aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/afb/afb-auth.h40
-rw-r--r--include/afb/afb-binding-v2.h2
-rw-r--r--include/afb/afb-binding.h1
-rw-r--r--src/CMakeLists.txt1
-rw-r--r--src/afb-api-so-v2.c74
-rw-r--r--src/monitor-api.inc4
-rw-r--r--src/tests/CMakeLists.txt1
-rw-r--r--src/tests/test-perm/CMakeLists.txt24
-rw-r--r--src/tests/test-perm/test-perm.c169
9 files changed, 52 insertions, 264 deletions
diff --git a/include/afb/afb-auth.h b/include/afb/afb-auth.h
new file mode 100644
index 00000000..fe29adec
--- /dev/null
+++ b/include/afb/afb-auth.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2016, 2017 "IoT.bzh"
+ * Author: José Bollo <jose.bollo@iot.bzh>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+/*
+ * Enum for Session/Token/Assurance middleware.
+ */
+enum afb_auth_type
+{
+ afb_auth_No = 0,
+ afb_auth_Permission,
+ afb_auth_Or,
+ afb_auth_And,
+ afb_auth_Yes
+};
+
+struct afb_auth_desc
+{
+ enum afb_auth_type type;
+ union {
+ const char *text;
+ struct afb_auth_desc *child[2];
+ };
+};
+
diff --git a/include/afb/afb-binding-v2.h b/include/afb/afb-binding-v2.h
index 17adb02e..80e2385d 100644
--- a/include/afb/afb-binding-v2.h
+++ b/include/afb/afb-binding-v2.h
@@ -43,7 +43,7 @@ struct afb_verb_v2
{
const char *verb; /* name of the verb */
void (*callback)(struct afb_req req); /* callback function implementing the verb */
- const char * permissions; /* required permissions */
+ struct afb_auth *auth; /* required authorisation */
uint32_t session; /* authorisation and session requirements of the verb */
};
diff --git a/include/afb/afb-binding.h b/include/afb/afb-binding.h
index cea1b552..6d92cb8c 100644
--- a/include/afb/afb-binding.h
+++ b/include/afb/afb-binding.h
@@ -50,6 +50,7 @@
*/
#include "afb-session.h"
+#include "afb-auth.h"
#include "afb-event-itf.h"
#include "afb-req-itf.h"
#include "afb-service-itf.h"
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 089c4624..877f7aaf 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -77,7 +77,6 @@ ADD_LIBRARY(afb-lib STATIC
afb-method.c
afb-monitor.c
afb-msg-json.c
- afb-perm.c
afb-session.c
afb-stub-ws.c
afb-subcall.c
diff --git a/src/afb-api-so-v2.c b/src/afb-api-so-v2.c
index cc832090..b5c6c64e 100644
--- a/src/afb-api-so-v2.c
+++ b/src/afb-api-so-v2.c
@@ -35,7 +35,6 @@
#include "afb-context.h"
#include "afb-api-so.h"
#include "afb-xreq.h"
-#include "afb-perm.h"
#include "verbose.h"
/*
@@ -44,14 +43,6 @@
static const char afb_api_so_v2_descriptor[] = "afbBindingV2";
static const char afb_api_so_v2_verbosity[] = "afbBindingV2verbosity";
-/**
- * structure for memorizing verbs sorted with permissions
- */
-struct verb_v2 {
- const struct afb_verb_v2 *verb;
- struct afb_perm *perm;
-};
-
/*
* Description of a binding
*/
@@ -61,28 +52,16 @@ struct api_so_v2 {
void *handle; /* context of dlopen */
struct afb_svc *service; /* handler for service started */
struct afb_ditf ditf; /* daemon interface */
- int count;
- struct verb_v2 verbs[1];
};
-static const struct afb_verb_v2 *search(struct api_so_v2 *desc, const char *verb)
+static const struct afb_verb_v2 *search(struct api_so_v2 *desc, const char *name)
{
- const struct afb_verb_v2 *v;
- int i, l, u, c;
-
- l = 0;
- u = desc->count;
- while (l < u) {
- i = (l + u) >> 1;
- v = desc->verbs[i].verb;
- c = strcasecmp(v->verb, verb);
- if (c == 0)
- return v;
- if (c < 0)
- l = i + 1;
- else
- u = i;
