1 /*****************************************************************************/
2 /* Software Testing Automation Framework (STAF) */
3 /* (C) Copyright IBM Corp. 2001, 2004 */
4 /* */
5 /* This software is licensed under the Eclipse Public License (EPL) V1.0. */
6 /*****************************************************************************/
7
8 #include "STAF.h"
9 #include "STAFProc.h"
10 #include "STAFTrustManager.h"
11 #include "STAFServiceManager.h"
12
13 static const STAFString sStar(kUTF8_STAR);
14
TrustData(const STAFString & theGroup,const STAFString & theEntity,unsigned int theTrustLevel)15 STAFTrustManager::TrustData::TrustData(const STAFString &theGroup,
16 const STAFString &theEntity,
17 unsigned int theTrustLevel)
18 : group(theGroup), entity(theEntity), trustLevel(theTrustLevel)
19 {
20 if (group.hasWildcard())
21 {
22 if (entity.hasWildcard())
23 matchType = kTrustMatchWildcard;
24 else
25 matchType = kTrustMatchEntityExact;
26 }
27 else if (entity.hasWildcard())
28 {
29 matchType = kTrustMatchGroupExact;
30 }
31 else
32 {
33 matchType = kTrustMatchExact;
34 }
35 }
36
getTrustLevel(const STAFString & theInterface,const STAFString & logicalID,const STAFString & physicalID,const STAFString & authenticator,const STAFString & userID)37 unsigned int STAFTrustManager::getTrustLevel(const STAFString &theInterface,
38 const STAFString &logicalID,
39 const STAFString &physicalID,
40 const STAFString &authenticator,
41 const STAFString &userID)
42 {
43 // First, let's try to find a user trust match
44
45 unsigned int theTrustLevel = 0;
46 unsigned int matchLevel = TrustData::kTrustMatchNoMatch;
47 bool matchFound = false;
48 TrustMap::iterator iter;
49
50 for (iter = fUserTrustMap.begin(); iter != fUserTrustMap.end(); ++iter)
51 {
52 const TrustData &trustData = iter->second;
53
54 if (trustData.matchType > matchLevel) continue;
55
56 if (authenticator.matchesWildcards(trustData.group,
57 kSTAFStringCaseInsensitive) &&
58 userID.matchesWildcards(trustData.entity,
59 kSTAFStringCaseSensitive))
60 {
61 matchFound = true;
62
63 if (matchLevel > trustData.matchType)
64 {
65 theTrustLevel = trustData.trustLevel;
66 matchLevel = trustData.matchType;
67 }
68 else
69 {
70 theTrustLevel = STAF_MIN(theTrustLevel, trustData.trustLevel);
71 }
72 }
73 }
74
75 if (matchFound) return theTrustLevel;
76
77 // No user trust match was found, so let's search for a machine trust match
78
79 bool matchesPhysical = false;
80
81 for (iter = fMachineTrustMap.begin(); iter != fMachineTrustMap.end(); ++iter)
82 {
83 const TrustData &trustData = iter->second;
84
85 if (trustData.matchType > matchLevel) continue;
86
87 bool thisMatches = false;
88 bool thisMatchesPhysical = false;
89
90 if (theInterface.matchesWildcards(trustData.group,
91 kSTAFStringCaseInsensitive))
92 {
93 if (physicalID.matchesWildcards(trustData.entity,
94 kSTAFStringCaseInsensitive))
95 {
96 thisMatches = true;
97 thisMatchesPhysical = true;
98 }
99 else if (logicalID.matchesWildcards(trustData.entity,
100 kSTAFStringCaseInsensitive))
101 {
102 thisMatches = true;
103 }
104 }
105
106 if (thisMatches)
107 {
108 matchFound = true;
109
110 if (matchLevel > trustData.matchType)
111 {
112 theTrustLevel = trustData.trustLevel;
113 matchesPhysical = thisMatchesPhysical;
114 matchLevel = trustData.matchType;
115 }
116 else if (!matchesPhysical && thisMatchesPhysical)
