cynara - admin client library (devel) +Requires: libcynara-admin = %{version}-%{release} + +%description -n libcynara-admin-devel +admin client library (devel) for setting, listing and removing policies + +####################################################### +%package -n cynara-devel +Summary: Cynara service (devel) +Requires: cynara = %{version}-%{release} + +%description -n cynara-devel +service (devel version) + + +%prep +%setup -q +cp -a %{SOURCE1001} . +cp -a %{SOURCE1002} . +cp -a %{SOURCE1003} . + +%build +%if 0%{?sec_build_binary_debug_enable} +export CFLAGS="$CFLAGS -DTIZEN_DEBUG_ENABLE" +export CXXFLAGS="$CXXFLAGS -DTIZEN_DEBUG_ENABLE" +export FFLAGS="$FFLAGS -DTIZEN_DEBUG_ENABLE" +%endif + +export LDFLAGS+="-Wl,--rpath=%{_libdir}" + +%cmake . -DVERSION=%{version} \ + -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \ + -DCMAKE_VERBOSE_MAKEFILE=ON +make %{?jobs:-j%jobs} + +%install +rm -rf %{buildroot} +%make_install + +mkdir -p %{buildroot}/usr/lib/systemd/system/multi-user.target.wants +ln -s ../cynara.service %{buildroot}/usr/lib/systemd/system/multi-user.target.wants/cynara.service +mkdir -p %{buildroot}/usr/lib/systemd/system/sockets.target.wants +ln -s ../cynara.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/cynara.socket +ln -s ../cynara-admin.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/cynara-admin.socket + +%post +systemctl daemon-reload +if [ $1 = 1 ]; then + # installation + systemctl start cynara.service +fi + +if [ $1 = 2 ]; then + # update + systemctl restart cynara.service +fi + +/sbin/ldconfig + +%preun +if [ $1 = 0 ]; then + # unistall + systemctl stop cynara.service +fi + +%postun +if [ $1 = 0 ]; then + # unistall + systemctl daemon-reload +fi +/sbin/ldconfig + +%post -n libcynara-client -p /sbin/ldconfig + +%postun -n libcynara-client -p /sbin/ldconfig + +%post -n libcynara-admin -p /sbin/ldconfig + +%postun -n libcynara-admin -p /sbin/ldconfig + +%post -n libcynara-client-devel -p /sbin/ldconfig + +%postun -n libcynara-client-devel -p /sbin/ldconfig + +%post -n libcynara-admin-devel -p /sbin/ldconfig + +%postun -n libcynara-admin-devel -p /sbin/ldconfig + +%files -n cynara +%manifest cynara.manifest +%license LICENSE +%attr(755,root,root) /usr/bin/cynara +%{_libdir}/libcynara-commons.so* +%attr(-,root,root) /usr/lib/systemd/system/multi-user.target.wants/cynara.service +%attr(-,root,root) /usr/lib/systemd/system/cynara.service +%attr(-,root,root) /usr/lib/systemd/system/cynara.target +%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/cynara.socket +%attr(-,root,root) /usr/lib/systemd/system/cynara.socket +%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/cynara-admin.socket +%attr(-,root,root) /usr/lib/systemd/system/cynara-admin.socket + +%files -n libcynara-client +%manifest libcynara-client.manifest +%license LICENSE +%defattr(-,root,root,-) +%{_libdir}/libcynara-client.so.* + +%files -n libcynara-client-devel +%defattr(-,root,root,-) +%{_includedir}/cynara/cynara-client.h +%{_libdir}/pkgconfig/cynara-client.pc +%{_libdir}/libcynara-client.so + +%files -n libcynara-admin +%manifest libcynara-admin.manifest +%license LICENSE +%defattr(-,root,root,-) +%{_libdir}/libcynara-admin.so.