first somewhat working version.

Change-Id: I3101dc6b8add87eccac3bbf177b1320137f72463
Signed-off-by: Loïc Collignon <loic.collignon@iot.bzh>

11 files changed, 713 insertions, 0 deletions

diff --git a/ll-auth-binding/CMakeLists.txt b/ll-auth-binding/CMakeLists.txt
new file mode 100644
index 0000000..3784ade
--- /dev/null
+++ b/ll-auth-binding/CMakeLists.txt
@@ -0,0 +1,3 @@
+cmake_minimum_required(VERSION 3.3)
+
+include(${CMAKE_CURRENT_SOURCE_DIR}/conf.d/cmake/config.cmake)
diff --git a/ll-auth-binding/conf.d/cmake/config.cmake b/ll-auth-binding/conf.d/cmake/config.cmake
new file mode 100644
index 0000000..5b4f664
--- /dev/null
+++ b/ll-auth-binding/conf.d/cmake/config.cmake
@@ -0,0 +1,149 @@
+###########################################################################
+# Copyright 2015, 2016, 2017 IoT.bzh
+#
+# author: Fulup Ar Foll <fulup@iot.bzh>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###########################################################################
+
+# Project Info
+# ------------------
+set(PROJECT_NAME ll-auth-binding)
+set(PROJECT_VERSION "0.1")
+set(PROJECT_PRETTY_NAME "Low Level Auth Binding")
+set(PROJECT_DESCRIPTION "A low level binding to log users in and out.")
+set(PROJECT_URL "")
+set(PROJECT_ICON "icon.png")
+set(PROJECT_AUTHOR "Collignon, Loïc")
+set(PROJECT_AUTHOR_MAIL "loic.collignon@iot.bzh")
+set(PROJECT_LICENSE "APL2.0")
+set(PROJECT_LANGUAGES,"C")
+
+# Where are stored default templates files from submodule or subtree app-templates in your project tree
+# relative to the root project directory
+set(PROJECT_APP_TEMPLATES_DIR "conf.d/app-templates")
+
+# Where are stored your external libraries for your project. This is 3rd party library that you don't maintain
+# but used and must be built and linked.
+# set(PROJECT_LIBDIR "libs")
+
+# Where are stored data for your application. Pictures, static resources must be placed in that folder.
+# set(PROJECT_RESOURCES "data")
+
+# Which directories inspect to find CMakeLists.txt target files
+# set(PROJECT_SRC_DIR_PATTERN "*")
+
+# Compilation Mode (DEBUG, RELEASE)
+# ----------------------------------
+set(CMAKE_BUILD_TYPE "DEBUG")
+
+# Kernel selection if needed. Impose a minimal version.
+# NOTE FOR NOW IT CHECKS KERNEL Yocto SDK Kernel version
+# else only HOST VERSION
+# -----------------------------------------------
+#set (kernel_minimal_version 4.8)
+
+# Compiler selection if needed. Impose a minimal version.
+# -----------------------------------------------
+set (gcc_minimal_version 4.9)
+
+# PKG_CONFIG required packages
+# -----------------------------
+set (PKG_REQUIRED_LIST
+	json-c
+	libsystemd>=222
+	afb-daemon
+	libmicrohttpd>=0.9.55
+)
+
+# Static constante definition
+# -----------------------------
+add_compile_options()
+
+# LANG Specific compile flags set for all build types
+set(CMAKE_C_FLAGS "")
+set(CMAKE_CXX_FLAGS "")
+
+# Print a helper message when every thing is finished
+# ----------------------------------------------------
+#set(CLOSING_MESSAGE "")
+#set(PACKAGE_MESSAGE "Install widget file using in the target : afm-util install ${PROJECT_NAME}.wgt")
+
+# (BUG!!!) as PKG_CONFIG_PATH does not work [should be an env variable]
+# ---------------------------------------------------------------------
+set(CMAKE_INSTALL_PREFIX $ENV{HOME}/opt)
+set(CMAKE_PREFIX_PATH ${CMAKE_PREFIX_PATH} ${CMAKE_INSTALL_PREFIX}/lib64/pkgconfig ${CMAKE_INSTALL_PREFIX}/lib/pkgconfig)
+set(LD_LIBRARY_PATH ${CMAKE_INSTALL_PREFIX}/lib64 ${CMAKE_INSTALL_PREFIX}/lib)
+
+# Optional location for config.xml.in
+# -----------------------------------
+#set(WIDGET_CONFIG_TEMPLATE ${CMAKE_CURRENT_SOURCE_DIR}/conf.d/config.xml.in)
+
+# Mandatory widget Mimetype specification of the main unit
+# --------------------------------------------------------------------------
+# Choose between :
+#- text/html : HTML application,
+#	content.src designates the home page of the application
+#
+#- application/vnd.agl.native : AGL compatible native,
+#	content.src designates the relative path of the binary.
