bool Cynara::check(const std::string &label, const std::string &privilege,
const std::string &user, const std::string &session)
{
return checkCynaraError(
cynara_check(m_Cynara,
label.c_str(), session.c_str(), user.c_str(), privilege.c_str()),
"Cannot check permission with Cynara.");
}
static int _icd_cynara_check(GDBusMethodInvocation *invocation, const char **privileges)
{
#ifdef TZ_VER_3
FN_CALL;
int i = 0;
int ret;
pid_t pid;
char *user = NULL;
char *client = NULL;
char *session = NULL;
const char *sender = NULL;
GDBusConnection *conn = NULL;
RETV_IF(NULL == _cynara, IOTCON_ERROR_SYSTEM);
RETV_IF(NULL == invocation, IOTCON_ERROR_INVALID_PARAMETER);
RETV_IF(NULL == privileges, IOTCON_ERROR_INVALID_PARAMETER);
conn = g_dbus_method_invocation_get_connection(invocation);
if (NULL == conn) {
ERR("g_dbus_method_invocation_get_connection() return NULL");
return IOTCON_ERROR_SYSTEM;
}
sender = g_dbus_method_invocation_get_sender(invocation);
if (NULL == sender) {
ERR("g_dbus_method_invocation_get_sender() return NULL");
return IOTCON_ERROR_SYSTEM;
}
ret = cynara_creds_gdbus_get_client(conn, sender, CLIENT_METHOD_SMACK, &client);
if (CYNARA_API_SUCCESS != ret) {
ERR("cynara_creds_dbus_get_client() Fail(%d)", ret);
return IOTCON_ERROR_SYSTEM;
}
ret = cynara_creds_gdbus_get_user(conn, sender, USER_METHOD_UID, &user);
if (CYNARA_API_SUCCESS != ret) {
ERR("cynara_creds_dbus_get_user() Fail(%d)", ret);
free(client);
return IOTCON_ERROR_SYSTEM;
}
ret = cynara_creds_gdbus_get_pid(conn, sender, &pid);
if (CYNARA_API_SUCCESS != ret) {
ERR("cynara_creds_gdbus_get_pid() Fail(%d)", ret);
free(user);
free(client);
return IOTCON_ERROR_SYSTEM;
}
session = cynara_session_from_pid(pid);
if (NULL == session) {
ERR("cynara_session_from_pid() return NULL");
free(user);
free(client);
return IOTCON_ERROR_SYSTEM;
}
while (privileges[i]) {
SECURE_DBG("privileges[%d]: %s, user: %s, client: %s", i, privileges[i], user, client);
ret = cynara_check(_cynara, client, session, user, privileges[i]);
if (CYNARA_API_ACCESS_DENIED == ret) {
ERR("Denied (%s)", privileges[i]);
free(session);
free(user);
free(client);
return IOTCON_ERROR_PERMISSION_DENIED;
} else if (CYNARA_API_ACCESS_ALLOWED != ret) {
ERR("cynara_check(%s) Fail(%d)", privileges[i], ret);
free(session);
free(user);
free(client);
return IOTCON_ERROR_SYSTEM;
}
i++;
}
free(session);
free(user);
free(client);
#endif
return IOTCON_ERROR_NONE;
}
