1 /**************************************************************
2 *
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements. See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership. The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License. You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied. See the License for the
17 * specific language governing permissions and limitations
18 * under the License.
19 *
20 *************************************************************/
21
22
23
24 // MARKER(update_precomp.py): autogen include statement, do not remove
25 #include "precompiled_stoc.hxx"
26
27 #include <vector>
28 #include <memory>
29
30 #include <osl/diagnose.h>
31 #include <osl/interlck.h>
32 #include <osl/mutex.hxx>
33 #include <osl/thread.hxx>
34
35 #include <rtl/ustrbuf.hxx>
36 #include <rtl/string.hxx>
37
38 #include <uno/current_context.h>
39
40 #include <cppuhelper/implbase1.hxx>
41 #include <cppuhelper/compbase3.hxx>
42 #include <cppuhelper/factory.hxx>
43 #include <cppuhelper/implementationentry.hxx>
44
45 #include <com/sun/star/uno/XCurrentContext.hpp>
46 #include <com/sun/star/uno/DeploymentException.hpp>
47 #include <com/sun/star/lang/DisposedException.hpp>
48 #include <com/sun/star/lang/XComponent.hpp>
49 #include <com/sun/star/lang/XServiceInfo.hpp>
50 #include <com/sun/star/lang/XInitialization.hpp>
51 #include <com/sun/star/security/XAccessController.hpp>
52 #include <com/sun/star/security/XPolicy.hpp>
53
54 #include "lru_cache.h"
55 #include "permissions.h"
56
57 #define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) )
58 #define SERVICE_NAME "com.sun.star.security.AccessController"
59 #define IMPL_NAME "com.sun.star.security.comp.stoc.AccessController"
60 #define USER_CREDS "access-control.user-credentials"
61
62
63 using namespace ::std;
64 using namespace ::osl;
65 using namespace ::cppu;
66 using namespace ::com::sun::star;
67 using namespace ::com::sun::star::uno;
68 using ::rtl::OUString;
69 using ::rtl::OUStringBuffer;
70 using ::rtl::OString;
71
72 extern ::rtl_StandardModuleCount g_moduleCount;
73
74 namespace stoc_sec
75 {
76 // static stuff initialized when loading lib
77 static OUString s_envType = OUSTR(CPPU_CURRENT_LANGUAGE_BINDING_NAME);
78 static OUString s_implName = OUSTR(IMPL_NAME);
79 static OUString s_serviceName = OUSTR(SERVICE_NAME);
80 static OUString s_acRestriction = OUSTR("access-control.restriction");
81
82 static Sequence< OUString > s_serviceNames = Sequence< OUString >( &s_serviceName, 1 );
83
84 //##################################################################################################
85
86 /** ac context intersects permissions of two ac contexts
87 */
88 class acc_Intersection
89 : public WeakImplHelper1< security::XAccessControlContext >
90 {
91 Reference< security::XAccessControlContext > m_x1, m_x2;
92
93 inline acc_Intersection(
94 Reference< security::XAccessControlContext > const & x1,
95 Reference< security::XAccessControlContext > const & x2 )
96 SAL_THROW( () );
97
98 public:
99 virtual ~acc_Intersection()
100 SAL_THROW( () );
101
102 static inline Reference< security::XAccessControlContext > create(
103 Reference< security::XAccessControlContext > const & x1,
104 Reference< security::XAccessControlContext > const & x2 )
105 SAL_THROW( () );
106
107 // XAccessControlContext impl
108 virtual void SAL_CALL checkPermission(
109 Any const & perm )
110 throw (RuntimeException);
111 };
112 //__________________________________________________________________________________________________
acc_Intersection(Reference<security::XAccessControlContext> const & x1,Reference<security::XAccessControlContext> const & x2)113 inline acc_Intersection::acc_Intersection(
114 Reference< security::XAccessControlContext > const & x1,
115 Reference< security::XAccessControlContext > const & x2 )
116 SAL_THROW( () )
117 : m_x1( x1 )
118 , m_x2( x2 )
119 {
120 g_moduleCount.modCnt.acquire( &g_moduleCount.modCnt );
121 }
122 //__________________________________________________________________________________________________
~acc_Intersection()123 acc_Intersection::~acc_Intersection()
124 SAL_THROW( () )
125 {
126 g_moduleCount.modCnt.release( &g_moduleCount.modCnt );
127 }
128 //--------------------------------------------------------------------------------------------------
create(Reference<security::XAccessControlContext> const & x1,Reference<security::XAccessControlContext> const & x2)129 inline Reference< security::XAccessControlContext > acc_Intersection::create(
130 Reference< security::XAccessControlContext > const & x1,
131 Reference< security::XAccessControlContext > const & x2 )
