2002-01-25 08:30:07 +00:00
|
|
|
/*************************************************************************
|
|
|
|
|
*
|
|
|
|
|
* $RCSfile: access_controller.cxx,v $
|
|
|
|
|
*
|
2002-03-04 16:43:21 +00:00
|
|
|
* $Revision: 1.2 $
|
2002-01-25 08:30:07 +00:00
|
|
|
*
|
2002-03-04 16:43:21 +00:00
|
|
|
* last change: $Author: dbo $ $Date: 2002-03-04 17:43:21 $
|
2002-01-25 08:30:07 +00:00
|
|
|
*
|
|
|
|
|
* The Contents of this file are made available subject to the terms of
|
|
|
|
|
* either of the following licenses
|
|
|
|
|
*
|
|
|
|
|
* - GNU Lesser General Public License Version 2.1
|
|
|
|
|
* - Sun Industry Standards Source License Version 1.1
|
|
|
|
|
*
|
|
|
|
|
* Sun Microsystems Inc., October, 2000
|
|
|
|
|
*
|
|
|
|
|
* GNU Lesser General Public License Version 2.1
|
|
|
|
|
* =============================================
|
|
|
|
|
* Copyright 2000 by Sun Microsystems, Inc.
|
|
|
|
|
* 901 San Antonio Road, Palo Alto, CA 94303, USA
|
|
|
|
|
*
|
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
|
* License version 2.1, as published by the Free Software Foundation.
|
|
|
|
|
*
|
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston,
|
|
|
|
|
* MA 02111-1307 USA
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* Sun Industry Standards Source License Version 1.1
|
|
|
|
|
* =================================================
|
|
|
|
|
* The contents of this file are subject to the Sun Industry Standards
|
|
|
|
|
* Source License Version 1.1 (the "License"); You may not use this file
|
|
|
|
|
* except in compliance with the License. You may obtain a copy of the
|
|
|
|
|
* License at http://www.openoffice.org/license.html.
|
|
|
|
|
*
|
|
|
|
|
* Software provided under this License is provided on an "AS IS" basis,
|
|
|
|
|
* WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
|
|
|
|
|
* WITHOUT LIMITATION, WARRANTIES THAT THE SOFTWARE IS FREE OF DEFECTS,
|
|
|
|
|
* MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE, OR NON-INFRINGING.
|
|
|
|
|
* See the License for the specific provisions governing your rights and
|
|
|
|
|
* obligations concerning the Software.
|
|
|
|
|
*
|
|
|
|
|
* The Initial Developer of the Original Code is: Sun Microsystems, Inc.
|
|
|
|
|
*
|
|
|
|
|
* Copyright: 2000 by Sun Microsystems, Inc.
|
|
|
|
|
*
|
|
|
|
|
* All Rights Reserved.
|
|
|
|
|
*
|
|
|
|
|
* Contributor(s): _______________________________________
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
************************************************************************/
|
|
|
|
|
|
|
|
|
|
#include <hash_set>
|
|
|
|
|
|
|
|
|
|
#include <osl/diagnose.h>
|
|
|
|
|
#include <osl/interlck.h>
|
2002-03-04 16:43:21 +00:00
|
|
|
#include <osl/mutex.hxx>
|
2002-01-25 08:30:07 +00:00
|
|
|
#include <osl/thread.hxx>
|
2002-03-04 16:43:21 +00:00
|
|
|
|
2002-01-25 08:30:07 +00:00
|
|
|
#include <rtl/ustrbuf.hxx>
|
2002-03-04 16:43:21 +00:00
|
|
|
#include <rtl/string.hxx>
|
|
|
|
|
|
2002-01-25 08:30:07 +00:00
|
|
|
#include <uno/current_context.h>
|
|
|
|
|
|
|
|
|
|
#include <cppuhelper/implbase1.hxx>
|
|
|
|
|
#include <cppuhelper/compbase3.hxx>
|
|
|
|
|
#include <cppuhelper/factory.hxx>
|
|
|
|
|
#include <cppuhelper/implementationentry.hxx>
|
|
|
|
|
|
|
|
|
|
#include <com/sun/star/uno/XCurrentContext.hpp>
|
|
|
|
|
#include <com/sun/star/lang/XComponent.hpp>
|
|
|
|
|
#include <com/sun/star/lang/XServiceInfo.hpp>
|
|
|
|
|
#include <com/sun/star/lang/XInitialization.hpp>
|
|
|
|
|
#include <com/sun/star/security/XAccessController.hpp>
|
|
|
|
|
#include <com/sun/star/security/XPolicy.hpp>
|
2002-03-04 16:43:21 +00:00
|
|
|
|
|
|
|
|
#include "lru_cache.h"
|
|
|
|
|
#include "permissions.h"
|
2002-01-25 08:30:07 +00:00
|
|
|
|
|
|
|
|
#define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) )
|
|
|
|
|
#define SERVICE_NAME "com.sun.star.security.AccessController"
|
|
|
|
|
#define IMPL_NAME "com.sun.star.security.comp.stoc.AccessController"
|
|
|
|
|
#define USER_CREDS "access-control.user-credentials"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
using namespace ::std;
|
|
|
|
|
using namespace ::osl;
|
|
|
|
|
using namespace ::cppu;
|
|
|
|
|
using namespace ::com::sun::star;
|
|
|
|
|
using namespace ::com::sun::star::uno;
|
2002-03-04 16:43:21 +00:00
|
|
|
using ::rtl::OUString;
|
|
|
|
|
using ::rtl::OUStringBuffer;
|
|
|
|
|
using ::rtl::OString;
|
2002-01-25 08:30:07 +00:00
|
|
|
|
2002-03-04 16:43:21 +00:00
|
|
|
namespace stoc_sec
|
2002-01-25 08:30:07 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
|
|
// static stuff initialized when loading lib
|
|
|
|
|
static OUString s_envType = OUSTR(CPPU_CURRENT_LANGUAGE_BINDING_NAME);
|
|
|
|
|
static OUString s_implName = OUSTR(IMPL_NAME);
|
|
|
|
|
