aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/CMakeLists.txt1
-rw-r--r--src/afb-calls.c15
-rw-r--r--src/afb-error-text.c31
-rw-r--r--src/afb-error-text.h30
-rw-r--r--src/afb-export.c3
-rw-r--r--src/afb-hreq.c23
-rw-r--r--src/afb-monitor.c3
-rw-r--r--src/afb-stub-ws.c7
-rw-r--r--src/afb-supervision.c9
-rw-r--r--src/afb-xreq.c82
-rw-r--r--src/afb-xreq.h8
11 files changed, 149 insertions, 63 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index abfd13e8..d290327c 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -88,6 +88,7 @@ SET(AFB_LIB_SOURCES
afb-context.c
afb-cred.c
afb-debug.c
+ afb-error-text.c
afb-evt.c
afb-export.c
afb-fdev.c
diff --git a/src/afb-calls.c b/src/afb-calls.c
index 084250b3..958b9a87 100644
--- a/src/afb-calls.c
+++ b/src/afb-calls.c
@@ -34,6 +34,7 @@
#include "afb-msg-json.h"
#include "afb-session.h"
#include "afb-xreq.h"
+#include "afb-error-text.h"
#include "jobs.h"
#include "verbose.h"
@@ -110,10 +111,6 @@ struct callreq
/******************************************************************************/
-static const char _internal_error_[] = "internal-error";
-
-/******************************************************************************/
-
static int store_reply(
struct json_object *iobject, const char *ierror, const char *iinfo,
struct json_object **sobject, char **serror, char **sinfo)
@@ -160,7 +157,7 @@ static void sync_enter(int signum, void *closure, struct jobloop *jobloop)
callreq->jobloop = jobloop;
afb_export_process_xreq(callreq->export, &callreq->xreq);
} else {
- afb_xreq_reply(&callreq->xreq, NULL, _internal_error_, NULL);
+ afb_xreq_reply(&callreq->xreq, NULL, afb_error_text_internal_error, NULL);
}
}
@@ -350,7 +347,7 @@ static int do_sync(
afb_xreq_unhooked_unref(&callreq->xreq);
interr:
- return store_reply(NULL, _internal_error_, NULL, object, error, info);
+ return store_reply(NULL, afb_error_text_internal_error, NULL, object, error, info);
}
/******************************************************************************/
@@ -372,7 +369,7 @@ static void do_async(
callreq = callreq_create(export, caller, api, verb, args, flags, mode);
if (!callreq)
- final(closure, NULL, _internal_error_, NULL, (union callback){ .any = callback }, export, caller);
+ final(closure, NULL, afb_error_text_internal_error, NULL, (union callback){ .any = callback }, export, caller);
else {
callreq->callback.any = callback;
callreq->closure = closure;
@@ -559,7 +556,7 @@ static int do_legacy_sync(
afb_xreq_unhooked_unref(&callreq->xreq);
interr:
if (object)
- *object = afb_msg_json_reply(NULL, _internal_error_, NULL, NULL);
+ *object = afb_msg_json_reply(NULL, afb_error_text_internal_error, NULL, NULL);
return -1;
}
@@ -583,7 +580,7 @@ static void do_legacy_async(
callreq = callreq_create(export, caller, api, verb, args, flags, mode);
if (!callreq) {
- ie = afb_msg_json_reply(NULL, _internal_error_, NULL, NULL);
+ ie = afb_msg_json_reply(NULL, afb_error_text_internal_error, NULL, NULL);
final(closure, -1, ie, (union callback){ .any = callback }, export, caller);
json_object_put(ie);
} else {
diff --git a/src/afb-error-text.c b/src/afb-error-text.c
new file mode 100644
index 00000000..1371afbf
--- /dev/null
+++ b/src/afb-error-text.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2015-2019 "IoT.bzh"
+ * Author José Bollo <jose.bollo@iot.bzh>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "afb-error-text.h"
