Oskar Świtalski [Thu, 23 Jul 2015 12:49:10 +0000 (14:49 +0200)]
Change help message behavior and add information
Cyad now shows help message only with '-h/--help' option, not after every
error in command-line options. Information about help option is shown instead.
Information about option being required has been added to help message.
Change-Id: I3898b6e9b2ce965fad0fd34d59893a49986c877b
Oskar Świtalski [Thu, 20 Aug 2015 09:36:13 +0000 (11:36 +0200)]
Fix SIGSEGV when passing nullptr to cynara_async_finish
cynara_async_finish should check if cynara_async pointer is
empty before any other action.
Change-Id: Ic9019c274a26f1d6802c31cad3b5f83a86c27c00
Rafal Krypa [Mon, 11 May 2015 12:02:59 +0000 (14:02 +0200)]
Limit length of string identifiers in API (client, application, privilege)
Don't accept identifiers of client, application, privilege and session
longer than 4096 characters.
Until now Cynara didn't impose any limits on string identifiers for policy
entries. This could be exploited by unprivileged users, causing denial
of service to Cynara daemon by malicious check requests:
- exhaust system memory by causing Cynara to allocate very large buffers
- trigger Cynara termination by causing unhandled exception std::bad_alloc
or std::length_error in deserialization code
Change-Id: I1396bf9a73230cb96a462ef3d577a605be715980
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Wojciechowski [Mon, 20 Jul 2015 13:10:06 +0000 (15:10 +0200)]
Add tests covering sequenceContainer
Change-Id: Ib0bac778b99eb1190b3522e57e90cba29a0dfb9c
Rafal Krypa [Fri, 8 May 2015 18:22:50 +0000 (20:22 +0200)]
Fix build with CYNARA_NO_LOGS
Adding definition of CYNARA_NO_LOGS in top-level CMake enables build
with all logs disabled. Unfortunately such a build would fail in few files.
This patch fixes those files, enabling log-less build.
Change-Id: Ib2ab690ff1774f987d2d498a27709a968985ae6d
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Jacek Bukarewicz [Mon, 22 Jun 2015 11:53:16 +0000 (13:53 +0200)]
Fix bug in gdbus creds API description
Typical use case section suggested that output strings should be freed
with free function while g_free function should be used instead.
Change-Id: Ia28a6ec365952ced5ed153ce438b283ca0d8795f
Radoslaw Bartosiak [Tue, 16 Jun 2015 12:10:16 +0000 (14:10 +0200)]
Refactor cynara_creds_get_[client|user] method
Changes needed to successfully run UT when there is no configuration
file.
Change-Id: Ib4731e952e271ce65eeda58a4af81ee00ba51e6d
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Jacek Bukarewicz [Fri, 12 Jun 2015 15:18:12 +0000 (17:18 +0200)]
Use classic locale in tests instead of "en_US.UTF8"
Change-Id: I51724c0e80c58a99954ee13b97810d14eb433c6d
Jacek Bukarewicz [Fri, 12 Jun 2015 15:07:56 +0000 (17:07 +0200)]
Fix static variable initialization order issues
Static variables from different compilation units are initialized in
undefined order. This might cause problems if one variable depends on
another. This commit removes such problematic dependencies.
Additionally, in some places unnecessary static std::string variables are
removed to avoid potential problems in the future.
Change-Id: I32050f8774571e0d1cfc5a588f4dbe470a9ef1c9
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Patrick Ohly [Fri, 29 May 2015 10:41:34 +0000 (12:41 +0200)]
PolicyKeyFeature: avoid complex global constants
PolicyKeyFeature is used by other global instances in cynara-test
and cannot assume that the initialization of its own static constants
happens first, unless it enforces initialization by embedding
these constants in method calls.
Upstream-status: Submitted [https://github.com/Samsung/cynara/issues/9]
Change-Id: Ifa6dcd44ce059cf3ec8c99764bd6ea0c677cdd6d
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Radoslaw Bartosiak <r.bartosiak@samsung.com>
Aleksander Zdyb [Thu, 21 May 2015 09:34:57 +0000 (11:34 +0200)]
Fix critical bug in help message
This issue could lead to serious conditions in case user
would list policies instead of erasing them.
Change-Id: I429c89ce1193bcd6b7073cf8d6108e2cd08a62da
Aleksander Zdyb [Wed, 20 May 2015 10:55:23 +0000 (12:55 +0200)]
Fix critical bug in file description
The misspelling could lead to serious misunderstanding
of provided documentation.
Change-Id: I4d8bb13fc7e2e3de45e909c982b8abc24da552ee
Lukasz Wojciechowski [Tue, 12 May 2015 17:48:38 +0000 (19:48 +0200)]
Fix ChsgenCommandlineTest.noFile after chsgen changed
Patch 7d35fb4 fixed build of chsgen by removing dependency on
Cynara Exceptions. Instead of Cynara Exceptions generic exceptions
are thrown and generic error code is returned in case of failure.
