LCOV - code coverage report
Current view: top level - stoc/source/security - access_controller.cxx (source / functions) Hit Total Coverage
Test: commit e02a6cb2c3e2b23b203b422e4e0680877f232636 Lines: 0 292 0.0 %
Date: 2014-04-14 Functions: 0 44 0.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
       2             : /*
       3             :  * This file is part of the LibreOffice project.
       4             :  *
       5             :  * This Source Code Form is subject to the terms of the Mozilla Public
       6             :  * License, v. 2.0. If a copy of the MPL was not distributed with this
       7             :  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
       8             :  *
       9             :  * This file incorporates work covered by the following license notice:
      10             :  *
      11             :  *   Licensed to the Apache Software Foundation (ASF) under one or more
      12             :  *   contributor license agreements. See the NOTICE file distributed
      13             :  *   with this work for additional information regarding copyright
      14             :  *   ownership. The ASF licenses this file to you under the Apache
      15             :  *   License, Version 2.0 (the "License"); you may not use this file
      16             :  *   except in compliance with the License. You may obtain a copy of
      17             :  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
      18             :  */
      19             : 
      20             : 
      21             : #include <vector>
      22             : 
      23             : #include <osl/diagnose.h>
      24             : #include <osl/interlck.h>
      25             : #include <osl/mutex.hxx>
      26             : #include <osl/thread.hxx>
      27             : 
      28             : #include <rtl/ref.hxx>
      29             : #include <rtl/ustrbuf.hxx>
      30             : 
      31             : #include <uno/current_context.h>
      32             : #include <uno/lbnames.h>
      33             : 
      34             : #include <cppuhelper/implbase1.hxx>
      35             : #include <cppuhelper/compbase3.hxx>
      36             : #include <cppuhelper/implementationentry.hxx>
      37             : #include <cppuhelper/supportsservice.hxx>
      38             : 
      39             : #include <com/sun/star/uno/XCurrentContext.hpp>
      40             : #include <com/sun/star/uno/DeploymentException.hpp>
      41             : #include <com/sun/star/lang/DisposedException.hpp>
      42             : #include <com/sun/star/lang/XComponent.hpp>
      43             : #include <com/sun/star/lang/XServiceInfo.hpp>
      44             : #include <com/sun/star/lang/XInitialization.hpp>
      45             : #include <com/sun/star/security/XAccessController.hpp>
      46             : #include <com/sun/star/security/XPolicy.hpp>
      47             : 
      48             : #include "lru_cache.h"
      49             : #include "permissions.h"
      50             : 
      51             : #include <boost/scoped_ptr.hpp>
      52             : 
      53             : #define SERVICE_NAME "com.sun.star.security.AccessController"
      54             : #define USER_CREDS "access-control.user-credentials"
      55             : 
      56             : 
      57             : using namespace ::std;
      58             : using namespace ::osl;
      59             : using namespace ::cppu;
      60             : using namespace ::com::sun::star;
      61             : using namespace ::com::sun::star::uno;
      62             : using namespace stoc_sec;
      63             : 
      64             : namespace {
      65             : 
      66             : // static stuff initialized when loading lib
      67           0 : static OUString s_envType = CPPU_CURRENT_LANGUAGE_BINDING_NAME;
      68             : const char s_acRestriction[] = "access-control.restriction";
      69             : 
      70             : 
      71             : 
      72             : /** ac context intersects permissions of two ac contexts
      73             : */
      74             : class acc_Intersection
      75             :     : public WeakImplHelper1< security::XAccessControlContext >
      76             : {
      77             :     Reference< security::XAccessControlContext > m_x1, m_x2;
      78             : 
      79             :     inline acc_Intersection(
      80             :         Reference< security::XAccessControlContext > const & x1,
      81             :         Reference< security::XAccessControlContext > const & x2 )
      82             :         SAL_THROW(());
      83             : 
      84             : public:
      85             :     virtual ~acc_Intersection()
      86             :         SAL_THROW(());
      87             : 
      88             :     static inline Reference< security::XAccessControlContext > create(
      89             :         Reference< security::XAccessControlContext > const & x1,
      90             :         Reference< security::XAccessControlContext > const & x2 )
      91             :         SAL_THROW(());
      92             : 
      93             :     // XAccessControlContext impl
      94             :     virtual void SAL_CALL checkPermission(
      95             :         Any const & perm )
      96             :         throw (RuntimeException, std::exception) SAL_OVERRIDE;
      97             : };
      98             : 
      99           0 : inline acc_Intersection::acc_Intersection(
     100             :     Reference< security::XAccessControlContext > const & x1,
     101             :     Reference< security::XAccessControlContext > const & x2 )
     102             :     SAL_THROW(())
     103             :     : m_x1( x1 )
     104           0 :     , m_x2( x2 )
     105           0 : {}
     106             : 
     107           0 : acc_Intersection::~acc_Intersection()
     108             :     SAL_THROW(())
     109           0 : {}
     110             : 
     111           0 : inline Reference< security::XAccessControlContext > acc_Intersection::create(
     112             :     Reference< security::XAccessControlContext > const & x1,
     113             :     Reference< security::XAccessControlContext > const & x2 )
     114             :     SAL_THROW(())
     115             : {
     116           0 :     if (! x1.is())
