--- /dev/null
+[submodule "conf.d/app-templates"]
+ path = conf.d/app-templates
+ url = https://gerrit.automotivelinux.org/gerrit/p/apps/app-templates.git
+++ /dev/null
-cmake_minimum_required(VERSION 3.6)
-project(agl-identity)
-
-add_subdirectory(pam)
-add_subdirectory(binding)
+++ /dev/null
-
-add_library(agl-identity SHARED identity-binding.c)
\ No newline at end of file
+++ /dev/null
-#define _GNU_SOURCE
-#define AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO
-
-#include <string.h>
-#include <json-c/json.h>
-#include <afb/afb-binding-v2.h>
-#include <afb/afb-req-v2.h>
-#include <afb/afb-req-itf.h>
-
-// ---------- Verb's declaration ----------------------------------------------
-static void verb_login(struct afb_req req);
-static void verb_logout(struct afb_req req);
-static void verb_open_session(struct afb_req req);
-static void verb_close_session(struct afb_req req);
-static void verb_set_data(struct afb_req req);
-static void verb_get_data(struct afb_req req);
-
-// ---------- Binding's metadata ----------------------------------------------
-static const struct afb_auth _afb_auth_v2_identity[] = {};
-
-static const struct afb_verb_v2 _afb_verbs_v2_identity[] =
-{
- {
- .verb = "login",
- .callback = verb_login,
- .auth = NULL,
- .session = 0,
- },
- {
- .verb = "logout",
- .callback = verb_logout,
- .auth = NULL,
- .session = 0,
- },
- {
- .verb = "open_session",
- .callback = verb_open_session,
- .auth = NULL,
- .session = 0,
- },
- {
- .verb = "close_session",
- .callback = verb_close_session,
- .auth = NULL,
- .session = 0,
- },
- {
- .verb = "get_data",
- .callback = verb_get_data,
- .auth = NULL,
- .session = 0,
- },
- {
- .verb = "set_data",
- .callback = set_data,
- .auth = NULL,
- .session = 0,
- },
- { .verb = NULL }
-};
-
-static const struct afb_binding_v2 _afb_binding_v2_identity =
-{
- .api = "identity",
- .specification = NULL,
- .verbs = _afb_verbs_v2_identity,
- .preinit = NULL,
- .init = NULL,
- .onevent = NULL
-};
-
-// ---------- Verb's implementation -------------------------------------------
-
-static void verb_login(struct afb_req req)
-{
-}
-
-static void verb_logout(struct afb_req req)
-{
-}
-
-static void verb_open_session(struct afb_req req)
-{
-}
-
-static void verb_close_session(struct afb_req req)
-{
-}
-
-static void verb_get_data(struct afb_req req)
-{
-}
-
-static void verb_set_data(struct afb_req req)
-{
-}
--- /dev/null
+Subproject commit 2d053aafe099919d12b58df0634cbeb18b845d3e
--- /dev/null
+cmake_minimum_required(VERSION 3.3)
+project(idkey)
+add_executable(idkey main.c)
+install(TARGETS idkey
+ RUNTIME DESTINATION bin
+ LIBRARY DESTINATION lib)
--- /dev/null
+#include <fcntl.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define EXIT_SUCCESS 0
+#define EXIT_CMDLINE 1
+#define EXIT_FILEOPEN 2
+#define EXIT_FILEREAD 3
+#define EXIT_FILEWRITE 4
+#define EXIT_INVALID 5
+#define EXIT_ALLOC 6
+
+#define BLOCK_SIZE 4096
+
+/// @brief Header of the datas.
+typedef struct header_
+{
+ char mn[4];
+ size_t size;
+} header;
+
+/// @brief Check if the @c v is a valid magick number.
+/// @param[in] v magick number.
+/// @return 1 if valid, zero otherwise.
+int is_valid_nm(const char* v)
+{
+ return v && v[0] == 'I' && v[1] == 'D' && v[2] == 'K' && v[3] == 'Y';
+}
+
+/// @brief Close the file descriptor if valid then print a formatted error message then return the specified code.
+/// @param[in] fd File descriptor to close.
+/// @param[in] code The exit code to return.
+/// @param[in] format The message to print.
+/// @param[in] ... Values for formatting.
+/// @return The exit code provided by @c code.
+int close_and_fail(int fd, int code, const char* format, ...)
+{
+ va_list arglist;
+ fprintf(stderr, "Error: ");
+ va_start(arglist, format);
+ vfprintf(stderr, format, arglist);
+ va_end(arglist);
+ fprintf(stderr, "\n");
+ return code;
+}
+
+/// @brief Read the device @c devname and print it's data to stdout.
+/// @param[in] devname Device's name.
+/// @return Exit code, zero if success.
+int read_device(const char* devname)
+{
+ int fd = open(devname, O_RDONLY);
+ if (fd == -1) return close_and_fail(fd, EXIT_FILEOPEN, "Failed to open '%s'!", devname);
+
+ header h;
+ ssize_t sz = read(fd, &h, sizeof(header));
+ if (sz != sizeof(header)) return close_and_fail(fd, EXIT_FILEREAD, "Failed to read the header!");
+ if (!is_valid_nm(h.mn)) return close_and_fail(fd, EXIT_INVALID, "Not a valid identity key!");
+
+ while(h.size)
+ {
+ char datas[BLOCK_SIZE + 1];
+ memset(datas, BLOCK_SIZE +1, 0);
+ size_t count = BLOCK_SIZE > h.size ? h.size : BLOCK_SIZE;
+
+ sz = read(fd, datas, count);
+
+ if (sz != count) close_and_fail(fd, EXIT_FILEREAD, "Failed to read a data block!");
+ h.size = (h.size - count);
+
+ printf(datas);
+ }
+ printf("\n");
+ close(fd);
+ return EXIT_SUCCESS;
+}
+
+/// @brief Write the specified data to the specified device.
+/// @param[in] devname Name of the device.
+/// @param[in] datas Datas to write.
+/// @return Exit code, zero if success, non-zero otherwise.
+int write_device(const char* devname, const char* datas)
+{
+ header h = {
+ .mn = {'I', 'D', 'K', 'Y'},
+ .size = strlen(datas)
+ };
+ if (h.size < 1) return close_and_fail(-1, EXIT_CMDLINE, "No data to write!");
+
+ int fd = open(devname, O_WRONLY);
+ if (fd == -1) return close_and_fail(fd, EXIT_FILEOPEN, "Failed to open device '%s'!", devname);
+ if (write(fd, &h, sizeof(header)) != sizeof(header)) return close_and_fail(fd, EXIT_FILEWRITE, "Failed to write the header!");
+ if (write(fd, datas, h.size) != h.size) return close_and_fail(fd, EXIT_FILEWRITE, "Failed to write datas!");
+
+ close(fd);
+ return EXIT_SUCCESS;
+}
+
+/// @brief Entry point.
+/// @param[in] argc Number of arguments in @c argv.
+/// @param[in] argv Arguments array.
