diff options
| author |   Romain Forlot <romain.forlot@iot.bzh> | 2017-07-13 18:47:18 +0200 |
|---|---|---|
| committer | Romain Forlot <romain.forlot@iot.bzh> | 2017-07-21 12:02:11 +0200 |
| commit | 0dc8b87f5d8a03183c1b947640f6315545e4207b (patch) | |
| tree | 56e194b30470df6ab27fbd0d706a783896bd870d | |
| parent | 3a0d2a4a74e548c3ef19b19c72bf28a3da8796bf (diff) | |
Create an auth verb to raise privilege of session
Simply raise to a LOA of 1 the current session if asked
Need to add some checks to not allow anyone raise its session
must hold a specific permission urn:AGL:permission::platform:can:write
to be able to authenticate.
Change-Id: Id4e01ca20ba8437e97a64db682fdd3ebf45ce7b4
Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
| -rw-r--r-- | low-can-binding/binding/low-can-cb.cpp | 6 | ||||
| -rw-r--r-- | low-can-binding/binding/low-can-hat.cpp | 14 | ||||
| -rw-r--r-- | low-can-binding/binding/low-can-hat.hpp | 1 |
3 files changed, 19 insertions, 2 deletions
diff --git a/low-can-binding/binding/low-can-cb.cpp b/low-can-binding/binding/low-can-cb.cpp index e25d6ea..a7e4396 100644 --- a/low-can-binding/binding/low-can-cb.cpp +++ b/low-can-binding/binding/low-can-cb.cpp @@ -351,6 +351,12 @@ static void do_subscribe_unsubscribe(struct afb_req request, bool subscribe) afb_req_fail(request, "error", NULL); } +void auth(struct afb_req request) +{ + afb_req_session_set_LOA(request, 1); + afb_req_success(request, NULL, NULL); +} + void subscribe(struct afb_req request) { do_subscribe_unsubscribe(request, true); diff --git a/low-can-binding/binding/low-can-hat.cpp b/low-can-binding/binding/low-can-hat.cpp index dae3a4a..0fb7e8c 100644 --- a/low-can-binding/binding/low-can-hat.cpp +++ b/low-can-binding/binding/low-can-hat.cpp @@ -40,13 +40,23 @@ extern "C" return a; } - static const struct afb_auth loa_1 = { loa_afb_auth(1) }; + static constexpr struct afb_auth perm_afb_auth(const char* permission) + { + struct afb_auth a = {}; + a.type = afb_auth_Permission; + a.text = permission; + return a; + } + + static const struct afb_auth afb_auth_loa_1 = { loa_afb_auth(1) }; + static const struct afb_auth afb_auth_perm = { perm_afb_auth("urn:AGL:permission::platform:can:write") }; static const struct afb_verb_v2 verbs[]= { + { .verb= "auth", .callback= auth, .auth= &afb_auth_perm, .info="Authentification against service to get the required level of confidence", .session= AFB_SESSION_NONE}, { .verb= "subscribe", .callback= subscribe, .auth= NULL, .info="Let subscribe to signals", .session= AFB_SESSION_NONE}, { .verb= "unsubscribe", .callback= unsubscribe, .auth= NULL, .info="Let unsubscribe signals", .session= AFB_SESSION_NONE}, - { .verb= "swrite", .callback= swrite, .auth= &loa_1, .info="Write a single CAN message on a CAN bus", .session= AFB_SESSION_LOA_1}, + { .verb= "swrite", .callback= swrite, .auth= &afb_auth_loa_1, .info="Write a single CAN message on a CAN bus", .session= AFB_SESSION_LOA_1}, { .verb= NULL, .callback= NULL, .auth= NULL, .info=NULL, .session= 0} }; diff --git a/low-can-binding/binding/low-can-hat.hpp b/low-can-binding/binding/low-can-hat.hpp index 6ecad23..b0f29b5 100644 --- a/low-can-binding/binding/low-can-hat.hpp +++ b/low-can-binding/binding/low-can-hat.hpp @@ -36,6 +36,7 @@ void on_no_clients(std::shared_ptr<low_can_subscription_t> can_subscription, std void on_no_clients(std::shared_ptr<low_can_subscription_t> can_subscription, uint32_t pid, std::map<int, std::shared_ptr<low_can_subscription_t> >& s); int read_message(sd_event_source *s, int fd, uint32_t revents, void *userdata); +void auth(struct afb_req request); void subscribe(struct afb_req request); void unsubscribe(struct afb_req request); void swrite(struct afb_req request); |