*/
#define _GNU_SOURCE
-#define NO_BINDING_VERBOSE_MACRO
+#define AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO
#include <stdlib.h>
#include <string.h>
#include "afb-hook.h"
#include "afb-api.h"
#include "afb-apiset.h"
+#include "afb-auth.h"
#include "jobs.h"
#include "verbose.h"
afb_req_subcall(to_req(xreq), api, verb, args, callback, cb_closure);
}
-int xreq_session_check(struct afb_xreq *xreq, int sessionflags)
+static int xreq_session_check_apply(struct afb_xreq *xreq, int sessionflags, const struct afb_auth *auth)
{
int loa;
if ((sessionflags & (AFB_SESSION_CLOSE|AFB_SESSION_RENEW|AFB_SESSION_CHECK|AFB_SESSION_LOA_EQ)) != 0) {
if (!afb_context_check(&xreq->context)) {
afb_context_close(&xreq->context);
- afb_xreq_fail_f(xreq, "failed", "invalid token's identity");
+ afb_xreq_fail_f(xreq, "denied", "invalid token's identity");
errno = EINVAL;
return -1;
}
if ((sessionflags & AFB_SESSION_LOA_GE) != 0) {
loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK;
if (!afb_context_check_loa(&xreq->context, loa)) {
- afb_xreq_fail_f(xreq, "failed", "invalid LOA");
+ afb_xreq_fail_f(xreq, "denied", "invalid LOA");
errno = EPERM;
return -1;
}
if ((sessionflags & AFB_SESSION_LOA_LE) != 0) {
loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK;
if (afb_context_check_loa(&xreq->context, loa + 1)) {
- afb_xreq_fail_f(xreq, "failed", "invalid LOA");
+ afb_xreq_fail_f(xreq, "denied", "invalid LOA");
errno = EPERM;
return -1;
}
}
- return 0;
-}
+ if (auth && !afb_auth_check(auth, xreq)) {
+ afb_xreq_fail_f(xreq, "denied", "authorisation refused");
+ errno = EPERM;
+ return -1;
+ }
-void xreq_session_apply(struct afb_xreq *xreq, int sessionflags)
-{
if ((sessionflags & AFB_SESSION_RENEW) != 0) {
afb_context_refresh(&xreq->context);
}
afb_context_change_loa(&xreq->context, 0);
afb_context_close(&xreq->context);
}
-}
-int xreq_session_check_apply(struct afb_xreq *xreq, int sessionflags)
-{
- int rc = xreq_session_check(xreq, sessionflags);
- if (!rc)
- xreq_session_apply(xreq, sessionflags);
-
- return rc;
+ return 0;
}
-void afb_xreq_call(struct afb_xreq *xreq, void (*method)(struct afb_req req))
+void afb_xreq_call_verb_v1(struct afb_xreq *xreq, const struct afb_verb_desc_v1 *verb)
{
- method(to_req(xreq));
+ if (!verb)
+ afb_xreq_fail_unknown_verb(xreq);
+ else
+ if (!xreq_session_check_apply(xreq, verb->session, NULL))
+ verb->callback(to_req(xreq));
}
-void afb_xreq_check_apply_call(struct afb_xreq *xreq, int sessionflags, void (*method)(struct afb_req req))
+void afb_xreq_call_verb_v2(struct afb_xreq *xreq, const struct afb_verb_v2 *verb)
{
- if (!xreq_session_check_apply(xreq, sessionflags))
- method(to_req(xreq));
+ if (!verb)
+ afb_xreq_fail_unknown_verb(xreq);
+ else
+ if (!xreq_session_check_apply(xreq, verb->session, verb->auth))
+ verb->callback(to_req(xreq));
}
void afb_xreq_init(struct afb_xreq *xreq, const struct afb_xreq_query_itf *queryitf)
Code Review / src / app-framework-binder.git / blobdiff