+/// @return Exit code, zero if success, non-zero otherwise.
+int main(int argc, char** argv)
+{
+ switch(argc)
+ {
+ case 0:
+ case 1:
+ fprintf(stderr, "ERROR: too few arguments!\n");
+ return EXIT_CMDLINE;
+
+ case 2: // Read the device
+ return read_device(argv[1]);
+
+ case 3: // Write the device
+ return write_device(argv[1], argv[2]);
+
+ default:
+ fprintf(stderr, "ERROR: too many arguments!\n");
+ return EXIT_CMDLINE;
+ }
+}
+
--- /dev/null
+cmake_minimum_required(VERSION 3.3)
+
+include(${CMAKE_CURRENT_SOURCE_DIR}/conf.d/cmake/config.cmake)
--- /dev/null
+###########################################################################
+# Copyright 2015, 2016, 2017 IoT.bzh
+#
+# author: Fulup Ar Foll <fulup@iot.bzh>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###########################################################################
+
+# Project Info
+# ------------------
+set(PROJECT_NAME ll-auth-binding)
+set(PROJECT_VERSION "0.1")
+set(PROJECT_PRETTY_NAME "Low Level Auth Binding")
+set(PROJECT_DESCRIPTION "A low level binding to log users in and out.")
+set(PROJECT_URL "")
+set(PROJECT_ICON "icon.png")
+set(PROJECT_AUTHOR "Collignon, Loïc")
+set(PROJECT_AUTHOR_MAIL "loic.collignon@iot.bzh")
+set(PROJECT_LICENSE "APL2.0")
+set(PROJECT_LANGUAGES,"C")
+
+# Where are stored default templates files from submodule or subtree app-templates in your project tree
+# relative to the root project directory
+set(PROJECT_APP_TEMPLATES_DIR "conf.d/app-templates")
+
+# Where are stored your external libraries for your project. This is 3rd party library that you don't maintain
+# but used and must be built and linked.
+# set(PROJECT_LIBDIR "libs")
+
+# Where are stored data for your application. Pictures, static resources must be placed in that folder.
+# set(PROJECT_RESOURCES "data")
+
+# Which directories inspect to find CMakeLists.txt target files
+# set(PROJECT_SRC_DIR_PATTERN "*")
+
+# Compilation Mode (DEBUG, RELEASE)
+# ----------------------------------
+set(CMAKE_BUILD_TYPE "DEBUG")
+
+# Kernel selection if needed. Impose a minimal version.
+# NOTE FOR NOW IT CHECKS KERNEL Yocto SDK Kernel version
+# else only HOST VERSION
+# -----------------------------------------------
+#set (kernel_minimal_version 4.8)
+
+# Compiler selection if needed. Impose a minimal version.
+# -----------------------------------------------
+set (gcc_minimal_version 4.9)
+
+# PKG_CONFIG required packages
+# -----------------------------
+set (PKG_REQUIRED_LIST
+ json-c
+ libsystemd>=222
+ afb-daemon
+ libmicrohttpd>=0.9.55
+)
+
+# Static constante definition
+# -----------------------------
+add_compile_options()
+
+# LANG Specific compile flags set for all build types
+set(CMAKE_C_FLAGS "")
+set(CMAKE_CXX_FLAGS "")
+
+# Print a helper message when every thing is finished
+# ----------------------------------------------------
+#set(CLOSING_MESSAGE "")
+#set(PACKAGE_MESSAGE "Install widget file using in the target : afm-util install ${PROJECT_NAME}.wgt")
+
+# (BUG!!!) as PKG_CONFIG_PATH does not work [should be an env variable]
+# ---------------------------------------------------------------------
+set(CMAKE_INSTALL_PREFIX $ENV{HOME}/opt)
+set(CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH} ${CMAKE_INSTALL_PREFIX}/lib64/pkgconfig ${CMAKE_INSTALL_PREFIX}/lib/pkgconfig)
+set(LD_LIBRARY_PATH ${CMAKE_INSTALL_PREFIX}/lib64 ${CMAKE_INSTALL_PREFIX}/lib)
+
+# Optional location for config.xml.in
+# -----------------------------------
+#set(WIDGET_CONFIG_TEMPLATE ${CMAKE_CURRENT_SOURCE_DIR}/conf.d/config.xml.in)
+
+# Mandatory widget Mimetype specification of the main unit
+# --------------------------------------------------------------------------
+# Choose between :
+#- text/html : HTML application,
+# content.src designates the home page of the application
+#
+#- application/vnd.agl.native : AGL compatible native,
+# content.src designates the relative path of the binary.
+#
+# - application/vnd.agl.service: AGL service, content.src is not used.
+#
+#- ***application/x-executable***: Native application,
+# content.src designates the relative path of the binary.
+# For such application, only security setup is made.
+#
+set(WIDGET_TYPE MimeType_Not_Set)
+
+# Mandatory Widget entry point file of the main unit
+# --------------------------------------------------------------
+# This is the file that will be executed, loaded,
+# at launch time by the application framework.
+#
+set(WIDGET_ENTRY_POINT EntryPoint_Path_Not_Set)
+
+# Optional dependencies order
+# ---------------------------
+#set(EXTRA_DEPENDENCIES_ORDER)
+
+# Optional Extra global include path
+# -----------------------------------
+#set(EXTRA_INCLUDE_DIRS)
+
+# Optional extra libraries
+# -------------------------
+#set(EXTRA_LINK_LIBRARIES)
+
+# Optional force binding installation
+# ------------------------------------
+# set(BINDINGS_INSTALL_PREFIX PrefixPath )
+
+# Optional force binding Linking flag
+# ------------------------------------
+# set(BINDINGS_LINK_FLAG LinkOptions )
+
+# Optional force package prefix generation, like widget
+# -----------------------------------------------------
+# set(PKG_PREFIX DestinationPath)
+
+# Optional Application Framework security token
+# and port use for remote debugging.