     117           0 :         return x2;
     118           0 :     if (! x2.is())
     119           0 :         return x1;
     120           0 :     return new acc_Intersection( x1, x2 );
     121             : }
     122             : 
     123           0 : void acc_Intersection::checkPermission(
     124             :     Any const & perm )
     125             :     throw (RuntimeException, std::exception)
     126             : {
     127           0 :     m_x1->checkPermission( perm );
     128           0 :     m_x2->checkPermission( perm );
     129           0 : }
     130             : 
     131             : /** ac context unifies permissions of two ac contexts
     132             : */
     133             : class acc_Union
     134             :     : public WeakImplHelper1< security::XAccessControlContext >
     135             : {
     136             :     Reference< security::XAccessControlContext > m_x1, m_x2;
     137             : 
     138             :     inline acc_Union(
     139             :         Reference< security::XAccessControlContext > const & x1,
     140             :         Reference< security::XAccessControlContext > const & x2 )
     141             :         SAL_THROW(());
     142             : 
     143             : public:
     144             :     virtual ~acc_Union()
     145             :         SAL_THROW(());
     146             : 
     147             :     static inline Reference< security::XAccessControlContext > create(
     148             :         Reference< security::XAccessControlContext > const & x1,
     149             :         Reference< security::XAccessControlContext > const & x2 )
     150             :         SAL_THROW(());
     151             : 
     152             :     // XAccessControlContext impl
     153             :     virtual void SAL_CALL checkPermission(
     154             :         Any const & perm )
     155             :         throw (RuntimeException, std::exception) SAL_OVERRIDE;
     156             : };
     157             : 
     158           0 : inline acc_Union::acc_Union(
     159             :     Reference< security::XAccessControlContext > const & x1,
     160             :     Reference< security::XAccessControlContext > const & x2 )
     161             :     SAL_THROW(())
     162             :     : m_x1( x1 )
     163           0 :     , m_x2( x2 )
     164           0 : {}
     165             : 
     166           0 : acc_Union::~acc_Union()
     167             :     SAL_THROW(())
     168           0 : {}
     169             : 
     170           0 : inline Reference< security::XAccessControlContext > acc_Union::create(
     171             :     Reference< security::XAccessControlContext > const & x1,
     172             :     Reference< security::XAccessControlContext > const & x2 )
     173             :     SAL_THROW(())
     174             : {
     175           0 :     if (! x1.is())
     176           0 :         return Reference< security::XAccessControlContext >(); // unrestricted
     177           0 :     if (! x2.is())
     178           0 :         return Reference< security::XAccessControlContext >(); // unrestricted
     179           0 :     return new acc_Union( x1, x2 );
     180             : }
     181             : 
     182           0 : void acc_Union::checkPermission(
     183             :     Any const & perm )
     184             :     throw (RuntimeException, std::exception)
     185             : {
     186             :     try
     187             :     {
     188           0 :         m_x1->checkPermission( perm );
     189             :     }
     190           0 :     catch (security::AccessControlException &)
     191             :     {
     192           0 :         m_x2->checkPermission( perm );
     193             :     }
     194           0 : }
     195             : 
     196             : /** ac context doing permission checks on static permissions
     197             : */
     198             : class acc_Policy
     199             :     : public WeakImplHelper1< security::XAccessControlContext >
     200             : {
     201             :     PermissionCollection m_permissions;
     202             : 
     203             : public:
     204             :     inline acc_Policy(
     205             :         PermissionCollection const & permissions )
     206             :         SAL_THROW(());
     207             :     virtual ~acc_Policy()
     208             :         SAL_THROW(());
     209             : 
     210             :     // XAccessControlContext impl
     211             :     virtual void SAL_CALL checkPermission(
     212             :         Any const & perm )
     213             :         throw (RuntimeException, std::exception) SAL_OVERRIDE;
     214             : };
     215             : 
     216           0 : inline acc_Policy::acc_Policy(
     217             :     PermissionCollection const & permissions )
     218             :     SAL_THROW(())
     219           0 :     : m_permissions( permissions )
     220           0 : {}
     221             : 
     222           0 : acc_Policy::~acc_Policy()
     223             :     SAL_THROW(())
     224           0 : {}
     225             : 
     226           0 : void acc_Policy::checkPermission(
     227             :     Any const & perm )
     228             :     throw (RuntimeException, std::exception)
     229             : {
     230           0 :     m_permissions.checkPermission( perm );
     231           0 : }
     232             : 
     233             : /** current context overriding dynamic ac restriction
     234             : */
     235             : class acc_CurrentContext
     236             :     : public ImplHelper1< XCurrentContext >
     237             : {
     238             :     oslInterlockedCount m_refcount;
     239             : 
     240             :     Reference< XCurrentContext > m_xDelegate;
     241             :     Any m_restriction;
     242             : 
     243             : public:
     244             :     inline acc_CurrentContext(
     245             :         Reference< XCurrentContext > const & xDelegate,
     246             :         Reference< security::XAccessControlContext > const & xRestriction )
     247             :         SAL_THROW(());
     248             :     virtual ~acc_CurrentContext() SAL_THROW(());