static OUString s_serviceName = OUSTR(SERVICE_NAME);
|
|
|
|
|
static OUString s_acRestriction = OUSTR("access-control.restriction");
|
|
|
|
|
|
|
|
|
|
static Sequence< OUString > s_serviceNames = Sequence< OUString >( &s_serviceName, 1 );
|
2002-03-04 16:43:21 +00:00
|
|
|
::rtl_StandardModuleCount s_moduleCount = MODULE_COUNT_INIT;
|
2002-01-25 08:30:07 +00:00
|
|
|
|
|
|
|
|
//##################################################################################################
|
|
|
|
|
|
|
|
|
|
/** ac context combiner combining two ac contexts
|
|
|
|
|
*/
|
|
|
|
|
class acc_Combiner
|
|
|
|
|
: public WeakImplHelper1< security::XAccessControlContext >
|
|
|
|
|
{
|
|
|
|
|
Reference< security::XAccessControlContext > m_x1, m_x2;
|
|
|
|
|
|
|
|
|
|
inline acc_Combiner(
|
|
|
|
|
Reference< security::XAccessControlContext > const & x1,
|
|
|
|
|
Reference< security::XAccessControlContext > const & x2 )
|
|
|
|
|
SAL_THROW( () );
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
virtual ~acc_Combiner()
|
|
|
|
|
SAL_THROW( () );
|
|
|
|
|
|
|
|
|
|
static inline Reference< security::XAccessControlContext > create(
|
|
|
|
|
Reference< security::XAccessControlContext > const & x1,
|
|
|
|
|
Reference< security::XAccessControlContext > const & x2 )
|
|
|
|
|
SAL_THROW( () );
|
|
|
|
|
|
|
|
|
|
// XAccessControlContext impl
|
|
|
|
|
virtual void SAL_CALL checkPermission(
|
|
|
|
|
Any const & perm )
|
|
|
|
|
throw (RuntimeException);
|
|
|
|
|
};
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
inline acc_Combiner::acc_Combiner(
|
|
|
|
|
Reference< security::XAccessControlContext > const & x1,
|
|
|
|
|
Reference< security::XAccessControlContext > const & x2 )
|
|
|
|
|
SAL_THROW( () )
|
|
|
|
|
: m_x1( x1 )
|
|
|
|
|
, m_x2( x2 )
|
|
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
s_moduleCount.modCnt.acquire( &s_moduleCount.modCnt );
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
acc_Combiner::~acc_Combiner()
|
|
|
|
|
SAL_THROW( () )
|
|
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
s_moduleCount.modCnt.release( &s_moduleCount.modCnt );
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
//--------------------------------------------------------------------------------------------------
|
|
|
|
|
inline Reference< security::XAccessControlContext > acc_Combiner::create(
|
|
|
|
|
Reference< security::XAccessControlContext > const & x1,
|
|
|
|
|
Reference< security::XAccessControlContext > const & x2 )
|
|
|
|
|
SAL_THROW( () )
|
|
|
|
|
{
|
|
|
|
|
if (! x1.is())
|
|
|
|
|
return x2;
|
|
|
|
|
if (! x2.is())
|
|
|
|
|
return x1;
|
|
|
|
|
return new acc_Combiner( x1, x2 );
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
void acc_Combiner::checkPermission(
|
|
|
|
|
Any const & perm )
|
|
|
|
|
throw (RuntimeException)
|
|
|
|
|
{
|
|
|
|
|
m_x1->checkPermission( perm );
|
|
|
|
|
m_x2->checkPermission( perm );
|
|
|
|
|
}
|
|
|
|
|
|
2002-03-04 16:43:21 +00:00
|
|
|
/** ac context doing permission checks on static permissions
|
2002-01-25 08:30:07 +00:00
|
|
|
*/
|
2002-03-04 16:43:21 +00:00
|
|
|
class acc_Policy
|
2002-01-25 08:30:07 +00:00
|
|
|
: public WeakImplHelper1< security::XAccessControlContext >
|
|
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
PermissionCollection m_permissions;
|
2002-01-25 08:30:07 +00:00
|
|
|
|
|
|
|
|
public:
|
2002-03-04 16:43:21 +00:00
|
|
|
inline acc_Policy(
|
|
|
|
|
PermissionCollection const & permissions )
|
|
|
|
|
SAL_THROW( () );
|
|
|
|
|
virtual ~acc_Policy()
|
|
|
|
|
SAL_THROW( () );
|
2002-01-25 08:30:07 +00:00
|
|
|
|
|
|
|
|
// XAccessControlContext impl
|
|
|
|
|
virtual void SAL_CALL checkPermission(
|
|
|
|
|
Any const & perm )
|
|
|
|
|
throw (RuntimeException);
|
|
|
|
|
};
|
|
|
|
|
//__________________________________________________________________________________________________
|
2002-03-04 16:43:21 +00:00
|
|
|
inline acc_Policy::acc_Policy(
|
|
|
|
|
PermissionCollection const & permissions )
|
|
|
|
|
SAL_THROW( () )
|
|
|
|
|
: m_permissions( permissions )
|
|
|
|
|
{
|
|
|
|
|
s_moduleCount.modCnt.acquire( &s_moduleCount.modCnt );
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
acc_Policy::~acc_Policy()
|
|
|
|
|
SAL_THROW( () )
|
|
|
|
|
{
|
|
|
|
|
s_moduleCount.modCnt.release( &s_moduleCount.modCnt );
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
void acc_Policy::checkPermission(
|
2002-01-25 08:30:07 +00:00
|
|
|
Any const & perm )
|
|
|
|
|
throw (RuntimeException)
|
|
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
m_permissions.checkPermission( perm );
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** current context overriding dynamic ac restriction
|
|
|
|
|
*/
|
|
|
|
|
class acc_CurrentContext
|
|
|
|
|