+#------------------------------------------------------------
+#set(AFB_TOKEN "" CACHE PATH "Default AFB_TOKEN")
+#set(AFB_REMPORT "1234" CACHE PATH "Default AFB_TOKEN")
+
+# This include is mandatory and MUST happens at the end
+# of this file, else you expose you to unexpected behavior
+# -----------------------------------------------------------
+include(${PROJECT_APP_TEMPLATES_DIR}/cmake/common.cmake)
--- /dev/null
+AFB = function(base, initialtoken){
+
+var urlws = "ws://"+window.location.host+"/"+base;
+var urlhttp = "http://"+window.location.host+"/"+base;
+
+/*********************************************/
+/**** ****/
+/**** AFB_context ****/
+/**** ****/
+/*********************************************/
+var AFB_context;
+{
+ var UUID = undefined;
+ var TOKEN = initialtoken;
+
+ var context = function(token, uuid) {
+ this.token = token;
+ this.uuid = uuid;
+ }
+
+ context.prototype = {
+ get token() {return TOKEN;},
+ set token(tok) {if(tok) TOKEN=tok;},
+ get uuid() {return UUID;},
+ set uuid(id) {if(id) UUID=id;}
+ };
+
+ AFB_context = new context();
+}
+/*********************************************/
+/**** ****/
+/**** AFB_websocket ****/
+/**** ****/
+/*********************************************/
+var AFB_websocket;
+{
+ var CALL = 2;
+ var RETOK = 3;
+ var RETERR = 4;
+ var EVENT = 5;
+
+ var PROTO1 = "x-afb-ws-json1";
+
+ AFB_websocket = function(onopen, onabort) {
+ var u = urlws;
+ if (AFB_context.token) {
+ u = u + '?x-afb-token=' + AFB_context.token;
+ if (AFB_context.uuid)
+ u = u + '&x-afb-uuid=' + AFB_context.uuid;
+ }
+ this.ws = new WebSocket(u, [ PROTO1 ]);
+ this.pendings = {};
+ this.awaitens = {};
+ this.counter = 0;
+ this.ws.onopen = onopen.bind(this);
+ this.ws.onerror = onerror.bind(this);
+ this.ws.onclose = onclose.bind(this);
+ this.ws.onmessage = onmessage.bind(this);
+ this.onopen = onopen;
+ this.onabort = onabort;
+ this.onclose = onabort;
+ }
+
+ function onerror(event) {
+ var f = this.onabort;
+ if (f) {
+ delete this.onopen;
+ delete this.onabort;
+ f && f(this);
+ }
+ this.onerror && this.onerror(this);
+ }
+
+ function onopen(event) {
+ var f = this.onopen;
+ delete this.onopen;
+ delete this.onabort;
+ f && f(this);
+ }
+
+ function onclose(event) {
+ for (var id in this.pendings) {
+ var ferr = this.pendings[id].onerror;
+ ferr && ferr(null, this);
+ }
+ this.pendings = {};
+ this.onclose && this.onclose();
+ }
+
+ function fire(awaitens, name, data) {
+ var a = awaitens[name];
+ if (a)
+ a.forEach(function(handler){handler(data);});
+ var i = name.indexOf("/");
+ if (i >= 0) {
+ a = awaitens[name.substring(0,i)];
+ if (a)
+ a.forEach(function(handler){handler(data);});
+ }
+ a = awaitens["*"];
+ if (a)
+ a.forEach(function(handler){handler(data);});
+ }
+
+ function reply(pendings, id, ans, offset) {
+ if (id in pendings) {
+ var p = pendings[id];
+ delete pendings[id];
+ var f = p[offset];
+ f(ans);
+ }
+ }
+
+ function onmessage(event) {
+ var obj = JSON.parse(event.data);
+ var code = obj[0];
+ var id = obj[1];
+ var ans = obj[2];
+ AFB_context.token = obj[3];
+ switch (code) {
+ case RETOK:
+ reply(this.pendings, id, ans, 0);
+ break;
+ case RETERR:
+ reply(this.pendings, id, ans, 1);
+ break;
+ case EVENT:
+ default:
+ fire(this.awaitens, id, ans);
+ break;
+ }
+ }
+
+ function close() {
+ this.ws.close();
+ this.onabort();
+ }
+
+ function call(method, request) {
+ return new Promise((function(resolve, reject){
+ var id, arr;
+ do {
+ id = String(this.counter = 4095 & (this.counter + 1));
+ } while (id in this.pendings);
+ this.pendings[id] = [ resolve, reject ];
+ arr = [CALL, id, method, request ];
+ if (AFB_context.token) arr.push(AFB_context.token);
+ this.ws.send(JSON.stringify(arr));
+ }).bind(this));
+ }
+
+ function onevent(name, handler) {
+ var id = name;
+ var list = this.awaitens[id] || (this.awaitens[id] = []);
+ list.push(handler);
+ }
+
+ AFB_websocket.prototype = {
+ close: close,
+ call: call,
+ onevent: onevent
+ };
+}
+/*********************************************/
+/**** ****/
+/**** ****/
+/**** ****/
+/*********************************************/
+return {
+ context: AFB_context,
+ ws: AFB_websocket
+};
+};
+
--- /dev/null
+###########################################################################
+# Copyright 2015, 2016, 2017 IoT.bzh
+#
+# author: Fulup Ar Foll <fulup@iot.bzh>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###########################################################################
+
+
+
+##################################################
+# HTML Testing Files
+##################################################
+PROJECT_TARGET_ADD(www_test)
+
+ file(GLOB SOURCE_FILES "*.html" "*.js" "*.jpg")
+
+ add_custom_target(${TARGET_NAME}
+ DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME}
+ )
+
+ add_custom_command(
+ DEPENDS ${SOURCE_FILES}
+ OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME}
+ COMMAND mkdir -p ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME}
+ COMMAND touch ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME}
+ COMMAND cp -r ${SOURCE_FILES} ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME}
+ )
+
+ SET_TARGET_PROPERTIES(${TARGET_NAME} PROPERTIES
+ LABELS "HTDOCS"
+ OUTPUT_NAME ${TARGET_NAME}
+ )
--- /dev/null
+ var afb = new AFB("api", "mysecret");
+ var ws;
+ var evtidx=0;
+
+ function getParameterByName(name, url) {
+ if (!url) {
+ url = window.location.href;
+ }
+ name = name.replace(/[\[\]]/g, "\\$&");
+ var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),
+ results = regex.exec(url);
+ if (!results) return null;
+ if (!results[2]) return '';
+ return decodeURIComponent(results[2].replace(/\+/g, " "));
+ }
+
+ // default soundcard is "PCH"
+ var devid=getParameterByName("devid");
+ if (!devid) devid="hw:0";
+
+ var sndname=getParameterByName("sndname");
+ if (!sndname) sndname="PCH";
+
+ var quiet=getParameterByName("quiet");
+ if (!quiet) quiet="99";
+
+ function init() {
+ ws = new afb.ws(onopen, onabort);
+ }
+
+ function onopen() {
+ document.getElementById("main").style.visibility = "visible";
+ document.getElementById("connected").innerHTML = "Binder WS Active";
+ document.getElementById("connected").style.background = "lightgreen";
+ ws.onevent("*", gotevent);
+ }
+
+ function onabort() {
+ document.getElementById("main").style.visibility = "hidden";
+ document.getElementById("connected").innerHTML = "Connected Closed";
+ document.getElementById("connected").style.background = "red";
+
+ }
+
+ function replyok(obj) {
+ console.log("replyok:" + JSON.stringify(obj));
+ document.getElementById("output").innerHTML = "OK: "+JSON.stringify(obj);
+ }
+
+ function replyerr(obj) {
+ console.log("replyerr:" + JSON.stringify(obj));
+ document.getElementById("output").innerHTML = "ERROR: "+JSON.stringify(obj);
+ }
+
+ function gotevent(obj) {
+ console.log("gotevent:" + JSON.stringify(obj));
+ document.getElementById("outevt").innerHTML = (evtidx++) +": "+JSON.stringify(obj);
+ }
+
+ function send(message) {
+ var api = document.getElementById("api").value;
+ var verb = document.getElementById("verb").value;
+ document.getElementById("question").innerHTML = "subscribe: "+api+"/"+verb + " (" + JSON.stringify(message) +")";
+ ws.call(api+"/"+verb, {data:message}).then(replyok, replyerr);
+ }
+
+
+ function callbinder(api, verb, query) {
+ console.log ("subscribe api="+api+" verb="+verb+" query=" +query);
+ document.getElementById("question").innerHTML = "apicall: " + api+"/"+verb +" ("+ JSON.stringify(query)+")";
+ ws.call(api+"/"+verb, query).then(replyok, replyerr);
+ }
--- /dev/null
+<html>
+ <head>
+ <title>ll-auth-binding test</title>
+ <script type="text/javascript" src="AFB-websock.js"></script>
+ <script type="text/javascript" src="IdentityBinding.js"></script>
+ </head>
+
+ <body onload="init();">
+ <h1>Identity Binding</h1>
+ <button id="connected" onclick="init()">Binder WS Fail</button>
+ <br>
+ <ol>
+ <!--
+ <li><button onclick="callbinder('ll-auth','login', {})">login</button></li>
+ <li><button onclick="callbinder('ll-auth','logout', {})">logout</button></li>
+ -->
+ <li><button onclick="callbinder('ll-auth','getuser', {})">get user</button></li>
+ </ol>
+ <br>
+ <div id="main" style="visibility:hidden">
+ <ol>
+ <li>Question <div id="question"></div></li>
+ <li>Response <div id="output"></div></li>
+ <li>Events: <div id="outevt"></div>
+ </ol>
+ </div>
+ </body>
+</html>
\ No newline at end of file
--- /dev/null
+<html>
+ <head>
+ <title>Identity Binding tests</title>
+ </head>
+ <body>
+ <h1>Identity Binding tests</h1>
+ <ol>
+ <li><a href="auth.html">Auth</a></li>
+ </ol>
+ </body>
+</html>
--- /dev/null
+PROJECT_TARGET_ADD(ll-auth-binding)
+
+# Require PAM but there is no find_package
+set(PAM_INCLUDE_DIR "/usr/include/")
+set(PAM_LIBRARY "/lib64/libpam.so.0")
+set(PAM_MISC_LIBRARY "/lib64/libpam_misc.so.0")
+include_directories(${PAM_INCLUDE_DIR})
+
+add_library(ll-auth-binding MODULE ll-auth-binding.c)
+
+set_target_properties(ll-auth-binding PROPERTIES
+ PREFIX "afb-"
+ LABELS "BINDING"
+ LINK_FLAGS ${BINDINGS_LINK_FLAG}
+ OUTPUT_NAME ${TARGET_NAME})
+
+target_link_libraries(ll-auth-binding ${link_libraries} ${PAM_LIBRARY} ${PAM_MISC_LIBRARY})
+
+install(
+ TARGETS ll-auth-binding
+ LIBRARY DESTINATION ${BINDINGS_INSTALL_DIR})
--- /dev/null
+{ global: afbBindingV*; local: *; };
--- /dev/null
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <string.h>
+#include <json-c/json.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+#define AFB_BINDING_VERSION 2
+#include <afb/afb-binding.h>
+
+static struct pam_conv conv = { misc_conv, NULL };
+
+static char* current_device = NULL;
+static char* current_user = NULL;
+
+afb_event evt_login, evt_logout;
+
+/// @brief API's verb 'login'. Try to login a user using a device
+/// @param[in] req The request object. Should contains a json with a "device" key.
+static void verb_login(struct afb_req req)
+{
+ struct json_object* args = NULL;
+ struct json_object* device_object = NULL;
+ pam_handle_t* pamh;
+ int r;
+
+ if (current_user)
+ {
+ AFB_ERROR("[login] the current user must be logged out first!");
+ afb_req_fail(req, "current user must be logged out first!", NULL);
+ return;
+ }
+
+ args = afb_req_json(req);
+ if (args == NULL || !json_object_object_get_ex(args, "device", &device_object))
+ {
+ AFB_ERROR("[login] device must be provided!");
+ afb_req_fail(req, "device must be provided!", NULL);
+ return;
+ }
+
+ const char* device = json_object_get_string(device_object);
+
+ if ((r = pam_start("agl", NULL, &conv, &pamh)) != PAM_SUCCESS)
+ {
+ AFB_ERROR("PAM start failed!");
+ afb_req_fail(req, "PAM start failed!", NULL);
+ return;
+ }
+
+ char pam_variable[4096] = "DEVICE=";
+ strcat(pam_variable, device);
+
+ if ((r = pam_putenv(pamh, pam_variable)) != PAM_SUCCESS)
+ {
+ AFB_ERROR("PAM putenv failed!");
+ afb_req_fail(req, "PAM putenv failed!", NULL);
+ pam_end(pamh, r);
+ return;
+ }
+
+ if ((r = pam_authenticate(pamh, 0)) != PAM_SUCCESS)
+ {
+ AFB_ERROR("PAM authenticate failed!");
+ afb_req_fail(req, "PAM authenticate failed!", NULL);
+ pam_end(pamh, r);
+ return;
+ }
+
+ if ((r = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS)
+ {
+ AFB_ERROR("PAM acct_mgmt failed!");
+ afb_req_fail(req, "PAM acct_mgmt failed!", NULL);
+ pam_end(pamh, r);
+ return;
+ }
+
+ const char* pam_user;
+ pam_get_item(pamh, PAM_USER, (const void**)&pam_user);
+ if (!pam_user)
+ {
+ AFB_ERROR("[login] No user provided by the PAM module!");
+ afb_req_fail(req, "No user provided by the PAM module!", NULL);
+ return;
+ }
+
+ current_device = strdup(device);
+ current_user = strdup(pam_user);
+
+ if ((r = pam_end(pamh, r)) != PAM_SUCCESS)
+ {
+ AFB_ERROR("PAM end failed!");
+ afb_req_fail(req, "PAM end failed!", NULL);
+ return;
+ }
+
+ AFB_INFO("[login] device: %s, user: %s", current_device, current_user);
+ json_object* result = json_object_new_object();
+ json_object_object_add(result, "device", json_object_new_string(current_device));
+ json_object_object_add(result, "user", json_object_new_string(current_user));
+ afb_req_success(req, NULL, current_device);
+ afb_event_broadcast(evt_login, result);
+}
+
+/// @brief API's verb 'lgout'. Try to logout a user using a device
+/// @param[in] req The request object. Should contains a json with a "device" key.