     249             : 
     250             :     // XInterface impl
     251             :     virtual void SAL_CALL acquire()
     252             :         throw () SAL_OVERRIDE;
     253             :     virtual void SAL_CALL release()
     254             :         throw () SAL_OVERRIDE;
     255             : 
     256             :     // XCurrentContext impl
     257             :     virtual Any SAL_CALL getValueByName( OUString const & name )
     258             :         throw (RuntimeException, std::exception) SAL_OVERRIDE;
     259             : };
     260             : 
     261           0 : inline acc_CurrentContext::acc_CurrentContext(
     262             :     Reference< XCurrentContext > const & xDelegate,
     263             :     Reference< security::XAccessControlContext > const & xRestriction )
     264             :     SAL_THROW(())
     265             :     : m_refcount( 0 )
     266           0 :     , m_xDelegate( xDelegate )
     267             : {
     268           0 :     if (xRestriction.is())
     269             :     {
     270           0 :         m_restriction = makeAny( xRestriction );
     271             :     }
     272             :     // return empty any otherwise on getValueByName(), not null interface
     273           0 : }
     274             : 
     275           0 : acc_CurrentContext::~acc_CurrentContext()
     276             :     SAL_THROW(())
     277           0 : {}
     278             : 
     279           0 : void acc_CurrentContext::acquire()
     280             :     throw ()
     281             : {
     282           0 :     osl_atomic_increment( &m_refcount );
     283           0 : }
     284             : 
     285           0 : void acc_CurrentContext::release()
     286             :     throw ()
     287             : {
     288           0 :     if (! osl_atomic_decrement( &m_refcount ))
     289             :     {
     290           0 :         delete this;
     291             :     }
     292           0 : }
     293             : 
     294           0 : Any acc_CurrentContext::getValueByName( OUString const & name )
     295             :     throw (RuntimeException, std::exception)
     296             : {
     297           0 :     if (name == s_acRestriction)
     298             :     {
     299           0 :         return m_restriction;
     300             :     }
     301           0 :     else if (m_xDelegate.is())
     302             :     {
     303           0 :         return m_xDelegate->getValueByName( name );
     304             :     }
     305             :     else
     306             :     {
     307           0 :         return Any();
     308             :     }
     309             : }
     310             : 
     311             : 
     312             : 
     313           0 : static inline Reference< security::XAccessControlContext > getDynamicRestriction(
     314             :     Reference< XCurrentContext > const & xContext )
     315             :     SAL_THROW( (RuntimeException) )
     316             : {
     317           0 :     if (xContext.is())
     318             :     {
     319           0 :         Any acc(xContext->getValueByName(OUString(s_acRestriction)));
     320           0 :         if (typelib_TypeClass_INTERFACE == acc.pType->eTypeClass)
     321             :         {
     322             :             // avoid ref-counting
     323             :             OUString const & typeName =
     324           0 :                 *reinterpret_cast< OUString const * >( &acc.pType->pTypeName );
     325           0 :             if ( typeName == "com.sun.star.security.XAccessControlContext" )
     326             :             {
     327             :                 return Reference< security::XAccessControlContext >(
     328           0 :                     *reinterpret_cast< security::XAccessControlContext ** const >( acc.pData ) );
     329             :             }
     330             :             else // try to query
     331             :             {
     332             :                 return Reference< security::XAccessControlContext >::query(
     333           0 :                     *reinterpret_cast< XInterface ** const >( acc.pData ) );
     334             :             }
     335           0 :         }
     336             :     }
     337           0 :     return Reference< security::XAccessControlContext >();
     338             : }
     339             : 
     340             : class cc_reset
     341             : {
     342             :     void * m_cc;
     343             : public:
     344           0 :     inline cc_reset( void * cc ) SAL_THROW(())
     345           0 :         : m_cc( cc ) {}
     346           0 :     inline ~cc_reset() SAL_THROW(())
     347           0 :         { ::uno_setCurrentContext( m_cc, s_envType.pData, 0 ); }
     348             : };
     349             : 
     350             : 
     351             : 
     352           0 : struct MutexHolder
     353             : {
     354             :     Mutex m_mutex;
     355             : };
     356             : typedef WeakComponentImplHelper3<
     357             :     security::XAccessController, lang::XServiceInfo, lang::XInitialization > t_helper;
     358             : 
     359             : 
     360             : class AccessController
     361             :     : public MutexHolder
     362             :     , public t_helper
     363             : {
     364             :     Reference< XComponentContext > m_xComponentContext;
     365             : 
     366             :     Reference< security::XPolicy > m_xPolicy;
     367             :     Reference< security::XPolicy > const & getPolicy()
     368             :         SAL_THROW( (RuntimeException) );
     369             : 
     370             :     // mode
     371             :     enum Mode { OFF, ON, DYNAMIC_ONLY, SINGLE_USER, SINGLE_DEFAULT_USER } m_mode;
     372             : 
     373             :     PermissionCollection m_defaultPermissions;
     374             :     // for single-user mode
     375             :     PermissionCollection m_singleUserPermissions;
     376             :     OUString m_singleUserId;
     377             :     bool m_defaultPerm_init;
     378             :     bool m_singleUser_init;
     379             :     // for multi-user mode
     380             :     lru_cache< OUString, PermissionCollection, OUStringHash, equal_to< OUString > >