This patch fixes chsgen test that expected more detailed error code
and slightly different error message.
Change-Id: Ic0a2090fb28d773ce4af3264eb600168cef1a69c
Rafal Krypa [Thu, 7 May 2015 08:55:53 +0000 (10:55 +0200)]
Install stuff from CMake, not from Tizen spec file
Move to CMake installation of the following components:
- creds.conf configuration file
- db* directories for tests
- empty_db directory for tests
- plugin/client and plugin/service directories for loadable plugins
- creation of /var/cynara directory (and move its Smack labeling to manifest)
Change-Id: I00d3d853715f57d1b3cde94e7d665281e264432a
Lukasz Wojciechowski [Fri, 8 May 2015 13:07:58 +0000 (15:07 +0200)]
Fix debug build of chsgen
Debug build break was caused by usage of Cynara Exceptions
that use LOG macros, that in debug mode use Backtrace information.
We cannot link chsgen (a part of migration tool)
with libcynara-commons that provides implementation for Backtrace
because one of migration tool design concept is that it cannot rely
on cynara's libraries, because it is used in time, when cynara packages
are installed, upgraded, downgraded, removed.
That is instead of CynaraExceptions std::runtime_error is used.
Change-Id: Id5447ca769f0bbef19a2f1f216bc672653e736be
Rafal Krypa [Wed, 29 Apr 2015 15:43:13 +0000 (17:43 +0200)]
tests: fix test errors found with current gmock/gtest
Some tests fail to build using up to date gmock and gtest
(newer than in Tizen). Fixes are simple:
- properly cast numeric constants when they are compared against
unsigned types
- use EXPECT_TRUE/EXPECT_FALSE instead of EXPECT_EQ with bool
literal. EXPECT_EQ(false, ...) is known to fail
(e.g. https://code.google.com/p/chromium/issues/detail?id=139326)
Change-Id: I75d0cd4adb2d68af67d06a0630980ad5cb2cbdfc
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Wojciechowski [Wed, 6 May 2015 15:36:51 +0000 (17:36 +0200)]
Fix client libraries API documentation
Change-Id: I68064d554eb95241ba296267aca52bdf9e7119c9
Rafal Krypa [Thu, 7 May 2015 13:04:41 +0000 (15:04 +0200)]
Fix string serialization bug on big-endian machines
Function serializing string first converted its size to little-endian and
then used the converted value as actual size. This could have worked only
on little-endian machines and could cause undefined behaviour on big-endian.
Change-Id: Ica742b1d33b14e056f8c2322e39ffd7371e7ae14
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Wojciechowski [Fri, 8 May 2015 08:39:36 +0000 (10:39 +0200)]
Fix bad define for SOCKET_DIR
Change-Id: I7e8059dc187580b653e6b4e7821797cfe392e15c
Rafal Krypa [Mon, 4 May 2015 13:02:54 +0000 (15:02 +0200)]
Rework configuration of installation and run-time paths
- Don't rely on values defined in Tizen spec
- Define all used paths in top-level CMake
- Use same definitions for installation and run-time paths
- Pass paths definitions from CMake to compiler
- Unify naming, use "dir" instead of mixed "dir" and "path"
- Use names and descriptions similar to those in autotools
- Handle all paths in single source file - PathConfig.cpp
- Fix default statePath (/var/lib/cynara => /var/cynara)
- Properly use %{_bindir} and %{_unitdir} in spec
- Fix hard-coded /var/cynara path in cynara-db-migration
Change-Id: Ie28d9291bc396f89214e3555606846c4a9b7bcbc
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Patrick Ohly [Mon, 23 Mar 2015 12:32:04 +0000 (05:32 -0700)]
systemd: stop using compat libs
libsystemd-journal and libsystemd-daemon are considered obsolete
in systemd since 2.09 and may not be available (not compiled
by default).
The cynara code works fine with the current libsystemd, so just
use that.
Change-Id: I50f971f41a65a1e679ff9b7ca760f6d5f7c5c9d9
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Rafal Krypa [Wed, 29 Apr 2015 15:36:22 +0000 (17:36 +0200)]
tests: fix typo: memeory => memory
Change-Id: Idfeab99deabcd6ff0356f38ae31263b90bc66941
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Aleksander Zdyb [Wed, 29 Apr 2015 10:07:31 +0000 (12:07 +0200)]
Fix critical bug in LICENSE file
The bug could lead to critical legal issues and
in certain conditions render whole Cynara unusable
in some environments.
