#include "afb-hook.h"
#include "afb-msg-json.h"
#include "afb-xreq.h"
+#include "afb-error-text.h"
#include "jobs.h"
#include "verbose.h"
static void xreq_finalize(struct afb_xreq *xreq)
{
if (!xreq->replied)
- afb_xreq_reply(xreq, NULL, "error", "no reply");
+ afb_xreq_reply(xreq, NULL, afb_error_text_not_replied, NULL);
#if WITH_AFB_HOOK
if (xreq->hookflags)
afb_hook_xreq_end(xreq);
static int xreq_has_permission_cb(struct afb_req_x2 *closure, const char *permission)
{
struct afb_xreq *xreq = xreq_from_req_x2(closure);
- return afb_auth_has_permission(xreq, permission);
+ return afb_context_has_permission(&xreq->context, permission);
}
static char *xreq_get_application_id_cb(struct afb_req_x2 *closure)
{
struct afb_xreq *xreq = xreq_from_req_x2(closure);
- return xreq->cred && xreq->cred->id ? strdup(xreq->cred->id) : NULL;
+ struct afb_cred *cred = xreq->context.credentials;
+ return cred && cred->id ? strdup(cred->id) : NULL;
}
static void *xreq_context_make_cb(struct afb_req_x2 *closure, int replace, void *(*create_value)(void*), void (*free_value)(void*), void *create_closure)
static int xreq_get_uid_cb(struct afb_req_x2 *closure)
{
struct afb_xreq *xreq = xreq_from_req_x2(closure);
- return xreq->cred && xreq->cred->id ? (int)xreq->cred->uid : -1;
+ struct afb_cred *cred = xreq->context.credentials;
+ return cred && cred->id ? (int)cred->uid : -1;
}
static struct json_object *xreq_get_client_info_cb(struct afb_req_x2 *closure)
{
struct afb_xreq *xreq = xreq_from_req_x2(closure);
+ struct afb_cred *cred = xreq->context.credentials;
struct json_object *r = json_object_new_object();
- if (xreq->cred && xreq->cred->id) {
- json_object_object_add(r, "uid", json_object_new_int(xreq->cred->uid));
- json_object_object_add(r, "gid", json_object_new_int(xreq->cred->gid));
- json_object_object_add(r, "pid", json_object_new_int(xreq->cred->pid));
- json_object_object_add(r, "user", json_object_new_string(xreq->cred->user));
- json_object_object_add(r, "label", json_object_new_string(xreq->cred->label));
- json_object_object_add(r, "id", json_object_new_string(xreq->cred->id));
+ if (cred && cred->id) {
+ json_object_object_add(r, "uid", json_object_new_int(cred->uid));
+ json_object_object_add(r, "gid", json_object_new_int(cred->gid));
+ json_object_object_add(r, "pid", json_object_new_int(cred->pid));
+ json_object_object_add(r, "user", json_object_new_string(cred->user));
+ json_object_object_add(r, "label", json_object_new_string(cred->label));
+ json_object_object_add(r, "id", json_object_new_string(cred->id));
}
if (xreq->context.session) {
- json_object_object_add(r, "uuid", json_object_new_string(afb_context_uuid(&xreq->context)));
+ json_object_object_add(r, "uuid", json_object_new_string(afb_context_uuid(&xreq->context)?:""));
json_object_object_add(r, "LOA", json_object_new_int(afb_context_get_loa(&xreq->context)));
}
return r;
return afb_req_x2_subcall_sync_legacy(xreq_to_req_x2(xreq), api, verb, args, result);
}
-#if WITH_LEGACY_BINDING_V1
-static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags)
+int afb_xreq_reply_unknown_api(struct afb_xreq *xreq)
{
- int loa;
-
- if ((sessionflags & (AFB_SESSION_CLOSE_X1|AFB_SESSION_RENEW_X1|AFB_SESSION_CHECK_X1|AFB_SESSION_LOA_EQ_X1)) != 0) {
- if (!afb_context_check(&xreq->context)) {
- afb_context_close(&xreq->context);
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid token's identity");
- errno = EINVAL;
- return -1;
- }
- }
-
- if ((sessionflags & AFB_SESSION_LOA_GE_X1) != 0) {
- loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
- if (!afb_context_check_loa(&xreq->context, loa)) {
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid LOA");
- errno = EPERM;
- return -1;
- }
- }
-
- if ((sessionflags & AFB_SESSION_LOA_LE_X1) != 0) {
- loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
- if (afb_context_check_loa(&xreq->context, loa + 1)) {
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid LOA");
- errno = EPERM;
- return -1;
- }
- }
-
- if ((sessionflags & AFB_SESSION_CLOSE_X1) != 0) {
- afb_context_change_loa(&xreq->context, 0);
- afb_context_close(&xreq->context);
- }
-
- return 0;
+ afb_xreq_reply_f(xreq, NULL, afb_error_text_unknown_api, "api %s not found (for verb %s)", xreq->request.called_api, xreq->request.called_verb);
+ errno = EINVAL;
+ return -1;
}
-#endif
-static int xreq_session_check_apply_v2(struct afb_xreq *xreq, uint32_t sessionflags, const struct afb_auth *auth)
+int afb_xreq_reply_unknown_verb(struct afb_xreq *xreq)
{
- int loa;
-
- if (sessionflags != 0) {
- if (!afb_context_check(&xreq->context)) {
- afb_context_close(&xreq->context);
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid token's identity");
- errno = EINVAL;
- return -1;
- }
- }
-
- loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_X2);
- if (loa && !afb_context_check_loa(&xreq->context, loa)) {
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid LOA");
- errno = EPERM;
- return -1;
- }
-
- if (auth && !afb_auth_check(xreq, auth)) {
- afb_xreq_reply_f(xreq, NULL, "denied", "authorisation refused");
- errno = EPERM;
- return -1;
- }
+ afb_xreq_reply_f(xreq, NULL, afb_error_text_unknown_verb, "verb %s unknown within api %s", xreq->request.called_verb, xreq->request.called_api);
+ errno = EINVAL;
+ return -1;
+}
- if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0) {
- afb_context_close(&xreq->context);
- }
+int afb_xreq_reply_invalid_token(struct afb_xreq *xreq)
+{
+ afb_xreq_reply(xreq, NULL, afb_error_text_invalid_token, "invalid token"); /* TODO: or "no token" */
+ errno = EINVAL;
+ return -1;
+}
- return 0;
+int afb_xreq_reply_insufficient_scope(struct afb_xreq *xreq, const char *scope)
+{
+ afb_xreq_reply(xreq, NULL, afb_error_text_insufficient_scope, scope ?: "insufficient scope");
+ errno = EPERM;
+ return -1;
}
#if WITH_LEGACY_BINDING_V1
if (!verb)
afb_xreq_reply_unknown_verb(xreq);
else
- if (!xreq_session_check_apply_v1(xreq, verb->session))
+ if (afb_auth_check_and_set_session_x1(xreq, verb->session) >= 0)
verb->callback(xreq_to_req_x1(xreq));
}
#endif
if (!verb)
afb_xreq_reply_unknown_verb(xreq);
else
- if (!xreq_session_check_apply_v2(xreq, verb->session, verb->auth))
+ if (afb_auth_check_and_set_session_x2(xreq, verb->auth, verb->session) > 0)
verb->callback(xreq_to_req_x1(xreq));
}
#endif
if (!verb)
afb_xreq_reply_unknown_verb(xreq);
else
- if (xreq_session_check_apply_v2(xreq, verb->session, verb->auth) >= 0)
+ if (afb_auth_check_and_set_session_x2(xreq, verb->auth, verb->session) > 0)
verb->callback(xreq_to_req_x2(xreq));
}
xreq->queryitf = queryitf;
}
-void afb_xreq_reply_unknown_api(struct afb_xreq *xreq)
-{
- afb_xreq_reply_f(xreq, NULL, "unknown-api", "api %s not found (for verb %s)", xreq->request.called_api, xreq->request.called_verb);
-}
-
-void afb_xreq_reply_unknown_verb(struct afb_xreq *xreq)
-{
- afb_xreq_reply_f(xreq, NULL, "unknown-verb", "verb %s unknown within api %s", xreq->request.called_verb, xreq->request.called_api);
-}
-
#if WITH_AFB_HOOK
static void init_hooking(struct afb_xreq *xreq)
{
if (signum != 0) {
/* emit the error (assumes that hooking is initialised) */
- afb_xreq_reply_f(xreq, NULL, "aborted", "signal %s(%d) caught", strsignal(signum), signum);
+ afb_xreq_reply_f(xreq, NULL, afb_error_text_aborted, "signal %s(%d) caught", strsignal(signum), signum);
} else {
#if WITH_AFB_HOOK
/* init hooking */
const char *xreq_on_behalf_cred_export(struct afb_xreq *xreq)
{
- return xreq->caller ? afb_cred_export(xreq->cred) : NULL;
+ return afb_context_on_behalf_export(&xreq->context);
}