From b6d0ebc501d2ebfa548d817d3a2107f81f3bf045 Mon Sep 17 00:00:00 2001 From: Manasij Sur Roy Date: Wed, 24 Aug 2016 09:16:19 +0530 Subject: [PATCH] Added fido.client privilege Change-Id: I15ea3e609b420ae8b5cf6e593f02ed299ee785e5 Signed-off-by: Manasij Sur Roy --- client/fido_uaf_client.c | 5 + include/fido_uaf_authenticator.h | 136 +++++++++-------- include/fido_uaf_client.h | 99 +++++++----- packaging/fido-client.spec | 3 + server/CMakeLists.txt | 3 + server/fido_privilege_checker.c | 175 ++++++++++++++++++++++ server/fido_privilege_checker.h | 2 +- test/3_0_Sample_App/FIDOSample/tizen-manifest.xml | 9 +- 8 files changed, 326 insertions(+), 106 deletions(-) diff --git a/client/fido_uaf_client.c b/client/fido_uaf_client.c index ce9cef0..6081e8d 100755 --- a/client/fido_uaf_client.c +++ b/client/fido_uaf_client.c @@ -157,6 +157,11 @@ fido_foreach_authenticator(fido_authenticator_cb callback, void *user_data) return FIDO_ERROR_PERMISSION_DENIED; } + if (tz_err != FIDO_ERROR_NONE) { + _ERR("Error = [%d]", tz_err); + return tz_err; + } + if (discovery_data_json == NULL || discovery_data_json_list_len <= 0) { _ERR("No Authenticators found"); return FIDO_ERROR_NOT_SUPPORTED; diff --git a/include/fido_uaf_authenticator.h b/include/fido_uaf_authenticator.h index d8b3dbb..02a35af 100755 --- a/include/fido_uaf_authenticator.h +++ b/include/fido_uaf_authenticator.h @@ -15,10 +15,15 @@ * */ -#ifndef _FIDO_UAF_AUTH_H_ -#define _FIDO_UAF_AUTH_H_ +#ifndef __TIZEN_FIDO_UAF_AUTHENTICATOR_H__ +#define __TIZEN_FIDO_UAF_AUTHENTICATOR_H__ -#include "fido_uaf_types.h" +#include + +#ifdef __cplusplus +extern "C" +{ +#endif /** * @file fido_uaf_authenticator.h @@ -35,8 +40,8 @@ * @brief Called once for each result of calling fido_foreach_authenticator() * @since_tizen 3.0 * - * @param[out] auth_info The Authenticator info handle. This param will be freed by framework. - * @param[out] user_data The user data that was attached during fido_foreach_authenticator() call. + * @param[in] auth_info The Authenticator info handle. This param will be freed by framework + * @param[in] user_data The user data that was attached during fido_foreach_authenticator() call * @see fido_foreach_authenticator() */ typedef void (*fido_authenticator_cb)(const fido_authenticator_h auth_info, void *user_data); @@ -45,28 +50,29 @@ typedef void (*fido_authenticator_cb)(const fido_authenticator_h auth_info, void * @brief Retrieves all the available FIDO authenticators supported by this Device. * @details fido_authenticator_cb() callback is called synchronously once for each authenticator. * @since_tizen 3.0 + * @privlevel public + * @privilege %http://tizen.org/privilege/fido.client * - * - * @param[in] cb The iteration callback handle. - * @param[in] user_data The user data handle. + * @param[in] cb The iteration callback handle + * @param[in] user_data The user data handle * * @return @c 0 on success, * otherwise a negative error value * @retval #FIDO_ERROR_NONE Successful * @retval #FIDO_ERROR_OUT_OF_MEMORY Out of Memory * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter - * @retval #FIDO_ERROR_PERMISSION_DENIED The application does not have permission to call this API. + * @retval #FIDO_ERROR_PERMISSION_DENIED The application does not have permission to call this function. * @retval #FIDO_ERROR_NOT_SUPPORTED FIDO is not supported on this device. */ -EXPORT_API int fido_foreach_authenticator(fido_authenticator_cb cb, void *user_data); +int fido_foreach_authenticator(fido_authenticator_cb cb, void *user_data); /** * @brief Gets the Authenticator title. * @since_tizen 3.0 * - * @remarks The application must free title using free(). - * @param[in] auth The Authenticator handle. - * @param[out] title The title. + * @remarks The @a title should be released using free(). + * @param[in] auth The Authenticator handle + * @param[out] title The title * * @return @c 0 on success, * otherwise a negative