diff options
-rw-r--r-- | include/afb/afb-auth.h | 40 | ||||
-rw-r--r-- | include/afb/afb-binding-v2.h | 2 | ||||
-rw-r--r-- | include/afb/afb-binding.h | 1 | ||||
-rw-r--r-- | src/CMakeLists.txt | 1 | ||||
-rw-r--r-- | src/afb-api-so-v2.c | 74 | ||||
-rw-r--r-- | src/monitor-api.inc | 4 | ||||
-rw-r--r-- | src/tests/CMakeLists.txt | 1 | ||||
-rw-r--r-- | src/tests/test-perm/CMakeLists.txt | 24 | ||||
-rw-r--r-- | src/tests/test-perm/test-perm.c | 169 |
9 files changed, 52 insertions, 264 deletions
diff --git a/include/afb/afb-auth.h b/include/afb/afb-auth.h new file mode 100644 index 00000000..fe29adec --- /dev/null +++ b/include/afb/afb-auth.h @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2016, 2017 "IoT.bzh" + * Author: José Bollo <jose.bollo@iot.bzh> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +/* + * Enum for Session/Token/Assurance middleware. + */ +enum afb_auth_type +{ + afb_auth_No = 0, + afb_auth_Permission, + afb_auth_Or, + afb_auth_And, + afb_auth_Yes +}; + +struct afb_auth_desc +{ + enum afb_auth_type type; + union { + const char *text; + struct afb_auth_desc *child[2]; + }; +}; + diff --git a/include/afb/afb-binding-v2.h b/include/afb/afb-binding-v2.h index 17adb02e..80e2385d 100644 --- a/include/afb/afb-binding-v2.h +++ b/include/afb/afb-binding-v2.h @@ -43,7 +43,7 @@ struct afb_verb_v2 { const char *verb; /* name of the verb */ void (*callback)(struct afb_req req); /* callback function implementing the verb */ - const char * permissions; /* required permissions */ + struct afb_auth *auth; /* required authorisation */ uint32_t session; /* authorisation and session requirements of the verb */ }; diff --git a/include/afb/afb-binding.h b/include/afb/afb-binding.h index cea1b552..6d92cb8c 100644 --- a/include/afb/afb-binding.h +++ b/include/afb/afb-binding.h @@ -50,6 +50,7 @@ */ #include "afb-session.h" +#include "afb-auth.h" #include "afb-event-itf.h" #include "afb-req-itf.h" #include "afb-service-itf.h" diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 089c4624..877f7aaf 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -77,7 +77,6 @@ ADD_LIBRARY(afb-lib STATIC afb-method.c afb-monitor.c afb-msg-json.c - afb-perm.c afb-session.c afb-stub-ws.c afb-subcall.c diff --git a/src/afb-api-so-v2.c b/src/afb-api-so-v2.c index cc832090..b5c6c64e 100644 --- a/src/afb-api-so-v2.c +++ b/src/afb-api-so-v2.c @@ -35,7 +35,6 @@ #include "afb-context.h" #include "afb-api-so.h" #include "afb-xreq.h" -#include "afb-perm.h" #include "verbose.h" /* @@ -44,14 +43,6 @@ static const char afb_api_so_v2_descriptor[] = "afbBindingV2"; static const char afb_api_so_v2_verbosity[] = "afbBindingV2verbosity"; -/** - * structure for memorizing verbs sorted with permissions - */ -struct verb_v2 { - const struct afb_verb_v2 *verb; - struct afb_perm *perm; -}; - /* * Description of a binding */ @@ -61,28 +52,16 @@ struct api_so_v2 { void *handle; /* context of dlopen */ struct afb_svc *service; /* handler for service started */ struct afb_ditf ditf; /* daemon interface */ - int count; - struct verb_v2 verbs[1]; }; -static const struct afb_verb_v2 *search(struct api_so_v2 *desc, const char *verb) +static const struct afb_verb_v2 *search(struct api_so_v2 *desc, const char *name) { - const struct afb_verb_v2 *v; - int i, l, u, c; - - l = 0; - u = desc->count; - while (l < u) { - i = (l + u) >> 