+#
+# - application/vnd.agl.service: AGL service, content.src is not used.
+#
+#- ***application/x-executable***: Native application,
+#	content.src designates the relative path of the binary.
+#	For such application, only security setup is made.
+#
+set(WIDGET_TYPE MimeType_Not_Set)
+
+# Mandatory Widget entry point file of the main unit
+# --------------------------------------------------------------
+# This is the file that will be executed, loaded,
+# at launch time by the application framework.
+#
+set(WIDGET_ENTRY_POINT EntryPoint_Path_Not_Set)
+
+# Optional dependencies order
+# ---------------------------
+#set(EXTRA_DEPENDENCIES_ORDER)
+
+# Optional Extra global include path
+# -----------------------------------
+#set(EXTRA_INCLUDE_DIRS)
+
+# Optional extra libraries
+# -------------------------
+#set(EXTRA_LINK_LIBRARIES)
+
+# Optional force binding installation
+# ------------------------------------
+# set(BINDINGS_INSTALL_PREFIX PrefixPath )
+
+# Optional force binding Linking flag
+# ------------------------------------
+# set(BINDINGS_LINK_FLAG LinkOptions )
+
+# Optional force package prefix generation, like widget
+# -----------------------------------------------------
+# set(PKG_PREFIX DestinationPath)
+
+# Optional Application Framework security token
+# and port use for remote debugging.
+#------------------------------------------------------------
+#set(AFB_TOKEN   ""      CACHE PATH "Default AFB_TOKEN")
+#set(AFB_REMPORT "1234" CACHE PATH "Default AFB_TOKEN")
+
+# This include is mandatory and MUST happens at the end
+# of this file, else you expose you to unexpected behavior
+# -----------------------------------------------------------
+include(${PROJECT_APP_TEMPLATES_DIR}/cmake/common.cmake)
diff --git a/ll-auth-binding/htdocs/AFB-websock.js b/ll-auth-binding/htdocs/AFB-websock.js
new file mode 100644
index 0000000..08a7ffe
--- /dev/null
+++ b/ll-auth-binding/htdocs/AFB-websock.js
@@ -0,0 +1,174 @@
+AFB = function(base, initialtoken){
+
+var urlws = "ws://"+window.location.host+"/"+base;
+var urlhttp = "http://"+window.location.host+"/"+base;
+
+/*********************************************/
+/****                                     ****/
+/****             AFB_context             ****/
+/****                                     ****/
+/*********************************************/
+var AFB_context;
+{
+	var UUID = undefined;
+	var TOKEN = initialtoken;
+
+	var context = function(token, uuid) {
+		this.token = token;
+		this.uuid = uuid;
+	}
+
+	context.prototype = {
+		get token() {return TOKEN;},
+		set token(tok) {if(tok) TOKEN=tok;},
+		get uuid() {return UUID;},
+		set uuid(id) {if(id) UUID=id;}
+	};
+
+	AFB_context = new context();
+}
+/*********************************************/
+/****                                     ****/
+/****             AFB_websocket           ****/
+/****                                     ****/
+/*********************************************/
+var AFB_websocket;
+{
+	var CALL = 2;
+	var RETOK = 3;
+	var RETERR = 4;
+	var EVENT = 5;
+
+	var PROTO1 = "x-afb-ws-json1";
+
+	AFB_websocket = function(onopen, onabort) {
+		var u = urlws;
+		if (AFB_context.token) {
+			u = u + '?x-afb-token=' + AFB_context.token;
+			if (AFB_context.uuid)
+				u = u + '&x-afb-uuid=' + AFB_context.uuid;
+		}
+		this.ws = new WebSocket(u, [ PROTO1 ]);
+		this.pendings = {};
+		this.awaitens = {};
+		this.counter = 0;
+		this.ws.onopen = onopen.bind(this);
+		this.ws.onerror = onerror.bind(this);
+		this.ws.onclose = onclose.bind(this);
+		this.ws.onmessage = onmessage.bind(this);
+		this.onopen = onopen;
+		this.onabort = onabort;
+		this.onclose = onabort;
+	}
+
+	function onerror(event) {
+		var f = this.onabort;
+		if (f) {
+			delete this.onopen;
+			delete this.onabort;
+			f && f(this);
+		}
+		this.onerror && this.onerror(this);
+	}
+
+	function onopen(event) {
+		var f = this.onopen;
+		delete this.onopen;
+		delete this.onabort;
+		f && f(this);
+	}
+
+	function onclose(event) {
+		for (var id in this.pendings) {
+			var ferr = this.pendings[id].onerror;