+static void verb_logout(struct afb_req req)
+{
+ struct json_object* args = NULL;
+ struct json_object* device_object = NULL;
+
+ args = afb_req_json(req);
+ if (args == NULL || !json_object_object_get_ex(args, "device", &device_object))
+ {
+ AFB_INFO("[logout] device must be provided!");
+ afb_req_fail(req, "device must be provided!", NULL);
+ return;
+ }
+
+ const char* device = json_object_get_string(device_object);
+ if (current_device && !strcmp(device, current_device))
+ {
+ free(current_device);
+ current_device = NULL;
+ if (current_user)
+ {
+ free(current_user);
+ current_user = NULL;
+ AFB_INFO("[logout] device: %s", device);
+ afb_req_success(req, NULL, device);
+ afb_event_broadcast(evt_logout, NULL);
+ return;
+ }
+ else
+ {
+ AFB_INFO("No user was linked to this device!");
+ afb_req_fail(req, "No user was linked to this device!", NULL);
+ return;
+ }
+ }
+
+ AFB_INFO("The unplugged device wasn't the user key!");
+ afb_req_fail(req, "The unplugged device wasn't the user key!", NULL);
+}
+
+static void verb_getuser(struct afb_req req)
+{
+ if (!current_device || !current_user)
+ {
+ afb_req_fail(req, "there is no logged user!", NULL);
+ return;
+ }
+
+ json_object* result = json_object_new_object();
+ json_object_object_add(result, "user", json_object_new_string(current_user));
+ json_object_object_add(result, "device", json_object_new_string(current_device));
+
+ afb_req_success(req, result, NULL);
+}
+
+int ll_auth_init()
+{
+ current_user = NULL;
+ current_device = NULL;
+ evt_login = afb_daemon_make_event("login");
+ evt_logout = afb_daemon_make_event("logout");
+
+ if (afb_event_is_valid(evt_login) && afb_event_is_valid(evt_logout))
+ return 0;
+
+ AFB_ERROR("Can't create events");
+ return -1;
+}
+
+static const afb_verb_v2 _ll_auth_binding_verbs[]= {
+ {
+ .verb = "login",
+ .callback = verb_login,
+ .auth = NULL,
+ .info = NULL,
+ .session = AFB_SESSION_NONE_V2
+ },
+ {
+ .verb = "logout",
+ .callback = verb_logout,
+ .auth = NULL,
+ .info = NULL,
+ .session = AFB_SESSION_NONE_V2
+ },
+ {
+ .verb = "getuser",
+ .callback = verb_getuser,
+ .auth = NULL,
+ .info = NULL,
+ .session = AFB_SESSION_NONE_V2
+ },
+ { .verb=NULL}
+};
+
+const struct afb_binding_v2 afbBindingV2 = {
+ .api = "ll-auth",
+ .specification = NULL,
+ .verbs = _ll_auth_binding_verbs,
+ .preinit = ll_auth_init,
+ .init = NULL,
+ .onevent = NULL,
+ .noconcurrency = 0
+};
--- /dev/null
+#!/bin/bash
+
+afb-daemon --port=9000 --token='' --binding=/home/agl/projects/ll-auth-binding/build/src/afb-ll-auth-binding.so --verbose --roothttp=/home/agl/projects/ll-auth-binding/htdocs
--- /dev/null
+cmake_minimum_required(VERSION 3.3)
+include(${CMAKE_CURRENT_SOURCE_DIR}/conf.d/cmake/config.cmake)
--- /dev/null
+###########################################################################
+# Copyright 2015, 2016, 2017 IoT.bzh
+#
+# author: Fulup Ar Foll <fulup@iot.bzh>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###########################################################################
+
+# Project Info
+# ------------------
+set(PROJECT_NAME ll-store-binding)
+set(PROJECT_VERSION "0.1")
+set(PROJECT_PRETTY_NAME "Low Level Store Binding")
+set(PROJECT_DESCRIPTION "Binding able to store and retrieve data by user/app/tag.")
+set(PROJECT_URL "")
+set(PROJECT_ICON "icon.png")
+set(PROJECT_AUTHOR "Collignon, Loïc")
+set(PROJECT_AUTHOR_MAIL "loic.collignon@iot.bzh")
+set(PROJECT_LICENSE "Apache-V2")
+set(PROJECT_LANGUAGES,"C")
+
+# Where are stored default templates files from submodule or subtree app-templates in your project tree
+# relative to the root project directory
+set(PROJECT_APP_TEMPLATES_DIR "conf.d/app-templates")
+
+# Where are stored your external libraries for your project. This is 3rd party library that you don't maintain
+# but used and must be built and linked.
+# set(PROJECT_LIBDIR "libs")
+
+# Where are stored data for your application. Pictures, static resources must be placed in that folder.
+# set(PROJECT_RESOURCES "data")
+
+# Which directories inspect to find CMakeLists.txt target files
+# set(PROJECT_SRC_DIR_PATTERN "*")
+
+# Compilation Mode (DEBUG, RELEASE)
+# ----------------------------------
+set(CMAKE_BUILD_TYPE "DEBUG")
+
+# Kernel selection if needed. Impose a minimal version.
+# NOTE FOR NOW IT CHECKS KERNEL Yocto SDK Kernel version
+# else only HOST VERSION
+# -----------------------------------------------
+#set (kernel_minimal_version 4.8)
+
+# Compiler selection if needed. Impose a minimal version.
+# -----------------------------------------------
+set (gcc_minimal_version 4.9)
+
+# PKG_CONFIG required packages
+# -----------------------------
+set (PKG_REQUIRED_LIST
+ json-c
+ libsystemd>=222
+ afb-daemon
+ libmicrohttpd>=0.9.55
+)
+
+# Static constante definition
+# -----------------------------
+add_compile_options()
+
+# LANG Specific compile flags set for all build types
+set(CMAKE_C_FLAGS "")
+set(CMAKE_CXX_FLAGS "")
+
+# Print a helper message when every thing is finished
+# ----------------------------------------------------
+#set(CLOSING_MESSAGE "")
+#set(PACKAGE_MESSAGE "Install widget file using in the target : afm-util install ${PROJECT_NAME}.wgt")
+
+# (BUG!!!) as PKG_CONFIG_PATH does not work [should be an env variable]
+# ---------------------------------------------------------------------
+set(CMAKE_INSTALL_PREFIX $ENV{HOME}/opt)
+set(CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH} ${CMAKE_INSTALL_PREFIX}/lib64/pkgconfig ${CMAKE_INSTALL_PREFIX}/lib/pkgconfig)
+set(LD_LIBRARY_PATH ${CMAKE_INSTALL_PREFIX}/lib64 ${CMAKE_INSTALL_PREFIX}/lib)
+
+# Optional location for config.xml.in
+# -----------------------------------
+#set(WIDGET_CONFIG_TEMPLATE ${CMAKE_CURRENT_SOURCE_DIR}/conf.d/config.xml.in)
+
+# Mandatory widget Mimetype specification of the main unit
+# --------------------------------------------------------------------------
+# Choose between :
+#- text/html : HTML application,
+# content.src designates the home page of the application
+#
+#- application/vnd.agl.native : AGL compatible native,
+# content.src designates the relative path of the binary.
