This function returns array of groups bound to privileges.
It's needed by nice-lad to identify resources to be subject
of auditing.
Change-Id: Ie7a195507a02a30d54f93ffbc351c403f2c83000
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
free(privileges_mappings[i]);
delete [] privileges_mappings;
}
+
+SECURITY_MANAGER_API
+int security_manager_groups_get(char ***groups, size_t *groups_count)
+{
+ using namespace SecurityManager;
+ MessageBuffer send, recv;
+ if (!groups || !groups_count)
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ return try_catch([&] {
+
+ //put data into buffer
+ Serialization::Serialize(send, static_cast<int>(SecurityModuleCall::GROUPS_GET));
+
+ //send buffer to server
+ int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv);
+ if (retval != SECURITY_MANAGER_API_SUCCESS) {
+ LogError("Error in sendToServer. Error code: " << retval);
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+
+ //receive response from server
+ Deserialization::Deserialize(recv, retval);
+
+ switch(retval) {
+ case SECURITY_MANAGER_API_SUCCESS:
+ // success - continue
+ break;
+ case SECURITY_MANAGER_API_ERROR_OUT_OF_MEMORY:
+ return SECURITY_MANAGER_ERROR_MEMORY;
+ case SECURITY_MANAGER_API_ERROR_INPUT_PARAM:
+ return SECURITY_MANAGER_ERROR_INPUT_PARAM;
+ default:
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+
+ std::vector<std::string> vgroups;
+ Deserialization::Deserialize(recv, vgroups);
+ const auto vgroups_size = vgroups.size();
+ LogInfo("Number of groups: " << vgroups_size);
+
+ std::unique_ptr<char *, std::function<void(char **)>> array(
+ static_cast<char **>(calloc(vgroups_size, sizeof(char *))),
+ std::bind(security_manager_groups_free, std::placeholders::_1, vgroups_size));
+
+ if (array == nullptr)
+ return SECURITY_MANAGER_ERROR_MEMORY;
+
+ for (size_t i = 0; i < vgroups_size; ++i) {
+ const auto &group = vgroups.at(i);
+
+ if (group.empty()) {
+ LogError("Unexpected empty group");
+ return SECURITY_MANAGER_ERROR_UNKNOWN;
+ }
+
+ array.get()[i] = strdup(group.c_str());
+ if (array.get()[i] == nullptr)
+ return SECURITY_MANAGER_ERROR_MEMORY;
+ }
+
+ *groups_count = vgroups_size;
+ *groups = array.release();
+
+ return SECURITY_MANAGER_SUCCESS;
+ });
+}
+
+SECURITY_MANAGER_API
+void security_manager_groups_free(char **groups, size_t groups_count)
+{
+ if (groups == nullptr)
+ return;
+
+ for (size_t i = 0; i < groups_count; i++)
+ free(groups[i]);
+
+ free(groups);
+}
/*
* security-manager, database access
*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
* @author Krzysztof Sasiak <k.sasiak@samsung.com>
* @author Rafal Krypa <r.krypa@samsung.com>
* @author Zofia Abramowska <z.abramowska@samsung.com>
+ * @author Aleksander Zdyb <a.zdyb@samsung.com>
* @version 1.0
* @brief This file contains declaration of the API to privilges database.
*/
EGetPrivilegeMappings,
EInsertPrivilegeToMap,
EGetPrivilegesMappings,
- EDeletePrivilegesToMap
+ EDeletePrivilegesToMap,
+ EGetGroups
};
class PrivilegeDb {
" WHERE version_from_name=? AND version_to_name=?"
" AND privilege_name IN (SELECT privilege_name FROM privilege_to_map)"},
{ StmtType::EDeletePrivilegesToMap, "DELETE FROM privilege_to_map"},
+ { StmtType::EGetGroups, "SELECT DISTINCT group_name FROM privilege_group_view" },
};
/**
const std::string &version_to,
const std::vector<std::string> &privileges,
std::vector<std::string> &mappings);
+
+ /**
+ * Retrieve list of resource groups
+ *
+ * @param[out] grp_names - list of group names
+ * @exception DB::SqlConnection::Exception::InternalError on internal error
+ */
+ void GetGroups(std::vector<std::string> &grp_names);
};
} //namespace SecurityManager
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
GET_CONF_POLICY_SELF,
POLICY_GET_DESCRIPTIONS,
GET_PRIVILEGES_MAPPING,
+ GROUPS_GET,
NOOP = 0x90,
};
/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
const std::vector<std::string> &privileges,
std::vector<std::string> &mappings);
+/**
+ * Process getting resources group list.
+ *
+ * @param[out] groups empty vector for group strings
+ *
+ * @return API return code, as defined in protocols.h
+ */
+int policyGetGroups(std::vector<std::string> &groups);
+
} /* namespace ServiceImpl */
} /* namespace SecurityManager */
/*
* security-manager, database access
*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
});
}
+void PrivilegeDb::GetGroups(std::vector<std::string> &groups)
+{
+ try_catch<void>([&] {
+ auto command = getStatement(StmtType::EGetGroups);
+
+ while (command->Step()) {
+ std::string groupName = command->GetColumnString(0);
+ LogDebug("Group " << groupName);
+ groups.push_back(groupName);
+ };
+ });
+}
+
} //namespace SecurityManager
/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
return errorRet;
}
+int policyGetGroups(std::vector<std::string> &groups) {
+ int ret = SECURITY_MANAGER_API_SUCCESS;
+
+ try {
+ PrivilegeDb::getInstance().GetGroups(groups);
+ } catch (const PrivilegeDb::Exception::Base &e) {
+ LogError("Error while getting groups from database: " << e.DumpToString());
+ return SECURITY_MANAGER_API_ERROR_SERVER_ERROR;
+ }
+
+ return ret;
+}
+
} /* namespace ServiceImpl */
} /* namespace SecurityManager */
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
* @param[in] mapping_count Number of privileges
*/
void security_manager_privilege_mapping_free(char **privileges_mappings, size_t mappings_count);
+
+/**
+ * This function returns array of groups bound to privileges of file resources.
+ *
+ * Caller needs to free memory allocated for the list using
+ * security_manager_groups_free().
+ *
+ * @param[out] groups pointer to array of strings.
+ * @param[out] groups_count number of strings in levels array.
+ * @return API return code or error code.
+ */
+int security_manager_groups_get(char ***groups, size_t *groups_count);
+
+/**
+ * This function frees memory allocated by security_manager_groups_get()
+ * function.
+ *
+ * @param[in] groups array of strings returned by security_manager_groups_get() function.
+ * @param[in] groups_count size of the groups array
+ */
+void security_manager_groups_free(char **groups, size_t groups_count);
+
#ifdef __cplusplus
}
#endif
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
*/
void processPrivilegesMappings(MessageBuffer &recv, MessageBuffer &send);
+ /**
+ * Process getting groups bound with privileges
+ *
+ * @param send Raw data buffer to be sent
+ */
+ void processGroupsGet(MessageBuffer &send);
};
} // namespace SecurityManager
/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Contact: Rafal Krypa <r.krypa@samsung.com>
*
case SecurityModuleCall::GET_PRIVILEGES_MAPPING:
processPrivilegesMappings(buffer, send);
break;
+ case SecurityModuleCall::GROUPS_GET:
+ processGroupsGet(send);
+ break;
default:
LogError("Invalid call: " << call_type_int);
Throw(ServiceException::InvalidAction);
Serialization::Serialize(send, mappings);
}
+void Service::processGroupsGet(MessageBuffer &send)
+{
+ std::vector<std::string> groups;
+ int ret = ServiceImpl::policyGetGroups(groups);
+
+ Serialization::Serialize(send, ret);
+ if (ret == SECURITY_MANAGER_API_SUCCESS) {
+ Serialization::Serialize(send, groups);
+ }
+}
+
} // namespace SecurityManager