Change-Id: Ie4db2471619085e2ba37929c47f670bbde3c8c3e
Rafal Krypa [Wed, 29 Apr 2015 15:16:54 +0000 (17:16 +0200)]
CMake: optimize checking for C++11/C++0x compiler support
Check for C++0x only when test for C++11 failed
Change-Id: Ia02f110a59e2d063bcd48957a1cc59d75279969c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Lukasz Wojciechowski [Mon, 27 Apr 2015 18:37:44 +0000 (20:37 +0200)]
Fix closing database directory descriptor
Directory stream received from opendir() function wasn't closed
with proper closedir() function.
This patch fixes this bug.
Change-Id: Ie2a3efb55546251c12a1112861db767595bc374f
Lukasz Wojciechowski [Thu, 23 Apr 2015 17:15:03 +0000 (19:15 +0200)]
Add demonization code to cynara
Cynara run with option -d can now demonize itself.
It can also set umask and change user and group.
Change-Id: I4453a964cf5aed5fd071b065a93552c9b4176673
Lukasz Wojciechowski [Thu, 23 Apr 2015 15:40:37 +0000 (17:40 +0200)]
Enhance cynara commandline parameters
Now cynara can get additional command line parameters:
-d, --daemon > for daemonization
-m, --mask > for setting umask
-u, --user > for changing uid
-g, --gid > for changing group
Additional unit tests covering parsing these parameters were added.
So far additinal options do nothing. Following patches will make
use of parsed options.
Change-Id: I3bcc678ed66e5e2659078711f4f33445e3556c45
Lukasz Wojciechowski [Tue, 21 Apr 2015 18:26:32 +0000 (20:26 +0200)]
Explicitly show usage of base virtual methods
Show compiler that we want to have all execute() virtual methods defined
in base classes, not only overloaded ones.
Change-Id: Ib43e61d4db2bee5ad5e8285bc0b2767774642264
Lukasz Wojciechowski [Tue, 21 Apr 2015 18:19:37 +0000 (20:19 +0200)]
Fix issues warned by compiler
Compiler warned about potential misuse of = operator in
src/client-async/logic/Logic.cpp file. It was intentional.
Additional brackets are used to supress compiler warning.
Compiler warned about unused returned value of flock() function
in src/common/lock/FileLock.cpp file. (void) casting is used
to stress that returned value should be ignored.
Change-Id: Ia986b5f66c58a7366eaca562a6325c1fc99ac033
Lukasz Wojciechowski [Tue, 21 Apr 2015 18:16:12 +0000 (20:16 +0200)]
Remove unused m_registered field from agent's Logic
Private field m_registered of Logic class in libcynara-agent was never used.
It was initialized in constructor.
Field was removed by this patch.
Change-Id: Id8ffaede37911bbad9ebb8b7d12d95120c6284cb
Lukasz Wojciechowski [Fri, 17 Apr 2015 19:19:06 +0000 (21:19 +0200)]
Make compilation with systemd configurable
All places where cynara is dependent on systemd are compiled
conditionaly if BUILD_WITH_SYSTEMD is defined.
Cmake checks if systemd packages are available and sets this flag.
Change-Id: I0c0a3fb1601a556131b1ae60ef29131fd483e955
Lukasz Wojciechowski [Fri, 17 Apr 2015 19:00:22 +0000 (21:00 +0200)]
Secure logs format string
This patch makes compilers happy. Some of them complain,
if -werror=format-security flag was enabled about insecure format
string, that is created using stringstream.
This patch defines own format string "%s" if there are no additional
parameters except format string passed to LOGX macros.
The drawback of this solution is that usage of %m is not supported
if there are no additional arguments to LOG (beside format message).
Change-Id: I2d4ab5a07d170c85f162a5f59cb63ecbfb56fec6
Lukasz Wojciechowski [Fri, 17 Apr 2015 18:46:53 +0000 (20:46 +0200)]
Define cynara's version in CMakeLists.txt
Version of cynara was previously defined in spec file.
Moving it to CMakeLists.txt will allow cynara to always know its version,
even if it is build manually with cmake.
Change-Id: Ie2ff6fa724d69021c6ec0079cd155f65f191eb1e
Lukasz Wojciechowski [Fri, 17 Apr 2015 18:15:40 +0000 (20:15 +0200)]
Add missing includes
In few files there were missing includes for cstdint and cstring.
Change-Id: I3e3b62b7ebc02f895b6bb6e57fd096a80f00c4e5
Jacek Bukarewicz [Tue, 14 Apr 2015 12:43:06 +0000 (14:43 +0200)]
Release version 0.8.0
Change-Id: Iac0bab698999aa4d9b0f12b707cd139aee02177d
Jacek Bukarewicz [Fri, 10 Apr 2015 14:06:46 +0000 (16:06 +0200)]
Introduce 'default' method type for credential helpers
Default method type will be translated to a proper method read
from configuration file.