+			ferr && ferr(null, this);
+		}
+		this.pendings = {};
+		this.onclose && this.onclose();
+	}
+
+	function fire(awaitens, name, data) {
+		var a = awaitens[name];
+		if (a)
+			a.forEach(function(handler){handler(data);});
+		var i = name.indexOf("/");
+		if (i >= 0) {
+			a = awaitens[name.substring(0,i)];
+			if (a)
+				a.forEach(function(handler){handler(data);});
+		}
+		a = awaitens["*"];
+		if (a)
+			a.forEach(function(handler){handler(data);});
+	}
+
+	function reply(pendings, id, ans, offset) {
+		if (id in pendings) {
+			var p = pendings[id];
+			delete pendings[id];
+			var f = p[offset];
+			f(ans);
+		}
+	}
+
+	function onmessage(event) {
+		var obj = JSON.parse(event.data);
+		var code = obj[0];
+		var id = obj[1];
+		var ans = obj[2];
+		AFB_context.token = obj[3];
+		switch (code) {
+		case RETOK:
+			reply(this.pendings, id, ans, 0);
+			break;
+		case RETERR:
+			reply(this.pendings, id, ans, 1);
+			break;
+		case EVENT:
+		default:
+			fire(this.awaitens, id, ans);
+			break;
+		}
+	}
+
+	function close() {
+		this.ws.close();
+                this.onabort();
+	}
+
+	function call(method, request) {
+		return new Promise((function(resolve, reject){
+			var id, arr;
+			do {
+			   id = String(this.counter = 4095 & (this.counter + 1));
+			} while (id in this.pendings);
+			this.pendings[id] = [ resolve, reject ];
+			arr = [CALL, id, method, request ];
+			if (AFB_context.token) arr.push(AFB_context.token);
+			this.ws.send(JSON.stringify(arr));
+		}).bind(this));
+	}
+
+	function onevent(name, handler) {
+		var id = name;
+		var list = this.awaitens[id] || (this.awaitens[id] = []);
+		list.push(handler);
+	}
+
+	AFB_websocket.prototype = {
+		close: close,
+		call: call,
+		onevent: onevent
+	};
+}
+/*********************************************/
+/****                                     ****/
+/****                                     ****/
+/****                                     ****/
+/*********************************************/
+return {
+	context: AFB_context,
+	ws: AFB_websocket
+};
+};
+
diff --git a/ll-auth-binding/htdocs/CMakeLists.txt b/ll-auth-binding/htdocs/CMakeLists.txt
new file mode 100644
index 0000000..5bdb47f
--- /dev/null
+++ b/ll-auth-binding/htdocs/CMakeLists.txt
@@ -0,0 +1,43 @@
+###########################################################################
+# Copyright 2015, 2016, 2017 IoT.bzh
+#
+# author: Fulup Ar Foll <fulup@iot.bzh>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###########################################################################
+
+
+
+##################################################
+# HTML Testing Files
+##################################################
+PROJECT_TARGET_ADD(www_test)
+
+    file(GLOB SOURCE_FILES "*.html" "*.js" "*.jpg")
+
+    add_custom_target(${TARGET_NAME}
+       DEPENDS  ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME}
+    )
+
+    add_custom_command(
+       DEPENDS  ${SOURCE_FILES}
+       OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME}
+       COMMAND mkdir -p ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME}
+       COMMAND touch ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME}
+       COMMAND cp -r ${SOURCE_FILES} ${CMAKE_CURRENT_BINARY_DIR}/${TARGET_NAME}
+    )
+
+    SET_TARGET_PROPERTIES(${TARGET_NAME} PROPERTIES
+	LABELS "HTDOCS"
+	OUTPUT_NAME ${TARGET_NAME}
+    )
diff --git a/ll-auth-binding/htdocs/IdentityBinding.js b/ll-auth-binding/htdocs/IdentityBinding.js
new file mode 100644
index 0000000..5f9ea24
--- /dev/null
+++ b/ll-auth-binding/htdocs/IdentityBinding.js
@@ -0,0 +1,72 @@
+    var afb = new AFB("api", "mysecret");
+    var ws;
+    var evtidx=0;
+
+    function getParameterByName(name, url) {
+        if (!url) {
+          url = window.location.href;
+        }
+        name = name.replace(/[\[\]]/g, "\\$&");
+        var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),
+            results = regex.exec(url);
+        if (!results) return null;
+        if (!results[2]) return '';
+        return decodeURIComponent(results[2].replace(/\+/g, " "));