132 SAL_THROW( () )
133 {
134 if (! x1.is())
135 return x2;
136 if (! x2.is())
137 return x1;
138 return new acc_Intersection( x1, x2 );
139 }
140 //__________________________________________________________________________________________________
checkPermission(Any const & perm)141 void acc_Intersection::checkPermission(
142 Any const & perm )
143 throw (RuntimeException)
144 {
145 m_x1->checkPermission( perm );
146 m_x2->checkPermission( perm );
147 }
148
149 /** ac context unifies permissions of two ac contexts
150 */
151 class acc_Union
152 : public WeakImplHelper1< security::XAccessControlContext >
153 {
154 Reference< security::XAccessControlContext > m_x1, m_x2;
155
156 inline acc_Union(
157 Reference< security::XAccessControlContext > const & x1,
158 Reference< security::XAccessControlContext > const & x2 )
159 SAL_THROW( () );
160
161 public:
162 virtual ~acc_Union()
163 SAL_THROW( () );
164
165 static inline Reference< security::XAccessControlContext > create(
166 Reference< security::XAccessControlContext > const & x1,
167 Reference< security::XAccessControlContext > const & x2 )
168 SAL_THROW( () );
169
170 // XAccessControlContext impl
171 virtual void SAL_CALL checkPermission(
172 Any const & perm )
173 throw (RuntimeException);
174 };
175 //__________________________________________________________________________________________________
acc_Union(Reference<security::XAccessControlContext> const & x1,Reference<security::XAccessControlContext> const & x2)176 inline acc_Union::acc_Union(
177 Reference< security::XAccessControlContext > const & x1,
178 Reference< security::XAccessControlContext > const & x2 )
179 SAL_THROW( () )
180 : m_x1( x1 )
181 , m_x2( x2 )
182 {
183 g_moduleCount.modCnt.acquire( &g_moduleCount.modCnt );
184 }
185 //__________________________________________________________________________________________________
~acc_Union()186 acc_Union::~acc_Union()
187 SAL_THROW( () )
188 {
189 g_moduleCount.modCnt.release( &g_moduleCount.modCnt );
190 }
191 //--------------------------------------------------------------------------------------------------
create(Reference<security::XAccessControlContext> const & x1,Reference<security::XAccessControlContext> const & x2)192 inline Reference< security::XAccessControlContext > acc_Union::create(
193 Reference< security::XAccessControlContext > const & x1,
194 Reference< security::XAccessControlContext > const & x2 )
195 SAL_THROW( () )
196 {
197 if (! x1.is())
198 return Reference< security::XAccessControlContext >(); // unrestricted
199 if (! x2.is())
200 return Reference< security::XAccessControlContext >(); // unrestricted
201 return new acc_Union( x1, x2 );
202 }
203 //__________________________________________________________________________________________________
checkPermission(Any const & perm)204 void acc_Union::checkPermission(
205 Any const & perm )
206 throw (RuntimeException)
207 {
208 try
209 {
210 m_x1->checkPermission( perm );
211 }
212 catch (security::AccessControlException &)
213 {
214 m_x2->checkPermission( perm );
215 }
216 }
217
218 /** ac context doing permission checks on static permissions
219 */
220 class acc_Policy
221 : public WeakImplHelper1< security::XAccessControlContext >
222 {
223 PermissionCollection m_permissions;
224
225 public:
226 inline acc_Policy(
227 PermissionCollection const & permissions )
228 SAL_THROW( () );
229 virtual ~acc_Policy()
230 SAL_THROW( () );
231
232 // XAccessControlContext impl
233 virtual void SAL_CALL checkPermission(
234 Any const & perm )
235 throw (RuntimeException);
236 };
237 //__________________________________________________________________________________________________
acc_Policy(PermissionCollection const & permissions)238 inline acc_Policy::acc_Policy(
239 PermissionCollection const & permissions )
240 SAL_THROW( () )
241 : m_permissions( permissions )
242 {
243 g_moduleCount.modCnt.acquire( &g_moduleCount.modCnt );
244 }
245 //__________________________________________________________________________________________________
~acc_Policy()246 acc_Policy::~acc_Policy()
247 SAL_THROW( () )
248 {
249 g_moduleCount.modCnt.release( &g_moduleCount.modCnt );
250 }
251 //__________________________________________________________________________________________________
checkPermission(Any const & perm)252 void acc_Policy::checkPermission(
253 Any const & perm )
254 throw (RuntimeException)
255 {
256 m_permissions.checkPermission( perm );
257 }
258
259 /** current context overriding dynamic ac restriction
260 */
261 class acc_CurrentContext
262 : public ImplHelper1< XCurrentContext >
263 {
264 oslInterlockedCount m_refcount;
265