     381             :         m_user2permissions;
     382             : 
     383             :     ThreadData m_rec;
     384             :     typedef vector< pair< OUString, Any > > t_rec_vec;
     385             :     inline void clearPostPoned() SAL_THROW(());
     386             :     void checkAndClearPostPoned() SAL_THROW( (RuntimeException) );
     387             : 
     388             :     PermissionCollection getEffectivePermissions(
     389             :         Reference< XCurrentContext > const & xContext,
     390             :         Any const & demanded_perm )
     391             :         SAL_THROW( (RuntimeException) );
     392             : 
     393             : protected:
     394             :     virtual void SAL_CALL disposing() SAL_OVERRIDE;
     395             : 
     396             : public:
     397             :     AccessController( Reference< XComponentContext > const & xComponentContext )
     398             :         SAL_THROW( (RuntimeException) );
     399             :     virtual ~AccessController()
     400             :         SAL_THROW(());
     401             : 
     402             :     //  XInitialization impl
     403             :     virtual void SAL_CALL initialize(
     404             :         Sequence< Any > const & arguments )
     405             :         throw (Exception, std::exception) SAL_OVERRIDE;
     406             : 
     407             :     // XAccessController impl
     408             :     virtual void SAL_CALL checkPermission(
     409             :         Any const & perm )
     410             :         throw (RuntimeException, std::exception) SAL_OVERRIDE;
     411             :     virtual Any SAL_CALL doRestricted(
     412             :         Reference< security::XAction > const & xAction,
     413             :         Reference< security::XAccessControlContext > const & xRestriction )
     414             :         throw (Exception, std::exception) SAL_OVERRIDE;
     415             :     virtual Any SAL_CALL doPrivileged(
     416             :         Reference< security::XAction > const & xAction,
     417             :         Reference< security::XAccessControlContext > const & xRestriction )
     418             :         throw (Exception, std::exception) SAL_OVERRIDE;
     419             :     virtual Reference< security::XAccessControlContext > SAL_CALL getContext()
     420             :         throw (RuntimeException, std::exception) SAL_OVERRIDE;
     421             : 
     422             :     // XServiceInfo impl
     423             :     virtual OUString SAL_CALL getImplementationName()
     424             :         throw (RuntimeException, std::exception) SAL_OVERRIDE;
     425             :     virtual sal_Bool SAL_CALL supportsService( OUString const & serviceName )
     426             :         throw (RuntimeException, std::exception) SAL_OVERRIDE;
     427             :     virtual Sequence< OUString > SAL_CALL getSupportedServiceNames()
     428             :         throw (RuntimeException, std::exception) SAL_OVERRIDE;
     429             : };
     430             : 
     431           0 : AccessController::AccessController( Reference< XComponentContext > const & xComponentContext )
     432             :     SAL_THROW( (RuntimeException) )
     433             :     : t_helper( m_mutex )
     434             :     , m_xComponentContext( xComponentContext )
     435             :     , m_mode( ON ) // default
     436             :     , m_defaultPerm_init( false )
     437             :     , m_singleUser_init( false )
     438           0 :     , m_rec( 0 )
     439             : {
     440             :     // The .../mode value had originally been set in
     441             :     // cppu::add_access_control_entries (cppuhelper/source/servicefactory.cxx)
     442             :     // to something other than "off" depending on various UNO_AC* bootstrap
     443             :     // variables that are no longer supported, so this is mostly dead code now:
     444           0 :     OUString mode;
     445           0 :     if (m_xComponentContext->getValueByName( "/services/" SERVICE_NAME "/mode" ) >>= mode)
     446             :     {
     447           0 :         if ( mode == "off" )
     448             :         {
     449           0 :             m_mode = OFF;
     450             :         }
     451           0 :         else if ( mode == "on" )
     452             :         {
     453           0 :             m_mode = ON;
     454             :         }
     455           0 :         else if ( mode == "dynamic-only" )
     456             :         {
     457           0 :             m_mode = DYNAMIC_ONLY;
     458             :         }
     459           0 :         else if ( mode == "single-user" )
     460             :         {
     461           0 :             m_xComponentContext->getValueByName(
     462           0 :                 "/services/" SERVICE_NAME "/single-user-id" ) >>= m_singleUserId;
     463           0 :             if (m_singleUserId.isEmpty())
     464             :             {
     465             :                 throw RuntimeException(
     466             :                     "expected a user id in component context entry "
     467             :                     "\"/services/" SERVICE_NAME "/single-user-id\"!",
     468           0 :                     (OWeakObject *)this );
     469             :             }
     470           0 :             m_mode = SINGLE_USER;
     471             :         }
     472           0 :         else if ( mode == "single-default-user" )
     473             :         {
     474           0 :             m_mode = SINGLE_DEFAULT_USER;
     475             :         }
     476             :     }
     477             : 
     478             :     // switch on caching for DYNAMIC_ONLY and ON (sharable multi-user process)
     479           0 :     if (ON == m_mode || DYNAMIC_ONLY == m_mode)
     480             :     {
     481           0 :         sal_Int32 cacheSize = 0; // multi-user cache size
     482           0 :         if (! (m_xComponentContext->getValueByName(
     483           0 :             "/services/" SERVICE_NAME "/user-cache-size" ) >>= cacheSize))
     484             :         {
     485           0 :             cacheSize = 128; // reasonable default?