error value @@ -74,15 +80,15 @@ EXPORT_API int fido_foreach_authenticator(fido_authenticator_cb cb, void *user_d * @retval #FIDO_ERROR_OUT_OF_MEMORY Out of Memory * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_get_title(const fido_authenticator_h auth, char **title); +int fido_authenticator_get_title(const fido_authenticator_h auth, char **title); /** - * @brief Retrieves the Authenticator AAID(Authenticator Attestation ID). + * @brief Retrieves the Authenticator AAID (Authenticator Attestation ID). * @since_tizen 3.0 * - * @remarks The application must free aaid using free(). - * @param[in] auth The Authenticator handle. - * @param[out] aaid The AAID. + * @remarks The @a aaid should be released using free(). + * @param[in] auth The Authenticator handle + * @param[out] aaid The AAID * * @return @c 0 on success, * otherwise a negative error value @@ -90,15 +96,15 @@ EXPORT_API int fido_authenticator_get_title(const fido_authenticator_h auth, cha * @retval #FIDO_ERROR_OUT_OF_MEMORY Out of Memory * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_get_aaid(const fido_authenticator_h auth, char **aaid); +int fido_authenticator_get_aaid(const fido_authenticator_h auth, char **aaid); /** * @brief Retrieves the Authenticator description * @since_tizen 3.0 * - * @remarks The application must free desc using free(). - * @param[in] auth The Authenticator handle. - * @param[out] desc The description. + * @remarks The @a desc should be released using free(). + * @param[in] auth The Authenticator handle + * @param[out] desc The description * * @return @c 0 on success, * otherwise a negative error value @@ -106,15 +112,15 @@ EXPORT_API int fido_authenticator_get_aaid(const fido_authenticator_h auth, char * @retval #FIDO_ERROR_OUT_OF_MEMORY Out of Memory * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_get_description(const fido_authenticator_h auth, char **desc); +int fido_authenticator_get_description(const fido_authenticator_h auth, char **desc); /** * @brief Retrieves the Authenticator assertion scheme. * @since_tizen 3.0 * - * @remarks The application must free scheme using free().Refer to FIDO UAF Registry document for more details. - * @param[in] auth The Authenticator handle. - * @param[out] scheme The assertion scheme. UAFV1TLV is the default assertion scheme. + * @remarks The @a scheme should be released using free(). Refer to FIDO UAF Registry document for more details. + * @param[in] auth The Authenticator handle + * @param[out] scheme The assertion scheme. UAFV1TLV is the default assertion scheme * * @return @c 0 on success, * otherwise a negative error value @@ -122,28 +128,28 @@ EXPORT_API int fido_authenticator_get_description(const fido_authenticator_h aut * @retval #FIDO_ERROR_OUT_OF_MEMORY Out of Memory * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_get_assertion_scheme(const fido_authenticator_h auth, char **scheme); +int fido_authenticator_get_assertion_scheme(const fido_authenticator_h auth, char **scheme); /** - * @brief Retrieves the Authenticator algorithm + * @brief Retrieves the Authenticator algorithm. * @since_tizen 3.0 * - * @param[in] auth The Authenticator handle. - * @param[out] algo The authenitcation algorithm. + * @param[in] auth The Authenticator handle + * @param[out] algo The authentication algorithm * * @return @c 0 on success, * otherwise a negative error value * @retval #FIDO_ERROR_NONE Successful * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_get_algorithm(const fido_authenticator_h auth, fido_auth_algo_e *algo); +int fido_authenticator_get_algorithm(const fido_authenticator_h auth, fido_auth_algo_e *algo); /** - * @brief Called once for each result of calling fido_authenticator_foreach_attestation_type() + * @brief Called once for each result of calling fido_authenticator_foreach_attestation_type(). * @since_tizen 3.0 * - * @param[out] att_type The Authenticator attestation type. - * @param[out] user_data The user data that was attached during fido_authenticator_foreach_attestation_type() call. + * @param[in] att_type The Authenticator attestation type + * @param[in] user_data The user data that was attached during fido_authenticator_foreach_attestation_type() call */ typedef void (*fido_attestation_type_cb)(fido_auth_attestation_type_e att_type, void *user_data); @@ -151,111 +157,111 @@ typedef void (*fido_attestation_type_cb)(fido_auth_attestation_type_e att_type, * @brief Retrieves all the available attestation types for this Authenticator. * @since_tizen 3.0 * - * @param[in] auth The Authenticator handle. - * @param[in] cb The iteration callback. - * @param[in] user_data The user data. + * @param[in] auth The Authenticator handle + * @param[in] cb The iteration callback + * @param[in] user_data The user data * * @return @c 0 on success, * otherwise a negative error value * @retval #FIDO_ERROR_NONE Successful * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_foreach_attestation_type(const fido_authenticator_h auth, +int fido_authenticator_foreach_attestation_type(const fido_authenticator_h auth, fido_attestation_type_cb cb, void *user_data); /** * @brief Retrieves the user verification method of this Authenticator. * @since_tizen 3.0 * - * @param[in] auth The Authenticator handle. - * @param[out] user_verification The user verification method. + * @param[in] auth The Authenticator handle + * @param[out] user_verification The user verification method * * @return @c 0 on success, * otherwise a negative error value * @retval #FIDO_ERROR_NONE Successful * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_get_verification_method(const fido_authenticator_h auth, +int fido_authenticator_get_verification_method(const fido_authenticator_h auth, fido_auth_user_verify_type_e *user_verification); /** * @brief Retrieves the key protection method of this Authenticator. * @since_tizen 3.0 * - * @param[in] auth The Authenticator handle. - * @param[out] key_protection The key protection method. + * @param[in] auth The Authenticator handle + * @param[out] key_protection The key protection method * * @return @c 0 on success, * otherwise a negative error value * @retval #FIDO_ERROR_NONE Successful * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_get_key_protection_method(const fido_authenticator_h auth, +int fido_authenticator_get_key_protection_method(const fido_authenticator_h auth, fido_auth_key_protection_type_e *key_protection); /** * @brief Retrieves the matcher protection method of this Authenticator. * @since_tizen 3.0 * - * @param[in] auth The Authenticator handle. - * @param[out] matcher_protection The matcher protection method. + * @param[in] auth The Authenticator handle + * @param[out] matcher_protection The matcher protection method * * @return @c 0 on success, * otherwise a negative error value * @retval #FIDO_ERROR_NONE Successful * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_get_matcher_protection_method(const fido_authenticator_h auth, +int fido_authenticator_get_matcher_protection_method(const fido_authenticator_h auth, fido_auth_matcher_protection_type_e *matcher_protection); /** * @brief Retrieves the attachment hint of this Authenticator. * @since_tizen 3.0 * - * @param[in] auth The Authenticator handle. - * @param[out] attachment_hint The matcher protection method. + * @param[in] auth The Authenticator handle + * @param[out] attachment_hint The matcher protection method * * @return @c 0 on success, * otherwise a negative error value * @retval #FIDO_ERROR_NONE Successful * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_get_attachment_hint(const fido_authenticator_h auth, +int fido_authenticator_get_attachment_hint(const fido_authenticator_h auth, fido_auth_attachment_hint_e *attachment_hint); /** * @brief Checks if the Authenticator is Second factor only which is supported by U2F standards. * @since_tizen 3.0 * - * @param[in] auth The Authenticator handle. + * @param[in] auth The Authenticator handle * * @return @c true if its only second factor, * otherwise false. */ -EXPORT_API bool fido_authenticator_get_is_second_factor_only(const fido_authenticator_h auth); +bool fido_authenticator_get_is_second_factor_only(const fido_authenticator_h auth); /** * @brief Retrieves the Transaction Confirmation display type of this Authenticator. * @since_tizen 3.0 * - * @param[in] auth The Authenticator handle. - * @param[out] tc_display The TC display type. + * @param[in] auth The Authenticator handle + * @param[out] tc_display The TC display type * * @return @c 0 on success, * otherwise a negative error value * @retval #FIDO_ERROR_NONE Successful * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_get_tc_discplay(const fido_authenticator_h auth, +int fido_authenticator_get_tc_discplay(const fido_authenticator_h auth, fido_auth_tc_display_type_e *tc_display); /** * @brief Retrieves the Transaction Confirmation display content type of this Authenticator. * @since_tizen 3.0 * - * @remarks The application must free tc_display_content_type using free(). - * @param[in] auth The Authenticator handle. - * @param[out] tc_display_content_type The TC display content type which is supported MIME type [RFC2049] such as text/plain or image/png. + * @remarks The @a tc_display_content_type should be released using free(). + * @param[in] auth The Authenticator handle + * @param[out] tc_display_content_type The TC display content type which is supported MIME type [RFC2049] such as text/plain or image/png * * @return @c 0 on success, * otherwise a negative error value @@ -263,15 +269,15 @@ EXPORT_API int fido_authenticator_get_tc_discplay(const fido_authenticator_h aut * @retval #FIDO_ERROR_OUT_OF_MEMORY Out of Memory * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_get_tc_display_type(const fido_authenticator_h auth, char **tc_display_content_type); +int fido_authenticator_get_tc_display_type(const fido_authenticator_h auth, char **tc_display_content_type); /** * @brief Retrieves the icon of this Authenticator. * @since_tizen 3.0 * - * @remarks The application must free icon using free(). - * @param[in] auth The Authenticator handle. - * @param[out] icon The icon. Portable Network Graphic (PNG) format image file representing the icon encoded as a data: url[RFC2397]. + * @remarks The @a icon should be released using free(). + * @param[in] auth The Authenticator handle + * @param[out] icon The icon. Portable Network Graphic (PNG) format image file representing the icon encoded as a data: url[RFC2397] * * @return @c 0 on success, * otherwise a negative error value @@ -279,10 +285,14 @@ EXPORT_API int fido_authenticator_get_tc_display_type(const fido_authenticator_h * @retval #FIDO_ERROR_OUT_OF_MEMORY Out of Memory * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_authenticator_get_icon(const fido_authenticator_h auth, char **icon); +int fido_authenticator_get_icon(const fido_authenticator_h auth, char **icon); /** * @} */ +#ifdef __cplusplus +} +#endif + #endif diff --git a/include/fido_uaf_client.h b/include/fido_uaf_client.h index b759d3c..d3c0e2a 100755 --- a/include/fido_uaf_client.h +++ b/include/fido_uaf_client.h @@ -15,11 +15,16 @@ * */ -#ifndef FIDO_UAF_CLIENT_H_ -#define FIDO_UAF_CLIENT_H_ +#ifndef __TIZEN_FIDO_UAF_CLIENT_H__ +#define __TIZEN_FIDO_UAF_CLIENT_H__ #include +#ifdef __cplusplus +extern "C" +{ +#endif + /** * @file fido_uaf_client.h * @brief The FIDO UAF Client APIs. @@ -34,8 +39,8 @@ * @brief Gets the FIDO client vendor name. * @since_tizen 3.0 * - * @remarks The application must free vendor_name using free(). - * @param[out] vendor_name The vendor name. + * @remarks The @a vendor_name should be released using free(). + * @param[out] vendor_name The vendor name * * @return @c 0 on success, * otherwise a negative error value @@ -43,14 +48,14 @@ * @retval #FIDO_ERROR_OUT_OF_MEMORY Out of Memory * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_get_client_vendor(char **vendor_name); +int fido_get_client_vendor(char **vendor_name); /** * @brief Gets the FIDO client vendor version information. * @since_tizen 3.0 * - * @param[out] client_major_version The FIDO client major version. - * @param[out] client_minor_version The FIDO client minor version. + * @param[out] client_major_version The FIDO client major version + * @param[out] client_minor_version The FIDO client minor version * * @return @c 0 on success, * otherwise a negative error value @@ -58,7 +63,7 @@ EXPORT_API int fido_get_client_vendor(char **vendor_name); * @retval #FIDO_ERROR_OUT_OF_MEMORY Out of Memory * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter */ -EXPORT_API int fido_get_client_version(int *client_major_version, int *client_minor_version); +int fido_get_client_version(int *client_major_version, int *client_minor_version); /** * @} @@ -72,32 +77,49 @@ EXPORT_API int fido_get_client_version(int *client_major_version, int *client_mi /** * @brief Checks whether the FIDO message can be processed. * @since_tizen 3.0 + * @privlevel public + * @privilege %http://tizen.org/privilege/fido.client * - * @param[in] uaf_message_json The FIDO message in json format which is recieved from the relying party server. - * @param[out] is_supported True if the message can be handled by the device, else false. + * @param[in] uaf_message_json The FIDO message in JSON format which is received from the relying party server + * @param[out] is_supported True if the message can be handled by the device, else false * * @return @c 0 on success, * otherwise a negative error value * @retval #FIDO_ERROR_NONE Successful * @retval #FIDO_ERROR_OUT_OF_MEMORY Out of Memory - * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter * @retval #FIDO_ERROR_NOT_SUPPORTED FIDO is not supported - * @retval #FIDO_ERROR_PERMISSION_DENIED The application does not have permission to call this API. - * @retval #FIDO_ERROR_UNSUPPORTED_VERSION The UAFMessage does not specify a protocol version supported by this FIDO UAF Client. + * @retval #FIDO_ERROR_PERMISSION_DENIED The application does not have permission to call this function. + * @retval #FIDO_ERROR_UNSUPPORTED_VERSION The UAF Message does not specify a protocol version supported by this FIDO UAF Client. * @retval #FIDO_ERROR_NO_SUITABLE_AUTHENTICATOR No suitable authenticators found. * @retval #FIDO_ERROR_PROTOCOL_ERROR The interaction may have timed out, or the UAF message is malformed. * @retval #FIDO_ERROR_UNTRUSTED_FACET_ID The caller's id is not allowed to use this operation. * */ -EXPORT_API int fido_uaf_is_supported(const char *uaf_message_json, bool *is_supported); +int fido_uaf_is_supported(const char *uaf_message_json, bool *is_supported); /** * @brief Called when fido_uaf_get_response_message() response comes. + * @details The following error codes can be delivered: + * 
+ * #FIDO_ERROR_NONE                        Successful
+ * #FIDO_ERROR_OUT_OF_MEMORY               Out of Memory
+ * #FIDO_ERROR_USER_ACTION_IN_PROGRESS     User action is in progress.
+ * #FIDO_ERROR_USER_CANCELLED              User has cancelled the operation.
+ * #FIDO_ERROR_PERMISSION_DENIED           The application does not have permission to call this
+ *                                         function.
+ * #FIDO_ERROR_UNSUPPORTED_VERSION         The UAF Message does not specify a protocol version
+ *                                         supported by this FIDO UAF Client.
+ * #FIDO_ERROR_NO_SUITABLE_AUTHENTICATOR   No suitable authenticators found.
+ * #FIDO_ERROR_PROTOCOL_ERROR              The interaction may have timed out, or the UAF message
+ *                                         is malformed.
+ * #FIDO_ERROR_UNTRUSTED_FACET_ID          The caller's id is not allowed to use this operation.