Change-Id: I7e37a6af62b8c7d3612863c3de0fe849c7112787
Jacek Bukarewicz [Fri, 10 Apr 2015 13:58:57 +0000 (15:58 +0200)]
Cache default method types for obtaining peer credentials
Default method types for obtaining user and client strings are stored in
configuration file. Typically, these values are not going to be changed
dynamically so they can be cached.
Change-Id: Id2d74af29f43eb565f563d65fa7115dd762ede8d
Lukasz Wojciechowski [Thu, 9 Apr 2015 12:01:27 +0000 (14:01 +0200)]
Release 0.7.0
Change-Id: Ifa294433e443de20b3c05e3718a73a7de3195d2e
Jacek Bukarewicz [Wed, 8 Apr 2015 16:27:01 +0000 (18:27 +0200)]
Cynara helpers for gdbus
Change-Id: I3684754bdb0a7b26ea9bfd3b13027f2ef78c6704
Jacek Bukarewicz [Wed, 8 Apr 2015 09:17:46 +0000 (11:17 +0200)]
Add missing dependencies in spec and pc files
Change-Id: Id88a48053904308fdb9873d312165303ef4ccf89
Zofia Abramowska [Mon, 16 Mar 2015 16:53:15 +0000 (17:53 +0100)]
Remove shared_ptr from storage/parsers
Remove unnecessary shared pointer parameters/memebers from
storage/serialization where no shared ownership takes place
Change-Id: I5292058da94180d3f7ebd19cf6c464d84b56b862
Zofia Abramowska [Mon, 16 Mar 2015 15:46:59 +0000 (16:46 +0100)]
Fix loops on streams
Checking eof bit of stream will cause one invalid read as this bit
is only set after first attempt to read after end of file.
Change-Id: I79f936e6e4e7b7862c507f47f4d8788b033e2062
Zofia Abramowska [Mon, 9 Mar 2015 12:28:28 +0000 (13:28 +0100)]
Remove shared_ptr from logic/clients
Remove shared_ptr members and arguments from Logic* Socket* classes,
where no shared ownership takes place.
Change-Id: I0fa3594c2acdb5468d324890d475e7bbd56ccbfe
Zofia Abramowska [Fri, 6 Mar 2015 17:13:53 +0000 (18:13 +0100)]
Remove self parameter from requests/responses
Remove 'self' argument from Request/Responses methods,
us 'this' instead.
Change-Id: I46621a8a26d204399365330f9732815833e2ba73
Zofia Abramowska [Thu, 5 Mar 2015 14:06:40 +0000 (15:06 +0100)]
Removal of unnecesary shared_ptr in requests/responses
Change arguments from shared_ptr to references for Request*,
Response* class methods where no shared ownership takes place.
Change-Id: I46d04d24d95df1f5b1844284e5a218d2946935fb
Lukasz Wojciechowski [Fri, 13 Mar 2015 14:26:12 +0000 (15:26 +0100)]
Release 0.6.1
Change-Id: Ib59402d97908d7799599031b1923e74fd875383f
Jacek Bukarewicz [Wed, 11 Mar 2015 17:02:33 +0000 (18:02 +0100)]
Relabel database files when offline admin API modifies database
Change-Id: I5226adcbc969114773bb40c129ecf11b270418e5
Lukasz Wojciechowski [Fri, 13 Mar 2015 16:01:24 +0000 (17:01 +0100)]
Quick fix remove PathConfig dependency in chsgen
Change-Id: I35d4336dd317e724b787fb7206b13089e50a490e
Lukasz Wojciechowski [Fri, 13 Mar 2015 14:12:05 +0000 (15:12 +0100)]
Quick fix of database migration
During upgrade of downgrade of cynara package "from version"
is always set to 0.0.0 and is ignored in migration tool.
Migration tool always tries to do generate or remove checksum files
whichever is needed due to NEW_VERSION. OLD_VERSION is ignored
during database migration.
Change-Id: I1141c7c6f15f3a11bd740330995a5bf1bae45db0
Lukasz Wojciechowski [Fri, 13 Mar 2015 13:48:04 +0000 (14:48 +0100)]
Add missing packages dependencies
Change-Id: I1b826c6b430b39bf8883c2d04e04e2cf6330b24a
Lukasz Wojciechowski [Fri, 13 Mar 2015 13:33:16 +0000 (14:33 +0100)]
Log chsgen errors to stderr instead of journal
This patch allows not to use libcynara-commons in chsgen
anymore.
Change-Id: I051b9a300c19c2f99228573d6e30ea8a1af2f323
Lukasz Wojciechowski [Fri, 13 Mar 2015 12:53:57 +0000 (13:53 +0100)]
Add missing dependency on findutils
Migration tool uses "find" command but did not require findutils package.
This patch adds proper dependency.
