SetPolicies(policies);
}
+void CynaraAdmin::UserInit(uid_t uid, security_manager_user_type userType)
+{
+ Bucket bucket;
+ std::vector<CynaraAdminPolicy> policies;
+
+ switch (userType) {
+ case SM_USER_TYPE_SYSTEM:
+ bucket = Bucket::USER_TYPE_SYSTEM;
+ break;
+ case SM_USER_TYPE_ADMIN:
+ bucket = Bucket::USER_TYPE_ADMIN;
+ break;
+ case SM_USER_TYPE_GUEST:
+ bucket = Bucket::USER_TYPE_GUEST;
+ break;
+ case SM_USER_TYPE_NORMAL:
+ bucket = Bucket::USER_TYPE_NORMAL;
+ break;
+ case SM_USER_TYPE_ANY:
+ case SM_USER_TYPE_NONE:
+ case SM_USER_TYPE_END:
+ default:
+ ThrowMsg(CynaraException::InvalidParam, "User type incorrect");
+ }
+
+ policies.push_back(CynaraAdminPolicy(CYNARA_ADMIN_WILDCARD,
+ std::to_string(static_cast<unsigned int>(uid)),
+ CYNARA_ADMIN_WILDCARD,
+ Buckets.at(bucket),
+ Buckets.at(Bucket::MAIN)));
+
+ CynaraAdmin::getInstance().SetPolicies(policies);
+}
+
Cynara::Cynara()
{
checkCynaraError(
#include <vector>
#include <map>
+#include "security-manager.h"
+
namespace SecurityManager {
enum class Bucket
const std::vector<std::string> &oldPrivileges,
const std::vector<std::string> &newPrivileges);
+ /**
+ * Depending on user type, create link between MAIN bucket and appropriate
+ * USER_TYPE_* bucket for newly added user uid to apply permissions for that
+ * user type.
+ * @throws CynaraException::InvalidParam.
+ *
+ * @param uid new user uid
+ * @param userType type as enumerated in security-manager.h
+ */
+ void UserInit(uid_t uid, security_manager_user_type userType);
+
private:
CynaraAdmin();
struct cynara_admin *m_CynaraAdmin;
if (uid != 0)
return SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED;
- switch (userType) {
- case SM_USER_TYPE_SYSTEM:
- case SM_USER_TYPE_ADMIN:
- case SM_USER_TYPE_GUEST:
- case SM_USER_TYPE_NORMAL:
- break;
- default:
+ try {
+ CynaraAdmin::getInstance().UserInit(uidAdded, static_cast<security_manager_user_type>(userType));
+ } catch (CynaraException::InvalidParam &e) {
return SECURITY_MANAGER_API_ERROR_INPUT_PARAM;
}
-
- //TODO add policy information to cynara regarding user default privileges based on user_type
- (void) uidAdded;
- (void) userType;
-
return SECURITY_MANAGER_API_SUCCESS;
}