117 {
118 theTrustLevel = trustData.trustLevel;
119 matchesPhysical = true;
120 }
121 else if (matchesPhysical == thisMatchesPhysical)
122 {
123 // Note: This matches if they are either both physical or
124 // both logical, but not if they are one of each
125
126 theTrustLevel = STAF_MIN(theTrustLevel, trustData.trustLevel);
127 }
128 }
129 }
130
131 // XXX: Might need an explicit check for local access here
132
133 if (!matchFound) theTrustLevel = fDefaultTrustLevel;
134
135 return theTrustLevel;
136 }
137
138
getTrustLevel(const STAFString & machine,const STAFString & user)139 unsigned int STAFTrustManager::getTrustLevel(const STAFString &machine,
140 const STAFString &user)
141 {
142 STAFString theInterface;
143 STAFString theMachine;
144
145 splitSpecification(machine, sStar, theInterface, theMachine);
146
147 // If a port was specified as part of the machine, remove it from the
148 // machine as trust is based on machine identifier only, without the port
149
150 theMachine = STAFHandle::stripPortFromEndpoint(theMachine);
151
152 STAFString theAuthenticator;
153 STAFString theUserID;
154
155 splitSpecification(user,
156 gServiceManagerPtr->getDefaultAuthenticator(),
157 theAuthenticator,
158 theUserID);
159
160 return getTrustLevel(theInterface, theMachine, theMachine,
161 theAuthenticator, theUserID);
162 }
163
164
getTrustLevel(const STAFString & machine)165 unsigned int STAFTrustManager::getTrustLevel(const STAFString &machine)
166 {
167 return getTrustLevel(machine, gUnauthenticatedUser);
168 }
169
setMachineTrusteeLevel(const STAFString & machine,unsigned int trustLevel)170 STAFRC_t STAFTrustManager::setMachineTrusteeLevel(const STAFString &machine,
171 unsigned int trustLevel)
172 {
173 if (trustLevel > fMaxTrustLevel)
174 return kSTAFInvalidTrustLevel;
175
176 STAFString theInterface;
177 STAFString theMachine;
178
179 splitSpecification(machine, sStar, theInterface, theMachine);
180
181 // If a port was specified as part of the machine, remove it from the
182 // machine as trust is based on machine identifier only, without the port
183
184 theMachine = STAFHandle::stripPortFromEndpoint(theMachine);
185
186 STAFString theSpec = theInterface.toLowerCase() + gSpecSeparator +
187 theMachine.toLowerCase();
188
189 STAFMutexSemLock trustLock(fTrustDataSem);
190
191 if (fMachineTrustMap.find(theSpec) == fMachineTrustMap.end())
192 {
193 fMachineTrustMap[theSpec] = TrustData(theInterface, theMachine,
194 trustLevel);
195 }
196 else
197 {
198 fMachineTrustMap[theSpec].trustLevel = trustLevel;
199 }
200
201 return kSTAFOk;
202 }
203
204
deleteMachineTrustee(const STAFString & machine)205 STAFRC_t STAFTrustManager::deleteMachineTrustee(const STAFString &machine)
206 {
207 STAFString theInterface;
208 STAFString theMachine;
209
210 splitSpecification(machine, sStar, theInterface, theMachine);
211
212 // If a port was specified as part of the machine, remove it from the
213 // machine as trust is based on machine identifier only, without the port
214
215 theMachine = STAFHandle::stripPortFromEndpoint(theMachine);
216
217 STAFString theSpec = theInterface.toLowerCase() + gSpecSeparator +
218 theMachine.toLowerCase();
219
220 STAFMutexSemLock trustLock(fTrustDataSem);
221
222 if (fMachineTrustMap.find(theSpec) == fMachineTrustMap.end())
223 return kSTAFTrusteeDoesNotExist;
224