* + +%files -n libcynara-admin-devel +%defattr(-,root,root,-) +%{_includedir}/cynara/cynara-admin.h +%{_libdir}/pkgconfig/cynara-admin.pc +%{_libdir}/libcynara-admin.so diff --git a/packaging/libcynara-admin.manifest b/packaging/libcynara-admin.manifest new file mode 100644 index 0000000..a76fdba --- /dev/null +++ b/packaging/libcynara-admin.manifest @@ -0,0 +1,5 @@ + + + + + diff --git a/packaging/libcynara-client.manifest b/packaging/libcynara-client.manifest new file mode 100644 index 0000000..a76fdba --- /dev/null +++ b/packaging/libcynara-client.manifest @@ -0,0 +1,5 @@ + + + + + diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt new file mode 100644 index 0000000..c113c5f --- /dev/null +++ b/src/CMakeLists.txt @@ -0,0 +1,39 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Lukasz Wojciechowski +# + +PKG_CHECK_MODULES(CYNARA_DEP + libsystemd-daemon + REQUIRED + ) + +INCLUDE_DIRECTORIES(SYSTEM + ${CYNARA_DEP_INCLUDE_DIRS} + ) + +SET(CYNARA_PATH ${PROJECT_SOURCE_DIR}/src) + +INCLUDE_DIRECTORIES( + ${CYNARA_PATH}/include + ${CYNARA_PATH}/common + ) + +ADD_SUBDIRECTORY(include) +ADD_SUBDIRECTORY(common) +ADD_SUBDIRECTORY(client) +ADD_SUBDIRECTORY(admin) +ADD_SUBDIRECTORY(service) diff --git a/src/admin/CMakeLists.txt b/src/admin/CMakeLists.txt new file mode 100644 index 0000000..f78af24 --- /dev/null +++ b/src/admin/CMakeLists.txt @@ -0,0 +1,43 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Lukasz Wojciechowski +# + +SET(LIB_CYNARA_ADMIN_VERSION_MAJOR 0) +SET(LIB_CYNARA_ADMIN_VERSION ${LIB_CYNARA_ADMIN_VERSION_MAJOR}.0.1) + +SET(CYNARA_LIB_CYNARA_ADMIN_PATH ${CYNARA_PATH}/admin) + +SET(LIB_CYNARA_ADMIN_SOURCES + ${CYNARA_LIB_CYNARA_ADMIN_PATH}/admin-api.cpp + ) + +ADD_LIBRARY(${TARGET_LIB_CYNARA_ADMIN} SHARED ${LIB_CYNARA_ADMIN_SOURCES}) + +SET_TARGET_PROPERTIES( + ${TARGET_LIB_CYNARA_ADMIN} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=hidden" + SOVERSION ${LIB_CYNARA_ADMIN_VERSION_MAJOR} + VERSION ${LIB_CYNARA_ADMIN_VERSION} + ) + +TARGET_LINK_LIBRARIES(${TARGET_LIB_CYNARA_ADMIN} + ${CYNARA_DEP_LIBRARIES} + ${TARGET_CYNARA_COMMON} + ) + +INSTALL(TARGETS ${TARGET_LIB_CYNARA_ADMIN} DESTINATION ${LIB_INSTALL_DIR}) diff --git a/src/admin/admin-api.cpp b/src/admin/admin-api.cpp new file mode 100644 index 0000000..30b187c --- /dev/null +++ b/src/admin/admin-api.cpp @@ -0,0 +1,23 @@ +/* +* Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License +*/ +/* +* @file admin-api.cpp +* @author Lukasz Wojciechowski +* @version 1.0 +* @brief Implementation of external libcynara-admin API +*/ + +// empty file for init cynara commit diff --git a/src/client/CMakeLists.txt b/src/client/CMakeLists.txt new file mode 100644 index 0000000..0a28d6d --- /dev/null +++ b/src/client/CMakeLists.txt @@ -0,0 +1,43 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Lukasz Wojciechowski +# + +SET(LIB_CYNARA_VERSION_MAJOR 0) +SET(LIB_CYNARA_VERSION ${LIB_CYNARA_VERSION_MAJOR}.0.1) + +SET(CYNARA_LIB_CYNARA_PATH ${CYNARA_PATH}/client) + +SET(LIB_CYNARA_SOURCES + ${CYNARA_LIB_CYNARA_PATH}/client-api.cpp + ) + +ADD_LIBRARY(${TARGET_LIB_CYNARA} SHARED ${LIB_CYNARA_SOURCES}) + +SET_TARGET_PROPERTIES( + ${TARGET_LIB_CYNARA} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=hidden" + SOVERSION ${LIB_CYNARA_VERSION_MAJOR} + VERSION ${LIB_CYNARA_VERSION} + ) + +TARGET_LINK_LIBRARIES(${TARGET_LIB_CYNARA} + ${CYNARA_DEP_LIBRARIES} + ${TARGET_CYNARA_COMMON} + ) + +INSTALL(TARGETS ${TARGET_LIB_CYNARA} DESTINATION ${LIB_INSTALL_DIR}) diff --git a/src/client/client-api.cpp b/src/client/client-api.cpp new file mode 100644 index 0000000..5b32690 --- /dev/null +++ b/src/client/client-api.cpp @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file client-api.cpp + * @author Lukasz Wojciechowski + * @version 1.0 + * @brief Implementation of external libcynara-client API + */ + +//empty init commit + diff --git a/src/common/CMakeLists.txt b/src/common/CMakeLists.txt new file mode 100644 index 0000000..8ea3a3e --- /dev/null +++ b/src/common/CMakeLists.txt @@ -0,0 +1,42 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Lukasz Wojciechowski +# + +SET(CYNARA_COMMON_VERSION_MAJOR 0) +SET(CYNARA_COMMON_VERSION ${CYNARA_COMMON_VERSION_MAJOR}.0.1) + +SET(COMMON_PATH ${CYNARA_PATH}/common) + +SET(COMMON_SOURCES + ${COMMON_PATH}/common.cpp + ) + +ADD_LIBRARY(${TARGET_CYNARA_COMMON} SHARED ${COMMON_SOURCES}) + +SET_TARGET_PROPERTIES( + ${TARGET_CYNARA_COMMON} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fPIC -fvisibility=default" + SOVERSION ${CYNARA_COMMON_VERSION_MAJOR} + VERSION ${CYNARA_COMMON_VERSION} + ) + +TARGET_LINK_LIBRARIES(${TARGET_CYNARA_COMMON} + ${CYNARA_DEP_LIBRARIES} + ) + +INSTALL(TARGETS ${TARGET_CYNARA_COMMON} DESTINATION ${LIB_INSTALL_DIR}) diff --git a/src/common/common.cpp b/src/common/common.cpp new file mode 100644 index 0000000..e0cc78f --- /dev/null +++ b/src/common/common.cpp @@ -0,0 +1,23 @@ +/* +* Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License +*/ +/* +* @file common.cpp +* @author Lukasz Wojciechowski +* @version 1.0 +* @brief Dummy empty file for making common not empty +*/ + +// empty file for init commit diff --git a/src/include/CMakeLists.txt b/src/include/CMakeLists.txt new file mode 100644 index 0000000..5d8ed5a --- /dev/null +++ b/src/include/CMakeLists.txt @@ -0,0 +1,27 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Lukasz Wojciechowski +# + +INSTALL(FILES + ${CYNARA_PATH}/include/cynara-client.h + DESTINATION ${INCLUDE_INSTALL_DIR}/cynara + ) + +INSTALL(FILES + ${CYNARA_PATH}/include/cynara-admin.h + DESTINATION ${INCLUDE_INSTALL_DIR}/cynara + ) diff --git a/src/include/cynara-admin.h b/src/include/cynara-admin.h new file mode 100644 index 0000000..3eb9167 --- /dev/null +++ b/src/include/cynara-admin.h @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file cynara-admin.h + * @author Lukasz Wojciechowski + * @version 1.0 + * @brief This file contains administration APIs of Cynara available with libcynara-admin. + */ + + +#ifndef CYNARA_ADMIN_H +#define CYNARA_ADMIN_H + +#ifdef __cplusplus +extern "C" { +#endif + + +#ifdef __cplusplus +} +#endif + +#endif /* CYNARA_ADMIN_H */ diff --git a/src/include/cynara-client.h b/src/include/cynara-client.h new file mode 100644 index 0000000..5bcd1fa --- /dev/null +++ b/src/include/cynara-client.h @@ -0,0 +1,168 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file cynara-client.h + * @author Lukasz Wojciechowski + * @version 1.0 + * @brief This file contains client APIs of Cynara available with libcynara-client. + */ + + +#ifndef CYNARA_CLIENT_H +#define CYNARA_CLIENT_H + +/** + * \name Return Codes + * exported by the foundation API. + * result codes begin with the start error code and extend into negative direction. + * @{ +*/ + +enum cynara_api_result +{ +/*! \brief indicating the result