266 Reference< XCurrentContext > m_xDelegate;
267 Any m_restriction;
268
269 public:
270 inline acc_CurrentContext(
271 Reference< XCurrentContext > const & xDelegate,
272 Reference< security::XAccessControlContext > const & xRestriction )
273 SAL_THROW( () );
274 virtual ~acc_CurrentContext() SAL_THROW( () );
275
276 // XInterface impl
277 virtual void SAL_CALL acquire()
278 throw ();
279 virtual void SAL_CALL release()
280 throw ();
281
282 // XCurrentContext impl
283 virtual Any SAL_CALL getValueByName( OUString const & name )
284 throw (RuntimeException);
285 };
286 //__________________________________________________________________________________________________
acc_CurrentContext(Reference<XCurrentContext> const & xDelegate,Reference<security::XAccessControlContext> const & xRestriction)287 inline acc_CurrentContext::acc_CurrentContext(
288 Reference< XCurrentContext > const & xDelegate,
289 Reference< security::XAccessControlContext > const & xRestriction )
290 SAL_THROW( () )
291 : m_refcount( 0 )
292 , m_xDelegate( xDelegate )
293 {
294 g_moduleCount.modCnt.acquire( &g_moduleCount.modCnt );
295
296 if (xRestriction.is())
297 {
298 m_restriction = makeAny( xRestriction );
299 }
300 // return empty any otherwise on getValueByName(), not null interface
301 }
302 //__________________________________________________________________________________________________
~acc_CurrentContext()303 acc_CurrentContext::~acc_CurrentContext()
304 SAL_THROW( () )
305 {
306 g_moduleCount.modCnt.release( &g_moduleCount.modCnt );
307 }
308 //__________________________________________________________________________________________________
acquire()309 void acc_CurrentContext::acquire()
310 throw ()
311 {
312 ::osl_incrementInterlockedCount( &m_refcount );
313 }
314 //__________________________________________________________________________________________________
release()315 void acc_CurrentContext::release()
316 throw ()
317 {
318 if (! ::osl_decrementInterlockedCount( &m_refcount ))
319 {
320 delete this;
321 }
322 }
323 //__________________________________________________________________________________________________
getValueByName(OUString const & name)324 Any acc_CurrentContext::getValueByName( OUString const & name )
325 throw (RuntimeException)
326 {
327 if (name.equals( s_acRestriction ))
328 {
329 return m_restriction;
330 }
331 else if (m_xDelegate.is())
332 {
333 return m_xDelegate->getValueByName( name );
334 }
335 else
336 {
337 return Any();
338 }
339 }
340
341 //##################################################################################################
342
343 //--------------------------------------------------------------------------------------------------
dispose(Reference<XInterface> const & x)344 static inline void dispose( Reference< XInterface > const & x )
345 SAL_THROW( (RuntimeException) )
346 {
347 Reference< lang::XComponent > xComp( x, UNO_QUERY );
348 if (xComp.is())
349 {
350 xComp->dispose();
351 }
352 }
353 //--------------------------------------------------------------------------------------------------
getDynamicRestriction(Reference<XCurrentContext> const & xContext)354 static inline Reference< security::XAccessControlContext > getDynamicRestriction(
355 Reference< XCurrentContext > const & xContext )
356 SAL_THROW( (RuntimeException) )
357 {
358 if (xContext.is())
359 {
360 Any acc( xContext->getValueByName( s_acRestriction ) );
361 if (typelib_TypeClass_INTERFACE == acc.pType->eTypeClass)
362 {
363 // avoid ref-counting
364 OUString const & typeName =
365 *reinterpret_cast< OUString const * >( &acc.pType->pTypeName );
366 if (typeName.equalsAsciiL(
367 RTL_CONSTASCII_STRINGPARAM("com.sun.star.security.XAccessControlContext") ))
368 {
369 return Reference< security::XAccessControlContext >(
370 *reinterpret_cast< security::XAccessControlContext ** const >( acc.pData ) );
371 }
372 else // try to query
373 {
374 return Reference< security::XAccessControlContext >::query(
375 *reinterpret_cast< XInterface ** const >( acc.pData ) );
376 }
377 }
378 }
379 return Reference< security::XAccessControlContext >();
380 }
381 //==================================================================================================
382 class cc_reset
383 {
384 void * m_cc;
385 public:
386 inline cc_reset( void * cc ) SAL_THROW( () )
387 : m_cc( cc ) {}
388 inline ~cc_reset() SAL_THROW( () )
389 { ::uno_setCurrentContext( m_cc, s_envType.pData, 0 ); }
390 };
391
392 //##################################################################################################
393
394 struct MutexHolder
395 {
396 Mutex m_mutex;
397 };
398 typedef WeakComponentImplHelper3<
