Leosac  0.8.0
Open Source Access Control
RemoteControlSecurity.cpp
Go to the documentation of this file.
1 /*
2  Copyright (C) 2014-2016 Leosac
3 
4  This file is part of Leosac.
5 
6  Leosac is free software: you can redistribute it and/or modify
7  it under the terms of the GNU Affero General Public License as published by
8  the Free Software Foundation, either version 3 of the License, or
9  (at your option) any later version.
10 
11  Leosac is distributed in the hope that it will be useful,
12  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  GNU Affero General Public License for more details.
15 
16  You should have received a copy of the GNU Affero General Public License
17  along with this program. If not, see <http://www.gnu.org/licenses/>.
18 */
19 
21 #include "tools/log.hpp"
22 #include <boost/algorithm/string/join.hpp>
23 
24 using namespace Leosac;
25 
26 RemoteControlSecurity::RemoteControlSecurity(const boost::property_tree::ptree &cfg)
27  : cfg_(cfg)
28  , unrestricted_(false)
29 {
31 }
32 
34 {
35  const auto &security_details = cfg_.get_child_optional("security");
36 
37  if (security_details)
38  {
39  for (const auto &entry : (*security_details))
40  {
41  assert(entry.first == "map");
42  process_security_entry(entry.second);
43  }
44  }
45  else
46  unrestricted_ = true;
47 }
48 
49 bool RemoteControlSecurity::allow_request(const std::string &user_pubkey,
50  const std::string &req)
51 {
52  if (unrestricted_)
53  return true;
54 
55  if (default_permissions_.count(user_pubkey) == 0 ||
56  permissions_.count(user_pubkey) == 0)
57  {
58  WARN("Received command from "
59  << user_pubkey
60  << " but no permission information for this user. Denying.");
61  return false;
62  }
63 
64  const auto &cmds = permissions_[user_pubkey];
65  if (default_permissions_[user_pubkey]) // check cmd is not explicitly denied
66  return std::find(cmds.begin(), cmds.end(), req) == cmds.end();
67  else
68  return std::find(cmds.begin(), cmds.end(), req) != cmds.end();
69 }
70 
72  const boost::property_tree::ptree &entry)
73 {
74  const std::string &pk = entry.get<std::string>("pk");
75  bool default_access = entry.get<bool>("default", false);
76 
77  default_permissions_[pk] = default_access;
78  // all child of entry, except "pk" and "default" are command name.
79  for (const auto &c : entry)
80  {
81  if (c.first == "pk" || c.first == "default")
82  continue;
83  std::string cmd_name = c.first;
84  bool allowed = c.second.get_value<bool>();
85 
86  // if user has default access granted, and this command is granted too,
87  // we do not store it, because we store only denied command.
88  if (default_access != allowed)
89  permissions_[pk].push_back(cmd_name);
90  }
91 
92  INFO("Processed configuration for remote user. \n\t "
93  << "Public key: " << pk << "\n\t "
94  << "Default permission: " << default_access << "\n\t "
95  << (default_access ? "Disabled command: " : "Enabled commands: ")
96  << boost::algorithm::join(permissions_[pk], ", "));
97 }
Leosac::RemoteControlSecurity::RemoteControlSecurity
RemoteControlSecurity(const boost::property_tree::ptree &cfg)
The config tree is the same tree that the RemoteControl object has.
Definition: RemoteControlSecurity.cpp:26
WARN
@ WARN
Definition: log.hpp:33
Leosac::RemoteControlSecurity::allow_request
bool allow_request(const std::string &user_pubkey, const std::string &req)
Definition: RemoteControlSecurity.cpp:49
INFO
@ INFO
Definition: log.hpp:34
Leosac::RemoteControlSecurity::permissions_
KeyCommandsMap permissions_
Definition: RemoteControlSecurity.hpp:74
Leosac
This is the header file for a generated source file, GitSHA1.cpp.
Definition: APIStatusCode.hpp:22
Leosac::RemoteControlSecurity::process_security_entry
void process_security_entry(const boost::property_tree::ptree &)
Process one <map> entry.
Definition: RemoteControlSecurity.cpp:71
Leosac::RemoteControlSecurity::unrestricted_
bool unrestricted_
If everyone has access to everything.
Definition: RemoteControlSecurity.hpp:79
Leosac::RemoteControlSecurity::process_config
void process_config()
Definition: RemoteControlSecurity.cpp:33
Leosac::RemoteControlSecurity::cfg_
boost::property_tree::ptree cfg_
Definition: RemoteControlSecurity.hpp:71
RemoteControlSecurity.hpp
log.hpp
Leosac::RemoteControlSecurity::default_permissions_
std::unordered_map< std::string, bool > default_permissions_
Definition: RemoteControlSecurity.hpp:73