- }
+ const struct afb_verb_v2 *verb;
+
+ verb = desc->binding->verbs;
+ while (verb->verb && strcasecmp(verb->verb, name))
+ verb++;
+ return verb->verb ? verb : NULL;
return NULL;
}
@@ -176,21 +155,14 @@ int afb_api_so_v2_add_binding(const struct afb_binding_v2 *binding, void *handle
int rc;
struct api_so_v2 *desc;
struct afb_api afb_api;
- const struct afb_verb_v2 *bv;
- int count, i, j;
/* basic checks */
assert(binding->api);
assert(binding->specification);
assert(binding->verbs);
- /* count the verbs */
- count = 0;
- while (binding->verbs[count].verb)
- count++;
-
/* allocates the description */
- desc = malloc(sizeof *desc + (count - 1) * sizeof desc->verbs);
+ desc = malloc(sizeof *desc);
if (desc == NULL) {
ERROR("out of memory");
goto error;
@@ -200,32 +172,6 @@ int afb_api_so_v2_add_binding(const struct afb_binding_v2 *binding, void *handle
desc->handle = handle;
desc->service = NULL;
memset(&desc->ditf, 0, sizeof desc->ditf);
- desc->count = count;
-
- /* fill the verbs sorted */
- for (i = 0 ; i < count ; i++) {
- desc->verbs[i].perm = NULL;
- j = i;
- bv = &binding->verbs[j];
- while (j && strcasecmp(bv->verb, desc->verbs[j-1].verb->verb) < 0) {
- desc->verbs[j].verb = desc->verbs[j-1].verb;
- j--;
- }
- desc->verbs[j].verb = bv;
- }
-
- /* makes the permissions */
- for (i = 0 ; i < count ; i++) {
- if (desc->verbs[i].verb->permissions) {
- desc->verbs[i].perm = afb_perm_parse(desc->verbs[i].verb->permissions);
- if (!desc->verbs[i].perm) {
- ERROR("Bad permission specification for verb %s of api %s: %s",
- desc->verbs[i].verb->verb, binding->api,
- desc->verbs[i].verb->permissions);
- goto error2;
- }
- }
- }
/* init the interface */
afb_ditf_init_v2(&desc->ditf, binding->api);
@@ -251,10 +197,6 @@ int afb_api_so_v2_add_binding(const struct afb_binding_v2 *binding, void *handle
return 1;
error2:
- count = desc->count;
- while (count)
- if (desc->verbs[--count].perm)
- afb_perm_unref(desc->verbs[count].perm);
free(desc);
error:
return -1;
diff --git a/src/monitor-api.inc b/src/monitor-api.inc
index 8c216753..4c6e2f82 100644
--- a/src/monitor-api.inc
+++ b/src/monitor-api.inc
@@ -36,13 +36,13 @@ static const struct afb_verb_v2 _afb_verbs_v2_[] = {
{
.verb = "get",
.callback = f_get,
- .permissions = "urn:AGL:permission::platform:monitor:get or urn:AGL:permission::platform:monitor:set",
+ .auth = NULL,
.session = AFB_SESSION_LOA_GE_0,
},
{
.verb = "set",
.callback = f_set,
- .permissions = "urn:AGL:permission::platform:monitor:set",
+ .auth = NULL,
.session = AFB_SESSION_LOA_GE_0,
},
{ .verb = NULL }
diff --git a/src/tests/CMakeLists.txt b/src/tests/CMakeLists.txt
index 4a1345ee..774f59ae 100644
--- a/src/tests/CMakeLists.txt
+++ b/src/tests/CMakeLists.txt
@@ -16,5 +16,4 @@
# limitations under the License.
###########################################################################
-add_subdirectory(test-perm)
diff --git a/src/tests/test-perm/CMakeLists.txt b/src/tests/test-perm/CMakeLists.txt
deleted file mode 100644
index 4747d182..00000000
--- a/src/tests/test-perm/CMakeLists.txt
+++ /dev/null
@@ -1,24 +0,0 @@
-###########################################################################
-# Copyright 2017 IoT.bzh
-#
-# author: José Bollo <jose.bollo@iot.bzh>
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-###########################################################################
-
-include_directories(../..)