399 security::XAccessController, lang::XServiceInfo, lang::XInitialization > t_helper;
400
401 //==================================================================================================
402 class AccessController
403 : public MutexHolder
404 , public t_helper
405 {
406 Reference< XComponentContext > m_xComponentContext;
407
408 Reference< security::XPolicy > m_xPolicy;
409 Reference< security::XPolicy > const & getPolicy()
410 SAL_THROW( (RuntimeException) );
411
412 // mode
413 enum Mode { OFF, ON, DYNAMIC_ONLY, SINGLE_USER, SINGLE_DEFAULT_USER } m_mode;
414
415 PermissionCollection m_defaultPermissions;
416 // for single-user mode
417 PermissionCollection m_singleUserPermissions;
418 OUString m_singleUserId;
419 bool m_defaultPerm_init;
420 bool m_singleUser_init;
421 // for multi-user mode
422 lru_cache< OUString, PermissionCollection, ::rtl::OUStringHash, equal_to< OUString > >
423 m_user2permissions;
424
425 ThreadData m_rec;
426 typedef vector< pair< OUString, Any > > t_rec_vec;
427 inline void clearPostPoned() SAL_THROW( () );
428 void checkAndClearPostPoned() SAL_THROW( (RuntimeException) );
429
430 PermissionCollection getEffectivePermissions(
431 Reference< XCurrentContext > const & xContext,
432 Any const & demanded_perm )
433 SAL_THROW( (RuntimeException) );
434
435 protected:
436 virtual void SAL_CALL disposing();
437
438 public:
439 AccessController( Reference< XComponentContext > const & xComponentContext )
440 SAL_THROW( (RuntimeException) );
441 virtual ~AccessController()
442 SAL_THROW( () );
443
444 // XInitialization impl
445 virtual void SAL_CALL initialize(
446 Sequence< Any > const & arguments )
447 throw (Exception);
448
449 // XAccessController impl
450 virtual void SAL_CALL checkPermission(
451 Any const & perm )
452 throw (RuntimeException);
453 virtual Any SAL_CALL doRestricted(
454 Reference< security::XAction > const & xAction,
455 Reference< security::XAccessControlContext > const & xRestriction )
456 throw (Exception);
457 virtual Any SAL_CALL doPrivileged(
458 Reference< security::XAction > const & xAction,
459 Reference< security::XAccessControlContext > const & xRestriction )
460 throw (Exception);
461 virtual Reference< security::XAccessControlContext > SAL_CALL getContext()
462 throw (RuntimeException);
463
464 // XServiceInfo impl
465 virtual OUString SAL_CALL getImplementationName()
466 throw (RuntimeException);
467 virtual sal_Bool SAL_CALL supportsService( OUString const & serviceName )
468 throw (RuntimeException);
469 virtual Sequence< OUString > SAL_CALL getSupportedServiceNames()
470 throw (RuntimeException);
471 };
472 //__________________________________________________________________________________________________
AccessController(Reference<XComponentContext> const & xComponentContext)473 AccessController::AccessController( Reference< XComponentContext > const & xComponentContext )
474 SAL_THROW( (RuntimeException) )
475 : t_helper( m_mutex )
476 , m_xComponentContext( xComponentContext )
477 , m_mode( ON ) // default
478 , m_defaultPerm_init( false )
479 , m_singleUser_init( false )
480 , m_rec( 0 )
481 {
482 g_moduleCount.modCnt.acquire( &g_moduleCount.modCnt );
483
484 OUString mode;
485 if (m_xComponentContext->getValueByName( OUSTR("/services/" SERVICE_NAME "/mode") ) >>= mode)
486 {
487 if (mode.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM("off") ))
488 {
489 m_mode = OFF;
490 }
491 else if (mode.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM("on") ))
492 {
493 m_mode = ON;
494 }
495 else if (mode.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM("dynamic-only") ))
496 {
497 m_mode = DYNAMIC_ONLY;
498 }
499 else if (mode.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM("single-user") ))
500 {
501 m_xComponentContext->getValueByName(
502 OUSTR("/services/" SERVICE_NAME "/single-user-id") ) >>= m_singleUserId;
503 if (! m_singleUserId.getLength())
504 {
505 throw RuntimeException(
506 OUSTR("expected a user id in component context entry "
507 "\"/services/" SERVICE_NAME "/single-user-id\"!"),
508 (OWeakObject *)this );
509 }
510 m_mode = SINGLE_USER;
511 }
512 else if (mode.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM("single-default-user") ))
513 {
514 m_mode = SINGLE_DEFAULT_USER;
515 }
516 }
517
518 // switch on caching for DYNAMIC_ONLY and ON (sharable multi-user process)
519 if (ON == m_mode || DYNAMIC_ONLY == m_mode)
520 {
521 sal_Int32 cacheSize = 0; // multi-user cache size
522 if (! (m_xComponentContext->getValueByName(
523 OUSTR("/services/" SERVICE_NAME "/user-cache-size") ) >>= cacheSize))
524 {
525 cacheSize = 128; // reasonable default?
