remote auth check userid

Change-Id: I10445ae4a21ed9878adc81b063607892ecb8027e
Signed-off-by: Tianshi Liu <tianshi.liu@huawei.com>
This commit is contained in:
Tianshi Liu 2024-05-22 00:57:34 +08:00
parent 45eda45295
commit ba8ea387a2
7 changed files with 44 additions and 11 deletions

View File

@ -34,6 +34,7 @@ namespace UserAuth {
constexpr size_t MAX_CHALLENG_LEN = 32; constexpr size_t MAX_CHALLENG_LEN = 32;
constexpr int32_t USER_AUTH_TIP_SINGLE_AUTH_RESULT = 9999; constexpr int32_t USER_AUTH_TIP_SINGLE_AUTH_RESULT = 9999;
constexpr int INVALID_SOCKET_ID = -1; constexpr int INVALID_SOCKET_ID = -1;
constexpr int INVALID_USER_ID = -1;
constexpr int32_t MAIN_USER_ID = 100; constexpr int32_t MAIN_USER_ID = 100;
/** /**
* @brief Defines authentication type. * @brief Defines authentication type.

View File

@ -64,7 +64,7 @@ void FiniteStateMachineImpl::ScheduleInner(FiniteStateMachine &machine)
uint32_t event = 0; uint32_t event = 0;
bool result = pendingEvents_.Pop(event); bool result = pendingEvents_.Pop(event);
if (!result) { if (!result) {
IAM_LOGE("fsm %{public}s pop event fail", name_.c_str()); IAM_LOGI("fsm %{public}s pop event fail", name_.c_str());
break; break;
} }

View File

@ -138,7 +138,7 @@ bool RemoteAuthContext::OnStart()
bool RemoteAuthContext::StartAuth() bool RemoteAuthContext::StartAuth()
{ {
std::lock_guard<std::recursive_mutex> lock(mutex_); std::lock_guard<std::recursive_mutex> lock(mutex_);
IAM_LOGI("%{public}s start", GetDescription()); IAM_LOGI("%{public}s start remote auth", GetDescription());
IF_FALSE_LOGE_AND_RETURN_VAL(executorInfoMsg_.size() > 0, false); IF_FALSE_LOGE_AND_RETURN_VAL(executorInfoMsg_.size() > 0, false);
@ -159,8 +159,14 @@ bool RemoteAuthContext::StartAuth()
auth_->SetCollectorUdid(collectorUdid); auth_->SetCollectorUdid(collectorUdid);
IAM_LOGI("%{public}s StartAuth success", GetDescription()); bool startAuthRet = SimpleAuthContext::OnStart();
return SimpleAuthContext::OnStart(); IF_FALSE_LOGE_AND_RETURN_VAL(startAuthRet, false);
IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_.size() == 1, false);
IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_[0] != nullptr, false);
IAM_LOGI("%{public}s start remote auth success, connectionName:%{public}s, scheduleId:%{public}s",
GetDescription(), connectionName_.c_str(), GET_MASKED_STRING(scheduleList_[0]->GetScheduleId()).c_str());
return true;
} }
void RemoteAuthContext::StartAuthDelayed() void RemoteAuthContext::StartAuthDelayed()
@ -227,7 +233,7 @@ bool RemoteAuthContext::SendQueryExecutorInfoMsg()
IF_FALSE_LOGE_AND_RETURN(sharedThis != nullptr); IF_FALSE_LOGE_AND_RETURN(sharedThis != nullptr);
StartAuthDelayed(); StartAuthDelayed();
}); });
IAM_LOGE("%{public}s query executor info success", GetDescription()); IAM_LOGI("%{public}s query executor info success", GetDescription());
}; };
ResultCode sendMsgRet = RemoteConnectionManager::GetInstance().SendMessage(connectionName_, endPointName_, ResultCode sendMsgRet = RemoteConnectionManager::GetInstance().SendMessage(connectionName_, endPointName_,

View File

@ -250,7 +250,7 @@ void SimpleAuthContext::InvokeResultCallback(const Authentication::AuthResultInf
IF_FALSE_LOGE_AND_RETURN(setRemoteAuthResultMsg == true); IF_FALSE_LOGE_AND_RETURN(setRemoteAuthResultMsg == true);
} }
callback_->OnResult(resultInfo.result, finalResult); callback_->OnResult(resultInfo.result, finalResult);
IAM_LOGI("%{public}s invoke result callback success", GetDescription()); IAM_LOGI("%{public}s invoke result callback success, result %{public}d", GetDescription(), resultInfo.result);
} }
} // namespace UserAuth } // namespace UserAuth
} // namespace UserIam } // namespace UserIam

View File

@ -24,7 +24,6 @@
namespace OHOS { namespace OHOS {
namespace UserIam { namespace UserIam {
namespace UserAuth { namespace UserAuth {
constexpr int INVALID_USER_ID = INT_MAX;
class TemplateCacheManager { class TemplateCacheManager {
public: public:
static TemplateCacheManager &GetInstance(); static TemplateCacheManager &GetInstance();