Change-Id: Ie91ef7019c25557349748df9e719aa932f469a02
Lukasz Wojciechowski [Fri, 13 Mar 2015 12:47:56 +0000 (13:47 +0100)]
Add test checking migration dependency on cynara libs
Verify if cynara-db-chsgen depends on libcynara* libraries
Change-Id: I56c02c0c97d079fb0f0eb064ca0c7fd4053caba6
Lukasz Wojciechowski [Mon, 9 Mar 2015 15:54:27 +0000 (16:54 +0100)]
Release 0.6.0
Change-Id: Ia5c5029289dec6653262885b5095221abc63b2d5
Lukasz Wojciechowski [Tue, 3 Mar 2015 13:26:11 +0000 (14:26 +0100)]
Fix bug in receiving requests in libcynara-agent
Method AgentSocketClient::receiveResponseFromServer should hang
until it can return a request received from cynara service.
However a single read from socket can read more than one request.
Received requests are queued.
Code did not check if there is a valid request read and queued
previously, but always tried to read from socket.
Fix changes order - so now code first checks queue and only in case,
when there is no valid request waiting a socket is read.
Change-Id: I845cd677700e516f252a8958b97ee8facb82170f
Zofia Abramowska [Wed, 25 Feb 2015 17:38:10 +0000 (18:38 +0100)]
Add implementation of simple asynch check
Add implementation in api and logic layers.
Protocol layer is shared with synchronous client.
Change-Id: Ic8ade619756cb7e0893e3da25a5452e1bf3b0994
Zofia Abramowska [Tue, 24 Feb 2015 19:29:29 +0000 (20:29 +0100)]
Add description of simple check request in asynch API
Change-Id: I63e3da83cb2cc8284b3c56ce52f88a85b6feac90
Aleksander Zdyb [Mon, 2 Mar 2015 11:30:03 +0000 (12:30 +0100)]
Link cynara-creds-commons with cynara-common
This is needed because cynara-creds-commons use logging.
Change-Id: If9575313081b9a252d5f711f11f396cdd8eeebd3
Aleksander Zdyb [Thu, 15 Jan 2015 10:27:42 +0000 (11:27 +0100)]
Add tests utilizing short command-line options
The tests are automagically generated from their
longer sisters' bodies.
Change-Id: I1e50314ddee74aaaba42dc29a04c26f237128996
Pawel Wieczorek [Tue, 3 Mar 2015 11:36:13 +0000 (12:36 +0100)]
Handle database corruption
Loading database from storage is now moved to logic layer.
InMemoryStorageBackend throws DatabaseCorruptedException to trigger
corrupted state toggle when database corruption is detected.
Tests which involved database to enter corrupted state were updated.
Change-Id: I0df8c38322b4478abb8c6d18c0805f97cfa45161
Pawel Wieczorek [Tue, 3 Mar 2015 11:35:48 +0000 (12:35 +0100)]
Handle information about database corruption
DatabaseCorruptedException will be thrown to inform about database
corruption. This may be handled directly (OfflineLogic) or through
responses returned from service logic (OnlineLogic).
In both cases proper error code should be returned:
CYNARA_API_DATABASE_CORRUPTED (introduced in this patch).
Change-Id: Idbafcf241c6689dadd3c5a7f25adc4629ea7cffd
Pawel Wieczorek [Wed, 4 Feb 2015 14:05:30 +0000 (15:05 +0100)]
Prepare service for database corruption handling
When database corruption is detected, no administrative actions are
allowed and all responses to check requests are DENY. Administrative API
has to be informed about detected corruption. This patch modifies
protocol so that this information is passed.
Unit tests are also adjusted to the protocol changes this patch
introduces.
Change-Id: If3ab5d6ca1671167890956b986a4768cc828f3f5
Pawel Wieczorek [Thu, 15 Jan 2015 09:53:18 +0000 (10:53 +0100)]
Adjust InMemoryStorageBackend to ChecksumStream
Now InMemoryStorageBackend uses ChecksumStream instead of std::ofstream.
New member function dumpDatabase() was introduced in order to destruct
database index stream before calling integrity mechanism.
Change-Id: I5ea943e1ec21f02cea97699993ddbd0f3eeb0a62
Pawel Wieczorek [Tue, 23 Dec 2014 16:18:16 +0000 (17:18 +0100)]
Adjust InMemoryStorageBackend to ChecksumValidator
InMemoryStorageBackend uses ChecksumValidator as a checksum loader and
comparator. This patch also includes files needed by storage unit tests
to work properly.
Change-Id: I541975351275bd6a30e7cf627697c9657161312f
Pawel Wieczorek [Thu, 15 Jan 2015 07:19:15 +0000 (08:19 +0100)]
Introduce ChecksumStream
ChecksumStream will replace std::ofstream for saving database contents
in storage. This way data will be not only written to the files, but
also its checksums will be computed and stored in given stream (database
index equivalent for storing checksums).