526 }
527 #ifdef __CACHE_DIAGNOSE
528 cacheSize = 2;
529 #endif
530 m_user2permissions.setSize( cacheSize );
531 }
532 }
533 //__________________________________________________________________________________________________
~AccessController()534 AccessController::~AccessController()
535 SAL_THROW( () )
536 {
537 g_moduleCount.modCnt.release( &g_moduleCount.modCnt );
538 }
539 //__________________________________________________________________________________________________
disposing()540 void AccessController::disposing()
541 {
542 m_mode = OFF; // avoid checks from now on xxx todo review/ better DYNAMIC_ONLY?
543 m_xPolicy.clear();
544 m_xComponentContext.clear();
545 }
546
547 // XInitialization impl
548 //__________________________________________________________________________________________________
initialize(Sequence<Any> const & arguments)549 void AccessController::initialize(
550 Sequence< Any > const & arguments )
551 throw (Exception)
552 {
553 // xxx todo: review for forking
554 // portal forking hack: re-initialize for another user-id
555 if (SINGLE_USER != m_mode) // only if in single-user mode
556 {
557 throw RuntimeException(
558 OUSTR("invalid call: ac must be in \"single-user\" mode!"), (OWeakObject *)this );
559 }
560 OUString userId;
561 arguments[ 0 ] >>= userId;
562 if (! userId.getLength())
563 {
564 throw RuntimeException(
565 OUSTR("expected a user-id as first argument!"), (OWeakObject *)this );
566 }
567 // assured that no sync is necessary: no check happens at this forking time
568 m_singleUserId = userId;
569 m_singleUser_init = false;
570 }
571
572 //__________________________________________________________________________________________________
getPolicy()573 Reference< security::XPolicy > const & AccessController::getPolicy()
574 SAL_THROW( (RuntimeException) )
575 {
576 // get policy singleton
577 if (! m_xPolicy.is())
578 {
579 Reference< security::XPolicy > xPolicy;
580 m_xComponentContext->getValueByName(
581 OUSTR("/singletons/com.sun.star.security.thePolicy") ) >>= xPolicy;
582 if (xPolicy.is())
583 {
584 MutexGuard guard( m_mutex );
585 if (! m_xPolicy.is())
586 {
587 m_xPolicy = xPolicy;
588 }
589 }
590 else
591 {
592 throw SecurityException(
593 OUSTR("cannot get policy singleton!"), (OWeakObject *)this );
594 }
595 }
596 return m_xPolicy;
597 }
598
599 #ifdef __DIAGNOSE
dumpPermissions(PermissionCollection const & collection,OUString const & userId=OUString ())600 static void dumpPermissions(
601 PermissionCollection const & collection, OUString const & userId = OUString() ) SAL_THROW( () )
602 {
603 OUStringBuffer buf( 48 );
604 if (userId.getLength())
605 {
606 buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("> dumping permissions of user \"") );
607 buf.append( userId );
608 buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("\":") );
609 }
610 else
611 {
612 buf.appendAscii(
613 RTL_CONSTASCII_STRINGPARAM("> dumping default permissions:") );
614 }
615 OString str( ::rtl::OUStringToOString( buf.makeStringAndClear(), RTL_TEXTENCODING_ASCII_US ) );
616 OSL_TRACE( str.getStr() );
617 Sequence< OUString > permissions( collection.toStrings() );
618 OUString const * p = permissions.getConstArray();
619 for ( sal_Int32 nPos = 0; nPos < permissions.getLength(); ++nPos )
620 {
621 OString str( ::rtl::OUStringToOString( p[ nPos ], RTL_TEXTENCODING_ASCII_US ) );
622 OSL_TRACE( str.getStr() );
623 }
624 OSL_TRACE( "> permission dump done" );
625 }
626 #endif
627
628
629 //__________________________________________________________________________________________________
clearPostPoned()630 inline void AccessController::clearPostPoned() SAL_THROW( () )
631 {
632 delete reinterpret_cast< t_rec_vec * >( m_rec.getData() );
633 m_rec.setData( 0 );
634 }
635 //__________________________________________________________________________________________________
checkAndClearPostPoned()636 void AccessController::checkAndClearPostPoned() SAL_THROW( (RuntimeException) )
637 {
638 // check postponed permissions
639 auto_ptr< t_rec_vec > rec( reinterpret_cast< t_rec_vec * >( m_rec.getData() ) );
640 m_rec.setData( 0 ); // takeover ownership
641 OSL_ASSERT( rec.get() );
642 if (rec.get())
643 {
644 t_rec_vec const & vec = *rec.get();
645 switch (m_mode)
646 {
647 case SINGLE_USER:
648 {
649 OSL_ASSERT( m_singleUser_init );
650 for ( size_t nPos = 0; nPos < vec.size(); ++nPos )
