Code Review / apps / low-level-can-service.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 3a0d2a4)
Create an auth verb to raise privilege of session
authorRomain Forlot <romain.forlot@iot.bzh>
Thu, 13 Jul 2017 16:47:18 +0000 (18:47 +0200)
committerRomain Forlot <romain.forlot@iot.bzh>
Fri, 21 Jul 2017 10:02:11 +0000 (12:02 +0200)
Simply raise to a LOA of 1 the current session if asked
Need to add some checks to not allow anyone raise its session
must hold a specific permission urn:AGL:permission::platform:can:write
to be able to authenticate.

Change-Id: Id4e01ca20ba8437e97a64db682fdd3ebf45ce7b4
Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
low-can-binding/binding/low-can-cb.cpp patch | blob | history
low-can-binding/binding/low-can-hat.cpp patch | blob | history
low-can-binding/binding/low-can-hat.hpp patch | blob | history

diff --git a/low-can-binding/binding/low-can-cb.cpp b/low-can-binding/binding/low-can-cb.cpp
index e25d6ea..a7e4396 100644 (file)
--- a/low-can-binding/binding/low-can-cb.cpp
+++ b/low-can-binding/binding/low-can-cb.cpp
@@ -351,6 +351,12 @@ static void do_subscribe_unsubscribe(struct afb_req request, bool subscribe)
                afb_req_fail(request, "error", NULL);
 }
 
+void auth(struct afb_req request)
+{
+       afb_req_session_set_LOA(request, 1);
+       afb_req_success(request, NULL, NULL);
+}
+
 void subscribe(struct afb_req request)
 {
        do_subscribe_unsubscribe(request, true);
diff --git a/low-can-binding/binding/low-can-hat.cpp b/low-can-binding/binding/low-can-hat.cpp
index dae3a4a..0fb7e8c 100644 (file)
--- a/low-can-binding/binding/low-can-hat.cpp
+++ b/low-can-binding/binding/low-can-hat.cpp
@@ -40,13 +40,23 @@ extern "C"
                return a;
        }
 
-       static const struct afb_auth loa_1 = { loa_afb_auth(1) };
+       static constexpr struct afb_auth perm_afb_auth(const char* permission)
+       {
+               struct afb_auth a = {};
+               a.type = afb_auth_Permission;
+               a.text = permission;
+               return a;
+       }
+
+       static const struct afb_auth afb_auth_loa_1 = { loa_afb_auth(1) };
+       static const struct afb_auth afb_auth_perm = { perm_afb_auth("urn:AGL:permission::platform:can:write") };
 
        static const struct afb_verb_v2 verbs[]=
        {
+               { .verb= "auth", .callback= auth, .auth= &afb_auth_perm, .info="Authentification against service to get the required level of confidence", .session= AFB_SESSION_NONE},
                { .verb= "subscribe", .callback= subscribe, .auth= NULL, .info="Let subscribe to signals", .session= AFB_SESSION_NONE},
                { .verb= "unsubscribe", .callback= unsubscribe, .auth= NULL, .info="Let unsubscribe signals", .session= AFB_SESSION_NONE},
-               { .verb= "swrite", .callback= swrite, .auth= &loa_1, .info="Write a single CAN message on a CAN bus", .session= AFB_SESSION_LOA_1},
+               { .verb= "swrite", .callback= swrite, .auth= &afb_auth_loa_1, .info="Write a single CAN message on a CAN bus", .session= AFB_SESSION_LOA_1},
                { .verb= NULL, .callback= NULL, .auth= NULL, .info=NULL, .session= 0}
        };
 
diff --git a/low-can-binding/binding/low-can-hat.hpp b/low-can-binding/binding/low-can-hat.hpp
index 6ecad23..b0f29b5 100644 (file)
--- a/low-can-binding/binding/low-can-hat.hpp
+++ b/low-can-binding/binding/low-can-hat.hpp
@@ -36,6 +36,7 @@ void on_no_clients(std::shared_ptr<low_can_subscription_t> can_subscription, std
 void on_no_clients(std::shared_ptr<low_can_subscription_t> can_subscription, uint32_t pid, std::map<int, std::shared_ptr<low_can_subscription_t> >& s);
 int read_message(sd_event_source *s, int fd, uint32_t revents, void *userdata);
 
+void auth(struct afb_req request);
 void subscribe(struct afb_req request);
 void unsubscribe(struct afb_req request);
 void swrite(struct afb_req request);