: public ImplHelper1< XCurrentContext >
|
|
|
|
|
{
|
|
|
|
|
oslInterlockedCount m_refcount;
|
|
|
|
|
|
|
|
|
|
Reference< XCurrentContext > m_xDelegate;
|
|
|
|
|
Any m_restriction;
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
inline acc_CurrentContext(
|
|
|
|
|
Reference< XCurrentContext > const & xDelegate,
|
|
|
|
|
Reference< security::XAccessControlContext > const & xRestriction )
|
|
|
|
|
SAL_THROW( () );
|
|
|
|
|
virtual ~acc_CurrentContext() SAL_THROW( () );
|
|
|
|
|
|
|
|
|
|
// XInterface impl
|
|
|
|
|
virtual void SAL_CALL acquire()
|
|
|
|
|
throw ();
|
|
|
|
|
virtual void SAL_CALL release()
|
|
|
|
|
throw ();
|
|
|
|
|
|
|
|
|
|
// XCurrentContext impl
|
|
|
|
|
virtual Any SAL_CALL getValueByName( OUString const & name )
|
|
|
|
|
throw (RuntimeException);
|
|
|
|
|
};
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
inline acc_CurrentContext::acc_CurrentContext(
|
|
|
|
|
Reference< XCurrentContext > const & xDelegate,
|
|
|
|
|
Reference< security::XAccessControlContext > const & xRestriction )
|
|
|
|
|
SAL_THROW( () )
|
|
|
|
|
: m_refcount( 0 )
|
|
|
|
|
, m_xDelegate( xDelegate )
|
|
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
s_moduleCount.modCnt.acquire( &s_moduleCount.modCnt );
|
2002-01-25 08:30:07 +00:00
|
|
|
|
|
|
|
|
if (xRestriction.is())
|
|
|
|
|
{
|
|
|
|
|
m_restriction = makeAny( xRestriction );
|
|
|
|
|
}
|
|
|
|
|
// return empty any otherwise on getValueByName(), not null interface
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
acc_CurrentContext::~acc_CurrentContext()
|
|
|
|
|
SAL_THROW( () )
|
|
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
s_moduleCount.modCnt.release( &s_moduleCount.modCnt );
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
void acc_CurrentContext::acquire()
|
|
|
|
|
throw ()
|
|
|
|
|
{
|
|
|
|
|
::osl_incrementInterlockedCount( &m_refcount );
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
void acc_CurrentContext::release()
|
|
|
|
|
throw ()
|
|
|
|
|
{
|
|
|
|
|
if (! ::osl_decrementInterlockedCount( &m_refcount ))
|
|
|
|
|
{
|
|
|
|
|
delete this;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
Any acc_CurrentContext::getValueByName( OUString const & name )
|
|
|
|
|
throw (RuntimeException)
|
|
|
|
|
{
|
|
|
|
|
if (name.equals( s_acRestriction ))
|
|
|
|
|
{
|
|
|
|
|
return m_restriction;
|
|
|
|
|
}
|
|
|
|
|
else if (m_xDelegate.is())
|
|
|
|
|
{
|
|
|
|
|
return m_xDelegate->getValueByName( name );
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
return Any();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//##################################################################################################
|
|
|
|
|
|
|
|
|
|
//--------------------------------------------------------------------------------------------------
|
|
|
|
|
static inline void dispose( Reference< XInterface > const & x )
|
|
|
|
|
SAL_THROW( (RuntimeException) )
|
|
|
|
|
{
|
|
|
|
|
Reference< lang::XComponent > xComp( x, UNO_QUERY );
|
|
|
|
|
if (xComp.is())
|
|
|
|
|
{
|
|
|
|
|
xComp->dispose();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
//--------------------------------------------------------------------------------------------------
|
|
|
|
|
static inline Reference< security::XAccessControlContext > getDynamicRestriction(
|
|
|
|
|
Reference< XCurrentContext > const & xContext )
|
|
|
|
|
SAL_THROW( (RuntimeException) )
|
|
|
|
|
{
|
|
|
|
|
Any acc( xContext->getValueByName( s_acRestriction ) );
|
|
|
|
|
if (typelib_TypeClass_INTERFACE == acc.pType->eTypeClass)
|
|
|
|
|
{
|
|
|
|
|
// avoid ref-counting
|
|
|
|
|
OUString const & typeName =
|
|
|
|
|
*reinterpret_cast< OUString const * >( &acc.pType->pTypeName );
|
|
|
|
|
if (typeName.equalsAsciiL(
|
|
|
|
|
RTL_CONSTASCII_STRINGPARAM("com.sun.star.security.XAccessControlContext") ))
|
|
|
|
|
{
|
|
|
|
|
return Reference< security::XAccessControlContext >(
|
|
|
|
|
*reinterpret_cast< security::XAccessControlContext ** const >( acc.pData ) );
|
|
|
|
|
}
|
|
|
|
|
else // try to query
|
|
|
|
|
{
|
|
|
|
|
return Reference< security::XAccessControlContext >::query(
|
|
|
|
|
*reinterpret_cast< XInterface ** const >( acc.pData ) );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return Reference< security::XAccessControlContext >();
|
|
|
|
|
}
|
|
|
|
|
//==================================================================================================
|
|
|
|
|
class cc_reset
|
|
|
|
|
{
|
|
|
|
|
void * m_cc;
|
|
|
|
|
public:
|
|
|
|
|
inline cc_reset( void * cc ) SAL_THROW( () )
|
|
|
|
|
: m_cc( cc ) {}
|
|
|
|
|
inline ~cc_reset() SAL_THROW( () )
|
|
|
|
|
{ ::uno_setCurrentContext( m_cc, s_envType.pData, 0 ); }
|
|
|
|
|
};
|
|
|
|
|
