Commit e8766fbf authored by Renato Figueiro Maia's avatar Renato Figueiro Maia

[OPENBUS-2657] (Lua) Evitar a necessidade que o servidor chamado tenha um login válido

git-svn-id: https://subversion.tecgraf.puc-rio.br/engdist/openbus/sdk/lua/trunk@158270 ae0415b3-e90b-0410-900d-d0be9363c56b
parent 9dd7a516
......@@ -32,12 +32,6 @@ properties[#properties+1] =
-- define test cases
local CredentialResetCases = {
{
target = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
session = 2^32-1,
secret = string.rep("\171", 16),
expected = except.minor.InvalidTarget,
},
{
session = 2^32-1,
challenge = string.rep("\171", idl.const.EncryptedBlockSize),
......@@ -68,14 +62,8 @@ for _, offer in ipairs(findoffers(OfferRegistry, properties)) do
local server = offer.service_ref:getFacetByName(iface.name):__narrow(iface)
server:NonBusCall()
for _, case in ipairs(CredentialResetCases) do
local ok, ex
if case.challenge == nil then
ok, ex = pcall(server.ResetCredential, server,
case.target, case.session, case.secret)
else
ok, ex = pcall(server.ResetCredentialWithChallenge, server,
case.session, case.challenge)
end
local ok, ex = pcall(server.ResetCredentialWithChallenge, server,
case.session, case.challenge)
assert(ok == false)
assert(ex._repid == except.repid.NO_PERMISSION)
assert(ex.minor == case.expected)
......
......@@ -20,23 +20,10 @@ local impl, servant, iface do
function impl:RaiseNoPermission(minor)
sysex.NO_PERMISSION{ completed = "COMPLETED_NO", minor = minor }
end
function impl:ResetCredential(target, session, secret)
local data = assert(getreqcxt(idl.const.credential.CredentialContextId))
local cred = assert(decodeCredential(data))
local client = self.context:getLoginRegistry():getLoginInfo(cred.login)
putrepcxt(idl.const.credential.CredentialContextId, encodeReset{
target = target,
session = session,
challenge = assert(client.pubkey:encrypt(secret)),
})
sysex.NO_PERMISSION{
completed = "COMPLETED_NO",
minor = idl.const.services.access_control.InvalidCredentialCode,
}
end
function impl:ResetCredentialWithChallenge(session, challenge)
putrepcxt(idl.const.credential.CredentialContextId, encodeReset{
target = self.login,
entity = self.entity,
session = session,
challenge = challenge,
})
......@@ -83,6 +70,7 @@ OpenBusContext:setDefaultConnection(conn)
-- login to the bus
conn:loginByCertificate(system, assert(openbus.readKeyFile(syskey)))
impl.login = conn.login.id
impl.entity = conn.login.entity
-- offer service
local OfferRegistry = OpenBusContext:getOfferRegistry()
......
......@@ -68,7 +68,7 @@ local InvalidEncodedStream = libthrow.InvalidEncodedStream
local WrongBus = libthrow.WrongBus
local coreidl = require "openbus.core.idl"
local coreconst = coreidl.const
local BusLogin = coreconst.BusLogin
local BusEntity = coreconst.BusEntity
local BusObjectKey = coreconst.BusObjectKey
local EncryptedBlockSize = coreconst.EncryptedBlockSize
local CredentialContextId = coreconst.credential.CredentialContextId
......@@ -370,7 +370,7 @@ end
local NullChain = {}
function Connection:signChainFor(target, chain)
if target == BusLogin then return chain end
if target == BusEntity then return chain end
local access = self.AccessControl
local cache = self.signedChainOf[chain or NullChain]
local joined = cache:get(target)
......
......@@ -250,28 +250,22 @@ function Interceptor:sendrequest(request)
local profile2login = self.profile2login
local target = profile2login:get(request.profile_data)
if target ~= nil then -- known IOR profile, so it supports OpenBus 2.0
local ok, result = pcall(self.signChainFor, self, target, chain or NullChain)
if not ok then
log:exception(msg.UnableToSignChainForTarget:tag{
error = result,
target = target,
chain = chain,
})
local minor = loginconst.UnavailableBusCode
if result._repid == InvalidLoginsException then
for profile_data, profile_target in pairs(profile2login.map) do
if target == profile_target then
profile2login:remove(profile_data)
end
end
minor = loginconst.InvalidTargetCode
end
setNoPermSysEx(request, minor)
return
end
chain = result
local session = self.outgoingSessions:get(target)
if session ~= nil then -- credential session is established
local entity = session.entity
local ok, result = pcall(self.signChainFor, self, entity, chain or
NullChain)
if not ok then
log:exception(msg.UnableToSignChainForTarget:tag{
error = result,
target = target,
entity = entity,
chain = chain,
})
setNoPermSysEx(request, loginconst.UnavailableBusCode)
return
end
chain = result
sessionid = session.id
ticket = session.ticket+1
session.ticket = ticket
......@@ -326,8 +320,10 @@ function Interceptor:receivereply(request)
local secret, errmsg = self.prvkey:decrypt(reset.challenge)
if secret ~= nil then
local target = reset.target
local entity = reset.entity
log:access(self, msg.GotCredentialReset:tag{
operation = request.operation_name,
entity = entity,
remote = target,
})
reset.secret = secret
......@@ -337,6 +333,7 @@ function Interceptor:receivereply(request)
id = reset.session,
secret = reset.secret,
remote = target,
entity = entity,
ticket = -1,
})
request.success = nil -- reissue request to the same reference
......@@ -405,9 +402,11 @@ function Interceptor:receiverequest(request, credential)
remote = caller.id,
entity = caller.entity,
})
local login = self.login
local encoder = context.orb:newencoder()
encoder:put({
target = self.login.id,
target = login.id,
entity = login.entity,
session = newsession.id,
challenge = challenge,
}, context.types.CredentialReset)
......