+
+const char afb_error_text_aborted[] = "aborted";
+const char afb_error_text_disconnected[] = "disconnected";
+const char afb_error_text_invalid_request[] = "invalid-request";
+const char afb_error_text_not_available[] = "not-available";
+const char afb_error_text_not_replied[] = "not-replied";
+const char afb_error_text_unknown_api[] = "unknown-api";
+const char afb_error_text_unknown_session[] = "unknown-session";
+const char afb_error_text_unknown_verb[] = "unknown-verb";
+const char afb_error_text_insufficient_scope[] = "insufficient-scope";
+const char afb_error_text_internal_error[] = "internal-error";
+const char afb_error_text_invalid_token[] = "invalid-token";
+
diff --git a/src/afb-error-text.h b/src/afb-error-text.h
new file mode 100644
index 00000000..2119b3cc
--- /dev/null
+++ b/src/afb-error-text.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2015-2019 "IoT.bzh"
+ * Author José Bollo <jose.bollo@iot.bzh>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+extern const char afb_error_text_aborted[];
+extern const char afb_error_text_disconnected[];
+extern const char afb_error_text_invalid_request[];
+extern const char afb_error_text_not_available[];
+extern const char afb_error_text_not_replied[];
+extern const char afb_error_text_unknown_api[];
+extern const char afb_error_text_unknown_session[];
+extern const char afb_error_text_unknown_verb[];
+extern const char afb_error_text_insufficient_scope[];
+extern const char afb_error_text_internal_error[];
+extern const char afb_error_text_invalid_token[];
diff --git a/src/afb-export.c b/src/afb-export.c
index f96f8f81..0e06dae1 100644
--- a/src/afb-export.c
+++ b/src/afb-export.c
@@ -49,6 +49,7 @@
#include "afb-session.h"
#include "afb-xreq.h"
#include "afb-calls.h"
+#include "afb-error-text.h"
#include "systemd.h"
#include "jobs.h"
@@ -1818,7 +1819,7 @@ static void api_call_cb(void *closure, struct afb_xreq *xreq)
afb_api_v3_process_call(export->desc.v3, xreq);
break;
default:
- afb_xreq_reply(xreq, NULL, "bad-api-type", NULL);
+ afb_xreq_reply(xreq, NULL, afb_error_text_internal_error, NULL);
break;
}
}
diff --git a/src/afb-hreq.c b/src/afb-hreq.c
index 4d5f659c..6be2ee5c 100644
--- a/src/afb-hreq.c
+++ b/src/afb-hreq.c
@@ -44,6 +44,7 @@
#include "afb-session.h"
#include "afb-cred.h"
#include "afb-token.h"
+#include "afb-error-text.h"
#include "verbose.h"
#include "locale-root.h"
@@ -921,9 +922,13 @@ static struct json_object *req_json(struct afb_xreq *xreq)
return obj;
}
+static inline const char *get_json_string(json_object *obj)
+{
+ return json_object_to_json_string_ext(obj, JSON_C_TO_STRING_PLAIN|JSON_C_TO_STRING_NOSLASHESCAPE);
+}
static ssize_t send_json_cb(json_object *obj, uint64_t pos, char *buf, size_t max)
{
- ssize_t len = stpncpy(buf, json_object_to_json_string_ext(obj, JSON_C_TO_STRING_PLAIN|JSON_C_TO_STRING_NOSLASHESCAPE)+pos, max) - buf;
+ ssize_t len = stpncpy(buf, get_json_string(obj)+pos, max) - buf;
return len ? : (ssize_t)MHD_CONTENT_READER_END_OF_STREAM;
}
@@ -944,8 +949,20 @@ static void req_reply(struct afb_xreq *xreq, struct json_object *object, const c
if (reqid != NULL && json_object_object_get_ex(reply, "request", &sub))
json_object_object_add(sub, "reqid", json_object_new_string(reqid));
