diff --git a/bundle.json b/bundle.json index 752588dea97a2f1180ae9bc64db35257af7b7cd4..7e866c8fb6f9907e11515f5cd3d09580c6b795a2 100644 --- a/bundle.json +++ b/bundle.json @@ -35,7 +35,7 @@ "sub_component": [ "//base/user_iam/auth_executor_mgr/sa_profile:coauth_sa_profile", "//base/user_iam/auth_executor_mgr/services:coauthservice", - "//base/user_iam/auth_executor_mgr/sa_profile:useriam.init" + "//base/user_iam/auth_executor_mgr/sa_profile:useriam.init" ], "inner_kits": [ { diff --git a/common/adaptor/src/file_operator.c b/common/adaptor/src/file_operator.c index 5cabd5042630ff7f2371e00095c0169957efa821..c7aecec00f8060743e5f2912c7018d3726aa1839 100644 --- a/common/adaptor/src/file_operator.c +++ b/common/adaptor/src/file_operator.c @@ -15,6 +15,7 @@ #include "file_operator.h" #include +#include "securec.h" #include "adaptor_log.h" #include "defines.h" @@ -47,6 +48,7 @@ static int32_t ReadFile(const char *fileName, uint8_t *buf, uint32_t len) if (readLen != len) { LOG_ERROR("read file fail"); (void)fclose(fileOperator); + (void)memset_s(buf, len, 0, len); return RESULT_BAD_READ; } (void)fclose(fileOperator); @@ -80,6 +82,7 @@ static int32_t GetFileLen(const char *fileName, uint32_t *len) LOG_ERROR("get bad params"); return RESULT_BAD_PARAM; } + *len = 0; FILE *fileOperator = fopen(fileName, "rb"); if (fileOperator == NULL) { LOG_ERROR("fopen file fail"); diff --git a/common/bundle.json b/common/bundle.json index 82436b5109fee6e51183d4ea60f6c6ac50f058ae..eaf1e532989951a06d06209d9f14c8bfa4e134c6 100644 --- a/common/bundle.json +++ b/common/bundle.json @@ -29,7 +29,7 @@ }, "build": { "sub_component": [ - "//base/user_iam/auth_executor_mgr/common:useriam_common_lib" + "//base/user_iam/auth_executor_mgr/common:useriam_common_lib" ], "inner_kits": [ ], diff --git a/common/coauth/inc/coauth.h b/common/coauth/inc/coauth.h index 6f70679c88d4ce4d69ff95994b517ca5e08a180f..e1adfe49181c201274b778bdfe770b650521ae37 100644 --- a/common/coauth/inc/coauth.h +++ b/common/coauth/inc/coauth.h @@ -18,7 +18,7 @@ #include "pool.h" -#define INAVLID_SESSION_ID 0 +#define INVALID_SESSION_ID 0 #define MAX_EXECUTOR_SIZE 2 typedef enum ScheduleMode { diff --git a/common/coauth/src/coauth.c b/common/coauth/src/coauth.c index 13e1e984fcc8f92ef7ebab0d715442d5171a8cbc..9631a030e33c466032afa4f79cd805471b1470c5 100644 --- a/common/coauth/src/coauth.c +++ b/common/coauth/src/coauth.c @@ -81,6 +81,7 @@ ResultCode AddCoAuthSchedule(CoAuthSchedule *coAuthSchedule) } if (memcpy_s(schedule, sizeof(CoAuthSchedule), coAuthSchedule, sizeof(CoAuthSchedule)) != EOK) { LOG_ERROR("copy fail"); + Free(schedule); return RESULT_BAD_COPY; } ResultCode result = g_scheduleList->insert(g_scheduleList, schedule); @@ -109,7 +110,7 @@ ResultCode RemoveCoAuthSchedule(uint64_t scheduleId) LOG_ERROR("pool not init"); return RESULT_NEED_INIT; } - return g_scheduleList->remove(g_scheduleList, (void *)&scheduleId, IsScheduleMatch); + return g_scheduleList->remove(g_scheduleList, (void *)&scheduleId, IsScheduleMatch, true); } ResultCode GetCoAuthSchedule(CoAuthSchedule *coAuthSchedule) @@ -127,14 +128,14 @@ ResultCode GetCoAuthSchedule(CoAuthSchedule *coAuthSchedule) LOG_ERROR("create iterator fail"); return RESULT_NO_MEMORY; } - int32_t result = RESULT_NO_MEMORY; + int32_t result = RESULT_BAD_MATCH; while (iterator->hasNext(iterator)) { CoAuthSchedule *schedule = (CoAuthSchedule *)iterator->next(iterator); if (schedule->scheduleId != coAuthSchedule->scheduleId) { continue; } if (memcpy_s(coAuthSchedule, sizeof(CoAuthSchedule), schedule, sizeof(CoAuthSchedule)) != EOK) { - LOG_ERROR("create iterator fail"); + LOG_ERROR("memcpy fail"); result = RESULT_BAD_COPY; break; } @@ -168,7 +169,7 @@ static ResultCode GenerateValidScheduleId(uint64_t *scheduleId) return RESULT_BAD_PARAM; } - for (uint32_t i = 0; i < MAX_DULPLICATE_CHECK; i++) { + for (uint32_t i = 0; i < MAX_DUPLICATE_CHECK; i++) { uint64_t tempRandom; if (SecureRandom((uint8_t *)&tempRandom, sizeof(uint64_t)) != RESULT_SUCCESS) { LOG_ERROR("get random failed"); @@ -202,7 +203,7 @@ static ResultCode MountExecutor(uint32_t authType, CoAuthSchedule *coAuthSchedul LinkedListNode *tempNode = executors->head; for (uint32_t i = 0; i < coAuthSchedule->executorSize; i++) { if (tempNode == NULL || tempNode->data == NULL) { - LOG_ERROR("something bad"); + LOG_ERROR("tempNode or data is null"); ret = RESULT_UNKNOWN; goto EXIT; } @@ -212,6 +213,7 @@ static ResultCode MountExecutor(uint32_t authType, CoAuthSchedule *coAuthSchedul ret = RESULT_UNKNOWN; goto EXIT; } + tempNode = tempNode->next; } EXIT: @@ -227,6 +229,10 @@ CoAuthSchedule *GenerateAuthSchedule(uint64_t contextId, uint32_t authType, uint LOG_ERROR("coAuthSchedule is null"); return NULL; } + if (memset_s(coAuthSchedule, sizeof(CoAuthSchedule), 0, sizeof(CoAuthSchedule)) != EOK) { + LOG_ERROR("reset coAuthSchedule fail"); + goto EXIT; + } ResultCode ret = GenerateValidScheduleId(&coAuthSchedule->scheduleId); if (ret != RESULT_SUCCESS) { LOG_ERROR("get scheduleId failed"); @@ -258,6 +264,10 @@ CoAuthSchedule *GenerateIdmSchedule(uint64_t challenge, uint32_t authType, uint6 LOG_ERROR("coAuthSchedule is null"); return NULL; } + if (memset_s(coAuthSchedule, sizeof(CoAuthSchedule), 0, sizeof(CoAuthSchedule)) != EOK) { + LOG_ERROR("reset coAuthSchedule fail"); + goto EXIT; + } ResultCode ret = GenerateValidScheduleId(&coAuthSchedule->scheduleId); if (ret != RESULT_SUCCESS) { LOG_ERROR("get scheduleId failed"); diff --git a/common/coauth/src/coauth_funcs.c b/common/coauth/src/coauth_funcs.c index 647d4564e21077b16a219e759fabdabe14b145af..af8621b3736507af2aa7b5d69a89b3e70b3d89df 100644 --- a/common/coauth/src/coauth_funcs.c +++ b/common/coauth/src/coauth_funcs.c @@ -33,13 +33,17 @@ int32_t GetScheduleInfo(uint64_t scheduleId, ScheduleInfoHal *scheduleInfo) LOG_ERROR("scheduleInfo is null"); return RESULT_BAD_PARAM; } - CoAuthSchedule coAuthSchedule; + CoAuthSchedule coAuthSchedule = {}; coAuthSchedule.scheduleId = scheduleId; int32_t ret = GetCoAuthSchedule(&coAuthSchedule); if (ret != RESULT_SUCCESS) { LOG_ERROR("get coAuth schedule failed"); return ret; } + if (coAuthSchedule.executorSize > MAX_EXECUTOR_SIZE) { + LOG_ERROR("bad coAuth schedule executor size"); + return RESULT_UNKNOWN; + } scheduleInfo->templateId = coAuthSchedule.templateId; scheduleInfo->authSubType = coAuthSchedule.authSubType; scheduleInfo->scheduleMode = coAuthSchedule.scheduleMode; @@ -81,7 +85,7 @@ int32_t ScheduleFinish(const Buffer *executorMsg, ScheduleTokenHal *scheduleToke goto EXIT; } - CoAuthSchedule coAuthSchedule; + CoAuthSchedule coAuthSchedule = {}; coAuthSchedule.scheduleId = resultInfo->scheduleId; ret = GetCoAuthSchedule(&coAuthSchedule); if (ret != RESULT_SUCCESS) { @@ -108,6 +112,7 @@ int32_t ScheduleFinish(const Buffer *executorMsg, ScheduleTokenHal *scheduleToke DestoryBuffer(publicKey); goto EXIT; } + ret = TokenDataGetAndSign(coAuthSchedule.executors[0].authType, resultInfo, scheduleToken); DestoryBuffer(publicKey); @@ -148,10 +153,12 @@ bool IsExecutorExistFunc(uint32_t authType) LinkedList *executorsQuery = NULL; int32_t ret = QueryExecutor(authType, &executorsQuery); if (ret != RESULT_SUCCESS || executorsQuery == NULL) { + LOG_ERROR("query executor fail"); return false; } if (executorsQuery->getSize(executorsQuery) == 0) { + LOG_ERROR("get size fail"); DestroyLinkedList(executorsQuery); return false; } diff --git a/common/coauth/src/executor_message.c b/common/coauth/src/executor_message.c index 126974f0a24d037377097498c200a4a2cf490175..bf128c3e58cb3b958405e3cdb44fe4ff45f6d603 100644 --- a/common/coauth/src/executor_message.c +++ b/common/coauth/src/executor_message.c @@ -15,6 +15,7 @@ #include "executor_message.h" +#include "securec.h" #include "adaptor_log.h" #include "tlv_wrapper.h" #include "adaptor_memory.h" @@ -111,7 +112,7 @@ static ResultCode ParseExecutorResultData(ExecutorResultInfo *result, TlvListNod LOG_ERROR("ParseExecutorResultScheduleId failed"); goto EXIT; } - + EXIT: DestroyTlvList(parseBody); return ret; @@ -137,6 +138,7 @@ static ResultCode ParseRoot(ExecutorResultInfo *result, TlvListNode *body) TlvListNode *parseBody = CreateTlvList(); if (parseBody == NULL) { LOG_ERROR("parseBody is null"); + DestoryBuffer(data); return false; } int ret = ParseTlvWrapper(data->buf, data->contentSize, parseBody); @@ -172,7 +174,7 @@ ExecutorResultInfo *GetExecutorResultInfo(const Buffer *tlv) LOG_ERROR("parseBody is null"); return NULL; } - + int ret = ParseTlvWrapper(tlv->buf, tlv->contentSize, parseBody); if (ret != RESULT_SUCCESS) { LOG_ERROR("ParseTlvWrapper failed"); @@ -185,6 +187,10 @@ ExecutorResultInfo *GetExecutorResultInfo(const Buffer *tlv) LOG_ERROR("malloc failed"); goto EXIT; } + if (memset_s(result, sizeof(ExecutorResultInfo), 0, sizeof(ExecutorResultInfo)) != EOK) { + LOG_ERROR("set result failed"); + goto EXIT; + } ret = ParseRoot(result, parseBody->next); if (ret != RESULT_SUCCESS) { LOG_ERROR("ParseExecutorResult failed"); diff --git a/common/common/inc/defines.h b/common/common/inc/defines.h index f737a39a1c546883a3f9109189734a5acf9915a1..f9622195c159bb50fb14d4d9b6894e5c654c6e66 100644 --- a/common/common/inc/defines.h +++ b/common/common/inc/defines.h @@ -52,6 +52,6 @@ typedef enum AuthSubType { DEFAULT_TYPE = 0, } AuthSubType; -#define MAX_DULPLICATE_CHECK 100 +#define MAX_DUPLICATE_CHECK 100 #endif diff --git a/common/common/inc/linked_list.h b/common/common/inc/linked_list.h index 816c5c93790ea9cf36e0177f429346e056d86d76..d879746491dbe64467d92937f6c1a765e93e299e 100644 --- a/common/common/inc/linked_list.h +++ b/common/common/inc/linked_list.h @@ -41,7 +41,7 @@ typedef struct LinkedList { DESTROY_DATA_FUNC destroyDataFunc; uint32_t (*getSize)(struct LinkedList *list); ResultCode (*insert)(struct LinkedList *list, void *data); - ResultCode (*remove)(struct LinkedList *list, void *condition, MATCH_FUNC matchFunc); + ResultCode (*remove)(struct LinkedList *list, void *condition, MATCH_FUNC matchFunc, bool destroyNode); LinkedListIterator *(*createIterator)(struct LinkedList *list); void (*destroyIterator)(LinkedListIterator *iterator); } LinkedList; diff --git a/common/common/src/buffer.c b/common/common/src/buffer.c index ff5c68f01b9becfe96964fa6e1b6822ac5d41f41..b2e046dfc8073acf7cb928270c3748b7718fc5c1 100644 --- a/common/common/src/buffer.c +++ b/common/common/src/buffer.c @@ -124,7 +124,7 @@ void DestoryBuffer(Buffer *buffer) { if (buffer != NULL) { if (buffer->buf != NULL) { - if (memset_s(buffer->buf, buffer->contentSize, 0, buffer->contentSize) != EOK) { + if (memset_s(buffer->buf, buffer->maxSize, 0, buffer->maxSize) != EOK) { LOG_ERROR("DestoryBuffer memset fail!"); } Free(buffer->buf); diff --git a/common/common/src/linked_list.c b/common/common/src/linked_list.c index 3c20eb1138479c291c5cbee9448bc0170365fb86..d2ba0cae79532a373c39d403c67597ec99cd4a86 100644 --- a/common/common/src/linked_list.c +++ b/common/common/src/linked_list.c @@ -42,7 +42,7 @@ static ResultCode InsertNode(LinkedList *list, void *data) return RESULT_SUCCESS; } -static ResultCode RemoveNode(LinkedList *list, void *condition, MATCH_FUNC matchFunc) +static ResultCode RemoveNode(LinkedList *list, void *condition, MATCH_FUNC matchFunc, bool destroyNode) { if (list == NULL) { LOG_ERROR("get null list"); @@ -71,6 +71,12 @@ static ResultCode RemoveNode(LinkedList *list, void *condition, MATCH_FUNC match } list->size--; node->next = NULL; + if (destroyNode) { + if (list->destroyDataFunc != NULL) { + list->destroyDataFunc(node->data); + } + Free(node); + } return RESULT_SUCCESS; } diff --git a/common/common/src/tlv_base.c b/common/common/src/tlv_base.c index 04df822fed7c0bbe64a36a3f7693b9bc26e082e3..c99851feb7f12d9bf4b22d97603377c6a3dafb68 100644 --- a/common/common/src/tlv_base.c +++ b/common/common/src/tlv_base.c @@ -48,6 +48,7 @@ TlvListNode *CreateTlvList(void) if (node == NULL) { return NULL; } + node->data.value = NULL; node->next = NULL; return node; } diff --git a/common/common/src/tlv_wrapper.c b/common/common/src/tlv_wrapper.c index 14dac0a6d9589266e01693089ba269831a2b4d80..ca07a90e29a0c9e2b8310dbaf6b0a359593bfa0b 100644 --- a/common/common/src/tlv_wrapper.c +++ b/common/common/src/tlv_wrapper.c @@ -58,8 +58,8 @@ static int32_t PutTlvObject(TlvListNode *head, int32_t type, uint32_t length, co int32_t ret = AddTlvNode(head, &object); if (ret != OPERA_SUCC) { if (object.value != NULL) { - Free(tlv->value); - tlv->value = NULL; + Free(object.value->value); + object.value->value = NULL; Free(object.value); object.value = NULL; } @@ -135,7 +135,7 @@ int32_t ParseTlvWrapper(const uint8_t *buffer, uint32_t bufferSize, TlvListNode return OPERA_FAIL; } int32_t ret = PutTlvObject(head, type, length, buffer + offset); - if (ret != 0) { + if (ret != OPERA_SUCC) { return ret; } offset += length; @@ -187,14 +187,13 @@ int32_t TlvAppendObject(TlvListNode *head, int32_t type, const uint8_t *buffer, return PutTlvObject(head, type, length, buffer); } -static uint8_t *GetTlvValue(TlvListNode *head, int32_t msgType, uint32_t *len) +static uint8_t *GetTlvValue(TlvListNode *node, int32_t msgType, uint32_t *len) { - if ((head == NULL) || (len == NULL)) { + if ((node == NULL) || (len == NULL)) { LOG_ERROR("GetTlvValue input invalid"); return NULL; } - TlvObject node = head->data; - TlvType *tlv = node.value; + TlvType *tlv = node->data.value; if (tlv == NULL) { LOG_ERROR("GetTlvValue tlv is NULL"); return NULL; diff --git a/common/database/src/idm_common.c b/common/database/src/idm_common.c index 46c4f5afbf7681640952b4774798fa99b8e89ad7..f5a699e102bfb96daf3d5fb1857dc72a88c7408a 100644 --- a/common/database/src/idm_common.c +++ b/common/database/src/idm_common.c @@ -66,8 +66,8 @@ UserInfo *InitUserInfoNode(void) userInfo->enrolledInfoList = CreateLinkedList(DestroyEnrolledNode); if (userInfo->enrolledInfoList == NULL) { LOG_ERROR("create enrolledInfoList