#pragma once
+#include "afb-session-v1.h"
+
struct json_object;
struct afb_service;
struct afb_binding_v1;
struct afb_verb_desc_v1
{
const char *name; /* name of the verb */
- enum afb_session_flags session; /* authorisation and session requirements of the verb */
+ enum afb_session_flags_v1 session; /* authorisation and session requirements of the verb */
void (*callback)(struct afb_req req); /* callback function implementing the verb */
const char *info; /* textual description of the verb */
};
#endif
+/***************************************************************************************************/
+
+#if AFB_BINDING_VERSION == 1
+
+# define afb_binding afb_binding_v1
+# define afb_binding_interface afb_binding_interface_v1
+
+# define AFB_SESSION_NONE AFB_SESSION_NONE_V1
+# define AFB_SESSION_CREATE AFB_SESSION_CREATE_V1
+# define AFB_SESSION_CLOSE AFB_SESSION_CLOSE_V1
+# define AFB_SESSION_RENEW AFB_SESSION_RENEW_V1
+# define AFB_SESSION_CHECK AFB_SESSION_CHECK_V1
+
+# define AFB_SESSION_LOA_GE AFB_SESSION_LOA_GE_V1
+# define AFB_SESSION_LOA_LE AFB_SESSION_LOA_LE_V1
+# define AFB_SESSION_LOA_EQ AFB_SESSION_LOA_EQ_V1
+
+# define AFB_SESSION_LOA_SHIFT AFB_SESSION_LOA_SHIFT_V1
+# define AFB_SESSION_LOA_MASK AFB_SESSION_LOA_MASK_V1
+
+# define AFB_SESSION_LOA_0 AFB_SESSION_LOA_0_V1
+# define AFB_SESSION_LOA_1 AFB_SESSION_LOA_1_V1
+# define AFB_SESSION_LOA_2 AFB_SESSION_LOA_2_V1
+# define AFB_SESSION_LOA_3 AFB_SESSION_LOA_3_V1
+# define AFB_SESSION_LOA_4 AFB_SESSION_LOA_4_V1
+
+# define AFB_SESSION_LOA_LE_0 AFB_SESSION_LOA_LE_0_V1
+# define AFB_SESSION_LOA_LE_1 AFB_SESSION_LOA_LE_1_V1
+# define AFB_SESSION_LOA_LE_2 AFB_SESSION_LOA_LE_2_V1
+# define AFB_SESSION_LOA_LE_3 AFB_SESSION_LOA_LE_3_V1
+
+# define AFB_SESSION_LOA_EQ_0 AFB_SESSION_LOA_EQ_0_V1
+# define AFB_SESSION_LOA_EQ_1 AFB_SESSION_LOA_EQ_1_V1
+# define AFB_SESSION_LOA_EQ_2 AFB_SESSION_LOA_EQ_2_V1
+# define AFB_SESSION_LOA_EQ_3 AFB_SESSION_LOA_EQ_3_V1
+
+# define AFB_SESSION_LOA_GE_0 AFB_SESSION_LOA_GE_0_V1
+# define AFB_SESSION_LOA_GE_1 AFB_SESSION_LOA_GE_1_V1
+# define AFB_SESSION_LOA_GE_2 AFB_SESSION_LOA_GE_2_V1
+# define AFB_SESSION_LOA_GE_3 AFB_SESSION_LOA_GE_3_V1
+
+# if !defined(AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO)
+
+# define ERROR AFB_ERROR_V1
+# define WARNING AFB_WARNING_V1
+# define NOTICE AFB_NOTICE_V1
+# define INFO AFB_INFO_V1
+# define DEBUG AFB_DEBUG_V1
+
+# endif
+
+#endif
+
+
+
#include <stdint.h>
+#include "afb-session-v2.h"
+
struct afb_service;
struct afb_daemon;
struct afb_binding_v2;
{
const char *verb; /* name of the verb */
void (*callback)(struct afb_req req); /* callback function implementing the verb */
- const struct afb_auth *auth; /* required authorisation */
+ const struct afb_auth *auth; /* required authorisation */