......@@ -113,7 +113,7 @@ do log:TEST("Encode and decode chains")
local entity2 = conn2.login.entity
OpenBusContext:setDefaultConnection(conn1)
local chain1to2 = OpenBusContext:makeChainFor(conn2.login.id)
local chain1to2 = OpenBusContext:makeChainFor(entity2)
local stream = assert(OpenBusContext:encodeChain(chain1to2))
assert(type(stream) == "string")
chain1to2 = assert(OpenBusContext:decodeChain(stream))
......@@ -125,7 +125,7 @@ do log:TEST("Encode and decode chains")
OpenBusContext:setDefaultConnection(conn2)
OpenBusContext:joinChain(chain1to2)
local chain1to2to1 = OpenBusContext:makeChainFor(conn1.login.id)
local chain1to2to1 = OpenBusContext:makeChainFor(entity1)
OpenBusContext:exitChain()
OpenBusContext:setDefaultConnection(nil)
......
......@@ -34,7 +34,7 @@ do log:TEST("Make chains for active logins")
local entity2 = conn2.login.entity
OpenBusContext:setDefaultConnection(conn1)
local chain1to2 = OpenBusContext:makeChainFor(conn2.login.id)
local chain1to2 = OpenBusContext:makeChainFor(entity2)
assert(chain1to2.busid == busid)
assert(chain1to2.target == entity2)
assert(chain1to2.caller.id == login1)
......@@ -42,14 +42,14 @@ do log:TEST("Make chains for active logins")
assert(#chain1to2.originators == 0)
OpenBusContext:joinChain(chain1to2)
local ok, ex = pcall(OpenBusContext.makeChainFor, OpenBusContext, conn1.login.id)
local ok, ex = pcall(OpenBusContext.makeChainFor, OpenBusContext, entity1)
assert(not ok)
assert(ex._repid == sysex.NO_PERMISSION)
assert(ex.completed == "COMPLETED_NO")
assert(ex.minor == idl.const.services.access_control.InvalidChainCode)
OpenBusContext:setDefaultConnection(conn2)
local chain1to2to1 = OpenBusContext:makeChainFor(conn1.login.id)
local chain1to2to1 = OpenBusContext:makeChainFor(entity1)
assert(chain1to2to1.busid == busid)
assert(chain1to2to1.target == entity1)
assert(chain1to2to1.caller.id == login2)
......@@ -68,17 +68,20 @@ do log:TEST("Fail to make chain for invalid logins")
conn:loginByPassword(user, password)
OpenBusContext:setDefaultConnection(conn)
local ok, ex = pcall(OpenBusContext.makeChainFor, OpenBusContext, "invalid login")
assert(not ok)
assert(ex._repid == idl.types.services.access_control.InvalidLogins)
assert(ex.loginIds[1] == "invalid login")
local FakeEntity = "Fake Entity"
local chain = OpenBusContext:makeChainFor(FakeEntity)
assert(chain.busid == conn.busid)
assert(chain.target == FakeEntity)
assert(chain.caller.id == conn.login.id)
assert(chain.caller.entity == user)
assert(#chain.originators == 0)
OpenBusContext:setDefaultConnection(nil)
conn:logout()
end
do log:TEST("Fail to make chain without login")
local ok, ex = pcall(OpenBusContext.makeChainFor, OpenBusContext, "invalid login")
local ok, ex = pcall(OpenBusContext.makeChainFor, OpenBusContext, user)
assert(not ok)
assert(ex._repid == sysex.NO_PERMISSION)
assert(ex.completed == "COMPLETED_NO")
......@@ -87,7 +90,7 @@ do log:TEST("Fail to make chain without login")
local conn = OpenBusContext:createConnection(bushost, busport, connprops)
OpenBusContext:setDefaultConnection(conn)
local ok, ex = pcall(OpenBusContext.makeChainFor, OpenBusContext, "invalid login")
local ok, ex = pcall(OpenBusContext.makeChainFor, OpenBusContext, user)
assert(not ok)
assert(ex._repid == sysex.NO_PERMISSION)
assert(ex.completed == "COMPLETED_NO")
......@@ -96,7 +99,7 @@ do log:TEST("Fail to make chain without login")
conn:loginByPassword(user, password)
conn:logout()
local ok, ex = pcall(OpenBusContext.makeChainFor, OpenBusContext, "invalid login")
local ok, ex = pcall(OpenBusContext.makeChainFor, OpenBusContext, user)
assert(not ok)
assert(ex._repid == sysex.NO_PERMISSION)
assert(ex.completed == "COMPLETED_NO")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment