From 7eca0f84d70ccd7a9939f9afad7220fad0d130dc Mon Sep 17 00:00:00 2001 From: Jan Cybulski Date: Thu, 27 Nov 2014 08:28:53 +0100 Subject: [PATCH] Implementation of API for user management Change-Id: Ib2cb08e1c466bc93775f8efe32dccd118ef095ad Signed-off-by: Jan Cybulski --- src/client/client-security-manager.cpp | 66 ++++++++++++++++++++++++++++++---- src/common/include/protocols.h | 2 ++ src/common/include/service_impl.h | 21 +++++++++++ src/common/service_impl.cpp | 50 ++++++++++++++++++++++++++ src/server/service/include/service.h | 5 +++ src/server/service/service.cpp | 30 ++++++++++++++++ 6 files changed, 168 insertions(+), 6 deletions(-) diff --git a/src/client/client-security-manager.cpp b/src/client/client-security-manager.cpp index 8625649..f9e3484 100644 --- a/src/client/client-security-manager.cpp +++ b/src/client/client-security-manager.cpp @@ -562,15 +562,69 @@ int security_manager_user_req_set_user_type(user_req *p_req, security_manager_us SECURITY_MANAGER_API int security_manager_user_add(const user_req *p_req) { - //TODO - (void) p_req; - return SECURITY_MANAGER_ERROR_UNKNOWN; + using namespace SecurityManager; + MessageBuffer send, recv; + if (!p_req) + return SECURITY_MANAGER_ERROR_INPUT_PARAM; + return try_catch([&] { + + //put data into buffer + Serialization::Serialize(send, static_cast(SecurityModuleCall::USER_ADD)); + + Serialization::Serialize(send, p_req->uid); + Serialization::Serialize(send, p_req->utype); + + //send buffer to server + int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); + if (retval != SECURITY_MANAGER_API_SUCCESS) { + LogError("Error in sendToServer. Error code: " << retval); + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + + //receive response from server + Deserialization::Deserialize(recv, retval); + switch(retval) { + case SECURITY_MANAGER_API_SUCCESS: + return SECURITY_MANAGER_SUCCESS; + case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED: + return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED; + default: + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + }); } SECURITY_MANAGER_API int security_manager_user_delete(const user_req *p_req) { - //TODO - (void) p_req; - return SECURITY_MANAGER_ERROR_UNKNOWN; + using namespace SecurityManager; + MessageBuffer send, recv; + if (!p_req) + return SECURITY_MANAGER_ERROR_INPUT_PARAM; + return try_catch([&] { + + //put data into buffer + Serialization::Serialize(send, static_cast(SecurityModuleCall::USER_DELETE)); + + Serialization::Serialize(send, p_req->uid); + + + //send buffer to server + int retval = sendToServer(SERVICE_SOCKET, send.Pop(), recv); + if (retval != SECURITY_MANAGER_API_SUCCESS) { + LogError("Error in sendToServer. Error code: " << retval); + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + + //receive response from server + Deserialization::Deserialize(recv, retval); + switch(retval) { + case SECURITY_MANAGER_API_SUCCESS: + return SECURITY_MANAGER_SUCCESS; + case SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED: + return SECURITY_MANAGER_ERROR_AUTHENTICATION_FAILED; + default: + return SECURITY_MANAGER_ERROR_UNKNOWN; + } + }); } diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h index 029ba95..11b93a5 100644 --- a/src/common/include/protocols.h +++ b/src/common/include/protocols.h @@ -124,6 +124,8 @@ enum class SecurityModuleCall APP_UNINSTALL, APP_GET_PKGID, APP_GET_GROUPS, + USER_ADD, + USER_DELETE, }; } // namespace SecurityManager diff --git a/src/common/include/service_impl.h b/src/common/include/service_impl.h index ba6a580..3df8975 100644 --- a/src/common/include/service_impl.h +++ b/src/common/include/service_impl.h @@ -81,6 +81,27 @@ int getPkgId(const std::string &appId, std::string &pkgId); */ int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, std::unordered_set &gids); +/** + * Process user adding request. + * + * @param[in] uidAdded uid of newly created user + * @param[in] userType type of newly created user + * @param[in] uid uid of requesting user + * + * @return API return code, as defined in protocols.h + */ +int userAdd(uid_t