//==================================================================================================
|
|
|
|
|
class RecursionCheck : public ThreadData
|
|
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
typedef hash_set< OUString, ::rtl::OUStringHash > t_set;
|
2002-01-25 08:30:07 +00:00
|
|
|
static void SAL_CALL destroyKeyData( void * );
|
|
|
|
|
|
|
|
|
|
inline t_set * getData() SAL_THROW( () )
|
|
|
|
|
{ return reinterpret_cast< t_set * >( ThreadData::getData() ); }
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
inline RecursionCheck() SAL_THROW( () )
|
|
|
|
|
: ThreadData( (oslThreadKeyCallbackFunction)destroyKeyData )
|
|
|
|
|
{}
|
|
|
|
|
|
|
|
|
|
bool isRecurring( OUString const & userId ) SAL_THROW( () );
|
|
|
|
|
void mark( OUString const & userId ) SAL_THROW( () );
|
|
|
|
|
void unmark( OUString const & userId ) SAL_THROW( () );
|
|
|
|
|
};
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
void RecursionCheck::destroyKeyData( void * p )
|
|
|
|
|
{
|
|
|
|
|
delete reinterpret_cast< t_set * >( p );
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
bool RecursionCheck::isRecurring( OUString const & userId ) SAL_THROW( () )
|
|
|
|
|
{
|
|
|
|
|
t_set const * s = getData();
|
|
|
|
|
if (s)
|
|
|
|
|
{
|
|
|
|
|
t_set::const_iterator const iFind( s->find( userId ) );
|
2002-03-04 16:43:21 +00:00
|
|
|
bool ret= (iFind != s->end());
|
|
|
|
|
#ifdef __DIAGNOSE
|
|
|
|
|
if (ret)
|
|
|
|
|
{
|
|
|
|
|
OUStringBuffer buf( 48 );
|
|
|
|
|
buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("> info: recurring call of user \"") );
|
|
|
|
|
buf.append( userId );
|
|
|
|
|
buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("\"") );
|
|
|
|
|
OString str( ::rtl::OUStringToOString(
|
|
|
|
|
buf.makeStringAndClear(), RTL_TEXTENCODING_ASCII_US ) );
|
|
|
|
|
OSL_TRACE( str.getStr() );
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
return ret;
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
inline void RecursionCheck::mark( OUString const & userId ) SAL_THROW( () )
|
|
|
|
|
{
|
|
|
|
|
t_set * s = getData();
|
|
|
|
|
if (s)
|
|
|
|
|
{
|
|
|
|
|
s->insert( userId );
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
t_set * s = new t_set();
|
|
|
|
|
s->insert( userId );
|
|
|
|
|
setData( s );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
inline void RecursionCheck::unmark( OUString const & userId ) SAL_THROW( () )
|
|
|
|
|
{
|
|
|
|
|
t_set * s = getData();
|
|
|
|
|
if (s)
|
|
|
|
|
{
|
|
|
|
|
s->erase( userId );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
//==================================================================================================
|
|
|
|
|
class RecursionMarkGuard
|
|
|
|
|
{
|
|
|
|
|
RecursionCheck & m_rec_check;
|
|
|
|
|
OUString const & m_userId;
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
inline RecursionMarkGuard( RecursionCheck & rec_check, OUString const & userId ) SAL_THROW( () )
|
|
|
|
|
: m_rec_check( rec_check )
|
|
|
|
|
, m_userId( userId )
|
|
|
|
|
{ m_rec_check.mark( m_userId ); }
|
|
|
|
|
inline ~RecursionMarkGuard() SAL_THROW( () )
|
|
|
|
|
{ m_rec_check.unmark( m_userId ); }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
//##################################################################################################
|
|
|
|
|
|
|
|
|
|
struct MutexHolder
|
|
|
|
|
{
|
|
|
|
|
Mutex m_mutex;
|
|
|
|
|
};
|
|
|
|
|
typedef WeakComponentImplHelper3<
|
|
|
|
|
security::XAccessController, lang::XServiceInfo, lang::XInitialization > t_helper;
|
|
|
|
|
|
|
|
|
|
//==================================================================================================
|
|
|
|
|
class AccessController
|
|
|
|
|
: public MutexHolder
|
|
|
|
|
, public t_helper
|
|
|
|
|
{
|
|
|
|
|
Reference< XComponentContext > m_xComponentContext;
|
|
|
|
|
|
|
|
|
|
RecursionCheck m_rec_check;
|
|
|
|
|
|
|
|
|
|
Reference< security::XPolicy > m_xPolicy;
|
|
|
|
|
Reference< security::XPolicy > const & getPolicy()
|
|
|
|
|
SAL_THROW( (RuntimeException) );
|
|
|
|
|
|
|
|
|
|
// mode
|
|
|
|
|
enum { OFF, ON, DYNAMIC_ONLY, SINGLE_USER, SINGLE_DEFAULT_USER } m_mode;
|
|
|
|
|
|
2002-03-04 16:43:21 +00:00
|
|
|
PermissionCollection m_defaultUserPermissions;
|
2002-01-25 08:30:07 +00:00
|
|
|
// for single-user mode
|
2002-03-04 16:43:21 +00:00
|
|
|
PermissionCollection m_singleUserPermissions;
|
2002-01-25 08:30:07 +00:00
|
|
|
OUString m_singleUserId;
|
2002-03-04 16:43:21 +00:00
|
|
|
bool m_defaultUser_init;
|
2002-01-25 08:30:07 +00:00
|
|
|
bool m_singleUser_init;
|
2002-03-04 16:43:21 +00:00
|
|
|
// for multi-user mode
|
|
|
|
|
lru_cache< OUString, PermissionCollection, ::rtl::OUStringHash, equal_to< OUString > >
|
|
|
|
|
m_user2permissions;
|
2002-01-25 08:30:07 +00:00
|
|
|
|