+#
+# - application/vnd.agl.service: AGL service, content.src is not used.
+#
+#- ***application/x-executable***: Native application,
+# content.src designates the relative path of the binary.
+# For such application, only security setup is made.
+#
+set(WIDGET_TYPE MimeType_Not_Set)
+
+# Mandatory Widget entry point file of the main unit
+# --------------------------------------------------------------
+# This is the file that will be executed, loaded,
+# at launch time by the application framework.
+#
+set(WIDGET_ENTRY_POINT EntryPoint_Path_Not_Set)
+
+# Optional dependencies order
+# ---------------------------
+#set(EXTRA_DEPENDENCIES_ORDER)
+
+# Optional Extra global include path
+# -----------------------------------
+#set(EXTRA_INCLUDE_DIRS)
+
+# Optional extra libraries
+# -------------------------
+#set(EXTRA_LINK_LIBRARIES)
+
+# Optional force binding installation
+# ------------------------------------
+# set(BINDINGS_INSTALL_PREFIX PrefixPath )
+
+# Optional force binding Linking flag
+# ------------------------------------
+# set(BINDINGS_LINK_FLAG LinkOptions )
+
+# Optional force package prefix generation, like widget
+# -----------------------------------------------------
+# set(PKG_PREFIX DestinationPath)
+
+# Optional Application Framework security token
+# and port use for remote debugging.
+#------------------------------------------------------------
+#set(AFB_TOKEN "" CACHE PATH "Default AFB_TOKEN")
+#set(AFB_REMPORT "1234" CACHE PATH "Default AFB_TOKEN")
+
+# This include is mandatory and MUST happens at the end
+# of this file, else you expose you to unexpected behavior
+# -----------------------------------------------------------
+include(${PROJECT_APP_TEMPLATES_DIR}/cmake/common.cmake)
--- /dev/null
+PROJECT_TARGET_ADD(ll-store-binding)
+
+list(APPEND link_libraries "/usr/lib64/liblmdb.so")
+add_library(ll-store-binding MODULE ll-store-binding.c)
+
+set_target_properties(ll-store-binding PROPERTIES
+ PREFIX "afb-"
+ LABELS "BINDING"
+ LINK_FLAGS ${BINDINGS_LINK_FLAG}
+ OUTPUT_NAME ${TARGET_NAME})
+
+target_link_libraries(ll-store-binding ${link_libraries})
+
+install(
+ TARGETS ll-store-binding
+ LIBRARY DESTINATION ${BINDINGS_INSTALL_DIR})
--- /dev/null
+{ global: afbBindingV*; local: *; };
--- /dev/null
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <string.h>
+#include <json-c/json.h>
+#include <lmdb.h>
+
+#define AFB_BINDING_VERSION 2
+#include <afb/afb-binding.h>
+
+#define DB_FILE "/home/agl/projects/ll-store-binding/build/src/ll-store-binding.lmdb"
+
+MDB_env* dbenv;
+
+/// @brief Get a string from a json object.
+/// @param[in] obj Json object from wich the string is queried.
+/// @param[in] name Name of the string to get.
+/// @return
+const char* get_json_string(struct json_object* obj, const char* name)
+{
+ if (!obj || !name || !strlen(name)) return NULL;
+
+ struct json_object* item = NULL;
+ if (!json_object_object_get_ex(obj, name, &item) || !item) return NULL;
+
+ return json_object_get_string(item);
+}
+
+char* make_key(const char* username, const char* appname, const char* tagname)
+{
+ size_t sz_username = username ? strlen(username) : 0;
+ size_t sz_appname = appname ? strlen(appname) : 0;
+ size_t sz_tagname = tagname ? strlen(tagname) : 0;
+ size_t sz_total = sz_username + sz_appname + sz_tagname + 3;
+
+ char* result = (char*)malloc(sz_total);
+ memset(result, sz_total, 0);
+
+ strcpy(result, username);
+ result[sz_username] = '.';
+
+ strcpy(result + sz_username + 1, appname);
+ result[sz_username + 1 + sz_appname] = '.';
+
+ strcpy(result + sz_username + 1 + sz_appname + 1, tagname);
+
+ return result;
+}
+
+static void verb_get(struct afb_req req)
+{
+ int r;
+ struct json_object* args = afb_req_json(req);
+
+ AFB_INFO("args:\n%s\n", json_object_to_json_string_ext(args, JSON_C_TO_STRING_PRETTY));
+
+ const char* username = get_json_string(args, "username");
+ const char* appname = get_json_string(args, "appname");
+ const char* tagname = get_json_string(args, "tagname");
+
+ if (!username || !appname || !tagname)
+ {
+ AFB_ERROR("[store] username, appname and tagname must be provided!");
+ afb_req_fail(req, "username, appname and tagname must be provided!", NULL);
+ return;
+ }
+
+ char* keyname = make_key(username, appname, tagname);
+
+ MDB_txn* txn;
+ r = mdb_txn_begin(dbenv, NULL, 0, &txn);
+ if (r)
+ {
+ free(keyname);
+ AFB_ERROR("Failed to begin a transaction!");
+ afb_req_fail(req, "Failed to begin a transaction!", NULL);
+ return;
+ }
+
+ MDB_dbi dbi;
+ r = mdb_dbi_open(txn, NULL, 0, &dbi);
+ if (r)
+ {
+ free(keyname);
+ mdb_txn_abort(txn);
+ AFB_ERROR("Failed to open the database!");
+ afb_req_fail(req, "Failed to open the database!", NULL);
+ return;
+ }
+
+ MDB_val k;
+ MDB_val v;