- response = MHD_create_response_from_callback((uint64_t)strlen(json_object_to_json_string_ext(reply, JSON_C_TO_STRING_PLAIN|JSON_C_TO_STRING_NOSLASHESCAPE)), SIZE_RESPONSE_BUFFER, (void*)send_json_cb, reply, (void*)json_object_put);
- afb_hreq_reply(hreq, MHD_HTTP_OK, response, NULL);
+ response = MHD_create_response_from_callback(
+ (uint64_t)strlen(get_json_string(reply)),
+ SIZE_RESPONSE_BUFFER,
+ (void*)send_json_cb,
+ reply,
+ (void*)json_object_put);
+
+ /* handle authorisation feedback */
+ if (error == afb_error_text_invalid_token)
+ afb_hreq_reply(hreq, MHD_HTTP_UNAUTHORIZED, response, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "error=\"invalid_token\"", NULL);
+ else if (error == afb_error_text_insufficient_scope)
+ afb_hreq_reply(hreq, MHD_HTTP_FORBIDDEN, response, MHD_HTTP_HEADER_WWW_AUTHENTICATE, "error=\"insufficient_scope\"", NULL);
+ else
+ afb_hreq_reply(hreq, MHD_HTTP_OK, response, NULL);
}
void afb_hreq_call(struct afb_hreq *hreq, struct afb_apiset *apiset, const char *api, size_t lenapi, const char *verb, size_t lenverb)
diff --git a/src/afb-monitor.c b/src/afb-monitor.c
index a53f75a3..7f80fbf3 100644
--- a/src/afb-monitor.c
+++ b/src/afb-monitor.c
@@ -31,6 +31,7 @@
#include "afb-xreq.h"
#include "afb-trace.h"
#include "afb-session.h"
+#include "afb-error-text.h"
#include "verbose.h"
#include "wrap-json.h"
@@ -449,7 +450,7 @@ end:
#else
static void f_trace(afb_req_t req)
{
- afb_req_reply(req, NULL, "not-available", NULL);
+ afb_req_reply(req, NULL, afb_error_text_not_available, NULL);
}
#endif
diff --git a/src/afb-stub-ws.c b/src/afb-stub-ws.c
index d538fc65..487873df 100644
--- a/src/afb-stub-ws.c
+++ b/src/afb-stub-ws.c
@@ -44,6 +44,7 @@
#include "afb-evt.h"
#include "afb-xreq.h"
#include "afb-token.h"
+#include "afb-error-text.h"
#include "verbose.h"
#include "fdev.h"
#include "jobs.h"
@@ -262,7 +263,7 @@ static void client_api_call_cb(void * closure, struct afb_xreq *xreq)
proto = client_get_proto(stubws);
if (proto == NULL) {
- afb_xreq_reply(xreq, NULL, "disconnected", "server hung up");
+ afb_xreq_reply(xreq, NULL, afb_error_text_disconnected, NULL);
return;
}
@@ -279,7 +280,7 @@ static void client_api_call_cb(void * closure, struct afb_xreq *xreq)
xreq_on_behalf_cred_export(xreq));
}
if (rc < 0) {
- afb_xreq_reply(xreq, NULL, "internal", "can't send message");
+ afb_xreq_reply(xreq, NULL, afb_error_text_internal_error, "can't send message");
afb_xreq_unhooked_unref(xreq);
}
}
@@ -539,7 +540,7 @@ out_of_memory:
no_session:
json_object_put(args);
afb_stub_ws_unref(stubws);
- afb_proto_ws_call_reply(call, NULL, "internal-error", NULL);
+ afb_proto_ws_call_reply(call, NULL, afb_error_text_internal_error, NULL);
afb_proto_ws_call_unref(call);
}
diff --git a/src/afb-supervision.c b/src/afb-supervision.c
index df045806..0515234f 100644
--- a/src/afb-supervision.c
+++ b/src/afb-supervision.c
@@ -47,6 +47,7 @@
#include "afb-stub-ws.h"
#include "afb-debug.h"
#include "afb-fdev.h"
+#include "afb-error-text.h"
#include "verbose.h"
#include "wrap-json.h"
#include "jobs.h"
@@ -340,11 +341,11 @@ static void on_supervision_call(void *closure, struct afb_xreq *xreq)
if (wrap_json_unpack(args, "s", &uuid))
wrap_json_unpack(args, "{ss}", "uuid", &uuid);
if (!uuid)
- afb_xreq_reply(xreq, NULL, "invalid", NULL);
+ afb_xreq_reply(xreq, NULL, afb_error_text_invalid_request, NULL);
else {
session = afb_session_search(uuid);
if (!session)
- afb_xreq_reply(xreq, NULL, "not-found", NULL);