     486             :         }
     487             : #ifdef __CACHE_DIAGNOSE
     488             :         cacheSize = 2;
     489             : #endif
     490           0 :         m_user2permissions.setSize( cacheSize );
     491           0 :     }
     492           0 : }
     493             : 
     494           0 : AccessController::~AccessController()
     495             :     SAL_THROW(())
     496           0 : {}
     497             : 
     498           0 : void AccessController::disposing()
     499             : {
     500           0 :     m_mode = OFF; // avoid checks from now on xxx todo review/ better DYNAMIC_ONLY?
     501           0 :     m_xPolicy.clear();
     502           0 :     m_xComponentContext.clear();
     503           0 : }
     504             : 
     505             : // XInitialization impl
     506             : 
     507           0 : void AccessController::initialize(
     508             :     Sequence< Any > const & arguments )
     509             :     throw (Exception, std::exception)
     510             : {
     511             :     // xxx todo: review for forking
     512             :     // portal forking hack: re-initialize for another user-id
     513           0 :     if (SINGLE_USER != m_mode) // only if in single-user mode
     514             :     {
     515             :         throw RuntimeException(
     516           0 :             "invalid call: ac must be in \"single-user\" mode!", (OWeakObject *)this );
     517             :     }
     518           0 :     OUString userId;
     519           0 :     arguments[ 0 ] >>= userId;
     520           0 :     if ( userId.isEmpty() )
     521             :     {
     522             :         throw RuntimeException(
     523           0 :             "expected a user-id as first argument!", (OWeakObject *)this );
     524             :     }
     525             :     // assured that no sync is necessary: no check happens at this forking time
     526           0 :     m_singleUserId = userId;
     527           0 :     m_singleUser_init = false;
     528           0 : }
     529             : 
     530             : 
     531           0 : Reference< security::XPolicy > const & AccessController::getPolicy()
     532             :     SAL_THROW( (RuntimeException) )
     533             : {
     534             :     // get policy singleton
     535           0 :     if (! m_xPolicy.is())
     536             :     {
     537           0 :         Reference< security::XPolicy > xPolicy;
     538           0 :         m_xComponentContext->getValueByName(
     539           0 :             "/singletons/com.sun.star.security.thePolicy" ) >>= xPolicy;
     540           0 :         if (xPolicy.is())
     541             :         {
     542           0 :             MutexGuard guard( m_mutex );
     543           0 :             if (! m_xPolicy.is())
     544             :             {
     545           0 :                 m_xPolicy = xPolicy;
     546           0 :             }
     547             :         }
     548             :         else
     549             :         {
     550             :             throw SecurityException(
     551           0 :                 "cannot get policy singleton!", (OWeakObject *)this );
     552           0 :         }
     553             :     }
     554           0 :     return m_xPolicy;
     555             : }
     556             : 
     557             : #ifdef __DIAGNOSE
     558             : static void dumpPermissions(
     559             :     PermissionCollection const & collection, OUString const & userId = OUString() ) SAL_THROW(())
     560             : {
     561             :     OUStringBuffer buf( 48 );
     562             :     if (!userId.isEmpty())
     563             :     {
     564             :         buf.append( "> dumping permissions of user \"" );
     565             :         buf.append( userId );
     566             :         buf.append( "\":" );
     567             :     }
     568             :     else
     569             :     {
     570             :         buf.append( "> dumping default permissions:" );
     571             :     }
     572             :     OString str( OUStringToOString( buf.makeStringAndClear(), RTL_TEXTENCODING_ASCII_US ) );
     573             :     OSL_TRACE( "%s", str.getStr() );
     574             :     Sequence< OUString > permissions( collection.toStrings() );
     575             :     OUString const * p = permissions.getConstArray();
     576             :     for ( sal_Int32 nPos = 0; nPos < permissions.getLength(); ++nPos )
     577             :     {
     578             :         OString str( OUStringToOString( p[ nPos ], RTL_TEXTENCODING_ASCII_US ) );
     579             :         OSL_TRACE( "%s", str.getStr() );
     580             :     }
     581             :     OSL_TRACE( "> permission dump done" );
     582             : }
     583             : #endif
     584             : 
     585             : 
     586             : 
     587           0 : inline void AccessController::clearPostPoned() SAL_THROW(())
     588             : {
     589           0 :     delete reinterpret_cast< t_rec_vec * >( m_rec.getData() );
     590           0 :     m_rec.setData( 0 );
     591           0 : }
     592             : 
     593           0 : void AccessController::checkAndClearPostPoned() SAL_THROW( (RuntimeException) )
     594             : {
     595             :     // check postponed permissions
     596           0 :     boost::scoped_ptr< t_rec_vec > rec( reinterpret_cast< t_rec_vec * >( m_rec.getData() ) );
     597           0 :     m_rec.setData( 0 ); // takeover ownership
     598             :     OSL_ASSERT( rec.get() );
     599           0 :     if (rec.get())
     600             :     {
     601           0 :         t_rec_vec const & vec = *rec.get();
     602           0 :         switch (m_mode)
     603             :         {
     604             :         case SINGLE_USER:
     605             :         {
     606             :             OSL_ASSERT( m_singleUser_init );
     607           0 :             for ( size_t nPos = 0; nPos < vec.size(); ++nPos )
     608             :             {
     609           0 :                 pair< OUString, Any > const & p = vec[ nPos ];
     610             :                 OSL_ASSERT( m_singleUserId.equals( p.first ) );
     611           0 :                 m_singleUserPermissions.checkPermission( p.second );
     612             :             }
     613           0 :             break;
     614             :         }
     615             :         case SINGLE_DEFAULT_USER:
     616             :         {
     617             :             OSL_ASSERT( m_defaultPerm_init );
     618           0 :             for ( size_t nPos = 0; nPos < vec.size(); ++nPos )
     619             :             {
     620           0 :                 pair< OUString, Any > const & p = vec[ nPos ];
     621             :                 OSL_ASSERT( p.first.isEmpty() ); // default-user
     622           0 :                 m_defaultPermissions.checkPermission( p.second );
     623             :             }
     624           0 :             break;
     625             :         }
     626             :         case ON:
     627             :         {
     628           0 :             for ( size_t nPos = 0; nPos < vec.size(); ++nPos )
     629             :             {
     630           0 :                 pair< OUString, Any > const & p = vec[ nPos ];
     631             :                 PermissionCollection const * pPermissions;
     632             :                 // lookup policy for user
     633             :                 {
     634           0 :                     MutexGuard guard( m_mutex );
     635           0 :                     pPermissions = m_user2permissions.lookup( p.first );
     636             :                 }
     637             :                 OSL_ASSERT( pPermissions );
     638           0 :                 if (pPermissions)
     639             :                 {
     640           0 :                     pPermissions->checkPermission( p.second );
     641             :                 }
     642             :             }
     643           0 :             break;
     644             :         }
     645             :         default:
     646             :             OSL_FAIL( "### this should never be called in this ac mode!" );
     647           0 :             break;
     648             :         }
     649           0 :     }
     650           0 : }
     651             : 
     652             : /** this is the only function calling the policy singleton and thus has to take care
     653             :     of recurring calls!
     654             : 
     655             :     @param demanded_perm (if not empty) is the demanded permission of a checkPermission() call
     656             :                          which will be postponed for recurring calls
     657             : */
     658           0 : PermissionCollection AccessController::getEffectivePermissions(
     659             :     Reference< XCurrentContext > const & xContext,
     660             :     Any const & demanded_perm )
     661             :     SAL_THROW( (RuntimeException) )
     662             : {
     663           0 :     OUString userId;
     664             : 
     665           0 :     switch (m_mode)
     666             :     {
     667             :     case SINGLE_USER:
     668             :     {
     669           0 :         if (m_singleUser_init)
     670           0 :             return m_singleUserPermissions;
     671           0 :         userId = m_singleUserId;
     672           0 :         break;
     673             :     }
     674             :     case SINGLE_DEFAULT_USER:
     675             :     {
     676           0 :         if (m_defaultPerm_init)
     677           0 :             return m_defaultPermissions;
     678           0 :         break;
     679             :     }
     680             :     case ON:
     681             :     {
     682           0 :         if (xContext.is())
     683             :         {
     684           0 :             xContext->getValueByName( USER_CREDS ".id" ) >>= userId;
     685             :         }
     686           0 :         if ( userId.isEmpty() )
     687             :         {
     688             :             throw SecurityException(
     689           0 :                 "cannot determine current user in multi-user ac!", (OWeakObject *)this );
     690             :         }
     691             : 
     692             :         // lookup policy for user
     693           0 :         MutexGuard guard( m_mutex );
     694           0 :         PermissionCollection const * pPermissions = m_user2permissions.lookup( userId );
     695           0 :         if (pPermissions)
     696           0 :             return *pPermissions;
     697           0 :         break;
     698             :     }
     699             :     default:
     700             :         OSL_FAIL( "### this should never be called in this ac mode!" );
     701           0 :         return PermissionCollection();
     702             :     }
     703             : 
     704             :     // call on policy
     705             :     // iff this is a recurring call for the default user, then grant all permissions
     706           0 :     t_rec_vec * rec = reinterpret_cast< t_rec_vec * >( m_rec.getData() );
     707           0 :     if (rec) // tls entry exists => this is recursive call
     708             :     {
     709           0 :         if (demanded_perm.hasValue())
     710             :         {
     711             :             // enqueue
     712           0 :             rec->push_back( pair< OUString, Any >( userId, demanded_perm ) );
     713             :         }
     714             : #ifdef __DIAGNOSE
     715             :         OUStringBuffer buf( 48 );
     716             :         buf.append( "> info: recurring call of user \"" );
     717             :         buf.append( userId );
     718             :         buf.append( "\"" );
     719             :         OString str(
     720             :             OUStringToOString( buf.makeStringAndClear(), RTL_TEXTENCODING_ASCII_US ) );
     721             :         OSL_TRACE( "%s", str.getStr() );
     722             : #endif
     723           0 :         return PermissionCollection( new AllPermission() );
     724             :     }
     725             :     else // no tls
     726             :     {
     727           0 :         rec = new t_rec_vec;
     728           0 :         m_rec.setData( rec );
     729             :     }
     730             : 
     731             :     try // calls on API
     732             :     {
     733             :         // init default permissions
     734           0 :         if (! m_defaultPerm_init)
     735             :         {
     736             :             PermissionCollection defaultPermissions(
     737           0 :                 getPolicy()->getDefaultPermissions() );
