Implement serialization of privilege mapping API

Change-Id: Ic57758eca88b97485d748ff73267ba23e04efd45

diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp
index 48b4594..308da19 100644 (file)
--- a/src/client/client-security-manager.cpp
+++ b/src/client/client-security-manager.cpp
@@ -26,6 +26,8 @@
  */
 
 #include <cstdio>
+#include <functional>
+#include <memory>
 #include <utility>
 
 #include <unistd.h>
@@ -979,6 +981,68 @@ void security_manager_policy_levels_free(char **levels, size_t levels_count)
     delete[] levels;
 }
 
+lib_retcode get_privileges_mapping(const std::string &from_version,
+                                   const std::string &to_version,
+                                   const std::vector<std::string> &privileges,
+                                   char ***privileges_mappings,
+                                   size_t *mappings_count)
+{
+    using namespace SecurityManager;
+    MessageBuffer send, recv;
+    Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::GET_PRIVILEGES_MAPPING));
+    Serialization::Serialize(send, from_version);
+    Serialization::Serialize(send, to_version);
+    Serialization::Serialize(send, privileges);
+
+    //send buffer to server
+    int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
+    if (retval != SECURITY_MANAGER_API_SUCCESS) {
+        LogError("Error in sendToServer. Error code: " << retval);
+        return SECURITY_MANAGER_ERROR_UNKNOWN;
+    }
+
+    //receive response from server
+    Deserialization::Deserialize(recv, retval);
+
+    switch(retval) {
+        case SECURITY_MANAGER_API_SUCCESS:
+            // success - continue
+            break;
+        case SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY:
+            return SECURITY_MANAGER_ERROR_MEMORY;
+        case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
+            return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+        default:
+            return SECURITY_MANAGER_ERROR_UNKNOWN;
+    }
+
+    unsigned int count;
+    Deserialization::Deserialize(recv, count);
+    LogInfo("Number of privilege mappings: " << count);
+    size_t i = 0;
+    auto free_mapping = std::bind(security_manager_privilege_mapping_free,
+                                  std::placeholders::_1, std::ref(i));
+    std::unique_ptr<char *[], decltype (free_mapping)> mappings_ptr(new char *[count], free_mapping);
+
+    for (; i < count; ++i) {
+        std::string privilege_mapping;
+        Deserialization::Deserialize(recv, privilege_mapping);
+        if (privilege_mapping.empty()) {
+            LogError("Unexpected empty privilege mapping");
+            return SECURITY_MANAGER_ERROR_UNKNOWN;
+        }
+
+        mappings_ptr.get()[i] = strdup(privilege_mapping.c_str());
+        if (mappings_ptr.get()[i] == nullptr)
+            return SECURITY_MANAGER_ERROR_MEMORY;
+    }
+
+    *privileges_mappings = mappings_ptr.release();
+    *mappings_count = count;
+
+    return SECURITY_MANAGER_SUCCESS;
+}
+
 SECURITY_MANAGER_API
 int security_manager_get_privileges_mapping(const char *from_version,
                                              const char *to_version,
@@ -987,16 +1051,30 @@ int security_manager_get_privileges_mapping(const char *from_version,
                                              char ***privileges_mappings,
                                              size_t *mappings_count)
 {
-    (void)to_version;
-    if (from_version == nullptr || privileges == nullptr ||
-            privileges_mappings == nullptr || mappings_count == nullptr || privileges_count == 0) {
+    if (from_version == nullptr || privileges_mappings == nullptr || mappings_count == nullptr) {
         return SECURITY_MANAGER_ERROR_INPUT_PARAM;
     }
-    return SECURITY_MANAGER_ERROR_UNKNOWN;
+    return try_catch([&] {
+        std::vector<std::string> privilegesToMap;
+        if (privileges != nullptr) {
+            privilegesToMap.reserve(privileges_count);
+            privilegesToMap.insert(privilegesToMap.end(), privileges, privileges + privileges_count);
+        }
+        if (to_version == nullptr)
+            to_version = "";
+        LogDebug("security_manager_get_privileges_mapping() called with :"
+                 " from_version = " << from_version << " to_version = " << to_version <<
+                 " privileges_count " << privilegesToMap.size());
+
+        return get_privileges_mapping(from_version, to_version, privilegesToMap,
+                                      privileges_mappings, mappings_count);
+
+    });
 }
 SECURITY_MANAGER_API
 void security_manager_privilege_mapping_free(char **privileges_mappings, size_t mappings_count)
 {
-    (void)privileges_mappings;
-    (void)mappings_count;
+    for(size_t i = 0; i < mappings_count; i++)
+        free(privileges_mappings[i]);
+    delete [] privileges_mappings;
 }

diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h
index 412db07..c0caf45 100644 (file)
--- a/src/common/include/protocols.h
+++ b/src/common/include/protocols.h
@@ -136,6 +136,7 @@ enum class SecurityModuleCall
     GET_CONF_POLICY_ADMIN,
     GET_CONF_POLICY_SELF,
     POLICY_GET_DESCRIPTIONS,
+    GET_PRIVILEGES_MAPPING,
     NOOP = 0x90,
 };
 

diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h
index 765d0d0..371d5fd 100644 (file)
--- a/src/server/service/include/service.h
+++ b/src/server/service/include/service.h
@@ -137,10 +137,19 @@ private:
     /**
      * Process getting policies descriptions as strings from Cynara
      *
+     * @param  recv   Raw received data buffer
      * @param  send   Raw data buffer to be sent
      */
     void processPolicyGetDesc(MessageBuffer &send);
 
+    /**
+     * Process getting privileges mapping. This retrieves and sends to clinet vector of privileges
+     * which are mapped to given privileges between two given privilege versions.
+     *
+     * @oaran  send   Raw data buffer to be sent
+     */
+    void processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send);
+
 };
 
 } // namespace SecurityManager

diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp
index a8ff402..7c39bf8 100644 (file)
--- a/src/server/service/service.cpp
+++ b/src/server/service/service.cpp
@@ -154,6 +154,9 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer,
                 case SecurityModuleCall::POLICY_GET_DESCRIPTIONS:
                     processPolicyGetDesc(send);
                     break;
+                case SecurityModuleCall::GET_PRIVILEGES_MAPPING:
+                    processPrivilegesMappings(buffer, send);
+                    break;
                 default:
                     LogError("Invalid call: " << call_type_int);
                     Throw(ServiceException::InvalidAction);
@@ -335,4 +338,18 @@ void Service::processPolicyGetDesc(MessageBuffer &send)
     }
 }
 
+void Service::processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send)
+{
+    std::vector<std::string> privileges;
+    std::string version_from, version_to;
+    Deserialization::Deserialize(recv, version_from);
+    Deserialization::Deserialize(recv, version_to);
+    Deserialization::Deserialize(recv, privileges);
+
+    int ret = SECURITY_MANAGER_API_SUCCESS;
+    std::vector<std::string> mappings;
+    Serialization::Serialize(send, ret);
+    Serialization::Serialize(send, mappings);
+}
+
 } // namespace SecurityManager