+ afb_xreq_reply(xreq, NULL, afb_error_text_unknown_session, NULL);
else {
afb_session_close(session);
afb_session_unref(session);
@@ -381,13 +382,13 @@ static void on_supervision_call(void *closure, struct afb_xreq *xreq)
}
afb_req_success(req, NULL, NULL);
#else
- afb_req_reply(req, NULL, "not-available", NULL);
+ afb_req_reply(req, NULL, afb_error_text_not_available, NULL);
#endif
break;
case Do:
sub = NULL;
if (wrap_json_unpack(args, "{ss ss s?o*}", "api", &api, "verb", &verb, "args", &sub))
- afb_xreq_reply(xreq, NULL, "error", "bad request");
+ afb_xreq_reply(xreq, NULL, afb_error_text_invalid_request, NULL);
else {
xapi = afb_apiset_lookup_started(global.apiset, api, 1);
if (!xapi)
diff --git a/src/afb-xreq.c b/src/afb-xreq.c
index 7621b801..a9703b7a 100644
--- a/src/afb-xreq.c
+++ b/src/afb-xreq.c
@@ -43,6 +43,7 @@
#include "afb-hook.h"
#include "afb-msg-json.h"
#include "afb-xreq.h"
+#include "afb-error-text.h"
#include "jobs.h"
#include "verbose.h"
@@ -52,7 +53,7 @@
static void xreq_finalize(struct afb_xreq *xreq)
{
if (!xreq->replied)
- afb_xreq_reply(xreq, NULL, "error", "no reply");
+ afb_xreq_reply(xreq, NULL, afb_error_text_not_replied, NULL);
#if WITH_AFB_HOOK
if (xreq->hookflags)
afb_hook_xreq_end(xreq);
@@ -728,6 +729,34 @@ int afb_xreq_legacy_subcall_sync(struct afb_xreq *xreq, const char *api, const c
return afb_req_x2_subcall_sync_legacy(xreq_to_req_x2(xreq), api, verb, args, result);
}
+int afb_xreq_reply_unknown_api(struct afb_xreq *xreq)
+{
+ afb_xreq_reply_f(xreq, NULL, afb_error_text_unknown_api, "api %s not found (for verb %s)", xreq->request.called_api, xreq->request.called_verb);
+ errno = EINVAL;
+ return -1;
+}
+
+int afb_xreq_reply_unknown_verb(struct afb_xreq *xreq)
+{
+ afb_xreq_reply_f(xreq, NULL, afb_error_text_unknown_verb, "verb %s unknown within api %s", xreq->request.called_verb, xreq->request.called_api);
+ errno = EINVAL;
+ return -1;
+}
+
+int afb_xreq_reply_invalid_token(struct afb_xreq *xreq)
+{
+ afb_xreq_reply(xreq, NULL, afb_error_text_invalid_token, "invalid token"); /* TODO: or "no token" */
+ errno = EINVAL;
+ return -1;
+}
+
+int afb_xreq_reply_insufficient_scope(struct afb_xreq *xreq, const char *scope)
+{
+ afb_xreq_reply(xreq, NULL, afb_error_text_insufficient_scope, scope ?: "insufficient scope");
+ errno = EPERM;
+ return -1;
+}
+
#if WITH_LEGACY_BINDING_V1
static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags)
{
@@ -736,28 +765,20 @@ static int xreq_session_check_apply_v1(struct afb_xreq *xreq, int sessionflags)
if ((sessionflags & (AFB_SESSION_CLOSE_X1|AFB_SESSION_RENEW_X1|AFB_SESSION_CHECK_X1|AFB_SESSION_LOA_EQ_X1)) != 0) {
if (!afb_context_check(&xreq->context)) {
afb_context_close(&xreq->context);
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid token's identity");
- errno = EINVAL;
- return -1;
+ return afb_xreq_reply_invalid_token(xreq);
}
}
if ((sessionflags & AFB_SESSION_LOA_GE_X1) != 0) {
loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
- if (!afb_context_check_loa(&xreq->context, loa)) {
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid LOA");
- errno = EPERM;
- return -1;
- }
+ if (!afb_context_check_loa(&xreq->context, loa))
+ return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
}
if ((sessionflags & AFB_SESSION_LOA_LE_X1) != 0) {
loa = (sessionflags >> AFB_SESSION_LOA_SHIFT_X1) & AFB_SESSION_LOA_MASK_X1;