     738             :             // assign
     739           0 :             MutexGuard guard( m_mutex );
     740           0 :             if (! m_defaultPerm_init)
     741             :             {
     742           0 :                 m_defaultPermissions = defaultPermissions;
     743           0 :                 m_defaultPerm_init = true;
     744           0 :             }
     745             : #ifdef __DIAGNOSE
     746             :             dumpPermissions( m_defaultPermissions );
     747             : #endif
     748             :         }
     749             : 
     750           0 :         PermissionCollection ret;
     751             : 
     752             :         // init user permissions
     753           0 :         switch (m_mode)
     754             :         {
     755             :         case SINGLE_USER:
     756             :         {
     757           0 :             ret = PermissionCollection(
     758           0 :                 getPolicy()->getPermissions( userId ), m_defaultPermissions );
     759             :             {
     760             :             // assign
     761           0 :             MutexGuard guard( m_mutex );
     762           0 :             if (m_singleUser_init)
     763             :             {
     764           0 :                 ret = m_singleUserPermissions;
     765             :             }
     766             :             else
     767             :             {
     768           0 :                 m_singleUserPermissions = ret;
     769           0 :                 m_singleUser_init = true;
     770           0 :             }
     771             :             }
     772             : #ifdef __DIAGNOSE
     773             :             dumpPermissions( ret, userId );
     774             : #endif
     775           0 :             break;
     776             :         }
     777             :         case SINGLE_DEFAULT_USER:
     778             :         {
     779           0 :             ret = m_defaultPermissions;
     780           0 :             break;
     781             :         }
     782             :         case ON:
     783             :         {
     784           0 :             ret = PermissionCollection(
     785           0 :                 getPolicy()->getPermissions( userId ), m_defaultPermissions );
     786             :             {
     787             :             // cache
     788           0 :             MutexGuard guard( m_mutex );
     789           0 :             m_user2permissions.set( userId, ret );
     790             :             }
     791             : #ifdef __DIAGNOSE
     792             :             dumpPermissions( ret, userId );
     793             : #endif
     794           0 :             break;
     795             :         }
     796             :         default:
     797           0 :             break;
     798             :         }
     799             : 
     800             :         // check postponed
     801           0 :         checkAndClearPostPoned();
     802           0 :         return ret;
     803             :     }
     804           0 :     catch (const security::AccessControlException & exc) // wrapped into DeploymentException
     805             :     {
     806           0 :         clearPostPoned(); // safety: exception could have happened before checking postponed?
     807           0 :         OUStringBuffer buf( 64 );
     808           0 :         buf.append( "deployment error (AccessControlException occurred): " );
     809           0 :         buf.append( exc.Message );
     810           0 :         throw DeploymentException( buf.makeStringAndClear(), exc.Context );
     811             :     }
     812           0 :     catch (RuntimeException &)
     813             :     {
     814             :         // dont check postponed, just cleanup
     815           0 :         clearPostPoned();
     816           0 :         delete reinterpret_cast< t_rec_vec * >( m_rec.getData() );
     817           0 :         m_rec.setData( 0 );
     818           0 :         throw;
     819             :     }
     820           0 :     catch (Exception &)
     821             :     {
     822             :         // check postponed permissions first
     823             :         // => AccessControlExceptions are errors, user exceptions not!
     824           0 :         checkAndClearPostPoned();
     825           0 :         throw;
     826             :     }
     827           0 :     catch (...)
     828             :     {
     829             :         // dont check postponed, just cleanup
     830           0 :         clearPostPoned();
     831           0 :         throw;
     832           0 :     }
     833             : }
     834             : 
     835             : // XAccessController impl
     836             : 
     837           0 : void AccessController::checkPermission(
     838             :     Any const & perm )
     839             :     throw (RuntimeException, std::exception)
     840             : {
     841           0 :     if (rBHelper.bDisposed)
     842             :     {
     843             :         throw lang::DisposedException(
     844           0 :             "checkPermission() call on disposed AccessController!", (OWeakObject *)this );
     845             :     }
     846             : 
     847           0 :     if (OFF == m_mode)
     848           0 :         return;
     849             : 
     850             :     // first dynamic check of ac contexts
     851           0 :     Reference< XCurrentContext > xContext;
     852           0 :     ::uno_getCurrentContext( (void **)&xContext, s_envType.pData, 0 );
     853           0 :     Reference< security::XAccessControlContext > xACC( getDynamicRestriction( xContext ) );
     854           0 :     if (xACC.is())
     855             :     {
     856           0 :         xACC->checkPermission( perm );
     857             :     }
     858             : 
     859           0 :     if (DYNAMIC_ONLY == m_mode)
     860           0 :         return;
     861             : 
     862             :     // then static check
     863           0 :     getEffectivePermissions( xContext, perm ).checkPermission( perm );
     864             : }
     865             : 
     866           0 : Any AccessController::doRestricted(
     867             :     Reference< security::XAction > const & xAction,
     868             :     Reference< security::XAccessControlContext > const & xRestriction )
