Bindings V2: migration of HelloWorld binder

[src/app-framework-binder.git] / src / afb-xreq.c
diff --git a/src/afb-xreq.c b/src/afb-xreq.c

index b54b436..0ecf62d 100644 (file)
--- a/src/afb-xreq.c
+++ b/src/afb-xreq.c
@@ -16,7 +16,7 @@
   */
  
  #define _GNU_SOURCE
-#define NO_BINDING_VERBOSE_MACRO
+#define AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO
  
  #include <stdlib.h>
  #include <string.h>
@@ -33,6 +33,7 @@
  #include "afb-hook.h"
  #include "afb-api.h"
  #include "afb-apiset.h"
+#include "afb-auth.h"
  #include "jobs.h"
  #include "verbose.h"
  
@@ -439,77 +440,100 @@ void afb_xreq_subcall(struct afb_xreq *xreq, const char *api, const char *verb,
         afb_req_subcall(to_req(xreq), api, verb, args, callback, cb_closure);
  }
  
-int xreq_session_check(struct afb_xreq *xreq, int sessionflags)
+static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags)
  {
         int loa;
  
-       if ((sessionflags & (AFB_SESSION_CREATE|AFB_SESSION_CLOSE|AFB_SESSION_RENEW|AFB_SESSION_CHECK|AFB_SESSION_LOA_EQ)) != 0) {
+       if ((sessionflags & (AFB_SESSION_CLOSE_V1|AFB_SESSION_RENEW_V1|AFB_SESSION_CHECK_V1|AFB_SESSION_LOA_EQ_V1)) != 0) {
                 if (!afb_context_check(&xreq->context)) {
                         afb_context_close(&xreq->context);
-                       afb_xreq_fail_f(xreq, "failed", "invalid token's identity");
+                       afb_xreq_fail_f(xreq, "denied", "invalid token's identity");
                         errno = EINVAL;
                         return -1;
                 }
         }
  
-       if ((sessionflags & AFB_SESSION_CREATE) != 0) {
-               if (afb_context_check_loa(&xreq->context, 1)) {
-                       afb_xreq_fail_f(xreq, "failed", "invalid creation state");
-                       errno = EINVAL;
-                       return -1;
-               }
-       }
-
-       if ((sessionflags & AFB_SESSION_LOA_GE) != 0) {
-               loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK;
+       if ((sessionflags & AFB_SESSION_LOA_GE_V1) != 0) {
+               loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_V1) & AFB_SESSION_LOA_MASK_V1;
                 if (!afb_context_check_loa(&xreq->context, loa)) {
-                       afb_xreq_fail_f(xreq, "failed", "invalid LOA");
+                       afb_xreq_fail_f(xreq, "denied", "invalid LOA");
                         errno = EPERM;
                         return -1;
                 }
         }
  
-       if ((sessionflags & AFB_SESSION_LOA_LE) != 0) {
-               loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK;
+       if ((sessionflags & AFB_SESSION_LOA_LE_V1) != 0) {
+               loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_V1) & AFB_SESSION_LOA_MASK_V1;
                 if (afb_context_check_loa(&xreq->context, loa + 1)) {
-                       afb_xreq_fail_f(xreq, "failed", "invalid LOA");
+                       afb_xreq_fail_f(xreq, "denied", "invalid LOA");
                         errno = EPERM;
                         return -1;
                 }
         }
  
-       return 0;
-}
-
-void xreq_session_apply(struct afb_xreq *xreq, int sessionflags)
-{
-       if ((sessionflags & (AFB_SESSION_CREATE | AFB_SESSION_RENEW)) != 0) {
+       if ((sessionflags & AFB_SESSION_RENEW_V1) != 0) {
                 afb_context_refresh(&xreq->context);
         }
-       if ((sessionflags & AFB_SESSION_CLOSE) != 0) {
+       if ((sessionflags & AFB_SESSION_CLOSE_V1) != 0) {
                 afb_context_change_loa(&xreq->context, 0);
                 afb_context_close(&xreq->context);
         }
+
+       return 0;
  }
  
-int xreq_session_check_apply(struct afb_xreq *xreq, int sessionflags)
+static int xreq_session_check_apply_v2(struct afb_xreq *xreq, uint32_t sessionflags, const struct afb_auth *auth)
  {
-       int rc = xreq_session_check(xreq, sessionflags);
-       if (!rc)
-               xreq_session_apply(xreq, sessionflags);
+       int loa;
  
-       return rc;
+       if (sessionflags != 0) {
+               if (!afb_context_check(&xreq->context)) {
+                       afb_context_close(&xreq->context);
+                       afb_xreq_fail_f(xreq, "denied", "invalid token's identity");
+                       errno = EINVAL;
+                       return -1;
+               }
+       }
+
+       loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_V2);
+       if (loa && !afb_context_check_loa(&xreq->context, loa)) {
+               afb_xreq_fail_f(xreq, "denied", "invalid LOA");
+               errno = EPERM;
+               return -1;
+       }
+
+       if (auth && !afb_auth_check(auth, xreq)) {
+               afb_xreq_fail_f(xreq, "denied", "authorisation refused");
+               errno = EPERM;
+               return -1;
+       }
+
+       if ((sessionflags & AFB_SESSION_REFRESH_V2) != 0) {
+               afb_context_refresh(&xreq->context);
+       }
+       if ((sessionflags & AFB_SESSION_CLOSE_V2) != 0) {
+               afb_context_close(&xreq->context);
+       }
+
+       return 0;
  }
  
-void afb_xreq_call(struct afb_xreq *xreq, void (*method)(struct afb_req req))
+void afb_xreq_call_verb_v1(struct afb_xreq *xreq, const struct afb_verb_desc_v1 *verb)
  {
-       method(to_req(xreq));
+       if (!verb)
+               afb_xreq_fail_unknown_verb(xreq);
+       else
+               if (!xreq_session_check_apply_v1(xreq, verb->session))
+                       verb->callback(to_req(xreq));
  }
  
-void afb_xreq_check_apply_call(struct afb_xreq *xreq, int sessionflags, void (*method)(struct afb_req req))
+void afb_xreq_call_verb_v2(struct afb_xreq *xreq, const struct afb_verb_v2 *verb)
  {
-       if (!xreq_session_check_apply(xreq, sessionflags))
-               method(to_req(xreq));
+       if (!verb)
+               afb_xreq_fail_unknown_verb(xreq);
+       else
+               if (!xreq_session_check_apply_v2(xreq, verb->session, verb->auth))
+                       verb->callback(to_req(xreq));
  }
  
  void afb_xreq_init(struct afb_xreq *xreq, const struct afb_xreq_query_itf *queryitf)