- if (afb_context_check_loa(&xreq->context, loa + 1)) {
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid LOA");
- errno = EPERM;
- return -1;
- }
+ if (afb_context_check_loa(&xreq->context, loa + 1))
+ return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
}
if ((sessionflags & AFB_SESSION_CLOSE_X1) != 0) {
@@ -776,28 +797,19 @@ static int xreq_session_check_apply_v2(struct afb_xreq *xreq, uint32_t sessionfl
if (sessionflags != 0) {
if (!afb_context_check(&xreq->context)) {
afb_context_close(&xreq->context);
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid token's identity");
- errno = EINVAL;
- return -1;
+ return afb_xreq_reply_invalid_token(xreq);
}
}
loa = (int)(sessionflags & AFB_SESSION_LOA_MASK_X2);
- if (loa && !afb_context_check_loa(&xreq->context, loa)) {
- afb_xreq_reply_f(xreq, NULL, "denied", "invalid LOA");
- errno = EPERM;
- return -1;
- }
+ if (loa && !afb_context_check_loa(&xreq->context, loa))
+ return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA");
- if (auth && !afb_auth_check(xreq, auth)) {
- afb_xreq_reply_f(xreq, NULL, "denied", "authorisation refused");
- errno = EPERM;
- return -1;
- }
+ if (auth && !afb_auth_check(xreq, auth))
+ return afb_xreq_reply_insufficient_scope(xreq, NULL /* TODO */);
- if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0) {
+ if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0)
afb_context_close(&xreq->context);
- }
return 0;
}
@@ -841,16 +853,6 @@ void afb_xreq_init(struct afb_xreq *xreq, const struct afb_xreq_query_itf *query
xreq->queryitf = queryitf;
}
-void afb_xreq_reply_unknown_api(struct afb_xreq *xreq)
-{
- afb_xreq_reply_f(xreq, NULL, "unknown-api", "api %s not found (for verb %s)", xreq->request.called_api, xreq->request.called_verb);
-}
-
-void afb_xreq_reply_unknown_verb(struct afb_xreq *xreq)
-{
- afb_xreq_reply_f(xreq, NULL, "unknown-verb", "verb %s unknown within api %s", xreq->request.called_verb, xreq->request.called_api);
-}
-
#if WITH_AFB_HOOK
static void init_hooking(struct afb_xreq *xreq)
{
@@ -872,7 +874,7 @@ static void process_async(int signum, void *arg)
if (signum != 0) {
/* emit the error (assumes that hooking is initialised) */
- afb_xreq_reply_f(xreq, NULL, "aborted", "signal %s(%d) caught", strsignal(signum), signum);
+ afb_xreq_reply_f(xreq, NULL, afb_error_text_aborted, "signal %s(%d) caught", strsignal(signum), signum);
} else {
#if WITH_AFB_HOOK
/* init hooking */
diff --git a/src/afb-xreq.h b/src/afb-xreq.h
index 5b01457a..03aeef4c 100644
--- a/src/afb-xreq.h
+++ b/src/afb-xreq.h
@@ -96,8 +96,12 @@ extern struct json_object *afb_xreq_json(struct afb_xreq *xreq);
extern void afb_xreq_reply(struct afb_xreq *xreq, struct json_object *obj, const char *error, const char *info);
extern void afb_xreq_reply_f(struct afb_xreq *xreq, struct json_object *obj, const char *error, const char *info, ...);
-extern void afb_xreq_reply_unknown_api(struct afb_xreq *xreq);
-extern void afb_xreq_reply_unknown_verb(struct afb_xreq *xreq);
+extern int afb_xreq_reply_unknown_api(struct afb_xreq *xreq);
+extern int afb_xreq_reply_unknown_verb(struct afb_xreq *xreq);
+
+extern int afb_xreq_reply_invalid_token(struct afb_xreq *xreq);
+extern int afb_xreq_reply_insufficient_scope(struct afb_xreq *xreq, const char *scope);
+
extern const char *afb_xreq_raw(struct afb_xreq *xreq, size_t *size);