SECURITY_MANAGER_API
int security_manager_user_add(const user_req *p_req)
{
- //TODO
- (void) p_req;
- return SECURITY_MANAGER_ERROR_UNKNOWN;
+ using namespace SecurityManager;
+ MessageBuffer send, recv;
+ if (!p_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ return try_catch([&] {
+
+ //put data into buffer
+ Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_ADD));
+
+ Serialization::Serialize(send, p_req->uid);
+ Serialization::Serialize(send, p_req->utype);
+
+ //send buffer to server
+ int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
+ if (retval != SECURITY_MANAGER_API_SUCCESS) {
+ LogError("Error in sendToServer. Error code: " << retval);
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+
+ //receive response from server
+ Deserialization::Deserialize(recv, retval);
+ switch(retval) {
+ case SECURITY_MANAGER_API_SUCCESS:
+ return SECURITY_MANAGER_SUCCESS;
+ case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
+ return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
+ default:
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+ });
}
SECURITY_MANAGER_API
int security_manager_user_delete(const user_req *p_req)
{
- //TODO
- (void) p_req;
- return SECURITY_MANAGER_ERROR_UNKNOWN;
+ using namespace SecurityManager;
+ MessageBuffer send, recv;
+ if (!p_req)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ return try_catch([&] {
+
+ //put data into buffer
+ Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::USER_DELETE));
+
+ Serialization::Serialize(send, p_req->uid);
+
+
+ //send buffer to server
+ int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
+ if (retval != SECURITY_MANAGER_API_SUCCESS) {
+ LogError("Error in sendToServer. Error code: " << retval);
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+
+ //receive response from server
+ Deserialization::Deserialize(recv, retval);
+ switch(retval) {
+ case SECURITY_MANAGER_API_SUCCESS:
+ return SECURITY_MANAGER_SUCCESS;
+ case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED:
+ return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED;
+ default:
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+ });
}
APP_UNINSTALL,
APP_GET_PKGID,
APP_GET_GROUPS,
+ USER_ADD,
+ USER_DELETE,
};
} // namespace SecurityManager
*/
int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, std::unordered_set<gid_t> &gids);
+/**
+ * Process user adding request.
+ *
+ * @param[in] uidAdded uid of newly created user
+ * @param[in] userType type of newly created user
+ * @param[in] uid uid of requesting user
+ *
+ * @return API return code, as defined in protocols.h
+ */
+int userAdd(uid_t uidAdded, int userType, uid_t uid);
+
+/**
+ * Process user deletion request.
+ *
+ * @param[in] uidDeleted uid of removed user
+ * @param[in] uid uid of requesting user
+ *
+ * @return API return code, as defined in protocols.h
+ */
+int userDelete(uid_t uidDeleted, uid_t uid);
+
} /* namespace ServiceImpl */
} /* namespace SecurityManager */
return SECURITY_MANAGER_API_SUCCESS;
}
+int userAdd(uid_t uidAdded, int userType, uid_t uid)
+{
+ if (uid != 0)
+ return SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED;
+
+ switch (userType) {
+ case SM_USER_TYPE_SYSTEM:
+ case SM_USER_TYPE_ADMIN:
+ case SM_USER_TYPE_GUEST:
+ case SM_USER_TYPE_NORMAL:
+ break;
+ default:
+ return SECURITY_MANAGER_API_ERROR_INPUT_PARAM;
+ }
+
+ //TODO add policy information to cynara regarding user default privileges based on user_type
+ (void) uidAdded;
+ (void) userType;
+
+ return SECURITY_MANAGER_API_SUCCESS;
+}
+
+int userDelete(uid_t uidDeleted, uid_t uid)
+{
+ int ret = SECURITY_MANAGER_API_SUCCESS;
+ if (uid != 0)
+ return SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED;
+
+ //TODO remove policy information from cynara
+
+ /*Uninstall all user apps*/
+ std::vector<std::string> userApps;
+ try {
+ PrivilegeDb::getInstance().GetUserApps(uidDeleted, userApps);
+ } catch (const PrivilegeDb::Exception::Base &e) {
+ LogError("Error while getting user apps from database: " << e.DumpToString());
+ return SECURITY_MANAGER_API_ERROR_SERVER_ERROR;
+ }
+
+ for (auto &app: userApps) {
+ if (appUninstall(app, uidDeleted) != SECURITY_MANAGER_API_SUCCESS) {
+ /*if uninstallation of this app fails, just go on trying to uninstall another ones.
+ we do not have anything special to do about that matter - user will be deleted anyway.*/
+ ret = SECURITY_MANAGER_API_ERROR_SERVER_ERROR;
+ }
+ }
+
+ return ret;
+}
+
} /* namespace ServiceImpl */
} /* namespace SecurityManager */
* @param pid Process id in which application will be launched
*/
void processGetAppGroups(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid);
+
+ void processUserAdd(MessageBuffer &buffer, MessageBuffer &send, uid_t uid);
+
+ void processUserDelete(MessageBuffer &buffer, MessageBuffer &send, uid_t uid);
+
};
} // namespace SecurityManager
case SecurityModuleCall::APP_GET_GROUPS:
processGetAppGroups(buffer, send, uid, pid);
break;
+ case SecurityModuleCall::USER_ADD:
+ processUserAdd(buffer, send, uid);
+ break;
+ case SecurityModuleCall::USER_DELETE:
+ processUserDelete(buffer, send, uid);
+ break;
default:
LogError("Invalid call: " << call_type_int);
Throw(ServiceException::InvalidAction);
}
}
+void Service::processUserAdd(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
+{
+ int ret;
+ uid_t uidAdded;
+ int userType;
+
+ Deserialization::Deserialize(buffer, uidAdded);
+ Deserialization::Deserialize(buffer, userType);
+
+ ret = ServiceImpl::userAdd(uidAdded, userType, uid);
+ Serialization::Serialize(send, ret);
+}
+
+void Service::processUserDelete(MessageBuffer &buffer, MessageBuffer &send, uid_t uid)
+{
+ int ret;
+ uid_t uidRemoved;
+
+ Deserialization::Deserialize(buffer, uidRemoved);
+
+ ret = ServiceImpl::userDelete(uidRemoved, uid);
+ Serialization::Serialize(send, ret);
+}
+
} // namespace SecurityManager