of the one specific API is successful or access is allowed */ + CYNARA_API_SUCCESS, + +/*! \brief indicating that access that was checked is denied */ + CYNARA_API_ACCESS_DENIED, + +/*! \brief indicating system is running out of memory state */ + CYNARA_API_OUT_OF_MEMORY, + +/*! \brief indicating the API's parameter is malformed */ + CYNARA_API_INVALID_PARAM +}; +/** @}*/ + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct cynara cynara; +typedef struct cynara_configuration cynara_configuration; + + +/** + * \par Description: + * Initialize cynara-client library with given configuration. + * Create structured used in following API calls. + * + * \par Purpose: + * This API must be used by prior calling cynara_check function. + * + * \par Typical use case: + * Once before a service can call cynara_check. + * + * \par Method of function operation: + * This API initializes inner library structures [TODO describe more details] and in case of success + * creates and returns cynara structure. + * + * \par Sync (or) Async: + * This is a Synchronous API. + * + * \par Thread-safeness: + * This function is NOT thread-safe. If functions from described API are called by multithreaded + * application from different threads, they must be put into mutex protected critical section. + * + * \par Important notes: + * Structure cynara created by cynara_initialize call should be released with cynara_finish. + * + * \param[out] pp_cynara Place holder for created cynara structure. + * \param[in] p_conf Configuration for cynara-client library. NULL for default parameters. + * [TODO define and describe functions for custom parameters]. + * + * \return CYNARA_API_SUCCESS on success, or error code on error. + */ +int cynara_initialize (cynara **pp_cynara, const cynara_configuration *p_conf); + +/** + * \par Description: + * Release cynara-client library and destroy structure created with cynara_initialize. + * + * \par Purpose: + * This API should be used to clean up after usage of cynara-client library. + * + * \par Typical use case: + * Once after last call to cynara_check. + * + * \par Method of function operation: + * This API initializes releases inner library structures [TODO describe more details] + * and destroys cynara structure. + * + * \par Sync (or) Async: + * This is a Synchronous API. + * + * \par Thread-safeness: + * This function is NOT thread-safe. If functions from described API are called by multithreaded + * application from different threads, they must be put into mutex protected critical section. + * + * \par Important notes: + * No other call to libcynara-client should be made after call to cynara_finish. + * + * \param[in] p_cynara Cynara structure. + * + * \return CYNARA_API_SUCCESS on success, or error code on error. + */ +int cynara_finish(cynara *p_cynara); + +/** + * \par Description: + * Check client, user access for given privilege. + * + * \par Purpose: + * This API should be used to check if a user running application identified as client + * has access to a privilege. + * + * \par Typical use case: + * A service want to ask trusted process (Cynara), if a client demanding access to some privilege + * has proper rights. + * + * \par Method of function operation: + * Client (a process / application) demanding access to a privilege is running as some user. + * For