2002-03-04 16:43:21 +00:00
|
|
|
PermissionCollection getEffectivePermissions(
|
2002-01-25 08:30:07 +00:00
|
|
|
Reference< XCurrentContext > const & xContext )
|
|
|
|
|
SAL_THROW( (RuntimeException) );
|
|
|
|
|
|
|
|
|
|
protected:
|
|
|
|
|
virtual void SAL_CALL disposing();
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
AccessController( Reference< XComponentContext > const & xComponentContext )
|
2002-03-04 16:43:21 +00:00
|
|
|
SAL_THROW( (RuntimeException) );
|
2002-01-25 08:30:07 +00:00
|
|
|
virtual ~AccessController()
|
|
|
|
|
SAL_THROW( () );
|
|
|
|
|
|
|
|
|
|
// XInitialization impl
|
|
|
|
|
virtual void SAL_CALL initialize(
|
|
|
|
|
Sequence< Any > const & arguments )
|
|
|
|
|
throw (Exception);
|
|
|
|
|
|
|
|
|
|
// XAccessController impl
|
|
|
|
|
virtual void SAL_CALL checkPermission(
|
|
|
|
|
Any const & perm )
|
|
|
|
|
throw (RuntimeException);
|
|
|
|
|
virtual Any SAL_CALL doRestricted(
|
|
|
|
|
Reference< security::XAction > const & xAction,
|
|
|
|
|
Reference< security::XAccessControlContext > const & xRestriction )
|
|
|
|
|
throw (Exception);
|
|
|
|
|
virtual Any SAL_CALL doPrivileged(
|
|
|
|
|
Reference< security::XAction > const & xAction,
|
|
|
|
|
Reference< security::XAccessControlContext > const & xRestriction )
|
|
|
|
|
throw (Exception);
|
|
|
|
|
virtual Reference< security::XAccessControlContext > SAL_CALL getContext()
|
|
|
|
|
throw (RuntimeException);
|
|
|
|
|
|
|
|
|
|
// XServiceInfo impl
|
|
|
|
|
virtual OUString SAL_CALL getImplementationName()
|
|
|
|
|
throw (RuntimeException);
|
|
|
|
|
virtual sal_Bool SAL_CALL supportsService( OUString const & serviceName )
|
|
|
|
|
throw (RuntimeException);
|
|
|
|
|
virtual Sequence< OUString > SAL_CALL getSupportedServiceNames()
|
|
|
|
|
throw (RuntimeException);
|
|
|
|
|
};
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
AccessController::AccessController( Reference< XComponentContext > const & xComponentContext )
|
2002-03-04 16:43:21 +00:00
|
|
|
SAL_THROW( (RuntimeException) )
|
2002-01-25 08:30:07 +00:00
|
|
|
: t_helper( m_mutex )
|
|
|
|
|
, m_xComponentContext( xComponentContext )
|
|
|
|
|
, m_mode( ON ) // default
|
2002-03-04 16:43:21 +00:00
|
|
|
, m_defaultUser_init( false )
|
2002-01-25 08:30:07 +00:00
|
|
|
, m_singleUser_init( false )
|
|
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
s_moduleCount.modCnt.acquire( &s_moduleCount.modCnt );
|
2002-01-25 08:30:07 +00:00
|
|
|
|
|
|
|
|
OUString mode;
|
|
|
|
|
if (m_xComponentContext->getValueByName( OUSTR("/services/" SERVICE_NAME "/mode") ) >>= mode)
|
|
|
|
|
{
|
|
|
|
|
if (mode.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM("off") ))
|
|
|
|
|
{
|
|
|
|
|
m_mode = OFF;
|
|
|
|
|
}
|
|
|
|
|
else if (mode.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM("on") ))
|
|
|
|
|
{
|
|
|
|
|
m_mode = ON;
|
|
|
|
|
}
|
|
|
|
|
else if (mode.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM("dynamic-only") ))
|
|
|
|
|
{
|
|
|
|
|
m_mode = DYNAMIC_ONLY;
|
|
|
|
|
}
|
|
|
|
|
else if (mode.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM("single-user") ))
|
|
|
|
|
{
|
|
|
|
|
m_xComponentContext->getValueByName(
|
|
|
|
|
OUSTR("/services/" SERVICE_NAME "/single-user-id") ) >>= m_singleUserId;
|
|
|
|
|
if (! m_singleUserId.getLength())
|
|
|
|
|
{
|
|
|
|
|
throw RuntimeException(
|
|
|
|
|
OUSTR("expected a user id in component context entry "
|
|
|
|
|
"\"/services/" SERVICE_NAME "/single-user-id\"!"),
|
|
|
|
|
(OWeakObject *)this );
|
|
|
|
|
}
|
|
|
|
|
m_mode = SINGLE_USER;
|
|
|
|
|
}
|
|
|
|
|
else if (mode.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM("single-default-user") ))
|
|
|
|
|
{
|
|
|
|
|
m_mode = SINGLE_DEFAULT_USER;
|
|
|
|
|
}
|
|
|
|
|
}
|
2002-03-04 16:43:21 +00:00
|
|
|
|
|
|
|
|
// switch on caching for DYNAMIC_ONLY and ON (sharable multi-user process)
|
|
|
|
|
if (ON == m_mode || DYNAMIC_ONLY == m_mode)
|
|
|
|
|
{
|
|
|
|
|
sal_Int32 cacheSize; // multi-user cache size
|
|
|
|
|
if (! (m_xComponentContext->getValueByName(
|
|
|
|
|
OUSTR("/services/" SERVICE_NAME "/user-cache-size") ) >>= cacheSize))
|
|
|
|
|
{
|
|
|
|
|
cacheSize = 128; // reasonable default?
|
|
|
|
|
}
|
|
|
|
|
#ifdef __CACHE_DIAGNOSE
|
|
|
|
|
cacheSize = 2;
|
|
|
|
|
#endif
|
|
|
|
|
m_user2permissions.setSize( cacheSize );
|
|
|
|
|
}
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
AccessController::~AccessController()
|
|
|
|
|
SAL_THROW( () )
|
|
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
s_moduleCount.modCnt.release( &s_moduleCount.modCnt );
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
void AccessController::disposing()
|
|
|
|
|
{
|
|
|
|
|
m_mode = OFF; // avoid checks from now on xxx todo review/ better DYNAMIC_ONLY?