+    }
+
+    // default soundcard is "PCH"
+    var devid=getParameterByName("devid");
+    if (!devid) devid="hw:0";
+
+    var sndname=getParameterByName("sndname");
+    if (!sndname) sndname="PCH";
+
+    var quiet=getParameterByName("quiet");
+    if (!quiet) quiet="99";
+
+    function init() {
+            ws = new afb.ws(onopen, onabort);
+    }
+
+    function onopen() {
+            document.getElementById("main").style.visibility = "visible";
+            document.getElementById("connected").innerHTML = "Binder WS Active";
+            document.getElementById("connected").style.background  = "lightgreen";
+            ws.onevent("*", gotevent);
+    }
+
+    function onabort() {
+            document.getElementById("main").style.visibility = "hidden";
+            document.getElementById("connected").innerHTML = "Connected Closed";
+            document.getElementById("connected").style.background  = "red";
+
+    }
+
+    function replyok(obj) {
+            console.log("replyok:" + JSON.stringify(obj));
+            document.getElementById("output").innerHTML = "OK: "+JSON.stringify(obj);
+    }
+
+    function replyerr(obj) {
+            console.log("replyerr:" + JSON.stringify(obj));
+            document.getElementById("output").innerHTML = "ERROR: "+JSON.stringify(obj);
+    }
+
+    function gotevent(obj) {
+            console.log("gotevent:" + JSON.stringify(obj));
+            document.getElementById("outevt").innerHTML = (evtidx++) +": "+JSON.stringify(obj);
+    }
+
+    function send(message) {
+            var api = document.getElementById("api").value;
+            var verb = document.getElementById("verb").value;
+            document.getElementById("question").innerHTML = "subscribe: "+api+"/"+verb + " (" + JSON.stringify(message) +")";
+            ws.call(api+"/"+verb, {data:message}).then(replyok, replyerr);
+    }
+
+
+    function callbinder(api, verb, query) {
+            console.log ("subscribe api="+api+" verb="+verb+" query=" +query);
+            document.getElementById("question").innerHTML = "apicall: " + api+"/"+verb +" ("+ JSON.stringify(query)+")";
+            ws.call(api+"/"+verb, query).then(replyok, replyerr);
+    }
diff --git a/ll-auth-binding/htdocs/auth.html b/ll-auth-binding/htdocs/auth.html
new file mode 100644
index 0000000..6e0da89
--- /dev/null
+++ b/ll-auth-binding/htdocs/auth.html
@@ -0,0 +1,28 @@
+<html>
+    <head>
+        <title>ll-auth-binding test</title>
+        <script type="text/javascript" src="AFB-websock.js"></script>
+        <script type="text/javascript" src="IdentityBinding.js"></script>
+    </head>
+    
+    <body onload="init();">
+        <h1>Identity Binding</h1>
+        <button id="connected" onclick="init()">Binder WS Fail</button>
+        <br>
+        <ol>
+            <!--
+            <li><button onclick="callbinder('ll-auth','login', {})">login</button></li>
+            <li><button onclick="callbinder('ll-auth','logout', {})">logout</button></li>
+            -->
+            <li><button onclick="callbinder('ll-auth','getuser', {})">get user</button></li>
+        </ol>
+        <br>
+        <div id="main" style="visibility:hidden">
+            <ol>
+                <li>Question <div id="question"></div></li>
+                <li>Response <div id="output"></div></li>
+                <li>Events: <div id="outevt"></div>
+            </ol>
+        </div>
+    </body>
+</html>
\ No newline at end of file
diff --git a/ll-auth-binding/htdocs/index.html b/ll-auth-binding/htdocs/index.html
new file mode 100644
index 0000000..5eb0401
--- /dev/null
+++ b/ll-auth-binding/htdocs/index.html
@@ -0,0 +1,11 @@
+<html>
+  <head>
+    <title>Identity Binding tests</title>
+  </head>
+  <body>
+    <h1>Identity Binding tests</h1>
+    <ol>
+     <li><a href="auth.html">Auth</a></li>
+    </ol>
+  </body>
+</html>
diff --git a/ll-auth-binding/src/CMakeLists.txt b/ll-auth-binding/src/CMakeLists.txt
new file mode 100644
index 0000000..2b682bd
--- /dev/null
+++ b/ll-auth-binding/src/CMakeLists.txt
@@ -0,0 +1,21 @@
+PROJECT_TARGET_ADD(ll-auth-binding)
+
+# Require PAM but there is no find_package
+set(PAM_INCLUDE_DIR "/usr/include/")
+set(PAM_LIBRARY "/lib64/libpam.so.0")
+set(PAM_MISC_LIBRARY "/lib64/libpam_misc.so.0")
+include_directories(${PAM_INCLUDE_DIR})
+
+add_library(ll-auth-binding MODULE ll-auth-binding.c)
+
+set_target_properties(ll-auth-binding PROPERTIES
+	PREFIX "afb-"
+	LABELS "BINDING"
+	LINK_FLAGS ${BINDINGS_LINK_FLAG}
+	OUTPUT_NAME ${TARGET_NAME})
+
+target_link_libraries(ll-auth-binding ${link_libraries} ${PAM_LIBRARY} ${PAM_MISC_LIBRARY})
+
+install(
+	TARGETS ll-auth-binding
+	LIBRARY DESTINATION ${BINDINGS_INSTALL_DIR})
diff --git a/ll-auth-binding/src/export.map b/ll-auth-binding/src/export.map
new file mode 100644
index 0000000..ee2f413
--- /dev/null
+++ b/ll-auth-binding/src/export.map
@@ -0,0 +1 @@
+{ global: afbBindingV*; local: *; };
diff --git a/ll-auth-binding/src/ll-auth-binding.c b/ll-auth-binding/src/ll-auth-binding.c
new file mode 100644
index 0000000..e85d63a
--- /dev/null
+++ b/ll-auth-binding/src/ll-auth-binding.c
@@ -0,0 +1,208 @@
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <string.h>
+#include <json-c/json.h>
+#include <security/pam_appl.h>
+#include <security/pam_misc.h>
+
+#define AFB_BINDING_VERSION 2
+#include <afb/afb-binding.h>
+
+static struct pam_conv conv = { misc_conv, NULL };
+
+static char* current_device = NULL;
+static char* current_user = NULL;
+
+afb_event evt_login, evt_logout;
+
+/// @brief API's verb 'login'. Try to login a user using a device
+/// @param[in] req The request object. Should contains a json with a "device" key.
+static void verb_login(struct afb_req req)
+{
+	struct json_object* args = NULL;
+	struct json_object* device_object = NULL;
+	pam_handle_t* pamh;
+	int r;
+
+	if (current_user)
+	{
+		AFB_ERROR("[login] the current user must be logged out first!");
+		afb_req_fail(req, "current user must be logged out first!", NULL);
+		return;
+	}
+
+	args = afb_req_json(req);
+	if (args == NULL || !json_object_object_get_ex(args, "device", &device_object))
+	{
+		AFB_ERROR("[login] device must be provided!");
+		afb_req_fail(req, "device must be provided!", NULL);
+		return;
+	}
+
+	const char* device = json_object_get_string(device_object);
+
+	if ((r = pam_start("agl", NULL, &conv, &pamh)) != PAM_SUCCESS)
+	{
+		AFB_ERROR("PAM start failed!");
+		afb_req_fail(req, "PAM start failed!", NULL);
+		return;
+	}
+
+	char pam_variable[4096] = "DEVICE=";
+	strcat(pam_variable, device);
+	
+	if ((r = pam_putenv(pamh, pam_variable)) != PAM_SUCCESS)
+	{
+		AFB_ERROR("PAM putenv failed!");
+		afb_req_fail(req, "PAM putenv failed!", NULL);
+		pam_end(pamh, r);
+		return;
+	}
+
+	if ((r = pam_authenticate(pamh, 0)) != PAM_SUCCESS)
+	{
+		AFB_ERROR("PAM authenticate failed!");
+		afb_req_fail(req, "PAM authenticate failed!", NULL);
+		pam_end(pamh, r);
+		return;
+	}
+
+	if ((r = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS)
+	{
+		AFB_ERROR("PAM acct_mgmt failed!");
+		afb_req_fail(req, "PAM acct_mgmt failed!", NULL);
+		pam_end(pamh, r);
+		return;
+	}
+
+	const char* pam_user;
+	pam_get_item(pamh, PAM_USER, (const void**)&pam_user);
+	if (!pam_user)
+	{
+		AFB_ERROR("[login] No user provided by the PAM module!");
+		afb_req_fail(req, "No user provided by the PAM module!", NULL);
+		return;
+	}
+
+	current_device = strdup(device);
+	current_user = strdup(pam_user);
+
+	if ((r = pam_end(pamh, r)) != PAM_SUCCESS)
+	{
+		AFB_ERROR("PAM end failed!");
+		afb_req_fail(req, "PAM end failed!", NULL);
+		return;
+	}
+
+	AFB_INFO("[login] device: %s, user: %s", current_device, current_user);
+	json_object* result = json_object_new_object();
+	json_object_object_add(result, "device", json_object_new_string(current_device));
+	json_object_object_add(result, "user", json_object_new_string(current_user));
+	afb_req_success(req, NULL, current_device);
+	afb_event_broadcast(evt_login, result);
+}
+
+/// @brief API's verb 'lgout'. Try to logout a user using a device
+/// @param[in] req The request object. Should contains a json with a "device" key.