1; - v = desc->verbs[i].verb; - c = strcasecmp(v->verb, verb); - if (c == 0) - return v; - if (c < 0) - l = i + 1; - else - u = i; - } + const struct afb_verb_v2 *verb; + + verb = desc->binding->verbs; + while (verb->verb && strcasecmp(verb->verb, name)) + verb++; + return verb->verb ? verb : NULL; return NULL; } @@ -176,21 +155,14 @@ int afb_api_so_v2_add_binding(const struct afb_binding_v2 *binding, void *handle int rc; struct api_so_v2 *desc; struct afb_api afb_api; - const struct afb_verb_v2 *bv; - int count, i, j; /* basic checks */ assert(binding->api); assert(binding->specification); assert(binding->verbs); - /* count the verbs */ - count = 0; - while (binding->verbs[count].verb) - count++; - /* allocates the description */ - desc = malloc(sizeof *desc + (count - 1) * sizeof desc->verbs); + desc = malloc(sizeof *desc); if (desc == NULL) { ERROR("out of memory"); goto error; @@ -200,32 +172,6 @@ int afb_api_so_v2_add_binding(const struct afb_binding_v2 *binding, void *handle desc->handle = handle; desc->service = NULL; memset(&desc->ditf, 0, sizeof desc->ditf); - desc->count = count; - - /* fill the verbs sorted */ - for (i = 0 ; i < count ; i++) { - desc->verbs[i].perm = NULL; - j = i; - bv = &binding->verbs[j]; - while (j && strcasecmp(bv->verb, desc->verbs[j-1].verb->verb) < 0) { - desc->verbs[j].verb = desc->verbs[j-1].verb; - j--; - } - desc->verbs[j].verb = bv; - } - - /* makes the permissions */ - for (i = 0 ; i < count ; i++) { - if (desc->verbs[i].verb->permissions) { - desc->verbs[i].perm = afb_perm_parse(desc->verbs[i].verb->permissions); - if (!desc->verbs[i].perm) { - ERROR("Bad permission specification for verb %s of api %s: %s", - desc->verbs[i].verb->verb, binding->api, - desc->verbs[i].verb->permissions); - goto error2; - } - } - } /* init the interface */ afb_ditf_init_v2(&desc->ditf, binding->api); @@ -251,10 +197,6 @@ int afb_api_so_v2_add_binding(const struct afb_binding_v2 *binding, void *handle return 1; error2: - count = desc->count; - while (count) - if (desc->verbs[--count].perm) - afb_perm_unref(desc->verbs[count].perm); free(desc); error: return -1; diff --git a/src/monitor-api.inc b/src/monitor-api.inc index 8c216753..4c6e2f82 100644 --- a/src/monitor-api.inc +++ b/src/monitor-api.inc @@ -36,13 +36,13 @@ static const struct afb_verb_v2 _afb_verbs_v2_[] = { { .verb = "get", .callback = f_get, - .permissions = "urn:AGL:permission::platform:monitor:get or urn:AGL:permission::platform:monitor:set", + .auth = NULL, .session = AFB_SESSION_LOA_GE_0, }, { .verb = "set", .callback = f_set, - .permissions = "urn:AGL:permission::platform:monitor:set", + .auth = NULL, .session = AFB_SESSION_LOA_GE_0, }, { .verb = NULL } diff --git a/src/tests/CMakeLists.txt b/src/tests/CMakeLists.txt index 4a1345ee..774f59ae 100644 --- a/src/tests/CMakeLists.txt +++ b/src/tests/CMakeLists.txt @@ -16,5 +16,4 @@ # limitations under the License. ########################################################################### -add_subdirectory(test-perm) diff --git a/src/tests/test-perm/CMakeLists.txt b/src/tests/test-perm/CMakeLists.txt deleted file mode 100644 index 4747d182..00000000 --- a/src/tests/test-perm/CMakeLists.txt +++ /dev/null @@ -1,24 +0,0 @@ -########################################################################### -# Copyright 2017 IoT.bzh -# -# author: José Bollo <jose.bollo@iot.bzh> -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -########################################################################### - -include_directories(../..) -add_executable(test-perm test-perm.c) -target_link_libraries(test-perm afb-lib) -add_test(NAME test-perm COMMAND test-perm) - - diff --git a/src/tests/test-perm/test-perm.c b/src/tests/test-perm/test-perm.c deleted file mode 100644 index c9b60473..00000000 --- a/src/tests/test-perm/test-perm.c +++ /dev/null @@ -1,169 +0,0 @@ -/* - * Copyright (C) 2017 "IoT.bzh" - * Author José Bollo <jose.bollo@iot.bzh> - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - -#include <stdio.h> -#include <stdarg.h> -#include <string.h> - -#include "afb-perm.h" - -char *exprs[] = { - "a", - "not a", - "a or b", - "a or b or c", - "a or b or c or d", - "a and b", - "a and b and c", - "a and b and c and d", - "a and b or c and d", - "a or b and c or d", - "(a or b) and (c or d)", - "not (a or b or c or d)", - "a and not (b or c or d)", - "b and not (a or c or d)", - "c and not (a or b or d)", - "d and not (a or b or c)", - NULL -}; - -int check(void *closure, const char *name) -{ - int x; - - x = *(int*)closure; - if (name[0] < 'a' || name[0] > 'd' || name[1]) - return 0; - return 1 & (x >> (name[0] - 'a')); -} - -int test(const char *expr) -{ - int x, r, m, c; - struct afb_perm *perm; - - r = 0; - m = 1; - perm = afb_perm_parse(expr); - if (!perm) - printf("error for %s\n", expr); - else { - printf("\nabcd %s\n", expr); - for (x = 0; x < 16 ; x++) { - c = afb_perm_check(perm, check, &x); - printf("%c%c%c%c %d\n", - '0'+!!(x&1), '0'+!!(x&2), '0'+!!(x&4), '0'+!!(x&8), - c); - if (c) - r |= m; - m <<= 1; - } - } - afb_perm_unref(perm); - return r; -} - -void add(char *buffer, const char *fmt, ...) -{ - char b[60]; - va_list vl; - - va_start(vl, fmt); - vsprintf(b, fmt, vl); - va_end(vl); - strcat(buffer, b); -} - -void mke(int value, int bits, char *buffer) -{ - int nval = 1 << bits; - int sval = 1 << (bits - 1); - int mask = (1 << nval) - 1; - int smask = (1 << sval) - 1; - int val = value & mask; - int val0 = val & smask; - int val1 = (val >> sval) & smask; - char c = (char)('a' + bits - 1); - - if (bits == 1) { - switch(val) { - case 0: add(buffer, "x"); break; - case 1: add(buffer, "not %c", c); break; - case 2: add(buffer, "%c", c); break; - case 3: add(buffer, "(%c or not %c) ", c, c); break; - } - } else if (val0 != val1) { - if (val0 && val1) - add(buffer, "("); - if (val0) { - add(buffer, "not %c", c); - if (val0 != smask) { - add(buffer, " and "); - mke(val0, bits - 1, buffer); - } - } - if (val0 && val1) - add(buffer, " or "); - if (val1) { - add(buffer, "%c", c); - if (val1 != smask) { - add(buffer, " and "); - mke(val1, bits - 1, buffer); - } - } - if (val0 && val1) - add(buffer, ")"); - } else { - mke(val0, bits - 1, buffer); - } -} - -void makeexpr(int value, char *buffer) -{ - if (!value) - strcpy(buffer, "x"); - else { - buffer[0] = 0; - mke(value, 4, buffer); - } -} - -int fulltest() -{ - char buffer[4096]; - int i, j, r; - - r = 0; - for (i = 0 ; i < 65536 ; i++) { - makeexpr(i, buffer); - j = test(buffer); - printf("[[[ %d %s %d ]]] %d %s\n", i, i==j?"==":"!=", j, (int)strlen(buffer), buffer); - if (i != j) - r = 1; - } - return r; -} - -int main() -{ - int i = 0; - while(exprs[i]) - test(exprs[i++]); - return fulltest(); -} - |