651 {
652 pair< OUString, Any > const & p = vec[ nPos ];
653 OSL_ASSERT( m_singleUserId.equals( p.first ) );
654 m_singleUserPermissions.checkPermission( p.second );
655 }
656 break;
657 }
658 case SINGLE_DEFAULT_USER:
659 {
660 OSL_ASSERT( m_defaultPerm_init );
661 for ( size_t nPos = 0; nPos < vec.size(); ++nPos )
662 {
663 pair< OUString, Any > const & p = vec[ nPos ];
664 OSL_ASSERT( !p.first.getLength() ); // default-user
665 m_defaultPermissions.checkPermission( p.second );
666 }
667 break;
668 }
669 case ON:
670 {
671 for ( size_t nPos = 0; nPos < vec.size(); ++nPos )
672 {
673 pair< OUString, Any > const & p = vec[ nPos ];
674 PermissionCollection const * pPermissions;
675 // lookup policy for user
676 {
677 MutexGuard guard( m_mutex );
678 pPermissions = m_user2permissions.lookup( p.first );
679 }
680 OSL_ASSERT( pPermissions );
681 if (pPermissions)
682 {
683 pPermissions->checkPermission( p.second );
684 }
685 }
686 break;
687 }
688 default:
689 OSL_ENSURE( 0, "### this should never be called in this ac mode!" );
690 break;
691 }
692 }
693 }
694 //__________________________________________________________________________________________________
695 /** this is the only function calling the policy singleton and thus has to take care
696 of recurring calls!
697
698 @param demanded_perm (if not empty) is the demanded permission of a checkPermission() call
699 which will be postponed for recurring calls
700 */
getEffectivePermissions(Reference<XCurrentContext> const & xContext,Any const & demanded_perm)701 PermissionCollection AccessController::getEffectivePermissions(
702 Reference< XCurrentContext > const & xContext,
703 Any const & demanded_perm )
704 SAL_THROW( (RuntimeException) )
705 {
706 OUString userId;
707
708 switch (m_mode)
709 {
710 case SINGLE_USER:
711 {
712 if (m_singleUser_init)
713 return m_singleUserPermissions;
714 userId = m_singleUserId;
715 break;
716 }
717 case SINGLE_DEFAULT_USER:
718 {
719 if (m_defaultPerm_init)
720 return m_defaultPermissions;
721 break;
722 }
723 case ON:
724 {
725 if (xContext.is())
726 {
727 xContext->getValueByName( OUSTR(USER_CREDS ".id") ) >>= userId;
728 }
729 if (! userId.getLength())
730 {
731 throw SecurityException(
732 OUSTR("cannot determine current user in multi-user ac!"), (OWeakObject *)this );
733 }
734
735 // lookup policy for user
736 MutexGuard guard( m_mutex );
737 PermissionCollection const * pPermissions = m_user2permissions.lookup( userId );
738 if (pPermissions)
739 return *pPermissions;
740 break;
741 }
742 default:
743 OSL_ENSURE( 0, "### this should never be called in this ac mode!" );
744 return PermissionCollection();
745 }
746
747 // call on policy
748 // iff this is a recurring call for the default user, then grant all permissions
749 t_rec_vec * rec = reinterpret_cast< t_rec_vec * >( m_rec.getData() );
750 if (rec) // tls entry exists => this is recursive call
751 {
752 if (demanded_perm.hasValue())
753 {
754 // enqueue
755 rec->push_back( pair< OUString, Any >( userId, demanded_perm ) );
756 }
757 #ifdef __DIAGNOSE
758 OUStringBuffer buf( 48 );
759 buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("> info: recurring call of user \"") );
760 buf.append( userId );
761 buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("\"") );
762 OString str(
763 ::rtl::OUStringToOString( buf.makeStringAndClear(), RTL_TEXTENCODING_ASCII_US ) );
764 OSL_TRACE( str.getStr() );
765 #endif
766 return PermissionCollection( new AllPermission() );
767 }
768 else // no tls
769 {
770 rec = new t_rec_vec;
771 m_rec.setData( rec );
772 }
773
774 try // calls on API
775 {
776 // init default permissions
777 if (! m_defaultPerm_init)
778 {
779 PermissionCollection defaultPermissions(
780 getPolicy()->getDefaultPermissions() );
781 // assign
782 MutexGuard guard( m_mutex );
783 if (! m_defaultPerm_init)
784 {
785 m_defaultPermissions = defaultPermissions;
786 m_defaultPerm_init = true;
787 }
788 #ifdef __DIAGNOSE
789 dumpPermissions( m_defaultPermissions );
790 #endif
791 }
792
793 PermissionCollection ret;
794
795 // init user permissions
796 switch (m_mode)
797 {
798 case SINGLE_USER:
799 {
800 ret = PermissionCollection(
801 getPolicy()->getPermissions( userId ), m_defaultPermissions );
802 {
803 // assign
804 MutexGuard guard( m_mutex );
805 if (m_singleUser_init)
806 {
807 ret = m_singleUserPermissions;
808 }
809 else
810 {