|
|
|
|
|
m_xPolicy.clear();
|
|
|
|
|
m_xComponentContext.clear();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// XInitialization impl
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
void AccessController::initialize(
|
|
|
|
|
Sequence< Any > const & arguments )
|
|
|
|
|
throw (Exception)
|
|
|
|
|
{
|
|
|
|
|
// xxx todo: review for forking
|
|
|
|
|
// portal forking hack: re-initialize for another user-id
|
|
|
|
|
if (SINGLE_USER != m_mode) // only if in single-user mode
|
|
|
|
|
{
|
|
|
|
|
throw RuntimeException(
|
|
|
|
|
OUSTR("invalid call: ac must be in \"single-user\" mode!"), (OWeakObject *)this );
|
|
|
|
|
}
|
|
|
|
|
OUString userId;
|
|
|
|
|
arguments[ 0 ] >>= userId;
|
|
|
|
|
if (! userId.getLength())
|
|
|
|
|
{
|
|
|
|
|
throw RuntimeException(
|
|
|
|
|
OUSTR("expected a user-id as first argument!"), (OWeakObject *)this );
|
|
|
|
|
}
|
|
|
|
|
// assured that no sync is necessary: no check happens at this forking time
|
|
|
|
|
m_singleUserId = userId;
|
|
|
|
|
m_singleUser_init = false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
Reference< security::XPolicy > const & AccessController::getPolicy()
|
|
|
|
|
SAL_THROW( (RuntimeException) )
|
|
|
|
|
{
|
|
|
|
|
// get policy singleton
|
|
|
|
|
if (! m_xPolicy.is())
|
|
|
|
|
{
|
|
|
|
|
Reference< security::XPolicy > xPolicy;
|
|
|
|
|
m_xComponentContext->getValueByName(
|
|
|
|
|
OUSTR("/singletons/com.sun.star.security.thePolicy") ) >>= xPolicy;
|
|
|
|
|
if (xPolicy.is())
|
|
|
|
|
{
|
|
|
|
|
MutexGuard guard( m_mutex );
|
|
|
|
|
if (! m_xPolicy.is())
|
|
|
|
|
{
|
|
|
|
|
m_xPolicy = xPolicy;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
throw SecurityException(
|
|
|
|
|
OUSTR("cannot get policy singleton!"), (OWeakObject *)this );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return m_xPolicy;
|
|
|
|
|
}
|
2002-03-04 16:43:21 +00:00
|
|
|
|
|
|
|
|
#ifdef __DIAGNOSE
|
|
|
|
|
static void dumpPermissions(
|
|
|
|
|
OUString const & userId, PermissionCollection const & collection ) SAL_THROW( () )
|
|
|
|
|
{
|
|
|
|
|
OUStringBuffer buf( 48 );
|
|
|
|
|
if (userId.getLength())
|
|
|
|
|
{
|
|
|
|
|
buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("> dumping effective permissions of user \"") );
|
|
|
|
|
buf.append( userId );
|
|
|
|
|
buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("\":") );
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
buf.appendAscii(
|
|
|
|
|
RTL_CONSTASCII_STRINGPARAM("> dumping permission collection of default user:") );
|
|
|
|
|
}
|
|
|
|
|
OString str( ::rtl::OUStringToOString( buf.makeStringAndClear(), RTL_TEXTENCODING_ASCII_US ) );
|
|
|
|
|
OSL_TRACE( str.getStr() );
|
|
|
|
|
Sequence< OUString > permissions( collection.toStrings() );
|
|
|
|
|
OUString const * p = permissions.getConstArray();
|
|
|
|
|
for ( sal_Int32 nPos = 0; nPos < permissions.getLength(); ++nPos )
|
|
|
|
|
{
|
|
|
|
|
OString str( ::rtl::OUStringToOString( p[ nPos ], RTL_TEXTENCODING_ASCII_US ) );
|
|
|
|
|
OSL_TRACE( str.getStr() );
|
|
|
|
|
}
|
|
|
|
|
OSL_TRACE( "> permission dump done" );
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2002-01-25 08:30:07 +00:00
|
|
|
//__________________________________________________________________________________________________
|
2002-03-04 16:43:21 +00:00
|
|
|
PermissionCollection AccessController::getEffectivePermissions(
|
2002-01-25 08:30:07 +00:00
|
|
|
Reference< XCurrentContext > const & xContext )
|
|
|
|
|
SAL_THROW( (RuntimeException) )
|
|
|
|
|
{
|
|
|
|
|
// this is the only place calling the policy singleton taking care of recurring calls
|
|
|
|
|
|
2002-03-04 16:43:21 +00:00
|
|
|
// init default permissions
|
|
|
|
|
if (! m_defaultUser_init)
|
|
|
|
|
{
|
|
|
|
|
// call on policy
|
|
|
|
|
// iff this is a recurring call for the default user, then grant all permissions
|
|
|
|
|
if (m_rec_check.isRecurring( OUString() ))
|
|
|
|
|
return PermissionCollection( new AllPermission() );
|
|
|
|
|
RecursionMarkGuard rec_guard( m_rec_check, OUString() ); // mark possible recursion
|
|
|
|
|
PermissionCollection defaultUserPermissions(
|
|
|
|
|
getPolicy()->getDefaultPermissions() );
|
|
|
|
|
#ifdef __DIAGNOSE
|
|
|
|
|
dumpPermissions( OUSTR("default"), defaultUserPermissions );
|
|
|
|
|
#endif
|
|
|
|
|
// assign
|
|
|
|
|
MutexGuard guard( m_mutex );
|
|
|
|
|
if (! m_defaultUser_init)
|
|
|
|
|
{
|
|
|
|
|
m_defaultUserPermissions = defaultUserPermissions;
|
|
|
|
|
m_defaultUser_init = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2002-01-25 08:30:07 +00:00
|
|
|
switch (m_mode)
|
|
|
|
|
{
|
|
|
|
|
case SINGLE_USER:
|
|
|
|
|
{
|
|
|
|
|
if (! m_singleUser_init)
|
|
|
|
|
{
|
|
|
|
|
// call on policy
|
|
|
|
|
// iff this is a recurring call for the same user, then grant all permissions
|
|
|
|
|
if (m_rec_check.isRecurring( m_singleUserId ))
|
2002-03-04 16:43:21 +00:00
|
|
|
return PermissionCollection( new AllPermission() );
|
2002-01-25 08:30:07 +00:00
|
|
|
RecursionMarkGuard rec_guard( m_rec_check, m_singleUserId ); // mark possible recursion
|
2002-03-04 16:43:21 +00:00
|
|
|
PermissionCollection singleUserPermissions(
|
|
|
|
|
getPolicy()->getPermissions( m_singleUserId ), m_defaultUserPermissions );
|
|
|
|
|
#ifdef __DIAGNOSE
|
|
|
|
|
dumpPermissions( m_singleUserId, singleUserPermissions );
|
|
|
|
|
#endif
|
2002-01-25 08:30:07 +00:00
|
|
|
// assign
|
|
|
|
|
MutexGuard guard( m_mutex );
|
|
|
|
|
if (! m_singleUser_init)
|
|
|
|
|
{
|
|
|
|
|
m_singleUserPermissions = singleUserPermissions;