     869             :     throw (Exception, std::exception)
     870             : {
     871           0 :     if (rBHelper.bDisposed)
     872             :     {
     873             :         throw lang::DisposedException(
     874           0 :             "doRestricted() call on disposed AccessController!", (OWeakObject *)this );
     875             :     }
     876             : 
     877           0 :     if (OFF == m_mode) // optimize this way, because no dynamic check will be performed
     878           0 :         return xAction->run();
     879             : 
     880           0 :     if (xRestriction.is())
     881             :     {
     882           0 :         Reference< XCurrentContext > xContext;
     883           0 :         ::uno_getCurrentContext( (void **)&xContext, s_envType.pData, 0 );
     884             : 
     885             :         // override restriction
     886             :         Reference< XCurrentContext > xNewContext(
     887             :             new acc_CurrentContext( xContext, acc_Intersection::create(
     888           0 :                                         xRestriction, getDynamicRestriction( xContext ) ) ) );
     889           0 :         ::uno_setCurrentContext( xNewContext.get(), s_envType.pData, 0 );
     890           0 :         cc_reset reset( xContext.get() );
     891           0 :         return xAction->run();
     892             :     }
     893             :     else
     894             :     {
     895           0 :         return xAction->run();
     896             :     }
     897             : }
     898             : 
     899           0 : Any AccessController::doPrivileged(
     900             :     Reference< security::XAction > const & xAction,
     901             :     Reference< security::XAccessControlContext > const & xRestriction )
     902             :     throw (Exception, std::exception)
     903             : {
     904           0 :     if (rBHelper.bDisposed)
     905             :     {
     906             :         throw lang::DisposedException(
     907           0 :             "doPrivileged() call on disposed AccessController!", (OWeakObject *)this );
     908             :     }
     909             : 
     910           0 :     if (OFF == m_mode) // no dynamic check will be performed
     911             :     {
     912           0 :         return xAction->run();
     913             :     }
     914             : 
     915           0 :     Reference< XCurrentContext > xContext;
     916           0 :     ::uno_getCurrentContext( (void **)&xContext, s_envType.pData, 0 );
     917             : 
     918             :     Reference< security::XAccessControlContext > xOldRestr(
     919           0 :         getDynamicRestriction( xContext ) );
     920             : 
     921           0 :     if (xOldRestr.is()) // previous restriction
     922             :     {
     923             :         // override restriction
     924             :         Reference< XCurrentContext > xNewContext(
     925           0 :             new acc_CurrentContext( xContext, acc_Union::create( xRestriction, xOldRestr ) ) );
     926           0 :         ::uno_setCurrentContext( xNewContext.get(), s_envType.pData, 0 );
     927           0 :         cc_reset reset( xContext.get() );
     928           0 :         return xAction->run();
     929             :     }
     930             :     else // no previous restriction => never current restriction
     931             :     {
     932           0 :         return xAction->run();
     933           0 :     }
     934             : }
     935             : 
     936           0 : Reference< security::XAccessControlContext > AccessController::getContext()
     937             :     throw (RuntimeException, std::exception)
     938             : {
     939           0 :     if (rBHelper.bDisposed)
     940             :     {
     941             :         throw lang::DisposedException(
     942           0 :             "getContext() call on disposed AccessController!", (OWeakObject *)this );
     943             :     }
     944             : 
     945           0 :     if (OFF == m_mode) // optimize this way, because no dynamic check will be performed
     946             :     {
     947           0 :         return new acc_Policy( PermissionCollection( new AllPermission() ) );
     948             :     }
     949             : 
     950           0 :     Reference< XCurrentContext > xContext;
     951           0 :     ::uno_getCurrentContext( (void **)&xContext, s_envType.pData, 0 );
     952             : 
     953             :     return acc_Intersection::create(
     954             :         getDynamicRestriction( xContext ),
     955           0 :         new acc_Policy( getEffectivePermissions( xContext, Any() ) ) );
     956             : }
     957             : 
     958             : // XServiceInfo impl
     959             : 
     960           0 : OUString AccessController::getImplementationName()
     961             :     throw (RuntimeException, std::exception)
     962             : {
     963           0 :     return OUString("com.sun.star.security.comp.stoc.AccessController");
     964             : }
     965             : 
     966           0 : sal_Bool AccessController::supportsService( OUString const & serviceName )
     967             :     throw (RuntimeException, std::exception)
     968             : {
     969           0 :     return cppu::supportsService(this, serviceName);
     970             : }
     971             : 
     972           0 : Sequence< OUString > AccessController::getSupportedServiceNames()
     973             :     throw (RuntimeException, std::exception)
     974             : {
     975           0 :     Sequence< OUString > aSNS( 1 );
     976           0 :     aSNS[0] = OUString(SERVICE_NAME);
     977           0 :     return aSNS;
     978             : }
     979             : 
     980             : }
     981             : 
     982             : extern "C" SAL_DLLPUBLIC_EXPORT css::uno::XInterface * SAL_CALL
     983           0 : com_sun_star_security_comp_stoc_AccessController_get_implementation(
     984             :     css::uno::XComponentContext *context,
     985             :     css::uno::Sequence<css::uno::Any> const &)
     986             : {
     987           0 :     return cppu::acquire(new AccessController(context));
     988           0 : }
     989             : 
     990             : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

Generated by: LCOV version 1.10