uidAdded, int userType, uid_t uid); + +/** + * Process user deletion request. + * + * @param[in] uidDeleted uid of removed user + * @param[in] uid uid of requesting user + * + * @return API return code, as defined in protocols.h + */ +int userDelete(uid_t uidDeleted, uid_t uid); + } /* namespace ServiceImpl */ } /* namespace SecurityManager */ diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index 718868d..6660561 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -377,5 +377,55 @@ int getAppGroups(const std::string &appId, uid_t uid, pid_t pid, std::unordered_ return SECURITY_MANAGER_API_SUCCESS; } +int userAdd(uid_t uidAdded, int userType, uid_t uid) +{ + if (uid != 0) + return SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED; + + switch (userType) { + case SM_USER_TYPE_SYSTEM: + case SM_USER_TYPE_ADMIN: + case SM_USER_TYPE_GUEST: + case SM_USER_TYPE_NORMAL: + break; + default: + return SECURITY_MANAGER_API_ERROR_INPUT_PARAM; + } + + //TODO add policy information to cynara regarding user default privileges based on user_type + (void) uidAdded; + (void) userType; + + return SECURITY_MANAGER_API_SUCCESS; +} + +int userDelete(uid_t uidDeleted, uid_t uid) +{ + int ret = SECURITY_MANAGER_API_SUCCESS; + if (uid != 0) + return SECURITY_MANAGER_API_ERROR_AUTHENTICATION_FAILED; + + //TODO remove policy information from cynara + + /*Uninstall all user apps*/ + std::vector userApps; + try { + PrivilegeDb::getInstance().GetUserApps(uidDeleted, userApps); + } catch (const PrivilegeDb::Exception::Base &e) { + LogError("Error while getting user apps from database: " << e.DumpToString()); + return SECURITY_MANAGER_API_ERROR_SERVER_ERROR; + } + + for (auto &app: userApps) { + if (appUninstall(app, uidDeleted) != SECURITY_MANAGER_API_SUCCESS) { + /*if uninstallation of this app fails, just go on trying to uninstall another ones. + we do not have anything special to do about that matter - user will be deleted anyway.*/ + ret = SECURITY_MANAGER_API_ERROR_SERVER_ERROR; + } + } + + return ret; +} + } /* namespace ServiceImpl */ } /* namespace SecurityManager */ diff --git a/src/server/service/include/service.h b/src/server/service/include/service.h index 1ceb7f8..19385f7 100644 --- a/src/server/service/include/service.h +++ b/src/server/service/include/service.h @@ -105,6 +105,11 @@ private: * @param pid Process id in which application will be launched */ void processGetAppGroups(MessageBuffer &buffer, MessageBuffer &send, uid_t uid, pid_t pid); + + void processUserAdd(MessageBuffer &buffer, MessageBuffer &send, uid_t uid); + + void processUserDelete(MessageBuffer &buffer, MessageBuffer &send, uid_t uid); + }; } // namespace SecurityManager diff --git a/src/server/service/service.cpp b/src/server/service/service.cpp index 5b83421..046dd20 100644 --- a/src/server/service/service.cpp +++ b/src/server/service/service.cpp @@ -141,6 +141,12 @@ bool Service::processOne(const ConnectionID &conn, MessageBuffer &buffer, case SecurityModuleCall::APP_GET_GROUPS: processGetAppGroups(buffer, send, uid, pid); break; + case SecurityModuleCall::USER_ADD: + processUserAdd(buffer, send, uid); + break; + case SecurityModuleCall::USER_DELETE: + processUserDelete(buffer, send, uid); + break; default: LogError("Invalid call: " << call_type_int); Throw(ServiceException::InvalidAction); @@ -222,5 +228,29 @@ void Service::processGetAppGroups(MessageBuffer &buffer, MessageBuffer &send, ui } } +void Service::processUserAdd(MessageBuffer &buffer, MessageBuffer &send, uid_t uid) +{ + int ret; + uid_t uidAdded; + int userType; + + Deserialization::Deserialize(buffer, uidAdded); + Deserialization::Deserialize(buffer, userType); + + ret = ServiceImpl::userAdd(uidAdded, userType, uid); + Serialization::Serialize(send, ret); +} + +void Service::processUserDelete(MessageBuffer &buffer, MessageBuffer &send, uid_t uid) +{ + int ret; + uid_t uidRemoved; + + Deserialization::Deserialize(buffer, uidRemoved); + + ret = ServiceImpl::userDelete(uidRemoved, uid); + Serialization::Serialize(send, ret); +} + } // namespace SecurityManager -- 2.7.4