aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRomain Forlot <romain.forlot@iot.bzh>2017-07-13 18:47:18 +0200
committerRomain Forlot <romain.forlot@iot.bzh>2017-07-21 12:02:11 +0200
commit0dc8b87f5d8a03183c1b947640f6315545e4207b (patch)
tree56e194b30470df6ab27fbd0d706a783896bd870d
parent3a0d2a4a74e548c3ef19b19c72bf28a3da8796bf (diff)
Create an auth verb to raise privilege of session
Simply raise to a LOA of 1 the current session if asked Need to add some checks to not allow anyone raise its session must hold a specific permission urn:AGL:permission::platform:can:write to be able to authenticate. Change-Id: Id4e01ca20ba8437e97a64db682fdd3ebf45ce7b4 Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
-rw-r--r--low-can-binding/binding/low-can-cb.cpp6
-rw-r--r--low-can-binding/binding/low-can-hat.cpp14
-rw-r--r--low-can-binding/binding/low-can-hat.hpp1
3 files changed, 19 insertions, 2 deletions
diff --git a/low-can-binding/binding/low-can-cb.cpp b/low-can-binding/binding/low-can-cb.cpp
index e25d6eae..a7e4396c 100644
--- a/low-can-binding/binding/low-can-cb.cpp
+++ b/low-can-binding/binding/low-can-cb.cpp
@@ -351,6 +351,12 @@ static void do_subscribe_unsubscribe(struct afb_req request, bool subscribe)
afb_req_fail(request, "error", NULL);
}
+void auth(struct afb_req request)
+{
+ afb_req_session_set_LOA(request, 1);
+ afb_req_success(request, NULL, NULL);
+}
+
void subscribe(struct afb_req request)
{
do_subscribe_unsubscribe(request, true);
diff --git a/low-can-binding/binding/low-can-hat.cpp b/low-can-binding/binding/low-can-hat.cpp
index dae3a4af..0fb7e8ce 100644
--- a/low-can-binding/binding/low-can-hat.cpp
+++ b/low-can-binding/binding/low-can-hat.cpp
@@ -40,13 +40,23 @@ extern "C"
return a;
}
- static const struct afb_auth loa_1 = { loa_afb_auth(1) };
+ static constexpr struct afb_auth perm_afb_auth(const char* permission)
+ {
+ struct afb_auth a = {};
+ a.type = afb_auth_Permission;
+ a.text = permission;
+ return a;
+ }
+
+ static const struct afb_auth afb_auth_loa_1 = { loa_afb_auth(1) };
+ static const struct afb_auth afb_auth_perm = { perm_afb_auth("urn:AGL:permission::platform:can:write") };
static const struct afb_verb_v2 verbs[]=
{
+ { .verb= "auth", .callback= auth, .auth= &afb_auth_perm, .info="Authentification against service to get the required level of confidence", .session= AFB_SESSION_NONE},
{ .verb= "subscribe", .callback= subscribe, .auth= NULL, .info="Let subscribe to signals", .session= AFB_SESSION_NONE},
{ .verb= "unsubscribe", .callback= unsubscribe, .auth= NULL, .info="Let unsubscribe signals", .session= AFB_SESSION_NONE},
- { .verb= "swrite", .callback= swrite, .auth= &loa_1, .info="Write a single CAN message on a CAN bus", .session= AFB_SESSION_LOA_1},
+ { .verb= "swrite", .callback= swrite, .auth= &afb_auth_loa_1, .info="Write a single CAN message on a CAN bus", .session= AFB_SESSION_LOA_1},
{ .verb= NULL, .callback= NULL, .auth= NULL, .info=NULL, .session= 0}
};
diff --git a/low-can-binding/binding/low-can-hat.hpp b/low-can-binding/binding/low-can-hat.hpp
index 6ecad23a..b0f29b5e 100644
--- a/low-can-binding/binding/low-can-hat.hpp
+++ b/low-can-binding/binding/low-can-hat.hpp
@@ -36,6 +36,7 @@ void on_no_clients(std::shared_ptr<low_can_subscription_t> can_subscription, std
void on_no_clients(std::shared_ptr<low_can_subscription_t> can_subscription, uint32_t pid, std::map<int, std::shared_ptr<low_can_subscription_t> >& s);
int read_message(sd_event_source *s, int fd, uint32_t revents, void *userdata);
+void auth(struct afb_req request);
void subscribe(struct afb_req request);
void unsubscribe(struct afb_req request);
void swrite(struct afb_req request);