Checksum computing is performed during stream destruction in order to be
sure that all necessary data was already collected.
Change-Id: I4a9ff2e29361f337cacd790d77364feca854a706
Pawel Wieczorek [Mon, 12 Jan 2015 14:01:54 +0000 (15:01 +0100)]
Make StorageSerializer a template class
This patch modifies StorageSerializer so that it will be able to use
other streams than std::ostream and its derivatives. Within current
class hierarchy custom output streams with overloaded insertion operator
(operator<<) cannot be used, as it is non-virtual in std::ostream.
Change-Id: I3e713329c55aacfbb8daa23a5c4579d4c5db9f52
Pawel Wieczorek [Tue, 27 Jan 2015 10:47:19 +0000 (11:47 +0100)]
Add tests for ChecksumValidator
Add tests checking if ChecksumValidator properly:
* generates checksums,
* loads them or rejects corrupted records,
* supports backup files.
Change-Id: I2e4222283cc0676490134819561824df6661034f
Pawel Wieczorek [Tue, 23 Dec 2014 13:53:59 +0000 (14:53 +0100)]
Introduce ChecksumValidator
ChecksumValidator computes checksums for every file listed in checksum
index equivalent using crypt(3). As a result, base64-like (custom
alphabet) encoded strings are produced and compared with last known
corresponding digest. Its 4-character prefix indicates used algorithm.
Class will be later used as an integrity mechanism extension.
Change-Id: Ibaba636bae30c747e8eac5561e9b130d4398518e
Pawel Wieczorek [Thu, 26 Feb 2015 13:39:39 +0000 (14:39 +0100)]
Fix basename() usage in ChecksumGenerator
Contents of a string passed to basename() as an argument may be modified
(it depends on implementation). In order not to perform unexpected
changes, duplicate of given string is passed to basename().
Change-Id: Ib783629160f9528a6054dd0f78b9ebd5e6870fb6
Pawel Wieczorek [Mon, 22 Dec 2014 15:18:41 +0000 (16:18 +0100)]
Modify RecordCorruptedException class hierarchy
So far there was only one type of record Cynara could read from its
database. If any corruption was detected, BucketRecordCorruptedException
was thrown.
Now database will contain information about not only buckets and
policies, but also some metadata for them (in this case - checksums).
Need for exception superclass for handling corrupted records emerged.
Patch modifies exception class hierarchy and adds new exception type:
ChecksumRecordCorruptedException.
Change-Id: I3af6bd20b57e17ec31d766f138595920c7a413bd
Pawel Wieczorek [Fri, 27 Feb 2015 09:50:52 +0000 (10:50 +0100)]
Remove unwanted pointers (InMemoryStorageBackend)
Using pointers to helper classes (Integrity and, in future,
ChecksumValidator) is unnecessary and undesired. However, this forces
removal of InMemoryStorageBackend default constructor, as it cannot
initialize its helpers with valid arguments.
This patch also adjusts tests to the new constructor set and removes no
longer used typedef.
Change-Id: If0a41a75c16be6d55bdf3841ddb5190c388968af
Pawel Wieczorek [Fri, 5 Dec 2014 14:26:24 +0000 (15:26 +0100)]
Extend ignored files list in integrity mechanism
Integrity mechanism will not remove file containing checksums even
though it is not listed in database index.
Change-Id: I1e587ecdad5abff47d78362394cc0ecdb1ecd4c4
Pawel Wieczorek [Tue, 24 Feb 2015 14:58:42 +0000 (15:58 +0100)]
Add tests for migration tool
Change-Id: I2bdd88cd07646896b75ea36e7776b7fa1a449bd8
Pawel Wieczorek [Fri, 16 Jan 2015 10:16:56 +0000 (11:16 +0100)]
Add support for checksums to migration tool
This patch also adds downgrade option to the migration tool.
Change-Id: If6a443172d52a78e8bfbf732e7eca38cb37f886f
Pawel Wieczorek [Mon, 9 Feb 2015 14:37:57 +0000 (15:37 +0100)]
Add comparator for Semantic Versioning
Change-Id: I73b273465995b6246d20179395bdff1b4d1941f2
Pawel Wieczorek [Wed, 11 Feb 2015 15:00:12 +0000 (16:00 +0100)]
Refactorize migration tool
This refactoring run deals with:
* unintuitive naming,
* late input validation,
* passing only parts of input during option parsing,
* unconsistent comments.
Additionally, this patch:
* adds possiblity to install database in a custom directory,
* removes possibility of removing whole Cynara's state directory during
deinstallation - now only database is removed by migration tool.
Change-Id: I59e429d93812861ca9c32f201ed0056f753cbc25
Pawel Wieczorek [Wed, 18 Feb 2015 12:23:54 +0000 (13:23 +0100)]
Add tests for ChecksumGenerator (chsgen)
This patch adds tests for calling "cynara-db-chsgen" executable.