failed"); - Free(userInfo); DestroyLinkedList(userInfo->enrolledInfoList); + Free(userInfo); return NULL; } return userInfo; diff --git a/common/database/src/idm_database.c b/common/database/src/idm_database.c index ab874024a7eb36ee1991c05b9b2bb55437adac24..143f7b985186d586ea6e08ec8de64ce551574328 100644 --- a/common/database/src/idm_database.c +++ b/common/database/src/idm_database.c @@ -21,7 +21,7 @@ #include "adaptor_log.h" #include "idm_file_manager.h" -#define MAX_DULPLICATE_CHECK 100 +#define MAX_DUPLICATE_CHECK 100 #define PRE_APPLY_NUM 5 #define MEM_GROWTH_FACTOR 2 #define MAX_CREDENTIAL_RETURN 5000 @@ -122,7 +122,7 @@ ResultCode GetEnrolledInfoAuthType(int32_t userId, uint32_t authType, EnrolledIn return RESULT_NOT_FOUND; } if (user->enrolledInfoList == NULL) { - LOG_ERROR("something bad"); + LOG_ERROR("enrolledInfoList is null"); return RESULT_UNKNOWN; } @@ -286,6 +286,7 @@ static ResultCode GetAllCredentialInfoFromUser(UserInfo *userInfo, CredentialInf EXIT: if (result != RESULT_SUCCESS) { + (void)memset_s(*credentialInfos, sizeof(CredentialInfoHal) * size, 0, sizeof(CredentialInfoHal) * size); Free(*credentialInfos); *credentialInfos = NULL; *num = 0; @@ -336,7 +337,7 @@ static ResultCode DeleteUser(int32_t userId) if (g_userInfoList == NULL) { return RESULT_BAD_PARAM; } - return g_userInfoList->remove(g_userInfoList, &userId, MatchUserInfo); + return g_userInfoList->remove(g_userInfoList, &userId, MatchUserInfo, true); } static bool IsCredentialIdDuplicate(LinkedList *credentialList, uint64_t credentialId) @@ -376,7 +377,7 @@ static ResultCode GenerateDeduplicateUint64(LinkedList *collection, uint64_t *de return RESULT_BAD_PARAM; } - for (uint32_t i = 0; i < MAX_DULPLICATE_CHECK; i++) { + for (uint32_t i = 0; i < MAX_DUPLICATE_CHECK; i++) { uint64_t tempRandom; if (SecureRandom((uint8_t *)&tempRandom, sizeof(uint64_t)) != RESULT_SUCCESS) { LOG_ERROR("get random failed"); @@ -388,7 +389,7 @@ static ResultCode GenerateDeduplicateUint64(LinkedList *collection, uint64_t *de } } - LOG_ERROR("a rare failure"); + LOG_ERROR("generate random fail"); return RESULT_GENERAL_ERROR; } @@ -398,7 +399,7 @@ static ResultCode UpdateEnrolledId(LinkedList *enrolledList, uint32_t authType) EnrolledInfoHal *enrolledInfo = NULL; while (temp != NULL) { EnrolledInfoHal *nodeData = (EnrolledInfoHal *)temp->data; - if (enrolledInfo != NULL && enrolledInfo->authType == authType) { + if (nodeData != NULL && nodeData->authType == authType) { enrolledInfo = nodeData; break; } @@ -519,7 +520,7 @@ ResultCode AddCredentialInfo(int32_t userId, CredentialInfoHal *credentialInfo) if (user == NULL && credentialInfo->authType == PIN_AUTH) { ResultCode ret = AddUser(userId, credentialInfo); if (ret != RESULT_SUCCESS) { - LOG_ERROR("add user failed"); + LOG_ERROR("add user failed"); } ret = UpdateFileInfo(g_userInfoList); if (ret != RESULT_SUCCESS) { @@ -600,7 +601,7 @@ ResultCode DeleteCredentialInfo(int32_t userId, uint64_t credentialId, Credentia LOG_ERROR("copy failed"); return RESULT_BAD_COPY; } - ResultCode ret = credentialList->remove(credentialList, &credentialId, MatchCredentialById); + ResultCode ret = credentialList->remove(credentialList, &credentialId, MatchCredentialById, true); if (ret != RESULT_SUCCESS) { LOG_ERROR("remove credential failed"); return ret; @@ -615,7 +616,7 @@ ResultCode DeleteCredentialInfo(int32_t userId, uint64_t credentialId, Credentia LOG_ERROR("enrolledInfoList is null"); return RESULT_UNKNOWN; } - ret = enrolledInfoList->remove(enrolledInfoList, &credentialInfo->authType, MatchEnrolledInfoByType); + ret = enrolledInfoList->remove(enrolledInfoList, &credentialInfo->authType, MatchEnrolledInfoByType, true); if (ret != RESULT_SUCCESS) { LOG_ERROR("remove enrolledInfo failed"); return ret; diff --git a/common/database/src/idm_file_manager.c b/common/database/src/idm_file_manager.c index 839fae83dccf723cd4631350de14fe0f2fd868fa..cbe9cec6035957448ba3169bbabdafcb4605b296 100644 --- a/common/database/src/idm_file_manager.c +++ b/common/database/src/idm_file_manager.c @@ -39,13 +39,20 @@ static uint8_t *GetStreamAddress(const Buffer *object) return object->buf + object->contentSize; } -static ResultCode CapacityExpansion(Buffer *object) +static ResultCode CapacityExpansion(Buffer *object, uint32_t targetCapacity) { if (!IsBufferValid(object) || object->maxSize > MAX_BUFFER_LEN / DEFAULT_EXPANSION_RATIO) { LOG_ERROR("Params are invalid"); return RESULT_BAD_PARAM; } - uint32_t targetSize = DEFAULT_EXPANSION_RATIO * object->maxSize; + uint32_t targetSize = object->maxSize; + while (targetSize < targetCapacity && targetSize <= MAX_BUFFER_LEN / DEFAULT_EXPANSION_RATIO) { + targetSize = targetSize * DEFAULT_EXPANSION_RATIO; + } + if (targetSize < targetCapacity) { + LOG_ERROR("Target capacity can not reach"); + return RESULT_BAD_PARAM; + } uint8_t *buf = Malloc(targetSize); if (buf == NULL) { LOG_ERROR("Malloc failed"); @@ -69,7 +76,7 @@ static ResultCode StreamWrite(Buffer *parcel, void *from, uint32_t size) return RESULT_BAD_PARAM; } if (GetRemainSpace(parcel) < size) { - ResultCode result = CapacityExpansion(parcel); + ResultCode result = CapacityExpansion(parcel, size); if (result != RESULT_SUCCESS) { LOG_ERROR("CapacityExpansion failed"); return result; @@ -248,6 +255,10 @@ static ResultCode StreamReadCredentialList(Buffer *parcel, uint32_t *index, Link LOG_ERROR("stream read failed"); return RESULT_BAD_READ; } + if (credentialNum > MAX_CREDENTIAL) { + LOG_ERROR("Bad credential num"); + return RESULT_BAD_READ; + } for (uint32_t i = 0; i < credentialNum; i++) { CredentialInfoHal *credentialInfo = Malloc(sizeof(CredentialInfoHal)); if (credentialInfo == NULL) { @@ -277,6 +288,10 @@ static ResultCode StreamReadEnrolledList(Buffer *parcel, uint32_t *index, Linked LOG_ERROR("stream read failed"); return RESULT_BAD_READ; } + if (enrolledNum > MAX_CREDENTIAL) { + LOG_ERROR("Bad enrolled num"); + return RESULT_BAD_READ; + } for (uint32_t i = 0; i < enrolledNum; i++) { EnrolledInfoHal *enrolledInfo = Malloc(sizeof(EnrolledInfoHal)); if (enrolledInfo == NULL) { @@ -361,6 +376,10 @@ static bool StreamReadFileInfo(Buffer *parcel, LinkedList *userInfoList) LOG_ERROR("read userNum failed"); return false; } + if (userNum > MAX_USER) { + LOG_ERROR("bad user num"); + return false; + } for (uint32_t i = 0; i < userNum; i++) { UserInfo *userInfo = InitUserInfoNode(); if (userInfo == NULL) { diff --git a/common/hal_sdk/coauth_interface.cpp b/common/hal_sdk/coauth_interface.cpp index 796f4ce9cfe326ed16d90d8c889bd56405cd6359..1b7ff38fc8db3836321928af4dd88c54dfb33cfc 100644 --- a/common/hal_sdk/coauth_interface.cpp +++ b/common/hal_sdk/coauth_interface.cpp @@ -34,7 +34,9 @@ static ExecutorInfo CopyExecutorInfoOut(const ExecutorInfoHal &executorInfoHal) executorInfo.authAbility = executorInfoHal.authAbility; executorInfo.esl = executorInfoHal.esl; executorInfo.executorType = executorInfoHal.executorType; - (void)memcpy_s(executorInfo.publicKey, PUBLIC_KEY_LEN, executorInfoHal.pubKey, PUBLIC_KEY_LEN); + if (memcpy_s(executorInfo.publicKey, PUBLIC_KEY_LEN, executorInfoHal.pubKey, PUBLIC_KEY_LEN) != EOK) { + LOG_ERROR("memcpy fail"); + } return executorInfo; } @@ -45,7 +47,9 @@ static ExecutorInfoHal CopyExecutorInfoIn(const ExecutorInfo &executorInfo) executorInfoHal.authAbility = executorInfo.authAbility; executorInfoHal.esl = executorInfo.esl; executorInfoHal.executorType = executorInfo.executorType; - (void)memcpy_s(executorInfoHal.pubKey, PUBLIC_KEY_LEN, executorInfo.publicKey, PUBLIC_KEY_LEN); + if (memcpy_s(executorInfoHal.pubKey, PUBLIC_KEY_LEN, executorInfo.publicKey, PUBLIC_KEY_LEN) != EOK) { + LOG_ERROR("memcpy fail"); + } return executorInfoHal; } @@ -118,7 +122,7 @@ int32_t GetScheduleToken(std::vector executorFinishMsg, ScheduleToken & GlobalUnLock(); return RESULT_NO_MEMORY; } - ScheduleTokenHal scheduleTokenHal; + ScheduleTokenHal scheduleTokenHal = {}; scheduleTokenHal.scheduleId = scheduleToken.scheduleId; int32_t ret = ScheduleFinish(executorMsg, &scheduleTokenHal); if (ret != RESULT_SUCCESS) { diff --git a/common/hal_sdk/userauth_interface.cpp b/common/hal_sdk/userauth_interface.cpp index 1145b19b65bd74516af793ecd7b05c3b4971ce5b..c2b5f208a28b9b5cf03e83a07bcaf2481cfa736b 100644 --- a/common/hal_sdk/userauth_interface.cpp +++ b/common/hal_sdk/userauth_interface.cpp @@ -82,6 +82,7 @@ int32_t RequestAuthResult(uint64_t contextId, std::vector &scheduleToke } if (memcpy_s(&authToken, sizeof(UserAuthToken), &authTokenHal, sizeof(UserAuthTokenHal)) != EOK) { LOG_ERROR("copy authToken failed"); + DestoryBuffer(scheduleTokenBuffer); GlobalUnLock(); return RESULT_BAD_COPY; } diff --git a/common/hal_sdk/useriam_common.cpp b/common/hal_sdk/useriam_common.cpp index f64231da87e69b60d725f6edb8439b19fcbaa4d1..a8d66483ebd1dceeaed7f3c04ed1a8b8a3d099db 100644 --- a/common/hal_sdk/useriam_common.cpp +++ b/common/hal_sdk/useriam_common.cpp @@ -44,8 +44,9 @@ int32_t Init() LOG_ERROR("init user auth failed"); goto FAIL; } - if (InitResorcePool() != RESULT_SUCCESS) { - LOG_ERROR("init resorce pool failed"); + + if (InitResourcePool() != RESULT_SUCCESS) { + LOG_ERROR("init resource pool failed"); goto FAIL; } if (InitUserInfoList() != RESULT_SUCCESS) { @@ -72,7 +73,7 @@ int32_t Close() DestoryUserAuthContextList(); DestoryCoAuth(); DestroyUserInfoList(); - DestroyResorcePool(); + DestroyResourcePool(); g_isInitUserIAM = false; GlobalUnLock(); return RESULT_SUCCESS; diff --git a/common/idm/src/idm_session.c b/common/idm/src/idm_session.c index 5bf1713f68b26c428cea88a205b37c552a36c446..5c0e7814e1bbf0aa4aea4551caf8000242be89e2 100644 --- a/common/idm/src/idm_session.c +++ b/common/idm/src/idm_session.c @@ -15,6 +15,7 @@ #include "idm_session.h" +#include "securec.h" #include "adaptor_algorithm.h" #include "adaptor_log.h" #include "adaptor_memory.h" @@ -74,6 +75,12 @@ ResultCode OpenEditSession(int32_t userId, uint64_t *challenge) LOG_ERROR("g_session malloc failed"); return RESULT_NO_MEMORY; } + if (memset_s(g_session, sizeof(struct SessionInfo), 0, sizeof(struct SessionInfo)) != EOK) { + LOG_ERROR("g_session set failed"); + Free(g_session); + g_session = NULL; + return RESULT_GENERAL_ERROR; + } g_session->userId = userId; g_session->challenge = GenerateChallenge(); if (g_session->challenge == INVALID_CHALLENGE) { @@ -172,7 +179,7 @@ ResultCode GetScheduleId(uint64_t *scheduleId) bool IsSessionTimeout(void) { if (!IsSessionExist()) { - return RESULT_NEED_INIT; + return true; } uint64_t currentTime = GetSystemTime(); if (currentTime < g_session->time || currentTime - g_session->time > SESSION_VALIDITY_PERIOD) { diff --git a/common/pool/inc/pool.h b/common/pool/inc/pool.h index c246391389b997fca6a6fd08660649b707b147ee..e92e7e7fabbb2c352a6d716df3bb15eb30483018 100644 --- a/common/pool/inc/pool.h +++ b/common/pool/inc/pool.h @@ -36,8 +36,8 @@ typedef struct ExecutorInfoHal { uint8_t pubKey[PUBLIC_KEY_LEN]; } ExecutorInfoHal; -ResultCode InitResorcePool(void); -void DestroyResorcePool(void); +ResultCode InitResourcePool(void); +void DestroyResourcePool(void); ResultCode RegisterExecutorToPool(ExecutorInfoHal *executorInfo); ResultCode UnregisterExecutorToPool(uint64_t executorId); ResultCode QueryExecutor(uint32_t authType, LinkedList **result); diff --git a/common/pool/src/pool.c b/common/pool/src/pool.c index ad1ffad672008bb205f1337cd3e065a31a0925aa..59763d609c4e1b3001fd87db81d033cc8f6e2af4 100644 --- a/common/pool/src/pool.c +++ b/common/pool/src/pool.c @@ -21,7 +21,7 @@ #include "adaptor_log.h" #include "adaptor_memory.h" -#define MAX_DULPLICATE_CHECK 100 +#define MAX_DUPLICATE_CHECK 100 // Resource pool list, which caches registered executor information. static LinkedList *g_poolList = NULL; @@ -29,16 +29,16 @@ static LinkedList *g_poolList = NULL; static void DestroyExecutorInfo(void *data) { if (data == NULL) { - LOG_ERROR("get null data"); + LOG_ERROR("data is null"); return; } Free(data); } -static bool IsExecutorIdMatch(void *data, void *condition) +static bool IsExecutorIdMatchById(void *data, void *condition) { if ((condition == NULL) || (data == NULL)) { - LOG_ERROR("get null data"); + LOG_ERROR("input para is null"); return false; } uint64_t executorId = *(uint64_t *)condition; @@ -46,12 +46,24 @@ static bool IsExecutorIdMatch(void *data, void *condition) return (executorInfo->executorId == executorId); } +static bool IsExecutorIdMatchByType(void *data, void *condition) +{ + if ((condition == NULL) || (data == NULL)) { + LOG_ERROR("get null data"); + return false; + } + ExecutorInfoHal *executorIndex = (ExecutorInfoHal *)condition; + ExecutorInfoHal *executorInfo = (ExecutorInfoHal *)data; + return (executorInfo->executorType == executorIndex->executorType && + executorInfo->authType == executorIndex->authType); +} + static bool IsInit() { return g_poolList != NULL; } -ResultCode InitResorcePool(void) +ResultCode InitResourcePool(void) { if (!IsInit()) { g_poolList = CreateLinkedList(DestroyExecutorInfo); @@ -62,7 +74,7 @@ ResultCode InitResorcePool(void) return RESULT_SUCCESS; } -void DestroyResorcePool(void) +void DestroyResourcePool(void) { DestroyLinkedList(g_poolList); g_poolList = NULL; @@ -99,7 +111,7 @@ static ResultCode GenerateValidExecutorId(uint64_t *executorId) return RESULT_BAD_PARAM; } - for (uint32_t i = 0; i < MAX_DULPLICATE_CHECK; i++) { + for (uint32_t i = 0; i < MAX_DUPLICATE_CHECK; i++) { uint64_t tempRandom; if (SecureRandom((uint8_t *)&tempRandom, sizeof(uint64_t)) != RESULT_SUCCESS) { LOG_ERROR("get random failed"); @@ -125,6 +137,9 @@ ResultCode RegisterExecutorToPool(ExecutorInfoHal *executorInfo) LOG_ERROR("get invalid executorInfo"); return RESULT_BAD_PARAM; } + if (g_poolList->remove(g_poolList, (void *)executorInfo, IsExecutorIdMatchByType, true) != RESULT_SUCCESS) { + LOG_INFO("current executor isn't registered"); + } ResultCode result = GenerateValidExecutorId(&executorInfo->executorId); if (result != RESULT_SUCCESS) { LOG_ERROR("get executorId