-Binding Reference
-=================
+# Binding Reference
-Structure for declaring binding
--------------------------------
+## Structure for declaring binding
### struct afb_binding_v2
*/
struct afb_binding_v2
{
- const char *api; /* api name for the binding */
- const char *specification; /* textual openAPIv3 specification of the binding */
- const struct afb_verb_v2 *verbs; /* array of descriptions of verbs terminated by a NULL name */
+ const char *api; /* api name for the binding */
+ const char *specification; /* textual openAPIv3 specification of the binding */
+ const char *info; /* some info about the api, can be NULL */
+ const struct afb_verb_v2 *verbs; /* array of descriptions of verbs terminated by a NULL name */
int (*preinit)(); /* callback at load of the binding */
int (*init)(); /* callback for starting the service */
void (*onevent)(const char *event, struct json_object *object); /* callback for handling events */
- unsigned noconcurrency: 1; /* avoids concurrent requests to verbs */
+ unsigned noconcurrency: 1; /* avoids concurrent requests to verbs */
};
```
{
const char *verb; /* name of the verb */
void (*callback)(struct afb_req req); /* callback function implementing the verb */
- const struct afb_auth *auth; /* required authorization */
+ const struct afb_auth *auth; /* required authorization */
+ const char *info; /* some info about the verb, can be NULL */
uint32_t session; /* authorization and session requirements of the verb */
};
```
-The session flags is an or of the constant defined below:
+The **session** flags is one of the constant defined below:
- - AFB_SESSION_NONE : no flag, synonym to 0
- - AFB_SESSION_LOA_0 : Requires the LOA to be 0 or more, synonym to 0 or AFB_SESSION_NONE
- - AFB_SESSION_LOA_1 : Requires the LOA to be 1 or more
- - AFB_SESSION_LOA_2 : Requires the LOA to be 2 or more
- - AFB_SESSION_LOA_3 : Requires the LOA to be 3 or more
- - AFB_SESSION_CHECK : Requires the token to be set and valid
- - AFB_SESSION_REFRESH : Implies a token refresh
- - AFB_SESSION_CLOSE : Implies cloing the session
+- AFB_SESSION_NONE : no flag, synonym to 0
+- AFB_SESSION_LOA_0 : Requires the LOA to be 0 or more, synonym to 0 or AFB_SESSION_NONE
+- AFB_SESSION_LOA_1 : Requires the LOA to be 1 or more
+- AFB_SESSION_LOA_2 : Requires the LOA to be 2 or more
+- AFB_SESSION_LOA_3 : Requires the LOA to be 3 or more
+- AFB_SESSION_CHECK : Requires the token to be set and valid
+- AFB_SESSION_REFRESH : Implies a token refresh
+- AFB_SESSION_CLOSE : Implies cloing the session
-The LOA is set binding by binding using the function **afb_req_session_set_LOA**.
+The LOA (Level Of Assurance) is set, by binding, using the function **afb_req_session_set_LOA**.
### struct afb_auth and enum afb_auth_type
The structure **afb_auth** is used within verb description to
-set security requirements. The interpretation of the structure
-depends on the value of the field **type**.
+set security requirements.
+The interpretation of the structure depends on the value of the field **type**.