+ k.mv_size = strlen(keyname) + 1;
+ k.mv_data = keyname;
+
+ if(mdb_get(txn, dbi, &k, &v))
+ {
+ free(keyname);
+ mdb_txn_abort(txn);
+ mdb_dbi_close(dbenv, dbi);
+ AFB_ERROR("Failed to get the data!");
+ afb_req_fail(req, "Failed to get the data!", NULL);
+ return;
+ }
+
+ char* value = strndup(v.mv_data, v.mv_size + 1);
+ if(mdb_txn_commit(txn))
+ {
+ free(keyname);
+ free(value);
+ mdb_dbi_close(dbenv, dbi);
+ AFB_ERROR("Failed to commit the transaction!");
+ return;
+ }
+
+ json_object* result = json_object_new_object();
+ json_object_object_add(result, "key", json_object_new_string(keyname));
+ json_object_object_add(result, "value", json_object_new_string(value));
+ afb_req_success(req, result, NULL);
+
+ free(value);
+ free(keyname);
+ return;
+}
+
+static void verb_set(struct afb_req req)
+{
+ int r;
+ struct json_object* args = afb_req_json(req);
+
+ AFB_INFO("args:\n%s\n", json_object_to_json_string_ext(args, JSON_C_TO_STRING_PRETTY));
+
+ const char* username = get_json_string(args, "username");
+ const char* appname = get_json_string(args, "appname");
+ const char* tagname = get_json_string(args, "tagname");
+ const char* value = get_json_string(args, "value");
+
+ if (!username || !appname || !tagname)
+ {
+ AFB_ERROR("[store] username, appname and tagname must be provided!");
+ afb_req_fail(req, "username, appname and tagname must be provided!", NULL);
+ return;
+ }
+
+ char* keyname = make_key(username, appname, tagname);
+
+ MDB_txn* txn;
+ r = mdb_txn_begin(dbenv, NULL, 0, &txn);
+ if (r)
+ {
+ free(keyname);
+ AFB_ERROR("Failed to begin a transaction!");
+ afb_req_fail(req, "Failed to begin a transaction!", NULL);
+ return;
+ }
+
+ MDB_dbi dbi;
+ r = mdb_dbi_open(txn, NULL, 0, &dbi);
+ if (r)
+ {
+ free(keyname);
+ mdb_txn_abort(txn);
+ AFB_ERROR("Failed to open the database!");
+ afb_req_fail(req, "Failed to open the database!", NULL);
+ return;
+ }
+
+ MDB_val k;
+ MDB_val v;
+ k.mv_size = strlen(keyname) + 1;
+ k.mv_data = keyname;
+ v.mv_size = value ? strlen(value) + 1 : 0;
+ v.mv_data = value;
+
+ if(mdb_put(txn, dbi, &k, &v, 0))
+ {
+ free(keyname);
+ mdb_txn_abort(txn);
+ mdb_dbi_close(dbenv, dbi);
+ AFB_ERROR("Failed to get the data!");
+ afb_req_fail(req, "Failed to get the data!", NULL);
+ return;
+ }
+
+ if(mdb_txn_commit(txn))
+ {
+ free(keyname);
+ mdb_dbi_close(dbenv, dbi);
+ AFB_ERROR("Failed to commit the transaction!");
+ return;
+ }
+
+ json_object* result = json_object_new_object();
+ json_object_object_add(result, "key", json_object_new_string(keyname));
+ json_object_object_add(result, "value", json_object_new_string(value));
+ afb_req_success(req, result, NULL);
+
+ free(keyname);
+ return;
+}
+
+int ll_store_preinit()
+{
+ int r = mdb_env_create(&dbenv);
+ if (r)
+ {
+ AFB_INFO("Failed to create MDB environment!");
+ dbenv = NULL;
+ return r;
+ }
+
+ r = mdb_env_open(dbenv, "/home/agl/ll-store-binding.lmdb", MDB_NOSUBDIR, 0644);
+ if (r)
+ {
+ mdb_env_close(dbenv);
+ dbenv = NULL;
+ AFB_INFO("Failed to open MDB environment!");
+ return r;
+ }
+
+/*
+ MDB_txn* txn;
+ r = mdb_txn_begin(dbenv, NULL, 0, &txn);
+ if (r)
+ {
+ mdb_env_close(dbenv);
+ dbenv = NULL;
+ AFB_INFO("Failed to begin a transaction!");
+ return r;
+ }
+
+ MDB_dbi dbi;
+ r = mdb_dbi_open(txn, NULL, 0, &dbi);
+ if (r)
+ {
+ mdb_env_close(dbenv);
+ AFB_INFO("Failed to open the database!");
+ dbenv = NULL;
+ }
+*/
+ return 0;
+}
+
+static const afb_verb_v2 _ll_store_binding_verbs[]= {
+ {
+ .verb = "get",
+ .callback = verb_get,
+ .auth = NULL,
+ .info = NULL,
+ .session = AFB_SESSION_NONE_V2
+ },
+ {
+ .verb = "set",
+ .callback = verb_set,
+ .auth = NULL,
+ .info = NULL,
+ .session = AFB_SESSION_NONE_V2
+ },
+ { .verb=NULL}
+};
+
+const struct afb_binding_v2 afbBindingV2 = {
+ .api = "ll-store",
+ .specification = NULL,
+ .verbs = _ll_store_binding_verbs,
+ .preinit = ll_store_preinit,
+ .init = NULL,
+ .onevent = NULL,
+ .noconcurrency = 0
+};
--- /dev/null
+#!/bin/bash
+
+afb-daemon --port=9001 --token='' --binding=/home/agl/projects/ll-store-binding/build/src/afb-ll-store-binding.so --verbose
--- /dev/null
+#!/bin/sh
+
+case "$1" in
+ "get")
+ if [ "$#" -ne "4" ]; then
+ echo "Usage: store get <user> <app> <tag>"
+ exit 1
+ fi
+ curl -v "http://localhost:9001/api/ll-store/get?username=$2&appname=$3&tagname=$4&token="
+ ;;
+ "set")
+ if [ "$#" -ne "5" ]; then
+ echo "Usage: store get <user> <app> <tag> <value>"
+ exit 1
+ fi
+ curl -v "http://localhost:9001/api/ll-store/set?username=$2&appname=$3&tagname=$4&value=$5&token="
+ ;;
+ *)
+ echo "Usage: store <action> <user> <app> <tag> <value>"
+ echo " Action can be 'get' or 'set'."
+ ;;
+esac
+
+++ /dev/null
-
-# Add PAM dependency
-# FIXME: Require PAM, but it's seems there is no find_package.