fail"); @@ -150,7 +165,7 @@ ResultCode UnregisterExecutorToPool(uint64_t executorId) LOG_ERROR("pool not init"); return RESULT_NEED_INIT; } - return g_poolList->remove(g_poolList, (void *)&executorId, IsExecutorIdMatch); + return g_poolList->remove(g_poolList, (void *)&executorId, IsExecutorIdMatchById, true); } ExecutorInfoHal *CopyExecutorInfo(ExecutorInfoHal *src) diff --git a/common/user_auth/src/context_manager.c b/common/user_auth/src/context_manager.c index 5c735a3b16b8bdd0353e846383517ce7085bae38..44a7d0526bb690ffb7695e6845d1134affe17f33 100644 --- a/common/user_auth/src/context_manager.c +++ b/common/user_auth/src/context_manager.c @@ -70,6 +70,7 @@ UserAuthContext *GenerateContext(AuthSolutionHal params) ResultCode ret = SingleAuthTrustLevel(params.userId, params.authType, &authTypeAtl); if (ret != RESULT_SUCCESS || authTypeAtl < params.authTrustLevel) { LOG_ERROR("authTrustLevel is satisfied"); + return NULL; } UserAuthContext *context = Malloc(sizeof(UserAuthContext)); @@ -81,13 +82,13 @@ UserAuthContext *GenerateContext(AuthSolutionHal params) ret = CreateSchedules(context); if (ret != RESULT_SUCCESS) { LOG_ERROR("create schedule failed"); - DestoryContext(context); + DestroyContextNode(context); return NULL; } ret = g_contextList->insert(g_contextList, context); if (ret != RESULT_SUCCESS) { LOG_ERROR("create schedule failed"); - DestoryContext(context); + DestroyContextNode(context); return NULL; } return context; @@ -208,10 +209,12 @@ ResultCode GetScheduleIds(UserAuthContext *context, uint64_t **scheduleIds, uint } LinkedList *schedules = context->scheduleList; *scheduleNum = schedules->getSize(schedules); - *scheduleIds = Malloc(*scheduleNum * sizeof(uint64_t)); if (*scheduleNum == 0) { + LOG_INFO("scheduleNum is 0"); return RESULT_SUCCESS; } + + *scheduleIds = Malloc(*scheduleNum * sizeof(uint64_t)); if (*scheduleIds == NULL) { LOG_ERROR("scheduleIds malloc failed"); return RESULT_NO_MEMORY; @@ -221,19 +224,19 @@ ResultCode GetScheduleIds(UserAuthContext *context, uint64_t **scheduleIds, uint for (uint32_t index = 0; index < *scheduleNum; index++) { if (temp == NULL) { LOG_ERROR("something is wrong, please check"); - goto EXIT; + goto ERROR; } CoAuthSchedule *schedule = temp->data; if (schedule == NULL) { LOG_ERROR("data is null"); - goto EXIT; + goto ERROR; } (*scheduleIds)[index] = schedule->scheduleId; temp = temp->next; } return RESULT_SUCCESS; -EXIT: +ERROR: Free(scheduleIds); *scheduleIds = NULL; return RESULT_GENERAL_ERROR; @@ -258,7 +261,7 @@ ResultCode ScheduleOnceFinish(UserAuthContext *context, uint64_t scheduleId) LOG_ERROR("param is null"); return RESULT_BAD_PARAM; } - return context->scheduleList->remove(context->scheduleList, &scheduleId, MatchSchedule); + return context->scheduleList->remove(context->scheduleList, &scheduleId, MatchSchedule, true); } static bool MatchContextSelf(void *data, void *condition) @@ -272,8 +275,11 @@ void DestoryContext(UserAuthContext *context) LOG_ERROR("context is null"); return; } - - g_contextList->remove(g_contextList, context, MatchContextSelf); + if (g_contextList == NULL) { + LOG_ERROR("context list is null"); + return; + } + g_contextList->remove(g_contextList, context, MatchContextSelf, true); } static void DestroyContextNode(void *data) diff --git a/common/user_auth/src/user_auth_funcs.c b/common/user_auth/src/user_auth_funcs.c index 8b5e927438a5650d151292dd86faf561e51b0b0b..59fee2456e5119fb47d1ee82021db0050bc72394 100644 --- a/common/user_auth/src/user_auth_funcs.c +++ b/common/user_auth/src/user_auth_funcs.c @@ -107,6 +107,7 @@ int32_t RequestAuthResultFunc(uint64_t contextId, const Buffer *scheduleToken, U Free(*scheduleIdArray); *scheduleIdArray = NULL; *scheduleNum = 0; + (void)memset_s(authToken, sizeof(UserAuthTokenHal), 0, sizeof(UserAuthTokenHal)); } } else { authToken->authResult = scheduleTokenStruct.scheduleResult; @@ -124,9 +125,7 @@ int32_t CancelContextFunc(uint64_t contextId, uint64_t **scheduleIdArray, uint32 } int32_t ret = GetScheduleIds(authContext, scheduleIdArray, scheduleNum); if (ret != RESULT_SUCCESS) { - DestoryContext(authContext); - LOG_ERROR("get schedule faield"); - return ret; + LOG_ERROR("get schedule failed"); } DestoryContext(authContext); return ret; diff --git a/frameworks/kitsimpl/src/coauth_callback_proxy.cpp b/frameworks/kitsimpl/src/coauth_callback_proxy.cpp index 781795a8f6dcef3bf4295a90bdae69b41d221a05..b8ed085b50ced63ee6b2964149a93cca20fd9238 100644 --- a/frameworks/kitsimpl/src/coauth_callback_proxy.cpp +++ b/frameworks/kitsimpl/src/coauth_callback_proxy.cpp @@ -26,6 +26,10 @@ void CoAuthCallbackProxy::OnFinish(uint32_t resultCode, std::vector &sc MessageParcel data; MessageParcel reply; + if (!data.WriteInterfaceToken(CoAuthCallbackProxy::GetDescriptor())) { + COAUTH_HILOGE(MODULE_INNERKIT, "write descriptor failed!"); + return; + } if (!data.WriteUint32(resultCode)) { COAUTH_HILOGE(MODULE_INNERKIT, "failed to WriteUint32(resultCode)."); } @@ -43,6 +47,10 @@ void CoAuthCallbackProxy::OnFinish(uint32_t resultCode, std::vector &sc void CoAuthCallbackProxy::OnAcquireInfo(uint32_t acquire) { MessageParcel data; + if (!data.WriteInterfaceToken(CoAuthCallbackProxy::GetDescriptor())) { + COAUTH_HILOGE(MODULE_INNERKIT, "write descriptor failed!"); + return; + } if (!data.WriteUint32(acquire)) { COAUTH_HILOGE(MODULE_INNERKIT, "failed to WriteUint32(acquire)."); } diff --git a/frameworks/kitsimpl/src/coauth_callback_stub.cpp b/frameworks/kitsimpl/src/coauth_callback_stub.cpp index 787c1aff518a5796aa2124a8dc3d8eab22171bc8..ca66ac22a7f74a9c4b73d09468397f344933aa70 100644 --- a/frameworks/kitsimpl/src/coauth_callback_stub.cpp +++ b/frameworks/kitsimpl/src/coauth_callback_stub.cpp @@ -28,6 +28,12 @@ CoAuthCallbackStub::CoAuthCallbackStub(const std::shared_ptr& im int32_t CoAuthCallbackStub::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) { + std::u16string descripter = CoAuthCallbackStub::GetDescriptor(); + std::u16string remoteDescripter = data.ReadInterfaceToken(); + if (descripter != remoteDescripter) { + COAUTH_HILOGD(MODULE_INNERKIT, "CoAuthStub::OnRemoteRequest failed, descriptor is not matched!"); + return FAIL; + } switch (code) { case static_cast(ICoAuthCallback::ONFINISH): return OnFinishStub(data, reply); diff --git a/frameworks/kitsimpl/src/executor_callback_stub.cpp b/frameworks/kitsimpl/src/executor_callback_stub.cpp index cc7958b65cda35d42be47f74433c2695b0d743bf..fff0882e2c8fe861fd0cb9a5a0eed95ec6219e72 100644 --- a/frameworks/kitsimpl/src/executor_callback_stub.cpp +++ b/frameworks/kitsimpl/src/executor_callback_stub.cpp @@ -104,7 +104,7 @@ int32_t ExecutorCallbackStub::OnGetPropertyStub(MessageParcel& data, MessageParc std::shared_ptr conditions = std::make_shared(); data.ReadUInt8Vector(&buffer); conditions->Unpack(buffer); - + std::shared_ptr values = std::make_shared(); int32_t ret = OnGetProperty(conditions, values); if (!reply.WriteInt32(ret)) { diff --git