such triple an access to a privilege is checked by calling cynara. + * Depending on defined policy, an external application may be launched to ask user a question, + * e.g. if [s]he wants to allow client to use a privilege. Additional parameter client_session + * may be used to distinguish between client session (e.g. for allowing access only for this + * particular application launch). + * + * \par Sync (or) Async: + * This is a Synchronous API. + * + * \par Thread-safeness: + * This function is NOT thread-safe. If functions from described API are called by multithreaded + * application from different threads, they must be put into mutex protected critical section. + * + * \par Important notes: + * An external application may be launched to allow user interaction in granting or denying access. + * Call to cynara_check needs cynara structure to be created first with call to cynara_initialize. + * + * \param[in] p_cynara Cynara structure. + * \param[in] client Application or process identifier. + * \param[in] client_session Session of client (connection, launch). + * \param[in] user User running client. + * \param[in] privilege Privilege that is a subject of a check.. + * + * \return CYNARA_API_SUCCESS on success (access granted), CYNARA_API_ACCESS_DENIED on access denial + * or other error code on error. + */ +int cynara_check(cynara *p_cynara, const char *client, const char *client_session, const char *user, + const char *privilege); + +#ifdef __cplusplus +} +#endif + +#endif /* CYNARA_CLIENT_H */ diff --git a/src/service/CMakeLists.txt b/src/service/CMakeLists.txt new file mode 100644 index 0000000..0e67eb5 --- /dev/null +++ b/src/service/CMakeLists.txt @@ -0,0 +1,41 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Lukasz Wojciechowski +# + +SET(CYNARA_SERVICE_PATH ${CYNARA_PATH}/service) + +SET(CYNARA_SOURCES + ${CYNARA_SERVICE_PATH}/main/main.cpp + ) + +SET_SOURCE_FILES_PROPERTIES( + ${CYNARA_SOURCES} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -fvisibility=hidden") + +INCLUDE_DIRECTORIES( + ${CYNARA_SERVICE_PATH}/main + ) + +ADD_EXECUTABLE(${TARGET_CYNARA} ${CYNARA_SOURCES}) + +TARGET_LINK_LIBRARIES(${TARGET_CYNARA} + ${CYNARA_DEP_LIBRARIES} + ${TARGET_CYNARA_COMMON} + ) + +INSTALL(TARGETS ${TARGET_CYNARA} DESTINATION bin) diff --git a/src/service/main/main.cpp b/src/service/main/main.cpp new file mode 100644 index 0000000..b34def0 --- /dev/null +++ b/src/service/main/main.cpp @@ -0,0 +1,26 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file main.cpp + * @author Lukasz Wojciechowski + * @version 1.0 + * @brief Main Cynara daemon file + */ + +int main(void) { + return 0; +} + diff --git a/systemd/CMakeLists.txt b/systemd/CMakeLists.txt new file mode 100644 index 0000000..4076688 --- /dev/null +++ b/systemd/CMakeLists.txt @@ -0,0 +1,27 @@ +# Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Lukasz Wojciechowski +# + +INSTALL(FILES + ${CMAKE_SOURCE_DIR}/systemd/cynara.service + ${CMAKE_SOURCE_DIR}/systemd/cynara.target + ${CMAKE_SOURCE_DIR}/systemd/cynara.socket + ${CMAKE_SOURCE_DIR}/systemd/cynara-admin.socket + DESTINATION + /usr/lib/systemd/system +) + diff --git a/systemd/cynara-admin.socket b/systemd/cynara-admin.socket new file mode 100644 index 0000000..2d1aea4 --- /dev/null +++ b/systemd/cynara-admin.socket @@ -0,0 +1,14 @@ +[Socket] +ListenStream=/run/cynara/cynara-admin.socket +SocketMode=0700 +SmackLabelIPIn=@ +SmackLabelIPOut=@ + +Service=cynara.service + +[Unit] +Wants=cynara.target +Before=cynara.target + +[Install] +WantedBy=sockets.target diff --git a/systemd/cynara.service b/systemd/cynara.service new file mode 100644 index 0000000..a88ea16 --- /dev/null +++ b/systemd/cynara.service @@ -0,0 +1,11 @@ +[Unit] +Description=Start the cynara service + +[Service] +Type=notify +ExecStart=/usr/bin/cynara +Sockets=cynara.socket +Sockets=cynara-admin.socket + +[Install] +WantedBy=multi-user.target diff --git a/systemd/cynara.socket b/systemd/cynara.socket new file mode 100644 index 0000000..92f4f7f --- /dev/null +++ b/systemd/cynara.socket @@ -0,0 +1,14 @@ +[Socket] +ListenStream=/run/cynara/cynara.socket +SocketMode=0777 +SmackLabelIPIn=@ +SmackLabelIPOut=@ + +Service=cynara.service + +[Unit] +Wants=cynara.target +Before=cynara.target + +[Install] +WantedBy=sockets.target diff --git a/systemd/cynara.target b/systemd/cynara.target new file mode 100644 index 0000000..9b2dee4 --- /dev/null +++ b/systemd/cynara.target @@ -0,0 +1,4 @@ +[Unit] +Description=cynara sockets +DefaultDependencies=true + -- 2.7.4 From f2559afa4fd0cceaf94fb1771a73550b34640180 Mon Sep 17 00:00:00 2001 From: Lukasz Wojciechowski Date: Thu, 8 May 2014 16:27:51 +0200 Subject: [PATCH 3/3] Implement cynara-bootstrap version of libcynara-client This is temporary version - it's implementation is based on security-server and libprivilege-control instead of cynara service. [Bug/Feature] N/A [Cause] First working version of cynara's client. [Solution] Implementation temporary based on security-server. [Verification] Should be build along with all other patches marked with topic:cynara-bootstrap. Build needs: http://review.tizen.org/gerrit/#/c/20519/ Change-Id: I8468b6756c9844840f3b3bea37f498b08b7f7188 Signed-off-by: Lukasz Wojciechowski --- build/cynara-client/cynara-client.pc.in | 2 +- packaging/cynara.spec | 1 + src/client/CMakeLists.txt | 12 ++++++ src/client/bootstrap/cynara-client-bootstrap.cpp | 43 ++++++++++++++++++++ src/client/bootstrap/cynara-client-bootstrap.h | 39 ++++++++++++++++++ src/client/client-api.cpp | 50 +++++++++++++++++++++++- src/client/cynara-client-interface.h | 38 ++++++++++++++++++ src/common/attributes/attributes.h | 29 ++++++++++++++ src/common/common.h | 29 ++++++++++++++ src/include/cynara-client.h | 2 +- 10 files changed, 242 insertions(+), 3 deletions(-) create mode 100644 src/client/bootstrap/cynara-client-bootstrap.cpp create mode 100644 src/client/bootstrap/cynara-client-bootstrap.h create mode 100644 src/client/cynara-client-interface.h create mode 100644 src/common/attributes/attributes.h create mode 100644 src/common/common.h diff --git a/build/cynara-client/cynara-client.pc.in b/build/cynara-client/cynara-client.pc.in index d81e8ab..d958ce6 100644 --- a/build/cynara-client/cynara-client.pc.in +++ b/build/cynara-client/cynara-client.pc.in @@ -6,6 +6,6 @@ includedir=${prefix}/include Name: cynara-client Description: cynara-client package Version: 0.0.1 -Requires: +Requires: security-server Libs: -L${libdir} -lcynara-client Cflags: -I${includedir}/cynara diff --git a/packaging/cynara.spec b/packaging/cynara.spec index a3b212a..bbf664a 100644 --- a/packaging/cynara.spec +++ b/packaging/cynara.spec @@ -22,6 +22,7 @@ Summary: Cynara - client library Requires: cynara = %{version}-%{release} Requires(post): /sbin/ldconfig Requires(postun): /sbin/ldconfig +BuildRequires: pkgconfig(security-server) %description -n libcynara-client client library for checking policies diff --git a/src/client/CMakeLists.txt b/src/client/CMakeLists.txt index 0a28d6d..c7e9dbd 100644 --- a/src/client/CMakeLists.txt +++ b/src/client/CMakeLists.txt @@ -23,6 +23,17 @@ SET(CYNARA_LIB_CYNARA_PATH ${CYNARA_PATH}/client) SET(LIB_CYNARA_SOURCES ${CYNARA_LIB_CYNARA_PATH}/client-api.cpp + ${CYNARA_LIB_CYNARA_PATH}/bootstrap/cynara-client-bootstrap.cpp + ) + +PKG_CHECK_MODULES(CYNARA_CLIENT_DEP + REQUIRED + security-server + ) + +INCLUDE_DIRECTORIES( + ${CYNARA_LIB_CYNARA_PATH} + ${CYNARA_CLIENT_DEP_INCLUDE_DIRS} ) ADD_LIBRARY(${TARGET_LIB_CYNARA} SHARED ${LIB_CYNARA_SOURCES}) @@ -37,6 +48,7 @@ SET_TARGET_PROPERTIES( TARGET_LINK_LIBRARIES(${TARGET_LIB_CYNARA} ${CYNARA_DEP_LIBRARIES} + ${CYNARA_CLIENT_DEP_LIBRARIES} ${TARGET_CYNARA_COMMON} ) diff --git a/src/client/bootstrap/cynara-client-bootstrap.cpp b/src/client/bootstrap/cynara-client-bootstrap.cpp new file mode 100644 index 0000000..f3d2bef --- /dev/null +++ b/src/client/bootstrap/cynara-client-bootstrap.cpp @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file cynara-client-bootstrap.cpp + * @author Lukasz Wojciechowski + * @version 1.0 + * @brief This file contains bootstrap version of libcynara-client API implementation. + */ + +#include +#include "cynara-client-bootstrap.h" + +CynaraClientBootstrap :: CynaraClientBootstrap() { +} + +CynaraClientBootstrap :: ~CynaraClientBootstrap() { +} + +cynara_api_result CynaraClientBootstrap :: check(const std::string& client, + const std::string& session UNUSED, const std::string& user UNUSED, const std::string& privilege) +{ + int is_enabled = 0; + + int ret = security_server_app_has_privilege(client.c_str(), APP_TYPE_WGT, privilege.c_str(), + &is_enabled); + + if(ret == PC_OPERATION_SUCCESS && is_enabled) + return cynara_api_result::CYNARA_API_SUCCESS; + return cynara_api_result::CYNARA_API_ACCESS_DENIED; +} diff --git a/src/client/bootstrap/cynara-client-bootstrap.h b/src/client/bootstrap/cynara-client-bootstrap.h new file mode 100644 index 0000000..c398346 --- /dev/null +++ b/src/client/bootstrap/cynara-client-bootstrap.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file cynara-client-bootstrap.h + * @author Lukasz Wojciechowski + * @version 1.0 + * @brief This file contains bootstrap version of libcynara-client API implementation. + */ + +#ifndef CYNARA_CLIENT_BOOTSTRAP_H +#define CYNARA_CLIENT_BOOTSTRAP_H + +#include +#include +#include +#include + +class CynaraClientBootstrap : public CynaraClientInterface { +public: + CynaraClientBootstrap(); + virtual ~CynaraClientBootstrap(); + virtual cynara_api_result check(const std::string& client, const std::string& session, + const std::string& user, const std::string& privilege); +}; + +#endif /* CYNARA_CLIENT_BOOTSTRAP_H */ diff --git a/src/client/client-api.cpp b/src/client/client-api.cpp index 5b32690..0c477f9 100644 --- a/src/client/client-api.cpp +++ b/src/client/client-api.cpp @@ -20,5 +20,53 @@ * @brief Implementation of external libcynara-client API */ -//empty init commit +#include +#include +#include +#include +#include +struct cynara { + CynaraClientInterface* impl; + + cynara(CynaraClientInterface *_impl) : impl(_impl) { + } + ~cynara() { + delete impl; + } +}; + +CYNARA_API +int cynara_initialize(cynara **pp_cynara, const cynara_configuration *p_conf UNUSED) +{ + if (!pp_cynara) + return cynara_api_result::CYNARA_API_INVALID_PARAM; + + try { + *pp_cynara = new cynara(new CynaraClientBootstrap); + } catch (std::bad_alloc& ex) { + return cynara_api_result::CYNARA_API_OUT_OF_MEMORY; + } + + return cynara_api_result::CYNARA_API_SUCCESS; +} + +CYNARA_API +int cynara_finish(cynara *p_cynara) +{ + delete p_cynara; + + return cynara_api_result::CYNARA_API_SUCCESS; +} + +CYNARA_API +int cynara_check(cynara *p_cynara, const char *client, const char *client_session, const char *user, + const char *privilege) +{ + if(!p_cynara || !p_cynara->impl) + return cynara_api_result::CYNARA_API_INVALID_PARAM; + if(!client || !client_session || !user || !privilege) + return cynara_api_result::CYNARA_API_INVALID_PARAM; + + return p_cynara->impl->check(client, client_session, user, privilege); +} diff --git a/src/client/cynara-client-interface.h b/src/client/cynara-client-interface.h new file mode 100644 index 0000000..cebf1bc --- /dev/null +++ b/src/client/cynara-client-interface.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file cynara-client-interface.h + * @author Lukasz Wojciechowski + * @version 1.0 + * @brief This file contains interface for libcynara-client API implementation. + */ + + +#ifndef CYNARA_CLIENT_INTERFACE_H +#define CYNARA_CLIENT_INTERFACE_H + +#include +#include + +class CynaraClientInterface { +public: + virtual ~CynaraClientInterface() { + } + virtual cynara_api_result check(const std::string& client, const std::string& session, + const std::string& user, const std::string& privilege) = 0; +}; + +#endif /* CYNARA_CLIENT_INTERFACE_H */ diff --git a/src/common/attributes/attributes.h b/src/common/attributes/attributes.h new file mode 100644 index 0000000..9690595 --- /dev/null +++ b/src/common/attributes/attributes.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file attributes.h + * @author Lukasz Wojciechowski + * @version 1.0 + * @brief This file defines common used attributes + */ + +#ifndef ATTRIBUTES_ATTRIBUTES_H +#define ATTRIBUTES_ATTRIBUTES_H + +#define CYNARA_API __attribute__((visibility("default"))) +#define UNUSED __attribute__((unused)) + +#endif /* ATTRIBUTES_ATTRIBUTES_H */ diff --git a/src/common/common.h b/src/common/common.h new file mode 100644 index 0000000..15829da --- /dev/null +++ b/src/common/common.h @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ +/* + * @file common.h + * @author Lukasz Wojciechowski + * @version 1.0 + * @brief This file binds includes from cynara common library + */ + + +#ifndef COMMON_H +#define COMMON_H + +#include "attributes/attributes.h" + +#endif /* COMMON_H */ diff --git a/src/include/cynara-client.h b/src/include/cynara-client.h index 5bcd1fa..d07c72b 100644 --- a/src/include/cynara-client.h +++ b/src/include/cynara-client.h @@ -86,7 +86,7 @@ typedef struct cynara_configuration cynara_configuration; * * \return CYNARA_API_SUCCESS on success, or error code on error. */ -int cynara_initialize (cynara **pp_cynara, const cynara_configuration *p_conf); +int cynara_initialize(cynara **pp_cynara, const cynara_configuration *p_conf); /** * \par Description: -- 2.7.4