|
|
|
|
|
m_singleUser_init = true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return m_singleUserPermissions;
|
|
|
|
|
}
|
2002-03-04 16:43:21 +00:00
|
|
|
case SINGLE_DEFAULT_USER:
|
|
|
|
|
{
|
|
|
|
|
return m_defaultUserPermissions;
|
|
|
|
|
}
|
2002-01-25 08:30:07 +00:00
|
|
|
case ON:
|
|
|
|
|
{
|
|
|
|
|
OUString userId;
|
|
|
|
|
if (xContext.is())
|
|
|
|
|
{
|
|
|
|
|
xContext->getValueByName( OUSTR(USER_CREDS ".id") ) >>= userId;
|
|
|
|
|
}
|
|
|
|
|
if (! userId.getLength())
|
|
|
|
|
{
|
|
|
|
|
throw SecurityException(
|
|
|
|
|
OUSTR("cannot determine current user in multi-user ac!"), (OWeakObject *)this );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// lookup policy for user
|
|
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
MutexGuard guard( m_mutex );
|
|
|
|
|
PermissionCollection const * pPermissions = m_user2permissions.lookup( userId );
|
|
|
|
|
if (pPermissions)
|
|
|
|
|
return *pPermissions;
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
2002-03-04 16:43:21 +00:00
|
|
|
|
|
|
|
|
// call on policy
|
|
|
|
|
// iff this is a recurring call for the same user, then grant all permissions
|
|
|
|
|
if (m_rec_check.isRecurring( userId ))
|
|
|
|
|
return PermissionCollection( new AllPermission() );
|
|
|
|
|
RecursionMarkGuard rec_guard( m_rec_check, userId ); // mark possible recursion
|
|
|
|
|
PermissionCollection permissions(
|
|
|
|
|
getPolicy()->getPermissions( userId ), m_defaultUserPermissions );
|
|
|
|
|
#ifdef __DIAGNOSE
|
|
|
|
|
dumpPermissions( userId, permissions );
|
|
|
|
|
#endif
|
2002-01-25 08:30:07 +00:00
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
// cache
|
|
|
|
|
MutexGuard guard( m_mutex );
|
|
|
|
|
m_user2permissions.set( userId, permissions );
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
2002-03-04 16:43:21 +00:00
|
|
|
return permissions;
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
OSL_ENSURE( 0, "### this should never be called in this mode!" );
|
2002-03-04 16:43:21 +00:00
|
|
|
return PermissionCollection();
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// XAccessController impl
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
void AccessController::checkPermission(
|
|
|
|
|
Any const & perm )
|
|
|
|
|
throw (RuntimeException)
|
|
|
|
|
{
|
|
|
|
|
if (OFF == m_mode)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
// first dynamic check of ac contexts
|
|
|
|
|
Reference< XCurrentContext > xContext;
|
|
|
|
|
::uno_getCurrentContext( (void **)&xContext, s_envType.pData, 0 );
|
|
|
|
|
if (xContext.is())
|
|
|
|
|
{
|
|
|
|
|
Reference< security::XAccessControlContext > xACC( getDynamicRestriction( xContext ) );
|
|
|
|
|
if (xACC.is())
|
|
|
|
|
{
|
|
|
|
|
xACC->checkPermission( perm );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (DYNAMIC_ONLY == m_mode)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
// then static check
|
2002-03-04 16:43:21 +00:00
|
|
|
getEffectivePermissions( xContext ).checkPermission( perm );
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
Any AccessController::doRestricted(
|
|
|
|
|
Reference< security::XAction > const & xAction,
|
|
|
|
|
Reference< security::XAccessControlContext > const & xRestriction )
|
|
|
|
|
throw (Exception)
|
|
|
|
|
{
|
|
|
|
|
if (OFF == m_mode) // optimize this way, because no dynamic check will be performed
|
|
|
|
|
return xAction->run();
|
|
|
|
|
|
|
|
|
|
Reference< XCurrentContext > xContext;
|
|
|
|
|
::uno_getCurrentContext( (void **)&xContext, s_envType.pData, 0 );
|
|
|
|
|
|
|
|
|
|
if (xRestriction.is())
|
|
|
|
|
{
|
|
|
|
|
// override restriction
|
|
|
|
|
Reference< security::XAccessControlContext > xOldRestr;
|
|
|
|
|
if (xContext.is())
|
|
|
|
|
{
|
|
|
|
|
xOldRestr = getDynamicRestriction( xContext );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Reference< XCurrentContext > xNewContext( new acc_CurrentContext(
|
|
|
|
|
xContext, acc_Combiner::create( xRestriction, xOldRestr ) ) );
|
|
|
|
|
::uno_setCurrentContext( xNewContext.get(), s_envType.pData, 0 );
|
|
|
|
|
|
|
|
|
|
cc_reset reset( xContext.get() );
|
|
|
|
|
return xAction->run();
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
return xAction->run();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
Any AccessController::doPrivileged(
|
|
|
|
|
Reference< security::XAction > const & xAction,
|
|
|
|
|
Reference< security::XAccessControlContext > const & xRestriction )
|
|
|
|
|
throw (Exception)
|
|
|
|
|
{
|
|
|
|
|
if (OFF == m_mode) // optimize this way, because no dynamic check will be performed
|
|
|
|
|
return xAction->run();
|
|
|
|
|
|
|
|
|
|
// override restriction
|
|
|
|
|
Reference< XCurrentContext > xContext;
|
|
|
|
|
::uno_getCurrentContext( (void **)&xContext, s_envType.pData, 0 );
|
|
|
|
|
|
|
|
|
|
Reference< XCurrentContext > xNewContext( new acc_CurrentContext(
|
|
|
|
|
xContext, xRestriction ) );
|
|
|
|
|
::uno_setCurrentContext( xNewContext.get(), s_envType.pData, 0 );
|
|
|
|
|
|
|
|
|
|
cc_reset reset( xContext.get() );
|
|
|
|
|
return xAction->run();
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
Reference< security::XAccessControlContext > AccessController::getContext()
|
|
|
|
|
throw (RuntimeException)
|
|
|
|
|
{
|
|
|
|
|
if (OFF == m_mode) // optimize this way, because no dynamic check will be performed
|
2002-03-04 16:43:21 +00:00
|
|
|
return new acc_Policy( PermissionCollection( new AllPermission() ) );
|
2002-01-25 08:30:07 +00:00
|
|
|
|
|
|
|
|