+ *
* @since_tizen 3.0 * - * @param[in] tizen_error_code Tizen platform error code. - * @param[in] uaf_response_json FIDO resonse message in json format. - * @param[in] user_data The user data passed from the callback function. + * @param[in] tizen_error_code Tizen platform error code + * @param[in] uaf_response_json FIDO response message in JSON format + * @param[in] user_data The user data passed from the callback function * * @pre fido_uaf_get_response_message() must be called to get this callback invoked. * @see fido_uaf_get_response_message() @@ -106,43 +128,40 @@ typedef void (*fido_uaf_response_message_cb) (fido_error_e tizen_error_code, con /** * @brief Processes the given FIDO UAF message. - * @details The response is delivered via fido_uaf_response_message_cb(). Depending on the FIDO message type, this may involve user interactions. + * @details This function is asynchronous. The response is delivered via fido_uaf_response_message_cb(). + * Depending on the FIDO message type, this may involve user interactions. * * @since_tizen 3.0 + * @privlevel public + * @privilege %http://tizen.org/privilege/fido.client * - * @param[in] uaf_request_json The FIDO UAF message in json format which is recieved from the relying party server. - * @param[in] channel_binding The channel binding data in json format which is recieved from the relying party server. - * @param[in] callback The callback to receive response. - * @param[in] user_data The user data to be passed to the callback function. + * @param[in] uaf_request_json The FIDO UAF message in JSON format which is received from the relying party server + * @param[in] channel_binding The channel binding data in JSON format which is received from the relying party server + * @param[in] callback The callback to receive response + * @param[in] user_data The user data to be passed to the callback function * * @return @c 0 on success, * otherwise a negative error value * @retval #FIDO_ERROR_NONE Successful - * @retval #FIDO_ERROR_OUT_OF_MEMORY Out of Memory * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter * @retval #FIDO_ERROR_NOT_SUPPORTED FIDO is not supported - * @retval #FIDO_ERROR_USER_ACTION_IN_PROGRESS User action is in progress. - * @retval #FIDO_ERROR_USER_CANCELLED User has canceled the operation. - * @retval #FIDO_ERROR_PERMISSION_DENIED The application does not have permission to call this API. - * @retval #FIDO_ERROR_UNSUPPORTED_VERSION The UAFMessage does not specify a protocol version supported by this FIDO UAF Client. - * @retval #FIDO_ERROR_NO_SUITABLE_AUTHENTICATOR No suitable authenticators found. - * @retval #FIDO_ERROR_PROTOCOL_ERROR The interaction may have timed out, or the UAF message is malformed. - * @retval #FIDO_ERROR_UNTRUSTED_FACET_ID The caller's id is not allowed to use this operation. * * @see fido_uaf_response_message_cb() */ -EXPORT_API int fido_uaf_get_response_message(const char *uaf_request_json, const char *channel_binding, +int fido_uaf_get_response_message(const char *uaf_request_json, const char *channel_binding, fido_uaf_response_message_cb callback, void *user_data); /** - * @brief Notifies the server result to the FIDO client. FIDO Server sends the result of processing a UAF message to FIDO client. - * @remarks This is especially important as a new registration may be considered by the client to be in a pending state + * @brief Notifies the FIDO client about the server result. FIDO Server sends the result of processing a UAF message to FIDO client. + * @remarks This is especially important for cases when a new registration may be considered by the client to be in a pending state * until it is communicated that the server accepted it. * * @since_tizen 3.0 + * @privlevel public + * @privilege %http://tizen.org/privilege/fido.client * - * @param[in] response_code The status code received from Server, FIDO_SERVER_STATUS_CODE_OK implies