Following call scenarios are checked:
* no filename,
* create checksum records for primary database contents,
* create checksum records for backup database contents.
Change-Id: I398f6865610598ab558b22a9cf3cdc620dc057b8
Pawel Wieczorek [Fri, 16 Jan 2015 14:38:05 +0000 (15:38 +0100)]
Introduce ChecksumGenerator (chsgen)
A commandline-tool for computing checksums for Cynara's database
contents.
Change-Id: Iaddf799b84b82562734275991561ea0091852f2d
Pawel Wieczorek [Wed, 18 Feb 2015 14:36:33 +0000 (15:36 +0100)]
Fix InMemoryStorageBackend unit tests
One of InMemoryStorageBackend unit tests - load_from_backup from
InMemeoryStorageBackendFixture group - gave inconclusive results. After
first execution of "cynara-tests" some contents of CYNARA_TESTS_DIR/db6
were removed. It was caused by insufficient mocking in
FakeInMemoryStorageBackend class.
This patch removes performing changes on filesystem from this test. It
also adjusts Integrity class to new PathConfig::StoragePath contents in
order to simplify its usage.
Change-Id: Ic5206ad337269996615ce36d60105b9c4ac32314
Pawel Wieczorek [Mon, 12 Jan 2015 12:45:21 +0000 (13:45 +0100)]
Move bucket separators to PathConfig::StoragePath
This patch removes both bucket separators - for fields as well as for
records - from StorageSerializer. To this point they could be accessed
using provided static member functions. This is no longer possible, as
StorageSerializer has to be rewritten using templates.
Change-Id: Ib010bd0b125a1a93da9983d9bdd7b8f75cbbc191
Pawel Wieczorek [Thu, 4 Dec 2014 10:45:40 +0000 (11:45 +0100)]
Move storage consts to PatchConfig::StoragePath
Put all default values of Cynara storage consts into config namespace.
Change-Id: If0bfaca58708b575bfada41448f000272e54182e
Pawel Wieczorek [Wed, 12 Nov 2014 17:02:34 +0000 (18:02 +0100)]
Move migration tool to its parent directory
This patch drops creation of additional directory "cynara" in /usr/sbin.
According to FHS, there must not be placed any directories. Migration
scripts will get common prefix ("cynara-db-") and will be placed there
directly.
What is more, regardless of its actual contents, no executable in
/usr/sbin has file extension. This patch removes extension from main
migration tool script.
Change-Id: I4f5ccbf1e86815d4b4aa4e785dc01d8188d90fd5
Pawel Wieczorek [Wed, 4 Feb 2015 11:11:19 +0000 (12:11 +0100)]
Modify version check during package upgrade
Cynara has to determine its currently installed version during package
upgrade. Doing RPM queries from inside install-time scripts isn't
recommended. Necessary information is obtained from Cynara's version
information.
However, not all Cynara releases provided mechanism of reporting its
version. In case of lack of it, following fallback mechanism is
provided: version information is extracted from a name of a file that
Cynara depends on, which currently is
"<libdir>/libcynara-commons.so.<version>".
Change-Id: I5c9a2abf123d91a32513980e3f9c24112d59547c
Pawel Wieczorek [Tue, 17 Feb 2015 09:28:02 +0000 (10:28 +0100)]
Add tests for version reporting
This patch adds tests for calling main Cynara executable with additional
options. Following call scenarios are checked (both long and short
options):
* print version,
* print help,
* unknown option.
Change-Id: Ibab5d7a081fd1da8b98a59c9a242fd17725cd400
Pawel Wieczorek [Wed, 21 Jan 2015 13:12:42 +0000 (14:12 +0100)]
Add version information to the main executable
In order to comply with GNU Coding Standards for command-line
interfaces, Cynara has to report its current version.
Cynara now responds to two command-line options:
* -V, --version prints installed version of Cynara,
* -h, --help prints help message.
Change-Id: I386a09d00f1542cbff8db6a4b9eb2ac9a7fab9fb
Pawel Wieczorek [Tue, 17 Feb 2015 15:29:15 +0000 (16:29 +0100)]
Add quiet fixture for commandline tests
This patch introduces fixture which suppresses printing output to
std::cout or std::cerr. Data is redirected to temporary buffers and
accessible from there.
Change-Id: Ia1b8b240be95d1d672a56cd9eaf6e13320bb375b
Pawel Wieczorek [Mon, 16 Feb 2015 16:14:12 +0000 (17:14 +0100)]
Make commandline tests fixture more generic
CyadCommandlineTest fixture can be reused for tests of Cynara's
commandline interface (and others, if necessary). Its functionality is
now moved to BaseCommandlineTest fixture.
Commons for tests will be placed in "test-common", because name "common"
was already taken - it's a place for storing tests of Cynara's commons.