a/frameworks/kitsimpl/src/set_prop_callback_proxy.cpp b/frameworks/kitsimpl/src/set_prop_callback_proxy.cpp index e76d33a7a1bdbb6f7b56a0a8656189d4a19d0e79..5b34024a0b2589b37c9a4a7c81cd1c54e193d9f6 100644 --- a/frameworks/kitsimpl/src/set_prop_callback_proxy.cpp +++ b/frameworks/kitsimpl/src/set_prop_callback_proxy.cpp @@ -30,7 +30,7 @@ void SetPropCallbackProxy::OnResult(uint32_t result, std::vector &extra } if (!data.WriteUInt8Vector(extraInfo)) { - COAUTH_HILOGE(MODULE_INNERKIT, "fail to wirte WriteUInt8Vector extraInfo"); + COAUTH_HILOGE(MODULE_INNERKIT, "fail to write WriteUInt8Vector extraInfo"); } bool ret = SendRequest(static_cast(ISetPropCallback::ONRESULT), data, reply); diff --git a/interfaces/innerkits/include/auth_attributes.h b/interfaces/innerkits/include/auth_attributes.h index bf2d4cb28c57da67cfe952216110f98e6c49eef9..98b0e9ad786d85d5f1556de6936a5e8bee7da806 100644 --- a/interfaces/innerkits/include/auth_attributes.h +++ b/interfaces/innerkits/include/auth_attributes.h @@ -85,6 +85,13 @@ private: std::vector &buffer); void Write64Array(std::vector &uint64ArraylValue, uint8_t *writePointer, std::vector &buffer); + bool CheckLengthPass(ValueType type, uint32_t currIndex, uint32_t dataLength, uint32_t bufferLength); + void UnpackUint32ArrayType(std::vector &buffer, AuthAttributeType tag, uint32_t &authDataLength, + uint32_t &dataLength); + void UnpackUint64ArrayType(std::vector &buffer, AuthAttributeType tag, uint32_t &authDataLength, + uint32_t &dataLength); + void UnpackUint8ArrayType(std::vector &buffer, AuthAttributeType tag, uint32_t &authDataLength, + uint32_t &dataLength); }; } // namespace AuthResPool } // namespace UserIAM diff --git a/interfaces/innerkits/include/coauth_info_define.h b/interfaces/innerkits/include/coauth_info_define.h index 2370238353130c0cbae7eb12a92adaa28ea8c28c..5fe87ad83764720cf6353bf4f9d9a56fd26c5f2f 100644 --- a/interfaces/innerkits/include/coauth_info_define.h +++ b/interfaces/innerkits/include/coauth_info_define.h @@ -161,7 +161,6 @@ enum ResultCode { }; const uint64_t INVALID_EXECUTOR_ID = 0; -const std::string REGISTER_NOTIFICATION = "EXECUTOR_REGISTER_NOTIFICATION"; } // namespace UserIAM } // namespace OHOS #endif // COAUTH_INFO_DEFINE_H diff --git a/interfaces/innerkits/include/executor_messenger.h b/interfaces/innerkits/include/executor_messenger.h index 4dcb77dfdf0d9a6e99998e21255fdaf04c739343..6422856289b6139cdaece2ee56d23bcac05112b6 100644 --- a/interfaces/innerkits/include/executor_messenger.h +++ b/interfaces/innerkits/include/executor_messenger.h @@ -33,6 +33,8 @@ public: std::shared_ptr finalResult) override; private: void DeleteScheduleInfoById(uint64_t scheduleId); + int32_t DoSignToken(uint64_t scheduleId, std::vector& scheduleToken, + std::shared_ptr finalResult, sptr callback); UserIAM::CoAuth::AuthResPool* ScheResPool_; }; } // namespace AuthResPool diff --git a/interfaces/innerkits/src/auth_attributes.cpp b/interfaces/innerkits/src/auth_attributes.cpp index f5be45dfe04ed34de439cb45f0791fc9cae05d8f..ede3c3ae68150f3af142677bd1f9707a81386c63 100644 --- a/interfaces/innerkits/src/auth_attributes.cpp +++ b/interfaces/innerkits/src/auth_attributes.cpp @@ -203,6 +203,66 @@ void AuthAttributes::UnpackTag(AuthAttributeType &tag, std::vector &buf authDataLength += sizeof(uint32_t); } +bool AuthAttributes::CheckLengthPass(ValueType type, uint32_t currIndex, uint32_t dataLength, uint32_t bufferLength) +{ + if (currIndex + dataLength > bufferLength) { + COAUTH_HILOGE(MODULE_INNERKIT, "buffer read exceed buffer size"); + return false; + } + + switch (type) { + case BOOLTYPE: + if (dataLength != sizeof(bool)) { + COAUTH_HILOGE(MODULE_INNERKIT, "data length mismatch(bool)"); + return false; + } + break; + case UINT32TYPE: + if (dataLength != sizeof(uint32_t)) { + COAUTH_HILOGE(MODULE_INNERKIT, "data length mismatch(uint32_t)"); + return false; + } + break; + case UINT64TYPE: + if (dataLength != sizeof(uint64_t)) { + COAUTH_HILOGE(MODULE_INNERKIT, "data length mismatch(uint64_t)"); + return false; + } + break; + default: + break; + } + return true; +} + +void AuthAttributes::UnpackUint32ArrayType(std::vector &buffer, AuthAttributeType tag, + uint32_t &authDataLength, uint32_t &dataLength) +{ + std::vector uint32ArraylValue = GetUint32ArrayFromUint8(buffer, authDataLength, dataLength); + SetUint32ArrayValue(tag, uint32ArraylValue); + authDataLength += dataLength; +} + +void AuthAttributes::UnpackUint64ArrayType(std::vector &buffer, AuthAttributeType tag, + uint32_t &authDataLength, uint32_t &dataLength) +{ + std::vector uint64ArraylValue = GetUint64ArrayFromUint8(buffer, authDataLength, dataLength); + SetUint64ArrayValue(tag, uint64ArraylValue); + authDataLength += dataLength; +} + +void AuthAttributes::UnpackUint8ArrayType(std::vector &buffer, AuthAttributeType tag, uint32_t &authDataLength, + uint32_t &dataLength) +{ + if (dataLength == 0) { + return; + } + std::vector uint8ArrayValue(buffer.begin() + authDataLength, + buffer.begin() + authDataLength + dataLength); + SetUint8ArrayValue(tag, uint8ArrayValue); + authDataLength += dataLength; +} + AuthAttributes* AuthAttributes::Unpack(std::vector &buffer) { if (buffer.size() == 0) { @@ -211,14 +271,16 @@ AuthAttributes* AuthAttributes::Unpack(std::vector &buffer) uint32_t dataLength; uint32_t authDataLength = 0; AuthAttributeType tag; - std::vector uint32ArraylValue; - std::vector uint64ArraylValue; - std::vector uint8ArrayValue; + // skip unused tag UnpackTag(tag, buffer, authDataLength, dataLength); UnpackTag(tag, buffer, authDataLength, dataLength); while (authDataLength < buffer.size()) { UnpackTag(tag, buffer, authDataLength, dataLength); std::map::iterator iter = authAttributesPosition_.find(tag); + if (!CheckLengthPass(iter->second, authDataLength, dataLength, buffer.size())) { + return nullptr; + } + COAUTH_HILOGE(MODULE_INNERKIT, "buffer read %{public}d", tag); switch (iter->second) { case BOOLTYPE: SetBoolValue(tag, GetBoolFromUint8(buffer, authDataLength)); @@ -233,22 +295,13 @@ AuthAttributes* AuthAttributes::Unpack(std::vector &buffer) authDataLength += sizeof(uint64_t); break; case UINT32ARRAYTYPE: - uint32ArraylValue = GetUint32ArrayFromUint8(buffer, authDataLength, dataLength); - SetUint32ArrayValue(tag, uint32ArraylValue); - authDataLength += dataLength; + UnpackUint32ArrayType(buffer, tag, authDataLength, dataLength); break; case UINT64ARRAYTYPE: - uint64ArraylValue = GetUint64ArrayFromUint8(buffer, authDataLength, dataLength); - SetUint64ArrayValue(tag, uint64ArraylValue); - authDataLength += dataLength; + UnpackUint64ArrayType(buffer, tag, authDataLength, dataLength); break; case UINT8ARRAYTYPE: - if (dataLength != 0) { - uint8ArrayValue.insert(uint8ArrayValue.begin(), buffer.begin() + authDataLength, - buffer.begin() + authDataLength + dataLength); - SetUint8ArrayValue(tag, uint8ArrayValue); - authDataLength += dataLength; - } + UnpackUint8ArrayType(buffer, tag, authDataLength, dataLength); break; default: break; @@ -314,7 +367,7 @@ int32_t AuthAttributes::Pack(std::vector &buffer) uint32_t authDataLength = 0; buffer.clear(); sort(existAttributes_.begin(), existAttributes_.end()); - for (int32_t i = 0; i != existAttributes_.size(); i++) { + for (uint32_t i = 0; i != existAttributes_.size(); i++) { if (existAttributes_[i] == AUTH_ROOT || existAttributes_[i] == AUTH_DATA || existAttributes_[i] == AUTH_SIGNATURE) { diff --git a/services/BUILD.gn b/services/BUILD.gn index 7851d012f7e708011992e785dcef9c16a2e31808..8f30552cca1c94cdf7692ad6a30be99c8fd34cfe 100755 --- a/services/BUILD.gn +++ b/services/BUILD.gn @@ -55,12 +55,12 @@ ohos_shared_library("coauthservice") { ] external_deps = [ - "ability_base:want", "ces_standard:cesfwk_innerkits", "hiviewdfx_hilog_native:libhilog", "ipc:ipc_core", "safwk:system_ability_fwk", "samgr_standard:samgr_proxy", + "startup_l2:syspara", ] part_name = "${coauth_native_part_name}" diff --git a/services/include/coauth_service.h b/services/include/coauth_service.h index dcaed1f8190d6853f49dcebd97ee2b03a7d4138f..a7de8249bb2a227814c5278b4d592ec8dac9894b 100755 --- a/services/include/coauth_service.h +++ b/services/include/coauth_service.h @@ -49,8 +49,6 @@ public: virtual void SetExecutorProp(ResAuthAttributes &conditions, const sptr &callback) override; private: - void SendRegisterBroadcast(); - CoAuthRunningState state_ = CoAuthRunningState::STATE_STOPPED; AuthResManager authResMgr_; CoAuthManager coAuthMgr_; diff --git a/services/src/auth_res_manager.cpp b/services/src/auth_res_manager.cpp index 5b62687d292aadbb44c1c8a80bee39c4c07ad76f..a23fe1d5ee4dc3c10fdf991c754a3b683879b341 100644 --- a/services/src/auth_res_manager.cpp +++ b/services/src/auth_res_manager.cpp @@ -43,7 +43,7 @@ uint64_t AuthResManager::Register(std::shared_ptr executorInfo, info.esl = esl; info.executorType = exeType; if (publicKey.size() > PUBLIC_KEY_LEN) { - COAUTH_HILOGE(MODULE_SERVICE, "publicKey is wrong!"); + COAUTH_HILOGE(MODULE_SERVICE, "publicKey length too long"); return executorId; } else { for (std::size_t i = 0; i < publicKey.size(); i++) { @@ -58,12 +58,12 @@ uint64_t AuthResManager::Register(std::shared_ptr executorInfo, return INVALID_EXECUTOR_ID; } coAuthResPool_.Insert(executorId, executorInfo, callback); // Cache executorId - COAUTH_HILOGI(MODULE_SERVICE, "register is sucessfull!"); + COAUTH_HILOGI(MODULE_SERVICE, "register is successfull!"); // Assign messenger sptr messenger = new UserIAM::AuthResPool::ExecutorMessenger(&coAuthResPool_); callback->OnMessengerReady(messenger); - COAUTH_HILOGD(MODULE_SERVICE, "register is sucessfull,exeID is XXXX%{public}04" PRIx64, executorId); + COAUTH_HILOGD(MODULE_SERVICE, "register is successfull,exeID is XXXX%{public}04" PRIx64, executorId); return executorId; // executorId returned after successful registration } if (result == FAIL) { @@ -85,15 +85,15 @@ void AuthResManager::QueryStatus(ResAuthExecutor &executorInfo, sptrOnResult(isExist ? SUCCESS : FAIL); } @@ -145,6 +145,11 @@ void AuthResManager::ResIExecutorCallbackDeathRecipient::OnRemoteDied(const wptr if (parent_ != nullptr) { parent_->DeleteExecutorCallback(executorID_); } + + int32_t ret = ExecutorUnRegister(executorID_); + if (ret != SUCCESS) { + COAUTH_HILOGE(MODULE_INNERKIT, "executor unregister fail."); + } COAUTH_HILOGE(MODULE_INNERKIT, "ResIExecutorCallbackDeathRecipient::Recv death notice."); } } // namespace CoAuth diff --git a/services/src/auth_res_pool.cpp b/services/src/auth_res_pool.cpp index 4e80509a754890c887795cc69d50b7a658aa468a..f002978e78505e55ecb70e9b20fbc364cfbd79f4 100644 --- a/services/src/auth_res_pool.cpp +++ b/services/src/auth_res_pool.cpp @@ -72,15 +72,15 @@ int32_t AuthResPool::FindExecutorCallback(uint64_t executorID, sptr &callback) +int32_t AuthResPool::FindExecutorCallback(uint32_t authType2Find, sptr &callback) { int32_t resultCode = SUCCESS; - AuthType getAuthType; + AuthType authType; std::lock_guard lock(authMutex_); std::map>::iterator iter; for (iter = authResPool_.begin(); iter != authResPool_.end(); ++iter) { - iter->second->executorInfo->GetAuthType(getAuthType); - if (getAuthType == (int32_t)authType) { + iter->second->executorInfo->GetAuthType(authType); + if ((AuthType)authType2Find == authType) { callback = iter->second->callback; COAUTH_HILOGI(MODULE_SERVICE, "Executor callback is found"); return resultCode; diff --git a/services/src/coauth_manager.cpp b/services/src/coauth_manager.cpp index b955abfc8a7fd9f586de014f18f1e1b23afccd8f..e7e9a090bc142d81bd49e39bae626a35a7ce1357 100644 --- a/services/src/coauth_manager.cpp +++ b/services/src/coauth_manager.cpp @@ -37,7 +37,7 @@ void CoAuthManager::CoAuthHandle(uint64_t scheduleId, AuthInfo &authInfo, sptr scheduleToken; int32_t ret = GetScheduleInfo(scheduleId, scheduleInfo); if (ret != SUCCESS) { - COAUTH_HILOGI(MODULE_SERVICE, "Schedule faild."); + COAUTH_HILOGI(MODULE_SERVICE, "Schedule failed."); return callback->OnFinish(ret, scheduleToken); } std::size_t executorNum = scheduleInfo.executors.size(); @@ -109,12 +109,12 @@ int32_t CoAuthManager::Cancel(uint64_t scheduleId) int32_t executeRet = SUCCESS; ScheduleInfo scheduleInfo; sptr callback = nullptr; - int32_t cancelRet = DeleteScheduleInfo(scheduleId, scheduleInfo); // call TA - if (cancelRet != SUCCESS) { + int32_t getRet = GetScheduleInfo(scheduleId, scheduleInfo); // call TA + if (getRet != SUCCESS) { COAUTH_HILOGE(MODULE_SERVICE, "cancel is failure"); return FAIL; } - COAUTH_HILOGI(MODULE_SERVICE, "cancel is sucessfull"); + COAUTH_HILOGI(MODULE_SERVICE, "cancel is successfull"); std::size_t executorNum = scheduleInfo.executors.size(); if (executorNum == 0) { COAUTH_HILOGE(MODULE_SERVICE, "executorId does not exist."); @@ -137,6 +137,11 @@ int32_t CoAuthManager::Cancel(uint64_t scheduleId) } if (executeRet != SUCCESS) { COAUTH_HILOGW(MODULE_SERVICE, "There are one or more failures when canceling."); + return executeRet; + } + int32_t deleteRet = DeleteScheduleInfo(scheduleId, scheduleInfo); // call TA + if (deleteRet != SUCCESS) { + COAUTH_HILOGW(MODULE_SERVICE, "Delete schedule info failed. ret = %{public}d", deleteRet); } return executeRet; } @@ -173,7 +178,7 @@ void CoAuthManager::SetExecutorProp(ResAuthAttributes &conditions, sptrOnResult(result, extraInfo); } diff --git a/services/src/coauth_service.cpp b/services/src/coauth_service.cpp index 7ba19fa68ec8866d5a0b1dfdf26b40cf57b97a44..162a5f7d40e010908f13d2bdf637078d2c462d31 100755 --- a/services/src/coauth_service.cpp +++ b/services/src/coauth_service.cpp @@ -12,7 +12,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - #include #include #include @@ -23,33 +22,16 @@ #include #include #include "useriam_common.h" -#include "common_event_manager.h" +#include "parameter.h" #include "coauth_service.h" namespace OHOS { namespace UserIAM { namespace CoAuth { -void CheckSystemAbility() +void SendBootEvent() { - sptr sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); - if (sam == nullptr) { - COAUTH_HILOGE(MODULE_INNERKIT, "Failed to get system ability manager"); - return; - } - for (int i = 0; i < CHECK_TIMES; i++) { - bool isExist = false; - sam->CheckSystemAbility(SUBSYS_USERIAM_SYS_ABILITY_PINAUTH, isExist); - if (!isExist) { - COAUTH_HILOGI(MODULE_INNERKIT, "PIN_AUTH_SERVICE is not exist, start pin auth ability failed, to do next"); - } else { - COAUTH_HILOGI(MODULE_INNERKIT, "PIN_AUTH_SERVICE is exist, start pin auth ability success"); - return; - } - if (i < CHECK_TIMES - 1) { - sleep(SLEEP_TIME); - } - } - COAUTH_HILOGI(MODULE_INNERKIT, "start pin auth ability all failed"); + COAUTH_HILOGI(MODULE_INNERKIT, "SendBootEvent start"); + SetParameter("bootevent.useriam.fwkready", "true"); } REGISTER_SYSTEM_ABILITY_BY_ID(CoAuthService, SUBSYS_USERIAM_SYS_ABILITY_AUTHEXECUTORMGR, true); @@ -84,12 +66,8 @@ void CoAuthService::OnStart() } else { COAUTH_HILOGI(MODULE_SERVICE, " IAM CA is inited"); } - - // Send registration broadcast - SendRegisterBroadcast(); - // Start other sevice - std::thread checkThread(OHOS::UserIAM::CoAuth::CheckSystemAbility); + std::thread checkThread(OHOS::UserIAM::CoAuth::SendBootEvent); checkThread.join(); } @@ -176,16 +154,6 @@ int32_t CoAuthService::GetExecutorProp(ResAuthAttributes &conditions, std::share } return coAuthMgr_.GetExecutorProp(conditions, values); } - -void CoAuthService::SendRegisterBroadcast() -{ - EventFwk::Want want; - want.SetAction(REGISTER_NOTIFICATION); - EventFwk::CommonEventData data; - data.SetWant(want); - bool ret = EventFwk::CommonEventManager::PublishCommonEvent(data); - COAUTH_HILOGI(MODULE_SERVICE, "send broadcast result = %{public}d", ret); -} } // namespace CoAu } // namespace UserIAM } // namespace OHOS diff --git a/services/src/executor_messenger.cpp b/services/src/executor_messenger.cpp index 34a272ea6e34c1d162f119e3c10eecea1dd0c5c0..1362aeb1f2f895a52a4599bab0d17a40eaad388f 100644 --- a/services/src/executor_messenger.cpp +++ b/services/src/executor_messenger.cpp @@ -58,6 +58,38 @@ int32_t ExecutorMessenger::SendData(uint64_t scheduleId, uint64_t transNum, int3 return SUCCESS; } +int32_t ExecutorMessenger::DoSignToken(uint64_t scheduleId, std::vector& scheduleToken, + std::shared_ptr finalResult, sptr callback) +{ + if (ScheResPool_ == nullptr || callback == nullptr) { + DeleteScheduleInfoById(scheduleId); + COAUTH_HILOGE(MODULE_SERVICE, "ScheResPool_ or callback is nullptr"); + return FAIL; + } + COAUTH_HILOGD(MODULE_SERVICE, "ExecutorMessenger::DoSignToken"); + UserIAM::CoAuth::ScheduleToken signScheduleToken; + std::vector executorFinishMsg; + signScheduleToken.scheduleId = scheduleId; + finalResult->GetUint8ArrayValue(AUTH_RESULT, executorFinishMsg); + int32_t signRet = UserIAM::CoAuth::GetScheduleToken(executorFinishMsg, signScheduleToken); + if (signRet != SUCCESS) { + COAUTH_HILOGE(MODULE_SERVICE, "sign token failed, ret is %{public}d", signRet); + callback->OnFinish(signRet, scheduleToken); + ScheResPool_->DeleteScheduleCallback(scheduleId); + return signRet; + } + scheduleToken.resize(sizeof(UserIAM::CoAuth::ScheduleToken)); + if (memcpy_s(&scheduleToken[0], scheduleToken.size(), &signScheduleToken, + sizeof(UserIAM::CoAuth::ScheduleToken)) != EOK) { + callback->OnFinish(FAIL, scheduleToken); + ScheResPool_->DeleteScheduleCallback(scheduleId); + COAUTH_HILOGE(MODULE_SERVICE, "copy scheduleToken failed"); + return FAIL; + } + + return SUCCESS; +} + int32_t ExecutorMessenger::Finish(uint64_t scheduleId, int32_t srcType, int32_t resultCode, std::shared_ptr finalResult) { @@ -89,23 +121,12 @@ int32_t ExecutorMessenger::Finish(uint64_t scheduleId, int32_t srcType, int32_t COAUTH_HILOGE(MODULE_SERVICE, "finalResult is nullptr"); return FAIL; } - UserIAM::CoAuth::ScheduleToken signScheduleToken; - std::vector executorFinishMsg; - signScheduleToken.scheduleId = scheduleId; - finalResult->GetUint8ArrayValue(AUTH_RESULT, executorFinishMsg); - int32_t signRet = UserIAM::CoAuth::GetScheduleToken(executorFinishMsg, signScheduleToken); - if (signRet != SUCCESS) { - callback->OnFinish(signRet, scheduleToken); - ScheResPool_->DeleteScheduleCallback(scheduleId); - return signRet; - } - scheduleToken.resize(sizeof(UserIAM::CoAuth::ScheduleToken)); - if (memcpy_s(&scheduleToken[0], scheduleToken.size(), &signScheduleToken, - sizeof(UserIAM::CoAuth::ScheduleToken)) != EOK) { - callback->OnFinish(FAIL, scheduleToken); - ScheResPool_->DeleteScheduleCallback(scheduleId); - COAUTH_HILOGE(MODULE_SERVICE, "copy scheduleToken failed"); - return FAIL; + + if (resultCode == SUCCESS) { + int32_t signRet = DoSignToken(scheduleId, scheduleToken, finalResult, callback); + if (signRet != SUCCESS) { + return signRet; + } } callback->OnFinish(resultCode, scheduleToken); COAUTH_HILOGD(MODULE_SERVICE, "feedback finish info"); diff --git a/utils/native/include/coauth_hilog_wrapper.h b/utils/native/include/coauth_hilog_wrapper.h old mode 100755 new mode 100644 index 09a230523be6e732801d3acb3fa84c87139bbfea..1d938a3a20cbba4cd6acec444ca3b4f1caeb18ac --- a/utils/native/include/coauth_hilog_wrapper.h +++ b/utils/native/include/coauth_hilog_wrapper.h @@ -22,7 +22,7 @@ namespace OHOS { namespace UserIAM { #define FILENAME (__builtin_strrchr(__FILE__, '/') ? __builtin_strrchr(__FILE__, '/') + 1 : __FILE__) -#define FORMATED(fmt, ...) "[%{public}s] %{public}s# " fmt, FILENAME, __FUNCTION__, ##__VA_ARGS__ +#define FORMATTED(fmt, ...) "[%{public}s] %{public}s# " fmt, FILENAME, __FUNCTION__, ##__VA_ARGS__ #ifdef COAUTH_HILOGF #undef COAUTH_HILOGF @@ -73,11 +73,11 @@ static constexpr OHOS::HiviewDFX::HiLogLabel COAUTH_LABEL[COAUTH_MODULE_BUTT] = // In order to improve performance, do not check the module range. // Besides, make sure module is less than COAUTH_MODULE_BUTT. -#define COAUTH_HILOGF(module, ...) (void)OHOS::HiviewDFX::HiLog::Fatal(COAUTH_LABEL[module], FORMATED(__VA_ARGS__)) -#define COAUTH_HILOGE(module, ...) (void)OHOS::HiviewDFX::HiLog::Error(COAUTH_LABEL[module], FORMATED(__VA_ARGS__)) -#define COAUTH_HILOGW(module, ...) (void)OHOS::HiviewDFX::HiLog::Warn(COAUTH_LABEL[module], FORMATED(__VA_ARGS__)) -#define COAUTH_HILOGI(module, ...) (void)OHOS::HiviewDFX::HiLog::Info(COAUTH_LABEL[module], FORMATED(__VA_ARGS__)) -#define COAUTH_HILOGD(module, ...) (void)OHOS::HiviewDFX::HiLog::Debug(COAUTH_LABEL[module], FORMATED(__VA_ARGS__)) +#define COAUTH_HILOGF(module, ...) (void)OHOS::HiviewDFX::HiLog::Fatal(COAUTH_LABEL[module], FORMATTED(__VA_ARGS__)) +#define COAUTH_HILOGE(module, ...) (void)OHOS::HiviewDFX::HiLog::Error(COAUTH_LABEL[module], FORMATTED(__VA_ARGS__)) +#define COAUTH_HILOGW(module, ...) (void)OHOS::HiviewDFX::HiLog::Warn(COAUTH_LABEL[module], FORMATTED(__VA_ARGS__)) +#define COAUTH_HILOGI(module, ...) (void)OHOS::HiviewDFX::HiLog::Info(COAUTH_LABEL[module], FORMATTED(__VA_ARGS__)) +#define COAUTH_HILOGD(module, ...) (void)OHOS::HiviewDFX::HiLog::Debug(COAUTH_LABEL[module], FORMATTED(__VA_ARGS__)) } // namespace UserIAM } // namespace OHOS