X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fafb-xreq.c;h=b964b104935da7086af0437066f7f295e611dfc5;hb=e000e3b73ee0582882324e504fe2dae7386534f8;hp=b40f03046bb41f4bd30a28d036d9cc4620099399;hpb=a8e971702f23ee67e02b4716ad4159f12cefdca6;p=src%2Fapp-framework-binder.git diff --git a/src/afb-xreq.c b/src/afb-xreq.c index b40f0304..b964b104 100644 --- a/src/afb-xreq.c +++ b/src/afb-xreq.c @@ -16,7 +16,7 @@ */ #define _GNU_SOURCE -#define NO_BINDING_VERBOSE_MACRO +#define AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO #include #include @@ -33,6 +33,7 @@ #include "afb-hook.h" #include "afb-api.h" #include "afb-apiset.h" +#include "afb-auth.h" #include "jobs.h" #include "verbose.h" @@ -375,6 +376,11 @@ static inline struct afb_req to_req(struct afb_xreq *xreq) return (struct afb_req){ .itf = xreq->hookflags ? &xreq_hooked_itf : &xreq_itf, .closure = xreq }; } +struct json_object *afb_xreq_json(struct afb_xreq *xreq) +{ + return afb_req_json(to_req(xreq)); +} + void afb_xreq_success(struct afb_xreq *xreq, struct json_object *obj, const char *info) { afb_req_success(to_req(xreq), obj, info); @@ -434,62 +440,70 @@ void afb_xreq_subcall(struct afb_xreq *xreq, const char *api, const char *verb, afb_req_subcall(to_req(xreq), api, verb, args, callback, cb_closure); } -static int xcheck(struct afb_xreq *xreq, int sessionflags) +static int xreq_session_check_apply(struct afb_xreq *xreq, int sessionflags, const struct afb_auth *auth) { - if ((sessionflags & (AFB_SESSION_CREATE|AFB_SESSION_CLOSE|AFB_SESSION_RENEW|AFB_SESSION_CHECK|AFB_SESSION_LOA_EQ)) != 0) { + int loa; + + if ((sessionflags & (AFB_SESSION_CLOSE|AFB_SESSION_RENEW|AFB_SESSION_CHECK|AFB_SESSION_LOA_EQ)) != 0) { if (!afb_context_check(&xreq->context)) { afb_context_close(&xreq->context); - afb_xreq_fail_f(xreq, "failed", "invalid token's identity"); - return 0; + afb_xreq_fail_f(xreq, "denied", "invalid token's identity"); + errno = EINVAL; + return -1; } } - if ((sessionflags & AFB_SESSION_CREATE) != 0) { - if (afb_context_check_loa(&xreq->context, 1)) { - afb_xreq_fail_f(xreq, "failed", "invalid creation state"); - return 0; - } - afb_context_change_loa(&xreq->context, 1); - afb_context_refresh(&xreq->context); - } - - if ((sessionflags & (AFB_SESSION_CREATE | AFB_SESSION_RENEW)) != 0) - afb_context_refresh(&xreq->context); - - if ((sessionflags & AFB_SESSION_CLOSE) != 0) { - afb_context_change_loa(&xreq->context, 0); - afb_context_close(&xreq->context); - } - if ((sessionflags & AFB_SESSION_LOA_GE) != 0) { - int loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK; + loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK; if (!afb_context_check_loa(&xreq->context, loa)) { - afb_xreq_fail_f(xreq, "failed", "invalid LOA"); - return 0; + afb_xreq_fail_f(xreq, "denied", "invalid LOA"); + errno = EPERM; + return -1; } } if ((sessionflags & AFB_SESSION_LOA_LE) != 0) { - int loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK; + loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK; if (afb_context_check_loa(&xreq->context, loa + 1)) { - afb_xreq_fail_f(xreq, "failed", "invalid LOA"); - return 0; + afb_xreq_fail_f(xreq, "denied", "invalid LOA"); + errno = EPERM; + return -1; } } - return 1; + + if (auth && !afb_auth_check(auth, xreq)) { + afb_xreq_fail_f(xreq, "denied", "authorisation refused"); + errno = EPERM; + return -1; + } + + if ((sessionflags & AFB_SESSION_RENEW) != 0) { + afb_context_refresh(&xreq->context); + } + if ((sessionflags & AFB_SESSION_CLOSE) != 0) { + afb_context_change_loa(&xreq->context, 0); + afb_context_close(&xreq->context); + } + + return 0; } -void afb_xreq_so_call(struct afb_xreq *xreq, int sessionflags, void (*method)(struct afb_req req)) +void afb_xreq_call_verb_v1(struct afb_xreq *xreq, const struct afb_verb_desc_v1 *verb) { - if (xcheck(xreq, sessionflags)) - method(to_req(xreq)); + if (!verb) + afb_xreq_fail_unknown_verb(xreq); + else + if (!xreq_session_check_apply(xreq, verb->session, NULL)) + verb->callback(to_req(xreq)); } -void afb_xreq_begin(struct afb_xreq *xreq) +void afb_xreq_call_verb_v2(struct afb_xreq *xreq, const struct afb_verb_v2 *verb) { - afb_hook_init_xreq(xreq); - if (xreq->hookflags) - afb_hook_xreq_begin(xreq); + if (!verb) + afb_xreq_fail_unknown_verb(xreq); + else + if (!xreq_session_check_apply(xreq, verb->session, verb->auth)) + verb->callback(to_req(xreq)); } void afb_xreq_init(struct afb_xreq *xreq, const struct afb_xreq_query_itf *queryitf) @@ -499,6 +513,15 @@ void afb_xreq_init(struct afb_xreq *xreq, const struct afb_xreq_query_itf *query xreq->queryitf = queryitf; } +void afb_xreq_fail_unknown_api(struct afb_xreq *xreq) +{ + afb_xreq_fail_f(xreq, "unknown-api", "api %s not found (for verb %s)", xreq->api, xreq->verb); +} + +void afb_xreq_fail_unknown_verb(struct afb_xreq *xreq) +{ + afb_xreq_fail_f(xreq, "unknown-verb", "verb %s unknown within api %s", xreq->verb, xreq->api); +} static void process_async(int signum, void *arg) { @@ -529,7 +552,7 @@ void afb_xreq_process(struct afb_xreq *xreq, struct afb_apiset *apiset) xreq->apiset = apiset; afb_xreq_addref(xreq); - if (jobs_queue(NULL, afb_apiset_get_timeout(apiset), process_async, xreq) < 0) { + if (jobs_queue(NULL, afb_apiset_timeout_get(apiset), process_async, xreq) < 0) { /* TODO: allows or not to proccess it directly as when no threading? (see above) */ ERROR("can't process job with threads: %m"); afb_xreq_fail_f(xreq, "cancelled", "not able to create a job for the task");