View File

@ -249,7 +249,7 @@ int32_t RemoteExecutorProxy::OnBeginExecute(uint64_t scheduleId, const std::vect
sharedSelf->OnErrorFinish(scheduleId); sharedSelf->OnErrorFinish(scheduleId);
return; return;
} }
IAM_LOGE("scheduleId %{public}s begin execute success", GET_MASKED_STRING(scheduleId).c_str()); IAM_LOGI("scheduleId %{public}s begin execute success", GET_MASKED_STRING(scheduleId).c_str());
}; };
ResultCode sendMsgRet = RemoteConnectionManager::GetInstance().SendMessage(connectionName_, endPointName_, ResultCode sendMsgRet = RemoteConnectionManager::GetInstance().SendMessage(connectionName_, endPointName_,

View File

@ -105,6 +105,29 @@ void GetResourceNodeByTypeAndRole(AuthType authType, ExecutorRole role,
authTypeNodes.push_back(node); authTypeNodes.push_back(node);
}); });
} }
std::string GetAuthParamStr(AuthParamInner &authParam, std::optional<RemoteAuthParam> &remoteAuthParam)
{
std::ostringstream authParamString;
authParamString << "userId:" << authParam.userId << " authType:" << authParam.authType
<< " atl:" << authParam.authTrustLevel;
if (remoteAuthParam.has_value()) {
const uint32_t NETWORK_ID_PRINT_LEN = 4;
const uint32_t TOKEN_ID_MIN_LEN = 2;
auto verifierNetworkIdStr = remoteAuthParam->verifierNetworkId.value_or("").substr(0, NETWORK_ID_PRINT_LEN);
auto collectorNetworkIdStr = remoteAuthParam->collectorNetworkId.value_or("").substr(0, NETWORK_ID_PRINT_LEN);
auto tokenIdStr = std::to_string(remoteAuthParam->collectorTokenId.value_or(0));
if (tokenIdStr.size() > TOKEN_ID_MIN_LEN) {
tokenIdStr = std::string(1, tokenIdStr[0]) + "****" + std::string(1, tokenIdStr[tokenIdStr.size() - 1]);
} else {
tokenIdStr = "";
}
authParamString << " isRemoteAuth:true" << " verifierNetworkId:" << verifierNetworkIdStr << "****"
" collectorNetworkId:" << collectorNetworkIdStr << "****" << " collectorTokenId:" << tokenIdStr;
}
return authParamString.str();
}
const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(UserAuthService::GetInstance().get()); const bool REGISTER_RESULT = SystemAbility::MakeAndRegisterAbility(UserAuthService::GetInstance().get());
} // namespace } // namespace
std::mutex UserAuthService::mutex_; std::mutex UserAuthService::mutex_;
@ -492,9 +515,7 @@ bool UserAuthService::CheckAuthPermissionAndParam(AuthType authType, AuthTrustLe
uint64_t UserAuthService::AuthUser(AuthParamInner &authParam, std::optional<RemoteAuthParam> &remoteAuthParam, uint64_t UserAuthService::AuthUser(AuthParamInner &authParam, std::optional<RemoteAuthParam> &remoteAuthParam,
sptr<UserAuthCallbackInterface> &callback) sptr<UserAuthCallbackInterface> &callback)
{ {
IAM_LOGI("start, userId:%{public}d authType:%{public}d atl:%{public}d remoteAuthParamHasValue:%{public}s", IAM_LOGI("start, %{public}s", GetAuthParamStr(authParam, remoteAuthParam).c_str());
authParam.userId, authParam.authType, authParam.authTrustLevel,
Common::GetBoolStr(remoteAuthParam.has_value()));
auto contextCallback = GetAuthContextCallback(INNER_API_VERSION_10000, authParam.challenge, authParam.authType, auto contextCallback = GetAuthContextCallback(INNER_API_VERSION_10000, authParam.challenge, authParam.authType,
authParam.authTrustLevel, callback); authParam.authTrustLevel, callback);
if (contextCallback == nullptr) { if (contextCallback == nullptr) {
@ -600,6 +621,12 @@ uint64_t UserAuthService::AuthRemoteUser(AuthParamInner &authParam, Authenticati
return BAD_CONTEXT_ID; return BAD_CONTEXT_ID;
} }
if (authParam.userId == INVALID_USER_ID) {
IAM_LOGE("userid must be set for remote auth");
failReason = INVALID_PARAMETERS;
return BAD_CONTEXT_ID;
}
std::string localNetworkId; std::string localNetworkId;
bool getNetworkIdRet = DeviceManagerUtil::GetInstance().GetLocalDeviceNetWorkId(localNetworkId); bool getNetworkIdRet = DeviceManagerUtil::GetInstance().GetLocalDeviceNetWorkId(localNetworkId);
IF_FALSE_LOGE_AND_RETURN_VAL(getNetworkIdRet, BAD_CONTEXT_ID); IF_FALSE_LOGE_AND_RETURN_VAL(getNetworkIdRet, BAD_CONTEXT_ID);