From 0dc8b87f5d8a03183c1b947640f6315545e4207b Mon Sep 17 00:00:00 2001 From: Romain Forlot Date: Thu, 13 Jul 2017 18:47:18 +0200 Subject: [PATCH 1/1] Create an auth verb to raise privilege of session Simply raise to a LOA of 1 the current session if asked Need to add some checks to not allow anyone raise its session must hold a specific permission urn:AGL:permission::platform:can:write to be able to authenticate. Change-Id: Id4e01ca20ba8437e97a64db682fdd3ebf45ce7b4 Signed-off-by: Romain Forlot --- low-can-binding/binding/low-can-cb.cpp | 6 ++++++ low-can-binding/binding/low-can-hat.cpp | 14 ++++++++++++-- low-can-binding/binding/low-can-hat.hpp | 1 + 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/low-can-binding/binding/low-can-cb.cpp b/low-can-binding/binding/low-can-cb.cpp index e25d6eae..a7e4396c 100644 --- a/low-can-binding/binding/low-can-cb.cpp +++ b/low-can-binding/binding/low-can-cb.cpp @@ -351,6 +351,12 @@ static void do_subscribe_unsubscribe(struct afb_req request, bool subscribe) afb_req_fail(request, "error", NULL); } +void auth(struct afb_req request) +{ + afb_req_session_set_LOA(request, 1); + afb_req_success(request, NULL, NULL); +} + void subscribe(struct afb_req request) { do_subscribe_unsubscribe(request, true); diff --git a/low-can-binding/binding/low-can-hat.cpp b/low-can-binding/binding/low-can-hat.cpp index dae3a4af..0fb7e8ce 100644 --- a/low-can-binding/binding/low-can-hat.cpp +++ b/low-can-binding/binding/low-can-hat.cpp @@ -40,13 +40,23 @@ extern "C" return a; } - static const struct afb_auth loa_1 = { loa_afb_auth(1) }; + static constexpr struct afb_auth perm_afb_auth(const char* permission) + { + struct afb_auth a = {}; + a.type = afb_auth_Permission; + a.text = permission; + return a; + } + + static const struct afb_auth afb_auth_loa_1 = { loa_afb_auth(1) }; + static const struct afb_auth afb_auth_perm = { perm_afb_auth("urn:AGL:permission::platform:can:write") }; static const struct afb_verb_v2 verbs[]= { + { .verb= "auth", .callback= auth, .auth= &afb_auth_perm, .info="Authentification against service to get the required level of confidence", .session= AFB_SESSION_NONE}, { .verb= "subscribe", .callback= subscribe, .auth= NULL, .info="Let subscribe to signals", .session= AFB_SESSION_NONE}, { .verb= "unsubscribe", .callback= unsubscribe, .auth= NULL, .info="Let unsubscribe signals", .session= AFB_SESSION_NONE}, - { .verb= "swrite", .callback= swrite, .auth= &loa_1, .info="Write a single CAN message on a CAN bus", .session= AFB_SESSION_LOA_1}, + { .verb= "swrite", .callback= swrite, .auth= &afb_auth_loa_1, .info="Write a single CAN message on a CAN bus", .session= AFB_SESSION_LOA_1}, { .verb= NULL, .callback= NULL, .auth= NULL, .info=NULL, .session= 0} }; diff --git a/low-can-binding/binding/low-can-hat.hpp b/low-can-binding/binding/low-can-hat.hpp index 6ecad23a..b0f29b5e 100644 --- a/low-can-binding/binding/low-can-hat.hpp +++ b/low-can-binding/binding/low-can-hat.hpp @@ -36,6 +36,7 @@ void on_no_clients(std::shared_ptr can_subscription, std void on_no_clients(std::shared_ptr can_subscription, uint32_t pid, std::map >& s); int read_message(sd_event_source *s, int fd, uint32_t revents, void *userdata); +void auth(struct afb_req request); void subscribe(struct afb_req request); void unsubscribe(struct afb_req request); void swrite(struct afb_req request); -- 2.16.6