uint32_t session; /* authorisation and session requirements of the verb */
};
# define AFB_DEBUG_V2(daemon,...) do{if(afbBindingV2verbosity>=3)afb_daemon_verbose(daemon,7,NULL,0,__VA_ARGS__);}while(0)
# endif
#endif
+
+#if AFB_BINDING_VERSION == 2
+
+# define afb_binding afb_binding_v2
+# define afb_binding_interface afb_binding_interface_v2
+
+# define AFB_SESSION_NONE AFB_SESSION_NONE_V2
+# define AFB_SESSION_CLOSE AFB_SESSION_CLOSE_V2
+# define AFB_SESSION_RENEW AFB_SESSION_REFRESH_V2
+# define AFB_SESSION_REFRESH AFB_SESSION_REFRESH_V2
+# define AFB_SESSION_CHECK AFB_SESSION_CHECK_V2
+
+# define AFB_SESSION_LOA_MASK AFB_SESSION_LOA_MASK_V2
+
+# define AFB_SESSION_LOA_0 AFB_SESSION_LOA_0_V2
+# define AFB_SESSION_LOA_1 AFB_SESSION_LOA_1_V2
+# define AFB_SESSION_LOA_2 AFB_SESSION_LOA_2_V2
+# define AFB_SESSION_LOA_3 AFB_SESSION_LOA_3_V2
+
+# if !defined(AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO)
+
+# define ERROR AFB_ERROR_V2
+# define WARNING AFB_WARNING_V2
+# define NOTICE AFB_NOTICE_V2
+# define INFO AFB_INFO_V2
+# define DEBUG AFB_DEBUG_V2
+
+# endif
+
+#endif
*
*/
-#define AFB_BINDING_PRAGMA_KEEP_OBSOLETE_V1
-#define AFB_BINDING_PRAGMA_KEEP_OBSOLETE_V2
-#define AFB_BINDING_PRAGMA_DECLARE_V1
-#define AFB_BINDING_PRAGMA_DECLARE_V2
-
#define AFB_BINDING_LOWER_VERSION 1
#define AFB_BINDING_UPPER_VERSION 2
#define AFB_BINDING_DEFAULT_VERSION 1
-#ifndef AFB_BINDING_CURRENT_VERSION
-#define AFB_BINDING_CURRENT_VERSION AFB_BINDING_DEFAULT_VERSION
+#ifndef AFB_BINDING_VERSION
+#define AFB_BINDING_VERSION AFB_BINDING_DEFAULT_VERSION
#endif
/*
* Some function of the library are exported to afb-daemon.
*/
-#include "afb-session.h"
#include "afb-auth.h"
#include "afb-req-itf.h"
#include "afb-event-itf.h"
#include "afb-binding-v1.h"
#include "afb-binding-v2.h"
-#if AFB_BINDING_CURRENT_VERSION == 1
-#define afb_binding afb_binding_v1
-#define afb_binding_interface afb_binding_interface_v1
-#if !defined(AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO)
-#define ERROR AFB_ERROR_V1
-#define WARNING AFB_WARNING_V1
-#define NOTICE AFB_NOTICE_V1
-#define INFO AFB_INFO_V1
-#define DEBUG AFB_DEBUG_V1
-#endif
-#endif
-
-
--- /dev/null
+/*
+ * Copyright (C) 2016, 2017 "IoT.bzh"
+ * Author: José Bollo <jose.bollo@iot.bzh>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+/*
+ * Enum for Session/Token/Assurance middleware.
+ */
+enum afb_session_flags_v1
+{
+ AFB_SESSION_NONE_V1 = 0, /* nothing required */
+ AFB_SESSION_CREATE_V1 = 1, /* Obsolete */
+ AFB_SESSION_CLOSE_V1 = 2, /* After token authentification, closes the session at end */
+ AFB_SESSION_RENEW_V1 = 4, /* After token authentification, refreshes the token at end */
+ AFB_SESSION_CHECK_V1 = 8, /* Requires token authentification */
+
+ AFB_SESSION_LOA_GE_V1 = 16, /* check that the LOA is greater or equal to the given value */
+ AFB_SESSION_LOA_LE_V1 = 32, /* check that the LOA is lesser or equal to the given value */
+ AFB_SESSION_LOA_EQ_V1 = 48, /* check that the LOA is equal to the given value */
+
+ AFB_SESSION_LOA_SHIFT_V1 = 6, /* shift for LOA */
+ AFB_SESSION_LOA_MASK_V1 = 7, /* mask for LOA */
+
+ AFB_SESSION_LOA_0_V1 = 0, /* value for LOA of 0 */
+ AFB_SESSION_LOA_1_V1 = 64, /* value for LOA of 1 */
+ AFB_SESSION_LOA_2_V1 = 128, /* value for LOA of 2 */
+ AFB_SESSION_LOA_3_V1 = 192, /* value for LOA of 3 */
+ AFB_SESSION_LOA_4_V1 = 256, /* value for LOA of 4 */
+
+ AFB_SESSION_LOA_LE_0_V1 = AFB_SESSION_LOA_LE_V1 | AFB_SESSION_LOA_0_V1, /* check LOA <= 0 */
+ AFB_SESSION_LOA_LE_1_V1 = AFB_SESSION_LOA_LE_V1 | AFB_SESSION_LOA_1_V1, /* check LOA <= 1 */
+ AFB_SESSION_LOA_LE_2_V1 = AFB_SESSION_LOA_LE_V1 | AFB_SESSION_LOA_2_V1, /* check LOA <= 2 */
+ AFB_SESSION_LOA_LE_3_V1 = AFB_SESSION_LOA_LE_V1 | AFB_SESSION_LOA_3_V1, /* check LOA <= 3 */
+
+ AFB_SESSION_LOA_EQ_0_V1 = AFB_SESSION_LOA_EQ_V1 | AFB_SESSION_LOA_0_V1, /* check LOA == 0 */
+ AFB_SESSION_LOA_EQ_1_V1 = AFB_SESSION_LOA_EQ_V1 | AFB_SESSION_LOA_1_V1, /* check LOA == 1 */
+ AFB_SESSION_LOA_EQ_2_V1 = AFB_SESSION_LOA_EQ_V1 | AFB_SESSION_LOA_2_V1, /* check LOA == 2 */
+ AFB_SESSION_LOA_EQ_3_V1 = AFB_SESSION_LOA_EQ_V1 | AFB_SESSION_LOA_3_V1, /* check LOA == 3 */
+
+ AFB_SESSION_LOA_GE_0_V1 = AFB_SESSION_LOA_GE_V1 | AFB_SESSION_LOA_0_V1, /* check LOA >= 0 */
+ AFB_SESSION_LOA_GE_1_V1 = AFB_SESSION_LOA_GE_V1 | AFB_SESSION_LOA_1_V1, /* check LOA >= 1 */
+ AFB_SESSION_LOA_GE_2_V1 = AFB_SESSION_LOA_GE_V1 | AFB_SESSION_LOA_2_V1, /* check LOA >= 2 */
+ AFB_SESSION_LOA_GE_3_V1 = AFB_SESSION_LOA_GE_V1 | AFB_SESSION_LOA_3_V1 /* check LOA >= 3 */
+};
+
--- /dev/null
+/*
+ * Copyright (C) 2016, 2017 "IoT.bzh"
+ * Author: José Bollo <jose.bollo@iot.bzh>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+/*
+ * Enum for Session/Token/Assurance middleware.
+ */
+enum afb_session_flags_v2
+{
+ AFB_SESSION_LOA_MASK_V2 = 3, /* mask for LOA */
+
+ AFB_SESSION_LOA_0_V2 = 0, /* value for LOA of 0 */
+ AFB_SESSION_LOA_1_V2 = 1, /* value for LOA of 1 */
+ AFB_SESSION_LOA_2_V2 = 2, /* value for LOA of 2 */
+ AFB_SESSION_LOA_3_V2 = 3, /* value for LOA of 3 */
+
+ AFB_SESSION_CHECK_V2 = 4, /* Requires token authentification */
+ AFB_SESSION_REFRESH_V2 = 8, /* After token authentification, refreshes the token at end */
+ AFB_SESSION_CLOSE_V2 = 16, /* After token authentification, closes the session at end */
+
+ AFB_SESSION_NONE_V2 = 0 /* nothing required */
+};
+
+++ /dev/null
-/*
- * Copyright (C) 2016, 2017 "IoT.bzh"
- * Author: José Bollo <jose.bollo@iot.bzh>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-/*
- * Enum for Session/Token/Assurance middleware.
- */
-enum afb_session_flags
-{
- AFB_SESSION_NONE = 0, /* nothing required */
-#if defined(AFB_BINDING_PRAGMA_DECLARE_V1) && defined(AFB_BINDING_PRAGMA_KEEP_OBSOLETE_V1)
- AFB_SESSION_CREATE = 1, /* Obsolete */
-#endif
- AFB_SESSION_CLOSE = 2, /* After token authentification, closes the session at end */
- AFB_SESSION_RENEW = 4, /* After token authentification, refreshes the token at end */
- AFB_SESSION_CHECK = 8, /* Requires token authentification */
-
- AFB_SESSION_LOA_GE = 16, /* check that the LOA is greater or equal to the given value */
-#if defined(AFB_BINDING_PRAGMA_DECLARE_V1) || defined(AFB_BINDING_PRAGMA_KEEP_OBSOLETE_V2)
- AFB_SESSION_LOA_LE = 32, /* check that the LOA is lesser or equal to the given value */
- AFB_SESSION_LOA_EQ = 48, /* check that the LOA is equal to the given value */
-#endif
-
- AFB_SESSION_LOA_SHIFT = 6, /* shift for LOA */
- AFB_SESSION_LOA_MASK = 7, /* mask for LOA */
-
- AFB_SESSION_LOA_0 = 0, /* value for LOA of 0 */
- AFB_SESSION_LOA_1 = 64, /* value for LOA of 1 */
- AFB_SESSION_LOA_2 = 128, /* value for LOA of 2 */
- AFB_SESSION_LOA_3 = 192, /* value for LOA of 3 */
- AFB_SESSION_LOA_4 = 256, /* value for LOA of 4 */
-
-#if defined(AFB_BINDING_PRAGMA_DECLARE_V1) || defined(AFB_BINDING_PRAGMA_KEEP_OBSOLETE_V2)
- AFB_SESSION_LOA_LE_0 = AFB_SESSION_LOA_LE | AFB_SESSION_LOA_0, /* check LOA <= 0 */
- AFB_SESSION_LOA_LE_1 = AFB_SESSION_LOA_LE | AFB_SESSION_LOA_1, /* check LOA <= 1 */
- AFB_SESSION_LOA_LE_2 = AFB_SESSION_LOA_LE | AFB_SESSION_LOA_2, /* check LOA <= 2 */
- AFB_SESSION_LOA_LE_3 = AFB_SESSION_LOA_LE | AFB_SESSION_LOA_3, /* check LOA <= 3 */
-
- AFB_SESSION_LOA_EQ_0 = AFB_SESSION_LOA_EQ | AFB_SESSION_LOA_0, /* check LOA == 0 */
- AFB_SESSION_LOA_EQ_1 = AFB_SESSION_LOA_EQ | AFB_SESSION_LOA_1, /* check LOA == 1 */
- AFB_SESSION_LOA_EQ_2 = AFB_SESSION_LOA_EQ | AFB_SESSION_LOA_2, /* check LOA == 2 */
- AFB_SESSION_LOA_EQ_3 = AFB_SESSION_LOA_EQ | AFB_SESSION_LOA_3, /* check LOA == 3 */
-#endif
-
- AFB_SESSION_LOA_GE_0 = AFB_SESSION_LOA_GE | AFB_SESSION_LOA_0, /* check LOA >= 0 */
- AFB_SESSION_LOA_GE_1 = AFB_SESSION_LOA_GE | AFB_SESSION_LOA_1, /* check LOA >= 1 */
- AFB_SESSION_LOA_GE_2 = AFB_SESSION_LOA_GE | AFB_SESSION_LOA_2, /* check LOA >= 2 */
- AFB_SESSION_LOA_GE_3 = AFB_SESSION_LOA_GE | AFB_SESSION_LOA_3 /* check LOA >= 3 */
-};
-
afb_req_subcall(to_req(xreq), api, verb, args, callback, cb_closure);
}
-static int xreq_session_check_apply(struct afb_xreq *xreq, int sessionflags, const struct afb_auth *auth)
+static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags)
{
int loa;
- if ((sessionflags & (AFB_SESSION_CLOSE|AFB_SESSION_RENEW|AFB_SESSION_CHECK|AFB_SESSION_LOA_EQ)) != 0) {
+ if ((sessionflags & (AFB_SESSION_CLOSE_V1|AFB_SESSION_RENEW_V1|AFB_SESSION_CHECK_V1|AFB_SESSION_LOA_EQ_V1)) != 0) {
if (!afb_context_check(&xreq->context)) {
afb_context_close(&xreq->context);
afb_xreq_fail_f(xreq, "denied", "invalid token's identity");
}
}
- if ((sessionflags & AFB_SESSION_LOA_GE) != 0) {
- loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK;
+ if ((sessionflags & AFB_SESSION_LOA_GE_V1) != 0) {
+ loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_V1) & AFB_SESSION_LOA_MASK_V1;
if (!afb_context_check_loa(&xreq->context, loa)) {
afb_xreq_fail_f(xreq, "denied", "invalid LOA");
errno = EPERM;
}
}
- if ((sessionflags & AFB_SESSION_LOA_LE) != 0) {
- loa = (sessionflags >> AFB_SESSION_LOA_SHIFT) & AFB_SESSION_LOA_MASK;
+ if ((sessionflags & AFB_SESSION_LOA_LE_V1) != 0) {
+ loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_V1) & AFB_SESSION_LOA_MASK_V1;
if (afb_context_check_loa(&xreq->context, loa + 1)) {
afb_xreq_fail_f(xreq, "denied", "invalid LOA");
errno = EPERM;
}
}
+ if ((sessionflags & AFB_SESSION_RENEW_V1) != 0) {
+ afb_context_refresh(&xreq->context);
+ }
+ if ((sessionflags & AFB_SESSION_CLOSE_V1) != 0) {
+ afb_context_change_loa(&xreq->context, 0);
+ afb_context_close(&xreq->context);
+ }
+
+ return 0;
+}
+
+static int xreq_session_check_apply_v2(struct afb_xreq *xreq, uint32_t sessionflags, const struct afb_auth *auth)
+{
+ int loa;
+
+ if (sessionflags != 0) {
+ if (!afb_context_check(&xreq->context)) {
+ afb_context_close(&xreq->context);
+ afb_xreq_fail_f(xreq, "denied", "invalid token's identity");
+ errno = EINVAL;
+ return -1;
+ }
+ }
+
+ loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_V2);
+ if (loa && !afb_context_check_loa(&xreq->context, loa)) {
+ afb_xreq_fail_f(xreq, "denied", "invalid LOA");
+ errno = EPERM;
+ return -1;
+ }
+
if (auth && !afb_auth_check(auth, xreq)) {
afb_xreq_fail_f(xreq, "denied", "authorisation refused");
errno = EPERM;
return -1;
}
- if ((sessionflags & AFB_SESSION_RENEW) != 0) {
+ if ((sessionflags & AFB_SESSION_REFRESH_V2) != 0) {
afb_context_refresh(&xreq->context);
}
- if ((sessionflags & AFB_SESSION_CLOSE) != 0) {
- afb_context_change_loa(&xreq->context, 0);
+ if ((sessionflags & AFB_SESSION_CLOSE_V2) != 0) {
afb_context_close(&xreq->context);
}
if (!verb)
afb_xreq_fail_unknown_verb(xreq);
else
- if (!xreq_session_check_apply(xreq, verb->session, NULL))
+ if (!xreq_session_check_apply_v1(xreq, verb->session))
verb->callback(to_req(xreq));
}
if (!verb)
afb_xreq_fail_unknown_verb(xreq);
else
- if (!xreq_session_check_apply(xreq, verb->session, verb->auth))
+ if (!xreq_session_check_apply_v2(xreq, verb->session, verb->auth))
verb->callback(to_req(xreq));
}
s = p ? get_session(p) : 0;
c = 1;
if (s & SESSION_CHECK) {
- printf("%s", "|AFB_SESSION_CHECK" + c);
+ printf("%s", "|AFB_SESSION_CHECK_V2" + c);
c = 0;
}
if (s & SESSION_LOA_3 & ~SESSION_LOA_2)
else
l = 0;
if (l) {
- printf("%s%d", "|AFB_SESSION_LOA_GE_" + c, l);
+ printf("%s%d_V2", "|AFB_SESSION_LOA_" + c, l);
c = 0;
}
if (s & SESSION_CLOSE) {
- printf("%s", "|AFB_SESSION_CLOSE" + c);
+ printf("%s", "|AFB_SESSION_CLOSE_V2" + c);
c = 0;
}
if (s & SESSION_RENEW) {
- printf("%s", "|AFB_SESSION_RENEW" + c);
+ printf("%s", "|AFB_SESSION_REFRESH_V2" + c);
c = 0;
}
if (c)
- printf("AFB_SESSION_NONE");
+ printf("AFB_SESSION_NONE_V2");
}
void print_verb(const char *name)
"permission": "urn:AGL:permission:monitor:public:get"
},
"get-or-set": {
-"allOf":[{"session":"check"},{"LOA":1},{"token":"refresh"},{
"anyOf": [
{ "$ref": "#/components/x-permissions/get" },
{ "$ref": "#/components/x-permissions/set" }
]
-}]
}
}
},
Code Review / src / app-framework-binder.git / commitdiff