811 m_singleUserPermissions = ret;
812 m_singleUser_init = true;
813 }
814 }
815 #ifdef __DIAGNOSE
816 dumpPermissions( ret, userId );
817 #endif
818 break;
819 }
820 case SINGLE_DEFAULT_USER:
821 {
822 ret = m_defaultPermissions;
823 break;
824 }
825 case ON:
826 {
827 ret = PermissionCollection(
828 getPolicy()->getPermissions( userId ), m_defaultPermissions );
829 {
830 // cache
831 MutexGuard guard( m_mutex );
832 m_user2permissions.set( userId, ret );
833 }
834 #ifdef __DIAGNOSE
835 dumpPermissions( ret, userId );
836 #endif
837 break;
838 }
839 default:
840 break;
841 }
842
843 // check postponed
844 checkAndClearPostPoned();
845 return ret;
846 }
847 catch (security::AccessControlException & exc) // wrapped into DeploymentException
848 {
849 clearPostPoned(); // safety: exception could have happened before checking postponed?
850 OUStringBuffer buf( 64 );
851 buf.appendAscii(
852 RTL_CONSTASCII_STRINGPARAM("deployment error (AccessControlException occured): ") );
853 buf.append( exc.Message );
854 throw DeploymentException( buf.makeStringAndClear(), exc.Context );
855 }
856 catch (RuntimeException &)
857 {
858 // dont check postponed, just cleanup
859 clearPostPoned();
860 delete reinterpret_cast< t_rec_vec * >( m_rec.getData() );
861 m_rec.setData( 0 );
862 throw;
863 }
864 catch (Exception &)
865 {
866 // check postponed permissions first
867 // => AccessControlExceptions are errors, user exceptions not!
868 checkAndClearPostPoned();
869 throw;
870 }
871 catch (...)
872 {
873 // dont check postponed, just cleanup
874 clearPostPoned();
875 throw;
876 }
877 }
878
879 // XAccessController impl
880 //__________________________________________________________________________________________________
checkPermission(Any const & perm)881 void AccessController::checkPermission(
882 Any const & perm )
883 throw (RuntimeException)
884 {
885 if (rBHelper.bDisposed)
886 {
887 throw lang::DisposedException(
888 OUSTR("checkPermission() call on disposed AccessController!"), (OWeakObject *)this );
889 }
890
891 if (OFF == m_mode)
892 return;
893
894 // first dynamic check of ac contexts
895 Reference< XCurrentContext > xContext;
896 ::uno_getCurrentContext( (void **)&xContext, s_envType.pData, 0 );
897 Reference< security::XAccessControlContext > xACC( getDynamicRestriction( xContext ) );
898 if (xACC.is())
899 {
900 xACC->checkPermission( perm );
901 }
902
903 if (DYNAMIC_ONLY == m_mode)
904 return;
905
906 // then static check
907 getEffectivePermissions( xContext, perm ).checkPermission( perm );
908 }
909 //__________________________________________________________________________________________________
doRestricted(Reference<security::XAction> const & xAction,Reference<security::XAccessControlContext> const & xRestriction)910 Any AccessController::doRestricted(
911 Reference< security::XAction > const & xAction,
912 Reference< security::XAccessControlContext > const & xRestriction )
913 throw (Exception)
914 {
915 if (rBHelper.bDisposed)
916 {
917 throw lang::DisposedException(
918 OUSTR("doRestricted() call on disposed AccessController!"), (OWeakObject *)this );
919 }
920
921 if (OFF == m_mode) // optimize this way, because no dynamic check will be performed
922 return xAction->run();
923
924 if (xRestriction.is())
925 {
926 Reference< XCurrentContext > xContext;
927 ::uno_getCurrentContext( (void **)&xContext, s_envType.pData, 0 );
928
929 // override restriction
930 Reference< XCurrentContext > xNewContext(
931 new acc_CurrentContext( xContext, acc_Intersection::create(
932 xRestriction, getDynamicRestriction( xContext ) ) ) );
933 ::uno_setCurrentContext( xNewContext.get(), s_envType.pData, 0 );
934 cc_reset reset( xContext.get() );
935 return xAction->run();
936 }
937 else
938 {
939 return xAction->run();
940 }
941 }
942 //__________________________________________________________________________________________________
doPrivileged(Reference<security::XAction> const & xAction,Reference<security::XAccessControlContext> const & xRestriction)943 Any AccessController::doPrivileged(
944 Reference< security::XAction > const & xAction,
945 Reference< security::XAccessControlContext > const & xRestriction )
946 throw (Exception)
947 {
948 if (rBHelper.bDisposed)
949 {
950 throw lang::DisposedException(
951 OUSTR("doPrivileged() call on disposed AccessController!"), (OWeakObject *)this );
952 }
953