Reference< XCurrentContext > xContext;
|
|
|
|
|
::uno_getCurrentContext( (void **)&xContext, s_envType.pData, 0 );
|
|
|
|
|
|
|
|
|
|
Reference< security::XAccessControlContext > xDynamic;
|
|
|
|
|
if (xContext.is())
|
|
|
|
|
{
|
|
|
|
|
xDynamic = getDynamicRestriction( xContext );
|
|
|
|
|
}
|
|
|
|
|
|
2002-03-04 16:43:21 +00:00
|
|
|
return acc_Combiner::create( xDynamic, new acc_Policy( getEffectivePermissions( xContext ) ) );
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// XServiceInfo impl
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
OUString AccessController::getImplementationName()
|
|
|
|
|
throw (RuntimeException)
|
|
|
|
|
{
|
|
|
|
|
return s_implName;
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
sal_Bool AccessController::supportsService( OUString const & serviceName )
|
|
|
|
|
throw (RuntimeException)
|
|
|
|
|
{
|
|
|
|
|
OUString const * pNames = s_serviceNames.getConstArray();
|
|
|
|
|
for ( sal_Int32 nPos = s_serviceNames.getLength(); nPos--; )
|
|
|
|
|
{
|
|
|
|
|
if (serviceName.equals( pNames[ nPos ] ))
|
|
|
|
|
{
|
|
|
|
|
return sal_True;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return sal_False;
|
|
|
|
|
}
|
|
|
|
|
//__________________________________________________________________________________________________
|
|
|
|
|
Sequence< OUString > AccessController::getSupportedServiceNames()
|
|
|
|
|
throw (RuntimeException)
|
|
|
|
|
{
|
|
|
|
|
return s_serviceNames;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//##################################################################################################
|
|
|
|
|
|
|
|
|
|
//--------------------------------------------------------------------------------------------------
|
|
|
|
|
static Reference< XInterface > SAL_CALL ac_create(
|
|
|
|
|
Reference< XComponentContext > const & xComponentContext )
|
|
|
|
|
SAL_THROW( (Exception) )
|
|
|
|
|
{
|
|
|
|
|
return (OWeakObject *)new AccessController( xComponentContext );
|
|
|
|
|
}
|
|
|
|
|
//--------------------------------------------------------------------------------------------------
|
|
|
|
|
static Sequence< OUString > ac_getSupportedServiceNames() SAL_THROW( () )
|
|
|
|
|
{
|
|
|
|
|
return s_serviceNames;
|
|
|
|
|
}
|
|
|
|
|
//--------------------------------------------------------------------------------------------------
|
|
|
|
|
static OUString ac_getImplementationName() SAL_THROW( () )
|
|
|
|
|
{
|
|
|
|
|
return s_implName;
|
|
|
|
|
}
|
|
|
|
|
//--------------------------------------------------------------------------------------------------
|
|
|
|
|
Reference< XInterface > SAL_CALL filepolicy_create(
|
|
|
|
|
Reference< XComponentContext > const & xComponentContext )
|
|
|
|
|
SAL_THROW( (Exception) );
|
|
|
|
|
//--------------------------------------------------------------------------------------------------
|
|
|
|
|
Sequence< OUString > filepolicy_getSupportedServiceNames() SAL_THROW( () );
|
|
|
|
|
//--------------------------------------------------------------------------------------------------
|
|
|
|
|
OUString filepolicy_getImplementationName() SAL_THROW( () );
|
|
|
|
|
//--------------------------------------------------------------------------------------------------
|
|
|
|
|
static struct ImplementationEntry s_entries [] =
|
|
|
|
|
{
|
|
|
|
|
{
|
|
|
|
|
ac_create, ac_getImplementationName,
|
|
|
|
|
ac_getSupportedServiceNames, createSingleComponentFactory,
|
|
|
|
|
&s_moduleCount.modCnt, 0
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
filepolicy_create, filepolicy_getImplementationName,
|
|
|
|
|
filepolicy_getSupportedServiceNames, createSingleComponentFactory,
|
|
|
|
|
&s_moduleCount.modCnt, 0
|
|
|
|
|
},
|
|
|
|
|
{ 0, 0, 0, 0, 0, 0 }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
extern "C"
|
|
|
|
|
{
|
|
|
|
|
//==================================================================================================
|
2002-03-04 16:43:21 +00:00
|
|
|
sal_Bool SAL_CALL component_canUnload( TimeValue * time )
|
2002-01-25 08:30:07 +00:00
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
return ::stoc_sec::s_moduleCount.canUnload( &::stoc_sec::s_moduleCount, time );
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
//==================================================================================================
|
|
|
|
|
void SAL_CALL component_getImplementationEnvironment(
|
|
|
|
|
sal_Char const ** ppEnvTypeName, uno_Environment ** ppEnv )
|
|
|
|
|
{
|
|
|
|
|
*ppEnvTypeName = CPPU_CURRENT_LANGUAGE_BINDING_NAME;
|
|
|
|
|
}
|
|
|
|
|
//==================================================================================================
|
|
|
|
|
sal_Bool SAL_CALL component_writeInfo(
|
2002-03-04 16:43:21 +00:00
|
|
|
lang::XMultiServiceFactory * smgr, registry::XRegistryKey * key )
|
2002-01-25 08:30:07 +00:00
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
return component_writeInfoHelper( smgr, key, ::stoc_sec::s_entries );
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
//==================================================================================================
|
|
|
|
|
void * SAL_CALL component_getFactory(
|
2002-03-04 16:43:21 +00:00
|
|
|
sal_Char const * implName, lang::XMultiServiceFactory * smgr, registry::XRegistryKey * key )
|
2002-01-25 08:30:07 +00:00
|
|
|
{
|
2002-03-04 16:43:21 +00:00
|
|
|
return component_getFactoryHelper( implName, smgr, key, ::stoc_sec::s_entries );
|
2002-01-25 08:30:07 +00:00
|
|
|
}
|
|
|
|
|
}
|