-add_executable(test-perm test-perm.c)
-target_link_libraries(test-perm afb-lib)
-add_test(NAME test-perm COMMAND test-perm)
-
-
diff --git a/src/tests/test-perm/test-perm.c b/src/tests/test-perm/test-perm.c
deleted file mode 100644
index c9b60473..00000000
--- a/src/tests/test-perm/test-perm.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/*
- * Copyright (C) 2017 "IoT.bzh"
- * Author José Bollo <jose.bollo@iot.bzh>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-
-#include <stdio.h>
-#include <stdarg.h>
-#include <string.h>
-
-#include "afb-perm.h"
-
-char *exprs[] = {
- "a",
- "not a",
- "a or b",
- "a or b or c",
- "a or b or c or d",
- "a and b",
- "a and b and c",
- "a and b and c and d",
- "a and b or c and d",
- "a or b and c or d",
- "(a or b) and (c or d)",
- "not (a or b or c or d)",
- "a and not (b or c or d)",
- "b and not (a or c or d)",
- "c and not (a or b or d)",
- "d and not (a or b or c)",
- NULL
-};
-
-int check(void *closure, const char *name)
-{
- int x;
-
- x = *(int*)closure;
- if (name[0] < 'a' || name[0] > 'd' || name[1])
- return 0;
- return 1 & (x >> (name[0] - 'a'));
-}
-
-int test(const char *expr)
-{
- int x, r, m, c;
- struct afb_perm *perm;
-
- r = 0;
- m = 1;
- perm = afb_perm_parse(expr);
- if (!perm)
- printf("error for %s\n", expr);
- else {
- printf("\nabcd %s\n", expr);
- for (x = 0; x < 16 ; x++) {
- c = afb_perm_check(perm, check, &x);
- printf("%c%c%c%c %d\n",
- '0'+!!(x&1), '0'+!!(x&2), '0'+!!(x&4), '0'+!!(x&8),
- c);
- if (c)
- r |= m;
- m <<= 1;
- }
- }
- afb_perm_unref(perm);
- return r;
-}
-
-void add(char *buffer, const char *fmt, ...)
-{
- char b[60];
- va_list vl;
-
- va_start(vl, fmt);
- vsprintf(b, fmt, vl);
- va_end(vl);
- strcat(buffer, b);
-}
-
-void mke(int value, int bits, char *buffer)
-{
- int nval = 1 << bits;
- int sval = 1 << (bits - 1);
- int mask = (1 << nval) - 1;
- int smask = (1 << sval) - 1;
- int val = value & mask;
- int val0 = val & smask;
- int val1 = (val >> sval) & smask;
- char c = (char)('a' + bits - 1);
-
- if (bits == 1) {
- switch(val) {
- case 0: add(buffer, "x"); break;
- case 1: add(buffer, "not %c", c); break;
- case 2: add(buffer, "%c", c); break;
- case 3: add(buffer, "(%c or not %c) ", c, c); break;
- }
- } else if (val0 != val1) {
- if (val0 && val1)
- add(buffer, "(");
- if (val0) {
- add(buffer, "not %c", c);
- if (val0 != smask) {
- add(buffer, " and ");
- mke(val0, bits - 1, buffer);
- }
- }
- if (val0 && val1)
- add(buffer, " or ");
- if (val1) {
- add(buffer, "%c", c);
- if (val1 != smask) {
- add(buffer, " and ");
- mke(val1, bits - 1, buffer);
- }
- }
- if (val0 && val1)
- add(buffer, ")");
- } else {
- mke(val0, bits - 1, buffer);
- }
-}
-
-void makeexpr(int value, char *buffer)
-{
- if (!value)
- strcpy(buffer, "x");
- else {
- buffer[0] = 0;
- mke(value, 4, buffer);
- }
-}
-
-int fulltest()
-{
- char buffer[4096];
- int i, j, r;
-
- r = 0;
- for (i = 0 ; i < 65536 ; i++) {
- makeexpr(i, buffer);
- j = test(buffer);
- printf("[[[ %d %s %d ]]] %d %s\n", i, i==j?"==":"!=", j, (int)strlen(buffer), buffer);
- if (i != j)
- r = 1;
- }
- return r;
-}
-
-int main()
-{
- int i = 0;
- while(exprs[i])
- test(exprs[i++]);
- return fulltest();
-}
-