225 fMachineTrustMap.erase(theSpec);
226
227 return kSTAFOk;
228 }
229
230
getMachineTrustMapCopy()231 STAFTrustManager::TrustMap STAFTrustManager::getMachineTrustMapCopy()
232 {
233 STAFMutexSemLock trustLock(fTrustDataSem);
234
235 return fMachineTrustMap;
236 }
237
238
setUserTrusteeLevel(STAFString user,unsigned int trustLevel)239 STAFRC_t STAFTrustManager::setUserTrusteeLevel(STAFString user,
240 unsigned int trustLevel)
241 {
242 if (trustLevel > fMaxTrustLevel)
243 return kSTAFInvalidTrustLevel;
244
245 STAFString theAuthenticator;
246 STAFString theUserID;
247
248 splitSpecification(user,
249 gServiceManagerPtr->getDefaultAuthenticator(),
250 theAuthenticator,
251 theUserID);
252
253 STAFString theSpec = theAuthenticator.toLowerCase() + gSpecSeparator +
254 theUserID;
255
256 // XXX: if (theSpec == gUnauthenticatedUser) return kSTAFInvalidValue;
257
258 // XXX: Don't return an error if no authenticators are registered
259 //if (theAuthenticator.toLowerCase() == gNoneString) return kSTAFInvalidValue;
260
261 STAFMutexSemLock trustLock(fTrustDataSem);
262
263 if (fUserTrustMap.find(theSpec) == fUserTrustMap.end())
264 {
265 fUserTrustMap[theSpec] = TrustData(theAuthenticator, theUserID,
266 trustLevel);
267 }
268 else
269 {
270 fUserTrustMap[theSpec].trustLevel = trustLevel;
271 }
272
273 return kSTAFOk;
274 }
275
276
deleteUserTrustee(STAFString user)277 STAFRC_t STAFTrustManager::deleteUserTrustee(STAFString user)
278 {
279 STAFString theAuthenticator;
280 STAFString theUserID;
281
282 splitSpecification(user,
283 gServiceManagerPtr->getDefaultAuthenticator(),
284 theAuthenticator,
285 theUserID);
286
287 STAFString theSpec = theAuthenticator.toLowerCase() + gSpecSeparator +
288 theUserID;
289
290 STAFMutexSemLock trustLock(fTrustDataSem);
291
292 if (fUserTrustMap.find(theSpec) == fUserTrustMap.end())
293 return kSTAFTrusteeDoesNotExist;
294
295 fUserTrustMap.erase(theSpec);
296
297 return kSTAFOk;
298 }
299
300
getUserTrustMapCopy()301 STAFTrustManager::TrustMap STAFTrustManager::getUserTrustMapCopy()
302 {
303 STAFMutexSemLock trustLock(fTrustDataSem);
304
305 return fUserTrustMap;
306 }
307
308
getDefaultTrusteeLevel()309 unsigned int STAFTrustManager::getDefaultTrusteeLevel()
310 {
311 return fDefaultTrustLevel;
312 }
313
314
setDefaultTrusteeLevel(unsigned int trustLevel)315 STAFRC_t STAFTrustManager::setDefaultTrusteeLevel(unsigned int trustLevel)
316 {
317 if (trustLevel > fMaxTrustLevel)
318 return kSTAFInvalidTrustLevel;
319
320 STAFMutexSemLock trustLock(fTrustDataSem);
321
322 if (trustLevel > fMaxTrustLevel)
323 return kSTAFInvalidTrustLevel;
324
325 fDefaultTrustLevel = trustLevel;
326
327 return kSTAFOk;
328 }
329
getMaxTrustLevel()330 unsigned int STAFTrustManager::getMaxTrustLevel()
331 {
332 return fMaxTrustLevel;
333 }
334
335
splitSpecification(const STAFString & source,const STAFString & defaultGroup,STAFString & group,STAFString & entity)336 void STAFTrustManager::splitSpecification(const STAFString &source,
337 const STAFString &defaultGroup,
338 STAFString &group,
339 STAFString &entity)
340 {
341 unsigned int sepPos = source.find(gSpecSeparator);
342
343 if (sepPos == STAFString::kNPos)
344 {
345 group = defaultGroup;
346 entity = source;
347 }
348 else
349 {
350 group = source.subString(0, sepPos);
351 entity = source.subString(sepPos + gSpecSeparator.length());
352 }
353 }
354