success. - * @param[in] uaf_response_json The FIDO response message sent to server in json format. + * @param[in] response_code The status code received from Server, #FIDO_SERVER_STATUS_CODE_OK implies success + * @param[in] uaf_response_json The FIDO response message sent to server in JSON format * * @return @c 0 on success, * otherwise a negative error value @@ -150,18 +169,22 @@ EXPORT_API int fido_uaf_get_response_message(const char *uaf_request_json, const * @retval #FIDO_ERROR_OUT_OF_MEMORY Out of Memory * @retval #FIDO_ERROR_INVALID_PARAMETER Invalid parameter * @retval #FIDO_ERROR_NOT_SUPPORTED FIDO is not supported - * @retval #FIDO_ERROR_PERMISSION_DENIED The application does not have permission to call this API. - * @retval #FIDO_ERROR_UNSUPPORTED_VERSION The UAFMessage does not specify a protocol version supported by this FIDO UAF Client. + * @retval #FIDO_ERROR_PERMISSION_DENIED The application does not have permission to call this function. + * @retval #FIDO_ERROR_UNSUPPORTED_VERSION The UAF Message does not specify a protocol version supported by this FIDO UAF Client. * @retval #FIDO_ERROR_NO_SUITABLE_AUTHENTICATOR No suitable authenticators found. * @retval #FIDO_ERROR_PROTOCOL_ERROR The interaction may have timed out, or the UAF message is malformed. * @retval #FIDO_ERROR_UNTRUSTED_FACET_ID The caller's id is not allowed to use this operation. * * @see fido_uaf_response_message_cb() */ -EXPORT_API int fido_uaf_set_server_result(int response_code, const char *uaf_response_json); +int fido_uaf_set_server_result(int response_code, const char *uaf_response_json); /** * @} */ +#ifdef __cplusplus +} +#endif + #endif /* FIDO_UAF_CLIENT_H_ */ diff --git a/packaging/fido-client.spec b/packaging/fido-client.spec index 90ce681..1b573e8 100644 --- a/packaging/fido-client.spec +++ b/packaging/fido-client.spec @@ -26,6 +26,9 @@ BuildRequires: pkgconfig(gio-unix-2.0) %if "%{?tizen_version}" == "3.0" BuildRequires: pkgconfig(libtzplatform-config) +BuildRequires: pkgconfig(cynara-client) +BuildRequires: pkgconfig(cynara-session) +BuildRequires: pkgconfig(cynara-creds-gdbus) %endif BuildRequires: pkgconfig(pkgmgr-info) diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt index 69ad801..e046016 100755 --- a/server/CMakeLists.txt +++ b/server/CMakeLists.txt @@ -18,6 +18,9 @@ pkg_check_modules(SERVER_pkgs REQUIRED pkgmgr-info openssl bundle + cynara-client + cynara-session + cynara-creds-gdbus libtzplatform-config ) else() diff --git a/server/fido_privilege_checker.c b/server/fido_privilege_checker.c index 352efff..59a9633 100644 --- a/server/fido_privilege_checker.c +++ b/server/fido_privilege_checker.c @@ -18,8 +18,183 @@ #include "fido_privilege_checker.h" #include "fido_logs.h" +#ifdef WITH_JSON_BUILDER + +#include +#include +#include +static cynara *__cynara = NULL; + +#endif + +/*#define _DISABLE_PRIV_CHECK*/ + +#ifdef WITH_JSON_BUILDER + +static guint +_get_client_pid(GDBusMethodInvocation* invoc) +{ + const char *name = NULL; + name = g_dbus_method_invocation_get_sender(invoc); + if (name == NULL) { + _ERR("g_dbus_method_invocation_get_sender failed"); + return -1; + } + _INFO("sender=[%s]", name); + + + guint pid = -1; + GError *error = NULL; + GVariant *_ret; + + _INFO("calling GetConnectionUnixProcessID"); + + GDBusConnection* conn = g_dbus_method_invocation_get_connection(invoc); + _ret = g_dbus_connection_call_sync(conn, + "org.freedesktop.DBus", + "/org/freedesktop/DBus", + "org.freedesktop.DBus", + "GetConnectionUnixProcessID", + g_variant_new("(s)", name), + NULL, + G_DBUS_CALL_FLAGS_NONE, + -1, + NULL, + &error); + + if (_ret != NULL) { + g_variant_get(_ret, "(u)", &pid); + g_variant_unref(_ret); + } + + _INFO("process Id = [%u]", pid); + return pid; +} + +static int +__check_privilege_by_cynara(const char *client, const char *session, const char *user, const char *privilege) +{ +#ifdef WITH_JSON_BUILDER + int ret; + char err_buf[128] = {0,}; + + ret = cynara_check(__cynara, client, session, user, privilege); + switch (ret) { + case CYNARA_API_ACCESS_ALLOWED: + _DBG("cynara_check success"); + return FIDO_ERROR_NONE; + + case CYNARA_API_ACCESS_DENIED: + _ERR("cynara_check permission deined, privilege=%s, error = CYNARA_API_ACCESS_DENIED", privilege); + return FIDO_ERROR_PERMISSION_DENIED; + + default: + cynara_strerror(ret, err_buf, sizeof(err_buf)); + _ERR("cynara_check error : %s, privilege=%s, ret = %d", err_buf, privilege, ret); + return FIDO_ERROR_PERMISSION_DENIED; + } + + return FIDO_ERROR_NONE; +#endif + + return FIDO_ERROR_NONE; +} + +static int +__get_information_for_cynara_check(GDBusMethodInvocation *invocation, char **client, char **user, char **session) +{ +#ifdef WITH_JSON_BUILDER + GDBusConnection *gdbus_conn = NULL; + char* sender = NULL; + int ret = -1; + + gdbus_conn = g_dbus_method_invocation_get_connection(invocation); + if (gdbus_conn == NULL) { + _ERR("g_dbus_method_invocation_get_connection failed"); + return -1; + } + + sender = (char*) g_dbus_method_invocation_get_sender(invocation); + if (sender == NULL) { + _ERR("g_dbus_method_invocation_get_sender failed"); + return -1; + } + + ret = cynara_creds_gdbus_get_user(gdbus_conn, sender, USER_METHOD_DEFAULT, user); + if (ret != CYNARA_API_SUCCESS) { + _ERR("cynara_creds_gdbus_get_user failed, ret = %d", ret); + return -1; + } + + ret = cynara_creds_gdbus_get_client(gdbus_conn, sender, CLIENT_METHOD_DEFAULT, client); + if (ret != CYNARA_API_SUCCESS) { + _ERR("cynara_creds_gdbus_get_client failed, ret = %d", ret); + return -1; + } + + guint pid = _get_client_pid(invocation); + _INFO("client Id = [%u]", pid); + + *session = cynara_session_from_pid(pid); + if (*session == NULL) { + _ERR("cynara_session_from_pid failed"); + return -1; + } + return FIDO_ERROR_NONE; + #endif + + return FIDO_ERROR_NONE; +} +#endif + bool is_allowed_to_call(GDBusMethodInvocation *invocation, const char* privilege) { +#ifdef WITH_JSON_BUILDER + + int ret = -1; + + if (__cynara == NULL) { + ret = cynara_initialize(&__cynara, NULL); + if (ret != CYNARA_API_SUCCESS) { + _ERR("CYNARA Initialization fail"); + return false; + } + } + + char *client = NULL; + char *session = NULL; + char *user = NULL; + + ret = __get_information_for_cynara_check(invocation, &client, &user, &session); + if (ret != FIDO_ERROR_NONE) { + _ERR("__get_information_for_cynara_check failed"); + g_free(client); + g_free(user); + SAFE_DELETE(session); + + return false; + } + + ret = __check_privilege_by_cynara(client, session, user, privilege); + + /*TODO enable after smack is defined*/ +#ifndef _DISABLE_PRIV_CHECK + if (ret != FIDO_ERROR_NONE) { + _ERR("__check_privilege_by_cynara failed, ret = %d", ret); + g_free(client); + g_free(user); + SAFE_DELETE(session); + + return false; + } +#endif + g_free(client); + g_free(user); + SAFE_DELETE(session); + + return true; + #endif + return true; } diff --git a/server/fido_privilege_checker.h b/server/fido_privilege_checker.h index b24447d..9009c23 100644 --- a/server/fido_privilege_checker.h +++ b/server/fido_privilege_checker.h @@ -21,7 +21,7 @@ #include #include "fido_internal_types.h" -#define _FIDO_CLIENT_PRIVILEGE "http://tizen.org/privilege/fido" +#define _FIDO_CLIENT_PRIVILEGE "http://tizen.org/privilege/fido.client" bool is_allowed_to_call(GDBusMethodInvocation *invocation, const char* privilege); diff --git a/test/3_0_Sample_App/FIDOSample/tizen-manifest.xml b/test/3_0_Sample_App/FIDOSample/tizen-manifest.xml index cc6c2e4..7cba4ee 100644 --- a/test/3_0_Sample_App/FIDOSample/tizen-manifest.xml +++ b/test/3_0_Sample_App/FIDOSample/tizen-manifest.xml @@ -2,11 +2,12 @@ - - fidosample.png + + fidosample.png - http://tizen.org/privilege/account.read - http://tizen.org/privilege/account.write + http://tizen.org/privilege/account.read + http://tizen.org/privilege/account.write + http://tizen.org/privilege/fido.client -- 2.7.4