X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fafb-xreq.c;h=0ecf62d2a998badbcf3768be48be884830024caf;hb=248ba86f06b1903fff3e0538d7b06c02610b4806;hp=b964b104935da7086af0437066f7f295e611dfc5;hpb=e000e3b73ee0582882324e504fe2dae7386534f8;p=src%2Fapp-framework-binder.git diff --git a/src/afb-xreq.c b/src/afb-xreq.c index b964b104..0ecf62d2 100644 --- a/src/afb-xreq.c +++ b/src/afb-xreq.c @@ -440,11 +440,11 @@ void afb_xreq_subcall(struct afb_xreq *xreq, const char *api, const char *verb, afb_req_subcall(to_req(xreq), api, verb, args, callback, cb_closure); } -static int xreq_session_check_apply(struct afb_xreq *xreq, int sessionflags, const struct afb_auth *auth) +static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags) { int loa; - if ((sessionflags & (AFB_SESSION_CLOSE|AFB_SESSION_RENEW|AFB_SESSION_CHECK|AFB_SESSION_LOA_EQ)) != 0) { + if ((sessionflags & (AFB_SESSION_CLOSE_V1|AFB_SESSION_RENEW_V1|AFB_SESSION_CHECK_V1|AFB_SESSION_LOA_EQ_V1)) != 0) { if (!afb_context_check(&xreq->context)) { afb_context_close(&xreq->context); afb_xreq_fail_f(xreq, "denied", "invalid token's identity"); @@ -453,8 +453,8 @@ static int xreq_session_check_apply(struct afb_xreq *xreq, int sessionflags, con } } - if ((sessionflags & AFB_SESSION_LOA_GE) != 0) { - loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK; + if ((sessionflags & AFB_SESSION_LOA_GE_V1) != 0) { + loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_V1) & AFB_SESSION_LOA_MASK_V1; if (!afb_context_check_loa(&xreq->context, loa)) { afb_xreq_fail_f(xreq, "denied", "invalid LOA"); errno = EPERM; @@ -462,8 +462,8 @@ static int xreq_session_check_apply(struct afb_xreq *xreq, int sessionflags, con } } - if ((sessionflags & AFB_SESSION_LOA_LE) != 0) { - loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK; + if ((sessionflags & AFB_SESSION_LOA_LE_V1) != 0) { + loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_V1) & AFB_SESSION_LOA_MASK_V1; if (afb_context_check_loa(&xreq->context, loa + 1)) { afb_xreq_fail_f(xreq, "denied", "invalid LOA"); errno = EPERM; @@ -471,17 +471,47 @@ static int xreq_session_check_apply(struct afb_xreq *xreq, int sessionflags, con } } + if ((sessionflags & AFB_SESSION_RENEW_V1) != 0) { + afb_context_refresh(&xreq->context); + } + if ((sessionflags & AFB_SESSION_CLOSE_V1) != 0) { + afb_context_change_loa(&xreq->context, 0); + afb_context_close(&xreq->context); + } + + return 0; +} + +static int xreq_session_check_apply_v2(struct afb_xreq *xreq, uint32_t sessionflags, const struct afb_auth *auth) +{ + int loa; + + if (sessionflags != 0) { + if (!afb_context_check(&xreq->context)) { + afb_context_close(&xreq->context); + afb_xreq_fail_f(xreq, "denied", "invalid token's identity"); + errno = EINVAL; + return -1; + } + } + + loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_V2); + if (loa && !afb_context_check_loa(&xreq->context, loa)) { + afb_xreq_fail_f(xreq, "denied", "invalid LOA"); + errno = EPERM; + return -1; + } + if (auth && !afb_auth_check(auth, xreq)) { afb_xreq_fail_f(xreq, "denied", "authorisation refused"); errno = EPERM; return -1; } - if ((sessionflags & AFB_SESSION_RENEW) != 0) { + if ((sessionflags & AFB_SESSION_REFRESH_V2) != 0) { afb_context_refresh(&xreq->context); } - if ((sessionflags & AFB_SESSION_CLOSE) != 0) { - afb_context_change_loa(&xreq->context, 0); + if ((sessionflags & AFB_SESSION_CLOSE_V2) != 0) { afb_context_close(&xreq->context); } @@ -493,7 +523,7 @@ void afb_xreq_call_verb_v1(struct afb_xreq *xreq, const struct afb_verb_desc_v1 if (!verb) afb_xreq_fail_unknown_verb(xreq); else - if (!xreq_session_check_apply(xreq, verb->session, NULL)) + if (!xreq_session_check_apply_v1(xreq, verb->session)) verb->callback(to_req(xreq)); } @@ -502,7 +532,7 @@ void afb_xreq_call_verb_v2(struct afb_xreq *xreq, const struct afb_verb_v2 *verb if (!verb) afb_xreq_fail_unknown_verb(xreq); else - if (!xreq_session_check_apply(xreq, verb->session, verb->auth)) + if (!xreq_session_check_apply_v2(xreq, verb->session, verb->auth)) verb->callback(to_req(xreq)); }