X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fafb-xreq.c;h=0ecf62d2a998badbcf3768be48be884830024caf;hb=c03c5d7acdfbb4fe50249679139dc5012b670fcd;hp=b54b4365223ddc4ac8bb63fa0fe0753a18d8c072;hpb=968c3fca18c7518f240d2487a561e8df8b2907a7;p=src%2Fapp-framework-binder.git diff --git a/src/afb-xreq.c b/src/afb-xreq.c index b54b4365..0ecf62d2 100644 --- a/src/afb-xreq.c +++ b/src/afb-xreq.c @@ -16,7 +16,7 @@ */ #define _GNU_SOURCE -#define NO_BINDING_VERBOSE_MACRO +#define AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO #include #include @@ -33,6 +33,7 @@ #include "afb-hook.h" #include "afb-api.h" #include "afb-apiset.h" +#include "afb-auth.h" #include "jobs.h" #include "verbose.h" @@ -439,77 +440,100 @@ void afb_xreq_subcall(struct afb_xreq *xreq, const char *api, const char *verb, afb_req_subcall(to_req(xreq), api, verb, args, callback, cb_closure); } -int xreq_session_check(struct afb_xreq *xreq, int sessionflags) +static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags) { int loa; - if ((sessionflags & (AFB_SESSION_CREATE|AFB_SESSION_CLOSE|AFB_SESSION_RENEW|AFB_SESSION_CHECK|AFB_SESSION_LOA_EQ)) != 0) { + if ((sessionflags & (AFB_SESSION_CLOSE_V1|AFB_SESSION_RENEW_V1|AFB_SESSION_CHECK_V1|AFB_SESSION_LOA_EQ_V1)) != 0) { if (!afb_context_check(&xreq->context)) { afb_context_close(&xreq->context); - afb_xreq_fail_f(xreq, "failed", "invalid token's identity"); + afb_xreq_fail_f(xreq, "denied", "invalid token's identity"); errno = EINVAL; return -1; } } - if ((sessionflags & AFB_SESSION_CREATE) != 0) { - if (afb_context_check_loa(&xreq->context, 1)) { - afb_xreq_fail_f(xreq, "failed", "invalid creation state"); - errno = EINVAL; - return -1; - } - } - - if ((sessionflags & AFB_SESSION_LOA_GE) != 0) { - loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK; + if ((sessionflags & AFB_SESSION_LOA_GE_V1) != 0) { + loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_V1) & AFB_SESSION_LOA_MASK_V1; if (!afb_context_check_loa(&xreq->context, loa)) { - afb_xreq_fail_f(xreq, "failed", "invalid LOA"); + afb_xreq_fail_f(xreq, "denied", "invalid LOA"); errno = EPERM; return -1; } } - if ((sessionflags & AFB_SESSION_LOA_LE) != 0) { - loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK; + if ((sessionflags & AFB_SESSION_LOA_LE_V1) != 0) { + loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_V1) & AFB_SESSION_LOA_MASK_V1; if (afb_context_check_loa(&xreq->context, loa + 1)) { - afb_xreq_fail_f(xreq, "failed", "invalid LOA"); + afb_xreq_fail_f(xreq, "denied", "invalid LOA"); errno = EPERM; return -1; } } - return 0; -} - -void xreq_session_apply(struct afb_xreq *xreq, int sessionflags) -{ - if ((sessionflags & (AFB_SESSION_CREATE | AFB_SESSION_RENEW)) != 0) { + if ((sessionflags & AFB_SESSION_RENEW_V1) != 0) { afb_context_refresh(&xreq->context); } - if ((sessionflags & AFB_SESSION_CLOSE) != 0) { + if ((sessionflags & AFB_SESSION_CLOSE_V1) != 0) { afb_context_change_loa(&xreq->context, 0); afb_context_close(&xreq->context); } + + return 0; } -int xreq_session_check_apply(struct afb_xreq *xreq, int sessionflags) +static int xreq_session_check_apply_v2(struct afb_xreq *xreq, uint32_t sessionflags, const struct afb_auth *auth) { - int rc = xreq_session_check(xreq, sessionflags); - if (!rc) - xreq_session_apply(xreq, sessionflags); + int loa; - return rc; + if (sessionflags != 0) { + if (!afb_context_check(&xreq->context)) { + afb_context_close(&xreq->context); + afb_xreq_fail_f(xreq, "denied", "invalid token's identity"); + errno = EINVAL; + return -1; + } + } + + loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_V2); + if (loa && !afb_context_check_loa(&xreq->context, loa)) { + afb_xreq_fail_f(xreq, "denied", "invalid LOA"); + errno = EPERM; + return -1; + } + + if (auth && !afb_auth_check(auth, xreq)) { + afb_xreq_fail_f(xreq, "denied", "authorisation refused"); + errno = EPERM; + return -1; + } + + if ((sessionflags & AFB_SESSION_REFRESH_V2) != 0) { + afb_context_refresh(&xreq->context); + } + if ((sessionflags & AFB_SESSION_CLOSE_V2) != 0) { + afb_context_close(&xreq->context); + } + + return 0; } -void afb_xreq_call(struct afb_xreq *xreq, void (*method)(struct afb_req req)) +void afb_xreq_call_verb_v1(struct afb_xreq *xreq, const struct afb_verb_desc_v1 *verb) { - method(to_req(xreq)); + if (!verb) + afb_xreq_fail_unknown_verb(xreq); + else + if (!xreq_session_check_apply_v1(xreq, verb->session)) + verb->callback(to_req(xreq)); } -void afb_xreq_check_apply_call(struct afb_xreq *xreq, int sessionflags, void (*method)(struct afb_req req)) +void afb_xreq_call_verb_v2(struct afb_xreq *xreq, const struct afb_verb_v2 *verb) { - if (!xreq_session_check_apply(xreq, sessionflags)) - method(to_req(xreq)); + if (!verb) + afb_xreq_fail_unknown_verb(xreq); + else + if (!xreq_session_check_apply_v2(xreq, verb->session, verb->auth)) + verb->callback(to_req(xreq)); } void afb_xreq_init(struct afb_xreq *xreq, const struct afb_xreq_query_itf *queryitf)