954 if (OFF == m_mode) // no dynamic check will be performed
955 {
956 return xAction->run();
957 }
958
959 Reference< XCurrentContext > xContext;
960 ::uno_getCurrentContext( (void **)&xContext, s_envType.pData, 0 );
961
962 Reference< security::XAccessControlContext > xOldRestr(
963 getDynamicRestriction( xContext ) );
964
965 if (xOldRestr.is()) // previous restriction
966 {
967 // override restriction
968 Reference< XCurrentContext > xNewContext(
969 new acc_CurrentContext( xContext, acc_Union::create( xRestriction, xOldRestr ) ) );
970 ::uno_setCurrentContext( xNewContext.get(), s_envType.pData, 0 );
971 cc_reset reset( xContext.get() );
972 return xAction->run();
973 }
974 else // no previous restriction => never current restriction
975 {
976 return xAction->run();
977 }
978 }
979 //__________________________________________________________________________________________________
getContext()980 Reference< security::XAccessControlContext > AccessController::getContext()
981 throw (RuntimeException)
982 {
983 if (rBHelper.bDisposed)
984 {
985 throw lang::DisposedException(
986 OUSTR("getContext() call on disposed AccessController!"), (OWeakObject *)this );
987 }
988
989 if (OFF == m_mode) // optimize this way, because no dynamic check will be performed
990 {
991 return new acc_Policy( PermissionCollection( new AllPermission() ) );
992 }
993
994 Reference< XCurrentContext > xContext;
995 ::uno_getCurrentContext( (void **)&xContext, s_envType.pData, 0 );
996
997 return acc_Intersection::create(
998 getDynamicRestriction( xContext ),
999 new acc_Policy( getEffectivePermissions( xContext, Any() ) ) );
1000 }
1001
1002 // XServiceInfo impl
1003 //__________________________________________________________________________________________________
getImplementationName()1004 OUString AccessController::getImplementationName()
1005 throw (RuntimeException)
1006 {
1007 return s_implName;
1008 }
1009 //__________________________________________________________________________________________________
supportsService(OUString const & serviceName)1010 sal_Bool AccessController::supportsService( OUString const & serviceName )
1011 throw (RuntimeException)
1012 {
1013 OUString const * pNames = s_serviceNames.getConstArray();
1014 for ( sal_Int32 nPos = s_serviceNames.getLength(); nPos--; )
1015 {
1016 if (serviceName.equals( pNames[ nPos ] ))
1017 {
1018 return sal_True;
1019 }
1020 }
1021 return sal_False;
1022 }
1023 //__________________________________________________________________________________________________
getSupportedServiceNames()1024 Sequence< OUString > AccessController::getSupportedServiceNames()
1025 throw (RuntimeException)
1026 {
1027 return s_serviceNames;
1028 }
1029 }
1030 //##################################################################################################
1031 namespace stoc_bootstrap {
1032 //--------------------------------------------------------------------------------------------------
ac_create(Reference<XComponentContext> const & xComponentContext)1033 Reference< XInterface > SAL_CALL ac_create(
1034 Reference< XComponentContext > const & xComponentContext )
1035 SAL_THROW( (Exception) )
1036 {
1037 return (OWeakObject *)new stoc_sec::AccessController( xComponentContext );
1038 }
1039 //--------------------------------------------------------------------------------------------------
ac_getSupportedServiceNames()1040 Sequence< OUString > ac_getSupportedServiceNames() SAL_THROW( () )
1041 {
1042 return stoc_sec::s_serviceNames;
1043 }
1044 //--------------------------------------------------------------------------------------------------
ac_getImplementationName()1045 OUString ac_getImplementationName() SAL_THROW( () )
1046 {
1047 return stoc_sec::s_implName;
1048 }
1049 //--------------------------------------------------------------------------------------------------
1050 Reference< XInterface > SAL_CALL filepolicy_create(
1051 Reference< XComponentContext > const & xComponentContext )
1052 SAL_THROW( (Exception) );
1053 //--------------------------------------------------------------------------------------------------
1054 Sequence< OUString > filepolicy_getSupportedServiceNames() SAL_THROW( () );
1055 //--------------------------------------------------------------------------------------------------
1056 OUString filepolicy_getImplementationName() SAL_THROW( () );
1057 }
1058