```C
struct afb_auth
const struct afb_auth *next;
};
```
+
The possible values for **type** is defined here:
```C
*/
enum afb_auth_type
{
- afb_auth_No = 0, /** never authorized, no data */
- afb_auth_Token, /** authorized if token valid, no data */
- afb_auth_LOA, /** authorized if LOA greater than data 'loa' */
- afb_auth_Permission, /** authorized if permission 'text' is granted */
- afb_auth_Or, /** authorized if 'first' or 'next' is authorized */
- afb_auth_And, /** authorized if 'first' and 'next' are authorized */
- afb_auth_Not, /** authorized if 'first' is not authorized */
- afb_auth_Yes /** always authorized, no data */
+ afb_auth_No = 0, /** never authorized, no data */
+ afb_auth_Token, /** authorized if token valid, no data */
+ afb_auth_LOA, /** authorized if LOA greater than data 'loa' */
+ afb_auth_Permission, /** authorized if permission 'text' is granted */
+ afb_auth_Or, /** authorized if 'first' or 'next' is authorized */
+ afb_auth_And, /** authorized if 'first' and 'next' are authorized */
+ afb_auth_Not, /** authorized if 'first' is not authorized */
+ afb_auth_Yes /** always authorized, no data */
};
```
```C
static const struct afb_auth _afb_auths_v2_monitor[] = {
- { .type = afb_auth_Permission, .text = "urn:AGL:permission:monitor:public:set" },
- { .type = afb_auth_Permission, .text = "urn:AGL:permission:monitor:public:get" },
- { .type = afb_auth_Or, .first = &_afb_auths_v2_monitor[1], .next = &_afb_auths_v2_monitor[0] }
+ { .type = afb_auth_Permission, .text = "urn:AGL:permission:monitor:public:set" },
+ { .type = afb_auth_Permission, .text = "urn:AGL:permission:monitor:public:get" },
+ { .type = afb_auth_Or, .first = &_afb_auths_v2_monitor[1], .next = &_afb_auths_v2_monitor[0] }
};
```
-Functions of class afb_daemon...
--------------------------
+## Functions of class afb_daemon
-The 3 following functions are linked to libsystemd.
+The 3 following functions are linked to libsystemd.
They allow use of **sd_event** features and access
to **sd_bus** features.
struct sd_bus *afb_daemon_get_system_bus();
```
-The 2 following functions are linked to event management.
+The 2 following functions are linked to event management.
Broadcasting an event send it to any possible listener.
```C
* Thus, in the case where 'object' should remain available after
* the function returns, the function 'json_object_get' shall be used.
*
+ * Calling this function is only forbidden during preinit.
+ *
* Returns the count of clients that received the event.
*/
int afb_daemon_broadcast_event(const char *name, struct json_object *object);
/*
* Creates an event of 'name' and returns it.
*
+ * Calling this function is only forbidden during preinit.
+ *
* See afb_event_is_valid to check if there is an error.
*/
struct afb_event afb_daemon_make_event(const char *name);
```
The following function is used by logging macros and should normally
-not be used. Instead, you should use the macros
-**AFB\_ERROR**, **AFB\_WARNING**, **AFB\_NOTICE**,
-**AFB\_INFO**, **AFB\_DEBUG**
+not be used.
+Instead, you should use the macros:
+
+- **AFB\_ERROR**
+- **AFB\_WARNING**
+- **AFB\_NOTICE**
+- **AFB\_INFO**
+- **AFB\_DEBUG**
```C
/*
/*
* Tells that it requires the API of "name" to exist
* and if 'initialized' is not null to be initialized.
+ * Calling this function is only allowed within init.
* Returns 0 in case of success or -1 in case of error.
*/
int afb_daemon_require_api(const char *name, int initialized)
```
-Functions of class afb_service...
--------------------------
+This function allows to give a different name to the binding.
+It can be called during pre-init.
+
+```C
+/*
+ * Set the name of the API to 'name'.
+ * Calling this function is only allowed within preinit.
+ * Returns 0 in case of success or -1 in case of error.
+ */
+int afb_daemon_rename_api(const char *name);
+```
+
+## Functions of class afb_service
The following functions allow services to call verbs of other
bindings for themselves.
* @see also 'afb_req_subcall'
*/
void afb_service_call(
- const char *api,
- const char *verb,
- struct json_object *args,
- void (*callback)(void*closure, int status, struct json_object *result),
- void *callback_closure);
+ const char *api,
+ const char *verb,
+ struct json_object *args,
+ void (*callback)(void*closure, int status, struct json_object *result),
+ void *callback_closure);
/**
* Calls the 'verb' of the 'api' with the arguments 'args' and 'verb' in the name of the binding.
* @see also 'afb_req_subcall'
*/
int afb_service_call_sync(
- const char *api,
- const char *verb,
- struct json_object *args,
- struct json_object **result);
+ const char *api,
+ const char *verb,
+ struct json_object *args,
+ struct json_object **result);
```
-Functions of class afb_event...
--------------------------
+## Functions of class afb_event
-This function checks whether the event is valid. It must be used
-when creating events.
+This function checks whether the event is valid.
+It must be used when creating events.
```C
/*
const char *afb_event_name(struct afb_event event);
```
-Functions of class afb_req...
--------------------------
+## Functions of class afb_req
This function checks the validity of the **req**.
int afb_req_session_set_LOA(struct afb_req req, unsigned level);
```
-
The 4 following functions must be used for asynchronous handling requests.
```C
* For convenience, the function calls 'json_object_put' for 'args'.
* Thus, in the case where 'args' should remain available after
* the function returns, the function 'json_object_get' shall be used.
+ *
+ * See also:
+ * - 'afb_req_subcall_req' that is convenient to keep request alive automatically.
+ * - 'afb_req_subcall_sync' the synchronous version
*/
void afb_req_subcall(
struct afb_req req,
void (*callback)(void *closure, int status, struct json_object *result),
void *closure);
+/*
+ * Makes a call to the method of name 'api' / 'verb' with the object 'args'.
+ * This call is made in the context of the request 'req'.
+ * On completion, the function 'callback' is invoked with the
+ * original request 'req', the 'closure' given at call and two
+ * other parameters: 'iserror' and 'result'.
+ * 'status' is 0 on success or negative when on an error reply.
+ * 'result' is the json object of the reply, you must not call json_object_put
+ * on the result.
+ *
+ * For convenience, the function calls 'json_object_put' for 'args'.
+ * Thus, in the case where 'args' should remain available after
+ * the function returns, the function 'json_object_get' shall be used.
+ *
+ * See also:
+ * - 'afb_req_subcall' that doesn't keep request alive automatically.
+ * - 'afb_req_subcall_sync' the synchronous version
+ */
+static inline void afb_req_subcall_req(struct afb_req req, const char *api, const char *verb, struct json_object *args, void (*callback)(void *closure, int iserror, struct json_object *result, struct afb_req req), void *closure)
+{
+ req.itf->subcall_req(req.closure, api, verb, args, callback, closure);
+}
+
/*
* Makes a call to the method of name 'api' / 'verb' with the object 'args'.
* This call is made in the context of the request 'req'.
* For convenience, the function calls 'json_object_put' for 'args'.
* Thus, in the case where 'args' should remain available after
* the function returns, the function 'json_object_get' shall be used.
+ *
+ * See also:
+ * - 'afb_req_subcall_req' that is convenient to keep request alive automatically.
+ * - 'afb_req_subcall' that doesn't keep request alive automatically.
*/
int afb_req_subcall_sync(
struct afb_req req,
```
The following function is used by logging macros and should normally
-not be used. Instead, you should use the macros
-**AFB_REQ_ERROR**, **AFB_REQ_WARNING**, **AFB_REQ_NOTICE**,
-**AFB_REQ_INFO**, **AFB_REQ_DEBUG**
+not be used.
+Instead, you should use the macros:
+
+- **AFB_REQ_ERROR**
+- **AFB_REQ_WARNING**
+- **AFB_REQ_NOTICE**
+- **AFB_REQ_INFO**
+- **AFB_REQ_DEBUG**
```C
/*
void afb_req_verbose(struct afb_req req, int level, const char *file, int line, const char * func, const char *fmt, ...);
```
-Logging macros
---------------
+The functions below allow a binding involved in the platform security
+to explicitely check a permission of a client or to get the calling
+application identity.
+
+```C
+/*
+ * Check whether the 'permission' is granted or not to the client
+ * identified by 'req'.
+ *
+ * Returns 1 if the permission is granted or 0 otherwise.
+ */
+int afb_req_has_permission(struct afb_req req, const char *permission);
+
+/*
+ * Get the application identifier of the client application for the
+ * request 'req'.
+ *
+ * Returns the application identifier or NULL when the application
+ * can not be identified.
+ *
+ * The returned value if not NULL must be freed by the caller
+ */
+char *afb_req_get_application_id(struct afb_req req);
+
+/*
+ * Get the user identifier (UID) of the client application for the
+ * request 'req'.
+ *
+ * Returns -1 when the application can not be identified.
+ */
+int afb_req_get_uid(struct afb_req req);
+```
+
+## Logging macros
The following macros must be used for logging:
Code Review / src / app-framework-binder.git / blobdiff