Change-Id: I57a5c894ed03ee349a30dae922ec669003eaac5c
Aleksander Zdyb [Mon, 12 Jan 2015 12:01:24 +0000 (13:01 +0100)]
Add performance tests for InMemoryStorageBackend
Methods of InMemoryStorageBackend::hasBucket()
and InMemoryStorageBackend::createBucket() are checked
against possible performance issues.
Change-Id: I0f65b77cab6ae88f62a495f0e34c38e391c61773
Adam Malinowski [Thu, 12 Feb 2015 14:39:53 +0000 (15:39 +0100)]
Fix (de)serializing sizes of strings & containers
Additionally fix (de)serializing bool as its size is implementation
specific and remove unused code.
Change-Id: I5389b2191b827a2da5dfe0d967064b10ca9d4a73
Adam Malinowski [Fri, 6 Feb 2015 08:58:02 +0000 (09:58 +0100)]
Introduce logging of privilege checks (AUDIT)
Added functionality saves privilege checking responses in systemd
journal. Such entries may be filtered using CYNARA_LOG_TYPE=AUDIT
field. Logging depends on configuration based on environment variable
CYNARA_AUDIT_LEVEL which may take one of following values:
* NONE - nothing will be saved
* DENY - only DENY responses will be saved (DEFAULT behaviour)
* ALLOW - only ALLOW respones will be saved
* OTHER - other policy types e.g. plugin specific
* ALL - all above responses will be saved
Change-Id: Iaa46f3c579660784ffe5edc0c2120b822fb0061a
Aleksander Zdyb [Mon, 9 Feb 2015 12:30:26 +0000 (13:30 +0100)]
Support human-readable policy type names
Policy type is no longer parsed in CyadCommandlineParser,
but rather forwarded to CommandsDispatcher in raw form.
Apparent small feature, but required changes across many
layers. Refactoring of CyadCommandlineDispatcherTest was
needed in order to apply fixes to tests.
Change-Id: I9528554afdb5c0747c3f9ef550bf3362cd8c8084
Aleksander Zdyb [Mon, 2 Feb 2015 13:11:47 +0000 (14:11 +0100)]
Print error messages to stderr in Cyad
Every dispatched command checks return value from Cynara API
and prints possible error message using cynara_strerror() function.
Call to cynara_strerror() is not of course subject to above
check & print routine.
Change-Id: I008d1fbd592061646478b47be8ae53bbc408cb1b
Aleksander Zdyb [Thu, 22 Jan 2015 10:25:00 +0000 (11:25 +0100)]
Add API description of cynara_strerror()
Introduce new API call of cynara_strerror() used to obtain error
message from error number.
Change-Id: Ibd5b5a2af700a04fe8b3bfea8fde715b17db3a61
Zofia Abramowska [Thu, 12 Feb 2015 16:39:21 +0000 (17:39 +0100)]
Fix pluginCheck in service logic
Change-Id: I835c471b38756a9d3cee1ddfe4c4b90591744aa4
Zofia Abramowska [Tue, 10 Feb 2015 15:53:39 +0000 (16:53 +0100)]
Add client protocol side implementation of simple check
Change-Id: I379bf96ac664827d89379b1df36d903864749a4b
Zofia Abramowska [Mon, 9 Feb 2015 15:14:34 +0000 (16:14 +0100)]
Add logic side implementation of simple check
Add implementation of client and service logic side implementation
of simple check API and request and response handling.
Change-Id: Ie59fb86e20fae383196025580b164c15e855bc62
Zofia Abramowska [Tue, 10 Feb 2015 15:21:42 +0000 (16:21 +0100)]
Create request and response types for simple check client API call
Create SimpleCheckResponse and SimpleCheckRequest.
Change-Id: I75796fb035ac9dfd5ecbe1e8bfc68d37a55ba6f4
Zofia Abramowska [Tue, 3 Feb 2015 13:13:40 +0000 (14:13 +0100)]
Add new cynara_simple_check synchronous client API
New API description put in synchronous client header.
New return code added - CYNARA_API_ACCESS_NOT_RESOLVED.
Mockup function to Logic added.
Change-Id: I57968b3e17cf70c3b294af1faf8158e265ffe2b6
Zofia Abramowska [Tue, 3 Feb 2015 12:02:26 +0000 (13:02 +0100)]
Fix possible memory leaks in Logic initialization
Change for:
* client logic
* client-async logic
* admin logic
* agent logic
Change-Id: Ie2f4db0324652a24d1e4755a888fff4e713eac8c
Zofia Abramowska [Wed, 14 Jan 2015 13:06:07 +0000 (14:06 +0100)]
Add logic implementation of configuration
Add optional configuration parameter to client logic creation.
Change-Id: I66091d539b66803e069bcf7c6223017cc5e65e39
projects / platform / core / security / cynara.git / log