-set(PAM_INCLUDE_DIR "/usr/include/")
-set(PAM_LIB "/lib64/libpam.so.0")
-include_directories(${PAM_INCLUDE_DIR})
-
-# Add the target
-add_library(agl-identity-usbstick-pam SHARED agl-identity-usbstick-pam.c)
-target_link_libraries(agl-identity-usbstick-pam ${PAM_LIB})
-set_property(TARGET agl-identity-usbstick-pam PROPERTY POSITION_IDENPENDENT_CODE ON)
+++ /dev/null
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-#include <security/pam_modules.h>
-
-PAM_EXTERN int pam_sm_authenticate(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_setcred(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_close_session(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- return PAM_SUCCESS;
-}
-
-PAM_EXTERN int pam_sm_chauthtok(pam_handle_t* pamh, int flags, int argc, const char** argv)
-{
- return PAM_SUCCESS;
-}
-
--- /dev/null
+cmake_minimum_required(VERSION 3.1)
+project(pam_agl)
+
+include(FindPkgConfig)
+
+# Require PAM but there is no find_package
+set(PAM_INCLUDE_DIR "/usr/include/")
+set(PAM_LIBRARY "/lib64/libpam.so.0")
+include_directories(${PAM_INCLUDE_DIR})
+
+# Find json-c
+pkg_check_modules(${JSON_C} REQUIRED json-c)
+include_directories(${${JSON_C}_INCLUDE_DIRS})
+add_compile_options(${${JSON_C}_CFLAGS})
+
+# Add the target
+add_library(pam_agl SHARED pam_agl.c)
+target_link_libraries(pam_agl ${PAM_LIBRARY} ${${JSON_C}_LIBRARIES})
+#list (APPEND link_libraries ${${JSON_C}_LDFLAGS})
+set_property(TARGET pam_agl PROPERTY POSITION_INDEPENDENT_CODE ON)
+set_property(TARGET pam_agl PROPERTY PREFIX "")
+
+if (NOT DEFINED CMAKE_INSTALL_LIBDIR)
+ get_filename_component(CMAKE_INSTALL_LIBDIR ${PAM_LIBRARY} DIRECTORY)
+endif()
+
+install(TARGETS pam_agl
+ LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}/security/")
--- /dev/null
+#include <fcntl.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <uuid/uuid.h>
+#include <json-c/json.h>
+
+#define PAM_SM_AUTH
+#define PAM_SM_ACCOUNT
+#define PAM_SM_SESSION
+#define PAM_SM_PASSWORD
+#include <security/pam_modules.h>
+#include <security/pam_appl.h>
+
+#define BLOCK_SIZE 4096
+typedef struct header_
+{
+ char mn[4];
+ size_t size;
+} header;
+
+int is_valid_mn(const char* v)
+{
+ return v && v[0] == 'I' && v[1] == 'D' && v[2] == 'K' && v[3] == 'Y';
+}
+
+void pam_putenv_ex(pam_handle_t* pamh, const char* name, const char* value)
+{
+ char result[4096];
+ strcpy(result, name);
+
+ int offset = strlen(name);
+ result[offset] = '=';
+
+ strcpy(result + offset + 1, value);
+
+ pam_putenv(pamh, result);
+}
+
+int check_device(pam_handle_t* pamh, const char* device)
+{
+ printf("[PAM DEBUG]: check_device %s...\n", device);
+ int fd = open(device, O_RDONLY);
+ if (fd == -1)
+ {
+ printf("[PAM DEBUG]: Failed to open the device %s!\n", device);
+ return PAM_SERVICE_ERR;
+ }
+
+ header h;
+ ssize_t sz = read(fd, &h, sizeof(header));
+ if (sz != sizeof(header) || !is_valid_mn(h.mn) || h.size < 1) { close(fd); printf("[PAM DEBUG]: bad header!\n"); return PAM_SERVICE_ERR; }
+ printf("[PAM DEBUG]: data size=%d\n", h.size);
+
+ char* idkey = (char*)malloc(h.size + 1);
+ if (!idkey) { close(fd); printf("[PAM DEBUG] Bad alloc!\n"); return PAM_SERVICE_ERR; }
+
+ memset(idkey, 0, h.size + 1);
+ size_t count = read(fd, idkey, h.size);
+ close(fd);
+
+ if (count != h.size) { free(idkey); printf("[PAM DEBUG] Bad data read!\n"); return PAM_SERVICE_ERR; }
+ printf("[PAM DEBUG] Data read:\n%s\n", idkey);
+
+ json_object* idkey_json = json_tokener_parse(idkey);
+ if (!idkey_json) { free(idkey); printf("[PAM DEBUG] Failed to parse json data!\n"); return PAM_SERVICE_ERR; }
+
+ json_object* uuid_json;
+ if(!json_object_object_get_ex(idkey_json, "uuid", &uuid_json)) { free(idkey); printf("[PAM DEBUG]: The json does not contains a valid uuid\n"); return PAM_SERVICE_ERR; }
+
+ const char* uuid = json_object_get_string(uuid_json);
+ printf("[PAM DEBUG] uuid: %s\n", uuid);
+
+ // TODO: Check if the uuid is accepted
+ const char* const ids[] = {
+ "4f29e9ea-600a-11e7-8331-c70192ecfa55",
+ "13126524-6256-11e7-be33-3f4e4481a8c9",
+ NULL
+ };
+
+ int i = 0;
+ while(ids[i])
+ {
+ if (!strcmp(ids[i], uuid))
+ {
+ printf("[PAM DEBUG] pam_set_item(\"%s\")\n", uuid);
+ pam_set_item(pamh, PAM_USER, uuid);
+
+ const char* pam_authtok;
+ if (pam_get_item(pamh, PAM_AUTHTOK, (const void**)&pam_authtok) == PAM_SUCCESS && !pam_authtok)
+ pam_set_item(pamh, PAM_AUTHTOK, uuid);
+
+ return PAM_SUCCESS;
+ }
+ ++i;
+ }
+
+ return PAM_AUTH_ERR;
+}
+
+void log_pam(const char* fname, int flags, int argc, const char** argv, const char* device)
+{
+ printf("[PAM DEBUG]: ---------- %s ----------\n", fname);
+ printf("[PAM DEBUG]: flags: %d\n", flags);
+ for(int i = 0; i < argc; ++i)
+ {
+ printf("[PAM DEBUG]: argv[%d]: %s\n", i, argv[i]);
+ }
+ printf("[PAM DEBUG]: device: %s\n", device);
+ printf("[PAM DEBUG]: ----------------------------------------\n");
+}
+
+/*!
+ @brief The pam_sm_authenticate function is the service module's implementation
+ of the pam_authenticate(3) interface.
+ This function performs the task of authenticating the user.
+
+ @param[in] pamh Unknown.
+ @param[in] flags PAM_SILENT and/or PAM_DISALLOW_NULL_AUTHTOK.
+ @return PAM_SUCCESS if ok.
+*/
+PAM_EXTERN int pam_sm_authenticate(pam_handle_t* pamh, int flags, int argc, const char** argv)
+{
+ const char* device = pam_getenv(pamh, "DEVICE");
+ log_pam("pam_sm_authenticate", flags, argc, argv, device);
+ return check_device(pamh, device);
+}
+
+PAM_EXTERN int pam_sm_setcred(pam_handle_t* pamh, int flags, int argc, const char** argv)
+{
+ log_pam("pam_sm_setcred", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
+ return PAM_SUCCESS;
+}
+
+PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const char** argv)
+{
+ log_pam("pam_sm_acct_mgmt", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
+ return PAM_SUCCESS;
+}
+
+PAM_EXTERN int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char** argv)
+{
+ log_pam("pam_sm_open_session", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
+ return PAM_SUCCESS;
+}
+
+PAM_EXTERN int pam_sm_close_session(pam_handle_t* pamh, int flags, int argc, const char** argv)
+{
+ log_pam("pam_sm_close_session", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
+ return PAM_SUCCESS;
+}
+
+PAM_EXTERN int pam_sm_chauthtok(pam_handle_t* pamh, int flags, int argc, const char** argv)
+{
+ log_pam("pam_sm_chauthtok", flags, argc, argv, pam_getenv(pamh, "DEVICE"));
+ return PAM_SUCCESS;
+}
+++ /dev/null
-SUBSYSTEM=="usb", ACTION=="add", RUN+="/bin/bash ~/agl-identity/udev-script.sh add '%p'"
-SUBSYSTEM=="usb", ACTION=="remove", RUN+="/bin/bash ~/agl-identity/udev-script.sh remove '%p'"
\ No newline at end of file
Code Review / apps / agl-service-data-persistence.git / commitdiff