+static void verb_logout(struct afb_req req)
+{
+	struct json_object* args = NULL;
+	struct json_object* device_object = NULL;
+
+	args = afb_req_json(req);
+	if (args == NULL || !json_object_object_get_ex(args, "device", &device_object))
+	{
+		AFB_INFO("[logout] device must be provided!");
+		afb_req_fail(req, "device must be provided!", NULL);
+		return;
+	}
+
+	const char* device = json_object_get_string(device_object);
+	if (current_device && !strcmp(device, current_device))
+	{
+		free(current_device);
+		current_device = NULL;
+		if (current_user)
+		{
+			free(current_user);
+			current_user = NULL;
+			AFB_INFO("[logout] device: %s", device);
+			afb_req_success(req, NULL, device);
+			afb_event_broadcast(evt_logout, NULL);
+			return;
+		}
+		else
+		{
+			AFB_INFO("No user was linked to this device!");
+			afb_req_fail(req, "No user was linked to this device!", NULL);
+			return;
+		}
+	}
+
+	AFB_INFO("The unplugged device wasn't the user key!");
+	afb_req_fail(req, "The unplugged device wasn't the user key!", NULL);
+}
+
+static void verb_getuser(struct afb_req req)
+{
+	if (!current_device || !current_user)
+	{
+		afb_req_fail(req, "there is no logged user!", NULL);
+		return;
+	}
+
+	json_object* result = json_object_new_object();
+	json_object_object_add(result, "user", json_object_new_string(current_user));
+	json_object_object_add(result, "device", json_object_new_string(current_device));
+
+	afb_req_success(req, result, NULL);
+}
+
+int ll_auth_init()
+{
+	current_user = NULL;
+	current_device = NULL;
+	evt_login = afb_daemon_make_event("login");
+	evt_logout = afb_daemon_make_event("logout");
+
+	if (afb_event_is_valid(evt_login) && afb_event_is_valid(evt_logout))
+		return 0;
+
+	AFB_ERROR("Can't create events");
+		return -1;
+}
+
+static const afb_verb_v2 _ll_auth_binding_verbs[]= {
+	{
+		.verb = "login",
+		.callback = verb_login,
+		.auth = NULL,
+		.info = NULL,
+		.session = AFB_SESSION_NONE_V2
+	},
+	{
+		.verb = "logout",
+		.callback = verb_logout,
+		.auth = NULL,
+		.info = NULL,
+		.session = AFB_SESSION_NONE_V2
+	},
+	{
+		.verb = "getuser",
+		.callback = verb_getuser,
+		.auth = NULL,
+		.info = NULL,
+		.session = AFB_SESSION_NONE_V2
+	},
+	{ .verb=NULL}
+};
+
+const struct afb_binding_v2 afbBindingV2 = {
+		.api = "ll-auth",
+		.specification = NULL,
+		.verbs = _ll_auth_binding_verbs,
+		.preinit = ll_auth_init,
+		.init = NULL,
+		.onevent = NULL,
+		.noconcurrency = 0
+};
diff --git a/ll-auth-binding/start.sh b/ll-auth-binding/start.sh
new file mode 100755
index 0000000..3842372
--- /dev/null
+++ b/ll-auth-binding/start.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+afb-daemon --port=9000 --token='' --binding=/home/agl/projects/ll-auth-binding/build/src/afb-ll-auth-binding.so --verbose --roothttp=/home/agl/projects/ll-auth-binding/htdocs