Re: [agl-dev-community] Cynara DB

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Janaki,

While I was doing some experiments in order to better understand how the framework works I have found the following:
By default there is no authentication enabled in agl-service-helloworld, see: https://gerrit.automotivelinux.org/gerrit/gitweb?p=apps%2Fagl-service-helloworld.git;hb=refs%2Fchanges%2F97%2F22597%2F1;f=helloworld-subscribe-event%2Fhelloworld-event-service-binding.c lines 93-103

On the other hand it also depends on how you configure the client and I noticed the following (check: iotbzh/helloworld-native-application

iotbzh/helloworld-native-application

helloworld-native-application. Contribute to iotbzh/helloworld-native-application development by creating an acc...

):

1. If you declare a dependency to a service, but the service is not present then the framework will not be able to start the client. If you don't declare the dependency and the service does not exist then you will see and error at runtime when you make the request.
This is how you required a service in client config:
<feature name="urn:AGL:widget:required-api">
    <param name="helloworld" value="ws" />
</feature>

2. If the service exists and requires authentication for e.g urn:AGL:permission:monitor:public:set and urn:AGL:permission:monitor:public:get, but the client does not require it then at runtime you will get a response with "insufficient rights"
This is how you require a permission in client:
<feature name="urn:AGL:widget:required-permission">
    <param name="urn:AGL:permission:monitor:public:get" value="required" />
</feature>

In this example by client I am referring to helloworld-native-application and by service to agl-service-helloworld.
I did not make any manual changes to cynara so I cannot give you to many information on that but I hope that my findings will help you.

Regards,
Bogdan Ilies
On Thursday, January 16, 2020, 11:17:53 PM GMT+1, Janaki <janaki.kuruganti@xxxxxxxxx> wrote:


Hi,

Can some please make me understand the issue I am seeing -

1. Using Halibut 8.0.3 on QEMU. I have installed and running helloworld-native-application successfully.

Start application -

qemux86-64:/$ afm-util start helloworld-native-application@0.1-fe2c958-dirty
958

log file is as follows -
qemux86-64:/# tail -f /tmp/helloworld.log
    "info":"Ping count = 441"
  }
}{
  "response":442,
  "jtype":"afb-reply",
  "request":{
    "status":"success",
    "info":"Ping count = 442"
  }
}


2. Now I am trying to alter the cynara database permissions purposefully to see if the security authentication be refused. But I do not see any difference.
 Cyanara DB - / Removed  User::App::helloworld-native-application;*:urn:AGL:permission:monitor:public:get;0xFFFF; from var/cynara/db/_MANIFEST file.

I am assuming I should expect the log file file will be like below. But I do not see any change.

qemux86-64:/tmp# tail -f helloworld.log
{
  "jtype":"afb-reply",
  "request":{
    "status":"denied",
    "info":"authorisation refused",
    "uuid":"01c4dbf1-021e-4a90-
9190-99b0be8e20d2"
  }
}{
  "jtype":"afb-reply",
  "request":{
    "status":"denied",
    "info":"authorisation refused"
  }

Please help me understand. Thanks in advance.

Regards,
Janaki
_._,_._,_
Links:

You receive all messages sent to this group.

View/Reply Online (#8013) | Reply To Group | Reply To Sender | Mute This Topic | New Topic

Your Subscription | Contact Group Owner | Unsubscribe [list-automotive-discussions82@xxxxxxxxxxx]

_._,_._,_
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux