diff options
author | Loïc Collignon <loic.collignon@iot.bzh> | 2017-07-11 06:36:33 +0200 |
---|---|---|
committer | Loïc Collignon <loic.collignon@iot.bzh> | 2017-07-11 06:36:33 +0200 |
commit | 0455a7401f9f0f9bfad82c5ddf04f7dd70b0b852 (patch) | |
tree | 819bc150cb62c8eb344656086bbb52892f5288b8 | |
parent | 66b90d26cfd555b2aa5fef67d31e539a70256719 (diff) |
first somewhat working version.
Change-Id: I3101dc6b8add87eccac3bbf177b1320137f72463
Signed-off-by: Loïc Collignon <loic.collignon@iot.bzh>
30 files changed, 1500 insertions, 152 deletions
diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..e07cae1 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "conf.d/app-templates"] + path = conf.d/app-templates + url = https://gerrit.automotivelinux.org/gerrit/p/apps/app-templates.git diff --git a/CMakeLists.txt b/CMakeLists.txt deleted file mode 100644 index 87d1329..0000000 --- a/CMakeLists.txt +++ /dev/null @@ -1,5 +0,0 @@ -cmake_minimum_required(VERSION 3.6) -project(agl-identity) - -add_subdirectory(pam) -add_subdirectory(binding) diff --git a/binding/CMakeLists.txt b/binding/CMakeLists.txt deleted file mode 100644 index 781e007..0000000 --- a/binding/CMakeLists.txt +++ /dev/null @@ -1,2 +0,0 @@ - -add_library(agl-identity SHARED identity-binding.c)
\ No newline at end of file diff --git a/binding/identity-binding.c b/binding/identity-binding.c deleted file mode 100644 index a0e9232..0000000 --- a/binding/identity-binding.c +++ /dev/null @@ -1,96 +0,0 @@ -#define _GNU_SOURCE -#define AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO - -#include <string.h> -#include <json-c/json.h> -#include <afb/afb-binding-v2.h> -#include <afb/afb-req-v2.h> -#include <afb/afb-req-itf.h> - -// ---------- Verb's declaration ---------------------------------------------- -static void verb_login(struct afb_req req); -static void verb_logout(struct afb_req req); -static void verb_open_session(struct afb_req req); -static void verb_close_session(struct afb_req req); -static void verb_set_data(struct afb_req req); -static void verb_get_data(struct afb_req req); - -// ---------- Binding's metadata ---------------------------------------------- -static const struct afb_auth _afb_auth_v2_identity[] = {}; - -static const struct afb_verb_v2 _afb_verbs_v2_identity[] = -{ - { - .verb = "login", - .callback = verb_login, - .auth = NULL, - .session = 0, - }, - { - .verb = "logout", - .callback = verb_logout, - .auth = NULL, - .session = 0, - }, - { - .verb = "open_session", - .callback = verb_open_session, - .auth = NULL, - .session = 0, - }, - { - .verb = "close_session", - .callback = verb_close_session, - .auth = NULL, - .session = 0, - }, - { - .verb = "get_data", - .callback = verb_get_data, - .auth = NULL, - .session = 0, - }, - { - .verb = "set_data", - .callback = set_data, - .auth = NULL, - .session = 0, - }, - { .verb = NULL } -}; - -static const struct afb_binding_v2 _afb_binding_v2_identity = -{ - .api = "identity", - .specification = NULL, - .verbs = _afb_verbs_v2_identity, - .preinit = NULL, - .init = NULL, - .onevent = NULL -}; - -// ---------- Verb's implementation ------------------------------------------- - -static void verb_login(struct afb_req req) -{ -} - -static void verb_logout(struct afb_req req) -{ -} - -static void verb_open_session(struct afb_req req) -{ -} - -static void verb_close_session(struct afb_req req) -{ -} - -static void verb_get_data(struct afb_req req) -{ -} - -static void verb_set_data(struct afb_req req) -{ -} diff --git a/conf.d/app-templates b/conf.d/app-templates new file mode 160000 +Subproject 2d053aafe099919d12b58df0634cbeb18b845d3 diff --git a/idkey/CMakeLists.txt b/idkey/CMakeLists.txt new file mode 100644 index 0000000..dc1f8cb --- /dev/null +++ b/idkey/CMakeLists.txt @@ -0,0 +1,6 @@ +cmake_minimum_required(VERSION 3.3) +project(idkey) +add_executable(idkey main.c) +install(TARGETS idkey + RUNTIME DESTINATION bin + LIBRARY DESTINATION lib) diff --git a/idkey/main.c b/idkey/main.c new file mode 100644 index 0000000..16b2232 --- /dev/null +++ b/idkey/main.c @@ -0,0 +1,127 @@ +#include <fcntl.h> +#include <stdarg.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#define EXIT_SUCCESS 0 +#define EXIT_CMDLINE 1 +#define EXIT_FILEOPEN 2 +#define EXIT_FILEREAD 3 +#define EXIT_FILEWRITE 4 +#define EXIT_INVALID 5 +#define EXIT_ALLOC 6 + +#define BLOCK_SIZE 4096 + +/// @brief Header of the datas. +typedef struct header_ +{ + char mn[4]; + size_t size; +} header; + +/// @brief Check if the @c v is a valid magick number. +/// @param[in] v magick number. +/// @return 1 if valid, zero otherwise. +int is_valid_nm(const char* v) +{ + return v && v[0] == 'I' && v[1] == 'D' && v[2] == 'K' && v[3] == 'Y'; +} + +/// @brief Close the file descriptor if valid then print a formatted error message then return the specified code. +/// @param[in] fd File descriptor to close. +/// @param[in] code The exit code to return. +/// @param[in] format The message to print. +/// @param[in] ... Values for formatting. +/// @return The exit code provided by @c code. +int close_and_fail(int fd, int code, const char* format, ...) +{ + va_list arglist; + fprintf(stderr, "Error: "); + va_start(arglist, format); + vfprintf(stderr, format, arglist); + va_end(arglist); + fprintf(stderr, "\n"); + return code; +} + +/// @brief Read the device @c devname and print it's data to stdout. +/// @param[in] devname Device's name. +/// @return Exit code, zero if success. +int read_device(const char* devname) +{ + int fd = open(devname, O_RDONLY); + if (fd == -1) return close_and_fail(fd, EXIT_FILEOPEN, "Failed to open '%s'!", devname); + + header h; + ssize_t sz = read(fd, &h, sizeof(header)); + if (sz != sizeof(header)) return close_and_fail(fd, EXIT_FILEREAD, "Failed to read the header!"); + if (!is_valid_nm(h.mn)) return close_and_fail(fd, EXIT_INVALID, "Not a valid identity key!"); + + while(h.size) + { + char datas[BLOCK_SIZE + 1]; + memset(datas, BLOCK_SIZE +1, 0); + size_t count = BLOCK_SIZE > h.size ? h.size : BLOCK_SIZE; + + sz = read(fd, datas, count); + + if (sz != count) close_and_fail(fd, EXIT_FILEREAD, "Failed to read a data block!"); + h.size = (h.size - count); + + printf(datas); + } + printf("\n"); + close(fd); + return EXIT_SUCCESS; +} + +/// @brief Write the specified data to the specified device. +/// @param[in] devname Name of the device. +/// @param[in] datas Datas to write. +/// @return Exit code, zero if success, non-zero otherwise. +int write_device(const char* devname, const char* datas) +{ + header h = { + .mn = {'I', 'D', 'K', 'Y'}, + .size = strlen(datas) + }; + if (h.size < 1) return close_and_fail(-1, EXIT_CMDLINE, "No data to write!"); + + int fd = open(devname, O_WRONLY); + if (fd == -1) return close_and_fail(fd, EXIT_FILEOPEN, "Failed to open device '%s'!", devname); + if (write(fd, &h, sizeof(header)) != sizeof(header)) return close_and_fail(fd, EXIT_FILEWRITE, "Failed to write the header!"); + if (write(fd, datas, h.size) != h.size) return close_and_fail(fd, EXIT_FILEWRITE, "Failed to write datas!"); + + close(fd); + return EXIT_SUCCESS; +} + +/// @brief Entry point. +/// @param[in] argc Number of arguments in @c argv. +/// @param[in] argv Arguments array. +/// @return Exit code, zero if success, non-zero otherwise. +int main(int argc, char** argv) +{ + switch(argc) + { + case 0: + case 1: + fprintf(stderr, "ERROR: too few arguments!\n"); + return EXIT_CMDLINE; + + case 2: // Read the device + return read_device(argv[1]); + + case 3: // Write the device + return write_device(argv[1], argv[2]); + + default: + fprintf(stderr, "ERROR: too many arguments!\n"); + return EXIT_CMDLINE; + } +} + diff --git a/ll-auth-binding/CMakeLists.txt b/ll-auth-binding/CMakeLists.txt new file mode 100644 index 0000000..3784ade --- /dev/null +++ b/ll-auth-binding/CMakeLists.txt @@ -0,0 +1,3 @@ +cmake_minimum_required(VERSION 3.3) + +include(${CMAKE_CURRENT_SOURCE_DIR}/conf.d/cmake/config.cmake) diff --git a/ll-auth-binding/conf.d/cmake/config.cmake b/ll-auth-binding/conf.d/cmake/config.cmake new file mode 100644 index 0000000..5b4f664 --- /dev/null +++ b/ll-auth-binding/conf.d/cmake/config.cmake @@ -0,0 +1,149 @@ +########################################################################### +# Copyright 2015, 2016, 2017 IoT.bzh +# +# author: Fulup Ar Foll <fulup@iot.bzh> +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +########################################################################### + +# Project Info +# ------------------ +set(PROJECT_NAME ll-auth-binding) +set(PROJECT_VERSION "0.1") +set(PROJECT_PRETTY_NAME "Low Level Auth Binding") +set(PROJECT_DESCRIPTION "A low level binding to log users in and out.") +set(PROJECT_URL "") +set(PROJECT_ICON "icon.png") +set(PROJECT_AUTHOR "Collignon, Loïc") +set(PROJECT_AUTHOR_MAIL "loic.collignon@iot.bzh") +set(PROJECT_LICENSE "APL2.0") +set(PROJECT_LANGUAGES,"C") + +# Where are stored default templates files from submodule or subtree app-templates in your project tree +# relative to the root project directory +set(PROJECT_APP_TEMPLATES_DIR "conf.d/app-templates") + +# Where are stored your external libraries for your project. This is 3rd party library that you don't maintain +# but used and must be built and linked. +# set(PROJECT_LIBDIR "libs") + +# Where are stored data for your application. Pictures, static resources must be placed in that folder. +# set(PROJECT_RESOURCES "data") + +# Which directories inspect to find CMakeLists.txt target files +# set(PROJECT_SRC_DIR_PATTERN "*") + +# Compilation Mode (DEBUG, RELEASE) +# ---------------------------------- +set(CMAKE_BUILD_TYPE "DEBUG") + +# Kernel selection if needed. Impose a minimal version. +# NOTE FOR NOW IT CHECKS KERNEL Yocto SDK Kernel version +# else only HOST VERSION +# ----------------------------------------------- +#set (kernel_minimal_version 4.8) + +# Compiler selection if needed. Impose a minimal version. +# ----------------------------------------------- +set (gcc_minimal_version 4.9) + +# PKG_CONFIG required packages +# ----------------------------- +set (PKG_REQUIRED_LIST + json-c + libsystemd>=222 + afb-daemon + libmicrohttpd>=0.9.55 +) + +# Static constante definition +# ----------------------------- +add_compile_options() + +# LANG Specific compile flags set for all build types +set(CMAKE_C_FLAGS "") +set(CMAKE_CXX_FLAGS "") + +# Print a helper message when every thing is finished +# ---------------------------------------------------- +#set(CLOSING_MESSAGE "") +#set(PACKAGE_MESSAGE "Install widget file using in the target : afm-util install ${PROJECT_NAME}.wgt") + +# (BUG!!!) as PKG_CONFIG_PATH does not work [should be an env variable] +# --------------------------------------------------------------------- +set(CMAKE_INSTALL_PREFIX $ENV{HOME}/opt) +set(CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH} ${CMAKE_INSTALL_PREFIX}/lib64/pkgconfig ${CMAKE_INSTALL_PREFIX}/lib/pkgconfig) +set(LD_LIBRARY_PATH ${CMAKE_INSTALL_PREFIX}/lib64 ${CMAKE_INSTALL_PREFIX}/lib) + +# Optional location for config.xml.in +# ----------------------------------- +#set(WIDGET_CONFIG_TEMPLATE ${CMAKE_CURRENT_SOURCE_DIR}/conf.d/config.xml.in) + +# Mandatory widget Mimetype specification of the main unit +# -------------------------------------------------------------------------- +# Choose between : +#- text/html : HTML application, +# content.src designates the home page of the application +# +#- application/vnd.agl.native : AGL compatible native, +# content.src designates the relative path of the binary. +# +# - application/vnd.agl.service: AGL service, content.src is not used. +# +#- ***application/x-executable***: Native application, +# content.src designates the relative path of the binary. +# For such application, only security setup is made. +# +set(WIDGET_TYPE MimeType_Not_Set) + +# Mandatory Widget entry point file of the main unit +# -------------------------------------------------------------- +# This is the file that will be executed, loaded, +# at launch time by the application framework. +# +set(WIDGET_ENTRY_POINT EntryPoint_Path_Not_Set) + +# Optional dependencies order +# --------------------------- +#set(EXTRA_DEPENDENCIES_ORDER) + +# Optional Extra global include path +# ----------------------------------- +#set(EXTRA_INCLUDE_DIRS) + +# Optional extra libraries +# ------------------------- +#set(EXTRA_LINK_LIBRARIES) + +# Optional force binding installation +# ------------------------------------ +# set(BINDINGS_INSTALL_PREFIX PrefixPath ) + +# Optional force binding Linking flag +# ------------------------------------ +# set(BINDINGS_LINK_FLAG LinkOptions ) + +# Optional force package prefix generation, like widget +# ----------------------------------------------------- +# set(PKG_PREFIX DestinationPath) + +# Optional Application Framework security token +# and port use for remote debugging. +#------------------------------------------------------------ +#set(AFB_TOKEN "" CACHE PATH "Default AFB_TOKEN") +#set(AFB_REMPORT "1234" CACHE PATH "Default AFB_TOKEN") + +# This include is mandatory and MUST happens at the end +# of this file, else you expose you to unexpected behavior +# ----------------------------------------------------------- +include(${PROJECT_APP_TEMPLATES_DIR}/cmake/common.cmake) diff --git a/ll-auth-binding/htdocs/AFB-websock.js b/ll-auth-binding/htdocs/AFB-websock.js new file mode 100644 index 0000000..08a7ffe --- /dev/null +++ b/ll-auth-binding/htdocs/AFB-websock.js @@ -0,0 +1,174 @@ +AFB = function(base, initialtoken){ + +var urlws = "ws://"+window.location.host+"/"+base; +var urlhttp = "http://"+window.location.host+"/"+base; + +/*********************************************/ +/**** ****/ +/**** AFB_context ****/ +/**** ****/ +/*********************************************/ +var AFB_context; +{ + var UUID = undefined; + var TOKEN = initialtoken; + + var context = function(token, uuid) { + this.token = token; + this.uuid = uuid; + } + + context.prototype = { + get token() {return TOKEN;}, + set token(tok) {if(tok) TOKEN=tok;}, + get uuid() {return UUID;}, + set uuid(id) {if(id) UUID=id;} + }; + + AFB_context = new context(); +} +/*********************************************/ +/**** ****/ +/**** AFB_websocket ****/ +/**** ****/ +/*********************************************/ +var AFB_websocket; +{ + var CALL = 2; + var RETOK = 3; + var RETERR = 4; + var EVENT = 5; + + var PROTO1 = "x-afb-ws-json1"; + + AFB_websocket = function(onopen, onabort) { + var u = urlws; + if (AFB_context.token) { + u = u + '?x-afb-token=' + AFB_context.token; + if (AFB_context.uuid) + u = u + '&x-afb-uuid=' + AFB_context.uuid; + } + this.ws = new WebSocket(u, [ PROTO1 ]); + this.pendings = {}; + this.awaitens = {}; + this.counter = 0; + this.ws.onopen = onopen.bind(this); + this.ws.onerror = onerror.bind(this); + this.ws.onclose = onclose.bind(this); + this.ws.onmessage = onmessage.bind(this); + this.onopen = onopen; + this.onabort = onabort; + this.onclose = onabort; + } + + function onerror(event) { + var f = this.onabort; + if (f) { + delete this.onopen; + delete this.onabort; + f && f(this); + } + this.onerror && this.onerror(this); + } + + function onopen(event) { + var f = this.onopen; + delete this.onopen; + delete this.onabort; + f && f(this); + } + + function onclose(event) { + for (var id in this.pendings) { + var ferr = this.pendings[id].onerror; + ferr && ferr(null, this); + } + this.pendings = {}; + this.onclose && this.onclose(); + } + + function fire(awaitens, name, data) { + var a = awaitens[name]; + if (a) + a.forEach(function(handler){handler(data);}); + var i = name.indexOf("/"); + if (i >= 0) { + a = awaitens[name.substring(0,i)]; + if (a) + a.forEach(function(handler){handler(data);}); + } + a = awaitens["*"]; + if (a) + a.forEach(function(handler){handler(data);}); + } + + function reply(pendings, id, ans, offset) { + if (id in pendings) { + var p = pendings[id]; + delete pendings[id]; + var f = p[offset]; + f(ans); + } + } + + function onmessage(event) { + var obj = JSON.parse(event.data); + var code = obj[0]; + var id = obj[1]; + var ans = obj[2]; + AFB_context.token = obj[3]; + switch (code) { + case RETOK: + reply(this.pendings, id, ans, 0); + break; + case RETERR: + reply(this.pendings, id, ans, 1); + break; + case EVENT: + default: + fire(this.awaitens, id, ans); + break; + } + } + + function close() { + this.ws.close(); + this.onabort(); + } + + function call(method, request) { + return new Promise((function(resolve, reject){ + var id, arr; + do { + id = String(this.counter = 4095 & (this.counter + 1)); + } while (id in this.pendings); + this.pendings[id] = [ resolve, reject ]; + arr = [CALL, id, method, request ]; + if (AFB_context.token) arr.push(AFB_context.token); + this.ws.send(JSON.stringify(arr)); + }).bind(this)); + } + + function onevent(name, handler) { + var id = name; + var list = this.awaitens[id] || (this.awaitens[id] = []); + list.push(handler); + } + + AFB_websocket.prototype = { + close: close, + call: call, + onevent: onevent + }; +} +/*********************************************/ +/**** ****/ +/**** ****/ +/**** ****/ +/*********************************************/ +return { + context: AFB_context, + ws: AFB_websocket +}; +}; + diff --git a/ll-auth-binding/htdocs/CMakeLists.txt b/ll-auth-binding/htdocs/CMakeLists.txt new file mode 100644 index 0000000..5bdb47f --- /dev/null +++ b/ll-auth-binding/htdocs/CMakeLists.txt @@ -0,0 +1,43 @@ +########################################################################### +# Copyright 2015, 2016, 2017 IoT.bzh +# +# author: Fulup Ar Foll <fulup@iot.bzh> +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +########################################################################### + + + +################################################## +# HTML Testing Files +################################################## +PROJECT_TARGET_ADD(www_test) + + file(GLOB SOURCE_FILES "*.html" "*.js" "*.jpg") + + add_custom_target(${TARGET_NAME} + DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME} + ) + + add_custom_command( + DEPENDS ${SOURCE_FILES} + OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME} + COMMAND mkdir -p ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME} + COMMAND touch ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME} + COMMAND cp -r ${SOURCE_FILES} ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME} + ) + + SET_TARGET_PROPERTIES(${TARGET_NAME} PROPERTIES + LABELS "HTDOCS" + OUTPUT_NAME ${TARGET_NAME} + ) diff --git a/ll-auth-binding/htdocs/IdentityBinding.js b/ll-auth-binding/htdocs/IdentityBinding.js new file mode 100644 index 0000000..5f9ea24 --- /dev/null +++ b/ll-auth-binding/htdocs/IdentityBinding.js @@ -0,0 +1,72 @@ + var afb = new AFB("api", "mysecret"); + var ws; + var evtidx=0; + + function getParameterByName(name, url) { + if (!url) { + url = window.location.href; + } + name = name.replace(/[\[\]]/g, "\\$&"); + var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"), + results = regex.exec(url); + if (!results) return null; + if (!results[2]) return ''; + return decodeURIComponent(results[2].replace(/\+/g, " ")); + } + + // default soundcard is "PCH" + var devid=getParameterByName("devid"); + if (!devid) devid="hw:0"; + + var sndname=getParameterByName("sndname"); + if (!sndname) sndname="PCH"; + + var quiet=getParameterByName("quiet"); + if (!quiet) quiet="99"; + + function init() { + ws = new afb.ws(onopen, onabort); + } + + function onopen() { + document.getElementById("main").style.visibility = "visible"; + document.getElementById("connected").innerHTML = "Binder WS Active"; + document.getElementById("connected").style.background = "lightgreen"; + ws.onevent("*", gotevent); + } + + function onabort() { + document.getElementById("main").style.visibility = "hidden"; + document.getElementById("connected").innerHTML = "Connected Closed"; + document.getElementById("connected").style.background = "red"; + + } + + function replyok(obj) { + console.log("replyok:" + JSON.stringify(obj)); + document.getElementById("output").innerHTML = "OK: "+JSON.stringify(obj); + } + + function replyerr(obj) { + console.log("replyerr:" + JSON.stringify(obj)); + document.getElementById("output").innerHTML = "ERROR: "+JSON.stringify(obj); + } + + function gotevent(obj) { + console.log("gotevent:" + JSON.stringify(obj)); + document.getElementById("outevt").innerHTML = (evtidx++) +": "+JSON.stringify(obj); + } + + function send(message) { + var api = document.getElementById("api").value; + var verb = document.getElementById("verb").value; + document.getElementById("question").innerHTML = "subscribe: "+api+"/"+verb + " (" + JSON.stringify(message) +")"; + ws.call(api+"/"+verb, {data:message}).then(replyok, replyerr); + } + + + function callbinder(api, verb, query) { + console.log ("subscribe api="+api+" verb="+verb+" query=" +query); + document.getElementById("question").innerHTML = "apicall: " + api+"/"+verb +" ("+ JSON.stringify(query)+")"; + ws.call(api+"/"+verb, query).then(replyok, replyerr); + } diff --git a/ll-auth-binding/htdocs/auth.html b/ll-auth-binding/htdocs/auth.html new file mode 100644 index 0000000..6e0da89 --- /dev/null +++ b/ll-auth-binding/htdocs/auth.html @@ -0,0 +1,28 @@ +<html> + <head> + <title>ll-auth-binding test</title> + <script type="text/javascript" src="AFB-websock.js"></script> + <script type="text/javascript" src="IdentityBinding.js"></script> + </head> + + <body onload="init();"> + <h1>Identity Binding</h1> + <button id="connected" onclick="init()">Binder WS Fail</button> + <br> + <ol> + <!-- + <li><button onclick="callbinder('ll-auth','login', {})">login</button></li> + <li><button onclick="callbinder('ll-auth','logout', {})">logout</button></li> + --> + <li><button onclick="callbinder('ll-auth','getuser', {})">get user</button></li> + </ol> + <br> + <div id="main" style="visibility:hidden"> + <ol> + <li>Question <div id="question"></div></li> + <li>Response <div id="output"></div></li> + <li>Events: <div id="outevt"></div> + </ol> + </div> + </body> +</html>
\ No newline at end of file diff --git a/ll-auth-binding/htdocs/index.html b/ll-auth-binding/htdocs/index.html new file mode 100644 index 0000000..5eb0401 --- /dev/null +++ b/ll-auth-binding/htdocs/index.html @@ -0,0 +1,11 @@ +<html> + <head> + <title>Identity Binding tests</title> + </head> + <body> + <h1>Identity Binding tests</h1> + <ol> + <li><a href="auth.html">Auth</a></li> + </ol> + </body> +</html> diff --git a/ll-auth-binding/src/CMakeLists.txt b/ll-auth-binding/src/CMakeLists.txt new file mode 100644 index 0000000..2b682bd --- /dev/null +++ b/ll-auth-binding/src/CMakeLists.txt @@ -0,0 +1,21 @@ +PROJECT_TARGET_ADD(ll-auth-binding) + +# Require PAM but there is no find_package +set(PAM_INCLUDE_DIR "/usr/include/") +set(PAM_LIBRARY "/lib64/libpam.so.0") +set(PAM_MISC_LIBRARY "/lib64/libpam_misc.so.0") +include_directories(${PAM_INCLUDE_DIR}) + +add_library(ll-auth-binding MODULE ll-auth-binding.c) + +set_target_properties(ll-auth-binding PROPERTIES + PREFIX "afb-" + LABELS "BINDING" + LINK_FLAGS ${BINDINGS_LINK_FLAG} + OUTPUT_NAME ${TARGET_NAME}) + +target_link_libraries(ll-auth-binding ${link_libraries} ${PAM_LIBRARY} ${PAM_MISC_LIBRARY}) + +install( + TARGETS ll-auth-binding + LIBRARY DESTINATION ${BINDINGS_INSTALL_DIR}) diff --git a/ll-auth-binding/src/export.map b/ll-auth-binding/src/export.map new file mode 100644 index 0000000..ee2f413 --- /dev/null +++ b/ll-auth-binding/src/export.map @@ -0,0 +1 @@ +{ global: afbBindingV*; local: *; }; diff --git a/ll-auth-binding/src/ll-auth-binding.c b/ll-auth-binding/src/ll-auth-binding.c new file mode 100644 index 0000000..e85d63a --- /dev/null +++ b/ll-auth-binding/src/ll-auth-binding.c @@ -0,0 +1,208 @@ +#define _GNU_SOURCE +#include <stdio.h> +#include <string.h> +#include <json-c/json.h> +#include <security/pam_appl.h> +#include <security/pam_misc.h> + +#define AFB_BINDING_VERSION 2 +#include <afb/afb-binding.h> + +static struct pam_conv conv = { misc_conv, NULL }; + +static char* current_device = NULL; +static char* current_user = NULL; + +afb_event evt_login, evt_logout; + +/// @brief API's verb 'login'. Try to login a user using a device +/// @param[in] req The request object. Should contains a json with a "device" key. +static void verb_login(struct afb_req req) +{ + struct json_object* args = NULL; + struct json_object* device_object = NULL; + pam_handle_t* pamh; + int r; + + if (current_user) + { + AFB_ERROR("[login] the current user must be logged out first!"); + afb_req_fail(req, "current user must be logged out first!", NULL); + return; + } + + args = afb_req_json(req); + if (args == NULL || !json_object_object_get_ex(args, "device", &device_object)) + { + AFB_ERROR("[login] device must be provided!"); + afb_req_fail(req, "device must be provided!", NULL); + return; + } + + const char* device = json_object_get_string(device_object); + + if ((r = pam_start("agl", NULL, &conv, &pamh)) != PAM_SUCCESS) + { + AFB_ERROR("PAM start failed!"); + afb_req_fail(req, "PAM start failed!", NULL); + return; + } + + char pam_variable[4096] = "DEVICE="; + strcat(pam_variable, device); + + if ((r = pam_putenv(pamh, pam_variable)) != PAM_SUCCESS) + { + AFB_ERROR("PAM putenv failed!"); + afb_req_fail(req, "PAM putenv failed!", NULL); + pam_end(pamh, r); + return; + } + + if ((r = pam_authenticate(pamh, 0)) != PAM_SUCCESS) + { + AFB_ERROR("PAM authenticate failed!"); + afb_req_fail(req, "PAM authenticate failed!", NULL); + pam_end(pamh, r); + return; + } + + if ((r = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) + { + AFB_ERROR("PAM acct_mgmt failed!"); + afb_req_fail(req, "PAM acct_mgmt failed!", NULL); + pam_end(pamh, r); + return; + } + + const char* pam_user; + pam_get_item(pamh, PAM_USER, (const void**)&pam_user); + if (!pam_user) + { + AFB_ERROR("[login] No user provided by the PAM module!"); + afb_req_fail(req, "No user provided by the PAM module!", NULL); + return; + } + + current_device = strdup(device); + current_user = strdup(pam_user); + + if ((r = pam_end(pamh, r)) != PAM_SUCCESS) + { + AFB_ERROR("PAM end failed!"); + afb_req_fail(req, "PAM end failed!", NULL); + return; + } + + AFB_INFO("[login] device: %s, user: %s", current_device, current_user); + json_object* result = json_object_new_object(); + json_object_object_add(result, "device", json_object_new_string(current_device)); + json_object_object_add(result, "user", json_object_new_string(current_user)); + afb_req_success(req, NULL, current_device); + afb_event_broadcast(evt_login, result); +} + +/// @brief API's verb 'lgout'. Try to logout a user using a device +/// @param[in] req The request object. Should contains a json with a "device" key. +static void verb_logout(struct afb_req req) +{ + struct json_object* args = NULL; + struct json_object* device_object = NULL; + + args = afb_req_json(req); + if (args == NULL || !json_object_object_get_ex(args, "device", &device_object)) + { + AFB_INFO("[logout] device must be provided!"); + afb_req_fail(req, "device must be provided!", NULL); + return; + } + + const char* device = json_object_get_string(device_object); + if (current_device && !strcmp(device, current_device)) + { + free(current_device); + current_device = NULL; + if (current_user) + { + free(current_user); + current_user = NULL; + AFB_INFO("[logout] device: %s", device); + afb_req_success(req, NULL, device); + afb_event_broadcast(evt_logout, NULL); + return; + } + else + { + AFB_INFO("No user was linked to this device!"); + afb_req_fail(req, "No user was linked to this device!", NULL); + return; + } + } + + AFB_INFO("The unplugged device wasn't the user key!"); + afb_req_fail(req, "The unplugged device wasn't the user key!", NULL); +} + +static void verb_getuser(struct afb_req req) +{ + if (!current_device || !current_user) + { + afb_req_fail(req, "there is no logged user!", NULL); + return; + } + + json_object* result = json_object_new_object(); + json_object_object_add(result, "user", json_object_new_string(current_user)); + json_object_object_add(result, "device", json_object_new_string(current_device)); + + afb_req_success(req, result, NULL); +} + +int ll_auth_init() +{ + current_user = NULL; + current_device = NULL; + evt_login = afb_daemon_make_event("login"); + evt_logout = afb_daemon_make_event("logout"); + + if (afb_event_is_valid(evt_login) && afb_event_is_valid(evt_logout)) + return 0; + + AFB_ERROR("Can't create events"); + return -1; +} + +static const afb_verb_v2 _ll_auth_binding_verbs[]= { + { + .verb = "login", + .callback = verb_login, + .auth = NULL, + .info = NULL, + .session = AFB_SESSION_NONE_V2 + }, + { + .verb = "logout", + .callback = verb_logout, + .auth = NULL, + .info = NULL, + .session = AFB_SESSION_NONE_V2 + }, + { + .verb = "getuser", + .callback = verb_getuser, + .auth = NULL, + .info = NULL, + .session = AFB_SESSION_NONE_V2 + }, + { .verb=NULL} +}; + +const struct afb_binding_v2 afbBindingV2 = { + .api = "ll-auth", + .specification = NULL, + .verbs = _ll_auth_binding_verbs, + .preinit = ll_auth_init, + .init = NULL, + .onevent = NULL, + .noconcurrency = 0 +}; diff --git a/ll-auth-binding/start.sh b/ll-auth-binding/start.sh new file mode 100755 index 0000000..3842372 --- /dev/null +++ b/ll-auth-binding/start.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +afb-daemon --port=9000 --token='' --binding=/home/agl/projects/ll-auth-binding/build/src/afb-ll-auth-binding.so --verbose --roothttp=/home/agl/projects/ll-auth-binding/htdocs diff --git a/ll-store-binding/CMakeLists.txt b/ll-store-binding/CMakeLists.txt new file mode 100644 index 0000000..0f2f8a9 --- /dev/null +++ b/ll-store-binding/CMakeLists.txt @@ -0,0 +1,2 @@ +cmake_minimum_required(VERSION 3.3) +include(${CMAKE_CURRENT_SOURCE_DIR}/conf.d/cmake/config.cmake) diff --git a/ll-store-binding/conf.d/cmake/config.cmake b/ll-store-binding/conf.d/cmake/config.cmake new file mode 100644 index 0000000..c4bd78c --- /dev/null +++ b/ll-store-binding/conf.d/cmake/config.cmake @@ -0,0 +1,149 @@ +########################################################################### +# Copyright 2015, 2016, 2017 IoT.bzh +# +# author: Fulup Ar Foll <fulup@iot.bzh> +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +########################################################################### + +# Project Info +# ------------------ +set(PROJECT_NAME ll-store-binding) +set(PROJECT_VERSION "0.1") +set(PROJECT_PRETTY_NAME "Low Level Store Binding") +set(PROJECT_DESCRIPTION "Binding able to store and retrieve data by user/app/tag.") +set(PROJECT_URL "") +set(PROJECT_ICON "icon.png") +set(PROJECT_AUTHOR "Collignon, Loïc") +set(PROJECT_AUTHOR_MAIL "loic.collignon@iot.bzh") +set(PROJECT_LICENSE "Apache-V2") +set(PROJECT_LANGUAGES,"C") + +# Where are stored default templates files from submodule or subtree app-templates in your project tree +# relative to the root project directory +set(PROJECT_APP_TEMPLATES_DIR "conf.d/app-templates") + +# Where are stored your external libraries for your project. This is 3rd party library that you don't maintain +# but used and must be built and linked. +# set(PROJECT_LIBDIR "libs") + +# Where are stored data for your application. Pictures, static resources must be placed in that folder. +# set(PROJECT_RESOURCES "data") + +# Which directories inspect to find CMakeLists.txt target files +# set(PROJECT_SRC_DIR_PATTERN "*") + +# Compilation Mode (DEBUG, RELEASE) +# ---------------------------------- +set(CMAKE_BUILD_TYPE "DEBUG") + +# Kernel selection if needed. Impose a minimal version. +# NOTE FOR NOW IT CHECKS KERNEL Yocto SDK Kernel version +# else only HOST VERSION +# ----------------------------------------------- +#set (kernel_minimal_version 4.8) + +# Compiler selection if needed. Impose a minimal version. +# ----------------------------------------------- +set (gcc_minimal_version 4.9) + +# PKG_CONFIG required packages +# ----------------------------- +set (PKG_REQUIRED_LIST + json-c + libsystemd>=222 + afb-daemon + libmicrohttpd>=0.9.55 +) + +# Static constante definition +# ----------------------------- +add_compile_options() + +# LANG Specific compile flags set for all build types +set(CMAKE_C_FLAGS "") +set(CMAKE_CXX_FLAGS "") + +# Print a helper message when every thing is finished +# ---------------------------------------------------- +#set(CLOSING_MESSAGE "") +#set(PACKAGE_MESSAGE "Install widget file using in the target : afm-util install ${PROJECT_NAME}.wgt") + +# (BUG!!!) as PKG_CONFIG_PATH does not work [should be an env variable] +# --------------------------------------------------------------------- +set(CMAKE_INSTALL_PREFIX $ENV{HOME}/opt) +set(CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH} ${CMAKE_INSTALL_PREFIX}/lib64/pkgconfig ${CMAKE_INSTALL_PREFIX}/lib/pkgconfig) +set(LD_LIBRARY_PATH ${CMAKE_INSTALL_PREFIX}/lib64 ${CMAKE_INSTALL_PREFIX}/lib) + +# Optional location for config.xml.in +# ----------------------------------- +#set(WIDGET_CONFIG_TEMPLATE ${CMAKE_CURRENT_SOURCE_DIR}/conf.d/config.xml.in) + +# Mandatory widget Mimetype specification of the main unit +# -------------------------------------------------------------------------- +# Choose between : +#- text/html : HTML application, +# content.src designates the home page of the application +# +#- application/vnd.agl.native : AGL compatible native, +# content.src designates the relative path of the binary. +# +# - application/vnd.agl.service: AGL service, content.src is not used. +# +#- ***application/x-executable***: Native application, +# content.src designates the relative path of the binary. +# For such application, only security setup is made. +# +set(WIDGET_TYPE MimeType_Not_Set) + +# Mandatory Widget entry point file of the main unit +# -------------------------------------------------------------- +# This is the file that will be executed, loaded, +# at launch time by the application framework. +# +set(WIDGET_ENTRY_POINT EntryPoint_Path_Not_Set) + +# Optional dependencies order +# --------------------------- +#set(EXTRA_DEPENDENCIES_ORDER) + +# Optional Extra global include path +# ----------------------------------- +#set(EXTRA_INCLUDE_DIRS) + +# Optional extra libraries +# ------------------------- +#set(EXTRA_LINK_LIBRARIES) + +# Optional force binding installation +# ------------------------------------ +# set(BINDINGS_INSTALL_PREFIX PrefixPath ) + +# Optional force binding Linking flag +# ------------------------------------ +# set(BINDINGS_LINK_FLAG LinkOptions ) + +# Optional force package prefix generation, like widget +# ----------------------------------------------------- +# set(PKG_PREFIX DestinationPath) + +# Optional Application Framework security token +# and port use for remote debugging. +#------------------------------------------------------------ +#set(AFB_TOKEN "" CACHE PATH "Default AFB_TOKEN") +#set(AFB_REMPORT "1234" CACHE PATH "Default AFB_TOKEN") + +# This include is mandatory and MUST happens at the end +# of this file, else you expose you to unexpected behavior +# ----------------------------------------------------------- +include(${PROJECT_APP_TEMPLATES_DIR}/cmake/common.cmake) diff --git a/ll-store-binding/src/CMakeLists.txt b/ll-store-binding/src/CMakeLists.txt new file mode 100644 index 0000000..b447f98 --- /dev/null +++ b/ll-store-binding/src/CMakeLists.txt @@ -0,0 +1,16 @@ +PROJECT_TARGET_ADD(ll-store-binding) + +list(APPEND link_libraries "/usr/lib64/liblmdb.so") +add_library(ll-store-binding MODULE ll-store-binding.c) + +set_target_properties(ll-store-binding PROPERTIES + PREFIX "afb-" + LABELS "BINDING" + LINK_FLAGS ${BINDINGS_LINK_FLAG} + OUTPUT_NAME ${TARGET_NAME}) + +target_link_libraries(ll-store-binding ${link_libraries}) + +install( + TARGETS ll-store-binding + LIBRARY DESTINATION ${BINDINGS_INSTALL_DIR}) diff --git a/ll-store-binding/src/export.map b/ll-store-binding/src/export.map new file mode 100644 index 0000000..ee2f413 --- /dev/null +++ b/ll-store-binding/src/export.map @@ -0,0 +1 @@ +{ global: afbBindingV*; local: *; }; diff --git a/ll-store-binding/src/ll-store-binding.c b/ll-store-binding/src/ll-store-binding.c new file mode 100644 index 0000000..fd65552 --- /dev/null +++ b/ll-store-binding/src/ll-store-binding.c @@ -0,0 +1,269 @@ +#define _GNU_SOURCE +#include <stdio.h> +#include <string.h> +#include <json-c/json.h> +#include <lmdb.h> + +#define AFB_BINDING_VERSION 2 +#include <afb/afb-binding.h> + +#define DB_FILE "/home/agl/projects/ll-store-binding/build/src/ll-store-binding.lmdb" + +MDB_env* dbenv; + +/// @brief Get a string from a json object. +/// @param[in] obj Json object from wich the string is queried. +/// @param[in] name Name of the string to get. +/// @return +const char* get_json_string(struct json_object* obj, const char* name) +{ + if (!obj || !name || !strlen(name)) return NULL; + + struct json_object* item = NULL; + if (!json_object_object_get_ex(obj, name, &item) || !item) return NULL; + + return json_object_get_string(item); +} + +char* make_key(const char* username, const char* appname, const char* tagname) +{ + size_t sz_username = username ? strlen(username) : 0; + size_t sz_appname = appname ? strlen(appname) : 0; + size_t sz_tagname = tagname ? strlen(tagname) : 0; + size_t sz_total = sz_username + sz_appname + sz_tagname + 3; + + char* result = (char*)malloc(sz_total); + memset(result, sz_total, 0); + + strcpy(result, username); + result[sz_username] = '.'; + + strcpy(result + sz_username + 1, appname); + result[sz_username + 1 + sz_appname] = '.'; + + strcpy(result + sz_username + 1 + sz_appname + 1, tagname); + + return result; +} + +static void verb_get(struct afb_req req) +{ + int r; + struct json_object* args = afb_req_json(req); + + AFB_INFO("args:\n%s\n", json_object_to_json_string_ext(args, JSON_C_TO_STRING_PRETTY)); + + const char* username = get_json_string(args, "username"); + const char* appname = get_json_string(args, "appname"); + const char* tagname = get_json_string(args, "tagname"); + + if (!username || !appname || !tagname) + { + AFB_ERROR("[store] username, appname and tagname must be provided!"); + afb_req_fail(req, "username, appname and tagname must be provided!", NULL); + return; + } + + char* keyname = make_key(username, appname, tagname); + + MDB_txn* txn; + r = mdb_txn_begin(dbenv, NULL, 0, &txn); + if (r) + { + free(keyname); + AFB_ERROR("Failed to begin a transaction!"); + afb_req_fail(req, "Failed to begin a transaction!", NULL); + return; + } + + MDB_dbi dbi; + r = mdb_dbi_open(txn, NULL, 0, &dbi); + if (r) + { + free(keyname); + mdb_txn_abort(txn); + AFB_ERROR("Failed to open the database!"); + afb_req_fail(req, "Failed to open the database!", NULL); + return; + } + + MDB_val k; + MDB_val v; + k.mv_size = strlen(keyname) + 1; + k.mv_data = keyname; + + if(mdb_get(txn, dbi, &k, &v)) + { + free(keyname); + mdb_txn_abort(txn); + mdb_dbi_close(dbenv, dbi); + AFB_ERROR("Failed to get the data!"); + afb_req_fail(req, "Failed to get the data!", NULL); + return; + } + + char* value = strndup(v.mv_data, v.mv_size + 1); + if(mdb_txn_commit(txn)) + { + free(keyname); + free(value); + mdb_dbi_close(dbenv, dbi); + AFB_ERROR("Failed to commit the transaction!"); + return; + } + + json_object* result = json_object_new_object(); + json_object_object_add(result, "key", json_object_new_string(keyname)); + json_object_object_add(result, "value", json_object_new_string(value)); + afb_req_success(req, result, NULL); + + free(value); + free(keyname); + return; +} + +static void verb_set(struct afb_req req) +{ + int r; + struct json_object* args = afb_req_json(req); + + AFB_INFO("args:\n%s\n", json_object_to_json_string_ext(args, JSON_C_TO_STRING_PRETTY)); + + const char* username = get_json_string(args, "username"); + const char* appname = get_json_string(args, "appname"); + const char* tagname = get_json_string(args, "tagname"); + const char* value = get_json_string(args, "value"); + + if (!username || !appname || !tagname) + { + AFB_ERROR("[store] username, appname and tagname must be provided!"); + afb_req_fail(req, "username, appname and tagname must be provided!", NULL); + return; + } + + char* keyname = make_key(username, appname, tagname); + + MDB_txn* txn; + r = mdb_txn_begin(dbenv, NULL, 0, &txn); + if (r) + { + free(keyname); + AFB_ERROR("Failed to begin a transaction!"); + afb_req_fail(req, "Failed to begin a transaction!", NULL); + return; + } + + MDB_dbi dbi; + r = mdb_dbi_open(txn, NULL, 0, &dbi); + if (r) + { + free(keyname); + mdb_txn_abort(txn); + AFB_ERROR("Failed to open the database!"); + afb_req_fail(req, "Failed to open the database!", NULL); + return; + } + + MDB_val k; + MDB_val v; + k.mv_size = strlen(keyname) + 1; + k.mv_data = keyname; + v.mv_size = value ? strlen(value) + 1 : 0; + v.mv_data = value; + + if(mdb_put(txn, dbi, &k, &v, 0)) + { + free(keyname); + mdb_txn_abort(txn); + mdb_dbi_close(dbenv, dbi); + AFB_ERROR("Failed to get the data!"); + afb_req_fail(req, "Failed to get the data!", NULL); + return; + } + + if(mdb_txn_commit(txn)) + { + free(keyname); + mdb_dbi_close(dbenv, dbi); + AFB_ERROR("Failed to commit the transaction!"); + return; + } + + json_object* result = json_object_new_object(); + json_object_object_add(result, "key", json_object_new_string(keyname)); + json_object_object_add(result, "value", json_object_new_string(value)); + afb_req_success(req, result, NULL); + + free(keyname); + return; +} + +int ll_store_preinit() +{ + int r = mdb_env_create(&dbenv); + if (r) + { + AFB_INFO("Failed to create MDB environment!"); + dbenv = NULL; + return r; + } + + r = mdb_env_open(dbenv, "/home/agl/ll-store-binding.lmdb", MDB_NOSUBDIR, 0644); + if (r) + { + mdb_env_close(dbenv); + dbenv = NULL; + AFB_INFO("Failed to open MDB environment!"); + return r; + } + +/* + MDB_txn* txn; + r = mdb_txn_begin(dbenv, NULL, 0, &txn); + if (r) + { + mdb_env_close(dbenv); + dbenv = NULL; + AFB_INFO("Failed to begin a transaction!"); + return r; + } + + MDB_dbi dbi; + r = mdb_dbi_open(txn, NULL, 0, &dbi); + if (r) + { + mdb_env_close(dbenv); + AFB_INFO("Failed to open the database!"); + dbenv = NULL; + } +*/ + return 0; +} + +static const afb_verb_v2 _ll_store_binding_verbs[]= { + { + .verb = "get", + .callback = verb_get, + .auth = NULL, + .info = NULL, + .session = AFB_SESSION_NONE_V2 + }, + { + .verb = "set", + .callback = verb_set, + .auth = NULL, + .info = NULL, + .session = AFB_SESSION_NONE_V2 + }, + { .verb=NULL} +}; + +const struct afb_binding_v2 afbBindingV2 = { + .api = "ll-store", + .specification = NULL, + .verbs = _ll_store_binding_verbs, + .preinit = ll_store_preinit, + .init = NULL, + .onevent = NULL, + .noconcurrency = 0 +}; diff --git a/ll-store-binding/start.sh b/ll-store-binding/start.sh new file mode 100755 index 0000000..936400b --- /dev/null +++ b/ll-store-binding/start.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +afb-daemon --port=9001 --token='' --binding=/home/agl/projects/ll-store-binding/build/src/afb-ll-store-binding.so --verbose diff --git a/ll-store-binding/store.sh b/ll-store-binding/store.sh new file mode 100755 index 0000000..d2dfbc7 --- /dev/null +++ b/ll-store-binding/store.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +case "$1" in + "get") + if [ "$#" -ne "4" ]; then + echo "Usage: store get <user> <app> <tag>" + exit 1 + fi + curl -v "http://localhost:9001/api/ll-store/get?username=$2&appname=$3&tagname=$4&token=" + ;; + "set") + if [ "$#" -ne "5" ]; then + echo "Usage: store get <user> <app> <tag> <value>" + exit 1 + fi + curl -v "http://localhost:9001/api/ll-store/set?username=$2&appname=$3&tagname=$4&value=$5&token=" + ;; + *) + echo "Usage: store <action> <user> <app> <tag> <value>" + echo " Action can be 'get' or 'set'." + ;; +esac + diff --git a/pam/CMakeLists.txt b/pam/CMakeLists.txt deleted file mode 100644 index 5d2de63..0000000 --- a/pam/CMakeLists.txt +++ /dev/null @@ -1,11 +0,0 @@ - -# Add PAM dependency -# FIXME: Require PAM, but it's seems there is no find_package. -set(PAM_INCLUDE_DIR "/usr/include/") -set(PAM_LIB "/lib64/libpam.so.0") -include_directories(${PAM_INCLUDE_DIR}) - -# Add the target -add_library(agl-identity-usbstick-pam SHARED agl-identity-usbstick-pam.c) -target_link_libraries(agl-identity-usbstick-pam ${PAM_LIB}) -set_property(TARGET agl-identity-usbstick-pam PROPERTY POSITION_IDENPENDENT_CODE ON) diff --git a/pam/agl-identity-usbstick-pam.c b/pam/agl-identity-usbstick-pam.c deleted file mode 100644 index 74b3051..0000000 --- a/pam/agl-identity-usbstick-pam.c +++ /dev/null @@ -1,36 +0,0 @@ -#define PAM_SM_AUTH -#define PAM_SM_ACCOUNT -#define PAM_SM_SESSION -#define PAM_SM_PASSWORD -#include <security/pam_modules.h> - -PAM_EXTERN int pam_sm_authenticate(pam_handle_t* pamh, int flags, int argc, const char** argv) -{ - return PAM_SUCCESS; -} - -PAM_EXTERN int pam_sm_setcred(pam_handle_t* pamh, int flags, int argc, const char** argv) -{ - return PAM_SUCCESS; -} - -PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const char** argv) -{ - return PAM_SUCCESS; -} - -PAM_EXTERN int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char** argv) -{ - return PAM_SUCCESS; -} - -PAM_EXTERN int pam_sm_close_session(pam_handle_t* pamh, int flags, int argc, const char** argv) -{ - return PAM_SUCCESS; -} - -PAM_EXTERN int pam_sm_chauthtok(pam_handle_t* pamh, int flags, int argc, const char** argv) -{ - return PAM_SUCCESS; -} - diff --git a/pam_agl/CMakeLists.txt b/pam_agl/CMakeLists.txt new file mode 100644 index 0000000..564a025 --- /dev/null +++ b/pam_agl/CMakeLists.txt @@ -0,0 +1,28 @@ +cmake_minimum_required(VERSION 3.1) +project(pam_agl) + +include(FindPkgConfig) + +# Require PAM but there is no find_package +set(PAM_INCLUDE_DIR "/usr/include/") +set(PAM_LIBRARY "/lib64/libpam.so.0") +include_directories(${PAM_INCLUDE_DIR}) + +# Find json-c +pkg_check_modules(${JSON_C} REQUIRED json-c) +include_directories(${${JSON_C}_INCLUDE_DIRS}) +add_compile_options(${${JSON_C}_CFLAGS}) + +# Add the target +add_library(pam_agl SHARED pam_agl.c) +target_link_libraries(pam_agl ${PAM_LIBRARY} ${${JSON_C}_LIBRARIES}) +#list (APPEND link_libraries ${${JSON_C}_LDFLAGS}) +set_property(TARGET pam_agl PROPERTY POSITION_INDEPENDENT_CODE ON) +set_property(TARGET pam_agl PROPERTY PREFIX "") + +if (NOT DEFINED CMAKE_INSTALL_LIBDIR) + get_filename_component(CMAKE_INSTALL_LIBDIR ${PAM_LIBRARY} DIRECTORY) +endif() + +install(TARGETS pam_agl + LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}/security/") diff --git a/pam_agl/pam_agl.c b/pam_agl/pam_agl.c new file mode 100644 index 0000000..3e246e4 --- /dev/null +++ b/pam_agl/pam_agl.c @@ -0,0 +1,160 @@ +#include <fcntl.h> +#include <stdarg.h> +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <uuid/uuid.h> +#include <json-c/json.h> + +#define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#define PAM_SM_SESSION +#define PAM_SM_PASSWORD +#include <security/pam_modules.h> +#include <security/pam_appl.h> + +#define BLOCK_SIZE 4096 +typedef struct header_ +{ + char mn[4]; + size_t size; +} header; + +int is_valid_mn(const char* v) +{ + return v && v[0] == 'I' && v[1] == 'D' && v[2] == 'K' && v[3] == 'Y'; +} + +void pam_putenv_ex(pam_handle_t* pamh, const char* name, const char* value) +{ + char result[4096]; + strcpy(result, name); + + int offset = strlen(name); + result[offset] = '='; + + strcpy(result + offset + 1, value); + + pam_putenv(pamh, result); +} + +int check_device(pam_handle_t* pamh, const char* device) +{ + printf("[PAM DEBUG]: check_device %s...\n", device); + int fd = open(device, O_RDONLY); + if (fd == -1) + { + printf("[PAM DEBUG]: Failed to open the device %s!\n", device); + return PAM_SERVICE_ERR; + } + + header h; + ssize_t sz = read(fd, &h, sizeof(header)); + if (sz != sizeof(header) || !is_valid_mn(h.mn) || h.size < 1) { close(fd); printf("[PAM DEBUG]: bad header!\n"); return PAM_SERVICE_ERR; } + printf("[PAM DEBUG]: data size=%d\n", h.size); + + char* idkey = (char*)malloc(h.size + 1); + if (!idkey) { close(fd); printf("[PAM DEBUG] Bad alloc!\n"); return PAM_SERVICE_ERR; } + + memset(idkey, 0, h.size + 1); + size_t count = read(fd, idkey, h.size); + close(fd); + + if (count != h.size) { free(idkey); printf("[PAM DEBUG] Bad data read!\n"); return PAM_SERVICE_ERR; } + printf("[PAM DEBUG] Data read:\n%s\n", idkey); + + json_object* idkey_json = json_tokener_parse(idkey); + if (!idkey_json) { free(idkey); printf("[PAM DEBUG] Failed to parse json data!\n"); return PAM_SERVICE_ERR; } + + json_object* uuid_json; + if(!json_object_object_get_ex(idkey_json, "uuid", &uuid_json)) { free(idkey); printf("[PAM DEBUG]: The json does not contains a valid uuid\n"); return PAM_SERVICE_ERR; } + + const char* uuid = json_object_get_string(uuid_json); + printf("[PAM DEBUG] uuid: %s\n", uuid); + + // TODO: Check if the uuid is accepted + const char* const ids[] = { + "4f29e9ea-600a-11e7-8331-c70192ecfa55", + "13126524-6256-11e7-be33-3f4e4481a8c9", + NULL + }; + + int i = 0; + while(ids[i]) + { + if (!strcmp(ids[i], uuid)) + { + printf("[PAM DEBUG] pam_set_item(\"%s\")\n", uuid); + pam_set_item(pamh, PAM_USER, uuid); + + const char* pam_authtok; + if (pam_get_item(pamh, PAM_AUTHTOK, (const void**)&pam_authtok) == PAM_SUCCESS && !pam_authtok) + pam_set_item(pamh, PAM_AUTHTOK, uuid); + + return PAM_SUCCESS; + } + ++i; + } + + return PAM_AUTH_ERR; +} + +void log_pam(const char* fname, int flags, int argc, const char** argv, const char* device) +{ + printf("[PAM DEBUG]: ---------- %s ----------\n", fname); + printf("[PAM DEBUG]: flags: %d\n", flags); + for(int i = 0; i < argc; ++i) + { + printf("[PAM DEBUG]: argv[%d]: %s\n", i, argv[i]); + } + printf("[PAM DEBUG]: device: %s\n", device); + printf("[PAM DEBUG]: ----------------------------------------\n"); +} + +/*! + @brief The pam_sm_authenticate function is the service module's implementation + of the pam_authenticate(3) interface. + This function performs the task of authenticating the user. + + @param[in] pamh Unknown. + @param[in] flags PAM_SILENT and/or PAM_DISALLOW_NULL_AUTHTOK. + @return PAM_SUCCESS if ok. +*/ +PAM_EXTERN int pam_sm_authenticate(pam_handle_t* pamh, int flags, int argc, const char** argv) +{ + const char* device = pam_getenv(pamh, "DEVICE"); + log_pam("pam_sm_authenticate", flags, argc, argv, device); + return check_device(pamh, device); +} + +PAM_EXTERN int pam_sm_setcred(pam_handle_t* pamh, int flags, int argc, const char** argv) +{ + log_pam("pam_sm_setcred", flags, argc, argv, pam_getenv(pamh, "DEVICE")); + return PAM_SUCCESS; +} + +PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t* pamh, int flags, int argc, const char** argv) +{ + log_pam("pam_sm_acct_mgmt", flags, argc, argv, pam_getenv(pamh, "DEVICE")); + return PAM_SUCCESS; +} + +PAM_EXTERN int pam_sm_open_session(pam_handle_t* pamh, int flags, int argc, const char** argv) +{ + log_pam("pam_sm_open_session", flags, argc, argv, pam_getenv(pamh, "DEVICE")); + return PAM_SUCCESS; +} + +PAM_EXTERN int pam_sm_close_session(pam_handle_t* pamh, int flags, int argc, const char** argv) +{ + log_pam("pam_sm_close_session", flags, argc, argv, pam_getenv(pamh, "DEVICE")); + return PAM_SUCCESS; +} + +PAM_EXTERN int pam_sm_chauthtok(pam_handle_t* pamh, int flags, int argc, const char** argv) +{ + log_pam("pam_sm_chauthtok", flags, argc, argv, pam_getenv(pamh, "DEVICE")); + return PAM_SUCCESS; +} diff --git a/samples/etc/udev/rules.d/99-agl-identity.rules b/samples/etc/udev/rules.d/99-agl-identity.rules deleted file mode 100644 index f0dcd79..0000000 --- a/samples/etc/udev/rules.d/99-agl-identity.rules +++ /dev/null @@ -1,2 +0,0 @@ -SUBSYSTEM=="usb", ACTION=="add", RUN+="/bin/bash ~/agl-identity/udev-script.sh add '%p'" -SUBSYSTEM=="usb", ACTION=="remove", RUN+="/bin/bash ~/agl-identity/udev-script.sh remove '%p'"
\ No newline at end of file |